StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security Best Practice Guidelines for Businesses - Admission/Application Essay Example

Cite this document
Summary
The author of this essay entitled "Security Best Practice Guidelines for Businesses" touches upon the Intrusion Detection System (IDS) which is a critical precautionary tool that monitors the network through monitoring packets that are passed within users…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.7% of users find it useful
Security Best Practice Guidelines for Businesses
Read Text Preview

Extract of sample "Security Best Practice Guidelines for Businesses"

The Intrusion Detection System (IDS) is a critical precautionary tool that monitors the network through monitoring packets that are passed within users. The first and easiest application of an Intrusion Detection Systems for security purposes is known as application isolation. Securing an internet environment requires a dynamic, collaborative effort that is also associated with the efforts the IT internal audit. The traditional mainframe is not cost effective, requires patience, and is not as feasible as cloud computing. As the concept IT systems continue to evolve, security becomes a crucial element also. Securing an internet environment is crucial towards mitigating the risk of a corporation in order to ensure that malware and security issues are rectified. One of the most interesting tools that provides Optimum Security is known as Secunia PSI. The problem is the fact that intercepting authentication or other sensitive information can be executed with the current WAN technology since it utilizes the traditional TCP/IP in user domains. Moreover, spoofing can also be conducted since an intruder can deceive the network that it recognizes a possible unauthorized access. The article does not mention much about Spoofing but focuses on DoS attacks more. In addition, more emphasis can have been placed on creating VLANS and access lists as an avenue for monitoring. There isn’t much discussion about F5 load balancing or bandwidth issues either that the user can run into with a NSM. The functionality of Secunia PCI is to act as an IDS and an anti-virus system. It scans the PC and identifies programs. It then supplies your computer with the necessary software security updates to keep it safe and scanning. One of the most prominent idea of this software. The User Domain, one of seven domains in an IT infrastructure, is considered to be the domain most at risk for attack and compromise, primarily due to the inherent weakness of the human interaction element. There are several types of attacks on the User Domain that are prevalent, as they can be quite successful against an uninformed or untrained employee. By implementing good company policies and ensuring that best practices against these attacks are used, an organization should be able to mitigate the risks found in the User Domain. The whole focal point of User Domain is to ensure that segregation of duties is conducted in computer’s main frame. Before attempting to observe the issue, it is essential to understand the focal point of user domain itself. This is a huge focal point in managing security in IT networks. In essence, user domain is defined as set of objects that allow a user to have controls and permissions.  Unlike traditional firewalls that only guard the parameters of the traditional IT infrastructure, Secunia PCI firewalls provide comprehensive security measures that monitor activity within clients. If one machine is to be attacked by a host, the other machine automatically copies data in almost dynamic time that the user is not aware of the situation. Clearly, that is a huge benefit for organizations since it allows them to have a safety net in case of an attack. The Intrusion Detection System (IDS) is a critical precautionary tool that monitors the network through monitoring packets that are passed within users. The actual running software is on the local host and not in a cloud environment. This tool is more designed for one particular host and can be run online, but is not preferred. It is a very solid foundation of computer security but can be supplemented with Wireshark as well. Inside attacks can be vast and potent depending on the type of attack. For instance, an executing script can copy sensitive information and can make one central machine a master. This master-to-slave configuration can be used with full throttle for malicious attacks. Hence, segregation of duties as mentioned above should be embedded between the servers and the computer desktops to ensure sensitive information is not copied or modified. From my humble opinion, Secunia is a good software but is very basic. It should be supplemented with other programs such as Wireshark. In order to mitigate this risk, an open source tool known as Wireshark can be utilized. Wireshark can be extremely effecting understanding ingress and egress traffic to ensure that the network is stable, securing and functioning. For larger organizations, Secunia PC is not sufficient. However for a personal host, it is a good tool. The auto updates is a huge plus not to mention that BI dashboards. It has a very active GUI, which is easy on the eyes and installs missing software patches which is idea for security. I think the tool can be used for variety of reasons. First and foremost, human flaws are always a huge issue, and Secunia lacks the capability to do so.. Social engineering has plagued many organizations because attackers have found constructive ways to loop into the system. Social engineering for user domains should be based on layering approach. Hierarchy should be followed to ensure user domains have permissions based on hierarchy needs. Another huge aspect of social engineering is loopbacks and text fields. For instead, spoofing is conducted on regular basis for a user account domain password, which can expose vulnerabilities in the system itself. The logic should be embedded that if an intruder tries to attempt to put incorrect passwords, the system recognizes that. In most cases, Windows and even other open OS such as Ubuntu have been embedding smart logic behind engineering of user domains.This is a great resource to ensure that social engineering does not lead to vulnerabilities. Social engineering occurs when a user is manipulated to trick a person into weakening a component of the system itself. One of the biggest dilemmas with social engineering is the fact that a hacker can obtain critical information via personnel relationships. This can be chaotic and cause many in adverse issues. Another method that plagues the dilemma of social engineering is pretexting. Pretexting occurs when a hacker calls an IT personnel for instance and give scenarios that will allow a hacker to have a perception for hacking. A huge problem with human engineering is avoiding SQL Ad hoc injections.Secunia can be connected to third party solutions which can be detrimental. The fourth element that important to address was to rectify the SQL ad hoc injections. In essence, the intruder can easily get access to the SQL and execute queries to derive personal information. In any given website, sensitive information may be present such as password and usernames, which can lead to further information. The first remedy to this solution is to place this network in a private server that saves all the sensitive information. The second tier of defense that can be embedded is a vendor solution known as EasySoft.EasySoft is great third party solution that will halt an intruder from injection malicious code intro strings.This is a great tool and can be embedded into all departments because it can perform IDS Moreover, it embeds hierarchy of database permissions that build a layer of security within SQL. For instance, if the user table would not succeed in running a query, it will only allow SELECT access command instead of update/delete. This means that the intruder cannot modify the contents within the SQL, which makes an environment more safer for transferring data. References 10 security best practice guidelines for businesses | ZDNet. (n.d.). ZDNet. Retrieved April 20, 2014, from http://www.zdnet.com/10-security-best-practice-guidelines-for-businesses-7000012088/ Skiba, D. J. (2011). Are you computing in the clouds? understanding cloud computing. Nursing Education Perspectives, 32(4), 266-266-268. Retrieved from http://search.proquest.com/docview/894330516?accountid=10477 Sturgeon, J. (2010, Testing the waters of cloud computing. Scholastic Administr@tor, 9(4), 27-27-28. Retrieved from http://search.proquest.com/docview/199589279?accountid=10477 L. Todd Heberlein, Gihan V. Dias, Karl N. Levitt, Biswanath Mukherjee, Jeff Wood, DavidWolber1990 IEEE Computer Society Symposium on Research in Security and Privacy Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Security Best Practice Guidelines for Businesses Admission/Application Essay”, n.d.)
Retrieved from https://studentshare.org/information-technology/1659795-secunia-psi-vulnerability
(Security Best Practice Guidelines for Businesses Admission/Application Essay)
https://studentshare.org/information-technology/1659795-secunia-psi-vulnerability.
“Security Best Practice Guidelines for Businesses Admission/Application Essay”, n.d. https://studentshare.org/information-technology/1659795-secunia-psi-vulnerability.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security Best Practice Guidelines for Businesses

