BSIT380-T301 System Hardening and Network

This week made me realize that security isn't just about making the operating system stronger; it's also about protecting everything from the code to the firmware and hardware. My biggest lesson about software was that security needs to be built in from the start, not added on later. That's why it's important to have a good SDLC and follow safe coding practices, like checking input, using the least amount of privilege, and testing early. It also made sense why third-party libraries and tight deadlines can be a problem: one weak spot can become a real vulnerability. I learned why firmware is so important on the hardware side: it controls low-level functions and is found in almost every device, such as servers, embedded systems, and IoT. If firmware isn't kept up to date and managed properly, it can break everything else. I also learned how hardware can help with a "root of trust," which is useful for things like secure boot and checking the system's in...

This week's lessons were about how businesses use layered security controls and countermeasures to keep important infrastructure safe. The idea of air-gapped systems really stuck with me. Firewalls, intrusion detection systems, and endpoint protection are all useful, but they don't protect systems completely because networks and endpoints often need to connect to the outside world in some way. Air-gapping eliminates that risk by keeping systems completely separate from all outside networks, even the Internet. This extreme approach shows how important it is to control attack surfaces, especially for systems that are very important or sensitive, like industrial control systems or important government networks. The readings also made it clear that air-gapping alone is not enough to fix the problem. Chapman and Maymi say that security should depend on a number of different countermeasures working together, like access controls, monitoring, change management, and endpoint hardening...