Security Options - Assignment Example

Security options The Computer Security concentration focuses on basic security matters that occur in the design, study, and execution of distributed systems.  This concentration offers in-detail coverage of the hypothesis and relevance of identity, authentication, access control, auditing, appraisal and avoidance of software vulnerabilities, and cryptography, in the perspective of modern enterprise-scale and web-based systems. Setting up a corporate security policy is one of the vital steps in establishing a strong and secured organizational context. Even though the guidelines that require to be taken may be strenuous, they are essential to the progress and security of the whole institution. There are various motives to establish written security policies. Every reason has a different credence based on the nature of the industry. The primary cause for most institutions to create written policies is to lessen the risk of responsibility because of a breach or loss of customer information. In certain cases, a data violation can cost huge amount and nearly wipe out a company. Yet another significant reason to establish policies is to organize the multifaceted tasks of information security. Appropriate data protection entails diverse technology that handles a large amount of information, which is handled by various people. Absence of written guidelines or policies it is almost impossible for a big organization to control perceptive information (processor.com, 2008).  Juvenile Corporate Security Policies Policies and service strategies for at-risk youth and juvenile delinquent increasingly were moving toward the coordination of multiple agency efforts. The Office of Juvenile Justice and Delinquency Prevention (OJJDP), and other federal departments for example the Substance Abuse and Mental Health Services Administration and the U.S. Department of Education, were encouraging information sharing among juvenile justice, teaching, and various youth-serving agencies to maintain a broad range of care and services. State legislatures were supporting data sharing policy to rationalize services and defend society. For instance, laws permitting information sharing amid juvenile justice organizations and school districts were approved in response to occurrences of dangerous aggression in schools and communities countrywide. Further, policymakers demanded that organizations to give correct information to determine program efficiency, costs, gaps, or idleness. Since the information technology was growing, so was the prospective for its relevance to information sharing that incorporated numerous youth-serving organizations outside of justice systems. However, authorities experienced other significant barriers to the sharing of multiple agency information regarding secrecy and privacy of information, indistinct lines of authority, and gaps in data addition, service disintegration, and mistrust amid diverse organizations. All the way through the OJJDP, Information to Prevent Juvenile Delinquency: A Training and Technical Assistance Project, Center for Network Development (CND) offered training and technical support to several organizations who established concern in enhancing their data sharing potentials. The extent and range of organizations that took part in the CND training and technical assistance activities demonstrates that, in spite of the challenges of juvenile information sharing, youth service organizations are dedicated to improving data sharing and are probing for ways to put into practice it among organizations. United States are functioning to advance data sharing amid important organizations responsible for community protection and the health and welfare of endangered youth and juvenile delinquents. These juvenile justice and further youth-serving organizations frequently have trouble getting suitable and reliable information required for carrying out evaluations and determining suitable management, sanctions, motivation, and services for youth. U.S. Department of Education (DOE) and the Substance Abuse and Mental Health Services Administration (SAMHSA), the Office of Juvenile Justice and Delinquency Prevention (OJJDP) recognized juvenile information sharing (JIS) policy as a necessary tool to help juvenile justice, education, health, and additional youth-serving agencies in their labors to advance services for vulnerable and delinquent youth and their families. JIS benefits jurisdictions by: permitting decision makers to electronically access and exchange vital information at key decision points and enabling more competent access to data and information from several locations, improving data quality, getting rid of superfluous data compilation and entry. Attaining efficient juvenile information sharing is needed an important shift in the data sharing practices of several agencies. JIS introduce new processes and procedures for information sharing and needs the expansion and relevance of novel understanding and skills. OJJDP awarded a supportive conformity in the year 2000, to the Center for Network Development (CND) to augment the capacity of jurisdictions to plan and employ juvenile information sharing to Prevent Juvenile Delinquency. An evaluation of JIS practices exposed that a range of policies were being used with varying degrees of achievement. Agencies characteristically were confronted in their labors: To build efficient teamwork of multiple organizations accountable for developing juvenile information sharing. Develop and agree on privacy practices to protect private information based on statutes and policies relating to juvenile information exchange. Employ suitable technology to make easy access to and secure information. Instructional training and follow-up support were offered to assist several organization teams across the country execute policies to overcome those challenges. Members in local JIS training workshops and additional youth-serving experts confirmed the need for help and further stressed the significance of a consistent strategy for JIS progress and accomplishment to bridge different information sharing practices and policies. In return, OJJDP approved the development of JIS guidelines as a decisive step toward attaining conformity on suitable information to share within jurisdictions and as system for efficient and well-organized information sharing (Mankey, et al., 2009). Organization’s Defense in Depth Measure Defense in Depth is realistic approach for accomplishing Information Assurance in the present day scenario. It is a most suitable approach in that it relies on the intelligent use of procedures and technologies that currently available today. The policy suggests a balance among the protection capacity and cost, performance, and operational deliberations. To efficiently oppose attacks against its information and information systems, an institution needs to differentiate its opponent, their possible inspirations, and their types of attack. Possible opponents may comprise: Nation States, Terrorists, Criminal Elements, Hackers, or Corporate Competitors. Their motivations may comprise: brainpower gathering, theft of academic property, denial of service, discomfiture, or mere arrogance in abusing an important target. Their programs of attack may comprise: passive monitoring of communications, active network attacks, close-in attacks, exploitation of insiders, and attacks through the industry suppliers of one’s Information Technology assets. Information guarantee is accomplished when information and information systems are safeguarded against