System Administration: Audit Policy and Security Guidelines Proposal

Verified

Added on 2023/05/27

AI Summary

This report provides an overview of system administration, focusing on audit policies and security guidelines for Rouge Company. It discusses enabling audit login for Windows Server 2012 to track access and changes, emphasizing the importance of monitoring event log details. The report also proposes security measures, including network security protocols, remote access guidelines, and wireless security protocols to protect against threats like hacking, misuse, and malware. Key recommendations include implementing firewalls, anti-malware software, intrusion detection systems, and network access controls, alongside well-defined business continuity plans and policies for company resource usage. The guidelines also detail securing remote access with encryption and disabling unnecessary services, as well as using secure authentication protocols and encryption for wireless networks.

WEEK 8: SYSTEM ADMINISTRATION
(Student’s Name)
(Professor’s name)
(Course)
(Date)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Introduction
This week paper addresses audit policy which monitors event log details. In addition, this
paper proposes security guidelines for Rouge Company.
Part one: Audit Policy
For windows server, 2012 audit login is usually enabled by default for failure ad success.
Windows system audit enables one to track both attempted and actual access and the changes to
the objects. It also enables one to verify policies which one has put in place so as to secure the
organization network infrastructure. With auditing, one is able to track modifications to the
sensitive user accounts via the access of sensitive folders and files. For windows server, 2012
advanced audit policy is done via group policy objects as shown by figure one screenshot below.
The audit group policy settings contain various settings such as account Logon, DS Access,
Logon/Logoff, policy change, global Object Access Auditing, account management, and detailed
tracking (Matthews, 2014).
By implementing an audit policy, the windows system will be in a position to determine
the type of information about the organization system. With audit logon events policy it will
enable the system administrator to track all attempts made to the domain user account. At the
workstation level, this policy is able to record any attempt which uses a local account which is
stored in computer security account manager. With the audit process tracking policy, an
organization is able to track each and every program which executed by either the user or the
system. The system administrator is also able to determine the duration in which a program as
open. With audit directory service access policy, one is able to provide a low-level audit trail of
changes to the objects in Active Directory (Ferrill, 2015).

Part two: Corporate Proposal V: Security Guidelines
Importance of network security
Network security is the protection of hacking, access, misuse, and hacking of the
organization directories and files. Some of the known and common threats include adware,
identity theft, viruses, and worms. These threats are grouped into unstructured and structured
threats. Structured type of attack is a type of attack where a computer scientists uses advanced
computer skills to intentionally carry out a certain attack. Unstructured type of attack carried by
an individual who does not understand who they are targeting. The individuals use tools which
can be found very easily.
The Company Security Guidelines
When an organization talk of network security concerns and plans they always need to
focus on the security needs rather return on investment. Second, the organization should never
assume network attacks. Another security concern is that an organization should develop and roll
out security strategies with every employee in the organization. The construction company ought
not to confront organization network security concerns in a piecemeal approach; the organization
ought to employ a single and unified strategy that protects the whole organization network. In
addition, the organization ought to find a balance between security and usability.
The construction Company needs to lock all the doors to the server room and install
CCTV surveillance system to control physical access to the network resources. In addition, the
organization need to use a firewall; this is the first line of defense as it provides a barrier between
cybercriminals and the organization data. Also, the organization needs to install anti-malware
software such as Kaspersky’s to prevent the organization from phishing types of attacks. The
construction company also needs to deploy detection systems and network intrusion systems. In

addition, the organization needs to use a network access control so as to ensure endpoint
security.
In respect to network risks then appropriate controls with network risks are having a well-
laid business continuity plan and sufficient policies that govern the usage of company resources.
Additionally, changes must be made in an authorized manner (Boddenberg, 2016).
Remote access security guidelines
1. Rouge Company need to secure all its remote access and they must be controlled
strictly with the standard encryption.
2. All the authorized users are to protect their password and login even from their family
members
3. While using Rouge company owned computer to remotely connect to company’s
network, the authorized is to ensure that there are not connected to any network at the
same time
4. When using external resources to conduct Rouge company business it must be first
approved by the company CEO
5. Services such as dynamic trunking, discovery protocol are to be disabled
Wireless security guideline
1. Rouge company is to use extensible authentication protocol through Secure
Tunneling as the authentication protocol
2. The company is to use Temporal Key Integrity Protocol (TKIP) or what computer
scientists refer to as Advanced Encryption System protocol with a minimum of a key
length of 128 bits
3. All the Bluetooth devices are to be secured simple pairing with encryption enables.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
Boddenberg, U. B. (2016). Windows Server 2012 R2. Bonn Rheinwerk 2016.
Ferrill, P. (2015, October 29). The best new features in Windows Server 2016. Retrieved from
ComputerWorld: https://www.computerworld.com/article/2998888/virtualization/the-
best-new-features-in-windows-server-2016.html
Matthews, M. S. (2014). Windows Server 2012. Networking, II(1), 45-89.