Network Security Fundamentals - Essay Example

Network Security Network Security 0 Introduction The improving technology has led to massive investments in financial services that have seen many people accessing organizations’ services at their convenient places. Uses of credit cards, online money transfer programs and usage of the online transaction platforms have brought both positive and negative impacts to the society. The increased cyber-crimes are attributed to the increasing adoption of online transaction platforms. Many of credit card transactions need verification by the users to reduce high crime rate thus with the case of the medium sized start-up company, the Chief Information Security Officer (CISO) should be well equipped to handle a myriad of challenges and security threats posed by using online transactions. Companies like American Express, Visa, Discover, JCB, and MasterCard among others have experienced information security threats thus the new company should employ mechanisms that should protect information from both internal and external threats. 2.0 Overview of network security fundamentals, security threats, and issues The medium-sized credit card company needs to employ several mechanisms to ensure its customers and their private information remains safe and confidential. There have been cases of credit card frauds that have led to provision of guidelines to help in securing credit cards; for instance, the Payment Card Industry Data Security Standards (PCI DSS) that helps in securing credit cards data. 2.1 Network security fundamentals Cyber-criminals careless users, disgruntled former and current employees present major challenges in handling network security especially the experts that target the system with aim of disrupting the normal company operations. There are major advancements that the company needs to perform to ensure cyber threats are kept at bay. Berry (2013) pinpoints several fundamentals that the company should focus on while offering its credit card services to its customers. For the company to be secure, it has to carry out the following tasks: a. Keeping patches and updating information There are vulnerabilities that are exploited by cyber criminals mostly in the operating systems, web browsers, browser plug-ins and software applications among other avenues. The company gadgets and computers that are frequently used should be kept updated thus reducing chances of them being exploited by cyber-criminals. Programs such as Adobe Acrobat, Flash, Oracle, Java, Microsoft Internet Explorer and other MS programs should be kept updated as they are mostly used during credit card usage. b. Using strong passwords Using strong passwords for the cards enhances protection of the customer’s information. Cyber attackers use the loopholes of weak passwords to exploit the chances of logging into the accounts thus leading to loss of money and confidential information. Usage of strong passwords that no humans and computers can detect or guess is recommended as a basic fundamental for enhancing information security. c. Securing the VPN Since the company is planning to use remote access by its customers, Virtual Private Networks (VPN) is also recommended to aid in reducing exposure of information through data encryption. Security is about processes, people and other components that aid in technology provision. Factors like multi-factor authentication processes are encouraged that includes several steps of proving identity. d. Actively managing user access privileges The company should monitor activities of the users in ensuring they are safe and not leading to malicious activities that can compromise the information security of the company. The CISO should be able to design program that detects unconventional ways of doing things. Options like having cloud-based emails and/or file sharing to replace VPN thus ensuring closer management of the client’s activities. Enabling many employees access confidential data can cause damage especially after the employees become disgruntled about their employer. e. Cleaning up inactive accounts These may pose danger especially where their owners forget their details creating loopholes for exposing confidential information. Former employees and contractors with accounts of the company can lead to hacking or exposing of the confidential information. They can disguise their activities as if working for the company ending to losing of the company information. 2.2 Security threats and issues There are several threats that may affect patch management, OS, device hardening and other activities that increase network vulnerability. Security threats include viruses that can derail the normal functioning of the computer and the company network system. Devious programmers can induce computer programs that are aimed at attacking the company’s operations. Such viruses have caused havoc in many financial institutions leading to loss of money and customer loyalty. Trojan Horses programs have been used to hack computers to extract information or destruct normal functionalities of the company. The programs appear to be useful software programs and harmless thus unsuspecting clients or employees open them only to affect the company operations. The CISO should be aware of such programs and design guidelines to reduce them. Vandals are software