Security Technology Discussion
Week 6 Inital Post
"Identify and discuss two security technologies and the context in which they can be employed."
Due to some networks' complexity and requirements, designing a network and its security requires simplicity, usability, maintainability, and incentives. Firewalls and Intrusion Detection Systems (IDS) are used to monitor, analyse, and filter harmful network-based attacks. Implementations of firewalls can be simplified, however, in larger organisations, it is popular to have many networks but smaller ones. For example, separating departments and using shared central services for logging (Anderson, 2021). If threat actors often find backdoors into the network and send illegitimate requests a circuit gateway firewall is recommended. These work at the session layer of the OSI model by monitoring TCP handshaking and determining the legitimacy of requests, while sitting between the application layer and transport layer of the TCP/IP stack (Dandamudi, 2015).
Firewalls are essential and reliable security options, they act as boundary control and maintain the CIA triad. Keeping threats out and keeping bad aspects in, as seen in egress filtering in the military (Gkioulos, 2018). Firewalls are easy to implement on a small scale and can simultaneously function as very complex robust defences for large organisations. If an organisation is large enough there may be internal compromise while using cloud technology, the perimeter of the organisation's network will be the wrong location for primary protection. In addition, central installations in large organisations are costly and people could install their own backdoors to bypass the firewall.
A firewall is a preventive control function, and intrusion detection systems are detective control functions (Walkowski, 2019). IDS detect misuse from authorised users of the systems or by external parties. It receives data from system configuration and information gained from previous detections, it also receives information from audits and sends the information it has processed to initiate an audit. IDS works well in conjunction with firewalls, IDS processes information from the system that the firewall protects. An example of its implementation is packet sniffing for denial-of-service attacks. Stateless pattern matching and signature analysis of the packet can mean an IDS performs very quickly. A drawback of this is it’s more difficult to identify the culprit with network-specific attacks in a good enough time window when an intrusion has been detected, combined with encryption a deeper analysis of the packets is restricted (Debar, 2009).
Works Cited
Anderson, R., 2021. Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition. s.l.:WIley.
Debar, H., 2009. An Introduction to Intrusion-Detection Systems, s.l.: ResearchGate.
Walkowski, D., 2019. What Are Security Controls?. [Online] Available at: https://www.f5.com/labs/learning-center/what-are-security-controls[Accessed 26 October 2022].
Dandamudi, S. and Eltaeib, T., 2015. Firewalls implementation in computer networks and their role in network security. Journal of Multidisciplinary Engineering Science and Technology (JMEST), 2(3).
Gkioulos, V., Gunleifsen, H. and Weldehawaryat, G., 2018. A Systematic Literature Review on Military Software Defined Networks. Future Internet, [online] 10(9), p.88. https://doi.org/10.3390/fi10090088.