Premium Essay

Firewall Solution

In:

Submitted By houskadance
Words 1780
Pages 8
Chapter 1 Solutions File

Review Questions

1. What is the difference between a threat agent and a threat? A threat is an object, person, or other entity that poses a risk of loss to an asset—i.e., the organizational resource that is being protected. A threat agent is a specific instance of a general threat. 2. What is the difference between vulnerability and exposure? A vulnerability is a weakness or fault in the protection mechanisms that are intended to protect information and information assets from attack or damage. An exposure is a weakness that is revealed or exposed to the attack environment. 3. What is a hacker? What is a phreaker? A hacker is a person who uses information systems or data networks without permission or in ways that violate the owner’s intentions, usually by bypassing controls or ignoring policy. A phreaker is a hacker on the voice telecommunication network. 4. What are the three components of the C.I.A. triangle? What are they used for? The C.I.A. triangle, an industry standard for computer security since the development of the mainframe, is based on the three characteristics of information that make it valuable to organizations: confidentiality, integrity, and availability. Confidentiality is the protection of information from disclosure or exposure to unauthorized individuals or systems. This means that only those with the rights and privileges to access information are able to do so. Integrity is when information remains whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state. Availability enables authorized users—persons or computer systems—to access information without interference or obstruction, and to receive it in the required format. 5. If the C.I.A. triangle no

Similar Documents

Premium Essay

Aircraft Solutions

...According to information reviewed as part of this project, Aircraft Solutions is a recognized leader and highly respected equipment and component fabrication company. Aircraft Solutions provides full spectrum design and implementation solutions to multiple industries including the electronics, aerospace, commercial, and defense industries. In addition to the background information presented in the course assignment, additional information on geographic layout, business process, and IT architecture were presented. With the information provided, and based on additional research, the primary objective in this assessment was to identify the possible presence of vulnerabilities within the overall framework of Aircraft Solutions operations. Based on the presence on weaknesses, an evaluation of the associated threats was conducted, followed by an analysis of any risks that may be present and potential outcomes. Overview Three areas of potential security weaknesses in Information Technology (IT) for Aircraft Solutions, or any company are hardware, software, and IT policy. In terms of hardware, the provided Network Architecture Map detailed that Aircraft Solutions lacks a firewall between the Commercial Division and the Internet, while all other branches of the company are protected through a firewall in one manner or another. This is a significant vulnerability to the entire system. For Software, Aircraft Solutions uses a Business Process Management System (BPM) that handles end-to-end...

Words: 1847 - Pages: 8

Premium Essay

Weaknesses Assignment Phase Ii- Security Assessment and Recommendations

...Recommendations SE571 Principles of Information Security and Privacy Introduction Aircraft Solutions (AS) is a renowned equipment and component fabrication company with the capability to provide full range designs and implantation solutions to different sectors such as defense, aerospace, commercial and electronics industries. This paper discusses the possible recommendations based on the security assessment conducted in Phase 1, and proposes possible changes in order to ensure the safety of AS networks. The Company owns an enormous production plan which promises to deliver high quality solutions for targeted at various industries. It is equipped with a team of excellent and highly qualified professionals who cater to various needs of different industries. This paper intends to find possible solutions to bridge the gaps as found in the investigation in Phase 1. The weaknesses that are being addressed are the firewall configuration, virtualization of their hardware assets and defining and revisiting their security policy regarding firewall configuration and updated software at least twice a year. Brief overview of the Vulnerabilities in AS After a thorough investigation of the IT architecture and systems of the Aircraft Solutions, two main concerns were identified as the priority items that needed attention. The first was hardware related concern and was pertaining to the lack of a firewall being present in the network. This would lead to high risks as the system would be vulnerable...

Words: 1692 - Pages: 7

Free Essay

Ethics

...software firewall as well as hardware firewall in one device called cyberoam as well as MacAfee anti-virus . A firewall is a system designed to prevent unauthorized access to or from a private network.It is located at a network gateway server. A firewall plays an important role on any network as it provides a protective barrier against most forms of attack. It controls the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set by the organization using. There are two types of firewall: * Software Firewall: Is a software program installed in any computer in order to protect it. Software firewalls is best suited for protecting computers from Trojan programs, e-mail worms, or spams. It prevents any unauthorized access. An example of software firewall includes Zone Alarm, Sygate, Kerio. An illustration is shown below: * Hardware firewall: Is a device which connects your computer or network in order to protect them from unauthorized access. An example of hardware firewalls includes Linksys, D-Link, Netgear. There are several types of firewall techniques but the one which is used by Dar Al-Hekma College is Packet filter technique. This technique as its name implies filters all the packet data that enters or leaves the Dar Al-Hekma college network and it then decides whether to accept or reject it based on the configuration set by DAH College. Hence the firewall in this...

