ISSC421Computer and Network Security
Security of network communications infrastructure continues to be a major challenge to network administrators as the security breaches ranging from perimeter to desktop continue to increase. This research paper is thus aimed at providing information that will be useful to business owners to understanding the various best practices that can be employed for overall network security.
Physical security entails all measures taken to ensure unauthorized physical access to tangible network infrastructure. The physical security of networking infrastructure is the first most essential step to securing a network. Some steps that can be taken to physically secure the network include ensuring that the rooms housing the networking equipment are always locked, mounting surveillance on the location to know who goes in and when, disabling the removable drives to prevent access to the files on a server or other such networking equipment (Schinder, 2007). These steps ensure that no unauthorized person comes close to the location where the equipments are housed.
According to Rao, Rama and Mani (2011) a firewall can be described as a network element which can be either software or hardware that controls the movement of network data packets across the boundaries of a network (Heary, n.d.) that has been set and secured based on a specific security policy. The security policy of a firewall is a list of rules that are used to filter data packets either by accepting or rejecting the data packets that are going to the secure part of a network.
External Storage Devices
External storage devices allow the ease of movement of information and data from one device or machine to another. Sensitive information can easily be breached with the use of external storage devices especially as it concerns backup data (Hess, 2013). In order to prevent this eventuality, external storage devices should be kept in physically secure locations.
Manage removable media
Removable media by virtue of their portability make the transfer of information from one device to another very easy. In the process of transferring information, malicious software or code could also be transferred which increases the security risk to a network (Rich, 2014). A company-wide policy that restricts the use of removable media will prevent the security vulnerabilities associated with the use of removable media.
The proliferation of smart phones and tablets has increased the use of such portable devices in the workplace. In order to reduce the risk that such devices pose to a network, design and implementation of a Bring-Your-Own-Device (BYOD) policy will suffice (Rich, 2014). A BYOD policy is a set of rules governing the level of support the IT department of an organization will give to the smart phones and tablets as well as the PCs of employees.
Passwords are authentication mechanisms used to ensure that the identity of every user of network resources is verified and only authentic and legitimate users are allowed access to the network. The most common form of passwords is the use of characters which are entered against a matching username to gain access to the network. Bad passwords consist of a combination of characters that can be easily guesses by humans (such as date of birth, first or last name etc.) or easily obtained using brute force attacks (dictionary words). Good passwords will consist of a mixture of alphanumeric and special characters which are difficult to guess and not susceptible to brute force attacks.
Network administrators take charge of all activities relating to the management of the network infrastructure and network resources of an organization. For an effective management function, the network administrator must have a detailed and holistic view of the network including the micro view of each component and macro view of the network as regards the interaction of the various components in the network. The administrator must know all the hosts on the network, the routing rules, all the services running on the network and access rules, among others. An in depth knowledge of each device component of the network to understand device configurations is also important.
Providing users with means to authenticate them to legitimately use network infrastructure will keep non-legitimate users out of the network. The provision of guest accounts, which are not tied to any particular user identity but used especially by non-members of the organization to provide legitimate temporary access to network infrastructure, ensures security of the network while providing access to guests. The guest accounts can be configured to provide only partial access to the network infrastructure.
A number of network users are not aware of the security risks that some of their activities pose to the network. For instance in a report of a study conducted on the use of wireless networks it was observed that a series of security attacks that exploited the vulnerabilities in the security of wireless networks is as a result of lack of awareness on the part of network administrators and the network users (AirTight Networks, 2012). The training of employees on network safety measures will reduce the overall susceptibility of the network to security breaches.
Why is it important?
Updates are the latest versions or additions to available software. The updates contain patches to bugs or vulnerabilities in the software. According to Al Daoud, Jebril and Zaqaibeh (2008) most virus attacks exploit the vulnerabilities of operating systems. Keeping a piece of software up to date thus reduces the risk associated with the use of the software.
Best time to install.
