Nt2580 Unit 3

Mortgage Connect is committed to protecting both its proprietary and customer data. To do this, MC has established a formal information security program to ensure appropriate controls are in place to safeguard sensitive data from unauthorized access or disclosure. The MC security program is comprised of both technical and procedural controls. MC has employed advanced next generation firewalls with Intrusion Prevention System (IPS) at the network perimeter configured in pairs for high availability. Public facing systems are segmented within a DMZ, isolated from internal systems by a pair of next generation firewalls protecting the intranet. All servers reside within either MC’s primary or secondary data center. Data centers are enterprise class

In order to mitigate these risks, it is imperative network switches are hardened. Additional controls may include ARP inspection, disabling unused ports and enforcing effective security on VLAN’s to prevent VLAN hopping.

Its easy for the administrator to limit access to any equipment or servers he wishes to limit and they can be kept off in their own VLAN and the administrator can give access to other users in other VLANs selectively.

IP stands for ‘Internet Protocol’ and is made of numbers and periods. It is the

This is an open exposure due to the uncertainties of the internet. Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity, and availability. Confidentiality assures that the information is not disclosed to unauthorized persons or processes. Any automated attacks or personal attack or attack to exploit the company secrets/statistics/data is the biggest threat to that may occur without the firewall.

Computers on the isolated network can initiate communications with all of the computers on the organization network, including those that are not located on the isolated network.

A port scan can be used for benign reasons as they are tool for network administrators to see what services are running on the machine. The scan sends a signal to each port one at a time and depending on the type of response the port is deemed open or closed. "A port scan is a method used by intruders to discover the services running on a target machine. It allows the attacked to see which ports are more vulnerable than others. It is equivalent to a burglar or thief canvassing a whole neighborhood to see which houses are less protected and more vulnerable. There are ways to defend yourselves from this type of attack but it requires one to assume that you are vulnerable completely. No one machine on a network is completely safe from an intruder. There are numerous products that can help protect you from these types of intrusions but simply turning your unused services off can be the biggest step toward securing your ports. "For example, in a Windows XP platform you would click on start, then run, type “services.msc” without the quotes, and click ok. After that a list of services will appear" (Facts, 2014). Then you would choose which services to disable and you're

6. Site VLAN: Site VLANs are used on only one site for the purposes of “discovery and adjacency maintenance between edge devices” (Santana, 2014, p. 358).

Every server area as well as the network access points must be monitored by personnel to ensure that only those who should have access to the data are able to gain access to the physical point of connection or into the NOC (Network Operation Center) itself. Physical access points throughout the wired and wireless network need to be audited and turned off when not in use. Varied levels of access to each data access point should be appropriate for the needs of that specific terminal or network address. By closely monitoring the levels of data in which each access point or user has the ability to view, one immediately closes most

It ensures protection by standing amongst system and the outside world. The information move in any direction must go through the firewall.

1. What networking equipment is usually found in the core of a campus network? Switches

Fourth, if the flagged packet is found, then the traffic from that source will be blocked and the blacklisted database will be updated accordingly.

The lack of guidance for use of computers and the LAN is contributing to the requirement for excessive maintenance of the company’s hardware, software and LAN. By addressing this problem immediately, we can prevent hackers from interdicting the company LAN, set a baseline for the company information security plan, and alleviate unscheduled maintenance on network infrastructure.

2) It will also help in controlling the data and control plane of the networking devices, which will enable more options to enhance the security.

Devices which are configured with private IP addresses will not be able to communicate with devices which have public IP addresses. As per IANA regulations, private ip addresses are not routable on the internet. This implies that devices on the LAN will not be able to communicate with devices on the public network, directly which is the internet [65].