The Security Technology Evaluation - Essay Example

PROJECT 3: CASE STUDY 1 (CON'T) TECHNOLOGY EVALUATION

The security technology analyzed in this project is the Unsuccessful Logon Attempts which entails the locking out of accounts due to unsuccessful login attempts. This could happen after a user tries to login to an account for a number of specified times without any success. This technology is typically core for security administrators who have the responsibility of protecting organizational data (TechTarget, 2014). The same could be applied in when protecting illegal access to SQL Server databases.

Essentially, extra protection to password- protected websites or databases is important. Other than creation of a restriction technology/program, visitors IP address could be used to store the log attempts to an organization’s database in which it would be possible to block access to login failure for a predetermined length of time after a given number of unsuccessful attempts. Restricting access using the security restriction program is done to enhance information security. User often tries to get login information such as user name and password to gain unauthorized access to a restricted system or website. An organization could restrict extra number of users by only allowing a certain number of users in order to avoid extra load on server.

To create the technology program, one needs to create a new table within the existing database. This table should strictly store information regarding any login attempts from a given organization’s computer. An SQL script could be used to create the table especially in MySQL Server for the organization. In most case, SQL is used as a query that is performed using a declarative SELECT statement. The SELECT element is used to retrieve data from the table created to store login information of users. SELLECT statements that are standardized do not have any persistent effects the organizations database. SQL is mainly designed to query the data contained within a rational database. It is usually a set-based and declarative query language.

A programming process would be applied in this case. After the program is created successfully, the system will start checking any unauthorized logins attempts. When attempts limit is not reached, the system will check if the data entered is correct. Once the data is verified, all information about any previous login attempts are deleted (WebCheatSheet, 2014). Most information systems give room for only three unsuccessful attempts. For this program, the next authorization user would have only three login attempts, after which the system restricts access for 30 minutes (WebCheatSheet, 2014). The same user can retry for other three attempts before access is denied for another 30 minutes when the system records three unsuccessful attempts.

Verifying account lock out configuration is very critical. For the verification process, the security properties for the system are reviewed. This is best done within the local security settings. Windows server operating systems could be used by default, including Window 2000 Server, Windows 2003 Server, and Windows NT 4.0 among others. As mentioned above, three attempts before being locked out are set by default, but this can be adjusted according to the organizations requirements and security vulnerability.

The organization can address its information security needs by configuring SQL Server in such a way that all failed login attempts are recorded within the SQL Server Error Log. Achieving this requirement can be done following the right procedure of activating and frequently reviewing the audit level of the database security. The program would thus give the security management to review the number of failed login attempts to it information system/ server by users, in which it would be easy to learn about any brute force and other password attacks on the system/server. The auditing process on account logon failure events as well as account lockouts could be enabled by default. Similarly, the auditing of logon failures and the account lockouts can be disabled using the right policy procedure. The failure audits usually generate audit entries when logon attempts fail. This implies that whenever an invalid logon attempt happens, a message has to be generated within the event log. The administrator can then view the generated message in the reports of performance after he or she configures monitoring for the information system/server.

The security administrator can monitor the server performance and create reports for the information system. This can be done using tools like the Monitoring and Reporting snap-in in Server Management tool (Microsoft Corporation, 2014). This tool provides information regarding server performance as well as usage. It also provides access to various tools for configuring monitoring options (Microsoft Corporation, 2014). The Monitoring Configuration Wizard is another tool used for enabling, modifying, or even repairing both the monitoring feature and the reporting feature of the server. The wizard is run after installing the server to establish the first monitoring configuration. The administrator would be required to run the wizard once again in case changes have to be made.

Another important tool involves the server performance and usage reports, which contain detailed information regarding the usage of the system server and its condition. Reports about performance contain status information regarding services, security threat alerts, and performance counters. The report also contains internet account details and usage, as well as the prevailing remote connectivity. The program ensures that such reports are generated automatically on the basis of the selections made after running the Monitoring Configuration Wizard.

Generally, this security technology program is based on stored procedures and it has both advantages and drawbacks in information security and management. One of the major advantages is the aspect of maintainability. In this case, it is easy to maintain because the used scripts are kept in one location whereby tracking information security and updating the system becomes easy. The technology program can be tested regardless of the application. Besides, business rules and regulations are completely isolated from the technology implying that there is hardly any confusion of having the existing business rules affect the security monitoring program. Since the program is based on stored procedures, speed optimization is achieved. SQL has the ability to perform set-based processing quickly and efficiently on large data. This means that the system can monitor unauthorized attempts initiated by a large number of users concurrently and ensure effectiveness. It ensures security through limiting direct access to data and information via defined roles within the database system. Security is also achieved through the provision of interfaces to the underlying data and information structures such that all implementations and the data/information are shielded (Hambrick, 2013).

The common disadvantages of using the technology include limited coding functionality whereby robust application code is not applicable. Portability is not ensured because the security system is established only to protect data and information within the organization only. Upgrading to better versions may also be difficult, which implies that the technology may become less effective with time and more sophisticated security attack techniques are discovered. Besides, in case of errors, reports are hardly generated until runtime (Hambrick, 2013).

Regarding the installation budget, the cost depends on the organization’s structure as well as concerns for development. This implies that the cost of the technology program would include both the installation cost and cost of maintenance. The information security program would definitely require a dedicated professional. Due to security risks, given that the developer may not be fully trusted by the organization, a separate DBA may be required to ensure that the developer does not access the information database at any given time (Hambrick, 2013). An extra cost will be incurred in this case. In any case, the key goal should be to develop an effective way of restricting unauthorized users or preventing users from overloading the information server.