Friday, August 16, 2019
Network security threats Essay
The purpose of this memo is to let you know the importance of network security. Here I will discuss the network security threats, law that affects network security and processes and procedures for disaster recovery, data backup, and data restoration along with future action plans. Network security threats can be defined as any method used to try to breach the security of a network or system (Tulloch 2003). The goal of network security is to sustain and defend three critical properties of information, which are confidentiality, integrity and availability. This threats originate from variety of sources such as External and internal. External threats are structured threats from malicious individuals or organizations and unstructured threats from inexperienced attackers such as script kiddies. Internal threats are threats from disgruntled employees or contractors. Various network security threats exist. Some of the threats are Firewall and System Probing, Network File Systems (NFS) Application Attacks, Vendor Default Password Attacks, Denial of service (DoS) attacks, Social Engineering Attacks, Electronic Mail Attacks, Spoofing, Sniffing, Fragmentation and Splicing Attacks, Easy-To-Guess Password Compromise, Destructive Computer Viruses, Prefix Scanning, Trojan Horses and Reconnaissance attacks. The top three security threats to a network are discussed in below paragraphs. Disgruntled Employees This is the most common network security threat. Disgruntled employees, who are the group most familiar with their employerââ¬â¢s computers and applications, including knowing what actions might cause the most damage can create both mischief and sabotage on a computer System. The disgruntled current employees actually cause more damage than former employees do. According to Parmar, the common examples of computer-related employee sabotage are entering data incorrectly, changing and deleting data, destroying data or programs with logic bombs, crashing systems, holding data hostage and destroying hardware or facilities. Denial of Service (DoS) Attacks According to Tulloch (2003), DoS is a type of attack that tries to prevent legitimate users from accessing network services. In this type of threats, the attacker tries to prevent access to a system or network by several possible means. Some of these are: Flooding the network with so much traffic that traffic from legitimate clients is overwhelmed; Flooding the network with so many requests for a network service that the host providing the service cannot receive similar requests from legitimate clients; and Disrupting communications between hosts and legitimate clients by various means, including alteration of system configuration information or even physical destruction of network servers and components. (Tulloch 2003) Malicious Code and Electronic Mail Attacks. According to Parmar, malicious code refers to viruses , worms , Trojan horses , logic bombs, and software (uninvited). Electronic e-mail attacks are emails that hackers send to compromise network systems and whenever companies accept this e-mail from the Internet that have exposed versions of the sendmail program are potential targets from this attack. NETWORK SECURITY LAWS As such, no network security laws exist for network security. However, some of the acts that are applicable for network security threats are discussed in below paragraphs. Privacy Act of 1974 The concept of information privacy has been one of the most critical issues. It takes into serious consideration. Imagine a world without information privacy. The lack of information privacy creates a breeding ground for technological sharing and distribution. In 1974, the Privacy Act of 1974, passed by the Unites States Congress, states that: No agency shall disclose any record, which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains (ââ¬Å"Privacy Act of 1974â⬠88 Stat. 1897). CFAA ââ¬â Computer Fraud and Abuse Act. According to Robinson (2003), the current United States law of information security is the Computer Fraud and Abuse Act (18 U. S. C). It was originally enacted solely as a computer crime statute, but in its present form, it imposes both civil and criminal liability for a wide variety of acts that compromise the security of public and private sector computer systems. DMCA ââ¬â The Digital Millennium Copyright Act The Digital Millennium Copyright Act (17 U. S. C), provides that ââ¬Å"no person shall circumvent a technological measure that effectively controls access to a work protected under this title [the Copyright Law]â⬠. (Robinson, 2003) There are other laws (acts), such as the Wiretap Act, the Stored Communications Act, and the Computer Security Act are also applicable on network security threats. PROCESS AND PROCEDURES FOR NETWORK SECURITY The three important techniques used by companies to protect their network are firewalls, encryption and VPN, which are discussed below: Firewalls Firewalls are used to control access between networks. It separate intranets and xtranets from the Internet so that only employees and authorized business partners can access. Firewalls are implemented by Packet filtering to block ââ¬Å"illegalâ⬠traffic, which is defined by the security policy or by using a proxy server, which acts as an intermediary. Encryption To protect against sniffing, messages can be encrypted before being sent (over the Internet). In general, two classes of encryption methods Secret Key encryption (DES) and Public Key encryption (RSA, public and private key are needed) are used today. Public Key encryption is incorporated into all major Web browsers and is the basis for secure socket layer (SSL). Virtual Private Networks (VPN) VPN maintains data security as it is transmitted by using tunneling and encryption. Tunneling creates a temporary connection between a remote computer and the local network. Tunneling blocks access to anyone trying to intercept messages sent over that link. Encryption scrambles the message before it is sent and decodes it at the receiving end. Another important area for companies are (implementing) Security policy, Disaster Recovery and Business Continuity (plans), which are discussed in below paragraphs: Security policy Security policy is defined as rules, directives and practices that govern how asset, including sensitive information are managed protected and distributed within an organization. Every organization should define and document a security policy that defines the limits of acceptable behavior and how the organization will respond to violation of such behavior. Security policy defined should be concise, to the point, easy to understand and widely publicized in the organization. The security policy implemented should ensure compliance with all laws. The security policy should be reviewed periodically to respond to changes in technology or circumstances. There should be restrictions on playing of computer games on corporate computers and visiting of non-productive web sites using corporate network. In addition, employees should be monitored for prohibition against taking copies of certain corporate electronic document out of office, use of pirated software and use of corporate e-mail account for sending the personal e-mail. Proper Documentation for Disaster Recovery and Business Continuity There are various types of vulnerabilities associated with computer-based information systems. Now these daysââ¬â¢ organizations are being more dependent upon their computer systems, therefore the survival of business depend very much on the security of these systems. Initially (few years back), physical disasters such as floods a hurricane, and fires were the most probable security risks. Nowadays, computer operations are also liable to loss or damage from hackers, computer viruses, industrial spies and similar causes which until recently were in the realms of science fiction. The terrorist attacks on September 11, 2001, showed that there is a big difference between disaster recovery and business continuity. In the past, disaster recovery meant getting computers and networks up and running after a hurricane, flood, fire, or other disaster. However, September 11 taught a broader issue getting the business up-and-running. According to McNurlin & Sprague (2006), Business continuity broadens the discussion to include: Safeguarding people during a disaster; Documenting business procedures so that not dependent upon a single employee; Giving employees the tools and space to handle personal issues first so that they can then concentrate on work; Alternate workspace for people and Backup IT sites not too close but not too far away; Up to date evacuation plans that everyone knows and has practiced; Backed up laptops and departmental servers; and Helping people cope with a disaster by having easily accessible phone lists, e-mail lists, instant-messenger lists so people can communicate with loved ones and colleagues. CONCLUSIONS The goal of network security is to sustain and defend three critical properties of information, which are confidentiality, integrity and availability. The most common threats to network security comes from disgruntled employees, DoS attacks and malicious code attacks. All these threats try to breach the security of a network or system. Various information security and privacy laws exist, which must be followed by companies while installing and managing their computer network. Various techniques such as firewalls, encryption and VPN are used for securing network. In addition, security polices and disaster recovery and business continuity plan are implemented for securing network. FUTURE ACTION Below are some methods for securing network from the top three security threats to a network. Disgruntled employees type of threats can be limited by invalidating passwords and deleting system accounts in a timely manner by network (system) administrator. According to Tulloch (2003), defenses against DoS attacks can be done by disabling unneeded network services to limit the attack surface of companies network ; enabling disk quotas for all accounts including those used by network services; implementing filtering on routers and patch operating systems to reduce exposure to SYN flooding ; base-lining normal network usage to help identify such attacks in order to quickly defeat them ; and regularly backing up system configuration information and ensuring strong password policies. To prevent malicious code attacks from occurring, regular check with vendors to ensure systems are running a correct version of sendmail or some more secure mail product are necessary. Network Security through Software and Hardware can be implemented by: â⬠¢ Modular and cheaper workgroup firewalls. â⬠¢ By having host based and network based Intrusion detection systems â⬠¢ Active security by providing auto mated responses to agents. â⬠¢ Centralized management â⬠¢ Content filtering â⬠¢ Acceptance of PKI â⬠¢ By having token, smartcard or biometric based access solutions. Some basic protecting tips for computer (in network) that should be provided to all the staffs in the organization are: â⬠¢ Always use Anti-virus Software â⬠¢ Download security updates and patches regularly and update computer systems. â⬠¢ Do not check or download emails and attachments from unknown sources: â⬠¢ Back Up your data regularly. â⬠¢ Use Firewall â⬠¢ Do not share access to your computer hard drives in network Attachments. REFERENCES Tulloch, M.2003, ââ¬ËMicrosoft Encyclopedia of Securityââ¬â¢, Microsoft Press, Washington, United States of America. Parmar, S. K. & CST, N. Cowichan Duncan RCMP Det (cmpl), ââ¬ËAn Introduction to Security Manualââ¬â¢ McNurlin, B. C & Sprague, R. H 2006, ââ¬ËInformation Systems Management in Practiceââ¬â¢, 7th ed. , Pearson Education, New Jersey United States Congress, Privacy Act of 1974. Public Law No. 93-579, 88 Stat. 1897 (Dec. 31, 1974) CERT Training and Education software Engineering Institute (2006). Information Security for Technical Staff, Student handbook, Camegie Mellon University, USA Robinson, S, 2003, ââ¬ËU. S. Information Security Lawââ¬â¢, accessed on October 20, 2007 from .
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment