Information Security - Case Study Example

Information Security: The use of Forensic Techniques in Organizations Name Institution Date Table of Contents Table of Contents 2 The use Forensic Techniques in Organizations 3 Part A 3 Introduction 3 Discussion 3 Appropriate computer forensics techniques for the organization 3 Automatic monitoring methods 4 Appropriate monitoring methods suitable for the company 5 Evaluation of the monitoring proposal 6 Conclusion 8 Part B 9 Network security Research: Fundamental Issues 9 Introduction 9 Discussion 10 Authentication 10 Authorization 11 Access Types 11 Likely direction of network security over the next few years 12 Critical evaluation of network security issues yet to be resolved 13 Conclusion 14 References 15 The use Forensic Techniques in Organizations Part A Introduction The use of computers is a common practice for most individuals and companies. Computers are used for various purposes including storage of confidential information. However, some individuals use the computers to commit crimes which are punishable by law. Detecting these crimes require high level techniques due to the nature and complexity of the crimes. Computer forensics is therefore an important concept used for the purpose of combating crime in the information technology (Heiser et al., 2002). It uses the similar concepts of other forensic sciences to question the law with the main aim of determining whether a crime has been committed or not. Most of the organizations with confidential information about the company products or ingredients have been faced with crimes that require computer forensic. Company information is frequently leaked by employee or those leaving to other companies. Computer forensics is basically concerned with gathering evidence for the purpose of analysis and prosecution. This evidence is recognized by most laws and is applicable in courts of law according to Böhme, et al (2009). The paper thus discusses the concepts of computer forensics in relation to commercial organizations. Discussion Appropriate computer forensics techniques for the organization When a commercial company suspects that the employee has interfered with the information in the computer system, forensic techniques are required. According to Ling, et al (2009), appropriate techniques should be applied since the employee is categorically aware that investigations may be done and may end up being convicted. Trade secret theft investigation should be done as the employee may have misused the secrets of the company. The deleted files should be analyzed in order to determine the files that were accessed by the employee. The files opened should also be critically analyzed. This will give the investigators and the company the details of all the files that the employee accessed whether they are confidential or not. The employee malfeasance investigations should also be done as he/she might have tampered with the evidence due to fear of being caught. It is important to determine the users who were logged in for the purpose of singling out the employee. This should then be followed by listing all the files accessed together with their time of access. It should also include any modifications that were done on the files. Through the use of these techniques during the investigation, gathering of evidence will be made possible and hence leading to the prosecution of the employee (Gerasimos, 2008). Automatic monitoring methods The automatic monitoring methods are installed for the purposes of preventing any malicious damage to the computers or for the purpose of protecting vital and confidential information (Qi, et al, 2009). The use of these methods determines who should access certain files and who should not. Incase of unauthorized access to certain documents, the automatic monitoring tools detects it. This makes it easy for the commercial organizations to protect their information from access by employees who are not authorized. It also specifies what is prohibited and what is not prohibited. This is important in ensuring that the employees do not engage in any prohibited activities using the computers. Since the systems have weak points, the automatic monitoring tools ensure that the weak points are protected from any attack by employees or any other unauthorized personnel trying to interfere with the system. The automatic monitoring tools also force the unauthorized personnel to use the channels that can be monitored and hence preventing the access of vital information or the confidential information of the company. The automatic monitoring methods are thus useful to an organization in terms of preventing the access of unauthorized personnel to the confidential information of the company. It also prevents the employees from introducing programs that may damage the confidential information of the organization (Yasinsac, et al, 2003). Appropriate monitoring methods suitable for the company Several automatic monitoring methods are in place for the purposes of protecting the information of companies (Caloyannides, 2009). However, the company in the case study should adopt some of the most appropriate techniques that will detect any form of information theft or misuse by the employees. The company may use the intrusion detection systems (IDS) for the purposes of monitoring any violations taking place when the employees are using the computers. This method is suitable for the company as an alarm will ring incase of any malicious activity by the employee. It will also notify the management of the on going violation and hence the prevention and action being taken on the employee (Conway, 2004). The use of this method is important in term of preventing theft of information from the commercial company. The use of firewall is also an important method of detecting any malicious activity that may be going on in the computer. This method seeks to prevent the violation from taking place and hence the safety of the information of the company. Although the use of this method has some weaknesses, it is efficient in terms of protecting the system. On the other