NPS Deploying Network Policy Server - Report Example

?NPS deploying network policy server Introduction The rate at which automation is done is very rapid and therefore calls for intense information system security to ensure that the information is kept safe. The information or rather data is always kept in the datacenter and mechanism is supposed to be put in place to ensure that the data is protected and preserved. In addition, access to this information should be restricted so that the organization’s integrity is maintained. In an organization, it is not only the staff or the employees that specialized in data security that has the responsibility of ensuring that data is secured? Each and every employee in the organization who participates in project implementation has the responsibility do so. Because of the reason above, the best way in ensuring data security in for one central park and at the same time being economical to the company is by investing it the team’s technology. Technology is very dynamic and new things come every other time. When a principle instructs the vendor to direct or educate the employees on information system security the concerned employees feel that their contribution to the company is valued. The information security system that is supposed to be implemented in a bank must take in consideration the four major principles of information security. These are information confidentiality, integrity, authenticity and availability. Information confidentiality is whereby the information of a company is protected from getting into the hands of people who are not authorized. Integrity is a security factor that stops undetected modification of data for example the issue of students examination result cannot be modified or edited by unauthorized person because it is only the examination coordinator that have the right of doing editing it. The integrity is breached when anybody who is not an exam coordinator make an amendments. Authenticity means that particular information that is used for a certain purpose is genuine. The validity of individual that get access to some data is ensured by using authentication methods for example he use of password. The security of information that goes via internet is aided by ensuring that the channel that it goes through is the right one (Mueller, 2011). This is by use of IP address that is assigned to each computer. Availability means that the information is accessible anytime the users want. The paper gives details on implementing Network Policy Server in one central park. Security vulnerability Servers are network-based. This exposes all the data it contains to network attacks. A network attacker can use the exposures in the protocols that are ranked high and stronger applications to cultivate the disadvantage that are not checked by the firewalls that are of previous version. The access may prove dangerous as the client data would be reviewed during the transfer to a third party and it would be difficult to track as the activity is a part of the process created for a particular server and hence the severity of this activity is high. Considering the fact that only the users that are involved into this activity will have access to the transferred data, the likelihood of any intrusion is moderate. Database server that stores employee information uses student’s identification details as the only form of security. A password cracker that can overcome the technology used in designing the password can get access to the employee information. More so, database administrator’s password can be cracked and modification. Company’s information for example policies can create a mess in the institution. Super user privileges grant a great amount of power to any party who has access to the super user account. If an aggressive party is able to access a super user account on the database server they will be able to copy. The wireless access point devices are vulnerable to physical damages for example fire or theft. This will lead to denial of services in the entire department that uses wireless-enabled computers. However, physical network connection can be used in case of any failure of wireless network. This can save the situation. Network Policy Server NPS is security policy that enables you to build and enforce company network access policies which enable the company’s information to remain health. With a proper installation and configuration of NPS the request for connecction authentication and authorization will be guaranteed. Moreover, NPS can be used as a central proxy to send request for connections to other servers in the RADIUS configured within the remote group of servers. The NPS alos enables ctral configuration and management of network access authorization, authentication and client user poliies. Terminal access controller access control system is an authentication protocol that facilitates communication between the client and the authentication server. It gives permission to the access server in the remote setting to pass on the user’s identification details and the logon password to the authentication server so that it the access to a given system is determined. The deployment of NPS will ensure that the following user authentication and authorization are achieved. RADIUS server, NPS will carry out connection authorizatrion, authentication and accountanccy which are centralized. Central configuration will focus onm remote access dial up, authenticating switch and VPN connections. The use of NPS in place of a RADIUS server will enalenetwork access server configuration, such as wireless gateways, and VPN-based servers. The configuration of network user policies used by NPS for connection request authorization and log file accounting information management. This covers both the hard disk and the Microsoft SQL server databases. Network access protection policy server- the NPS is configured as NAP policy server for statements of health (SoH) evaluation in case there are computers in the system that is NAP-capable. NPS also takes the position of a RADIUS server if it is included in the NAP configuration. In this position, the NPS does authorization and authentication for all the requests for connection. All the NAP settings and policies in NPS, such as validators of system health, remedy server groups for client computer and health policy. This will enable regular updates of the cconfiguration and hence ensure compliance wirth the company’s network security policies. TACACS is mostly used by the administrators who use the TCP technology it is mostly used in the UNIX networks and also in the windows environment. It uses it you configure or do the settings in one desktop and then it is employed by collections of users and computers. The policy details are kept in the (GPOs)-group policy objects. It is also used in information filtering according to the groups of users that are required to access particular information. Its strength is that it makes it possible for IT to manage user settings on multiple computers at once. The weakness of Microsoft group policy is it’s extending of its flexibility. In absence of change control system, any change that is made by the IT manager can start to affect other desktops before testing is done. The deployment process should also involve tCertificate Authorities (CAs). The list of approved publishers of certificate that are in the Microsoft management console are personal, trusted root certificate authority, trusted publishers, untrusted certificates and trusted people. Out of this list, I am familiar with them are three while two are new to me. The three that I know are personal, trusted publishers and trusted root certificate authority while untrusted certificate and trusted people are new to me. Trusted publisher is a company who built macro, active control and add-in extension to be used by other individual. This company bases their product development on the following: Use of digital signatures which is valid and it does not expire. The code that provide the digital signature is provided by renown CA Trusted root certificate authority uses either unsigned public key certificate or self-signed certificate to identify the root CA. root certificate is one of the schemes of public key infrastructure. Untrusted certificates uses the trusted certificate from SSL where when someone tries to enter untrusted CA, she or he gets a secure text to warn you for example expirers message. Firewalls Enterprise and DMZ firewall is placed behind the server to block all unauthorized people from accessing the network. The firewalls will also block the users from accessing restricted sites. The firewall should be updated regularly to remain active. In addition, all the computers will have kaspersky 2013. The antivirus is also updated regularly. IP Security and IPv6 IPSec is a general word that is used to define and enforce policies for security of communication in network. It facilitates the confidentiality, authenticity and integrity of data at the layer 3 of the network. The most significant advantage of IPSec is its ability to become transparent to the applications. The upper network layers are not affected since IPSec operates at layer 3. More so, it operates at the internet protocol layer therefore appropriate for real time data transfer because it does not separate TCP and UDP (Frankel, 2007). However, the IPSec has a weakness because it is not able to control other devices that are remotely connected to the IPSec-based network from accessing the data that is meant for one specific computer. Nolan 3.0 ERP system is installed to manage the employees, students and visitors. Any person that enters the premises identifies himself or herself by placing the hand on the machine so that the fingerprint s is taken. The system is also installed at the entrance of all the buildings. The employees need to check into the system in the morning lunch hour and in the evening. The system also monitors the every individual in the company so that intruders are detected and reported. Challenges faced during deployment One of the information or system security challenge that organization faces when implementing a NPS is the ever increasing ownership of different devices. Even the devices whose purpose was intended to serve them at individual level still call for integration into the business. Most organization that have embraced the latest technologies as far as information security have appreciated the use of BYO in the quality of providing services that are satisfactory to the clients. BYO strategy aims at reducing the overhead cost and simplifying the management of devices in addition to permitting employees to use personal devices such as iPads to be used for business and hence facilitate convenience. A very good example of this is use of Citrix Receiver that provides strong solutions to the independence need for personal devices (Roebuck, 2011). Another security challenge that is very common in changing business environment the need by the users to gain access of the resources of the system rapidly. The major challenge is being able to meet the demands of employees who are flexible and at the same time making sure that the security process that is laid down in the enterprise is not compromised. When there is change in department or reassignment of a project to the workers, a lot of time is wasted during the transition period since the devices that were used by the individuals whose position has been changed need to be reconfigured. Solutions Some vendors have designed a solution to this problem by designing devices that is able to accommodate user access and provisions that are rapid and at the same time maintain the environment security. A very good solution is the use of Netscape cloud gateway from Citrix that enables user account access that is rapid (Rittinghouse, 2009). One of the solutions that have been design by Citrix to ensure desktop virtualization IS Citrix XenDesktop. This technology uses policies that are granular. This technology separates the interaction of the end uses that are using virtual desktop and other application from the partition where these programs are installed. All the work station computers users make use of virtual replication of the critical data. When they make any alteration, the changes are facilitated via the network to the database in the datacenter (Ciampa, 2011). This particular design enables continuity in the business through various configurations of networks and hence secure data by preventing any data exit. Another solution that has been developed to curb this challenge is using access gateway from Citrix. This gateway is the most secure remedy for access control. It can be placed as a component Citrix platform that combines a variety of performance and security component or as a SSL VPN that is dedicated to one component (Blokdijk, 2008). This gateway uses SSL/TLS standardized encryption to ensure that the configuration across the network that is based in the headquarters and at the same time facilitate a user authentication that is dual-factor. Using access gate way as the only way to access the data in the datacenter for every workstation used by the healthcare and the employees in the headquarters facilitate a secure connection via encrypted and secure media that ensures network and information security. References Salomon, D. 2007, Data privacy and security. Springer. Frankel, S, 2007, Demystifying the IPsec puzzle. Artech House. Ciampa, M. D,2011, Security+ Guide to network security fundamentals With Access Code. Cengage Learning. Minasi, M. 2012, Mastering microsoft windows server 2008 R2. John Wiley & Sons. Morimoto, R., & Noel, M. 2012, Windows server 2008 unleashed. Sams Publishing. Mueller, J. P. 2011,Windows server 2008 all-in-one desk reference for dummies. John Wiley & Sons. Read More