Discuss about the Taxonomy of Conflictsin Network Security Policies.
To secure data one has to prevent it from potential threat, destruction that is intentional, mistakes that are accidental and unwanted corruption. One of the safest ways to secure data is to encrypt it (magazine, 2017). However other steps to secure data exist such as understanding of threats, having good defense laws and monitoring of activities continuously. Some of the most common computers are windows computers and they are prone to insecurities which lead to data losses. Most of the computer malwares occur when one is logged onto the internet as well as lack of proper passwords for ensuring securities (Mahoney and Chan, pg 381). Computer insecurity has led to closure of many businesses including laying off of workers that may have been in office when an insecurity issue occurs. It’s therefore important to ensure network and other computer securities to avoid such problems.
Ensuring windows network security
When two or more computers or any network devices are connected to the internet they form a network. Since the computer is often connected to some network that could be local or wide area network it’s important to emphasize the physical security of such computers (Bartal et al., p. 21). There needs to be control in the access to data and also protecting data from any unauthorized access from being sent into your computer. When using a windows computer in your daily activities some steps need to be followed to secure your data especially when connecting to the internet.
For the physical security of a computer to be achieved one should have the computer containing the data secured in a locked room the computer can also be secured on a table having a cable and lock (Yuan et al., p. 200). However for such a security plan laptops cannot be secured in such a manner only the external hard drive option is good for securing your laptop.
Securing of data on a windows computer can be achieved in different ways like the access to the sensitive data should be restricted to authorized personnel only and one can use all the security features available through the operating system. For example use of login details by generating a password and have it secured using NTFS permissions available on windows computers. All the passwords created should be strong enough so that they are not easily predicted (Mayer, Wool, and Ziskind, p. 184). Password complexity can be achieved using local security policy or even administrative tools. Strong passwords can be verified using L0PHTCRACK system present in the computers.
Screen savers are protected using passwords and the screen saver should be set in such a way that it’s inactivated between 10-15 minutes. When using a password that has less than 16 characters then the password screen saver should be set to activate for atleast after every 3 minutes of the mouse inactivity. It’s therefore recommended for one to lock the screen once they are not using the computer or if they walk out of office because the screen saver in most cases does not activate for 3-15 minutes (magazine, 2017).
Whole disk encryption should be enabled such encryptions include windows encrypting file system to protect directories that contain secure data. The computer user is advised to have their analysis software configured to some work files that are point temporary and be encrypted to the directory that deals with sensitive data. A secure erasure program should be installed and be run periodically it’s mostly run on a monthly basis once the removal of secure data is complete. For instance the use of eraser has been very effective (Bartal et al., p. 21). This ensures no sensitive data lands in the hands of unauthorized personnel. No data should be copied and moved out of the secured directory whatsoever (CSR, 2017). Windows firewall has provided advanced security and the owner of a windows computer can edit rules, add or remove anything concerned with advanced security in the network security section. Windows firewall has a combination of host firewall and internet protocol security. It operates on computers running server 2008 and 2008 R2.It offers local protection from attacks from other networks which are likely to pass via the perimeter network or may also originate from one’s place of work unknowingly (Lippman et al., p. 581). This firewall secures computer to computer connections in which it allows the owner of the computer to get authentication and protection of data for communication.
This firewall inspects and also filters packets used for IP version 4 and version 6 traffic. It blocks incoming traffic by default not unless it’s responding to the host request of it’sallowed via creation of a firewall rule. Traffic can be allowed by the computer user by specifying an application number, service name, port number or by use of other criteria through configuring your windows firewall with security that is advanced (Liuand Gouda, p. 198). However incorrect configuration of windows firewall may impair the functioning of some services by the blocking of inbound traffic to some services on the computer.
Having a combination of both physical and logical systems of security; this is achieved by separating of cabinets in offices in relation to the security level needed. Passwords, encryptions and authetification should be given much protection so as to be accessed by specific authorised individuals only (Adiseshu, Suri and Parulkar, p. 1207).
The networks get secured with an antispyware, programs for virus detection and firewalls when the security is logical. The first line of defense is the implementation of systems for storage basing on unit number markings that are logical. The change of key codes, door locks, security and access control entails the components of physical security. The default settings should also be changed often especially at the stages of installation and the access to tools of management should be restricted to those that need them only (Yuan et al., p. 200).
