Coming to the authentication, both the external or the naive users as well as the team

members or the staff working in the company probably have a mail id or login credentials uniquely
to them. It is recommended to set a strong passwords with atleast 8 characters in length, with a
mixture of Lower case and Upper case with special Characters and Numerals in it would be a great
choice. The members should be given an aware of social engineering attacks like phishing etc. The
comany does contain payment processes in it. Hence it should come upwith the PCIDSS.
The Most common advice is always to keep all the softwares up to date. Because of
upgraded vulnerabilities spreaded, the security patches are also to be upgraded by updating the
software in mean time.

Most of the third party websites are not meant to be secured. It is better to blacklist/block the
not needed third party websites using a proxy or vpn kind of stuff. Next, building a firewall is
needed. Also, the servers and networks should be secured. Monitoring of Network and testing it
regularly would be recommended for securing. Accessibility plays a major role in security. Hence,
keeping it most prominent way of implementation is necessary.Vulnerability management is a must.

The Network used inside the company has much confidential resources connected to it.
Hence, the network should be much secured.Here, the system administrators play comes to the role.
He/She is supposed to have full access on granting access to these network. Having a secured
authentication to the network and preventing access from external hosts should be maintained. For
this, a team should be allocated and their job is to be alert all the time and to maintain the access
logs for network. The login credentials needs to be updates in a cycle of period for betterment of
security.Next, using application layer firewall may be a good choice to ensure a valid HTTP
traffic.It checks for the pockets and verifies it for further use. Now, HTTPS should be implemeted
for most secured transmit instead of HTTP.

Inorder to access the work files or resources by the employee outside of office, remote
control should be given. Hence, security has to maintained here too! Having a 2-step authentication
might be a choice. Including tokens like RSA, etc, can be also done for secured authorization and
accessibility for the employee .However, the above steps are used for verification and security
purposes. Since the company's data are limited to its intranetwork, the engineer or employee needs
to access the network via VPN. For accessing the company's network more securely reverse proxy
is implemented and accessed by it.

Since, the mode of tranferring resources are all done via network, it is a common state to
have a well secured firewall. Updation of vulnerability identification and patches are to be done
regurarly to have a peace on the go.

The company needes to ensure that the resouces shared wirelessly are done safely or not.
Hence, protecting the wireless sharing console with a proper method is required. Using WPA2
security is recommended with same rules of password setting as mentioned in the beginning. In
order to have the wireless network secure all the time, the security keys are to be changed in a
regular basis. Keep the firmware of the router up-to-date. Inorder to protect against Brute Force or
rainbow table attacks,we should go for 802.1X.The first recommendation is to use 802.1X.but if it
is too much constarined to network,WPA2 is preferred.

I would recommend to use VLAN and have different networks for different access i.e,
employee, customers and guests who work for the company. This is done to have a good
transmission on line.

The engineers/employee work with a computer, most probably a laptop. Their Laptops
should also be secure if the company wish to have their data/resources safe. Hence,their laptop data
should be heavily encryted in order to prevent the data to be unauthoritically accessed by anyone
else. Enable a good firewall. MAke sure to have the firmware up-to-date. As an employee, there
will be a regular basis of data written to it. Encrypting it regularly is a vague task. Hence, FDE
should be implemented in order to encrypt the data as it is written on the go. Also, coming to
software level, having a anti virus is a must.Implementation of binary whitelisting can be helpful in
some cases of security studies.

It is recommended to install NIDS and NIPS on the client or customer's network and to
install HIPS and HIDS on the server

Now, providing updates on security patches or vulnerablity detections is to be done if

needed. The applications on the system should be centrally managed in a network in order to push a
update. This should be managed by a team. Any misleading activity or unknown changes should be
heavily noticed and it should be documented.

Having a backup of all the important data and resources is a key note. If any security
malicious attacks happen, it is highly recommended to have a documentation like post-mortem for
better attack recovery of attackes in future.