Explore topic-wise InterviewSolutions in .

1. OSPF has two primary characteristics. The first is that the protocol is open, which means that its SPECIFICATION is in the public domain. The OSPF specification is published as Request For Comments (RFC) 1247.

The second principal characteristic is that OSPF is based on the SPF algorithm, which sometimes is referred to as the Dijkstra algorithm, named for the person credited with its creation.

2. OSPF is a link-state routing protocol that calls for the sending of link-state ADVERTISEMENTS (LSAs) to all other routers within the same hierarchical area. Information on attached interfaces, metrics used, and other variables is included in OSPF LSAs. As OSPF routers accumulate link-state information, they use the SPF algorithm to calculate the shortest path to each node.

Ospf: Open Shortest Path First. It Uses SPF(Dijkstra) algorithm and SELECTS the Loop free path. It is a purely classless Routing protocol(ie sends mask along with the IP address) It supports SLSM, VLSM, Discontinuous Networks. and the hope count is Unlimited. It is Having Complex Configuration Including Area, Process id, Wild card mask. The metric used is bandwidth(10 raise to 8/ Bandwidth). Administrative Distance is 110

The second principal characteristic is that OSPF is based on the SPF algorithm, which sometimes is referred to as the Dijkstra algorithm, named for the person credited with its creation.

Ospf: Open Shortest Path First. It Uses SPF(Dijkstra) algorithm and selects the Loop free path. It is a purely classless Routing protocol(ie sends mask along with the ip address) It supports SLSM, VLSM, Discontinuous Networks. and the hope count is Unlimited. It is Having Complex Configuration Including Area, Process id, Wild card mask. The metric used is bandwidth(10 raise to 8/ Bandwidth). Administrative Distance is 110

The UNIQUE NUMBER will be generated by MD5, if it is tamped with someone, the VALUE will be changed so you KNOW you are tampered

The unique number will be generated by MD5, if it is tamped with someone, the value will be changed so you know you are tampered

Restricting the users from accessing a SET of services within the local area network is called port blocking.

we,ll give you the FINE example its nothing but we have to block the SWITCH port with particular maC address..for example we have 8-port switch ,in that first port we connected a machine that belongs to this mac address {4e5a.23bf.34ae.9a4c} and we block the switch port with this mac address for instance you unplug the original host and plug the other one now your new machine will be prevented from accessing switch port thats the idea.... so if u enabling port blocking COMMAND in a switch only particular machine or intended machine ALLOW to use access ,other machine will be restricted... port blocking is used for security purpose...otherwise some intruders enter into your company and destroy your lan with single laptop thats it

Restricting the users from accessing a set of services within the local area network is called port blocking.

we,ll give you the fine example its nothing but we have to block the switch port with particular maC address..for example we have 8-port switch ,in that first port we connected a machine that belongs to this mac address {4e5a.23bf.34ae.9a4c} and we block the switch port with this mac address for instance you unplug the original host and plug the other one now your new machine will be prevented from accessing switch port thats the idea.... so if u enabling port blocking command in a switch only particular machine or intended machine allow to use access ,other machine will be restricted... port blocking is used for security purpose...otherwise some intruders enter into your company and destroy your lan with single laptop thats it

ARP -Meaning of ARP "Address Resolution Protocol", is used to map ip Network addresses to the hardware (Media Access Control SUB LAYER) addresses used by the data link protocol. The ARP protocol operates between the network layer and the data link layer in the OPEN System Interconnection (osi) model.

RARP-RARP (REVERSE Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server's Address Resolution Protocol (ARP) table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use. RARP is available for Ethernet, Fiber Distributed-Data Interface, and token ring LANS.

ARP -Meaning of ARP "Address Resolution Protocol", is used to map ip Network addresses to the hardware (Media Access Control sub layer) addresses used by the data link protocol. The ARP protocol operates between the network layer and the data link layer in the Open System Interconnection (osi) model.

RARP-RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server's Address Resolution Protocol (ARP) table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use. RARP is available for Ethernet, Fiber Distributed-Data Interface, and token ring LANs.

DAS (discretionary access control) is used by itself according to it it is access and CONTROLLED while mas it has to be compulsory give the access controlled.

