Information Technology Threats and Security - Assignment Example

Information Technology (IT) Threats and Security Introduction: Information Technology and the features provided by IT are at its peak in today’s age.The life without the technology is beyond thinking. Along with the great benefits and advantages provided by Information Technology, there are some threats and security concerns that need to be addressed for better services. This work aims to highlight the threats and security risks, which Information Technology experts face in the real world. Answer 1 There can be different advices and counter-measures for Mr Sacdin to control the threats for his Linux systems. There can be used different approaches for threat detection. Antivirus and internet security: There are many effective antivirus and internet security software that detect latest threats. Software have updates on daily basis, first suggestion can be to purchase a very effective antivirus and internet security software and install that on all machines and scan all the computers with these software’s. After scanning if any threat is found it deletes that threat from the system. Installation of Firewall to monitor the network traffic: Most of the threats spread in computers via internet and network that’s why it is essential to analyze the network or internet traffic. For this purpose, different ways are used in most efficient way that can be suggested is firewall. Firewall is software or it can be hardware based security system, which analyzes network incoming and outgoing data whether it is secure or not based on different rules that are set inside this. For network data transfer TCP and UDP protocols are used and these protocols transfer data using specific ports, and each port has its own unique port number, firewall reads the network packets from these ports and if there is any unsecure data then it is rejected and secure data is communicated between computers. Firewall also prevents from hacking of the computer. According to requirements statefull or stateless firewall can be installed on computers for network security. Stateless firewall is more efficient and fast as compare to stateful firewall and it requires less memory, but in some cases if user wants to see history or logs then stateful firewall is a good option. Firewall works on mostly three OSI model layers, most of the work is done between physical layer and network layer; and transport layer is only used for finding the destination and source port numbers. Therefore, Kemmerer and Vinga (2002) stated that installing the firewall was a good idea for any network computers from threats and hacking. Systems are designed for the security and reliability for getting progressive in the industry and perform accurately. Initially when internet was explored the world and usage was less, the chances of threats were also less as compared to today’s life of computer and internet threats. Internet is the biggest medium to maximize the productivity of computers and information technology and in the mean while it is also the reason of destroying the systems, accessing the critical data. Viruses, malwares, hacking techniques and other ways that negatively impact on the information technology are spread through the internet. Although, before the use of the internet all these ways are present but working slowly. Internet provides the wide range for such activities to flourish and harm the systems. The hackers hack the system using different types of hacking techniques; they people try to crack the bank accounts, fraud and criminal activities. According to Munro (2013) somehow the stability of national infrastructure is considered on risk and threat of security is becoming the major issue. These activities are pre planned and organized to destroy the target system and such activities are performed suddenly, so that safety measures are harder to compete with them. Some common and well known types of threats that information technology faces were identified by Prince (2010) including the Malwares known as steady threats, malicious insiders, mobile devices, cloud computing security threat, and Zero-day-exploits. Many types of threats are mentioned to Mr. Sacdin and now some prevention techniques could also need to explore for him to protect the infrastructure of the organization. The unified threat management (UTM) contains the features like, antivirus software, firewall, content and spam filters in a single package form. Rouse (2006) founded that use of UTM was not enough to get full secured network of an organization. The UTM helps to keep updating the software automatically but still needed improvements that fully competed with upcoming threats to the company’s infrastructure. Answer 2 E-authentication: The authentication processes of online individual citizens come under the definition of E-authentication that uses online systems of government over the internet. The term E-authentication is primarily the electronic authentication process that authenticates the online users for legal access of concerned material over the internet. U.S. Environment Protection Agency (2009) worked on the E-authentication and noticed that E-authentication process mainly consists of two features; one is user name that should unique and it is very compulsory, the second feature is hidden code of some specific characters named password. The authentication process gets complete after acceptance of correct user name and password. Different kinds of rules, strategies and tools are required to achieve the good level of security from threats that improve the infrastructure of the organization and maintain the productively on its peak. The suggestion for threat prevention system that secure the company is not the thing easy to give within a single tool available in the market. It demands combinations of some tools and products involved. There is no single unified threat management (UTM) tool available in the market that fully and finally guarantee the threat detection and prevention techniques (Kelley 2012). The E-authentication process is essential