All papers examples
Get a Free E-Book!
Log in
HIRE A WRITER!
Paper Types
Disciplines
Get a Free E-Book! ($50 Value)

Basic Steps in Order to Protect a Network, Research Paper Example

Pages: 8

Words: 2264

Research Paper

Introduction

There is a considerable threat imposed upon the interception of communications particularly that associated with electronic media.  One of the more common threats relates to that of e-mail. The threat here is two-fold: (i) the interception of messages and communication by hackers and others who are intent on theft of intellectual copyright or business confidential information (ii) incoming messages from the outside that may have attachments and carry harmful viruses that can penetrate the Banks firewall and impose serious damage to the computer network.  The first of these represents a criminal offence and is punishable under the law.  The second may be harmless or careless use of communications that have not been checked with anti-virus software.  The policies here become a little more complex but certain precautions can be taken.  The first is for the system not to accept any external e-mails that contain attachments.

In addition,  those that contain any graphics or graphic files which are often used to harbour Trojans.  Only allow access to the network to those that have security clearance and are deemed to be authorised users of the system. Restrict external file attachments to addresses outside of the system (prevention of data transfer or theft).  The job of the Security Manager has been made much harder in recent years because of items like USB Pen Drives that have high storage capacity.  They can be plugged into virtually any USB port in the system and quickly download data.  Providing the person can gain access they will have the ability to download confidential information files. (White, G.B  1996)

The ability to conceal such devices imposes a considerable security threat to firms. This has been further compounded by wireless networks and the ability of portable computer devices like notebooks and laptops to interface with much larger systems.  Most of the threats come from inside and that is to say employees that have access to certain information.  Where they have passwords, encryption keys etc. They can readily lay claim to important information and data files.   This can easily be copied and then sold to other interested parties.  This type of theft can be difficult to track down and costly to prove. (Michael E. Whitman).

Analysis of security over computer and wireless networks

Before addressing the types of security measures in place over wireless networks, it is necessary to have some understanding of the threats imposed.  These vary from eavesdropping to that of physical intrusion and penetration of your system. Both can be potentially damaging but as a minimum a gross invasion of your privacy.  Threats may be as simples as:

Rogue Wireless Area Networks:  This is where someone may introduce an additional router to your network and thereby gain access to the wider network.  This is essentially a hardware intrusion.  Software applications like Network Magic will detect and report such intrusions to the network administrator.

Spoofing Internal Communications:  This is a direct attack and intervention from outside computers wishing to gain access to your system.  They simulate internal domains and essentially look harmless on the network maps.

Direct Theft of network resources:  This is where your system is hacked and the intruder steals bandwidth to surf the internet.  They can then indulge in a variety of illegal activities that indicates the source as your network.  i.e. downloading pornography, music, video clips etc.  Degradation of your network performance is an indication of this type of attack.

Local Area Network segmentation is one means of improving security whilst offering better operational advantages over the efficiency of the network. (Bradley)

Whilst segmentation is a useful step you will also require wireless encryption which is essentially a means of preventing eavesdroppers on to your personal wireless network.  The early method used WEP (Wireless equivalent privacy) but this was later discovered to be flawed as anyone who gained the key access could join the network.  It was also easily cracked by professional hackers.  We quickly moved over to WPA (wireless protect access).  This used temporary key integrity protocol and provided a much tougher code system to decipher. Even this was not good enough for large enterprise networks that required a much higher degree of sophistication and security.

The dangers of network hacking

Perhaps most people think of computer hacking as the ability to decipher code and invade other systems through the internet.  Unfortunately some of the worst recent incidents have been amazingly simple.  Consider the massive amount of damage that was caused by Wiki Leaks where 90,000 classified military documents were downloaded onto a USB pen drive and smuggled out of a secure establishment.  The leak of this information into the media was an act of insane criminal irresponsibility and may have resulted in putting thousands of active duty service men and women in harm’s way.  (Michael T. Simpson)

Media Companies need to be more responsible in the handling of such information.  The freedom of the press and publishing sensationalist material must have some bounds.  The view that the people have a right to know what is going on is not realistic where Defence or National Security information is concerned.  It is an act of social responsibility and a duty to the country and those who serve the country in the military.  -It was Mike Mullen of the Joint Chiefs of Staff who announced in Iraq that leaked US military documents place soldiers’ lives at risk

Gawker Media are a San Francisco based firm that have a reputation for outspoken sensationalist material with little concern for social responsibility.  It enables the collection of people’s blogs and the distribution of these through other social media sites like Facebook and Twitter.  In this instance they were the victims of a hacker who intruded their systems and extracted a large amount of information from their database that included names, addresses, e-mail addresses,  passwords, source code, internal chats and even gateways into other personal accounts. A group called gnosis claimed responsibility for the attack. The obvious danger here is that of identity theft and possible fraudulent use of credit card information.

The following factors should be considered in a computer security breach:

  • Protection of the Assets:  Includes recording of assets, insurance coverage of assets, secure environment of assets, and back-up of assets;
  • Disaster Recovery:  Disaster Recovery Plan (emergency plan), Business Continuity Plan, security of secondary site;
  • System Security:  Access to the systems, Password protection, control of authorized users (restrictions), security of information (data vaults, secure back-up site);
  • Corporate Security policy:  Ensuring that corporate security policy measures are carried out and enforced.

In recent years there have been a number of serious incidents that give rise to concern.  Surveys have illustrated that many firms risk assessments have shown them vulnerable to loss of data incidents. Further, few firms actually monitor the effectiveness of their security procedures.

Use of ‘White Hats’ to protect networks

The services of a hacker may prove useful in probing and testing for points of vulnerability.  Mobile and wireless devices were particularly vulnerable and had gaping security breaches in them. Hackers working in a controlled environment were able to identify these and thus compile a dossier on the vulnerabilities and weaknesses of the system.  The FBI have seen fit to use Hackers that they have turned from the dark side to the light and as such use their services to help track and locate other hackers that are involved in criminal activities. Similarly security firms can use such teams in order to check the robustness of their security systems.

A person ethically engaged as a hacker to improve Computer Security is termed a ‘White Hat’  This is the only legitimate means of ethical responsibility for hacking. Such conditions may be applied as follows:(Michael T. Simpson)

  • The work will be monitored under the supervision of the security firm and the tests carried out under strict supervision
  • Such vulnerabilities and intrusions will be logged and reported. The White Hat undertakes to commit no harm or malicious act as a result of the testing
  • The testing will be confined to the security parameters laid down
  • The White Hat will sign a confidentiality agreement not to disclose any information resulting from the security testing
  • The White Hat will carefully document all aspect of the security tests being carried out together with a detailed results report
  • The White Hat will make recommendations as to how security improvements might be made by improved security protocols.

One such example is that of David Smith a computer hacker launched the Melissa Virus in March of 1999. The virus that he placed into the internet spread to over 1.2 million computers causing an estimated $80 million in financial damages to businesses. Smith was convicted of computer hacking and the courts sentenced him to 40 years in prison.  He was release some 20 months later after agreeing to work with the FBI in their fight against cyber-crime..

Analysis of litigation issues

The concept of litigation seems most prevalent in the area of IT Security.  Nearly all forms of electronic media have the potential for being involved in litigation cases.  When these instances arise one of the most important aspects will be the gathering of data or information for evidence.  Where it is believed that a criminal act has taken place the computers and network devices may be removed for evidence.  This type of confiscation can impose a serious threat and disruption to the business as the court may instruct the system to be frozen which means that the back-up recovery system could not be immediately invoked.  Failure to comply with court orders can result in very severe penalties.  This impact is mitigated by having the geographical architecture divided into a number of nodes or junctions allowing for components to be removed or bi-passed.  For example if a Bank Branch in the UK was subject to a fraud investigation and the court ordered seizure of the computer equipment at that Branch, then the back could just isolate that node of the network and literally shut it off allowing the remaining nodes on the network to continue operating.  In this way the entire integrity of the Banks’s systems are not compromised.

Dangers of an insecure open network

Essentially conducting business over the internet in an unsecure environment is to place your business at severe risk.  Penetration may come from hackers, viruses, spam, communication breaches and various other media. As such, you need to screen from these intrusions by putting in place suitable firewalls, ant-virus/anti-spam software, data encryption and other security measures to prevent unauthorised illegal entry to your system.  (Convery)

There is a considerable threat imposed upon the interception of communications particularly that associated with electronic media.  One of the more common threats relates to that of e-mail. The threat here is two-fold: (i) the interception of messages and communication by hackers and others who are intent on theft of intellectual copyright or business confidential information (ii) incoming messages from the outside that may have attachments and carry harmful viruses that can penetrate the Banks firewall and impose serious damage to the computer network.  The first of these represents a criminal offence and is punishable under the law.  The second may be harmless or careless use of communications that have not been checked with anti-virus software.  The policies here become a little more complex but certain precautions can be taken.  The first is for the system not to accept any external e-mails that contain attachments. In addition those that contain any graphics or graphic files which are often used to harbour Trojans.

Only allow access to the network to those that have security clearance and are deemed to be authorised users of the system. Restrict external file attachments to addresses outside of the system (prevention of data transfer or theft).  The job of the Security Manager has been made much harder in recent years because of items like USB Pen Drives that have high storage capacity.  They can be plugged into virtually any USB port in the system and quickly download data.  Providing the person can gain access, they will have the ability to download confidential information files. (Internet security: firewalls and beyond).

Ten Steps to protecting the computer network

Strength of network security is measured in layers of defence. This extends from that of perimeter security, through such items as firewalls and intrusion detection, to that of communications security by secure socket layers over virtual private networks (VPN’s).

Pamela Warren of Nortel Corporation proposed the following model for securing a standard systems network.  (Warren).