applications that when used cause destruction. Social engineering includes social networks like Facebook, LinkedIn and Instagram among others where unsuspecting customers are ambushed to sharing their information thus leading to insecure operations. Caller ID and information exposed to any social site brews information threat for the company. In 2014, high-profile attacks have targeted governments and corporations, for instance, the Gaus and Flame, which caused great losses and damage to the institutions. Advanced persistent threats (ATP) provide a sophisticated and constructed way of attacking and accessing information from the company. Tomer (2013) argues that internal threats are imminent where it may take over a year before being noticed as they are unsuspected thus presenting major challenge for the company. Thus the company should not trust all the employees as criminals can cooperate with the insiders to extract information. Other common threats include denial of services (DoS), data theft, DDoS (Distributed denial of service attacks) and malicious programs among others that the company should focus on. Unsecured wireless networks, unpatched hardware & software, unsecured websites, lost devices and unwitting users among many others (Suhatman, 2013). 3.0 Detailed network security recommendations 3.1 Fundamentals of firewalls and VPNs VPN are used to transmit private and extra sensitive data over public intermediary networks. VPN can be used for service provision especially where customers are far apart with their security being paramount. There is third party usage that links to hardware devices, firewalls, edge routers and VPN appliances. Firewall allows filtering of information that gets in or out of the organization system. This enhances security as unwanted information is filtered before reaching the clients who are at remote places thus ensuring their security. IP addresses are filtered enabling the customers and the company to access only what is critical. The firewall accepts and rejects other IP addresses that can cause harm to the users. Source: Hall, 2014 Firewall and VPN should be used to protect the customers and the company from unscrupulous users who can compromise information security. 3.2 Recommendations for firewall and VPN solutions for the new company The company needs to employ high security measures where VPN and firewall software are installed. Different forms of firewall exist with different degrees of protection. The level of control depends on the customer’s wants. Some firewalls prevent service providers (internet service providers (ISP)) from accessing their information. CISO should engage a vendor to provide such services like remote access of services and security. Securing strong anti-virus software for the company to prevent malware and enhance customer service. The new CISO should secure the firewall, VPN and install information guidelines to control employees on their conduct while accessing customer’s information. 3.3. Recommendations for implementing your proposed solutions The proposed solutions should be implemented through creating a detailed action plan that shows what and when the suggested solution is to be implemented. The following are some of the recommendations, a. Having a list of authorized hardware and software that employees should use when accessing the company assets and websites. Users should be prevented from downloading unauthorized programs and software hence protecting the company. This action can be achieved by the CISO detailing the allowed programs and providing them to the staff while prohibiting others with strong punishment measures. b. Updating the company’s written security policies, for instance, designing the devices that can be brought at the work place and others that cannot be allowed. BYOD (bring-your-own-devices) have been caused to wreck company operations. c. Important data should be segregated from other company’s information to reduce its access. Client’s information should be protected using strong passwords and secure codes. This can be achieved by engaging network security vendors to offer protection. 4.0 Summary The company and the CISO need to adopt a plan that should ensure tighter information security for the customers. Having trusted third party vendors to provide encrypted data and other information security is recommended. The company needs to inform its employees of the importance of information security through following information guidelines that restrict employees from exposing important data. Usage of firewalls and VPN is highly recommended as most of the users of the company products are remote users who need their information to be secure. References Berry, M. (2013). Network Security: Top 5 Fundamentals in network security. Retrieved January 19, 2015 from http://www.itmanagerdaily.com/network-security-fundamentals/ Hall, E. (2014). FireWall Basics. Retrieved January 15, 2015 from http://www.networkcomputing.com/netdesign/wall2.html Suhatman, R. (2013). Network Security Fundamentals. Retrieved January 19, 2015 from http://www.slideshare.net/RahmatSuhatman/network-security-fundamentals Tomer, T. (2012). The Biggest Cybersecurity Threats of 2013. Retrieved January 19, 2015 from http://www.forbes.com/sites/ciocentral/2012/12/05/the-biggest-cybersecurity-threats-of 2013-2/ Read More