Network security is an important component for all companies including small and medium sized firms because very few businesses can operate without a network of computers. The network of computers facilitates improved communication in order for the company to improve its profitability or productivity. However, the improved communication between computers is also associated with some inherent risks such as malware and unauthorized access. The risk and impact of these threats can be lessened through a good network security policy that is properly implemented and well managed. A good network security policy is essential for a medium sized company since the size of the firm does not prevent it from being targeted by cyber-criminals. The development of a good security policy is the first step towards establishing and managing network security. Some of the important considerations to make for the security policy include network security fundamentals, security issues, and security threats.
Overview of Network Security:
For a long period of time, small, medium-sized, and large companies have been struggling with security threats from the hacking community or cyber criminals. The ability of these companies to deal with the threats is affected by the rapid evolution of security technology and the increased complexity of security threats. However, companies need to ensure computer and network security in order to protect its assets, gain a competitive advantage, and comply with fiduciary responsibilities and regulatory requirements (Canavan, 2001). This is primarily because network security focuses on safeguarding information regarding company assets.
Network security is established in the company in order to deal with security threats, issues, and vulnerabilities. Security threats are things that can interrupt the functioning, operation, availability, and integrity of a system or network while security issues or vulnerabilities are inherent weaknesses in design, arrangement, and implementation of a system or network. The three main sources of security vulnerabilities or issues are poor system or network design, poor implementation, and poor management of the network or system. Network security threats can also be defined as situations or events with the capability of causing harm to a networked system. Some of the most common sources of such events or circumstances include unauthorized access, worms, denial of service, impersonation, and viruses (Wijayatunga, n.d.). Therefore, a good network security policy ensures there is proper design and implementation of the network or system as well as proper management. Notably, network security refers to measures taken to safeguard data or information during transmission. The most common security services include authorization, data integrity, authentication, data confidentiality, access control, DoS mitigation, and auditing or logging.
Detailed Network Security Recommendations:
As evident in this analysis network security is an important element for this medium sized company because of the significance of security measures in protecting the company's information. As previously mentioned, these are various security measures that the firm can adopt and implement to ensure the protection of its data or information. These measures include cryptography, which is the key to securing information on a network. This measure can be used as a technique for providing privacy, ensure data integrity, and authenticate identities of the various communicating parties. Cryptography involves various initiatives such as encryption, symmetric key cryptography, and asymmetric key cryptography. Encryption is the procedure that entails transforming plaintext to ciphertext through the use of a cryptographic key while symmetric key cryptography uses a single, private key for encryption and decryption of information. In contrast, asymmetric key cryptography involves using separate public and private key pairs for encryption and decryption of information.
The second major aspect of network security for this medium sized company is a firewall, which is a security gateway or a filtering tool that enforces network security policy and safeguards a network against external attacks (Stewart, 2013, p.44). The filtering process allows the network to permit the transmission of necessary information or deny what is not needed. The process is based on filtering rules where each rule consists of a pattern of concern and the response the firewall will produce in case an incoming element is in line with the pattern. Consequently, firewalls follow a philosophy or position of security that is known as allow by exception or deny by default. If a packet in the network or system matches an allow rule, the packet is allowed to…