Implementing Network Security
Your Name here
ISSC361: Final
American Military University

Implementing Network Security Network design teams have several aspects that need to be considered when presented with the task of building a network for an organization. These things range from how many devices to put on the network, what kinds of devices, location of devices, and even how the cable will be connected to the devices. The one item that should always be at the forefront of every network design team, is how the network will be secured. This security should be very in depth and go into more than just technical aspects of security, it should also cover physical security of the network such as the building and sensitive rooms. Organizations are only as successful as the information they have, they will want all sensitive or proprietary information protected to the utmost. In order for most network teams to accomplish this, they themselves need to attempt to break into or hack the network in order to identify the weakest points and secure them properly. Essentially, you can build a great and fast network but if you can’t protect it then it will provide no usability to the client and this is why network security should be a priority at all times of the process. As stated above, the security implementations and considerations must be vast and include all aspects of the network. The first thing to take into consideration is the physical security of the area the network will be located. In order to accomplish this specific task, it is important to take into account who will be allowed to have access to the location, who shouldn’t be allowed in, and what measures will be taken to protect against this. With all of the physical security technology available, you can implement security measures for access with devices such as fingerprint scanners, eye scanners, pin pads, and card access readers. These specific devices will provide authentication factors for access to the building that houses the network and help ensure that only authorized personnel enter the premises. It is also important to remember that physical security will now reach beyond the limits of the main building itself as many organizations utilize many different mobile devices for on the go network access. With portable devices it is vital that users maintain physical control of them while traveling or even place a tracker on the devices in case of theft or loss (Shinder, 2007). Where many organizations fail with physical security is by not incorporating at least a two factor authentication to gain access to sensitive areas or devices. When they use only username and password, that only provides a one factor authentication with something you know. If you use a Common Access Card along with a pin or password, you can now have two factor authentication with something you have and something you know. Something that can get organizations into trouble with unauthorized access is when guests are coming into the area. While you may know the guest, you may not really know what their true intentions might be and therefore should treat the situation very seriously. One way to accomplish this particular task is by having them fill out their information and agree to specific terms of their temporary access. They should always be accompanied with an authorized employee in order to ensure they don’t have access to something they shouldn’t which is why they will wear an access badge that says “escort required”. It is also important to segregate private and public network resources so a threat can’t get access to one through the other. An example of this is to have a separate wireless network for guest access so sensitive information can’t be seen or taken. Another important and effective technology that should be implemented in the network design is use of network intrusion tools. These types of tools can be used to actually test the strength of the network and how easy or difficult it is to gain access to the network or the building. Using items such as penetration testers will give a network administrator a good understanding of where the biggest vulnerabilities might be in the network. You can even go as far as sending in teams of people to try to gain access to specific areas of a building in order to see how difficult it is or if policies need to be changed or updated. Another aspect of this particular security measure would be to install a server that is only used to test things. This provides the network administrator a segregated area of the network to try to implement new technology and have no actually effect on the real network. This is important because if a new patch or security setting is corrupt and it is implemented to the actual network, you are putting the entire network and system at risk as opposed to conducting the update in a test environment first. Once the physical security aspect is well covered and decided on, you then need to look at the daunting task of choosing what security measures will be used on the network itself. With threats that are constantly growing and adapting to current security measures, the actual security of the network is a non stop task that should pro active and not reactive. The time to implement the correct security measure isn’t after the attack but before it and this isn’t always an easy task to accomplish. Something that should be included in this particular area isn’t always thought of but having users read and sign an Acceptable Use Policy is vital. This provides users with the information needed to understand what is or isn’t allowed on a network and provides them a forum to ask administrators any questions that they may have regarding network access. It also helps hold individuals responsible for any actions taken on the network that was covered and they should sign these on at least an annual basis or when any major changes occur. One technology that can be used for this is a web site blocker which ensures users can’t access sites that may cause harm to the network and are controlled by the administrator. You will also need to implement a firewall that provides a specific level of security but isn’t so robust that it just blocks everything and causes issues to completing work for employees on a day to day basis. One item on a network that will occur hundreds if not thousands of times daily is the sending and receiving of E-mails. This is normally the lifeblood of information and data sharing and needs to be taken highly into consideration from a security aspect (Manky, 2010). There a few ways to ensure this occurs, such as using digital signatures and encryption. The digital signature on the mail will tell the receiver that the information is valid and from a trusted source. The encryption and decryption will let them know that the information is unchanged and still has integrity. An organization is only as good as the information it has and can provide, ensuring this information is unaltered and from a legitimate source provides the correct level of security. It is also important that users understand they should be cautious when opening messages or attachments from an unknown source. This is how many attackers get access to a network, they will gain access once the attachment is downloaded and take over the system and inherently gain access to all network resources with the user being unaware what happened. These are all things that can affect the network from outside the firewall, there are also technology implementations to protect from insider threats as well (Savitz, 2012). One of the things to be implemented is a technology that blocks USB ports from being used unless prior authorization is given. USB use is a very common way attacks end up getting into the network from inside the firewall (Manky, 2010). You can run software on a system that only allows the use of external devices to include CDs if the system administrator has given authorization and scanned the device prior to the use. As stated previously, security threats are always changing and adapting to current security practices. This means administrators need to stay updated on all future trends with technology to protect against attacks as well as knowledgeable on the attacks themselves. Cloud services are growing at a rapid rate in many different organizations, this presents a different kind of threat to consider for the network. Hackers have been slowly attacking clouds more and more by stealing data and in order to protect against these threats it is important to have good password policies as well as a limit on who can access the cloud services (SophosLabs, 2014). Another future trend is mobile security on all devices being taken outside the main building. With more and more organizations requiring mobile use while travelling, hackers have access to them on the wireless unsecured networks they are utilizing. In order to help protect against this threat, users should be issued the mobile device with specific security measures in place such as not allowing them to download applications that aren’t on the device when they receive it from the company. With employees having social media and a lot of information on the open source internet, social engineering will only grow in the future as a major threat to organizations. If a hacker can exploit an employee based on weaknesses found through social media sites, they can get them to access the network from the inside with authorized credentials making it very difficult for administrators to catch them before damage is done. This is where the acceptable use policies and keeping employees informed on proper online etiquette is vital to the success of the overall organization security plan. At the end of the day, it is going to be very difficult if not impossible to be completely protected from every possible attack that could occur on the network. This would be very costly and would more than likely render the network useless when implementing every single security practice at once. This is important because the system and network administrators will need to stay educated on what attacks are occurring on similar networks and protect themselves against them. Staying updated and educated on all technology that can protect against attacks and the attacks themselves will ensure the best possible situation for the organization’s network security platform. With Information Technology growing at a rapid rate and covering a vast array of areas in the business world, it is important to understand the different types of regulatory issues that could be posed. Most of the regulations involve information sharing and what is allowed to be shared or with whom. One type of organization that has this in vast quantities is the healthcare industry. In particular, with healthcare provides and technology, they must ensure that they completely comply with the Health Insurance Portability and Accountability Act (HIPPA), which ensures the privacy of sensitive patient information. This is important to the network design team and administrators because they need to ensure any servers that are being used to store this specific data are using the utmost security measures to ensure the hospital is remaining in compliance with this law. Expectation is really the most common theme for data on a network. Most companies will be required to treat personal information delicately in order to ensure customer and employee privacy. Another aspect of this subject is protecting employee information such as pay rates. This is important to keep secure as how much each employee is making should be known to that employee, the hiring manager, human resources, and the owner. Ensuring this type of data is secure is a big issue put on the lap of the network administrator. As the network administrator, you should also have employees sign a document that tells them what information will be stored on the network or servers so that they are informed in case of any information or data loss. This prevents employees from coming back and saying they weren’t aware this information was being stored and they feel as though their privacy has been violated by the company. With the dependency on the internet and connectivity only growing larger as the years go on, there are a vast number of companies involved in this specific area. The ability to create hardware and software has become so widespread there are too many companies to list them all. One of the main companies that will be utilized in most organizations will be Microsoft. This company will likely provide the system operating system and provide network administrators with updates and security patches to implement directly from the company. This ensures that all systems have the latest security patches on them and are protected from common attacks on that specific operating system. With different companies being the front runner in their specific field you can end up having companies ranging from Microsoft, Apple, Cisco, Motorola, Linksys, Dell, HP, and many more all integrated on the network. It is important to know what companies run what portion of your network so you aren’t left with outdated software or hardware and vulnerable. With the advancement of mobile technology and networking, the global implications of network security are growing vastly. Everyone needs to be connected at all times with tablets and smartphones which means security implications are inherent in all corners of the world. Understanding where employees are travelling throughout world and what threats are imminent in that specific area are vital to the proper security protection. It is also important to understand that other companies or countries that you are doing business with may not take network security as seriously as you do. This means you need to ensure employees don’t use any external media on the company device as it could contain viruses that would potentially give hackers access to all network resources through the mobile device. With information constantly evolving and being a part of everyone’s life, the global implications of network security will only grow hand in hand. As you can see from the data presented in this essay, network security is a vital aspect to consider while designing a network. The network is only as good as it is secure, meaning the network can’t provide any organizations with useful data sharing if the integrity is compromised. Organizations thrive off of the ability to store and share data with other organizations and it is the network design’s team to set the company up for success with proper security measures. There are a lot of different aspects involved with a good security policy and it is important to constantly revise and update these practices to stay in line with the latest threats.

References

Savitz, E. (2012). 5 key computer network security challenges for 2013. Retrieved from http://www.forbes.com/sites/ciocentral/2012/12/11/5-key-computer-network-security-challenges-for-2013/
Shinder, D. (2007). 10 Physical security measures every organization should take. Retrieved from http://www.techrepublic.com/blog/10-things/10-physical-security-measures-every-organization-should-take/
Sophos Labs (2014). Trends to Watch in 2014. Retrieved from https://www.sophos.com/en-us/security-news-trends/security-trends/network-security-top-trends.aspx
Manky, D. (2010). Top 10 vulnerabilities inside the network. Retrieved from http://www.networkworld.com/article/2193965/tech-primers/top-10-vulnerabilities-inside-the-network.html