Infrastructure and Security of Information Network - Coursework Example

Infrastructure and Security of Information Network Affiliation Table of Contents List of Figures Figure Infrastructure and Networks Relationship through the Internet … 6 Figure 2. Logical Topographical Layout of the Network …..…………….……. 6 Figure 3. Physical Topographical Layout of the Network ……………….….… 7 Abstract In any organization network design, infrastructure and security are the top priority solutions. There in need for solid infrastructure and security policies, to ensure organization information is safe. The world security thereat have increased from time to time thus the need sufficient knowledge by the government and institutions on how to manage the securities vulnerabilities. This paper section designs and provides network infrastructure and security logical and physical topographical layout. Additionally, it illustrates access paths and points for the server placement within the infrastructure. The section explains the reason for the design of the layouts to the IT experts and to the management team of infrastructure and security systems. Next, this paper section provides the organization security policy for infrastructure protection through use of CIA principals. The section provides detailed discussion of vulnerabilities of infrastructure and security and provides the solutions for the information network. Lastly, this paper section provides employee behavior ethical aspects, usage of password in the organizations, contractor’s, from the access of networked resources and information. Keywords: Infrastructure, Security, Network, Information network, CIA, Topographical Introduction Information Network In any organization, there exist different information network components. The basic component accessible is the computer. In addition, we have software’s existing as protocols of communications, and the hardware consisting of channels. The hardware’s, software’s, and computer components form an individual system (Anderson, 2005). When individual systems are connected, they become a network. A network consists user and production applications information, operating systematically and simultaneously to carry out company functions. Information networks are flexible, thus allow adding, removal and changes from one network to another making the operations and structures of large networks dynamic (Anderson, 2005). Networks allows for access of routers, printers, switches, workstations and access points. The functions carried out by various networks may range from word processing, routing, storage to data analyses. The networks are structured together form internet, which surpasses organizations and national boundaries. Moreover, that is why we need solid infrastructure and security. Infrastructure and Security Organization operates through vital information; the information needs security from unauthorized personnel’s access via the internet, through use of solid infrastructures. Infrastructures are the foundations of an information network (Anderson, 2005). Solid infrastructures are essential for solid security in organizations on national and international levels. Security is the essence of data information privacy from non-wanted internet users or exploitation by personnel who might harm or profit from the information stored in the company’s databases (Anderson, 2005). Infrastructures consist of components, providing services through computers and networks. Below is a form of infrastructure components. Figure 1: Infrastructure and networks relationship through the internet (Anderson, 2005) The diagram above provides the infrastructure relationship among different network, financial companies, universities, commercial companies, and government agency through the internet. The inter-dependence of these structures makes the network vulnerable to security breach by unrelated networks. There is need to design a topographic layout for the network. Information Network Topographical Layout Logical Topographical Layout Figure 2: Logical topographical layout of the network (Student, 2015) In the diagram above, the logical topographical, of the network involves software for drawing of vectors and diagramming through ConceptDraw, Cisco. The diagram portrays the internet, firewall, and routers for the network. The logical layout design assist to display IP addresses assigned to devices and hosts (Anderson, 2005). Additionally, logical networks and routers showed for the logical display of the network. Physical Topographical Layout Figure 3: Physical topographical layout of the network (Student, 2015) The diagram above for physical network design is more detailed than the logical layout as much of the physical characteristics are displayed. There is physical location of the network is displayed and the devices connections within the network shown (Anderson, 2005). The physical layout includes, the mail server, web server and file server displayed in full tower cases, the switch [Ethernet] is a rectangular box, administration office are workstations represented by the icons of computers. The classrooms represented by computer icons are external connections. The router is displayed, no firewalls and IP addresses displayed. Information Network Topographical Layout Rationale Logical and physical topographical layouts are essential for all organization network systems due to the need for security. Security is the key essences for the complexity and the technological advancement of the networks. There is need for trouble shooting in the networked systems and in managing the interactive systems. Reasons for Logical Topographical Layout When a problem of internet failure arises, IT department can pin point the routers that need action immediately to safeguard information or avoid internet blackout. The layout allows the changing of defect routers and the update of unsecure firewall. Reasons for Physical Topographical Layout In case of physical hacking attempts, IT department is able to locate physical areas through the physical topographical layout and block the signals to resolve the alarming threat. The unwanted visitors can access the system through the physical location mapping and thus the layout need to be secured from public unauthorized access. Overall, the layouts assist to pin point security checkpoint when problem arises. However, some security threats are much sophisticated or more vulnerable when the system functionality is low, thus there in need for a comprehensive security policy to protect the company information and address ethical aspects concerning the information network. The security policies will include password controls, operating systems, and hardware security management. The next section will provide vulnerabilities of the information network infrastructure concerning the company security. Vulnerabilities of Information Network Infrastructure Vulnerabilities of the information network exist where the network is weak and allows unauthorized access to company high sensitive data. Computers can expose information to other computer is due diligence is not followed in securing servers. Network protocol implemented encryption schemes may be attacked at the level of operating system or hardware level. The threats of attack may be from the physical location or through the internet server hacking technology. Vulnerability Assessment There is a challenge in the identification of the emerging threats to the system due to speed of technological advancement in the world and the insufficient information by policy makes on security of information (Feruza, & Tao-hoon, Kim, 2007). We have various types of network vulnerabilities present in the network components, the configuration vulnerabilities, the technology vulnerabilities and security policy vulnerabilities. There is need to mitigate these forms of threats to avoid exploitation of the vulnerabilities mentioned above. Technological vulnerabilities. This threat involves the high technological expertise required in the analysis of the new threat. Every time an identification of firewall vulnerabilities by experts is made, the technology changes before the new threat is completely solved (Anderson, 2005). The experts need to keep up with the new technologies and buy the latest devices throughout. Configuration vulnerabilities. There are high intelligence devices available currently in the computer and mobile markets. Use of encrypted data transmits information to unencrypted devices leading to data mismanagement. The encryption of data require high tech configuration but usage of data through cloud website allows tracking and resetting of password leading to information loss. Security policy vulnerabilities. The government and policy makers in the sector of information security have insufficient knowledge of the computer technology laws. The professional in the security offer better approach to some securities threats, than they should concentrates on the superb solutions. Governments and key stakeholders of the security system concentrate on firewalls and systems in formulating policies due to confidentiality, integrity, and availability (Feruza, & Tao-hoon, Kim, 2007). Applications of CIA Triad Principals in Information Network Security Policy According to Feruza, and Tao-hoon, Kim (2007), confidentiality, integrity and availability (CIA triad), involves the information security principles standard. The aim is to protect the company assets and infrastructure from confidential information bleaching. The corporations, governments, hospitals have confidential information concerning their staff, their finances, their customers and products that need to be private. All the information is available electronically and the access of it through transmission from one computer to another allows secondary unintended access. Competitors of rival firms can benefit from such information or a country gets military information of another country. CIA legally and ethically allows for suits, fines, penalties, and business closures for individual who access confidential information through unauthorized channels i.e. hacking, stealing, or soliciting (Feruza, & Tao-hoon, Kim, 2007).The three principles will be explained in briefly and their application to the information network Confidentiality No disclosure of information to unauthorized personnel’s defines confidentiality goal by CIA. Encryption of credit cards is one of the confidentiality measures; there is limit of card appearance in log files and databases during transmission. If a person attempts to access the credit card data from a different source or different ways there is breach of confidentiality. The network or the system application allows the holding private information securely. Integrity Modification of data is not allowed without due authorization. When one deletes vital data from the system, i.e. an employee changes salary payment from the accessed database of the payroll payments, there is violation of integrity (Feruza, & Tao-hoon, Kim, 2007).When employee accidently misspells of mistypes information this compromises data. Integrity application allows employees to be careful when dealing with the network and to avoid modifying the available data. Availability This application allows for the accessibility of information when required. All systems operating a function in a company need to be functional throughout i.e. storage computer system, channels of communication and the security control need to work well (Feruza, & Tao-hoon, Kim, 2007).The systems should be clear from power cuts, malfunctions of the hardware, and must have controlled system upgrades. Ethical Aspects of Information Network An ethical approach of the information network allows employees to resist from compromising the reputation or organization through disclosure of confidential company information. The employee should ethically retain confidentially at all times and maintain a high level of respect to the information in his hands. The employee behavior should be honest and inclined toward the company involved in the resources and information dealings (Feruza, & Tao-hoon, Kim, 2007). The password provided by the company to employee should not be shared with anyone. The contractors during business dealing are granted varied confidential information and password, which they should be trusted to keep out of reach from the unwanted intruders and observe integrity of the access of the resource and information (Anderson, 2005). Ethical behaviors of trustworthiness and honesty need to be observed by all parties and stakeholder with access to networked resources and information. This will ensure solid infrastructure and security. Conclusion In conclusion, infrastructure and security are the basic components of the information network. To compromise infrastructure and security of organization’s network would lead to catastrophes losses both financially and ethically. The losses can be avoidable, through use of solid and secured computerized information systems, infrastructures, and networks. The information network consists vital company information running the company, thus network infrastructure and security require confidentiality, integrity and availability. References Anderson, K. (2005). Intelligence-based threat assessments for information networks and infrastructures. Network Risk Management, LLC. Retrieved from http://www.aracnet.com/~kea/Papers/threat_white_paper.shtml Feruza Y. S., & Tao-hoon, Kim. (2007). IT security review: privacy, protection, access control, assurance and system security. International Journal of Multimedia and Ubiquitous Engineering, 2 (2), 17-32. Read More