The document discusses IT infrastructure and IT security. It defines IT infrastructure as the hardware, software, networks, and services that support an enterprise's IT needs. The key components of a standard IT infrastructure are identified as hardware, software, network resources, and human resources. IT security involves protecting systems and information from unauthorized access or harm. Security aims to ensure the confidentiality, integrity, and availability of information. The document then provides recommendations for appropriate IT infrastructure components for different types of organizations.
1. INTRODUCTION
This project covers two aspects of Information Technology in
first part of the introduction we will explain the IT infrastructure of an
enterprise/ organization, then secondly we will explain what is Information
Technology security and what are the essential of it.
The Information Technology is the application of Servers,
computers, Laptops, Software, and other networking or internet devices to
store, retrieve, transmit and manipulate data or information in the context of
a business or the enterprise. The infrastructure of Information Technology
refers to composite hardware, software, network resources and services
required for the existence, operation and management of an enterprise IT
environment. It allows an organization to deliver IT solutions and services
to its employees, partners and their Customers. An Enterprise technology,
information and infrastructure refer the concept of Information Technology
(IT) resources and data that are shared across an Enterprise. The term
Enterprise is also known as “company” or a “firm” is an organizational
entity involved in the provision of goods and services to consumers. A
standard IT infrastructure is consists of the following components.
Hardware: Servers, Data Centers, Computers, embedded systems,
Switches, Hubs, etc.
Software: It referred to Enterprise Resource Planning (ERP),
Customer Relationship Management (CRM), Supply Chain
Management System (SCMS) and some other custom base software
which are according to the requirement of the Client.
Network Resources we can divide them into two categories
Hardware which refers to a physical existence like Firewall and the
second is Software base which are like Threat Management Gateway
(TMG) or Internet Security Acceleration (ISA).
1
2. Meatware: It refers to Human entities which may operate or use
computer for the computing process.
It provides a connectivity and availability of data from host or
remote place at any time so that the user may share the required information
from anywhere, anytime in the world. It may be centered within a data
center, with connection and the user’s authentication in different
environments using intelligent or dumb access devices. Below Figure show
the relationship between the between IT infrastructure and business
capabilities.
2
3. The Information
Technology (IT) Security may
also refer Computer Security or
Cyber security is the protection
of information systems from
theft or damage to the hardware,
software and information on
them.
It includes
controlling physical access to
the hardware protecting against
harm that may come via network
access, data and code injection as well as other harmful software.
Security on information is something to defend data from
unauthorized access, use, disclosure, disruption, modification, inspection,
recording or destruction. The protection afforded to an automated
information system in order to attain the applicable objectives the
information. The security of information is relay on three factors which are,
Integrity, Availability and Confidentially.
3
4. Background:
History of communication is very old it was introduced in
Egyptian Ancient world at that time it was established through a special
massager which takes a lot of time. In the Middle of the 1950s there was a
need of faster way of communication to send their letters, signals and other
necessary documents the only way either mail service or telegram which is
fast but slower and less efficient than network.
Information Technology is one of the branches of
communication; it has been around because there was always a need of
communication over technology, which make it fast, reliable, efficient and
effective way of communication. We can divide Information Technology in
different ages namely Pre-mechanical, mechanical, electro-mechanical and
electronic which will discuss in the next section.
In the beginning of Electronic (Information Technology) there
was a need of infrastructures which is designed to help and support
enterprise to make it profitable which is the core factor of a business. In this
Infrastructure we need the departments which are interrelated (Marketing,
Production, sales, Finance, Supply chain, Accounts and Human
Resource) with each others. So that they can share the information as well
as data with each other according to the requirements, and when this
information share with other users there is a need of security of Data which
make it secure, protective, alteration-free and whenever it required it
always ask user authentication and when these messages, files and data
send/ shared or delivered then there must be a need of security for their
availability, integrity and confidentiality which makes them more secure,
reliable and authentic.
4
5. In an IT security we use different parameters according to our
requirement some are consist of software base and some of them are
Hardware which are physical devices in the detail of IT security we will
discuss and show how it work?
5
6. 1.0 Evolution of IT Infrastructure
The IT Infrastructure in organizations today is an outgrowth
of over 50 years of evolution in computing platforms. We can divide them
in five stages, each of them representing a different configuration of
computing power and infrastructure elements, names are given below.
These are divided according to the nature of work in this topic we also
recommend what is the suitable system for an Enterprise.
General-Purpose Mainframe and Minicomputer (1959 to Present)
Personal computer/ desktop version
Thin Client
Client/ Server Base Networks
Enterprise/ Internet computing
Cloud computing platform
6
7. Recommendation
Types of computer and its types according to the requirement
of business we recommend them according to the requirement.
Like an organization focus on the business of data base or
Census record or they are National Data base we recommend them Main
Frame or Mini computer system because of bulk data processing and the
data is stored centrally the sites or branches they can update data, record
new data but they cannot alter data without authentication as well as
approval.
In a business like banking system where data is stored in
database server which is connected to the main branch and that main branch
has mainframe computer for entries the recommended system on the client
side is Thin
Client (No
Operating
System, No
Hard Drive
totally
Dependent on
Server) system
in which the
user can run
real time
application
which is stored
in a server so
that entries should be updated on same time.
Table 1 show the Stages in IT infrastructure evolution
INFRASTRUCTUR MAINFRAM PC ERA ENTERPRIS CLOUD
7
8. E
DIMENSION
E ERA
(1959 TO
PRESENT)
(1981 TO
PRESENT
CLIENT/
SERVER
ERA (1983
TO
PRESENT)
E/
INTERNET
ERA (1992
TO
PRESENT)
COMPUTIN
G ERA
(2000 TO
PRESENT)
SIGNATURE
FIRM(S) IBM
Microsoft/
Intel
Dell
HP and
IBM
Novell
Microsoft
SAP
Oracle
PeopleSoft
Google
Salesforce.co
m
IBM
Microsoft
HARDWARE
PLATFORM
Centralized
mainframe
Wintel
computers
Wintel
computers
Multiple:
• Mainframe
• Server
• Client
Remote
servers
Clients (PCs,
netbooks, cell
phones,
smartphones)
OPERATING
SYSTEM
IBM 360
IBM 370
Unix
DOS/
Windows
Linux
IBM 390
Windows 3.1
Windows
Server
Linux
Multiple:
• Unix/ Linux
• OS 390
• Windows
Server
Linux
Windows
Mac OS X
APPLICATION
AND
ENTERPRISE
SOFTWARE
Few
enterprise-
wide
applications;
departmental
applications
created
by in-house
programmers
No
enterprise
connectivit
y; boxed
software
Few
enterprise
wide
applications;
boxed
software
applications
for
workgroups
and
departments
Enterprise-
wide
applications
linked to
desktop and
departmental
applications:
• mySAP
• Oracle E-
Business
Suite
• PeopleSoft
Enterprise One
Google Apps
Salesforce.co
m
NETWORKING/
TELECOMMUNIC
ATIONS
Vendor
provided:
• Systems
Network
Windows
Architecture
None or
limited
Novell
NetWare
Windows
2003
Linux
AT&T voice
LAN
Enterprise-
wide area
network
(WAN)
Internet
Wi-Fi
Wireless
broadband
cellular
networks
8
9. (IBM)
• DECNET
(Digital)
• AT&T voice
TCP/ IP
Internet
standards–
enabled
INFRASTRUCTUR
E
DIMENSION
MAINFRAM
E ERA
(1959 TO
PRESENT)
PC ERA
(1981 TO
PRESENT
CLIENT/
SERVER
ERA (1983
TO
PRESENT)
ENTERPRIS
E/
INTERNET
ERA (1992
TO
PRESENT)
CLOUD
COMPUTIN
G ERA
(2000 TO
PRESENT)
System
Integration
Vendor-
provided
None
Accounting
and
consulting
firms
Service firms
Software
manufacturer
Accounting
and
consulting
firms
System
integration
firms
Service firms
SaaS
(Software as
a Service)
firms
Data Storage
and Database
Management
Magnetic
storage
Flat files
Relational
databases
Dbase II
and III
Access
Multiple
database
servers with
optical and
magnetic
storage
Enterprise
database
servers
Remote
enterprise
database
servers
Internet
Platforms
Poor to none
(1959–1995)
None at
first
Later
browser
-enabled
clients
None at first
Later
• Apache
server
• Microsoft
IIS
None in the
early years
Later:
• Intranet-and
Internet
delivered
enterprise
services
• Large server
farms
Larger server
farms
9
11. 1.1 The Components of Infrastructure
The Information Technology Infrastructure is consisting of
seven major components and these components of infrastructure
coordinates with each other to provide firm with a coherent infrastructure.
In the end of 20th
century most of the manufacturers
supplying components were often in competition with one another, offering
purchasing firms a mixture of incompatible, proprietary, partial solutions.
But increasingly the vendor firms have been forced by large customers to
cooperate in strategic partnerships with one another. For instance, a
hardware and services provider such as IBM cooperates with all the major
enterprise software providers, has strategic relationships with system
integrators (often accounting firms), and promises to work with whichever
database products its client firms wish to use (even though it sells its own
database management software called DB2). Let us examine the size and
dynamics of each of these infrastructure components and their markets.
11
13. Recommendation
The computer system hardware which is a initial component
of a infrastructure is recommended in a fine Information Technology
Environment are authorized brands which are easily repairable, replace/
upgrade as well as configured do not use any unbranded time which are
comparatively lower in price This component includes client machines
(desktop PCs, mobile computing devices such as iPhones and BlackBerrys,
and laptops) and server machines. The client machines use primarily Intel
or AMD microprocessors (Gartner, 2008; Metrics 2.0, 2008). The server
market is more complex than a desktop one there are two largest
manufacturers namely Intel and AMD. Servers are required according to the
requirement of user/ organization. Similarly, the operating system is
according to the requirement of user and client. On the Client side 90
percent of PCs handled Microsoft Windows operating System to manage
the resources and activities of the computer and provide user GUI base in
which they drag and drop options by clicking. These Microsoft based O.S
are more commonly used as well as they are more compatible with a lot of
application. However Linux, UNIX or other O.S they are also reliable but
mostly not found in client based system that’s why it not friendly user and
before use we need to trained staff which is more complex and time
consuming.
The third component of Enterprise base software which is
used for database is the application which is used by a firm for its business
purpose which is core function of an organization to provide facility to their
user and client’s to generate profit. This application varies according to the
requirement of user that what they actually looking for? What type of
business they run? Either they are B2B or B2C.
13
14. Globally, firms spend more than $250 billion a year on
networking and telecommunications hardware and more than a trillion
dollars on networking services (consisting mainly of telecommunications
and telephone company
charges for voice lines and
Internet access; these are
not included in this
discussion). Windows
Server is the predominant
local area network
operating system, followed
by Linux and UNIX. Large
enterprise-wide area networks primarily use some variant of UNIX. Most
local and wide area networks use the TCP/ IP protocol suite as their
networking standard.
The leading networking hardware providers are Cisco,
Lucent, Nortel, and Juniper Networks. Telecommunications platforms are
typically provided by telecommunications/ telephone services companies
that offer voice and data connectivity, wide area networking and Internet
access.
On commercial purpose there are very few options available
in data base management which are responsible for organizing and
managing the firm’s data so that can be efficiently accessed and used. In
addition there are also some organization or service providers providing the
service of physical data storage so that a company can store data in NAS or
SANs base storage. They provide multiple storages in which user can store
data and backup in another drive or mirror the data by configuring
NAS/SANs according to the requirements. The physical data storage data is
dominated by EMC Corporation for large scale system and small number of
14
15. PCs hard drive manufacturer led by Seagate, Maxtor, Western Digital and
Hitachi. Again it is recommended on the bases of nature of business as well
as the size of a business following are the firms who provide database
management system.
Below table 2 shows the Data base software.
Serial No Software
Company/
Manufacturer
1. DB2 IBM
2. Oracle Oracle
3. SQL server Microsoft
4. SAP SAP SE
The 6th
important component of Infrastructure is Internet
platforms overlap with, and must relate to, the firm’s general networking
infrastructure. Globally, firms spend billions on Internet related
infrastructure, such as hardware, software, and management services to
support a firm’s Web site—including Web hosting services—and for
intranets and extranets. A Web hosting service maintains a large Web
server, or series of servers, and provides fee-paying subscribers with space
to maintain their Web sites. The major Web software application
development tools and suites are supplied by Microsoft (the Microsoft.
NET family of development tools used to create Web sites using Active
Server Pages for dynamic content), Sun (Sun’s Java is the most widely used
tool for developing interactive Web applications on both the server and
client sides), IBM (Web-Sphere is IBM’s suite of electronic business tools
and applications), and a host of independent software developers, including
Macromedia (Flash), media software (Real Media), and text tools (Adobe
Acrobat).
15
16. Consulting and system Integration
Services
Although 20 years ago it might have been possible for a large
firm to implement all its own IT infrastructure, today this is far less
common. Even large firms do not have the staff, skills, budget, or necessary
experience to do so. Implementing new infrastructure requires significant
changes in business processes and procedures, training and education, and
software integration. Leading consulting firms providing this expertise
include Accenture, IBM Global Services, Electronic Data Systems, HP
Technology Solutions, Infosys, and Wipro Technologies.
Software integration means ensuring the new infrastructure
works with the firm’s older, so-called legacy systems and ensuring the new
elements of the infrastructure work with one another. Legacy systems are
generally older transaction processing systems created for mainframe
computers that continue to be used to avoid the high cost of replacing or
redesigning them. Replacing these systems is cost-prohibitive and generally
not necessary if these older systems can be integrated into a contemporary
infrastructure.
Below is the example of consulting and system integration.
16
17. Omnetric Group is
dedicated to the global delivery of Integrated
Information Technology and operational
solutions and services, helping utility
companies to achieve greater grid reliability
and efficiency. It is joint venture between
Siemens AG and Accenture. Combining
Siemens’ leading energy technology product
portfolio with Accenture’s systems integration,
consulting and managed services capabilities.
The Group support clients with innovative
solutions wherever they may be on their path to
a smarter grid.
17
18. 1.2 Contemporary Hardware Platform
Trends
Although the cost of computing has fallen exponentially, the
cost of the IT infrastructure has actually expanded as a percentage of
corporate budgets. Why? The costs of computing services (consulting,
systems integration) and software are high, and the intensity of computing
and communicating has increased as other costs have declined.
For instance, employees now use much more sophisticated
applications, requiring more powerful and expensive hardware of many
different types (laptop, desktop, mobile handheld computers).
Firms face a number of other challenges. They need to
integrate information stored in different applications and even on different
platforms (telephone, legacy systems, intranet, Internet sites, desktop, and
mobile devices). Firms also need to build resilient infrastructures that can
withstand huge increases in peak loads and routine assaults from hackers
and viruses while conserving electrical power. Firms need to increase their
service levels to respond to growing customer and employee expectations
for service. Following are the hardware platform trends.
The emerging mobile digital platform
Grid Computing
Cloud Computing and the Computing Utility
Autonomic Computing
Virtualization
Multicore Processors
Recommendation
18
19. As we know Grid computing is a virtual Supercomputing
machine placed in geographically remote and which is made by some
special software that required high speed of connectivity. It is used for high
level of scientific research to find the best solution, the advantage of this
technology is low cost and we recommend this machine in corporate sector
for Research and Development process in limited budget.
For example, Royal Dutch/ Shell Group
is using a scalable grid computing platform that
improves the accuracy and speed of its scientific
modeling applications to find the best oil reservoirs.
This platform, which links 1024 IBM servers running
Linux, in effect creates one of the largest commercial
Linux supercomputers in the world.
Another Hardware platform is cloud computing it is a third
party platform which is provided for the commercial data storage in which
data is permanently stored remotely and accessible from anytime and
anywhere in the world, the most important reason for selecting this
platform is the cost cutting Analysis because organization don’t need to
spend on fixed infrastructure as well as they don’t need money to upgrade
equipments every year.
19
20. Autonomic Computing
It is a Computer systems have become so complex that some
experts believes they may not be manageable in the future. With operating
systems, enterprise, and database software Grid computing On-demand
computing Utility computing. It is estimated that one-third to one-half of a
company’s total IT budget is spent preventing or recovering from system
crashes.
About 40 percent of these crashes are
caused by operator error. The reason is not that
operators are not well trained or do not have the right
capabilities; rather, it happens because the
complexities of today’s computer systems are too
difficult to understand, and IT operators and
managers are under pressure to make decisions about
problems in seconds. One approach to dealing with
this problem from a computer hardware perspective is
to employ autonomic computing.
It is an industry-wide effort to develop systems that can
configure themselves, optimize and tune themselves, heal themselves when
broken, and protect themselves from outside intruders and self-destruction.