MAC is designed and enforced in the initial stages and can not be CHANGED by entity; from a LAYMEN angle: OS writing to BIOS is not allowed. DAC is designed in such a way that access shall be granted based on the discretion; ex. database table access.

DAS (discretionary access control) is used by itself according to it it is access and controlled while mas it has to be compulsory give the access controlled.

MAC is designed and enforced in the initial stages and can not be changed by entity; from a laymen angle: OS writing to BIOS is not allowed. DAC is designed in such a way that access shall be granted based on the discretion; ex. database table access.

RSA is based upon public key/private key CONCEPT. For authentication one can encrypt the hash (MD5/SHA) of the data with his private key. This is known as digital signature. And secrecy is achieved by ENCRYPTING the data with the public key of the target user. Generally we dont USE RSA for encryption because of key size (1024 bits). Rather a symmetric session key (128/256 bit) is established between communicating parties and is used for encryption.

RSA -- Authentication can be achieved by using nonce value (prime number).

EG: A wanna communicate with B

The val An1 is encrypted with private key of A and then with pub key of B. so B can decrypt it and then B should send BACK the An1 to A stating it none other than B

Secrecy is also maintained because they use their own private keys for decryption

RSA is based upon public key/private key concept. For authentication one can encrypt the hash (MD5/SHA) of the data with his private key. This is known as digital signature. And secrecy is achieved by encrypting the data with the public key of the target user. Generally we dont use RSA for encryption because of key size (1024 bits). Rather a symmetric session key (128/256 bit) is established between communicating parties and is used for encryption.

RSA -- Authentication can be achieved by using nonce value (prime number).

Eg: A wanna communicate with B

The val An1 is encrypted with private key of A and then with pub key of B. so B can decrypt it and then B should send back the An1 to A stating it none other than B

Secrecy is also maintained because they use their own private keys for decryption

Single sign-on (SSO) is mechanism whereby a single action of user AUTHENTICATION and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on REDUCES human error, a major component of systems failure and is therefore highly DESIRABLE but DIFFICULT to implement.

single sign on is an authentication mechanism with session or cookie preservation, where in user is prompted only only once in a particular session with a computer s/he uses, and the same credentials are used across multiple platform for accessing different applications. it is like logging into your computer by authenticating to the domain controller and be able to access multiple intranet site. second example could to login to a single website, and have same authentication used for different applications like forums, image gallery and email etc.

Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error, a major component of systems failure and is therefore highly desirable but difficult to implement.

single sign on is an authentication mechanism with session or cookie preservation, where in user is prompted only only once in a particular session with a computer s/he uses, and the same credentials are used across multiple platform for accessing different applications. it is like logging into your computer by authenticating to the domain controller and be able to access multiple intranet site. second example could to login to a single website, and have same authentication used for different applications like forums, image gallery and email etc.

YES, it can be possible by third party SOFTWARE in computer and 3g in mobile.In computer third software like skype can be better MEDIA of COMMUNICATION method.

Yes, it can be possible by third party software in computer and 3g in mobile.In computer third software like skype can be better media of communication method.

 Confidentiality, Integrity and Availability CIA means Certified Internal AUDITOR. GLOBALLY ACCEPTED and recognized CERTIFICATE in the field of internal audits.

 Confidentiality, Integrity and Availability CIA means Certified Internal Auditor. globally accepted and recognized certificate in the field of internal audits.

For SMALL lan we USE class-c address EXPLANATION:In class C ip address the first three bytes out of four are for network address while the last byte is for host address which can range from 1-254 which is smallest lan possible whereas class B has two bytes and class A has three bytes RESERVED for host address which increases number of hosts in those classes.

For small lan we use class-c address Explanation:In class C ip address the first three bytes out of four are for network address while the last byte is for host address which can range from 1-254 which is smallest lan possible whereas class B has two bytes and class A has three bytes reserved for host address which increases number of hosts in those classes.

When a packet is sent out of a server, It has source and DESTINATION IP, source and destination PORT no and source and destination Mac ID, first it is sent to the switch, The switch CHECKS the packet whether the MAC ID is in the MAC-Address-Table if not it broad casts the message if the destination IP is not in the same segment Then it forward the packet to the gateway (normally the router or firewall). then the router/firewall checks its routing table and ACCESS lists if it has the information about the destination IP and if it has access to the destination IP it forwards it to the next hop, and if any one of the condition fails it just drops the packet.

When a packet is sent out of a server, It has source and Destination IP, source and destination Port no and source and destination Mac ID, first it is sent to the switch, The switch checks the packet whether the MAC ID is in the MAC-Address-Table if not it broad casts the message if the destination IP is not in the same segment Then it forward the packet to the gateway (normally the router or firewall). then the router/firewall checks its routing table and access lists if it has the information about the destination IP and if it has access to the destination IP it forwards it to the next hop, and if any one of the condition fails it just drops the packet.

First of all see traceroute works using ICMP packets. First source sends an ICMP packet with TIME to Live (TTL) field as 1 to the DESTINATION address. Now intermediate router receives the packet and sees that TTL field has expired, so it sends a ICMP TTL expired reply. Now the source machine again sends the ICMP packet with TTL field as 2. This time SECOND intermediate router replies. This process is repeated till destination is reached. That way the source can get the entire route upto destination.

First of all see traceroute works using ICMP packets. First source sends an ICMP packet with Time to Live (TTL) field as 1 to the destination address. Now intermediate router receives the packet and sees that TTL field has expired, so it sends a ICMP TTL expired reply. Now the source machine again sends the ICMP packet with TTL field as 2. This time second intermediate router replies. This process is repeated till destination is reached. That way the source can get the entire route upto destination.

Kerberos is an authentication protocol, it is named after a dog who is according to the Greek mythology, - is said to stand at the gates of Hades.In the terms of computer networking it is a COLLECTION of software used in large networks to authenticate and establish a user's claimed identity. It is developed by MIT and using a combination of ENCRYPTION as well as distributed DATABASES so that the user can log in START a session.

It has some disadvantages though. As I said Kereberos had been developed by MIT under the project Athena, - Kerberos is designed to authenticate the end users on the servers.

Kerberos is an authentication protocol, it is named after a dog who is according to the Greek mythology, - is said to stand at the gates of Hades.In the terms of computer networking it is a collection of software used in large networks to authenticate and establish a user's claimed identity. It is developed by MIT and using a combination of encryption as well as distributed databases so that the user can log in start a session.

It has some disadvantages though. As I said Kereberos had been developed by MIT under the project Athena, - Kerberos is designed to authenticate the end users on the servers.

Broadcast Domain

send the packet to all the Present NETWORK

IT may be send by the PERSON

it may broadcast by the switch when the ADDRESS not found in the Network.

For breaking broadcast domain We can Use Router

Collision Domain:

Switch has no collision as compare to hun (layer on Device Broadcast Domain is the AREA where when ONE device in the network sends the data or packet it will received by all the devices present over the network.

Broadcast Domain

send the packet to all the Present Network

IT may be send by the person

it may broadcast by the switch when the address not found in the Network.

For breaking broadcast domain We can Use Router

Collision Domain:

Switch has no collision as compare to hun (layer on Device Broadcast Domain is the area where when one device in the network sends the data or packet it will received by all the devices present over the network.

Digital signature : Information that is encrypted with an entity private key and is appended to a message to assure the recipient of the authenticity and integrity of the message. The digital signature proves that the message was signed by the entity that OWNS, or has access to, the private key or shared secret symmetric key.

smart CARDS : Smart cards help businesses evolve and expand their products and services in a rapidly changing global market. In addition to the well known commercial applications (BANKING, payments, access control, identification, ticketing and parking or toll collection), in recent years, the information age has introduced an ARRAY of security and privacy issues that have called for advanced smart card security applications (secure LOGON and authentication of users to PC and networks, storage of digital certificates, passwords and credentials, encryption of sensitive data, wireless communication subscriber authentication, etc.)

Digital signature : Information that is encrypted with an entity private key and is appended to a message to assure the recipient of the authenticity and integrity of the message. The digital signature proves that the message was signed by the entity that owns, or has access to, the private key or shared secret symmetric key.

smart cards : Smart cards help businesses evolve and expand their products and services in a rapidly changing global market. In addition to the well known commercial applications (banking, payments, access control, identification, ticketing and parking or toll collection), in recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications (secure logon and authentication of users to PC and networks, storage of digital certificates, passwords and credentials, encryption of sensitive data, wireless communication subscriber authentication, etc.)

