Effectiveness of Internet and Network Security Measures - Research Proposal Example

RESEARCH PROPOSAL Effectiveness of Internet and Network Security Measures 1 Introduction 1.1 Background of the Study As discussed in the literature review section, some of the common threats facing organizations operating and communicating by means of computers and networking technology are malicious code, information leakage, zero day exploits, unauthorized software, unethical employees, and complex network infrastructure . Note that these threats are internal (information leakage, unethical employees etc.) and external network issues (malicious code through e-mail, websites, file transfers, removal media, etc). Information leakage issues (external) stems not from computer codes but malicious employees who either intentionally or by accident published confidential information to a website or file sharing services. For this reason, most organizations according to are conducting background checks, implementing access restrictions, user activity monitoring and auditing, strict policy on portable device, and “zeroization” or the process of filling storage device spaces with zero before disposing it. In contrast, since malicious codes (external from the Internet) can go through any communication channel such as Internet websites, email, portable devices, and others, the most common network security measures employed are networking traffic filtering (Firewall), scanning incoming files by anti-malware program, and user behavior modification . The above network security measures are established practices but according to they are not permanently effective because a winning security strategy is one assuming that a security measure is breakable. The reason is the fact that attackers tend to double their effort whenever an organization identify and implement new security measure. Moreover, an effective security strategy is one that prevents or makes attacks difficult to carry out, and easily recover from a successful attack. In July 2012, a hacker claimed that he had breached Verizon FIOS’s (a telecom company) server and taken about 3 million accounts. Verizon denied the claim but the data in question was publicly available a month after. Another hacker managed to circumvent the security measures Standford University website and dumped around 600 email addresses and other personal information last December 2012 . Data derived from the Cyber Attacks Timeline suggest that targeted attacks occurred throughout the year as shown in Figure 1. Figure 1 - 2012 Attack Distribution The motives behind these attacks are Cyber Crime, Hacktivism, Cyber Warfare, and Cyber Espionage while the techniques used for the attack vary as shown in Figure 2. Figure 2 - Techniques used in the attack The targets of these attacks are mostly government institutions, industry, organizations, education, military, law enforcement, and so on as shown in Figure 3. Figure 3 - Common targets of attack Targeted attacks against large organization according to are complex, perpetrated by technology experts, and can result to millions of dollars in losses. Symantec study of targeted attacks suggests that such type of intrusions increased by 42% in 2012, routinely occurring, and costly. For instance, the estimated global law-enforcement cost of targeted attacks is nearly 400 million dollars . Successful Internet-based targeted attacks seems connected to changes in stock price of the affected organization and 2.1% drop in firm’s value . In 2003, CSI or the Computer Security Institute and FBI study of 530 American corporations suggest that 56% of unauthorized computer systems use occurred within 12 months. Statistics from 1997 to 2003 as shown in Figure 4 shows that the cost of computer crime is rising every year. Similarly, research conducted by the Ponemon Institute to quantify the impact of Internet-based attacks in 2012 suggest that its average cost is around 8.9 million dollars . Figure 4 CSI/FBI Findings about the cost of computer crime 1.2 Problem Statement Internet-based attacks causes millions of dollars in damages thus effectiveness of network security measures is critical. However, statistics shows that from 1997 to 2012, hackers still managed to penetrate network security measures, steal intellectual property, do espionage activities, disrupt business processes, and cause significant economic damage despite sophisticated security measures. 1.3 Research Questions a. What is the most common network security strategy applied to Internet-based network intrusion? b. What are the useful features of this commonly used network security strategy? c. How network managers measure the effectiveness of their network security measures? d. Why network security measures still fail despite understanding of the risk and implementation of accepted network security practices? e. What improvements are necessary to minimize possibility of intrusion and ensure effectiveness of network security measures? 1.4 Objectives a. To be able to gather sufficient information about network security practices. b. Understand the reason why network security measures fail. c. Identify best practices and suggest improvement to minimize possibility of intrusion and enhance effectiveness. 2 Literature Review The ability of the Internet to link people and resources worldwide resulted to bigger network security problems mainly because the internal company network of organizations connected to the Internet is now vulnerable to external threat around the world . For this reason, the previously simpler security policy for LAN or local area network now contains more restrictions, sophisticated and stronger encryption, and solid authentication framework . These include multi-factor authentication, port-based network access control, risk analysis, security education and development of security team structure, and policy enforcement guidelines . Also known as host firewall, a software firewall filters traffic that reaches the network interface of its host (hardware and operating system). The type of software firewall is determined by the security services it provides. For instance, a firewall working in the application layer of TCP/IP protocol stack provides encryption, application-level gateways, and connection for SOCKS for proxy server. In contrast those that are in the transport, network, and data link layer provides packet, IP, and MAC address filtering , However, aside from competing for available resources with other application and processes on the host, a software firewall can only serve and protect a single host during a malicious network activity . A personal software firewall on the other hand is commercially available for individual home and SOHO systems, and client/server network. Similar to SmoothWall, a hardened bootable Linux-based firewall, personal software firewalls are often integrated in other firewall products such as wireless access point or a cable/DSL modem . Compared to stand alone hardware-based firewall , software firewalls are cheaper but difficult to configure, requires adequate knowledge of firewall’s security features and operating system limitations . Hardware-based firewall is capable of handling two to three network interfaces including dual-home firewall, the tripled-home firewall, and Web Application Firewall that can carry HTTP traffic in applications running at Application Layer 7 such as Web browsers, FTP, Telnet, and others . Cisco’s Stateful Firewall (a type of firewall that continuously tracking the state of network connections passing through it. It is capable of stateful inspection and filtering, can create flexible control rules, and versatile in the sense that it can be implemented along