Internet Security - ecWest LLC Premier IT Consulting, Portland Oregon

"ecWest has experience in evaluating your network infrastructure, creating a security plan by performing a Security Audit, and implementing your security plan."

Introduction

Analysis

Architecture & Design

Small Business Servers

System Upgrades

Introduction

ISP Hosting

Internet Solutions

	Basic
	Premium
	Comprehensive

eCommerce Solutions

Infrastructure

Link Exchange Program

Hardware & Software Upgrades

Network Security & Infrastructure

Maintenance Contracts

Outsourced IT

Performance

Risk Management

Virus Protection & Recovery

Introduction

Design

Installation

	Broadband Cable
	Dial-up
	High Speed DSL
	Satellite
	Small Business Network

Firewall Protection

	High speed DSL
	Broadband Cable
	Satellite
	Dial-up

Introduction

Computer Sales, Repair, & Upgrades

Integrated Servers

Internet Infrastructure

Maintenance

Marketing

Network Design & Infrastructure

Restaurants & Bars Solutions

Hospitality Solutions

Small Business Solution

Blackberry Solutions

Beaverton, Oregon 97005• 503.245.3280

ecWest LLC, Premier IT Consulting Services

Designing a Security Plan
As the world wide web expands in exponential numbers doubling every 6 months, Internet security is one of the most neglected areas of concentration for Businesses.
One way to help avoid loss of equipment and resources, is to have a security plan in place. ecWest has experience in evaluating your network infrastructure and creating a security plan through a process called a Security Audit.

We will evaluate the following areas and create a security plan which you can follow to help in the prevention of loss:

Physical Security
Infrastructure Security
Login Security
Router Security
Firewall Security
Bastion Network Security
Data Encryption Security
File System Security

Physical Security
Physical security is security used to prevent malicious personnel (whether employee or non-employee) to gain access to your valuable information. Many businesses do not have any physical security and are not aware of the dangers individuals may cause to equipment and resources.

Infrastructure Security
Infrastructure security is security measures placed into a business infrastructure to deter potential security breaches from external sources. Regardless of the size of the business, ecWest can evaluate your infrastructure, recommend changes, and implement changes to the infrastructure to deter security breaches. This procedures involve looking at the Network Architecture, External Exposure to computer resources from outside the network and a Review of policies and procedures for infrastructure access.

Login Security
Login security can be defined as verifying the identity of the remote computer to the local computer for the use of some requested service. This form of security can be defined as a line of defense for ensuring proper usage of any business services. When connecting between the Internet from any business location, one of the following protocols will be used to identify the person wishing to use the systems resources:

Protocol	Description
CHAP (Challenge Handshake Authentication Protocol)	This protocol allows the server and client to negotiate a login by means of a CHAP script. The script must be negotiated and setup by both the client and the server prior to connection establishment. The CHAP protocol uses a MD5 algorithm to encrypt the authentication information.
MS-CHAP (Microsoft-specific Challenge Handshake Authentication Protocol)	This protocol allows the server and client to negotiate a login by means of a CHAP script. The script must be negotiated and setup by both the client and the server prior to connection establishment. The MS-CHAP protocol uses a MD4 algorithm to encrypt the authentication information. The MD4 algorithm is a private data encryption algorithm and must be licensed.
PAP (Password Authentication Protocol)	This protocol ensures the login and password from the client are passed to the server in clear text form. This form of authentication is NOT secure due to the information being passed in a clear text format.
SPAP (variation of the Password Authentication Protocol)	This protocol is primarily used by Shiva clients. The SPAP session uses a proprietary algorithm to send the login and password from the client to the server.
DES (Data Encryption Standard)	This type of login authentication uses the Data Encryption Standard from RSA.

Router Security
Router security can be defined as the principal means to prevent unwanted network traffic to dissimilar networks. Routers have been created to help offload the network routing tasks from the hosts systems on the Internet. Routing is implemented in hardware eliminating the overhead necessary to run an Operating System (OS). Because of the efficiency of routers, the Internet uses routers throughout the world to route traffic to specific locations, and to prevent unwanted traffic from being routed. This form of security is considered the third line of defense for malicious or unwanted traffic in a network.

Firewall Security
With the rise of the Internet to unprecedented levels of users across the world, the use of firewall security to prevent attacks has become more prevalent than any other security measure. Even so, this measure of security is still classified as the fifth line of defense for intrusion. Security breaches of private networks are occurring more often and are causing million of dollars worth of damage each year.

A business can choose from a list of vendors to provide the necessary firewall security. ecWest recommends using an established product such as Microsoft Proxy Server V2.0 or later, Checkpoint Software’s Firewall-1, or Raptor Systems Eagle Firewall products.

Bastion Network Security
Bastion networks can be defined as isolating specific services to a network outside of the private network. They require limited services to be placed on any machine in the bastion network and will not have general services available for users.

The bastion networks will be isolated from the internal network by the use of a router and will be assigned a separate network address. Routing from the bastion network is limited by the router, with the use of filters, to prevent unwanted or invalid traffic from being transferred between the bastion network and the private network.

If someone breaches the bastion network, the router will act as a second firewall preventing the intruder from creating havoc on the private network.

Data Encryption Security
Data Encryption security encompasses the scrambling and unscrambling of information between the client and server. This level of security is classified as the sixth line of defense from intrusion by presenting the information in an unreadable format to anyone who may trap the information with methods like "man in the middle" attacks.

File System Security
File System Security can be defined as measures placed on a system to prevent the improper placement or removal of information on any file systems. Measures include restricting access to a specified area of the system for remotely connected users, changing file access permissions to help prevent the misuse of the local file system, monitoring file system access to determine any improper access, and virus protection to prevent invalid access on the file system.

Home • Company • Links • Resources • Services • Site Map • Sales • Support
• Applications • Computers • Internet Development • IT Solutions
• Networking •Security • Small Business Solutions • Wireless

Copyright © 2003 ecWest LLC Premier IT Consulting, Portland Oregon,
All Rights Reserved

Last Modified: Fri, June 16, 2006

P7 MenuMagic dwt Control Layer -Do Not Alter