Premium Essay

Nt2580 Unit 4 Security

Submitted By
Words 1221
Pages 5
Task 4: Security
a) Explain THREE (3) security concepts. A LGND clinic has suffered a virus infection which meant that no patient records could be viewed. Briefly outline which security concept was violated.
Security is the set of techniques that ensure that the resources of the information system (hardware or software) of an organization are used only in the context where it is intended. The basic requirements of computer security are to ensure:
Availability: The information on the system should always be available to authorized people.
Confidentiality: The information on the system must be disseminated only to authorized persons.
Integrity: The information on the system can only be modified by authorized persons.
Confidentiality is the protection …show more content…
c) How would you ensure that users of the open access PC or the Wi-Fi cannot access the local server?
Set up well-chosen and sufficiently complicated passwords
Install appropriate protection software (such as antivirus, anti-spyware, anti-malware ...)
Setting up a firewall
Pay attention to what is already done (example: avoid downloading software from unsavory sources)
Check that USB flash drives do not connect to hardware
Use an operating system that receives fewer attacks, such as a Linux distribution
Put in place all necessary protections against computer attacks from outside
Record all inappropriate connections on computer hardware
We must also educate employees: Computer user at his computer, Monitor the arrival of individuals no one.
d) Provide a list of FOUR (4) measures that can help keep the network secure. This list should include hardware, software, policies and ways of checking them.
Protective measures consist in using:
• 1/A firewall
The role of the firewall is to ensure a protection perimeter between the company's internal network and the outside world. Based on packet analysis technologies at the entrance of the protected perimeter, the firewall allows or forbids access to and from this perimeter. Composed of hardware and / or software, the firewall will perform the following

Similar Documents

Premium Essay

Random

...Search Results Nt2580 - College Essays - Hendrome www.termpaperwarehouse.com › Computers and Technology Nov 11, 2012 – Nt2580. Making tradeoffs due to economic scarcity and that every society faces ... For a given set of laboratory services, there is a defined cost. Nt2580 Lab 4 - Term Papers - Jrains www.termpaperwarehouse.com › Computers and Technology Jan 18, 2013 – Nt2580 Lab 4. 1. Define why change control management is relevant to security operations in an organization. Change control is a systematic ... NT2580 Introduction to Network Security stankong.bol.ucla.edu/NT2580/index.htm Welcome to NT2580 Introduction to Network Security ... Home Work , Labs, PowerPoint , Project and Exam Reviews. Fall Quarter 2012 ... Itt tech nt2580 lab 6 - 6 ebooks - free download www.getbookee.org/itt-tech-nt2580-lab-6/ Itt tech nt2580 lab 6 download on GetBookee.org free books and manuals search - 094 ALB 01-09-13 01-09-13 Vol 37-a. Nt2580 unit 9 lab - 4 ebooks - free download www.getbookee.org/nt2580-unit-9-lab/ Nt2580 unit 9 lab download on GetBookee.org free books and manuals search - NT2580 Introduction to If ti S itInformation Security. Nt2580 unit 6 lab - 4 ebooks - free download www.getbookee.org/nt2580-unit-6-lab/ Nt2580 unit 6 lab download on GetBookee.org free books and manuals search - NT2580 Introduction to If ti S itInformation Security. Lab itt edition nt2580 answers - 1 ebooks -...