Imagine, for instance, a desktop PC that could know it was invaded by a
computer virus. Instead of blindly allowing the virus to invade, the PC
would identify and eradicate the virus or, alternatively, turn its workload
over to another processor and shut itself down before the virus destroyed
any files. A few of these capabilities are present in desktop operating
systems. For instance, virus and firewall protection software can detect
viruses on PCs, automatically defeat the viruses, and alert operators. These
programs can be updated automatically as the need arises by connecting to
an online virus protection services.
20
22. 1.3 Contemporary Software Platform Trends
There are five major themes in contemporary software
platform evolution:
• Linux and open source software
• Java
• Web services and service-oriented architecture
• Software mashups and Web 2.0 applications
• Software outsourcing
Before recommendations I prefer to explain these platforms
shortly. Linux is an O.S which is a free version available on internet most
of the mobile applications and mobile base software are developed in it
however open source is a community of several programmers around the
world providing a platform to program a free version of software and
upload it for other users.
Java is an O.S independent, processor-independent, object-
oriented programming language that has become the leading interactive
programming environment for the Open source software Java. It was
created by James Gosling and the Green Team at Sun Microsystems in
1992. This platform has migrated into cellular phones, smartphones,
automobiles, music players, game machines, and finally, into set-top cable
television systems serving interactive content and pay-per-view services. It
is designed to run on any computer or computing device, regardless of the
specific microprocessor or operating system the device uses. Sun has
created a Java Virtual Machine that interprets Java programming code for
that machine. In this manner, the code is written once and can be used on
any machine for which there exists a Java Virtual Machine that can handle
text, data, graphics, sound, and video, all within one program if needed.
Web services refer to a set of loosely coupled software
components that exchange information with each other using universal Web
services are XML, which stands for Extensible Markup Language was
22
23. developed in 1996 as a more powerful and flexible markup language than
hypertext markup language (HTML) for Web pages. Hypertext markup
language (HTML) is a page description language for specifying how text,
graphics, video, and sound are placed on a Web page document. By tagging
selected elements of the content of documents for their meanings, XML
makes
In the past, software such as Microsoft Word or Adobe
Illustrator came in a box and was designed to operate on a single machine.
Increasingly, software is downloadable from the Internet and composed of
interchangeable components that integrate freely with other applications on
the Internet. Individual users and entire companies mix and match these
software components to create their own customized applications and to
share information with others. The resulting software applications are
called mashups. The idea is to take software from different sources and
combine it in order to produce an application that is “greater than” the sum
of its parts. Part of the movement called Web 2.0 Web mashups combine
the capabilities of two or more online applications to create a kind of hybrid
that provides more customer value than the original sources alone. One area
of great innovation is the mashups of mapping and satellite image software
with local content. For instance, Zoocasa is a new real estate search engine
in Canada that is using Google Maps to display real estate listings. The
Zoocasa home page is a simple search box in which the user enters a city or
neighborhood and can define search criteria by price, number of bedrooms,
and number of bathrooms. The Zoocasa search results are then presented on
a Google Map and listed in a sidebar beside the map. One innovative
feature of the map is that if you click on a property marker, the sidebar
automatically scrolls to display the property details. Google, Yahoo!, and
Microsoft now offer tools to allow other applications to pull in information
from their map and satellite images with relatively little programming. You
23
24. have performed a mashups if you have ever personalized your Facebook
profile or your blog with a capability to display videos or slide shows. The
small pieces of software code that enable users to embed content from one
site into a Web page or another Web site are called widgets.
Widgets are small software programs that can be added to
Web pages or placed on the desktop to provide additional functionality. For
example, the Flixter widget on Facebook profiles transports users to a place
where they can list the films they have seen along with their ratings and
reviews, view their friends’ ratings and reviews, and what is playing in
theatres. Web widgets run inside a Web page or blog. Desktop widgets
integrate content from an external source into the user’s desktop to provide
services such as a calculator, dictionary, and Web services to provide a
standard intermediate layer of software to “talk” to other companies’
information systems. Mashups Widgets 158 Part II Information Technology
Infrastructure or display of current weather conditions. The Apple
Dashboard, Microsoft Windows Vista Sidebar, and Google Desktop
Gadgets are examples of desktop widgets. Widgets also provide storefront
windows for advertising and selling products and services. Random House
Inc. has a widget that enables visitors to its Web site to click through to
purchase new book releases from its online store. Amazon.com and Wal-
Mart have toolbar widgets that enable surfers to search their Web stores
while staying on their social network or another personal page. Widgets
have become so powerful and useful that Facebook and Google launched
programs to attract developers of widgets for their Web sites.
24
25. Recommendation
Most of the firm’s believe in outsourcing for IT services now
a days the reason behind this the operating cost, equipment cost,
depreciation on equipment, lack of in house experience, out casting of their
technology as well as the Staff training. Organizations may divert their
attention from their core businesses.
However those firms who are particularly providing services
they have talented IT professionals, state of the art infrastructure, latest
technology with high level of services as well as the focused strategy. These
people are focused in it better to say their core business is to provide finest
solution and services to their client. In my recommendation on software
platform Outsourcing is one of the fine solutions of software requirement
which can meet according to business requirement and their core business
don’t get any type of disturbance.
In order to achieve their goals and objects the Outsourcing
Parties (A & B) the service provider and an outsourcer having a contract
between them is called Service Level Agreement (SLA).
25
26. Service-Level Agreement
The SLA is a formal contract between customers and their
service providers
that defines the
specific
responsibilities of
the service
provider and the
level of service
expected by the
customer. SLAs
typically specify
the nature and level
of services
provided, criteria for performance measurement, support options,
provisions for security and disaster recovery, hardware and software
ownership and upgrades, customer support, billing, and conditions for
terminating the agreement.
Many companies nowadays cannot afford to have an onboard
IT support team or they are too large to handle all the IT operations or
simply realized that the IT is distracting their attention from the core
business and they cannot tolerate any down. There are many companies
providing IT services to make their services as SLA.
Another example of SLA like a company establishing a new
business or upgrading and they wanted redesign the IT infrastructure and its
security essential, they signed a contract with an IT solution provider that
they help to redesign the structure as well as we will provide a service for 2
26
27. years which may include the device up-gradation, security measurements as
well as the training of the staff that contract between the customer and
service provider is called “SLA”. During the period of 2 years the service
provider is bond to provide solution of those problems occurs regardless of
its level of complexity and companies are confident that help is available on
a phone call away and team will be here in any minute.
27
28. 1.4 Management Issue
Creating and managing an IT Infrastructure raises multiple
challenges, dealing with platform and technology changes, management
and governance and making wise infrastructure investments.
Dealing with platform and Infrastructure change
As an organization grows, they need to reform their
infrastructure and when it changes there must be a need of IT infrastructure.
On the other hand technology changes rapidly some time company does not
require changes in IT but the technology requirement pursued to change in
infrastructure.
Today’s challenge in IT infrastructure is the licensing and
compatibility of hardware, new inventions are made every day and these
inventions are mostly not compatible with previous Technology.
Management and Governance
A long-standing issue among information system managers
and CEOs has been the question of who will control and manage the firm’s
IT infrastructure. Other important questions about IT governance include:
Should departments and divisions have the responsibility of making their
own information technology decisions, or should IT infrastructure be
centrally controlled and managed? What is the relationship between central
information systems management and business unit information systems
management? How will infrastructure costs be allocated among business
units? Each organization will need to arrive at answers based on its own
needs.
Making wise Infrastructure investments
28
29. IT infrastructure is a major investment for the firm. If too
much is spent on infrastructure, it lies idle and constitutes a drag on firm
financial performance. If too little is spent, important business services
cannot be delivered, and the firm’s competitors (who spent just the right
amount) will outperform the under investing firm. How much should the
firm spend on infrastructure? This question is not easy to answer.
A related question is whether a firm should purchase its own
IT infrastructure components or rent them from external suppliers. As we
discussed earlier, a major trend in computing platforms—both hardware
and software—is to outsource to external providers. The decision either to
purchase your own IT assets or rent them from external providers is
typically called the rent versus buy decision.
29
30. S.W.O.T Analysis
It is a business technique which is used to understand an
organization’s Strengths and Weaknesses, and for identifying of both
Opportunities and threats. The strength and weakness are the Internal and
comes from internal resources which you can resolve internally, however
Opportunities and threats are external resource which comes from outside.
Internal
Helpful Harmful
Strengths are the advantages of
your organization
Weaknesses areas which to
be improved
External Opportunities factors that may
contribute to an organization and
can build up your strength
Threats are the potential
problems by external
factors that an organization
may face
The higher management must take a look on SWOT Analysis
which helps to find out that what we can do and what opportunities which
we should avail after this. Following are the keys elements which are
identified in early SWOT Analysis.
