Free Essay

9.2 It-255

In: Computers and Technology

Submitted By SeanRStaeger
Words 399
Pages 2
Network nodes are not directly aware that switches handle the traffic they send and receive, making switches the silent workhorse of a network. Other than offering an administrative interface, switches do not maintain layer three IP addresses, so hosts cannot send traffic to them directly. The primary attack against a switch is the ARP poisoning attack described earlier in the “Switches” section of this chapter. However, the possibility of an ARP attack doesn’t mean switches cannot be used as security control devices. As mentioned earlier, MAC addresses are unique for every network interface card, and switches can be configured to allow only specific MAC addresses to send traffic through a specific port on the switch. This function is known as port security, and it is useful where physical access over the network port cannot be relied upon, such as in public kiosks. With port security, a malicious individual cannot unplug the kiosk, plug in a laptop, and use the switch port, because the laptop MAC will not match the kiosk’s MAC and the switch would deny the traffic. While it is possible to spoof a MAC address, locking a port to a specific MAC creates a hurdle for a would-be intruder. Switches can also be used to create virtual local area networks (VLANs). VLANs are layer two broadcast domains, and they are used to further segment LANs. As described earlier, ARP broadcasts are sent between all hosts within the same VLAN. To communicate with a host that is not in your VLAN, a switch must pass the hosts packets through a layer three device and routed to the appropriate VLAN.

Consistent, continual IT security hardening is your enterprise’s most valuable security control. It minimizes network vulnerabilities, reduces the attack surface, and helps your organization avoid becoming a victim of zero-day exploits. Yet most security solutions simply try to limit outside access to the system where your sensitive data resides. This perimeter-centric approach to security leaves your infrastructure vulnerable to attack and compromise.

In addition, many IT security regulations require consistency and documentation of security hardening efforts—whether you apply your own IT security hardening policies or depend on the various best practices available from industry sources like COBIT, the Center for Internet Security or NIST. You need a security configuration management solution that reduces the attack surface by applying consistent, continual and automated system hardening.…...

Similar Documents

Free Essay

Biostat 255 1

...subset of B and write A ⊂ B . Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 1 / 49 In what follows all sets will be subsets of a larger set Ω. The complement of A in Ω is denoted by Ac and represents elements of Ω which do not belong to A: Ac = { ω ∈ Ω : ω ∈ A} / The complement of the set Ω is given by the empty set ∅. Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 2 / 49 For any sets A ⊆ Ω, B ⊆ Ω, we denote by A ∪ B and A ∩ B their union and intersection. The union represents points which belong to A or B : A ∪ B = {ω ∈ Ω : ω ∈ A or ω ∈ B } while intersection corresponds to points which belong to both sets A ∩ B = {ω ∈ Ω : ω ∈ A and ω ∈ B } If A and B are disjoint sets, i.e. A ∩ B = ∅, then their union will be denoted by A + B . Finally, the difference and the symmetric difference are defined as B − A = B ∩ Ac = {ω : ω ∈ B and ω ∈ A} − difference / A∆B = (A − B ) ∪ (B − A) − symmetric difference Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 3 / 49 The operations of union and intersection are governed by certain laws. They are given by (i) identity laws: A∪∅ = A and A∩Ω = A (ii) domination laws: A∪Ω=Ω and A∩∅=∅ A∪A = A and A∩A=A A∪B =B∪A and A∩B =B∩A (iii) idempotent laws (iv) commutative laws: Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 4 / 49 (v) associative laws: A ∪ (B ∪ C ) = (A......

