Protecting a Network From Intrusion and Data Loss Research Paper

Pages: 6 (1894 words)  ·  Bibliography Sources: 12  ·  File: .docx  ·  Topic: Education - Computers

Computer Network Security Issues

Computer technology has changed society tremendously in the last two decades. Today, virtually every aspect of modern business depends on computer systems and computer networks, including businesses that have no connection to high technology (Evans, 2004). Just as almost all modern automobiles depend on computerized components, so do typical ordinary businesses, such as the neighborhood bakery, florist, or dry cleaner. However, the extensive reliance on computer systems and networks also poses a security threat to organizations, especially in industries where unauthorized access to information and internal systems and processes could damage business interests.

The same way that every home and business establishment requires a security system of door locks and bolts to guard against intruders and robbers, modern business computer systems also require appropriate safeguards to protect their data and access to organizational assets from unauthorized access. That is equally true of home computer systems, particularly now that so many people routinely use their home computers to conduct financial transactions and other communications that involve potentially sensitive information that could be damaging in the wrong hands.Buy full Download Microsoft Word File paper
for $19.77

Research Paper on Protecting a Network From Intrusion and Data Loss Assignment

As is true of almost every technological advance in modern society, positive and productive uses of new computer technologies has also inspired negative, destructive, and criminal exploitative uses of the same technology. An entire community exists in cyberspace who are dedicated to infiltrating the computer networks of private individuals and of business entities for the purpose of wrongful monetary gain. In some cases, malicious computer system intruders are motivated more by the intellectual and technical challenge than by personal gain or any specific malicious intent toward their victims. Nevertheless, malicious intrusions of computer network systems are a continual threat faced by private individuals and corporate business entities alike. Therefore all computer networks require security measures and protocols capable of protecting their assets from unauthorized access.

Strategies for Protecting Computer Networks

In some respects, private computer users and business network administrators face the same types of threats from which they must protect their computer systems and networks. Specifically, the main threat is that individuals or entities will try to gain access to their systems and networks for the purpose of acquiring private information that can be used for monetary gain (Boyce, 2002; Dam & Lin, 1996). In the realm of private computer networks, the types of information at risk are credit card numbers and bank account information that can be used to withdraw funds fraudulently or to make fraudulent purchases. Private computer network intruders also typically target identifying information such as social security numbers that can be exploited for the purpose of identity theft (Ballezza, 2007; Personick & Patterson, 2003; Schmalleger, 2009).

In the realm of professional business computer systems and networks, malicious intruders may seek similar information for monetary gain as well as proprietary information such a business secrets, strategies, privileged communications, and patents that can be exploited by other businesses for profit. They may also seek to gain remote control of computer networks for the purposes of using them to perpetrate other crimes or to add a layer of protection to hide their identity from authorities investigating their Internet-based crimes (Personick & Patterson, 2003; Schmalleger, 2009).

Generally, the principal methods of protecting computer systems and networks from unauthorized access and control include the timely updating of all software programs to eliminate any known flaws and security vulnerabilities, the implementation of appropriate network security measures such as encryption of sensitive information, password protocols, and personnel practices, policies, and procedures designed to eliminate the element of human error from the equation (Boyce, 2002).

According to the largest comprehensive review of documented instances of computer network intrusions and attempted intrusions, the vast majority of malicious attacks on computer networks are perpetrated by relatively low-level "hackers" rather than sophisticated professionals (Baker, Hylender, & Valentine, 2008). Similarly, the majority of those malicious intrusion attempts exploited vulnerabilities that were either identified months before by software manufacturers and for which updates (known as "patches") had already been issued to enable those vulnerabilities to be eliminated rather than through highly sophisticated or novel means that involved complex attacks not capable of having been anticipated and prevented in advance (Baker, Hylender, & Valentine, 2008).

