Risk and Scenarios
Published 15 Feb 2017
Threats to computer internal databases and software come from internal and external attacks. Many internal threats are sometimes intentional or unintentional. It may be from legitimate users or illegitimate person. This is important to enhance and promote information security in an organization. The first step is to implement a wise security plan.
Once the data is lost it creates a number of problems and incurs heavy cost in retrieving the data and taking new measures for the security.
Security also implies to the protection of systems on which data is saved. This includes protecting computers, networking elements, services and applications.
Protecting networks is important for keeping the information confidential, to maintain the integrity of information, authentication of legalize users, and availability of data.
Possible threats and dangers to the Networks
A threat to the secure data on computers comes from both inside and outside users. It may be intended or it may be unintentional and accidental. There are also passive and active threats. Passive threats are those where only secure information is released without affecting the system (Computer Security, 1998). In case of active threats, information and system both are affected (Computer Security, 1998) and this is mostly intentional.
Threats could be from hackers who masquerade for accessing secure data or spreading virus. Insider attacks could come from the loss of confidential secure data by authorized users where as outsider attacks are intentional site invasion or data access by illegitimate users. Some users can create trap doors that allow unauthorized person to access information. In addition, threat is from viral attacks that may damage important data, files and hardware. Exhaustion attacks to access passwords or any other encrypt data. Many other accidental failures can also cause damage to database and software including hazards to equipment and systems. For e.g., power failures, rain/snow/air storm, earthquakes etc.
Protection from outside threat
Protection from external threats include implications of following measures:
- Encryption Software/data
- Encryption is to encode the information into an unreadable format using specific mathematical key. In this way message cannot be read in the hands of unauthorized persons. Only authorized person having the same matching key can decrypt and read the message.
There are different encryption models for encrypting/decrypting files. These models in turn have variable keys, coming in various size and numbers. The smaller the key, the easier is to crack the message. Therefore, for very secure and confidential information, larger and tougher keys should be used to encode and decode the messages.
Two types of keys are important for encryption system i.e., single key and public/private key. In case of single key there is only one key which is exchanged by the companies privately and which is not known by any third party or unauthorized users. Where as public/private key is a pair of public and private key. Public key is known to public and anyone can use that key to send encrypted messages to the company. Private Key is only known by the company to send encrypted messages and to verify digital signatures.
There is a system called Public key infrastructure operated by certifying authorities to provide key management. It is a secure management of encryption key to give access to only those users who are authorized and should be available to them only when it is needed.
In addition there are Data Encryption Standard (DES) and Advanced Encryption Standard (AES) which are widely used for data encryption. These encryption methods use private key, which could have trillions or quadrillions possible keys. For sending and reviewing the message same key should be applied on both sides.
Checking for any new viruses and worms is mandatory like Trojan horse. Companies should have technical staff and virus scanners updated to prevent any new virus intervene into the network.
All users should be limited to access only those areas of network where they have their job to be done. Shared accounts should be avoided. Monitoring of account activity is also necessary. Implementation of authentic system into such remote areas is mandatory. There should be proper log off and log on systems using passwords. All users should be abiding by user agreement.
Implementation of passwords
Passwords are very useful in restricting access to any type of data. Implementation of passwords to the system should be properly done by technical and well-trained staff.
Installation of firewalls
Firewalls are the most important way of controlling flow of information on Internet and providing sound security. This security mechanism is called metaphorically as firewall as its work is same as physical firewall. It stands as a barrier and protects the network and access to the information from malicious attacks (fire). Firewall may be software or hardware that filters the incoming messages and keeps away dangerous messages like messages containing viruses or decryption codes (Tyson). Any information flowing from Internet to private network is controlled. Its installation needs expert assistance. If large numbers of computers are connected together with one or more connection lines to the Internet without the placement of the firewalls any computer will have access to the data on any other computer on the net through FTP, telnet etc. However, if a firewall is installed correctly at each Internet connection it will permit and block traffic only to limited number of computers. By setting up rules for Web servers, Telnet and FTP servers the company can control employees access to the websites, local networks, information retrieval and loss.
