Free Essay

Building an Access Control System

In: Computers and Technology

Submitted By terrancem
Words 996
Pages 4
Assignment 1: Attack Methodology and Countermeasures
Terrance Moore
Professor Siplin
Perimeter Defense
10/31/2013

When you are utilizing security features in an application, consideration should be given to the design, implementation, and deployment. It would helpful if you understand how a hacker thinks and then utilize the tools a hacker would use. Today, every company is becoming completely networked, through the exchanging of information on desktops, laptops, tablets and smart phones. Thinking like a hacker and understanding a hacker’s tactics and scams could make you aware and become more effective when applying countermeasures. There are several methods for carrying out ethical hacking, the most common are limited vulnerability and penetration testing. Limited vulnerability analysis, focus on entry points to gather critical systems and data. By understanding the basic approach used by hackers to target organizations, you will be better equipped to take defensive measures you will be better equipped and know what you are up against. There are steps involved in scanning a network, the following points will highlight them. 1) Check for live systems, 2) Check for open ports, 3) Fingerprint the operating system, 4) Scan for vulnerabilities, 5) Probe the network. Tools that can be used to detect scanning threats and countermeasures that a company can use to deter and avoid vulnerabilities are as follows. “Spoofing user identity -use strong authentication for passwords, do not store secrets (for example, passwords) in plaintext. Do not pass credentials in plaintext over the Internet. Tampering with data –use data hashing and signing, use digital signatures, use strong authorization, use tamper-resistant protocols across communication links, secure communication links with protocols that provide message integrity”. (Microsoft.com)
Port scanning is one of the most common reconnaissance techniques used by hackers to discover the vulnerabilities in the services listening at well-known ports such as the internet and DNS. “Some live system scanning tools are Angry IP Scanner a windows IP scanner that scans IPs of any range. It simply pings each IP address to check whether or not the system is alive. Nmap is used for port scanning. Nmap supports more than a dozen way to scan a network. Some scanning techniques used are UDP, TCP connect, TCP SYN (half open), FTP proxy (bounce attack), reverse-ident, ICMP (ping sweep), FIN, ACK sweep, Xmas, SYN sweep, IP and null scan”. (EC-Council. 2010. Ethical Hacking and Countermeasures Attack Phases. Clifton Park, NY: Cengage Learning)
Many different techniques are used as ways attackers will try to gather your information, to prevail and avoid attack you would need to stop the threat before it reaches the next phase. Reconnaissance attackers gather information using active or passive means. For example attackers obtaining details that are freely available gathering information from a company’s Web sites, company’s annual statements. Scanning attackers begins to actively probe the user for vulnerabilities that can be exploited. Gaining access attackers exploit the user to gain access to the system. Gaining access is where most of the damage is done to the device and is the crux of the system. For instance external denial-of-service attacks could stop services from running and shut down your computer systems. Another technique attacker’s use is called spoofing in order to exploit your system and pretending to be a legitimate user. Maintaining access to the system is vital once the attacker has gained access, the goal of the attack fails is they are unable to maintain control. Covering tracks once an attacker has violated a system will destroy all evidence of his or her attacks.
You could eliminate Trojans, viruses, and worms to your devices before catastrophic damage to your computer systems make it impossible to fix. Theses malicious bugs use different entry points as mentioned earlier. Trojans are able to enter through multiple applications including many commonly used systems such as Instant Messenger applications (IM), Attachments to e-mails, Physical Access, NetBIOS (file sharing), Fake programs and freeware, as well as suspicious sites. Countermeasures to protect your assets do not download any file from unknown people or sites without making sure the file is legitimate in nature. If there is ever a question you are prompted by the system to the address the threat in the form of a warning message. It is integral that routine scans are performed to ensure that the corporate perimeter defenses are continuously up to date, thus avoiding malicious threat. It is important to scan all content at the perimeter defense line that could contain malicious content. Running local versions of antivirus, firewall, and intrusion detection software, including multiple virus scanners, and installing a software for identifying and removing malware, as well as spyware. It is imperative to delete suspicious device drivers. Ethical hacker’s also known as white hats are information security professionals who specialize in evaluating, and defending against threats from an attacker. Unethical hackers on the other hand are called black hats, there is continuing debate on whether hacking can be ethical or not? The current climate is a hacker is a hacker there is no differentiation between good and bad. I believe that as technology develops and evolves the divide between good and bad hackers will widen. Attackers will make several attempts to gain your critical data such as remote network, remote dial-up, local, stolen equipment, social engineering, and Physical entry. Be cautious as to what types of critical data that you put in your emails, Facebook, there is always someone out there looking to take advantage of that one minor slip up. (EC-Council. 2010. Ethical Hacking and Countermeasures Attack Phases. Clifton Park, NY: Cengage Learning)

Resources
EC-Council. 2010. Ethical Hacking and Countermeasures Attack Phases. Clifton Park, NY: Cengage Learning
Glynn, Fergal (2006-2013) Penetration Testing. veracode.com, Retrieved 10/31/13, from http://www.veracode.com/security/penetration-testing
Howard, Michael and LeBlanc, Writing Secure Code 2nd Edition, Microsoft Press, Redmond, WA 2002, Retrieved 10/31/2013 from http://msdn.microsoft.com/en-us/library/ff648641.aspx

Similar Documents

Premium Essay

Building an Access Control System

...Building an Access Control System Strayer University CIS 210 Systems Analysis and Development 4/28/13 Scope The scope of this project is to install an access control system (ACS) into a college dormitory. This ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system. The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door. To complete this project we will start with the analysis and design stage. The creation of various design documents will be performed during this stage. The next stage will be the development stage. During this stage we will either create a new database or use the school’s existing database. The 3rd stage will be the integration stage. During this stage, the physical installation of the system will occur. The 4th stage will be the testing stage. The final stage will be the maintenance phase. The maintenance phase is on-going. Major Tasks 1. Analysis and Design a) Design Documentation i. With this task, documentation is written up to describe the work that needs to be completed. This documentation is reviewed by all stake holders to ensure that the requirements are have been accurately conveyed and understood. b) Design Models i. With this task, flow charts and/or use case are created to describe the functionality.......

Words: 508 - Pages: 3

Premium Essay

Building an Access Control System

...STUDY 1 Building an Access Control System As a member of the Information Security team at a small college, you have been made the project manager to install an access control system (ACS) in a dormitory. The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system. The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door. Create a 3-4 page project plan for this project in which you: Include a one-half page project scope statement. Define five (5) major tasks, each with one to two (1-2) subtasks. Also write a brief description for each task. Create a Gantt chart illustrating the project tasks (use Microsoft Project or a similar project management program). Create a system diagram illustrating the equipment and connections required for this project (use Microsoft Visio or a similar software package). Building an Access Control System CIS210 Building an Access Control System Introduction An access control system is fundamental in reducing security issues as well as controlling the personnel allowed to access a given place. Its main objective is to ensure limited persons are granted the rights of access. This access can be granted by checking on criteria such as workplace, home or any other specified locations. The access control......

Words: 1248 - Pages: 5

Premium Essay

Building an Access Control System

...Your proposal may include, but you are not limited to the following item listing. Before each class meeting, please provide a paragraph or more on each item on the list. Your group should send this information to me via email at billbaig@gmail.com in addition to your team leader approved status report and time cards. These assignments will count as individual skills assessment grade, which is 15% of your overall grade in this class. Feel free to make additions or edits as needed, but make sure if you omit anything of this list, you are able to provide proper justification for it. Do not just provide list of hardware or software directly from the web. Be sure to thoroughly research and make appropriate recommendation based on your studies of various hardware/software. In addition, a diagram for each list item is recommend, illustrating precisely your recommendations for the provided case study. All information presented in your proposal MUST have in-text citations and a work cited section for the references used in your proposals. EVERYTHING SUBMITTED SHOULD DIRECTLY RELATE TO THE PRESENTED CASE STUDY AND NO COPYRIGHT MATERIAL! The recommended order to accomplish this proposal is as follows: Week 2 • LAN and WAN requirements – explain the LAN and WAN infrastructure of the doctor’s office network • Wiring – type of wire, length, cost, outside contractor, etc • Network Diagrams – current network infrastructure and proposed network • Network Hardware – routers,......