hand, the employee may want to introduce information that may be harmful to the system and hence destroying the information. However, through the use of this method, the system is fully protected and no harm can be done on the system. The commercial company should thus use these two methods for the purpose of protecting the information and the system. Evaluation of the monitoring proposal Intrusion detection system method The intrusion detection system is important software that ensures compliance among the employees to the set policies regarding the use of computers in an organization. After the software has been installed, the management will be in a position to know whether violations are taking place or not. This tool monitors all the activities that take place when using the computer. The commercial company will benefit from this method of monitoring the system as any violation is reported immediately to the management through an alarm. This will also play an important role in deterring the employees from engaging in any unethical practices using the computers. The intrusion detection system also records information related to the events that have been observed for the purpose of notifying the administrators. It is also important to note that some employees may be having permission for full access to the information of the company but may try to misuse he information (Couto, et al, 2001). When using this method, it is easy to detect such actions and hence take appropriate measures against the individuals. There are various types of intrusion detection system which monitors the system. The network intrusion detection system mainly monitors the network traffic with the aim of detecting any violation. The host-based intrusion system is also a different type that monitors the application logs, the system calls and the file system applications. This plays an important role in protecting the database from any intrusion which may lead to unauthorized access to information. The stack based intrusion detection system monitors the packets during the use of the computers. This method is thus beneficial to an organization in terms of data protection from unauthorized access or theft. The intruder detection systems also have the ability of detecting and preventing any suspicious activities taking place. However, its main function is the detection and the necessary action will be taken by the management. The efficiency of this method is high as compared to most of the methods. However, the method has various limitations as some of the intrusions could be below the alarm rate and hence its occurrence (Kohlenberg, et al, 2007). Firewall method The use of firewall to protect the system from rogue employees is also advantageous to the commercial company. This is because the rogue employees may harm the system as well as steal the vital information. The firewall plays an important role in the control of the network traffic. This is achieved by its ability to control the incoming and outgoing network traffic. It determines which data should be allowed to go through depending on the predetermined rules that have been set by the administrator. This is important in terms of ensuring that certain harmful programs are not introduced in the network while the vital information is not accessed from the network. Basic routine functions can also be done through the use of this software for the purpose of protecting the system. The firewall is able to detect violations through the use of packet filters which sends error messages incase of any violation of the set policies. This will be useful for the company in terms of dealing with any violations by the employees. The firewalls always filter the data based on several attributes which includes the port and the IP address. This makes it difficult for the intruders to interfere with certain processes in the websites. The use of firewalls is important for the commercial companies as the intruders or rogue employees may try to distort the information of the company using other programs. Firewall is also important in terms of monitoring all the activities that goes on when using the internet. However, this method may also have some limitations which may prevent total monitoring of the network traffic. The exploitation of the system through the corruption of the memory cannot be prevented when using this method and hence making the system vulnerable to corruption (Hanani, et al, 2001). Conclusion In conclusion, it is important to note that company information is the backbone of the company. The company can loose vulnerable information through the actions of the employees. The use of computer forensic to solve the problems is very crucial. The available techniques are able to gather evidence of the crime and hence the prosecution of the employees involved. Various automatic monitoring methods of the system also exist and are useful in terms of reporting any malicious activities by the employees. The company may use the intruder detection systems or firewall for the purpose of monitoring the activities of the employees when using the computers of the company. This may easily solve the problem facing the commercial company through prevention of malicious activities. Part B Network security Research: Fundamental Issues Introduction The fundamental of the network security are essential as far as securing information within a system is concerned. The information could be public or private depending on the nature of the contents and intended users (Maier, 2009). Private information could be sensitive and may cause problems incase unauthorized personnel access it. Various means of ensuring that information does not end up in the wrong hands are in use in most organizations. The fundamental issues of network security are thus very important in the security of the networks. The main fundamental issues in the network security include the authentication, access types and authorization (Mattord, 2008). These issues are important in terms of defining the efficiency of the network security. The authentication issues mainly deals with