Latoya Stoudmire
Forum Replies Created
-
Posts
-
Companies face and multitude of risk and vulnerabilities while maintaining the safety of their network. This may come in the form of physically protecting a data center, to restricted areas or simply restricting access without proper credential to buildings. Vulnerabilities may also come in the form of software issues where users are primarily, the biggest risk. When overall looking at system vulnerabilities lot of times human error is the number one cause. A lot of times this is prevented by mitigating policies that help protect against these type of risk. Some of the policies to protect a companies network are encryptions or cyber security like firewalls and anti-firmware. It is also very important for a company to have the most current version of an application that it is using for its system. When a company uses outdated programs the company is more susceptible to invasion. Despite many companies using a legacy system, it is still best to use a more up-to-date version. Other types of policies that are put into place are business continuity plan. This type of plan will prepare a company to operate while experiencingy system issues. I believe this policy is one of the most important only second to access control.
Hello Jacob,
I briefly read about hashing and was a little confused on the process. I think in your explanation you did a great job of simplifying the method of hashing. Asides from the key another difference in symmetric and asymmetric is asymmetric provides two types of permutations where as symmetric only provides 1.
I think you did a great job summarizing what access controls do. Access controls play such a huge role in our day to day living it is often times overlooked. While completing this assignments and actually taking into account my devices, I never realized how many IOT devices in addition to mobile devices I must protect. Its essential for us all to use access controls daily.
Cryptography Methodologies are essential to every company using Internet accessible devices. There are several different types of methodologies used in cryptography. Each type of encryption should be used for specific scenarios. Some of the most common types of encryptions are asymmetric encryption, symmetric encryption, Data encryption standard and advanced encryption standard. These encryptions alongside algorithm’s facilitate the protection of our data. When trying to encrypt large bulks of data or protecting payment information in the form of credit cards, companies typically use symmetrical encryptions. Symmetric encryption allows the system to move faster than asymmetric when trying to process information at higher speeds. Symmetric encryption allows safety of the data using a one key encryption. Symmetric encryption requires the same key used to encrypt the message also be used to decrypt the message. The message is sent using permutations. Using the same key for encrypting and decrypting can cause potential security risk as explained in article from Key Factor “people (or technology) who want to correspond via symmetric encryption must share the key to do so, and if the channel used to share the key gets compromised, so does the entire system for sharing secure messages since anyone with the key can encrypt or decrypt those communications.” When to use symmetric encryption vs. asymmetric encryption (2023) When security is a top priority and time constraints are not as huge of an issue asymmetric encryption is used. Asymmetric encryption provides more security than symmetric. With asymmetric encryption two distinct types of permutations are used whereas with symmetrical encryption only one type of permutation is used. Asymmetric encryption is used for things like digital signatures, block chains, and public key infrastructures.
Access controls play an imperative role in any company whether, that be physical or logical. Physical access controls, protect from intrusion. Types of physical access controls are Gates that secure building perimeters doors that may restrict access to restricted areas. Logical access controls focus on Passcodes that are used to access campuses or workplaces. For example companies may require employees to scan their ID to gain access to a building. In some scenarios where security may be Sensitive some companies incorporate biometric systems. These type of systems typically require two step authentications which leaves less opportunity for vulnerabilities. we see more two-step authentication used in logical access controls. This includes Iris scans, fingerprinting, and other individual identifying devices. Using these forms of access control protects a company from someone walking into a building and gaining access to confidential information. Two-step authentication policies, safeguard data by not only encrypting, but initiating events and alarms in some instances access controls are used more often than we think. In our personal lives we use access controls in the form of our cell phones, Ring cameras and Wi-Fi just to name a few. Without access controls all our personal data would be at risk for intrusion.
this passage speaks to us about the dependence we need to have on God. There’s a saying that goes when we make plans God laughs only our father and heaven knows what is best for us. He knows our heart and with that being said a person wanting to be righteous can’t do that without God and anytime you try to do that without God typically you fail. you will not bear fruit. God does not bless anything that he’s not part of and we can not lean on our own righteousness because as humans we will always fall short. The Bible tells us that in times when we are weak, God is strong for us. God wants us to lean on him for anything and everything. I feel as though anytime I’ve tried to tackle a battle alone. I’ve come out more stressed and alone. Yet With God, I feel as though I can conquer anything, and that is the righteousness that he wants us to lean on.
Hello Amy,
I agree with you I do think that firewall and encryption are imperative to a companies network security. firewalls are very commonly used even in our personal lives and computers as well as work so I can understand why you would say that do you think that surveillance is an overlook security system that is commonly used I noticed as I was looking at other students I noticed no one said surveillance. Is that something that you think is important to network security?
