Scribd
Upload
20K views

Creating A Company Culture For Security Design Document

Authentication can be done through user ID and password, social login, or biometrics to verify a user's identity and grant them access. Various methods are used to secure external and internal websites, provide remote access solutions, configure firewalls and VLANs, and protect laptops and detect intrusions on systems containing customer data. Security policies outline recommended authentication, authorization, encryption, and traffic filtering techniques.

Uploaded by

Kazu Kato
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
20K views

Creating A Company Culture For Security Design Document

Authentication can be done through user ID and password, social login, or biometrics to verify a user's identity and grant them access. Various methods are used to secure external and internal websites, provide remote access solutions, configure firewalls and VLANs, and protect laptops and detect intrusions on systems containing customer data. Security policies outline recommended authentication, authorization, encryption, and traffic filtering techniques.

Uploaded by

Kazu Kato
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Authentication:

authentication can be done by using the user id and password, by using social
sign in or by using the biometrics. Authentication means verify the user who
they claim they are and to grant them access.  
Authentication works as follows:  
Prompting the user to enter the credentials.  
Send the credentials to the authentication server.  
Match the credentials.  
Authorize the user and grants the access
External Website security:  
External Website security is important to protect the website from hackers,
electronic thieves and to prevent security breach.  
Use of firewall.  
Implement the access control.  
Use of MVC (Model View Controller) to create different view for different type
of user.  
Use of encryption.  
Use of SSL certificate.
Use of security plugins.  
Implement tools and techniques for backup and disaster recovery.  
Use of network monitoring team.  
Internal Website security:  
Use of authentication to identify the user identity.  
Use of authorization to provide different user with the specific privileges and
access.  
Encrypt or hide sensitive web pages.  
By implementing IT policies.  
Educate the user about the website.  
Remote Access Solution:  
Remote access provides better security, cost efficiency, ease of management,
and increased availability.  
Remote access can be deployed by using the RAS gateway (single tenant or
multi-tenant):
VPN(Virtual private network), BGP(Border gateway protocol), hyper-V network
can be used to provide the remote access.  
Remote access can be provided by simple configuration. Remote access
involves enabling user, managing their access, protecting the assets, use of
remote desktop protocol and managing server sessions, remoteApp and
personal and pooled desktop.  
Firewall and Basic rules recommendations:  
Firewall is important for managing the traffic and providing external website
security.  
Rules to prevent SQL injection and XSS.  
Allow only the specific type of traffic.  
Use access rules for IP security.  
Implement certain IT policies.  
Can implement their own rule.  
Wireless Security:  
Nowadays Wifi is being used in every organization and it prevents the network
from malicious and unauthorized access.  
Wireless security can be provided by the use of encryption, decryption,
authentication and authorization.  
VLAN configuration:  
VLAN are important for traffic filtering and providing the logical division of the
network.  
VLAN can be configured for web interface and can provide web filtering.  
In the following manner VLAN can be configured for web interface:  
Switching => VLAN => Advanced => VLAN Membership  
Switching => VLAN > Advanced => Port PVID Configuration.  
VLAN web filtering:  
VLAN can be configured between router and firewall, router and gateway,
router and switch and by doing so one can filter the web traffic that passes the
network.  
Laptop Security Configuration:  
Use of password, VPN and registering the laptop by their MAC address will
provide laptop security. Use of security tool for local machine is also a good
option. Use of device level authentication by using local username and
password is also a good idea.  
Application policy recommendations:  
Application policy includes use of cookies, social media integration, access
control, generating notifications and implanting other organization and IT
rules.  
Security and privacy policy recommendations:  
It includes the list of security methods to be implemented for traffic filtering, IP
spoofing, user authentication and other specific policy for the website.  
Intrusion detection or prevention for systems containing customer data:
IPS is implemented behind the firewall and it matches the incoming traffic
against the security policies. It matches the signature and handles the
intrusion if any and generates the log and alerts for the same.  
IDS goal is to identify malicious traffic before it can proceed further into the
network. It generates alerts and notification so that the network monitoring
team can look after the intrusion.  
Use of anomaly based detection and prevention system is the better choice.
Sistem otentikasi:
Otentikasi dapat menggunakan ID pengguna dan kata sandi, login sosial, atau biometrik.
Otentikasi berarti memverifikasi siapa yang diklaim pengguna dan memberikan akses.
Otentikasi berfungsi seperti ini:
Meminta kredensial kepada pengguna.
Kirim kredensial ke server otentikasi.
kredensial yang cocok.
Otorisasi pengguna.

Keamanan situs web eksternal:


Keamanan situs web eksternal penting untuk melindungi situs web Anda dari peretas dan
pencuri elektronik dan untuk mencegah pelanggaran keamanan.
Menggunakan firewall.
Menerapkan kontrol akses.
Menggunakan MVC (Model View Controller) untuk membuat tampilan berbeda untuk tipe
pengguna yang berbeda.
Menggunakan enkripsi.
Menggunakan sertifikat SSL.
Menggunakan plugin keamanan.
Menerapkan alat dan teknik pencadangan dan pemulihan bencana.
Penyebaran tim pemantau jaringan.

Keamanan situs web internal:


Penggunaan otentikasi untuk mengidentifikasi identitas pengguna.
Gunakan hak istimewa untuk memberikan hak dan akses ke berbagai pengguna.
Mengenkripsi atau menyembunyikan situs web sensitif.
Melalui implementasi kebijakan IT.
Mengajarkan pengguna tentang situs web.

Solusi akses jarak jauh:


Akses jarak jauh menawarkan keamanan yang lebih besar, efektivitas biaya, administrasi yang
lebih mudah, dan ketersediaan yang lebih tinggi.
Akses jarak jauh tersedia melalui RAS Gateway (penyewa tunggal atau multi penyewa).
VPN (Virtual private network), BGP (Border gateway protocol), jaringan hyper-V dapat
digunakan untuk menyediakan akses jarak jauh.
Konfigurasi sederhana dapat menyediakan akses jarak jauh. Akses jarak jauh termasuk
mengaktifkan pengguna, mengelola akses, mengamankan sumber daya, menggunakan log
desktop jarak jauh, mengelola sesi server dan aplikasi jarak jauh, dan banyak lagi.

Rekomendasi firewall dan aturan dasarnya:


Firewall penting untuk mengelola lalu lintas dan menyediakan keamanan untuk situs web
eksternal.
Aturan untuk mencegah injeksi SQL dan XSS.
Hanya mengizinkan jenis lalu lintas tertentu.
Menggunakan aturan akses Keamanan IP.
Menerapkan kebijakan IT tertentu.
Dapat menerapkan aturan mereka sendiri.

Keamanan nirkabel:
WiFi sekarang digunakan oleh semua organisasi untuk melindungi jaringan mereka dari akses
berbahaya dan tidak sah.
Keamanan nirkabel dapat diberikan menggunakan enkripsi, dekripsi, otentikasi, dan otorisasi.

Rekomendasi konfigurasi VLAN:


VLAN penting untuk memfilter lalu lintas dan menyediakan berbagi jaringan logis.
VLAN dapat dikonfigurasi untuk antarmuka web dan dapat menyediakan pemfilteran web.
VLAN antarmuka web dapat dikonfigurasi dengan cara berikut:
Beralih => VLAN => Lanjutan => Keanggotaan VLAN
Beralih => VLAN > Lanjutan => Konfigurasikan port PVID.
VLAN Web Filtering:
VLAN dapat dikonfigurasi antara router dan firewall, router dan gateway, serta router dan switch
untuk memfilter lalu lintas web yang melintasi jaringan Anda.

Konfigurasi keamanan laptop:


Menggunakan kata sandi, VPN, dan mendaftarkan laptop Anda dengan alamat MAC akan
memastikan keamanan laptop Anda. Menggunakan alat keamanan di komputer lokal Anda juga
merupakan pilihan yang baik. Kami juga merekomendasikan penggunaan autentikasi tingkat
perangkat dengan nama pengguna dan kata sandi lokal.

Rekomendasi kebijakan aplikasi:


Kebijakan aplikasi mencakup penggunaan cookie, integrasi media sosial, kontrol akses,
pembuatan notifikasi, dan penerapan aturan organisasi dan TI lainnya.

Rekomendasi kebijakan keamanan dan privasi:


Ini berisi daftar metode keamanan yang diterapkan untuk penyaringan lalu lintas, spoofing IP,
otentikasi pengguna, dan kebijakan situs web lainnya.

Deteksi atau pencegahan intrusi untuk sistem yang berisi data pelanggan:
IPS diimplementasikan di belakang firewall dan memeriksa lalu lintas masuk terhadap kebijakan
keamanan. Mencocokkan tanda tangan untuk menangani penyusup dan menghasilkan log dan
peringatan.
Tujuan dari IDS adalah untuk mengidentifikasi lalu lintas berbahaya sebelum diarahkan lebih
jauh ke jaringan. Hasilkan peringatan dan pemberitahuan untuk membantu tim pemantau
jaringan Anda bertahan melawan penyusup. Menggunakan sistem deteksi dan pencegahan
berbasis anomali adalah pilihan yang lebih baik.

You might also like