Network Security Mechanisms - Essay Example

? Network Security Part A large corporation is supposed to have a large volume of data and information thatneeds to be protected from any kind of theft and any kind of loss due to natural disasters. A large corporation should implement device security: physical and logical which is a form of network security in order to protect its data and information. Physical device security in terms of redundancy implies the placing of a copy of the original device in a location where it is safe from malicious attackers. In this case, if the primary system fails, the redundant system in the other location could start functioning in its place. Logical security is protects the device from non-physical attacks. An attacker uses data elements to make a non-physical attack. Redundancy in this case would be to make a copy of the data used by the device. (Malik, 2003, p. 35). For any secure system, redundancy is significant. There are two ways to achieve device redundancy in a networked device. Firstly, we can use the routing mechanism. Secondly, we can use redundancy protocol. (Malik, 2003, p. 39). These are ways of obtaining on site redundancy. A server which is a network device can also be made redundant. The redundant server can be located at the same place as the original or primary server or it can be placed off site. The major advantage of making off site redundancy is that any disaster that had affected the primary server would not affect the redundant server. However, off site device redundancy is expensive due to extra costs that include housing costs and real-time communication links that are needed to support the mirroring operations. (Stewart, 2011, p. 112). Part 2 Business Continuity Planning (BCP) is a planning that helps to identify the internal and external threats an organization is exposed to and as a consequence providing an effective recovery and prevention mechanism that does not damage an organization’s competitive advantage. The purpose of Business Continuity Planning is to allow the organization to continue its business or in other words it protects the business life of an organization. Business Continuity Planning results in the formation of a Business Continuity Plan. The process of conducting BCP is summarized as follows: 1. Project Planning: Parameters of project planning and resources to be utilized are identified. 2. Risk Analysis and Review: The internal and external threats, to which an organization is exposed to, are identified especially risks related to the geographic location. 3. Business Impact Analysis: The critical operations of the business unit are evaluated and resources that are needed to operate them are identified. 4. Recovery Strategy: Temporary recovery guidelines are created for the business units that are exposed to the period between a predictable disaster and ready for normal operations. Alternative recovery strategies are also planned and important data and information of the business units are copied and stored in a safe location. 5. Plan development: Right people to conduct the recovery operation are identified and methods to notify these people are established. Methods to evaluate the operational impact and recovery activation are also determined. Steps to minimize the risks and the restoration of the system to normal after attack are also created. A Business Continuity Plan is the milestone of this phase. 6. Training: The employees that were identified to be involved in the recovery process are made to understand the BCP. 7. Testing: A fake situation is created to test the BCP and evaluate it to ensure its working. 8. Maintenance: The plan is updated on a frequent basis with change in business. (Heng, 2004, p. 2). Part 3 A Disaster Recovery Planning is a planning that results in a document called the Disaster Recover Plan which “explores how a network recovers from a disaster that could either damage its data or hinder and stop its functioning. An organization’s financial auditors need this document as a company’s data are important for running its business and a network failure would affect the business negatively. Furthermore, managers become aware of possible disasters that can occur to their company’s network system and consequently cause them to establish all possible and effective recovery plans to protect the network’s data and quick restoration of the network to normal operation after an occurrence of any disaster. (Hallberg, 2009, p. 162). The Disaster Recovery Plan (DRP) does three important things: 1. It creates an emergency operations center which is an alternate location from where the DRP would be executed. 2. An emergency operations manager is named in the DRP. 3. It determines when that manager should consider a situation a disaster. The process of making a DRP starts with a business analysis through which the critical business functions are identified and their maximum tolerance to risks is evaluated. Then a diverse range of disaster scenarios that may cause the execution of the plan are discussed and the resultant strategies for handling those disasters are established. Lastly, it identifies the right people for becoming the member of a disaster planning and disaster recovery team. The making of DRP is an expensive task. They are long term and take lots of time to be created. For a large company, the DRP would cost millions of dollars. (Solomon, 2011 ,p. 273). Part 4 An Acceptable Use Policy (AUP) is an important policy defined for a network because it defines what the acceptable usage of organizational resources is. The policy defines things such as: sharing of passwords among users, installation of applications, copying data, access levels to files, creation of files, levels of privacy on use of organization’s resources and many others. (Noonan, 2003, p. 35). An AUP does not impose restrictions on the employees on behalf of trust and integrity. It just outlines the acceptable use of computer equipment at an organization. It protects the employees, partners and the organization itself from illegal and damaging actions by individuals. Every employee and user of the network should be aware of the guidelines in the AUP. Furthermore, organizations should include this policy during the hiring process as a part of the contract agreement as a measure to make the employee’s aware of company’s AUP. (Ciampa, 2008, p. 530). Furthermore, an AUP is a first line of defense in protecting an organization’s data and reputation. Apart from security perspective, an AUP also helps the human resource related issues that may arise. If an employee is performing unacceptable activities in a company and he gets fired because of his action, he may sue the company for wrongful termination because he was not made aware that those activities were unacceptable. Therefore, an AUP makes employees aware of the limitations and restrictions of a company. A company should consider all possible devices and activities to be included in the AUP. (Mallery, 2004, p. 413). Part 5 Social engineering is a way in which human behavior is manipulated in order to acquire a desired objective. For example, a hacker can use social engineering to extract passwords from users. He may call the user and talk to her in a way that she may reveal her birthday or any other information that could possibly be her password. To prevent users from hackers or attackers using social engineering, users should follow the security processes and company should also keep some measures. Following are the measures that should be taken: 1. User Education and Awareness: A company should make its employees aware of company’s security policies so that they follow those rules. In this way, an employee ensures his own security and company’s security also. 2. Documentation: All security policies and procedures of the company should be properly documented. And these documents should be distributed to all employees. 3. Awareness Training: Training sessions are necessary in which the employees are educated as it might be possible that the employees do not read the documentation. 4. Phishing Scams: These are emails that look as if they are coming from a trusted site and may extract user passwords. So companies should use application software that can detect such emails. 5. Shoulder Surfing: Users should be careful of their surroundings while typing in their passwords or looking at any private data as unauthorized users might try to take a glance at what they have typed or what they are doing. Works Cited Ciampa, Mark. (2008). Security + Guide to Network Security Fundamentals. United States of America: Course Technology. Kim, David. Solomon, Michael G. (2011). Intro to IT Security. United States of America: Jones and Barlett Learning. Hallberg, Bruce A. (2009). Networking, A Beginner’s Guide, Fifth Edition. United States of America: McGraw – Hill Companies. Heng, Goh Moh. (2004). Implementing Your Business Continuity Plan. Singapore: GMH Continuity Architects. Malik, Saadat. (2003). Network Security Principles and Practices. Indianapolis: Cisco Press. Mallery, John. Noonan, Wesley. (2004). Hardening Network Security. Osborne: McGraw-Hills. Stewart, James M. (2011). CompTIA Security + Review Guide. Read More

 

Read More