EBuy Control Station - Case Study Example

Information Systems Topography Topographical Infrastructure illustration and eBuy requires astrong online platform to be able to carry out its global business successfully. The strength of the platform should be in terms of data security and the ability to serve a big global traffic of customers at the same time. The information system security is in two levels, and cloud is used at both levels (Norman, 2007). First of all, there internet services providers (ISPs) must keep secure all the data of those they secure. Everything starts at this point. The cloud service used must be an encrypted one to ensure that there are no data leakages at all. From the ISPs, there is a system of routers and switches leading to eBuy control station. The control station has servers which must be linked to the core. The core is where high speed internet is generated. The speed of the internet at the core can be as high as 100Tps. There is cloud security at the core as well, with numerous encryptions in form of complex codes and very strong passwords (Lucas, 2005). From the ISPs, there is a DDoS mitigation centre. DDoS stands for distributed denial of service, normally meant to attack the available networks. The attacked network is passed through high capacity networks with filters. The filters will help to scrub the traffic. The traffics must be identified correctly through signature comparison and also by examining its different attributes such as JavaScript footprints, IP addresses, http headers and cookie variations (Lucas, 2005). The filters should also be able to separate human traffic from traffics caused by hijacked browsers. In this front, the company must go for the latest anti-DDoS technology. There are also cloud-based providers of the DDoS mitigation (Norman, 2007). There are outer switches and inner ones. The switches are placed between Wide Area Network (WAN) routers. The switches are used together with network intrusion detectors and firewalls. The intrusion detection system (IDS) is a software application that watches over the entire network system and guards against any malicious activities. eBuy Pharmaceuticals would use a host-based intrusion detection system rather than a network-based one. The IDSes will also help to detect and deter any violations of the laid-down security policies. They record all the information related to all the malicious activities and any attempted security policy violations and send reports to the administrators at the main control station. The firewalls provide a buffer between the WAN and Local Area Network (LAN). In many cases, the WAN is more trusted than WAN. LAN is the internal network, and is always secure, whereas WAN is the internet and is always not-so secure. A system of firewalls will thus provide a barrier between secure connections and insecure ones (Bhattacharya, 2009). eBuy Pharmaceuticals will use both software firewalls and hardware appliance firewalls. The hardware-based firewalls will also act as dynamic host configuration protocol (DHCP) servers. The computers can then request networking parameters and IP addresses from the DHCP servers, instead of administrators at the main control station having to manually configure those settings. Firewalls operate according to given sets of instructions. The component acting as the intrusion detector will also ensure secure messaging and act as the web application firewall (WAF). The WAF performs functions such as applying a set of instructions and rules to HTTP conversations. The rules will cover and prevent attacks such as SQL Injections and cross site scripting (XXS). Firewalls always have configured policies. The WAF monitors and blocks any system calls, outputs and inputs that violate such configured policies (Kim & Solomon, 2012). There is also the open systems interconnection (OSI) layer which partitions the communication system into abstraction layers. Partitioning the communication system helps to standardize its functions. The WAF controls any network traffic on the OSI layers all the way to the application layer. The application layer is also an OSI layer, but the one that the end user is able to operate. It is layer 7 of the OSI layers. The inner layers include the physical layer (layer 1), data link layer (layer 2), network layer (layer 3), transport layer, and the session layer (layer 6). From the inner switch, there is an endpoint security and a demilitarized zone. The endpoint security safeguards endpoints, mobile devices and servers from attacks and threats. It involves installation of software on the endpoint devices and servers and helps to monitor their software, activities, status, authentication and authorization (Bhattacharya, 2009). The software installed for endpoint security purposes may be a host intrusion prevention system (HIPS), an antivirus or a firewall. The devices that do not meet the corporate security policies will be quarantined and denied access. eBuy Pharmaceuticals will definitely have consultants and business partners who, like clients and customers, must have a web sign-up. Whenever any of those signed up attempt to log in, the endpoint security verifies and validates their information their credentials. It also scans the devices used for any unauthorized software and checks updated virtual private networks (VPNs) as well. The network administrators will also build a demilitarized zone (DMZ) at the endpoint to separate trusted networks from untrusted ones. It keeps hackers and data thieves from the secure network zones. Once the administrators have created the DMZ, they may decide to put some proxy servers in it. The proxy servers will act on behalf of the users in requesting for services from the trusted and secure network (Kim & Solomon, 2012). What this means is that any visitors can only access services once the DMZ has obtained them from the secure network. Administrators will use firewalls to form a bridge between the DMZ and the trusted network zones. A system of routers is used in this case. There is a router that connects to the insecure network, another connecting the insecure network to the DMZ and lastly one that connects the DMZ to the firewall used to guard the secure network. Security policy eBuy Pharmaceuticals will have a set of comprehensive information system security policies. This will help to project all the data and also prescribe the extent to which some information may be made public or available for others to see. The security policies are all in compliance with the confidentiality, integrity and availability (CIA) triangle provisions. 1. The information/data security team will classify data into various categories. The categories include: Confidential- confidential data include the sensitive personal and company information that must be accorded protection from access by unauthorized users. Any unauthorized access would mean invasion of privacy, an offence punishable by the existing federal privacy laws. Internal use only- these are data that are less sensitive than the confidential data. They are meant to be used within eBuy. Exposing such data to unauthorized users can have adverse impact on the reputation of the company, personal interests or the company’s finances. They may include internal memo and other draft documents that are meant to circulate within the company premises. Public- these are data that are made available for public access. They also include data that if made available to the public, wouldn’t have any effect on the company or personal interests. 2. All the eBuy Pharmaceuticals information resources must be assigned security classification level depending on the sensitivity of the information they contain. The information resources include but are not limited to electronic databases and physical documents. 3. In a case where there is some information that has not been classified, it will automatically be treated as confidential information. 4. There shall be a data security committee that will be mandated to give information security classifications from time to time. The committee may also establish more detailed provisions concerning specific data or information resources by issuing data security directives. 5. All users, including business partners, consultants, clients and customers of eBuy Pharmaceuticals also have security responsibilities. eBuy Pharmaceuticals maintains an information security system that provides, to the technically feasible extent,: a. Secure authentication protocols that include but are not limited to: Restriction of access to active users and their accounts only A secure criterion of selecting and assigning passwords Controlling data protection passwords to make sure that such passwords are kept in formats that do not compromise the security of the data they are meant to protect b. Updated versions of the security systems software which include malware protection and other updated virus definitions. References Bhattacharya, B. (2009). Algorithms, architectures and information systems security. Hackensack, NJ: World Scientific. Kim, D., & Solomon, M. (2012). Fundamentals of information systems security. Sudbury, Mass.: Jones & Bartlett Learning. Lucas, H. (2005). The analysis, design, and implementation of information systems (3rd ed.). New York: McGraw-Hill. Norman, T. (2007). Integrated security systems design concepts, specifications, and implementation. Amsterdam: Elsevier Butterworth-Heinemann. Read More