Wednesday, December 4, 2019
Information Security Management Wireless Communication
Question: Discuss about the Information Security ManagementforWireless Communication. Answer: Introduction This study discusses the implementation of wireless communication policy at 3F or Farmers to Farmers, a cooperative crop society for Queenslands farmers, and some assumptions are made to facilitate the study further. The responsibility of the communication network will be borne by 3F for providing a reliable and secure service. ITS or Information Technology Services will be responsible for providing services within the scope of this policy. An overseeing committee needs to be formed who will oversee both ITS and 3F and maintain their policies and rules under a standard set of frameworks and goals. Few Assumptions made are: ITS team will specify the hardware, software and networking configuration that needs to be done. Senior and experienced IT members of 3F will collaborate with ITS team for administration and system management. Overseeing committee will have members from both ITS and 3F and will be overseeing policy framework, regulations and making major decisions. For security and encryption, one or more than one VPN method will be adopted Policies and guidelines framed around the system and can be changed by the situation. 3F and related subdivisions of it will follow the corresponding instructions. Statement of Purpose The goal of this study is to develop a framework policy and assigning responsibilities for implementing Wireless Communications Policies to support both administrative and agricultural applications for use in 3F. This policy will underline the administration, support system and deployment of wireless technologies at 3F. It addresses the authorized and prohibited usage of wireless communication system, managing systems, rules regarding violation of policies, required policy modification and review, limitations in the case of liability, and justifications given for the system (Bowker, 2012). Guidelines and Policies are Essential for Deployment of this System to: Prevent unauthorized usage of the wireless spectrum and interference with other wireless networks (Bernard et al., 2015). Securing the wireless network system To make sure that a baseline level of connection quality is maintained on the system for users remote and local (Dhawan et al., 2012). Authorized Uses Frequencies 3F is the sole owner of the unlicensed frequencies on Queensland's farmer homes, to safeguard the resources, ensure quality service and to prevent interference. Security - To maintain integrity and security of the network, it would require proper authorization, so only authorized users and devices can access the network. Wireless devices that will be used in this network needs to maintain specific standards to ensure only authorized devices access the network and the organizations resources, and intrusion can build within. Devices need to be checked monthly for any setup or configuration problems (Kuchibhotla, Braun, and Raghavan, 2012). Experienced members of the ITS team and 3F team can collaborate on the administration part and can make suggest changes to the system if and when necessary. Prohibited Uses The policy needs to state clearly that any employees or personnel involved with 3F must not divulge any confidential information like username or passwords to unauthorized persons. As stated by Ward (2013), the company must define rules that would prevent the users involved indulging in unauthorized practices like, using the wireless communication for making personal calls or sending obscene or harassing messages or email. Physical theft, system modification, or damage to any types of equipment or facilities must be avoided at any cost or else will be reported to the police. Individuals should stay away from any testing, finding bugs or exploiting the system of any kind that can circumvent or degrade the overall security and integrity of the system (Monte, 2015). Loud behavior or any entertainment taking precedence over the work is also prohibited. All official messaging and communications need to be done and not outside the system; contacting clients through personal communication m eans is a strict no. Creating secondary networks using routers, bridges, and wireless access points without authorization is prohibited. Plugging external storage media like external hard disks, pen drives, tampering data packets, using redundant data is also forbidden (Pfleeger, 2012). Users operating the system will be solely responsible for maintaining and operating the system. Systems Management One of the primary goals of 3F is to communicate securely with farmers and clients and a proper system needs to be in place. Cryptographic encryption also called hard security enables data integrity, data confidentiality, node authentication and access control for messages that are transmitted. Currently, Trust and Reputation Management or TRM is used to counter soft security threats and can be used in the system for routing related problems (Mishra, Singh, and Gupta, 2015). Communication links need to be secure but wireless network can be different and end-to-end protection depends on the user. Therefore link encryption is not always reliable (Raza, Wallgren and Voigt, 2013). Some options exist to secure wireless communication, which is independent of access method or device type. They are: Ssl Vpns As opined by Goodwin III, Jain and Natarajan (2013), e-commerce transactions use SSL for secure transactions between servers and web browsers. The same protocol is followed by SSL VPN gateways. Any device can adopt this method which supports a web-browser. SSL VPNs secure wireless network communication devices including PDAs, desktops and laptops, and smart phones including Blackberry. Both ITS and 3F team can use this VPN method or between stationary devices (Agarwal, Thakur and Gavini, 2014). Mobile Vpns As stated by Alshalan, Pisharody and Huang (2016), Mobile VPNs solves the problem of roaming while doing inter-networking. It employs some proprietary protocols Mobile IP to UDP. It provides secured tunnel encryption for the mobile data and is independent of location and connectivity. It even sends messages outside the wireless coverage and the message is kept asleep until it is sent again. This is especially for often switching between 3G/4G connections without any disruption. It requires supported operating system and a client software installed. Farmers who are working in farms, remote client, who are connected to the 3F network can use this VPN method (Eichen et al., 2016) Ipsec Vpns According to Lakbabi, Orhanou and El Hajji (2012), it is a more common secured method of tunneling encrypted traffic between a corporate VPN network gateway and a mobile device. Most enterprises have at least an embedded IPsec VPN client and most laptops and smartphones have it built-within too. It is, however, expensive for an organization with a large workforce using a variety of devices. It can be disruptive if mobiles devices change networks frequently and are therefore used frequently in IT services where devices are stationary. 3F can employ this to lower costs for operating within the system (Wang, Liang and Yu, 2013). Violations of Policy As stated by Nurse et al. (2015), with the increased usage of smartphones, tablets, and other computing devices, wireless communication is essential than ever before. It has also opened the door to various online threats and privacy issues which lead to stricter policies and violations of them would result in severe consequences. ITS team will verify compliance to the different policies via various methods like, video monitoring, external and internal audits; providing feedback to the policy owner, business tool reports, and periodic walkthroughs. ITS will check in case of any exceptions. In case the termination is due to performance the employee is typically given a 90 days service period notice (Harcourt, Hannay and Lam, 2013). If any employee violates any of this policy, the person can be subjected to disciplinary action, including termination of duty. It must be noted though that all staff are made aware of company policies beforehand and are best when they are conveyed through a handbook or in training (Getz and Page, 2016). The disciplinary action can vary depending on the rules violation. Firing without notice can be done to an employee who is guilty of embezzlement, and during the investigation, the person can be suspended. The company must cut off any access to company resources for the employer especially if the information is sensitive. For incidents like stealing or lying to a customer, instead of immediate firing the company can investigate the situation and the company can either bring a layer or cover up the damage (Blake, 2013). Policy Review and Modification The purpose of this policy is to protect and secure the information assets owned by 3F, as it provides the computer networks, devices and other electronic information systems to meet initiatives, missions and goals. Overseeing Committee, 3F, and ITS have full privilege to the resources and needs to maintain them responsibly with integrity, confidentiality, and availability of given information assets. Only those wireless devices that meet the specified standards are eligible to operate on the 3F network and devices with exceptions set by the ITS team will be allowed in the system. All employees, faculty, temporary workers, consultants and other workers at 3F, including all personnel affiliated with third parties working on behalf of 3F to maintain the wireless infrastructure system falls under the adherence of this policy. This policy is also applicable to other wireless infrastructure devices including smart and cellular phones, laptops, desktops and tablets, any devices that receiv e connectivity on endpoint devices, sending or receiving data wirelessly (Castro, Pistoia and Ponzo, 2014). All wireless devices connected to the 3F network will have access to confidential data stored on this network and must abide by the standards specified by the Wireless Communication Standard. ITS team will install, support and maintain the devices. The devices will follow the 3F approved authentication infrastructure and protocol. The devices need to have a MAC address or hardware address which needs to be registered for tracking (Leake and Pike, 2014). There must not be any interference with wireless access deployments maintained by other support organizations. Limitations of Liability The overseeing committee will be responsible for creating, maintaining and updating wireless communication network security policies and wireless communications policy standards (Roy and Manoj, 2016). Other responsibilities include recruiting new designee for a particular technology and resolving communication issues in case of any political troubles. ITS will handle all access points and wireless network registrations. Surveying and deploying wireless communication systems in agricultural lands and adjacent farmer houses. It will provide support to the employees of 3F for management, development, and development of wireless communication networks. To prevent unauthorized access to this network, it will monitor security and performance of the wireless networks installed in various places and maintaining statistics of the