The Issues Involved in Internet Security - Assignment Example

FOCUS QUESTIONS Part 1. System wide rules imply standards imposed across the entire enterprise. In view of the fact that the ical IS function has been decentralized to accommodate distributed systems, assess who should be in charge of developing and enforcing such broad standards. First of all, I want to mention that the unified standards are essential for any kind of information systems. Standards provide external interfaces for the distributed systems so they can connect to other information systems, perform data exchange and provide necessary feedback, for example in case of failure. I think International Organization for Standardization (ISO) should be in charge of developing and enforcing broad standards for information systems, distributed systems and decision support systems. As its website says, ISO (International Organization for Standardization) is the worlds largest developer of standards. Although ISOs principal activity is the development of technical standards, ISO standards also have important economic and social repercussions. ISO standards make a positive difference, not just to engineers and manufacturers for whom they solve basic problems in production and distribution, but to society as a whole. The International Standards which ISO develops are useful to industrial and business organizations of all types, to governments and other regulatory bodies, to trade officials, to conformity assessment professionals, to suppliers and customers of products and services in both public and private sectors, and, ultimately, to people in general in their roles as consumers and end users. ISO standards contribute to making the development, manufacturing and supply of products and services more efficient, safer and cleaner. They make trade between countries easier and fairer. They provide governments with a technical base for health, safety and environmental legislation. They aid in transferring technology to developing countries. ISO standards also serve to safeguard consumers, and users in general, of products and services - as well as to make their lives simpler. 2. Formulate how an organization can develop confidence in the security of their networked systems when they are opening their systems to Internet access. As Lieu (1998, para.3) writes in Netsurfer Focus, "The only safe computer is a dead computer." But of course there are some steps to protect data and computers of company’s information system. As Yoo (n.d.) writes, all systems consist of three components, the software and hardware parts, the people, and the procedures. The same is true of computer and network systems. Securing computer system means security of the software and hardware, trustworthiness of the people who use and manage it, and reliability of the procedures for using and managing the system. In this issue, most companies are mainly focus on secure software and system management practices. But for complete evaluation of the security of networked system the other components should be considered. Firstly, employees of the company must be aware of the risk of sharing passwords or the use of simple dictionary-based passwords and of the implications of opening questionable programs or attachments in their e-mail that may contain extremely dangerous viruses. Secondly, level of risk should be evaluated. Network administrators are not security professionals, and therefore their primary mission is not establishing a secure network, but rather a functional one. What must be evaluated is how much risk is acceptable, and therefore what level of functionality will be sacrificed to ensure a reasonably secure network with an acceptable level of risk. Thirdly, information systems and networks must be designed and implemented to establish a strong foundation and architecture to incorporate security. The identification of access points into a network and establishing the appropriate access controls such as firewalls and monitoring solutions is necessary. Also, updating and patching software is essential to prevent known vulnerabilities in a particular service or software from being exploited. And finally, the essential layers of companys network security should be established, such as policy, router, log analysis, firewall, anti-virus software and intruder detection systems. 3. In general, "open source" software is essentially free, it is readily accessible, it is user modifiable, and it is typically unsupported. Illustrate why an organization might select such software for mission critical applications. More and more organizations in business and government are turning to open source. Surman and Diceman write that large computer companies like IBM, Sun and Apple have embraced open source as a part of their software strategy. (Surman and Diceman, 2004, section 3) There are a number of possible reasons for use of open source software for mission critical applications: Lower information technology costs. Open source eliminates the need to pay for software licenses. Of course, this does not mean that you can eliminate information technology costs altogether – there is still a need for staff and equipment to make it all work. But open source can definitely lower overall costs, especially for organizations, which need advanced servers, databases and web applications. Flexible software solution. The fact that the code is "open" means that software can be modified to respond to needs not addressed by the original developer. The most obvious benefit of this responsiveness is the ability to translate software into local languages. However, it is also useful for web applications where it may be desirable to add on new features that accommodate the unique needs of business organizations. Better security. Mature open source applications, such as Linux, Apache, SendMail, and OpenOffice.org tend to be more secure than their proprietary counterparts. This is partly due to the fact that the code is open, allowing system administrators and others concerned with security to quickly identify problems and propose solutions to the lead software developers. Also, open source applications tend not to be targeted by people who make viruses. This kind of improved security is vital for commercial organizations who want keep unwanted intrusions out of their network and who cannot afford the downtime that comes with virus attacks. Collaborative, cooperative values. Open source is based on a set of collaborative and cooperative values. It assumes that we can create more useful tools by working together than we can by competing. Using open source is not only a way to support these values, but it can also provide a way to learn from them. The open source community presents a very practical