Juan Garcia is the network administrator for a small company that also maintains its own web server. He has taken the following precautions.
All computers are patched, have antivirus software, and have unneeded services shut down.
The network has a firewall with proxy server and IDS
The organization has a policy requiring passwords of ten characters in length, and they must be changed every 90 days
Has Juan done enough to secure the network? What other actions would you recommend he take?
Ans. steps that I would like to recommend to Jaun IS given below:
1) Juan can use internal application scanners to validate the code of developer. it helps Juan to increase security.
2) updating Operating System and Kernel to get the latest security features and to have all new updates in order to protect the web server.
3) back and recovery must be taken into consideration as Juan is a network administrator. so, it is her responsibility to maintain the proper backup and restoring facility in case of any disaster or network problem.
4) maintaining logfile records of the user who are working in the company environment.so, that tracking the suspicious activity is easy to monitor and track.
5) restricting the access of the user from the security point of view, provide access to confidential data to the authorized users only.
6) must keep track of all the server activities.
7) use of private network servers and VPN(virtual private network) to enhance the security and restricting access to limited user.
Juan Garcia is the network administrator for a small company that also maintains its own web...
The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...