Close

OCU C)NP A Week 04 Lesson 07 Discussion

Viewing 5 reply threads
  • Author
    Posts
    • #66083
      Jessica Jagerson
      Keymaster

      Provide at least two controls or methods that help harden servers and networks.

    • #90335
      jmontgomery2
      Participant

      The proxy firewall is one control that will harden a network against attacks. The proxy firewall uses a false IP address that is exposed to the outside internet. This creates a middle man that will cut contact with a client or server that is not trustworthy. The proxy firewall is stronger than simple packet filtering as it provides an extra layer of protection. But it is weaker than other more advanced forms of firewalls employed to protect networks from cyber attacks.
      Data deletion is a control that also helps harden a network from bad actors. Keeping around old sensitive data creates a liability for the network overseer. Deletion of data can be completed in a handful of ways. These include, encryption, the scrambling of the data so it would need to be decoded to be useful. Physical destruction, physically destroying the disk or drive that the information is stored on, this is the easiest way to ensure that nothing can be recovered. And overwriting the data, or copying new information over the previous data on the hard drive.

    • #90374
      Amy Hastings
      Participant

      Two methods you can use to harden your servers and network is a firewall, which is to help keep any network ports at a restriction towards the unnecessary things or the “traffic” coming in through them. You should also make sure you keep up on the updates towards your firewall in order for a better protection.

      Another would be server hardening which is a process that senses your data and information like your ports and any permissions you allow along that server. This is a more common hardening process today and it uses a lot of security top keep your data highly protected.

      • #90377
        Ashly Jackson
        Participant

        You have included some great points. Systems hardening is a collection of tools, techniques, and best practices to reduce vulnerability in technology applications, systems infrastructure, firmware, and other areas. The goal of systems hardening is to reduce security risk by eliminating potential attacks vectors and condensing the system’s attack surface.

    • #90376
      Ashly Jackson
      Participant

      Network hardening: Ensure your firewall is properly configured and all rules are regularly audited; secure remote access points and users; block any unused or unneeded open network ports; disable and remove unnecessary protocols and services; implement access lists; encrypt network traffic.Hardening Network Devices. Hardening network devices reduces the risk of unauthorized access into a network’s infrastructure. Vulnerabilities in device management and configurations present weaknesses for a malicious cyber actor to exploit in order to gain presence and maintain persistence within a network.Most common surface hardening methods include flame and induction hardening. In flame hardening the form of hardening is due to transformation hardening in which the surface layer is heated above the critical temperature A1 to austenitize and during subsequent quenching hard martensite is formed.Network hardening standards help guide the processes used in optimizing network security across your organization’s cybersecurity infrastructure. Within a cybersecurity program, network hardening helps mitigate security risks related to: Vulnerabilities in network configurations and devices.OS hardening usually involves patching and securing the operating system of a server. Operating system vendors, such as Microsoft, typically release updates, service packs, and patches that users can install manually or automatically. Domain controller hardening involves hardening the servers running Active Directory to reduce the risk of unauthorized access, data breaches, etc., and service interruptions. Configure your firewall – Configure your firewall to only accept traffic from the ports you want. Restrict access – Leverage user roles defined in customer systems. Allow access to specific resources only to those who absolutely need them. A network switch is a hardware component responsible for forwarding data from a network to a destination endpoint through packet switching, MAC address identification, and multiport bridging systems. Network switches connect devices on a local area network (LAN) and send data packets to and from them.

      • #90621
        Aaron Elliott
        Participant

        From what I learned from previous security classes, open ports are a common entry point for bad actors, proper auditing of the state of the network is needed to ensure the network is allowing the least risk possible.

    • #90452
      Aaron Elliott
      Participant

      In order to harden a network and servers, a basic step would to be ensure devices connected to the network be kept up to date with software updates. Microsoft or other operating system manufacturers push security updates regularly, and not keeping up with these will increase the risk of breaches, as old version’s vulnerabilities become better known.

      In house threats are common vulnerabilities for networks. To harden from these threats, one would want to monitor the privileges assigned to employees, making sure one employee does not have more access then required, enacting least privileges. Also training employees on proper device management and the dangers of phishing emails.

      • #90701
        jmontgomery2
        Participant

        These security controls are very effective in hardening a network and I have to agree with your point on not allowing one employee to have too much access. Insider leaks are a real threat that are extremely hard to defend against. Well done with the research and a good post.

    • #90579
      Joseph Doss
      Participant

      The most basic would be to use a firewall which would block unwanted traffic from entering the network and gaining access to certain servers/computers/devices.

      The use of a DMZ for web services to separate internal private servers from those accessible online to the public such as webpages, lessens the chance of an attacker gaining access to private Information by attacking public servers.

      • #90659
        Amy Hastings
        Participant

        very well explained, both that you listed are explained very good and made easy to know the differences between the two. The DMZ explanation is exceptionally good, it is helpful to lessen chances of attackers or hackers from public servers.

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

SUPPORT

Please Note:

The support ticket system is for technical questions and post-sale issues.

 

If you have pre-sale questions please use our chat feature or email information@mile2.com .

Cybersecurity Certifications for Today's INFOSEC Careers

Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.

 

Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range.  We train students in penetration testing,disaster recovery, incident handling, and network forensics.  Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.  

 

Accreditations

We've developed training for...

Canada Army Navy Airforce

The Canadian Department of National Defense

USAF

The United States Air Force

Defense Logistics Agency

A United States Counterintelligence Agency

Texas Workforce Commission

Texas Workforce Commission