System Security Every Organization Which essay

Download this essay in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from essay:

Attacks on the system security include password theft, back doors and bugs, social engineering, protocol failures, authentication failures, Denial of Service attacks, active attacks, botnets, exponential attacks including worms and viruses, and information leakage. (Fortify Software Inc., 2008); (Fortify Software, n. d.)

Servers are targets of security attacks due to the fact that servers contain valuable data and services. For instance, if a server contains personal information about employees, it can become a target for stealing identities. All types of servers, which include file, database, web, email and infrastructure management servers are vulnerable to security attacks with the threat coming from both external as well as internal sources.

Some of the server problems that can jeopardize its security include: (i) Weakly encrypted or unencrypted information, especially of a sensitive nature, can be intercepted for malicious use while being transmitted from server to client. (ii) Software bugs present in the server Operating System or server hardware may be exploited for illegal access to the system. (iii) the server and its related network infrastructure may become the target of Denial of Service (DoS) attacks hampering valid user entries. (iv) Inability to prevent unauthorized access to the server may result in vital information being read or changed by unauthorized users. (v) Once a hacker breaks into the server system, it becomes easy to manipulate or destroy other resources linked to the organization's server. External servers may also be targeted and viruses placed in the system to exploit the loopholes present in the compromised system. (Scarfone; Jansen; Tracy, 2008) vi) Non-standardized software configurations which do not adhere to the security policy of the organization. (vii) Lack of company-wide system-security policy. (viii) Server complexity is also a source of many server security problems. (ix) Failure to assign file system permissions like read, write and execute. (x) Lack of separation of privileges on the server may jeopardize the system security. For example, the role of database administrator and system administrator should be kept separate. (xi) Failure to keep logs and records. Logs and records can provide valuable information regarding the methods and means of a security breach which can be utilized for preventing future attacks. (xii) Allowing remote administration of the server without proper planning and risk analysis. One of the main server problems which lead to a compromise of system security is the use of general operating systems without proper configuration. Default configurations are aimed at user friendliness and not security. (Scarfone; Jansen; Tracy, 2008)

Therefore, it is essential to change the default software and hardware configurations in favor of a configuration which has the following features: (i) removal or disabling of unnecessary applications, network protocols and services. (ii) Installation of patches or upgradation of OS. (iii) Conducting security testing of OS. (iv) Configuration of user authentication in the OS. (v) Installation of extra security controls and applications like host-based firewall, network-based firewall, packet filtering router, mail gateways, proxy, and antivirus applications. (vi) Configuration of resource controls. (Scarfone; Jansen; Tracy, 2008)

An "Intrusion Detection System," a second line of defense for a system's security, is one which identifies an intruder who has gained unauthorized access to the computer system and can disable or foil the intrusion rapidly before any damage is done. The faster an intrusion is exposed, the more rapidly a recovery plan can be implemented and lesser will be the damage done to the system. Installing a good intrusion detection system also acts as a preventive measure discouraging potential intruders. Intrusion detection systems generate vital information about the intrusion methods which can help to make the detection system more robust. The idea behind the intrusion detection principle is that an intruder's behavior will differ from a valid user's behavior. Since this behavior may be overlapping in many cases, the distinction may be very subtle and often be blurred leading to "false positives" -where valid users are mistaken as intruders and "false negatives" - where intrusion activity is taken to be valid). Therefore, intrusion detection requires skill as well as a certain degree of compromise which may be essential in order to safeguard vital system data. The challenge lies in identifying a misfeasor, a valid user or insider trying to gain access in an unauthorized manner, and a clandestine user. (Stallings, 2006); (Trcek, 2006)

Intrusion detection systems generally follow two approaches. These are: (a) Statistical anomaly detection and (b) Rule-based detection. Statistical anomaly detection involves collecting legitimate user behavior over a certain time period. This data is subjected to statistical tests to determine legitimate and unauthorized behavior with a high degree of confidence. Statistical anomaly detection can be implemented in two ways - threshold detection and profile-based detection. Threshold detection involves demarcating user-independent thresholds to compute the frequency of incidence of events. Profile-based detection involves developing the activity profile of every user and employing it to distinguish between authorized and unauthorized behavior of each account. Rule-based detection involves outlining a set of rules which can be used as a benchmark for deciding intrusion behavior. This approach can also be of two types - anomaly detection and penetration identification. Rules in anomaly detection are developed in such a manner as to detect any kind of departure from past usage patterns. In rule-based detection involving penetration identification, an expert system is employed to detect unusual behavior. (Stallings, 2006); (Trcek, 2006)

Security mechanism of an organization's information system may refer to a process or device which is used to execute a security service that is present or installed in the system. There are various types of security mechanisms like physical mechanisms, logical mechanisms, pseudo-random generators, cryptographic algorithms, and one-way hash functions. Cryptography, which is concerned with the transformation of plain readable text into encrypted unreadable text or ciphertext and vice versa, is one of the most important elements of security mechanisms. Effective intrusion detection systems should be able to detect intrusion on the basis of event semantics and should be independent of the syntax, data type, platform or protocol. (Trcek, 2006); (Bace; Bace, 2000)

System security is required in practically all organizations which depend on information systems for their business and other organizational processes. However, it is common to note a lack of organized approach towards proper design and analysis of information systems development. The responsibility of system security is frequently perceived as the task of a security administrator. This means that security control mechanisms are deployed only after the system development is over. Therefore, it leaves very little choice for the system administrator or the system designer to incorporate security features in the system right from the beginning. (Tipton; Krause, 2004); (Gasser; Reinhold, 1988)

It is important that the foundations of information system security are laid when the design of the information system is being considered. A complete solution to system security can be provided by an OOSM or Object-Oriented Security Model which can be described as "a security oriented extension of the object oriented model." This should be designed and executed during the "system analysis and design stage of system development." In depth research is required in the field of system security in order to come up with a security mechanism that can address all aspects of system security. Developing security systems in distributed environments is a challenging task as it involves multiple security domains. Progress in this field is slow and needs to be speeded up. With an increase in network use and our increasing dependence on them, the vulnerability of computer systems has increased. This makes the urgency of coming up with effective security systems even more acute. (Tipton; Krause, 2004); (Gasser; Reinhold, 1988)

References

Bace, Rebecca Gurley; Bace, Rebecca. (2000) "Intrusion Detection"

Sams Publishing.

