CIS502 discussion post responses. Respond to the colleagues posts regarding: Access Control Models If you were going to design an access system that would control people getting into your favorite or most valued items (e.g., financial records, health records, or other sensitive files), what things would you consider based on your readings from Chapter 14? Make sure you address all the possible avenues of attack that could be exploited. Remember, security measures are designed to slow and draw attention to attackers. No system can completely prevent a successful attack. KF’s post states the following:Top of Form Access Control Models If you were going to design an access system that would control people getting into your favorite or most valued items (e.g., financial records, health records, or other sensitive files), what things would you consider based on your readings from Chapter 14? Make sure you address all the possible avenues of attack that could be exploited. Remember, security measures are designed to slow and draw attention to attackers. No system can completely prevent a successful attack. First of all we need to decide what exactly our defense mechanism is going to protect. There are cloud defense mechanisms, network defense, and application defenses to name a few (I’m using all three for my MOST FAVORITE ITEM!). As many students have discussed the defense in depth approach is great. The layered security measures are an excellent way to acknowledge security within an enterprise environment. I would like to get more into that layered approach and the different layers of the “castle” if you will. Regarding access systems and the defense in depth approach, physical, technical, and administrative controls need to be implemented. Physical DiD: Locked doors, security cameras to organizational assets, barriers to prevent collisions, proper lighting within areas that should be lighted. Hacking Physical DiD: Locked doors <brute force: through wall> were breaking in so screw it! Security cameras can be accessed remotely prior to hacking the system or accessed within the LAN after jacking into the source. Barriers can be bypassed with the right mapping, and lighting, again, if connected on a server can be bypassed with jacking in and the proper scripting. Technical DiD: As we all have learned AV software, IDS, IPS, SIEM’s, Logging and Monitoring would all be considered Technical DiD aspects. Hacking DiD: AV software can be manipulated with Advanced Evasion Tactics (AET). IDS and IPS are useless once inside of the LAN, were jacked in hard already so were fine there. SIEM’s can be tricky, but the right script will erase all logs so we were technically never even there (locally or remotely). Administrative DiD: Administrative DiD would consist of access controls for users, privilege settings,super userconfigurations, what programs can be executed/read/write/run. File access, server access, server access locations, file access locat ...