Task:
Security being a top concern for any organisation, choosing the correct security solutions is of utmost importance. Consider an area of information technology (IT) security, such as, network security, e-mail security, database security and so on. Identify and research three different commercial IT security solutions/products for the chosen security area. The three products must target the same security issues. [Note: Instead of IT security specific products such as antivirus software etc. you may also choose to research the security features of products such as database management systems, operating systems and so on.]
Prepare a report providing categorical feature comparison for the three products in the chosen category and make recommendations about the products to assist purchasing decision.
Your report may include the following sections:
- Executive overview.
- Introduction.
- Product description.
- Detailed feature comparison.
- Conclusions and recommendations.
- Reference list
- Appendices (if any)
Length of the report:1500~2000 words, excluding references and appendices.
Rationale
This assessment item is aligned with the following learning outcome of the subject:
- be able to justify security goals and the importance of maintaining the secure computing environment against digital threats;
Depending on the IT security area chosen, the assessment item also relates to one or more of the following learning outcomes of the subject:
- be able to explain the fundamental concepts of cryptographic algorithms;
- be able to examine malicious activities that may affect the security of a computer program and justify the choice of various controls to mitigate threats;
- be able to compare and contrast the security mechanisms of a trusted operating system with those used in a general purpose operating system;
- be able to investigate and justify the use of the access control mechanisms and user authentication processes;
- be able to compare and contrast foundational security policies and models that deal with integrity and confidentiality.
Solution Preview:
Introduction
IT security is must for every organization as it secures the organization network and data from attack, hacking, steal etc. There are different areas of IT security such as e-mail security, network security, database security etc
Here our area of focus is on network security. Network infrastructure systems security is a key to many organizations, as the attacks are increasing day by day, there are many areas which need to be focused upon and need proper adherence towards the system maintenance. [Albright 2002]
Attacks happens on different parameters in different organizations, if these attacks are not prevented it will be penetrated inside the organization and can have a big impact on the overall systems:
- Emails which will be unauthenticated
- Security from Virus/Worms or Trojans
- Use should be acceptable
- Response from any incident
Unauthenticated Emails
Emails are daily send by the employees working in an organization, it can be either work related, social or nonsocial. Some employees are sending emails which they are not authorized to send to the outside entities and it will release the information into the wrong hands. If such email etiquettes are not followed and these are not implemented in the organization certain rules and standards are not laid out, then there would be an issue with the network security and it is not implemented in a way it should be. It will harm organizations in long run when components of the particular object are sent out by unauthenticated information and its impact will be certainly over the time. (Miles, 2007)
Physical security
Attackers can usually attack a system through a medium where they can spread virus or Trojans into the system, by doing this they actually starting the data retrieval process from the intended systems without its users actual will. The data retrieved is basically gathered out intentionally, and it would be having a bad impact over the organizations network. This type of acts should be protected and it can only be possible to protect them if proper network infrastructure is present. (Miles, 2007)
Worms increase over the internet which even slow down system, it start sending the files present on your computer to another computers over the internet, and then start creating a permanent network connection with the system, after uploading the files to the server, then hackers can come and use those for their unauthenticated use.
Acceptable Use
There should be always proper systems laid down by employees over the organization to protect employee’s personal interest for information’s, they are working for the organization, network administrators should have responsibility to handle the unauthenticated websites used by employees and block them. Access to websites such as proxy websites, mails, chats which are unauthenticated should not be given to employees, as it would need to be prevented and protected from any unauthorized access. (Miles, 2007)
Incident Response
Activities take place inside and organization which are unauthenticated and unauthorized, these entries are usually take place in the midst of enviroments which are created by employees who want to create a bad impact of the organization or use its important information. There should be an immediate incident response in such case and it should be avoided from getting it happened.
Product Description
The three products that protect the network system from security issues are listed below:
- Antivirus Program
- Firewall program
- Use operating system up-to-date.
Antivirus Program
Nowadays, anti-virus software is installed on every system that protects the system from getting new or old viruses, worms, and Trojans. Antivirus program that is installed is configure to scan e-mail and files as they are downloaded from the Internet. Many Information technology organizations like Symantec, McAfee and Sophos have released their anti-virus software in order to prevent or block spyware. The company called Grisoft also released their own anti-virus software with the name of AVG Anti-Virus. Free version of AVG antivirus is also available for private and noncommercial users. The different way of preventing Trojan is never open any e-mails or download any attachments from unknown senders.