The culture of being transparent with data security has been adapted by many companies and this makes the users to avoid evil thoughts of wanting to tamper with data (Al-Shaer and Hamed, p. 138).
When it comes to wireless security companies have enabled some WPA2 security which has been encryptioned with AES as well as SSID for privacy. In this case its ensured that all the wireless devices are getting secure connection via WPA security that comes with TKIP encryption and therefore the risks of cracking are less. All the cabling that are network enabled are often protected from easy access by the public and can only be accessed by authorized people. This is a mandate of all the industries. It’s advisable to disable all the open Ethernets within the building so as to avoid unnecessary and unauthorized usage (Lippman et al., p. 171).
There is the need to have track of the staff’s mobile devices to cater for any loss of sensitive data that can land into the hands of malicious people. This also protects unauthorized people from accessing the company’s wifi via such stolen devices which are mostly used for log in by the staff.
Connection of several computers with no loss of relevant information
Microsoft baseline security analyzer which is a vulnerability scanning tool can be used. This one checks the networks security status. These tools check things like un-patched ports that are open and softwares (Ismaeland Zainab, p. 276). Maintaining and installing softwares for security purposes; this include the use of the antivirus suite of windows defender for windows 8 computers and use of Microsoft security essentials for those using windows 7 users.
Use of personal software inspector; it notifies users when their current soft ware’s are expiring. One should use the principle that is of the least of all i.e. never using administrator rights to sign into computers (Warrender, Forrest and Pearlmutter, p. 138). This is because such sign ins are at risk of exploitations and thus exposed to many risks. Dangers of such log ins include deletion of files, reformatting of hard drives and the creation of accounts that are new without your knowledge.
Current updates should be maintained and soft ware’s as well; it’s achieved by adapting systems that are secure and well supported. A personal software inspector called Secunia should be installed because it gives alerts on software updates and applications that are expiring (Debar, Becker and Siboni, p. 248). Use of usernames and passwords that are strong should be encouraged because these cannot be easily predicted by malicious people. These passwords should be changed occasionally for the sake of securing the stored information.
In most cases people would want to use wireless internet connections to access the web especially when outside their normal network providers (Mahoney and Chan, p. 228). However these wireless connections may make one to run into serious problems with their computers if the network provider uses security settings that are different from the operating system of your computer. It’s known that all routers do not provide similar security settings options. Also some of the cards used for network and the operating system combinations are capable of making use of the current and most secure features of security (Mukherjee, Heberlein and Levitt, p. 39). For example there are Atheros cards network which are installed on the laptops of windows vista but they cannot use security types of WPA2. Also the router of most local networks could have configurations of using lower security settings compared to most of the laptops.
Ensuring internet use security on windows computer
If a windows 7 user needs to connect to some network via security settings that are different they need to have a change of their current settings manually using operating system prior to opting to access any wireless websites or even before opening their emails (Mahoney and Chan, p. 381). The wireless security settings can be accessed by making navigation to ‘control panel’ site present in the ‘start’ area.
Once in the control panel area look for the icon of the globe that is between two monitors. Click onto the place labeled ‘network and internet’ so as to access the key networking options for windows 7. Click on the heading written network and sharing at the top of the windows just above the home area and then click on ‘internet options’ (Denning, p. 228). Once you locate the ‘network and sharing centre’ option you will be able to access the networks that you are presently connected on and this is where changing settings options are provided as well as troubleshooting problems with connection.
Click on the ‘manage wireless networks’ and bring up all the available wireless networks in your range and then locate the specific networks you want to connect with. Once you right click on the network provider you’ve selected it will bring out the properties where you’llaccess all the security settings necessary. Here is where you choose the security type you want to use and they may include WPA2 Personal or WEP (Neumann and Porras, p. 76). Here you key in the security password for the selected network and then click ‘ok’. All these steps are to ensure your data and computer are secure while you access the wireless network. Its relevant to follow these steps since most of the computer insecurities are common while one is accessing the internet.