such attacks through the use of security services such as: Availability, Integrity, Substantiation, privacy, and Non-Repudiation. The use of these services should be based on the Protect, Detect, and React pattern. In the sense, in addition to include protection mechanisms, organizations have to anticipate attacks and incorporate attack detection tools and procedures that permit them to respond to and recover from these attacks. An imperative code of the Defense in Depth strategy is that attaining Information Assurance needs a balanced focus on three crucial elements: People, Technology and Operations. Achieving Information Assurance commences with a superior level management obligation based on an apparent understanding of the alleged threat. This must be pursued with efficient Information Assurance strategies and actions. A wide range of technologies are accessible for providing Information Assurance services and for identifying intrusions. In order to assure that the right technologies are acquired and installed, an organization ought to set up useful policy and procedures. These should include: security policy, Information Assurance values, system level Information Assurance architectures and standards, standards for required Information Assurance products, acquisition of products certified by a sound third party, design guidance, and methods for evaluating the risk of the integrated systems. The Defense in Depth policy suggests a number of Information Assurance values. The Operations concentrates on all the activities necessary to maintain an organization’s security stance on a routine basis (nsa.gov/ia, 2000). Firewall Design and Configurations This system faces straight onto the Internet through a router which ought to provide an initial layer of security in the form of necessary network traffic filtering. It supplies data through to the perimeter set-up by means of a perimeter firewall. This system, frequently addressed as demilitarized network (DMZ) or Edge network, links incoming users to the Web servers or supplementary services. The Web servers then connect to the internal networks through an internal firewall. The internal networks connect the internal servers, such as SQL Server and the internal users. In an enterprise organization there will often be two different firewalls, the perimeter firewall and the internal firewall. Even though the responsibilities of these firewalls are alike, they as well have a diverse importance as the perimeter firewall centers on giving a restriction to un-trusted external users, while the internal firewall focuses on avert external users accessing the internal network and restricting what internal users can do. A firewall confirms incoming IP packets and obstructs those it identifies as invasive. A number of blocking can be done by making out by default that certain packets are illicit. On the other hand, one can organize the firewall to block certain packets. The TCP/IP protocol was planned years back lacking any concept of hacking or intrusion and comprise a lot of limitation. An internal firewall has more precise requirements than a perimeter firewall. This is since internal traffic is more complicated to control as its genuine destination may be any server in the internal network. Usually the more costly the firewall, the extra power and features it has. However before selecting a firewall it is necessary to determine the requirements (technet.microsoft.com, 2004). Intrusion Detection System An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. Misuse detection vs. anomaly detection studies the data it collects and evaluates it to large databases of attack signatures. Fundamentally, the IDS look for an exact attack that has previously been recorded. Network-based vs. host-based systems, the individual packets flowing through a network are examined. The NIDS can notice malicious packets those are intended to be unnoticed by a firewall’s simple sort out rules. Passive system vs. reactive system in a passive system, the IDS detects a possible safety breach, logs the data and signals an alert. In a reactive system, the IDS respond to the uncertain activity by logging off a user or by reprogramming the firewall to obstruct network traffic from the alleged malicious source. IDS differ from a firewall in that a firewall looks out for intrusions in order to stop them from occurrence. The firewall restricts the access between networks in order to stop intrusion and does not indicate an attack from inside the network. IDS evaluate a suspected intrusion once it has taken place and signal an alarm (webopedia.com, 2009). (17) Operating System Security Operating System Security depends on many features like, use of strong password, turning of file sharing when not in use, ensuring the firewall is on, using an updated anti virus software and so on. The security of the operating system running on different PCs and servers has a significant function in the security of the entire network. Not updating one system in the network may affect the security of the other systems in the network. At present there are highly sophisticated operating systems with lots of features, however it might be susceptible if they are not managed, configured and monitored correctly. At times modernizing the operating system with latest patches may cause interoperability concerns with other operating systems. Therefore correct care must be taken while updating the operating system. Database Security The database security can be provided in the form of authentication, authorization, and auditing. Authentication makes sure that only genuine users gain access to the system. Authorization makes certain that only those users have access to resources which they are allowed to access. Auditing make sure answerability when users’ access secured resources. Though these security systems well protect data in the database, they do not stop access to the operating system files where the data is stored. Transparent data encryption allows encryption of sensitive data in database columns as it is stored in the operating system files. Further, it offers for safe storage and management of encryption keys in a security module external to the database. External security modules generate encryption keys, carry out encryption and decryption, and securely store keys outside of the database (Oracle.com, 2005). References Mankey, J. et al., (2009). Guidelines for Juvenile Information Sharing. Report. Office of Juvenile Justice and Delinquency Prevention NCJ 215786. Retrieved on 04 September 2009 from: http://www.ncjrs.gov/pdffiles1/ojjdp/215786.pdf nsa.gov/ia, (2000). Defense in Depth, A practical strategy for achieving Information Assurance in today’s highly networked environments. Retrieved on 04 September 2009 from: http://www.nsa.gov/ia/_files/support/defenseindepth.pdf Oracle.com, (2005). Database Security, Oracle® Database Concepts. Retrieved on 04 September 2009 from: http://download.oracle.com/docs/cd/B19306_01/server.102/b14220/security.htm processor.com, (2008). Corporate Security Policy general Information Vol.30 Issue 13 Retrieved on 04 September 2009 from: http://www.processor.com/editorial/article.asp?article=articles%2Fp3013%2F22p13%2F22p13.asp&guid=&searchtype=&WordList=&bJumpTo=True technet.microsoft.com, (2004). Firewall Design Security TechCenter Retrieved on 04 September 2009 from: http://technet.microsoft.com/en-us/library/cc700828.aspx webopedia.com, (2009). Intrusion Detection System Retrieved on 04 September 2009 from: http://www.webopedia.com/TERM/I/intrusion_detection_system.html Read More