ARP(ADDRESS RESOLUTION PROTOCOL) is a NETWORK layer protocol which associates the PHYSICAL hardware address of a network NODE(commonly known as a MAC ADDRESS) to its ip address. now an ARP creates a table known as ARP CACHE/TABLE that maps ip addresses to the hardware addresses of nodes on the local network.

if based on the ip address it SEES that it has the node's mac address in its ARP TABLE then transmitting to that ip address is done quicker because the destination is known and voila network traffic is reduced.

ARP(ADDRESS RESOLUTION PROTOCOL) is a network layer protocol which associates the physical hardware address of a network node(commonly known as a MAC ADDRESS) to its ip address. now an ARP creates a table known as ARP CACHE/TABLE that maps ip addresses to the hardware addresses of nodes on the local network.

if based on the ip address it sees that it has the node's mac address in its ARP TABLE then transmitting to that ip address is done quicker because the destination is known and voila network traffic is reduced.

REMOTE access should be tightly controlled, monitored, and audited. It should only be provided over a secure communication CHANNEL that USES encryption and strong authentication, such as an IPSEC VPN. DESKTOP modems (including APPLICATIONS such as PCAnywhere), unsecured wireless access points, and other vulnerable methods of remote access should be prohibited.

Remote access should be tightly controlled, monitored, and audited. It should only be provided over a secure communication channel that uses encryption and strong authentication, such as an IPSEC VPN. Desktop modems (including applications such as PCAnywhere), unsecured wireless access points, and other vulnerable methods of remote access should be prohibited.

The three MAIN TENETS of security overall AREA: CONFIDENTIALITY AVAILABILITY Integrity.

The three main tenets of security overall area: Confidentiality Availability Integrity.

Cryptography is the deliberate ATTEMPT to obscure or scramble the information so that only an authorized receiver can see the message. NETWORK security may employ cryptography, but has MANY other tools to secure a network, including firewalls, auditing, Intrusion Detection Systems, and so forth. Cryptography would be used only when trying to keep MESSAGES secret when sending them ACROSS a network or keeping information secret in a file.

Cryptography is the deliberate attempt to obscure or scramble the information so that only an authorized receiver can see the message. Network security may employ cryptography, but has many other tools to secure a network, including firewalls, auditing, Intrusion Detection Systems, and so forth. Cryptography would be used only when trying to keep messages secret when sending them across a network or keeping information secret in a file.

An ip GRABBER is a program that will FIND the ip address of ANOTHER COMPUTER. OFTEN used by hackers.

An ip grabber is a program that will find the ip address of another computer. Often used by hackers.

Identifying your critical business SYSTEMS and processes is the FIRST STEP an organization should take in order to implement the appropriate security protections. Knowing what to protect helps determine the necessary security controls. Knowing the critical systems and processes helps determine the business continuity plan and disaster recovery plan process. Critical business systems and processes may include an ECOMMERCE site, customer database information, employee database information, the ability to answer phone calls, the ability to RESPOND to Internet queries, etc.

Identifying your critical business systems and processes is the first step an organization should take in order to implement the appropriate security protections. Knowing what to protect helps determine the necessary security controls. Knowing the critical systems and processes helps determine the business continuity plan and disaster recovery plan process. Critical business systems and processes may include an ecommerce site, customer database information, employee database information, the ability to answer phone calls, the ability to respond to Internet queries, etc.

In addition to the content level inspection performed by the IDS, specific content inspections should also be performed on web SERVER traffic and other application traffic. Some attacks evade detection by containing themselves in the payload of PACKETS, or by altering the packet in some way, such as FRAGMENTATION. Content level inspection at the web server or application server will protect against attacks such as those that are tunneled in LEGITIMATE communications, attacks with malicious data, and unauthorized application usage.

In addition to the content level inspection performed by the IDS, specific content inspections should also be performed on web server traffic and other application traffic. Some attacks evade detection by containing themselves in the payload of packets, or by altering the packet in some way, such as fragmentation. Content level inspection at the web server or application server will protect against attacks such as those that are tunneled in legitimate communications, attacks with malicious data, and unauthorized application usage.

Only systems that are semi-public should be kept on the DMZ. This includes external web servers, external mail servers, and external DNS. A split-architecture MAY be USED where INTERNAL web, mail, and DNS are also located on the internal network.

Only systems that are semi-public should be kept on the DMZ. This includes external web servers, external mail servers, and external DNS. A split-architecture may be used where internal web, mail, and DNS are also located on the internal network.

A password policy should require that a password:

• Be at least 8 CHARACTERS LONG
• Contain both alphanumeric and special characters
• Change every 60 days
• Cannot be reused after every five cycles
• Is locked out after 3 failed attempts In addition, you should be performing regular password AUDITING to check the strength of passwords; this should also be documented in the password policy.

A password policy should require that a password:

Your DISASTER RECOVERY plan (DRP) should include recovery of data centers and recovery of business operations. It should also include recovery of the ACCRUAL physical business location and recovery of the business processes necessary to resume NORMAL operations. In addition, the DRP should address alternate operating sites.

Your disaster recovery plan (DRP) should include recovery of data centers and recovery of business operations. It should also include recovery of the accrual physical business location and recovery of the business processes necessary to resume normal operations. In addition, the DRP should address alternate operating sites.

You do not have much choice, only correctly CONFIGURED firewall/iptables (which is not a trivial TASK to do) can help you to PREVENT it. But there is no 100%

You do not have much choice, only correctly configured firewall/iptables (which is not a trivial task to do) can help you to prevent it. But there is no 100%

Network security[1] consists of the PROVISIONS and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications AMONG businesses, government AGENCIES and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing OPERATIONS being done. The most common and simple WAY of protecting a network resource is by assigning it a unique name and a corresponding password.

Network security[1] consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Logs should be reviewed every day. This includes IDS logs, system logs, management station logs, ETC. Not reviewing the logs is one of the BIGGEST mistakes an organization can make. Events of INTEREST should be investigated daily. It can be a very TEDIOUS TASK for a single person to do this job as their only assignment (unless they really enjoy it). It is better to have a log review rotation system amongst the security team.

Logs should be reviewed every day. This includes IDS logs, system logs, management station logs, etc. Not reviewing the logs is one of the biggest mistakes an organization can make. Events of interest should be investigated daily. It can be a very tedious task for a single person to do this job as their only assignment (unless they really enjoy it). It is better to have a log review rotation system amongst the security team.

VPNs should be used for REMOTE ACCESS and other SENSITIVE communication. IPSEC is a GREAT choice for this purpose. Strong encryption protocols such as 3DES and AES should be used whenever possible. Web access to sensitive or proprietary information should be protected with 128-bit SSL. Remote system administration should use SSH. SOMETIMES file system encryption is also used to protect stored data.

VPNs should be used for remote access and other sensitive communication. IPSEC is a great choice for this purpose. Strong encryption protocols such as 3DES and AES should be used whenever possible. Web access to sensitive or proprietary information should be protected with 128-bit SSL. Remote system administration should use SSH. Sometimes file system encryption is also used to protect stored data.

The plan is no good UNLESS it is TESTED at least once a YEAR. These tests will iron out problems in the plan and make it more efficient and successful if/when it is needed. TESTING can include walkthroughs, simulation, or a full out implementation.

The plan is no good unless it is tested at least once a year. These tests will iron out problems in the plan and make it more efficient and successful if/when it is needed. Testing can include walkthroughs, simulation, or a full out implementation.

GO to your router OPTIONS on your computer and it should say REMOVE

go to your router options on your computer and it should say remove

Wireless access must at LEAST use WEP with 128-bit encryption. Although this provides some security, it is not very robust, which is why your wireless NETWORK should not be USED for SENSITIVE data. CONSIDER moving to the 802.11i standard with AES encryption when it is finalized

Wireless access must at least use WEP with 128-bit encryption. Although this provides some security, it is not very robust, which is why your wireless network should not be used for sensitive data. Consider moving to the 802.11i standard with AES encryption when it is finalized

Three basic ways: On most laptops there is a SWITCH on the front On most TOWERS there is a USB stick to unplug On all computers WIFI and Blue-tooth can be disabled from "my COMPUTER".