the identification of the user before being granted the access to certain information in the website. The authorization on the other hand deals with the permission granted to the user to access certain information in the internet. The access issues mainly deals with the procedures of establishing whether the user is authorized or not. The paper therefore discusses the fundamental issues of network security and how improvements can be made to enhance the security of networks. Discussion Authentication The authentication process is important when dealing with network security. According to Maier, (2010), it involves the identification of a person trying to access certain information from the computers. The authentication process requires several items or answers to some questions in order to prove that the user is who they claim to be. This process is important in terms of preventing unauthorized personnel from gaining access to vital information. It may require the personnel to perform several actions in order to prove his/her identity before using the system. In some instances, the system may require the personnel to posses several security items like the identity card bearing their names or other identification details (Amabile, 2007). This is aimed at showing that the personnel is affiliated to the organization and may be able to access certain information. However, this is not enough as most of the network system will demand that the user should be able to know certain information like the pin number of the identification card. The system will verify the identity of the personnel in relation to the information and the identification card. However, this may not be enough as a third party can use the information and the identity card. Most systems therefore require the personnel to use other factors of authentication like finger prints. This process is important for the security of the network and is followed by the authorization process (Ahmed, 2009). Authorization Authorization is a significant process in the network security. This is because it determines whether the personnel are permitted to access certain information or not (Aydın, et al, 2009). This process ensures that only the permitted members are able to use certain information. This is because an employee in an organization may be authorized to access certain information and not other crucial information. Although the personnel are authorized only the trusted personnel will be permitted to access the confidential information. The main aim is to protect the information from unauthorized personnel. The criteria for authorization thus depend on the system administrator and the management of the organization. The policies will differentiate between the two groups. The system is usually designed in a way that it is able to identify the authorized from the unauthorized. In most organizations, one computer may server a number of employees, the authorization process is thus for the purpose of preventing the access to crucial information by the unauthorized employees. This process is important in terms of securing the network as it prevents the theft of the secrets of the company which may be used by the competitors. Authorization is thus required for any security system and protection of the data. The authorization of the personnel is always done after the authentication process (Gollmann, 2011). Access Types In order for a security system to be efficient, the access of authorized personnel has to be detected by the system. This prevents the distribution of information in the wrong hands. It is also important to note that this process is done after the authentication and authorization process. Nevertheless, due to some limitations in the authorization and authentication process, the access may not be granted or may be granted to the wrong personnel. This area of network security is thus very crucial in terms of protecting the vital data. The access types include the use of passwords or the login in details when using a computer. This process in most cases does not require the control of the authority or management but it relies on built-in programs in a computer. Attribute Based Access Control is also a type of access which requires certain attributes from the user in order to gain access to the information since the users may be anonymous. The discretory access control is mainly based on the policies of the owner or the management. This is common in most of the organizations and the creator of the system sets the policies. On the other hand, the mandatory access control is used for protecting the sensitive documents like the government files. The access policy is usually determined by the system in the role based access control and is it applicable in e-commerce systems (Radia, 2002). Likely direction of network security over the next few years In the next few years, the network security will become more sophisticated and efficient due to the high number of emerging challenges. The network security in the next few years will mainly be for the purpose of meeting all the demands and requirements of the users (Frigault, 2008). This is due to the high number of challenges that emerge on a daily basis and has a lot of potential damage to the users. The existing network security system will have to undergo some modification in order to meet the challenges that may emerge. It is also important to note that the current systems have weaknesses which are always exploited and thus the rise of the crimes associated with the use of computers. This efficiency in the future will mainly be motivated by the advancement in technology which seems to answer most of the network issues as well as addressing the network security issues. Most of the inventions being made in the network security systems are quite advanced and have managed to solve some of the current issues. This means that in future the technology will keep on advancing and thus solving most of the network security problem being witnessed today. However there is no guarantee that the future advancement in network security system will