Computer Network Security - Case Study Example

Computer Network Security 1 Introduction & Overview Network security is continuously evolving and becoming a challenging aspect for organizations maintaining highly sensitive and customer data. New technologies derive benefits as well as new risks that are not limited to logical threats, physical and human threats. Reports and surveys recorded by many organizations indicate a substantial rise in terms of security breaches year by year. Moreover, there are several reported cases in the year 2012 that are associated with information security breaches. Resultantly, organizations suffer massive revenue, reputation and customer confidence loss due to large amount of stolen credit card or personal data. In order to protect digital information, organizations are keen to implement technical controls such as firewalls, Intrusion Detection Systems, honeypots and Demilitarized zones. These controls are considered as logical and provide security on the logical layer. However, often the important aspect i.e. information security management is not addressed to the optimal level. A typical information security program is led by an information security manager who establishes a steering committee for discussing security aspects focusing not only the IT department but every department within the enterprise. Some of the management controls that are implemented by the information security manager are IT governance, Risk management, monitoring Key Process Indicators (KPI) and Key Goal Indicators (KGI). KPI demonstrates the current state of security within an organization and KGI demonstrates the level of security to be achieved. As per the current scenario, critical data must be protected by implementing Firewalls to secure the network from external logical threats and Virtual Private Network will be implemented for securing the data transmission on the Wide Area Network. 2 Detailed Network Security Recommendations 2.1 Fundamentals of Firewall and VPN Network security appliances are implemented for providing three fundamental functions i.e. prevention, detection and correction. Some of the most commonly adopted security appliances are Firewalls and Intrusion Detection Systems. Firewall is defined as “a piece of software or hardware device that filters the information coming through the Internet connection into a private network or a computer system. A firewall enforces an access control policy between two or more networks with two key functions: to block unwanted traffic, and to permit wanted traffic” (Firewall.2007). Similarly, as per network dictionary, Intrusion detection system is defined as “Intrusion detection system (IDS) is a type of security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions and misuse”. 2.2 Recommendation for Firewall and VPN Remote access ‘VPN’ provide emulation of a workstation to a remote user. It can extend every application related to data, video or voice communication. Remote access ‘VPN’ can provide highly customizable and secure remote access to employees anywhere anytime with any compatible device (Vachon & Graziani,). They can access the network resources and data access with any compatible device. The remote access ‘VPN’ portrays a realistic user experience as the user access his own system. The access is more flexible and easy because it can be operated by any compatible computing device. Remote access ‘VPN’ supports a wide variety of connectivity options and platforms, fulfilling the user requirements efficiently. 2.3 Recommended Solution for the Enterprise A recommended solution for the enterprise will be a hardware based firewall that is also called as Adaptive Security appliance ASA 5500 from Cisco. The ‘Cisco ASA 5500 Series Security Appliances’ personalize the security for specific network requirements such as securing credit card transactions. It is flexible for supporting future network expansions to add capabilities or device upgrades. The firewall has integrated support of content security, encryption algorithm, identity authentication, identity authorization, and intrusion prevention (CCIE, 2008). Moreover, the ‘Cisco ASA 5500’ is a hardware based device which can be installed, managed and monitored with ease. It also supports advanced networking features including Virtual Private Networks (VPN) which will provide remote and mobile users to securely access and create ‘VPN’ to connect with the network and exchange credit card information(CCIE, 2008). Due to the advance feature support, the network will become reliable and efficient from potential and current threats (CCIE, 2008). In addition, the AIP-SSM Intrusion Prevention Module combines with the ‘Cisco ASA 5500’ series appliance to function. The combination gives total confidence in the protection offered by the ‘IPS’ architecture without dropping the quality of service. The combination also offers a wide barrier of protection by integrating with other network resources in a proactive approach that is best suited for highly sensitive data such as credit cards information. The ‘Cisco AIP-SSM Intrusion Prevention Module’ provides accurate inline prevention technology to provide unparalleled ability to protect the network against the enormous types of threats without compromising network performance (Burns & Odunayo Adesina,). The multi vector threat identification feature ensures protection from policy violations, vulnerability exploitations and malicious activity by deep analysis of credit card data transmission from OSI layer 2 to layer 7. The unique network collaboration enhances scalability and flexibility via network collaboration consisting of intelligent traffic penetration techniques, load balancing, and transparency in encrypted traffic. The dominant management, event association and support services make a complete solution consisting of configuration, management, data correlation and advanced features. Site to site ‘VPN’ solution will be recommended for this scenario. VPN operates on ‘WAN’ infrastructure to expand network resources from the main site to remote sites. The transmission of data between the sites is encrypted by using the ‘Internet Protocol security’ (IPsec). The site to site ‘VPN’ integrates network features consisting of quality of service (QoS), routing, and multicast support. Moreover VPN gives extra leverage as the system requires video and voice communication support from remote sites with high quality and reliability. The internet application transmits complex traffic with simplified provisioning with reduced operational tasks for network designs. Hence, Site to site ‘VPN’ will synchronize the network resources within sites, at the same time providing security in terms of data encryption. As mentioned in the introductory paragraph, security breaches are increasing and new technologies are deriving advanced benefits as well as threats and risks associated with them. 2.4 Practices for Ensuring Adequate Security There is a requirement of a framework that will work on a repetitive cycle comprises of at least the four fundamental phases i.e. securing the computing environment, monitoring and responding to anomalies, testing and improving the security layer of the network. 3 Summary For securing the credit card transactions on daily basis, an industry proven vendor is selected for acquiring firewalls. As we have already recommended Cisco ASA 5500 that will not only add extra layer of security to the VPN data transmission but will also provide various other security features that are not available in any other product. Moreover, a site to site VPN is selected for the remote site to connect securely and perform credit card transactions. References Burns, D. C., & Odunayo Adesina.CCNP security IPS 642-627 official cert guide Cisco Press. CCIE, Y. B. (2008). CCIE professional development series network security technologies and solutions . [S.l.]: Cisco Press. Firewall. (2007). Network Dictionary, , 197-197. Intrusion detection system. (2007). Network Dictionary, , 258-258. Vachon, B., & Graziani, R.Accessing the WAN, CCNA exploration companion guide Cisco Press. Read More