Free Essay

Roles Involved in Network Security

In:

Submitted By galb08
Words 430
Pages 2
Unit 9 Assignment 1: List phases of a computer Attack
Reconnaissance and Probing
The primary attach would be pretending to be friendly to a user by simply starting with a story or a joke to a co-worker, to get some type of information, then a search through different means (google, social sites, etc.)
Method of access
1. The primary target is to use some type of phishing, spear or pharming type of trick to get information (use a birthday, anniversary, etc.). I could pose as an outside contractor that just happen to have lost its private key accidentally and need to access the system through one of the company computers connected to the network.
2. Using social engineering by offering to send the postcard by email (attachment) containing the invitations to the manager’s birthday party and the need to confirm their attendance by replaying back through their email addresses. Opening the attachment by the users would place some type of spyware to get habits and web activities.
3. Eventually I could land with some valuable information that would affect the individual’s privacy and confidentiality. Then I could have gain access to the system.
Next phase of attack:
• Use hping/2 to test the firewall, hping offers an IP spoofing scan while monitoring a target’s response to seduce discovery information such as distinguishing between different firewall policies and active services.
• I would use Nessus Security Scanner with a tool providing a Scripting Language (NASL) to write a security test based on my findings on the weaknesses of my network.
• Another technique is the use of Nmap for scanning the network and single hosts. I would try the stealth ability of Nmap to bypass firewalls scanning all different protocols UDP, TCP, or ICMP. Ultimately the combination a set of tools would give me an idea about how a hacker can coordinate its intrusion to the network.
There is no way to see what is in the mind of a hacker, but with the use of tools SNMP, port-scanning, port mapping, Security probes, and others that can be customized, in reality a full set of security rules in place, proper computer training, strong passwords, and constant surveying, it is possible to prevent attacks. Establishing goals of defense in depth such as layers of security and detection, detecting flaws in each layer of security, and even if suspicion is detected find out where it found its vulnerability and make a careful planning to ensure its eradication by a number of defenses, application, operating system, network infrastructure, implementation of effective software practices.

Similar Documents

Free Essay

Strategies for the Technical Profeesionial

...Strategies short answer May 21, 2015 A network administrator is an individual that is responsible for the maintenance of computer hardware and software systems that make up a computer network including the maintenance and monitoring of active data network or converged infrastructure and related network equipment. Network administrators are generally mid-level support staff within an organization and do not typically get involved directly with users. Network administrators focus on network components within a company's LAN/WAN infrastructure ensuring integrity. Depending on the company and its size, the network administrator may also design and deploy networks. Network Administrators are often involved in proactive work. This type of work will often include: * Network monitoring * Testing the network for weakness * Keeping an eye out for needed updates * Installing and implementing security programs * In many cases, E-mail and Internet filters * Evaluating implementing network management software * Monitoring network traffic and bottleneck Network administrators are responsible for making sure that computer hardware and network infrastructure related to an organization's data network are effectively maintained. In smaller organizations, they are typically involved in the procurement of new hardware, the roll out of new software, maintaining disk images for new computer installs, making sure that licenses are paid for and up...

Words: 343 - Pages: 2

Free Essay

Cryptography Best Practices and Resource Portfolio Part B

...1. Background 3 2. Network, Transport, Application Layers and their Protocols 3 2.1 Network Layer 3 2.2 Transport Layer 3 2.3 Application Layer 4 3. Hardware solutions for TechE Inc 4 4. Data, Reputation & Financial losses 4 5. Security Threats 4 6. Intruders 5 7. Different types of Security Services 5 8. Standards 6 9. Conclusion 6   1. Background Provide the mission statement of TechE Inc and the objective of TechE Inc, plays in the cloud market. TechE Inc is a cloud provider to small medium business markets and its partners to provide cloud solutions with Security in mind. Following the completion of the background of TechE Inc provide a review of the portfolio Part A that was discuss in the first meeting. Provide a high level history of TechE Inc and the role it plays in the IT industry. TechE Inc is a cloud solutions provider and advisor to SMBs focusing on virtualization and cloud solutions. In this topic the focus will be the important role Information Systems Security plays in the organization and as one of the main players on keeping TechE Inc secured, their customers and its partners. 2. Network, Transport, Application Layers and their Protocols 2.1 Network Layer The network layer is part of the OSI model and it functions in layer3. This layer and its protocols are responsible for the functional means of transferring the data in sequence from a source to destination. At the same time maintaining quality assurance to ensure full delivery. 2...

