Question

In: Computer Science

A consulting firm hired you to improve the network security of a Hospital by adding extra...

A consulting firm hired you to improve the network security of a Hospital by adding extra services for defence against external attacks.

1. In order to protect classified encrypted data from disclosure and transmission outside of the Hospital network, you need to choose among the following: proper configuration of DMZ, use of strong encryption algorithms, safeguards over keys. State your selection and justify your choice.

2. You want to use a packet firewall to protect the Hospital network but you are hesitant to choose the right location among the following: putting it on the web server at DMZ, putting it along with the IDS server, putting it on the screened subnet with DMZ, or putting it on the domain boundary. Recommend the right answer with justification as to why or why not.

3. Which one of the following can be used to protect a network against unauthorised external connections: VLAN, strong authentication, or an access control list of trusted devices? Justify your answer.

Solutions

Expert Solution

1.).

To protect the encrypted data from disclosure and transmission outside of the hospital network we need to first configure the dmz properly so that any insecure connections is mitigated when the data access request comes to the dmz. Games and wale query e the internal database on behalf of the external client which will act as an extra layer of security. Apart from all of this, a hacker might still get access to the internal database and sensitive data so so strong encryption will be of an added advantage over the DMZ.

2.).

Packet firewall is a type of firewall which district or allowed the packet at the network layer. It means that the packet firewall will check for IP address before allowing or disallowing the packet inside the network. The packet firewall should be kept at a position outside of network boundry which will initially filter all the unwanted packet and the packet now you must move towards the network boundary. Installing firewall on the web server will protect the web server only and it will not protect the unauthorised traffic towards other service such as file server, email server or other network devices such as switch and router inside the network. Packet firewall can be put on the DMZ boundary containing Web Server to isolate web server and filter traffic towards DMZ and Internal LAN.

Placing firewall aside the DMZ:

Therefore the best position to place firewall is on the domain boundary. A secondary firewall may be put aside DMZ to protect malicious access to internal router or file server. This way, most of the attacks are mitigated at the DMZ and External firewall only.

Therefore, primary firewall can be put on the domain boundary and secondary firewall, if required can be put aside the DMZ for an extra added layer of security.

3.).

To protect the network against an unauthorised access through external connections, the best option to consider is strong authentication. The actual motive and purpose of the authentication is by itself protecting any un-authorized access to the resources on the network. The primary purpose of Vlan is to logically subdivide a network into virtual subnetworks so as to reduce the network traffic OK then the whole network architecture and same is the primary purpose for Access control list. They are mainly for reucing the overall network traffic.

Access control list determines restrictions on network port, network interface, IP address, and based on other criteria like protocol to allow or disallow relevant packet within an network boundary but they can be exploited too since a hacker may use some spoofed IP address or port numbers which are allowed on on an access list to access the resources in the network boundary. And same can be happening to Vlan. Therefore strong authentication is the best alternative among the all three.


Related Solutions

A consulting firm hired you to improve the network security of a Hospital by adding extra...
A consulting firm hired you to improve the network security of a Hospital by adding extra services for defence against external attacks. 1. In order to protect classified encrypted data from disclosure and transmission outside of the Hospital network, you need to choose among the following: proper configuration of DMZ, use of strong encryption algorithms, safeguards over keys. State your selection and justify your choice. 2. You want to use a packet firewall to protect the Hospital network but you...
You are a Network and security engineer for the XYZ Consulting Corporation, which is a leading...
You are a Network and security engineer for the XYZ Consulting Corporation, which is a leading network designer and security provider for the small-scale offices. As the Network and security engineer you are required to perform the following tasks. Task 1: Propose a network design for small scale office (Ex: Business type, departments, building plan). You are free to assume the name of the office and number of staffs ➢ Purpose of the Project ➢ Network overview (ex: connecting PCs,...
Marshall Inc. recently hired your consulting firm to improve thecompany's performance. It has been highly...
Marshall Inc. recently hired your consulting firm to improve the company's performance. It has been highly profitable but has been experiencing cash shortages due to its high growth rate. As one part of your analysis, you want to determine the firm's cash conversion cycle. Using the following information and a 365-day year, what is the firm's present cash conversion cycle?Average inventory = $75,000Annual sales = $600,000Annual cost of goods sold = $360,000Average accounts receivable = $180,000Average accounts payable = $54,000
Marshall Inc. recently hired your consulting firm to improve the company's performance. It has been highly...
Marshall Inc. recently hired your consulting firm to improve the company's performance. It has been highly profitable but has been experiencing cash shortages due to its high growth rate. As one part of your analysis, you want to determine the firm's cash conversion cycle. Using the following information and a 365 day year, what is the firm's present cash conversion cycle? Enter your answer rounded to two decimal places. For example, if your answer is 123.45% or 1.2345 then enter...
Case: Northridge Security Consultants, a security consulting company that specializes in network security for businesses, has...
Case: Northridge Security Consultants, a security consulting company that specializes in network security for businesses, has been using you as an outside contractor to provide research and customer service for their clients. A landscaping business, Sunset Landscapers, has contracted with NSC to help them implement cryptography to protect all documents and transmissions throughout their network. They have over twenty locations nationwide. NSC has found that even though the company would like this technology, the IT Director is resistant to any...
You were hired as the manager for network services at a medium-sized firm. This firm has...
You were hired as the manager for network services at a medium-sized firm. This firm has 3 offices in 3 American cities. Recently, the firm upgraded its network environment to an infrastructure that supports converged solutions. The infrastructure now delivers voice, data, video, and wireless solutions. Upon assuming the role of network manager, you started reviewing the documentation and policies in place for the environment to ensure that everything is in place for the upcoming audit. You notice that a...
A company is interested in the satisfaction of their employees, so they hired a consulting firm...
A company is interested in the satisfaction of their employees, so they hired a consulting firm to conduct an in-house study. Employees were classified into three categories (support staff, analysts and executives) and asked if they felt the company had a healthy work environment. The data: Yes No Support staff 9 32 Analysts 14 37 Executives 12 5 You're interested in whether employee classification has anything to do with attitudes about work environment. For step 1, instead of re-writing this...
You have been hired as a security consultant for a law firm. Which of the following...
You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats to the firm? A) Wireless Network B) Employees C) Authentication procedures D) Lack of data encryption
Assume that you have just been hired by Adams, Garitty, and Evans (AGE), a consulting firm...
Assume that you have just been hired by Adams, Garitty, and Evans (AGE), a consulting firm that specializes in analyses of firms’ capital structures. Your boss has asked you to examine the capital structure of Campus Deli and Sub Shop (CDSS), which is licates adjacent to the campus. According to the owner, sales were $1,350,000 last year, variable costs were 60% of sales, and fixed costs were $40,000. As a result, EBIT totaled $500,000. Because the university’s enrollmenr is capped,...
7. In order to improve the network performance and security, ACLs is recommended. Please explain what...
7. In order to improve the network performance and security, ACLs is recommended. Please explain what is the ACL ? 8. How can ACLs help with the required tasks? 9. What are the principles of applying ACLs? 10. How to block VLAN 10 to visit ISP? Please write down the ACL statement(s) accordingly
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT