Information Security - Risks, Security Plans, and Defensive Measures - Essay Example

Swinburne University of Technology Faculty of Information and Communication Technologies ASSIGNMENT AND PROJECT COVER SHEET Unit Code: HIT3321 Unit Title: IT Security Assignment number and title: Research Project Due date: 8 Nov 2013 17:30 Lab/tute group: Tutor: Lecturer: James Hamlyn-Harris Family name: Identity no: Other names: To be completed if this is an INDIVIDUAL ASSIGNMENT I declare that this assignment is my individual work. I have not worked collaboratively nor have I copied from any other student’s work or from any other source except where due acknowledgment is made explicitly in the text, nor has any part been written for me by another person. Signature: To be completed if this is a GROUP ASSIGNMENT We declare that this is a group assignment and that no part of this submission has been copied from any other student's work or from any other source except where due acknowledgment is made explicitly in the text, nor has any part been written for us by another person. ID Number Name Signature Marker's comments: Total Mark: Extension certification: This assignment has been given an extension and is now due on Signature of Convener: Date: / 2013 Executive Summary The aim of providing this computer security may differ but it mostly entails protecting computer network information from corruption, hackers, theft or its preservation. This will depend entirely on security policy. Network security enforces constraints on computers which vary from other systems requirements as they mostly are applied as restrictions on what a network is supposed to undertake. Network traffic analysis and threat assessment should be done at regular intervals. One of the most important elements in ensuring network security is keeping the users of the system informed of possible threats and how to avoid them. Table of Contents Executive Summary 2 Introductions 4 Risks 5 Risk analysis 6 Security Plans 6 Defensive measures 7 Security policies 7 Antivirus and Antispyware 8 Firewalls 8 Authentication 9 Encryption 9 Patching and change management 10 Intrusion detection and network monitoring 10 Evaluation of potential risks 11 Evaluation of Physical Security 12 Managing an Incident 13 Summary including recommendation 14 References 16 Introductions In the world today, people rely on computers and the internet for almost everything such as communicating, entertainment, shopping as well as making bank transactions and investments. Without information security, computers and users’ facts and data are at risk. This statement proves that information technology avoids or catches all possible threats and repair unavoidable vulnerabilities. It therefore stands that this process provides importance work to remain all information intact and avoid future attacks from outsiders or hackers. As a result, information security is perceived as information’s refuge from corruption and unexpected aggression. These criminals are capable of designing software that will enable them infiltrate computer systems and retrieve personal and confidential information. These programs also cause great damage to the computer systems. Different kinds of PC/LAN security programs such as antivirus and anti-spyware are thus necessary and all of them have to be updated upon expiry. The use of firewalls as well as authentication features can restrict the people who try to gain access to computer systems. It is not an easy task to set up an effective PC/LAN security system but it is a necessary thing for an individual to do in order to protect computer systems, information as well as children. There are a lot of harmful programs that internet users should protect themselves from on the internet but they keep changing their features frequently and there are newer threats that appear over and again. This is because the intruders are constantly discovering vulnerabilities to exploit in computer programs. This is the reason why an evaluation of potential risks of a home PC/LAN is required to protect the computers and the users. This evaluation could create perfect procedures to maintain all information and data accurately with minimal flaws. The usual approaches used to enhance security on computer networks comprises of the understated points 1. Physically restrictions to accessing computers and only those authorized personnel allowed to accessing the computers 2. Using hardware means which enforce regulations on computer programs, hence evading depending on any specific computer programs to offer security 3. The use of operating systems approaches which enforce regulations on computer programs to evade depending on computer programs 4. Application of programming strategies in order to enhance computer programs reliability and challenge subversion Risks There are many kinds of attacks, and there are subtle variations on each kind. Some threats are common, only too real in actual experience, while others are hypothetical, theoretically possible but never yet observed. Despite the variety, threats can be divided into categories: external attacks, intrusions, and viruses and worms. External attacks- External attacks are action against computing infrastructure that harm it or degrade its services without actually gaining access to it. Attackers send data packets far more rapidly than the target machine can handle them. Each packet begins what appears to b an authentic “conversation” with the victim computer. The victim responds as it usually does to the beginning of a conversation, but the attacker abruptly terminates the conversation. Intrusion- Intruders actually gain access to a PC by a variety of methods some method s involves obtaining user names and passwords. Hackers who gain physical access to a network can acquire passwords by eavesdropping on network conversations by using “sniffer” software; because network traffic often traverses many local area networks, a sniffer need not be attached to the LAN where traffic originates to get a password. Once inside, intruders have the same rights of access and control over systems and resources as legitimate users. Thus empowered, they can steal information, erase or alter data such an imposter could send a message cancelling an important meeting or send scandalous information that appeared to originate from you. Finding out what intruders have done, or whether they have done anything, ca is very costly for victim, yet it must be done. Viruses and worms - Viruses and worms are malicious software programs that replicate, spreading themselves to other computers. The damage they do may be minor or severe, such as erasing the contents of a computer’s disk drive. Simply put, viruses require assistance from users to replicate and propagate whereas worms replicate and move across networks automatically. Risk analysis To measure Risk analysis of the PC, Kaufman et al. (2002) explains that, the user can use Quantitative Risk Analysis of Computer to tackle the issue of risk capacity. This method permits the Risk managers to obtain a comprehensive and detailed account of software used on the network, analyse its risk through a backing of vulnerability database, and then control that risk through rank ordering actions which has to be taken so as to limit the risk. In this case potential risks are ranked to certain scales in terms of •Severity of threat •Likelihood of threat taking place •Effectiveness of proposed countermeasure” Security Plans With numerous security threats imminent from a large number of sources, a fresh attacks which are launched on the LAN, keeping up with these threats a challenge to many PC owners. But, first of all you have to formulate a plan which tackles education and technology. All PC/LAN owners should be educated on how to use them safely and avoid compromising security. No unauthorized user such a friend should be allowed to use a computer. Secondly, formulate an all-inclusive technology security plan to tackle all issues of security. Converse with a dependable IT security adviser, and formulate a record of security apparatus and measures in place to find out vulnerable areas. Then, formulate a security plan for entire, end-to-end network security protection. Ensure that they are steps put in place to have a regular update of the security measures. Table below gives a summary of important security sections in a security plan Table 1: shows security plan sections Security plan sections Description Security risk State the various kinds of security threats which affects the organization Security strategies Outline the common security plans required to tackle the risks Public main polices Involves the plans of the network security officer for arranging certification authorities to provide both internal and external security measures Security group descriptions Entails descriptions of each security group and its relationship to another. Group policy Entails how security for each group is configured, for instance network password security polices Network logon together with authentication plans Involves authentication measures or logging on and the use of remote access as well as smart card when logging on the network Information security measures Involves the manner of implementing information security measures for example secure e-mails. Administrative policies Entails security policies for entrustment of administrative duties and network monitoring to any other personnel. Defensive measures Security policies To defend computing resources against inappropriate use, one must first specify what is meant by “inappropriate” good security policies not only what people avoid doing because it is dangerous but also what people should do to be safe. A good policy also explains company decisions not to offer certain services or features because the security risks more than outweigh the benefits. Because a security policy cannot anticipate everything users might want to do or any situations that might arise, it is a living document. It must be accessible to the people who are expected to comply with it and not be written in overly technical language. And it must be reasonable from the standpoint of a user; a policy people perceive as unreasonable usually is ignored or subverted. The formulation of security policy is a critical step towards the standardization of security activities. Generally, the security policy is formulated using input from a various users. Antivirus and Antispyware Antivirus software is an absolute necessity in the internet security systems to protect the computer systems against the viruses that circulate the internet daily. The antivirus software should be automatically updateable to remain in pace with the viruses that emerge on a regular basis. Anti-spyware software is a feature that should be part of the internet security which should also be active and also update automatically. Having these two kinds of software installed in a computer but do not update automatically is just like having no protection at all. Firewalls A firewall is a collection of hardware and software designed to prevent unauthorized access to a company’s internal computer resources. Computer users outside a company’s physical premises often have a legitimate need to access the company’s computers. A primary function of a firewall, then, is to facilitate legitimate interaction between computers inside and outside the company while preventing illegitimate interactions. Firewalls work by filtering packets coming from outside the company before the along to computers inside the LAN facilities. They discard packets that do not comply with security policies, exhibit attack patterns, or appear harmful for other reasons. They enforce aspects of a security policy by not allowing certain kinds of a communication to traverse the internal networks. They have a limited ability to filter out viruses as they enter company networks. Firewalls also conceal internal network configuration from external prying and thus serve as a sort of electronic camouflage that makes breaking in harder. Authentication Authentication describes the variety of techniques and software used to control who accesses elements of computing infrastructure. Authentication can occur at many points. Host authentication and network authentication are used in combination. When used with sophisticated and well-managed directory technologies, which keep track of identities and access rights, access can be very granular, allowing many layers of access control throughout the infrastructure. Strong authentication implies that passwords expire regularly and