Weekly reflection
In your blog, answer the following questions. You may need to conduct some research to answer these questions adequately.
1.Which architecture for deploying a firewall is most commonly used in businesses today? Why?
Although literally hundreds of variations exist, there are four common architectural
implementations of firewalls, they are; Packet filtering routers, Screened host firewalls, Dual-homed host firewalls and Screened subnet firewalls
The most commonly used in business today is Screened Subnet Firewalls. Wikipedia states that "in network security, a screened subnet firewall is a variation of the dual-homed gateway and screened host firewall. It can be used to separate components of the firewall onto separate systems, thereby achieving greater throughput and flexibility, although at some cost to simplicity. As each component system of the screened subnet firewall needs to implement only a specific task, each system is less complex to configure". It is the most coomonly used because it is an entire network segment that performs two functions:
· It protects the DMZ systems and information from outside threats by providing a
network of intermediate security and It protects the internal networks by limiting how external connections can gain access to internal systems.
DMZs can also create extranets, segments of the DMZ where additional authentication
and authorization controls are put into place to provide services that are not available
to the general public.
2.What are the reasons that VPN technology has become the dominant method for remote workers to connect to the organizational network?
The reasons include:
Cost benefits: IP VPNs will always be less costly to run than Frame Relay for sites in different cities. There's no need to pay for data between offices or teleworkers at per MB rates.
Simplified management: you'll receive one point of contact for your VPN, rather than having to deal with a phone carrier for the transport and a separate ISP or division for IP data.
Improved security: there is no longer a need to run confidential data across the Internet. An AlwaysONLINE VPN is built on a separate network, removing the need to punch holes in firewalls or make exceptions to IT security policies.
Separate your Internet access from your inter-office connections: we provide the option of connecting your VPN to the Internet. This access can be placed in front of a firewall reducing the points of interconnect between your network and the Internet.
(http://www.alwaysonline.net.au/vpn/advantage.html)
3.Will biometrics involve encryption? How are biometric technologies dependent on the use of cryptography?
Yes biometrics will involve incription. Biometrics is the term given to the process of using body measurements, such as fingerprints, palm prints, iris pattern and facial recognition. Biometric technologies are dependant on the use of cryptography because most of the technologies that scan human characteristics convert these images to some form of minutiae, which are unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created.
Wednesday, September 16, 2009
Tuesday, September 1, 2009
Risk Management - Week 6
This week the thing I found most challenging was the quiz, I did not like the time box thing, every time i scrolled down the page to read a question it blocked my view which was very annoying. I did not find this set up of the quiz very constructive and helpful to my learning, when I do the quizes I use the notes and look up information on the internet, I find this way is much more useful for my learning as I am actually researching the answers. I found I did not have time to look at either of these things, and my result shows this, I did not do as well as i usually do because I guessed a lot. I have read the notes once and just once is not enough for me to have the information imprinted in my brain so I can do quizes without more resources. In conclusion I would prefer to not have a time restraint on future quizes.
Recently my log in page to online banking with my bank had the following message "Bank will never send an email asking you to follow a link to this logon page; or to any page requiring account or access ID details. If you receive such an email, it is not from Bank but is a hoax. This logon page should only be accessed directly from Bank’s website – not through an email link." I just though that this was an interesting thing to mention as this course is about security.
What is the best value that should be assessed when evaluating the worth of an information asset to the organization - replacement cost or lost income while repairing or replacing?
I would say lost income, if it takes longer than expected to repair something then the lost income will be greater than anticipated.
What is the likelihood value of a vulnerability that no longer must be considered?
I'm not sure about this answer. I will come back to it if i have a chance.
In what instances is baselining or benchmarking superior to cost benefit analysis?
Benchmarking is a process of comparing an organization's or company's performance to that of other organizations or companies using objective and subjective criteria. Baselining is a method for analysing computer network performance. The method is marked by comparing current performance to a historical metric, or "baseline". Cost-benefit analysis is the name given to the process of weighing up the costs and benefits of undertaking a project. (Wikipedia) Benchmarking or baselining are superior to cost benefit analysis because they take into account other factors, such as the performance of other organisations, this will give them a better idea of how there project could work.
How can we find out what an organization's risk appetite is? Why is this important?
Risk apetite is determining the level of risk an organization has. The purpose of this is to control directly how people make decisions on behalf of an organization in the face of risk and uncertainty by specifying the importance of risk in some way. We can find out an organizations risk apetite by looking at the following questions:
* Where do we feel we should allocate our limited time and resources to minimise risk exposures?
* What level of risk exposure requires immediate action?
* What level of risk requires a formal response strategy to mitigate the potentially material impact?
* What events have occurred in the past, and at what level were they managed?
(http://www.continuitycentral.com/feature0170.htm)
It is important to know an organizations risk apetite to ensure that the right levels of risk are being used.
Recently my log in page to online banking with my bank had the following message "Bank will never send an email asking you to follow a link to this logon page; or to any page requiring account or access ID details. If you receive such an email, it is not from Bank but is a hoax. This logon page should only be accessed directly from Bank’s website – not through an email link." I just though that this was an interesting thing to mention as this course is about security.
What is the best value that should be assessed when evaluating the worth of an information asset to the organization - replacement cost or lost income while repairing or replacing?
I would say lost income, if it takes longer than expected to repair something then the lost income will be greater than anticipated.
What is the likelihood value of a vulnerability that no longer must be considered?
I'm not sure about this answer. I will come back to it if i have a chance.
In what instances is baselining or benchmarking superior to cost benefit analysis?
Benchmarking is a process of comparing an organization's or company's performance to that of other organizations or companies using objective and subjective criteria. Baselining is a method for analysing computer network performance. The method is marked by comparing current performance to a historical metric, or "baseline". Cost-benefit analysis is the name given to the process of weighing up the costs and benefits of undertaking a project. (Wikipedia) Benchmarking or baselining are superior to cost benefit analysis because they take into account other factors, such as the performance of other organisations, this will give them a better idea of how there project could work.
How can we find out what an organization's risk appetite is? Why is this important?
Risk apetite is determining the level of risk an organization has. The purpose of this is to control directly how people make decisions on behalf of an organization in the face of risk and uncertainty by specifying the importance of risk in some way. We can find out an organizations risk apetite by looking at the following questions:
* Where do we feel we should allocate our limited time and resources to minimise risk exposures?
* What level of risk exposure requires immediate action?
* What level of risk requires a formal response strategy to mitigate the potentially material impact?
* What events have occurred in the past, and at what level were they managed?
(http://www.continuitycentral.com/feature0170.htm)
It is important to know an organizations risk apetite to ensure that the right levels of risk are being used.
Subscribe to:
Posts (Atom)
