Network Security as a Business Benefit - Case Study Example

? NETWORK SECURITY S. # Table of Contents Page Introduction to Network Security 3 2 Role of Network Security: How does it protects you 4 3 Concept of network security 4 4 Types of Attack System 6 5 Network security as a Business Benefit 9 6 Security Management 9 7 Summary 10 8 References 12 NETWORK SECURITY Network can be defined as `any set of interlinking lines resembling a net, for example, ‘a network of Roads ’. Any interconnected system can be termed as a network. Hence interconnected computers formulate a simple network system. It is irrelevant to know that how they are connected. Network security refers to any activities designed to protect your network. According to Radack efficient network security plays a crucial role in preventing the unwanted treats from entering on your network. (213) INTRODUCTION: It consists of various policies to prevent the misuse of the data or unauthorised access of the data by users who does not own it. Certain provisions and policies are made in this regard by the administrator, to ensure confidentiality of data .This system is so designed that authorization of access to data in a network is controlled by the network administrator only without interference of any other person. For this purpose, all users are given a separate ID i.e. the identity of the individual and a password by the administrator so that access to information and programs are allowed by that user only within their authority. It is a complex job and can be tackled by efficient, experienced and well-trained experts. Network security system is a combination of many computer networks which can be either public or private. It includes everyday jobs like conducting transactions and communications among businesses, government agencies and individuals. Networks can also be private, such as a network dealing a specific company, and others which might be open to public access. In organizations, enterprises, and other types of institutions Network security is involved so as to maintain the confidentiality of their data (King, 10). Role of Network Security: How does it protects you It performs the key role as the name indicates as quoted by (Bragg et al) : Unauthorized access: It secures the network, and does not allow any unauthorized access. Confidentiality : It also plays a chief role in protecting and overseeing operations being done and preventing their unknown user access. A Unique Name : Protection of a network resource requires the corresponding password and unique name as mentioned above in an earlier section. Executing Commands Illicitly: It is undesirable for an unknown and non-trusted individual to execute and run the commands server machines. Security system doesn’t allow any such activities. Protects the system from Viruses, worms and Trojan horses: Many antiviruses are developed so that a secure system may be provided. Concept: The key feature of network security is allocating the user, commonly with an authentic username and a password. One-factor authentication: The password is something which known by the user only. This can he termed as one-factor authentication. Two- factor authentication: This something the user already has can also be used as his identity. For an example, A security token An ATM card Mobile phone number Any of the above belongings can be used as an individual’s identity in a secured network. Three-factor authentication: Every individual can be identified by something the user is. For an example, A fingerprint Retinal scan Firewall: It enforces access policies blocking the unauthorized network access. For instance, which services may be allowed to be accessed by the user in certain network? This feature is plays a very helpful and efficient role in preventing the unauthorized access to the data. The only drawback of this component is that it way fails to detect any potentially harmful error like ‘Computer worms’ are being transmitted over the network (Radack, 215). Proxy According to Okechukwu et al.,( 480) Process of having one host act in behalf of another host is known as proxy. A proxy Server is a host that has the ability to fetch documents from the Internet. The document will be fetched by the proxy server while returning the result to the client. This is how all users on an intranet can access resources without requiring the need to talk directly on the internet. Anti-virus and anti-spyware Antivirus software or an Intrusion prevention system (IPS) helps in detecting and inhibits the action of viruses attacking a system. Such Anti-virus software includes ‘MALWARE’. An Anomaly-based intrusion detection system : It identifies spreading threats, such as zero-day or zero-hour can also monitor the traffic of network for any suspicious content from any resources. Virtual private networks (VPNs) : VPNs provide secure remote access (King, 11). Types of Attack System Attack to a system is a common problem. Networks can be subjected to various attacks from different sources. System attacks can be from two categories 1- Passive 2- Active Passive Attack: It is when a network intruder intercepts data travelling through the network. Passive and active attacks can be further divided to the following: Network Wiretapping : It can be explained as the controlling of the Internet and telephone talk by the third party, often by clandestine ways. Passive wiretapping can monitor or record the traffic, where as active wiretapping alters or otherwise affects it. An Idle scan : It is a method that consists of sending spoofed packets to the PC to find out which services are available. Port scanner : Can be defined as a software application which is designed as a server or host for open ports which can be used by the administrators so as to verify security policies by the attackers. (Rutledge et al, 300). Active Attack This is the one in which an intruder initiates commands to disrupt the network's normal Operation. Denial of attack : This is an attempt to make a machine or network resource unavailable to its intended users. ARP poisoning : It is a technique in which the attacker sends fake messages onto a Local Area Network. Format string attack : This type of software may be used to exploit the security of a network. Buffer overflow : Safety of memory is violated by the special case. Smurf attack : On the victim network, significant network traffic is generated. This type of attack is also known as denial-of-service (DoS) attack. Spoofing : According to (Bragg et al) Spoofing is a situation in which one person or program successfully disguises as another by falsifying data and thereby gaining an advantage. Heap overflow : Buffer overflow occurs in the heap data area. SQL injection : Attack to a website is usually done by this technique. Man in the middle : In a computer security system, the man in middle works as an active eavesdropping where attackers connects independently with victims, and relays the messages among the victims as to believe that they are contacted without involvement of a third party over the private connections. While the fact is that the entire conversation is being controlled by the attacker. Network security as a Business Benefit Company will experience many business benefits in the presence of an appropriate network security system in following ways: 1- Company is protected against disruption playing a chief role in keeping the employees more active. 2- Mandatory regulatory compliance is easily met by the company as the data of customers is kept confidential. 3- Risk of legal action from data theft is reduced. 4- Helps in maintaining the reputation of the company which is the chief assets. (Robert) Security Management Management of security is required at different scales. This is required at just the basic level for a home or small office while it advances with the large businesses. According to (Bragg et al) it may require the advanced hardware and software in order to prevent attacks from spamming and hacking. In Homes And Small Businesses Setup: Threat management system and a basic firewall are a must. Antivirus or anti-spyware should be properly installed for windows Password protection for wireless connections. Assign appropriate IP addresses to network devices. Review router or firewall logs. Using passwords for all types of accounts Children should be well aware about the security (Okechukwu et al, 487) In large businesses Setup Strong firewall & proxy to avoid the access of unwanted people. Antivirus software. Use strong passwords and change it on a weekly/biweekly basis for proper authentication. Precautions must be exercised by the employee for physical security Prepare an appropriate network analyzer or network monitor and use it when needed. Security guards can help to maximize security. (Rutledge & Hoffman, 300) In schools : A flexible firewall and proxy network which allows authorized users access from external and internal sources. Internet security system with a good antivirus program is always a prime choice. Supervision of teachers, librarian and network administrator in order to maintain higher standards of protection in schools (King, 11). Summary: Network security is a very challenging and difficult task. However, it has shown improvement in past few years and has managed to reduce the risk of unwanted user access which was a problem faced from the very beginning. Every organization needs its own proper security system in order to maintain the reputation of their company. Once a reliable system is built everything that goes on with the network can be evaluated with respect to that policy. Since, security is absolutely a difficult topic, and everyone has their own ideas and approach about it. It is advancing day by day but, still requires more improvement with support of advance of technology, which will be achieved in the near future. REFERENCES: Boncella, Robert. ‘Web Service and Web Service Security’ .New York, Washburn University. 2004 Bragg, Mark, Keith Strassberg. ‘Network Security: The complete reference’. Information System control journal. 2004. King, S., ‘Threats and solution of web services security’. 2003. 3(9): 8-11. Okechukwu, Muogilim, Kok-Keong Loo, Richard Comley, ‘Wirelss mesh network Security: A Traffic Engineering Management approach. Journal of Network and Computer Applications, 2011. 34(2): 478-491. Radack, M.S. ‘Security in Open System Networks’ Computer Standards & Interfaces, 1990. 10(3): 213-218 Rutledge, S.L., & Hoffman. J.L. ’A survey of Issue In network Computer Security, Computers & security, 1986, 5(4): 296-308. Read More