Three basic ways: On most laptops there is a switch on the front On most towers there is a USB stick to unplug On all computers WIFI and Blue-tooth can be disabled from "my computer".

A method for controlling MESSAGES in a software system. The method activates a report-handling module when a subroutine has a message to send. The subroutine PASSES an IDENTIFICATION to the report-handling module. The subroutine then passes a message and message level to the report handling module. The report-handling module then determines the message level to be reported for that subroutine, the PROCESS from which that subroutine is sending messages and the message level to be reported for that process. If the message level of the message compares CORRECTLY to the message level of the subroutine and the process, the message is reported.

A method for controlling messages in a software system. The method activates a report-handling module when a subroutine has a message to send. The subroutine passes an identification to the report-handling module. The subroutine then passes a message and message level to the report handling module. The report-handling module then determines the message level to be reported for that subroutine, the process from which that subroutine is sending messages and the message level to be reported for that process. If the message level of the message compares correctly to the message level of the subroutine and the process, the message is reported.

Your ORGANIZATION’s security policy should specify applications, services, and activities that are prohibited. These can include, among others:

• Viewing inappropriate material
• Spam
• Peer-to-peer file sharing
• INSTANT messaging
• UNAUTHORIZED wireless devices
• Use of unencrypted REMOTE connections such as Telnet and FTP

Your organization’s security policy should specify applications, services, and activities that are prohibited. These can include, among others:

A vulnerability is a weak point in a system. This IMPLIES a risk, especially to CONFIDENTIAL information. An exploit is a means of taking advantage of the vulnerability and using it to TAKE advantage of a system or network. Just because something has been identified as a vulnerability doesn't mean that it has been used to compromise a system. The presence of the exploit means someone has successfully used that weakness and TAKEN advantage of it.

A vulnerability is a weak point in a system. This implies a risk, especially to confidential information. An exploit is a means of taking advantage of the vulnerability and using it to take advantage of a system or network. Just because something has been identified as a vulnerability doesn't mean that it has been used to compromise a system. The presence of the exploit means someone has successfully used that weakness and taken advantage of it.

Desktops should have a combination of anti-virus SOFTWARE, personal firewall, and host-based intrusion detection. Each of these software packages MUST be regularly updated as NEW signatures are deployed. They must ALSO be centrally MANAGED and controlled.

Desktops should have a combination of anti-virus software, personal firewall, and host-based intrusion detection. Each of these software packages must be regularly updated as new signatures are deployed. They must also be centrally managed and controlled.

Part of KNOWING your network architecture includes knowing the LOCATION of wireless networks since they CREATE another possible entry point for an attacker. You must also confirm whether they are being used for sensitive data and are they secured as BEST as possible.

Part of knowing your network architecture includes knowing the location of wireless networks since they create another possible entry point for an attacker. You must also confirm whether they are being used for sensitive data and are they secured as best as possible.

NETWORK security concentrates on the packets of information flowing between computer SYSTEMS. Operating SYSTEM security controls access to RESOURCES on the SERVER itself. Therefore, the two are looking at different things in terms of security.

Network security concentrates on the packets of information flowing between computer systems. Operating System security controls access to resources on the server itself. Therefore, the two are looking at different things in terms of security.

The need for network security is quite obvious, (no offense to the asker), but, it is simply thus: There are criminal activities in every field, computers being no exception. PEOPLE like to store private information on computers. If a criminal was able to slip onto your network, they WOULD be able to access any unguarded computer, and retrieve information off of it once they have access. MAKE sure you keep AT LEAST ONE password on every computer you own, MULTIPLE different ones if it allows it. 

The need for network security is quite obvious, (no offense to the asker), but, it is simply thus: There are criminal activities in every field, computers being no exception. People like to store private information on computers. If a criminal was able to slip onto your network, they would be able to access any unguarded computer, and retrieve information off of it once they have access. Make sure you keep AT LEAST ONE password on every computer you own, multiple different ones if it allows it. 

