SlideShare a Scribd company logo

Implementing an improved security for collin’s database and telecommuters

Download as PPT, PDF
Rishabh Gupta
Rishabh Gupta

1) COLLINS is a state agency that stores confidential information and needs improved security for its database and telecommuters. 2) The proposal aims to implement the best security measures to protect data in the database and ensure security for telecommuters. 3) Methods like installing firewalls, encrypting sensitive data, and using digital signatures are proposed to provide database and network security.

Related slideshows

Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and Individuals
 
Topic11
Topic11Topic11
Topic11
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
1 of 13
PROPOSAL ON IMPLEMENTING AN IMPROVED SECURITY FOR COLLIN’s DATABASE AND TELECOMMUTERS
INTRODUCTION o The computer has become more of an everyday necessity in our personal world to communicate with other people and in our business world to help make the creation of advance documents, drawings, and storing the information. With this advancement of technology there has been an increased need for internet and file security. More businesses have developed a need for a fast and efficient way of transmitting information for various purposes within their business. With the increased use of the computer, there is a huge concern that the information that they have stored will be retrieved and misused. o Thus, it is essential that companies incorporate security measures so users both within the company and outside the company do not obtain, change, and even destroy the data that is maintained on their database. o Some of the threats for telecommuting are; computer viruses, password hacking, man-in middle attacks, identity theft, and social engineering. To overcome these threats, telecommuters and businesses need firewall protection, strong encryption, good authentication methods and anti-virus software. o COLLINS is a state agency that is in charge of maintaining safety for the public transportation system. COLLINS gathers and stores confidential information such as employee and client information. Therefore, the use of many security measures must be maintained and regulated so that unauthorized users are unable to gain access.
AIM: The agency aims at implementing the best security measures to maximize performance and Web security for telecommuters thus ensuring better security of data stored in the database server and improving the overall database design. STATEMENT OF PURPOSE: To make the database a more secure environment and to implement a combination of security measures that includes audit trails, database patches, IDS, firewalls
OBJECTIVE • To ensure better security of data stored in the database server, improve the overall database design • To entail techniques of proper encryption, firewalls, and to enhance the overall performance of COLLIN’s database.
RISK ANALYSIS • To consider when implementing security to the database is that multiple entry points are available to the database information for employees and business partners. The difficulty that is associated with ensuring each of these lines are secure is the complexity of the system itself changes as the company grows. • It is very crucial when implementing a firewall, the corporation has to decide how the firewall screens traffic and develops the firewall to accept or deny the incoming traffic to the system. • Network sniffers try to steal information as it is transmitted through the network from the client to the application server. Once they gain access to the information, they will misuse it. •
METHODOLOGY • Methods as installing fire wall, setting up isolation region for protected resource, encrypting • the sensitive information being stored and transmitted, providing identity authentication • and building secret passage, providing digital signature for audit and tracking to software • without any security guarantee are adopted to ensure Web service security.
1. INSTALL FIRE WALL The most popular security method is providing an isolation region to LAN or website. Fire wall of LAN is a function module inside computer or network equipments between innernet and Internet. Its purpose is to provide security protection to an innernet or host and control access objects, so it can also called access control technology. There are two operation mechanisms for fire wall e.g. packet filtering and agency. Packet filtering aims at the service provided by host of special IP address. Its basic principle is to intercept and capture IP packet of IP layer in network transmission, then find out resource address and destination address, source port and destination port of IP packet. Whether to transmit IP packet is based on fixed filtering principle. Agent is achieved in the application layer, the basic principle is to construct an independent agent program for Web services, and client program and the server can only exchange.