that forms of passwords are restricted to make them harder to guess. For example, one may require that password be changed weekly and be composed of a combination of at least eight alpha and numeric characters. What minimally constitutes strong authentication is a matter of debate, but simple user name and password authentication does not meet the test. Strong authentication requires user name/password plus one other factor, such as certification or biometric verification of identity. Encryption Encryption renders the contents of electronic transmissions unreadable by anyone who might intercept them. Modern encryption technologies provide a high degree of protection against the vast majority of potential attackers. Legitimate recipients can decrypt transmission contents by using a piece of data called a “key”. The recipient typically possesses the key for decryption as a result of a previous interaction. Like passwords, keys must be kept secret and protected from social engineering, physical theft, insecure transmission, and a variety of other techniques hostile forces use to obtain them. Encryption does little good if the key that decrypts is available to attackers. Nevertheless, modern encryption techniques provide excellent concealment of the contents of messages if the key is secret regardless of that else hackers might know about the encryption algorithm itself. By setting up encryption at both ends of a connection across public networks, a company can in effect extend its secure private network. Encryption does not conceal everything about a network transmission. Hackers still can gain useful information from the pattern of transmission, the lengths of messages, or their origin or destination addresses. Encryption does not prevent attackers from intercepting and changing the data in a transmission. The attackers may not know what they are changing, but subtle changes can still wreak havoc, especially if the intended recipient is a computer that expects data to arrive in particular format. Patching and change management A surprising number of attacks exploit weaknesses in systems for which “patches” (fixes) already exist at the time of the attack. Successful attacks of this kind sometimes represent administrative failures, but there are also a large number of contributing factors, such as shortage of IT staff to apply fixes to existing systems, or legitimate concerns about the unintended negative consequences of a system patch. Keeping track of the variety of systems in a company’s infrastructure, their security weaknesses, the available patches, and whether patches have been applied is nontrivial. Consequently, attacks against known and presumably patched weaknesses often are successful. Knowing exactly what software is running and whether it is patched is important for another reason: after an attack, this knowledge is essential to discerning whether attackers have changed anything within a company’s infrastructure. Detecting a change in a file size or finding a file that should not be there would be an obvious sign of intruder activity. Best practice calls for keeping detailed records of all files that are supposed to be on production computers, including file sizes or even file “fingerprints”. Sadly, many companies fall short of this practice, sometimes for what seem like good business reasons. For example, managers hurrying to fix a customer-impacting problem may be tempted to shortcut formal change management procedures. The result is a gap in formal knowledge about what files and programs ought to be present on company systems. Intrusion detection and network monitoring These together help network administrators recognize when their infrastructure is or has been under attack. Network monitoring automatically filters out external attack traffic at the boundary of company networks. Sophisticated intrusion detection systems intrude combinations of hardware probes and software diagnostic systems. They log activity throughout company networks and highlight patterns of suspicious activity for further investigation. Along with formal change management, which provides a baseline description of company system configurations, the information logged by intrusion detection systems can help companies reconstruct exactly what an intruder did. Evaluation of potential risks The range of options available to managers in the middle of a crisis is largely determined by determined by decisions made before the crisis. Pre-crisis practices that make incidents more manageable include the following: Development of sound infrastructure design which enables revocability and tolerance for failures, the losses associated with attacks are likely to be contained. Execution - operating procedures such as diagnosing the problems more effective by maintaining a baseline of knowledge about infrastructure configurations. Data back-up procedures preserve data in case the data are lost. Scheduled infrastructure health audits uncover lurking problems or vulnerabilities. Careful documentation- If procedures and configurations are carefully documented, crisis managers need not guess about crucial details. Reliable documentation saves time and increases certainty in dealing with crisis. Established crisis management procedures- Procedures for managing incidents guide the diagnosis of problems, avoid decision-making traps, and specify who should be involved in problem-solving activities. Managing in a crisis is difficult enough without having to make up every response as you go. Crisis management always involves creativity, but familiar and useful procedures serve as a base from which managers can innovate under fire effectively. Rehearsing incident response- Rehearsing responses to incidents makes decision makers more confident and effective during real crises. Even if the way an incident unfolds is different from the way it was practiced, practice makes the situation more familiar and better prepares managers to improvise solutions. These preparations may seem basic, but a large number of companies do not make them. There is a tendency for other urgent business concerns, such as growing revenues, profits, product functionality, or the customer base, to take priority over hypothetical problems nobody wants to think about. In most companies, staff members who execute