Controls to Diminish IS Risks
An assortment of hardware and software is required to build the recommended infrastructure. A managed security service provider (MSSP) administers the hardware and software components (Bass, 2013). The MSSP has the duty to preserve the security infrastructure and monitor it for any relevant occurrences. Every portion of the security hardware executes an indispensable function intended to diminish the risk to the company. The security components establish technical controls that are valuable in tackling identifiable threats to the infrastructure (Bass, 2013).
Firewall access control lists (ACL) labor as a role of the network firewall (Cisco, n.d.). From a practical viewpoint, the firewall establishes a periphery between the public internet and the company’s internal private network (Cisco, n.d.). The firewall safeguards the internal private network with address translation and masks the internal private internet protocol (IP) addresses (Cisco, n.d.). Masking the internal network restricts a hacker’s capacity to ascertain the architecture of the internal private network (Cisco, n.d.). Furthermore, address translation aids in diminishing the quantity of finite public IP address demanded by the company (Bass, 2013). ACLs permit expressly authorized data packets to traverse between the internet and the company’s private network (Cisco, n.d.). Therefore, the firewall handles each packet moving in and out of the company’s internal network and employs the rules defined by the ACL (Cisco, n.d.). On the other hand, if the firewall does not have an ACL rule allowing the traffic, then the firewall releases the information (Bass, 2013). WAFs also operate with network firewalls and ACLs, but safeguard web applications from database injection attacks (SQL injections), cross-site-scripting (XSS), and cross-site-request-forgery (CSRF) attacks (Imperva, n.d.). Appropriately, firewalls, ACLs and WAFs aid in diminishing security risks by defending the company from undesired network communications and safeguarding internal IP addresses (Bass, 2013).
Intrusion Prevention (IP) / Detection Systems (DS)
IP/DS operate with network firewalls and ACLs. Normally, the IP/DS sensor inspects information packets as they pass through the network firewall and enter the company’s internal network (AlienVault, n.d.). The IP/DS evaluates each detected data packet and compares it against a signature library of established malicious traffic (AlienVault, n.d.). The architecture of an IDS/IPS is depicted in (Figure 3). The IDS/IPS blocks the malicious traffic from entering the internal network. If the IP/DS detects a match between a malicious signature and the monitored network packet, it generates an alert in the SIEM for examination by the analytical team (AlienVault, n.d.).
Figure 3. Intrusion Detection (DataComm, 2014)
Additionally, if the prevention system is operational, the firewall dynamically blocks the data...