The security of data and information in an organization is paramount. This is because all the activities and decisions made depend on the integrity of data systems. A breach of the security system of data and information would be disastrous to the organization. It is important to put the appropriate systems into place that would help secure the organization’s data and information against possible invasion from malicious quarters.
This refers to viruses, worms, and Trojan horses. A virus is malicious computer software that replicates itself in a computer system (National Institute of Standards and Technology, 2006). A worm is a self-contained malicious program or a set of programs that spreads full copies or smaller portions of itself from one computer system to another through network connections, email attachments, or instant messages (National Institute of Standards and Technology, 2006). A Trojan horse is usually disguised as a popular program, which secretly installs its code on the host computer and opens a network port for the attacker to take control of the infected computer (National Institute of Standards and Technology, 2006).
Types of Attacks
There are several types of attacks precipitated on servers, clients, and mobile devices. These include the brute-force attack, which attempts to break passwords by cycling through a number of possibilities (Meyers, 2009). Another is the dictionary attack through which attackers capture encrypted password files and try to compare them with dictionary words that most people use as passwords (Meyers, 2009). There is also shoulder surfing, social engineering, and phishing. Lastly, physical access to servers, clients, and mobile devices is also another threat.
This is important in fostering security for web servers, email servers, and file, print, database servers. OS hardening can be implemented by installing the latest web server and browser software and applying the most recent security patches (National Institute of Standards and Technology, 2006). This should be implemented by the administrators. Administrators should ensure that file servers are secured by passwords to prevent unauthorized access. The general staff should ensure they employ best practices such as safeguarding the passwords and enforcing confidentiality when handling sensitive files.
Network infrastructure attacks
These can be carried out through back door attacks. This malicious program avails a port to the hacker hence they can control the infected system (Meyers, 2009). The port availed by the malicious program is usually that not used by network services. Through the use of bugs, malicious users can gain access to the system by by-passing device security checks. A hacker may overload a specific network grounding the flow of information to a halt. Administrators should install the latest firmware and software and scan their network devices in order to identify unused ports.
They include the DMZ where a high number of publicly accessed network systems are located. Control of traffic is administered by an administrator firewall. There is the NAT that allows private IP addresses to be translated into routable addresses to be used on the internet. NAT and sub-netting ensure that internal addresses are not accesses by external forces, thus addressing the problem of spoofing (National Institute of Standards and Technology, 2006). VLAN enables the segmentation of large physical networks. It provides security because users in one LAN will not access other LANs on the same network.
Network Device Hardening
It refers to the examination of the network infrastructure for security vulnerabilities. This is done by installing the latest network software and constantly checking for newer updates. The latest security and bug-fix patches should also be installed on network systems. Configuration settings can be optimized to exclude optional services that can be exploited for malicious intent (National Institute of Standards and Technology, 2006). In addition to this, all network devices like routers and switches should be secured to prevent unauthorized access into the network. For wireless networks, encryption of data is the best security measure.
HIDS and NIDS
These are used to deter intrusions into networks. NIDS analyzes network activity and data packets for suspicious activity. It determines whether data packets have been changed on transit, or contain suspicious codes, or even malformed or corrupted. Notice is then sent to the administrator via an alarm system. HIDS examines a specific device or host for suspicious activity. It detects attacks from a user physically working at the console. It then alerts the administrator. HIDS should be installed on specific devices in a network while NIDS should be established on specific points of the network.
Possible threats to wireless networks include data emanation, wardriving, and rogue access points and devices. Security measures to address them include service set identifiers that call for network passwords and names, MAC address filtering, WEP security, WPA and WPA2 security, and personal firewall (National Institute of Standards and Technology, 2006).
Access Control Methods
Administrators should adopt proper access control and authentication policies. This can be done through the creation of login IDs and passwords. The passwords should be reinforced through the use of long, non-dictionary alphanumeric combinations of characters, regular password rotation, and aging. Network file servers should be propped with file access permissions per-user or group basis (Meyers, 2009).
User Accounts and Password Management Policies
For security purposes, user accounts should be restricted through appropriate naming conventions, limiting login attempts, disabling unused accounts, setting time and machine restrictions, and use of tokens (Meyers, 2009). Important password policies include the setting of a minimum length of passwords, and password rotation, and aging.
It can be accomplished through the use of serial cable networks and dial-up modems. Modern methods involve the use of complex VPNs. They can be secured by encrypting information over the network so that it is not captured by unauthorized users.
The various VPN protocols are PPTP, L2TP, and IPSec (Meyers, 2009). PPTP decrypts PPP packets in order to create VPN connections (Meyers, 2009). L2TP is a hybrid of PPTP and L2FP created by Cisco systems (Cisco Systems Inc., 2007). IPSec provides privacy, integrity, and authenticity to information transferred across IP networks. I would recommend the L2TP since it offers authenticity, privacy, and integrity of data being transmitted; hence, it is more secure (Meyers, 2009).
These include PAP, CHAP, RADIUS, LDAP, TACACS, Kerberos, Biometrics, among others (Hassell, 2002). I would recommend CHAP, which is more secure than PAP as it prevents replay attacks by hackers who capture data and resend it (Cisco Systems Inc., 2007). I would also recommend RADIUS especially in the case of dial-up modems (Hassell, 2002). TACACs are also recommendable as it works with dial-up modems.
Physical Security Measures
Several physical security measures can be taken to secure building/housing networks. Such measures can be achieved through laying down of physical barriers, e.g. fences and gates, so as to restrict unauthorized persons from accessing network infrastructure in the buildings (Meyers, 2009). Various rooms can also be further secured through the application of burglar-proof locks and alarm systems on their doors. Employees working in the buildings should also wear identification passes to distinguish them from posturing aliens. Finally, all areas of the building should be well illuminated to deter intruders and provide security to employees.
Cisco Systems Inc. (2007). Understanding and configuring PPP CHAP authentication. Cisco tech notes. Web.
Hassell, J. (2002). RADIUS. Securing public access to private resources. Cambridge, MA: O’Reilly and Associates.
Meyers, M. (2009). Mike Meyers CompTIA security+ certification passport (2nd ed.). McGraw Hill.
National Institute of Standards and Technology (NIST). (2006). Guide to general server Security (Special Publication 800-123). Washington, D.C: U.S Department of Commerce. Web.