Week 3 Discussion – Network Failure

Learn from the resources from this week and any additional references. Use the citation rule. Number the answers. Answer the following questions.

Question 1. Explain three causes of network failure and how to prevent them. Number these causes (e.g. number them as i, ii, iii, etc.) so that I can differentiate these causes in your answer

Question 2. Discuss the ways to test the network to prevent failure.

Question 3. From your research, share one technical tool (either open-source and publicly available or a commercial product) that can be used to prevent network failure. Investigate this tool and share your findings on its purpose, how it might be used. It is not expected for you to be an expert but this gives you an opportunity to explore a tool. For your own interest, you may consider downloading the tool of your choice and explore it further.

Reply to 3 classmates with references.

Here is 1:

Jeffery

1. Explain three causes of network failure and how to prevent them.

a. Inadequate training – Employees who are not consistently reminded of the pitfalls of neglecting to observe basic cyber security are at a much higher risk of “forgetting something” or “not paying attention”. It only takes one unwitting employee to fall victim to a social engineering scheme or click the wrong link. At minimum, mandatory annual security training, will do wonders for network security. In some cases, such as with technical personnel within most DoD programs, folks are required to obtain a base level cyber security certification, such as CompTia Security+ or ISC2 CISSP.

b. Bad configuration management – When organizations do not keep their hardware drivers operating systems, and software applications up to date, or they don’t keep a detailed inventory of all network devices, they are at great risk of a breach. In time, attackers get really good at breaking into specific versions of software. If those operating systems, drivers, or applications are deprecated and no longer serviced by the vendor’s organization, those packages are often very vulnerable to attack, as there are no longer any patches or updates released for them. The same applies for many network devices. It helps to maintain a proper configuration management schema; know what you have and when it needs to be updated or patched.

c. Vetting employees and vendors / personnel management– While some of the most notorious insiders in history were very trustworthy and highly trusted, (Edward Snowden, anyone?) one cannot overlook the backgrounds of those with whom you do business. The vendor hoping to sell you a brand new security suite might be trying to sell you a brand new way for their criminal organization to wipe yours and your customers’ bank accounts clean. In addition, that person you may like a lot and want to hire could be looking for a new target. It isn’t possible to entirely eliminate the insider threat, but policies such as separation of duties, access control, and rotation of duties, can go a long way in preventing the insider threat.

2. Testing a network is a comprehensive and intensive process. Before one can successfully test a network, some type of configuration management and system accreditation and certification must exist. First, understanding your network’s security needs is paramount. Implementing an organizational certification schema such as NIST, ISO, or CMMI is very helpful in understanding what you must do to first harden your network, then to understand what you must do to keep it hardened. Regular audits by an external entity are more than helpful. Many end-point security packages (anti-virus) are available to test machines daily, and suites such as Splunk are available to analyze patterns in network traffic for anomalies. SCAP and Fortify are also great tools for network and application vulnerability scanning.

3. Tripwire is a configuration management testing tool, which is very useful in automatically testing the security of a system’s configuration. The vast majority of data exposure occurs due to errors made by users and operators in both configuration and practice. Utilizing Tripwire allows an organization to constantly scan networks for improper configurations. This can benefit an organization by telling them that they have a problem before the bad guys find it. However, knowing that you have a problem isn’t enough; you must actually fix it.