I. Analysis and Planning
A. Vulnerability Assessment
The security and availability of the school network plays a huge role in the success of those who attend it. In order to provide a secure network environment for the betterment of the students and faculty a vulnerability assessment needs to take place. This vulnerability assessment is used to find where the weaknesses are in a network in order to assist in the protection of the network.
I have researched different vulnerability scanners to find out which will meet our needs for the vulnerability assessment. Weaknesses that he scanner will be looking for will be unused online ports, any applications that need to be used, critical patches necessary, any default passwords, and any misconfigured items. There are options for both free vulnerability scanners and ones which need to be paid for. I propose the use of Microsoft Baseline Security Analyzer or MBSA in order to find the issues with the current network configuration.
I chose MBSA because it gives an in depth security analysis. MBSA, because it has to be activated on each computer revealing their vulnerabilities, is most useful in a setting such as this where there are not thousands of computers. This way we get an in depth understanding of the vulnerabilities. Another advantage is that due to being created by Microsoft there are many resources that can be used to find out how best to utilize the scanner.
B. Security Policy
Security policies for networks define the policies required to secure the network. A security policy can be split into four parts regulations, procedures, baselines, and guidelines. A security policy needs to take into account network devices, data loss prevention, software on the network, and most importantly employee background checks and user education on security policies.
Network security policies should start with user education on security policy and employee background checks. Before employment employees should be screened to make sure there is not a history of bad behavior and in the onboarding process they should be educated on the policies of what they can and cannot do on the network. Make sure that these very same users only have access to what they need to access, use the concept of least privilege to only give people the minimum privileges to do their job. Students should not have access to the teachers grading application and teachers do not need to be able to log into the network equipment. Unused ports should also be turned off as they present a security risk that can be avoided. And unnecessary programs should not be allowed to be added onto the computers.
The reason for these policies is that unused portions of the network and unneeded programs open up holes in the defense of the network that are unnecessary as those items are not needed for people to complete their duties. This is the same reason for...