Network Standards and the vulnerabilities
A computer network is an interconnection of two or more computers (peripheral devices may be included as well). The types of networks include LANs (Local Area Networks), MANs (Metropolitan Area Networks) and WANs (Wide Area Networks). Networking has several advantages such as sharing of computer resources, enabling remote access to resources, facilitating cooperation and communication between different people. Networking standards are the sets of rules and quality levels that have to be adhered to in the networking process.
Networking standards have facilitated the widespread presence of computer networks around the world. This is because they provide a similarity in the different networking components, promote interoperability, facilitate mass production thus lowering costs and providing a base for future improvement. The standards relate to hardware components (for example, the size or number of pins) and software features (for example the transmission protocols, communication protocols) (Stallings 26).
On the other hand, some disadvantages and weaknesses are associated with computer networks. This is especially on system security. Networked computers face far more threats than offline computers. To start with, networked computers may be vulnerable to viruses. There are many types of viruses with different levels of harmful behavior. However, viruses are generally malicious programs that may damage your system or data. Networked systems face more virus attacks through emails, pop-ups, and Trojan attacks.
Another threat that faces networked systems is hacking. Hacking is defined by uslegal.com as “the intentional access to a computer without authorization or the exceeding of authorized access” (US Legal par. 4). In some instances, hacking is done as a hobby with no malicious intentions whatsoever from the hackers. This form of hacking is usually referred to as cracking. There are several effects of cracking a computer network. Some of these include denial of service to authorized users, theft or unauthorized access to data, corruption of your data or system (attack on authenticity), and unauthorized editing of data (US Legal par. 5).
Cracking can be performed from a remote distance because it offers the cracker the advantage of doing this from a remote location and with much more time to do it. Wireless networks are especially vulnerable because they are untethered, that is, once the signal is transmitted there is no means of monitoring it in the atmosphere (‘Computer Hacking Law & Legal Definition Para. 1-5).
Security policies and standards
A computer security policy is a plan of action to guide procedures and decisions to ensure the security of computer systems. Computer security is a term used about the activity of ensuring the availability, authenticity and confidentiality of both data and information systems. The policy contains the rules and responsibilities of users and administrators that when implemented would help these individuals to achieve their security goals. Therefore, computer security is characterized by such features as separating resources, authentication of the user, need-to-know policies, and so on. Security principles are the basis on which security policies are defined (Weise 2).
Security policies have several purposes. The security policy informs users, administrators, and the management about the requirements for protecting various physical computer resources, data, information systems, and the users of the computer system. According to an article on sun.com (the official website of Sun: the company that created java programming language), “another purpose is to provide a baseline from which to acquire, configure, and audit computer systems and networks for compliance with the policy (Weise 3). The article further argues that “this also allows for the subsequent development of operational procedures, the establishment of access control rules and various application, system, network, and physical controls and parameters” (Weise 4). Thirdly, the policy should specify the mechanisms through which these security objectives are to be achieved and procedures to take in case of a security breach (Weise 3).
A good computer security policy has several features. The security policies of an organization should be documented. A written policy provides a basis for implementation; it can be used for clarification in cases of misunderstandings and is easily distributable. The written form of the policy is called a security policy document. Secondly, the security policy in a security policy document. Secondly, the policy should be concise and clear (should not have ambiguous statements). Thirdly, it should clearly state out the responsibilities and duties of all users of the system. Fourthly, It should be up to date (Weise 4). This ensures that the policy covers such new requirements as recent changes in legal requirements and new sources of threats. There are more characteristics of good security policies depending on the culture and standards of that particular enterprise (Steve 11).
Security, standards refer to the levels of quality or excellence that is the organization chooses to adhere to achieve computer security. They are the set of low-level prescriptions of the means through which the company will enforce the given security policy. The security standards may be defined by that organization itself or the organization can adopt standards set by an external body such as ISO (International Standardization Organization), IEEC (Institute of Electrical and Electronics Engineers), and so on. The source of the standard is important to some extent, but the important thing is to ensure that the stipulated procedures and rules are enough to ensure the required level of security and that they are adhered to. Computer security policies and procedures are implemented in form of security models such as the Bell la pedula model, Biba model, the Harrison-Ruzzo-Ullman model, the Chinese wall model and more (About.com par. 1-4).
Firewalls planning and the designs used
Searchsecurity.com defines a firewall as, “a set of related programs, located at a network gateway server, which protects the resources of a private network from users from other networks. The term also implies the security policy that is used with the programs.” A firewall could take various forms. For example, it could be in the form of a hardware device. On the other hand, it could also assume the form of a software program. In this case, such a software program is installed on a running computer that has a secure host. A firewall finds use in various organizations. For instance, a company running on an intranet may opt to install a firewall to their computer network. In this case, the intention is to deny access to the organization’s secure documents by outsiders (SearchSecurity.com par. 5).
There are different types of firewalls. These include circuit-level gateways, packet filters, and stateful multi-layer inspectors and application-level gateways firewalls. Different types of firewalls operate differently and at different layers of the OSI model, for example, packet filters inspect packets traveling through the network and verify whether they should be allowed to pass based on some criteria. Application-level firewalls perform user authentication, they vet application-specific functions and either allow or deny them and apply varied authentication mechanisms to different applications. In designing firewall-based security, several types of firewalls should be used to ensure in-depth security since different types of firewalls have different dedicated functions. A server is a term used about a central computer into which other computers send their requests. When a client (for example a workstation in an intranet) wants to request an external server like a web server on the internet the proxy server first receives the request. The server then performs packet filtering and then requests the webserver. The proxy server also caches requested data and uses this data to respond to future identical requests thus increasing system performance and decreasing the system throughput.
Computer networks are crucial in the modern world. This is because they have greatly transformed the business world and the education sector. In addition, computer networks have helped to improve security and surveillance activities, amongst a host of other benefits. Currently, computer networks exist all over the world and the establishment of networking standards has facilitated this. However, they are faced with constant threats such as viruses, malware, and hacking. These networked systems need to be secured. Good security policies provide a base for establishing and enforcing successful security measures. Another important component of network security is the firewall. Firewalls need to be well planned and configured to ensure the network is secured from different online threats.
About.com. “Wireless networking: articles about IEEE standards.’ 2010. Web.
Levy, Steve. ‘Hackers: heroes of the computer revolution’. n.d. 2010. Web.
SearchSecurity.com. Definitions: firewall. 2010. Web.
Stalling, Williams. “Cryptography and network security: principles and practice.” New York: Prentice-Hall. 2006.Web.
US Legal. “Computer Hacking Law & Legal Definition”.2010. Web.
Weise, Joel.” Developing a Security Policy”. Sun.com. 2010. Web.