Information Security Risk Assessment Framework

A set of guidelines for organizations is necessary.... businesses that create and manage risks are responsible for accountability and risk acceptance.... Baskerville records that designers design information system security models that are safe according to the set guidelines.... The law tasked NIST to set guidelines and standards.... The guidelines apply to all components in information system network; information processing, storage or transmission....
15 Pages (3750 words) Annotated Bibliography

Systems Management and Security for Wal-Mart Business

10 Pages (2500 words) Coursework

Information security legislation

This realization is increasing in the wake of increasing theft occurrences and other information security… Organization currently need standards, in the past many organization mostly tended to use a single information security standard for example BS 7799 part 2 (an Never the less, times have changed and the recent past has seen a lot of regulations and legislation which impacts information security.... nformation security is an organization problem, and not a technologically one....
19 Pages (4750 words) Essay

The Role of Information Technology Infrastructure Library

The purpose of this study is to establish whether ITIL provides the best practice guidelines for IT service management.... he role of information technology (IT) in today's world is of extreme importance for the smooth running of businesses and other organizations.... Many governments and organizations around the world have now accepted the guidelines as industry standard over the years....
12 Pages (3000 words) Essay

Attack Prevention Article Evaluation

orks Cited10 Security Best Practice Guidelines for Businesses | ZDNet.... om/10-security-best-practice-guidelines-for-businesses-7000012088/... There are several types of attacks on the User Domain that are… By implementing good company policies and ensuring that best practices against these attacks are used, an organization should be able to mitigate the risks found in the User Domain. ... By implementing good company policies and ensuring that best practices against these attacks are used, an organization should be able to mitigate the risks found in the User Domain....
2 Pages (500 words) Essay

Security of Big Data

One of the best elements of Big Data is the fact that it reduces any 'guesswork'.... The paper "Securing of Big Data" explores firms must be aware that certificate authority servers are vulnerable to data loss.... When deploying their own certificate, which is a better solution, organizations are extra cautious of these elements to protect themselves against these attacks....
8 Pages (2000 words) Case Study

Information Security as an Important Process

The paper 'Information Security as an Important Process' presents Information technology that is an area that has received much prominence in recent times, following the need for businesses to globalize and exploit opportunities existing beyond the borders of the country.... Realizing the importance that information and technology play in businesses, organizations have started making strategies.... The idea of businesses relying on information to create competitive advantages for their success has come with various unethical practices that other people have begun engaging in....
12 Pages (3000 words) Case Study

The Strategies Applied in Computer Security

… Computer SecurityIntroductionSeveral businesses are required to allow authorized access from distinctive security domains.... The Computer SecurityIntroductionSeveral businesses are required to allow authorized access from distinctive security domains.... This is simply because new data applications exists, which introduces very complex to data security administrators.... This is simply because new data applications exists, which introduces very complex to data security administrators....
8 Pages (2000 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us