Words: 1420 - Pages: 6

Free Essay

Cis-320-Ol009 Design Activities

...and is composed of Network Integration, Application Architecture and Software, User Interfaces, System Interfaces, Database Integration, Design Details, and Integration of System Controls (Satzinger, Jackson, Burd 2008, pg. 330). One should take into consideration that some of the details utilize in Design Activities are output of the System Analysis Phase (Satzinger, Jackson, Burd 2008, pg. 330). Furthermore each of the activities will generate a blueprint for the final design documents (Satzinger, Jackson, Burd 2008, pg. 330). Design Activities-Written Assignment 4 Introduction Design Activities utilizes a lot of the outputs generate by the Analysis Activities (Satzinger, Jackson, Burd 2008, pg. 330). It is during the Design Activities that a detail system is drawn and this is when a specific technology is recommended (Satzinger, Jackson, Burd 2008, pg. 330). Every activity in this phase becomes part of the final design and part of the design document (Satzinger, Jackson, Burd 2008, pg. 330). The Design activities is composes of seven different tasks that are executed at the same time in the Design Activities phase (Satzinger, Jackson, Burd 2008, pg. 330). As part of this research/essay document we will dive further into these different activities. The goal of this document is thoroughly discuss the different user, system interfaces. We will look at database integration, and the various controls. We will get a further understanding who should be involved for each activity...

Words: 1643 - Pages: 7

Premium Essay

Penetration Testing

...Using penetration testing to enhance your company's security Based on the fundamental principle that prevention is better than cure, penetration testing (pen-testing) is essentially an information assurance activity to determine if information is appropriately secured. Conducted by penetration testers, sometimes referred to as ‘white hats’ or ethical hackers, these tests use the same tools and techniques as the bad guys (‘black hat hackers’), but do so in a controlled manner with the express permission of the target organization. Vulnerability scans versus pen-testing A common area of confusion is the relationship between vulnerability scanning (automated) and pen-testing (expert-driven manual testing). Both involve a proactive and concerted attempt to identify vulnerabilities that could expose the organization to a potential malevolent attack. Vulnerability scanners are great at identifying ‘low-hanging’ vulnerabilities, such as common configuration mistakes or unpatched systems that offer an easy target for attackers. What they are unable to determine is the context or nature of the asset or data at risk. They are also less able than humans to identify unknown-unknowns (things not already on the risk register, or which haven't been theorized by the organization as potential security issues). Good pen-testing teams, however, do this very well. For instance, pen-testers can give countless examples of engagements where an environment was previously scanned only for vulnerabilities...

Words: 1752 - Pages: 8

Free Essay

Network Administrator

...Security Risk Analysis of time in expansion of network IT projects can be many times a daunting task to both the contracted IT Company and the clients. With some short deadlines, there is usually a small window of opportunity to present skills and produce positive results. As a network administrator, the pressure to deliver top notch and a robust system is a priority. U.S. industry Inc is just a young company that has both the quality and skills and knowledge to produce excellent work considering previous contracts that have been undertaken by the company. The US government department aims to expand its network infrastructure to enlarge the capacity and enable it provide quality services. The cost estimation of the contract is approximately three $3 million dollars lasting for a period of six months. A network administrator’s roles include: Ø setting up of the network Ø Designing and planning of the network Ø Expanding the network Ø Network maintenance Designing and planning of the network a network administrator is tasked with identify the US government departments requirement that necessitates the kind of system to set up. The US department may require certain special specification of their particular network depending on its purpose and objectives. It marks the first phase of the contract. Setting up a network The second phase is where the physical is setting up, and configuration of the network begins. Hardware installation and files, data...

Words: 1088 - Pages: 5

Free Essay

Managemnet

...Preparing for Innovation: Understanding How IT Organizational Change Can Help Drive Success with Unified Communications Table of Contents Introduction ................................................................................................................................................................................................................................................. 1 Unification and Change ............................................................................................................................................................................................................................ 2 Microsoft and Unified Communications.............................................................................................................................................................................................. 2 Unified Communications Purchase Drivers and Process................................................................................................................................................................. 3 IT Organization Purchase Drivers ...................................................................................................................................................................................................... 3 Business Organization Purchase Drivers................................................................................................................................................

