Technical controls are essential to a well-planned information
security program, particularly to enforce policy for the many IT
functions that are not under direct human control. Networks and computer
systems make millions of decisions every second, and they operate in
ways and at speeds that people cannot control in real time. Technical
control solutions can improve an organization’s ability to balance the
often-conflicting objectives of making information readily and widely
available of preserving the information’s confidentiality and integrity.
These technical controls must fit with the physical design of the
systems and networks.
Access control is now more than access to a physical location.
Discretionary access controls (DACs) provide the ability to share
resources in a peer-to-peer configuration that allows users to control
and provide access to information. Nondiscretionary access controls
(NDACs) are managed by a central authority in the organization where a
form of this is called lattice-based access control (LBAC) in which
users are assigned a matrix of authorizations for areas of access. NIST
has a new approach to lattice-based access controls called
Attribute-Based Access Controls (ABACs).
In networks, firewalls fall into several major categories of
processing modes: packet-filtering firewalls, application layer proxy
firewalls, media access control layer firewalls, and hybrids.
Packet-filtering firewalls scan network data packets for compliances
with the rules of the firewall’s database and this is done at the
network layer of the OSI model. The application firewall is known as
proxy server because it can be configured to run special software that
acts as a proxy for a service request such as a web server with a proxy
server. Media access control layer firewalls make filtering decisions
based on the specific host computer’s identity. Hybrid firewalls can
perform a variety of tasks such as unified threat management and NexGen
firewalls that can do a variety of functions.
Case Assignment
Interview a network administrator at your workplace to learn about
the type of security controls in place on that network. What types of
firewalls are used and for what purposes? Are intrusion detection and/or
intrusion prevention systems present? Who monitors them? What different
methods are used to protect the networks that operate the
organization’s record keeping systems? Does the security level vary on
different network segments? Prepare a 5- to 7-page paper addressing the
results of this interview.
seconds assignment ( 3 pages long)
As a network specialist for a network consulting company, you are
requested to perform an evaluation of a data network at Fast Trucking
Company, which just moved into an old office building. Fast’s network
engineer has not been able to get the network to function on the network
cable that was in the building when they moved in. Part of that old
cabling using thinnet coaxial thinnet while the rest was Cat-3. Some of
the user workstations connected via Cat-3 cabling are working, while
none of the workstations connected to the coaxial cable are working
because the user workstations do not have the right connectors.
Some specifics:
Employees with workstations: 70
Servers: 6 servers located in a server room
Building size 2 floors
Construction is wood frame and masonry exterior
Your job is to create a list of recommendations to Fast
Trucking: What steps should it take to get its data network working as
soon as possible?
Sample Solution