Network security policies and practices

Network Security for a Medium Sized Company:

Network security is an important component for all companies including small and medium sized firms because very few businesses can operate without a network of computers. The network of computers facilitates improved communication in order for the company to improve its profitability or productivity. However, the improved communication between computers is also associated with some inherent risks such as malware and unauthorized access. The risk and impact of these threats can be lessened through a good network security policy that is properly implemented and well managed. A good network security policy is essential for a medium sized company since the size of the firm does not prevent it from being targeted by cyber-criminals. The development of a good security policy is the first step towards establishing and managing network security. Some of the important considerations to make for the security policy include network security fundamentals, security issues, and security threats.

Overview of Network Security:

For a long period of time, small, medium-sized, and large companies have been struggling with security threats from the hacking community or cyber criminals. The ability of these companies to deal with the threats is affected by the rapid evolution of security technology and the increased complexity of security threats. However, companies need to ensure computer and network security in order to protect its assets, gain a competitive advantage, and comply with fiduciary responsibilities and regulatory requirements (Canavan, 2001). This is primarily because network security focuses on safeguarding information regarding company assets.

Network security is established in the company in order to deal with security threats, issues, and vulnerabilities. Security threats are things that can interrupt the functioning, operation, availability, and integrity of a system or network while security issues or vulnerabilities are inherent weaknesses in design, arrangement, and implementation of a system or network. The three main sources of security vulnerabilities or issues are poor system or network design, poor implementation, and poor management of the network or system. Network security threats can also be defined as situations or events with the capability of causing harm to a networked system. Some of the most common sources of such events or circumstances include unauthorized access, worms, denial of service, impersonation, and viruses (Wijayatunga, n.d.). Therefore, a good network security policy ensures there is proper design and implementation of the network or system as well as proper management. Notably, network security refers to measures taken to safeguard data or information during transmission. The most common security services include authorization, data integrity, authentication, data confidentiality, access control, DoS mitigation, and auditing or logging.

Detailed Network Security Recommendations:

As evident in this analysis network security is an important element for this medium sized company because of the significance of security measures in protecting the company's information. As previously mentioned, these are various security measures that the firm can adopt and implement to ensure the protection of its data or information. These measures include cryptography, which is the key to securing information on a network. This measure can be used as a technique for providing privacy, ensure data integrity, and authenticate identities of the various communicating parties. Cryptography involves various initiatives such as encryption, symmetric key cryptography, and asymmetric key cryptography. Encryption is the procedure that entails transforming plaintext to ciphertext through the use of a cryptographic key while symmetric key cryptography uses a single, private key for encryption and decryption of information. In contrast, asymmetric key cryptography involves using separate public and private key pairs for encryption and decryption of information.

The second major aspect of network security for this medium sized company is a firewall, which is a security gateway or a filtering tool that enforces network security policy and safeguards a network against external attacks (Stewart, 2013, p.44). The filtering process allows the network to permit the transmission of necessary information or deny what is not needed. The process is based on filtering rules where each rule consists of a pattern of concern and the response the firewall will produce in case an incoming element is in line with the pattern. Consequently, firewalls follow a philosophy or position of security that is known as allow by exception or deny by default. If a packet in the network or system matches an allow rule, the packet is allowed to proceed to its destination while it is prevented to reach its destination if it fails to match any rule.

The use of a firewall also entails the identification and implementation of a VPN solution or server. There are two approaches for choosing a VPN solution i.e. The VPN server is linked to the Internet and the firewall is between the server and the intranet or the firewall is linked to the Internet and the VPN server is located between the firewall and the intranet. Moreover, VPN solutions can be classified into three major scenarios i.e. network-network scenario, host-network scenario, and host-host scenario ("VPN Scenarios," n.d.). The first scenario is appropriate for link a company's branches overseas since two subnets are linked using a VPN tunnel. As a degenerate case of the first scenario, the second one is where one of the subnets to be connected is made of just one host. The third scenario is the connection of only a pair of hosts through lessening the host-network scenario.

In determining the most appropriate approach towards ensuring network security, the company should first consider whether the network needs to connect to a Wide Area Network and whether the WAN is secure. Secondly, the company should consider purchasing a hardware firewall since users have a more challenging and difficult time in by-passing this kind of firewall (Cheesley, 2010). Third, the firewall should be placed at the entry point of the network i.e. The link between the Local Area Network and the Wide Area Network in order to prevent an intrusion. In addition, the company should consider using client-based firewalls because of the likelihood of some software firewalls to cause problems. The other recommendations include ensuring password complexity requirement and implementing a proxy server to limit and log access to the Internet.

The implementation of these solutions requires the execution of various important stages towards network security. First, the company's network requirements should be defined depending on the nature of the firm's business and its practices. Secondly, the medium sized firm should conduct a risk analysis to determine potential security threats, issues, and needs. Third, the security needs should be used as the basis of identification and implementation of network security policy and practices. Once these policies and practices that have been effectively implemented, the firm should review collateral issues like long-term support and operational management needs.

If hired by the medium sized company for the long-term as the Chief Information Security Officer, I would conduct various practices to ensure security within the enterprise. The first practice would be to conduct a periodic risk analysis in order to determine the firm's security threats, issues, and needs. This practice will be followed by the development and review of a network security policy based on the identified security threats and security needs. Third, the company's employees will be provided with education or training on how to use the network or system in order to avoid any security threat or vulnerability. The fourth practice will involve implementation of security precautions based on information in the network security policy.