Escolar Documentos
Profissional Documentos
Cultura Documentos
Dan Hobson
CIS344
Today’s computing environment has changed dramatically the way we do
business. Email and instant messaging have become a larger and larger part of today’s
work environment and the Internet has become not just and frill for many companies, but
their sole method of doing business. The amount of data being stored by companies has
also grown. Terabyte hard drives and huge NAS arrays, companies are keeping more and
more data about customers and business partners, much of it sensitive data that needs to
be protected.
We will be looking at a few different ways that companies can help safe guard
One of the most often overlooked aspects of network security is physical security.
Controlling access to the network does not just involve setting up firewalls and assigning
user names and passwords. Preventing unauthorized access to the network also involves
physically securing access to computers attached to the network. If I wanted to break into
network. You must also look at the physical access to the network cabling. Being able to
hack into a network by splicing into the cabling itself may seem more Hollywood than
real life, but it is possible. For instance “The EMR (Electromagnetic radiation) emissions
from CRT monitors can be picked up and display what is on that monitor on another
While most companies won’t be subject to that kind of attack, it shows you just
Physical security should start at the exterior of the building. For government
facilities and companies working with highly sensitive projects it should begin with
access to the parking lot, but we will assume we are talking about more general
businesses. Preventing unauthorized access to the building can be as simple as a lock and
key to sophisticated biometric scanners and security guards posted at all entrances and
exits. Most large businesses make use of ID badges and card readers for access to the
building. This system also creates a log of who entered the building, when they entered
Controlling access to the PC’s can be done with user names and passwords,
biometric scanners such as finger print readers or by using smart cards. Servers should
always be placed in rooms where access can be strictly controlled and no one but the
administrators should be able to access the server directly. Securing the cabling for most
institutions is as simple as running conduit and placing the network cables inside walls.
Drop ceilings do not provide any security other than to hide the cabling from view.
Email security is another problem for most businesses. Email has become
essential to most companies day to day business operations. It has even replaced the
telephone in many instances as the preferred form of communication and as such has
become a larger and larger target for criminals attempting to steal company information
or identity thieves trying to steal personal information such as credit card numbers and
Defense in depth is the way one needs to approach email security. One form of
defense is no longer enough to provide much safety. Defense starts at the perimeter,
email servers should be placed on a separate network in front of your internal network;
antivirus and anti-spam should also be installed on the email server or the better option is
to use a separate email gateway that handles the entire virus scanning and spam filtering.
This takes the load off the email server and provides one more layer of protection
between you and the outside world. Digital certificates are also another way of securing
email. “A digital certificate is like a passport. The certificate actually contains different
parts, most importantly a private key and a public key.” (Richardson, Tim 2004)
Certificates can be used to verify that the author of the email is actually the person whose
address appears in the from line. Spoofing an email address takes almost no time and
most users seeing an email from “the big boss” will open it and click on any attachment
inside without questioning if the email is legitimate. Here is where user training comes in.
Educating your users on email security should be a part of any security policy. Email
spoofing, spam, phishing and other nasties are floating around the Internet and an
unwitting user can infect your entire network with one click.
Encryption is another way of securing email, like digital certificates it uses keys and the
most popular and easiest method is the public/private key exchange. PGP, which stands
for Pretty Good Privacy, is a popular and very easy to use program that encrypts the
entire email. Even if the email is intercepted in transit to the recipient it cannot be read
with out the decryption key. GnuPG is a free program that uses the same setup as PGP, it
Wireless security is another aspect of network security that has become more and
more prevalent as businesses have embraced the technology. Since security is never the
first thing anybody thinks about when designing or installing a network wireless has
reduces expense. Being able to work from just about anywhere in the building means you
can carry your laptop to where you need to be and are saving time not having to run back
and forth. It has also added an entire layer of complexity to network security that we poor
in a small article he wrote about cracking WEP security. It shows how to crack a WEP
secured wireless access point in 10 min. “Cracking WEP today still requires specialized
tools and high motivation, but it's just a matter of time until somebody packages up the
procedure into a simple application that anybody can use.” (Udell 2007) So someone
sitting in your parking lot with a wireless signal can have access to your network in 10
min. This article alone should be enough to make most administrators cringe.
The first step in securing wireless access is placement of the access points. You
want to be able to get the signal where you need it without broadcasting it to your
neighbors or the thief across the street. A wireless signal finder can be used to check just
how far the signal reaches. The information above should also show you that at a
minimum you are going to want to use WPA encryption or better yet WPA2 both are far
Changing the default password on your wireless access point may seem like a
silly thing to say, but there have be many instances of such things happening. Always
change the default password of you access points and routers. This will be the first thing
and I could write an entire book, many have been actually, on network security.
The landscape of network security has gotten more and more complex over the
years and will probably not change anytime soon. The fact that you cannot be 100%
secure against an attack from a knowledgeable and dedicated attacker to me speaks more
of security needing to be built into networks and applications from the ground up.
Security should always be a first priority when designing a network as it is much easier to
build into the network from the start than to try and patch it up later on.
Works Cited
Nelson, B. et al . (2006) Computer Forensics and Investigations.
http://www.tim-richardson.net/misc/security.html
Oct. 21,2007,
http://weblog.infoworld.com/udell/2005/06/08.html