Security+ Fundamentals and Mitigating Threats

Security+: Security Fundamentals, Mitigating Threats
Computers and Networks possess vulnerabilities and mitigations associated with network devices, including privelege escalation and weak passowrds. There are many things the industry is doing to tackle these weak links in order to ‘harden’ their security protocols, rules, and access. The industry has come up with best practices for access control to implicit deny, give least privilege, separation of duties for staff members, and job rotation to keep the system sharp. This is often regulated withe the MAC – Mandatory Access Control, (DAC) Discretionary Access Control, and Role/Rule based Access Control systems. When access is implemented, there are methods to prove identification, authentication, confidentiality, integrity, while keeping availability by the use of cryptography and encryption. Security groups and protocols are implemented as well as components such as Kerberos, Mutual, and Biometric Readers. But even these methodologies have its vulnerabilities and weaknesses. Crytography, Hashing, and Algorithms are utilized in encryption to create strong-hold applications in protecting data, password, communication, and access. Computer Security begins with Security Building Blocks often acronymed “The CIA Triad” that represents three important principles … confidentiality, integrity, and availability while maintaining non-repudiation and keeping the transmitted data associated with the original data that was created. This is all embraced in order to protect from threats that could involve unintentional or unauthorized access or changes to data, interruption of services, interruption of access to assets, damage to hardware, or unauthorized access and damage to facilities. Many of these vulnerabilities are caused by simple reasons like improperly configured or installed hardware/software, bugs in software/operating systems, misuse of software/communication protocols, poorly designed networks, poor physical security, insecure passwords, design flaws in software/operating systems, and unchecked user input. Exposure to risks can cause great financial damage or loss, and is often caused by the user. Security relies on the Four A’s: Authentication, Authorization, Access Control, Auditing or Accounting. It has become commonplace with I.T. Networks to grant users minimal priveleges since User error is the biggest risk that exists. Not giving an Employee too much authority or too many duties, incorporating job rotation, insisting on mandatory vacations, and having protocols of privilege management covers most bases in security threats.

Print Friendly, PDF & Email
This entry was posted in Computer Science, Information Technology. Bookmark the permalink.

One Response to Security+ Fundamentals and Mitigating Threats

  1. Thanks a ton for posting this,added you to my RSS reader.

Leave a Reply