Question

A consulting firm hired you to improve the network security of a Hospital by adding extra services for defence against external attacks.

1. In order to protect classified encrypted data from disclosure and transmission outside of the Hospital network, you need to choose among the following: proper configuration of DMZ, use of strong encryption algorithms, safeguards over keys. State your selection and justify your choice.

2. You want to use a packet firewall to protect the Hospital network but you are hesitant to choose the right location among the following: putting it on the web server at DMZ, putting it along with the IDS server, putting it on the screened subnet with DMZ, or putting it on the domain boundary. Recommend the right answer with justification as to why or why not.

3. Which one of the following can be used to protect a network against unauthorised external connections: VLAN, strong authentication, or an access control list of trusted devices? Justify your answer

Answer 1

1:- In order to protect classified encrypted data from disclosure and transmission outside of the Hospital network we can use strog encryption algorithms because it provides:-

complete data protection :- a complete encryption solution provides businesses and their owners with peace of mind because it protects data in all states – at rest and in transit.

Security Across Multiple Devices :-   with smartphones and other mobile devices gaining popularity in recent years, many companies have struggled to find a solution for keeping the data stored and passed through these devices safe from potential theft. Luckily, data encryption software will allow you to ensure that all data, across any device, is completely encrypted with the same protections in place that you would find in data stored on a desktop computer. Data encryption will help to take an untenable, stressful situation and make it manageable, while providing peace of mind. On top of that, device authentication can eliminate risk of infiltration from unwanted users.

Move Data Securely :- one of the most vulnerable aspects of data emerges during the transport process. While SSL/TLS is the industry standard for data in motion it has many disadvantages for your data security. An effective encryption solution helps to ensure that data is protected at all times, at rest and in motion. Files that are shared or uploaded to cloud systems should be to ensure that the files remain safe throughout the transport process.

Integrity Maintained :- one of the worries that many organizations of all sizes share is whether or not the encryption process will affect the integrity of their data. Although data theft is a very common problem, another way for hackers to commit data fraud is to knowingly alter the data that is available. Encryption keeps your data safe from alterations, and recipients of the data will be able to see if it has been tampered with. Alteration of data is something that many businesses often overlook when they are looking into ways to keep their data safe.

2) The right location to put a firewall packet is the screened subnet with DMZ because in computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a physical or logical subnet that separates an internal local area network (LAN) from other untrusted networks -- usually the public internet. External-facing servers, resources and services are located in the DMZ. Therefore, they are accessible from the internet, but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts a hacker's ability to directly access internal servers and data through the internet.

3) strong authentication can be used to protect a network against unauthorised external connections because Strong authentication is any method of verifying the identity of a user or device that is intrinsically stringent enough to ensure the security of the system it protects by withstanding any attacks it is likely to encounter