Answer to Question #277529 in Computer Networks for Qwame

1.

Use strong authentication:

Password-cracking technology is quite advanced, and stronger passwords spawn forests of Post-it notes on monitors. And many employees share passwords.

The alternatives are expensive, and general deployment is beyond the means of most organizations. A more cost-effective compromise is to apply strong multifactor authentication only to particularly sensitive applications or systems, such as HR or accounting.

Segment LANs:

Host-based systems usually deploy agents, but network-based systems rely on LAN sniffers. Monitoring a single internet connection is easy, but finding good locations -- choke points -- inside often-chaotic LANs can be more difficult. Ideally, you'd have one sniffer for each LAN segment. In a large network, this is unwieldy, impractical and will probably overwhelm you with worthless alerts.

A better tack is to treat your LAN as a series of enclaves, each of which comprises its own zone of trust, segregated by firewalls at the point where each connects with the corporate backbone.

Secure your desktops:

You can't depend on users to be responsible for all their configurations, but if you're using Microsoft's Active Directory service, you can use group policies to lock down desktops across your enterprise.

Group policies allow a security manager to set configuration details for the OS and its components (Internet Explorer, Windows Media Player, etc.), as well as other apps.

2.

Confidentiality:

When protecting information, we want to be able to restrict access to those who are allowed to see it; everyone else should be disallowed from learning anything about its contents.

Availability:

Availability means that information can be accessed and modified by anyone authorized to do so in an appropriate timeframe. Depending on the type of information, appropriate timeframe can mean different things.