The best time to install an update is the moment it is made available. For some softwares updates are made available daily or multiple times in a day, while others could be weekly or monthly.
Using latest Operating System
The use of the latest operating system ensures the availability of the most recent features of an operating system to support business processes.
Updating software on hardware
The software on a piece of hardware referred to as firmware controls the operation of the hardware. Updates to such firmware often bring alongside optimal performance of the hardware asides patches to known bugs.
Combating Malware Attacks on Network
The software to use in combating malware attacks on networks is antivirus software which is an all-encompassing software designed to recognize and eliminate viruses that are known according to the virus definitions database it maintains.
How can you detect an infected computer?
One way to detect an infected computer is the replication of files by the virus while propagating the infection through the system. The best way however is in the use of antivirus software that checks the signature or behavior of the attack with that of known viruses in its virus definition database.
What is the best Internet browser?
There is no best internet browser as there are quite a number of good ones. One key thing to note however is to keep the browser updated.
Local Computer Data
Encryption entails conversion of plain text to hidden text or ciphertext with the purpose of concealing the content from unauthorized access. Two basic categories of encryption can be used on local computer data. These are substitution cipher or transposition cipher. Encryption is done using keys, digital signatures and certificates.
Network encryption ensures that any information that is transmitted over a network, even if intercepted, will be unreadable by a person it is not intended for and thereby makes the information unusable. The use of public key and private key cryptography can be applied for network encryption.
The security risks in computer communication networks are real and pose very serious threat to the operations of businesses if not well managed. However, a number of measures can be taken to holistically manage and secure network infrastructure. These measures include physically securing infrastructure and devices, enforcing policies on the use of media and drives, preventing unauthorized access to networks by using authentication, preventing malware by using antivirus software and encrypting information. Using the measures that apply to the peculiar network scenario will increase the security level of such a network.
AirTight Networks (2012). Wireless (In) Security Trends in the Enterprise: A Whitepaper by AirTight Networks Inc. PDF. Retrieved from www.airtightnetworks.com on 18th January, 2016.
Al Daoud, E., Jebril, I. H. and Zaqaibeh, B. (2008). Computer Virus Strategies and Detection Methods. International Journal of Open problems in Computer Science and Mathematics, 1(2) Pp 122 - 129.
Cohen, G. (2014, January 30). Best practices for network security management | Network World. Accessed on 21 January 2016 from http://www.networkworld.com/article/2173927/tech-primers/best-practices-for-network-security-management.html
Heary, J. (n.d.). 5 Best Practices for Enterprise Security. PCWorld (Network World). Accessed on 20 January 2016 from http://www.pcworld.com/article/194061/5_best_practices_for_enterprise_security.html
Hess, K. (2013). 10 security best practice guidelines for businesses. ZDNet (Consumerization BOYD). Accessed on 20 January 2016 from http://www.zdnet.com/article/10-security-best-practice-guidelines-for-businesses/
Murphy, R. (2014). 17 Data Security Best Practices For Business. Black Stratus (Security). Accessed on 20 January 2016 from http://www.blackstratus.com/blog/practices-maintaining-data-security-business-environment/
Rao, C.S, Rama, B.R., and Mani, K.N. (2011). Firewall Policy Management Through Sliding Window Filtering Method Using Data Mining Techniques. International Journal of Computer Science & Engineering Survey (IJCSES), 2(2), 39 - 55.
Schinder, D. (2007). 10 Physical Security Measures Every Organization Should Take. PDF. Retrieved from http://www.techrepublic.com/downloads/abstract.aspx?docid=304656
Vlachos/ObserveIT, D. (2015). 10 Best Practices for Cyber Security in 2015 | ObserveIT. Accessed on 21 January 2016 from http://www.observeit.com/blog/10-best-practices-cyber-security-2015
Walia, K. and Panda, S.N. (2012). Firewall: Tool of Network Security. International Journal of Computing and Business Research (IJCBR), 3(3), ISSN (Online): 2229-6166.