Technical project paper information systems security

Information System Security
Name

School

Information System Security
Introduction
In a networked organization, there are various kinds of threats that can affect the physical network. The attacks come in two forms; logical and physical attacks. The physical attacks to a network can be in form of natural hazards and hardware threats such as theft, fire, electric fault etc. Logical attacks are mainly the use of a software to attack a network example include the logical bomb, viruses, phishing, network sniffing and man in the middle. For example to mitigate the theft, the following can be employed by an organization; all the doors must remain closed with only authorized personnel to be allowed access, ensure electronic control to rooms, there should be security personnel to monitor the activities in the computer room. In summary the hardware threats involves the physical damage of computer components such as the routers, switches and servers (Tipton & Tipton, 2012).

Physical threats

Most of the physical threats have been outlined above, physical threats can be classified as follows;

Internal: internal threats may come from fire, electric fault, unstable fire supply, a lot of humidity and improper housing.
External: external threats come from outside the organization. Might include floods and lightening.
Human: human threats include vandalism of physical computers and other hardware
Natural disaster

Humans cannot regulate the disasters that happen in the world. The disasters pose a big threat to property and security. The most common disasters include flood and fire.

System failure
System failure can be as a result of poor components used in the servers and other systems. This can cause a failure and, therefore, a threat to the security of a system.
[G1] [G2] [G3]

Vandalism
Thieves can come and steal the whole computer from your store and make a[G4] way with all the required data[G5]

Act of Terrorism
Terrorism attack can create a physical loss to the computers and data.

Logical threats
The logical threat can be through network phishing, the man in the middle, and many others detailed below.
[G6]

Man in the middle
The man in the middle attack happens when the person keeps a connection between the two communicating channels. The assumption is t[G7] he two communication agents is that they communicate but in reality there is a person who might be altering the messages as they pass through the communication channel.
Social engineering[G8]

A social engineering is using human weakness and trust to hack a network or technology protocols. Users generally trust each other and this weakness can be described as phishing. This kind of attack can be prevented through training of the personnel on this type of attacks and their remedy that can be employed in the attacks.
Virus

A computer virus is a program that infects a computer and affects the way the computer carries out its tasks. The computer virus attack can be mitigated using a strong antivirus software that will either neutralize the virus or delete the virus. There are many companies producing the antivirus software, for example, the Avira, Esset Antivirus, AVG and others.
[G9] [G10]

Packet sniffing

An attacker can carry out a protocol analyzer to launch an attack. This is called packet sniffing. Using sniffing the attacker can gather a lot of information on the network such as un-encrypted network passwords, IP addresses using intelligent software that sniffs data. This packet analyzer can be placed using a trusted insider who can then use vulnerabilities to attack the network. This type of attack can be prevented using a strong physical control and a working password policy. Training, in this case, is also important for the employees to know this kind of attack [G11] [G12] [G13] and prevent any chance this type of attack occurring. [G14]

FTP bounce
This kind of attack uses the port command to indirectly attack the target. Once inside the targeted network, the attacker can carry out the attack. This can be prevented by turning off file sharing features in windows.

Security controls for logical threats

Some of the security controls that can be used to mitigate the physical measures have been highlighted above. Though other measures that can be used in the control system include the following;

Training and awareness
Training is the most cost effective and formal way of doing business. Training on the practices to mitigate the physical attacks. It is the best way to make users from mistakes that can lead to phishing and insider attacks.
[G15] [G16]

Policies and procedures
The security procedures must be outlined in order to outline clearly what procedures are required for the organization to remain secure. The users must agree and sign a form in order to continue having access to the computers.

Locking down the server rooms.
Locking up the server rooms ensures nobody gets into the server room. This help in mitigating the threats from unlocked doors. People assigned the rooms must be answerable.
[G17] [G18] [G19]
Set up surveillance
After locking the server room, surveillance is a good idea. If someone could break into the server room, it is likely that he will get caught by the camera. The camera should be placed in a location which make it difficult to operate and even to notice. Also, make sure the main [G20] [G21] server room looks the most valuable items in the server rooms.
[G22] [G23] [G24] [G25]

External contractor
The company can decide to use an external contractor to undertake the security of the information system. This makes the company not liable for its security and makes the company major on its main products.
[G26] [G27]

Authorized Local Network Devices
Access to the Ensure that the only devices connected to the organization’s network are those items provided by the organization. Right from USB used by the employees to the personal laptops, the owners should ensure the devices are free of malware

Operating System Patching/Updating
Updating operating system regularly will help in handling patches. Patching policies should specify the system's that would be vulnerable to attacks and the patches should be monitored.
[G28] [G29]

Operating System Hardening
The hardening of the operating system should improve the ability of the attackers infeasible. There are various hardening techniques that can be employed and these are available from the National Institute of Standards and Technology and American Center for information technology.

