Network Security - Essay Example

Company Comrade Network Security Proposal Today’s advanced technological environment has resulted in easy accessibility and availability of information, which has subsequently threatened the security of information systems for a wide range of organizations. In client/server systems, where information is shared across numerous sites and servers, centralized security services may be impractical since they may not scale well, which leads to high vulnerability of the network to security issues is at stake (Rob & Coronel, 2007). Security is vital for the management, users, as well as the technical personnel that make use of the network. The needs of users of the data provided via a network and subsequently develop a security policy and plan that addresses the security issues concerned (Langer, 2001). The ensuing distribution of data in client or server networks leads to increased susceptibility of the system to fraud, damage by malicious software, misuse, as well as physical damage. With business organizations and their stakeholders developing complex networks, security issues become a key factor of consideration. The security systems developed by such organizations must seek to protect all areas of concern across the network to prevent the occurrence of unethical practices in relation to the information flowing through the system. The value of security in a client/server network plays an inevitable role in protecting the data, as well as the ethical concerns of the parties involved thus, requiring the development of a comprehensive network security policy as reviewed in this context and with reference to ZXY Corporation. Enhancing Secure Access Control Methods In order to enhance secure access control over the network, the company can apply advanced authorization, as well as access control methodologies that would subsequently enhance network security. The interrelated methods of user authentication and authorization that are applicable will depend on the sensitivity of the section of the network and the information that may be accessible. Shared resources in the network are available for all the users except the resource owner. As such, the security system needs to protect such information from unauthorized access and use. In the network’s access control framework, unique security identifiers (SIDs) may embody the users in the system, and they are subsequently assigned permissions and rights that provide information to the operating system concerning what each of the users can do in the system. Each of the resources in the network has a designated owner who grants permission to users. In the process of the access control check, the security system should ensure that the permissions are set to determine whether the users can access the resources in question and the process they would follow in accessing such information. Users of information within the client/server network perform several tasks such as reading, writing, modifying, as well as full control of information and objects. Such objects include folders, registry keys, files, as well as printers. The security system to secure the access of the resources using access control lists (ACLs) in order to assign permissions that enable the server managers to enforce measures meant to control access. It is achievable through two main ways including denying access to users and groups that are unauthorized, as well as setting well-defined limits of accessing what is provided for the users’ use. Object owners should grant permissions to user groups as opposed to individual users. The users that are assigned to certain groups assume the authorizations that are granted to the group. In order to ease the process of access control management, it is important to define authorizations for the objects pertaining to a user’s needs. Controlling the access of items in the network may be enhanced through dynamic, as well as central access rules. Domain-based and dynamic access control would enable administrators to make applications for access-control permissions, as well as restrictions that are based on a set of well-defined rules. Such include the role and position of the user, sensitivity of the information needed, and the configuration of the appliance used to gain access to the resources. For instance, a user may have varying permissions when accessing the resource from their station’s computer. That is highly secure compare to when they access it from a portable computer through a virtual private network. The company should ensure a policy that sees to it that when the dynamic access control model is applied and the roles of users change, the previous permissions for the users should change dynamically without the requirements of the administrator’s intervention. A number of features may be applicable to complement the dynamic access control. Such measures include the implementation of a set of central access rules that express authorization requirements that could include conditions on user claims and groups, resource features, as well as device claims. In addition, the firm’s security system may apply the use of central access policies that involve authorization that include conditional expression of the user’s identification. In implementing this policy, the firm will need to identify files that have personally identifiable information (PII) or identify specific users authorized to view such PII. The implementation of central access policies helps in the enhancement of umbrellas to ensure security of the organization’s information across a number of servers. The dynamic access control’s complement is the use of claims that compose of a unique piece of information concerning the user, resources needed, and the device used, where such information fed to the domain controller. Claims such as user’s title, department, and health state will help the firm in reducing cases of unauthorized access to information reserved for a given category of staff. Password Policy Computers in a client/server network either traditional username-password combinations or alternative authentication technologies such as one-time passwords, biometrics, as well as smartcards to allow access to the database. It is vital that the organization needs to define and enforce a viable password policy that would include implementing a strategy to ensure that users of the information provided by the network use strong passwords. In most cases, strong passwords meet different requirements for complexity, including the character categories and the length, which makes them difficult for unauthorized persons to determine (Davis, 1996). The enhancement of strong passwords for the organization in this case will help the firm in preventing attackers from cases of impersonation and can thus, help in the prevention of corruption, exposure, as well as loss of the firm’s sensitive information. As such, the firm needs to come up with a password policy that will ensure the effectiveness of the system in protection of the information used by different network participants. In order to enhance such a password policy, the firm may consider a number of password characteristics, which will subsequently enable it to come up with the best configuration to achieve the most efficient password policy for the client/server network (Langer, 2001). One of the main features that the company needs to consider is password complexity, which requires the password to meet the minimum number of characters provided by the default profile parameters that undergo management by the operating system of the machine used to access the network. The complexity of the password for the network’s enhancement in this case is by ensuring that users apply long passwords in order to access the database (Chen, 2004). In addition, the use of a password that has a wide difference from the username, as well as one that has alpha, numeric, and punctuation characters, would help in reducing the ability by unauthorized parties to memorize the password. Sophisticated passwords present an effective means of ensuring the security of the users’ information across the network. It is imperative to consider the history of the password in coming up with options to use in controlling access to information on the network (Langer, 2001). The password history involves the number of times that a user can use unique passwords before reusing an old password. It is important to set a history for the password in order to protect the network from access by unauthorized persons that may initially have knowledge of the password. Password age is also a key factor to consider in setting a password policy. The password age the duration of time that a password survives before the system requires the user to change it (Davis, 1996). The firm may require setting a maximum, as well as a minimum password age. Setting a maximum password age that is too low may lead to frustrations to the users, while setting a too high value leads to potential threat of attackers since they have adequate time to guess the password (Langer, 2001). It is important that the firm establish an adequate level of password age in order to guard against users that may be unauthorized and are seeking information on the user’s information. Additional factors of consideration include length and complexity of the password. The length dictates how short a password can be, while the complexity determines the use of capital and small letters, uppercase and lowercase, as well as the use of punctuation marks (Errol, 1996). The security system for the organization in this case will have its settings enabled for the enhancement of the complexity of the passwords, which will consequently leads to more security for the users’ information across the client/server network. Cryptography and Encryption Data integrity in the organization acts as a fundamental aspect of reliability and information security. With the increasing range of technological trends and invention of network storage, cases of challenges resulting to reduced data integrity are rampant (Errol, 1996). Furthermore, communications enabled by the advent of networking leads to insecure processes involving sending and receiving information over the internet where such information may be sensitive and prone to interception before reaching its receiver. The organization should come up with a means of ensuring storage integrity and security. A major way of ensuring the security of information transferred through the network is cryptography. Data, flowing through a network, undergo a process of encoding in an attempt to prevent disclosure to unauthorized parties through the process (Davis, 1996). Cryptography ensures that the contents of information undergo encoding into codes and ciphers so that only the authorized parties have a chance to view the contents. On the other hand, encryption acts as an indication of some level of distrust in the firm’s information security system. It transforms a set of original information into a transformed version that has the appearance of unintelligible and randomized appearance. Such a transformed version of information has the tag, cryptogram (Rob & Coronel, 2007). Through these processes of encoding information, the firm can be able to ensure confidentiality, authenticity, as well as integrity of information flowing through the network. Such a policy would be essential for a firm in order to enhance its ability to protect and secure users’ information that is flowing through the system while protecting such information from use by unauthorized persons. Remote Access Plan The remote access strategy involves an advanced setup that establishes a single remote access server for use by remote users to access and use information from the company’s database. In this case, the firm will need to configure the machine running at the main server so as it can allow other servers located in remote areas to provide access to such database by the remotely connected users. The process will be essential in enabling the remote management of the firm’s operations, especially at the comfort and convenience of the employees (Langer, 2001). On the other hand, the adoption of this strategy disables some server components that could be functioning if access to the server is from a direct access point. In this scenario, setting up a remote access plan will require the firm to carry out planning, as well as deployment steps. Such steps include the planning activities that involve coming up with a remote access plan before starting the deployment (Davis, 1996). The deployment involves preparing remote access servers, authentication needs, infrastructure, and client computers. It is important for the company management in this scenario to note the huge capital outlay needed in ensuring the planning and deployment of a remote access station. Protecting the Network from Malware A wide range of threats faces the information flow in networks. Such threats may include malicious software such as viruses and malware attacks. Such programs attack computer programs and spread to other machines within the network. In addition, they may originate from a remote computer (Brown, 2010). Their attacks can lead to huge financial loss, time wastage, as well as psychological distress to parties that lose critical information following an attack. As malicious software attacks become rampant in client/server networks, the organization has to give attention to spyware attention and other forms of programs that could carry another destructive software. A major way ensure protection from losses of stored information is to come up with back-up and information recovery programs and subsequently install them into the network (Davis, 1996). Such programs would help the firm in case it loses information to a malicious software attack. In addition, the management may consider implementing a real-time scanner, as well as an anti-virus and anti-malware (Errol, 1996). It is imperative to note the vitality of maintaining and updating the anti-malware and anti-virus system to ensure consistent protection of the overall network. References Brown, B. (2010). How to Stop E-mail Spam, Spyware, Malware, Computer Viruses, and Hackers from Ruining Your Computer Or Network: The Complete Guide for Your Home and Work. New York: Atlantic Publishing Company. Chen, Z. (2004). Digital Libraries: International Collaboration and Cross-Fertilization: 7th International Conference on Asian Digital Libraries, ICADL 2004, Shanghai, China, December 13-17, 2004, Proceedings. New York: Springer Science & Business Media. Davis, P. (1996). Securing Client/Server Computer Networks. New York: McGraw-Hill. Errol, S. (1996). Distributed Information Systems: From Client/Server To Distributed Multimedia. New York: McGraw-Hill . Langer, A. (2001). Analysis and Design of Information Systems. Washington D.C: Springer Science & Business Media. Rob, C., & Coronel, C. (2007). Database Systems: Design, Implementation, and Management. London: Cengage Learning. Read More