Cyber Security
Network security issues arise when the privacy of confidential information is violated. Wireless information are transferred in form of waves hence the possibility of interception of the information by unauthorized persons. However, most organizations focus on the wireless side of the network than the wired side of the network. Both wireless and wired network security should be equally top mind because attacks can emanate from the wired side. To curb potential security threats it is imperative to use the integrated approach which will involve maintaining security through hardening of network infrastructure and the end points from threats.
Hardening of the network infrastructure enables the restriction of unauthorized persons to use the networks. Developing and implementing separate endpoints for staff and students prevents the risk of having different networks catering for different endpoints. Also, with distinct end points, distinct policies can be applied to maintain security. Only the authorized persons should be allowed to access and use the network through process such as device authentication. By authentication, an accurate inventory is created and authorized thus blocking other endpoints from using the network. However, the approaches applied may differ in regards of the network type. The wireless and wired security network details differ at some point. For example, protecting the network from eavesdropping is a different process for the two networks. Wired networks have low risks of eavesdropping because they are usually fully switched at the endpoints. The wireless networks require encryption to prevent the interception of existing content. I would recommend the university to use stronger protocols like WPA2 which protects the WLAN from the vulnerabilities generated by the WPA and WEP networks.
Frequently updating the endpoints through configuration management is primary when focusing on security maintenance. I will recommend the university to use software patches and upgrades as well as the configuration settings that reflect any vulnerabilities and threats. From time to time the university should conduct periodic assessment of the network’s endpoint since the threats and vulnerabilities change over time. However, continuous monitoring reduces the periodic assessment of the network’s endpoint but it does not eliminate the activity.
Windows is one of the most commonly used operating system by the consumers; therefore, I will recommend that the university adheres to the privacy and security settings by selecting the necessary configuration options. When installing windows, I would recommend the university to select the privacy protecting options. Securing the operating systems such as UNIX and Linux systems require steps such as picking good a supported operating systems that have a track record for supplying the consumers with security fixes. I will also recommend the university to keep up with the operating system’s latest patches as soon as they are released. The next step is to use a firewall that is well configured to block unnecessary SSH into the system. The fourth step is to change the auditing and to use file integrity to recognize changes to the contents of the file systems and determining its origin. Another crucial step is to copy the logs into the central log server hence allowing the users to keep track of any attack. Whenever a system detects a threat, the intruder often erases the logs that led to the compromise of the system.
Establishing a secure network will require the users to get authorized before accessing through identification. The user must prove who they are and offer the necessary credentials such PIN, passwords or cryptographic keys. If the credentials fed in match the stored information then the users authenticated. After the authentication the system determines if the subject can access the resource through the AAA tools. For the identification process I would recommend that the component requirements be unique for user accountability. For identity management, the users should be authenticated through automated means. Other authentication mechanisms that can be applied include biometrics such as fingerprints, keyboard dynamics, hand geometry or facial scan to identify the user.
Securing the wired and wireless networks is important and lack of adhering to the protection policies can cause potential consequences. From a security perspective, the wired and wireless networks differ in their mechanism to access the system. A wired system requires physical connection while a wireless connection requires the user to be in an effective distance to access the hotspot. Therefore, unsecured networks are a danger that can lead to criminal attacks such as theft of data, hacking or espionage activities. The authentication system can be attacked through ID spoofing in which the attacker masquerades as the authorized user for access.ID spoofing can de authenticate the legitimate user hence allowing the attacker to sabotage. A compromised system provides a platform for the attacker to modify the content of the system. Passive attacks differ from active attack because it relies on the collection of data and does not interrupt communication among the authorized devices. The attacker can use passive attacks to eavesdrop important information such as governmental information. Through passive attacks, communication can be monitored and the information can be used as leverage. The university should be prepared for security incidents when it comes to the network endpoints. The system can ls face attacks from malware infections hence loss of important information. Efforts should be applied to protect the organization’s sensitive information by putting across the appropriate measures that can detect the incidences quickly hence removing the compromises in time.
References
Vollbrecht, J., & Moskowitz, R. (2015). Wireless LAN Access Control and Authentication. Ann Arbor, 1001, 48108.
Tao, P., Rudys, A., Ladd, A. M., & Wallach, D. S. (2016, September). Wireless LAN location-sensing for security applications. In Proceedings of the 2nd ACM workshop on Wireless security (pp. 11-20). ACM.