Information Technology: Surveillance Security - Assignment Example

The report demonstrates a typical surveillance system for an organization, in order to protect the critical information assets from physical theft, unauthorized access, and natural disasters. Consideration is given to IP camera based surveillance systems, biometric systems for attendance and logging employee activity, Intrusion Detection systems for advanced security and enforcing access policies by active directory. Introduction Due to recurrent technological developments, information and communication technology frequently diverts in new dimensions. The research and development in the context of information and communication technology is very effective. Moreover, the new and advanced form of technology has also facilitated vulnerabilities and threats to be more intelligent. Organizations require advanced protection and security from these threats and vulnerabilities. Security is a mandatory to protect anything that needs to be protected as ‘www.businessdictionary.com’ covers the basics and states it as “Prevention of and protection against assault, damage, fire, fraud, invasion of privacy, theft, unlawful entry, and other such occurrences caused by deliberate action”. A definition associated with information and communication technology will demonstrate the concerns related to network communication privacy, confidentiality of data over the network, accessing unauthorized classified data, access to prohibited network domains and utilizing Internet for concealed communication (Network Security. 2007). The security predictions that were published in an article for the year 2010 incorporates new advanced threats named as advanced persistent threats (APT), Cyber war escalates, VoIP attacks, Perimeter shrinks and harden, social networking sites, malware, DLP for intellectual property protection and malware as a service (MaaS) (Watchguard Unveils Top 10 Security Predictions for 2011. 2011). In order to protect the computer network, organizations emphasize on implementing hardware and software application as well as a framework in terms of surveillance security. Network security issues can lead to many different aspects. For example, if the server containing customer data is breached, organization will lose its credibility and trust among the customer and that will result in business loss. Similarly, if a critical system is hacked by internal or external sources, organization’s financial data along with goals and objectives can be revealed to other competitors. In a legacy network of 1-Click Mobile Phones Ltd, internal security controls are implement but surveillance security is not available. In order to eliminate the threats including unauthorized access, viruses, Trojans, malware and malicious codes, 1-Click Mobile Phones Ltd has decided to implement a surveillance security system that will provide following features : It will track unauthorized access of employees to departments, Monitor activities of employees related to physical interference with critical hardware components, User activity on the network and unusual behaviors will be monitored User authentication and Authorization will be implemented However, organizations implement firewalls to deploy packet filtering, eliminating viruses and malicious codes, intrusion detection system to continuously sense the behavior of the network, incident response teams to recover the loss on immediate basis and IP cameras to monitor their critical information assets on the network. Physical Infrastructure Policy In order to implement surveillance systems, Internet Protocol based surveillance systems are considered more cost effective along with various features. A study conducted by Axis communication in 2010, a company that is a global market leader for professional products and services related to IP surveillance systems. The study revealed that in midsized or small medium businesses, IP surveillance systems are considered cost effective as compared to analog surveillance systems (Cost of IP surveillance revealed to have dropped below analog for midsized installations 2010). In order to meet the requirements for 1-Click Mobile Phones Ltd, a cost effective solution ‘QNAP VioStor VS-2004 Pro’ is feasible and possess many features on an economical price. It is based on a centralized and fast recording platform specifically designed for IP video cameras and supports up to four simultaneous camera connections. The maximum storage capacity is four terabytes by utilizing two drive bays. Moreover, the network video recorder (NVR) can cope up with 800 different IP video surveillance cameras. The operating system for ‘QNAP VioStor VS-2004 Pro’ is Linux, which is considered for a safer and virus free environment as compared to Windows environment. The storage architecture shared RAID hard drive and support UPS. The output and compression formats for ‘QNAP VioStor VS-2004 Pro’ are H.264, MPEG-4, MxPEG and MJPEG. For business continuity, emergency failover, options can be configured as ‘QNAP VioStor VS-2004 Pro’ supports two simultaneous Ethernet interfaces. If one interface goes down due to application or hardware issue, other interface can quick become operational (QNAP VioStor VS-2004 Pro 4 camera Network Video Recorder (NVR) with 2 drive bays and 4TB maximum capacity 2010). 1-Click Mobile Phones Ltd will avail these benefits (QNAP VioStor VS-2004 Pro 4 camera Network Video Recorder (NVR) with 2 drive bays and 4TB maximum capacity 2010): “Operate a reliable surveillance network without the need for a PC Monitor and record from up to 4 cameras simultaneously Record up to 4TB of video footage, providing ample space for long retention periods or megapixel resolution video Compatible with a wide variety of IP video cameras, so no compromises need to be made when selecting cameras View footage locally or remotely with integrated web interface” The next will be to integrate IP cameras with ‘QNAP VioStor VS-2004 Pro’. The webcam ‘Sony IPELA SNC-DH110 Compact HD720p indoor mini-dome IP camera with Power over Ethernet, Electronic Day/Night mode and DEPA’ will provide clear and bright images regardless of day or night. Video recording will be conducted directly from the camera without incorporating any additional hardware and consequently save cost. The cost of Sony IP camera is around $ 346. Moreover, for business continuity, these IP cameras are compatible with Power over Ethernet (PoE). There is minimum risk for a power interruption or breakdown because the source of power is independent for these IP cameras (Sony IPELA SNC-DH110 Compact HD720p indoor mini-dome IP camera with Power over Ethernet, Electronic Day/Night mode and DEPA 2011). Product Cost ‘QNAP VioStor VS-2004 Pro’ $ 675 equivalent to Sony