Words: 435 - Pages: 2

Free Essay

Policy Definition & Data Classification

...8/1/2015 NT2580 Unit 7 Policy Definition and Data Classification Standard : NT 2580 : ITT Tech : Homework   NT2580 Unit 7 Policy Definition and Data Classification Standard Home  ITT Tech  NT  NT 2580  NT2580 Unit 7 Policy Definition and Data Classification Standard  You have successfully unlocked this document. You have 24 more unlocks  available. Was this document helpful?  Yes   Download Document https://www.coursehero.com/file/11610135/NT2580­Unit­7­Policy­Definition­and­Data­Classification­Standard/?timestamp=20150801105100 1/6 8/1/2015 NT2580 Unit 7 Policy Definition and Data Classification Standard : NT 2580 : ITT Tech : Homework Share and earn access  CorporalStarViper9176 ITT Tech Follow 3  1787  302 https://www.coursehero.com/file/11610135/NT2580­Unit­7­Policy­Definition­and­Data­Classification­Standard/?timestamp=20150801105100 2/6 8/1/2015 NT2580 Unit 7 Policy Definition and Data Classification Standard : NT 2580 : ITT Tech : Homework   VIEWS UNLOCKS 0 1   HELPFUL UNHELPFUL 0 0 About this Document SCHOOL ITT Tech COURSE NT 2580, Summer 2014 COURSE TITLE Introduction to Information Security PROFESSOR MR J TYPE Homework PAGES 1 WORD COUNT 206 Is this correct?  Flag Get Help in NT 2580 https://www.coursehero.com/file/11610135/NT2580­Unit­7­Policy­Definition­and­Data­Classification­Standard/?timestamp=20150801105100 ...

Words: 487 - Pages: 2

Premium Essay

Test

...Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110 ...

Words: 2305 - Pages: 10

Premium Essay

Nt2580 Week 1

...ITT Technical Institute 3825 West Cheyenne Avenue, Suite 600 North Las Vegas, Nevada 89032 NT2580 Introduction to Information Security Week 1, Unit 1 – Information Systems Security Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief report...

Words: 530 - Pages: 3

Free Essay

Access Controls

...NT2580 Unit 3 Access Controls 1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access. Administrative and Logical/technical would be recommended for this company. They would only require a basic yet secure system for their small network. 2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees communicate using smartphones. Administrative and Logical/technical is recommended for this company. Being a small company, basic things are needed. With the network secured with strong passwords and the communication on smartphones, this is all they need. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively. Administrative, Logical/technical, Hardware and Software are recommended for this company. With the size of the company, they need many rules set to maintain security. With communication through email and extensive travel, they also need to be secured. Traveling is a risk because they might leave sensitive things behind, security ensures nothing is revealed. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. Software and physical are recommended for this company. Since they communicate...

Words: 335 - Pages: 2

Free Essay

Microsoft Remote Desktop Gateway (Rdg)

...3Mokihana Sabang NT2580 Unit 3 10/11/12 Wallace Dear Richman Investments, I am happy to hear that you are looking to expand your company and are currently looking for a remote access policy. One, I think giving your employees the ability to use their company computers from home and when traveling for the business is a great opportunity, I also believe it can be a high risk with nothing in place of security. I purpose that all computers in which has been provided by the company use RDG. Microsoft Remote Desktop Gateway (RDG) * Allows you to log in to your ETSU computer from off-campus * Requires no software installation * Presents a lower security risk * Does not expire (subject to periodic review) With that said there will be rules set for all employees’ in which RDG is to use. 1) All employees will sign a RDG agreement. 2) All employees who will be given a company computer will need to get permission from Vice president. 3) When connect to the company internet/server you must make sure no one else will be on your network. 4) Computers must be up to date with anti-virus and any recommended software. 5) 30 minutes of inactivity, computer will automatically disconnect from the network. 6) Only the Headquarters VP, Presidents, and IT will be able to access any other sites on the network. *(not vice versa) I want to thank you for giving me the opportunity to help you with getting this setup for your company. Feel free...

Words: 263 - Pages: 2

Premium Essay

Nt2580 Unit 3 Assignment & Lab

...NT2580 Unit 3 Assignment & Lab Unit 3. Assignment 1 - Remote Access Control Policy Definition There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentication. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be...

Words: 477 - Pages: 2

Premium Essay

Nt1230 Syllabus

...computers, and related aspects of typical network server functions. Client-Server Networking I Syllabus Where Does This Course Belong? 1st QTR GS1140 NT1110 GS1145 Problem Solving Theory Computer Structure and Logic Strategies for the Technical Professional 2nd QTR NT1210 Introduction to Networking NT1230 Client-Server Networking I MA1210 College Mathematics I 3rd QTR NT1310 NT1330 MA1310 4th QTR PT1420 NT1430 EN1320 5th QTR PT2520 NT2580 EN1420 6th QTR NT2640 NT2670 CO2520 7th QTR NT2799 SP2750 Physical Networking Client-Server Networking II College Mathematics II Introduction to Programming Linux Networking Composition I Database Concepts Introduction to Information Security Composition II IP Networking Email and Web Services Communications Network Systems Administration Capstone Project Group Theory The follow diagram indicates how this course relates to other courses in the NSA program: 1 Date: 8/31/2012 Client-Server Networking I Syllabus NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420...