Firewall program
Firewall is a program written for the computer systems, these can be present on the system either in software or hardware mode, there are accelerated firewalls which are very powerful in preventing the system from getting impact, and it should be executed in a well appropriated manner. There are software or hardware firewalls, the hardware firewall provides a better level of security to the software systems and these are more active than software firewalls.
Operating system up-to-date
Latest available operating system has in-built features to secure the operating system from threats. Companies that develop operating system software such as Microsoft will produce new versions every few years. The main of producing new versions of operating system every few years is to install latest technical features as they provide latest security protection to their users. Benefits from modern operating system apart from security are listed below:
- Using modern operating systems such as Windows 7/Vista/XP. The staff gets very help from this as these systems includes several drivers to be already installed on their machines and they don’t need them to be with user.
- USB support for any external drive is already present, these allow plug and play for devices.
- Security is more enhanced using firewalls, registry entries with secure layers and many more.
- Software is protected from many online internet harms using secure Antiviral attack software which can be supported by these windows.
Product comparisons in term of their advantages
Advantages of Antivirus program
- Free Antivirus provides an inexpensive support to any individual or organization.
- Reliable and can be used on many computers with single administrator
- It provides complete details of virus, with options to remove or to move into vault.
- It includes update options, under which the virus updates its database when the computer is connected to the internet.
- It allows you to run boot time antivirus scan, which helps reducing any threats present when you starts your computer initially.
- It allows us to automatically detect virus in folders or files and let us know if any virus is present.
- Antivirus helps us to detect any virus threat to our system immediately as they usually runs on the back thread always.
Advantages of Firewall program
- Intruder unauthorized access to the system is stopped and overall system gets protected.
- Malicious attacks get stopped.
- Some firewall system may provide the list of attackers try to attack your operating system.
- It’s almost free is used for personal use.
- Monitor the outgoing and incoming alerts and the firewall software will record if any intrusion attempt occurs.
- Firewalls can also be tested for leaks by such projects which have options to check for leaks. [Pinktec 2011]
Advantages of operating system up-to date
- If operating system is up-to-date, then it is less prone to security vulnerabilities due to newly available features in latest versions.
- Aside from updating of features, every incremental version of operating system consists of corrections which were not present in previous or old versions. These usually are the defects which are present in the operating system as vulnerabilities. We can easily say that these are the bugs or defects in an operating system that can allow an intrusion into the system such as a malware or virus.
- Operating system companies such as Microsoft provide modifications and corrections back to its older windows versions.
- If user operating system are modified and corrected with the latest security features of operating system, it will help the user system to secure from threats and vulnerabilities. [Nortan 2007]
Conclusions and recommendations for network system security
- Security restrictions should be strict and must be present on the system of employees, they should be able to the prescribed action as stated, all the actions are not stated and not meant for an employee are out of box and he/she should not be able to achieve it.
- Firewall presence should be there on all of the systems and it should be having sound impact in protecting the systems.
- There should not be any direct access for an employee to install the software on his system and it should be done with the help of network administrators, there are areas which network administrators should focus and understand and should take proper authenticated actions on employees systems.
- Proper trainings should be given to employees not to do any such activities which will harm the customer data and harm the organizations image in the market. There should be clear and sound impact of these actions, so that no employees should participate in activities which they need to avoid.
- There should be a strict policy if someone violates the policies of organization and anyways try to unprotect the data and stolen it. He should be penalized and terminated without giving any notice.
- Malware Protection software should always be present on all the system and with auto install updates, which don’t require any permission.
References
Albright, J. G. (2002, March 25). The Basics of an IT Security Policy. Global Information Assurance Certification. Retrieved May 15, 2013, from www.giac.org/paper/gsec/1863/basics-security-policy/103278
Miles Tracy, 2007, Guidelines on Electronic Mail Security
Nortan. (2007), Keeping OS and Antivirus Software up to Date, http://www.nortonantiviruscenter.com/security-resource-center/os-antivirus-software-up-to-date.html
Pinktec Computer Services. (2011), Firewalls Advantages and Disadvantages,http://kimberleytaylor.com/articles/firewalls_advantages.htm
What We Offer:
• On-time delivery guarantee
• PhD-level professionals
• Automatic plagiarism check
• 100% money-back guarantee
• 100% Privacy and Confidentiality
• High Quality custom-written papers