Host and Application Security: Threats, Risks, and Vulnerabilities

Verified

Added on 2023/06/04

AI Summary

This assignment provides a comprehensive overview of host and application security, focusing on access control mechanisms and their impact on the CIA triad (Confidentiality, Integrity, and Availability). It contrasts access control methods for mitigating threats, risks, and vulnerabilities, including internal and external threats, unauthorized information disclosure, and viruses. The report emphasizes the importance of access control in information security, highlighting its role in restricting unauthorized access to physical and logical systems, ensuring data integrity, and maintaining system availability. Furthermore, it identifies and discusses the necessary components of access control metrics, such as user-facing elements, admin-facing tools, and infrastructure requirements, underscoring the holistic approach required for effective security implementation. Desklib offers a wealth of similar resources for students seeking to deepen their understanding of cybersecurity concepts and practices.

Running head: HOST AND APPLICATION SECURITY
Host and Application Security
Name of the Student
Name of the University
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
HOST AND APPLICATION SECURITY
Table of Contents
Question 1..................................................................................................................................2
Question 2..................................................................................................................................3
Question 3..................................................................................................................................4
Question 4..................................................................................................................................5
Question 5..................................................................................................................................6
References..................................................................................................................................7

2
HOST AND APPLICATION SECURITY
Question 1
Contrasting Access Control for Risks, Threats and Vulnerabilities
i) The access control in respect to threats can be demonstrated for two types of threats,
which are internal threats and external threats. The internal threats occur from the individuals,
who have legalized access like employees or other personnel of a company. It is quite
difficult to prevent or detect them as they have legalized access to the systems (Yang et al.
2013). These insiders could easily misuse the IT resources of that organization for performing
the port scans outside the initiate attacks within that company. Moreover, they could access,
process as well as distribute the unauthorized information such as secret trade and salary. The
best measure for controlling the access of these threats is using passwords within the systems.
The outside intruders are hackers or attackers, who can misuse or attack the systems
or networks (Lee, Chung & Hwang, 2013). The hackers gain the confidential password by
usually running a password cracking application. Using encryption technique for the
messages is the easiest access control for this threat.
ii) Access control for risks like unauthorized disclosure of information, confidential
and sensitive information leading to the loss of credibility, is by involving encryption and
virtual private networks within the organization.
iii) Access control for vulnerabilities such as viruses is the implementation of
firewalls and antivirus software (Yang, Jia & Ren, 2013). The proper implementation of
firewall and antivirus software easily stops the vulnerability without much complexity.

3
HOST AND APPLICATION SECURITY
Question 2
Access Control and its Impact on CIA
Access control is the security technique, which regulates and verifies the utilization of
resources in the computing environment. This is the fundamental concept of security, which
helps in the minimization of risks to the organizations. Two types of access controls are
present, which are physical and logical access control (Mahalle et al., 2013). The physical
access control eventually limits the access to the building networks or physical assets of IT.
The logical access control could also limit the connections to system files, confidential data
and computer networks. For securing any facility, the organizations utilize the systems of
electronic access control for relying on the users’ credentials, auditing and reporting for
tacking the employee access and many others.
Access control has a major impact on confidentiality, integrity and availability or CIA
triad. The security technique of access control ensures that the information is confidential and
is not accessed by the unauthorized users and maintains confidentiality (Ruj & Nayak, 2013).
It also ensures that the data is not changed or altered by the unauthenticated user and hence
integrity is maintained. Access control even ensures that the confidential information is
available for the authorized and hence availability is maintained.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
HOST AND APPLICATION SECURITY
Question 3
Access Control and Level of Importance in Information Security
Access control is the selective access restriction for any resource or asset within any
organization. The information security and physical security are maintained with the help of
access control. The permission for accessing the resource is termed as authorization (Nabeel
& Bertino, 2014). The most important and significant analogous mechanisms of this access
control are login credentials and locks. The respective policy of access control should address
the various security issues. This policy is being implemented by each and every organization
for the purpose of securing their sensitive data.
The access control is extremely important for information security in all companies.
The major objective of access control is minimizing or reducing the risks of unauthorized
access to the physical as well as logical systems. It helps in ensuring that security technology
for the data by providing authentication and authorization (Nintanavongsa, Naderi &
Chowdhury, 2013). All types of organizations, whose employees are connected to the
Internet connection, require access control policy for their data and hence these policies are
extremely important for security of information. Moreover, the catastrophic vulnerabilities
and threats are also prevented with this policy. This feature makes this policy a major
component of information security in any software company.

5
HOST AND APPLICATION SECURITY
Question 4
Requirement of Maintaining Confidentiality, Integrity and Availability
The confidentiality, integrity and availability of the data are easily maintained and the
access control policies are responsible for maintaining these three factors.
Confidentiality is the set of rules, which helps to limit the access of the information
and hence it is made sure that only the authorized and authenticated people are accessing the
data. This confidentiality is roughly equivalent to the privacy of data (Georgiev, Jana &
Shmatikov, 2014). Various measures are undertaken for the purpose of ensuring
confidentiality and hence preventing the sensitive information from reaching out to the wrong
people. The policies of access control restrict the data to the authorized members of any
company and hence the confidentiality is being maintained.
Integrity can be defined as the assurance that states that the information is accurate
and trustworthy. It involves the maintenance of accuracy, trustworthiness and consistency of
the data within the complete life cycle of the data (Lee, Chung & Hwang, 2013). It makes
sure that the data is not altered by the unauthorized people. Access control is the most
significant measure for maintaining this integrity. The cryptographic algorithms are present
within these policies.
Availability makes sure that the information is available for only the authorized
people and hence there is a guarantee of the reliable access for the information (Mahalle et
al., 2013). Access control helps to ensure confidentiality by maintaining the hardware and by
performing hardware repairs immediately whenever required.

6
HOST AND APPLICATION SECURITY
Question 5
Necessary Components of Access Control Metric
Access control helps to secure the confidential information for the users. There are
three important and necessary components of the access control metrics. These three
components are given below:
i) User Facing: This is the first and the foremost component of the access control
metrics (Nabeel & Bertino, 2014). This particular component provides access cards, card
readers as well as access control keypad. These three are extremely important for the user and
these components are for the users.
ii) Admin Facing: The admin facing components are access management dashboard
and integrations or API. The administrator is responsible for controlling these components,
hence providing a proper management of the users.
iii) Infrastructure: The third distinct component of access control metrics is
infrastructure, which provides electric door hardware and access control panels (Ruj &
Nayak, 2013). Without these infrastructures, it is not possible to implement access control
metrics.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
HOST AND APPLICATION SECURITY
References
Georgiev, M., Jana, S., & Shmatikov, V. (2014, February). Breaking and fixing origin-based
access control in hybrid web/mobile application frameworks. In NDSS
symposium (Vol. 2014, p. 1). NIH Public Access.
Lee, C. C., Chung, P. S., & Hwang, M. S. (2013). A Survey on Attribute-based Encryption
Schemes of Access Control in Cloud Environments. IJ Network Security, 15(4), 231-
240.
Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2013). Identity authentication
and capability based access control (iacac) for the internet of things. Journal of Cyber
Security and Mobility, 1(4), 309-348.
Nabeel, M., & Bertino, E. (2014). Privacy preserving delegated access control in public
clouds. IEEE Transactions on Knowledge and Data Engineering, 26(9), 2268-2280.
Nintanavongsa, P., Naderi, M. Y., & Chowdhury, K. R. (2013, April). Medium access control
protocol design for sensors powered by wireless energy transfer. In INFOCOM, 2013
Proceedings IEEE (pp. 150-154). IEEE.
Ruj, S., & Nayak, A. (2013). A decentralized security framework for data aggregation and
access control in smart grids. IEEE transactions on smart grid, 4(1), 196-205.
Yang, K., Jia, X., & Ren, K. (2013, May). Attribute-based fine-grained access control with
efficient revocation in cloud storage systems. In Proceedings of the 8th ACM SIGSAC
symposium on Information, computer and communications security (pp. 523-528).
ACM.

8
HOST AND APPLICATION SECURITY
Yang, K., Jia, X., Ren, K., Zhang, B., & Xie, R. (2013). DAC-MACS: Effective data access
control for multiauthority cloud storage systems. IEEE Transactions on Information
Forensics and Security, 8(11), 1790-1801.