Implementing Network Security for XYZ Company

XYZ Company is a small non-profit organization in need of a network security.  This blog post will explain what security measures need to be set-up for XYZ Company.  

Good security will protect against physical threats, application threats, environmental threats, legal threats and authentication threats. Any data or information that can potentially be destroyed, modified, or misused to cause damage needs to be secured. To ensure security of data, you need to secure all sources from where data can be retrieved.

Physical security needs to be addressed as well as network data security.

Overview of XYZ Company Network

XYZ Company's' network spans two floors and consists of: 6 workstations, 3 printers, 1 copier, 1 server, 1 SonicWall router/firewall appliance, 1 Belkin wireless access point, and1 Cisco switch.  The server, SonicWall appliance, switch and copier are housed in the mechanical room on the 2nd floor.  XYZ Company connects to the internet via DSL. XYZ Company owns the building and also leases out space to several other businesses within said building.

The first thing I recommend for securing XYZ's network is implementing a Security Policy.

A security policy is a set of rules and regulations that an organization defines to handle various situations, such as the unauthorized access of data, disclosure of confidential information, and virus/malware attacks.  

Components of the Security Policy for XYZ Company:

·         Acceptable use policy

·         Password policy

·         Remote access policy

·         Virus protection and prevention policy

·         Visitor and Contractor Premise Access Policy

·         Server policy

Acceptable Use Policy

An acceptable use policy should include rules and regulations for Internet usage.

                Wired/Wireless Internet Usage:

·         Acceptable Use of Internet Services

·         Unacceptable Use of Internet Services

·         Responsibilities the employees must adhere to while using the organizations Internet services

·         Compliance

                E-mail Usage:

·         Acceptable Use of E-mail Services

·         Unacceptable Use of E-mail Services

·         Responsibilities  the employees must adhere to while using the organizations E-mail services

·         Compliance

                Computer and Network Resource Usage:

·         Guidelines for handling  organizational resources, such as computer and network hardware

·         Compliance

Password Policy

A password policy states certain rules and regulations that each employee should follow while setting passwords corresponding to their user name. This password policy also needs to cover the server and router/s.

Remote Access Policy

A remote access policy should clearly define the following:

·         Who can access an organization's network from a remote location

·         What methods can be used to access an organization's network

·         Which organizational resources and information can a person access remotely

·         What extra permissions and privileges should be assigned to authorized people accessing an organization's network remotely

·         Compliance

Virus Protection and Prevention Policy

A virus protection and prevention policy should clearly state precautions to take while communicating through e-mail, downloading material from the internet, and transferring data by CD/DVD or flash drive. this policy should also state guidelines the employee should follow if they detect a virus on their computer or network.  This policy also requires compliance.

Visitor and Contractor Premise Access Policy

The visitor and contractor premise access policy should state guidelines that visitors and contractors must adhere to for their own safety as well as the organization's.  This policy also requires compliance.

Server Policy

The server policy should contain the following:

·         Configuration guidelines

·         Monitoring guidelines

·         Ownership and responsibility guidelines

·         Compliance

Visibility is an important aspect of a security policy. A good security policy is of no use to an organization if most of the employees are unaware of it and/or the policy is not enforced. Management should ensure the visibility of security policies through periodic presentations, trainings, question answer sessions, etc. 

Once implemented, a security policy must be constantly reviewed and monitored for changes and improvement. 

Physical and data security

To secure the physical and data aspects of the network  in the mechanical room I recommend that the Cisco switch and patch panel be encased in a locked enclosure , the server and the SonicWall appliance be password protected with limited access and to also limit access to the mechanical room itself.  I recommend that the mechanical room be locked but that probably isn't feasible since the copier/scanner/fax  is housed in that room.

The SonicWall appliance is a firewall/wireless router and as such needs secure encryption and the default login and password changed.

File shares on the server need the proper rights assigned to the authorized users.

The Belkin wireless access point also requires secure encryption such as WPA/WPA2 , the SSID broadcast disabled, the default SSID name changed and the default login and password changed.

Secure passwords for all users is also recommended.

In conclusion it is recommended that a good Security Policy be implemented and enforced  with strict compliance.

DSL - Is It For You?

DSL (Digital Subscriber Line)

What is DSL?
DSL is an always on, high speed broadband Internet connection that utilizes POTS(Plain Old Telephone Service). That basically means it runs on your phone line.
There is no need for a second phone line as DSL will share the same phone line as your land line.


What do I need to use DSL?
To use DSL you need a phone line, a computer with an Ethernet card, a service provider in your area such as AT&T to provide the service to your home, a DSL modem which is generally provided by your service provider upon installation.

Is DSL available in my area?
I suggest researching on the Internet to find out if DSL is available in your area. Since you are reading my blog I will assume that you have internet access. http://dslbyzip.com/high-speed-internet/dsl/ is a good sight to utilize. Call the companies listed on the sight to insure that the service listed is available in your specific neighborhood, never assume it is just because the sight says it is. Calling your local telephone company is also a good idea. Knowledge is power.

How fast is DSL?
DSL is about 3 to 5 times faster than dial-up with speeds ranging from 128 Kbps to 3 Mbps. Many service providers offer a choice of DSL services with different bandwidth ratings (speeds). There is ASDL (Asymmetrical DSL) and SDSL (Symmetric DSL).
Residential DSL is often ASDL meaning that the upload speed is different from the download speed, with the download speeds being higher than the upload speeds. Residential customers generally download files (streaming videos and music)much more often than upload, hence the higher download speed.
Commercial customers generally utilize SDSL because the upload and download speeds are the same. Business customers spend more time uploading and need the faster upload speed.
Don't expect to get the maximum speed advertised. There are many factors that effect the DSL speed including:

• Quality of the phone line at your residence/business and the quality of the lines in your neighborhood.
• Distance between your residence/business your service providers central office.
• Technical issues with your service provider. (they can have their bad days!)
• Old outdated computer. An older computer without the memory or processing power won't be able to properly utilize your DSL. Upgrade that old computer! (maybe that will be my next blog...)
• An improperly functioning router (wired or non-wired).
• Virus's or spy ware can suck up your bandwidth. Run your AV and Spyware software regularly.

If you are designing a network you must take the size and scope of your organization into consideration. You may want to consider cable broadband as that it can provide speeds up to three times as faster than DSL. (Cable broadband will be discussed in a later blog).
Cost, reliability and customer support will vary from provider to provider. Comparison shop and ask your friends and colleagues for recommendations.