There are different methods of using firewalls; they may be Network level firewalls (also called packet filtering), application level firewall (proxy service) and stateful inspection/filtering method for securing inflow and outflow of traffic from network. In case of packet filtering (network level firewalls) routers form connections at various levels of network. It involves filtering of packets, which are small pieces of data, and then sending it to the requesting system. However, routers cannot perform complex functions. In case of proxy server (application level firewalls) information retrieved from and sent to the Internet is checked. It provides high level of security. Stateful inspection is the method in which individual packets are analyzed for sensitive data within the packet, which is then compared with other reliable database rules and information. In addition, characteristics of out-flowing and in-flowing information are also compared to be permitted through the network or rejected.
The function of circuit gateway is to control the flow of packets b/w client and server. It validates the session before establishing a circuit b/w client and server. Once the connection is complete, data of similar matching information is allowed to pass.
Isolating secure data from public data
Data for public use must be isolated from private firewalls. Web servers of the company that intend to provide information for public use must not be mingled with private firewall locations. Instead, public information should be located in a separate place other than private information.
Protection from inside threat
Insider threats include those of unintentional or accidental access to confidential information by legitimate users. These threats may from intentional break-ins.
Staff employed for technical problems and networking maintenance should be well trained and trustworthy. Though, most network security threats would be accidental due to common human mistakes. This unintentional access to secure data due to some networking problems even mistakenly is risk worthy. Therefore, personnel employed in an organization should be honest to comply with security policies.
Protecting information in transmission:
Secure Sockets Layers (SSL) servers are responsible for transmission of financial, payment and billing transactions through a web browser. In this case a web browser generates an encrypted message with a random key that should be matched with hosts public key for accessing the data (Introduction, chap 9).
Messages could be authenticated using digital signatures, time stamps, sequence numbers, digital certificates and encryption. Digital signatures protect the message in a way that if messages are somehow altered during transmission it could be instantaneously detected. If the signature is not change during transmission it validates that the message is not changed (Introduction, chap 9). Another way to authenticate message is to embed time stamps, sequence numbers or random numbers within the message. The precise sequence of these identifies the originality of the message. Any change in the message will change the sequence, which can alert the users that the message has been read and intervened. In case of digital certificates the person receiving the message should first authenticate his identity to read the message. The services of digital certificates are provided by third-party agents. These are authorized certificate providers to verify the authorized users. Information sent over the Internet is extremely vulnerable due to high level of exposure on worldwide network. Encryption of messages is the best method to counteract the acts of assault in sent message.
Backups are also important part of recovery process to access lost or corrupt data.
Whatever opportunities and threats today’s technology offers, one has to be very sensible in using benefits and imposing safeguards against dangers. However, there is no such perfection attained by any company to implement security measures. Every Internet or Intranet network is vulnerable, to some extent, to any malicious types of attacks from outside or unintentional release of insider’s confidentiality.
Every organization should have a security policy and rules to define the security system within their network system. These policies and rules should only define protection against threats but also detection of cause of attacks and recovery in case of malicious attacks (Computer Security, 1998). Such policies are based on cost and risk analysis of the company’s network. Every user of the network must be abide by company’s policy. This could only be effective if they read, understand, and practically implicate it.
Security policy should include measures for physical security for e.g., providing locks to protect from theft of valuable information, protecting from natural disasters, desktop security, LAN/WAN security. Technical security measures include protection of email messaging, encryption, protection from viruses like Trojan horse, ftp and web security, monitoring secure networks, and safe distribution of software.
However, whatever security is implemented in the company’s network should be upgraded, monitored, audited according to new threats and assaults weekly, monthly or quarterly.
Every company on one side should provide their employees with reasonable source of information on the net and simultaneously preventing any unauthorized access by legitimate or illegitimate users. It is important to encourage the users to use valuable information while ensuring complete protection of sensitive data is a great challenge for security system to work perfectly. There is a constant need for upgrading the security system with modern applications preventing every new threat.
- The Sixth Sense. Van Der Heijden, Bradfield, Burt, Cairns, & Wright. (2002). West Sussex, England: John Wiley & Sons. ISBN: 0470844914.
- Scenarios: The Art of Strategic Conversation. Van Der Heijden. (1996). West Sussex, England: John Wiley & Sons. ISBN: 0471966398.
- Risk Analysis and the Security Survey. (2nd edition). Broder. (2002). Boston, MA: Elsevier Science. ISBN: 0750670894. ( ONLY CHAPTER 7)
- Computer Security Framework and Principles. (1998) Mon 10, 2003
- Introduction to Network Security.(chapter 9). Mon 10, 2003
- Network Security and the Internet. Mon 10, 2003
- Tyson, Jeff. How Firewalls work? Mon 10, 2003