Improving Security Across The Software Development - Report Example

Module Module Network security devices List Antivirus program-cost about $15 e.g Kaspersky, avira etc (2)Firewalls-cost $200,(3) Pc tab alarm system () Benefits to the government agency This approach is to assess the network security devices, this service helps our organization improve risk management and satisfy compliance requirements by reducing threats to the confidentiality, integrity, and availability of business processes and information. Furthermore, this service helps government organization to: Proactively identify device vulnerabilities that pose a security risk to your IT infrastructure Prioritize resources to address vulnerabilities based on business risk Improve the overall security state of your infrastructure by following recommended actions to mitigate identified vulnerabilities Reduce the time and resources needed to stay current with new and emerging vulnerabilities Maintainance plan The government agency should develop a quarterly maintenance plan to check the operation of the networks,servers and workstations. Network mainteinance i. Firewall configuration ii. Device configuration iii. Document network devices- e.g routers and switches Server mainteinance It can be done by reviewing the following: i. System back up and disaster recovery status. ii. System logs for errors. iii. Hard disk usage and health reports. iv. Antivirus protection. Workstation mainteinance i. Disk usage. ii. Antivirus program. iii. Hotfix and service pack install history. Risk Financial risks are incurred by the government organization if they fail to perform any of the mainteinance regularly, Ligitation risks occurs when an intruder attempts to do an illegal activity, Virus infection is a major problem in our PCs today, it is a essential activity to install updates of the antivirus programs in our computers. Virus corrupt useful information in computer hard drives, Loss of data occurs if the computer hard drives are damaged, back up and recovery programs are best applied. Physical security Physical security involves begin with the building itself and an assessment of perimeter vulnerability must be conducted. The organization building must have appropriate control mechanisms in place for the type of information and equipment that is stored there. These could • Alarms fitted and activated outside working hours. • Window and door locks. • Window bars on lower floor levels. • Access control mechanisms fitted to all accessible doors. • Install CCTV cameras. • Staffed reception area. • Protection against damage - e.g. fire, flood, vandalism. Proposed vendors i. Cisco is best selected vendor for its products and services such as networks devices: routers, switches ii. Linkys is another suitable vendor that provide variety of router such as WRT54G2 router,it is easy to install and enable the users to access internet connection without use of cables and more importantly, it has firewall hat protect against unauthorized access(hackers) trying to access the network. NB: Cisco provide better compliance which enforces market policies as well as best practices. Cisco products also is a better visibility as it adapts to the emerging threats as they occur. Their products have end to end coverage of every security issues embedded in every network product. Linkys on the other hand is a subset of Cisco and have the capacity of producing of high quality products an services essential in network security firms. Network Interface Card-are printed circuit boards that are installed in computer workstations. They provide the physical connection and circuitry required to access the network. Repeater- this is a Connectivity device used to regenerate and amplify weak signals, hence extending the length of the network. Router-Links two or more networks together, such as an Internet Protocol network. A router receives packets and selects the optimum path to forward the packets to other networks. Switch- It is a connection device in a network that has the same function as much like a bridge, it directs transmissions to specific workstations rather than forwarding data to all workstations on the network. Transceiver- It is a device that functions as both transmitter and receiver and connects a computer to the network. It may be externally or located internally on the NIC. Evaluation Introduction Information Security has become the top concern for major companies today. Yearly reports of top companies has indicated so. These are categorically comes as ;computer security, application security, and network security. Computer security deals with security related to operating systems and configuration in servers, workstations, and computers in general. Application security deals with applications in the servers. Network security deals with network and its devices. Network security is becoming a top concern since most servers and applications are connected through network, either in a form of local intranet and/or Internet. Human resource department is concerned with every aspect of security by evaluating the security status of the system regularly , I mean it could be daily,weekly or monthly depending on the system status. has become the best practice these days. The most important item is the availability of a security checklist. This document shows every activity performed ,thus need to produce generic checklist that we use regularly. Security Evaluation Methodologies Security evaluation or testing are still at it’s birth. Sometimes there is a confusion that security evaluation equals to penetration testing. Many security evaluation methodologies are applied. Our security checklist derives from these works. Security Checklist Security checklist contains the following items; topology evaluation, penetration testing from outside and inside network, network device evaluation, server evaluation, application evaluation, and review of policy and procedures. Topology Evaluation Human resource department would try to evaluate the design of the network and system under test. Topology used is mainly focused as it is the main source for implementation. The main areas of concern are; network segmentation , internal controls( such as the use of firewall and Intrusion Detection System (IDS)) are installed or missing. This type of evaluation(topology evaluaion) guide us to the most vulnerable areas. From our experience, security is usually ignored during the design process. Hence, it is more difficult to secure the system in the long run. It is also more expensive. Another common problem is that the documentation is usually not up to date or even does not exist. Topology documentation is usually done manually with Microsoft Visio. It is uncommon to find documentations generated by network monitoring tools. Penetration Testing Penetration testing is done to check whether an intruder can penetrate the system in a given time. The department looked at the external network with limited information. We extend this by adding more information and by performing the attack from the internal network. penetration testing involves three steps. The first step is to perform an attack from external network i.e Internet or extranet – with limited information. The information that is needed is a list of IP addresses and time frame to perform the test. This is done to avoid testing the wrong servers. In some cases not all servers are included in the testing due to business considerations. The second step is still carried out from the external network, but with additional information. The third step involves attacking from the internal network. This step must be coordinated with the local administrators to localize and minimize the impact (if any) to the business process. Tools are used to initiate the penetration testing process. Automated tools can only help. The past experience shows that the attack from external network produces a minimal impact while attack from internal network usually produces a lot of vulnerabilities. Network Device Evaluation Network devices are the backbone of network. Therefore, evaluation of security status of these network devices is vital. Network devices are prone to single point of failure after a successful Denial of Service attack.Network devices includes routers, switches and hubs, firewalls, and Intrusion Detection Systems. Each network device has its own testing procedures. Experts pas experience shows that common error occurs due to improper configuration of device or the use of obsolete device running old software. Default configuration should be checked if it matches with current network configuration. It is usually comes with the device. Security policy must be implemented . Devices, such as firewall and IDS, implement security policy. Role of HR department a. Required to act in accordance with the government agency policies i.e execution of processes(all process). b. Protection of all information assets from unauthorized access,destruction and interference. c. Assign every individual with responsibility for tasks d. Report of any security events or any threat to the organization’s information or assets. References 1. Stuart McClure, Joel Scambray, George Kurtz, "Hacking Exposed," Osborne / McGraw-Hill , 1999. 2. Peter Herzog, “Open-Source Security Testing Methodology Manual,” version 2.1, 2003. 3. National Cyberspace Security Partnership, “Improving Security Across The Software Development Lifecycle,” 2004. Read More