Global Prevention and Detection Analysis †MyAssignmenthelp.com

Question: Discuss about the Global Prevention and Detection Analysis. Answer: Introduction: The recent global ransomware security attacks highlight the challenges that security managers still face and the risks that malicious users still pose on corporate IT resources. Such malware is transmitted, usually, by web pop-ups of through e-mails; it is therefore important that security managers do more to guarantee network security because of how costly disruptions of services can be costly. These attacks further demonstrate why security comes first, especially in a situation where the information and resources are stored in a network where they can be accessed remotely. Corporate networks are becoming larger and complex, as well as requiring greater flexibility than ever; this giver malicious users a bigger attack surface that they can exploit. Network security entails the practices and policies that are adopted to monitor and prevent unauthorized access to, use/ misuse, denial, modification of a computer network and resources accessible through the network. Network security inv olves providing authorizing access to resources and data within a network, controlled by the security manager of network administrator. Users are given specific IDs and credentials to authenticate users and allow access to these resources and data. Network security entails computer networks, both private and public that are used in conducting transactions, business communication, and individuals. A network used privately by a business can be accessed externally by the public; further highlighting the need to have security as being an integral component of networks. This paper discusses corporate network security in the context of Auto-Fishing Group (AG), a cooperative society of Tasmanian fishermen; the cooperative uses sophisticated technology, using UAV (unmanned aerial vehicle) to locate schools of fish. AG supplies fish directly to customers from the fishermen, using its own vehicles and ten distribution centers, each of which has three vehicles and every fishermen is affiliated to a distribution center. AG uses a proprietary software that they use to process customer orders; and this helps AG fisheries manage supplies from the fishermen to receive the fish on a just in tie (JIT) approach, through an automated process with computers and the distribution vehicles and mobile devices the fishermen use. The system has a discussion group through which fishermen can post questions via the Internet; the AG cooperative provides online banking services to its members by providing banking facilities from other banks. The society also has a training center where instructions can show students the videos of fish schools directly and its network is part of the entire AG network. The society, therefore, requires guarantees that its proprietary application data, and information within the network remains secure. This paper will provide guidelines and specific policies to guarantee the network security for AG Fisheries. Information Threats and Risks at AG Fisheries The AG network faces threats both internally and externally; threat refers to anything or anyone that is a danger to the network system and its resources. External threats pertain to those that originate outside the AG organization, mainly from the environment that AG operates in. the external threats include socio-economic threats, human threats such as hackers, communication threats, network security threats, legal threats, and software threats (European Commission-Council Press, 2011). Social engineering threats where data can be stolen or misused to impersonate valid members for fraud given that the fishermen personal banking details can be accessed via the network is also another form of external threat to the AG network system. Other important threats to the AG network includes theft of personal information (Identifiable such as banking details), theft of intellectual property and theft of confidential business strategies. Physical and legal threats can entirely endanger the AG network; the threats can impact the organization for a limited time period or partially, such as denial of service attacks, while cyber crimes expose AG to legal risks, for instance, if the financial details of a fisherman are stolen or compromised, the organization could be sued (Basani, 2015). The organization is also at risk of internal threats that originate from within the AG organization. The main contributors of internal threats includes contractors, employees, or even customers and suppliers. The major internal threats include fraud, for example, of fishermens financial accounts, information destruction (possibly too hide fraud), and information misuse (Basani, 2015). Other internal threats include non-intended risks, where users open content, such as mails, that are laden with malware and unknowingly spread them over the network, destroying the network resources of AG Cooperative. Internal threats come from weak security policies such as poor authentication measures and im proper classification of information access rights, inadequate duty segregation, weak administrative passwords, systems that are not properly configured, non restricting administrator access, and non restricted access for employees (European Commission-Council, 2010). Information Security Structure and Risk Assessment at AG Cooperative Information and network security risk assessment for AG Cooperative is important for developing an integrated security policy to prevent or mitigate the said security threats. The business requirements entail accepting and processing customer orders online, getting information form fishermen on their stocks and placing orders, delivering the fish t consumers, storing customer details, including transactions and their address details, as well as the financial information of the fishermen through the online banking application. The following section explains the security policies