Académique Documents
Professionnel Documents
Culture Documents
DEFINITION:
Network security is an over-arching term that describes that the policies and procedures implemented by a network administrator to avoid and keep track of unauthorized access, exploitation, modification, or denial of the network and network resources. This means that a well-implemented network security blocks viruses, malware, hackers, etc. from accessing or altering secure information. The first layer of network security is enforced through a username/password mechanism, which only allows access to authenticated users with customized privileges. When a user is authenticated and granted specific system access, the configured firewall enforces network policies, that is, accessible user services. However, firewalls do not always detect and stop viruses or harmful malware, which may lead to data loss. An anti-virus software or an intrusion prevention system (IPS) is implemented to prevent the virus and/or harmful malware from entering the network. Network security is sometimes confused with information security, which has a different scope and relates to data integrity of all forms, print or electronic.
Authentication:
802.1X authentication can help enhance security for 802.11 wireless networks and wired Ethernet networks. 802.1X uses an authentication server to validate users and provide network access. On wireless networks,802.1X can work with WEP or WPA keys. This type of authentication is typically used when connecting to a workplace network.
MAC Address:
A Media Access Control address is a unique identifier assigned to network interfaces for communications on the physical network segment. Can be described as Ethernet hardware address (EHA), hardware address or physical address. It is assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware, the card's read-only memory, or some other firmware mechanism.
The advantage to MAC filtering is that there is no attachment cost to devices that connect to the network. The policy is set on a router or switch, and the equipment attached either is permitted or it is not. The person attaching the equipment has nothing to do. The disadvantage to MAC filtering is that it is easy to spoof due to the broadcast nature of LAN and WLAN, an advisory can sit on the wire and just listen to traffic to and from permitted MAC addresses. Then, the advisory can change his MAC address to a permitted one, and in most cases obtain access to the network.
Authentication:
One-factor authentication this is something a user knows. The most recognized type of one-factor authentication method is the password. Two-factor authentication in addition to the first factor, the second factor is something a user has. Examples of something a user has are a device that generates a pre-determined code, a signed digital certificate or even a bio-metric such as a fingerprint. Three-factor authentication in addition to the previous two factors, the third factor is something a user is. Examples of a third factor are all bio-metric such as the users voice, hand configuration, a fingerprint, a retina scan or similar. The advantage of using a 3 factor authentication is that it's made reassuringly sure that the person who is authenticating is the person who is authenticating through multiple layers of security. The disadvantage is that there is a possibility that the person trying to authenticate loses first or the second authentication, the process can also take time.
Firewall:
Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. It may be hardware or software. The advantage of a firewall is that the user can monitor incoming and outgoing security alerts and the firewall company will record and track down an intrusion attempt depending on the severity. Some firewalls can detect viruses, worms, Trojan horses, or data collectors. The disadvantage of firewalls is that they offer weak defense from viruses so antiviral software and an IDS (intrusion detection system) which protects against Trojans and port scans should also complement your firewall in the layering defense. A firewall protection is limited once you have an allowable connection open. This is where another program should be in place to catch Trojan horse viruses trying to enter your computer as unassuming normal traffic.
SECURITY ON CAMPUS
As a new or continuing college student, you will have plenty of things to think about. Heres another one: how can you assure your safety on campus? While most students get through four or more years of college without being threatened or harmed by on-campus crime, the unfortunate reality is that such crime is increasing. The Crime Awareness and Campus Security Act of 1990 mandated that colleges must compile annual statistics about crime on campus and make that information available to current and potential students and staff members. What that means is that as you are considering colleges, you can check out each schools crime data. You can learn about the types and frequency of crimes on campus and then use that information as youre preparing your list of questions for your campus visit. See the Department of Educations Office of Postsecondary Education crime data online at http://ope.ed.gov/security/main.asp. When you visit a college campus, ask both students and counselors very specifically what security measures the school has for assisting unaccompanied students walking at night, for handling threats, or for evacuations in the case of a violent incident or other emergency. What should you do if you hear someone making a threat or observe someone behaving in a dangerous or threatening manner? How are campus security personnel trained and what equipment do they carry? Does the school recommend (or allow) self-protection equipment such as pepper spray? In some cases, it is the municipal police that respond when there is a problem on campus. If so, visit with officers and ask about campus crime and response times. While youre at it, ask for their suggestions on how you can be safer at school. In addition to finding out what security measures are provided by the school, you also need to take responsibility for your own safety. Here are some common-sense safety tips:
Be aware of your surroundings. Look around as youre walking or riding your bike. Be especially vigilant when youre distracted, such as when youre texting or talking on the phone. Listen to whats going on around you. If you need to walk alone, leave the headphones turned off. Put the campus police phone number on all of your phones so you can dial it quickly if theres a problem. Walk, bike and park in well-lighted areas. Lock your car, both when youre in it and when you leave it. Always lock your room, both when youre in it and when you leave it. Avoid displaying obviously valuable items or wearing valuable jewelry. Go with a friend; its saferand its more fun. Tell someone where youre going and when you expect to be back. If youre working at night, on or off campus, find out whether other people will be around and arrange to leave with someone else. If you feel even slightly unsafe, even in the daytime, call campus security and ask for an escort. If they cant assist you, call a friend and wait in a safe, well-lighted place until they arrive. If you are being stalked, report it immediately to campus police and to the authorities at your residence. Be prepared to give as much description as possible. Carry and use a flashlight. Dont just shine it on the path directly ahead of you, but sweep it ahead and around you.
