Comprehensive Report: Access Control, Security Features, Hardening

Verified

Added on 2021/02/20

AI Summary

This report delves into the critical aspects of access control and network security. It examines the effectiveness of access control mechanisms, emphasizing the importance of user privileges and granular permissions within security architectures. The report explores the effective use of IPSec VPNs, highlighting their role in encrypting and authenticating data packets to ensure secure communication over networks. It also focuses on the process of hardening devices, detailing techniques to minimize vulnerabilities and reduce the attack surface. Furthermore, the report discusses the security features of hardware devices, including firewalls, switches, and routers, and their respective roles in protecting networks from both internal and external threats. The report references various sources, including patents, books, and journals, to support its analysis and conclusions. The report stresses the importance of regular updates and proactive security measures to maintain a robust network defense.

ACCESS CONTROL

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

TABLE OF CONTENTS
Access Control ................................................................................................................................1
Effectiveness of the access control .................................................................................................1
User Privilege ..................................................................................................................................2
Effective use of IPSec VPN.............................................................................................................2
Effectiveness of hardening the devices............................................................................................2
Security features of hardware devices.............................................................................................3
REFERENCES................................................................................................................................5

Access Control
Ii is network filter used by switches and routers for permitting and restricting data inflow
and outflow from network interfaces. Data passing by interface is analysed by network device on
configuration of access control over interface and makes judgement about whether to allow flow
or to restrict it after comparing it with given criteria.
Access control is installed in an organisation for number of reasons like providing initial
security to network. They are used for protecting high speed interfaces in companies where line
speed is essential and for restricting updates to route from networking peers and also for
controlling network traffic (Access Control. 2019). They are not robust or complex like stateful
firewalls than also they are offering significant firewall capability. IT professional should be
capable of protecting networks, assets & data (Dupont, Srinivasan and Andrus, 2016). Placement
of ACL's should be done over external routers for filtering traffic.
Effectiveness of the access control
The advancement of access control requires the company to ensure their effectiveness. For
effective access control company is required to lay down procedure that will be keeping the
software protected for the hackers and other outsiders. Access control should be working
comprehensively in the organisations so that there are no defects in functioning of softwares.
Deep customization are to be performed by company in access control. Access control include
restriction of physical access to the IT devices that can reveal the information about the
company. For the effectiveness of access control systems it should install new methods thata
enhance the existing control.
Company has to ensure regular updation of the control system so that the existing system
do not lose its effectiveness. As the too old access control will be prone to more cyber attacks
breaking the security. Access control system should be easy so that it could be managed
properly. The access control design should have intuitive use so that it can control the data
processing more accurately (Sawhney, Conover and Montague, 2015). For identification,
authorization and authentication of users new credentials should be given so that system can be
accessed by only authorised users. This will prevent the access of data by external users. Access
control systems should be managed regularly by the controlling executives so that loopholes are
identified at their initial stages protecting the security of company.
1

User Privilege
It is general in security architecture that they are having granular and tiered permission
graph of user. It provide the access to users over the complete database but permissions are
required to be gained for running queries and performing daily tasks. In this single user can
connect to number of users to database. Access to one administration over one database can be
given and over 2nd database to other user. Security of the company can be made more granular
by giving access to specific user over tables. A mistake incurred in user privilege and security
can cause the company to suffer huge losses.
Effective use of IPSec VPN
IPSec are network security protocols which encrypts and authenticates data packets send over the
Internet protocols network. For effective mutual authentication among the agents at beginning of
session and for negotiating cryptographic keys used during session. It provides the secures means
through which remote computer are communicating securely across public WAN like internet.
VPN's provide enhanced privacy and security to the company. They are used for encrypting the
traffic sent from and to user which makes it next to impossible for hackers and the attackers to
hack the data encrypted by IPSec VPN (Pathan, 2016). VPN tunnels obscure the IP address of
user so that third parties cannot track online activities of users. They are most effective when
access remote networks is to be made.
Effectiveness of hardening the devices.
In the field of computing, the term hardening refers to the process of providing security to
the system by minimizing the surface of vulnerability. The vulnerability is more when a
particular system performs lot of functions. Reducing the available types of attack mainly
involves changing the default passwords, removing unnecessary software and logins, removal of
unnecessary services etc. There are different ways of hardening systems like Linux and Unix etc.
It may include measures such as developing a patch to Kernel like PaX etc. Hardening the
devices is highly effective in reducing the chances of attack by patching vulnerabilities, turning
off services which are not required, disabling non utilized network ports etc. System hardening
is a combination of techniques, tools and some other best practises that help organization to
reduce vulnerability in applications, firmware, infrastructure, and other major areas. System
hardening helps to reduce the risk of security of the system by eliminating potential vector
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

