Company network analysis
The company in analysis throughout the course of this paper is IBS Electronics. The company is a global distributor foe electronic products and components. The company majors with the difficult to find electronic components and parts, selling of electronic components online, delivery of services to customers, and the manufacture of military electronic parts and components. In the theoretical risk assessment of the current network service that has been installed by IBS Electronics, the focus of the analysis will be on assets, threats, and vulnerabilities. With regards to the assets, so much is at risk when conducting an analysis on the current network system. The company stands to loose so much from a network failure, interruption, or unauthorized access into the network. The company may loose the direct contact of their online customers in the event there is a hitch in the network. This will result in loosing of business and a decrease in the profit margins of the company. A network failure might also expose important information that has been stored by the network online. With regards to vulnerability, the company is at a high level of risk.
Network Threats
The network is not protected and the sections that are firewalled are not efficiently secured. One a scale of one to three, the protection that the company has attached to its network system can be represented by three on a 1 to 5 semantic scale analysis. The security that has been installed in the company is 60 effective. This leaves a lot of loop holes on the system and thus brands the system not effectively secured. The threats that the system is exposed to are classified to as being either internal or external. The internal threats are those that originate from within the organization and the immediate company network. The internal threats include virus, malware, potentially unwanted programs, internal unauthorized access, and mismanagement of the network resources. The external threats include external unauthorized access, hacking, and ISP network failure. For this reason, there is need to install additional measures to ensure that the risks being faced by the network are dealt with effectively. (Dubrawsky, 2009).
Security Measures
Some of the measures that can be taken to ensure that the system is safer include the installation of a system monitoring strategy, the implementation of an IDS/IPS, effective comparison of the monitoring system methodologies for the ignorant CIO, conducting an effective audit on the network system security, and the installation of proper and effective logging techniques. Some of the important aspects to consider with regards to system monitoring include keeping track of update and archive errors, ensuring that there is an availability gauge, and keeping the short dump processes on check. There should also be an analysis on the entire network so as to ensure the monitoring system installed is in line with the network’s minimum requirements. The effective implementation of an IDS/IPS system ensures that the intrusion detection system is effective. This will directly translate to an improvement in the networks security.
Networks Effectiveness
The CIO system should be made more effective by ensuring that there are options installed on the network to address the serious network flaws and the various internal network anomalies. Although CIO’s have established themselves as being safe, ignorance is not an option. Regardless of whether the security is safe, implementing network security still remains a priority. In conducting an audit on the security details of the network, it is important to ensure that tests such as the penetration are made. In such an analysis, the strength and effectiveness of passwords is conducted. The access control list is also an important section to analyze, and so is the unauthorized access of data and the audit logs security. It is also important to assess back-up storage, commercial applications, configuration and code changes, disaster recovery plans, and cryptography within the network with regards to the fine details. (Samuelle, 2008)
Definitions
Information security has varying definitions throughout the different information and technological fields. The important things to note about the definition of information assurance include transmission of data and information, storage of information, the processes involved in the transmission of data and information, and the management of risks involved in this processes. Therefore, information assurance is defined as being the practice or process of effectively managing the risks involved in or associated with the transmission or transfer of data and or information. The differences between the symmetric keys and asymmetric keys are majorly founded on the nature of these keys and their functionality. Whereas only one key is symmetric key needed to encrypt a message, more that one asymmetric key; both private and public keys are needed to encrypt information. PKI is short for Public Key Infrastructure. This refers to the different sets of people, software, hardware, procedures, and policies. These are usually important in the creation and management of different procedures, digital certificates as well as distributing and storing information. One of the greatest weaknesses of hashing algorithms is visible in passwords. These are also important in looking at the different configuration and codes used for security. (Stewart, 2008).
References
Dubrawsky, I. (2009). CompTIA Security+ Certification Study Guide: Exam SYO-201 3E. Amsterdam: Elsevier Publishers.
Samuelle, T.J. (2008). Mike Meyers’ CompTIA security+ certification passport, second edition. New York: McGraw-Hill.
Stewart, J.M. (2008). CompTIA security+ review guide. Indianna: Wiley Publishers.