Words: 6159 - Pages: 25

Premium Essay

Security Manager Roles

...Security Manager Roles A security manager is one of the most important jobs of any organization. Although the position of security manager may differ from business to business, the main component of the job is to oversee the security operations for that business. Security managers develop and enforce security policies to ensure a safe environment for both employees and visitors. With the different organizations, security managers have key responsibilities that are vital to the daily operations of that organization. To identify the different responsibilities that security manager’s have in different organizations, we can define the key roles of a security manager for the Transportation Security Administration (TSA) and a security manager for an Information Technology (IT) company. Each of these individuals’ roles is crucial to protecting the security needs of their particular organization in their respective fields. A security manager for the Transportation Security Administration is the individual in charge of security operations at an airport terminal. They are in charge of supervisors, leads, and transportation security officers. They also oversee the daily operations schedule and training schedule to assure optimal security coverage on the screening checkpoints. The duties and roles of a security manager is to manage screening checkpoints, recognize and recommend corrections to improper use of equipment or screening procedures, manage employee performance, coordinate...

Words: 1013 - Pages: 5

Premium Essay

My Cv

...providing an exceptional standard of IT customer service and support, I take a focused and structured approach, with an analytical and meticulous manner. Moreover, I am a sound decision maker with exceptional organisational and planning skills. I possess the ability to lead and work collaboratively within a team, as well as solely, using my own initiative. Recognised as a tenacious self-starter, with the energy and desire to succeed, I continually embrace new challenges and thrive in highly pressurised and demanding work environments. CAREER OBJECTIVE With over six years expertise in IT management, primarily as both Information Services Manager and Network Manager, within banking and financial sector development, my goal is to utilise my relevant experience to secure a senior IT position, I will perform exceedingly well in a role such as Information Services Manager, where my strong technical attributes, ideas and commitment will allow me progress my career, and contribute to the overall success of the organisation. KEY SKILLS & EXPERTISE Information Technology expertise • Skilled and expert in Technology Management and Infrastructure and Networking including design and implementation of WAN, LAN and comprehensive infrastructures i.e. servers, routers and switches. • Experienced as an Information Service Manager, encompassing strong experience in IT management, IT project management,...

Words: 1730 - Pages: 7

Premium Essay

Final Project Risk Managment

...that an organization can create and implement an effective plan to prevent losses or reduce the impact if the a loss occurs. A good plan includes strategies and techniques for recognizing and confronting the threats, solutions for both preventing and solving the situation and indicates financial opportunities. An effective risk management practice does not terminate risks. However, an effective and operational risk management practice demonstrates that the organization is committed to loss reduction or prevention. The budget for risk management is included in the plan as well. The plan also describes how the risk management information will be maintained and updated, reported to project participants and documented for future reference. Roles and responsibilities are included in the document and shows what people are responsible...

Words: 3711 - Pages: 15

Premium Essay

Cybersecurity

...Cyber Security by American Military University Professor Derrick Thomas June 22, 2014 Cyber security is a difficulty that everyone faces in today’s society. It is defined in a variety of ways by many. One definition is that cyber security focuses on protecting computer networks, systems, data, and programs from unwanted access. Cyber security is sometimes referred to as information security, information network security, cyberspace security, or even computer security. There are many viewpoints by highly educated people on cyber security but the purpose of this paper is to tell my viewpoint on the subject. Every aspect of a persons life has some sort of cyber dimension. People paying for bills online, cloud computing, and even online gaming. This year in 2014, everyone is bombarded with news headlines that say cyber threats are up. Many of these headlines always include some kind of phishing attack trying to steal someones identity, a hacker that breached the network of a company, a new technique that attacks mobile devices like smart phones, or a government trying to monitor and take secrets from another government!!br0ken!! The concern for cyber security is now a real-world concern globally. The concern over cyber security is what is driving the governments worldwide to make it priority one on their list's now. This is so, because technology is growing at a very fast and continuous pace. The technology field itself is very vast and has much variety. Cyber security in...

Words: 4041 - Pages: 17

Premium Essay

Critical Infrastructure Analysis

...About (inter)national critical infrastructures 1.1 Defining critical infrastructures A country’s critical infrastructures are the specific facilities, services and informational systems that are vital to its national security, economy, public health, and for the security and well functioning of the Government itself. The failure or destruction of such critical infrastructures could heavily weaken or threaten the latter. As such, both the management and protection of critical infrastructures go hand in hand. Each country is responsible for identifying the national infrastructures that are critical for its security and stability. However, there are certain infrastructures deemed critical by most states. Which are Romania’s critical...