Words: 741 - Pages: 3

Free Essay

Ntc 411 Week 5 Individual Security Solutions

...NTC 411 Week 5 Individual Security Solutions Get Tutorial by Clicking on the link below or Copy Paste Link in Your Browser https://hwguiders.com/downloads/ntc-411-week-5-individual-security-solutions/ For More Courses and Exams use this form ( http://hwguiders.com/contact-us/ ) Feel Free to Search your Class through Our Product Categories or From Our Search Bar (http://hwguiders.com/ ) Resources: SkillSoft (2012). CompTIA Network+ 2012: Network Security Part 3. Complete the Security Solutions Model module in Skillport. Attach a copy (screen shot) of the final test page to your assignment below. Scenario: Your boss wants to know how to detect an intrusion into or an attack on the ecommerce network. Your boss also wants to know what hardware or software should be procured for intrusion detection. Write a 2- to 3-page business report describing the hardware and/or software you believe should be considered for implementation. Include your reasoning for why the described hardware and/or software should be procured and implemented. Address the following questions raised by your boss: Does a properly installed and maintained firewall provide adequate defense against intrusion? What is an IPS and do we need one in an ecommerce network? Do we need a group of network personnel to monitor the ecommerce network for intrusions 24/7? Will any of this hardware or software facilitate a real-time response to an intrusion? Format your business report consistent with...

Words: 5062 - Pages: 21

Free Essay

Vulnerability Assessment Penetration Analysis

...Vulnerability Assessment Penetration Analysis A. Memo For Record: IDS upgrade or replacement Summary of Events: The health care clinic’s network security appliance (combined router/firewall/wireless access point) was hacked and passwords were cracked. Configuration changes to this device opened the network to a Denial-of-Service (DoS) attack. The result of this attack prevented access to patient records and insurance claims as part of their daily routine. The network Intrusion Detection System (IDS) sensor had been previously disabled because of degradation of network performance caused by the device. No advanced notification of system degradation caused by the DoS attack was identified until employees were unable to use the network to perform the jobs. IDS Definition: Network IDS is part of the external boundary protection and monitoring system. Threats to the network from external sources are identified and reported using a management console. With the sensor disabled attacks against the network can be accomplished undetected and reduce response time. “An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to...

Words: 972 - Pages: 4

Premium Essay

Myrtle & Associates/Bellview Law Group to Mab Law Firm Network Integration

...separated by a considerable geographical distance. 3. Current Novell Servers Used by Bellview Law Group are Old. 4. All internal hard cabling runs will be wired with CAT 5e. Current Network Diagram Please See Exhibit (A-1 & A-2) Diagram of Proposed Network Integration Please See Exhibit (B) Challenges to Integrating the Current LANs, Challenges integrating the Myrtle & Associates and Bellview Law Group networks will be presented by the following: * The geographical distance between the two offices (L2TP/IPsec) * Bellview Law Group use of Novell and IPX/SPX instead of TCP/IP Integrating these two networks will be faced by the geographical distance between the two offices where the law firms reside. One solution would be to lease a dedicated line however; this option would be a very expensive one and is unnecessary due to new Virtual Private Network (VPN) technologies such as Layer 2 Tunneling Protocol (L2TP). Layer 2 Tunneling Protocol (L2TP) is a VPN technology allows for communication between two LAN segments separated by geographic distance by means of Point to Point Protocol (PPP) & encryption. Encryption, which is the process of converting the senders “plaintext” to a unreadable altered version of that plaintext called “ciphertext.” This feat is accomplished by using an algorithm, also called a cipher. The cipher makes the data being communicated unreadable to anyone except an entity possessing a special...

Words: 2057 - Pages: 9

Premium Essay

Case

...1. What caused the security breach at Hershey’s? Inside job The fact is that the biggest threat to an organization lies within its boundaries. In its 2006 survey, “Information Security Breaches,” the DTI and PricewaterhouseCoopers found that 32% of Information Security attacks originated from internal employees while 28% came from ex-employees and partners. Similarly, law enforcement experts in Europe and the US estimate that over 50% of breaches result from employees misusing access privileges, whether maliciously or unwittingly. So securing the enterprise isn’t just about stopping external threats. It’s just as important to contain the threat from hapless or hazardous employees. One of the key internal threats to corporates is spyware, because it’s all too often introduced without malicious intent, by employees that naively click through a couple of pop-up browser windows, or install an unapproved yet ‘cool’ application on the network. The situation isn’t helped by the myths that surround spyware. Human error, not technology, is the most significant cause of IT security breaches, according to a security survey released by the Computing Technology Industry Association Inc. (CompTIA) today. The survey, "Committing to Security: A CompTIA Analysis of IT Security and the Workforce," suggests more training and certification of IT workers will help the U.S. protect itself against cyberthreats. In more than 63% of security breaches identified by the survey's respondents, human...

