IS4560 part 6
IS4560: hacking and countermeasure
Project part 6: defense Plan to prevent attack
My defense plan at AHC will include a counter attack from external and internal threats; the vulnerability and security threats that exist inside AHC IT infrastructure. In order the deal with these kinds of threats, we will need to train and create and incident report and handling plan with our IT management. I will also help them to create and implement a more secure and dependable Disaster recovery plan that will be available somewhere offsite. My team will setup an incident guideline and procedure that AHC can follow whenever the system is breach or any kind of natural disaster occurred. Some of these examples are Malware, viruses, worms, Trojans and hacking attacks take place or security breach from an inside employee. The external attackers can be counter by our Intrusion detection systems but can be block by our firewall and Intrusion prevents systems. We will fortify our application securities as well with the implementation of a strong access control list. This is an outline we will Use TCP/IP and IPsec filters for defense in depth. Configure IDS to prevent information disclosure through banner grabbing. Use IDS that can be configured to pick up foot printing patterns and reject suspicious traffic. You can put tight constraints on user inputs. But the best method of preventing SQL injection is to avoid the use of dynamically generated SQL in your code. Instead use stored or canned procedures. Raising security awareness also help members of an organization possess regarding the protection of the physical and especially, information assets of that organization. Many organizations require formal security awareness training for all workers when they join the organization and periodically thereafter, usually annually. I will set the router and firewall ACLs to block all inbound access that is not specifically required, especially to the windows specific ports. Always ensure that
Project part 6: defense Plan to prevent attack
My defense plan at AHC will include a counter attack from external and internal threats; the vulnerability and security threats that exist inside AHC IT infrastructure. In order the deal with these kinds of threats, we will need to train and create and incident report and handling plan with our IT management. I will also help them to create and implement a more secure and dependable Disaster recovery plan that will be available somewhere offsite. My team will setup an incident guideline and procedure that AHC can follow whenever the system is breach or any kind of natural disaster occurred. Some of these examples are Malware, viruses, worms, Trojans and hacking attacks take place or security breach from an inside employee. The external attackers can be counter by our Intrusion detection systems but can be block by our firewall and Intrusion prevents systems. We will fortify our application securities as well with the implementation of a strong access control list. This is an outline we will Use TCP/IP and IPsec filters for defense in depth. Configure IDS to prevent information disclosure through banner grabbing. Use IDS that can be configured to pick up foot printing patterns and reject suspicious traffic. You can put tight constraints on user inputs. But the best method of preventing SQL injection is to avoid the use of dynamically generated SQL in your code. Instead use stored or canned procedures. Raising security awareness also help members of an organization possess regarding the protection of the physical and especially, information assets of that organization. Many organizations require formal security awareness training for all workers when they join the organization and periodically thereafter, usually annually. I will set the router and firewall ACLs to block all inbound access that is not specifically required, especially to the windows specific ports. Always ensure that