Answer:
Explanation:
The Network infrastructure shown here are LAN and WAN. Wired and wireless communications.
The Various policies are:
1. Group related items together, for instance, grouping all Windows servers, into one virtual LAN (VLAN). Other asset groups might include infrastructure (routers, switches, VPNs and VoIP) in one VLAN and security assets (IDS, firewalls, web filters and scanners) may be grouped in another.
2. In general, it is good to adopt a default deny access posture for each VLAN.
3. Network segmentation is a very significant, long-term project, but each step along the way increases security. Log all traffic between segments to determine what is normal and needed for effective functioning.
4. Network segmentation is undeniably and unquestionably an effective component in a defense in depth strategy. Organizations that implement it must be prepared to manage scores of firewalls, switches and routers, each with hundreds of rules, all of which may be affected by the network segmentation process and potentially by updates and changes, even after it is in place.
5. Contribute to a secure WAN environment for all connected departments, offices,
agencies, boards, and commissions
6. Provide a uniform security framework to secure the integrity, confidentiality, and availability of info and info systems, at the WAN level.
7. Provide, in balance with operational requirements, legislative requirements, and information sharing agreements, the minimum WAN security requirements.
8. Raise awareness of information and information technology security needs for all users of the WAN by providing the security principles, requirements.
9. Define the clear roles and responsibilities of all users of the WAN, particularly WAN security staff.
* Vulnerabilities and exposures
1. Data requiring special protection such as credit card numbers that need to comply with PCI-DSS or patient information that is subject to HIPAA should be isolated from other data and put in their own VLANs.
2. Your aim is to limit access to sensitive information to those who need it within the organization and to create roadblocks to stop or slow intruders, who may have broken through one layer of security, from doing further damage.
3. Network segmentation is not a “set and forget” undertaking. The network access policy, defined in firewalls, routers and related devices, changes constantly to cater to new business requirements. Ensure that new changes do not violate your segmentation strategy requires a good degree of visibility and automation.
4. Reducing internal breaches and the infiltration of malicious software(malware). This
internal defense requires significant involvement with individual devices
on a network, which creates greater overhead on network administrators.
*Risks
1. Malicious software, also known as malware,makes its way onto a network through
employees, contractors and visitors. Personal laptops, wireless gadgets,
and of course the USB flash drives, all these provide excellent vectors through which
malware can enter the workplace.
2. Hackers, worms, spammers and other security dangers of the Internet via LAN.
3. The various vulnerabilities on your network represent potential costs — time, money and assets — to your library. These costs, along with the chance someone will exploit these vulnerabilities, help determine the level of risk involved.
4. Since the cost of adding another Internet connection, increasing the speed of the current connection or purchasing complex network monitoring equipment might be too prohibitive, the library has a higher tolerance for a periodically slow Internet connection.
5. External flash drives and other media are also concern when those enters the network.
6. The lost or stolen handheld device poses some serious risks if not incorporated into your network security policy. Such devices are often capable of being formatted of all company content remotely in the case of theft or robbery.
*Security measurements:
1. Address Resolution
Protocol (ARP) spoofing, Denial of Service (DoS) attacks such as Tear Drop
or Ping of Death.
2. In addition, network administrators can form a policy whereby network
users are required to install and maintain anti-malware scanners in their devices.
3. Many tools exist to check the existing security state of your network. The Microsoft Baseline Security Analyzer, Nmap .
4. Risk assessment is a combination of both quantifying (the cost of the threat) and qualifying (the odds of the attack).
5. Firewalls.
6. Antivirus systems.
7. Intrusion-detection systems (Host-based IDS,Network-based IDS)
8. Port scanners.
9. Network sniffers.
10. A vulnerability scanner is like a port scanner on steroids.
*Unnecessary Ports
1. It is not easy to say which ports exactly but we should know that the service ports which are open among 65,535 ports and although not exactly sure what service is running , it is safer to check the port and close it as "A Closed Port is a Safe Port".
