StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Network Security - Assignment Example

Cite this document
Summary
This paper talks about network which describes an interconnection between two or more computers that share the available resources such as data, information, storage devices through a shared medium. Security on them other hand refers to the measures…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.9% of users find it useful
Network Security Assignment
Read Text Preview

Extract of sample "Network Security"

Running head: NETWORK SECURITY Network Security Insert Insert Insert 11 April Network Security Introduction Network describes an interconnection between two or more computers that share the available resources such as data, information, storage devices through a shared medium. Security on them other hand refers to the measures that are adopted to prevent the unauthorized use and reduce the various risks and threats that affect computers, network, and other external resources within any organization. All the measures that are taken ensure that information security is guaranteed because the information is a very valuable resource within the organization. Information security entails the adoption of specific measures that are supposed to prevent the unauthorized access, manipulation, use or the denial of access to any data, information, or capabilities that will ensure confidentiality (Douligeris and Serpanos, 2007). All these measures should be implemented to ensure the security of all the resources within the organization. Organizations nowadays have greatly relied on the various network technologies that ensure efficient data communications between different departments, at the same time ensuring that communication channels are secure. The expansion of an organization results into more resources being acquired in terms of new computers, printers, telephones, communication channels, hardwares and software’s and also the adoption of sophisticated network architectures. This results into an increased concern for information security within the organization to ensure that only the authorized personnel access the resources. Question 1. The question describes the main security issues, the principles of public key encryption, and the role of certification authority as follows: Security issues facing the expansion of the organization Expansion of the organization will result into a rise in the demand of various resources. More hardware and software will be acquired, more people will be employed, and the network architecture to be used and various protocols will change to meet the organizational needs. Various security issues will arise; in physical security, all the tangible assets within the organization such as computers (both personal and laptops), network printers, telephones, storage media, people, network cables, and servers will face a security threat. Indeed, each of the organizations assets faces a security threat from within (internal) and from outside the organization (external). Security issues that will arise from within the organization (internal attacks) include access attacks such as eavesdropping (listening to a conversation that one is not part of) by fellow employees or through wireless networks, and snooping (looking through information files). Others include interception of transit information, unauthorized access to computers by employees, computer attacks by viruses, worms, Trojans, internal hackers and theft of hardware from within the organization (Maiwald, 2003). External attacks include hackers and cyber terrorists, and malware. The organization needs to address the measures that will be used to ensure security of both information, physical hardware, internal and external attacks are checked. Internal threats from employees are both intentional and accidental, where an employee can eavesdrop on another employee, hence gaining access to some information during conversation. In addition, employees can forge passwords of their colleagues and hence gain access to their computers, use, modify, and transfer information to other unauthorized members outside the organization. Moreover, employees may bring external or foreign insecure hardware into the organization, resulting into virus infection and transmission. Lastly, employees could steal portable small size hardwares from the organization. Information and communication within the organization will be affected in one way or another. There might be lots of network traffic caused by attacks on the network, utilization of bandwidth by other clandestine programmes across the network, the security of both information and communication channels will face a threat. Public key encryption principles Encryption is one of the information security techniques that refers to the transforming of information (plaintext) using a defined algorithm so that the information becomes unreadable except to the parties involved who have the algorithm (hiding of information) to protect the information during transit. Public key encryption is a form of asymmetric key algorithm using two keys to hide information, a public key that is known to the entire public and a private or secret key known to the recipient of the message. The plain text to be sent form one point to the other is encrypted using the public key. For example, if the employer, say X, wishes to send a message to recipient Y, the message is encrypted using the public key of Y (recipient). After the message is encrypted (ciphered), it becomes a cipher text and is sent to Y. Both the sender and the receiver publish their public keys, but their private keys are kept secret. After the cipher text is received by Y, the secret key of Y is used to decipher the cipher text, after which the information sent is read by Y. If the message is sent back to X, the message is encrypted using the public key of X, and to read the message, the private key of X is used to decipher the ciphered text from Y. Public key encryption ensures the integrity of information in the sense that only the person with the appropriate private key is able to access the information. If the sent information is intercepted and accessed by unauthorized persons, the sender will know because of the public key of the receiver that will be used to encrypt the information. The private key creates a digital signature of the message, which can be verified using the public key, and this ensures the integrity and authenticity of the message. In this case, the algorithm performed on both keys ensures that the sender of the message is genuine and the intended receiver and hence no person can access and change the information because it contains a digital signature (Joshi, 2008). Certification authority refers to an entity that issues and revokes digital certificates to owners of public keys. Such entities verify and issue public key certificates that describe the genuine ownership of the public keys to the signers. The certification authority ensures that the certificates certify the ownership of public keys by named subjects; this ensures trust between both the owner of the keys and the parties that rely upon the signatures of the private keys corresponding to the public keys. Question 2. Describes risk management, determination of risk, and evaluation steps in system characterization, likelihood determination, and impact analysis, as follows; The purpose of risk management Risk management refers to the process of identification, assessment, and prioritization of various risks that may occur in the organization. Identification-this is usually the first step in the process of risk management. All possible risks that will affect the entire organization because of its expansion are identified with the probability of their occurrences. Such risks would include attacks by viruses, server breakdowns due to overloads, decrease of network speeds, increase in price of bandwidth, power outages, and theft of hardware and software. Those risks that generally affect the entire activities within the organization should be treated with utmost priority to ensure that the organization does not face a long-term effect because of such risks occurring. All the risks that are likely to occur are analyzed in terms of the effects to the organization. Assessing the likelihood and significance of various risks ensures that the potential major risks are dealt with before they cause more havoc to the organization. Planning ensures estimation of the effectiveness of the risks, financial expectations of each of the risks and mitigation strategies. Each type of risks identified within the organization is planned for in case of the expansion of the organization. For example, risk such as network speeds decreasing will affect the entire performance of the organization; hence, it will be identified as having a high likelihood and significance, as well as a high cost to correct. In addition, increase in bandwidth costs poses a great risk to the organization hence both these risks will have priority during the planning for them. Monitoring involves the process of reviewing, tracking, evaluating and reporting on the status of the risk. The identified risk such as theft of hardware from the organization is reviewed, that is, the occurrence of theft is tracked down and reported to management. Measures are put in place just in case the risk happens (Moeller, 2007). System characterization This involves identification of boundaries of the IT system along with the resources and information that describe the system and the scope of the risk assessment. The steps include collection of system related information, which entails gathering of system related information such as hardware, software, system interfaces, data, and information and persons involved with the support and use of the systems. This is in addition to collection of data related to the operational environment of the system such as security policies (organizational and federal policies and requirements), users of the system (application and technical). All this information is gathered using questionnaires, interviews, and document reviews. Likelihood determination This involves the identification of sources of threats and their vulnerabilities. This refers to a description of the probability of a given vulnerability threat to occur, and is described as high, medium, or low in terms of the threat source. For high likelihood, the source of the threat is highly motivated and the controls are ineffective. Medium implies that the controls are in place to slightly check on the vulnerabilities. Impact analysis This refers to the determination of the adverse impact resulting from a threat exercise of vulnerability. It involves obtaining information related to the overall mission of the system, system importance to the organization and the systems’ and data sensitivity. It also determines the magnitude of the impact analysis in terms of high, medium, and low magnitudes that imply high costly loss of assets or resources, lives and the organizations mission and reputation. Impact analysis uses both qualitative and quantitative (provides a measurement of the magnitude of the impact which can be used in the cost-benefit analysis) analysis. Determination of risk levels using the risk level matrix This is method used in the risk management process to determine the severity of risk of an event occurring. Three levels of risk occur, that is, high, medium, and low levels. The matrix is used in determination of the three levels of risks as follows; the risk is taken as the total of all the hazards, H that contribute to it, the outcome or consequence of each risk defined with “c”, and the probability “p” of any risk occurring. The risk of any hazard can be calculated as follows; Hazard=pH*cH and the total risk of any event is the sum total of the number of potential hazards that would result in the event (Stoneburner, Goguen, & Feringa, 2002). Question 3. Describes computer misuse Act, policies acceptable, and steps for prosecution as follows; Principles of computer misuse Act The computer misuse Act was created in order to prevent unauthorized access to computer