Introduction As you requested, I have determined a solution for remote access to the Intranet file server. There were four areas of concern; (1) losing proprietary data, (2) preventing network break-ins, (3) assuring a secure remote connection. This report has recommendations for using a virtual private network and encryption protocols. The Problem Sunshine Machine Works has expanded its infrastructure. Its employees need remote access to the Intranet file server. The system implemented needs to have the following features: • Confidentiality – Establishing a secure connection to the Intranet file server. The network should not be easily hacked. Data should only be viewed by remote workers with the appropriate permissions. Using cryptography …show more content…
A VPN offers mobility and security for remote workers. The VPN uses an encrypted connection using the Internet. Remote workers wanting to use the Internet file server need authenticate their identity with a login id, password, RSA token, or smart card. The VPN can be used on company-owned laptops and personal electronic devices (PEDs). The VPN works by using data encapsulation. Encapsulating data packets into another set of data packets and data header this is the ‘tunnel’ used to send private data through the Internet. The data reaches its destination where the data is extracted from the 'tunnel'. It is then sent to the Application Layer where the remote worker can view or retrieve the files. This is a dedicated connection between the company and the remote worker computer. It is failsafe; the data sent through the VPN is encrypted by the sender and decrypted by the receiver. This prevents the data from being altered, read, or stolen by a hacker. Different cryptographic rules on each layer of the OSI model provide secure data transmission, authentication, confidentiality, and nonrepudiation. The cryptographic tunneling rules implemented for data security in each of the OSI layers (starting with the bottom layer) are listed …show more content…
It is the layer responsible for packet determination and IP addressing. At this layer, I recommend using IPSec. It can block and filter data received and sent to the Intranet file server based on IP address and port number. The web administrator can block traffic from all ports except port 80 (HTTP) and port 443 (HTTPS). A security policy needs to be added to the Active Directory to block traffic to the entire network. The security policy should only allow access to the Intranet file server. IPSec also protects the transport layer. It can be used with Kerberos to authenticate the client/server session. An IPSec certificate is used to verify the routers’ identity. IPSec provides encryption for data exchanges between the router and client machine. (Microsoft Developer Network,
In developing Windows Server 2008, three key aspects of security were imperative in achieving goal to create our most secure operating system to date .These new security features provide unprecedented levels of protection for a company's network, data, and business, making Windows Server 2008 the most secure Windows Server ever..
The customer required that each workstation have at least 256 GB to 500 GB of local storage. They also wanted a file server on the network to protect data in case a workstation went down. This server will be networked into allow file sharing between devices and have available 40 GB to start. These network upgrades, the greater use of applications, and file sharing will require more protection; a new firewall programmed to filter packets and analyze external requests and direct requests and traffic to the right application.
I setup windows 2008 server create Microsoft Active Directory(AD), AD can centralize all user accounts for management and setup use right to access File Server permissions can enhance the level of flexibility in management.
Individual users play an important role in any form of institution or organization but concerns are raised about the security. The network administrators clearly lay down a set of rules, regulations and protocols that an individual user has to agree accordingly upon which part of the resources and what class of service that the user can obtain.
Risk Management or Assessment To lessen the exposure of the corporate network to outside sources, there are many matters to consider. Areas of concern with the VPN client that should be addressed include: the potential hazards of the “always connected” nature of broadband Internet connections, installation of personal firewalls, antivirus software, and the remote PC itself. Analysis of the client PC begins with the PC itself. It is recommended that security policy require the VPN host to be company issued equipment, rather than using the existing user’s personal property. This eliminates problems associated with mixing business and personal information. When under company ownership it is easier to require the end user to comply with policy, and insist the PC be used only for business-related purposes. As the hardware is company-owned, users will not be given administrator account rights on their desktop machines. Controlling user activity as well as checking and maintaining desktop integrity is very difficult (if not impossible) when users have complete control through administrator rights. Company provided hardware also serves to minimize management issues, as the computer should remain relatively static - with no unauthorized software installations, end-user configuration changes or device conflicts to troubleshoot, support calls are reduced. In addition to
When businesses provide computers for public use, several challenges are presented. In addition to allowing the general public this service, and ultimately growing their market share, a business must define the line between appropriate use and securing the network.
The world is changing daily and many companies are looking to develop ways to save on production and hardware. The idea of having a system that allows a company to store files away from the main server will help a company to store more and
In the interest of business continuity, remote access will be utilized. User wishing access to internal network assets will only be able to access said assets with the use of a
Employee logins for the file server can be setup either with User Accounts or the server management tool. I would recommend file directories also be assigned with group policy so that access to some files could be limited to some users, for instance only admin and accounting need access to accounting files and only upper management and HR need access to Human Resources shared files, etc.
The client by clicking on the word here, where he/she became a legitimate client of the enterprise network. But even though this, the client needs additional authentication for the purpose of access to existing applications on the network server. Case study application has been developed to demonstrate the access of the client to the enterprise application with addition to the security
A VPN is a secure protected network called a tunnel for communication purposes over long distances using the Internet as its means of transport. Due to the nature of the communication or transmissions that are being utilized by say a larger corporation, secure and reliable communication is a must. In the beginning these VPN connections were established using one or more dial up modems for users to access the information. Authentication was established by requiring the correct user name and password. As time went on as always things changed, new technology and advances in communication as well as equipment allowed the VPN to evolve and expand. To ensure security, the virtual tunnel is encrypted. VPNs use several protocols in order to encrypt
Sunshine Machine Works started as a very small company with only three computers and ten employees. It now employees 100 people who utilize fifty computer workstations that access two servers. This increased accessibility, both by access point and by employee count, heightens the risk for a security breach. It underscores the need for a formal computer use security policy to be enacted.
Navy/Marine Corps Intranet (NMCI) program was basically designed for replacing the dozens of the Navy as well as Marine Corporation’s computer networks into a centralized managed setup through a single conductor. The main objective was to make an intranet that is secure, centralized, as well as foster universal access to integrated data, voice, and video communication; removal of any kind of network impediments; increase productivity, and elimination of interoperability issues. For the purpose, contract based on performance was signed with Electronic Data Systems Corporation (EDS). The initial cost of the project was estimated at $6.9 billion. The NMCI project performance was not as expected as it was found that NMCI has met only 3 of the pre-defined 20 performance targets. To get insight into the reasons of
File sharing is the practice of making digitally stored information/files such as (documents, movies, and music and computer programs) available for other individuals to access and download. There are many different ways that file sharing can occur. One of the most common ways to do this is by using peer-to-peer computer networks, which is a way of describing a series of computers which are all able to link directly to each other. The Bit Torrent system is an example of a peer-to-peer network that allows users to search and locate files from a series of computers across the network, and then download those files onto their own
Intranet is a private network that is only accessible within a company, organisation or university. It uses network technologies as a tool to promote communication among people and work groups, in order to boost the data sharing capability and knowledge base of employees within the organisation. (Mitchell, n.d.)