CYB 220 Project Three Margomi Carrasco
PROJECT THREE: EVALUATION
OF NETWORK PROTECTION
TECHNOLOGIES
Margomi Carrasco
SNHU CYB-220-T4117
CYB 220 Project Three Margomi Carrasco
, CYB 220 Project Three Margomi Carrasco
Employing a fundamental security design is an essential part of a system since it remains
"considered while designing any security mechanism for a procedure. These principles are
reviewed to develop a secure system that prevents security flaws and prevents unwanted access
to the system." (T, 2020) A defense with depth in the fundamental security design principle
would implement prevention and intrusion detection. "Defense in depth is classified as laying
resource access authorization verification in a system or network to reduce the chance of a
successful attack." (Merritt, 2013) However, employing several security actions throughout the
network couple cripple whichever assailant is attempting to penetrate any section of the host,
which would minimize the risk of a network outage and disturbance/slowdown, while defensive
the confidentiality, integrity, and availability of the data stored on the network and its hosts.
To keep the network, secure the recommendation would be to deploy various NIPS, NIDS, and
IDS throughout the network. Every part of the location should have a NIPS appliance installed
on it, which would be installed on the "DMZ with a firewall on the inbound and outbound side."
(Fortinet, n.d.). As the "DMZ has a perimeter network that protects an organization's internal
local area network from untrusted traffic, DMZ provides a buffer between the Internet and the
private network. It would isolate by a security gateway, such as a firewall, that filters traffic
between the DMZ and a LAN." (Fortinet, n.d.) Using it would potentially reduce all usefulness
of HIDS; nevertheless, retaining those layers inside the network would improve the
organization's network protection. NIPS are efficient in "detecting, removing, detaining, and
redirecting malicious inbound network & subnet traffic. While HIDS's help assess malicious
packets before they are permitted to enter into a computer." (Dubrawsky, 2009) Besides, another
layer of protection that would be helpful include are IPS/IDS. IPS would be "controlling the
Page 1|5
CYB 220 Project Three Margomi Carrasco
PROJECT THREE: EVALUATION
OF NETWORK PROTECTION
TECHNOLOGIES
Margomi Carrasco
SNHU CYB-220-T4117
CYB 220 Project Three Margomi Carrasco
, CYB 220 Project Three Margomi Carrasco
Employing a fundamental security design is an essential part of a system since it remains
"considered while designing any security mechanism for a procedure. These principles are
reviewed to develop a secure system that prevents security flaws and prevents unwanted access
to the system." (T, 2020) A defense with depth in the fundamental security design principle
would implement prevention and intrusion detection. "Defense in depth is classified as laying
resource access authorization verification in a system or network to reduce the chance of a
successful attack." (Merritt, 2013) However, employing several security actions throughout the
network couple cripple whichever assailant is attempting to penetrate any section of the host,
which would minimize the risk of a network outage and disturbance/slowdown, while defensive
the confidentiality, integrity, and availability of the data stored on the network and its hosts.
To keep the network, secure the recommendation would be to deploy various NIPS, NIDS, and
IDS throughout the network. Every part of the location should have a NIPS appliance installed
on it, which would be installed on the "DMZ with a firewall on the inbound and outbound side."
(Fortinet, n.d.). As the "DMZ has a perimeter network that protects an organization's internal
local area network from untrusted traffic, DMZ provides a buffer between the Internet and the
private network. It would isolate by a security gateway, such as a firewall, that filters traffic
between the DMZ and a LAN." (Fortinet, n.d.) Using it would potentially reduce all usefulness
of HIDS; nevertheless, retaining those layers inside the network would improve the
organization's network protection. NIPS are efficient in "detecting, removing, detaining, and
redirecting malicious inbound network & subnet traffic. While HIDS's help assess malicious
packets before they are permitted to enter into a computer." (Dubrawsky, 2009) Besides, another
layer of protection that would be helpful include are IPS/IDS. IPS would be "controlling the
Page 1|5
CYB 220 Project Three Margomi Carrasco