IPELA SNC-DH110 Compact HD720p indoor mini-dome IP camera with Power over Ethernet, Electronic Day/Night mode and DEPA $ 346 equivalent to The most critical area of a network is the server room. 1-Click Mobile Phones Ltd maintains a network communication room where all the servers are located. There is no security without physical security. To prevent and secure critical information assets, installation of biometric sensors, physical locks and restricted access is mandatory. User Access Control and Authentication Policy In order to implement user access control and authentication policy, a centralized framework is required that will enforce users to provide user credentials before logging in the system along with restricted access to files and services. The recommendations from ‘Secure Solutions Ltd’ are to implement a domain environment with active directory. This incorporates a purchase of a domain server with active directory installation and configuration. Active directory will configure credentials and access rights of each employee. However, access rights will be granted as per the requirements and nature of work. For instance, if an employee work in a finance department, only financial data sources will be allowed. Moreover, access of Internet can also be restricted, as each employee does not require Internet access. This will minimize risk related to Internet in terms of threats and vulnerabilities. Furthermore, audit logs against each user account will demonstrate all the activities performed on the system by each employee resulting in advanced surveillance and improved security. Active directory supports group policy objects (GPO). These GPO’s represents users working on each department in the form of groups. Consequently, network administrators can enforce policies and restrictions on a complete group containing all employees of the same department. The cost hardware specification will be as: Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 4GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstation $ 2570 Network Policy Although firewalls are already installed, they are not considered as the only solution because these intelligent viruses and malicious codes tend to pass through it. In order to enable advanced security measures, Intrusion Detections Systems are recommended for 1-Click Mobile Phones Ltd. As per network dictionary, IDS is defined as “Intrusion detection system (IDS) is a type of security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions and misuse”. IDS are of many types and organizations choose the best possible type that suits their prioritized mission critical systems. The types includes network based IDS, host based IDS and software based IDS. These types are further categorized in to signature based IDS which is also referred as misuse detection, and Anomaly detection. The functionality of ‘signature based IDS’ is dependent on known signatures. The word ‘known’ is important because threats that are detecting so far are categorized as known threats and are called signatures. Signature based IDS only detect threats similar to the defined available signatures and do not comply with any new threat. Whereas, Anomaly based IDS detect unknown activities within the network and detect them as threats and vulnerabilities. Recommendations for 1-Click Mobile Phones Ltd are to implement a signature based IDS. Moreover, the wireless network of 1-Click Mobile Phones Ltd is vulnerable to all types of threats. The SSID is not configured neither encryption is enables on the wireless sessions. Computer desktop encyclopedia defines SSID as “The name assigned to a wireless Wi-Fi network. All devices must use this same, case-sensitive name to communicate, which is a text string up to 32 bytes long. Typically set to the equipment vendor's name, such as "linksys," it can be manually changed by going into the configuration settings of the access point with a Web browser. The client machines will identify all the wireless networks they find when they boot up, unless the networks are hidden”. In order to secure wireless connectivity, SSID must be defined. Likewise, Wireless Encryption Protocol (WEP) configuration is required for encrypting data transmission. WEP is configured by accessing the wireless router. The cost of a hardware based IDS is very high as compared to application based IDS. Sax2 Network Intrusion Detection System is integrated with a global license with 1-year maintenance. The cost of this solution is $769 (, Online Store - Ax3 Software). Business Continuity Policy For implementing business continuity policy, the countermeasures are illustrated below: Physical Threats Business Continuity Planning Theft IP surveillance cameras, biometric attendance, locks in racks Vandalism Locking critical assets in hard steel boxes Flood Shifting the network room to the first floor from the ground floor Replicating data with servers located at a different location Fire Fire extinguishers Earthquake Replicating data with servers located at a different location Physical Infrastructure for 1-Click Mobile Phones Ltd Figure 1.1 illustrates ground floor. Figure 1.2 illustrates First floor. Conclusion The report concludes prevention of physical theft by incorporating surveillance IP based cameras. The IP cameras powered with PoE will share a secure input of uninterrupted power The information assets are secured by a physical lock along with a biometric detection mechanism for monitoring and logging activities of an employee. Access policies along with centralized enforced rules are implemented by deploying a domain environment. Moreover, for advanced security, IDS is incorporated. The wireless connectivity is secured by configuring SSID. References , What is security policy? definition and meaning . Available: http://www.businessdictionary.com/definition/security-policy.html [5/8/2011, 2011]. Network Security. 2007. Network Dictionary, , pp. 339-339. Watchguard Unveils Top 10 Security Predictions for 2011. 2011. Computer Security Update, 12(2), pp. 4-7. , IP cameras from IP security specialists in America - for your home security camera, network camera, Internet camera and surveillance camera, IP cam supply needs . Available: http://www.networkwebcams.com/ [5/9/2011, 2011]. Cost of IP surveillance revealed to have dropped below analog for midsized installations 2010. Axis Communications technology & product news, . Sony IPELA SNC-DH110 Compact HD720p indoor mini-dome IP camera with Power over Ethernet, Electronic Day/Night mode and DEPA 2011. Network Webcams - buy network security cameras, video servers, webcams and more, . Ssid. 2011. Computer Desktop Encyclopedia, , pp. 1. , Online Store - Ax3 Software . Available: http://www.ids-sax2.com/OnlineStore.htm [5/10/2011, 2011]. Read More