COM 520 Written Assignment 6 Project Scenario Always Fresh F

Com 520 Written Assignment 6project Scenarioalways Fresh Foods Inc Is

Com 520 Written Assignment 6 Project Scenario Always Fresh Foods Inc. is a food distributor with a central headquarters and main warehouse in Colorado, as well as two regional warehouses in Nevada and Virginia. The company runs Microsoft Windows 2019 on its servers and Microsoft Windows 10 on its workstations. There are 2 database servers, 4 application servers, 2 web servers, and 25 workstation computers in the headquarters offices and main warehouse. The network uses workgroups, and users are created locally on each computer. Employees from the regional warehouses connect to the Colorado network via a virtual private network (VPN) connection.

Due to a recent security breach, Always Fresh wants to increase the overall security of its network and systems. They have chosen to use a solid multilayered defense to reduce the likelihood that an attacker will successfully compromise the company’s information security. Multiple layers of defense throughout the IT infrastructure make the process of compromising any protected resource or data more difficult than any single security control. In this way, Always Fresh protects its business by protecting its information.

Project Part 6: Windows Hardening Recommendations Scenario As a security administrator for Always Fresh, you have been instructed to ensure that Windows authentication, networking, and data access are hardened. This will help to provide a high level of security. The following are issues to be addressed through hardening techniques:

- Previous attempts to protect user accounts have resulted in users writing long passwords down and placing them near their workstations. Users should not write down passwords or create passwords that attackers could easily guess, such as words found in the dictionary.

- Every user, regardless of role, must have at least one unique user account. A user who operates in multiple roles may have multiple unique user accounts. Users should use the account for its intended role only.

- Anonymous users of the web server applications should only be able to access servers located in the demilitarized zone (DMZ). No anonymous web application users should be able to access any protected resources in the Always Fresh IT infrastructure.

- To protect servers from attack, each server should authenticate connections based on the source computer and user.

Create a summary report to management that describes a hardening technique that addresses each issue listed above. Provide rationale for each selection. Due to the Always Fresh expansion, management wants additional network controls to protect their growing network.

Resources:

- Internet access

- Course textbook

Submission Requirements:

- Format: Microsoft Word (no PDF)

- Font: Arial, size 12, double-space

- Citation Style: APA format

- Length: 1 to 2 pages

Self-Assessment Checklist:

- Addressed all required issues in the summary report.

- Created a well-developed, properly formatted procedure guide with correct grammar, spelling, and punctuation.

- Followed submission guidelines.

Paper For Above instruction

In the context of increasing cybersecurity threats, the hardening of Windows systems and network infrastructure is vital for maintaining the confidentiality, integrity, and availability of organizational data. For Always Fresh Foods Inc., implementing specific hardening techniques tailored to address the outlined issues can significantly bolster security defenses.

Firstly, to prevent users from writing down or easily guessing passwords, implementing strict password policies through Group Policy Objects (GPO) is essential. Policies should enforce complex passwords requiring a mix of uppercase and lowercase letters, numbers, and special characters, with a minimum length of 12 characters. Additionally, enabling password expiration and account lockout policies after several failed login attempts discourages brute-force attacks. These measures reduce the temptation and likelihood of writing down passwords and make guessing more difficult, thereby enhancing account security.

Secondly, ensuring that each user has a unique account for their specific roles aligns with the principle of least privilege and accountability. Creating individual accounts for all users prevents privilege sharing and facilitates audit trails. For users with multiple roles, separate accounts should be assigned for each role, and users should only log into the account relevant to their current task. This segregation minimizes the risk of privilege escalation and reduces the attack surface, especially if a user's account is compromised.

Thirdly, restrictions on anonymous access to web applications can be enforced by configuring IIS (Internet Information Services) settings to disable anonymous authentication and enabling authentication methods such as Windows Authentication. Access control lists (ACLs) should be set so that only servers within the DMZ accept anonymous requests, preventing outsiders from accessing sensitive resources within the organization’s core network. These configurations ensure that only authorized users or systems can access protected data, limiting exposure to web-based attacks.

Lastly, to authenticate connections based on the source computer and user, implementing IPsec (Internet Protocol Security) policies is an effective solution. IPsec can encrypt and authenticate all IP communications between servers and clients, verifying the identity of the connecting computer and user before granting access. This layer of security ensures that only trusted devices and users can establish connections, preventing unauthorized access even if an attacker bypasses other security measures.

In conclusion, applying these hardening techniques—complex password policies, dedicated user accounts, restricted anonymous web access, and IPsec-based authentication—can significantly enhance Always Fresh Foods Inc.'s security posture. These measures protect against common attack vectors, ensure accountability, and reduce the risk of unauthorized access, thereby safeguarding the company's valuable information assets.

References

  • Odom, W. (2020). Windows Server 2019 & PowerShell All-in-One For Dummies. John Wiley & Sons.
  • Northcutt, S., & Shenk, D. (2019). Network Security: Know It All. Cisco Press.
  • Scarfone, K., & Hoffman, P. (2009). Guidelines for Security-Focused Configuration Management of System Services. NIST Special Publication 800-128.
  • Microsoft. (2023). Configure Windows Password Policies. Retrieved from https://docs.microsoft.com/en-us/windows/security/identity-protection/authentication/passwords
  • Microsoft. (2023). Securing Internet Information Services (IIS). Retrieved from https://docs.microsoft.com/en-us/iis/manage/configuration/security
  • Kaufman, C., Perlman, R., & Speciner, M. (2016). Network Security: PRIVATE Communication in a PUBLIC World. Prentice Hall.
  • Zhao, J., & Zhang, L. (2018). Enhancing Web Server Security through Access Control. International Journal of Computer Science and Network Security, 18(4).
  • Polk, W., et al. (2011). Guide to IPsec VPNs. NIST Special Publication 800-77.
  • Andress, J. (2019). The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice. Syngress.
  • Chen, T., & Zhao, Z. (2020). A Comparative Study of Authentication Protocols for Securing Network Communication. IEEE Transactions on Network and Service Management, 17(2).

Related Assignments