Scribd
Upload
47 views

The Current Situation of The Existing System

The organization is experiencing ongoing security breaches despite upgrading their firewalls. The document discusses possible reasons for the gaps, including lack of intrusion prevention/detection systems, weak access points, viruses, lack of training for administrators, and attacks from former employees. It recommends technical controls like implementing a demilitarized zone for email servers and intrusion detection systems to monitor the network and detect intrusions in real time. Host-based intrusion detection systems could also detect attacks not found by network-based systems or unauthorized software.

Uploaded by

Sithma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
47 views

The Current Situation of The Existing System

The organization is experiencing ongoing security breaches despite upgrading their firewalls. The document discusses possible reasons for the gaps, including lack of intrusion prevention/detection systems, weak access points, viruses, lack of training for administrators, and attacks from former employees. It recommends technical controls like implementing a demilitarized zone for email servers and intrusion detection systems to monitor the network and detect intrusions in real time. Host-based intrusion detection systems could also detect attacks not found by network-based systems or unauthorized software.

Uploaded by

Sithma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

The Current Situation of the Existing System

The company operates globally, running on multiple platforms and connects several
service providers from different countries. Even though the company has strict
policies about the Internet and Email usage, there have been reports of security
breaches through the Local Area Networks which are interconnected internationally
by using leased data links.
Due to the occurrence of these breaches, the network security has been upgraded
with the deployment of new and expensive firewalls on the perimeters of each
network. Despite these modifications to the networks, the security breaches
continue to occur and the Global Network Manager is coming up short so as to why
the breaches occur, due to the fact that all the firewalls, internal and external, are
fully functional, and all the network equipment have been properly configured.

Possible reasons for the gaps in security


A security breach could be defined as an access to data, service, network, by an
unauthorized personnel bypassing the security system. Security breaches to
organizations cold be pivotal to the organizational growth and existence, since the
data or the services accessed by the unauthorized party may be of sensitive nature.
Possible reasons for the gaps in security with regards to this organizations may be:

Lack of Intrusion Prevention System


Legitimate user restriction
Weak access points
Viruses and Trojans.
Lack of training or proper guidance for the network administrators
DDoS attacks
Social Engineering attacks
Former staff attacks
Absence of a backup firewall
IP poofing

Lack of an intrusion Detection System


If the organization were to employ an intrusion detection system, the security
breaches to the system could be detected, and the origin of the breaches could be
determined.

Legitimate user restriction


If the users were to transmit data that is actually not related to their field of
work or department, it would be considered as a security breach. Therefore, having
user access levels could minimize the security breaches.

Weak access points


Connecting to the internet or the network via unsecure access points cold also be a
threat to the system.

Viruses and Trojans


With the users of the system been given access to the internet, viruses and Trojans
could be downloaded without the knowledge of the worker. Therefore, it is vital that
a fully functional anti- virus software is protecting individual machines as well as the
entire network as a whole.

Lack of training and proper guidance for the network administrators.


If the network administrators were given proper knowledge and the necessary
training, they would consider the security breaches occurring from within the
network, rather than speculating about the Firewall malfunctions etc.

DDoS attacks
DDoS attacks or Distributed Denial of Service attacks could also pose a threat to the
system, since these attacks cannot be contained by firewalls.

Social Engineering attacks


A social engineering attack is an attack done on the system by an outside party,
without the knowledge of the internal party, by playing mind games etc. by forcing
the workers to break their normal security procedures. Therefore, the attack cannot
be anticipated or prevented by a firewall.

Former staff attacks


Attacks to the system made by former employees of the system, perhaps with an
intention of revenge, could be vital, since they have insider knowledge on the
system.

Absence of a backup firewall


If the functioning firewall were to breakdown due to any kind of error, the absence
of a backup firewall may be critical to the system.

IP poofing
If the IP that is accessing the network is not genuine, but a Poofed IP, then the
firewall has no defense against that particular IP, since the firewall will register the
poofed IP as a genuine IP accessing the network.

Technical controls
The following technical controls could be utilized by the company in order to
minimize the gaps identified.

Demilitarized Zone (DMZ)


A demilitarized zone is a somatic or logical subnetwork that comprises of and
disclosures an organization's external-facing amenities to a superior and untrusted
network, which could mostly be identified as the Internet. A demilitarized zone is
usually used by organizations in order to provide a higher level of security to their
Local Area Network.
In the case of this particular organization, with the users being given access to
email, it would be highly secure if the email servers could be moved to a
demilitarized zone from the Local Area Network.

Intrusion Detection Systems

An intrusion detection system (IDS) is a device or software application that


screens the network or system actions for malevolent actions or procedure
desecrations and produces intelligences to a supervision station.
Intrusion Detection Systems come in an assortment of flavors and
approach the goal of perceiving apprehensive traffic. It is a regulation-based
security system such as a firewall. The detection system is based on using
irregularities and or monograms. There are two types of Intrusion Detection
Systems, namely, NIDS and HIDS.
1. Network-Based Intrusion Detection System (NIDS)
Work by using the addition of NIDS sensor logic into
network devices such as firewalls and switches. An attacker does
not have the ability to sense a NIDS, which provides the user of

the NIDS with an added advantage, since it could also monitor an


entire network efficiently.
2. Host based Intrusion Detection System (HIDS)
If a server has been pegged as a target, then a sensor is
attached to it and will run inside the server. A Host based
Intrusion Detection System has the ability of detecting attacks
that cannot be detected by the Network-based Intrusion
Detection System and it also has the ability of detecting
outbreaks that breach software reliability such as Trojans. It also
has the ability of checking for encrypted data.
An advantage of using an Intrusion Detection System is that is has the
ability of capturing and analyzing data in real time, which in turn gives
the ability of warning the security administrator about the intrusions
and the status of the network with regards to the attacks on the
network. With the usage of an Intrusion Detection System installed in a
network, it is possible to detect Port scan, Denial of Service (DoS)
attacks, Ping-of-Death etc. It is important to note that the Intrusion
Detection System does not prevent the intrusion, but rather detect it.
If the organization employing the IDS is in need of protecting the
system against the intrusions, the organization should employ an
Intrusion Detection and Prevention System. An Intrusion Detection and
Prevention System mainly focuses on identifying possible threats of
intrusions and logging the necessary data about the identified threats,
and reporting intrusions. But an IDPS also works on recognizing
glitches with security policies, the documentation of the prevailing
extortions and discouraging people from violating security policies.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy