07Sp_SECB408_01&51_P4 - Chapter3...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
    Chapter 3 Current Security Solutions
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Security Risk Management
Background image of page 2
    Building a Defense  When building a defense, you should use a layered  approach that includes securing the network  infrastructure, the communications protocols, servers,  applications that run on the server, and the file  system When you configure a strong, layered defense, an  intruder has to break through several layers to reach  his or her objective.  For instance, to compromise a file on a server that is part of  your internal network, a hacker would have to breach your  network security, break the server's security, break an  application's security, and break the local file system's  security. The hacker has a better chance of breaking one  defense than of breaking four layers of defense.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Layered Defense
Background image of page 4
    Securing the Network  Infrastructure Securing the network is the first step to  creating a strong defense.  When securing a network, minimize the  number of access points to the network.  For instance, if Internet access is required,  configure a single access point and put a  firewall in place.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Securing Systems  System hardening. Includes removing unused services, ensuring that the latest security patches and service packs are installed, and limiting the number of people with administrative permissions. Hardening the system minimizes the risk of a security breach to the system. Application hardening . Includes applying the latest security patches and enforcing user-level security if available. Applications on a system can be client applications, such as a Web browser, or server applications, such as a Web server application. Hardening the applications on a system minimizes the chance of a security breach using an application. Enable local file security . Enabling local-level file security could include applying access control lists (ACLs) or an Encrypting File System (EFS); each would help ensure that only authorized people have access to the sensitive data stored in files on the hard disk.
Background image of page 6
    Network Device and  Operating System Hardening  Operating System Check The Web for The latest! Network Device Updates  The processing logic of network devices  such as routers, switches, and firewalls is  typically maintained through  firmware  updates , programs that update the current  processing logic (or operating system) of  the device
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Verifying Updates  Yes, But How! Maintaining an Archive of Updates No matter how you receive updates for your applications, network devices, and operating systems, you should consider building an archive of update files. Maintain all of the updates that you must apply for each type of software and
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/26/2010 for the course SECB 408 taught by Professor Wassimelhaj during the Spring '07 term at United Arab Emirates University.

Page1 / 37

07Sp_SECB408_01&51_P4 - Chapter3...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online