with dedicated firewall appliances, router, or switch-based firewalls . The major advantage of hardware-based firewall over software-based is additional and faster bandwidth (the number of packets a firewall can process per unit of time) and reduced latency, It performs faster because of dedicated hardware processing, operates at wire line speed, and capable of handling more applications such as multimedia and QoS.. The higher cost of upgrading the firewall is its main disadvantage as it requires replacing the expensive hardware as well . Since firewalls protect network and hosts, its performance is highly dependent on the underlying networking technologies. From this perspective, a router-based packet filtering firewall may be more effective in preventing unauthorized access . For instance, a hardware-based firewall such as NAT router with built-in packet filtering, address and port-blocking features for instance offers additional security because NAT routers can hide the IP addresses of computers behind the firewall . Moreover, router supported packet-filtering firewalls are cheap with low impact on network performance. Application layer gateways or proxy firewalls filter packets in the application layer and offer high level of security but significantly affect network performance due to context switches. Detection and prevention according to are complementary approaches in network security and they are commonly focused on encryption and authentication as they can both deter and block attackers. Authentication and encryption technique include message encryption, symmetric encryption, MAC or Message Authentication Code, Hash Function, and Public Key Encryption . In LAN, IPsec provides authentication and data encryption including Web server and client session communication . In contrast, WLAN\s authentication and encryption are often made through WPA2 or Wi-Fi Protected Access 2 . The IBM Security SiteProtector supports correlation and alerting system and IPv6 management. IBM’s intrusion prevention products such as QRadar Network Anomaly Detection used behavioral algorithms, analyze network activities in real-time, and can detect inbound and outbound attacks . In terms of performance and effectiveness, stateful firewall seems more effective as it balances the need for performance and protection, keeps track of. flows and enforce security policies .. However, a firewall in general must perform in a manner acceptable in terms of security, performance, functionality, manageability, stability, and reliability. These qualities according to , are integral in some enterprise-level firewall solutions such the Cisco’s PIX, Checkpoint’s Fire Wall-1, and Microsoft ISA 2000. Although not directly involved in packet processing, network auditing and monitoring is an important part of network security for detecting and preventing abusive network activities.. Auditing is about reviewing the perimeter and configuration controls and the most acceptable method for assessing a firewall’s effectiveness . In contrast, monitoring is about performance and events loggers, diagnostic, network link monitoring, and file transfer tools . Centralization of network security measure is often highly considered as it can provide global correlation and interpretation of audit information . 3 Research Methodology 3.1 Research Design A research design is highly dependent on the problem involved thus the focus is often on understanding the social phenomenon such as perceived effectiveness of existing network security measures. Moreover, research design is commonly based on the details of the problem, research objectives, the target population, sampling plan, and the method for data collection and analysis . . The study therefore must conduct an exploratory research in order to find the level of effectiveness of different network security measures. Exploratory research can help this study examine the issues regarding security measures and gather information that may be applied to resolve both social and technical phenomenon . The proposed research design (see population, sampling technique, data collection and analysis, and timescale below) will confirm, deny, and/or modify existing literature in a number of ways. For instance, although there are existing best practices in network security; their effectiveness is not being explored fully. The eligibility criteria set for the study population will ensure that the right participants are interviewed and provide realistic information about network security measures. Similarly, the sampling technique will make sure that participants and resources are available, and the study of population is representative of the larger population. The data collection and analysis method on the other hand will help this study acquire relevant information from participants and ensure accuracy of the result. The combination of the above will likely produce result that can confirm, deny, and/or modify existing literature. For instance, if the results of the study about why network security fails are suggestive of neglectful human behavior then improvements will be on the area of network security management and policies. 3.2 Study Population Describing the study population is an integral part of research and according to , it should state the eligibility criteria and potential benefits of selecting this type of population as describe below. Participants in this study must be: - A resident of the country where the study is being conducted. - Experienced in network security related issues. - Willing to adhere to the study’s protocol and fully cooperate with the researcher 3.3 Sample Technique Similar to research design selection, the decision about which sample technique to be use depends on the extent of the goals of the research. suggested that exploratory research should use non-probability sampling particularly when the goal of the research is more associated with discovery, understanding, and application of facts. The sample size on the other hand will be based on recommended confidence level, which is 95%. Using an online sample size calculator, a population of 200 people with 5% confidence interval or margin of error will need 132 participants. Note that lower margin of error requires a larger sample size therefore if we increase this by 50% then the sample size for this study will be 4. 3.4 Data Collection Since this is exploratory research using non-probability and convenient sampling, qualitative data collection will be the main data gathering technique and therefore include observation and in-depth interview . - The first step is to secure participants informed consent and other ethical requirements associated with in-depth interview and observation . - The second step is to schedule each respondent for the in-depth interview . - The third and final step is to arrange and prepare the collected data for coding and analysis. Note that data collection and data analysis will be conducted simultaneously as required and following best practices in qualitative research . 3.5 Data Analysis Qualitative data collection requires qualitative analysis technique thus open coding or the process of breaking down, examining, comparing, conceptualizing and categorizing data . The study, therefore data collected from qualitative data collection will be divided into fragments. These fragments will be compared against each other, grouped into categories, and labeled with a code. 3.6 Time Scale ID Description Days 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 1 Submission of Proposal 2 Survey Preparation 3 Data Collection 4 Data Analysis 5 Dissertation Writing 6 Draft Submission 7 Finalization 8 Final Submission 9 Approval 4 References Read More