issc341 discussion response 4
Hello,
I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
Questions:
As you learned in this lesson, there are many threats in networking. How would you proactively plan against these threats?
Student one:
Hello Class,
In today’s digital age, information ranging from public to private, can easily be accessible with a click of a mouse or a slip of the tongue. These possibilities are the reasons why it is imperative that a business is proactive in ensuring the security of their networks. The most common threats that we’re most aware of are malicious threats. Daily there are thousands of new viruses, Trojan attacks, worms and spyware being created to access a wide range of networks across the globe. These threats can cost not only companies dearly but individuals themselves. The appropriate way to combat these threats is to install antivirus software into the system and ensuring that the software is updated regularly. Just this measure can mitigate these threats substantially (Lammle, 2012). An additional measure that should be considered when purchasing antivirus software is to ensure that they can scan e-mails and all the files downloaded from the internet. This one measure, although which can be considered a nuisance for employees, can eliminate an avenue from which hackers can infiltrate a businesses’ network.
Another measure that should also be placed is the utilization of a firewall. Firewalls are basically barriers established by network administrators to monitor the flow of traffic (Tyson, 2000). By monitoring incoming and outgoing network traffic, they can flag suspicious packets and remove them prior to its entry into the network. Firewalls can prevent attacks such as application backdoors and Denial of Service (DoS), which anti-virus software is not really equipped for. Although anti-virus software and firewalls are good tools for network administrators, they only stop the attack. System and network administrators would never know what types and how many attacks were attempted without using some other programs. This is where intrusion detection systems (ID) come into play. One final measure
IDS monitors network traffic for suspicious activity and alerts the system or network administrator. IDS can also take action on anomalous or malicious traffic by blocking the user or source IP address from accessing the network (Bradley, 22019). An IDS can act as a secondary measure if suspicious or malicious traffic were to have bypassed the firewall. Or it can also detect traffic that may be emanating from inside the network. An IDS as well as anti-virus software and firewalls once finely tuned can be great tools for system and network administrators in combating network threats.
Nil
Works Cited
Bradley, T. (22019, June 1). Introduction to Intrusion Detection Systems (IDS). Retrieved from Lifewire.com: https://www.lifewire.com/introduction-to-intrusion…
Lammle, T. (2012). CompTIA Network+ Study Guide, Second Edition (Exam N10-005). Indianapolis, IN: Wiley & Sons, Inc.
Tyson, J. (2000, October 24). How Firewalls Work. Retrieved from HowStuffWorks.com: https://computer.howstuffworks.com/firewall.htm
Student two:
Good afternoon everyone!
First you need to know what is out there – the threat actors. Once you know the threats, you can take measures to negate their effectiveness, but you must have a means of performing risk management. My personal choice for risk management and establishing a framework is the National Institute of Standards and Technology (NIST), Special Publication (SP) 800-30r1 and 800-39. NIST SP 800-39 provides structured guidance on assessing, responding to, and monitoring information security risk to organizational operations (NIST SP 800.39). Whereas NIST SP 800.30r1 amplifies guidance found in 800.39 and provides additional guidance on performing each of the risk assessment process steps, which include preparing the assessment, its conduct, communicating results, and maintaining the assessment (NIST SP 800.30r1).
Our text provides three ways to detect intruders, which are active and passive detection and proactive defense. Active detection involves looking for known attack methods and scans to detect unusual traffic. Passive detection evaluates log events taken from the network. A proactive defense looks for holes and plugs them as quick as possible. I feel it is safe to say no one way is the best way and when possible, a risk mitigation program should include elements of all three means for detecting nefarious actors. So from a proactive approach, I would use my reference architecture and see what and where connections are made then evaluate the environment (Lammie, 2012).
When evaluating the environment and the threats both adversarial and non-adversarial threats are evaluated by examining either capability, intent, and targeting, or range of effects, respectively. Next in the process is determining the likelihood of impact and the impact itself, which is then followed by the risk determination. I reduced the process found in NIST SP800.30r1 a great deal, so you need to understand at the end of the process you are able to determine the overall risk. I like the NIST 800.30r1 method of evaluating risk because it offers both quantitative and qualitative methods for evaluating risk as well as providing a repeatable method for performing risk assessments. The repeatable nature of the risk management process ensures a consistent evaluation of threats occurs even when new data is discovered and applied to the risk process.
The ability to review and incorporate new data against known threats also enables analysts to discover threat shift, which is when a threat actor employs a new tool or different attack method designed to negate the current security measure. Discovering threat shift is vital to any risk management program because it verifies the existence of a threat actor and confirms the methodology used in the threat event. Therefore, my proactive approach would include the use of risk management methodologies found in the NIST SP 800.30r1 and 800.39.
What an awesome week so far! Analysis is one thing I really enjoy and I have had a great deal of success instituting and building on the scales and tables found in NIST SP 800.30r1. Take care everyone and I hope your week is eventful!
JC
References:
Gallagher, P. (September 2012) Information Security: Guide for Conducting Risk Assessments. Retrieved from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistsp…
Gallagher, P. (March 2011). Information Security: Managing Information Security Risk – Organization, Mission, and Information System View. Retrieved from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistsp…
Lammie, T. (2012). CompTIA Network+ Study Guide, Second Edition. Retrieved from https://apus.intelluslearning.com/lti/#/lesson/156…