Computers can be effective if used well. One should show much keenness on the essentials of security when using computers to ensure sensitive information is protected as well as the loss of data is not witnessed. This is achieved through installation of security softwares and updating them always. A lot of keenness should also be placed on physical security and logistics of the data as well as all the information stored on the computer. Computers have been of great importance when it comes to sustaining business in this global market. A lot can be done and shared using computers and especially windows computers which are the most common ones. However a lot can as well be lost in terms of poor security settings on our computers. Many businesses have close down because of loss of sensitive data and even leakage of sensitive passwords. Banks have lost billions of money because of computer insecurities. It’s therefore important for all windows users to put in mind all the security requirements to ensure data protection and proper running of businesses.
Always back up and file your documents with your email. Such these practices ensure that data is protected once an operating system cracks down, or in case of virus attacks and failure of hardwares.
Records of people with access to data that is fixed and removable as well as storage media should be kept. The virtual private networks, IPSec protocols and encryption should be adapted for improved security especially when the data is in transmission.
Data protection and security models should be implemented; these include a number of defenses that tackle some threats. These defenses have the ability to protect data especially if one of them is not working.
In situations where only one person is using the computer use of external hard drives in securing your computer should be put into consideration.
Denning D.E (1997). An intrusion-detection model. IEEE Trans Software Eng;13(2):222–32.
Neumann PG, Porras PA (1999). Experience with EMERALD to date. In First USENIX workshop on intrusion detection and network monitoring, Santa Clara, CA. p. 73–80.
Debar H, Becker M, Siboni, D (1992). A neural network component for an intrusion detection systems. In Proceedings of the 1992 IEEE symposium on security and privacy, Oakland, CA, p. 240–50.
Warrender C, Forrest S, Pearlmutter B (1999). Detecting intrusions using systems call: alternative data models. In Proceedings of the 25th IEEE symposium on security and privacy, Oakland, CA; 9–12. p. 133–45.
Mahoney MV, Chan PK (2000). Learning nonstationary models of normal network traffic for detecting novel attacks. In Proceedings of eighth international conference on knowledge discovery and data mining, p. 376–85.
Mukherjee B, Heberlein LT, Levitt KN (1994). Network intrusion detection. IEEE Network 8(3):26–41.
Mahoney MV, Chan PK (2003). An Analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection. Recent advances in intrusion detection. In Sixth international symposium, Raid 2003, Pittsburgh, PA, USA; 8–10,. p. 220–39.
CSR, NIST, (2017) Computer Security Resource Center. Retrieved from https://csrc.nist.gov/publications.
Magazine, (2017). Information security online magazine. Retrieved from https://www.scmagazine.com
Mayer, A. Wool, and E. Ziskind (2000). “Fang: A FirewallAnalysis Engine,” Proc. IEEE Symp. Securityand Privacy (S&P 2000), IEEE Press, pp. 177-187.
Bartal, Y., Mayer, A., Nissim, K., and Wool, A. Firmato (1999). A novel firewall management toolkit. In IEEE Symposium on Security and Privacy, pp. 17–31, Oakland, California.
Liu, A. X. and Gouda, M. G (2005). Complete RedundancyDetection in Firewalls. In 19th Annual IFIP Conferenceon Data and Applications Security (DBSec-05), pp. 196–209, Storrs, Connecticut.
Yuan, L., Mai, J., Su, Z., Chen, H., Chuah, C., and Mohapatra, P. Fireman (2006).a toolkit for Firewall Modelingand ANalysis. In IEEE Symposium on Security and Privacy, pp. 199–213, Oakland, California.
Adiseshu, H., Suri, S., and Parulkar, G (2000). Detecting andResolving Packet Filter Conflicts. In 19th Annual JointConference of the IEEE Computer and CommunicationsSocieties, Vol. 3, pp. 1203–1212.
Al-Shaer, E. S. and Hamed, H. H (2006). Taxonomy of Conflictsin Network Security Policies. In IEEE CommunicationsMagazine, 44(3):134–141.
Lippman R, Haines JW, Fried DJ, Korba J, Das K (2000). The 1999 DARPA off-line intrusion detection evaluation. Comput Networks 34(4):579–95.
Ismael, R. and Zainab, A.N. (2010). A frame work for assessing information systems security practices in libraries. Kuala Lumpur: LISU,FCSIT pp 273-287.
Lippman R, Haines JW, Fried DJ, Korba J, Das K (2000). Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. In Proceedings of the third international workshop on recent advances in intrusion detection, Toulouse, France, p. 162–82.