Describe about the Telecommunications and Networking Strategy of ABCD University?
This assignment reflects the IT and networking strategy of ABCD University, which is a state-of -the-art educational institution of the 21st century. The university boasts of having 3000 computers which are being used by more than 19000 students and staff members. The university is on the verge of technological brilliance and it wants to bring in even more innovative strategies for security of its networking and IT related services. In this assignment the primary focus is on devising such a networking strategy which will be beneficial to the staffs, teachers and students of the university and also which will provide top class network security to the computer systems, data and all aspects of the computerized system from any unethical activities like hacking, piracy and others. The university is designing plans to resist all these activities and minimize them as far as possible (Lokshina et al. 2014).
2. Findings and Analysis
In order to be technologically supreme and maintain the security and integrity of confidential data, the university should follow the below mentioned networking and technical model.
2.1 Third- party access security
This type of security may be of the following types:
- Remote Access Tools consolidation- It is very important to know that how many outside parties like vendors and other service providers have remote access to the systems of the university. It is to be known that whether they are using the same tools or different set of tools. Sometimes, it is not possible to know what access tools and systems all the vendors are accessing. The university IT department should insist every vendor and employee to use a particular solution for accessing the network (Ries et al. 2014).This helps in monitoring and blocking the activities which could be harmful to the integrity of the system. The third parties will have to use the university’s remote access tool to get access to the network instead of their own. This keeps the security control with the university IT department.
- All the other remote access should be stopped- When the IT department has chosen the right remote access tool, it should not allow any other unauthorized remote tool to get access. The team can remove the requirement for Remote Desktop Protocol connections and restrict the wide access to the protocol Port 3389 that is the general target of the hackers. The web-based access tools used in general by the vendors should be blocked. These web-based tools are also available in free versions today. They are used by call scammers (Wang et al. 2014).That is why they should be blocked, so that it cannot hit any of the staffs and employees of the university.
- Granular Permissions implementation- Majority of the vendors requires access to a few of the systems on the university network. They do not require access to those systems for a continuous period of time. The IT team should not give them access to all the machines. This restricts the degree of damage that is inflicted. The support tool should be such that it requires permissions from the system, whenever any vendor or an employee tries to access the network. This will help to keep the control with the IT department. They can easily monitor and restrict what the vendors can have access to and at what time. This enables the team to restrict unauthorized access and even cut it down for any particular vendor or employee. The IT team can change the permission settings as and when they require (Tosti et al. 2014).
2.2 Classification of Assets and their controls
Assets classification is a very important part of IT. We need to know the assets, where they are located and what their respective values are. Then only, we can decide on the factors like the time required, money needed to secure these assets and what are the other necessary steps to protect these assets. The steps are as follows:
Asset Identification- The University needs to understand what the critical assets are for it. They should consider the risks involved with these assets and prioritize them according to that. In case there is any accident, we need to have proper backup of the critical information. This will help the University IT team to understand the degree of redundancy that is required. This can be done by keeping another copy of the information or an additional server may be kept as a standby. This reduces the threats from hackers. The assets are further classified into the following:
Information Assets- It refers to each and every information relating to the University. They have been gathered, classifications have been done, properly arranged and stored in different forms like
Database- All the information relating to vendors, customers, suppliers, sales, purchases, production, marketing and all the financial information are referred to as database. These are perhaps the most delicate information. So, it is obligatory to prioritize their security.
Data files- These are the data which give information about the several transactions along with their dates.
Process of operations and the support system- This information are being developed since many years and they provide very detailed guidelines on the performance of several activities.
Information Archive- It refers to the various legal information that need to be stored.
Plans for continuity and back-up plans- In case of any unforeseen event, this will ensure that the organization does not come to a standstill and it moves ahead. If they are not maintained properly, in case of any emergency, that will lead to ad-hoc decision making.
- Software Assets- They are the various software and applications that are used by the computer systems. They are of two type like- Application software; these are used to create the rules of the organization. The other is System software, which include packaged software like OS, DBMS, various development tools, MS Office, etc.
- Physical Assets- They are the tangible assets like the hardware. These will include desktops, laptops, routers, EPABXs, modems, hard drives, disks. These also include the technical equipments like air conditioners, the power supplies and also furniture and fixtures.
- The various services- The services may include various outsourced computer services of the organization. All the services related to communication like data, voice, various value-added services, etc. The services related to environment are also included here like lighting, heating and air conditioning.