Words: 1078 - Pages: 5

Premium Essay

Case Study 1: Building an Access Control System

...Project Scope This project scope is to install Access Control System (ACS) in the college dormitory. To identify the project’s goals, objectives, deliverables, tasks, costs, deadlines, expected leading staffing and none-staffing resources needed (Bidgoli, 2014). For a project this size, the company is limited to using current staff to complete the project. The size of the dormitory is five doors entering and exiting the building. The building has five moving cameras installed located at each doorway. The project is set for thirty days completion timetable. The current system analyst will be the project manager, and his responsibilities are as follows: • Project planning – identifying the project task estimating the completion time and cost of the project. • Project Scheduling – Creating a timetable for specific tasks. • Project monitoring – Guiding, supervising, and coordination the team's workload, and making decisions based on the team's workload and taking action to make corrections to keep the project on track. • Project reporting – This includes updates from his management, about current users and project team members on attitude and the overall effort of the team. (Rosenblatt J.H., 2014) A successful project will be completed on time, within budget and deliver a quality product that meets all requirements that were requested. A listing of the primary task and subtask are as follows: • Obtain equipment 1. Request bids from different vendors. 2. Evaluate...

Words: 326 - Pages: 2

Premium Essay

Case Study 1: Building an Access Control System

...Running head: CASE STUDY 1 BUILDING AN ACCESS CONTROL SYSTEM 1 Building an Access Control System Case Study 1 Holly Dillon Professor Jennifer Merritt Systems Analysis and Development CIS/210 April 28th, 2014 BUILDING AN ACCESS CONTROL SYSTEM 2 Building an Access Control System Project Scope Description As a member of the Information Security Team at a small College, I have been made the Project Manager to install an Access Control System (ACS) in a dormitory. For this small College an ACS (Access Control System) needs to be implemented to unlock the dormitory doors, to record a person as they use their identification card to unlock the door. An electronic proximity reader is needed to integrated with the existing security camera system with the camera’s being able to face and rotate at the door. The tasks to put in place are simple and easy to follow along with guidelines for each step. Rosenblatt. (2012). The five major tasks with descriptive information that I am putting in place with a timeline for the project are as follows: Rosenblatt. (2012). Obtain Authorization To obtain documentation authorization you on the go ahead of the project, its planning, implementation, testing, and training of the system 1 Day Develop Plan Developing a......

Words: 886 - Pages: 4

Premium Essay

Case Study 1: Building an Access Control System

...Case Study 1: Building an Access Control System Building an Access Control System Marcelino P Figueroa Dr. Shah Strayer University, Woodbridge - VA ​This Project consist of a team of five specialists that will work together to successfully build an Access Control System for a College campus that has existing cameras. Pete will be leading the team of five on this project with that he will also be responsible of the projects progress, he will be in constant follow up with the senior management to deliver real time project completions and analyzing every task throughout the way. The first task is to Order all that is need to build the access control system. Pete assigned Chris, Kevin, Tonia, and Rich to review the industry leading ACS (Access Control Systems) methods in order to better fulfill the college campus’s security needs, they have two days to complete the task. Tonia has been assigned to select the components within four hours once complete she has to select the materials which needs to be complete within four hours. Chris is responsible on ordering the selected components and materials within two hours, while the ordering task is under-way, Jerry posted the maintenance signs all around the college campus to create awareness of the work that’s in the process. Once the components and materials are received in its entirety Chris, Kevin, Jerry, and Rich will team up to build and install the access control system. Once the installing task is complete,...

Words: 369 - Pages: 2

Premium Essay

Information Security Policy

...Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. With advancements in technology there is a need to constantly protect one’s investments and assets. This is true for any aspect of life. Bloom Design is growing and with that growth we must always be sure to stay on top of protecting ourselves with proper security. For Bloom Design the measurable goals and objectives are website traffic and building security throughout our various buildings. This means we’ll have to implement certain security features to protect Bloom Design and our customers. What we’re trying to protect is both data and material. By this I......