systems and the subsequent use of the computer system in commissioning criminal offences (using e-mail messages for blackmail). Such access includes hacking. The U.K Act introduced the three criminal offences; unauthorized access to computer system, materials and modification of computer materials (distribution of computer viruses, deletion of files and altering accounts-fraud) with the intent to facilitate criminal offences. The principles therein state, “If some conduct is criminal, then the technology that is used to perform the conduct is also criminal and is subject to punishment by law” (Perera, 2008). The Act describes access by means of altering or using a program or data, causing output from the computer terminal (Perera, 2008). Various principles from the Computer Act restrict members within the company to unauthorized access to both the computer systems and the information. Such principles have a positive impact on business operations and all the IT systems within the company by ensuring that there is maximum information and computer security. Indeed, those members of the company who have unauthorized access to both information and computer are liable to prosecution from the law as stipulated. IT security policies are important because they restrict access to both the information and the systems that the company owns. The policies ensure that only the authorized employees and employers have rightful access to what they have been assigned to handle. Such security policies reduce various risks and threats that face information and systems .They ensure information security in terms of integrity, authentication, availability, and nontrepidation. Security policies provide roadmap to the IT staff that is planning network security implementations and identifies acceptable use of organizational resources; more so, it acts as a security contract with employees (Harrington, 2005). Acceptable use policy for the organization All employees of the organization should adhere to the following policies of the company. Each person should present a valid working identification card before being allowed to enter the office premises, no member will be allowed to access any property whatsoever without proper identification. In addition, all the configurations and upgrades of the computer systems shall be performed by the systems administrator, no person shall be allowed to perform such services, contrary to which one shall be liable to face the company law. Each employee is assigned one computer, telephone, and printer, which should be strictly taken care of in whatever circumstances. Additionally, misuse of the hardware shall call for stern measures to be taken by the company administration. Further, any member found eavesdropping, snooping and any other acts of malice with the company’s resources shall be liable to prosecution as per the company’s policies. The company’s intranet shall not be used to send e-mails to the corporate sector, and anyone found breaching this condition should be held liable for disciplinary action. All queries involving the company’s resources shall be addressed to the administration. Lastly, all the employees must follow all the rules and regulations as stipulated by the company to ensure smooth running of the company Steps for prosecution to be followed within the organization By liaising with various system administrators within the company, and the company employees, any information concerning the misuse of the company’s resources is availed to the administration. Complaints made should be considered at least two times and warning given to perpetrators. This will ensure a collection of concrete evidence that will help in the prosecution of any member, should the need arise. Reference List Douligeris C, & Serpanos, N, D., 2007. Network security: current status and future directions. Ontario: John Wiley & sons. (Online). Available from:  http://books.google.com/books?id=tsFVcHbpEwYC&printsec=frontcover&dq=Network+Security&cd=8#v=onepage&q&f=true.(Accessed 10 May 2011). Harrington L, J., 2005. Network security: a practical approach. San Francisco: Academic Press. (Online).Available from: http://books.google.com/books?id=c4WJUzoi2EwC&dq=Network+Security&source=gbs_navlinks_s.(Accessed (10 May 2011). James, B. D, J., 2008. Network security: know it all. Burlington: Morgan Kaufmann. (Online). Available from: http://books.google.com/books?id=6tX8Spgkq7kC&dq=Network+Security&source=gbs_navlinks_s.(Accessed 10 May 2011). Maiwald, E., 2003. Network security: a beginners guide. California: McGraw-Hill Professional. (Online). Available from: http://books.google.com/books?id=dqZ6gcHxF7cC&printsec=frontcover&dq=Network+Security&cd=5#v=onepage&q&f=true(Accessed 10 May 2011). Moeller R, R., 2007. COSO enterprise risk management: understanding the new integrated ERM framework. New Jersey: John Wiley and Sons. (Online). Available from: http://books.google.com/books?id=gXqjof7I9t4C&dq=risk+managenent&source=gbs_navlinks_s.(Accessed 10 May 2011). Perera, D., 1990.The computer misuse Act (UK). http://www.daminda.com/downloads/ComputerMisuseAct.pdf (Accessed 10 May 2011). Stoneburner, G., Goguen, A., & Feringa, A., 2002. Risk Management Guide for Information Technology Systems. NIST. (Online).Available from: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf(Accessed 10 May 2011). Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Network Security Assignment Example | Topics and Well Written Essays - 2250 words - 1”, n.d.)
Network Security Assignment Example | Topics and Well Written Essays - 2250 words - 1. Retrieved from https://studentshare.org/technology/1577184-network-security-assignment
(Network Security Assignment Example | Topics and Well Written Essays - 2250 Words - 1)
Network Security Assignment Example | Topics and Well Written Essays - 2250 Words - 1. https://studentshare.org/technology/1577184-network-security-assignment.
“Network Security Assignment Example | Topics and Well Written Essays - 2250 Words - 1”, n.d. https://studentshare.org/technology/1577184-network-security-assignment.
  • Cited: 0 times