30
31. Strengths
Intelligent people
Established processes
Problem solving
Capability in delivering business
value
Weaknesses
Technology obsession
Vulnerability
Lack of understanding of business
Inability to communicate in business
speak
Opportunities
Integrate with the business
Innovation
Quantifying value to the business
(analytics)
Process improvement
Threats
Change
Accountability
Viruses or Hacking
Reduced budget
Cloud/ outsourcing
Rogue IT
31
32. Risk Management
Risk is defined as the likelihood of financial loss. Risk is a
business concepts not a technological one. However the management is the
administrative functions of a business whether it is a profitable or
government organization defines the department function to perform job
effectively and efficiently. Risk management is identification, assessment
and prioritization of risk followed by coordinated and economical
application of resources to minimize, monitor and control the probability or
impact of unfortunate events or to maximize the realization of
opportunities. Risk management’s objective is to assure uncertainty does
not deflect the endeavor from the business goal.
The concept of Risk is very balance the more threat you got
your Risk is high. For example a hacker (Threats) attacks on system which
has no security backups (No Antivirus and disable Firewall configuration)
then Risk is High below picture explain this concept.
Some common threat-sources include:
• Natural Threats—floods, earthquakes, hurricanes
• Human Threats—threats caused by human beings, including both
unintentional (inadvertent data entry) and deliberate actions
(network based attacks, virus infection, unauthorized access)
• Environmental Threats—power failure, pollution, chemicals, water
damage
32
33. Vulnerabilities can be identified by numerous means.
Different risk management schemes offer different methodologies for
identifying vulnerabilities. In general, start with commonly available
vulnerability lists or control areas. Then, working with the system owners
or other individuals with knowledge of the system or organization, start to
identify the vulnerabilities that apply to the system.
The following tools and techniques are typically used to
evaluate the effectiveness of controls; they can also be used to identify
vulnerabilities:
Vulnerability Scanners – Software that can examine an operating
system, network application or code for known flaws by comparing
the system (or system responses to known stimuli) to a database of
flaw signatures.
Penetration Testing – An attempt by human security analysts to
exercise threats against the system. This includes operational
vulnerabilities, such as social engineering
Audit of Operational and Management Controls – A thorough
review of operational and management controls by comparing the
current documentation to best practices (such as ISO 17799) and by
comparing actual practices against current documented processes.
33
34. Likelihood
Determining likelihood is fairly straightforward. It is the
probability that a threat caused by a threat-source will occur against
vulnerability. In order to ensure that risk assessments are consistent, it is an
excellent idea to utilize a standard definition of likelihood on all risk
assessments. Below table show the sample of likelihood.
Definition
Low 0-25% chance of successful exercise of threat during a
one-year period
Moderate 26-75% chance of successful exercise of threat during a
one-year period
High
76-100% chance of successful exercise of threat during a
one-year period
34
35. 1.5 Competitive Forces Model for IT
Infrastructure Investment
Competitive forces model you can use to address the question
of how much your company should spend on IT Infrastructure? This model
is designed consist of 6 components compared to Porter’s 5 original
competitive forces. The following section describes these six forces or
factors and their impact on the firm’s IT services and infrastructure.
Market Demand for Your Firm’s Services
Your Firm’s Business Strategy
Your Firm’s Information Technology (IT) Strategy, Infrastructure,
and Cost
Information Technology Assessment
Competitor Firms’ IT Services
Competitor Firm IT Infrastructure Investments
Total Cost of Ownership of
Technology Assets
Your firm’s expenditures on IT infrastructure with that of
your competitors, you will need to consider a wide range of costs. The
actual cost of owning technology resources includes the original cost of
acquiring and installing hardware and software, as well as ongoing
administration costs for hardware and software upgrades, maintenance,
technical support, training, and even utility and real estate costs for running
and housing the technology. The total cost of ownership (TCO) model can
35
36. be used to analyze these direct and indirect costs to help firms determine
the actual cost of specific technology implementations. Table below
describes the most important TCO components to consider in a TCO
analysis.
When all these cost components are considered, the TCO for
a PC might run up to three times the original purchase price of the
equipment. Hidden costs for support staff, downtime, and additional
network management can make distributed client/ server architectures—
especially those incorporating mobile wireless devices—more expensive
than centralized mainframe architectures. Hardware and software
acquisition costs account for only about 20 to 40 percent of TCO, so
managers must pay close attention to administration costs to understand the
full cost of the firm’s hardware and software. It is possible to reduce some
of these administration costs through better management. Many large firms
are saddled with redundant, incompatible hardware and software because
their departments and divisions have been allowed to make their own
technology purchases.
These firms could reduce their TCO through greater
centralization and standardization of their hardware and software resources,
Companies could reduce the size of the information systems staff required
to support their infrastructure if the firm minimizes the number of different
computer models and pieces of software that employees are allowed to use.
In a centralized infrastructure, systems can be administered from a central
location and troubleshooting can be performed from that location. Below
illustrates the concept of TCO.
Total Cost of Ownership
Iceberg Model
36
38. 2.1 IT Security Essentials
The protection afforded to an automated information system
in order to attain the applicable objectives of preserving the integrity,
availability and confidentiality of information system resources (includes
hardware, software, firmware, information/data, and telecommunications).
Protecting information and information Systems from
unauthorized access, use, disclosure, disruption, modification, or
destruction. Information security is concerned with the confidentiality,
integrity and availability of data regardless of the form the data may take:
electronic, print, or other forms. The Security Requirements of an
organization consist of following three elements which we called the
security essentials of IT.
Confidentiality
Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and proprietary
information. Confidentiality is necessary, but not sufficient to maintain
privacy, it is a process to keep data secret from unauthorized user or
systems are not able to reach or access.
Integrity
Integrity means that data cannot be modified without
Authorization Examples: Manual deletion or alteration of important data
files, Virus infection, Employee altering their own salary, website
vandalism, polling fraud In Information Security, the term “data integrity”
should not be confused with Database referential integrity. Guarding
against information modifications or destruction, including ensuring
information non-repudiation and authenticity.
38
39. Availability
Ensuring timely and reliable access to and use of information
but availability does not mean that anyone, anytime can access and copy
data, there should be a security to reach on information.
Authenticity
In computing, e-Business and information security it is
necessary to ensure that the data, transactions, communications or
documents (electronic or physical) are genuine (i.e. they have not been
forged or fabricated.)
In Information Technology security is one of the essential
elements to protect and secure data, for this purpose network administrator
may use different level of security following are the names and in the
upcoming topic we will discuss in detail.
1. Computer security/ Information Technology Security
2. Internet Security
3. Cyber warfare
4. Information security
5. Mobile security
6. Network Security
2.2 Information Technology Security
Information technology security is information security
applied to technology (most often some form of computer system). It is
worthwhile to note that a computer does not necessarily mean a home
desktop. A computer is any device with a processor and some memory.
Such devices can range from non-networked standalone devices as simple
as calculators, to networked mobile computing devices such as smartphones
39
40. and tablet computers. IT security specialists are almost always found in any
major enterprise due to the nature and value of the data within larger
businesses. They are responsible for keeping all of the technology within
the company secure from malicious cyber attacks that often attempt to
breach into critical private information or gain control of the internal
systems.
In the introduction of this project we already discuss what
actually Computer security is and why it is so much important for an
enterprise it is also known as cyber-security or IT security, is the protection
of information systems from theft or damage to the hardware, the software,
and to the information on them, as well as
from disruption or misdirection of the services they provide which may
includes controlling physical access to the hardware, as well as protecting
against harm that may come via network access, data and code injection
and due to malpractice by operators, whether intentional, accidental, or due
to them being tricked into deviating from secure procedures. The field is of
growing importance due to the increasing reliance on computer systems and
the Internet in most societies, wireless networks such as Bluetooth and Wi-
Fi and the growth of smart devices including mobile phones television and
Personal Digital Assistance PDA/ tiny devices as part of the Internet of
Things. The information Technology is performed for protection of data
which rotate on Confidentiality, availability and integrity which we already
discussed earlier.
Vulnerability Computing
Computer security or Information Technology Security can be
attacked by different ways so we need to secure our system and protect
them by using different technology (hardware & software) which may
40
41. helpful to secure our data. It is a weakness which allows an attacker to
reduce system assurance. It intersects in three elements: a system
susceptibility or flaw, attacker access to the flaw and attacker capability to
exploit the flaw.
Vulnerability doesn’t mean that it should be attack or attack
by outside, it is more that if a system or computing devices become
humidity, dust and unprotected it also come in the umbrella of vulnerability.