Anti-Virus Updating
As the new virus definition come every day, the antivirus definition would continue in the same manner. All users should ensure their PC’s are up to date with the antivirus definition new viruses are discovered every day. To protect the PC further, the organization should monitor the antivirus logs in order to detect any failed update.
[G30]

Change Control Process
Whenever a new person comes into the company, there should be a change control to implement the security control as well. Old passwords should be handed over to the new management and discarded.

Host-based Firewall
Host-based firewalls should run in all computers and laptops assigned to all employees. Apart from the host employees, the firewalls have hashed [G31] algorithms that identify applications such as Trojan Horse.

Send Encrypted Emails;
Only encrypted emails should be sent from the server. Any sensitive data should have a proper email address.

Safe browsing habits
Only official websites should be visited. Adult content should be restricted. Employees should follow organization’s laid down procedures (Hintzbergen, 2010). The prohibited should be clearly checked against the non-prohibited activities. Password protect all devices; all devices should have password protection. Be it smartphone or laptop, all the devices will have to be password protected to avoid being used by untrusted people who might breach security measures.

Sensitive data should be stored on encrypted drives. The drives should be encrypted or have a built-in encryption. The encrypted files will protect the data over the network[G32] .

Strategies for addressing physical threats
If the risk of a physical attack occurs, there is the need for addressing the risk, the risk can either be accepted, ignored or avoided. If only a few systems are affected by the risk, the technician available should physically disconnect the devices. And configure the new connection once more. [G33] The following will need to be focused on; format hard drive and backup any data that may be required; rebuild the system from the ground-up, restore the system to the network and change all administrative passwords of the infected files. Once an operating system is in place, apply the necessary security patches and see if any machine could be having a problem, as a result, change the network passwords and notify other security teams on the occurrence.
[G34] [G35]

Strategies for handling logical threats
The following can be used to prevent the occurrence of the logical risks;

Use of Proxy Servers and filters.
Implementation of the outbound application layer of the proxy servers prevents users from being directed to malicious sites (Roessing, 2010). This implements outbound web servers; as the only computer to connect to the outside networks.

Email Attachment Filtering
Filtering of email attachment ensures that only accepted files are attached to the emails. This will greatly reduce the chances of a computer program that might pose a threat to the computers in the network (Tipton, 2008).

Monitor Logs
The administrators should monitor the logs of the internet users. If the DNS server is monitor[G36] ed, there is a chance of an infection being found before the risk occurs. The following techniques can be employed in monitoring of the DNS server for malicious attack;[G37]

SMTP attempts on connections other than from the SMTP mail gateway;
Excessive scanning on TCP ports 445
Excessive traffic from internal systems.
Excessive traffic from individual or a group of internal systems

Conclusion

The essence of security cannot be taken lightly in an organization. Security measures; both pre-emptive and preventive should be put into place to ensure the data integrity is safeguarded. Both logical and physical security are all important in the information security set-up and both must have mitigation procedures and how to handle the impact should such a risk occur. Different companies develop security policies which must be adhered to in order to make the system secure and employees be made familiar of such procedures (Stefanek, 2002).

References
Hintzbergen, J., Hintzbergen, K., & Smulders, A. (2010). Foundations of Information Security. Zaltbommel: Van Haren Pub.

Roessing, R. (2010). The business model for information security. Rolling Meadows, IL: ISACA.

Stefanek, G. (2002). Information security best practices. Boston [Mass.]: Butterworth-Heinemann.

Tipton, H. (2008). Information Security Management Handbook. Hoboken: Taylor & Francis Ltd.

Tipton, H., & Tipton, H. (2012). Information security management handbook. Boca Raton [u.a.]: CRC Press.