- Assets Accountability- The next step involves the establishment of asset accountability. The University uses a fixed assets register to maintain records of the fixed assets and also to calculate depreciation. The difficult part is to make information for the information assets. This is because a large number of users use these assets. The most important is perhaps to determine the owners who use the application software. This is because the application software sets up the business rules. These assets also need to be valued based on their replacement value and not on the written down value. This will help in their protection (Tropina, 2015).
- Creation of Classification Levels- All the assets need to be classified on the basis of some criteria for their identification. These are:
- Confidentiality- It depends on whether the information can be accessed by everybody or does it need restriction for some specific persons.
- Value- Whether the asset is of high or low value.
- Time- Whether the information is sensitive to time or not. Will the status of its confidentiality change over a period of time.
- Rights to access- Which persons can have access to the assets.
- Methods of destruction- For how many days the information needs to be stored. If required, then the ways of deleting the information from the records.
- Implementing the classification levels- The classification level should not provide an easy identification, otherwise that can be misused. The right amount of protection is required. It may happen that there is a need for avoiding transmission of critical and personal documents in soft copies, like an email attachment (Shakhakarmi, 2014). The information should be encrypted before storing and transmitting. It is required to remember the passwords and keep them confidential.
2.3 Classification of Information
The University should use the following two methods of information classification which are considered to be the best.
Classification by the characteristics- It is modeled according to Classification of Management by Anthony. The decision-making information can be of three types like:
- Information relating to strategy- It means the long term decisions of making the policies. It involves the objectives of the organization and tracks how far they are met .E.g. - Buying a new plant or product, business diversifications and others.
- Information relating to the tactics- It involves information relating to controlling of business resources like the control of quality, process of budget, levels of service, inventory and productivity.
- Information on the operations- It is concerned with information related to plant and other information on the levels of business. It helps to make sure that the several operational processes are going on according to the plans. The University should implement all these technologies to carry out its official works (Russotto, 1987).
- Classification by the applications- In this category, information can be of following types:
- Planning information- These are used to establish general rules and specifications of the organization like tactical, strategic and other planning of operations.
- Controlling information- This is required to have control over all the activities of the University through the mechanism of feedback.
- Knowledge information- This is gained by experience and process of learning. These can be collected from archived data.
- Organizational information- These are related to the environment of the University, its culture relating to its objectives. Information on pay rolls and employee fall under this category.
- Operational information- They are the information which are specific to each operation. The University duty roster of the staffs and employees come in this category (Powell, 2009).
- Database information- They consist of information relating to several applications and usage. They are recorded in systems, retrieved when required and then controlled in order to make the databases, like the information of suppliers.
2.4 Training of Users
It is absolutely necessary to train the teachers, staffs and students about the basic knowledge of IT, hardware, software and operating systems. This will make them work properly without creating a major damage to the hardware and software. Trained personnel should impart such training. (Sanyal et al. 2014).
2.5 Security issues and the remedies
The computer systems should be properly protected from any unauthorized access. This can be done by using antivirus software’s that is available in the market today. Threats can come from various kinds of entities like viruses, spywares, Trojans, worms, etc. In order to minimize such threats, the machine firewalls should also be kept on during data transfer (Khan et al. 2014). Trained IT team should be readily available whenever any malfunction occurs.
Figure 1: Depicts a Network Security Architecture
(Source: Wade, 1999, pp.1635)
2.6 Environmental and physical security
The University should prevent any unauthorized access in the physical form in the critical areas like server rooms, rooms where crucial documents are stored and also in the room where some cash or valuable stuff might be stored. This is to be done in order to prevent any physical damage to the assets. A few of them are as follows- making of security perimeters in order to restrict entry to the sensitive areas that holds several crucial information and information processing facilities. Alarmed locks, fire alarms, burglar alarms, CCTVs, motion alarms and audio surveillance are few of the systems that can be used. It can install the biometric authentication devices to control unauthorized entry. There should be physical protection against natural calamities like cyclone, earthquakes and others (Meghanathan, 2014).
2.7 Access control
The University can implement Attribute-based access control systems. Here the access is granted on the basis of the user attributes. The user has to prove a few details of his attributes before getting access to the control engine. As for example, a claim may be in the form of “Team IT”. If the user can prove this claim, he gets access. The benchmark standard of attribute-based access control systems is XACML. The University should use the latest version which is XACML version 3 (Katsigiannis et al. 2012).
2.8 Cryptographic controls
Cryptography is a branch that includes several guidelines, methods of providing security services like integrity of data, confidentiality and user authentication. The University must implement cryptographic controls like- identification and credentials for authentication in the storage or during transit. It may also store algorithms related to cryptography and vital information relating to wireless communications of secure nature. They are also used in transfer of vital and sensitive data over the internet like the social security number of a person (Hillston et al. 2004).
