The University’s systems and security infrastructure has given the IT analysis team a good start in building a security plan by gathering information about the University’s systems from the network diagram. A security control is any mechanism that you put in place to reduce the risk of compromise of any of the three CIA objectives: confidentiality, integrity, and availability. When you plan your network addressing scheme, consider the following factors:
The type of IP address that you want to use: IPv4 or IPv6
The number of potential systems on your network
The number of systems that are multihued or routers, which require multiple network interface cards (NICs) with their own individual IP addresses Whether to use private addresses on your network
Whether to have a DHCP server that manages pools of IPv4 addresses The IP address management (IPAM) solutions streamline the management of the entire IP address lifecycle. The patented container feature is just one innovation brought to market to allow you to organize your IP address space according to your topology. Allocate blocks and subnets with a mouse click without trying to calculate binary or hexadecimal subnet allocations. And at the same time, automate DHCP pool creation for allocated subnets as well as DNS forward and reverse domains and resource records. The University can allocate multiple subnets, each with address assignments, pool definitions, DNS domains and resource records. Preventive controls exist to prevent compromise. This statement is true whether the control is administrative, technical or physical. The ultimate purpose for these controls is to stop security breaches before they happen. However, a good security design also prepares for failure, recognizing that prevention will not always work. Therefore, detective controls are also part of a comprehensive security program because they enable you to detect a security breach and to determine how the network was breached. With effective detective controls in place, the incident response can use the detective controls to figure out what went wrong, allowing you to immediately make changes to policies to eliminate a repeat of that same breach. Without detective controls, it is extremely difficult to determine what you need to change.
There are basically two types of information gathering: active and passive. Passive information gathering is where the attackers won’t be contacting the target directly and will be trying to gather information that is available on the Internet; whereas in active information gathering, the attacker will be directly contacting the target and will be trying to gather information. Information gathering is generally done on infrastructure and on people. In infrastructure recon, the attackers generally try to find the information about the host i.e., the mail exchanger record, name server record, shared resources, etc. For information gathering on people, the attackers try to gather information like email addresses, their public profiles, files publicly uploaded, etc., that can be used for performing a brute force, social engineering or Spear phishing. If we want to gather information related to any infrastructure, we can gather relationship between domains, DNS names, and net blocks. Find the relationships, which (people) are linked to, including their social profile, mutual friends, companies that are related to the information gathered, and websites. Usually these identifiable features may reveal specific protocol versions, vender information, and configurable parameters, and can be stored as the “fingerprint” for matching and comparison. While the original purpose was to identify remotely what Operating System is running on the target host, the applications of fingerprinting techniques nowadays cover a much wider range of areas. It has been shown by the prevalent fingerprinting tools that implementations of most key Internet...
Please join StudyMode to read the full document