Wednesday, October 23, 2019

Effect of Technology and Network Security Support on Information Security Essay

Introduction Information security has become one of the challenges in ripping benefits of information technology. It has been found out that most people fear using modern information and communication technology due to fear of the privacy of their personal details. Information technology has supported the growth of online services like e-commerce, e-banking, e-governance, and many others which required people to give their sensitive personal details. However, practice like hacking and others which breach security of information have eroded personal confidence in use of ICT service. Information security can be described as the act of giving protection to information and systems by denying unauthorized access, use, disclosure or modification. The effect of Technology on information security The following are the technological methods that are used in ensuing information security; Authentication Authentication is the process through which a person or any other things undergoes through a verification process to determine whether it is the one. It is the way through which something or someone is confirmed to establish whether the claim made is actually true (McNab, 2004).   Authentication may involve confirmation of personal identity, origin of any artifact or basically making assurance that computer programs is trusted. Authentication is one of the commonly used methods of ensuring information security. It may be implemented through different methods including; Password A password can be defined as private information that is only known to the owner. A password assigns a user identity which is associated with the password. The password therefore becomes the gateway for the user to access that particular identity (Information Resources, 2009).   Passwords are personal and therefore the standard of the password is very important. Strong passwords are difficult to guess as compared to weak passwords and therefore they offer more security to private information. It is important that user safeguard their password and once they suspect that someone else has accessed their passwords they should consider changing them to ensure security. Token A security token is a hardware device that is used by the owner to authenticate their identity.   Once the device is recognized by the network, the user is given access to the system.   A token can be in different forms ranging from smart cards, key fob, and many others (Erin, 2005).   Tokens provide high level security through two-factor authentication method. First, the owner has a personal identification number or PIN which authorizes them to access the device. Second the device displays that PIN number of the user to the system which allows them to access the system. Unlike passwords, token are more secure since even if the device falls in wrong hands, it will be difficult to guess the PIN.   The four types of tokes include static password, synchronous dynamic password, asynchronous password, and challenge response. Biometrics Biometric is one of the most advance authentication techniques that are used when dealing with many people. It will be observed that today, everyone enters in a baseball match after their physical characteristics have been recorded in a system while in school kids use their thumb to access meals. These represent the commonly used biometric techniques where the emphasis is one authentication using personal physical characteristics (Down and Sands, 2004).   Biometric uses different physical characteristics including eye, face, voice, fingerprints, shape of the hand, and many others. These characteristics are quite unique to every individual and they are one of the strong proofs to the personal identity.   However, biometric authentication devices are very costly to buy and maintain and therefore they are used in very sensitive situations. One of the greatest weaknesses of this method is that it is very easy to attacked stored comparison images than to copy those physical traits.   In most cases, biometrics is used as a two factor authentication methods where a password is combined with personal physical appearance. Software There are a number of softwares that have been developed to protect information in any network. The following are common software used in information security; Antivirus Antivirus are software developed to protect information from virus, spy ware, and malware. Antiviruses are used mostly in internet connected network where there is a high risk of spread of virus (Dhillon, 2007). Antivirus software mostly used includes MacAfee, Karspasky, NOD32, and many others. Content filtering Content filtering is also known as information filtering.   It encompasses the use of software to screen information on computers. It is also used in internet firewall especially by corporations to guard some information considered private. Content filtering helps to include or to exclude some information which can be accessed by a person and excluding information which is deemed objectionable (Dhillon, 2007). Content filtering is also used at home and at school in order to filter information that can be accessed by children. In this case, it is used to filter out pornographic materials and violence oriented materials.   In the internet content filtering can be classified into web filtering where some WebPages are filtered out and e-mail filtering where e-mails are screened for spam. However, content filtering is criticized on the ground that some important information may be filtered out of the accessible content such that the information accessed does not really help the user. Encryption With the increased use of the internet, a great deal of sensitive personal information is sent from one person to another or to an organization. This raises serious questions regarding the safety of that information and the confidence that only the intended receiver receives and understands the information. To raise this level of confidence, data encryption method has been developed (Biham and Shamir, 1991). Although encryption has been used since the time of Roman Empire, it has become more complicated and with diverse use today. Encryption mainly involves conversion of a readable data to another form which can only be read and understood by a specified person or computer. This information is regarded as ciphered or encrypted data since it cannot be understood easily. It is recovered back to its original form through decryption. The level of protection and integrity in encryption is enforced by the use of message authentication code or digital signature. Message authentication code creates a secret key for the sender and receiver of the information which makes it more secure and authentic. Today, there are many softwares that are used in encrypting data. However, encryption is not one of the most secure methods of ensuring data security since there are various methods like traffic analysis, brute force, TEMPEST, and many others which can be used to crack the encrypted data (Biham and Shamir, 1991). It has been found that even some of the most complex algorithms like RSA, DES and others can be broken using these softwares. iii. Hardware Firewalls have also played an important role in enhancing information security.   They can be used either in hardware or in software or when the two are combined.   In day to day uses, firewalls are important in protection unauthorized access to a private network which is connected to the internet especially in the cases of intranets (Whitman and Mattord, 2007).   Firewalls filters all messaging entering and leaving the intranet to ensure that it blocks those messages which are devoid of the set security standards.   