All posts must be (4) substantive responses with a minimum of 150 words each for Question 1, 2, 3 and 4. Ensure you list and break down each response in a word document, along with its reference. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.
ISSC 341
RESPONSE 1:
For this week’s topic of discussion, Virtual LANs (VLAN), I will discuss a couple reasons why a network engineer would want to implement it in their network. A VLAN is a subnetwork which can group together collections of devices on separate physical local area networks (LANs). Aside from improving the performance of busy networks, VLANs make it easy for network administrators to partition a single switched network to match the functional and security requirements of their systems without having to run new cables or makes major changes in their current network infrastructure.
Secondly, one or more network switches may support multiple, independent VLANs, creating Layer 2 (data link) implementations of subnets. They are usually composed of one or more network switches and associated with a broadcast domain. Advantages to a VLAN include reduced broadcast traffic, security, ease of administration, and broadcast domain confinement. There are three types of VLANS, Protocol, Static, and Dynamic.
Lastly, disadvantages of VLANs includes the limitation of 4,096 VLANs per switching domains. That creates problems for large hosting providers, which often need to allocate tens or hundreds of VLANs for each customer. To address this limitations, other protocols, like Virtual Extensible LAN (VXLAN), Network Virtualization using Generic Routing Encapsulation) and Geneve support larger tags and the ability to tunnel Layer 2 frames within Layer 3 (network) packets. Hope everyone is having a great start to their weeks (Slattery, T., & Burke, J., 2021).
Works Cited:
Slattery, T., & Burke, J. (2021, May 31). VLAN (virtual LAN). SearchNetworking. https://www.techtarget.com/searchnetworking/definition/virtual-LAN
– ALI
RESPONSE 2:
A virtual local area network (VLAN) is an inattentive LAN that is formed to function through the data link layer (layer 2) of the OSI network model. Dissimilar from a physical local area network or LAN, in which a hardware arrangement houses point-to-point identification and admittance byway of physical network, VLANs are created with remote partitions in workstations so that separate node report interchanges with the virtual partition, not the physical workstation.
One of the chief benefits of establishing VLANs is the energetic nature of road maps on modern networks. This particular model is outdated when it comes to smartphones. Operators submit data from numerous points: such as a personal or a business may provide the mobile device, from the field, or from a different segment of an office.
The VLAN fundamentally explains this problem of “musical chairs.” In addition, with the upsurge of distant work and disseminated models, most associates can be eliminated from using a desk or desktop within an office: the VLAN unravels that problem by linking the user’s distinctiveness to the virtual network divider. Another benefit of a VLAN comprises plummeting traffic.
By segmenting network traffic into non-connected VLANs, overseers can reduce network traffic. For instance, messages intended for one group of workstation users can go solely to the computer group in a sole VLAN. VLANs can also benefit from user provisioning, as stated above, the use of a partition helps to attain improved types of tracking for distinct user processes. VLANs may also support the management of appropriate enterprise ethics and protocols.
A company may have numerous operations or departments functioning in identical physical buildings. With a simple LAN, all network traffic would travel diagonally throughout the whole network. To wall off operations, administrators can form diverse VLANs for two unalike departments that are not hypothetically to interconnect with each other. One example is finance, where unlike arms of a financial organization are proposed to be autonomous of one another for the resolutions of the Sarbanes-Oxley Act or other guidelines or standards.
References
Mitchell, B. (2021). What Is a Virtual LAN (VLAN)? Retrieved from https://www.lifewire.com/virtual-local-area-network-817357
Stoltzfus, J. (2021). What is a virtual local area network (VLAN) and why would I use one? Retrieved from https://www.techopedia.com/7/32107/technology-trends/virtualization/what-is-a-virtual-local-area-network-vlan-and-why-would-i-use-one
– JARED
RESPONSE 3:
1. What are the functional control types? provide an example for each type.
Functional control types include controls such as preventive controls. Preventive controls are designed to keep an undesired event from occurring. These forms of control include measures such as door locks and access controls.
Detective controls are controls which are designed to recognize an undesired event once it has occurred. These controls include intrusion detection systems and log analysis.
Corrective controls repair and limit damages caused by an undesired action, such as a firewall (Weiss, Solomon, 2015).
2. What is the principle of least privilege? Why is it important to implement?
The principle of least privilege is the concept that a user has only the level of access they need in order to carry out their job function, it is a need-to-know approach to resource access. It is important to protect both the confidentiality and integrity of information within the system as it governs unauthorized access and unauthorized changes to information within the system (Weiss, Solomon, 2015).
3. List and briefly discuss the User Domain Compliance Requirements.
User domain compliance requirements include documentation of laws and standards within the corporation, Acceptable Use Policies for IT services and equipment, background checks, user security training, security awareness assessments, acknowledgement of confidentiality agreements, unique logons, the principle of least privilege, two-deep supervision for business-critical processes, and periodic audits. Each of these standards are created to help control the uncontrollable. The human link is the most difficult to control in network security situations, this is why there are so many standards created to help ensure security for the user domain (Weiss, Solomon, 2015).
Alysha Macleod
Weiss M. Solomon M. (2015) Auditing IT Infrastructures for Compliance. Jones & Bartlett
https://learning-oreilly-com.ezproxy1.apus.edu/library/view/auditing-it-infrastructures/9781284090703/
RESPONSE 4:
1. What are the functional control types? provide an example for each type.
Our textbook lists the functional control types as follows:
• Preventive controls (stop actions) locked doors or computer access controls, keep an undesired action from happening.
• Detective controls (recognize actions) motion detectors or usage log analysis tools, recognize when an undesired action has occurred.
• Corrective controls (fix the result of actions) the procedure to remove viruses or a firewall to block an attacking system, repair damage caused by an undesired action and limit further damage.
2. What is the principle of least privilege? Why is it important to implement?
The principle of least privilege is ensuring that users only have access to the resources that they need in order for them to adequately perform the job they are required to do, and nothing more. It is important because it decreases the attack surface, helps prevent insider threat, and improves data security.
3. List and briefly discuss the User Domain Compliance Requirements.
• Separation of Duties requires that users from at least two distinct roles be required to accomplish any business-critical task.
• Least Privilege ensures that unnecessary user privileges are removed.
• Need to Know means that you have a need to access an object to do your job.
• Confidentiality Agreements allow organizations to disclose sensitive information to a small number of parties without concern that an information leak might cause harm.
• Employee Background Checks uncover any evidence of past behavior that might indicate a prospect is a security risk.
• Security Awareness and Training for New Employees is simply educating them on your organization’s security policies and procedures.
• Information System Security Accountability is holding employees accountable for security violations.
• Adherence to Documented IT Security Policies, Standards, Procedures, and Guidelines consists of examining user actions and comparing those actions with security policies, standards, procedures, and guidelines. If you find any differences with organizational requirements, you should report the differences and analyze their impact.
Weiss, M., & Solomon, M. G. (2011). Auditing IT Infrastructures for Compliance, 1st ed. MA: Jones & Bartlett
-JAMIE