DEFENSE IN DEPTH
Defense-in-depth involves using multiple layers of controls to avoid having a single point of failure. Computer security involves using a combination of firewalls, passwords, and other preventive procedures to restrict access. Redundancy also applies to detective and corrective controls.
Major types of preventive controls used for defense in depth include:
Authentication controls to identify the person or device attempting access.
Authorization controls to restrict access to authorized users. These controls are implemented with an access control matrix and compatibility tests.
Training to teach employees why security measures are important and teach them to use safe computing practices.
Physical access controls to protect entry points to
…show more content…
It works with the border router to filter information trying to enter or leave the organization.
Data is transmitted over the Internet in packets through a protocol called TCP/IP. A set of rules called an access control list (ACL) determines which packets are allowed in and which are dropped. Stateful packet filtering examines the header of each packet in isolation. Deep packet filtering examines the data in the body of a packet to provide more effective access control. Deep packet filtering is the heart of a new type of filter called intrusion prevention systems.
Internal firewalls can be used to segment different departments within an organization.
Web servers and email servers are placed in a separate network outside the corporate network referred to as the demilitarized zone.
Special attention must be paid to use of rogue modems by employees. Wireless access and dial-up modems require special security procedures.
Host and application hardening procedures involve the use of supplemental preventive controls on workstations, servers, printers, and other devices. Special attention should be paid to host configuration, user accounts, and software
4. Server hardening – Request copies for your hosting company’s server hardening steps. This will detail the process of how they apply their measures for security to your servers.
Employee training can reduce or eliminate unsafe behaviors by teaching the employees how to perform their job safely. The training needs to be specific on what the employee is expected to do (Bernardin & Russell, 2013). For instance; if an employee was lifting heavy boxes all day, they need to be taught to bend at the knees and always use both hands to prevent back injuries.
Please read the article “Security Controls for Computer Systems” at the following URL. http://www.rand.org/pubs/reports/R609-1/index2.html 1.
Explain safeguarding how you work, to ensure all are safe and confident to raise issues.
The firewall is commonly the first line of defense in the layered security structure. Also known as a broader sentry. “The firewall protects the internal network from unauthorized access from the internet, but also has the ability to protect internet from rogue users or applicatio...
It is clear that their primary concern is to protect their intellectual property. In order to align with the priority, a review of any and all security documentation, including but not limited to policies & procedures, plans (password, compliance, audit, risk, disaster recovery, incident response), and training. And based on the findings, provide recommendations for best practice and policy improvements where applicable. Network and architecture diagrams are necessary to understanding the infrastructure and identifying where the deficits
It was integrated with one platform( three products with various interfaces) and it is beneficial for the admin
Potential risks and security breaches have been on the rise with a growing number of skillful hackers. This results in an increase to external threats to personnel and businesses. However, when complex security measures and the appropriate level of controls are utilized, there is a reduction to the potential risk and loss due to failure or breach. Therefore, such practice will enhance system reliability.
Security includes several areas such as personal security, organizational security and among others. Security access control is an important aspect of any system.it is act of ensuring that an authenticated user accesses only what they are authorized to and no more. Nearly all application that deal with financial, privacy, or defence include some form of access control .Access control is concerned with determining the allowed activities of legitimate uses mediating every attempt by a user to access a resource in the system.
Access control is described as “the process of regulation of the kind of access (e.g. – read access, write access, no access) an entity has to the system resources” [7]. Access control can therefore prevent and enable parts of the systems to perform certain actions and access specific files and data. Access control lists are used to store the privilege information. Entries are stored in access control lists that specify whether an entity has the right to either access, write, or execute certain sections of a system [8].
A firewall security policy is used to define that which traffic is authorized to pass in each direction. It can be designed either to operate as a filter at the level of IP packets or operate at a higher protocol layer.
Lock Down Your Wi-Fi Network: 8 Tips for Small Businesses | PCWorld. (n.d.). Retrieved from http://www.pcworld.com/article/244012/lock_down_your_wi_fi_network_8_tips_for_small_businesses.html
... is training.” When the end users are aware of the different threats and understand the importance of the various security measures they will be contributing greatly to the overall security of the computer network.
There are a wide variety of ways to protect confidential information, security software, encrypting files, requiring authorization, restricting access just to name most common forms of protection. Many companies require employees to use an employee ID card to scan into the building and go in certain areas of the building or use certain equipment. Companies also have systems where employees must request access to certain computer programs or systems that need a manager’s approval and for the IT department to get them set up and
Protecting information while at rest and motion is a part of the concept adopted from the defense in depth. Information saved in our computer systems may be exposed to so many threats like transfer of data from the system using a flash drive. To ensure the information is safe and well protected from such an incidence certain layers should be put in place. The three layers that help to conceptualize defense id depth include people who form the outer layer, network security forming the second layer, host-based security, and application security forming the inner layers respectively. These layers are formed from three controls (administrative controls, logical controls, and physical controls) in which the concept of defense in depth is based