User Account

All Pages

Discuss the difference and complexities involved

Assignment Help Computer Engineering
Reference no: EM133459919

Topic:

Discuss the systems/methods/software/services required to detect a breach or an intrusion. Discuss elements necessary within the security architecture to isolate corporate assets should an intrusion occur (e.g., ransomware).

Classmate' Post:

Decades ago, cybersecurity was all about perimeter defenses where organizations focused on preventing threat actors from breaching the internal network. This sort of way of thinking is no longer applicable in today's cybersecurity landscape. In many ways, organizations need to operate as if their perimeter has already been breached. Therefore it is no longer about stopping threat actors from accessing the internal network, but about limiting what damage they are able to cause. This is where defense-in-depth strategy is crucial and in many ways, Zero Trust Architecture (ZTA) is the evolution of defense in depth. It is not about one or two controls that are in place to prevent threat actors. It is about overlapping controls in a way that if some fail there are redundancies that will prevent catastrophic damage to an organization.

One element of defense in depth and ZTA is effective network segmentation. This involves using physical or virtual segmentation of Local Area Networks (LANs) into smaller groupings of hosts and services based on logical needs. This may be separating IoT devices onto their own network segment or isolating Human Resources from Sales and so on. If a threat actor gains access to a network segment containing Human Resources services and hosts, they are not able to simply move to Sales or Business Development or another part of the organization's network with ease. For example, if a ransomware gang infiltrated Sales and was able to successfully launch a ransomware attack in that area, even if the ransomware infects all the hosts in Sales because of network segmentation, it is not able to simply move to HR or any other parts of the organization. The damage is contained to only the hosts connected to the affected network segment.

In fact, the lack of network segmentation was one of the reasons the late Conti ransomware gang was able to easily move around the government network of Costa Rica last year, spreading their ransomware across many different agencies and bringing a majority of government services to a standstill (Ilascu, 2022). By using network segmentation, Costa Rica could have contained the infection to one agency versus multiple ones.

Reply to a classmate:?

Question II:

Topic:

Discuss the systems/methods/software/services required to detect a breach or an intrusion. Discuss elements necessary within the security architecture to isolate corporate assets should an intrusion occur (e.g., ransomware).

Classmate' post:

When it comes to intrusion detection implementation the software, hardware, or services will be dictated by the organization. Like anything else, everything comes at a cost and this cost must be an item that the organization can endure. I will base my experience on my current setup at Citizens Mutual, where we have tested numerous IDS appliances or applications. However, at the end of the day, it always comes back to a cybersecurity budget.

Here is a different selection of systems that Citizens Mutual has tested:

Dark Trace: Hardware appliance that is linked to physical infrastructure. The AI-driven appliance works on the learned behavior of the user and reports abnormalities in different scenarios. The overall price for this appliance plus service was over 70K every 4 years. (Oostenbroek, 2023)

Microsoft Sentinel: Software-driven solution that links within Microsoft platforms. Our investment in this product was minimal as Microsoft demanded specific changes in our organization that were tallied into 6 figures.

FortiGate: The choice of this solution was an easy decision for us. With the implementation of a FortiGate appliance. Citizens Mutual was able to update a licensing signature and Fortinet turned on additional services for our firewall that included an IDS built-in solution. Therefore, it was like having two devices in one.

When it comes to the necessary elements to have in a security platform, I believe that user access is the best place to start. Understanding what an employee can do with their given rights will be essential to a secure environment. In addition, it is vital to create a network that works with the segmentation of various networks. Breaking the inability to move laterally and access all assets on a flat network is a nightmare waiting to happen.

Reply to a classmate:?

Question III:

Topic:

Discuss the systems/methods/software/services required to detect a breach or an intrusion. Discuss elements necessary within the security architecture to isolate corporate assets should an intrusion occur (e.g., ransomware).

Classmate' Post:

There are a number of approaches that can be used to detect a breach or intrusion, although many experts have suggested the use of a combination of methods rather than relying on any single mechanism. An Intrusion Detection System (IDS) is a hardware/software combination that detects intrusions into a system or network providing a thorough inspection of both the packets' header and its contents, and complementing the firewall to protect against attacks that may have escaped through the firewall as seemingly harmless network traffic(Rao & Nayak, 2014).

There are Host-Based IDS (HIDS) that detects intrusion on a single system. It is normally a software-based deployment where an agent is installed on the local host monitoring and reporting activity. A Network-Based IDS (NIDS) sniffs the network traffic continuously to monitor and detect any suspicious activity. It generates an alert as soon as it discovers an attack as it protects the network and its resources from the network perspective. Another type of Intrusion Detection method is the behavior-based IDS that looks at actions, attempting to identify attacks by monitoring system or network activity and flagging any activity that doesn't seem to fit in(Loshin, 2001). An intrusion detection tool called "honeypot" could also be deployed which is a separate system that offers an attractive nuisance to attackers luring them and giving them a belief of success, though false.