The best way to protect against SOCIAL engineering and phishing attacks is to EDUCATE the users. Employees should attend security AWARENESS training that explains these types of attacks, what to expect, and how to respond. There should also be a publicly posted incidents email ADDRESS to report suspicious activity.

The best way to protect against social engineering and phishing attacks is to educate the users. Employees should attend security awareness training that explains these types of attacks, what to expect, and how to respond. There should also be a publicly posted incidents email address to report suspicious activity.

Security is the degree of protection to safeguard a nation, UNION of nations, PERSONS or person against danger, DAMAGE, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 defines security as "a form of protection where a separation is created between the ASSETS and the threat". This includes but is not limited to the elimination of EITHER the asset or the threat.

Security is the degree of protection to safeguard a nation, union of nations, persons or person against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 defines security as "a form of protection where a separation is created between the assets and the threat". This includes but is not limited to the elimination of either the asset or the threat.

Switches use routing table which does ALLOW to brandband your connection requests how HUBS do. It protects you from sniffing PROGRAMS.

Switches use routing table which does allow to brandband your connection requests how hubs do. It protects you from sniffing programs.

Typically an ORGANIZATION sees a constant stream of port scan attacks. These are a REGULAR occurrence on the INTERNET as a RESULT of attackers and worms. An organization should not be seeing many substantial attacks such as compromises, backdoors, or exploits on systems. This would indicate that the security defenses are weak, patching may not be occurring, or other vulnerabilities exist.

Typically an organization sees a constant stream of port scan attacks. These are a regular occurrence on the Internet as a result of attackers and worms. An organization should not be seeing many substantial attacks such as compromises, backdoors, or exploits on systems. This would indicate that the security defenses are weak, patching may not be occurring, or other vulnerabilities exist.

at the NETWORK layer, congestion CONTROL MECHANISM TAKES place.

at the network layer, congestion control mechanism takes place.

Of course viruses can be spread through floppy disks, usb keys or other methods so being a STANDALONE computer not connected to any network doesn't mean the computer can not be INFECTED THOUGH the information cannot be LEAKED via the network to external persons. However, there is also physical security of the computer itself, and that where it gets interesting depending on who and what your trying to secure the pc from. If for instance the pc is sitting in a public area, and you are not worried just about external threats but also potential employee DATA theft then one should assume no information on the pc is secure even if the pc is standalone.

Of course viruses can be spread through floppy disks, usb keys or other methods so being a standalone computer not connected to any network doesn't mean the computer can not be infected though the information cannot be leaked via the network to external persons. However, there is also physical security of the computer itself, and that where it gets interesting depending on who and what your trying to secure the pc from. If for instance the pc is sitting in a public area, and you are not worried just about external threats but also potential employee data theft then one should assume no information on the pc is secure even if the pc is standalone.

your PERIMETER NETWORK is the network you OPERATE such as you have the INTERNET and your network your network is your perimeter

your perimeter network is the network you operate such as you have the internet and your network your network is your perimeter

PHYSICAL security is a large area that must be addressed by an ORGANIZATION. Examples of physical controls INCLUDES physical access controls (signs, locks, security guards, badges/PINs, bag search/scanning, metal detectors), CCTV, motion detectors, SMOKE and water detectors, and backup power GENERATORS.

Physical security is a large area that must be addressed by an organization. Examples of physical controls includes physical access controls (signs, locks, security guards, badges/PINs, bag search/scanning, metal detectors), CCTV, motion detectors, smoke and water detectors, and backup power generators.

RING protection is a SYSTEM where multiplexers are connected in a ring topology. If a single span fails traffic SWITCHES AROUND the other side of the ring.

Ring protection is a system where multiplexers are connected in a ring topology. If a single span fails traffic switches around the other side of the ring.

Symmetric ENCRYPTION requires that both PARTIES (sender and receiver) know and have the exact same encryption key. This key is used both for encrypting and decrypting the DATA. Using the same encryption algorithm means that only those INDIVIDUALS that know or have the same key will be ABLE to read any messages encrypted by the symmetric key.

Symmetric encryption requires that both parties (sender and receiver) know and have the exact same encryption key. This key is used both for encrypting and decrypting the data. Using the same encryption algorithm means that only those individuals that know or have the same key will be able to read any messages encrypted by the symmetric key.