Must be at least 100 words each
1) Module 2 Network Security Vulnerabilities
Security Vulnerabilities warrant the most concern for network and security professionals as it provides a critical threat for efficiency and effectiveness of an organization. It is extremely important to identify network security vulnerabilities proactively before a hacker does it for planning an attack on the organization. Here are a few vunerabilities that aren’t mentioned as often as the most common ones.
Network Security Vunerabilities:
- Missing patches…All it takes for an attacker, or a rogue insider, is a missing patch on a server that permits an unauthenticated command prompt or other backdoor path into the web environment.
- Weak or defaulted passwords…Honestly I don’t believe passwords should even be part of a network security vulnerability discussion knowing what we now know. However, many web applications, content management systems, and even database servers are still configured with weak or default passwords.
- Mobile devices…Phones, tablets, and unencrypted laptops pose some of the greatest risks to web security.
Whether accessible from inside or outside your network, these commonly-overlooked security vulnerabilities are likely putting your web environment at risk today. The smart approach to minimize your risks is to perform in-depth web vulnerability scans and manual analysis, but also ensure that everything else that touches your web environment has been properly reviewed.
2) Module 2 Threats Vulnerabilities and attacks
Building on the knowledge of network structure and network defense from last week, the terms threats, vulnerabilities, and attacks play a significant part of information security. Threats are actions that can compromise security. Threats create the possibility for vulnerability to be compromised. Threats can be non-man made (natural disasters, fires, tornadoes) or man-made (malicious hackers, untrained employee). Vulnerabilities are a weakness in security that could be compromised by a threat. They can be physical (flooding, theft) or non-physical (unpatched software, outdated antivirus software). An attack is an assault on the network. Attacks can take numerous forms : buffer overflow, cross-site scripting, SQL injection. Monitoring, detecting and responding to each term will help the network recover and resume operations.
3) Module 2 Network Security Breach
There are many different types of network security breaches that can occur within a company. Some common examples include:
- Hardware theft or loss: This type of breach can occur if an employee accidentally loses or someone steals a computer or other device that contains sensitive network information.
- Viruses, worms, trojan horses: Viruses, worms and trojan horses are malicious programs that have been created to steal information or destroy a network.
- Hacker attacks: Hacker attacks occur when an individual or group of individuals hacks into a computer network to steal information or damage a system.
- Phishing: This type of attack is when someone tries to get sensitive information by tricking an individual or group into revealing it.
With the right security measures in place, you can minimize your company’s risk of a security breach. Network security defense typically includes:
- Anti-virus software
- Anti-spyware software
- Virtual private networks
- Intrusion prevention systems
It is important to note that you can’t install just one of these methods and expect your network to be secure. The most effective defense against a network security breach is to combine these methods for a single, more effective layered security solution.
4) Learning Team Collab
I look forward to working with you on our discussions. I am not sure what kind of company we would like to research, but a couple come to mind. I remember when I used to play on the PlayStation Network a lot, they used to be plagued with DDoS attacks. I have not signed on in a while, so I do not know if they are still suffering from those, but it could possibly be interesting to look into. I would think they would also have other four vulnerabilities, threats, and risks.
The other company I was thinking of could be any of the companies that were hit with the recent ransomware attack. As far as a common threat/risk (I still have trouble differentiating between them), I think perhaps phishing would be a good threat/risk (sorry!) to write about and it seems like any company can suffer from those.
Once I go through some of the readings, I will try and come up with some more ideas. I look forward to brainstorming this with all of you!
5) Individual: Network Vulnerabilities
What is the difference between a DoS attack and a DDoS? What matter of protection is available to the latter?
6) Module 1 Denial of Service attack
Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users. After gaining access to your network, the attacker can do any of the following:
- Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion.
- Send invalid data to applications or network services, which causes abnormal termination or behavior of the applications or services.
- Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.
- Block traffic, which results in a loss of access to network resources by authorized users