4
Consider carrying a whistle or a personal alarm. Much campus crime, including sexual assault by acquaintances, is associated with the use of alcohol. Be smart and just say no thanks. Pay attention to warnings. As colleges implement greater security measures, you may receive notices by text message, phone or e-mail. Take them seriously. The chances are good that you wont encounter trouble, but these simple cautions can make you safer and help you avoid problems that may be brewing around you.
6. Make sure to employ the latest technology to protect your campus. Mobile safety apps can help your students feel safe at school and immediately notify campus police, with their location, should they experience an emergency. Our company provides a very cost-effective method of turning your students smart phone into a virtual blue light emergency phone which will drastically improve college safety. 7. Organize self-defense classes on campus. For example, the University of Ottawa has an on-campus self-defense program called Rape Aggression Defense. This program, which costing $20, is affordable for all students, specializes in teaching women self-defense in case of an attack on campus. The program is well integrated with school counselling services and the program instructors are well versed in the sensitivities towards students who may have been survivors of sexual violence. 8. Promote a zero-tolerance policy for sexual harassment, drugs, and other common on campus crimes. 9. Encourage female students to always keep pepper spray in case of an attack. 10. Ensure there is proper lighting on paths and secluded sections on campus. Having well lit paths is very important to maintaining and improving college campus safety. For example, A University of Minnesota study of its Duluth campus suggested that improving the lighting systems around certain targeted areas around campus could help reduce crime. 11. Check to make sure your campus wifi is always working so students can use personal safety applications, such as Guardly, in case of an emergency. The internet and mobile technologies have provided people with better ways to keep safe on campus. Location-based personal safety applications such as Guardly are committed to take advantage of these technological breakthroughs. 12. Frequently inspect your cctv cameras and emergency phones, ensuring your security equipment is working properly. 13. Provide top-notch training for new hires and continuing education for your more experienced security staff, in order to have well trained security personnel who can effectively combat crime on-campus. 14. In compliance with the Clearly Act make sure all crimes are reported to the proper authorities and that the campus community is made aware of all crimes committed. Jeanne Clearly was a 19 year old freshman who was raped and murdered on campus in 1986. In response the this heinous crime the federal government introduced a bill that demands universities gather and report all crimes committed on, or near the schools campus.
7
Movement detectors:
Depending upon the requirements of your intruder detection system we can install passive infra-red or dual technology providing highly stable, intelligent detection which differentiates between human and animal movement.
Vibration detectors:
VAble to detect vibration at high and low frequencies and fitted to walls, doors and windows our vibration detectors ensure you are alerted at the earliest stages of a break-in allowing your personnel to respond swiftly and effectively.
Door Protection:
Ensure your intruder detection system prevents unauthorised with monitored door magnets which seamlessly integrate into your facilitys intruder alarm system.
10
11
Catch intruders unaware and foil theft With the ability to release 135 to 400 cubic metres of harmless fog in just 30 seconds, the SECOM smoke fogging system catches intruders unaware. The smoke is monitored for density, giving just the right amount of protection to your facility. The smoke fogging system is sabotage resistant and will continue to work after receiving malicious damage. SECOM smoke fogging systems are 100% safe for humans, animals and will not damage property.
Physical protection:
Physical security fully integrated with your electronic security solution. SECOM offers an extensive range of physical protection products for the public sector to support our electronic systems. The physical security products provide a wholly integrated security solution to protect public sector buildings and equipment from robbery, vandalism, ram-raids and even gun violence.