Fortify Software Inc. (2008) "Fortify Taxonomy: Software Security Errors" Retrieved 17 November, 2008 at http://www.fortify.com/vulncat/en/vulncat/index.html

Fortify Software. (n. d.) "Seven Pernicious Kingdoms: A Taxonomy of Software Security

Errors" Retrieved 17 November, 2008 at http://www.fortify.com/vulncat/en/docs/Fortify_TaxonomyofSoftwareSecurityErrors.pdf

Gasser, Morrie; Reinhold, Van Nostrand. (1988) "Building a secure computer system"

1988. Retrieved 17 November, 2008 at http://cs.unomaha.edu/~stanw/gasserbook.pdf

Loader, David; Biggs, Graeme. (2002) "Managing Technology in the Operations

Function." Butterworth-Heinemann.

Scarfone, Karen; Jansen, Wayne; Tracy, Miles. (2008) "Guide to General Server Security

Recommendations of the National Institute of Standards and Technology" Retrieved 17 November, 2008 at http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf

Stallings, William. (2006) "Network Security Essentials: Applications and Standards"

Prentice Hall.

Tipton, Harold F; Krause, Micki. (2004) "Information…[continue]

Some Sources Used in Document:

"gasserbook.pdf" 
"SP800-123.pdf" 

Cite This Essay:

"System Security Every Organization Which" (2008, November 21) Retrieved December 6, 2016, from http://www.paperdue.com/essay/system-security-every-organization-which-26555

"System Security Every Organization Which" 21 November 2008. Web.6 December. 2016. <http://www.paperdue.com/essay/system-security-every-organization-which-26555>

"System Security Every Organization Which", 21 November 2008, Accessed.6 December. 2016, http://www.paperdue.com/essay/system-security-every-organization-which-26555

Other Documents Pertaining To This Topic

  • Security Self Assessment Coyote Systems Security

    The management control area of authorize processing including certification and accreditation has been defined within Coyote Systems through the use of roles-based logins and access privileges and the use of certification of role-based access to ensure security. The company has found that through the use of role-based security authentication and the defining of rights by role, the certification and accreditation audits are far more efficient in being completed, and provide

  • Organization Work Familiar The Expected Word

    organization work, familiar . The expected word count assignment 3300 words length. According to Baines (2011) relationship marketing is a marketing style that emphasizes customer satisfaction and retention, rather than focusing dominantly on sales transactions. It focuses mainly on continuous nurturing of customer relationships, instead of focusing mainly on them for one-time purchases. The idea behind relationship marketing is for a company to develop emotionally strong connections with their existing customers,

  • Economic System of Mexico Mexico Which Is

    Economic System of Mexico Mexico, which is officially United Mexican States, is a country that is bordered by the United States, the Gulf of Mexico and the Caribbean Sea; Belize and Guatemala; and the Pacific Ocean (Concise Columbia, 2000). The country's capital is Mexico City and its other main cities include Guadalajara, and Monterrey. Mexico's landscape is predominantly mountainous. While lowlands lie in the southeast and along the coasts, the heart of the

  • Security Management Strategies for Increasing Security Employee

    Security Management Strategies for Increasing Security Employee Retention Design Effective Job Characteristic Model Skill Variety Task Identity and Task Significance Autonomy and Feedback Meeting Expectations Market Competitive Package Strategies for Increasing Security Employee Retention Security employees constitute the most important component of organizational workforce. It is because; they ensure the core survival of organization and its assets. However, the ironic fact is the security employees are considered blue collar workers and their compensation packages are low (Hodson & Sullivan,

  • Securities Regulation of Nonprofit Organizations

    Securities Regulation SECURITIES REGULARIZATIONS IN NON-PROFIT ORGANIZATIONS The ensuring of the fact that an organization is working as per regulations and is following the code of conduct, while keeping the interest of the public first, are matters which are becoming more and more complicated with the passage of time. Therefore, it can be said with some emphasis, that today one of the most basic issues of many organizations is the issue of

  • Security Monitoring Strategies Creating a Unified Enterprise Wide...

    Security Monitoring Strategies Creating a unified, enterprise-wide security monitoring strategy for any organization must be based on a series of strategic goals and objectives that encompass every functional area and system of a business. The intent of this analysis is to define the objectives that must anchor a security monitoring strategy to ensure its success, followed by specific recommendations for security monitoring of each major functional area. Defining Security Monitoring Strategies For an

  • Security Management the Role of a Security

    Security Management The role of a security manager varies widely according to the particular organization and its needs, but despite this variety, there remain certain best practices and policies that can help maintain security and stability. This is nowhere more true than in the case of organizational loss, because while loss can mean widely different things depending on the field, the underlying theoretical concepts which inform attempts to minimize loss are


Read Full Essay
Copyright 2016 . All Rights Reserved