Words: 3741 - Pages: 15

Free Essay

It 255 Assignment 8

...Network Hardening Assignment 8 The Internet is vulnerable to myriads kinds of attacks, due to: 1. Vulnerabilities in the TCP-IP protocol 2. No global flow control mechanisms The above two problems lead to many TCP exploits and the dreaded DDoS attacks. We have devised a method of incrementally upgrading the network infrastructure at the transport level that solves the above problems and makes the network significantly more resilient to attacks, particularly the DDoS attack. The approach uses "hardened routers" -- routers that can do simple cryptographic functions (encryption, signatures) on all packets flowing int he network, as well as to participate in a hierarchical control network. We show how incremental deployment of such routers can make the Internet safer. Like all things dynamic, change is inevitable. Such is the case with your network environment. Upgrades and modifications to the network architecture can sometimes expose (or create) security holes. As such, it is important to consistently evaluate the Making a Business Case for Network Hardening Hardening a network does not always translate into spending large quantities of money. However, money will be required in some form or fashion. Whether that means spending it on new hardware, software, or man hours really depends on what needs to be addressed. It may include all of the above. The time may come when a cost/benefit analysis will be required by those in charge before hardening activities can move......

Words: 362 - Pages: 2

Premium Essay

It-255

...IT255 Introduction to Information Systems Security Unit 5 Importance of Testing, Auditing, and Monitoring © ITT Educational Services, Inc. All rights reserved. Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 2 Key Concepts  Role of an audit in effective security baselining and gap analysis  Importance of monitoring systems throughout the IT infrastructure  Penetration testing and ethical hacking to help mitigate gaps  Security logs for normal and abnormal traffic patterns and digital signatures  Security countermeasures through auditing, testing, and monitoring test results IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 3 EXPLORE: CONCEPTS IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 4 Purpose of an IT Security Assessment Check effectiveness of security measures. Verify access controls. Validate established mechanisms. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 5 IT Security Audit Terminology  Verification  Validation  Testing  Evaluation IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights......

Words: 799 - Pages: 4

Premium Essay

W9 Assessment It 255

...[pic] Martin’s Inc. Ethics Policy Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to stephen@sans.edu 1. Overview Martin’s Inc. purpose for this ethics policy is to establish a culture of openness, trust and integrity in business practices. Effective ethics is a team effort involving the participation and support of every Martin’s Inc. employee. All employees should familiarize themselves with the ethics guidelines that follow this introduction. Martin’s Inc. is committed to protecting employees, partners, vendors and the company from illegal or damaging actions by individuals, either knowingly or unknowingly. When Martin’s Inc. addresses issues proactively and uses correct judgment, it will help set us apart from competitors. Martin’s Inc. will not tolerate any wrongdoing or impropriety at anytime. Martin’s Inc. will take the appropriate measures act quickly in correcting the issue if the ethical code is broken. Any infractions of this code of ethics will not be tolerated. 2. Purpose Our purpose for authoring a publication on ethics is to emphasize the employee’s and consumer’s expectation to be treated to fair business practices. This policy will serve to guide business behavior to ensure ethical conduct. 3. Scope This policy applies to employees, contractors, consultants, temporaries, and other workers at Martin’s Inc.,......

Words: 661 - Pages: 3

Premium Essay

Itt 255

... Ken Schmid Unit 3 Assignment 1 Remote Access Control Policy for Richman Investments Authorization- Richman Investments must define rules as to who has access to which computer and network resources. My suggestion is that RI implements either a group membership policy or an authority-level policy to achieve this. Group policy would allow the administrator to assign different privileges to different groups. The admin would then assign different individual users to those different groups. So the users permissions would depend on the permissions of the group they were a member of. With authority-level policy the admin would assign different permissions to individual users based on their position and authority level within the company and what access that position requires. Identification- Richman Investments needs to assign a unique identifier to each user in order to have accurate records of who is accessing, or trying to access, what applications, which network resource, and what data. The most common ID is the username, account number, or PIN Authentication- In order to keep the remote access to Richman Investments secure, there must be proof that the person trying to gain access to the network remotely is the same person who has been granted access by identification. To do this RI can choose one of the following knowledge type authentications: PIN, password, or passphrase along with one of the following ownership type of authentication:......

Words: 312 - Pages: 2

Premium Essay

Itt 255

...Exercise 3: Access Controls Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. For this scenario, I would implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones. I would again implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers as well as the smartphones that will be used. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate smartphones and email. Many employees work from home and travel extensively. Software controls for computers and smartphones, but I would also apply Logical/technical controls to provent human error for when employees work from home. Also Physical controls to protect the room the servers will be placed in. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and email. I would apply Physical controls to protect the parts as well as Software controls for the smartphone and email use. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers......