There are multiple types of control systems that are used to protect a companies network. Some of the more popular ones are firewalls, access control, log monitoring, intrusion detection system, surveillance, and access controls just to name a few. One of the most popular systems for protecting a company‘s network is surveillance. Often times this system is overlooked because it is so commonly used, but surveillance is one of the best ways to , monitor a companies physical network hardware it also allows a company to visually monitor any type of servers and suspicious activity. I also feel as though intrusion detection systems, also known as IDS are dire to a companies protection against vulnerabilities. IDS allows a company to monitor any type of suspicious activity and create events when there is suspicious activity, so it can be corrected. In my opinion IDS may be one of the most important forms of network control. I do believe firewalls and encryption are also imperative to accompanies security. Encryption allows us to send and receive sensitive data without the worry of that data being shared with a third-party.
Happy holidays to you as well Professor Anthony. Hope you enjoyed time with your friends and family.
Hello Brandon, I thought you did a great job going into detail about the hardware and software options of storage as we progress into a more AI oriented culture Do you think there will continue to be a need for attached storage in the future or do you think it will one day everything will be virtual?
In this day and age, there are a plethora of options for storing data. Some of the most popular are cloud storage, external hard drives and network attached storage. Each type of storage offers, different benefits. I believe the most popular in current time is cloud Storage. Cloud storage allows you to store your data on remote servers with a third-party company, This can in-turn give a company the freedom to not worry about hardware and the issues that come with maintaining it. There are different types of cloud storage one type is personal cloud storage. This is the type of storage we see on personal accounts for example Google drive, iCloud,and drop box another type of cloud storage is enterprise. This particular form of cloud storage is used on a grand scale, typically for larger companies. It has availability allowing the company to scale its data, it also offers a multitude of disaster recovery options. Seeing how this type of cloud is used for companies, it is customizable. Hybrid cloud storage is an option consisting of a combination of virtual storage as well as physical. This can be useful for companies who are able to keep some data servers in-house while also using a virtual cloud to maintain data that may not be considered as sensitive.
Hello Jacob,
I think it’s really amazing that you have the knowledge to be able to add more storage to your own personal devices like a PS five. I have seen people perform different things like that online but wasn’t personally aware of how complex or simplistic it was have you ever tried doing that on any other devices like your computer or have you ever built a computer from ground up?
Hello Jacob, I thought that our OWASP were very similar. I almost actually picked yours. I think authentication and logins are vital to a corporation safety. I also view the OWASP website which gave a lot of vital information. Did you look at any of the new technology that may be available to secure login credentials?
In this day and age, there are a plethora of options for storing data. Some of the most popular are cloud storage, external hard drives and network attached storage. Each type of storage offers, different benefits. I believe the most popular in current time is cloud Storage. Cloud storage allows you to store your data on remote servers with a third-party company, This can in-turn give a company the freedom to not worry about hardware and the issues that come with maintaining it. There are different types of cloud storage one type is personal cloud storage. This is the type of storage we see on personal accounts for example Google drive, iCloud,and drop box another type of cloud storage is enterprise. This particular form of cloud storage is used on a grand scale, typically for larger companies. It has availability allowing the company to scale its data, it also offers a multitude of disaster recovery options. Seeing how this type of cloud is used for companies, it is customizable. Hybrid cloud storage is an option consisting of a combination of virtual storage as well as physical. This can be useful for companies who are able to keep some data servers in-house while also using a virtual cloud to maintain data that may not be considered as sensitive.
One of the top 10 OWASP security principles is identification and authentication failures. Identification and authentication failures are number seven on the OWASP list. Identification and authentication are imperative to an organization’s security. If a corporation does not have a secure authentication process. It leaves their company data susceptible to attack from hackers. Some of the vulnerable areas that have been noticed in identification and authentication are missing multifactor authentication, and the reuse of user IDs and passwords. There are many ways to prevent authentication or identification vulnerabilities. listed by owasp.org, are multiple ways prevent identification or authentication hacking. One of the ways is to align password, length, complexity, and rotation policies with national institutes of standards and technology. (NIST), by doing this it makes the password harder to identify and periodically reminds you to update password. Another is do not ship or deploy with any default credentials, particularly for admin users. It’s never good to use default credentials and this is because they typically have easy to guess passwords or usernames making it vulnerable to attacks and ensure registration credential recovery at API pathways are hardened against account enumeration attacks by using the same messages for all outcomes. There are more options for preventing authentication failures. I thought those were some of the most effective and commonly used methods.