Necessary elements within the security architecture to isolate corporate assets include Firewall, deployed inside the network to create internal zones that partition functional areas from another. This ensures that other zones are kept secure while the breached zone is receiving attention. Routers or layer 3 switches could be used to divide a large network into smaller ones while traffic flow is restricted using access control measures. Virtual Area Networks (VLAN) segmentation is another method as it creates smaller network segments for connecting hosts virtually (Turner, 2023). Lastly, Sofware-Defined Networking (SDN) Segmentation helps to prevent cyber criminals from moving laterally through a network as it isolates traffic within the network with the help of SD network segments relying on predefined rules.

Reply to a classmate:?

Question IV:

Topic:

Discuss the difference and complexities involved in detecting and responding to internal data breaches as opposed to external data breaches and incidents.

Classmate' post:

There are many differences and complexities when responding to internal data breaches vs. external data breaches.

One of the differences is it is more difficult to identify internal data breaches because they may occur with hired staff that have been granted authorization to access the data in question. This makes it more difficult to identify fraudulent behavior vs. intended business processing. One method of identifying the difference is behavior-based monitoring. For example, if Sue in accounting accesses the timekeeping server twice a month to process payroll and has had this similar behavior for the past 2 years, behavior-based software monitoring platforms may trigger an alert when Sue in accounting accesses the server every day for 2 weeks, unexpectedly. The behavior change may still be completely reasonable if Sue is conducting a special audit, but this alert allows cybersecurity staff the opportunity to investigate and validate the reason for the change in behavior.

An added complexity when responding to internal data breaches vs. external data breaches includes the risk of shutting down productivity within the business. When blocking internal traffic from hired staff, the cybersecurity team risks the loss of productivity within the organization due to stopping legitimate business processes. This action may result in loss of revenue, missed timelines, and impact on customers.

Cybersecurity analysts always need to lean on the side of caution to protect the organization's data but must also understand the consequences that come from shutting down internal processes if they are indeed legitimate.

Reference no: EM133459919

Questions Cloud

What is a good strategy for penetration testing using : What is a good strategy for penetration testing using Metasploit to improve data center security? Please add your sources.
Describe the tool and the intended uses : Pick 1 tool that is used for an investigation and 1 tool that is used by hackers, and discuss the information about the tools. Describe the tool
Describe a network-based intrusion detection system : identify and describe a network-based intrusion detection system. The IDS you choose may be a commercial product, open-source, freeware, or other.
What are the external drivers that influence enterprise : What are the external drivers that influence enterprise architecture? Provide a description of each one and discuss how they relate to one another.
Discuss the difference and complexities involved : Discuss the systems/methods/software/services required to detect a breach or an intrusion. Discuss elements necessary within the security architecture
Community relation as form of social responsibility : How your small business can use community relation as a form of Social Responsibility:
Do you think that eliminating sports teams or clubs : Do you think that eliminating sports teams or clubs is a good way for school districts to help reduce spending? Why or why not?
Research the enron fraud case as well as sox requirements : Research the Enron fraud case as well as SOX requirements Identify the key elements of fraud committed by Enron that led to the Sarbanes-Oxley (SOX) compliance
Consider the advantages and disadvantages of any upgrade : analysis should consider the advantages and disadvantages of any upgrade you suggest; one-time cost and any recurring costs that may be required

Reviews

Write a Review

Computer Engineering Questions & Answers

  The result set should have one row for each vendor

The result set should have one row for each vendor whose contact has the same first name as another vendor's contact. Sort the final result set by Name.

  Calculate the average of the first ten terms sequence

Write a piece of code that calculates the average of the first 10 terms sequence using a for loop, and then prints the resulting average.

  What does the scope look like for a research thesis

What does the scope look like for a research thesis topic: Analysis of business intelligence in adopting digital business model transformation in video encoder

  Did the student complete a bia plan based on inputs

Did the student complete a BIA plan based on inputs from the instructor regarding feedback on submitted work? Did the student include the primary objectives.

  Write a script that prompts for a string

Write a script that prompts for a string and then checks whether it has at least 10 characters using (i) case, (ii) expr.

  Write a class and a java program to use the class

A constructor that receives 2 double parameters; the constructor will use these parameters to initialize the incomeYTD and the hourlyRate respectively.

  How can you reply to this thesis in not less than hundred

How can you reply to this thesis in not less than hundred words: My thesis from last week was "CDC is well known for their information not only on ADHD

  Define a class called month that is an abstract data type

Define a class called Month that is an abstract data type for a month. Your class will have one member variable of type int to represent a month.

  Careful planning and project monitoring

In spite of all of the careful planning and project monitoring, you may find yourself in a situation where there is still a significant amount of work to complete in the final days or weeks.

  Determine number of clock cycles processor takes to execute

Determine the number of clock cycles it takes to execute the above sequences of instructions, counting from the last clock cycle of instruction 1.

  Describe the topic of data analytics and visualization

Project assignment is to have you do more research on the topic of Data Analytics and Visualization. In this project you will need to do some research.

  Different access methods like ofdma sdma tdma cdma and fdma

different access methods such as ofdma sdma tdma cdma and fdma rely on cross-layer optimization to different degrees.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd