Use The Internet Or Intranet

Published Date: 02 Nov 2017

There is a great deal of data will store in the server. All of the center’s staff will access the data through their company computer. The data storage security setting and the user behaviors controlling will be the big issue for the data protection.

For the user behaviors, they may not have the alertness to keep the data safe. It includes the users use the portable storage device to copy the data, the user open the residents personal information and left their seat without lock their screen, etc. These behaviors may cause the data leakage. In order to protect the data, we should concentrate in three major issues, the security of data storage on server, the security issue of the users connects from neighborhood centers and the staff uses the mobile device to remote working.

For the security of data storage on server, we should increase our network security to protect the central servers. A firewall is a necessary for the network. We should set the firewall rules carefully to close all the unnecessary port to decrease the vulnerabilities and limit the client access only from the dedicate subnet or computer MAC address. It can control the known subnet or computer to access the central servers. The folder structure is also important for the server security, we should build the folder structure clearly and assign the folder permission to the different group’s user. This is very important to make sure the different group’s user can only access to their group folder. We also need a data backup device to backup the server data and keep the data in offsite. If the users delete the data carelessly or a disaster happens, we can use the backup device to recover the data.

For the security issue of the users connects from neighborhood centers, the IT department should prepare a policy about how to use their computer and how to use the server. The policy details should include: the staff should lock their screen after they left seat to prevent the unauthorized persons to access the confidential data; the staff should set a strong password to prevent others can guess their password easily; the portable USB device must forbidden using in the office to prevent the user copy the data to outside. The IT team should set the daily schedule for the antivirus and Windows updates to keep the staff computer have a fully protection.

For the use of mobile devices while remote working, the user must only allow to connect the server after they connected their mobile device to VPN. The IT team will gathering the user mobile device’s MAC address and create the mobile device allow access list. The access right will only grant to the mobile devices that included in the list. It can prevent the unknown devices to access the server. The VPN should force to logout their session after their connection have been idle for 15 minutes. It can prevent the staff have lost their mobile device and the system can automatically to logout their connection to avoid the unauthorized access.

Besides the above 3 plans to protect the data, there is an alternative method to protect the data by using the redundancy hardware to keep the data safe. The hardware can include a backup server to run the real time synchronization and a raid one setting for two hard disks. The redundancy server keeps synchronizing the data from the main server. Once the main server has been down, the redundancy server can replace the main server immediately. The raid one setting is for the hard disk redundancy, both of the hard disk will keep the same data. Once one of the hard disk failure, the other one still can keep the server run normally and there is not data lost when one of the hard disk failure.

Create authentication methods, data security methods and ongoing network monitoring plans

The user authentication methods are the more important factor to protect the data security. I will suggest using the multi-factor authentications. The multi-factor include user name, password and a token. A login name and password can provide a basic authentication for the user, a token can generate the random key to authenticate by the server. If the unauthorized person has got the staff’s login name and password, they still need the token to generate the key to connect to the server. By combining these three factors to authenticate the users, it is a high security level for the login method and a feasible method for the company to achieve it.

The other high security authentication method is Biometrics, the Biometrics method is using the fingerprints, retinas, hand measurements, irises etc. Every person has their unique biometrics body for the authentication. It is the higher security authentication than other methods. But using the biometrics will face a lot of the problem, it includes hardware cost, privacy problem and difficult to achieve in our situation. The hardware is always expensive for the biometric system, the company need to pay the extra higher cost to implement the biometric method.

For privacy, the privacy ordinance had forbidden the company to collect the employee’s fingerprint. Consider the above situation, the Biometrics method is not suitable for the town council.

For the security of data transmitted concern, I suggest to use the VPN connection method to ensure the privacy and security of data transmitted when working remotely and from the neighbourhood centers. The VPN establish a secure communications channel between two public internet network, the data transmits through VPN will be encrypted. For the neighbourhood centers, it only need to set the IPSec in both firewall for the VPN, there is no setting needed in staff's company computer, it do not cause any unconvinced for the staffs. For the staff that working remotely, they only need to create the PPTP connection once, it is easily to configure for them. For the hardware requirement, the VPN only needs the headquarters firewall or router to establish the VPN connection to the neighborhood’s firewall or router, our existing firewall can support the VPN service, there is no further hardware need to purchase. Consider to the cost and the effect for the client, VPN is the best choice for our company to implement.

A lease line can be considered as an alternative method for data transmission solution.

The lease line service provided by the Internet Service Provider, they use the lease line to connect two site's networks as an internal network. It can provide the reliable service between two sites. But the lease line are an expensive option to connect headquarter and neighborhood’s centers. Every neighborhood centre need a lease to connect to headquarter, there are 5 lease lines needed for our environment. We need to pay the lease line cost to the ISP every month, the running cost is very expensive for us. Besides, the lease service cannot be used to the staff if they working remotely. Consider the lease line and VPN, the VPN is the most suitable for our environment.

There is always having the vulnerabilities in the network. In order to monitor and remove the vulnerabilities, we should use the hacker's thinking and methods to check our network regularly. We should scan all of our network port and close the unnecessary port. The firewall rule should only allow to the known services and keep others close until the management has a request to allow it. The network engineer should check the log frequently to see any unknown IP to connect to our network. If the IP is unknown, they can block the IP to prevent the hacker to access to our network.

The plans I have designed that are base on the town council's situation. I have considered the cost, hardware requirement and the user's need. I have used the policy to control the user behavior and use the existing hardware to establish the VPN for the data protection.

These methods are popular and easy to implement in the town council. In order to write this report, I have gathering a lot of information about the network security. I have a detail understanding about the user authentication, data transmitted method and the controlling about the user behavior. After this report, I learn how the data protection is important for a company.

We should spend more resource to improve the security of the data protection. The internet can bring a lot of convince for people, but also can be a disaster to a company, we should never ignore the security of the network.