Words: 4226 - Pages: 17

Free Essay

Access Control Systems

...Abstract Access control systems were examined to determine if a network based system would be more reliable and beneficial. Two major systems were determined to be very beneficial to the company. In contrast, the systems would consume a great deal of resources in order to be put into full working order at all sites worldwide. Together these findings suggest that using a network based system can ultimately serve the company better and create a more secure environment for the research and the employees. Keywords: Access control, CCURE, Locknetics, security, networking   Network Based Access Control Systems: What Are They? Personal and confidential information can easily be accessed at sites if the access to the specific areas is not updated quickly enough. To secure and protect this data, technology must adapt to mitigate the threats and risks. Applications and services are becoming mobile across multiple resources, sometimes in a dynamically allocated way, necessitating the migration of sensitive and private data. I propose a network based access control system to address the inadequacies of current technological solutions in preserving the confidentiality and privacy of data, along with the safety and security of the site. More specifically, I describe a solution for securing all Bristol-Myers Squibb sites throughout the world. Access control systems have become a basic way of life for many businesses, especially large businesses. There are many different......

Words: 2919 - Pages: 12

Free Essay

Ris Management

...Assessment Methodology: Key Principles of External Building Security Presented By Name Institution Instructor Course Title Date of Submission Abstract External building security is a critical part in the building design process in order to construct a building that provide conducive social, intellectual, creative, and physical activities of its shareholders. There are numerous key principles of external building security with ability to withstand various attack types. This paper lists, describes and assesses these principles. Security is a fundamental part of the building design process and should be considered as an issue that provide clear guidance regarding the design, methods and materials of building that enhance effective, acceptable and affordable security to all building stakeholders. Planning of a building should be conducive to all intellectual, physical, social, and creative activities of the stakeholders. Buildings should be secure enough to provide lively as well as welcoming operational environment that does not over-power, impersonate or institute personal hazards while accommodating range of activities. External building security, right from the preliminary stage to final building construction, focuses on the built environment, threatened internally and externally by vandalism that includes graffiti and glass breakage, theft, arson, and burglary. It addresses actions taken to protect buildings, property and assets against......

Words: 1514 - Pages: 7

Premium Essay

Ccsecurity Mp Outlin

...independent document incorporated by reference into the TBP Architecture District Master Plan for the Chabot College campus new construction and building improvements. To develop the Security Master Plan, CATALYST has first performed numerous site surveys and interviews, analyzed crime index data, reviewed the relevant technologies, and assessed the campus physical environment to define the risks and vulnerabilities that need to be addressed for a long-term vision of campus security. From this goal set, CATALYST has developed the guidelines and recommendations for the District to standardize the approach and cost of physical security on their campuses. The Security Master Plan will include the topic sections listed in the outline following. The primary intent of the Security Master Plan is to define security mitigation standards that integrate efficiently with new building construction and building improvements, saving upgrade costs today by planning for the campus of tomorrow. By first prioritizing the identified campus risks, and then using a multi-faceted approach from the key areas of physical environment, security staffing, and feasible technology, CATALYST will present a clear security philosophy to guide the selection and implementation of campus security upgrades. The Security Master Plan will be developed to address long-term system compatibility, communication...

Words: 1345 - Pages: 6

Premium Essay

Information Security Policy

...Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. This new strategy guide for Bloom Design Group provides a comprehensive strategy for providing a safe and secure work environment. Several new policies and procedures will be implemented as a result of these new ideas. Bloom Design Group will have little trouble in adhering to the promised plan based on the their assets and experienced personnel. The goals implemented will include new user accounts and access policies and controls. These goals will allow for monitoring for all persons using the network and view all...

Words: 3916 - Pages: 16

Premium Essay

Access Controls Systems

...accomplish this we will have proximity card readers to access the dormitory as well as card readers on the doors to the rooms. The proximity card is the most popular access device as well as inexpensive and long lasting. The holder is identified to the system by the proximity card used. The aspect of the proximity card is that it only needs to be held near the reader to work. Cards can be printed with the student’s pictures for added security. Each student of the dormitory will be issued a card that has access to the dormitory as well as access will be provided for each individual dorm room. The constraint of the project is that we must use the existing security camera system which is designed to face and rotate to record a person as they use their identification card to gain entrance to the building. The proximity card must only allow students who live in the dormitory access. The system should deny access to anyone who is not authorized to enter the dormitory. What the new proximity system could do is lower the reported theft incidents reported. The ACS will not operate in the event there is a power outage. The system must have a failsafe door in this event to allow student entry or departure. The first task is to review the current security system to identify if any additional equipment will be needed. Upon review of the system we found that closed circuit cameras work in conjunction with access systems. The cameras are designed to face and rotate to......

Words: 741 - Pages: 3

Premium Essay

Physical Security Operations

...perimeter, and the interior. OUTER PERIMETER Your actual property line defines the outer perimeter. In controlling the outer you must control who can drive/walk onto your property. You can use barbed wire fence, a guard shack. You need to weigh the risk of an intruder entering your property and the cost of the available physical security measure. There are two concepts involved in perimeter security, which is Natural Access Control and Territorial Reinforcement. Natural Access Control is the use of building and landscaping features to guide the people as they and enter/exit a space. You all also want to discourage intruders to close any and all potential exits. potential (1) Clearly defined entrances the first thing to the access control is the approach to your area. That is can a car drive onto your property without it being notice? If this does happen that means you need to consider of using curbs, barriers, gates to direct the traffic to a single control area. A guard shack would be a good deterrent to any intruder. Now there is the foot traffic to consider now. Can an unauthorized person walk into your building without being noticed? There should be at least one entrance to the building and the foot traffic should be direct to a receptionist or guard shack. Roof access is another problem are for the building. The only ones that should direct access to the roof is the...

Words: 717 - Pages: 3

Premium Essay

Final Information Security Policy

...Disaster Recovery Test Plan 8 3.3.1 Walk-throughs 8 3.3.2 Simulations 9 3.3.3 Checklists 9 3.3.4 Parallel testing 9 3.3.5 Full interruption 9 4. Physical Security Policy 10 4.1 Security of the building facilities 10 4.1.1Physical entry control 10 4.1.2 Security offices, rooms and facilities 11 4.13.Isolated delivery and loading areas 12 4.2 Security of the information systems 12 4.2.1Workplace protections 12 4.2.2Unused ports and cabling 13 4.2.3 Network/server equipment 13 4.2.4 Equipment maintenance 13 4.2.5 Security of laptops/roaming equipment 13 5. References 14 Executive Summary The objective of this proposal is to present the information security policy created for Bloom Design Group. The issue of a company’s network security continues to be crucial because the results of data loss or significant system failure can be disastrous for a company. An alarming number of companies fail to realize how vulnerable their network is to internal, external, and environmental risks. One of the top priorities of an organization should be maintaining and securing its network in order to protect its important and vital assets. The plan will outline the steps needed for Bloom Design Group to ensure the security of all data systems and equipment within their organization. The CIA triad of information security outlines the areas of protection that need to be addressed; information confidentiality, information integrity, and information...

Words: 3568 - Pages: 15

Premium Essay

Failed Project Essay

...with restricting physical access by unauthorized people (commonly interpreted as intruders) to controlled facilities, although there are other considerations and situations in which physical security measures are valuable (for example, limiting access within a facility and/or to specific assets and controls to reduce physical incidents such as fires). Security unavoidably incurs costs and, in reality, it can never be perfect or complete - in other words, security can reduce but cannot entirely eliminate risks. Given that controls are imperfect, strong physical security applies using appropriate combinations of overlapping and complementary controls. For instance, physical access controls for protected facilities are generally intended to: • deter potential intruders (e.g. warning signs and perimeter markings); • distinguish authorized from unauthorized people (e.g. using pass cards/badges and keys) • delay and ideally prevent intrusion attempts (e.g. strong walls, door locks and safes); • detect intrusions and monitor/record intruders (e.g. intruder alarms and CCTV systems); and • trigger appropriate incident responses (e.g. by security guards and police). It is up to security designers to balance security controls against risks, taking into account the costs of specifying, developing, testing, implementing, using, managing, monitoring and maintaining the controls. Physical access control is a matter of who, where, and when. An access control system determines who is......

Words: 2097 - Pages: 9