StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Network Security Fundamentals - Essay Example

Cite this document
Summary
The paper "Network Security Fundamentals " discusses that the company and the CISO need to adopt a plan that should ensure tighter information security for the customers. Having trusted third party vendors to provide encrypted data and other information security is recommended…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.9% of users find it useful
Network Security Fundamentals
Read Text Preview

Extract of sample "Network Security Fundamentals"

Network Security Network Security 0 Introduction The improving technology has led to massive investments in financial services that have seen many people accessing organizations’ services at their convenient places. Uses of credit cards, online money transfer programs and usage of the online transaction platforms have brought both positive and negative impacts to the society. The increased cyber-crimes are attributed to the increasing adoption of online transaction platforms. Many of credit card transactions need verification by the users to reduce high crime rate thus with the case of the medium sized start-up company, the Chief Information Security Officer (CISO) should be well equipped to handle a myriad of challenges and security threats posed by using online transactions. Companies like American Express, Visa, Discover, JCB, and MasterCard among others have experienced information security threats thus the new company should employ mechanisms that should protect information from both internal and external threats. 2.0 Overview of network security fundamentals, security threats, and issues The medium-sized credit card company needs to employ several mechanisms to ensure its customers and their private information remains safe and confidential. There have been cases of credit card frauds that have led to provision of guidelines to help in securing credit cards; for instance, the Payment Card Industry Data Security Standards (PCI DSS) that helps in securing credit cards data. 2.1 Network security fundamentals Cyber-criminals careless users, disgruntled former and current employees present major challenges in handling network security especially the experts that target the system with aim of disrupting the normal company operations. There are major advancements that the company needs to perform to ensure cyber threats are kept at bay. Berry (2013) pinpoints several fundamentals that the company should focus on while offering its credit card services to its customers. For the company to be secure, it has to carry out the following tasks: a. Keeping patches and updating information There are vulnerabilities that are exploited by cyber criminals mostly in the operating systems, web browsers, browser plug-ins and software applications among other avenues. The company gadgets and computers that are frequently used should be kept updated thus reducing chances of them being exploited by cyber-criminals. Programs such as Adobe Acrobat, Flash, Oracle, Java, Microsoft Internet Explorer and other MS programs should be kept updated as they are mostly used during credit card usage. b. Using strong passwords Using strong passwords for the cards enhances protection of the customer’s information. Cyber attackers use the loopholes of weak passwords to exploit the chances of logging into the accounts thus leading to loss of money and confidential information. Usage of strong passwords that no humans and computers can detect or guess is recommended as a basic fundamental for enhancing information security. c. Securing the VPN Since the company is planning to use remote access by its customers, Virtual Private Networks (VPN) is also recommended to aid in reducing exposure of information through data encryption. Security is about processes, people and other components that aid in technology provision. Factors like multi-factor authentication processes are encouraged that includes several steps of proving identity. d. Actively managing user access privileges The company should monitor activities of the users in ensuring they are safe and not leading to malicious activities that can compromise the information security of the company. The CISO should be able to design program that detects unconventional ways of doing things. Options like having cloud-based emails and/or file sharing to replace VPN thus ensuring closer management of the client’s activities. Enabling many employees access confidential data can cause damage especially after the employees become disgruntled about their employer. e. Cleaning up inactive accounts These may pose danger especially where their owners forget their details creating loopholes for exposing confidential information. Former employees and contractors with accounts of the company can lead to hacking or exposing of the confidential information. They can disguise their activities as if working for the company ending to losing of the company information. 2.2 Security threats and issues There are several threats that may affect patch management, OS, device hardening and other activities that increase network vulnerability. Security threats include viruses that can derail the normal functioning of the computer and the company network system. Devious programmers can induce computer programs that are aimed at attacking the company’s operations. Such viruses have caused havoc in many financial institutions leading to loss of money and customer loyalty. Trojan Horses programs have been used to hack computers to extract information or destruct normal functionalities of the company. The programs appear to be useful software programs and harmless thus unsuspecting clients or employees open them only to affect the company operations. The CISO should be aware of such programs and design guidelines to reduce them. Vandals are software applications that when used cause destruction. Social engineering