Question

Explain the intent or meaning of the phrase “defense in depth”, especially noting what the three...

  1. Explain the intent or meaning of the phrase “defense in depth”, especially noting what the three key elements of defense in depth are and providing an example of a failure in each domain.

    1. Define defense in depth:

    2. Domain 1:

    3. Domain 2:

    4. Domain 3:

    5. Failure in Domain 1:

    6. Failure in Domain 2:

      G. Failure in Domain 3:

  1. Describe the four common methods for cracking hashed passwords as discussed in the presentation on the topic.

Homework Answers

Answer #1

Defense in depth is a strategy using multiple security measures to protect the integrity of information. This way of thinking is used to cover all angles of business security - intentionally being redundant when necessary. If one line of defense is compromised, additional layers of defense are in place to ensure that threats don’t slip through the cracks. This method addresses the security vulnerabilities that inevitably exist in technology, personnel, and operations within a network.

Today’s cyberthreats are evolving and growing rapidly. Defense in depth is a solid, comprehensive approach to utilizing a combination of advanced security tools to protect critical data and block threats before they reach endpoints. Endpoint protection, including antivirus and firewalls, are still instrumental elements of complete security; however, a defense in depth strategy is seeing significant adoption as these methods of network security alone are no longer enough.

The concept of defense in depth takes cybersecurity a step further by acknowledging the macro controls needed for ultimate protection including physical, technical, and administrative aspects of the network.

These three controls build the architecture of a defense in depth strategy:

Physical Controls are the security measures that protect IT systems from physical harm. Examples of physical controls include security guards and locked doors.

Technical Controls are the protection methods that secure network systems. Hardware, software, and network level protection is included within a company’s specific technical controls. Cybersecurity efforts including layered security live in this category.

Administrative Controls are the policies and procedures put in place by an organization, directed at the employees. Training employees to make certain to label sensitive information as “confidential” or keep private files in proper folders are examples of administrative control.

Layered security architecture:

The top ten password-cracking techniques used by hackers:

1. Dictionary attack

The dictionary attack uses a simple file containing words that can be found in a dictionary, hence its rather straightforward name. In other words, this attack uses exactly the kind of words that many people use as their password.

2. Brute force attack

Similar to the dictionary attack, the brute force attack comes with an added bonus for the hacker. Instead of simply using words, a brute force attack lets them detect non-dictionary words by working through all possible alpha-numeric combinations from aaa1 to zzz10.

3. Rainbow Table Attack

Rainbow tables aren’t as colorful as their name may imply but, for a hacker, your password could well be at the end of it. In the most straightforward way possible, you can boil a rainbow table down into a list of pre-computed hashes – the numerical value used when encrypting a password. This table contains hashes of all possible password combinations for any given hashing algorithm. Rainbow tables are attractive as it reduces the time needed to crack a password hash to simply just looking something up in a list

4. Phishing

There’s an easy way to hack: ask the user for his or her password. A phishing email leads the unsuspecting reader to a faked log in page associated with whatever service it is the hacker wants to access, requesting the user to put right some terrible problem with their security. That page then skims their password and the hacker can go use it for their own purpose.

5. Social engineering

Social engineering takes the whole “ask the user” concept outside of the inbox that phishing tends to stick with and into the real world.

6. Malware

A keylogger, or screen scraper, can be installed by malware which records everything you type or takes screenshots during a login process, and then forwards a copy of this file to hacker central.

7. Offline cracking

It’s easy to imagine that passwords are safe when the systems they protect lock out users after three or four wrong guesses, blocking automated guessing applications. Well, that would be true if it were not for the fact that most password hacking takes place offline, using a set of hashes in a password file that has been ‘obtained’ from a compromised system

8. Shoulder surfing

The most confident of hackers will take the guise of a parcel courier, aircon service technician, or anything else that gets them access to an office building.

9. Spidering

Savvy hackers have realized that many corporate passwords are made up of words that are connected to the business itself. Studying corporate literature, website sales material, and even the websites of competitors and listed customers can provide the ammunition to build a custom word list to use in a brute force attack.

10. Guess

The password crackers’ best friend, of course, is the predictability of the user. Unless a truly random password has been created using software dedicated to the task, a user-generated ‘random’ password is unlikely to be anything of the sort.

Concept: Failure Domain

With a high-level view of a layered application stack with dependencies running from top to bottom:

In order to be independent, failure domains must not share resources, even (or especially) ‘generic’ ones like network or power. Since network and power are common sources of faults, fault boundaries often align to physical structural elements such as buildings, rooms, racks, and power supplies.

When there is a problem with that shared resource, users will experience it as there’s no way for the larger system to contain the failure to a portion of the system. The network backplane is shared by 100% of hosts, so 100% of application instances will be affected.

You could redeploy your system across these three datacenters, ensuring data is available in at least two DCs:

Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
provide 3-4 paragraphs post (team 2) 1-What are 4 key things you learned about the topic...
provide 3-4 paragraphs post (team 2) 1-What are 4 key things you learned about the topic from reading their paper? 2-How does the topic relate to you and your current or past job? 3-Critique the paper in terms of the organization and quality.1- Employee Stress and how it has an Adverse Effect on a Company This paper explores employee stress and how it has an adverse effect on a company, its employees and the organization. Job stress can have a...
What role could the governance of ethics have played if it had been in existence in...
What role could the governance of ethics have played if it had been in existence in the organization? Assess the leadership of Enron from an ethical perspective. THE FALL OF ENRON: A STAKEHOLDER FAILURE Once upon a time, there was a gleaming headquarters office tower in Houston, with a giant tilted "£"' in front, slowly revolving in the Texas sun. The Enron Corporation, which once ranked among the top Fortune 500 companies, collapsed in 2001 under a mountain of debt...
Team 5 answer the questions What are 4 key things you learned about the topic from...
Team 5 answer the questions What are 4 key things you learned about the topic from reading their paper? How does the topic relate to you and your current or past job? Critique the paper in terms of the organization and quality. Incentive Systems             In this paper, we will focus primarily on financial rewards that companies use to attract, retain and motivate the brightest and most talented candidates in the labor market. By providing a reward system that...
Please read the article and answear about questions. Determining the Value of the Business After you...
Please read the article and answear about questions. Determining the Value of the Business After you have completed a thorough and exacting investigation, you need to analyze all the infor- mation you have gathered. This is the time to consult with your business, financial, and legal advis- ers to arrive at an estimate of the value of the business. Outside advisers are impartial and are more likely to see the bad things about the business than are you. You should...
Discuss ethical issues that can be identified in this case and the mode of managing ethics...
Discuss ethical issues that can be identified in this case and the mode of managing ethics Enron finds itself in this case. How would you describe the ethical culture and levels of trust at Enron? Provide reasons for your assessment. THE FALL OF ENRON: A STAKEHOLDER FAILURE Once upon a time, there was a gleaming headquarters office tower in Houston, with a giant tilted "£"' in front, slowly revolving in the Texas sun. The Enron Corporation, which once ranked among...
The Business Case for Agility “The battle is not always to the strongest, nor the race...
The Business Case for Agility “The battle is not always to the strongest, nor the race to the swiftest, but that’s the way to bet ’em!”  —C. Morgan Cofer In This Chapter This chapter discusses the business case for Agility, presenting six benefits for teams and the enterprise. It also describes a financial model that shows why incremental development works. Takeaways Agility is not just about the team. There are product-management, project-management, and technical issues beyond the team’s control. Lean-Agile provides...
Delta airlines case study Global strategy. Describe the current global strategy and provide evidence about how...
Delta airlines case study Global strategy. Describe the current global strategy and provide evidence about how the firms resources incompetencies support the given pressures regarding costs and local responsiveness. Describe entry modes have they usually used, and whether they are appropriate for the given strategy. Any key issues in their global strategy? casestudy: Atlanta, June 17, 2014. Sea of Delta employees and their families swarmed between food trucks, amusement park booths, and entertainment venues that were scattered throughout what would...
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT