Login Signup
Verified Document

Gfis Authentication Technology And Network Security Issues Research Paper

Related Topics:
Port Security Firewalls Wireless Network Security Breach
Open Document Cite Document

GFI Turn-Around IT Strategy Turn-around Information Technology Strategy for Global Finance, Inc. (GFI)

GFI's Authentication Technology and Network Security Issues

GFI TURN-AROUND IT STRATEGY

Global Finance Inc. offers services in the finance industry. This is a sensitive area of business that requires tight security policies and strategies to be implemented on the network of such an organization. GFI has, however, not given much attention to the IT department, especially, its security and thus the loopholes that exist and have been exploited by black-hat hackers. This is clear from the facts provided that the company's oracle database has been compromised in terms of availability, confidentiality and the integrity of the data stored. Organizations in the finance industry have the integrity, confidentiality and availability of their databases as one of their biggest assets. A simple mistake or gap on such an organization's technology policy and implementation may lead to huge losses that may see the organization going out of business. Any business organization that deals in the finance industry requires a strong IT department that is able to come up with strong policies, carefully implement them, monitor them and control any breaches on the system. To function as required and safeguard the assets of an organization, the strong IT department requires a sufficient budget and dedication from the top management.

A number of gaps in the network security and technology strategy of GFI can be identified from the details provided. Below is a discussion on the gaps and how the gaps expose the organization to various risks.

Authentication Technology and Loopholes at GFI

Authentication is a key aspect as far as the protection of information technology assets of an organization is concerned. various forms of authentication are available for use by organizations to keep unauthorized people from accessing the resources of the organization and probably compromising the confidentiality, availability and integrity of the data held in its databases. Some of the most common forms of authentication mechanisms include the use of suitable standard passwords and usernames for users while logging into the systems of an organization to carry out their roles. Biometric authentication is an effective method utilized by some systems to authenticate users into accessing the resources of an organization. Some organizations combine more than one authentication mechanism to improve the security of their assets (Cole et al., 1978).

GFI does not seem to consider authentication as an important aspect in its information technology strategy. Authentication mechanisms of an organization should trickle down from a policy to implementation by an able IT department. Going by the information provided about GFI, the organization does not have a policy of the most appropriate authentication mechanism in ensuring that only authorized individuals access certain resources of the organization. Thus, there is nothing that the IT department is expected to implement as far as authentication mechanisms are concerned. The GFI IT department should take time and design an authentication and accountability policy (Guichard & Apcar, 2001).

The simplest and effective authentication policy can revolve around the nomenclature of user names of the GFI staff combined with passwords of desirable parameters. Unique staff numbers can be used as user IDs when accessing the organizations systems to ensure accountability. In addition to the user names, passwords meeting the desired standards can be used to authenticate the users. Some of the necessary password parameters should revolve around the minimum length of passwords, complexity aspect of passwords, password expiry aspects, lockout durations when wrong passwords are used to access resources, maximum number of wrong password attempts when logging in and a requirement for users to change their passwords upon first logon. Weak authentication mechanisms are a dangerous aspect that exposes systems to black-hat hackers in compromising the resources of an organization (Mark & Lozano, 2010).

Going by the information provided, black-hat hackers have already accessed the resources of GFI and caused a number of undesirable effects. The IT department is said to have witnessed a sudden huge amount of data flowing into the oracle database. Possibly, this could be a denial of service attack launched by malicious attackers. They might have taken advantage of the poor or lack of an authentication policy and strategy by GFI. Social engineering could be one of the methods through which the hackers realized information about lack of authentication mechanisms by the organization as the huge surge of data...

The hackers might have launched brute force attacks using hacking tools such as Kali Linux and managed to get into the system. To prevent such attacks, there has to be a policy on accountability and authentication, specifying the standards of password parameters as mentioned earlier. The policy should then be implemented by the IT department. With the password policy enforced, it will be difficult for the black-hat hackers to launch brute force attacks as they will be locked out of the system after a given number of wrong password attempts (Evans, 2003).
GFI's Network Security Issues and Recommended Mitigation Measures

GFI has a number of network security issues touching both on its WAN and LAN. To start off, let us focus on the LAN security loop-holes. There is no clear separation between guest broadcast domains and the staff broadcast domains. The information provided points towards the possibility of one being able to connect and access into the organizational network from the Wi-Fi solution implemented by GFI. Malicious individuals can take advantage of this loophole to access the resources of GFI. It is advisable that VLANs be used to establish a clear demarcation between guest networks and staff networks. Probably, the guest network should be set up in a separate VLAN from the staff VLANs. Access rules should then be implemented to prevent traffic from guest networks from flowing into staff VLANs. The range of IPs used in the VLANs should be different from the usual ones. Probably, the only resource that should be accessed by visitors from the organization's LAN via the guest VLAN is the internet. This can be achieved by using the VLAN strategy and access rules strategy mentioned earlier. An access list should be included in the configuration of the router to prevent the guests from accessing staff resources, but allowing them to access the internet. The range of IPs in the guest network should be included in the set of IPs eligible for network address translation (NAT) and a route configured from the guest network to the internet (Furht, 2010).