and adaptable example of how organizations can work collaboratively. FOCUS QUESTIONS Part 2: 4. Discuss how to motivate an organization to migrate to the OSI Model as the architecture for its infrastructure when standards in general appear to be in a constant state of flux. A solid understanding of network design starts with a model. The Open System Interconnection (OSI) 7-layer model is an industry-standard way to describe the network protocol stack and how it applies to practical aspects of networking. The OSI model consists of seven layers, which are: 1. The Physical Layer: transmits raw data bits over a communication channel (mostly mechanical and electrical issues) 2. The Data Link Layer: guarantees to the network layer that there are no transmission errors by breaking the input datastream up into frames and sending back acknowledgement frames 3. The Network Layer: controls the operation of the involved subnet; main issues are routing (determine a way from source to destination) and dealing with problems of heterogenous networks, e. g. different size requirements of transmitted data blocks 4. The Transport Layer: splits up data from the session layer if necessary (segmentation) and ensures that the pieces arrive correctly 5. The Session Layer: allows users on different computer systems to establish a session between them, i. e. they are able to transfer files or log into a remote system; the conditions of communication are laid down, for example full-duplex or half-duplex 6. The Presentation Layer: unlike the layers before it is concerned with the syntax and semantics of the transmitted information; it is concerned with all aspects of information representation such as data encoding, data compression and encryption 7. The Application Layer: contains a variety of commonly needed protocols like handling with different terminal types and file systems; a label to identify the communication process, its origin and destination application is added to the transmitted information (Groessler, 1995, para.1-2). Migration of architecture of information system structure to OSI 7-level model will allow taking appropriate actions for securing the system at proper level, or several layers. (Reed, 2004) Also, it affects system’s reliability and gives it more opportunities for upgrade. For example, when moving for dial-up Internet connection to broadband, you should only replace the Physical Layer, without touching the others. 5. Since major U.S. equipment vendors treat important parts of their product lines as proprietary technology, formulate how will it be possible to achieve true open systems and international standards? One interesting idea about achieving true open systems and international standards is Open Source Hardware. (Graham, 1998) Open-ness in hardware terms can have a whole range of meanings. In all the cases listed below, some hardware is open and some is not - but the trend is for open-ness to become more and more limited, restricting the freedom of designers to create or implement their own designs, and even of programmers to write the programs they wish. By Graham, truly open hardware would have to satisfy all the requirements below: Information on using the hardware must be available. By certifying a hardware device as Open, the manufacturer makes a set of promises about the availability of documentation for programming the device-driver interface of a specific hardware device. Also sufficient documentation for the device must be available for a competent systems programmer to write a device-driver. The design of the hardware must be available. If the design is published others can learn from it, improve on it, or even second-source the same device. Much digital hardware has never been open in this sense, creating a whole industry of reverse-engineering and patent claims and counter claims Design software for hardware must be available. For example, processor manufacturers have always published their processor Instruction Set Architectures, so it has always been possible to write free compilers. 6. With rapid changes in telecommunications technology, assess how can the IS department keep its end users informed of the benefits to be gained in this changing environment? There are several ways to keep end users informed of the benefits to be gained in telecommunications changing environment. E-mail broadcast. E-mail broadcast is a good tool for sending corporative news and advertisement, but now a lot of people don’t read e-mail broadcast because of huge volumes of spam. Submitting a Press Release. A press release, especially one based on a media hook, can be an effective way to inform end users about innovations or changes and to report about company’s news and achievements. Bulletin Board Postings. Good tactics for the company is to have website with Bulletin Board or forum where users and staff can discuss various organizational, business and technical issues. So it is possible to make posts about, for example, some technical changes, knowing that the target audience would be reading them, and then contributing to the ongoing discussion. References Boehm, Barry (1976). Software Engineering. IEEE Transactions on computers. Los Alamitos, CA: IEEE Computer Society. Fallin, S. and Pinzon, S. (n.d.). Foundations: What a Network Security Administrator Should Do. WatchGuard Technologies. Retrieved March 1, 2006, from http://www.watchguard.com/infocenter/editorial/1758.asp Graham, S. (1998). How can Hardware be `open? Opencollector.org. Retrieved March 2, 2006, from http://opencollector.org/Whyfree/open_hardware.html Groessler, A. (1995). Network Basics: OSI model. C o m p u t e r N e t w o r k s. Retrieved March 2, 2006, from http://www.informatik.uni-mannheim.de/pi4/lectures/ss1996/rn96/CN-Title/form/basosie.htm ISO Website. (2006). Retrieved March 1, 2006, from http://www.iso.org Lieu, S. M. (1998). Netsurfer Focus on computer and network security. Netsurfer Focus. Retrieved March 1, 2006, from http://www.netsurf.com/nsf/v01/01/nsf.01.01.html MIT IS. (2000). Infrastructure Requirements for Applications and Systems. MIT Informational Systems. Retrieved March 2, 2006, from http://web.mit.edu/ist/integration/doc/requirements.html Reed, D. (2004). Applying the OSI Seven Layer Network Model To Information Security. SecurityDocs.com. Retrieved March 2, 2006, from http://www.securitydocs.com/go/1834 Surman, M. and Diceman, J. (2004). Choosing Open Source. A guide for civil society organizations. Commons Group. Retrieved March 1, 2006, from http://commons.ca/articles/fulltext.shtml?x=335 Yoo, InSeon (n.d.). Examine the issues involved in Internet Security. Analyze the problems associated with this. Retrieved March 1, 2006, from http://www.ecs.soton.ac.uk/~isy01r/reports/report1.htm Read More