Recommendations for Best Practices
Part 2: Section 6: Recommendations for Best Practices
Recommendations For Best Practices
The organization must understand the OSI Model, different types of network devices, network defenses, network segregation, proper placement of security devices, network address translation, avoiding disabling personal firewalls, centralized logging, and immediate log analysis as best practices for network security. The organization should comprehend the devices that make up the network in order to build and protect it (Yu et al., 2019). Hubs, switches, routers, bridges, and gateways are the various categories of network devices. Also, the company may protect its network by implementing the right tools and solutions. Firewalls, intrusion detection systems, intrusion prevention systems, network access controls, web filters, proxy servers, anti-DDOS, load balancers, and spam filters are among the most popular and efficient network defenses. (Part 2: Section 6: Recommendations for Best Practices)
Network segmentation includes dividing the network into zones, which are logical or functional components. For instance, the company might have distinct technical requirements for its sales, technical support, and research zones. It can do this by employing switches, routers, or virtual local area networks (VLANs), which are made by setting up a switch’s ports to act like different networks (Netwrix Corporation, 2022). Segmentation restricts the scope of what could be affected by a compromise to that particular area. In essence, it separates one target into several, giving attackers the option of treating each part as a separate network or compromising one and trying to cross the gap. Neither option is desirable. Since the attacker must breach each section separately, treating each segment as a separate network entail much more work and significantly increases the attacker’s risk of being found. Attempting to jump from a compromised zone to other zones is challenging. The network traffic between the segments can be limited if properly constructed (Netwrix Corporation, 2022). Data classification and data protection also benefit from segmentation. Each segment may be given a different set of data categorization rules, configured to the proper level of security, and after that, monitored.
The company must choose where to put each device as it develops its network segregation strategy. The firewall is the simplest device to install; the company should install a firewall at each network zone intersection (Anwar et al., 2021). A firewall ought to be installed on every section of the network. All current switches and routers have firewalls (Anwar et al., 2021). These features only need to be enabled and properly configured by the company. An anti-DDoS device should also be placed on the perimeter so that the company can thwart DDoS attacks before they spread throughout the network. The company should have a web filter proxy behind the primary firewall that serves the public network. (Part 2: Section 6: Recommendations for Best Practices)
Another network security best practice is using network address translation. The company can make up for the IPv4 networking address shortage via network address translation (NAT). Private addresses (internal to a specific business) are converted into routable addresses on open networks like the internet through NAT. For instance, NAT is a technique for using a single IP address to link numerous computers to the internet or any other IP network (Netwrix Corporation, 2022). NAT works with firewalls to add an additional layer of protection to an organization’s internal network. The protected networks’ hosts typically have private addresses that allow them to connect with the outside world, but external systems must pass through NAT boxes in order to access internal networks. Additionally, the company can adopt centralized logging and immediate log analysis. The company should keep track of erroneous computer events like logins and other suspicious activity (Netwrix Corporation, 2022). With the aid of this best practice, the business will be able to reconstruct what took place during an attack and take action to enhance its threat detection system and effectively stop attacks in the future. (Part 2: Section 6: Recommendations for Best Practices)
Why the Proposal Should be Accepted as Best Practices for the Organization
Financial institutions are a lucrative target for cybercrime and network infiltration because of the money. Individuals working outside and inside the banks will likely take advantage of the many vulnerable links in the network architecture and security chains. JP Morgan is a financial institution that is highly vulnerable to security attacks as hackers and malicious individuals seek to access financial account information. This proposal offers a robust analysis of JP Morgan Chase Network Architecture, data management and protection, risk assessment, digital evidence controls, computer forensic analysis, and file recovery, and recommends best practices to ensure network security. The proposal seeks to help the company be more secure by integrating technology and awareness best practices because more than technology is needed to solve network security issues and the cybercrime problem efficiently and effectively. It provides insights into how the company can ensure consumer and organization data security through data management and protection and risk assessment techniques. Most importantly, it suggests to the organization how to protect itself from insider threats by adopting detection strategies, multi-factor authentication, and other preventative measures like system hardening and monitoring of users and networks. These insights are adequate to convince JP Morgan Chase to accept this proposal. (Part 2: Section 6: Recommendations for Best Practices)
Refences
Anwar, R. W., Abdullah, T., & Pastore, F. (2021). Firewall best practices for securing smart healthcare environment: A review. Applied Sciences, 11(19), 9183.
Netwrix Corporation. (2022). Network security best practices. https://www.netwrix.com/network_security_best_practices.html
Yu, Q., Ren, J., Fu, Y., Li, Y., & Zhang, W. (2019). Cybertwin: An origin of next generation network architecture. IEEE Wireless Communications, 26(6), 111-117.