component of making a successful E-government. This process is advantageous for good coordination and best technical design support in making of successful E-governance. Many countries across the globe use the E-authentication for different kinds of digital services. This authentication helps in the promotion of electronic services that make ease of access and saves time for individuals in getting the services. For example, in United States governance, E-authentication process is used for authentication purpose of individuals. The threats of security and counter measures are the core need of a secure system. The expert is required to dedicate for system security matters. The high profile organizations require a high level of security as this work is related to finance that is critical area of a country. Rampat (2014) pointed out that as it is criticality increased it becomes directly proportional to the increased level of security matters to observe serious and safety measures.   As part of the infrastructure expansion, Mr Sacdin wishes to rethink how individual citizens are authenticated by on-line government systems over the internet. This activity is possible with the use of method of E-authentication. Every single personal will be authorized electronically using the finger print and the face recognition process is involved in it as an improved feature of authentication process. This authentication will help in the criminal detection branch for crimes. Answer 3: The use of only a single password for all systems will not be acceptable, and that policies and legislation cannot overcome the human nature (Burr 2004). The only password is no more enough for the security systems; it should include the finger print or a face recognition process according to the demand and need of the target organization. The electronic authentication of all individuals of the country is handled by law and order agencies and that also need to have a secure system for prevention of loss. Garvin (2011) also proved that the electronic system was based on the authentication of data previously saved into the database of e-authentication, so the original saved data must have an extreme level of security for all threats that information technology is facing. Mr Sacdin requires solutions that require less time and money to develop the e-authentication system for his country but should be warned about any limitations/assumptions. They must know about the features and results because the time taken to develop and implement the authentication system have benefits that are higher the time taken. USDA is the example that is used for authentication of individuals in United States (United States Department of Agriculture, n.d). Mr. Sachin is suggested about the benefits taken form e-authentication, the time and budget should have enough space to make it perfectly for better results. The e-authentication once done for an individual is applicable when the person will be out of country. The proofing system provides services to the person throughout the accessed area. National Institute of Standard and Technology (2013) presented the services include: identification, registration, token, authentication protocols, and other features. E-authentication includes the passwords, local and remote authentication, physical tokens, and biometrics. The growing demand of dependency on information technology requires the high demand of prevention of threats and improved security as McCarthy (2013) founded in his work on E-authentication. The e- authentication also needs to have critical level of security for getting the best results from such dependency on technology. Conclusions: The topic is about the security threats faced by information technology. The threats are explored like virus, malware, malicious activities, etc. some prevention techniques are also discussed and observed for implementation. The need of single unified tool that can fully manage the threat concerns is highlighted. The focus of the work is all about the security matters the threats and the protection of organization systems from threats. References: Burr B. (2004). NIST E-Authentication Guidance SP 800-63 Available from: http://csrc.nist.gov/archive/pki-twg/y2004/Presentations/twg-04-04.pdf Accessed on 3/6/2014 Garvin P. (2011). Government information management in the 21st century, International perspective, Ashgate Publishing Limited. Kelley, D. (2012). Threat prevention techniques: Best practices for threat management. Available from: http://searchsecurity.techtarget.com/magazineContent/Threat-prevention-techniques-Best-practices-for-threat-management Accessed on 3/6/2014 Kemmerer R. and Vinga G. (2002), “Intrusion detection: A Brief history and overview”, IEEE Computer Society, Vol. 35 Issue 4. P.p.27-30. McCarthy S. (2013). E-authentication: What IT managers will be focusing on over the next 18 months? Available from: http://gcn.com/Articles/2013/07/31/eauthentication.aspx. Accessed on 3/6/2014 Munro K. (2013), the threats of IT, Inutilis Press. National Institute of Standard and Technology (2013) E-AUTHENTICATION, Available from: http://csrc.nist.gov/groups/ST/eauthentication/index.html Accessed on 3/6/2014 Prince K. (2010). Top 10 Information Security Threats of 2010, Available from: http://www.enterprisenetworkingplanet.com/netsecur/top-10-information-security-threats-2010 Accessed on 3/6/2014 Rouse M. (2006). Unified threat management (UTM) Available from: http://searchmidmarketsecurity.techtarget.com/definition/unified-threat-management Accessed on 3/6/2014 Rampat A. (2014).Procedures in preventing threats to information security. Available from: http://searchsecurity.techtarget.com/tip/Procedures-in-preventing-threats-to-information-security Accessed on 3/6/2014 United States Department of Agriculture (n.d). E-AUTHENTICATION Available from: https://www.eauth.usda.gov/mainPages/index.aspx Accessed on 3/6/2014 U.S. Environment Protection Agency (2009) Environmental Information Exchange Network & Grant Program, Available from: http://www.epa.gov/neengprg/eauth/index.html Accessed on 3/6/2014 Read More