Final paper
Running Head: NETWORK SECURITY IMPROVEMENTS 1
Network security improvements
Suresh Sevarthi
Lam Than
Wilmington University
03/31/2017
One of the secure enclaves that the PureLand Water Waste adopted to improve cyber security is the defense-in –depth strategy. This strategy puts into account that a combination of security technologies, controls and policies must be done so as to protect an industry control system.
| Enclave Characteristic | Description | Comments |
| Functional group | They include the supervisory control, control loop and user group | They have to active |
| Criticality of devices | Devices that ensure the data is protected and there is flow of communication | Devices that are well working are recommended. |
| Data flow in/out | Steady flow | Reaches where it is required. |
| Perimeter Security Devices recommended | Intrusion prevention system, data diode and industrial protocol filters | They protect accessing these enclaves without authority |
| Data monitored within enclave | The information of the hardware like the physical location of the manufacture, the network address of the equipment and the hardware device detail. | Should be secured and encrypted. |
| Methods used to monitor enclave | The use of host base security that controls the end-user authentication | Helps improve the created enclave |
The other secure enclave for the PureLand Water Waste is the limit access. In the limit access strategy, monitoring of who is accessing certain information and for what purpose is done.
Limited access
| Enclave Characteristic | Description | Comments |
| Functional group | Control loops and user groups | They should be active functional groups |
| Criticality of devices | Role based- access control | Outsiders cannot access information |
| Data flow in/out | Steady but to authorized users only | Should be encrypted |
| Perimeter Security Devices recommended | Cctv, access control | They will prevent unnecessary access of data. |
| Data monitored within enclave | The water waste data | Should only be accessed by authorized operators |
| Methods used to monitor enclave | A control strategy ran by an operator | This strategy can start and even stop a pump but cannot be able to change it. |
The other secure enclave for this company is the physical control. This is the physical attempt to prevent information which includes; looking the computers in a cabinet and even blocking the USB ports, mapping, putting the Ethernet switch control.
| Description | Comments | |
| Functional group | Owner, operator, equipments and buildings | Must be active |
| Criticality of devices | Should be role- based controlled | Authorized users only access the information. |
| Data flow in/out | regulated | Should be regulated |
| Perimeter Security Devices recommended | Sensors, building systems, alarms, Cctv and lighting control system, | Should be operational and very effective. |
| Data monitored within enclave | The information of the software as well as for the hardware devices. | Should be the recommended data. |
| Methods used to monitor enclave | Blocking off the USB ports so that information cannot be transferred from one device to another. | Very helpful. |
