100%(7)7 out of 7 people found this document helpful
This preview shows page 3 - 5 out of 7 pages.
Security measures to protect your network are not all network based, some are physical restrictions. If a user has physical access to the server room, building switches, or routers than the network is vulnerable. Physical access can allow a malicious attacker to connect a device or drive to push code or could even cause physical damage. If a core switch is damaged that can set a business back a significant amount of money. Limiting access to the infrastructure physical backbone is a must.“A passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can be used in other types of attacks” [ CITATION NA14 \l 1033 ]. If network traffic is unencrypted and is captured it allows for data, passwords, account information,and communications. Passive attacks don’t change any of the data they capture or overhear (eavesdropping) but it can be used against the company or for the benefit of the attacker.Security Controls for Malicious AttacksTo counter the possible attacks mentioned above security plans and policies need to be implemented and explained to all who access the network or building. With having an infected PC flood the network a way to stop that is to have a USB drive restriction, this can be achieved by disabling USB ports in the BIOS of machines except those that are secure. Also anti-virus solutions that are up to date on virus definitions can stop an infected client from spreading anything. Controlling physical access to critical infrastructure points can be handled with key locks,biometric locks, or RFID locks. By restricting access to these pieces of the network the likelihood that damage is done or outside devices are plugged in is limited to those given the
IDENTIFYING POTENTIALS RISKS4access. Biometric and RFID locks also allow for logging which could pinpoint who caused any damage done. These physical security measures can be a cost up front but in the long run the return on investment is much greater. Allowing unencrypted traffic to leave the building is major issue, especially if it is criticalbusiness information. An ASA, firewall, or router depending on network size can properly encrypt and manage the traffic. Within the network traffic can be handled securely with VLANs and access control lists for network resources. Stopping the in person eavesdropping is done withproper training and guidelines. In the training security would be discussed by explaining when