system (Butun, Morgera and Sankar, 2014). Other tasks include wireless network technology enhancement evaluation, wireless network technologies incorporation and development. It will also share some common tasks with overseeing committee and of 3F. 3F will be tasked with maintaining a database of user details using the network. It would include name, contact number, email id, device and device id, planned placement and coverage areas, among others. It will also undertake registration of software, access point hardware, software, and deployment. The data will be provided to the overseeing committee and ITS. By its policy proper, it will manage access points and security within the department. Justification Hacking is commonplace now in online business, and everything is going digital, but it has only led to more strict measures and safety policies to be followed at workplaces. Working with 3F, the farmers have already created a revolution of sorts where they gain access to data in real-time but remote communication posed a problem. Digital Wireless Communication solves this issue with its use of various VPNs each with its own merits and demerits. Mobile VPNs can be adopted by the firm for remote mobile connection without being disturbed by the unreliable nature and types of networks. IPsec is more commonplace and can be used for connecting with clients or customers. SSL VPN can be employed within the 3F network for its IT team to work and operate. With the variety of wireless devices and growing business, intrusion and sniffing attacks can take place which can compromise data security and data corruption, and violation of privacy with clients. It is for this reason different policies a re enforced with separate mention of prohibitory and authorized uses. Users violating the policies will face disciplinary action including termination of their service or face jail in case of severe crime. References Agarwal, P., Thakur, R.N. and Gavini, A.K., Citrix Systems, Inc., 2014.Policy driven fine grain URL encoding mechanism for SSL VPN clientless access. U.S. Patent 8,646,067. Alshalan, A., Pisharody, S. and Huang, D., 2016. A Survey of Mobile VPN Technologies.IEEE Communications Surveys Tutorials,18(2), pp.1177-1196. Bernard, J.Y., Hart, G.M. and O'leary, E.A., Rogers Communications Inc., 2015.Detection of cable network interference on wireless network. U.S. Patent 9,167,460. Blake, W.F., 2013.A Manual of Private Investigation Techniques: Developing Sophisticated Investigative and Business Skills to Meet Modern Challenges. Charles C Thomas Publisher. Bowker, A., 2012.The Cybercrime Handbook for Community Corrections: Managing Offender Risk in the 21st Century. Charles C Thomas Publisher. Butun, I., Morgera, S.D. and Sankar, R., 2014. A survey of intrusion detection systems in wireless sensor networks.IEEE Communications Surveys Tutorials,16(1), pp.266-282. Castro, P.C., Pistoia, M. and Ponzo, J., International Business Machines Corporation, 2014.Omnichannel approach to application sharing across different devices. U.S. Patent Application 14/181,770. Dhawan, M., Samuel, J., Teixeira, R., Kreibich, C., Allman, M., Weaver, N. and Paxson, V., 2012, November. Fathom: A browser-based network measurement platform. InProceedings of the 2012 ACM conference on Internet measurement conference(pp. 73-86). ACM. Eichen, E.G., Javaregowda, G., Goodman, L.N. and Flynn, J., Verizon Patent and Licensing Inc., 2016.Mobile phone docking station VPNs. U.S. Patent 9,338,093. Getz, D. and Page, S.J., 2016.Event studies: Theory, research and policy for planned events. Routledge. Goodwin III, J.S., Jain, A. and Natarajan, R., F5 Networks, Inc., 2013.Intelligent HTTP based load-balancing, persistence, and application traffic management of SSL VPN tunnels. U.S. Patent 8,566,452. Harcourt, M., Hannay, M. and Lam, H., 2013. Distributive justice, employment-at-will and just-cause dismissal.Journal of business ethics,115(2), pp.311-325. Kuchibhotla, S., Braun, F. and Raghavan, V.V., 2012. Pensource-Evaluating Information Security in a Software Services Company.Journal of Information Technology Case and Application Research,14(2), pp.47-73. Lakbabi, A., Orhanou, G. and El Hajji, S., 2012, December. VPN IPSEC SSL technology Security and management point of view. In2012 Next Generation Networks and Services (NGNS)(pp. 202-208). IEEE. Leake, E.N. and Pike, G., Vmware, Inc., 2014.Taint tracking mechanism for computer security. U.S. Patent 8,875,288. Mishra, S., Singh, A. and Gupta, S., 2015. Survey of Trust and Reputation Models in Wireless Sensor Networks.Invertis Journal of Science Technology,8(4), pp.209-215. Monte, M., 2015.Network Attacks and Exploitation: A Framework. John Wiley Sons. Nurse, J.R., Erola, A., Agrafiotis, I., Goldsmith, M. and Creese, S., 2015, September. Smart Insiders: Exploring the Threat from Insiders using the Internet-of-Things. In2015 International Workshop on Secure Internet of Things (SIoT)(pp. 5-14). IEEE. Pfleeger, C.P. and Pfleeger, S.L., 2012.Analyzing computer security: A threat/vulnerability/countermeasure approach. Prentice Hall Professional. Raza, S., Wallgren, L. and Voigt, T., 2013. SVELTE: Real-time intrusion detection in the Internet of Things.Ad hoc networks,11(8), pp.2661-2674. Roy, S. and Manoj, B.S., 2016. IoT Enablers and Their Security and Privacy Issues. InInternet of Things (IoT) in 5G Mobile Technologies(pp. 449-482). Springer International Publishing. WANG, J., LIANG, L.F. and YU, W.H., 2013. Design of trusted authentication enabled mobile IPSec VPN system [J].Computer and Engineering and Design,34(7), pp.2343-2352. Ward, B., 2013. Threats Evolve. Principles Endure.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.