Implementing an improved security for collin’s database and telecommuters
- 2. INTRODUCTION
o The computer has become more of an everyday necessity in our personal world to
communicate with other people and in our business world to help make the creation of
advance documents, drawings, and storing the information. With this advancement of
technology there has been an increased need for internet and file security. More
businesses have developed a need for a fast and efficient way of transmitting information
for various purposes within their business. With the increased use of the computer, there
is a huge concern that the information that they have stored will be retrieved and misused.
o Thus, it is essential that companies incorporate security measures so users both within the
company and outside the company do not obtain, change, and even destroy the data that
is maintained on their database.
o Some of the threats for telecommuting are; computer viruses, password hacking,
man-in middle attacks, identity theft, and social engineering. To overcome these threats,
telecommuters and businesses need firewall protection, strong encryption, good
authentication methods and anti-virus software.
o COLLINS is a state agency that is in charge of maintaining safety for the public
transportation system. COLLINS gathers and stores confidential information such as
employee and client information. Therefore, the use of many security measures must be
maintained and regulated so that unauthorized users are unable to gain access.
- 3. AIM:
The agency aims at implementing the best security
measures to maximize performance and Web security
for telecommuters thus ensuring better security of
data stored in the database server and improving the
overall database design.
STATEMENT OF PURPOSE:
To make the database a more secure
environment and to implement a combination
of security measures that includes audit trails,
database patches, IDS, firewalls
- 4. OBJECTIVE
• To ensure better security of data stored
in the database server, improve the
overall database design
• To entail techniques of proper
encryption, firewalls, and to enhance the
overall performance of COLLIN’s
database.
- 5. RISK ANALYSIS
• To consider when implementing security to the database is
that multiple entry points are available to the database
information for employees and business partners. The
difficulty that is associated with ensuring each of these lines
are secure is the complexity of the system itself changes as
the company grows.
• It is very crucial when implementing a firewall, the
corporation has to decide how the firewall screens traffic and
develops the firewall to accept or deny the incoming traffic to
the system.
• Network sniffers try to steal information as it is transmitted
through the network from the client to the application server.
Once they gain access to the information, they will misuse it.
•
- 6. METHODOLOGY
• Methods as installing fire wall, setting up
isolation region for protected resource,
encrypting
• the sensitive information being stored and
transmitted, providing identity authentication
• and building secret passage, providing digital
signature for audit and tracking to software
• without any security guarantee are adopted
to ensure Web service security.
- 7. 1. INSTALL FIRE WALL
The most popular security method is providing an isolation
region to LAN or website. Fire wall of LAN is a function
module inside computer or network equipments between
innernet and Internet. Its purpose is to provide security
protection to an innernet or host and control access
objects, so it can also called access control technology.
There are two operation mechanisms for fire wall e.g.
packet filtering and agency. Packet filtering aims at the
service provided by host of special IP address. Its basic
principle is to intercept and capture IP packet of IP layer in
network transmission, then find out resource address and
destination address, source port and destination port of IP
packet. Whether to transmit IP packet is based on fixed
filtering principle. Agent is achieved in the application
layer, the basic principle is to construct an independent
agent program for Web services, and client program and
the server can only exchange.
- 8. 2. Encryption for Confidential Information
This method is particularly effective to protect confidential
information, which can prevent wiretapping and hacking.
Transmission encryption in Web services is in general
achieved in the application layer. When WWW server sends
confidential information, firstly, it selects keys to encrypt the
information, based on the receiver's IP address or other
identification; After browser receives the encrypted data, it
decrypts the encrypted data according to source address or
other identification of the information in IP packet to get the
required data. In addition, transmission, encryption and
decryption of information at the IP layer also can be achieved
by encrypting and decrypting the whole message to ensure
information security at the network layer.
- 9. 3. Provide Identity Authentication for the Client / Server
Communication and Establish A
Secure Channel
Currently some network security protocols e.g. SSL and PCT have appeared, which are
based on the existing network protocol. These two protocols are mainly used for not
only protecting confidential information but also preventing other unauthorized users
to invade their own host. SSL protocol is a private communication and includes
technology of authentication, signature, encryption for the server, which can not only
provide authentication for the server but also provide authentication for the client
according to the options of the server. www.intechopen.com8 Security Enhanced
Applications for Information Systems SSL protocol can run on any kind of reliable
communication protocols, e.g. TCP, and can also run in application protocols e.g.
HTTP, FTP, Telnet etc. SSL protocol uses X.509 V3 certification standards, RSA, Diffie-
Hellman and the Fortezza-KEA as its public key algorithm and uses the RC4-128, RC-
128, DES, 3-layer DWS or IDEA as its data encryption algorithm. The authentication
scheme and encryption algorithm provided by PCT are more abundant than SSL, and it
makes improvements in some details of the agreement. IPSec protocol is used to
provide end to end encryption and authentication services for public and private
networks. It specifies all kinds of optional network security services, and the
organizations can integrate and match these services according to their own security
policy.
- 10. 4. Digital Signatures for the Software
Many large companies use digital signature technology for their
software, and claim that they are responsible for the security of their
software, especially e.g. Java applets, ActiveX controls, which will bring
risks to Web services. Digital signatures are based on public key
algorithms, using their private key to sign its own released software,
and are authenticated by using the public key. Microsoft's
Authenticode technology is used to identify a software publisher and
prove that it has not been damaged. Authenticode is software for
client, which monitors the ActiveX control, Cab files, Java applets, or
download of executable file, and look for the digital certificate to
verify in these files, and then show warning words, the certificate
organization's name and other information to the user for possible
security problems. Digital signature can protect the integrity of the
software, and it is sensitive to illegal change of the software in the
transfer process
- 11. BUDGET
Personal Firewall Products:
•McAfee Internet Security Suite www.mcfee.com $49.99 -
$69.99 Windows
•Norton Internet Security 2011 www.symantec.com $69.99 -
$99.9 Windows
•ZoneAlarm Internet Security Suite 6 www.zonelabs.com
$49.95 Windows
•Trend Micro PC-cillin Internet Security 2011
www.trendmicro.com $49.95 - 124.95 Windows
•Smooth Wall www.smoothwall.org, Free ,Linux
•Sygate Personal Firewall www.sygate.com, Free ,Windows
•Tiny Firewall www.tinysofware.com ,Free ,Windows
Total Budget :$375.95
- 12. BENEFITS
• First line of defense: Transparently detect and
block SQL injection attacks, privilege
escalation, and other threats.
• Faster response: Automatically detect
unauthorized database activities that violate
security policies, and thwart perpetrators
from covering their tracks
• Simplified compliance reporting: Easily
analyze audit and event data and take action
in a timely fashion with out-of-the-box
compliance reports.
- 13. CONCLUSION AND RECOMMENDATIONS
Also, as a telecommuter, the companies should
recommend providing their employees with the best
firewalls available to their employees working outside the
office. The best software is the one which serves business
needs and is based on the network infrastructure and
business environment. Personal firewalls are designed in
such a way that it is easy to install and operate, and can
significantly reduce the risk of intrusion. The rationale of
having a firewall is to keep out hackers and permit or
deny certain traffic in/out of the network. The firewall is
one of the building blocks of a well-designed security
structure.