To access the GFI LAN, one does not require a standard authentication, going by the information provided. This is a LAN weakness as elaborated earlier. Double authentication strategies are usually suggested for organizations to secure their networks from man-in -- the middle attacks and other possible attacks. GFI might be using a WEP password on its wireless local area network or the hotspot might be open. With an open access point, one will be able to easily log into the network and launch possible attacks. With WEP passwords, hackers can crack the passwords using various hack tools and this might lead to access into the whole organization's network. GFI should consider implementing either WPA or WPA2 password standards in their Wi-Fi access points as passwords with these standards are not easily cracked. The Wi-Fi authentication can be combined with a web-based authentication to protect the GFI network even further (In Kremar et al., 2014).

The distances within which the Wi-Fi access points transmit the signal is of essence when tightening the security of an organization's network. At GFI, the wireless local area network is strong enough to cover huge distances hence they can be accessed from places outside the organization. This makes it easy for attackers to launch attacks into the GFI network with ease. One does not need to crawl with antennas within the premises of GFI to tap into the network through the broadcasted Wi-Fi signals. Restricting the Wi-Fi signals within the GFI premises could limit the chances of hackers getting into the organization's network as they could be spotted and stopped on time. However, the ability of the GFI access points to transmit signals over huge distances to premises outside GFI gives the hackers ample time as they can do their hacking comfortably without being spotted. To prevent this, the IT department should configure the access points to broadcast their signals within the premises of GFI. A possible alternative solution could be orienting the antennas to face directions that will prevent signals from leaking to regions outside the GFI premises.

Looking at network security from the WAN section, data flowing through the VPN tunnels established over the internet is not encrypted. If this data is in the form of "http" traffic, it can be trapped used hacking tools such as Cain and Abel. The packets trapped can then be stripped down into both the payload and headers. Some of the packets carry password and username information. This can be obtained once these packets are stripped using the hacking tools. One can then log into the networks using the obtained credentials.…

Continue Reading...
Sources used in this document:
References

Barry, D. K. (2013). Web services, service-oriented architectures, and cloud computing. San Francisco, Calif: Morgan Kaufmann.

Camison, C. (2009). Connectivity and knowledge management in virtual organizations:

Cole, G. D., Branstad, D. K., & Institute for Computer Sciences and Technology. (1978).

Design alternatives for computer network security. Washington: The Bureau.
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Digital Signature and Electronic Authentication
Words: 608 Length: 2 Document Type: Article Review

(SEAL, Sec 3(g)) The following section tells us when electronic authentication may be used: a) ELECTRONIC AUTHENTICATION OF DOCUMENTS, INFORMATION, AND IDENTITY- (1) IN GENERAL- A financial institution may use electronic authentication in the conduct of its business if it has entered into an agreement regarding the use of electronic authentication with any counterparty, or if it has established a banking, financial, or transactional system using electronic authentication. (SEAL, Section 6f) The Bill

Read More
Essay
Implementing Two Factor Authentication to Prevent Cyberattacks
Words: 465 Length: 2 Document Type: Essay

information Security Director’s Policy DirectiveTo: All staffFrom: Jenny Q. Sigourney, Chief Information Security DirectorSubject: Mandatory Two-Factor Authentication (2FA) ImplementationPurposeIn response to our recent cybersecurity incident, this directive establishes a comprehensive two-factor authentication (2FA) implementation protocol to significantly enhance our organization’s information security posture and protect against potential future ransomware attacks.BackgroundAs you probably know, our organization recently experienced a substantial cybersecurity breach resulting in $500,000 in financial damages. This incident has

Read More
Essay
Technology in Film Fred Ott Was the
Words: 1898 Length: 6 Document Type: Essay

Technology in Film Fred Ott was the very first movie star that every existed. His brief starring role in the five-second film that showed him sneezing started the use of technology to make films. Since then, technology both in and out of film has changed immeasurably and what technology is used and is said about technology in these same films has evolved quite a lot and the statements sometimes made are

Read More
Essay
Technology Acceptance Model Tam and Information Systems Success...
Words: 4229 Length: 15 Document Type: Literature Review

Technology Acceptance Model Using Technology Acceptance Model (TAM) to Assess User Intentions and Satisfaction on Software as a Service (SaaS): The Value of SaaS Software as a Service (SaaS) was researched by Benlian and Hess (2011) in an effort to determine its value to companies. Among the arguments was that SaaS is already declining in popularity even though it is very new. The majority of the arguments that lean in that direction have

Read More
Essay
Network Dating Sites How Type Dating Evolved Include Pros Cons
Words: 1386 Length: 4 Document Type: Essay

Network dating sites. How type dating evolved . Include pros cons. Network dating sites have gained a particular place of social eminence within contemporary times. Online dating sites that members pay to use, such Match.com, made over a billion dollars in 2010 (No author). Many people consider these websites as primary options for dating for the simple fact that they allow expedient access to other singles who are also looking to

Read More
Essay
Network Plan for ABC Corp
Words: 2595 Length: 9 Document Type: Essay

The paper creates Extended Access Control Lists for ABC Corporation using Port Numbers. Extended Access Control Lists for ABC Corporation using Port Numbers access-list 101 permit tcp 172.16.3.0. 0.0.0.255 any eq 20 access-list 101 permit tcp 172.16.5.0. 0.0.0.255 any eq 21 access-list 101 permit tcp 172.16.3.1/16. 0.0.0.255 any eq 22 access-list 101 permit tcp 172.16.3.254/16. 0.0.0.255 any eq 25 access-list 101 permit tcp 172.16.5.254/16. 0.0.0.255 any eq 35 access-list 101 permit tcp 172.16.0.254/16. 0.0.0.255 any eq18 access-list 101

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now