Words: 1834 - Pages: 8

Free Essay

Unit8

...NT2580: Unit 8 IPv4 vs IPv6 Security 1. In which situations should you use IPv4 rather than IPv6? IPv4-only node – A host or router that implements only IPv4. An IPv4-only node does not understand IPv6. The installed base of IPv4 hosts and routers that exist before the transition begins are IPv4-only nodes. 2.In which situations should you use IPv6 rather than IPv4?  IPv6-only node – A host or router that implements IPv6, and does not implement IPv4.  IPv6 node – Any host or router that implements IPv6. IPv6/IPv4 and IPv6-only nodes are both IPv6 nodes 3.What are the security implications of using IPv4 and IPv6? Though 6to4 relay routers do encapsulate and decapsulate packets, these routers do not check the data that is contained within the packets. * Address spoofing is a major issue on tunnels to a 6to4 relay router. For incoming traffic, the 6to4 router is unable to match the IPv4 address of the relay router with the IPv6 address of the source. Therefore, the address of the IPv6 host can easily be spoofed. The address of the 6to4 relay router can also be spoofed. * By default, no trust mechanism exists between 6to4 routers and 6to4 relay routers. Thus, a 6to4 router cannot identify whether the 6to4 relay router is to be trusted, or even a legitimate 6to4 relay router. A trust relationship between the 6to4 site and the IPv6 destination must exist, or the both sites leave themselves open to possible attacks. 4.What security countermeasures should you...

Words: 367 - Pages: 2

Premium Essay

Unit 8 Lab Questions

...Richard Bailey Unit 8 lab 8.1 August 19, 2013 NT2580 Introduction to Information Security 1. So you can find the weekness and fix before it can be implamented on the server and goes live. 2. A reflective XSS attack a type of computer security vulnerability. It involves the web application dynamically generating a response using non-sanitized data from the client. Scripts, like JavaScript or VB Script, in the data sent to the server will send back a page with the script. 3. SQL Injections can be used to enter the database with administrator rights.  Best way to avoid this is using Java in websites. 4. methods, including character scrambling and masking, numeric variance and nulling, rely on an array of built-in SQL Server system functions that are used for string manipulation. 5. Well co-ordinated and regulary audited security checks is the best way forword. 6. . There has been considerable debate comparing the security attributes of open source and proprietary software (Anderson, 2002). However, for a careful interpretation of the data, rigorous quantitative modeling methods are needed. The likelihood of a system being compromised depends on the probability that a newly discovered vulnerability will be exploited. Thus, the risk is better represented by the vulnerabilities which are not yet discovered and the vulnerability discovery rate rather than by the vulnerabilities that have been already discovered in the past and remedied by patches. ...

Words: 489 - Pages: 2

Premium Essay

Unit 3. Access Controls

...NT2580 Unit 3 Access Controls 01/22/2014 1. For the construction company scenario the data would probably consist of customer contact information, accounting, and inventory. For administrative controls I would administer a password policy. For the logical/technical controls I would have passwords checked and enforced. For the software controls I would make sure that updates are checked regularly. 2. For the advertising company scenario the data would probably consist of customer contact information, accounting, and inventory. For administrative controls I would administer a password policy. For the logical/technical controls I would have passwords checked and enforced. For the software controls I would make sure that updates are checked regularly. 3. For NetSecIT, I would implement all access controls on this organization because of the size of the company and the remote access. For administrative controls I would administer a password policy. For the logical/technical controls I would have passwords checked and enforced. For the software controls I would make sure that updates are checked regularly. For the hardware controls I would utilize MAC filtering and smart card use. For the physical I would utilize security guards and ID badges. 4. For Backordered Parts, I would implement all access controls for this organization because it is a defense contractor that builds communications parts for the military. For administrative controls I would administer a...