Vulnerabilities are classified according to the asset class they are related to.
41
42. ***Hardware*** ***Software***
Susceptibility to humidity
Susceptibility to dust
Susceptibility to soiling
Susceptibility to unprotected
storage.
Insufficient testing
Lack of audit trail
***Network*** ***Organizational***
Unprotected communication
lines
Insecure network
architecture.
Lack of regular audits
Lack of continuity plans
Lack of security
***Personnel*** ***Physical site***
Inadequate recruiting process
Inadequate security
awareness
Area subject to flood
Unreliable power source
Following are the categories of threat which may harmful for Computer
system.
Denial of services attack
Backdoors
Direct access attacks
Eavesdropping
Spoofing
Tampering
Privilege escalation
Phishing
Click jacking
Social Engineering
42
43. Recommendation
Computer security manager or network manager should not
only follow the recommended security controls on Information systems but
also consider following measures. These measurements may include
tactical and strategic mitigations and are intended to enhance existing
security programs.
Deploy a Host Intrusion Detection System (HIDS) to help block and
identify common attacks.
Use an application proxy in front of web servers to filter out
malicious requests.
Ensure that the "allow URL_fopen" is disabled on the web server to
help limit PHP vulnerabilities from remote file inclusion attacks.
Limit the use of dynamic SQL code by using prepared statements,
queries with parameters, or stored procedures whenever possible.
Information on SQL injections
Disable active scripting support in email attachments unless required
to perform daily duties.
Consider adding the following measures to your password and
account protection plan.
Use a two factor authentication method for accessing
privileged root level accounts.
Use minimum password length of 15 characters for
administrator accounts.
Require the use of alphanumeric passwords and symbols.
Enable password history limits to prevent the reuse of
previous passwords.
Prevent the use of personal information as password such as
phone numbers and dates of birth.
43
44. Deploy NTLMv2 as the minimum authentication method and
disable the use of LAN Managed passwords.
Use minimum password length of 8 characters for standard
users.
Disable local machine credential caching if not required
through the use of Group Policy Object (GPO).
Deploy a secure password storage policy that provides
password encryption.
If an administrator account is compromised, change the password
immediately to prevent continued exploitation. Changes to
administrator account passwords should only be made from systems
that are verified to be clean and free from malware.
Implement guidance and policy to restrict the use of personal
equipment for processing or accessing official data or systems (e.g.,
working from home or using a personal device while at the office).
Develop policies to carefully limit the use of all removable media
devices, except where there is a documented valid business case for
its use. These business cases should be approved by the organization
with guidelines for their use.
Implement guidance and policies to limit the use of social
networking services at work, such as personal email, instant
messaging, Facebook, Twitter, etc., except where there is a valid
approved business case for its use.
Implement recurrent training to educate users about the dangers
involved in opening unsolicited emails and clicking on links or
attachments from unknown sources.
Require users to complete the agency's "acceptable use policy"
training course (to include social engineering sites and non-work
related uses) on a recurring basis.
44
45. Ensure that all systems have up-to-date patches from reliable
sources. Remember to scan or hash validate for viruses or
modifications as part of the update process.
45
46. 2.3 Internet Security
Internet security is a branch of Information Technology
security which specifically related to the Internet often involved in web
browsing, on a general level it may applies to operating system or
application. Usually it has threat which attack from outside of the network
there are some physical and intangible protection we should make on
Internet security. The purpose is to establish rule on Internet security to
make secure Internet access and avoid risk on email and sharing
information. There are different methods of securing data including
encryption and from the ground up engineering. Following are the names of
threats and remedies which can be attack on a network.
Threats
Malicious Software
Computer viruses
Trojan Horse
Spyware and Worms
Phishing
Application Vulnerabilities
Remedies
Network Layer Security
46
47. In a network layer or TCP/IP protocols may secured with
cryptographic methods. These protocols include Secure Socket Layer/
Transport Layer Security for web traffic, pretty Good Privacy PGP, for
email and IPsec for the network layer security.
Internet Protocol Security (Ipsec)
It is designed to secure TCP/IP communications which works
on authenticating and encrypting each IP packets of any communication
session. It can be used for protecting of the flow of data between pair of
hosts, between a pair of security gateway and a host. It was developed by a
group of Columbia University funded by Clinton Administration for the
exchanging of messages which make it more secure and encrypted trusted
information system.
DARPA is one of the research and development authority
which comes in Ministry of Defense, USA they designed an IP
Encapsulating Security Protocol (ESP) which was specifically work for US
Navy to transmit secret messages so that no one can eavesdrop. All these
are methods of IPSec.
Security Token
It is a system which is generated for some of the websites
which offers customers the ability to use a six digit code which randomly
changes every 30-60 seconds. These numbers are mathematical
computational figures which manipulate numbers based on current time
built into the device.
Electronic mail (Email) security
47
48. Email is fastest way of delivering messages; it is used by
corporate, individual users. Securing of these emails is essential part of
security or protection for this purpose we make different protocols to safe
them and these protocols are called Mail user agent, mail transfer agent.
Pretty Good Privacy
It is used to provide confidentiality by encrypting messages to
be transmitted or data files to be stored in an encryption algorithm such as
TRIPLE DES or CAST-128. Email messages can be protected by using
cryptography in various ways such as.
Singing an email messages to ensure its integrity and confirm the
identity of its reader.
Encryption the body of an email message to ensure its
confidentiality.
Encrypting the communications between mail servers to protect the
confidentiality of both message body and message header.
Message Authentication Code
It is a method which is used to create a secret key to encrypt
messages.
48
49. Recommendations
Internet security works on inbound and outbound and an
administrator must consider internet security as an essential. A Internet may
secure by Hardware products like firewalls and some software products like
Antivirus. We recommend internet security on following bases.
Encrypt your data
Implement DLP and auditing
Use digital certificates to sign all of your sites
Implement a removable media policy
Secure websites against MITM and malware infections
Use a spam filter on email servers
Use a comprehensive endpoint security solution
Network-based security hardware and software
Maintain security patches
Educate your users
Internet security products
Firewalls
A computer Firewall controls the access between networks. It
generally works on gateways and filters of packets. It acts as a intermediate
server between SMTP and HTTP connections.
Types of Firewall
Packet Filter is a 1st
generation which helps to filter packets
while it is going outbound or coming inbound the main purpose is to filter
on every packet and monitor users thoroughly.
Application Level firewall is another type of firewall which
works on OSI model to serve internet access and make a secure
network.
49
50. Next Generation Firewall
It combines a traditional firewall with other network devices
to filter functionalities like application firewall using deep packet
inspection or intrusion prevention system. In this firewall a hardware- or
software-based network security system that is able to detect and block
sophisticated attacks by enforcing security policies at the application level,
as well as at the port and protocol level.
Application visibility, application control and
threat prevention is handled by three unique
identification technologies, App-ID, User-ID,
and Content-ID, to allow organizations to deploy
Palo Alto Networks’ next-generation firewalls and
enable the secure use of new applications while
50
51. managing the inherent risks. These fine-grained
policy management and enforcement capabilities
are delivered at low latency, multi-gigabit
performance with the company’s innovative Single
Pass Parallel Processing (SP3) Architecture.
Browser choice
Selecting a web browser is one of a part of internet policy because
third party browsers are less secure in an internet email in a corporate
environment.
Antivirus
By keeping your computer clean of hostile viruses and malware, you
can reduce the risk of important personal information sent to the wrong
hands. Use Antivirus software or if you have already try update your
antivirus files frequently.
Password managers
A password manager is a software application that helps a user store
and organizes passwords. Password managers usually store passwords
encrypted, requiring the user to create a master password; a single, ideally
very strong password which grants the user access to their entire password
database.
Security suites
Security suites were first offered for sale in 2003 (McAfee) and
contain a suite of firewalls, anti-virus, anti-spyware and more. They may
now offer theft protection, portable storage device safety check, private
Internet browsing, cloud anti-spam, a file shredder or make security-related
decisions (answering popup windows) and several were free of charge as of
at least 2012.
51
53. 2.4 Network Security
Network security is consisting of policies and practices
adopted to monitor authorized and unauthorized user so that no one can
modify, misuse and computer networks. It involves the authorization of
access of data which is controlled by network administrator. For making
network secure and smoothly the administrator should assign a user name
with password or any other authentication if required, use original Software
and protect hardware from any misuse like no one can plug in Flash drives
in their USB ports, no user has any administrator rights.
Network security may establish according to the management
policy with different kinds of situations. A home or small office required
different security scenario however an Enterprise may required different
security scenario. In the upcoming topic we will discuss types of attacks,
types of attack we will categorized into two main categories which are
Active and Passive attacks.
