|system. The objective is to ensure that only legitimate users can access the system. Three different |
|credentials are PINs(password), ID badge, or biometrics. Authorization: Process of restricting access of |
|authenticated users to specific portions of the system and limiting what actions they are permitted to |
|perform. Access control matrix: shows that access controls of each user or device in your company to see |
|who have what privileges. Best Practice of Passwords: Must have at least 8 characters in length, must have|
|multiple character types (upper-lower case, numbers, and special characters), Randomness (not be words |
|found in dictionary), and changed frequently (every 30 for sensitive of 90 for most users). Physical |
|Access Controls: Only have one unlocked door during business hours (none after hours), safe lock all |
|devices (computers, phones, and PDA devices), and physical access controls must be cost-effective. Access |
|to the wiring used in the org’s LANs needs to be restricted in order to prevent wiretapping. Firewall: |
|behind the border router (connects an orgs information system to the internet), and is either a |
|special-purpose hardware device or software running on a general-purpose computer. The demiliarized is a |
|seperate network that permits controlled access from the internet to selected resources, such as the |
|organizarion’s e-commerce Web server. Intrusion Prevention System: Monitors patterns in the traffic flow, |
|rather than only inspecting individual packets, to identify and automatically block attacks. Examining |
|pattern traffic is often the only way to identify undesirable activity. Intrusion Detection System |
|consists of a set of sensors and a central monitoring unit that create logs of network traffic that was |
|permitted to pass