Discussion-5(Tele)

/in /by

 

Review the NIST Framework document at

Then, create a list of best practices for firewall and VPN man

Response#1 (Leburu)

 

Best Practices for Firewall Rules:

In a firewall rule, the action component decides if it will permit or block traffic. It has an action on match feature. For example, if the traffic matches the components of a rule, then it will be permitted to connect to the network. It is essential to consider the potential security risks when modifying a firewall rule to avoid future issues.      (Agatsuma, S. (2020)

Types of Best Practices: 

formal change procedure:

Firewall rules must be updated for new services and new devices. Before  add or modify any firewall rules, each change that  create requires that  apply the change.

Block traffic by default:

By default, start blocking all traffic, only allowing specific services for the selected services. This approach ensures that the quality of traffic is controlled and reduces the risk of infringement. This behavior is achieved by setting the last rule in the access control list to deny all traffic. This can be done explicitly and indirectly depending on the platform.

Set all explicit firewall rules first:

At the top of the rule base, set the most explicit firewall rules. This is the starting point where traffic is matched. A rule base is established rules that manage what is and what is not permitted through a firewall. Rule bases typically work on a top-down protocol in which the first rule in the list performs its action first. This action is done, so that the traffic permitted by the first rule, will never be assessed by the remainder of the rules.

Set explicit drop rules (Cleanup Rule):

The main purpose of firewalls is to drop all traffic that is not explicitly permitted. As a safeguard to stop uninvited traffic from passing through the firewall, place an any-any-any drop rule Cleanup Rule at the bottom of each security zone context.

Best practices for VPN :

Authentication:

First, if a VPN is the gateway between the network and the Internet, the network is as secure as a VPN. Well-known VPN providers provide security as they wish in the future, but they are just as secure as authentication methods Of course, not only VPN networks.

Latency: 

When properly configured, the VPN can run smoothly without affecting the end user experience. After authentication, employees do not notice its existence. However, diverting all traffic through a third party broker will lead to unavoidable results.

Split Tunneling:

Employees usually have two ways to configure VPN clients. These are complete tunnels and broken tunnels. Throughout the tunnel, all network traffic is forced to pass through the VPN provider, regardless of the destination of the traffic. In a shared tunnel, VPN traffic can only be enforced if the destination is within a private enterprise network. In this way, a shared tunnel separates corporate intranet traffic from private Internet access.

Response#2(Rallabandi)

 

Best practices for firewall

Security:

 Start with Security collect personal information that hold on to information only as long as  have a legitimate business need. Dont use personal information when its not necessary. Make sure  service providers implement reasonable security measures. Insist that appropriate security standards are part of  contracts, and verify compliance, including through cyber security audits of third-party providers.   ( Chaudhary, M. 2020).

Identify:

An organizational understanding to manage cyber security risks to systems, assets, data, and capabilities. This includes understanding the organization’s computer systems and network; the personal information it collects; potential vulnerabilities of the organization’s systems; and the degree of harm that customers may suffer by disclosure of their personal information. By understanding and weighing these risks, an organization can focus and prioritize its cyber security efforts in relation to risk management strategy and business requirements.

Protect:

Implement appropriate safeguards to ensure delivery of critical infrastructure services. This includes providing training to employees regarding cyber security risks and protection; limiting access to systems, data, and assets; using technology to secure data; and maintaining cyber security policies and procedures. Control access to data sensibly, and restrict access to sensitive data. Limit administrative access to non-public information. Require secure passwords and authentication, and insist on complex and unique passwords. This will help guard against brute force attacks. Store passwords securely, e.g., not in plain text in personal email accounts.

Detect:

Implement the appropriate activities to identify when a cyber security event occurred. This includes the monitoring of information systems frequently and testing processes to detect irregular activity. Use industry-tested and accepted methods for cyber security.