Words: 310 - Pages: 2

Free Essay

Case Study 9.2

...BAB I Pendahuluan I.1 Latar belakang Dalam memilih Strategy Bisnis, kita di tuntut untuk memiliki Strategy yang berpotensi untuk membuat bisnis kita ini semakin maju, tetapi banyak orang lupa bahwa Strategy bisnis yang mereka lakukan biasanya sudah banyak yang menggunakannya. Kunci dari kesuksesan Strategy Bisnis ditentukan lewat uniknya perusahaan tersebut menjalankan Strategy bisnis, ke-efektivitasan dan efisiensi operasional bisa menjadikan kunci untuk sukses dari suatu perusahaan. Pengambilan keputusan juga merupakan elemen penting dalam menjalankan strategy Bisnis, cara yang tepat dan waktu yang tepat untuk mengeluarkan produk dengan inovasi baru dapat membuat Srategy bisnis perusahaan menjadi sangat baik. I.2 Rumusan masalah 1. agar kita dapat mengetahui apa saja strategi yang digunakan oleh Tesco.com dalam mengembangkan bisnis online dan yang kedua, dengan mengetahui strategi yang dilakukan oleh Tesco.com kita dapat mengetahui baimana cara Tesco.com meraih kesuksesan. I.3 Tujuan penelitian Tujuan pembahasan ini adalah kita sebagai orang awam dapat lebih mengetahui rangkaian strategi yang digunakan oleh Tesco.com sehingga dapat menjadi sukses seperti saat ini. Bab II ISI Tesco merupakan perusahaan retail makanan yang berpasaran di Eropa dan Asia dan perusahaan ini pertamakali menerapkan system perbelanjaan secara online. Setelah system belanja online bagi para customer diterapkan Tesco berhasil menaikkan penjualan serta keuntungan yang didapat juga semakin......

Words: 393 - Pages: 2

Premium Essay

Activity 9.2 Persuasive Final Draft

...Cell Phone Banned in Restaurants When cell phones first came out there were very few of them and they were the size of a briefcase so people didn’t really take them into restaurants and such. Nowadays though everyone has a cell phone and since they are small enough to fit in your pocket people take them everywhere. You see cell phones everywhere like restaurants, stores, in cars, and at the gym, just to name a few examples. One thing that I am a firm believer in is that there should be a ban on cell phones in restaurants. This happens to be one of my biggest pet peeves; people talking on their cell phones while in restaurants. I want to believe that most people would agree with me that it is just rude to be having a conversation, while on their cell phone, in a restaurant. I mean, who wants to go sit in a restaurant and try to have a nice quiet meal when the person in the booth behind is talking really loud. Me personally, I don’t want people to overhear the conversation that I might be having with my doctor or such. Would you want to hear me talking to my doctor about my hemorrhoids while you are eating your dinner? Yes, this has happened to me. I actually had the waiter move me tables just so my family and I didn’t have to hear the other person’s conversation any longer. It is not only annoying to the customers in the restaurant, but imagine how the employees feel. From a waiter/waitress standpoint it has to be even more frustrating. Imagine...

Words: 716 - Pages: 3

Premium Essay

Case Study Psyc 255

...Case Study Question 1 What is a Case Study? “A case study is an observational method that provides a description of an individual” (Cozby & Bates, 2012). The sample size in a case study usually only consists of a single person or organization, but by design only studies one single social phenomenon. They typically use field-related research to produce qualitative data and help to prepare for future qualitative research. Question 2 What are Some Reasons for Using a Case Study Approach? Case studies are useable within the social sciences to help explain rare circumstances or behaviors. In the world of music, the ability to name correctly and consistently an audible pitch without relating it to any other pitches is an extremely coveted talent. One case study by Lucinda Pearl Boggs (1907) provided qualitative data on a participant known as Miss C. Disinukes, who possessed the gift of perfect pitch. Boggs discovered that Miss Disinukes began learning about music at an extremely young age, and that she had very talented, musical grandparents. This research sparked further quantitative research to test whether having early musical education aids in the development of perfect pitch. Question 3 What are Some Advantages and Disadvantages of Using this Approach? Like pilot studies, case studies are very helpful in exploring a topic on a smaller scale initially and beginning a larger product using the data gathered in the case study. For example, a researcher may be......

Words: 516 - Pages: 3

Premium Essay

Case Brief 9.2

...Sam Mirza CASE 9.2 Style of Case and Citation: Midler vs. Ford Motor Co. 849 f.2D 460 9th Cir. 1988 Court Rendering Final Decision: U.S. District Court Identification of Parties and Procedural Details: Ms. Midler (plaintiff), suit against Ford and Young & Rubicam for appropriation. The District Court entered judgment for Ford and Young & Rubicam, and Ms. Midler appealed. Discussion of the Facts: In 1985, Ford Motor Company and its advertising agency Young & Rubicam, Inc., advertised Ford Lincoln Mercury with series of 30 or 60 seconds TV commercials. Different popular songs of the 70s were used, and the agency tried to get the original singers to sing them. It failed to get the original singer, the agency used ‘sound-alike.’ Young & Rubicam requested that Ms. Midler sing the song, and she refused. Young & Rubicam hired a sound alike, instructing her to imitate Ms. Midler to the best of her ability. After the commercial aired, Ms. Midler and the sound alike were told by numerous people that it sounded exactly like her. Ms. Midler name and likeness were not used in the commercial, and Young & Rubicam had obtained permission from the copyright holder to use the song.  Statement and Discussion of the legal Issues and Disputes: Ms. Midler pursued a common law claim against Young & Rubicam and Ford Motor Co., using her distinctive voice in an advertisement, which she had not authorized. She did not seek damages for use of the song, which would have......

Words: 434 - Pages: 2

Premium Essay

Pscy 255 Case Study

...Case Study Kimberly Greenway Liberty University What is a case study? In psychology a case study is an observation technique in which one person is studied in depth in the hope of revealing universal principles. A case study analyzes the subject’s life to understand pattern and causes of behavior. What are some reasons for using a case study approach? Case studies can be used to collect data that involves a person’s individual behavior. This allows a person to obtain a detailed profile of the person being studied. This can provide clear insight for further or future research. Case studies allow researchers a possibility to investigate which is impossible in a laboratory where other research may be conducted. What are advantages and disadvantages of this approach? Some advantage of case studies can help generate new methods that may help or be tested later by other research methods. Case studies can provide detailed information, as wells as in depth information on individuals. Also, some unusual cases can help give a clear understanding on some situations or problems that are unethical so they may be studied in other ways. Some disadvantages of this approach are that vital information may be missing, or may be difficult to interpret. Someone’s memory may be selective or even inaccurate. The case study may also be difficult to replicate and can be very time consuming. Another disadvantage is it may also be difficult to draw definite cause-effect conclusions from your...

Words: 480 - Pages: 2

Free Essay

Apa Paper for Psyc 255

...Lessons Learned About Writing Style Beth A. Buser Liberty University Author Note Beth A. Buser, Department of Psychology, Liberty University. Beth A. Buser is now at the Department of Psychology, Liberty University. This research was supported by a Pell Grant given by the United States government. Correspondences concerning this article should be addressed to Beth A. Buser, Department of Psychology, Liberty University, Lynchburg, VA 24515. E-mail: bbuser1@liberty.edu Questions and Answers If an individual wants to know where to find the official criteria for proper APA style, the best source to refer to would be the Publication Manual of the American Psychological Association, 6th Edition. This manual provides in depth information on the proper ways to construct documents in writing which includes the structure, the style, and citing all sources properly in text or via a reference page. The manual also provides numerous examples for each form of documentation as well as detailed examples of structure for publication. There are five levels of headings used in the APA manuscript format. A level one heading is presented by centering the heading in bold face type while using upper and lowercase letters. A level two heading is presented by aligning the heading flush to the left margin and typing the letters in bold face type while using upper and lowercase letters. A level three heading is presented by indenting the heading and typing the......

