Week 8 Paper

Windows Security Model:
NextGard Technologies
American Military University

Introduction
The purpose of this paper is to outline policies, standards, and procedures to improved NextGard’s Technologies organizational network. By implementing a successful security strategy we will give recommendations and guidance in areas of Access Control, Cryptography Methods, Malicious Virus Countermeasure, Monitoring and Analysis, Proxy Server and Internet Access Control to NextGard Technologies. All implementation outlined in this model should be used across all NextGard’s Technologies location, networks, and devices to better secure of information and protection against attacks. We will also provide NextGard with an awareness programs ensuring Nextgard’s 250,000 employees are up to date on cyber awareness. This model will improve over organization security, and protection of information NextGard provides to its customers.

Access Control Limiting access control to NextGard’’s operating systems should be top priority. Attackers need a means to connect to a network to gain access to information, if their means to access the network it block then NextGard’s information and data is greater secured. Implementing a Access Control List is a set of specifies entries given to a trustee that tells an operating system which access rights each user has to a particular network system object such as a directory. The access control list is a secure measure used to limit the user’s ability to read, write, and make changes to files, and documents.
The approach recommended to use is for Access Control is AGULP:
Accounts- Create separate user accounts for each user adds an extra step of security.
Global Groups- Adding each user to a global group account according to their share attributes, the attributes can be geographical or functional.
Universal Groups- Adding Global groups to Universal groups or groups that are defined for users in any domain in Active Directory.
Local Groups- Adding Universal groups to Local groups on computers that contain resources NextGard wants to secure.
Permission- Defining permissions to local groups used for secured recourses or objects.
This policy is much easier to maintain, while reducing the number of Access Control Lists required for each subject or object. (Solomon & Microsoft Corporation, 2011, p. 65) There are two essential parts to Access Control, which are Access Tokens and Security Descriptors. Windows prompts the user to enter identification and authentication credentials, which can either be username and password or smart card. (Solomon & Microsoft Corporation, 2011, p. 44) These credentials are associated with an access token that provides users logs on, groups, and privileges to secure objects and control the ability of the user to perform various system related operation. ("Access Control (Windows)," n.d.) The second part of the Access Control is Security Descriptor which associates data that contains the security information for a securable object. ("Access Control (Windows)," n.d.) Every file, folder, or document must have a Security Descriptor that identity the owners and primary groups.
Cryptography Methods Securing data and files on ones computer is more important than ever, Windows offers a few different types of encryption methods for users to secure data on their computer. NextGard’s Cryptography methods implementation will better secure information from thief, loss and hacking. By scrambling the content, it becomes unreadable, the admin who encrypted the data must use a password to unscramble the data to be able to read the data, so without the password anyone who attempts to read the data will only see scramble content. Windows offers a very user friendly feature that does not required any other add-on’s to be able to easily encrypt data. Encrypting File System (EFS) allows users to encrypt files or entire folders by selecting a check box on the objects properties page. The object owner inputs a password called symmetric key that provides fast encryption and decryption of data. (Solomon & Microsoft Corporation, 2011, p. 73) Encryption File System work well for files and folders, but if hard drives need to be secure, Bitlocker could be used to help protect all files stored on the operating systems drive. BitLocker encrypts the entire drive unlike Encrypting Files System (EFS) which enables to encrypt individual files. BitLocker has two setting on and off, allowing files to be automatically encrypted when added to operating systems drive. BitLocker operation modes rely on the computers Trusted Platform Module (TPM) microchip to manage and protect, when the computer is starts BitLocker asks TPM for the key to the drive and unlocks it. NextGard offices have satellite employees that have a combination of desktops, mobile computers and wireless devices, so we recommend Bitlocker To Go, an extension of BitLocker, it allows users the same protection for content on removable storage drives that have been protected with BitLocker. One problem user’s face is transporting sensitive data from one computer to another. Like BitLocker a password is required to open the removable storage drive once opened, without this password the storage device will not open any data stored within it.
Malicious Virus Implementation The best form of protect against malware is antivirus software, and anti-spyware. Software like this is designed to detect and remove malware before entering one 's computer system and causes irreplaceable damage. Antivirus software role is to help detect, mitigate and remove forms of malware, most commonly viruses, worms, and Trojan horses. The method of identifying malware is comparing known malware code call signature that identifies any copies of malware on a system. Anti-spyware primary target is spyware, it helps detect and mitigate malware. Though many antivirus software products include components of anti-spyware there are many cases that anti-spyware soft in conjunction antivirus can identify many more possible risk to your computer then just an antivirus. It is also just as important to regularly update the software, as the scan uses signatures or codes from malware to spot potential new threats. It is reported that around 70,000 new viruses, Trojans and other malware are introduced every day. Once a malware is detected on a system, it can be challenging to remove, so additional steps may be needed. Disconnecting the infected computer from the network, download one alternate anti-malware software using another computer, install additional products on the infected computer, using tools to scan, and follow instruction to remove and detected malware. To best protect a computer, it is suggested to regularly scan your computer, update anti-malware and use more than just antivirus software, restrict software installation and limit web browser function. The protection of our computer is crucial, we store more personal information then very on our personal computer, things such as passwords, banking, and medical information all at the finger tips or potential threats.
Monitoring and Analysis Implementation Routine monitoring and analysis on all systems will allow NextGard server hardware components to perform at their best. Performance monitoring and analysis tools give insight on areas that potential need improvement. Planning a solid monitoring and analysis strategy that collects enough information, collecting much information will slow down computers and wastes disk space. First we recommend creating an initial baseline starting point for each computer that will represent a secure point. After the initial baseline is set, we will have a clear picture of a secure system to be able to use for profiling. Profiling is comparing computer configuration to the known baselines. (Solomon & Microsoft Corporation, 2011, p. 136) For this analysis it is recommended using Security Configuration and Analysis (SCA) which Microsoft provides in Windows. This tool will allow you to analysis computers and compare it to baseline setting. The SCA stores baseline settings in a security template that give quick easy access to compare analysis too. Creating NextGard’s own organizing security policy will be secure its systems while using temples is good means to a baseline, it could be difficult as the number of configuration roles and options grow. Using Microsoft Management Console (MMC) will allow NextGard to create and manage their personal security temples, also will allow for editing of Group Policy Object (GPO) setting. We will also suggest using Microsoft Baseline Security Analyzer (MBSA) which provides a utility to evaluate computers in accordance with Microsoft security recommendations. MBSA checks to ensure the operating system and current Microsoft software are up to date. It not only identifies problems, but also ranks them by severity and provides recommendations to fix each one. (Solomon & Microsoft Corporation, 2011, p. 142)
Proxy Server With so many employs who have access to a wide range of device, all of which are able to connect to the internet that NextGard provides will presents a possibility of attack. Securing the two main proxy servers and internet access is a critical part of NexGard Technologies implementation. One of the most common attacks comes in the form of man-in-the-middle, someone who tries to gain access to servers by using remote access. Securing the traffic flow by added Firewall setting will filter unauthorized traffic on a network. Filters should exist at all network boundaries and between segments to control network ingress and egress. (Solomon & Microsoft Corporation, 2011, p. 194) Firewall rules should be appropriately set to block suspicious traffic, the security of the server depends on how well the Firewall rules are set, we recommend a standalone Firewall to prevent attack before it reaches the server. Place all Internet-facing servers in the Demilitarized zone (DMZ) a convenient place for Web servers, File Transfer Protocol (FTP) servers, or any servers you want unauthorized users to access without being able to get into your trusted network. Network address translation (NAT) hides the true IP address of internal computers from outside nodes