Respond:

Develop and implement the appropriate activities to take regarding a detected cyber security event. This includes executing the organization’s processes and procedures concerning a response; coordinating and communicating with internal and external stakeholders regarding the cyber security incident, as well as applicable law enforcement authorities; controlling and mitigating the cyber security incident in an adequate response time; and revisiting the organization’s processes and procedures to incorporate lessons learned from the cyber security incident. Review the law of each state in which  company does business and in which it has customers, as  will need to comply with each state’s various cyber security notification laws.

Recover:

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were affected due to the cyber security incident. The goal is to help an organization timely recover to normal operations and to minimize the impact of the cyber security incident on the organizations internal and external stakeholders.

Best Practices for VPNs

Only use VPN access when there is a business need. According to NIST (2018), as specified under subcategory PR.AC-3, remote access is to be managed.

Use MFA. Devices that connect to  networks can be used for great harm. MFA should be required for all VPN connections to ensure that only authorized users and devices are connected.

Use only modern and robust VPN protocols. Use of insecure protocols such as PPTP put  network at risk.

Allow only authorized devices to connect via a VPN. Dont let  user connect with their home PC, issue them a company laptop instead. This way the device can still be controlled and protected by the companys IT department.

Question And Answer

/in /by

 

  • What is meant by a SICK country and what do they have in common?
  • Michael Anti in the video Behind the Great Firewall of China stated that the Chinese government and Chinese internet users are like the cat and mouse metaphor. What did he mean by that?
  • Do you think China, Iran, and other countries have the right to censor or control Internet content in their own countries? 
  • Does the United States government censor Internet content?
  • What about the censorship of pornography and hate speech? 
  • Do you think Google and the NSA are in cahoots?
  • Are we too dependent on the Internet?
  • What is the Internet of Things (iot)? Is it a good thing? Is there a dark side to it?
  • Research an iot security breach and tell the class about it. List references.

Much Community Scenario

/in /by

***ALL instructions and some references needed are below. Zero plagiarism and reputable sources only***

-Develop a lead poisoning education and prevention program for a mock community with a richly diverse population and a variety of potential sources of lead exposure. Details of this mock community are bulleted below.

Characteristics of Interest for Mock Community:

Older city
Population of 200,000
Population demographics. (55% white,  35% African American,  5% Hispanic, 5% Other)
Socioeconomic levels are variable.
Community and neighborhood factor large in residents sense of identity, which is true across socioeconomic levels
Public housing community with apartments built in the 1950s
Older historic section of the city undergoing renovation-gentrification 
Ongoing urban renewal efforts spearheaded by city and community leaders to re-purpose abandoned spaces, including creating play grounds, parks, and community gardens.
Instructions:

Based on the above characteristics:

Identify 3 community groups or populations potentially at risk for lead exposure. For each of the three groups, Identify 2 potential sources for lead exposure and for each of these identify cultural values and practice in a community that would be relevant to the design of a lead poisoning and education prevention programs. As youre working through the assignment, there could be overlap between groups and sources of exposure and this is fine; just be sure to explain the relevance of the associations for each. The goals here is to demonstrate your understanding and awareness of how cultural values and practices in a community are relevant to the design of a public health program.

Discuss briefly (a  few sentences or a short paragraph each would be sufficient) how each cultural value and practices in a community are relevant to program design. Present your information in a bulleted essay or in a table format. Additionally, please cite source material as appropriate- using APA style. 

Remember: Youre not actually designing a lead poisoning education and prevention program for submission; youre only identifying cultural values and practices in a community that would have relevance to the design and implementation of your program.

CDC https://www.cdc.gov/nceh/lead/default.htm

Lead Safe Virginia http://www.vdh.virginia.gov/leadsafe/

World Health Organization:  https://www.who.int/news-room/fact-sheets/detail/lead-poisoning-and-health

Nursing and Legislation

/in /by

Nurses often become motivated to change aspects within the larger health care system based on their real-world experience. As such, many nurses take on an advocacy role to influence a change in regulations, policies, and laws that govern the larger health care system.

Identify a problem or concern in your state, community, or organization that has the capacity for advocacy through legislation. Research the issue and use the “Advocacy Through Legislation” template to complete this assignment.

Sample Solution

The post Nursing and Legislation appeared first on homework handlers.