Security Policy

In this network security policy, it is defined as a formal statement of rules for people who are granted access to the organization resources to abide (Temasek Polytechinc, n.d.). Since threats are ever-growing and ever-changing, hence network security policy is a continuous cycle. In this cycle, it is divided into 4 phase, namely secure, monitor, test and improve.

In secure stage, it will begin to implement things to prevent any possible loss of information (Temasek Polytechinc, n.d.). This includes requiring constant change of password and implementing firewall in the network.

In monitoring stage, it will be detecting any violation to the policy (Temasek Polytechinc, n.d.). It normally involves the use of the Intrusion Detection System (IDS) to flag any violations to network adminstrator.

In test stage, the organization will be performing penetration testing or auditing the network system (Temasek Polytechinc, n.d.).

After gathering information from both monitoring and test stage, the organization will be improving or create a new security policies based on any vulnerability that is being surfaced in the organization (Temasek Polytechinc, n.d.). This stage is also known as the improve stage.

Figure 1 (Security policy life cycle)

When developing security policy, the organization can decide in three ways according to RFC 2196. Firstly, "Services offered versus security provided." In this concept, the network administrator can decide whether to provide the service (carries more security risks) or not to provide the service (least benefits) (Tittel, 2003).

Secondly, "Ease of use versus security." Network administrator can also decide between the ease of use (less secure) or “user-unfriendly” interface (most secure). Hence, depending on the situation, the network administrator will be deciding between these two extremities (Tittel, 2003).

Lastly, "Cost of security versus risk of loss." Network administrator can decide between the costs of security (in terms of performance, ease of use and cost) and loss when they didn’t implement. These include the loss of information, privacy and service (Tittel, 2003).

References:

[Information security policy]. Retrieved April 27, 2012, from: http://trustedtoolkit.blogspot.com/2007/07/information-security-policy-101_03.html

Temasek Polytechinc. (n.d.). L02 - Laws and ethics. Singapore, Singapore, Singapore. Retrieved from SearchSecurity.

Temasek Polytechinc. (n.d.). Overview of internetworking security. Singapore, Singapore, Singapore.

Tittel, E. (2003, August). The security policy document library: site security handbook. Retrieved April 27, 2012, from SearchSecurity: http://searchsecurity.techtarget.com/tip/The-security-policy-document-library-Site-Security-Handbook

Common Networking Attacks Threats and Solution

In this highly globalized world, both threats in defense technologies are improving in a rapid pace. This led to a lot of disastrous problem such as unauthorized disclosure of information, including states secret.

One of the problems of network will be Ping of Death attack. In this attack, one of the hosts will be sending defected packet unintentionally or intentionally. As a result, instead of sending 32 bytes of data, the host will be sending 65,525 bytes of ping packet. This will result in buffer overflow, crashing the computer (“Ping of”, 2012). Ping of Death is also one of the methods for denial of service.

To solve the problem of denial of service, network administrator can implement Intrusion Prevention System (IPS). IPS will be able to detect any anomaly activities through signature, or “experience” of that normal network conditions (“Intrusion prevention,” 2012). Another method will be traffic rate limiting. In this method, they will be implementing a quota for the traffic allowed for the network (Temasek Polytechinc, n.d.).

Here is the video explaining the differences between IPS and Intrusion Prevention System (IDS):

Another common networking threat will be scanning phase of the attack. In that phase, the hacker will try to map the network of the victim’s system (“Types of,” 2011). One of the ways will be performing banner grabbing using Netcat to determine the victim’s Operating System (OS). By doing so, the hacker will be able to retrieve information about OS versions and begin to exploit the known vulnerability of that OS (Banner grabbing, 2012). After scanning is completed, it will normally mean that the hacker will be preparing for phase 3, which is gaining access to the network.

Figure 1 (Steps of hacking (Graves, 2010, p. 8))

Figure 2 (Phase of scanning (Graves, 2010, p. 67))

There are several ways to prevent any scanning from taking place. One of the ways will be disabling unused services on the network host (Banner grabbing, 2012). Another way will be using Intrusion Detection System (IDS) to notify the network administrator when reconnaissance is taking place (Temasek Polytechinc, n.d.).

In conclusion, these networking threats cannot be thoroughly eliminated since ‘older’ threats are ever-changing and ‘new’ threats are emerging. Therefore being a network administrator, it is important for them to keep themselves updated through visiting the advisories that is made by the manufacturer and update the latest security patches from the manufacturer.

References:

Types of network attacks: four primary classes. (2011, July 17). Retrieved April 27, 2012, from CCNAanswers-khim: http://ccnaanswers-khim.blogspot.com/2011/07/types-of-network-attacks-four-primary.html

Banner grabbing. (2012, February 22). Retrieved April 27, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Banner_grabbing

Intrusion prevention system. (2012, March 25). Retrieved April 26, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Intrusion-prevention_system

Ping of death. (2012, March 16). Retrieved April 2012, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Ping_of_death`

Graves, K. (2010, April 26). Certified ethical hacker. Sybex.

Temasek Polytechinc. (n.d.). Overview of internetworking security. Singapore, Singapore, Singapore.