Active Attacks
There are many types of active attacks in Network security
few of them we discussed in Computer Security following are the names of
these attacks.
DNS spoofing
Man in the middle
ARP Poisoning
VLAN hopping
Smurf Attack
Buffer/ Heap overflow
Format string attack
SQL Injection
Cyber Attack
Passive Attack
53
54. These Passive attacks are not commonly found now a days
but still they are threats to network and an administrator should aware of
these we called these attacks Wiretapping, Port scanner and Idle Scan.
54
55. Recommendations
As you can see, depending on your environment and the location of
hosts, a complex set of rules can be required on your firewall. Don't let the
complexity prevent you from properly configuring the firewall, however. A little
work initially can mean a better, more secure monitoring solution. The following
sections discuss issues regarding firewall protection for MARS and network-based
IPSs and IDSs. The suggestions given are a good place to begin, but they by no
means work in every network. For example, the TCP and UDP ports described in
the preceding sections are only defaults. You can configure most of these services,
which are common in many networks, to use other ports. Check Point firewalls,
for example, are commonly configured to use different ports than the defaults of
TCP ports 18184, 18190, and 18210.
55
56. Ingress Firewall Rules
To simplify the work involved, you should define some
network object groups on your firewall. If you're not familiar with this
term, think of object groups as variables that you can use while configuring
the firewall to make life easier. Rather than referring to a large list of IP
addresses or
TCP/UDP ports, you
can simply refer to a
name instead. The
following examples
use an object group
called CORP_NET,
which consists of all
IP addresses used on
your organization's
network. Ingress
traffic refers to
traffic that is inbound to a firewall (toward CS-MARS) from a less trusted
network. Figure shows both ingress traffic and egress traffic, or traffic that
leaves CS-MARS to go toward the less trusted network.
The following ingress rules are a good starting point for most
companies:
1. Step 1 Permit syslog and SNMP trap traffic (UDP 162 and 514) from
security operations (SecOps).
2. Step 2 Permit NetFlow traffic (UDP 2049) from SecOps.
56
57. 3. Step 3 Permit HTTPS (TCP 443) from SecOps if a large number of
people will be accessing the web console of MARS to run ad hoc
reports. Otherwise, permit HTTPS to a restricted range of addresses.
4. Step 4 Permit SSH (TCP 22) to a very restricted set of addresses. If
the security management network has its own VPN gateway, which
might be a function of the firewall, you might want to require
administrators to establish a VPN connection before permitting SSH.
5. Step 5 Permit HTTP (TCP 80) from any monitored web servers
running iPlanet or Apache. If you're using NetCache appliances,
permit HTTP from it as well.
6. Step 6 If your MARS deployment consists of multiple MARS LCs
that communicate to a centralized MARS GC, permit required
management traffic between those systems (TCP 443 and 8444).
7. Step 7 Deny all other traffic.
Egress Firewall Rules
Egress firewall rules refer to filters that restrict traffic from
the protected network to less trusted networks. Ideal security would restrict
outbound traffic to only those ports that are necessary for proper
functioning of the MARS appliance. However, in real life, this might be
unmanageable. You need to determine the proper balance between security
and manageability.
For example, a strict default egress policy might make sense
for your company's public-facing web server. Hopefully, connectivity from
the Internet to your web server (ingress rule) is permitted only on either
TCP 80 or 443, depending on whether your web server uses encrypted
HTTP. The egress policy should deny all traffic that originates from the
web server to hosts on the Internet. In other words, someone should never
57
58. be allowed to browse the Internet from your web server, to download files
from the web server, or to have other communications from the web server
to the Internet. By applying a proper egress rule on the firewall that denies
it, an attacker is also denied that same communications path. In most
instances where a web server, or any other server, is compromised by a
hacker, the hacker's next steps include copying files to the web server. This
is either to deface websites, install root kits, or retrieve the software needed
to further hack into the network. Strict egress filters raise the difficulty
level, often to a level that exceeds the capabilities of the hacker.
Depending on your environment and which MARS features
you're using, strict egress filters might be unmanageable. However, you
should evaluate them to see whether they are workable in your
environment.
The following list of egress filters serves as a good starter set
for most networks:
1. Step 1 Permit traffic required for name resolution to CORP_NET—
for example, Domain Name System (DNS) and Server Message
Block (SMB) for Windows hosts (TCP and UDP 53, TCP 137 and
445) to CORP_NET.
2. Step 2 Permit Network Time Protocol (NTP) to specified NTP
servers, either on your network or internetwork.
3. Step 3 Permit device discovery traffic on CORP_NET for routers
and switches—for example, Telnet (TCP 23), SSH (TCP 22), and
SNMP (UDP 161).
4. Step 4 Permit HTTPS to CORP_NET to allow MARS to discover
Cisco IDS/IPS sensors as well as to allow event retrieval from Cisco
IDSs/IPSs and Cisco routers running IOS IPS, and to allow
58
59. communications between MARS LCs and GCs. If possible, restrict
this range to a subset of CORP_NET.
5. Step 5 Permit FTP (TCP 21) to a centralized FTP server that contains
configuration files of routers and switches, if you want to take
advantage of this feature.
6. Step 6 Permit Simple Mail Transfer Protocol (SMTP) (TCP 25) to
allow MARS to e-mail reports and alerts to your SMTP gateway.
7. Step 7 Permit NFS (UDP 2049) if your MARS archive server resides
on a different network (not recommended).
8. Step 8 Permit TCP 8444 to allow communications between MARS
LCs and GCs, if they reside in different locations.
9. Step 9 Deny all other traffic.
If you want to take advantage of the MARS internal
vulnerability assessment capabilities, the preceding list of rules will not
work. Instead, use the following egress filter list.
1. Step 1 Permit all TCP and UDP traffic sourced from CS-MARS or a
third-party vulnerability scanner.
2. Step 2 Permit NTP traffic to defined NTP servers, if they do not exist
locally on SecOps.
3. Step 3 Deny all other traffic.
In day-to-day use of MARS, when you choose to get more
information about a specific host, the internal vulnerability assessment
feature of MARS initiates a port scan of the host. You cannot accurately
define an egress rule list that permits the vulnerability assessment to take
place while also restricting outbound ports. If you already use a supported
third-party vulnerability assessment tool, such as QualysGuard, you do not
59
60. need to use the internal tool. Otherwise, using the tool can greatly improve
the accuracy of information presented to you by MARS.
Network-Based IDS and IPS Issues
A network-based IPS offers an additional level of protection
to complement that provided by a state-full inspection firewall. An IPS is
closely related to an IDS. At first glance, the most obvious difference
between the two is how they are deployed.
An IDS examines copies of network traffic, looking for
malicious
traffic
patterns. It
then
identifies
them and can
sometimes be
configured to
take an
automated
response
action, such
as resetting TCP connections or configuring another network device to
block traffic from an attacker.
NOTE
It is important to remember that an IDS detects malicious
traffic after it has already happened. Although automated response actions
can take place, it is usually too late to stop the attack.
60
61. IDS is typically deployed beside a traffic flow. It receives
copies of network traffic from the network switches, hubs, taps, or routers.
Because it does not sit in the flow of traffic, it does not break anything that
MARS requires. It often issues a large number of alerts based on traffic
generated from MARS, especially if you're using the internal vulnerability
assessment feature. You need to tune your IDS so that it does not alert on
the vulnerability scans that originate from MARS. You might want to adjust
the IDS tuning so that scans from MARS to your CORP_NET are ignored,
but scans directed to the Internet trigger an alert. It is generally considered a
bad practice to automatically scan hosts outside your own network; the
practice might even be illegal. Make sure that MARS is not configured to
scan anything that is not on your own network. Your firewall egress rules
should not allow this either. However, in the case of a miss configuration,
your IDS can alert the appropriate personnel so that the configuration errors
can be corrected.
An IPS sits in the path of network traffic, usually as a
transparent device (like a bridge), and watches for many of the same
behaviors as an IDS. A major difference between the two, though, is the
capability of the IPS to act instantly when malicious traffic is seen.
61
62. NOTE
In addition to the automated actions an IDS can take, an IPS
can also prevent the malicious traffic from passing through it. Because
traffic must pass through an IPS, the IPS can prevent MARS from
functioning properly if it is miss configured. Take time to closely watch
alerts generated by your IPS and tune it appropriately. Like the IDS, you
should tune the IPS to allow vulnerability scanning to occur from MARS to
CORP_NET, while preventing it from scanning the Internet.
