Provide (2) 150 words response with a minimum of 1 APA references for RESPONSES 1 AND 2 below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.
In order to prevent attackers from gaining access to your network, there are three control mechanisms that are used to work together to make sure that security is maintained (Oriyano, 2013). These three controls are administrative, technical and physical.
Administrative controls deal with the policies and procedures. This includes setting up restricted privileges. Server configuration, alerts, response and desktop configurations. Implicit deny is a setting that defaults any missed settings or configurations ill automatically default to not allow access. Least privilege is setting each access to be allowed to only what is absolutely needed and nothing more. Job rotation is used to ensure not one person has too much power in one area, this helps to hold accountability. Other tasks consist of separation of duties, mandatory vacation, and privilege management. All these tasks help contribute to a good mixture of security from attackers internally and externally.
Technical controls consist of things such as passwords, biometrics, access control software, antivirus and malware software. Using access control software to be able to enforce access of sharing information and applications. Anti-Malware software and passwords are one of the most common and most needed technical tools for protecting the security of an organization (Oriyano, 2013). Passwords are only useful if used properly though.
Physical controls are thing that you physically use to protect your systems such as cameras, locks, safes, any types of barriers that act as an extra barricade for an attacker. I think of it like a prison, there’s location, that’s in a strategic place, usually in the middle of nowhere. Fences, barricades, guards, alarms etc. all this can be used to protect your equipment and personnel.
All three of these controls are used in combination with each other to provide an organization security and help prevent from attackers. Each action performed makes it one more hurdle for an attacker to have to navigate through.
There are three overall types of controls used to prevent attackers from gaining access to a network or specific data. The types are Administrative, Technical, and Physical and with the three layered in whatever ways are chosen by the security or IT person, they protect or at least slow the would-be attacker.
Administrative controls are the rules that are in place to dictate who receives what access, and one of my favorite methods of doing this and slowing attackers is through the Principle of Least Privilege. This only provides users with the bare minimum access to perform their job, nothing extra. (Oriyano, 2014) This would slow attackers down because they would then need to find a user with the proper accesses instead of just getting access from any user.
Technical controls are what most people think of when it comes to security and are things like antivirus and malware software but are also methods of users authenticating themselves. (Oriyano, 2014) Biometrics would make gaining access much harder for an attacker as they would need to either somehow obtain a user’s biometric information or obtain it from the database where that belongs.
Physical control is exactly what it sounds like, but location is one that can be a huge deterrent for attacks. Does the server or data get stored in one location? Or is the locations broken up into sections? It can be harder for an attacker either way if controls are present. With one central location a location can only worry about the security for one location, but if the data is spread out the job becomes more work to locate where the data the attacker wants is.