be able to solve all the problems in the sector (DeCapite, 2006). Critical evaluation of network security issues yet to be resolved The virtualized platforms are very important features when it comes to the security of networks. It will enable the customers to upgrade their own systems in terms of security. However, this important network security issue is yet to be resolved although innovations are underway (Cooper, et al, 2003). The failure of addressing this issue has been contributed to the impacts that it may have on the customers. The privacy issues are also yet to be resolved and it is the most important function of the network security. This is because the hackers are still able to access private information from companies’ websites as well as those of individuals. This has been quite costly for most of the organizations as they have lost vital information to the hackers. It is therefore important for the network security to solve the problems of privacy which continues to affect most of the organizations and individuals. This is despite the presence of security features in place. Some of the security systems are also unable to detect some levels of intrusions which might be low. However this has negative impacts on the organizations which continue to loose information (Phillip, 2009). The cloud system is increasingly becoming a popular method of storing information. However, its risk implications have not yet been resolved (Kolb, 2005). This presents a challenge to most of the organizations as they may easily loose huge amounts of data incase hacking occurs. It has not yet been established how safe the system is as several companies have been hacked when using the system. This remains a challenge for the experts as this system is designed with features that prevent the hacking from taking place. The international laws and legislation regarding the network security issues are also a stumbling block towards resolving some of the issues. Some of the countries are yet to consider some crimes as serious when the computers are used. This affects the prosecution process and hence the continuity of some of the crimes. On the other hand, the lack of goodwill hinders investigations among different countries regarding crimes committed using computers (Yeung, 2009). These issues are yet to be resolved and they impact negatively on the network security. Conclusion In conclusion, the fundamental issues affecting the network security are quite undesirable. However, with the utilization of some of the features, the network security system is improving. The authentication, authorization and access control are important fundaments that ensure that confidential information is protected from unauthorized personnel. These features are prone to some weaknesses and hence the need for improvements. It is for this reason that the direction of the network security is set to change in the next few years. Some of the issues involving the network security are yet to be resolved and it may involve the privacy and the clouding system which is a new concept. The laws and regulation are also hindering the solutions to some of the network security problems. This affects the network security systems and has negative impacts. References Part A Couto, D, 2001, Detecting Intrusions by Data Mining, Proceedings of the IEEE Workshop on Information Assurance and Security, West Point, New York. Conway, R, 2004, Code Hacking: A Developer's Guide to Network Security, Hingham, Massachusetts: Charles River Media. pp. 281. Gerasimos, J, 2008, The impact of full disk encryption on digital forensics, Operating Systems Review 42 (3): 93–98. Hanani, U, et al, 2001, Information filtering: Overview of issues, research and systems, User Modeling and User-Adapted Interaction, 11, pp. 203–259. Heiser J, et al, 2002, Computer forensics: incident response essentials, Addison-Wesley. pp. 392. Kohlenberg, T, et al, 2007, Snort IDS and IPS Toolkits, Syngress. Yasinsac; R, et al, 2003, Computer forensics education, IEEE Security & Privacy. Böhme, R, et al, 2009, Multimedia forensics is not computer forensics. Computational Forensics, 90-103. Ling, L, 2009, Discussion on Static Forensics and Dynamic Forensics [J], Computer Security, 8. Qi, Z, et al, 2011, Digital Evidence Protection Model with Batch-verifying and Public Verifiability for Computer Forensics, Energy Procedia, 11, 530-534. Caloyannides, M, 2009, Digital forensics. Security & Privacy, IEEE, 7(2), 16-17. Part B Ahmed, N, 2009, A mechanism for identity delegation at authentication level, Identity and Privacy in the Internet Age, Springer. DeCapite, D, 2006, Self-Defending Networks: The Next Generation of Network Security, Cisco Press. Gollmann, D, 2011, Computer Security, London: Wiley Publishing, p. 387. Mattord, V, 2008, Principles of Information Security, Course Technology. pp. 290–301. Norman, T, 2007, Integrated Security Systems Design, NY: Butterworth. Phillip, A, 2009, Hacking Exposed: Computer Forensics, New Jersey: McGraw Hill Professional. pp.544. Radia, P., 2002, Network Security: Private Communication in a public World, New Jersey: Prentice-Hall. Yeung, A, 2009, Network Infrastructure Security, New York: Springer. Pervaiz, M, 2010, Routing security in ad hoc wireless networks, Network Security, 117-142. Maier, G, 2008, Enriching network security analysis with time travel. In ACM SIGCOMM Computer Communication Review (Vol. 38, No. 4, pp. 183-194). ACM. Aydın, M, et al, 2009, A hybrid intrusion detection system design for computer network security. Computers & Electrical Engineering, 35(3), 517-526. Cooper, D. et al, 2003, Business Research Methods. McGraw Hill International Edition, ISBN 0071181091. Frigault, M., et al, 2008, Measuring network security using dynamic bayesian network, In Proceedings of the 4th ACM workshop on Quality of protection (pp. 23-30). ACM. Amabile, T, 2007, ‘Inner work life’, Harvard Business Review, 85 (5), pp.72–83. Kolb, A, 2005, ‘Learning styles and learning spaces enhancing experiential learning in higher education’, Academy of Management Learning and Education, 4 (2), pp.193–212. Read More