2. Encryption for Confidential Information This method is particularly effective to protect confidential information, which can prevent wiretapping and hacking. Transmission encryption in Web services is in general achieved in the application layer. When WWW server sends confidential information, firstly, it selects keys to encrypt the information, based on the receiver's IP address or other identification; After browser receives the encrypted data, it decrypts the encrypted data according to source address or other identification of the information in IP packet to get the required data. In addition, transmission, encryption and decryption of information at the IP layer also can be achieved by encrypting and decrypting the whole message to ensure information security at the network layer.
3. Provide Identity Authentication for the Client / Server Communication and Establish A Secure Channel Currently some network security protocols e.g. SSL and PCT have appeared, which are based on the existing network protocol. These two protocols are mainly used for not only protecting confidential information but also preventing other unauthorized users to invade their own host. SSL protocol is a private communication and includes technology of authentication, signature, encryption for the server, which can not only provide authentication for the server but also provide authentication for the client according to the options of the server. www.intechopen.com8 Security Enhanced Applications for Information Systems SSL protocol can run on any kind of reliable communication protocols, e.g. TCP, and can also run in application protocols e.g. HTTP, FTP, Telnet etc. SSL protocol uses X.509 V3 certification standards, RSA, Diffie- Hellman and the Fortezza-KEA as its public key algorithm and uses the RC4-128, RC- 128, DES, 3-layer DWS or IDEA as its data encryption algorithm. The authentication scheme and encryption algorithm provided by PCT are more abundant than SSL, and it makes improvements in some details of the agreement. IPSec protocol is used to provide end to end encryption and authentication services for public and private networks. It specifies all kinds of optional network security services, and the organizations can integrate and match these services according to their own security policy.
4. Digital Signatures for the Software Many large companies use digital signature technology for their software, and claim that they are responsible for the security of their software, especially e.g. Java applets, ActiveX controls, which will bring risks to Web services. Digital signatures are based on public key algorithms, using their private key to sign its own released software, and are authenticated by using the public key. Microsoft's Authenticode technology is used to identify a software publisher and prove that it has not been damaged. Authenticode is software for client, which monitors the ActiveX control, Cab files, Java applets, or download of executable file, and look for the digital certificate to verify in these files, and then show warning words, the certificate organization's name and other information to the user for possible security problems. Digital signature can protect the integrity of the software, and it is sensitive to illegal change of the software in the transfer process
BUDGET Personal Firewall Products: •McAfee Internet Security Suite www.mcfee.com $49.99 - $69.99 Windows •Norton Internet Security 2011 www.symantec.com $69.99 - $99.9 Windows •ZoneAlarm Internet Security Suite 6 www.zonelabs.com $49.95 Windows •Trend Micro PC-cillin Internet Security 2011 www.trendmicro.com $49.95 - 124.95 Windows •Smooth Wall www.smoothwall.org, Free ,Linux •Sygate Personal Firewall www.sygate.com, Free ,Windows •Tiny Firewall www.tinysofware.com ,Free ,Windows Total Budget :$375.95
BENEFITS • First line of defense: Transparently detect and block SQL injection attacks, privilege escalation, and other threats. • Faster response: Automatically detect unauthorized database activities that violate security policies, and thwart perpetrators from covering their tracks • Simplified compliance reporting: Easily analyze audit and event data and take action in a timely fashion with out-of-the-box compliance reports.
CONCLUSION AND RECOMMENDATIONS Also, as a telecommuter, the companies should recommend providing their employees with the best firewalls available to their employees working outside the office. The best software is the one which serves business needs and is based on the network infrastructure and business environment. Personal firewalls are designed in such a way that it is easy to install and operate, and can significantly reduce the risk of intrusion. The rationale of having a firewall is to keep out hackers and permit or deny certain traffic in/out of the network. The firewall is one of the building blocks of a well-designed security structure.

