Chapter – 17 Security Policies Notes
• Security policy define constrain within which a network or system must operate. o Every organization has different policy based on their requirements. o The difference in security policies is based on the differences in security threats and asset values.
• General Functional Policies o When strictly followed and combined with effective technical solutions, wireless local area network security policies can reduce intrusions, risks, and costs associated with intrusion response and legal action. o Wireless LAN security policies have two categories.
• General
• This type of policy covers the items that do not fall into a specific technical category.
• Functional
• This type of policy includes the specific security requirements for wireless network.
• General Policy Issues o A critical success factor in the effort of a wireless security policy is to obtain sponsorship within the organization.
• In general security plan should address at least these issues:
• Resources: Controlled access prevents unauthorized users from consuming limited wireless network bandwidth.
• Privacy: Controlled access prevents unauthorized users from accessing confidential or sensitive data located on the network.
• Intrusion: A monitored environment alerts an organization about unauthorized activities and allows security managers to respond appropriately. o The creation of any successful wireless security policy may include input from end users, the network
| “Security controls are the management, operational, and technical safeguards or countermeasures employed within an organizational information system to protect the confidentiality, integrity, and availability of the system and its information” (NIST SP 800, 2009). The control allows the organization to efficiently mitigate the risk coming from the use of information System (IS) to conduct business operations and processes.
Privacy: In a wireless network all the devices are able to hear data traffic within their ranges which can be a threat to the security of the link. IEEE 802.11 counters this problem by offering a privacy service option that raises the security level of the 802.11 network to that of a wired network.
Organizations should develop a security policy for the wireless LAN infrastructure prior to the implementation stage. In order to have a strong security policy,
Individual users play an important role in any form of institution or organization but concerns are raised about the security. The network administrators clearly lay down a set of rules, regulations and protocols that an individual user has to agree accordingly upon which part of the resources and what class of service that the user can obtain.
internal and external users to whom access to the organization’s network, data or other sensitive
Security-This is a sub-characteristic of the system’s functionality.It relates to the prevention of unauthorized access to the company’s confidential data by using dashboard software.
Providing safety & security for the device from MAC flooding and Network spoofing by designing and implementing security & safety mechanisms which are essential for Network design.
Outline a wireless network and technology that you use regularly. The WLANs which are derived from the IEEE 802.11 standards, and marketed under the Wi-Fi trademark name. The WLANs security is neither forthright/candid nor simple, and it is continuously varying. Even though, as WLAN increase client output, they also expose the networks to a new group of potential hackers. With the present inherent security weakness of the 802.11 standard, all companies, small, medium or large, need to find out their security conditions derived from the applications using the WLAN. The standards also provide requirements for high-speed networks that support most modern-day applications. What sorts of security issues do
“Security needs to be addressed as a continued lifecycle to be effective. Daily, there are new attack signatures being developed, viruses and worms being written, natural disasters occurring, changes in the organization workplace taking place and new technologies evolving, these all effect the security posture in the organization” (King, 2002). This being said, it is important to evaluate firewall and router rule sets more frequently. The possible threats against this policy include improperly configured network infrastructure which leads to a domino effect that could start with malicious programming which could end in data loss. Many of these threats may be unintentional as some users may not be aware of the risks and how their processes and procedures open the door for such attacks. For this reason alone, a more frequent evaluation is needed. This vulnerability could lead to data loss and the exposure of trade secrets, client lists and product design. The exposure of such information for most companies could mean a financial collapse as it no longer has the competitive edge that makes it the industry leader. While the likelihood of this threat is very high, “security risks to the network exist if users do not follow the security policy. Security weaknesses emerge when there is no clear cut or written security policy document. A security policy meets these goals:
Users that have a wireless LAN should add security to ensure only intended users have access. Some safeguards include use of WEP (Wired Equivalent Privacy) encryption, IPsec, WPA (WiFi Protected Access), with a firewall or DMZ. A DMZ (demilitarized zone) is a physical or logical sub-network that separates the LAN from other entrusted networks
Programmes that has security as a main design consideration. These are programmes that are algorithmically secure and have been written in a secure manner.
You will learn to identify policy violations and security breaches and to appropriately monitor threats and control activity across the network.
In the Workstation Domain security controls are one of the biggest challenges. Physical security threats are concerns associated more with attackers who gain physical access to the premises. The attackers can cause physical destruction of equipment or sabotage the equipment. The attacker can sabotage the system if the attacker has sufficient knowledge of the system, such as a former employee, and gains access to the system and then renders the system unusable, or deletes and changes information.
The purpose for an IT security policy is to provide “strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure” ("Cyberspace policy RevIew", 2016).
Security plays a major role in both the business and government worlds. We will discuss the legal aspects of organizational security management. Discuss both the positive and negative influences regarding organizational security. We will also be discussing what consequences will both business and government operations have to overcome if they fail to achieve security goals and objectives. The value private security management brings to businesses will also be discussed.