Thomas McLaughlin
Forum Replies Created
-
AuthorPosts
-
Thomas McLaughlinParticipant
Many companies have a vast array of policies to limit the possibility of a security incident. We usually see an Acceptable use policy, this outlines what you can use the network for. You then get into policies that limit what kind of USB devices you can attach to your company ports. You will have policies that have you block open RJ45 ports that aren’t being utilized. You will also have policies around any sort of sensitive information if you are dealing with secret clearance or anything.
Thomas McLaughlinParticipantGood evening,
The risks companies face can be from nefarious actions, user ignorance, or equipment failure. You have nefarious actors that try to gain access to your systems through the network; you can have insider threats or phishing attempts. The last exploit is usually successful because of user ignorance, but users can also share or post information that they shouldn’t, which compromises your company.Thomas McLaughlinParticipantGood evening,
This is a great reminder to help with temptation. It is also really important to remember that temptation itself is not failing. It is acting on that temptation. In the moments of the hardest struggles, if we can learn to rely on God, we can make it through them.Thomas McLaughlinParticipantGood evening,
It will be very interesting to see where encryption takes us in the future. We are obviously at the cutting edge of technologies like AI and Quantum computing, and it is hard to predict the implications these systems have on encryption.Thomas McLaughlinParticipantGood evening,
Access control as a principle seems to be embedded in a lot of the technologies in cyber security that we talk about. It is interesting to see all the different approaches to access control or methodologies to it.Thomas McLaughlinParticipantData integrity is a crucial part of cybersecurity. Cryptography is a tool we can use to encrypt data in transfer or at rest. There are many different methods used for this, and depending on your specific requirements will dictate what you use. As computing power keeps getting stronger, our encryptions must continue to grow. The necessity for cryptography in data integrity is not going away anytime soon, and we will continue to see this grow into a more complex system in the future.
Thomas McLaughlinParticipantAccess Control is a vital portion of the security process. We have many variations or formats of access control in today’s environments. We can simply utilize shared permission to limit what users have access to; we also have NTF permissions. Firewalls and passwords are other types of access control. We have Roles based access controls. Many of these can be implemented into a single network to provide a robust solution to control who has access to what information.
Thomas McLaughlinParticipantGood evening,
I think you bring up a crucial topic here. The specific way that this task will get done is really determined by what setting you are in. the other thing you hit on that I really like is the idea that without proper training, any controls you put in place can be bypassed because of users.Thomas McLaughlinParticipantGood evening,
Your answer is very well explained. I honestly don’t have much experience with RAID, and I know that is something I should spend a little time getting familiar with in this profession. I eventually would like to build my own NAS for my home network.Thomas McLaughlinParticipantGood evening,
There are multiple controls that a company could use to secure its network. We will start with a firewall. A firewall can be software or hardware, and it stops unwanted traffic from entering your network. After that, you would also have some Access control. Depending on what systems you are using will depend on how you implement access control. Access control simply limits access to network resources based on roles and privileges. Access control can also implement MFA. The last one I want to talk about is patch management. Making sure you have a policy in place for all your devices to stay up to date in their security patches is vital.Thomas McLaughlinParticipantGood evening,
The two major types of storage options are local and network-based. Network-based storage devices usually are accessible to many clients and are larger capacities than local storage options. The typical network storage options are NAS, SAN, Cloud Storage, Object Storage, and Das. All of these have their specific uses and can be advantageous depending on your needs.
It doesn’t matter if you are storing data locally or on a network; you will probably use some form of RAID if you are using hard drives or SSDs.Thomas McLaughlinParticipantGood evening,
There is so much evidence pointing to the truth of the bible it is hard to understand how it could be false. These prophecies are a great example of God speaking. Like Lee Stroble in the “Case for Faith” the world ultimately points to a creator. I personally will still try to explain away or down paly God’s involvement in my life. I think it is vital for us to be very aware of these attacks by the devil. We need to be able to recognize God in our lives and give thanks for all he is doing.Thomas McLaughlinParticipantGood evening,
I think you did a great job explaining Authorization and access control. As we continue to see an increase in critical systems moving to applications and access through the web, we have seen a massive increase in the need for authentication. Most, if not all of us, have seen MFA creep into our banking apps, stock apps, or even just social media accounts. This will only continue to increase and we will probably see most applications and authentication servers use some form of MFA.Thomas McLaughlinParticipantGood Afternoon,
One of the top ten principles is Injection. Injection usually occurs through user input into an application. The most common type of injections are SQL, command, and LDAP. Injections are a critical control because they can lead to serious consequences like data loss and system breaches. To minimize the possibility of Injection attacks developers need to implement input validation and parameterized queries.Thomas McLaughlinParticipantGood afternoon,
The first topic I would like to discuss is just the prevalence of general spyware. We have all heard of TikTok and how it is well-known spyware. Companies and Government agencies have blacklisted this application on any company or government-owned devices so it can’t steal important information. The next significant advance in technology is also a huge security risk, and that is, everything is cloud-based now. I believe this is why we are seeing an increase in data encryption and Multi-factor authentication. The last thing I want to discuss is IoT or the Internet of Things. Recently ordinary household devices have received the ability to communicate through networks and have seen the issue around these vulnerabilities, from people being able to hack into baby monitors to capture the footage to also being able to talk through the baby monitors. We have seen an escalation of privilege attacks from refrigerators. All of these things will have to be considered when developing a secure network. -
AuthorPosts