Access Control Essay
In this scenario, the fitness club was hacked from an unknown source. The fitness club has contracted Malcom Testing Solutions to do penetration tests and find any vulnerabilities along with make some security changes to prevent this issue from happening again. The security policies need to be changed as far as account management. For starters, the security policies for account management need to be updated. The user’s password needs to changed every 90 days. Any employee that has remote access should have a token key on a USB drive that provides the user’s credentials. When an employee retires, quits, or gets fired, they accounts should be locked until IT administrators can go through the account. If the employee had a USB token for remote access, it should be taken back by the IT personnel to prevent unauthorized remote access. Penetration testing should be done to test the network for vulnerabilities. There are several types of penetration testing. “An automated port based scan is generally one of the first steps in a traditional penetration test because it helps obtain a basic overview of what may be available on the target network or host. Port based scanners check to determine whether a port on a remote host is able to receive a connection.
Generally, this will involve the protocols which utilize IP (such as TCP, UDP, ICMP, etc.), However, ports on other network protocols could be present as well dependent on the environment (for example, it’s quite common in large mainframe environments for SNA to be in use). Typically, a port can have one of two possible states: open – the port is able to receive data and closed – the port is not able to receive data. A service based vulnerability scanner is one which utilizes specific protocols to communicate with open ports on a remote host, to determine more about the service that is running on that port. This is more precise than a port scan, because it does not rely on the port alone to determine what service is running. For example, a port scan may be able to identify that TCP port 8000 is open on a host, but it will not know based on that information alone what service is running there. A service scanner would attempt to communicate with the port using different protocols.
If the service running on port 8000 is able to correctly communicate using HTTP, then it will be identified as a web server. Lastly, banner grabbing is the process of connecting to a specific port and examining data returned from the remote host to identify the service/application bound to that port. Often in the connection process, software will provide an identification string which may include information such as the name of the application, or information about which specific version of the software is running.” (“Vulnerability Analysis,” 2014) After the penetration testing, the system can be updated to mitigate any vulnerabilities that were found. Firewall changes, IP addresses can be allowed or denied, and software updates are some simple changes that can be made to make a network system more secure.
Vulnerability Analysis. (2014, August 16). http://www.pentest-standard.org/. Retrieved from http://www.pentest-standard.org/index.php/Vulnerability_Analysis
Study Acers provides students with tutoring and help them save time, and excel in their courses. Students LOVE us!No matter what kind of essay paper you need, it is simple and secure to hire an essay writer for a price you can afford at StudyAcers. Save more time for yourself. Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more