2.9 System auditing and compliance controls
The University should adopt the system of Compliance Audit. It is getting increasingly popular in the modern IT world and widely used by many organizations. It is used to monitor whether the organization is adhering to all the rules and regulations. Accounting of independent nature, the IT personnel analyzes how strong and concrete the compliance plans are. The auditors should review the several policies relating to access controls of the users, security of the systems, various risk-management techniques during the course of the compliance audit. The SOX requirement analysis can be conducted on the University security system in order to find out if there is any electronic communication that needs to be backed up and need to be protected with modern Disaster Recovery Infrastructure (Bar et al. 2014).
In conclusion it might be said that in today’s competitive environment, automation and digitalization is indispensable for any organization. The educational institutes are not lagging behind in this race. In order to succeed in their objectives and provide proper educational services to the students and an innovative technologically improved environment to the staffs, teachers and students, it is mandatory to maintain all the resources and use the help of computer systems. It is to be mentioned here that, maintaining a highly technologically improvised infrastructure is not just good enough if it is not properly backed up with adequate security measures. In modern world of automation, the significance of IT and IT related services cannot be over-emphasized.
The recommendations will be to design an improvised and reliable security system for the systems and networks, where there is the least chance of data and information being stolen, hacked and lost. Trained personnel should be readily available in case of any emergent crisis. There should be separate groups of people for dealing with hardware, software, IT and networking related issues (Anadiotis et al. 2014).These trained persons should be at service whenever they are required to. At every department there should be smart usage of telecommunications and networking to make the workflow easier and to minimize errors. If these steps are followed religiously, then the university might be on the course of being considered as one of the best of the era.
Anadiotis, A., Patrikakis, C. and Murat Tekalp, A. (2014). Information-centric networking for multimedia, social and peer-to-peer communications. Trans. Emerging Tel. Tech., 25(4), pp.383-391.
Bar, T. and Leiponen, A. (2014). Committee Composition and Networking in Standard Setting: The Case of Wireless Telecommunications. Journal of Economics & Management Strategy, 23(1), pp.1-23.
Hillston, J., Kloul, L. and Mokhtari, A. (2004). Towards a Feasible Active Networking Scenario. Telecommunication Systems, 27(2-4), pp.413-438.
Katsigiannis, M. (2012). Mobile Network Offloading. International Journal of Interdisciplinary Telecommunications and Networking, 4(3), pp.40-53.
Khan, J., Chen, D. and Hulin, O. (2014). Enabling technologies for effective deployment of Internet of Things (IoT) systems: A communication networking perspective. ajTDE, 2(4).
Lokshina, I. and Bartolacci, M. (2014). Thinking eHealth:. International Journal of Interdisciplinary Telecommunications and Networking, 6(3), pp.27-36.
Meghanathan, N. (2014). Centrality-Based Connected Dominating Sets for Complex Network Graphs. International Journal of Interdisciplinary Telecommunications and Networking, 6(2), pp.1-24.
Powell, S. (2009). Interdisciplinarity in Telecommunications and Networking. International Journal of Interdisciplinary Telecommunications and Networking, 1(1), pp.1-8.
Russotto, T. (1987). The integration of voice and data communication. IEEE Network, 1(4), pp.21-29.
Sanyal, R. and Prasad, R. (2014). Enabling Cellular Device to Device Data Exchange on Sarkar, N. and Nisar, K. (2012). Performance of VoIP in Wired-Cum-Wireless Ethernet Network. International Journal of Interdisciplinary Telecommunications and Networking, 4(4), pp.1-25.
Shakhakarmi, N. (2014). Next Generation Wearable Devices:. International Journal of Interdisciplinary Telecommunications and Networking, 6(2), pp.25-51.
Tosti, F. and Umiliaco, A. (2014). FDTD Simulation of the GPR Signal for Preventing the Risk of Accidents due to Pavement Damages. International Journal of Interdisciplinary Telecommunications and Networking, 6(1), pp.1-9.
Tropina, T. (2015). Book Review. Telecommunications Policy.
Wade, V. (1999). Service management and the telecommunications information networking architecture. Computer Communications, 22(18), pp.1633-1637.
WANG, G., HUANG, T., LIU, J., XIE, R. and LIU, Y. (2014). In-network caching for energy efficiency in content-centric networking. The Journal of China Universities of Posts and Telecommunications, 21(4), pp.25-31.
WytrÄ™bowicz, J., Ries, T., Dinh, K. and KukliÅ„ski, S. (2014). SDN Controller Mechanisms for Flexible and Customized Networking. International Journal of Electronics and Telecommunications, 60(4).