Standardized Network Management Documentation - Essay Example

STANDARDIZED NETWORK MANAGEMENT DOCUMENTATION: By (Insert both names) (Name of class) (Professor’s name) (Institution) (City, State) (Date) Authority: The Government Information Technology Agency (GITA) shall build up, adopt and uphold a synchronized nationwide framework for IT (Information Technology) (A.R.S.&.41-3504(A (1))) comprising the implementation of nationwide security, coordination and technical standards (A.R.S.&41-3504 (A (1(a))) according to (Cloghrie and Rose 2008). Purpose: The objective of this standard is to harmonize state efforts and budget unit to offer a multi-layer strategy for protection for seamless and secure interconnections of State’s communication networks and heterogeneous systems, including routers, modems, firewalls, switches whereas protecting the government’s computing information and resources from the risk of access which is not authorized particularly from the external sources. Scope: This is applied in all units of the budget. Budget unit will be termed as a commission, department, institution, board, or other agency of the state expending, receiving, incurring obligations or disbursing funds of the state. The CEO of the budget unit, operating in coordination with the CIO (The Chief Information Officer), shall be answerable for ensuring proper and effective adoption or implementation of the Nationwide Information Technology Procedures, Policies and Standards within each unit of the budget. Standard This ‘network security standards’ offer the basic requirements for delivering seamless and secure communication interconnections of systems and networks while protecting computing information and resources of the State which is through the present budget unit communication network systems. A multi-layered protection will be established at the network server, Internet gateway and the computer levels to stop the introduction of authorized access or malicious codes to the information system of the state. NETWORK SECURITY: Template 1. Network Information security and Management Date Time System Administrator Employee phone No. Barred Outbound Traffic Barred inbound traffic Converged services (i.e. VoIP) Action taken (i.e. bar, switch off) THE SECURITY OF NETWORK PERIMETER: The technology of firewall will be applied at the edges of the network of the budget unit comprising Internet gateway so as to prevent sensitive internal details infrastructure and assets for being accessed without authority. External (outbound and inbound) traffic will be routed via save gateways, for instance firewalls. The filtering rules of the network traffic which crosses the internet shall comprise the following as outlined by (Cloghrie and Rose 2008). A packet which is incoming shall not possess the internal network source address, A packet which is incoming shall not have ‘Internet Control Message Protocol (ICMP)’ traffic; A packet which is incoming shall contain a publicly authenticated address destination linked to the internal infrastructure when using dynamic or static (NAT) Network Address Translation. A packet which is incoming shall not have (SNMP) Simple Network Management Protocol; traffic. A packet which is outgoing shall contain internal network source address A packet which is outgoing shall not contain internal network destination address. A packet which is outgoing or incoming shall not contain a destination or source address which is listed or private within the reversed space in RFC 1918. Internet sites traffic sources which are known to posses’ offensive material, spam among others, can be on the budget unit discretion be blocked. Any packets which are source routed shall be barred. Outbound and inbound traffic which have destination or source addresses that are of 127.0.0.1 or 0.0.0.0 or broadcast address which are directed shall be blocked. The technologies for firewall will have their log in security activated and on. The logs shall be assessed, at a frequency established and recorded by authorized personnel for budget unit and all violations, incidences should be reported and deliberated upon. The policies for Firewall shall be reviewed, tried and be audited at be rate established and reported by the budget unit. Firewall technologies which are managed remotely should be done through encrypted communication Services which are not needed should be turned off and ports which not being used be disabled. When converged services, for example, instant messaging, mobility services, presence, (VoIP), MoIP among others, are required to be allowed, to securely cross the borders of the network and firewall technologies and NAT functionality should Use H.323 gatekeeper or SIP proxy server at the firewall periphery, and firewall be configured to enhance end point communications just with proxy server. Or get configured to operate as gateway application-layer which monitor H.323 and SIP traffic so as to close and open ports which are restricted as needed and redevelop the addresses for IP within the messages of the unencrypted application-layer or Session Border Controller which is also referred to as application router can be used in point to point communications traversing multiple networks of IP and at the same time allowing endpoints of VoIP, for example, IP soft phones and IP phones, VoIP gateways, that are behind firewall of NAT to communicate with endpoints of VoIP on the IP networks which are external. 2. PYSICAL SECURITY: Template 2: Network Information Maintenance and Patch security Date Time System Administrator Workstations dial- up modem. (IP) IPSec Secure Socket Layer Testing and Verification Action (strong authentication, i.e. one time passwords, Kerberos EXERNAL LINKS TO THE NETWORKS: External Links to other networks should be routed via safe gateways and be secured by one of the below encryption techniques, as need be (Harrington, Presuhn, and Wijnen 2009). SSL (Secure Socket Layer) or TLS (Transport Layer Security) will be used between a browser and web server so that the web server can be authenticated, and at choice the browser of the user. SSL and TLS implementation should permit the support for client authentication deploying the services offered by the Certificate Authorities. IP Sec (IP security) should be applied to expand the protocol for IP communications, offering confidentiality for end-to-end packets of data passing through the internet. The IP Sec appropriate mode should be applied to match the security level needed for the data that is being passed on: sender integrity and authentication with no confidentiality or the integrity and authentication of the sender with confidentiality. VPN should be deployed to link trading partners or two networks which must pass information via a networks which are not secured, for example public internet, by developing a secure connection, characteristically between firewalls, deploying a model of the protocol of IPSec. The use of VPNs is desirable for remote access application. RADIUS (Remote Authentication Dial-In User Service) is server/client protocol software which enhances servers for the network access to correspond with a central server so as to authorize and authenticate the remote users to be able to access services or systems; authentications which are very strong should be applied for the systems of dial-up modem. Desktop dial-up modem workstations should be removed or disabled. Use inventory or hardware scanning instruments to verify configuration or presence of modems and dial utilities. The Budget units which use the systems of dial-up modems should develop the policies for the modem use which comprise: Complete and current names of all the personnel who are authorized to access the privileges of modem A disconnection which is automatic after an established duration of inactivity The parameters of inactivity will be established by the budget unit. The security tokens recommended use Prompt modem access licenses termination upon re-assignment, employment transfer or termination. Strong authentication, for instance response/challenge devises, tokens, one time passwords, smart cards, Kerberos should be applied once. External links should be promptly removed when are not required further. Fundamental network components should be removed or disabled to bar inadvertent reconnections. Patch Management: The financial (budget units) should develop and adopt written regulations which outline roles and responsibilities for the patch management implementation which comprise the following functions as (Harrington, Presuhn, and Wijnen 2009) described. Designated financial unit personnel or the contractors will proactively assess and address vulnerabilities of the software in devices for the internet functions within their networks (for example, switches, routers, firewall, etc) by making sure that patches which are applicable are obtained, verified and installed with the stipulated timeframes. The manufacturers for the IT devices, security vendors, and security organizations provide a series of services and tools to help in establishing vulnerabilities and the relevant patches. Where feasible and practical, financial units will verify patches within a test setting before the patch is installed. The testing exposes damaging effects to the external or internal enterprise-wide software application systems, community of interest software application systems and also some other 3rd party software application systems. The financial departments should probe the SIPC before patch installation in production to establish if some departmental budgets have witnessed problems in the course of the test and or post installation. The departmental budget units should note down testing and production hitches experienced with the SIPC patches. The installation of the patches shall be done (by the use of a tool which is automated) in all the internetworking affected devices. Contractors or designated personnel will check on the status of the patches from the time they are deployed. Patches render alterations to the internetworking device configuration developed to secure and protect the devices of internetworking and attached Information Technology systems and devices from attack and will be documented and controlled in accordance to the Nation-wide Standard P800-S815, Configuration Management. References: Cloghrie, K. and M. Rose, (2008).Management Information Base for Network Management of TCP/IP-based Internets", RFC 1066, McCloghrie, K. and M. Rose, (2007).Management Information Base for Network Management of TCP/IP-based internets: MIB-II, STD 17, Cerf, V., (2008) IAB Recommendations for the Development of Internet Network Management Standards", RFC 1052, Harrington, D., Presuhn, R. and B. Wijnen,(2009).An Architecture for Describing SNMP Management Frameworks", RFC 2571, Case, J., Harrington, D., Presuhn, R. and B. Wijnen,(2007.Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, Levi, D., Meyer, P. and B. Stewart,(2009). "SNMP Applications", RFC Read More