Question

What unstated requirements are there, and what method(s) would you use to collect a more comprehensive set of requirements? Develop a Word document that describes all of the requirements and explains how they would be met using hardware, software, networking, and security. In other words, summarize the elements of the solution that are necessary to address the requirements. Support your proposal.

The document should be APA-formatted.

Answer 1

hardware security

Hardware security as a system created through cryptography architecture includes hardware design, access control, secure MLS account, secure key storage, code integrity assurance and measures to ensure that the product supply chain built is secure among other things.

Hardware Security Unit (HSM) is a physical computing device that protects and manages digital keys for strong authentication and provides cryptographic processing. These modules typically come in the form of a plug-in card or an external device that connects directly to a computer or a network server.

Backdoors devices are backdoors in hardware. Conceptually related, the Trojan hardware (HT) is a malicious electronic system modification, especially in the context of an integrated circuit.

The non-cloning physical function (PUF) is a physical entity that is materialized and easy to assess but difficult to predict. Moreover, the individual PUF must be easy but virtually impossible to reproduce, even if we consider the precise manufacturing process that produced it. In this regard is analog devices of one-way function. The "non-cloning physical function" name may be a little misleading because some PUFs are cloned, and most PUFs are noisy and therefore do not meet the functionality requirements. Today, PUFs are typically implemented in integrated circuits and are typically used in applications with high security requirements.

software security

Software security is an idea implemented to protect software against malicious attack and other hacker risks so that the software continues to function correctly under such potential risks. Security is necessary to provide integrity, authentication and availability

Various Types of Software Security are:

Cyber Security Solutions: Security solutions for networks, servers, and applications against potential external security threats, including viruses, worms, and hackers.

Network Security Services: It includes security features such as multi factor authentication, One time password and SSH File Transfer Protocol (SFTP)

Business Security Services: security solutions facilitates scalability with dedicated servers for fast performance and reliability, and a private cloud for ultimate control.

Mobile Enterprise Security Solutions: Mobile security services which prevent fraud protection capabilities for mobile devices.

IT Security Services: IT security services and use technologies such as MyBatis (iBATIS), SiteMinder SSO, Auth0, and Armor (Firehost)

The only way to avoid various fraud attacks is to contact to a best cyber security software solutions provider who can deliver best System-level security using better firewalls

Proper software security helps detect security issues as well as, defend the application from any external vulnerabilities.
It is important for every web application developer to be trained in applictaion security. After all, according to a report from Trustwave - 2018 Global Security Report (100% of Web Apps Contain Vulnerabilities) 100% of all web applications contain at least one vulnerability.

Certified Ethical Hacker - InfoSec Cyber Security Certification would be an ideal choice to hone your penetration testing skills through their VAPT track - Certified Ethical Hacker - CEH Certification | EC-Council, EC-Council Certified Security Analyst - ECSA | EC-Council, and Advanced Penetration Testing Program – LPT (Master) | EC-Council. As for Application security, EC-Council is also releasing an all-new certification and training application security program - Certified Application Security Engineer (CASE) - which is said to be the most comprehensive application security training program, ranging from pre-deployment to post-deployment security techniques/measures
This program will be launching on the 20th of June and registrations are open to only a few select application development professional

network security:-

Network security is an organization's strategy and provisions for ensuring the security of its assets and of all network traffic. It is typically handled by a network administrator or system administrator who implements the security policy, network software and hardware needed to protect a network and the resources accessed through the network from unauthorized access. This system is typically on layers of protection and consists of multiple components including networking monitoring and security software.

etwork security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users, and programs to perform their permitted critical functions within a secure environment.

Definitions are fine as top-level statements of intent. But how do you lay out a plan for implementing that vision? Stephen Northcutt wrote a primer on the basics of network security for CSOonline over a decade ago, but we feel strongly that his vision of the three phases of network security is still relevant and should be the underlying framework for your strategy. In his telling, network security consists of:

• Protection: You should configure your systems and networks as correctly as possible
• Detection: You must be able to identify when the configuration has changed or when some network traffic indicates a problem
• Reaction: After identifying problems quickly, you must respond to them and return to a safe state as rapidly as possible

This, in short, is a defense in depth strategy. If there's one common theme among security experts, it's that relying on one single line of defense is dangerous, because any single defensive tool can be defeated by a determined adversary. Your network isn't a line or a point: it's a territory, and even if an attacker has invaded part of it, you still have the resources to regroup and expel them, if you've organized your defense properly.

Network security methods

To implement this kind of defense in depth, there are a variety of specialized techniques and types of network security you will want to roll out. Cisco, a networking infrastructure company, uses the following schema to break down the different types of network security, and while some of it is informed by their product categories, it's a useful way to think about the different ways to secure a network.

[ Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial! ]

• Access control: You should be able to block unauthorized users and devices from accessing your network. Users that are permitted network access should only be able to work with the limited set of resources for which they've been authorized.
• Anti-malware: Viruses, worms, and trojans by definition attempt to spread across a network, and can lurk dormant on infected machines for days or weeks. Your security effort should do its best to prevent initial infection and also root out malware that does make its way onto your network.
• Application security: Insecure applications are often the vectors by which attackers get access to your network. You need to employ hardware, software, and security processes to lock those apps down.
• Behavioral analytics: You should know what normal network behavior looks like so that you can spot anomalies or breaches as they happen.
• Data loss prevention: Human beings are inevitably the weakest security link. You need to implement technologies and processes to ensure that staffers don't deliberately or inadvertently send sensitive data outside the network.
• Email security: Phishing is one of the most common ways attackers gain access to a network. Email security tools can block both incoming attacks and outbound messages with sensitive data.
• Firewalls: Perhaps the granddaddy of the network security world, they follow the rules you define to permit or deny traffic at the border between your network and the internet, establishing a barrier between your trusted zone and the wild west outside. They don't preclude the need for a defense-in-depth strategy, but they're still a must-have.
• Intrusion detection and prevention: These systems scan network traffic to identify and block attacks, often by correlating network activity signatures with databases of known attack techniques.
• Mobile device and wireless security: Wireless devices have all the potential security flaws of any other networked gadget — but also can connect to just about any wireless network anywhere, requiring extra scrutiny.
• Network segmentation: Software-defined segmentation puts network traffic into different classifications and makes enforcing security policies easier.