High quality security products that are tailored to public sector security needs SECOMs robust physical security products are all developed from in-house factory designs and are manufactured and installed in a made-to-measure process. SECOM advises public sector clients on the levels of safety and security their premises require, which are determined by the threats against a building or equipment. The security solution may include: shutters, gates, grilles, anti-ram posts, cages, safes, bullet resistant screens and fencing.
12
SECOM makes its physical security products 'in-house' allowing us to also design and build one-off physical security solutions for almost any public sector requirement. All physical security equipment comes with a 12-month warranty and includes an optional service and maintenance package.
Remote Monitoring:
Remote monitored security and alarm response 24 hours a day.Achieve total peace of mind by having our highly trained staff monitoring your facility and your security system twenty four hours a day.Cost-effective alternatives to manned security Many organisations are paying far more than they need to for manned security. Most insurance companies insist that alarm systems are simply monitored to provide police response in the event of an incident, a requirement that can be fulfilled by our cost-effective remote monitoring service. Our 24 hour alarm response centre is connected directly to all UK police forces. We will make sure that our trained key response officer, the police or your key holder is called out to your facility whenever they're needed.
Buying a SECOM product is just the start. Our scrupulous after-sales and maintenance service means we're on hand to help you manage and maintain your security, so you know you can always rely on it. Find out more about our commitment to excellent customer service.
Benefit from a dedicated team of fully trained security system engineers Our dedicated team of fully trained engineers operate via our network of local offices, all of which are located in key locations around the country. As an NSI Gold member, all our electronic security systems comply with the latest industry standards, police and insurance requirements.
14
Emergency and crisis preparedness School police staffing; on a lesser level school guards, adult hall monitors, schoolyard guards and instructors trained in basic defence operatives. Internal security that covers confidential items like office management and registration paperwork.
Campus and community collaboration for safety in not only the school but surrounding neighbourhoods.
15
Staff and student awareness training regarding all aspects of safety and security Basic safety issues addressed; it does little good to address big issues if instructors can't locate a first aid kit or work a fire extinguisher A good system for planning for security issues which may include a school team safety committee Proper employee protection in place such as a workplace emergency action plan Zoning and property issues, such as signs up, fences, doors that lock and limited access to the campus
Adequate health care services and or referrals on campus Proper mental health facilities or care providers on campus such as school psychologists and counselors Transportation, technology and tutoring services and on high school and upper level campuses career referrals and job placement assistance. Opportunities for parent and trained volunteer involvement
These may seem unrelated to campus safety but much of the crime on campuses is initiated by students themselves. Whether its a nine-year-old bully or an 18-year-old thief, crime can be prevented when students are and feel well-cared for.
16
Use a firewall:
A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers.
18
Change the default administrator name and password on your router or access point:
If you have a router or access point, you probably used a default name and password to set up the equipment. Most manufacturers use the same default name and password for all of their equipment, which someone could use to access your router or access point without your knowledge. To avoid that risk, change the default administrator user name and password for your router. Check the information that came with your device for instructions about how to change the name and password.
19
1. Data Leakage:
Loss of data leads the league when it comes to IT security care-abouts, with 17 percent of survey respondents naming it as the most likely single threat facing network security in the next 12 months. And as various exploits target the seams of security coverage at the same time that the malware bugs are becoming more insidious, who can blame them? The data on the network represents a substantial percentage of company value, and various compliance standards such as HIPAA and PCI have stringent requirements that can make data loss an even more unpleasant experience than ever before. Thus, the topic is moving beyond its previous status as a technology level discussion, and it is becoming more of a business level discussion as C-Level executives of all types increasingly recognize the inherent risks.
IT departments, as 13 percent of surveyed IT professionals said BYOD represented the most likely threat facing their network security over the next 12 months.The focus for the channel is mostly around detecting devices, maintaining security and figuring out exactly what those devices might be up to. This is an especially tall order when you consider the fact that personal devices are, well, personal. And, that means gaining access to them and managing them can be a lot more difficult, especially when employees are less than thrilled about the idea.
4. Cloud Computing:
Effective security for the cloud is a huge topic in todays IT discourse, which means it's not surprising that eleven percent of surveyed IT professionals said cloud computing represents the most likely threat facing their network security over the next 12 months. Nearly every vendor has a strategy for how cloud security can be maximized, and (surprise!) that vendors products happen to be the focal point of truth and justice. This means that the channel is looking at a huge opportunity in helping customers to navigate these offerings and the related purchasing decisions. But that level of assistanceimplies that the partners have a very strong knowledge of the various risks and responses. Some channel companies are doing a better job of that than others, according to many industry insiders. And since one of the key concerns about the cloud is that channel partners can become interchangeable parts, developing this expertise can be a key differentiator.
