Computer and Network Security Description of Information Environment of my Workplace

My workplace is Verizon Communication and I have been working for the company for more than 5 years. The Verizon Communication major business is to provide communication solutions for businesses and individuals through the wired and wireless communication devices. The company provides complete communication systems and devices for individual, small business, medium business and enterprises. However, the company sells bulk of its product online and the nature of its business requires the company to collect large volume of data and information from customer, employees, suppliers, shareholders, and other stakeholders. In carrying out its business objective, the company collects sensitive information from customer that include names, addresses, phone number, email address, and credit card number. In essence, the company uses the internet to collect the customer credit card information to process and complete the order. The data collected from the customer assists the company to create growth and opportunities because the data collected make the company to understand the top price to pay for particular product, and understand customer preference from specific geographic locations. The information collected assists the company to design its marketing plan.

Although, internet offers dynamic opportunities for our company because it assists in reaching customer located at wide geographic locations at low costs, however, our company faces some risks by using the internet technology to transact business because web and internet are highly vulnerable to various attacks.

In the United States, the DoS (Denial of Service), cyber espionage, point-of-sale intrusion and payment cards skimming are on the increase making the Verizon to face the threats on its information infrastructures. Over the years, Verizon is facing challenging to manage these threats based on the increase of attacks on the IT infrastructures in the United States.

2: Potential Threats to the Company Information Environment

Since the Verizon is using the internet to transact business, the company faces some inherent risks. For example, the hacker may capture customer username, password, and credit card information while transferring the data over the network. Some unscrupulous individual may also attempt to steal the company sensitive information using the sniffer program. Moreover, the hackers may attempt to steal workers' password using port scanner to penetrate the company network system. (Burr, Ferraiolo, & Waltermire, 2014).

The company is also susceptible to passive and active attacks. One of the passive attacks includes eavesdropping of the network traffic to gain access to the sensitive information supposed to be restricted from the view of outsiders. On the other hand, active attacks include altering information in transit between server and client, stealing of username and password and impersonate another user or alter website information. The nature of the business of Verizon Communication makes the company to face confidentiality risks that include eavesdropping, virus or Trojan horse attack and electronic fraud. In essence, hackers may use some malicious software to steal the company sensitive information. The company also faces the DoS (denial of service) attacks, which could prevent the company to carry out business operations on time.

By consequence, our company is susceptible to several attacks because the internet is opened to several vulnerability, which may make our company to lose several million of dollars if immediate action is not taken to implement effective security protocols to the company information systems. Moreover, Verizon Telecommunication outsources some of its IT functions to India in order to cut costs. In essence, the company faces some network and computer risks because the company will need to communicate to its contractors using the internet.

At this stage, the management is required to hire information security experts to conduct comprehensive security audit to the company information systems. The company management should also approve enough funds that will cover the costs of implementing security auditing, and the implementation will assist the company to identify the likely threats to the company information systems.

The table 1 provides the summary of the likely threats to the company information infrastructures that need urgent attention.

Threats

Consequences

Countermeasures

Authentication

Data forgery

Legitimate user impersonation

User misrepresentation

Belief in invalid information

Cryptographic

techniques

Integrity

User data Modification

Infected the browser with Trojan horse

Memory modification

Message in transit modification

Loss of information

Compromise of the company machine

Vulnerabilty of the company to all other threats checksums

Cryptographic

Confidentiality

Eavesdropping of the company information on the net

Theft of the company information from the server

Theft of the client data

Configuration of the network

Steal information from the server

Loss of privacy

Loss of information

This paper suggests several security tools that the company can employ to enhance security of its network and information system. Some of the security tools are Data encryption standard, Antivirus Security Policy, Firewall, Cryptographic standards, Wireless Security systems, IPS (Intrusion detection System), and IPS (Intrusion Prevent System).
Firewall: Firewall is one of the effective security protocols that the company can use to protect its network infrastructure. Overview of the company network systems reveals that Verizon uses both the LAN (Local Area Network) as well as WAN (Wide Area Network) for its communication systems. The LAN and WAN assist the company to share files, and communicate across a specific or wider geographical regions. (Chadwick, 2012).

Meanwhile, Firewall technology is an effective security tool that the company can use to protect the data in transit by blocking an unauthorized access to the company network system. The Firewall consists of the filtering router application gate way as well as IP packet that delivers authentication objective. The firewall will offer security to the company network systems by disallowing unauthorized network to penetrate into the company network systems using strong authentication systems. (Young, 2008). The benefit of using the Firewall is to allow the company to transfer data in a confidential and secured manner. As being revealed in Fig 1, the Verizon can use firewall to disallow un-trusted network to penetrate its network systems.

Fig 1: Firewall

Cryptographic Standards: Cryptographic Standards are other security systems that the company can use to prevent unauthorized access to the company data. With the cryptographic standards, the company will be able to send encrypted data over the network system using the ciphertext. The encryption will change the data into nonsense text, which can only be decrypted by an authorized person in possession of a decryption key. (Stallings, 2011). The security strategy is to assist the company to transfer data over the network in a secured manner. The cryptographic standards will also assist the company to transfer sensitive information such as credit cards and other information without being intercepted by unauthorized individuals. The company can also use the AES (Advanced Encryption Standard) for the security of its data. The AES uses the combination of 128,192 and 256 key to develop the 128-bit encryption keys. Typically, the AES will deliver effective security for the company data.

Intrusion Detection System: The IDS (Intrusion Detection System) is another security system that the company can use to detect unauthorized access to the company network systems. Typically, the IDS will assist the company to identify and detect malware, and anomalies that attempt to exploit the customer data and the company network infrastructure. In essence, the security system is to enhance the confidentiality, availability and integrity of the company customer critical information. (Abdel-Aziz, 2009). As being revealed in the fig 2, the IDS will detect unauthorized access into the company workstations.

Fig 2: Intrusion Detection system

Intrusion Prevention System: As being revealed in Fig 3, the IPS (Intrusion Prevention System) will also prevent an unauthorized access to the company network systems in order to protect the customer information resources. Thus, the paper suggests that the Verizon Communication should use the combination of the Firewall, IDS and IPS to protect the company network resources. Moreover, the Verizon Communication should use the physical IDS such as security camera, biometric card, security guards, mantrap, and motion sensors to identify, gather and prevent unauthorized activities in the company information resources.

Fig 3: Intrusion Prevention System

Antivirus: The Verizon Communication should also implement antivirus security policy as a measure to counter virus attack. Typically, the company is required to install antivirus in all its computer system to prevent virus or worm attacks. It is critical for the company to use the fourth generation antivirus to prevent as well as identifying complex polymorphic virus in the company computer systems. Verizon can also use the Digital Immune System, which is a powerful antivirus developed by the IBM.

"Typically, Digital Immune System provides rapid response time so that viruses can be stamped out almost as soon as they are introduced. When a new virus enters an organization, the immune system automatically captures it, analyzes it, adds detection and shielding for it, removes it, and passes information about that virus to systems running IBM Antivirus so that it can be detected before it is allowed to…