IT Security: Safeguarding Institutions' Valuable Assets - Essay Sample

Introduction

The primary goal of Information Technology security is protecting information that is valuable to an institution; generally, the institution's assets. These may be stored information, workforce, or property. The use of security controls reduces the threat to these assets. These security regulations may be rules, methodologies, procedures, or solutions that provide protection. Acknowledged examples are softwares, firewalls, and surveillance systems. In this study, I am interviewing a network administrator, by the name Anne Shepard, at the bank that I work in to comprehend the types of security controls used in the network.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Type of Security Controls in Place on That Network

Security controls emanate from an institutions risk management process. The process commences by determining the comprehensive IT security approach and the objectives. Then follows determining the specific control objectives. That is, reports on how the institution is planning to manage risk efficiently. She says, “The security controls at this bank offer plausible assurance that only authorized personnel have physical and logical access to databases and data records. These controls ensure that vital systems and infrastructure are accessible and functioning as planned.”

When the institution has defined its control objectives, it can evaluate the threat to each asset. After that, it selects the most suitable security control to implement ("What Are Security Controls?” 2020). Either type or function classifies the control models. Types of control models are physical, technical, and administrative. The functions of controls are preventive, detective, and corrective.

For the bank to access the vault requires one to pass through multiple layers of physical and technical controls. Physical controls are tangibles that detect unauthorized entry. They are such as human guards and biometrics access controls. These are preventive controls. Detective controls implemented in the bank are motion sensors and closed-circuit televisions. If an unauthorized person passes through the security guards unnoticed, then the motion sensors will detect him and automatically lock the doors.

Types of Firewalls Used and Their Purposes

Firewalls are an essential component of any information technology system. It is a form of security countermeasure. A firewall serves as a filter between computers or between computer networks and the internet. They offer security against both internal and external risks. This is by permitting the administrators to define what gets into and out of the network. The bank uses Stateful inspection firewall technology. This is because it is fully aware of network connection transmission control protocol (TCP) streams or user datagram protocol (UDP) communication. Besides, it is capable of holding crucial features of every connection in memory. The features are collectively referred to as the state of the connection. They incorporate specifics like the IP addresses and ports used in the connection and the number sequences of the network packets crisscrossing the connection.

In addition to gradually inspecting the incoming and outgoing packets, a stateful firewall monitors the state of the connection and saves the information in dynamic state tables. The aggregate data is assessed to ensure that filtering choices are based on the administrator-defined regulations, the background developed by previous connections, and earlier packets that belong to the same connection (Dosal, 2020). A thorough check-up is done while setting up the connection. Only TCP streams and UDP connections that meet the defined security regulations are granted access. After that, packets related to these sessions are authorized to transit through the firewall. Packets that do not correspond to any policy or existing table entry are denied access.

She adds, "This type of firewall is suitable for the bank because it not only examines individual packets but also keeps track of whether or not the packet is part of a built TCP or other network sessions. This provides more safety than either packet filtering or circuit monitoring. Also, it reduces the attack surface as it operates with fewer open ports. However, the firewall software has to be updated frequently to prevent attackers from gaining access over the firewall.”

Intrusion Detection and Intrusion Prevention Systems

Intrusion detection system (IDS) is a computer system that detects intruders in a network. A network-based detection system inspects the communication between hosts and is a part of the network infrastructure. In my workplace, the IDS used is the package sniffer. Computers communicate with each other by sending packages. The package sniffer opens the network packages and examines their content. In case of anything suspicious, it rings an alert. The package can either be destroyed or delivered. If delivered, the receiver is closely observed. Also, the content can be modified. Generally, the package sniffer protects the user from the risk of malware infection and computer attacks, alongside all their negative side-effects.

The network security technology that evaluates the network traffic flows to uncover and prevent suspicious exploitations is called Intrusion Prevention System (IPS). It is set directly behind the firewall and offers an additional layer of examining any dangerous content. These suspicious activities enter the network in the form of vicious inputs. Attackers utilize them to acquire control of an application. After a successful exploit, they can possibly obtain the rights available to meddle with the system. IPS actively analyses and carries out automated actions that get into the network. The prevention system used in the bank is network-based.

Who monitors the network?

Anne states that, “A network administrator does the monitoring of the network. A system that constantly monitors network is used. It notifies the administrator in case of failing components or threats in the system. It sends a notification through email or SMS.”

Methods Are Used to Protect the Networks

It is crucial to prevent data breaches as it is deteriorative to the company and expensive. Several methods are used to protect networks. They are keeping the software updated, bolster access control, and network protection measures. Access regulation is a vital security part. Creating a strong password system boosts the access control measures. The password should include numbers, special letters, uppercase and lower case. The default passwords are frequently reset. Additionally, Anne adds that there is a strict access regulation rule.

As soon as there is a newer version of the software, it is updated. This is because the new model of the software has solutions for security vulnerabilities. The softwares used in the bank network are updated automatically. The network protection tactics put in place are the use of firewalls, intrusion detective systems, and intrusion prevention systems, and conducting maintenance of the network.

Does the security level vary on different network segments?

The network is a fine-grain segmentation. That is, it is divided into multiple smaller networks with the purpose of reducing the effect radius in case of an intrusion. The network is segmented at the lowest manageable level. This increases the chances of intruder detection. The security level is consistent throughout the network system.

Conclusion

Conclusively, the security controls protect the bank’s information and assets from threats. Security controls emanate from an institutions risk management process. Firewall, which is a form of security countermeasure, serves as a filter between computers or between computer networks and the internet. They offer security against both internal and external risks by permitting the administrators to define what gets into and out of the network. Intruders into the system are can either be passively detected by IDS or actively prevented by IPS. The network is monitored by an authorized network administrator. The data is protected through constantly updating softwares and using strong passwords. Security is such a crucial aspect of IT.

References

Dosal, E. (2020). What is a Firewall? The Different Firewall Types & Architectures. Compuquip.com. Retrieved from https://www.compuquip.com/blog/the-different-types-of-firewall-architectures.

Network Design: Firewall, IDS/IPS. Infosec Resources. (2020). Retrieved from https://resources.infosecinstitute.com/network-design-firewall-idsips/.

Network Security Threats: 5 Ways to Protect Yourself. The AME Group. (2020). Retrieved from https://www.theamegroup.com/network-security-threats/.

Network Segmentation Best Practices to Improve Security - Web Filtering. Web Filtering. (2020). Retrieved 25 May 2020, from https://www.spamtitan.com/web-filtering/network-segmentation-best-practices/.

What Are Security Controls?. F5 Labs. (2020). Retrieved from https://www.f5.com/labs/articles/education/what-are-security-controls.

What is a Network-based Intrusion Prevention System (NIPS)? - Definition from Techopedia. Techopedia.com. (2020). Retrieved from https://www.techopedia.com/definition/4030/network-based-intrusion-prevention-system-nips.