How is technological obsolescence a threat to information security? How can an organization protect against it?
Technology obsolescence is a threat to information security in the following ways. First, its time. As we move forward and time elapses, many people can and try their best to crack the system. They will also test it and bypass particular measures, which eventually will defeat any countermeasures. Figure out this; when the simple lock was freshly invented, it had had simple defensive measures as it only had a metal and a key which, if provided to this century’s thief, it will be easily be bypassed. However, the simple lock has been advanced to use more hard metals, while some have internal countermeasures to curb unauthorized entry, for example, a combination Masterlock. Besides, hardware and software grow obsolete at different speeds. This potentially leaves most of the digital objects unusable over time hence blocking information passage. Further, organizational data may be lost when the system becomes unreliable and trustworthy. Nonetheless, technology obsolescence leads to management’s drawback, mostly in planning as well as unsuccessful in foreseeing any technological advancement in the world of business. Other ways in which technology obsolescence is a threat to information security are; it brings cybersecurity risks, operational efficiency risks, and sustainability risks.
Management level mitigation can be vital in protecting against it. Organizations have to continually advance and upgrade their security software as well to regularly train their employees in anticipation of newly developed types of attacks as well as threats. Organizations must enable the right technological decisions, which will make them avoid obsolescence. Recovery from obsolescence calls for active tracking of technology that organizations use. The organization also requires short and long-term management and planning, which will help respond to immediate requirements and anticipate future needs. Funding decisions regarding the digital preservation program must be informed by technology monitoring and organizational planning.
What is Port Address Translation (PAT), and how does it work?
Port address communication (PAT) is the property of a network device that transmits information passed between both hosts on a private and public network. PAT allows multiple hosts on the private network to use one public IP address, normally a LAN. Other vendors use other names while Cisco uses the name PAT. When the first packet is sent by the host in the private network to host in the external network, the inside source IP address is replaced by a PAT device in the IP header with one public IP. From the available ports’ pool, a port number is assigned to this connection, and the number is inserted in the UDP or TCP header source port, and the IP packet is placed on the external network. Then, the Port address communication, the device passes through a translation table with the internal IP address, UDP, or TCP, assigned outside the port, and inside the port. The same outside port number is as a result of subsequent packets transition. On receiving the data packet, the outside network host moves both the source port and the source IP address. The Port address communication device works on TCP destination port and an IP destination address for packets coming from outside.
How is PAT implemented?
Port Address Translation, is implemented by taking advantage of UDP port numbers and layer four TCP. The source port number is modified and mapped for every outgoing connection; by this technique, each returning traffic to that particular port can be mapped to the proper internal address.
What is the difference between PAT and Network Address Translation (NAT)?
PAT is an extension for (NAT), which is an acronym of Network Address Translation that allows many devices on a LAN to be located to one public IP address to maintain IP address while NAT maps a public IP address to private IP addresses, which can be many to single relation or one-to-one.
What are IDPs? List and describe the three control strategies proposed for IDPs. -Compare and contrast the pros and cons for each strategy
IDPs, which are in full, are Intrusion Detection and Prevention System. It is a network-assured future solidness appliance responsible for monitoring network and system tasks and detecting potential intrusions. IDPs also prevent invasions through blocking log information, activities as well as reporting it. This network security appliance is an appendage of IDS that is responsible for detecting intrusions and also preventing intrusions through sending an alarm, then dropping a spiteful network packet, also connection reset or maybe blocking traffic, which is from trespassing IP address.
It centralized Control Strategy. Each of the control functions is executed as well as managed centrally. The IDS console is made up of management software that is accountable for assembling information arising out of remote sensors, examining the webbing monitored and diagnosing where the present situation has drifted out of the preconfigured genesis. It encourages every person to focus precisely on the on hand task. The principal advantage of this strategy is more on cost and control. Everything is run on well smoothly resulting from central management, therefore, positioned to acknowledge a large scale attack though it never recognizes unknown attacks.