Words: 489 - Pages: 2

Free Essay

Ceh Executive Proposal

...real-time network health and change management among other areas of today’s ever changing Information Technology (IT) data environment. This software assists the security manager in safeguarding vital business data through the compilation of network device information and real-time awareness of network health, firewall configuration and patch management with deployment. The software is modular and can be configured to meet the needs of the organization in which it supports while minimizing service interruptions which lead to the loss of productivity. Solarwinds offers a multitude of modules that range from configuration management to help desk trend analysis and firewall management. This is a non-platform dependent software solution which can manage firewalls and devices for proper patch management. This solution can be configured by the most novice IT professional while not breaking the bank. Its scalability can support anywhere from 10 users to many hundred users. The Solarwinds software solution can be a great addition to any network security solution. The benefits you will be getting from this software cover a large spectrum of security hardening techniques from the firewall configuration and management to end user patch management. Solarwinds modularity contributes to its capability to fulfill many security requirements. Solarwinds offers a scalable security information and events manager (SIEM) console module. The SIEM module will enhance the capability to maintain real-time...

Words: 1221 - Pages: 5

Premium Essay

Aircraft Solutions

...Aircraft Solutions, headquartered in San Diego, California, is a company specializing in business-to-business products and services. Their customers are primarily in the electronic, commercial, defense and aerospace industries. They specialize in offering low-cost design and computer-aided packages to help their customers lower their costs for development and involve their customers in every step of the fabrication process while utilizing the Business Process Management System (BPM). With this method they hope to keep repeat business and attain long-lasting customer relationships. They have two remote locations outside of San Diego: The commercial division is 40 miles east in Chula Vista, California and the defense division is 90 miles away in Santa Ana, California. Aircraft Solutions prides itself on being recognized as an industry leader. However, after assessing the company’s information security, they may not be a leader for much longer. Two major security weaknesses have been identified: a hardware configuration problem and an unsound security policy for the firewalls. The company has five servers, a database, one switch, two routers, and a firewall. All of the hardware is behind the firewall except the main router. This router connects directly to the Internet, which is also the connection the commercial division in Chula Vista uses to connect to the headquarters. This configuration is set up in such a way where all Internet traffic hits the main router first...

Words: 1260 - Pages: 6

Free Essay

Firewalls

...Firewalls are essential security elements in any network. However, as with all aspects of network security, deploying firewalls is a complicated task. Many factors need to be considered, chief among them is cost and function. A dilemma faces all firewall administrators: what is the proper balance between firewall security and network usability. In other works, how can one make the network secure as possible with a firewall while maintaining ease of use and maintaining appropriate speed of the connections for the users? There is no one or easy answer to this question. Each network and organization is unique. I believe that fact is the key to a good answer. Since each organization has unique objectives and goals the firewall must protect those security elements that achieve those objectives and goals. To some extent, firewalls must be customized to meet the needs of the organization. I have read about the trade-offs of an out-of-the-box firewall versus a firewall that is built from scratch to meet the requirements of a particular network’s security. A do-it-yourself firewall has the advantage of being highly customized to the needs of the organization and an out-of-the-box firewall generally is more expensive. Does that make a do-it-yourself firewall the better choice? I think not. It seems to me that a pre-built firewall has one overriding advantage when compared to a do-it-yourself unit: documentation and support. What if the builder of that do-it-yourself firewall...

Words: 534 - Pages: 3

Premium Essay

Network Security

...CHAPTER Firewall Fundamentals 2 T o some network administrators, a firewall is the key component of their infrastructure’s security. To others, a firewall is a hassle and a barrier to accomplishing essential tasks. In most cases, the negative view of firewalls stems from a basic misunderstanding of the nature of firewalls and how they work. This chapter will help dispel this confusion. This chapter clearly defines the fundamentals of firewalls. These include what a firewall is, what a firewall does, how it performs these tasks, why firewalls are necessary, the various firewall types, and filtering mechanisms. Once you understand these fundamentals of firewalls, you will be able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefits of effective firewall architecture will become clear. Like any tool, firewalls are useful in solving a variety of problems and in supporting essential network security. Chapter 2 Topics This chapter covers the following topics and concepts: • What a firewall is • Why you need a firewall • How firewalls work and what they do • What the basics of TCP/IP are • What the types of firewalls are • What ingress and egress filtering is • What the types of firewall filtering are • What the difference between software and hardware firewalls is • What dual-homed and triple-homed firewalls are • What the best placement of a firewall is 43 Chapter 2 Goals When you complete...

