Computer Security and Educational Services

Table of Content
  • You will learn to recognize security events and baseline anomalies that might indicate suspicious activity.
  • You will learn to identify policy violations and security breaches and to appropriately monitor threats and control activity across the network.

Assignment Requirements

Refer to the handout Testing and Monitoring Security Controls. It contains information on security events or breaches and baseline anomalies. After studying the handout, answer the following questions:

  • Identify at least two types of security events and baseline anomalies that might indicate suspicious activity.
  • Given a list of policy violations and security breaches, select three breaches, and consider the best options for controlling and monitoring each incident.
  • Identify the methods to mitigate risk and minimize exposure to threats or vulnerabilities.

Self-Assessment Checklist

  • I have identified at least two security events and baseline anomalies.
  • I have indicated the best options for controlling and monitoring three of the policy violations and security breaches from the list.
  • I have identified the methods to mitigate risk and minimize exposure to threats or vulnerabilities.

Security Controls

Network endpoints and network devices have different security considerations and implications. A user workstation implies certain security issues that remain in the user domain while network implications remain part of the LAN or LAN-to-WAN domain. However, during investigating an intrusion, you may have to source data from logs kept in routing devices and end-user systems. Suppose an attacker intrudes upon one of your servers. How do you reconstruct the events of a crime? Log files are the first place to check for administrative issues and security activity. Log files help you put together a timeline of events surrounding everything from a performance problem to a security incident. You can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Testing ensures that your control and monitoring facilities work as intended and maintain proper operation. Monitoring ensures that you capture evidence when your testing procedures fail to examine all possibilities or legitimate behavior permits unauthorized activity. Identify at least two types of security events and baseline anomalies that might indicate suspicious activity.

This essay could be plagiarized. Get your custom essay
“Dirty Pretty Things” Acts of Desperation: The State of Being Desperate
128 writers

ready to help you now

Get original paper

Without paying upfront

Always consider that even legitimate traffic can be used in illegitimate ways, and sometimes, legitimate traffic can appear illegitimate. Protected services can be attacked from the inside or accessed externally through loopholes in firewall rules. Vulnerabilities may remain unidentified by intrusion detection system (IDS) or intrusion prevention system (IPS) signatures and evade detection. Monitoring helps you capture pieces of the puzzle that creates a timeline of events. Think on the following lines to answer this assignment:

  • How do you obtain a baseline of system or network behavior?
  • What is an anomaly in relation to baseline behavior?
  • Why might certain anomalies be worth investigating?
  • How can traffic have patterns that signify known attacks?
  • What do log files help you learn that filtering systems overlook?
  • Why can legitimate traffic sometimes seem suspicious?

Policy violations and security breaches take many forms, and not all of them are obvious. You might have a policy that specifies a certain minimum password length but fails to enforce proper complexity allowing passwords to be easily guessed.

Given the following list of end-user policy violations and security breaches, select three breaches and identify strategies to control and monitor each event to mitigate risk and minimize exposure:

  • A user made unauthorized use of network resources by attacking network entities.
  • Open network drive shares allow storage privileges to outside users.
  • Sensitive laptop data is unencrypted and susceptible to physical theft.
  • Remote users do not have recent patches or current updates
  • Legitimate traffic bearing a malicious payload exploits network services.
  • An invalid protocol header disrupts a critical network service.
  • Removable storage drives introduce malware filtered only when crossing the network.
  • Predictable passwords meet minimum length requirements but remain easily guessable.
  • Bad router permissions allow attackers to modify configurations or disrupt traffic.

Introduction to Information Security

Learning Objectives and Outcomes

You will learn to successfully identify inappropriate activity on a network and to develop a basic AUP that describes the handling of such incidents.

Assignment Requirements

Richman Investments requires the enforcement of strict ingress-egress filtering policies for network traffic.

Certain traffic is expressly forbidden:

  • No peer-to-peer file-sharing or externally reachable file transfer protocol (FTP) servers
  • No downloading executables from known software sites
  • No unauthorized redistribution of licensed or copyrighted material
  • No exporting internal software or technical material in violation of export control laws
  • No introduction of malicious programs into networks or onto systems
  • No accessing unauthorized internal resources or information from external sources
  • No port scanning or data interception on the network
  • No denying service or circumventing authentication to legitimate users
  • No using programs, scripts, or commands to interfere with other network users
  • No sending unsolicited e-mail messages or junk mail to company recipients
  • No accessing adult content from company resources
  • No remote connections from systems failing to meet minimum security requirements

Define a LAN-to-WAN, Internet, and Web surfing AUP that restricts usage of the company’s Internet connection and permits the company to monitor the usage of the corporate Internet connection. Carefully evaluate the implications of each policy and how implementations might impact the IT infrastructure, both positively and negatively. Weigh the benefits and the disadvantages of each method. Consider whether or not a proposed solution causes an interruption to the legitimate users and how it might bring security at the expense of preventing a legitimate activity.

Required Resources

Self-Assessment Checklist

  • I have defined an effective LAN-to-WAN, Internet, and Web surfing AUP.
  • I have evaluated the implications of each policy.
  • I have carefully considered the benefits and disadvantages of each policy enforcement control.
  • I have proposed strong ideas for acceptable and unacceptable resource usage.

Cite this page

Computer Security and Educational Services. (2016, Aug 18). Retrieved from

https://graduateway.com/computer-security-and-educational-services/

Remember! This essay was written by a student

You can get a custom paper by one of our expert writers

Order custom paper Without paying upfront