Some of the newest types of IPSs, such as the Cisco IPS, have
a feature called traffic normalization. This feature, in particular, causes the
MARS vulnerability assessment to fail. Traffic normalization enables
several functions, including the following:
Prevents illegal combinations of TCP flags from passing, or removes
the illegal flags
Prevents fragmented traffic from passing, or rebuilds it so that it is
not fragmented
Changes all packets in a traffic flow to have the same time to live
(TTL)
62
63. This is just a small sampling of what a traffic normalize does.
In general, you can think of it as an engine that takes traffic that does not
conform to standards, and either prevents the traffic from passing through
the IPS or makes it conform to standards first. By itself, traffic
normalization breaks a large amount of attacks and reconnaissance
activities. It also stops vulnerability assessment tools from being able to
accurately determine information such as the operating system that a target
host is running.
NOTE
Cisco IPS 5.x and 6.x software, by default, does not generate
alerts on most traffic normalization signatures. To properly tune the
software, you need to enable alerts on that family of signatures.
If you're protecting your security management network with
an IPS that supports traffic normalization, you need to tune it to either
ignore the scans from MARS and Qualys (or other vulnerability scanners)
or disable the traffic normalization capabilities.
63
64. 2.5 Mobile Security
In early stage of computer security, Mobile security is not
much important in fact there was no mobile security. As technology has
rapidly changes and transforming into mobile devices it is required and
much more required then any computer security requirement because
mobile devices are independent devices and every user in this world has got
at least one of it.
Mobile computing is the commonly used terminology for
portable computer, Smartphone, tablets, PDAs and Pablets. These devices
are multipurpose and it always connected with a network. Mostly common
users don’t understand their security they know only how to protect their
personal data or files in it. Following are the different threats and attacks.
Threats
Various types of threat found in mobile computing devices.
These threats can disrupt the operation of the Smartphone, and transmit or
modify user data. For these reasons, the applications deployed there must
guarantee privacy and integrity of the information they handle. In addition,
since some apps could themselves be malware, their functionality and
activities should be limited (for example, restricting the apps from
accessing location information via GPS, blocking access to the user's
address book, preventing the transmission of data on the network,
sending SMS messages that are billed to the user, etc.). These threats have
three primary targets, Data, Identity and Availability.
Attacks based on SMS and MMS
Some mobile phone models have problems in managing
binary SMS messages. It is possible, by sending an ill-formed block, to
cause the phone to restart, leading to denial of service attacks. If a user with
a Siemens S55 received a text message containing a Chinese character, it
would lead to a denial of service. Another potential attack could begin with
64
65. a phone that sends an MMS to other phones, with an attachment. This
attachment is infected with a virus. Upon receipt of the MMS, the user can
choose to open the attachment. If it is opened, the phone is infected, and the
virus sends an MMS with an infected attachment to all the contacts in the
address book. There is a real-world example of this attack.
Attacks based on communication Network
The attacker may break the encryption of algorithm on a
GSM network due to these the service providers must test their devices
that circuit or packets which are moving some source to destination are
safely moving or no one is spying on it. Another type of attack in
communication is WIFI in which attackers try to hack the long in
information of a router and alter the information which helps them to
manipulate the user without noticing them. The third type is Bluetooth in
which unregistered devices send files with viruses and then spread into
device Operating system to make it down.
65
66. 2.6 Cyber warfare
Cyber warfare is defined as “Actions taken against any other
nation in cyber world” like hacking their government websites, downing
their servers and manipulate information system/ altering their national data
bases.
As we already discuss the attacks and threats in earlier topics
e.g., denial of services, viruses, eavesdropping, malware and Trojan horses
cyber warfare has also got same threat5s and attacks but in cyber war the
purpose is not only to get the information it is more than that. Many
countries it is consider as war against a nation or a country.
The internet security company “McAfee” stated that in their
annual report that approximately 120 countries in this world have
developing ways to use the internet as a weapon and target financial
markets and other nation’s data base or government computer systems/
utilities.
China
Diplomatic cables highlight US concerns that China is using
access to Microsoft source code and 'harvesting the talents of its private
sector' to boost its offensive and defensive capabilities.
Germany
In 2013, Germany revealed the existence of their 60-person
Computer Network Operation unit. The German intelligence agency, BND,
announced it was seeking to hire 130 "hackers" for a new "cyber defense
station" unit. In March 2013, BND president Gerhard Schindler announced
that his agency had observed up to five attacks a day on government
authorities, thought mainly to originate in China. He confirmed the
attackers had so far only accessed data and expressed concern that the
stolen information could be used as the basis of future sabotage attacks
66
67. against arms manufacturers, telecommunications companies and
government and military agencies.
Pakistan
In recent days some tension between Pakistan and
India created and both nations line up against each other on border. A group
of hackers from India try to hack some of the Pakistani Government
websites in which they succeed for their aggression of war. Therefore, a
group of hacker from Pakistan hacked the radio frequency of Indian
Aviation that if any of the planes want to land inside Indian Air zone they
must listen first the National songs of Pakistan including “Dil Dil
Pakistan”.
67
68. 2.7 Physical security & Recommendations
Every general computer networking class teaches the OSI
networking models, and we all learn that everything begins at the bottom,
with the physical level. Likewise, when it comes to IT security, physical
security is the foundation for our overall strategy. But some organizations,
distracted by the more sophisticated features of software-based security
products, may overlook the importance of ensuring that the network and its
components have been protected at the physical level. We'll take a look at
10 of the most essential security measures you should implement now, if
you haven't already done so.
1. Lock up the server room
Even before you lock down the servers, in fact, before you
even turn them on for the first time, you should ensure that there are good
locks on the server room door. Of course, the best lock in the world does no
good if it isn't used, so you also need policies requiring that those doors be
locked any time the room is unoccupied, and the policies should set out
who has the key or key code to get in. The server room is the heart of your
physical network, and someone with physical access to the servers,
switches, routers, cables and other devices in that room can do enormous
damage.
2. Set up surveillance
Locking the door to the server room is a good first step, but
someone could break in, or someone who has authorized access could
misuse that authority. You need a way to know who goes in and out and
when. A log book for signing in and out is the most elemental way to
68
69. accomplish this, but it has a lot of drawbacks. A person with malicious
intent is likely to just bypass it.
A better solution than the log book is an authentication
system incorporated into the locking devices, so that a smart card, token, or
biometric scan is required to unlock the doors, and a record is made of the
identity of each person who enters.
A video surveillance camera, placed in a location that makes
it difficult to tamper with or disable (or even to find) but gives a good view
of persons entering and leaving should supplement the log book or
electronic access system. Surveillance cams can monitor continuously, or
they can use motion detection technology to record only when someone is
moving about. They can even be set up to send e-mail or cell phone
notification if motion is detected when it shouldn't be (such as after hours).
3. Make sure the most vulnerable devices are in that locked
room
Remember, it's not just the servers you have to worry about. A
hacker can plug a laptop into a hub and use sniffer software to capture data
traveling across the network. Make sure that as many of your network
devices as possible are in that locked room, or if they need to be in a
different area, in a locked closet elsewhere in the building.
4. Use rack mount servers
Rack mount servers not only take up less server room real
estate; they are also easier to secure. Although smaller and arguably lighter
than (some) tower systems, they can easily be locked into closed racks that,
69
70. once loaded with several servers, can then be bolted to the floor, making the
entire package almost impossible to move, much less to steal.
5. Don't forget the workstations
Hackers can use any unsecured computer that's connected to
the network to access or delete information that's important to your
business. Workstations at unoccupied desks or in empty offices (such as
those used by employees who are on vacation or have left the company and
not yet been replaced) or at locations easily accessible to outsiders, such as
the front receptionist's desk, are particularly vulnerable.
Disconnect and/or remove computers that aren't being used
and/or lock the doors of empty offices, including those that are temporarily
empty while an employee is at lunch or out sick. Equip computers that must
remain in open areas, sometimes out of view of employees, with smart card
or biometric readers so that it's more difficult for unauthorized persons to
log on.
6. Keep intruders from opening the case
Both servers and workstations should be protected from
thieves who can open the case and grab the hard drive. It's much easier to
make off with a hard disk in your pocket than to carry a full tower off the
premises. Many computers come with case locks to prevent opening the
case without a key.
You can get locking kits from a variety of sources for very
low cost, such as the one at Innovative Security Products.
70
71. 7. Protect the portables
Laptops and handheld computers pose special physical
security risks. A thief can easily steal the entire computer, including any
data stored on its disk as well as network logon passwords that may be
saved. If employees use laptops at their desks, they should take them with
them when they leave or secure them to a permanent fixture with a cable
lock, such as the one at PC Guardian.
