Data security is very important in safeguarding private, personal or business information. Personal data like credit card information should be well protected from access by unauthorized individuals or hackers. Any company that deals with credit card transactions via computer network should therefore employ reliable security measures if they are to maintain trust by their customers. This paper gives an overview of network security fundamentals, threats and issues with a detailed network security recommendations. It is followed by summary with reference to one medium-sized start-up company that processes credit card transactions on a daily basis (Tipton & Krause, 2012; Gajrani et al., 2013).
- Overview of network security fundamentals, security threats, and issues
The entire network security implementation will depend on the size of the company or organization and hence the number of computers to be linked. In the case just a dozen of computers with inclusion of Wi-Fi devices are to be connected, then a simple business wireless router is considered. These routers can offer sufficient Wi-Fi coverage and to provide Ethernet ports for wiring computers into the network. Also, it can be used for addition of extra components like printers, wireless access points and others(Tipton & Krause, 2012; Gajrani et al., 2013).
If more than a dozen computers are to be connected like the case of this medium sized company, then security devices such as VPN router/firewall and unified threat management gateway or firewall will be needed. All these devices are stepped up from the basic wireless router. A virtual private network (VPN), server and at times other enhanced feature like VLAN support and multiple SSIDs are all integrated with these routers. Unified threat management (UTM) routers are normally for Ethernet only with limited number of ports and hence need separate access points for network links. Apart from offering functions of router and internet gateway with VPN server and firewall, these devices also have some additional functions. These functions include protection against threats of malware and viruses, anti-spam, content filtering and issues of intrusion detection and prevention. Also,act as a form of unauthorized access to sensitive information(Tipton & Krause, 2012; Gajrani et al., 2013).
3.0 Detailed network security recommendations
3.1 Fundamentals of firewalls and VPNs
Since this middle sized company requires remote access to the network services, this can be implemented by employing a router, gateway or firewall having VPN server that supports remote connections. In this way, users will be capable of accessing the network away from their offices. In addition, two or more offices can easily be linked together in a site to site configuration (Tipton & Krause, 2012; Gajrani et al., 2013).
There are a number of VPN types that can be used. First is the Point-to-Point Tunneling Protocol (PPTP) with built in VPN. However, PPTP has a low level of security with other issues arising from users remotely connecting from networks that do not permit VPN services. Second is Layer 2Tunneling protocol (L2TP/IPSec which has better security as compared to PPTP. L2TP is also supported by many operating systems and popular mobile devices. Nevertheless, L2TP is hard to configure and can lead to connectivity issues from remote network connections that don’t permit VPN services. Third is the Secure Sockets layer (SSL) protocol which permits remote access by users who connect through web browser there by removing the VPN service issue. Next is the OpenVPN that is not supported by most built in clients on computers or mobile devices. Due to this, the third party VPN client software has to be installed on the computers or devices to support connections for remote users. However, OpenVPN provides high security and extra reliable connections from other networks that do not permit VPN pass-through (Tipton & Krause, 2012; Gajrani et al., 2013).
3.2 Recommendations for firewall and VPN solutions for a new company
First of all, this is a medium sized company where security is crucial to credit card transactions. Due to this size of the company, I recommend VPN/firewall which can support more than a dozen computers. These routers configured as firewalls also has integrated VPN server with virtual local area network support together with many SSIDs in case of wireless connections (Tipton & Krause, 2012; Gajrani et al., 2013).
As far as the discussion in 3.2 above is concerned, I also recommend the company to employ the use of Secure Sockets Layer (SSL) protocol since it eliminates the VPN pass-through problems. In addition, this protocol of VPN does not need full client software .With SSL, it is also possible to install a small plug-in through the browser in order to smooth the progress of tunneling of email traffic along with web browsing for users. A number of SSL VPN also approaches provide web portal whereby users can get the right of entry to applications in addition to emails without any VPN client. This setup will also be suitable when the connection from home is needed. Also, if it is on different non-corporate computer instead of a work laptop (Tipton & Krause, 2012; Gajrani et al., 2013).
3.3 Recommendations for implementing my proposed solutions
I would like to recommend the following for the implementation of the proposed solution. First is that the credit card information for every client should be encrypted for safety across the network in order to compliment on the security offered by the provision of Firewalls and VPN routers as mentioned above. Next is that both the company management team together with the anticipated company users of the expected system should participate fully during the implementation part of it. This participation is important in ensuring that everyone’s opinions is taken into an account. This aspect is for purposes of avoiding future complaints of network security system inefficiency(Tipton & Krause, 2012; Paul et al., 2012).
If the success of implementation is to last for a longer time, then I also recommend that the company should have some staff assigned specifically to data security. The assigned staff should also be trained on a regular basis to make them aware of all technical and legal issues of security. Safety guidelines should also be created for both laptops and other portable computing devices when they are used off-site. All employees should also adhere to the use of strict passwords and virus protection procedures. The company should also consider using payment card industry (PCI) standards to enforce encryption procedures. This aspect is for the protection of personal sensitive information like those of credit card transactions especially when it comes to their transmission across the network. In addition, the company should also carry out system penetration tests to find out if their system is hacker proof. Lastly, extra precautions ought to be taken to safeguard against information leakage just in case the company is vulnerable for industrial espionage (Tipton & Krause, 2012; Paul et al., 2012).
3.4 Practices that I will use to ensure security within the enterprise
Some of the security practices I intend to use within the enterprise include the following. First is to use sufficient access restrictions such as audit trails as well as strict penalties for violations on the company employees in order to safeguard against unauthorized access. The use of authentication procedures such as log in passwords will be enforced for every user. Secondly is to instruct the company employees during their initial orientation and on the ongoing training programs so that data for customers are confidential. Third is to ensure that the company security list is secure and that the company also has the sufficient security to prevent remote computer access to the company list. The forth practice is to make sure that the list recipients use adequate safeguards by ensuring that security measures are in place during the transfer of the list. Next is to ensure secure and timely return or description of lists used by other entities. I also intend to employ checking system to track usage list like the use of decoy names. I will ensure that there is always someone in the company who is responsible for the listed security. It is done in such a way that he/she keeps up to date laws and regulations concerning fair information practices (Tipton & Krause, 2012; Gajrani et al., 2013).
The VPN and firewall protocols available for our case include PPT, L2TP/IPSec, SSL and Open VPN. This report has recommended the use of SSL because it is more reliable than the rest. The features compared include remote access, that is, free from problems of VPN pass-through problems and other strengths as explained above. The recommendation also goes with the fact that daily credit card transactions call for extra high security in terms of network and data itself if the issues of hacking and virus threats are to be eliminated. However, the success of this implementation will require full participation of all stakeholders involved in order to get maximum support.
Gajrani, K., Bhargava, A., Sharma, K. G., & Bansal, R. (2013, November). Cyber security solution for wide area measurement systems in wind connected electric grid. In Innovative Smart Grid Technologies-Asia (ISGT Asia), 2013 IEEE (pp. 1-5). IEEE.
Paul, S., Gupta, S. D., Islam, K. A., Saha, K., & Majumder, S. (2012). Challenges of Securing the Smart Grid and Their Probable Security Solutions. International Proceedings of Chemical, Biological & Environmental Engineering, 44.
Tipton, H. F., & Krause, M. (2012). Information security management handbook. CRC Press.