includes social networks like Facebook, LinkedIn and Instagram among others where unsuspecting customers are ambushed to sharing their information thus leading to insecure operations. Caller ID and information exposed to any social site brews information threat for the company. In 2014, high-profile attacks have targeted governments and corporations, for instance, the Gaus and Flame, which caused great losses and damage to the institutions. Advanced persistent threats (ATP) provide a sophisticated and constructed way of attacking and accessing information from the company. Tomer (2013) argues that internal threats are imminent where it may take over a year before being noticed as they are unsuspected thus presenting major challenge for the company. Thus the company should not trust all the employees as criminals can cooperate with the insiders to extract information. Other common threats include denial of services (DoS), data theft, DDoS (Distributed denial of service attacks) and malicious programs among others that the company should focus on. Unsecured wireless networks, unpatched hardware & software, unsecured websites, lost devices and unwitting users among many others (Suhatman, 2013). 3.0 Detailed network security recommendations 3.1 Fundamentals of firewalls and VPNs VPN are used to transmit private and extra sensitive data over public intermediary networks. VPN can be used for service provision especially where customers are far apart with their security being paramount. There is third party usage that links to hardware devices, firewalls, edge routers and VPN appliances. Firewall allows filtering of information that gets in or out of the organization system. This enhances security as unwanted information is filtered before reaching the clients who are at remote places thus ensuring their security. IP addresses are filtered enabling the customers and the company to access only what is critical. The firewall accepts and rejects other IP addresses that can cause harm to the users. Source: Hall, 2014 Firewall and VPN should be used to protect the customers and the company from unscrupulous users who can compromise information security. 3.2 Recommendations for firewall and VPN solutions for the new company The company needs to employ high security measures where VPN and firewall software are installed. Different forms of firewall exist with different degrees of protection. The level of control depends on the customer’s wants. Some firewalls prevent service providers (internet service providers (ISP)) from accessing their information. CISO should engage a vendor to provide such services like remote access of services and security. Securing strong anti-virus software for the company to prevent malware and enhance customer service. The new CISO should secure the firewall, VPN and install information guidelines to control employees on their conduct while accessing customer’s information. 3.3. Recommendations for implementing your proposed solutions The proposed solutions should be implemented through creating a detailed action plan that shows what and when the suggested solution is to be implemented. The following are some of the recommendations, a. Having a list of authorized hardware and software that employees should use when accessing the company assets and websites. Users should be prevented from downloading unauthorized programs and software hence protecting the company. This action can be achieved by the CISO detailing the allowed programs and providing them to the staff while prohibiting others with strong punishment measures. b. Updating the company’s written security policies, for instance, designing the devices that can be brought at the work place and others that cannot be allowed. BYOD (bring-your-own-devices) have been caused to wreck company operations. c. Important data should be segregated from other company’s information to reduce its access. Client’s information should be protected using strong passwords and secure codes. This can be achieved by engaging network security vendors to offer protection. 4.0 Summary The company and the CISO need to adopt a plan that should ensure tighter information security for the customers. Having trusted third party vendors to provide encrypted data and other information security is recommended. The company needs to inform its employees of the importance of information security through following information guidelines that restrict employees from exposing important data. Usage of firewalls and VPN is highly recommended as most of the users of the company products are remote users who need their information to be secure. References Berry, M. (2013). Network Security: Top 5 Fundamentals in network security. Retrieved January 19, 2015 from http://www.itmanagerdaily.com/network-security-fundamentals/ Hall, E. (2014). FireWall Basics. Retrieved January 15, 2015 from http://www.networkcomputing.com/netdesign/wall2.html Suhatman, R. (2013). Network Security Fundamentals. Retrieved January 19, 2015 from http://www.slideshare.net/RahmatSuhatman/network-security-fundamentals Tomer, T. (2012). The Biggest Cybersecurity Threats of 2013. Retrieved January 19, 2015 from http://www.forbes.com/sites/ciocentral/2012/12/05/the-biggest-cybersecurity-threats-of 2013-2/ Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Case Study Essay Example | Topics and Well Written Essays - 1250 words - 14”, n.d.)
Case Study Essay Example | Topics and Well Written Essays - 1250 words - 14. Retrieved from https://studentshare.org/information-technology/1674582-case-study
(Case Study Essay Example | Topics and Well Written Essays - 1250 Words - 14)
Case Study Essay Example | Topics and Well Written Essays - 1250 Words - 14. https://studentshare.org/information-technology/1674582-case-study.
“Case Study Essay Example | Topics and Well Written Essays - 1250 Words - 14”, n.d. https://studentshare.org/information-technology/1674582-case-study.
  • Cited: 0 times

