Network Security
Change Record Management System (CRMS) is designed to reduce downtime and in most cases prevent downtime. However there are other computer and network threats that cause downtime which might be beyond the capabilities of CRMS to reduce or prevent unless additional measures are taken by the organization. Computer security threats include mostly adware, spyware, spam, malware, and viruses. Computer security threats can be prevented, found and destroyed with available software. However, network security threats encompass computer security threats as well as the following: intrusion, denial of service, IP spoofing, session hijacking, and destructive behavior etc. therefore in addition to change record management system, other measures must be taken to circumvent network threats that might lead to downtime. The following is a more detailed look at the network security threats:
Intrusion – also known as unauthorized access has been around for many years. It involves gaining access to the network without authorization. Intrusion can occur in the following ways:
Physical contact – an unscrupulous individual, possibly a disgruntled worker, may come in contact with a logged in computer and use it to wreak havoc.
Hacking – a hacker can use various hacking methods to gain unauthorized access into a network and wreak havoc.
Denial of service – a denial of service attack occurs when a hacker gains unauthorized access to a computer through the internet and runs a code that makes continuous fictitious requests to a server (web server for example) to which the server normally responds. If the hacker runs the same code on a handful of computers on the internet, the server will be too busy responding to the fictitious request and will not be able to respond to anything else until the network is inundated and overwhelmed.
IP Spoofing – this is used by hackers to confuse network objects such as routers by assuming an IP address on the routers access list and using it to gain access to the network and the host computer.
IP Session Hijacking – hackers use this to take control of a user’s session. Using IP session hijacking; a hacker can see everything a user under attack is doing including reading his or her email. The hacker can take over the session without the user knowing it. To the user, the session will appear dropped but the hacker continues with the session and can do a lot of damage with the session.
Data Diddling – this can be in the form of a code that a hacker runs once he gains access to a database or spreadsheet that makes malicious changes to existing data rendering them meaningless and useless. A hacker can also personally make changes to data once unauthorized access is gained to a database of spreadsheet.
Data Destruction – hackers mostly want to wreak as much havoc as possible. So in most cases; instead of data diddling they just destroy the whole database.
Viruses – these are codes maliciously written to destroy hardware, software, and data, and cause grief. There are thousands of know computer viruses and many more come out every day.
Securing the Network
In addition to many other network security conscious practices; the following will enhance network security:
Backups – backups are very important to ensure data security. Every organization should endeavor to perform weekly full backups and daily incremental backups.
Packet Filters – packet filtering enables the detection of fictitious packets which are used by hackers in various kinds of attacks including denial of service and session hijacking.
Server Threshold – Servers’ threshold should be set way below capacity so that the servers cannot be easily overwhelmed in case of a denial of service attack before the attack is discovered.
Security Patches and Service Packs – these should be kept up to date
Physical Server Access – allow only authorized personnel to have access to the servers
Firewall – implement firewall.
Proxy – use proxy servers for network access
NAT – implement network address translation (NAT) protocol.
ACL – implement access control list on the routers
DMZ – implement demilitarized zone (DMZ). A DMZ connects the trusted network to an un-trusted network. It prevents access to the network through the internet and any other outside location without authorization.
Callback – implement callback and high level handshake. Callback ensures that connection is not initiated from outside and that the outside location and computer are verified before connection can be initiated.
Cryptology – internet connections should be encrypted to ensure keystroke and password security.
VPN – encrypted VPN with VPN tokens should be implemented for remote and satellite offices
Antivirus Dat. Update – enterprise antivirus defense such as MacAfee’s ePolicy Orchestrator must be implemented with automatic DAT file updates.
Network security breaches have been attributed to billions of dollars in lost revenues by companies of all sizes every year. So the need to maintain optimum network security cannot be over emphasized.