CSI5212 Network Security Fundamentals

It is an accepted truth that without risk there can be no gain. Every individual and organization who wants to succeed must take some risks. Network security and its impact on risk management is not about not taking risks, but about taking risks in a controlled environment for which one must understand the risks, their triggers and their consequences.

Write a  paper in which you:

1. Contrast access control in relations to risk, threat and vulnerability.

2. Explain the relationship between access control and its impact on CIA (maintaining network confidentiality, integrity and availability).

3. Describe access control and its level of importance within information security.

4. Argue the need for organizations to take implement access controls in relations to maintaining confidentiality, integrity and availability (e.g., Is it a risky practice to store customer information for repeat visits)?

5.Describe the necessary components within an organizations access control metric.

1.

Contrasting Access Control for Risks, Threats and Vulnerabilities

i) The access control in respect to threats can be demonstrated for two types of threats, which are internal threats and external threats. The internal threats occur from the individuals, who have legalized access like employees or other personnel of a company. It is quite difficult to prevent or detect them as they have legalized access to the systems (Yang et al. 2013). These insiders could easily misuse the IT resources of that organization for performing the port scans outside the initiate attacks within that company. Moreover, they could access, process as well as distribute the unauthorized information such as secret trade and salary. The best measure for controlling the access of these threats is using passwords within the systems.

The outside intruders are hackers or attackers, who can misuse or attack the systems or networks (Lee, Chung & Hwang, 2013). The hackers gain the confidential password by usually running a password cracking application. Using encryption technique for the messages is the easiest access control for this threat.

ii) Access control for risks like unauthorized disclosure of information, confidential and sensitive information leading to the loss of credibility, is by involving encryption and virtual private networks within the organization.

iii) Access control for vulnerabilities such as viruses is the implementation of firewalls and antivirus software (Yang, Jia & Ren, 2013). The proper implementation of firewall and antivirus software easily stops the vulnerability without much complexity.

2.

Access Control and its Impact on CIA

Access control is the security technique, which regulates and verifies the utilization of resources in the computing environment. This is the fundamental concept of security, which helps in the minimization of risks to the organizations. Two types of access controls are present, which are physical and logical access control (Mahalle et al., 2013). The physical access control eventually limits the access to the building networks or physical assets of IT. The logical access control could also limit the connections to system files, confidential data and computer networks. For securing any facility, the organizations utilize the systems of electronic access control for relying on the users’ credentials, auditing and reporting for tacking the employee access and many others.

Access control has a major impact on confidentiality, integrity and availability or CIA triad. The security technique of access control ensures that the information is confidential and is not accessed by the unauthorized users and maintains confidentiality (Ruj & Nayak, 2013). It also ensures that the data is not changed or altered by the unauthenticated user and hence integrity is maintained. Access control even ensures that the confidential information is available for the authorized and hence availability is maintained.

3.

Access Control and Level of Importance in Information Security

Access control is the selective access restriction for any resource or asset within any organization. The information security and physical security are maintained with the help of access control. The permission for accessing the resource is termed as authorization (Nabeel & Bertino, 2014). The most important and significant analogous mechanisms of this access control are login credentials and locks. The respective policy of access control should address the various security issues. This policy is being implemented by each and every organization for the purpose of securing their sensitive data.

The access control is extremely important for information security in all companies. The major objective of access control is minimizing or reducing the risks of unauthorized access to the physical as well as logical systems. It helps in ensuring that security technology for the data by providing authentication and authorization (Nintanavongsa, Naderi & Chowdhury, 2013). All types of organizations, whose employees are connected to the Internet connection, require access control policy for their data and hence these policies are extremely important for security of information. Moreover, the catastrophic vulnerabilities and threats are also prevented with this policy. This feature makes this policy a major component of information security in any software company.

4.

Requirement of Maintaining Confidentiality, Integrity and Availability

The confidentiality, integrity and availability of the data are easily maintained and the access control policies are responsible for maintaining these three factors.

Confidentiality is the set of rules, which helps to limit the access of the information and hence it is made sure that only the authorized and authenticated people are accessing the data. This confidentiality is roughly equivalent to the privacy of data (Georgiev, Jana & Shmatikov, 2014). Various measures are undertaken for the purpose of ensuring confidentiality and hence preventing the sensitive information from reaching out to the wrong people. The policies of access control restrict the data to the authorized members of any company and hence the confidentiality is being maintained.

Integrity can be defined as the assurance that states that the information is accurate and trustworthy. It involves the maintenance of accuracy, trustworthiness and consistency of the data within the complete life cycle of the data (Lee, Chung & Hwang, 2013). It makes sure that the data is not altered by the unauthorized people. Access control is the most significant measure for maintaining this integrity. The cryptographic algorithms are present within these policies.

Availability makes sure that the information is available for only the authorized people and hence there is a guarantee of the reliable access for the information (Mahalle et al., 2013). Access control helps to ensure confidentiality by maintaining the hardware and by performing hardware repairs immediately whenever required.

5.

Necessary Components of Access Control Metric

Access control helps to secure the confidential information for the users. There are three important and necessary components of the access control metrics. These three components are given below:

i) User Facing: This is the first and the foremost component of the access control metrics (Nabeel & Bertino, 2014). This particular component provides access cards, card readers as well as access control keypad. These three are extremely important for the user and these components are for the users.

ii) Admin Facing: The admin facing components are access management dashboard and integrations or API. The administrator is responsible for controlling these components, hence providing a proper management of the users.

iii) Infrastructure: The third distinct component of access control metrics is infrastructure, which provides electric door hardware and access control panels (Ruj & Nayak, 2013). Without these infrastructures, it is not possible to implement access control metrics.

References

Georgiev, M., Jana, S., & Shmatikov, V. (2014, February). Breaking and fixing origin-based access control in hybrid web/mobile application frameworks. In NDSS symposium (Vol. 2014, p. 1). NIH Public Access.

Lee, C. C., Chung, P. S., & Hwang, M. S. (2013). A Survey on Attribute-based Encryption Schemes of Access Control in Cloud Environments. IJ Network Security, 15(4), 231-240.

Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2013). Identity authentication and capability based access control (iacac) for the internet of things. Journal of Cyber Security and Mobility, 1(4), 309-348.

Nabeel, M., & Bertino, E. (2014). Privacy preserving delegated access control in public clouds. IEEE Transactions on Knowledge and Data Engineering, 26(9), 2268-2280.

Nintanavongsa, P., Naderi, M. Y., & Chowdhury, K. R. (2013, April). Medium access control protocol design for sensors powered by wireless energy transfer. In INFOCOM, 2013 Proceedings IEEE (pp. 150-154). IEEE.

Ruj, S., & Nayak, A. (2013). A decentralized security framework for data aggregation and access control in smart grids. IEEE transactions on smart grid, 4(1), 196-205.

Yang, K., Jia, X., & Ren, K. (2013, May). Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security (pp. 523-528). ACM.

Yang, K., Jia, X., Ren, K., Zhang, B., & Xie, R. (2013). DAC-MACS: Effective data access control for multiauthority cloud storage systems. IEEE Transactions on Information Forensics and Security, 8(11), 1790-1801.