www.assignmentwritingindia.

com

Network security
Content
ABSTRACT....................................................................................................................................3

INTRODUCTION...........................................................................................................................4

Importance of computer and network security............................................................................5

To uphold company assets.......................................................................................................5

To develop and maintain effectual security.............................................................................5

To meet dogmatic necessities and fiduciary responsibilities...................................................5

To secure one’s position...........................................................................................................6

ISSUES OF NETWORK SECURITY............................................................................................7

Authentication..............................................................................................................................7

Integrity........................................................................................................................................7

Confidentiality.............................................................................................................................7

Non-repudiation...........................................................................................................................7

Availability...................................................................................................................................7

Authorization...............................................................................................................................7

Vulnerability................................................................................................................................8

Different types of Vulnerabilities.............................................................................................8

THREATS AND ATTACKS..........................................................................................................9

Types and Sources of Network Threats.......................................................................................9

DoS (Denial-of-Service).........................................................................................................10

Unauthorized Access..............................................................................................................11

Executing illegal Commands..................................................................................................11

Confidentiality Violation........................................................................................................12

Destructive criticism...............................................................................................................12

Page | 1
 IP spoofing.............................................................................................................................13

THE WHY’S AND WHEREFORE’S...........................................................................................13

SIX LESSONS LEARNED FROM- J.P. Holbrook & J.K. Reynolds..........................................13

Use backups...............................................................................................................................13

Don't put data unnecessarily......................................................................................................14

Avoid single points of failure systems...................................................................................14

Update the germane operating system.......................................................................................14

Look for appropriate security advisories...................................................................................14

Keep staff person proverbial with security practices.................................................................14

BASIC TIPS FOR NETWORK SECURITY................................................................................15

SECURE NETWORK ARCHITECTURE....................................................................................16

Logging......................................................................................................................................17

Firewalls.....................................................................................................................................17

Separating User Populations and Servers...............................................................................17

Limiting Access......................................................................................................................18

Network connectivity devices....................................................................................................19

Non-secured places for Network Connectivity Devices........................................................19

Gateway Security.......................................................................................................................20

IDS (intrusion detection system)................................................................................................20

Content filtering.........................................................................................................................21

Developing Security Policies.....................................................................................................21

Conclusions/ Recommendations....................................................................................................22

Bibliography..................................................................................................................................23

Page | 2
ABSTRACT

“Network Security is the most important aspect in any organization”. This is the sentence which
we hear for many mouths. But, those people who know its importance do not know the issues
that should to be considered and implemented to maintain the network securely. In this
Document I want to explain about the minimum basic issues that need to be covered in the
architecture of the network, the policies that need to be implemented in any of the network of an
organisation. I want to explain briefly the security issues caused due to the mis configurations of
the technologies, the threats and the attacks caused in the network, discuss network security
architecture and defense in depth, i.e. what is required such as policies, training of users, and of
course network security architecture including logging, firewalls, IDS, IPS, locking
down/hardening servers/desktops, maintaining Confidentiality, Integrity, Availability, etc

Page | 3
INTRODUCTION

The basic understanding of network security is requisite; in order to understand this we should
know what is Network. The brief introduction about the Network is that it is the “set of inter
linking of lines which is similar to a net, an interconnected systems, network of infrastructure
and alliance”. The network is simply an interconnection of computers, no mater how they are
connected. [ CITATION Lex \l 1033 ]
Network security has globally become a critical issue, this has created an treat for the many
organizations especially in small and medium business; this is because they often lack in
securing their networks and is not sufficient to protect and defend from the sophisticated internet
threats. As we all know that global economy is more reliant on IT assets and Internet
communications, so the network security has become a serious issues in designing, planning and
implementing an assortment of security tools and their communication. The Information Age
technologies have increasingly become significant factors in network security. [ CITATION
Mat97 \l 1033 ]
The security in Information Age is striking with the remarkable profits, however has some
unparalleled risks. This is not only a continual and unremitted concern of security, yet downtime
of network is objectionable. Well, this document is intended to the advance users of computer
network in an organization, here i have explained the concepts of network security, why is it
necessary, its hype in the market place, also this will aid organizations to install, configure,
understanding the risks and how to overcome the attack of threats and maintain the secured
servers and operating systems. [ CITATION Mat97 \l 1033 ]

Importance of computer and network security

This is the most common question asked which might seem illogical, but yet this is the critical
for the companies to know, define and explain why they seek to accomplish the computer and
network security in to business. This is useful to utilize in quest of senior managements
endorsement associated with security expenditures.
Also helpful to utilize it seeking from the higher management’s authorization related to security
expenditures. A few reasons mentioned below for computer and network security [ CITATION
Joh01 \l 1033 ]

Page | 4
To uphold company assets
The most important function of the computer and network security is to safeguard the company
assets. Here company assets means “Information & Data” housed in a company, rather not the
hardware or software comprised in companies computer and network. Data and information is
the imperative asset of the organization. Information perhaps defined as organized data which
can access in logical and in consequential way. Network security is more concerned about the
fortification, veracity, accessibility of the information.

To develop and maintain effectual security

Certain important measures will provide a competitive advantage in an organization over its
antagonism. Network security has significant role in e- commerce business and Internet finance
service. It will signify the disparity of large acceptance of service and middling commerce
reaction. For instance, if we consider Internet banking service there are very users who use this
service. And if they knew that the system is been hacked then they would go for rival of their
internet banking service.

To meet dogmatic necessities and fiduciary responsibilities

Managers of cooperate company should have a responsibility to maintain safety and security of
the company. One of the responsibilities includes ensuring the enduring operation of the
business. The organization which depends on the computers for their operations must implement
polices and security components in an organizations. Such procedures of maintain security and
polices are not only important for the protection of the company assets but also for liability of the
organization. The commercial business should also protect the investment of share holders and
maximize the profit. Besides, many organizations were subjected to government law. The
government regulation often stipulates the safety and security requirements of the organization.
In the case study, every monetary institution is subjected to federal commandment. If fail to
obey federal commandment, perhaps results in convulsion of a financial organization by the
federal regulators. If some company officers who properly don’t perform the dogmatic and
fiduciary tasks are individually liable for any sufferers incurred by the financial organization.

Page | 5
To secure one’s position
To keep up your job in an organization and to have prospects in their career, it is very significant
to carry the measures which protect the company assets. Maintaining secured systems and
networks in an organization should be administrators’ job. If once failed to protect might lead to
termination.[ CITATION Joh01 \l 1033 ]

ISSUES OF NETWORK SECURITY

Security issues are intensifying at an alarming rate globally every year. Since, the complications
increasing the attack of threats in an organization so security measures are taken up to protect
networks. Some of the common issues are mentioned below [ CITATION LZh99 \l 1033 ].

Authentication
This is the process in which user’s identity verification is done.

Integrity
This is the process of sending the same data which is arrived, it is nothing but maintaining the
reliability of data. This can even be said as maintaining accuracy of data; this in turn refers as
capability of securing the information or transmissions form the unauthorized networks or
fortuitous modifications. The term Integrity is generally used in reference to network functioning
their system and application

Confidentiality
This is the process of maintaining the insightful data’s and information available in an
organization to eavesdropper, so to avoid this data’s should be encrypted.

Non-repudiation
Assertion in any business that has taken place is consequently proved. This is nothing but
accepting the disclaimer, means non-renunciation or non-debunking.

Availability
This is the process of making the system network, hardware, software reliable by recovering
promptly and fully while interlude of service. Preferably, these essentials should not prone to
Denial-of- Service attacks.

Page | 6
Authorization
It is the process of giving an official instruction or command or right to give access to the users.
The act of conferring legality or authorize or official warrant.

Vulnerability
Vulnerability is considered as an inherent flaw in the plan, design, or execution of the system
network which delivers it and is more susceptible to the threats and attacks. The more chances of
getting vulnerable are due to the three factors they are:
1. Weak design
2. Poor performance
3. Poor management resources [ CITATION Joh01 \l 1033 ]

Different types of Vulnerabilities

1. Server-vulnerabilities
 Web based applications
 Data base software’s

2. Client-vulnerabilities
 Media players
 Web browser
 Email client

3. Safety and security policies and employees

 Cutting off Phishing or shear phishing

4. Mal-treat of application
 Peer to peer program
 Quick messaging

5. Zero-day attacks

Page | 7
  Zero day attacks [ CITATION AlR09 \l 1033 ]

THREATS AND ATTACKS

There is lot of network security threats which is being widely spreading in the internet creating a
fear in an organization. Some of the threats are listed below: [ CITATION And1 \l 1033 ]:
• Denial of Service (DoS)
• Un-authorized threat
• Smurf attack
• Email related - virus, Trojan horses, worm
• Eavesdropping
• Data diddling
• Teardrop attack
• Spoofing
• Identity theft
• SYN Attack

Types and Sources of Network Threats

We have already covered enough information on system and networking so that we can know the
security aspects of the organization. Firstly, we shall discuss on types and sources of threats and
attacks on computer networks, and then how to protect and get the safety measurements against
various attacks.

Page | 8
Figure 1 Common attack types and threat level [ CITATION AlR09 \l 1033 ]

DoS (Denial-of-Service)

DoS (Denial-of-Service) attack is the most complicated and hard to address, it is found as most
horrible attack. This is so called horrible attack because it is very easy to commence but very
difficult and sometimes not possible to trace, and it is also difficult to decline the attacker’s
request without rejecting lawful request for the services. The hypothesis for network connection
in an organization by DoS attack is very easy and simple; they just need to send many requests to
the system more than its capacity. This is associated with tool kits which is present in
underground society, which makes the matter simple by executing the program and commanding
it to which host should blast with requests. The assaulter’s program just makes a link with the
service port, which might copy the header packet data and information which shows where the
packet arrived, and later drops the link. If suppose the assault is sending 60 requests per second
and the host are capable to answer 30 requests per second which is much less than the any lawful
requests, apparently the host fails to service all the requests from assaulter’s which effects on
websites executing there.

Page | 9
These extreme assaults were very common between the years 1996-1997 but now this case is
very rare. Certain measures can be taken to minimize the risk of being hacked off by the DoS
attack which includes:
• Updating the security linked patches for your host operating systems
• No organizations are visible to the global servers at the level very close to competence.
• Use of Packet Filter to avoid copied packets entering in to the address apace of your
network. Apparently, the copied packets would claim form coming from your own host,
so reserve private network address by defining as RFC 1918 [4], and the loop-back
network as [127.0.0.0]. [ CITATION YRe18 \l 1033 ]

Unauthorized Access
This term is referred in superior levels to numerous sorts of assaults. The main agenda in
unauthorized access is to access the resources that the system should not provide the assaulter.
For instance, the host is the web server it has to provide access to everyone who requests the web
pages. Yet, the host should not access the request without being sure that the user giving such
commands, this should get to the local administrator.

Executing illegal Commands

It is considers as illicit to execute commands on your server by unauthorized, unenviable,
mistrusted person. We have classified this case in to two divisions they are
1. Administration access
2. User access
A regular user can do many things on the system like reading files, sending mails, saving and
copying etc, and the assaulter should not be able to access. Even the assaulter can make certain
configuration changes in your server machine like changing the IP address of the system, altering
start up script in place of shut down causing the machine to turn off whenever you start your
system. In such a case the assaulter will gain admin privilege on the host machine. [ CITATION
Mat88 \l 1033 ]

Page | 10
Confidentiality Violation
Firstly, we need to prepare a threat model which tells about like what’s that you are trying to
secure your self against? Also there are some data’s which could be destruct if it goes to the
hands of rivals, or opponent or public. So in these situations it is quite possible that conciliating
the common user’s account on the system is just enough to destroy it, by PR form or tracking the
information which can be used to un-favor the company. Whilst there are many culprits of these
sorts who breaking and entering are just doing to seek thrill and they are interested in nothing
more just to access your computer on theirs. Some people are not interested in nothing but for
thrill, but these culprits are taken advantage by the devious rival companies to track your system
information. [ CITATION Mat88 \l 1033 ]

Destructive criticism
In the disparaging sorts of chimes in and attacks, there are two chief classes:

1. Data Diddling
The data diddling is probably the worst kind of break in, which may not attack immediately.
Conceivably, the attacker toy with a spread sheets or may even modify some changes in your
project plans. Perhaps, he may change your account number for automatic deposition of certain
pay-cheques. The accounting system will turn up with variance in the books after three to four
months from the occurred incident. Tracking the trouble and shooting it would obviously an
complicated one, and once the setback is known it is very uneasy to trust the numbers from that
time of period. Even the question may arise saying that what back up do you have to safe guard
your data? [ CITATION Mat88 \l 1033 ]

2. Data Destruction
Certain negative connotation assaults are only just twisted flicks where things can be deleted. In
such cases the burden of your company and computer will cause nothing less, if flames or any
other adversities might destroy your computer system and business.

Page | 11
IP spoofing
 This is the process where one can generate unprocessed IP packets openly from the
application by adding some value in to source IP address field by this process receiver
cannot identify the source is been faked. This is to avoid from being caught and
circumvent the security tools.
 Measures to be taken: The routers should offset the departing packets with void source
address, as an example data-gram generator address is not in router’s net. [ CITATION
AlR09 \l 1033 ]

THE WHY’S AND WHEREFORE’S

How will an assaulter gains access to your system?
The answer for this is through any connection which your system possesses from beyond the
boundary or external to the system, like it allows Internet, dial up Modems or even physical
access. It has become an very difficult to know the temporary aids with data access, system
hacker seeking for the passwords, vulnerabilities, phone numbers, or any other way to get access
for your system. So as to know the proper security address explore with every avenue that could
think of, the entered data must be identified properly and examined. The safety of an entry point
is considered with affirmed policy and satisfactory level of risks. [ CITATION Mat88 \l 1033 ]

SIX LESSONS LEARNED FROM- J.P. Holbrook & J.K. Reynolds

From the common sort of attacks we can make list from the pretty high level professional which
helps to protect form network security tragedies, and also controlling the damages occurred
during the unsuccessful preventive measures. [ CITATION JPH \l 1033 ]

Use backups
From the security standpoint this is not considered as a good proposal. The backup policies have
to be stated by operational supplies, and this has to be closely matched with the disaster
resurgence policy. Is suppose, a flit crashes in your building at one moment and you’re able to
shift your business to different location. Likewise these are also used in recovering companies’

Page | 12
data even though an electronic disaster, failure of hardware, modifying the changes or may even
damage the company data’s.

Don't put data unnecessarily

Putting up the data where it does need to be, although this rarely happens in the company but
safety should be maintained to secure the data from the hands of culprits. Consequently leads the
data which should not access from the outside world, sometimes increases the rigorousness of
entry in severely.

Avoid single points of failure systems

In any security system which breaks off through single component, then it is considered as week
system. In security, repetition of an act needlessly is good; this helps to secure your company
from minimum violent issues getting disaster.

Update the germane operating system

Make clear a thought of the person who knows what you have got is inspecting the trafficker’s
security promulgations. Removing the old bugs and fixing it is the universal and effective way of
breaking in to the systems.

Look for appropriate security advisories

Apart from surveillance what trafficker’s say, keep an eye on CERT & CIAC groups. Ensure
that minimum one person if possibly more is signed to these lists of mailings.

Keep staff person proverbial with security practices

Keeping at any rate, minimum one person who has assigned to check the abreast of the latest
development in security is found to be great idea. For this, one need not be a technical wizard
wand but should be able to read the advisories obtained by the assorted incident rejoinder group,
and make list of the problems found in it. Than that person is considered as wise enough to
consult the issues related on network security, as he is going to be the one who knows if web-
server software version or any other related problems. The person should also be familiar with
DO’s and DONT’s of network security.[ CITATION JPH \l 1033 ]

Page | 13
Figure 2 network security framework[ CITATION AlR09 \l 1033 ]

BASIC TIPS FOR NETWORK SECURITY

At this junction we can find some of the basic tips on network security enterprise, which includes
specific information for windows and UNIX [ CITATION Mar00 \l 1033 ]
 Certify that you have a security policy; the policy is basically a formal statement of
conditions and regulations on how the security aspects are carried out in an organization.
The security policy should specify its level of surety measurements, its role and it’s
provinces of managers, admin and employees.
 Make a point that all your OS and its applications are updated with the latest versions and
hot fixes. By updating your operating systems one can prevent vulnerabilities from the
hackers.
 An inventory may be necessary for your network devices, so as to develop and uphold all
the list of your system hardware and software components and try to know which evasion
installation of software supply weak security configurations.

Page | 14
  Run down UDP/ TCP services, delete the needless services. The unnecessary services
might be the break in for the assaulters to gain power on your system.
 Create a strong password policy, weak passwords leads to settle by concession of the
account.
 Do not completely trust the code from unauthorized sources.
 Block un-necessary e-mail attachments such as .bas, .bat, .exe and .vbs.
 Do not offer extra privileges to the system resources than needed, try to employ the
concept of "minimum privileges".
 Achieve your individual network security.

SECURE NETWORK ARCHITECTURE

It is true that no single solution can protect your system from various threats. You have to secure
with multiple layers. If suppose one fails to secure the other will stand. Network security is the
combination of the hardware and software. Where, the software must be upgraded constantly so
as to protect your system from the new threats and attacks. The Network Security System is
accomplished with various components, preferably each and every component work collectively
thus minimizing the maintenance cost and makes better security.

Network security system components includes

• Anti-spyware & Anti-virus.
• Virtual Private Networks (VPNs), to endow with secure remote access.
• Intrusion prevention systems (IPS), to recognize quick spreading threats for example
zero-day or zero hour attacks.
• Firewall, to protect your network form unauthorized site by blocking an access to your
system.

Idyllically, most of the systems were done the network architecture and designed before their
existence. But, realistically the professionals are most interesting to attempt and make complete
security for the existing networks. Networks tend to develop in an untreated mode. Once the

Page | 15
individual system and polices are done, than the actual work begins on designing and planning
on the infrastructure of network security. If possible design the network security architecture
during the network designing.

Logging
There are many numerous, volumes and diversity in computer network security logs which is
being increasing enormously thus creating the enthusiast for the management of computer
security log. The log management is the method of rendering (bringing forth), carrying, putting
in, examining and finally preparing the computer and network security log data’s. It is a vital
necessitates ensuring that all the computer security records are stored in proper details by the log
management for the suitable time period. Regular log examining would be an advantage for
discovering the security disruptions, policy encroachments, operational tribulations and
fallacious process. Logs are also essential in inspecting, forensic analyses, backing up internal
probes, developing the baselines, knowing the operational trends and enduring tribulations. The
main drawback in Log management in an organization is that less quantity of balancing the
resources with constant supply of log data. Yielding a log and storing it is a difficult task by
many factors, some of them includes large number of log sources, discrepant log details, data
format, timestamp event, growingly high volumes of data log. Log management necessitates in
securing the confidential data’s, reliability, and accessibility of logs. Also log management has a
problem with security issues; often network admin performs an efficient data log analysis.

Firewalls
These are the basic components of all perimeters defense. This is known as the popular defense
system, which is not just a single system but actually a set of components. The firewall is
generally located between the two networks which behave as a gateway. The main requirements
for the successful firewall include:
1. It should behave as gateway through which all incoming and outgoing traffic must pass.
2. It should permit only authoritative traffic to pass.
3. It should be resistant to dissemination or concession.

Separating User Populations and Servers

Page | 16
The logical separation is a very significant aspect of user’s population in grounding the safe
network. Splitting up the user’s population permits employers to be logically sorted by operated,
role, purpose, branch or responsibility of job. Segmenting user population furnishes the co-
workers to work jointly and thus forbids from the other organization assaulters. It is very
important to understand the need to access contained by the segmented network department.
Minimum concession is imposed by using network device like Access Control List (ACL) of
router, among network segments.
The ACL could be defined as clubbed data’s which communicates with computer OS to seek
rights to access, user or set of them should have particular system objects. As per the
organizations network policy security, introducing network servers on individual logic network
division permits control devices to impose access thus helps to create security layer inside the
network organization. If certain server is settled by concession then it can be used as induction
point for more assaults or invasions. Though the network is divided, access to other servers or
user population is restricted by Firewall or by ACL. If user population or server is inserted on
various segmented divisions diffuses the creation of inspection trails from the gate-way devices.
Many devices are available to network segments and are able to register access and transfer
which can be further inspected and verified the network security policy which are imposed.
[ CITATION Bel761 \l 1033 ]

Limiting Access
Limiting access is located on Gateway device which connects segmented network. A limit is
sited on one’s personal system too for network access. These limitations help in increasing the
security for the networks. This is possible by forbidding non licensed access to logical divisions
of network systems. In many computer OS the user name and password is needed fro access. But
in some OS prevents user access from narrow soothe thus allows only access to files and their
applications of network. Security admin should have local soothe access for server computers.
With the use of the individual user name and passwords the user must verify one self. It is unable
to restrict snooping, exploitation of data and involuntary modification or data thrash to access
workstations, if operated by only one user than no other users apart from security admin should
have access. However, the system is for communal use then file partition is imposed as with
NTFS files in Windows NT/2000; data privacy, reliability is done by restricting the users from

Page | 17
screening in to others files unless the user is interested to share his files.[ CITATION Bel761 \l
1033 ]

Network connectivity devices

Limit access to interconnectivity devices is very serious characteristic of network security
designing. A router, hubs, switches of network connectivity provides and manages access to
numerous users. Unlike server, the breakdown of the network interconnectivity device limits the
present data assets for various users. Setting up the default password is very dangerous for
network connectivity and this should be used. No other than skilled person should modify the
configurations. An unskilled person or poorly trained person might cause smash up the network
connectivity devices. It is important to watch disconnecting cables which is very efficient Denial
–Of- Service technique. It is important to keep connectivity devices in secret place, which can be
only accessible by the staff members. [ CITATION Bel76 \l 1033 ]

Non-secured places for Network Connectivity Devices

Due to economic crisis every organization seeks to compromise with their security by keeping
them in non-secured places. However, in real or in actual time, places at below put network
security connectivity devices at threat.

 Broom recess (where any housing member would be knowing the key)
 Machine quarters (in the ability that uses vapor and frozen water for typical weather
influence)
 Below the desk of IT manager foyers, shattered areas, and meeting halls adjacent to
EMP-letting out machines on an industrial unit level on the HVAC units in storage house.

In few situations, network traffic is prevented from one user division to another. This is mainly
done by consummating ACLs on separate router or gateway device. Network traffic can be
cleaned by IP source address, or even by prompting verification before permitting the traffic to
pass through.
 Logically Segmented Network
 Research against Production

Page | 18
Why separation of network is vital is explained below by considering some examples. In a
company the R&D staff and production staff are considered, the company manufactures desktop
computers and developers script code for BIOS microcode. Fortuitously, the production team
started using beta BIOS code which is from R&D server in the production line prior it has to be
experienced and prepared for release in the market. But yet, found some bugs in the code present
in some systems. This makes an adverse effect on the production team, formerly the team begin
testing and fixing the bugs. The network hardware and wiring can be accessed only by the IT
employees. Access by the other persons may lead to theft and attacks, losing data’s reliability
and discretion. [ CITATION Bel761 \l 1033 ]

Gateway Security
The confidentiality and veracity of the data in an organization is done security gateway which
could be an external, internal networks or internet. If web and other services are given to the
customers who are very critical in organization’s Gateway. The customers cannot access the data
if services are not accessible, to do business with organization. The Gateway system is
considered as the most secure system in the network. Even virus filtering can be done in the
gateway and can even access the control to the network by studying the incoming packets and
outgoing packets. Virus can be removed from the files which are downloaded, from active X,
Java or with some other applets. To remove the virus from files it first has to pass through
network traffic to get scanned from the virus later server reviews the payload of the packet to
find out the existing virus, if not the packet continues further. If the virus is detected then the
packet terminates at scanning server, thus preventing from network getting infected.
[ CITATION And721 \l 1033 ]

IDS (intrusion detection system)

 IDS are pricey devices which are also called “Intelligent FW”. Nowadays they are more
feasible in a business. Both IDS and FW will offer utmost filtering of network traffic.
 Detects attacks on network systems.
 Monitors instantaneous network traffic for spiteful activity.
 Alerts messages are sent to network traffic that come across certain attack patterns.
 Monitors computer or server documents for anomaly [ CITATION AlR09 \l 1033 ]

