Reference no: EM133244811
Case: Analyze the post below to determine the effectiveness of their resolutions to control network access implementations. Specifically, focus if the role-based access control has been appropriately handled, Network Monitoring and necessary alerts, and web filtering capabilities to mitigate the issues associated with the control measures and vulnerabilities in a medium-sized insurance company that has suffered some breaches. Please provide reasons why this is a good strategy or add additional steps that can be taken to make the network access more secure.
Under RBAC, users' access privileges are determined by the job responsibilities to which they are assigned. For instance, a worker in the marketing department may have access to data on the network that is connected to marketing, but they may not have access to data that is linked to accounting. Access is allowed to the job rather than the person being sought. Instead, they would do their duties as a member of the accounting department, with the amount of access that would be appropriate for that role. If RBAC were to be installed on their network, All County Insurance would be able to control the volume and kind of information that its field agents may access to make sales of insurance policies.
After these occupations have been formulated, people must be allocated to them, and the access permissions of that person must be modified so that they correspond to the level required for the role. To put it another way, positions are not based on specific people but rather on the actions that people engage in for a living. Access privileges are provided to employees according to their positions rather than the duties specifically suited to the individual. One of the most often used RBAC implementation platforms is Microsoft's Windows Active Directory. Active Directory administrators can create user groups and assign individual access rights to each group. Active Directory also allows administrators to delegate access capabilities to individual users. Access point security is very essential in this scenario since it seems that All County Insurance places a substantial amount of reliance on field agents to make sales. The people who operate in the field using mobile technology, such as cellphones, laptops, and tablets, are referred to as field employees.
To get started, I would draft a mobile device security policy that defines the regulations and guidelines that workers are expected to follow while using mobile devices provided by their employer. Second, I would enforce a bring-your-own-device (BYOD) ban, even though some people have objected to the idea. Since I am an administrator and am required to have complete control over all the County Insurance servers, I do not want any devices to be able to access them. If it were up to me, I'd implement stringent password regulations for mobile and non-mobile devices.
On each device, antivirus and antimalware software that can perform automatic updates will be installed. In conclusion, I would mandate that all devices use a two-factor authentication system, and I would mandate that all domain access take place over a virtual private network tunnel (VPN). The last step is developing a system that can identify unauthorized access attempts and block such attempts. The most prudent course of action would be to set up an intrusion detection and prevention system (IPS).
An intrusion prevention system, also known as an intrusion prevention system (IPS), differs from an intrusion detection system, also known as an intrusion detection system (IDS), in that IDS only detects abnormalities and may be configured to alert IT, professionals. In contrast, an IPS can take preventative measures to counterattack assaults while also alerting employees. When brought together, these ideas have the potential to eliminate any existing access worries that All County Insurance may have while also delivering a high degree of data security.