attacks and also condense the attack surface of the system. It also assists to remove superfluous
programmes, applications, account functions, permissions, ports, access and other things. Due to
hardening of devices, attackers will have fewer chances of gaining a foothold in the ecosystem
of information technology. System hardening requires a methodical method to identify, audit,
close and control the prospective security vulnerabilities throughout the firm (Salman, Li and
Stewart, 2015).
Hardening of devices includes various activities such as application hardening, server
hardening, database hardening, operating system hardening, network hardening etc. System
hardening is required during whole life cycle of the technology starting from initial installation
throughout support, maintenance, configuration to end of life etc. Further, hardening the devices
helps to reduce the attack surface means all prospective flaws and loopholes in technology that
can be exploited by attackers. The vulnerabilities can occur in various forms. Such as default
passwords, other credentials that are stored in files having plain text. It also includes unpatched
software and vulnerability related with firmware, firewalls, switches, routers and ports etc.
which are parts of the infrastructure. Vulnerabilities can be in the form of lack of privileged
access, unencrypted network traffic or data at rest etc.
Hardening the devices offers various benefits to the company. Such as it helps to improve
the functions of system. Since less functions means that, there are fewer chances of issues
related with operations and compromise. Moreover, it also helps to reduce the surface attacks
and translate into low risk of unauthorized access and malware. Other than the above benefits,
system hardening supports the business to simplify auditability and compliance. Fewer programs
are coupled with less complex environment that means there will be more transparency in audit.
Business may follow different practices for hardening the system. Such as carrying out audit of
present technology, developing a strategy for system hardening, automated identification of
vulnerabilities in system etc (Bagheri and Zhao, 2019).
Security features of hardware devices
Firewalls
Firewalls consists of mechanism for controlling access out and in of company. Traditional
technical feature include NAT and port blocking are playing massive part. The security features
of firewall allows and disallows IP addresses through firewalls. It protects the date of company
3

from being hacked by external users as it have advanced tools for protecting the data from
external and internal threats
Security features of switches:
Post security is one of the common feature, it provides protection against CAM table and MAC
spoofing.Storm control is also very popular, it allows a network to prevent against unicast,
broadcast, denial of service and multicast storms. BPDU guard is an important feature which
make sure the rouge switches, loop backed physical ports. This features helps in managing
networks.
Security Router feature:
Enhance parental control: some of the router have an option of content filtering such as phishing,
adult content filtering.Time based restriction: many people leave the connection open all night
but there is an option available to shut off the internet in order to prevent hacking.
4

REFERENCES
Books and Journals
Luft, A., Bienas, M., Choi, H.N. and Hans, M., Apple Inc, 2015. Network access control
methods and apparatus. U.S. Patent 8,965,338.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET.
CRC press.
Sawhney, S., Conover, M. and Montague, B., Symantec Corp, 2015. Systems and methods for
providing network access control in virtual environments. U.S. Patent 8,938,782.
Bagheri, A. and Zhao, C., 2019. Distributionally Robust Reliability Assessment for Transmission
System Hardening Plan Under $ Nk $ Security Criterion. IEEE Transactions on
Reliability. 68(2). pp.653-662.
Dupont, E.P., Srinivasan, S. and Andrus, F.D., BRADFORD NETWORKS Inc, 2016. Network
access control system and method for devices connecting to network using remote access
control methods. U.S. Patent 9,369,299.
Salman, A.M., Li, Y. and Stewart, M.G., 2015. Evaluating system reliability and targeted
hardening strategies of power distribution systems subjected to hurricanes. Reliability
Engineering & System Safety. 144. pp.319-333.
Online
Access Control. 2019.[Online]. Available through :
<https://searchsecurity.techtarget.com/definition/access-control>.
5