that should be implemented at the cooperative too guarantee security of it s network resources and information. Security Policies for AG Cooperative The security policy entails the governing policy that is a high level treatment of the concepts of security important to the organization and controls all the security aspects of the organization. The governing policy encompasses the technical as well as the end-user policies. The technical policies include technical policies that guide all technical operations while the end user policies pertain to the end users policies of the what, when, where, and who. Technical security policy and its framework The security risk assessment will entail taking a framework entailing the discovery, device profiling, Scanning, and Validation Discovery: Entails establishing a the target network segment fingerprinting and includes all device addresses and their UDP, TCP, and other network services that can be accessed from the internal network. Active and passive sniffers should be used to collect traffic within the network to enable parsing and analysis. This requires active hosts to be identified, cr edentials authentication, indication of potential malware, and any other vulnerabilities. Traffic in the network, in particular, must be managed by crafting unique packets through protocols such as TCP and UDP to determine the availability of hosts. These processes all pertain to identify all possible threats (Pacquet, 2016) Device profiling: making use of the gathered information during discovery, the lit of all accessible network services, known network architectures, and IP (Internet protocol0 stack fingerprints are analyzed to identify possible trust relationships and roles every device with the network infrastructure lays, including the mobile devices and any devices in the delivery vehicles (Pacquet, 2016). Scanning: Every network service identified during discovery and profiling must be tested in phases for any known (and new) vulnerabilities; vulnerabilities include system compromises, unauthorized data access, denial of service, command execution, and information disclosure (Pacquet, 2016), (Mulins, 2007). Validation: this is the final step and entails validating or attempting to exploit all results from the vulnerability scanning; using specific tests and techniques to test for possible vulnerabilities and implement mitigation measures (Pacquet, 2016). Shewhart Cycle to Ensure Information Security The Shewhart cycle is a PCDA (plan, do, check, act) is a four stage repetitive cycle for continuous improvement of security and its business processes. Its aim is for the improvement of the quality and effectiveness withing the life cycle management of products and also for TQM (total quality management) Plan: The problems to be addressed must be defined, relevant data collected, and the root cause of the problem ascertained Do: The solution is then developed and implemented and measures for gauging effectiveness developed Check: Confirm results through prior and after data comparisons Act: The results are documented, others informed about changes to processes, and recommendations made for the problem to be addressed in the next cycle (Weiss Solomon, 2016. The main components of the network includes the routers, switches, and the firewall. The router is the security gate in the outer layer of the network; it forwards IP packets within the network to sub networks and includes outboun d and inbound networks. The router should be set to block unwanted, undesired, or unauthorized traffic to the network and be secured against re-configuration. The Firewall is for blocking all unnecessary ports while allowing traffic from only the known ports; the firewall monitors incoming and outgoing traffic and to prevent known attacks from getting to the AG web server. The firewall operating system must be regularly patched. The switch plays a minimal role to secure the network, however, they should be configured to send only specially formatted data packets. The policy should require router passwords being strengthened and encrypted; they should also be patched and updated regularly, and audited as well as set for intrusion detection. Measures to Ensure Security The security policy must be used to train and enlighten all users on the dos and donts, such as not downloading certain file types if attached to mail and providing a safe channel for anonymous reporting of suspected internal fraud/ threats. From a technical point of view, the wireless access points in the network must be encrypted, along with the routers and router passwords. Wireless network s are usually wide open and ripe for exploitation (Glance, 2017). The SSID should be hidden for the wireless network and access from the outside should be disabled for routers with web management services and the default admin password changed. All computers must have an anti virus software that is updated regularly and the web servers being run on the LAN should be placed n a DMZ. Web servers must be scanned regularly for any forms of exploits and if possible, the distribution centers should connect to the main office through a VPN (virtual private network). File print sharing on the network s hould be disabled except on the file server, with user access restricted. The disks in the servers should be set with redundancy such as RAID 6 and encrypted while the entire network should be backed up through virtualization and off-site backup, such as using a cloud service provider to guarantee BPC in the event of a disaster. For the fishermen, online banking should be authenticated using a two-step process; through the password system and from the mobile devices (Stewart, 2014) The network should provide the first line of defense to control access to the AG Cooperative resources and servers. The servers will have additional protection using their operating systems but network security level protection is still necessary to stop a deluge of attacks from reaching the serves ad other resources. The