Fully Distributed Control Strategy. This strategy is when physical control functions are exercised and employed to numerous locations located to a particular network, hence permitting every monitor to carry out their control functions to realize the essential reactions, detections, in addition to response directed to intrusions. The advantageous side of the distributed control strategy is its availability and reliability hence significantly speeding up the IDSs reaction. The con on this strategy never stops the malicious attacks.
It partially Distributed Control Strategy. This strategy is positioned in a way that individual agents from the system can analyze and respond to localized attacks or within familiar locations and tell the findings to detect the attack. This strategy can combine premier from both centralized strategies as well as a distributed control strategy. With the blended approach, it comes out as the most effective method to be employed in discerning, intelligent attackers. It permits organizations to heighten for the economy in terms of scale in the enactment of vital management as well as staff, and mostly in the reporting areas. The problem with this strategy is that it needs other devices to counter the attack.
Describe the three strategic plans for continuous availability. -Why are each important to an organization?
First, the organizations have to expect the unexpected. The digitalized world has brought more straightforward access to goods, information as well as services. The organization should be equipped to be in a position to cope with anything. This will only happen through the following two key steps. First, there should be well-placed adjustments that are meant to enhance profitability and reputations of organizations by speed and capability of their networks hence avoiding delays and lags in the organizations. This is important to organizations as they in apposition to handle whatever issues arise without creating havoc in the system, therefore continually delivering services.
Secondly, organizations have to prepare for unplanned. What do you think to happen when unexpected events happen, and the organization didn’t foresee? For example, when the music legend died, Prince, there were above one million downloads of his music, which surge the music streaming services. Unplanned events can bring website crashing, which might block a lot of organization information, leading to mega losses. Preparing for unanticipated might prove a turn around on impact on reputation as well as profits of organizations; therefore, organizations can bypass falling on the trap of being caught unexpected.
Finally, agile network management. This calls for availability as well as diversity in preparation for the unexpected. Given that the customers’ demands are in a continuous change and increase, the network has risen to be both a reliable backbone and central nervous system. Therefore it is required to enable cloud environments, interact with various data types, associate and connect every application, and continuously improve performance. This will benefit organizations by maintaining and managing the system’s networks.
Describe network foot-printing and network finger-printing. How are they related?
Footprinting is the method that gathers computer system’s information and the system they are associated to. It is also referred to as reconnaissance. Various technologies and tools can be used by a hacker to get this information, which is essential to a hacker who is attempting to crack the whole system. In computer security lexicon, Footprinting refers to tasks done before performed before the attack, one of the pre-attack phases. Nmap, traceroute, nslookup, and sam spade are some of the tools used for Footprinting. Passive Footprinting and Active Footprinting types of Footprinting. Active Footprinting refers to the practice of using techniques and tools to gather the target’s information. In contrast, Passive Footprinting refers to using innocuous means to gather the target’s information.
Fingerprinting is the process of detecting hardware devices, operating systems, network protocols, and software using a group of information. The fingerprinting data can be used against the target through a part of an exploit strategy when the penetration tester has enough information. Attackers have to launch custom packets to the target to detect networks, application numbers and names, services, and OS. There are several human printing methods used to obtain information from specific scenarios. Similarly, there are several techniques to analyze digital fingerprints from hosts in the digital world. Fingerprinting techniques analyze the various types of information and packages, such as DHCP requests, IP ID values, and ICMP requests. Passive fingerprinting and active fingerprinting are the two types of fingerprinting. Active fingerprinting involves the victim analyzing the results after being sent packets while Passive fingerprinting involves avoiding detection as an alternative approach while doing reconnaissance activities.
Both fingerprinting and Footprinting are implemented as a part of the attack protocol. Also, network footprinting is a phase in network fingerprinting. In-network fingerprinting, Internet addresses associated with the organization are gathered to perform a systematic survey on the targeted organization. Also, both fingerprinting and Footprinting have passive and active fingerprinting and Footprinting, respectively.