The Brooklyn Circus’

Secured NetworkJeremy Watkins

IT200

Ed Fisher

March 8, 2011

Topic DiscussionsThe owners’ concernsDefine the scope of security and why it is importantGroup PoliciesNetwork Access Protection (NAP)Snort Intrusion Detection System (SIDS)Snort Intrusion Prevention System (SIPS )

The Owners’ Concerns

The Brooklyn Circus owner does not want confidential files stolen. For this reason, the network administrator has configured essential security tools on Windows Server 2008 which maintains the integrity of the businesses data.

One of the major concerns are the constant changes to files and financial information currently housed on Windows Server 2008 has been a major testament to its’ success and growth.

The Importance of SecurityThe prime importance of

securing Brooklyn Circus’ network is to prevent loss, through misuse of data.

The main threats which may erupt if network security is at risk are

Breaches of confidentiality

Data corruption

Data manipulation

Group & Account PoliciesGroup Policies

A group policy is a way to provide consistent security to Windows Server 2008 and the clients who are connected to it.

Group policies reduce surface attacks and can be expanded in the future. The primary domain controller in New York will replicate those policies and securities to the other domains.

In Windows Server 2008, security settings are one of the newly added categories of Group Policy

Regulate access to storage devices and who installs those devices

Account Policies

Account Policies are security measures set up in those group policies and governs all three domains through an established Kerberos Transitive Trust Relationship.

RMSs are security rights which provide security for file types created by applications. RMS determines who can have rights to manage, read, copy, save, print, and forward data between networks.

Account Lockout Policy & IP Security (IPsec)

Account Lockout Policy

An account lockout policy is set in place to prohibit access to a specific account after a number of unsuccessful login attempts.

The first line of defense for these policies are reversible encrypted passwords. Users are required to change their passwords every 45 to 90 days.

IP Security (IPsec)

IPsec is a secured IP-based communication and encryption standard created between each client in and around the network.

Each computer is enabled to exchange certificates and authenticate the receiver and sender.

Network Access Protection (NAP)

A set of security features which monitors and manages the Windows Server 2008 and its’ clients to ensure the same level of security is maintained on all computers.

If a client computer does not have the current security updates, NAP will either limit access to the network or automatically update the clients’ computer.

Snort Intrusion Detection Systems (SIDS)

Security countermeasure solution which enhances network security of the network infrastructure.

Implemented at the information infrastructure security level.

Serves as the next line of defense after the firewall.

Monitor network traffic of all the domains by pinpointing intruder attacks in real time mode.

The firewall blocks access points within the network; however, they are unable to decipher between malicious activities of hackers.

Approaches to Snort Intrusion

Detection Systems

Host-Based (SHIDS)

Network-Based (SNIDS)

SNIDS assist in detecting attacks on the network level.

SHIDS offers the administrator the benefit of being able to detect attacks directed at the host

Both perform automated checks on log files, file checksums, file and directory permissions, local network port activity, and other basic host security items.

Intrusion Prevention Systems (IPS)

Prevent attacks

Decrease their impact

Acts a sniffer to respond to security breaches.

The IPS configured on Windows Server 2008 is a highly advanced security system.

IPSs have the ability to take immediate action, based on protocols established by the network administrator.

Informs the firewall about the location (IP address) where the attack originated.

The firewall will block the specified address.