Words: 362 - Pages: 2

Premium Essay

Unit 4 Assignment 2

...Unit 4 Assignment 2: Acceptable Use Policy Definition NT2580 The following acceptable use policy has been designed for Richman Investments and grants the right for users to gain access to the network of Richman Investments and also requires the user to follow the terms of use set forth for network access. Policy Guidelines * The use of peer to peer file sharing is strictly prohibited. This includes FTP. * Downloading executable programs or software from any websites, known or unknown, is forbidden. * Users are not allowed to redistribute licensed or copyrighted material without receiving consent from the company. * Introduction of malicious programs into networks or onto systems will not be tolerated. * Attempts to gain access to unauthorized company resources or information from internal or external sources will not be tolerated. * Port scanning and data interception on the network is strictly forbidden. * Authorized users shall not have a denial of service or authentication. * Using programs, scripts, commands, or anything else that could interfere with other network users is prohibited. * Sending junk mail to company recipients is prohibited. * Accessing adult content from company resources is forbidden. * Remote connections from systems failing to meet minimum security requirements will not be allowed. * Social media will not be accessible on company resources. * Internet...

Words: 263 - Pages: 2

Free Essay

Unit 3

...Class NT2580 Introduction to Information Security Unit 3 Discussion 1 1. For this company I would say that the 12 computers that they have should have passwords on all the computers. The reason why I say this is because they only people who should have access to these computers are they people who have the password or know the password. That is why this is the best protection for this construction company. This construction company will have a role-based access controls. This means with the uses that they have on site will have special groups based on the access they require for the company. 2. For this company since they all contact one another with smart phones and have 12 computers each and every one of these users should have an identification number as in a pin for each and every one of them that way they can all be able to be identified. On this company they are required to have a rule-based access controls. The reason why I require this for this company is cause each user is going to have access to a phone and computer which requires each and every one of them to have a pin in order for them to access their devices. That is why this access control is so important on these devices cause if they don’t know there pin then they will not be able to gain access. 3. For this company I would recommend that they use fingerprint technology for all these servers and employes. The reason why I say this is because for one thing there is too many employees to keep track...

Words: 624 - Pages: 3

Premium Essay

Nt2580 Unit 4 Assignment 2

...Dallas Page July 17, 2015 Unit 4 Assignment 2 NT2580 Acceptable Use Policy Definition 1. Overview To protect the integrity, confidentiality and accessibility along with the safety of our clientele and employees it is necessary that a precise set of standards must be defined for anyone who utilizes the electronic devices to access information via the internet. Richman Investments is committed to protecting employees, partners and the company from illegal or destructive actions whether knowingly or unknowingly. Internet or Intranet related systems, including but not limited to the World Wide Web, storage media, operating systems, network accounts and electronic mail are intended to be used for business pertaining to Richman Investments. It is the responsibility of each electronic device user to know the guidelines of the Acceptable Use Policy and to adhere to the Acceptable Use Policy of Richman Investments. 2. Purpose To outline and give a clear precise definition of what is and what isn’t acceptable when using the property of Richman Investments. Property including but not limited to computers, internet service, email service, storage media, operating systems or network accounts. Inappropriate use of either of the aforementioned exposes Richman Investments to legal liability and/or risks of damage to company hardware and/or software. 3. Scope The Acceptable Use Policy applies to all employees, contractors, clients, visitors and partners to...

Words: 689 - Pages: 3

Free Essay

Information Technology

...Kingstone, Joseph M NT2580 Mr. Lewis Unit 7 Encryption Types 1. (ECC) Elliptic curve cryptography - is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. Elliptic curves are also used in several integer factorization algorithms that have applications in cryptography, such as Lenstra elliptic curve factorization. 2. commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape. 3. (3DES) Triple DES - a mode of the DES encryption algorithm that encrypts data three times. Three 64-bit keys are used, instead of one, for an overall key length of 192 bits (the first encryption is encrypted with second key, and the resulting cipher text is again encrypted with a third key). 4. Diffie-Hellman key exchange - is a specific method of exchanging cryptographic keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. 5. International Data Encryption Algorithm (IDEA)- is a block cipher. 6. Data Encryption Standard – Encryption cipher that is a product cipher with a 56bit key consisting of 16 iterations of substitution and transformation. ...

Words: 415 - Pages: 2