Handhelds can be locked in a drawer or safe or just slipped
into a pocket and carried on your person when you leave the area. Motion
sensing alarms such as the one at SecurityKit.com are also available to alert
you if your portable is moved.
For portables that contain sensitive information, full disk
encryption, biometric readers, and software that "phones home" if the
stolen laptop connects to the Internet can supplement physical precautions.
8. Pack up the backups
Backing up important data is an essential element in disaster
recovery, but don't forget that the information on those backup tapes, disks,
or discs can be stolen and used by someone outside the company. Many IT
administrators keep the backups next to the server in the server room. They
should be locked in a drawer or safe at the very least. Ideally, a set of
backups should be kept off site, and you must take care to ensure that they
are secured in that offsite location.
Don't overlook the fact that some workers may back up their
work on floppy disks, USB keys, or external hard disks. If this practice is
71
72. allowed or encouraged, be sure to have policies requiring that the backups
be locked up at all times.
9. Disable the drives
If you don't want employees copying company information to
removable media, you can disable or remove floppy drives, USB ports, and
other means of connecting external drives. Simply disconnecting the cables
may not deter technically savvy workers. Some organizations go so far as to
fill ports with glue or other substances to permanently prevent their use,
although there are software mechanisms that disallow it. Disk locks, such as
the one at SecurityKit.com, can be inserted into floppy drives on those
computers that still have them to lock out other diskettes.
10. Protect your printers
You might not think about printers posing a security risk, but
many of today's printers store document contents in their own on-board
memories. If a hacker steals the printer and accesses that memory, he or she
may be able to make copies of recently printed documents. Printers like
servers and workstations that store important information, should be located
in secure locations and bolted down so nobody can walk off with them.
Also think about the physical security of documents that
workers print out, especially extra copies or copies that don't print perfectly
and may be just abandoned at the printer or thrown intact into the trash can
where they can be retrieved. It's best to implement a policy of immediately
shredding any unwanted printed documents, even those that don't contain
confidential information. This establishes a habit and frees the end user of
the responsibility for determining whether a document should be shredded.
72
73. Summary
Remember that network security starts at the physical level.
All the firewalls in the world won't stop an intruder who is able to gain
physical access to your network and computers, so lock up as well as lock
down.
73
74. 2.8 Information Security Policy
The policies regarding Information Technology are depends
on the nature of a business of a firm and what actually they are serving to
their clients or customers. For example the data center implement that
policy which are not implemented by online stores similarly a retail outlet
may implement that policy which never be implemented by others.
Enterprise has adopted an Information Security Policy as a
measure to protect the confidentiality, integrity and availability of an
organizational data as well as any information systems that store, process or
transmit institutional data. It is defined as any data that is owned or licensed
by any organization. Information system is defined as any electronic
system that stores, processes or transmits information.
Policies
Throughout its lifecycle, all Institutional Data shall be
protected in a manner that is considered reasonable and appropriate given
the level of sensitivity, value and criticality that the Institutional Data has to
be defined in an organization policy which is developed by management.
Individuals who are authorized to access company Data shall adhere to the
appropriate Roles and Responsibilities. Following are the primary role in
context of information security.
Data Steward
Data custodian
User
74
75. Data Steward
Data Steward is a person who is responsible to manage and
fitness of data or data elements which are content and metadata He’s got a
special assignment in an organization that’s processes, policies, guidelines
and responsibilities for administering organizations' entire data in
compliance with policy and/or regulatory obligations. A data steward may
share some responsibilities with a data custodian (which we will discuss
later). Data Steward is responsible of Data Quality, in regard to the
key/critical data elements existing within a specific enterprise operating
structure, of the elements in their respective domains which varies
according to the requirement of organization which may includes
capturing/documenting (Meta) information for their elements. Data
stewards begin the stewarding process with the identification of the
elements which they will steward, with the ultimate result
being standards, controls and data entry.
Data custodian
Data Custodians are responsible for the safe custody,
transport, storage of the data and implementation of business rules. Simply
put, Data Stewards are responsible for what is stored in a data field, while
Data Custodians are responsible for the technical environment and database
structure. Common job titles for data custodians are Database Administrator
(DBA), Data Modeler, and ETL Developer. In a corporate environment
where many computer users are available the data custodian has a lot of
responsibly to perform his job, they must ensure,
Access to the data is authorized and controlled
Data stewards are identified for each data set
75
76. Technical processes sustain data integrity
Processes exist for data quality issue resolution in partnership with
Data Stewards
Technical controls safeguard data
Data added to data sets are consistent with the common data model
Versions of Master Data are maintained along with the history of
changes
Change management practices are applied in maintenance of the
database
Data content and changes can be audited
User
A User is any employee, contractor or third-party affiliate
who is authorized to access institutional data or information systems. Users
are responsible for:
Adhering to information security policies, guidelines and
procedures.
Reporting suspected vulnerabilities, breaches and/or misuse of
institutional data to a manager, IT support staff or the Information
Security Office.
User must safeguard institutional data
Safeguard electronic communications (avoid opening and clicking of
attachments of un-trusted source and use always an official email
accounts)
Avoid risky behavior online and report suspected security breaches
( be cautious when file sharing , browsing web pages and clicking on
URL)
76
77. Safeguarding Institutional Data
An institutional data can be classified into three categories,
Public Data
It is a data which is shared and seen by mass level and
everyone can share that information for example websites in which yopu
seen the information which are published for public so that everyone can
get the information.
Private Data
In this type of data the information is shared and looked by
limited user so that they can the information for example an email which is
shared with the staff of the organization but not with general public.
Restricted Data
In third type of data it is very restricted with other user only
authorized persons are able to see the information for example in a data
center only authorized person are allowed to go inside unauthorized person
are not allowed strictly. Following are the core elements which help to
safeguard institutional data.
Protecting Electronic Data.
Safeguard your password (should change periodically, strong combination).
Secure your computer by updating O.S, Install and update Antivirus, lock screen.
Protecting physical data.
Protecting verbal communication.
Disposing of data when it is no longer uses, dispose disk drive or any other
storage.
77
78. GLOSSARY
Adhere is defined as To stuck on with any substance or to stuck with policy
Botnet is a term which is used for number of internet are connected to computers
communicating with similar machines in which components are located over the network
CGI program is any program designed to accept and return data that conforms to
the CGI specification
CLI is referred as Command Line Interface
Code injection It explains the Computer bug that may cause by processing invalid data.
Covert listening device known as a bug or a wire, is usually a combination of a miniature radio
transmitter with a microphone. The use of bugs, called bugging, is a common technique
in surveillance, espionage and in police investigations.
DARPA stands for Defense Advance Research Project Agency
Diplomatic Cables also known as a diplomatic telegram or embassy cable, is a confidential
text message exchanged between a diplomatic mission, like an embassy or a consulate, and
the foreign ministry of its parent country
Dumb access devices: it refers to the devices which are designed to single purpose
Eavesdropping secretly listen to a conversation.
Enterprise is defined as simply another name for a business, the word enterprise describes the
actions of someone who shows some initiative by taking a risk by setting up, investing in and
running a business.
Iceberg Model: The iceberg model is a systems thinking tool designed to help an individual or
group discover the patterns of behavior, supporting structures, and mental models that underlie a
particular event.
Intelligent Device: Like Smartphone, PDA or other.
IoT: stands for Internet of Things. A proposed development of the Internet in which everyday
objects have network connectivity, allowing them to send and receive data.
Key loggers are computer software which is used to monitor the keyboard action and records all
activities.
Malpractice is an "instance of negligence or incompetence on the part of a professional".
Manipulate data is used to selecting, inserting, deleting and updating data in a database.
Meatware: Refer to Human entities that operate or use computer or computing process.
Multitier: A multi-tier application is any application developed and distributed among more
than one layer. It logically separates the different application-specific, operational layers.
NAS Network Attach Storage
Omnetric: A joint venture between Accenture and Siemens
Phishing is a term which used to obtain username, password and credit card details
QoS: Quality of Service is a term which is used to measure the level of services provided.
Raid stands for Redundant Array of Inexpensive Disk is storage which can be used as network
storage
SLA Service Level Agreement
SANs Serial Attach Storage is a point-to-point serial protocol that moves data to and from
computer storage devices such as hard drives and tape drives.
Saas is referred as System as a service
Vulnerability is term which is used computing/ Network is being attack or going to be un safe
from harmful files or other sources.
78
79. Worm it is computer software which is designed to Harm network in an organization.
Zoocasa is property search engine which has collaboration with Google map in Canada
79