  • Develop a layered defence policy, providing security points at different nodes within the network;
  • Male people and process an integral part of the security defense plan;
  • Establish the rules and security zone This includes such items as firewalls, access rights, password protection and encryption levels;
  • Maintain systems integrity over all network protocols and client servers. This means reducing the number of patches to the system and eliminating points of vulnerability to attack;
  • Control device access to the system. This means accounting for all devices that allow access to the systems including portable and hand held devices;
  • Protection of network management system. Ensure that all network protection devices are fully operative  and that appropriate switches or by-pass routes may be used in case of emergency;
  • Protect user information. Particularly points of vulnerability on wireless networks;
  • Ensure security logs in place. Audit events on system so as to create an audit trail of the history of events on the system.(Mizrak)

Works Cited

Bradley, T. Secure your wireless network. 6 12 2007. 25 11 2011.

Convery, Sean. Network Security Architectures. Indianapolis: Cisco Press, 2004.

Michael E. Whitman, Herbert J. Mattord. Principles of Information Security, 4th Ed. Boston MA: Cengage Learning, 2002.

Michael T. Simpson, Kent Backman, James Corley. Hands-On Ethical Hacking and Network Defense. Boston: Cengage Learning, 2011.

Mizrak, Alper T. Secure Networking. New York: Verlag, 2008.

Warren, Pamela. Ten steps to secure networking. 29 9 2005. 7 6 2012 <http://www.computerworld.com/s/article/104999/Ten_steps_to_secure_networking?taxonomyId=17&pageNumber=2>.

Time is precious

Time is precious

don’t waste it!

Get instant essay
writing help!
Get instant essay writing help!
Plagiarism-free guarantee

Plagiarism-free
guarantee

Privacy guarantee

Privacy
guarantee

Secure checkout

Secure
checkout

Money back guarantee

Money back
guarantee

Related Research Paper Samples & Examples

The Risk of Teenagers Smoking, Research Paper Example

Introduction Smoking is a significant public health concern in the United States, with millions of people affected by the harmful effects of tobacco use. Although, [...]

Pages: 11

Words: 3102

Research Paper

Impacts on Patients and Healthcare Workers in Canada, Research Paper Example

Introduction SDOH refers to an individual’s health and finances. These include social and economic status, schooling, career prospects, housing, health care, and the physical and [...]

Pages: 7

Words: 1839

Research Paper

Death by Neurological Criteria, Research Paper Example

Ethical Dilemmas in Brain Death Brain death versus actual death- where do we draw the line? The end-of-life issue reflects the complicated ethical considerations in [...]

Pages: 7

Words: 2028

Research Paper

Ethical Considerations in End-Of-Life Care, Research Paper Example

Ethical Dilemmas in Brain Death Ethical dilemmas often arise in the treatments involving children on whether to administer certain medications or to withdraw some treatments. [...]

Pages: 5

Words: 1391

Research Paper

Ethical Dilemmas in Brain Death, Research Paper Example

Brain death versus actual death- where do we draw the line? The end-of-life issue reflects the complicated ethical considerations in healthcare and emphasizes the need [...]

Pages: 7

Words: 2005

Research Paper

Politics of Difference and the Case of School Uniforms, Research Paper Example

Introduction In Samantha Deane’s article “Dressing Diversity: Politics of Difference and the Case of School Uniforms” and the Los Angeles Unified School District’s policy on [...]

Pages: 2

Words: 631

Research Paper

The Risk of Teenagers Smoking, Research Paper Example

Introduction Smoking is a significant public health concern in the United States, with millions of people affected by the harmful effects of tobacco use. Although, [...]

Pages: 11

Words: 3102

Research Paper

Impacts on Patients and Healthcare Workers in Canada, Research Paper Example

Introduction SDOH refers to an individual’s health and finances. These include social and economic status, schooling, career prospects, housing, health care, and the physical and [...]

Pages: 7

Words: 1839

Research Paper

Death by Neurological Criteria, Research Paper Example

Ethical Dilemmas in Brain Death Brain death versus actual death- where do we draw the line? The end-of-life issue reflects the complicated ethical considerations in [...]

Pages: 7

Words: 2028

Research Paper

Ethical Considerations in End-Of-Life Care, Research Paper Example

Ethical Dilemmas in Brain Death Ethical dilemmas often arise in the treatments involving children on whether to administer certain medications or to withdraw some treatments. [...]

Pages: 5

Words: 1391

Research Paper

Ethical Dilemmas in Brain Death, Research Paper Example

Brain death versus actual death- where do we draw the line? The end-of-life issue reflects the complicated ethical considerations in healthcare and emphasizes the need [...]

Pages: 7

Words: 2005

Research Paper

Politics of Difference and the Case of School Uniforms, Research Paper Example

Introduction In Samantha Deane’s article “Dressing Diversity: Politics of Difference and the Case of School Uniforms” and the Los Angeles Unified School District’s policy on [...]

Pages: 2

Words: 631

Research Paper