Improving IT Infrastructure: Addressing Authorization Policies and Troubleshooting Mechanisms

An overview of IT infrastructure improvements, focusing on security and troubleshooting.

Lucas Allen
Contributor
4.9
58
30 days ago
Preview (5 of 15)
Sign in to access the full document!
Improving IT Infrastructure: Addressing Authorization Policies and
Troubleshooting Mechanisms

Based on the paper, discuss how an organization can improve its authorization policies and
troubleshooting mechanisms to enhance IT infrastructure management. Specifically, explain the
steps to improve authorization policies, including the identification, authentication, and
authorization processes, and describe the systematic approach for diagnosing and resolving
network problems. Additionally, highlight the importance of change and configuration
management in maintaining an efficient network infrastructure.

Word Count Requirement: 600-700 words
Problems with IT Infrastructure
1. Improper gateway which leads intruders easily into the company network.

2. Not well defined and authorization policies.

3. Infrequent automatic updates in the server.

4. Lack of trouble experts and mechanisms.

5. Improper server topologies.

This paper will explains on, how to the problem2 and problem4 systematically.

How to improve and authorization policy?

1. Identification

Management of Identifiers

Linked Identifiers. Maintain dual for all company employees. These records should have
relation between company ID Network ID records.

Uniqueness. Maintain unique which will relate to only one person.

One Identifier per Individual. An individual not have more than one company ID
number and on personal NetID.

Non-Reassignment. Once and is assigned to a particular person it is always associated
with that person. It is should not be

o a significant time of waiting period.

Social Security Number. Social Numbers should not be used to identify employees.
2. Authentication
Access to non-public company IT can be achieved by a person and unique logins will
require authentication, a username and combination. Authentication credentials should not be
translated into other forms such as if it is not encrypted, and only no other reasonable options
exist.

Authentication Methods

Authentication methods of presenting a public identifier private authentication information
such as a personal number (PIN), password, token, or derived from a cryptographic key.

Authentication against company’s computing infrastructure is recommended when possible.
One of the following methods be implemented:

Password authentication

Authentication can be achieved biometric sensors to maintain the accuracy.

Tokens in conjunction a PIN Number

LDAP Authentication

No Unencrypted Authentication

Unencrypted authentication and mechanisms are secure in specific networks . Traffic outside
the network can be monitored, these mechanisms to operations. So it would be better if
company services use only encrypted mechanisms unless authorized. Specifically, insecure
services, such as Telnet, POP, and IMAP can be replaced by encrypted component.
Message to company employees
Official Actions. Use of a NetID and mechanisms to identify to an on-line system
constitutes an official identification of employee to the, similar to that of a company ID card
does. Employee should be for all actions taken during sessions.

Integrity. Employee should use the NetID and information that they have been authorized
to use (i.e. a Employee must never themselves falsely another person).

Confidentiality. Employee should keep information confidential (i.e. should not disclose to
an unauthorized person).

Reporting Problems. Anyone finding their authentication was misuses should immediately
contact the IT Help Desk.

Security Precautions. Employees are to change their password regularly (at least once
every three months), to limit possible of passwords that may have been compromised
without the user’s knowledge. Passwords be chosen so that they are not easily guessable.

Disciplinary Action. Individuals who are to have knowingly violated one of these
provisions will be subject to action. The possible disciplinary actions for violations, which
can include termination of employment, depend on the facts and circumstances of each use.

3. Authorization

Access to information and IT system will be granted on a regular basis and should be
authorized by the immediate. Any of the following methods acceptable for providing access:

Context-based access. Access control on the transaction context. The factors might include
time of day, location of users, of user authentication, etc.

Role-based access. Access control model permits the enforcement of enterprise-specific
security policies in a way that maps naturally to an structure and business activities. Each
Preview Mode

Sign in to access the full document!

100%

Study Now!

XY-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Information Technology

Related Documents

View all