Network Defense Fundamentals

Network Defense Fundamentals

Compare and contrast an insider threat to an external threat. Describe in detail the steps to take to mitigate both threats.

An insider threat is when an individual is working with the most secret information for their organization. They can expose the firm from within based upon the release of classified materials. While an external threat, is when a person or a group is trying to break into the material contained within an organization's database. The differences are that one threat involves someone using their inside knowledge to steal data from a particular organization. (Cole, 2006, pp. 3- 48)

To mitigate these threats an all-encompassing protocol must be used. This means that any kind of strategy must focus on dealing with internal and external threats simultaneously. As a result, the following steps must be utilized during the process to include:

Step 1: Building a series of firewalls, second, third and fourth tier blocks. Each one of these areas will be interconnected with each other. In the event that someone is able to breach a security block, this will isolate and analyze the threat. When this happens, an established security protocol is in place to deal with a host of external challenges. (Cole, 2006, pp. 3- 48)

Step 2: Create internal security blocks. During this process is when a series of procedures will be created to protect the usage of classified material. These include: having various scanners, locks, passwords and a way of tracking the data that is requested. In the event that there is a sudden request or unusual activity, is the moment investigators should be notified. This will prevent any kind of leaks from escalating into major security breaches. (Cole, 2006, pp. 3- 48)

Step 3: Next, effective training must be conducted of staff members. During this process, is when they will learn about possible warning signs and how to deal with these threats. This will help to improve monitoring and it will increase the ability to quickly identify threats while they are small. (Cole, 2006, pp. 3- 48)

Step 4: Continuous monitoring. In this step there will be a focus on watching for any kind of threats. This is when a series of red flags will be used to identify and isolate threats early. If this kind of approach is utilized, it will help to minimize security breaches and their impact on the firm. (Cole, 2006, pp. 3- 48)

What is the reason you want to remove unused or unneeded services and protocols on your servers or PCs?