The attackers are contently trying to find way to breech networks to gain information; they are regularly updating their tactics. To stay up to date with them, NextGard will need to routinely install the latest security patches to be able to be one step ahead of the enemy. Security patch are a critical component of hardening an operating system. Administrators only need to configure automatic downloads, and install updates from Microsoft regularly. NextGard will need to require a strong authentication by implementing security identity management. Using strong passwords, with a minimum charter number, and password expire policies in which a administrator can easy apply in Group Policy Objects for each user.
Security of NextGard
Hardening of an operating system requires many layers of protection, each with its own defense. Antivirus software is one of the first lines of defense, scheduling automatic scans and updates are vital to antivirus. Regular updates are a crucial part of security, not only for antivirus which is imperative to scan for new virus, but also Windows security patches which is designed to update computer programs that include fixing security vulnerabilities and other bugs. Computer workstations are vulnerable just about everywhere, the use of strong passwords for all user accounts is key from protecting against unauthorized users. Ensuring your PC is uncrackable by applying password protection, using upper and low case letters, numbers, and symbols. Windows offers its own protection to your local computer with Windows Firewall to prevent hackers and malicious software from entering you system. Firewall is software that conducts checks on information coming from the internet and ether blocks or are allows it to pass through your PC depending on the firewall setting, as stated by Windows a firewall isn’t the same thing as an antivirus program and to protect your computer you need both firewall, antivirus and anti-malware which would be consider defense in depth. Lastly when not using your computer ensuring it is lock when your leave or step away will prevent unauthorized users from gaining access to your files and system, these are just a few hardening steps to follow, that are free and easy to use.
Conclusion
We have provided NextGard with proven general security model that will work well with NextGard’s Technologies company size. The security model is a defense in depth with many layers for this security model to be effective. This is a recommended model, and can be modified to include NextGard’s particular issues and details which may not be outline here.

