Research Paper on Technological Obsolesce: The Lack of Planning & Understanding Can Cost Data

Introduction

Technological obsolesce occurs when infrastructure becomes old and old-fashioned, which leads to untrustworthy systems and loss of data from attacks. An example is DVDs replacing video cassettes; hence, video cassettes have become obsolete. It is a type of security threat that occurs due to a lack of planning by management. This causes failure in implementing and understanding the technology required to keep an organization running. Technology becomes obsolete when its functionality becomes outdated. Outdated technology is hard and expensive to maintain. It also causes decreased productivity in an organization s outdated technology runs very slowly (Soomro, & Ahmed, 2016).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

How to Protect from Obsolete Technology

Protecting against obsolesce risks means being ready to invest in capital expenditures and new technology. There is a need for an organization to ensure existing technology in a company is up to date and contain all the information of technological assets. An organization should also use software supported by the vendor. Short term mitigations should also be by reducing the likelihood of compromise by preventing devices from accessing content. The impact of the agreement is reduced by restricting access to sensitive data. Technological controls should also be put in place to block access to devices from vulnerable systems, including access to external emails and to use native browsers for internet access. An organization also needs to prevent the use of removable media as it can be used to transport containers, and control can be done using third party configuration pages.

Port Address Translation

Post address translation is a feature that allows for interpretation of communication among devices of a private system and those of public policy. It allows for a single IP address to be used by many devices on a closed system. There is transparency in the operation of post address translation. A unique IP address manages many devices in a local area network. The goal of the post-translation address is to conserve IP addresses.

Principles of Operation

Post-translational address works by replacing the inside IP address in the IP header with a single public IP when an external device receives its first packet from a device on the inside network. A TCP number from available ports is assigned to this connection. This number is put in the TCP header and the IP placed on an external system. The post-translational device designs a translational table containing all the devices and addresses used. Other packets from the same connection are translated to the same IP address. The system on the outside receives the data packet (Safa & Furnell,2016).

Difference between Network Address Translation (NAT) and Port Address Translation (PAT)

The work of NAT and PAT involves the translation of IP addresses, but PAT, unlike NAT, uses source port information, and the same IP having dissimilar port information can be assigned to multiple hosts. NAT uses IP addresses in the translational process while PAT uses IP addresses along with port figures. NAT has static, dynamic NAT and PAT and overloading while PAT consists of only two types; static and overloading PAT.

Intrusion Detection and Prevention System

It is system security equipment that detects possible intrusions and monitors network organization activities. It also works to prevent intrusions by blocking the operation and reporting it. It is a control strategy used by an organization to exert influence and maintain configuration.

The fully contributed IDPs control strategy is a strategy where all management functions are re-applied and implemented at the physical place of the IDPs component. The monitoring system uses a sensor to determine possible intrusions and reactions to such interventions. The main advantage of this method is that it can react to personal attacks faster as it doesn't have to wait for instructions from the centralized control device.

A centralized IDPS control strategy is another proposed control strategy where all control activities are implemented at a central place (Antony & Olinsky,2016). All reporting systems are also centrally monitored when there is the detection of possible intrusions. The centralization of this system enables task specialization as it does not involve movement. The control strategy is cost-effective and has local monitoring and implementation point with a centralized management system. The central control group can also access systems and contrast information from sensors hence can recognize massive scale attack.

A partially distributed control strategy combines the other two approaches where it enables an organization to detect widespread attacks by reporting to a common hierarchical facility while analyzing and responding to any threats. This control strategy allows an organization to detect more acute attacks, especially those who attack from various points of entry. It also enables an organization to use an economy of scale. The organization can sense widespread attacks before they get out of control.

Strategic Plans for Continuous Availability

Enable Advanced Information Security Capabilities

There is a need to keep pace with the ever-changing and developing information technology. The continuous development approach places importance on prioritizing ideas and raid development to ensure constant preparation shaping and implementation of responses. There is a need to improve processes that identify everyday information security needs where investments are cost-effective. In the long term, there is a need to improve operations by developing identifying and acquiring new information security concepts, conduct research, and development, and implement the processes. By doing this, an organization can identify and assess technologies against information on the needs of security (Peltier,2016).

Develop an Information Security Knowledgeable Workforce

People being the most critical asset in protecting its information systems, there is a need to establish training and awareness to ensure all employees understand their roles and responsibilities in preserving an organization's assets. Training and education also ensure that a professional workforce is developed. This professional workforce can then carry out tasks of preventing threats and attacks. By educating employees, understanding and acceptance of information security concepts are promoted in the workplace. Increased reporting cases of concerns against perpetrator activities os demonstrated.

Improve Information Security Situational Awareness

The complex nature of an organization's data requires shared knowledge and understanding across the organization to ensure effectiveness in operations. There is a need for the information security community to identify situational awareness requirements and build an approach to meet these requirements. This helps maintain a sophisticated indication of current security level by crucial critical success factors. It ensures governmental guidelines are being met and identifies organizational gaps that could impede cybersecurity approaches. This method also provides a feedback mechanism to adjust and implement information security programs.

Network Foot Printing

It is the process of gathering the information of an organization together with its network activities. It is a process of conducting research and investigation on the internet address of an organization. The information in public about an organization is gathered by attackers, including the addresses to enable an attack. Passive foot printing involves using a website to find out information about an organization. Foot printing is also done by gathering information from an organization's website. The attacker may search for data from a web page, search engines like Google, public platforms used by the organization, and physical access by using false id or temporary employees.

Network Fingerprinting

It is a process of conducting a systematic survey on an organization of target to gather information like internet addresses. It involves scanning an organization's network setting. It is a group of information that can be used to detect software and operating devices (Kitamura, 2016). This information is used to correlate data sets used in the identification of databases, software applications, and configurations. Once there is enough data, the fingerprinting strategy can be used to conduct an attack. It has two types; active fingerprinting, which involves sending packets to a victim, and waiting for results used in analysis and passive fingerprinting, which is an alternative approach to avoid detection.

The Relation between Network Footprint and Network Fingerprinting

They are both carried out as a part of the attack procedure. Fingerprinting uses IP addresses collected during foot printing. Fingerprinting checks the foundation of a site like a server and software that are running. After the foundation is determined, foot printing takes the inventory of the entire attack analyzing pages, directory names, and URLs. Both foot printing and fingerprinting use active and passive forms of collecting information

References

Antoun, R. A., Emiliozzi, S., Tarsi, Y., & Olinsky, C. (2016). U.S. Patent No. 9,514,312. Washington, DC: U.S. Patent and Trademark Office.

Kitamura, H. (2016). U.S. Patent No. 9,378,245. Washington, DC: U.S. Patent and Trademark Office.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.

Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. computers & security, 56, 70-82.

Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs a more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.