basic network components includes the router, a firewall and switch; the image below shows the way these components are arranged in a network; IDS and IPS To ensure network security, the first step entails detecting and preventing intrusion from happening in the first place. This requires the use of tools for intrusion defense (Intrusion Defense Systems -IDS) and Intrusion Prevention Systems (IPS). While the technologies used to achieve intrusion defense and intrusion protection, the two approaches are fundamentally different. IDS refers to the process of monitoring network events and analyzing them for possible signs of imminent threats or violations to the security policies. Intrusion prevention, on the other hand, refers to the process of undertaking intrusion detection and followed up with stopping the detected incidents. The IDS and IPS work together to ensure network security Management (Trost, 2010). The IPS/ IDS addresses the many threats that can affect the network of AG Cooperative. The AG Cooperatives has several access points to its network and to other networks, including the World Wide Web, both private and public. The ch allenge for AG Cooperative is to maintain the network security while keeping it open for the users, including the customers and the fishermen (Chapman, 2016). Advantages of the Security Policy Protecting sensitive information: The network resource swill have sensitive financial and banking information for the fishermen as well as client details and cooperative information. Protecting data will ensure they operations remain private and confidential. Aligning with best practice standards: This would help the cooperative comply with global security standards Ensure business process continuity: In the event of a disaster, essential businesses will keep running from the virtual backups and ensure essential data remains safely stored The proposed security policy will enable the detection and prevention of threats before they occur through the use of the IDS and IPS systems. The policy will also allow for continuous improvement and upgrading of the security system through the use of the Shewhart cycle and the approach of evaluation and adapting; network security is seldom constant and instead, is constantly changing, hence there is the need to continuously update and improve the network security systems. Assumptions It is assumed that the organization will have the right staff to implement the security policy; the policy also assumes that every mechanism is designed to implement a single or more parts of the security policy. The mechanisms, when united, implements all security aspects and the mechanisms and measures are correctly implemented. Further,the measures are assumed to be installed correctly and administered correctly as well. The set security policies and protocols unambiguously and correctly partitions the the set of the AG Cooperatives system states into unsecure and secure states. This assumption posits that the prescribed policy measures correctly describes and defines a secure system, such that the system is deemed to be secure. Another assumption is that the stated security policy has mechanisms that prevent the entire AG Cooperative fisheries system form getting into the unsecure state. This implies that security mechanisms, such as authentication and user privileges plus the us e of redundancy and virtual backup for continuity will ensure that the system remains safe and secure. The mechanisms can either be broad, secure, or precise. For a security mechanism to be secure, the following conditions must be met;using a formula, let S refer to the set of all the possible states (secure, broad, or precise). Let the secure states be represented by Q as the security policy specifies and the security mechanisms restrict the entire AG Cooperatives system to a variety of states termed R such that R S. the following definition should therefore hold; A security mechanism becomes secure if R Q; it is broad if the states r so that r ? R and also r Q; and it is precise when R = QIn an ideal situation, all the active security mechanisms in a system should be ideal and produce the single precise mechanism where R=Q; however, in real life, security mechanism remain broad, thus allowing the system to enter into a non-secure state (Bishop, 2005). References Basani, V., 2015. Internal vs. External Security Threats: Why Internal Is Worse Than You Expected (and What You Can Do About It). [online] EiQ Networks Blog. Available at: https://blog.eiqnetworks.com/blog/internal-vs.-external-security-threats-why-internal-is- worse-than-you-expected-and-what-you-can-do-about-it [Accessed 20 May 2017]. Bishop, M. (2005). Assumptions and Trust | An Overview of Computer Security | InformIT. [online] Informit.com. Available at: https://www.informit.com/articles/article.aspx? p=363728seqNum=4 [Accessed 23 May 2017]. Chapman, C. (2016). Network performance and security: testing and analyzing using open source and low-cost tools. https://nls.ldls.org.uk/welcome.html? ark:/81055/vdc_100029834340.0x000001. European Commission-Council Press. (2011). Security policy and threats. Clifton Park, NY, Course Technology Cengage Learning. European Commission-Council. (2010). Network Defense + Network Defense - Security Policy and Threats + Network Defense - Perimeter Defense Mechanisms + Network Defense - Securing and Troubleshooting Network Operating Systems + Network Defense - Security and V Fundamentals and Protocols. Cengage Learning Ptr. Glance, D. (2017). Massive global ransomware attack highlights faults and the need to be better prepared. [online] The Conversation. Available at: https://theconversation.com/massive- global-ransomware-attack-highlights-faults-and-the-need-to-be-better-prepared-77673 [Accessed 20 May 2017]. Paquet, C., 2016. Cisco Press. [online] Security Policies Cisco. Available at: https://www.ciscopress.com/articles/article.asp?p=1998559seqNum=3 [Accessed 20 May 2017]. Stewart, J. M. (2014). Network security, firewalls, and VPNs.