References
Access Control (Windows). (n.d.). Retrieved from https://msdn.microsoft.com/en- us/library/windows/desktop/aa374860%28v=vs.85%29.aspx
AGDLP reduces account management, permissions management headaches. (n.d.). Retrieved from http://searchwindowsserver.techtarget.com/tip/AGDLP-reduces-account- management-permissions-management-headaches
The basics of using a proxy server for privacy and security - TechRepublic. (n.d.). Retrieved from http://www.techrepublic.com/blog/it-security/the-basics-of-using-a-proxy-server- for-privacy-and-security/
Cryptography (Windows). (n.d.). Retrieved from https://msdn.microsoft.com/en- us/library/windows/desktop/aa380255%28v=vs.85%29.aspx
How to Remove Malware From Your Windows PC | PCWorld. (n.d.). Retrieved from http://www.pcworld.com/article/243818/how_to_remove_malware_from_your_windows _pc.html
Microsoft Security Essentials - Microsoft Windows. (n.d.). Retrieved from http://windows.microsoft.com/en-us/windows/security-essentials-download
Monitor Windows Server with Performance Counters | Systems Management content from Windows IT Pro. (n.d.). Retrieved from http://windowsitpro.com/systems- management/monitor-windows-server-performance-counters
Solomon, M., & Microsoft Corporation. (2011). Security strategies in Windows platforms and applications. Sudbury, MA: Jones & Bartlett Learning.
Step 1: Plan the Web Application Proxy Infrastructure. (n.d.). Retrieved from https://technet.microsoft.com/en-us/library/dn383648.aspx
A Survey of Network Traffic Monitoring and Analysis Tools. (n.d.). Retrieved from http://www.cs.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors3/index.html

References: Access Control (Windows). (n.d.). Retrieved from https://msdn.microsoft.com/en- us/library/windows/desktop/aa374860%28v=vs.85%29.aspx AGDLP reduces account management, permissions management headaches. (n.d.). Retrieved from http://searchwindowsserver.techtarget.com/tip/AGDLP-reduces-account- management-permissions-management-headaches The basics of using a proxy server for privacy and security - TechRepublic. (n.d.). Retrieved from http://www.techrepublic.com/blog/it-security/the-basics-of-using-a-proxy-server- for-privacy-and-security/ Cryptography (Windows). (n.d.). Retrieved from https://msdn.microsoft.com/en- us/library/windows/desktop/aa380255%28v=vs.85%29.aspx How to Remove Malware From Your Windows PC | PCWorld. (n.d.). Retrieved from http://www.pcworld.com/article/243818/how_to_remove_malware_from_your_windows _pc.html Microsoft Security Essentials - Microsoft Windows. (n.d.). Retrieved from http://windows.microsoft.com/en-us/windows/security-essentials-download Monitor Windows Server with Performance Counters | Systems Management content from Windows IT Pro. (n.d.). Retrieved from http://windowsitpro.com/systems- management/monitor-windows-server-performance-counters Solomon, M., & Microsoft Corporation. (2011). Security strategies in Windows platforms and applications. Sudbury, MA: Jones & Bartlett Learning. Step 1: Plan the Web Application Proxy Infrastructure. (n.d.). Retrieved from https://technet.microsoft.com/en-us/library/dn383648.aspx A Survey of Network Traffic Monitoring and Analysis Tools. (n.d.). Retrieved from http://www.cs.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors3/index.html