More Related Content

Implementing an improved security for collin’s database and telecommuters

  • 1. PROPOSAL ON IMPLEMENTING AN IMPROVED SECURITY FOR COLLIN’s DATABASE AND TELECOMMUTERS
  • 2. INTRODUCTION o The computer has become more of an everyday necessity in our personal world to communicate with other people and in our business world to help make the creation of advance documents, drawings, and storing the information. With this advancement of technology there has been an increased need for internet and file security. More businesses have developed a need for a fast and efficient way of transmitting information for various purposes within their business. With the increased use of the computer, there is a huge concern that the information that they have stored will be retrieved and misused. o Thus, it is essential that companies incorporate security measures so users both within the company and outside the company do not obtain, change, and even destroy the data that is maintained on their database. o Some of the threats for telecommuting are; computer viruses, password hacking, man-in middle attacks, identity theft, and social engineering. To overcome these threats, telecommuters and businesses need firewall protection, strong encryption, good authentication methods and anti-virus software. o COLLINS is a state agency that is in charge of maintaining safety for the public transportation system. COLLINS gathers and stores confidential information such as employee and client information. Therefore, the use of many security measures must be maintained and regulated so that unauthorized users are unable to gain access.
  • 3. AIM: The agency aims at implementing the best security measures to maximize performance and Web security for telecommuters thus ensuring better security of data stored in the database server and improving the overall database design. STATEMENT OF PURPOSE: To make the database a more secure environment and to implement a combination of security measures that includes audit trails, database patches, IDS, firewalls
  • 4. OBJECTIVE • To ensure better security of data stored in the database server, improve the overall database design • To entail techniques of proper encryption, firewalls, and to enhance the overall performance of COLLIN’s database.
  • 5. RISK ANALYSIS • To consider when implementing security to the database is that multiple entry points are available to the database information for employees and business partners. The difficulty that is associated with ensuring each of these lines are secure is the complexity of the system itself changes as the company grows. • It is very crucial when implementing a firewall, the corporation has to decide how the firewall screens traffic and develops the firewall to accept or deny the incoming traffic to the system. • Network sniffers try to steal information as it is transmitted through the network from the client to the application server. Once they gain access to the information, they will misuse it. •
  • 6. METHODOLOGY • Methods as installing fire wall, setting up isolation region for protected resource, encrypting • the sensitive information being stored and transmitted, providing identity authentication • and building secret passage, providing digital signature for audit and tracking to software • without any security guarantee are adopted to ensure Web service security.
  • 7. 1. INSTALL FIRE WALL The most popular security method is providing an isolation region to LAN or website. Fire wall of LAN is a function module inside computer or network equipments between innernet and Internet. Its purpose is to provide security protection to an innernet or host and control access objects, so it can also called access control technology. There are two operation mechanisms for fire wall e.g. packet filtering and agency. Packet filtering aims at the service provided by host of special IP address. Its basic principle is to intercept and capture IP packet of IP layer in network transmission, then find out resource address and destination address, source port and destination port of IP packet. Whether to transmit IP packet is based on fixed filtering principle. Agent is achieved in the application layer, the basic principle is to construct an independent agent program for Web services, and client program and the server can only exchange.
  • 8. 2. Encryption for Confidential Information This method is particularly effective to protect confidential information, which can prevent wiretapping and hacking. Transmission encryption in Web services is in general achieved in the application layer. When WWW server sends confidential information, firstly, it selects keys to encrypt the information, based on the receiver's IP address or other identification; After browser receives the encrypted data, it decrypts the encrypted data according to source address or other identification of the information in IP packet to get the required data. In addition, transmission, encryption and decryption of information at the IP layer also can be achieved by encrypting and decrypting the whole message to ensure information security at the network layer.
  • 9. 3. Provide Identity Authentication for the Client / Server Communication and Establish A Secure Channel Currently some network security protocols e.g. SSL and PCT have appeared, which are based on the existing network protocol. These two protocols are mainly used for not only protecting confidential information but also preventing other unauthorized users to invade their own host. SSL protocol is a private communication and includes technology of authentication, signature, encryption for the server, which can not only provide authentication for the server but also provide authentication for the client according to the options of the server. www.intechopen.com8 Security Enhanced Applications for Information Systems SSL protocol can run on any kind of reliable communication protocols, e.g. TCP, and can also run in application protocols e.g. HTTP, FTP, Telnet etc. SSL protocol uses X.509 V3 certification standards, RSA, Diffie- Hellman and the Fortezza-KEA as its public key algorithm and uses the RC4-128, RC- 128, DES, 3-layer DWS or IDEA as its data encryption algorithm. The authentication scheme and encryption algorithm provided by PCT are more abundant than SSL, and it makes improvements in some details of the agreement. IPSec protocol is used to provide end to end encryption and authentication services for public and private networks. It specifies all kinds of optional network security services, and the organizations can integrate and match these services according to their own security policy.
  • 10. 4. Digital Signatures for the Software Many large companies use digital signature technology for their software, and claim that they are responsible for the security of their software, especially e.g. Java applets, ActiveX controls, which will bring risks to Web services. Digital signatures are based on public key algorithms, using their private key to sign its own released software, and are authenticated by using the public key. Microsoft's Authenticode technology is used to identify a software publisher and prove that it has not been damaged. Authenticode is software for client, which monitors the ActiveX control, Cab files, Java applets, or download of executable file, and look for the digital certificate to verify in these files, and then show warning words, the certificate organization's name and other information to the user for possible security problems. Digital signature can protect the integrity of the software, and it is sensitive to illegal change of the software in the transfer process
  • 11. BUDGET Personal Firewall Products: •McAfee Internet Security Suite www.mcfee.com $49.99 - $69.99 Windows •Norton Internet Security 2011 www.symantec.com $69.99 - $99.9 Windows •ZoneAlarm Internet Security Suite 6 www.zonelabs.com $49.95 Windows •Trend Micro PC-cillin Internet Security 2011 www.trendmicro.com $49.95 - 124.95 Windows •Smooth Wall www.smoothwall.org, Free ,Linux •Sygate Personal Firewall www.sygate.com, Free ,Windows •Tiny Firewall www.tinysofware.com ,Free ,Windows Total Budget :$375.95
  • 12. BENEFITS • First line of defense: Transparently detect and block SQL injection attacks, privilege escalation, and other threats. • Faster response: Automatically detect unauthorized database activities that violate security policies, and thwart perpetrators from covering their tracks • Simplified compliance reporting: Easily analyze audit and event data and take action in a timely fashion with out-of-the-box compliance reports.
  • 13. CONCLUSION AND RECOMMENDATIONS Also, as a telecommuter, the companies should recommend providing their employees with the best firewalls available to their employees working outside the office. The best software is the one which serves business needs and is based on the network infrastructure and business environment. Personal firewalls are designed in such a way that it is easy to install and operate, and can significantly reduce the risk of intrusion. The rationale of having a firewall is to keep out hackers and permit or deny certain traffic in/out of the network. The firewall is one of the building blocks of a well-designed security structure.