Computer Network Security - Essay Example

Computer Network Security For minimize risks and vulnerabilities from the organization; certification for an information security standard is a key aspect that addresses design, deployment and operational processes. Certification process takes a lot of time and addresses systems that are considered as high availability systems. Likewise, it also addresses patch management issues that frequently updates security patches on systems. There is no way of completely securing a network, system and applications. However, periodic penetration testing and code reviews are conducted by security professionals and consultants for exploiting vulnerabilities and security flaws within an application and computer network. It is now considered as a fundamental fact that if any application is connected and operates on the network, it can be exploited and compromised. Organizations are keen to build a layered defense of protection to counter cyber threats from internal and external entities. Likewise, there is a requirement of constantly monitor live traffic from and to the World Wide Web, remote connections, real time interaction of users to applications, Internet gateways and client interactions with the applications. Code reviews are essential, as patches from vendors must be tested first before implementation into the live environment. However, for effective implementation of patches, patch management practices must be documented and standardized. Likewise, there are efficient tools available for performing effective patch management. Secondly, configuration management also plays an essential role for ensuring security for mission critical aviation applications. For instance, if a faulty hardware component is replaced with the new one, it is important to address issues with hardware compatibility, as any mal functioned device may introduce vulnerability. Thirdly, change management procedures must also be document and approved from the respective application owners prior any changes to the application. For instance, change request form requiring any changes within the application can be approved and documented for ensuring no vulnerable spots in the architecture and infrastructure. All the identified attack interfaces must be addressed by taking following factors into consideration (Mitigating security threats by minimizing software attack surfaces.2008): Uninstall and prevent unnecessary features Default utilities and programs that are installed within the operating systems must be utilized (If required) Strong access management by user authentication Remove all default passwords on the application server Configure only required protocols on the application server Limiting the unnecessary codes from the application Applying metrics to measure the attack surface on periodic basis Disabling unwanted protocols on the application server Nowadays, hackers encapsulate a malicious code or a script for attacking a web page by using several techniques including obfuscation, polymorphism and encryption. As the anti-virus program detects viruses by signatures, malicious codes are able to bypass them by using these techniques. These types of methods are known ad passive attacks (Gharibi & Mirza, 2011). Likewise, encryption is the best security control that can be implemented for securing the code and ciphering the user data. Secondly, polymorphism is a technique that replicates an application partially so that it appears just like the original application. Similarly, for hiding the source code of an application, obfuscation techniques can be applied for making the code complex to exploit and analyze while keeping complete functionality (Gharibi & Mirza, 2011). These three factors need to be handled to provide better security. In order to tackle all three factors, Christian Frühwirth, recommended an event based intrusion detection system. The system will support these three factors by (Krügel, 2002): Advanced tools incorporated with IDS to detect intrusions and eliminate attacks Standardized frameworks to handle legal compliance Efficient security management application tools to handle information security The computer incident response teams are triggered when a security breach shows its existence within the network. However, these teams conduct investigation of suspect workstations and servers. For instance, if a server is responding slowly, or a workstation is broadcasting messages will be examined for any possible issue. After specifying the incident that is related to security, the incident recovery steps are performed accordingly to assure adequate information collection and documentation. There are cases where security incidents also involves the contribution of law enforcement agencies such as National Transportation Safety Board, concerned managers, board of directors and security professionals. Incidents in the context of adverse events demonstrate a negative impact such as a system crash, flooding of network packets, unauthorized access of system privileges, viruses, malicious codes etc. and referred as a policy violation for computer security policies and standard security practices. Firewalls are network security devices that are categorized in hardware-based firewalls and software-based firewalls. Mission critical redundant systems must be protected via layered defense and hardware based firewalls that must monitor data transmission on continuous basis. The hardware-based firewalls are more secure, as they are not dependent on the operating system. On the other hand, software-based firewalls are dependent on the operating system that may demonstrate risks. The choice from these options depends on the cost as well. However, a full features firewall may protect the computer network from hackers or cyber criminals. It will detect, block and quarantine viruses and malicious codes that attempt to compromise the aviation network. Moreover, configuration on the local area aviation network must demonstrate a graphical user interface to ensure that each preventive measure is active and running (Agnitum outpost persona firewall pro 2.0.2004). Currently there are two conventional methods that can be deployed to detect cyber threats and vulnerabilities on the aviation network i.e. anomaly based IDS and signature based IDS. The signature based IDS analyze and identify specific patterns of attacks that are recognized by raw data that is in terms of byte sequences called strings, port number, protocol types etc. Likewise, apart from the normal operational pattern, signature based firewall detects any activity that is unusual from previously defined patterns. Moreover, the patterns are monitored with strict control algorithms. The signatures are stored in a signature repository. The prime object of a ‘signature based IDS’ is to search signatures in order to detect a threat or vulnerability that is similar to antivirus software that also detects viruses. The functionality includes the detection of attacks that are initiated directly towards the computer network. Conclusion The mission critical systems stores sensitive information, for this reason, not evens a smallest of risk can be left out. Initially, we discussed about the ‘net-centric’ approach to demonstrate an end to end intranet application. Likewise, propagation threats were discussed that can be addressed by System Wide Information Management (SWIM) certification. Moreover, patch management along with obfuscation, polymorphism and encryption is also discussed that can effectively counter cyber threats and vulnerabilities. Furthermore, event based intrusion detection system and computer security incident response teams. Security administration and configuration issues were also discussed. In addition, firewalls with advanced protection techniques such as Packet Filtering, circuit level gateway were discussed. Lastly, anomaly based IDS and signature based IDS were discussed to ensure ultimate protection to critical information systems interacting with live feeds. References Agnitum outpost persona firewall pro 2.0. (2004). District Administration, 40(2), 68-68. Gharibi, W., & Mirza, A. (2011). Software vulnerabilities, banking threats, botnets and malware self-protection technologies. International Journal of Computer Science Issues (IJCSI), 8(1), 236-241. Krügel, C. (2002). Service specific anomaly detection for aviation network intrusion detection 2012(3/14/2012), 3/14/2012. doi:10.1145/508791.508835 Mitigating security threats by minimizing software attack surfaces.(2008). Computer Economics Report, 30(5), 15-19. Read More