Words: 2254 - Pages: 10

Free Essay

Netw420 Week 3 Paper

...week’s Assignment, I am going to briefly explain and describe the five network management categories that make up the FCAPS. They all have an important role and figure within the network management team, and they all know what to do and what their job description is based on the problem that happens and occurs within the company. FCAPS is a network management framework created by the International Organization for Standardization (ISO). The five network management categories within the FCAPS are: * Fault Management * Configuration Management * Accounting (Administration) * Performance Management * Security Management They all have an important role within the company that they must do, and they all get paid differently based on what they are doing, some of them it can be a job promotion over time, for some of them it can be a demotion. But it all depends on the company. Most companies like to pay all of their workers the same based on their knowledge and skills, and their work performance, or then their job description. At the fault management level, network problems are found and corrected. Potential future problems are identified and steps are taken to prevent them from occurring or recurring. With fault management, the network stays operational, and downtime is minimized. Define thresholds for potential failure conditions. Properly implemented, fault management can keep a network running at an optimum level, provide a measure of fault tolerance and...

Words: 528 - Pages: 3

Premium Essay

Organization Structure

...| CEO | CTO | CPO | Vice Presidents | CSO                                      CKO | Managers | Analysts | Essay Answer1:- Let’s look at the different roles and responsibility of title listed above before going into discussion for effective reorganization. CEO: The job title, CEO (Chief executive officer), refers to the head of an organization as in the person who presides over or is in charge of an organization. The Chief Executive Officer (CEO) is the highest ranking executive manager in a corporation or organization. The CEO has specific responsibilities depending on the needs of his or her organization. The job description of a CEO varies by organization. Creating, communicating, and implementing the organization’s vision, mission, and overall direction. Leading the development and implementation of the overall organization strategy. http://humanresources.about.com/od/job-titles/f/Chief-Executive-Officer-Ceo-Do.htm CIO: The CIO position emerged in the early 1980s in response to the pervasive use of IT in firms and the emergence of the information economy. The CIO position gradually became more influential as IT increasingly played a central role in business processes and firm strategy. Today’s CIOs are often members of the firm’s C-level executive team and assume many influential roles and responsibilities besides maintaining the IT infrastructure, such as establishing the firm’s information policy and standards, promoting IT as...

Words: 2076 - Pages: 9

Premium Essay

Computer Security

...tailored to an organization security needs and most till need to be updated to reflect ever changing impact of the cyberspace transactions in everyday activities. Like all company document, cyberspace follows good design and various format in order to make the document not be vague and follow government policies on security design. These policies also need to be reviewed regularly to ensure that they conform to the business needs that are ever changing gin the business environment. The following are the major items involved in the cybercrime plan actions. 1. Establish security roles and responsibilities Establishing security roles and responsibility in a company is one step towards combating cybercrime. The policies should clearly define the separation of roles with responsibility depending on the system in place. This means that a system will be designed on role based control which might not be well utilized when the procedures and policies are not well defined. The extend of employees can go with a system should show how much they can access in the system and the policies should be maintained at minimum. This means that: The security procedure clearly identifies data ownership in the company and employee roles are well defined. The employees should not inherit privileges from other users. This means that necessary roles and the privileges are accorded to the required persons. The types of employees who should be allowed to assume various role are defined and the time in...

Words: 2072 - Pages: 9

Premium Essay

Dlis Information Security Risk Assessment

...| DLIS Compliance Risk Management Plan | | | Battle Creek, MIRich FranklinMauricio MosqueraHerby ThomasLouis Zayas * 13-Jan-14 | | * Table of Contents COVER 1 TABLE OF CONTENTS 2 DOCUMENT CHANGE LOG 3 Project Risk Management Plan Purpose AND SCOPE 4 Key Roles and Responsibilities 4 Risk Management Process and Activities 5 Risk Management Plan Audit Log 5 Risk Assessment and Management Table 6 COMPLIANCE LAWS AND REGULATIONS 8 PROPOSED SCHEDULE 9 Risk Management Plan Approvals 10 * Department: Information Technology Product or Process: Risk Management Document Owner: Battle Creek, MI IT Version | Date | Author | Change Description | 0.1 | 1/6/14 | RFranklin | Initial Draft | 0.2 | 01/12/14 | RFranklin | Revision 1 | 0.3 | 1/13/14 | RFranklin | Revision 2 | * Project Risk Management Plan Purpose and Scope The purpose of this Risk Management Plan is to identify the strategies, methods, and procedures to be used within the Michigan Air National Guard, Battle Creek, Michigan supply chain in identifying, evaluating, and mitigating the risk involved in daily and long term operations. All Department of Defense and federal agencies must at least comply with the minimum standards set forth in Law, DOD directives, branch of service regulations, and local base regulations. This plan provides local guidelines for applying the FISMA standards using the...

Words: 1209 - Pages: 5