Words: 670 - Pages: 3

Premium Essay

Rst 255 Term Paper

...Blake Groesbeck RST 255-B Term Paper 5/4/15 grosbck2 Term Paper: Bigger Stronger Faster In our everyday lives every action has a positive and negative effect, where individuals are constantly using ethical lenses to judge their stance on a certain situation, whether they know it or not. After having the chance to watch the ESPN 30 for 30 Bigger Stronger Faster, it was an extremely eye opening experience. The documentary took an objective stance on the use of anabolic steroids where the National Institute on Drug Abuse defines anabolic-androgenic steroids as, “a synthetic variant of the male sex hormone testosterone and that “anabolic” refers to muscle-building and “androgenic” refers to increased male sexual characteristics.” The use of anabolic steroids for sports/recreation is illegal and is considered by the United States as a controlled substance, however the use of anabolic steroids for medical use is legal. The ethical question I am asking is, “how can the United States “claim” that the use of anabolic steroids for medical reasons be ethical and can “help” someone when they “claim” that the use of anabolic steroids for sports/recreation to be unethical and will “hurt” someone?” In order to take an objective stance I will use three of the five ethical lenses provided in class. The five ethical lenses that were provided in class are: the Utilitarian Approach, the Rights Approach, the Fairness or Justice Approach, the Common Good Approach, and the Virtue Approach. ...

Words: 1505 - Pages: 7

Premium Essay

It 255

...Rock Laguerre IT255 Homework Instructor: Nicole Taylor 1. _____________ offers a mechanism to accomplish four security goals: confidentiality, integrity, authentication, and non-repudiation. A. Security association (SA) B. Secure socket layer (SSL) * C. Cryptography D. None of the above 2. A strong hash function is designed so that a message cannot be forged that will result in the same hash as a legitimate message. * True B. False 3. The act of scrambling plaintext into ciphertext is known as __________ A. Decryption * B. Encryption C. Plaintext D. Cleartext 4. An algorithm used for cryptographic purposes is known as a ______________ A. Hash B. Private key C. Public key * D. Cypher 5. Encryption ciphers fall into two general categories: symmetric (private) key and asymmetric (public) key * True B. False 6. An encryption cipher that uses the same key to encrypt and decrypt is called a ____________ key * Symmetric (private) B. Asymmetric (public) C. Key encrypting D. None of the above 7. ______________ corroborates the identity of an entity, whether the sender, the sender’s computer, some device, or some information. A. Non-repudiation B. Confidentiality C. Integrity * D. Authentication 8. Which of the following is one of the four basic forms of a cryptographic attack? A. Ciphertest-only attack B. Known-plaintext attack C. Chosen-plaintext attack D. Chosen-ciphertext......

Words: 309 - Pages: 2

Premium Essay

It 255

...Hana Laplant 4/12/12 Unit 4 Assignment 1&2 Enhance an existing it security policy framework Security policy planners must consider and the tasks they must complete to deploy an effective security audit policy in a network that includes computers running Windows 7 or Windows Server 2008 R2. Organizations invest a large portion of their information technology budgets on security applications and services, such as antivirus software, firewalls, and encryption. But no matter how much security hardware or software you deploy, how tightly you control the rights of users, or carefully you configure security permissions on your data, you should not consider the job complete unless you have a well-defined, timely auditing strategy to track the effectiveness of your defenses and identify attempts to circumvent them. To be well defined and timely, an auditing strategy must provide useful tracking data on an organization's most important resources, critical behaviors, and potential risks. In a growing number of organizations, it must also provide absolute proof that IT operations comply with corporate and regulatory requirements. Unfortunately, no organization has unlimited resources to monitor every single resource and activity on a network. If you do not plan well enough, you will likely have gaps in your auditing strategy. However, if you try to audit every resource and activity, you may find yourself with far too much monitoring data, including thousands of benign......

Words: 1876 - Pages: 8