Words: 15367 - Pages: 62

Free Essay

Ddos

... There is always a signficant amount of residual DDoS that will flow through. That's why you need a DDoS mitigation system in your network to handle the remainder of the attack. IntruGuard helps cloud service providers with solutions for DDoS attack mitigation as well. If your service provider doesn't provide DDoS attack mitigation services, you must take care of your own network to avoid collateral and other damages. Edge Router Access Control Lists Access lists in the router can be used to block certain addresses, if such addresses can be known a priori. But websites open to the public are, by nature, open to connections from individual computers, which are exactly the agents hackers use to initiate attacks. Robust edge routers provide a robust data center infrastructure. They are the key to a solid foundation. Their high performance makes them sustain large DDoS attacks without performance loss. Juniper Routers provide the ability to perform packet-filtering and black-hole routing combined with Traffic Flow Filtering capability data center administrator today use primarily two methods to mitigate attacks once they have been discovered by the NOC; packet filters, and black-hole routing. Packet filters, also referred to as firewall filters or access control lists, are set in the edge routers to rate limit or discard traffic being sent to or from specific IP addresses. Packet filtering in edge routers is useful when you know the cause and the source of DDoS and...

Words: 1301 - Pages: 6

Premium Essay

Aircraft Solutions

...Aircraft Solutions (AS)
Security Overview 
Introduction 
Aircraft Solutions is a well respected equipment and component fabrication company who 
provides a full spectrum design and implementation solutions to several industries which
 includes; electronics, aerospace, commercial and the defense sectors. Aircraft Solutions employs 
a range of highly qualified professionals and houses an immense production plant, with an 
overall goal of providing high-quality solutions to accommodate specifications from a wide
range of customer demands. The following report is a security assessment on Aircraft Solutions
and the primary objective in this assessment is to identify the existence of vulnerabilities present 
within the global context of Aircraft Solutions’ operations. An evaluation of the associated 
threats will be deduced, accompanied by the exposed weaknesses. This will be followed by an
analysis of the degree of risk present. Finally, there will be a focus on the consideration of the
 consequences resulting from revealing of potential threats.

 Assessment 
Hardware and policy will be the main focus of this investigation. It will be narrowed down more 
to hardware issues. It is very curious that there is no firewall implemented between the
commercial division and the Internet. The Defense Department must be routed through
Headquarters, but the Commercial department is connected straight to the Internet. This is a
significant vulnerability. The second weakness that will be...

Words: 1151 - Pages: 5

Premium Essay

Technology

...CHaPTer Firewall Fundamentals 2 T O SOME NETWORK ADMINISTRATORS, A FIREWALL is the key component of their infrastructure’s security. To others, a fi rewall is a hassle and a barrier to accomplishing essential tasks. In most cases, the negative view of fi rewalls stems from a basic misunderstanding of the nature of fi rewalls and how they work. This chapter will help dispel this confusion. This chapter clearly defi nes the fundamentals of fi rewalls. These include what a fi rewall is, what a fi rewall does, how it performs these tasks, why fi rewalls are necessary, the various fi rewall types, and fi ltering mechanisms. Once you understand these fundamentals of fi rewalls, you will able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefi ts of effective fi rewall architecture will become clear. Like any tool, fi rewalls are useful in solving a variety of particular problems and in supporting essential network security. Chapter 2 Topics This chapter will cover the following topics and concepts: • What a fi rewall is • Why you need a fi rewall • How fi rewalls work and what they do • What the basics of TCP/IP are • What the types of fi rewalls are • What ingress and egress fi ltering is • What the types of fi rewall fi ltering are • What the difference between software and hardware fi rewalls is • What dual-homed and triple-homed fi rewalls...

Words: 15354 - Pages: 62

Premium Essay

Vut Term Paper

...members use to acquire information about patients insurance including filing claims. The type of attack was a DOS attack. This attack could have been prevented if certain measures were implemented. First and foremost, the network should have had the IDS systems that was bought implementing and integrated on the network. There were complaints about the IDS system but should not have been compromised for convenience. No security assets should have been compromised for the convenience. If the network was slow, the administrators could have looked into doing several measures. One is increase the bandwidth of the network to support all systems and functions. Ensure that we increase the bandwidth even for future expansion and added systems. This solution could be a fix for more than one issue. Two, configure a QOS policy on the network for critical applications such as the insurance web server. We should ensure that our most critical systems have priority on the network when it comes to bandwidth. This also helps bad latency that may hit during peak hours. Three, look at buying another type of IDS that wouldn’t demand so much bandwidth from the network. Before any system is brought and implemented on the network, we should have tested it in a trail version. Along with buying support from the company and have the vendor help integrate on the network that works best for us. Now let’s get to the security faults that and controls that should have been taken. After the nurse was terminated...

Words: 525 - Pages: 3