5. Cyber Attacks:
Cyber-attacks happen every day, although only the most high-profile ones tend to make the news. The most recent types of cyber-attacks are even purpose-built by national governments for a variety of purposes, such as espionage and sabotage. And some of the more famous ones, such as Stuxnet and Flame, are highly modular. That means some of the nastiest features can be lifted out of the military-grade bugs and dropped into existing malware platforms to make the more common types of attacks even nastier. That also means that as you read this, some malware author is probably using those modules to create an uber-bug that can put him on the map. Seven percent of surveyed IT professionals said cyber attacks represented the most likely threat facing their network security over the next 12 months.
6. Disgruntled Employees:
Weve all heard the stories about people who had installed attacks to occur when their name disappears from payroll, or some other attack on their employers in an illegal, or at least unethical, expression of Take this job and shove it. This is the domain of the disgruntled employee -- not to be confused with the accidental exposures committed by happy, gruntled employees otherwise in good standing. While such acts of malfeasance are relatively rare, it is important that channel partners identify potential symptoms and guide their clients toward policies that will help to prevent them before they occur. Five percent of surveyed IT professionals said disgruntled employees represented the most likely threat facing their network security over the next 12 months.
21
7. External Hacking:
Ah yes. Good old fashioned external hacking seems almost quaint given the rapid extension of modern threats and attack vectors. But given the emphasis on these recent developments, it can be easy to take your eye off the ball regarding garden-variety hackers. Five percent of surveyed IT professionals said external hacking is the most likely threat facing their network security over the next 12 months. For the most part, the strategy here is about keeping security suites properly configured and up-to-date. Not very exciting, we know. But its still something that requires your ongoing attention in the never-ending quest to keep your customers information safe.
22
CASE STUDY
Mumbai: Narsee Monjee Institute Entrance Test Racket Busted
Press Trust OF India| 02-May 22:08 PM Mumbai: Police claimed to have busted an MBA entrance test racket, with the arrest of six persons, including a B Tech graduate, at the Narsee Monjee Institute of Management Studies (NMIMS). The B Tech graduate, who is the prime accused in the case, has been identified as Alok Kumar, who cleared the NMIMS entrance test several times by impersonating real applicants. About 87 students cleared NMIMS Management Aptitutde Test (NMAT) for the MBA batch of 2013, police said, adding that about 22 students cleared the test and got admission in 2011. Five other accused, who acted as mediators, have been identified as Hanumant Singh Gujar, Sugriv Gujar who are both B Tech graduates and brothers, besides Bajendra Pratap Singh, MBA graduate Pavan Kumar and Himanshu Shekhar, the police said. The gang charged Rs 15 lakh per student, they said. The first five accused were held from Delhi, while Himanshu was nabbed from Pune in the last seven days. On behalf of the NMIMS, the NMAT test is conducted by Pearson VUE, the worlds largest education company that developes and delivers over 10 million computer-based test across 175 countries, police said. A month ago, the NMIMS complained us about possible fraudulent practices being carried during online tests for NMAT 2013. During the course of the investigation, we caught all the six accused who used to charge Rs 15 lakh per student to ensure that they clear the NMAT test, Joint Police Commissioner (Crime) Himanshu Roy said. Explaining the mouds operandi, Roy said the Gujar brothers, Singh and Pavan Kumar looked for prospective candidates who desired NMIMS admissions but had no capability to clear the online NMAT aptitude test on their own. The gang promised students passing marks in the NMAT exam through the management quota. For online exam, a student could approach any of the centres spread all over India. The accused filled up the admission form of students online, where photographs of applicants were not required, Roy said. The gang then prepared a driving license, aadhar card or pan card with the original details of students, but attached a photograph of Alok Kumar, who visited different examination centres and appeared for the aptitude test, he said. Over 20 people, including 7 who took NMAT on behalf of applicants, are wanted in the case, police said. The gang is suspected to have been involved in the admission racket for at least 3 years, while educational consultancy firms like Carrier Guidance in Uttar Pradesh and Meta Consultancy in Delhi have been found to be involved in such malpractices, they said. It was NMIMS which first noticed these possible fraudulent practices in the online NMAT test and took the matter to the Mumbai Police. The Crime Branch has done a commendable
23
job by exposing those involved in such practices and we will extend full help in their investigation, NMIMS University vise-Chancellor Rajan Saxena said.
24