responses to incidents have no training in that area and are not necessarily trained in the nature of threats. Nevertheless, managers clearly bear responsibility when they do not foresee exposure to availability and security incidents. Evaluation of Physical Security Physical security is a very important aspect in network security; it is a basis of the entire network security plan. Though some other companies may overlook this basic security measure by over relaying on complicated features of software-founded security programs, physical security is essential in making sure that the computer networks as well as its components are well protected at physically. The following are some of the most important steps that need to be undertaken in physical security: Always ensure that the sever room is secured up- always make sure that the sever room is locked and severs are turned off. More so, have policies stipulating that the sever room should be locked when not occupied. Implement surveillance- though the sever room may be locked set up a surveillance to detect who access the room, keep a log book and let anyone going in or out sign. Ensure that all vulnerable equipments or devices are locked up- it’s possible for a hacker to plug his/her laptop into a hub and using sniffer software he/she can capture data which is moving across the computer network, thus its import that all network devices such as hubs are kept in a secure place or room. Disable all the computer drives- to guard against some employees making copies of vital company information, you can disable the drives such as flop drivers and USB ports or remove then completely. In addition to this also ensure the following: Put away all the backups Protect the network printers Guard the portables such as laptops Guard the workstations Keep off intruders from accessing the computers on the network (Clemm, 2006) Managing an Incident When faced with a real-time crisis, human decision makers have numerous psychological obstacles to surmount in addition to the usually very serious technical difficulties inherent in the crisis. Awareness of psychological traps help decision makers avoids them when situations turn dire. Another difficulty manager’s face a crisis is public relations inhibition. Sometimes managers are reluctant to admit the seriousness of a problem because they do not want to make actions that communicate to others that a serious incident has occurred. For example, the managers of an e-commerce company might not want to shut down their online retail site to confound a hacker until they have definitive proof of an intrusion. A shutdown would have to be explained to the press and might alarm customers. Obviously, the stakes of such a decision are very high. After an incident, infrastructure managers often need to rebuild parts of the infrastructure. Sometimes erasing and rebuilding everything from scratch is the only way to be sure the infrastructure is restored to its pre incident state. If configurations and procedures have been carefully documented in advance, recovery can happen swiftly. But if records of how systems should be put together are not exact, rebuilding can run into hiccups: problems that must be solved under the time pressure of getting the business back online. Rebuilding processes may have to be reinvented on the fly. Furthermore, if there have been change management lapses-for example, if changes made to systems have not been documented- a rebuild can rebuild can result in lost functionality. To avoid future incidents of the same type, one need to understand what happened. Figuring out exactly what caused an incident is sometimes difficult, but it must be done. There is no one best way to explain or disclose an incident to users. In formulating actions after an incident, however, it is essential to communicate the seriousness with which one protects the information entrusted to it. A possible intrusion need not to be a public relations disaster if subsequent steps to secure infrastructure are framed as taking no chances. Summary including recommendation Evaluating potential security risks is dependent upon the three foundational elements of education, information and action. There exist a multitude of methodologies and techniques for evaluating of a LAN/PC security. The encryption of sensitive information, the use of passwords and infrastructure protecting measures such as the installation of firewalls etc. are merely some of the methods that may be employed in order to protect networks from security threats. The report also developed a security program that could help organization to eliminate threats and strengthen their system. However, the company has to improve the security program periodically due to the rapid development of technology advancement and changes in business requirements or context/environment. Treatments that are used for these threats can be become obsolete and insufficient. After re-evaluate and re-prioritize the risks, company should change the security programme and implementation to make it suitable for new requirements. This will ensure that business operation is well protected from internal as well as external threats. It is important to have an organized and systematic approach toward potential security risks. One should create and implement procedural guidelines and policies that deal with the issues of risk mitigation, the setting up of alert vectors and the procedure to be adopted in case a security breach occurs. References Dittrich, D., 2006. Network monitoring/Intrusion Detection Systems (IDS); University of Washington. Branch, P., 2013. Formulating the security policy and introduction to firewalls, Swinburne University of Technology. Hill, D. G. (2009). Data Protection: Governance, Risk Management, and Compliance. Boca Raton, FL: CRC Press. Institute for Career Research, 2000. Computer Security Management. Chicago, IL: Institute for Career Research. Kaufman. C, Perlman. R. & Speciner, M., 2002. Network Security: Private communication in a public world. New York: Prentice-Hall. Luker, M. A. & Petersen, R. J., 2003. Computer and Network Security in Higher Education. San Francisco, CA: Jossey-Bass Inc Pub. Pfleeger, C. P., Pfleeger, S. L., & Shah, D. N., 2006. Security in Computing. Mumbai: Pearson Education, India. Read More