Cybersecurity

Date: Oct 11, 2017
Category: Informative

1. Describe your vision for addressing the security requirements in the overall technical design of the ABC Healthcare network.

The overall technical design is presented by multiple layers that address security requirements of the company's network. With multiple users trying to use the company's system, the intrusion detection systems (IDS) and Intrusion prevention systems (IPS) are established to the internal local area network. These technologies analyze the traffic across the company's network in detail, compare each packet to a database of known attack profiles, and if unusual activity is detected, corresponding measures are taken. IPS automatically blocks harmful traffic. Trusted and non-trusted networks are segregated from internal LAN internet protocol addresses by a firewall at each point of entry. The firewalls are used to connect to the internet and ABC networks. Internet is used to connect remote users and business partners to the ABC network. Firewall will be connected inside and outside the network perimeter. This will control traffic by examining the source and destination of incoming and outgoing traffic and translate internal IP address to IP addresses that are visible to the internet.

The internal area network of ABC will protect the information of the company, therefore, minimum access will be granted to trusted and non-trusted networks. Outbound connections from internal LAN are permitted for internet browsing to trusted and non-trusted networks for general maintenance and administration of the system. The IDS sensor is positioned on the internal LAN to monitor all passing traffic. Implementation of IDS and syslog within the system will help with the centralized monitoring of systems and generally contribute to the HIPAA program.

The proposed network design for ABC health care is effective because it contains a lot of elements that are beneficial for the healthcare setting. The proxy solution presented for both email and browsing helps provide a central point of control and can enable a quicker response if a threat is realized. Furthermore, the implementation of both content filtering and virus scanning on the mail relay is a great solution. These advanced technologies identify and terminate attacks browsing the network through the firewall before damage occurs within the system. Network vulnerability assessment tools automatically check the network for vulnerabilities. They allow one to scan the system network regularly and thoroughly for recently introduced threats.

The presented approach as a way of addressing the security requirements in the overall technical design is very important in the healthcareenvironment. When a hacker or a person within the company tries to carry out an illegal activity and penetrates through one layer, he or she is blocked at another layer. It is the way defending the system against a wide variety of threats and attacks works. Important information is available on the internal network.

Installation of network-based antivirus on DMZ will compare incoming and outgoing emails with the company's database of virus profiles. Infected emails are blocked or quarantined and the recipients are notified. The layer design involves implementation of three distinct layers: mail gateway, internal mail server, and network client. Non-trusted network is best portrayed as Demilitarized Zone (DMZ), it is configured with a private IP addresses.

2. Discuss the way you will address requirements for system monitoring, logging, auditing, including complying with any legal regulations.

It can be implemented by setting up everyday jobs to run automatically, centrally managing the system and setting up an automated monitoring system. Internal networks will be designed with file transfer protocol servers. The usage of file transfer protocol which is a clear-text protocol will be closely analyzed in the healthcare environment for any prospective of transmission or storage of Electronic Patient Health Information; HIPAA rules have regulations which ensure that privacy and security are integrated in the system.

The log information generated by the system will be stored centrally for close monitoring and management by the central administrator. The access to the system will be tied to an individual user and not just an IP address. It is done to ensure individual accountability in case something goes wrong within the system. It can also be implemented in case information is tampered with before being sent or when being sent. This way the company will be in position to know who to hold accountable. Storing the information centrally enables a more effective monitoring and management of information, especially one that is confidential.

The use of syslog server on the internal local area network will make the system reliable when logging in remotely. Trusted and non-trusted zones will also be configured to log remotely. The use of internal syslog as the single point is the best case because it will enable central monitoring and alerting of the system. Features like swatch can be implemented in the system to monitor logs and send alerts to the system when certain alert criteria that are required are met. Central logging and alerting ensures that all servers are effectively controlled. This improvement enhances control by automatically monitoring logs and giving alerts when need arises. It also does not increase on-going staff effort because the system is automatic. Central logging and alerting will also enable the system to transfer IDS alerts with actual host logs, hence improve monitoring of the system and ensure that legal requirements are complied with.

Implementation of systems that comply with the set regulations

Through research and critical planning, which is done before implementing the network design into the system, compliance to any legal regulation will be achieved. Central logging into the system, user account management and use of systems that are fault-tolerant can also help support compliance with set regulations. Central logging complies with the set legal regulations because it supports accountability, and the privacy of patients' information is maintained. Use of fault tolerant systems will ensure efficiency in delivery and storage of information.

Through monitoring security-relevant events, the system will provide a record of accesses to the system, both successful and unsuccessful or denied. The ones that were successful will show who tried to access the system and what they were doing. Unsuccessful or denied access records will show whether the person was trying to carry out an illegal activity through the system like trying to get access to patients' records that are confidential. It makes possible to define whether it was a hacker or reveal you whether the person failed to access the system because of some difficulty which could cause the system failure to recognize their passwords because of wrong spelling, etc. It is significant because it will address the system requirement for auditing.

3. Describe how the system will identify and authenticate all the users who attempt to access ABC Healthcare information resources.

Identification is the method implying that a user of a system is required to provide his or her unique identity, which can have a form of a certain number, name, and characters, among others. The identity should be unique in order to differentiate a person from the rest of the users. Authentication is the process of relating a person or entity to his or her unique identity.

It can be implemented through a personal identification number or any other unique information that a person possesses.

Internal only users like nurses, remote users and business partners will be required by the system to log in into the company's computers using the company email address and the provided passwords. Business partners like banks and collection agencies will be required to use the internet banking system. The system will authenticate users, either by use of familiar username or password combination, physical form of authentication (for example, a card, or a USB key), or some combination of these approaches that are suitable for access to more sensitive parts of the network. The set password may be defined according to the department, location of the user, or the group to which a user belongs. It also promotes efficiency within the company and prevents the system from having multiple accounts and passwords.

Biometrics is an authentication system that employs physical characteristics of a person in order to authenticate the users' identity. It is a more secure form of authentication. Different users at ABC healthcare will be enrolled into the system by creating profiles for each of the internal users. This profile is based on different attributes, for instance, physical ones. The profile is then saved in the system and will be used by staff members like doctors when trying to access parts of the system that are restricted. When trying to access the system, the users are automatically authenticated by being requested to identify themselves by entering the login name or providing a company identification card and measurements of their physical attributes. For example, the system may request the person for his or her fingerprints

Data encryption by use of digital certificates and Secure Socket Layer (SSL) will help in ensuring that the data being transmitted across non-trusted networks remains confidential and is not tampered with by anyone. The company's security policy will address how confidential information like patients health information will be transmitted within the internal network and as well as in trusted and non-trusted networks. By the use of digital certificates, the system will identify the source and destination of information, which will also ensure that the information reaches the right person.

In situation where the user has to get access to different computers within the system to get information, the user will be needed to authenticate himself or herself on the first computer only and the first computer will pass the authentication information to other computers that he or she needs to access. It will require computers within the company network to be able to reliably handle the authenticated data. It also makes it easier for the user to get access to information, especially in cases when a doctor is handling an emergency and is in need of the patients' medical records that have been stored in the system. Standardization methods that may include Portable Operating System Interface and Open System Environment (OSE) can be incorporated into the system because they can greatly contribute to the goal of transparent authentication across different networks within the company. Hence, improvement of the job performance and ensuring efficiency is maintained.

4.Discuss how the system shall recover from attacks, failures, and accidents.

The first phase is recognizing the attacks and evaluating the extent to which the system has been damaged. It is through scanning for viruses by use of network-based anti-virus that scans emails and blocks or quarantines infected files. Finding out intrusion patterns is affected by use of the Intrusion detection systems (IDS) and Intrusion prevention systems (IPS) .These analyze the traffic across the company's network in detail, compare each packet to a database of attack profiles, and the IPS automatically blocks harmful traffic. The whole system is also automatically scanned after the viruses have been discovered and blocked. Other viruses that had attacked the system are detected and blocked or quarantined to enable the system recover from the attack.

The system being made up of multiple layers is able to be protected from attacks due to a simple technology. One layer cannot protect the system against every attack or threat. The layered approach provides the system with multiple lines of defense, hence being able to contain all the threats and attacks the system is faced with. The firewall manages the services authenticated users and applications are allowed to access. Intrusion prevention and detection systems monitor networks for the presence of threats or suspicious behavior and prevent particular types of activity that violate the rules and policies defined by the system administrator.