Page | 19
Figure 3 Intrusion Detection systems [ CITATION AlR09 \l 1033 ]

Content filtering
The unwanted or hasty materials available on the Internet can be reduced in an organization by
exposures. Content filtering helps in filtering HTTP, FTP traffic, emails, or any undesirable
materials against security policy. They use the same principle as the virus scan servers in which
network traffic is monitored and later passed to the destination files. [ CITATION And72 \l 1033
]

Developing Security Policies

A policy simply doesn’t have its value unless one knows what exactly it states. Generally, the
end-users and employees get wrong ideas about management’s prospect and duties and start
complying with the policy done in an organization. So this considered as very important
measures in protecting the organization from the litigations. [ CITATION Joh01 \l 1033 ]
The security policy should contain some key measures for the success of an organization which
includes:
• Identifying the organization's resources.
• Mention the risks.
• Management of information assets.
• How to access information assets and the process used for authentication.

Page | 20
 • Clear understanding of what does and does not comprise the company owned electronic
media and services.
• Evidently explaining how to access the information and how to spread and by what
means.
• Making a note of controls.
• Mentioning users of monitoring and auditing measures, information confession, and cost
for disobedience.
• Notify those conscientious for security enforcement and how policies and procedures are
imposed.
• Identifying steps to be taken in the activity of disobedience with policy, a safety violate,
or an adversity.

Conclusions/ Recommendations

As the Network Security Issues has become an integral part of every organization. With growing
network connection of the company with the employees, customers, vendors; computers
networks are widely open to the entire world. So it is necessary to safeguard their company
information’s. In this paper we believed that the result of Network Security approach to
assessing and analyzing have more propensity in explaining the Network security Issues their
threats and attacks that surround internet security and how companies are avoiding such issues
due to mis-configurations of the technologies. In this research we have approached in getting
some basic tips for securing network, and focused on designing and planning of the network
security. We would recommend the companies to protect the integrity of the data by using
appropriate and sophisticated security layers and protect against from people related, software
related and hardware related attacks. The usage of the technologies like Firefox, Routers,
Content Filters, Gateway security, Policies, IDS/IPS etc will help more efficiently in securing the
data of the company from the hackers.

Page | 21
Bibliography

Al-Radhi, A. A.-D. (2009). MENOG 4/RIPE NCC. Chicago, Illinois USA: DePaul Univeristy
Chicago, Illinois USA.
Anderson. (1972). Computer Security Technology. US.
Anderson, J. (1972). Computer Security Technology Planning study. ESD-TR-73-51.
Andrew S, T. Computer Networks. Prentice Hall.
Anonymous. (1983). Department of defence trusted computer system evaluation criteria.
Babbin, J. e. (2006). Security Log Management: Identifying Patterns in the chaos. Syngress.
Bauer, M. D. (2002). building secure servers with LINUX, O'Reilly. System Log management
and monitoring .
Bell, D. a. (March 1976). MTR, Revision 1.
Bell, D. E. (March 1976). Secure Computer Systems: Unified Exposition and Multics
Interpretation. MTR-2997.
Canavan, J. E. (2001). Artech House telecommunications library. Fundamentals of Network
Security , 1-2.
curtin, M. (1988). network security.
Edmead, M. (2000). "best practices" guide for securing Microsoft IIS 5.0. US.
Giuseppini, G. (2005). Microsoft Log Parser Toolkit. Syngress.
Haas, L. Z. (1999). Special issue on network Security. Securing Ad Hoc Networks,
IEEENetwork.
J.P. Holbrook, J. R. Site security hand book. RFC 1244. .
Kent, K. (2002). NIST. Guide to the computer and network security .
S.Tanenbaum, A. computer networks. 4th Edition, Prentice hall.
Singer, A. a. (2004). Building a Logging Infrastructre. USENIX Association.
websters, L. The New Lexicon Webster's. New York.
Y. Rekhter, R. M. (1918). Address Allocation for Private Internets. RFC.

Page | 22