1 Using the concept of defense in depth what layers might we

1) Using the concept of defense in depth, what layers might we use to secure ourselves against someone removing confidential data from our office on a USB flash drive?

2) If the Web servers in our environment are based on Microsoft’s Internet Information Server (IIS) and a new worm is discovered that attacks Apache Web servers, what do we not have?

I believe for this we would not have risk?

Solution

(a)

1. One way to protect confidential information is to encrypt all the data we store.

Laptop and desktop computers can be fitted with hard drives that automatically encrypt all data held.
There are many software vendors who provide this software. When the system is booted, we can prompt for a
password to make sure the owner of the machine is logging in. This login is different from the
traditional login we have on the systems.

Once booted these systems operate exactly the same as computers with ordinary drives;
however, if lost or stolen the information stored will remain confidential.

Software utilities will create encrypted archives of files and folders. These can be written onto CDs, emailed as attachments etc.

2. Backup the data either through the cloud or on different device.

3. Anti malware protection

4. there are chances that files deleted from the system is stolen.. to avoid that overwrite the deleted file..

(b)

There are many mechanisms available to safeguard Microsoft IIS from any type of attacks.
Loopholes always exist irrespective of how much we try to protect..
There are external softwares available to protect IIS like dotDefender.

There can be no system which is 100% secure. Every system can be hacked..