Protecting Information through Network Security - Book Report/Review Example

?Information Protection through Network Security: Introduction: Internet is undoubtedly the most precious and evident gift of the 20th century that science has gifted to the mankind. It has in no time become an integral part of every sphere of human life. From home to offices, to roads and skies and beyond. It is a ubiquitous term and concept that has made our life ever so easy, fast and dynamic. Having said that, internet is the least protected and most sensitive medium when it comes to privacy and infiltration. Every day various kinds of events occur on the medium of internet which include theft of various forms ranging from professional work to damages to computer and digital devices to more severe ones such as financial scams and credit card thefts. In such cases there is a direct demand for making networks more secure for various functions. The existence of various forms of network connections make it least secure, with one of them being that of proxy servers. Aims: The paper looks into the concept of abuse of internet resources, how people are often deprived of their valuables, further providing an insight into number of events how they occurred and what mechanism was being adopted for it, followed by the procedures and techniques to explain as to how can these challenges can be overcome. The paper in detail looks into the one of the least protected and most vulnerable form of usage of internet in the form of proxy servers. A proxy server can be defined as one that is developed on remote basis for purpose of connection, and it may not make use of the detailed technical specifications for the purpose of fulfilling the requirements of a complete internet network. Proxy servers use the special password and I.D for access to a specific data bases. Background: One similar event came to forth in recent years when an online research papers resource named JSTOR fell prey to the hackers and nefarious intent operators of computer, where they through proxy means, kept downloading unlimited material without any charges. It led to suspicion based on the intensity over which this all was being performed. Detailed tracking led to the conclusion that it was through usage of a medium that is least secure and anyone may follow that for such operations. Proxy servers which allow its users making special I.D and password are often more vulnerable to the misuse of data, and in case of JSTOR similar event took place where proxy servers were used, and this is often the case in the universities that make special websites and proxy servers for students access thereby excluding them from the ordinary network of internet and as a result increasing the chances of data stealing as it ocured in case of JSTOR website and its large repository. General concepts: Internet connection is basically an established network of various devices and components. These components come in form of hardware as well as the softwares. This network consists of components as basic as the wires, routers, switches, hubs, ports, wireless devices, and many more equipments along with the softwares. All these when grouped into a network, make up for a internet connection that is wireless in its nature and is being operated through the waves and signals that are imparted through the air. Any entity that makes communication establishes certain rules and regulations for the exchange of flow. Internet is no exception to this rule and it also establishes certain protocols and rules for the purpose of communication. T.C.P and O.S.I model are two of the basic units that explain the overall working on the computer network and internet. This is being divided into seven distinct layers, with each performing specific operation and function. The T.C.P layer and H.T.T.P are two common ones, with one providing connection and other responsible for the internet traffic and World Wide Web applications. Other similar protocols include U.D.P, D.H.C.P, and other relevant protocols. A specific user is identified by the I.P address which is assigned every time a connection is established, the I.P address is a specific pattern designed number with classes A, B,C I.Ps being separated from one another through respective numbers. These I.Ps range from 0 to 255. Various port numbers are assigned to various functions for example the port number 80 is designated to H.T.T.P , traffic, for the purpose of File Transfer protocol mechanism, port number 20 is being used. Protection methods: Various methods are being employed for the purpose of making the networks secure, this come in various forms from the usage of softwares to hardwares and other special measures adoption. The usage of firewall is one of them; firewalls are installed in the network for the purpose of ensuring that no unauthorized or malicious entity enters into the network, and thereby may interrupt the process of free and safe operations in the network. Data is being sent between the two nodes in form of the packets in the network layer, the packets themselves are protected through special filters which look at the header files as well as the address of the packet that is specified for a particular designation. Usage of special filters is another method for ensuring the safe operations across the network, the basic form of filter is that of packet filter approach adaptation, and this filter monitors not just the connection at the back end but also the one at the server end as well. Computers are often termed as being at threat from outside forces, however this may not be true on every occasion, rather there are many instances in our daily life where the events occur within the organization and no external element is involved. Such cases come to forth in cases of banks, government sectors, credit cards and various other sources. For example the members within the banks and other governmental or private organizations fall prey to the spam and other malicious emails that are sent into their accounts and which once opened led to damaging of the entire network and not just the single computer over which this negligence has taken place. An example has been presented here in case of the internal event that took place in cold drink