CHECK THESE SAMPLES OF Network Security Assignment

Storage Area Network of Carlson Companies

However, the current implementation of SAN requires a mode of operation or computation where the sourcing of information is from a central point, but accessing such information must be with a high degree of security.... This research is being carried out to evaluate and present the storage area network of Carlson Companies and cloud computing.... Cloud computing allows server Virtualization that does not require physical servers that reducing the interference of worker at some point of network maintenance or advancement....
6 Pages (1500 words) Assignment

The Use of Network Applications

Name: Instructor: Task: Date: Assignment: The security Properties Of Network Applications 1.... hellip; Due to the fact that these applications are now being majorly used, it is without doubt that the security of the data and information that is passed on in these channels should be adequately protected thereby ensuring the three essentials of data security.... Not only will this report cover the network applications security, but it will also look into the network applications architecture and how this architecture can be best implemented so as to ensure data confidentiality, data integrity and data availability....
6 Pages (1500 words) Assignment

Network Routing

Requirement for this implementation was of an open standard routing protocol with fast convergence and support routing update security.... network Routing network Routing INTRODUCTION The outcome of this report will explain the design and implementation of given network scenario.... LINK-STATE Link-state is a mechanism that follows the condition and connection type of every connected link and develops a metric calculation that is based on some factors that also included the factors that were set by the network engineers....
11 Pages (2750 words) Assignment

Vmware assignment (virtual servers)

This is because NAS has more efficient security measures like login shares; it can be accessed by multiple operating systems.... This is because NAS has more efficient security measures like login shares; it can be accessed by multiple operating systems.... uestion 25: The best disaster recovery for VMware is by making use of back-up process on the servers and replication of virtual machines in the network.... This can be best deployed using storage where NAS is deployed for VMs and Servers in the network (Muller 123)....
2 Pages (500 words) Assignment

Network and Telecommunications Concepts

This assignment "network and Telecommunications Concepts" discusses a set of communication protocols used for the internet and other networks is the Internet Protocol Suite.... For connection of end systems to the network, combinations of versions of Ethernet.... All the devices are connected to a common cable on the network in the bus topology.... Performance problems may arise if only a few dozen computers are added to the network....
5 Pages (1250 words) Assignment

Network Assessment Issues

nbsp; IN order to arrange hosts in groups that make sense, subnetting not only aids in network performance but is also an important contingency factor in Network Security as well—which is also crucial.... This paper ''network Assignment'' tells about the task is to assign IP addresses to the devices in the network.... nbsp; The subnet lets the flow of traffic in a network, which is between the hosts to be differentiated, which is founded upon the configuration of the network itself....
7 Pages (1750 words) Assignment

Growth of Electronic Connectivity

network Requirements The company's large computing requirements require very sophisticated networking equipments.... Item DescriptionQuantity Required 1Siemon cat 6e networking cable 500 meters 2RJ 45 Clips 100 pieces 3Wireless print servers 5 units 448 port networking switches 8 units 5Wireless internet router3 units 6Wireless internet radio 2 units 7Servers 4 units 8Client workstations (personal computers)35 units 9Wireless Access point 5 units10 Firewall 3 units Equipments used Siemon cat 6 e network cabling media Here we are proposing to use Siemon Z-MAX 6A UTP cabling technology....
15 Pages (3750 words) Assignment

Definition Data Communications

This assignment "Definition Data Communications" presents the transport layer that has two protocols; the TCP and UDP.... The exchange of data between the devices in the communication channel may happen in two different ways depending on the features of these two different protocols.... hellip; These are the differences between the TCP and the UDP....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us