There are four major types of techniques used in implementing firewalls including Packet filter This is one of the most effective and transparent firewall techniques. Under this technique, each and every packet entering and leaving the network is filtered and only those which meet user defined criteria are allowed while the rest are blocked.   However, the technique is quite difficult to configure and is more susceptible to IP spoofing. Application gateway Application gateway applies a defined security mechanism to some specific applications like FTP, Telnet servers, and others.   Although it is quite effective, it can also lead to degradation of performance. Circuit level gateway This technique applies firewall security only when a TCP or UDP connected has been made. Once the connection is established, packets of data continue to flow without being checked since a secure connection has been made. Proxy server Proxy server technique intercepts in and out of a network. The server is quite effective in hiding the network addresses and hence cannot be obtained easily. The effect of Network Security Support on information security Although technology has been effective in deterring cyber crime, it is clear that technology alone cannot work. Even with the advanced technology and application of the various information security methods we have reviewed above, human support is still needed. There are various ways that have been employed in supporting technological method to fight cyber crimes. The following are some of these methods: Hacker Hunters Hacker hunters are special branches that have been set up in police department aimed at tracking down cyber criminals.   Hacker hunters are prowling cyberspace with an aim of tracking down and arresting professional cyber criminals who are motivated by big profits made online.   Hacker hunters are employing gumshoe techniques to track down cyber crime suspect (Grow and Bush, 2005). They are employing various methods including infiltration of hacker groups, monitoring the hackers through underground networks, and when possible, intercepting the hackers before they can cause any damage. Most important, hacker hunters are relying on intelligence in order to track cyber criminals. They are using informants inside hackers group to get vital information regarding their operation. For example in 2004, Hacker Hunters in Washington unleashed Operation Firewall in which they targeted members of the ShandowCrew tracking them through their website shandowcrew.com with the help of an informant from the group.   Hackers Hunters must therefore seek inside information from individuals in these groups in order to fight deter them. They are applying the same principles that were used in the 1960s to fight organized crime since both are similar in many aspects. Police Operations Police operations work in the same manner as hacker hunters.   In most cases, police operations are carried out by a special group within the police force and reinforce the work of hacker hunters.   For example in the above case, the Special Agents in the operation firewall got assistance from the local police forces.   Therefore police operations are important in pursuing cyber criminals to ensure security of information (Leyden, 2004). Unlike hacker hunters, police operations are carried out as fighting of routine crimes. This means that although there may be a special group carrying out police operations, it may not be entirely specialized in fighting cybercrime. In most countries, there are special internet police departments which are used in fighting internet crimes.   These police departments are entrusted with carrying out important functions like fighting cybercrime, censorship, propaganda, online scams, manipulation of online opinions, and others. However one of their most important duties is to work closely with hacker hunters in intervening and apprehending cyber criminals. Internet police departments also collaborate with other police departments in other countries in enforcing internet security laws and apprehending cyber criminals.   In the international front, Interpol has been important in enforcing international crimes. iii. Network Security Service Companies For many companies, proving information security is an expensive endeavor. Companies are not only required to install hardware and software devices, but they must also collaborate with authority to ensure information security. However, the growth of corporate resources in provision of secure business environment has made many information security methods inefficient and expensive (Lighthouse Security Group, 2009). For this reason, most companies are finding it appropriate to outsource comprehensive and streamlined network security services from Network Security Services Company. Network Security Service Companies have also become important in enforcing information security. These are companies which are specialized in providing services to enforce information security.   These companies offer Managed Security Services (MSS) which are security capabilities mostly outsourced by other companies. These services vary from supplementing of an existing security system to offering a complete new MSS where the Network Security Service Company is entrusted with information security. However, MSS is just one of the different types of managed services others including routing, hosting, LAN, VPN, and others.   Network Security Service Companies therefore offer specialized high quality network security services ensuring for many enterprises. Conclusion The increased incidence of breach of privacy of information has had negative impact on adoption of ICT services.   The emergence of e-commerce, e-banking, e-governance and other online services which required input of sensitive personal details have been affected by increased hacking of information. There are different methods that have been developed to increase information security mainly through the use of technology and network support on information security. Technological methods include authentication through password, token, biometrics; software including antivirus, content filtering, or encryption; and hardware through use of firewall techniques.   Network security support includes hacker hunters, police operations, and security services offered by network security service companies. Reference: Biham, E. & Shamir, A. (1991). Differential cryptanalysis of DES-like Cryptosystems. Journal of Cryptology, Vol. 4(1): 3-72 Dhillon, G. (2007). Principles of information systems security: text and cases. NY: John Wiley & Sons Down, M. P & Sands, R. (2004). Biometrics: An Overview of the Technology, Challenges and Control Considerations. Federal Computer Week, 21(13) Erin, B. (2005). Information security: Token. Boston, Technology Press Grow, B. & Bush, J. (2005). Hacker Hunters: An elite force takes on the dark side of computing.   Retrieved 28th April 2009 from http://www.businessweek.com/magazine/content/05_22/b3935001_mz001.htm Information Resources, (2009). Security tips: Password protection. Retrieved 28th April 2009 from http://www.utdallas.edu/ir/security/STpassword.htm Leyden, J. (2004). Enforcement is key in fighting cybercrime. Retrieved 28th April 2009 from http://www.crime-research.org/analytics/473/ Lighthouse Security Group, (2009). Enterprise security solutions. Retrieved 28th April 2009 http://www.lighthousecs.com/Practices/Enterprise-Security-Solutions/ McNab, C. (2004). Network Security Assessment. Sebastopol, CA: O’Reilly Whitman, M. & Mattord, J. (2007). Management of information security. Boston, Technology Press

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.