CHECK THESE SAMPLES OF Network Security Fundamentals

Network Security Fundamentals, Security Threats, and Issues

Network Security Fundamentals, SECURITY THREATS, AND ISSUES Network Security Fundamentals, Security Threats, and Issues Author Author's Affiliation Date 3.... Network Firewalls security consists of tools, technologies, measures and laws used to ensure the safety of resources.... hellip; At the present, security has become one of the biggest issues outlined by information technology firms and business organizations which connect their domestic Local Area Networks (LANs) and Wide Area Networks (WANs) to the Internet....
4 Pages (1000 words) Case Study

Public-Private Partnerships

hellip; The author states that incidence response questions include questions to anyone that can be involved in response to a risk occurrence, operations type of questions are asked to security personnel while security program type of questions are asked to planners and managers.... The qualitative risk assessment method is the most suitable for homeland security.... This is because of its diversified advantages, over the quantitative method, that meets the scope of Homeland security's need for fast and accurate reactions....
2 Pages (500 words) Essay

Antimalware techniques

Security+ guide to Network Security Fundamentals.... network security Foundations: Technology Fundamentals for IT Success.... ehavior-blocking Software:Behavior-blocking is a capability of some anti-malware tools that provides few of the best security available.... Number of rogue software and security breaches in the OS is being exposed.... Commonly it consists of a computer system, data, or a network site that appears to be element of a network, but in reality is isolated and under observation, and which appears to contain information or a resource of value to attackers (Ciampa, 2009, p....
1 Pages (250 words) Essay

Microsoft Word Research Paper:

Security+ Guide to Network Security Fundamentals (4th ed.... network security was identified as the mechanism for the protection of computer networks from different sorts of threats.... etwork security is the mechanism for the protection of computer networks from different RESEARCH goes here] [Your goes here] [Your college In this paper, the issue of network security was discussed toknow its importance, as well as some main threats associated to networks....
1 Pages (250 words) Research Paper

Computer virus

Working in the internet and the spreading of the IT technologies can bring many risks to the data which firm of enterprise possess and in many cases, other companies can hire attackers to copy some confidential information regarding the plans of the company's development or to… To achieve these targets attackers can use online attack on the main resource if we deal with the web shop, internet enterprise....
1 Pages (250 words) Coursework

Answer some questions

Security+ Guide to Network Security Fundamentals.... The OSI model is essential for network security because it simplifies the communication between computers through internet connectivity in a secure manner (Ciampa 125).... In this way, the auditing ensures that a system conforms to the security requirements of an individual or an institution.... The two-factor authentication I would use is the security token since it ensures that every police officer possesses a physical device that shall allow him or her to access the criminal database....
2 Pages (500 words) Assignment

CIS212 U1 Discussion

Security+ guide to Network Security Fundamentals.... It is inclusive of how the security controls are.... It has to be in a manner that advances the security and integrity of the data in the… It also ensures that users are not services that should be available at all times.... The security Management Process Insert Insert security management entails ensuring that the integrity, confidence and consistency in theavailability of services and data in an organization....
1 Pages (250 words) Essay

Information security management framework

?Network Security Fundamentals.... ?network security and management.... This is typically achieved through executing… In this context, security policies are usually written documents, which are supposed to lay out the precise requirements or rubrics that must be adhered to by the employees.... It is an overall description of the Topic: Information security Management Framework security Policies, Standards and Guidelines So that information can be protected, organizations and businesses are supposed to execute regulations and controls concerned with safeguarding of information as well as the systems used for the storage and processing the information....
1 Pages (250 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us