Installed network-based anti-virus on DMZ will compare incoming and outgoing email message content to a database of virus profiles. In order to prevent crashing of the system, the anti-virus blocks emails that are infected. Other emails are quarantined if they are suspicious. The system then notifies recipients of email and administrators about the suspicious or infected mail. This also prevents the viruses from spreading across the company's network and damaging other important files that belong to various users in the company.

Developing bit-for-bit backups of the entire system using new media like CD-R and DVD-R will enable information on the company computers to be stored and used when recovering data after an attack or failure of the system. Backing up of data should be applied often, for example, on a weekly basis, in order to ensure that the company has information that may be needed urgently when a system fails due to attacks from viruses or accidents.

By detection and isolation of damaged files or data infected by viruses via firewalls or through authentication the system is able to resist and recover from an attack. Consolidating and enhancing configuration of firewalls by increasing checkpoints will enable the system to recover from attacks. The problem of weak links which may appear due to constant attacks will solved by implementing the hub within the networks this will enable the system to gain traffic visibility in the case of a switched network.

The system will have a proxy solution present both in email use and browsing. The design provides a central point of control that will enable the system to generate a quick response if a threat or attack is realized. The implementation of both content filtering and virus scanning of the mail relay is a great solution to attacks and failures by the system. These highly developed technologies identify and terminate attacks on the network through the firewall before damage occurs within the system. The network vulnerability assessment tools will automatically check the network for vulnerabilities. They allow one to scan the systems network regularly and thoroughly for recently introduced threats and enable recovery of damaged data or protect the system from attacks like viruses.

5. Discuss how the system will address User Account Management and related security improvements.

It can be implemented, for example, by setting up of different accounts and multiple passwords that are used by the various groups of people. Setting of accounts according to departments or users, like internal users having their own accounts different from partners', will to some extent enable to control those who access various accounts. Disabling access to the system by removing an account from one or different locations enhances security instead of accessing the account from each server.

Implementation of the centralized account management system will address the user account management. This method is suitable for ABC healthcare because it unites many users, hence proper administration and storage of patients' information is needed. Centralization of management of accounts will help in limiting the number of accounts that will be used by the different users. It will also ensure that there is a systematic way in which information is passed through the system since specific accounts are set and used for different needs. This ensures efficiency is maintained and confusion is not brought about because of the existence of multiple accounts.

The network address translation and IP filtering operate like firewalls; they protect the internal network from hackers and other intruders. IP filtering enables the IT experts in the company to control IP traffic which enters and leaves the company network. It filters packets according to the rules set by the company that address security issues of the system and help in improving traffic. Network address translation, on the other hand, will help lessen the IP address exhaustion problem because many addresses that are private will be represented by a set of registered addresses, which is small. It will also help in controlling the number of user accounts within the system and filter accounts that are not active or were illegally set by some of the internal users without being authorized by the administration.

Information of newly hired employees or new users and partners will be entered into the system. Those employees who retire or resign as well as partners whose contracts may have ended will be deleted or terminated from the system. Using of a schedule to capture all employee information and updating of the directory for active members will be affected by the system. Exchange mailbox and new accounts are created for new users and they are assigned to their respective group profiles based on the user group which they fall to. Automatic deleting of inactive accounts such as those belonging to people who have resigned or those whose employment was terminated is also provided by the system.

Carrying out several customizations that will suit the particular needs of ABC healthcare such as categorization of exchange mailboxes according to different users and setting up of accounts according to the different user groups ensures that mailboxes are created within the correct mail server. The system will also place users into their respective groups automatically according to their location, department and other factors. Information is fed into the system weekly to ensure that the system has the correct information. Automatic updating of the information is done on a daily basis to ensure the system is up-to-date with whatever is happening in the company.

Self-service password reset will be implemented within the internal network system to enable easier access of the system by internal users. This service will be put in place to work with technologies like standard Windows credential provider when the user is logging into the computer, for accessing the internet or websites by users who are working outside the network and Outlook web for emails. Setting up of security questions that will be given to users as they reset their passwords is crucial to ensure that the person resetting the password is the owner of the account. The system will also require users to reset their passwords after a certain period of time as a measure of ensuring that security is maintained and for easy user account management. Resetting of password will also prevent time wastage by employees who tend to forget their password and have to call the IT expert or Help desk to remind them of their password hence promoting efficiency.