Common risks, threats, and vulnerabilities Essay

1. What are some common risks, threats, and vulnerabilities usually found in the local area network-to-WAN Domain that must be mitigated through a layered certificate strategy? A layered security strategy will encompass Rouge protocols such as Bit mining and P2P, Unauthorized network scanning and probing, and unauthorized access to the network. 2. What is an Access Control bring up (ACL) and how is it useful in a layered security strategy? An ACL is a Control list which will allow or deny business or doodads based on specifications defined in the ACL. This ACL generally is applied and configured on Firewalls. It is useful in a layered security approach because from an foreign standpoint it become the first line of defense when hosts attempt to connect to the network.3. What is a Bastion military? Provide an example of when a Bastion force should be used and how. A Bastion Host is a host that is minimally configured software firewall containing only necessary software/services . These are similarly referred to as bare metal or lite and is managed to be overly secure through a minimalist approach. All traffic coming is directed to the Bastion or screened host. Outbound traffic is not sent through it. The most common threat to the Bastion Host is to the operating carcass that is not hardened with additional security diligences.4. Provide at least two examples of how the enclave requirement to infinite a firewall at the perimeter can be accomplished. a. Placing a firewall between two routers and another firewall forward a DMZ would be the best requirement choice to use 5. What is the difference between a traditional IP Stateful Firewall and a Deep Packet Inspection Firewall? a. IP Stateful firewall brushup takes place in layer 4, when traffic attempts to traverse the firewall a requested a source port and a goal port pair become part of the session allowing the source to receive information. Stateful inspection firewalls solve the pic of permitting a ll the high numbered ports by creating a table containing the outbound connections and their associated high numbered port(s). b. Firewalls utilizing deep packet inspection provides enhancements to Stateful firewalls Stateful firewall is still susceptible to attack even if the firewall is deployed and working as it should be. By adding application-oriented logic into the hardware, essentially have IDS into the firewall traffic. Deep Packet Inspection uses an Attack Object Database to store protocol anomalies and attacktraffic by meetinging them by protocol and security level.6. How would you monitor for unauthorized management access attempts to sensitive systems? Acls and audit logs can be leveraged to confirm which station is attempting to make the unauthorized connection. 7. Describe Group ID (Vulid) V-3057 in the Network IDS/IPS Implementation Guide provided by DISA? A management server is a centralized device that receives information from the sensors or agents 8. What is the significance of VLAN 1 traffic within a Cisco Catalyst LAN Switch? Describe the vulnerabilities associated if it traverses across unnecessary trunk. VLAN1 traffic will contain the STP or spanning channelize traffic, CDP traffic, and Dynamic trunking traffic to name a few. If unnecessary traffic traverses the trunk it could cause the switch unstableness causing it to go down or become inoperable.9. At what logging level should the syslog service be configured on a Cisco Router, Switch, or Firewall device? Syslogs traps should be configured at levels 0-6. put down Level 2 10. Describe how you would implement a layered, security strategy within the LAN-to-WAN Domain to keep up authorized remote user access while denying access to unauthorized users at the Internet entering/egress point. To implement a layered security strategy for remote user access, we would start with an application based login, such as a VPN -SSL authentication then pair it with LDAP on a roentgen or Tacacs+ service. LDAP is bound to Active directory which will leverage Role based access controls to check group permissions.11. As defined in the Network Infrastructure Technology Overview, Version 8, Release 3, describe the 3 layers that can be found in the DISA Enclave Perimeter layered security solution for Internet gateway/egress connections (i.e., DMZ or Component rate of flow). 3 types of layers found in the Enclave Perimeter Component Flow include the Network layer security, Application layer security and security of the actual applications themselves. 12. Which device in the Enclave Protection Mechanism Component Flow helps mitigate risk from users violating acceptable use and unwanted websites and uniform resource locator links? The Web Content Filter13. True or False. The Enclave Protection Mechanism includes both an natural IDS and external IDS when connecting a closed network infrastructure to the public Internet. True, it is required to have external IDS as well as interna l IDS. Requirements include having a firewall and IDS in between theinternet facing router and the internal, acquaint, and router. 14. True or False. Securing the enclave only requires perimeter security and firewalls. False, securing the enclave includes a layered firewall approach both on the inside and outside of the network. Sensitive data can be secured from other segments of the internal network (internal) as well as Internet links (external). 15. What is the primary objective of this STIG as is relates to network infrastructures for defensive measure networks? STIG, or Security Technical Implementation Guide, is an intended lapse to decrease vulnerabilities and potential of losing sensitive data. The guide focuses on network security, giving security considerations for the implemented network. The STIG also covers the level of risks and the associated acceptable levels to said risks.