giants Coca Cola, where the individual( secretary ) was caught in the practices of sharing material of high importance and sensitivity to the outside rivals. Many other similar events are reported on regular basis. One instance of this came to forth when Duracell Corp found its own employee guilty of breaching the rules and selling and sharing the confidential data with the members outside the organization without permission of any kind. This has been attributed to the usage of old and conventional form of security measures that are in place. Many organizations have established fully developed networks of communication, yet they have paid little heeds to the security aspect of the traffic that takes place within the organization and also outside the organization. Creating clearly defined rules will enable better safety measures and allow for safe operations with less or no loss to the private data. Banks are the most vulnerable entities and organizations that fall victim to negligence of its members all around. Clear instructions along with introduction of advanced machinery and tools and techniques will enable better and safer working. Protecting the file systems, further strengthening the access means to the central data bases of the organizations are few of the means that may be adopted to make the networks safer. Introduction of automated measures which would reduce the manual operations is a step that must be taken in this regard to make the field of computing and businesses safer. Recommendations: The paper highlights certain areas of concern which are a loophole as in case of the proxy servers. The first is that of special I.D and password creation, followed by handling the issue of the universities and the proxy servers usage since they pose direct threat to these research data base websites. Creating more checks in the case of proxy servers and ensuring that more centralized methods are adopted that would reduce the chances of abuse of proxy server for uses such as one experienced in the case of JSTOR (Cain 2003). Replacing Proxy servers by Virtual Private Networks is a wise move and should be made more common to mitigate the chances of any wrong doing or possible vulnerabilities that may exist in form of the proxy servers’ usage. Ever since the computer has been in use for the online functions, the threat of the possible misuse has been there, yet little attention is paid to it. According to Eugene H. Spafford, it is driven by couple of factors, one of them is the costs that may be incurred in making the entire network secure, second is that of the possible negligence and lack of awareness amongst the people towards the possible repercussions that may be incurred if these attacks unleash in full capacity. Firewalls are most often and quite commonly being brought into action, yet the usage of firewall is not hundred percent safe and despite its presence many events take place in form of the privacy theft, privacy breaches and other financial scams over the internet. Usage of virtual machines and virtual private networks are another function and resource that is often being deployed and it does result in good responses in many cases, yet still the medium of internet is not safe enough and it needs to be further protected. According to the writer, the possible reason behind these loopholes and failure to fully implement and make the medium of internet is the overall failure of being unable to protect the network. This is so because the right kind of question(Spafford 2009) has not been addressed, which comes in form of knowing what to do, how to do, and when exactly to do, all these three questions in the context of cyber security and the threats faced on daily basis. It is further stressed that these limited resources in form of firewalls, anti viruses, and other softwares are being sought after everywhere and are being considered as the savior from the malicious entities, however this is not true and it is this very complacence that has resulted in the presence and repeated breaching of privacy over the internet every now and again. The main stress is being laid over the fact that knowing the basic concepts and knowing what lies at hand with regard to the network security and challenge is the core issue. It is a general rule that is being applied all over that the first step to mitigation and eradication of problem is that of understanding it, the same applies to the menace of internet low security. In order to stand able as to address how the problem may be solved, the basic questions may be addressed that are mentioned above. Further, understanding the background and context of a particular network, and applying it according to the requirement and circumstances is another core issue that needs to be addressed. It is an established fact that where ever there is traffic there will be breach of rules and there will be infiltration, yet the fact of effective security presence and making the defenses impregnable is another established fact as well and it aptly applies to the concept of making internet a more secure medium, which can be done so through addressing of the problem at hand. It is the failure to address the problem that is becoming the core issue of content and thereby creating problems. Robert H. Courtney Jr.( Swartz 2007) a proponent of the field of computer security and networks came up with three principles which are aimed at highlighting and addressing the issue of cyber security along with the possible control and mitigation of these vulnerabilities that exist around. One of those principles stressed for the managerial problem of the technical problems, although according to that particular principle, the opposite may not be possible and managerial problems can be solved only through managerial skills and knowledge and they are beyond the scope of technical problem solving skills and techniques. References: Cain, M. (2003). Managing Technology : Cyber Theft, Network Security, and Library Without Walls. Cincinnati: The Journal of Academic Librarianship. Spafford, E. H. (2009). Privacy and security answering the Wrong Questions Is no answer. COmmuniCatiOns Of the aCm. Swartz, N. (2007). Protecting Information from Insiders. The Inlormation Management Journal. Read More