Computer security consultants compare the computer security habits of many computer users, both in the home and also in corporate business, to car owners who leave their vehicles in dangerous neighborhoods with the keys in the ignition and valuables in plain sight (; Schmalleger, 2009). Specifically, the most common method of gaining unauthorized access to computer networks is simply by trying the most common defaults for network passwords such as "password" or "0000" or "12345" and other equally common and predictable passwords that users never bother to change after acquiring access to their systems (Kizza, 2005; Schmalleger, 2009). Business network administrators generally try to enforce rules requiring employees to create so-called "strong" passwords (i.e. those containing both numbers and letters and also special characters) and by programming network passwords to expire automatically and prompt for new passwords periodically (Personick & Patterson, 2003).

Another common method through which malicious network intrusion is gained is through the use of malicious software downloads (Kizza, 2005; Personick & Patterson, 2003). This method allows remote hackers to gain network access by tricking authorized users to open attached files or to visit Internet destinations that install malicious codes such as Trojan Horses and "worms" that capture passwords and even all keystrokes of authorized users and transmit that information to the remote hacker (Kizza, 2005; Personick & Patterson, 2003). Frequently, the methods used to accomplish this include popular Internet applications and portals such as FaceBook, MySpace, and music download sites among others (Schmalleger, 2009). The most effective method for combating these risks in the workplace include simply enforcing workplace rules prohibiting this type of non-work use of work computers (Boyce, 2002).

Even simpler methods involve sending users emails with attached files claiming to be one thing (such as jokes, news stories, or coupons for discounts on consumer products). Once the user clicks to open the attached file, a malicious piece of software is automatically installed on the unsuspecting user's computer system (Personick & Patterson, 2003; Schmalleger, 2009). The most common method of protecting computer systems and networks from these types of intrusions include proprietary anti-virus and anti-malware software programs designed to scan computer systems on a regular basis and to recognize malicious code, alert the user, and inactivate those malicious codes (Personick & Patterson, 2003; Schmalleger, 2009).

Finally, social engineering is another effective way of gaining unauthorized access to computer systems and networks (Larsen, 2007). In principle, social engineering consists of some form of tricking others into voluntarily divulging their system and network access information without realizing it. Typical ruses used in that regard against home computer users include telephone calls or emails pretending to be from companies or banks with which the individual has an account or from the Internet service provider. At some point during the call, the malicious party simply requests information such as passwords, account numbers, or social security numbers, supposedly to "verify" information. In the workplace, social engineering may include attempts by coworkers to obtain the passwords of other employees or the unauthorized use of their computer terminals (Larsen, 2007).

The Human Element

Many of those common types of attempts at malicious intrusion of computer systems and networks rely on human behavior and human nature rather than on technically sophisticated methods (Baker, Hylender, & Valentine, 2008). In fact, nearly three-quarters of all malicious network intrusions could have been prevented by user practices and strict enforcement of organizational computer system security policies, practices, and procedures intended to maintain appropriate system security. Every one of those incidents could have been prevented by different decisions of one or more individuals within the organization (Baker, Hylender, & Valentine, 2008). In effect, the single most important change that modern organizations can make with respect to computer network security is to eliminate human system-input mistakes and errors of judgment.

Adhering to sound system security policies and practices would shield most organizations from the vast majority of the potential threats posed by malicious entities. Reasonable and cost-effective system security can be substantially assured by simply ensuring that: (1) all users create and periodically change "strong" passwords; (2) system administrators maintain up-to-date software patches and software updates and fixes; (3) effective, up-to-date antivirus and anti-malware programs are installed, updated continually, and used properly; (4) system administrators actively monitor networks for suspicious activity or breaches; (5) all authorized system users be required to participate in periodic system security training and testing, and that they comply strictly with organizational policies; and (6) all system users are appropriately trained with respect to safe network security protocols and specifically with respect to social engineering vulnerability (Baker, Hylender, & Valentine, 2008).

The Limits of Reasonable Precautions

To protect their networks, some organizations implement such tight restrictions on computer use and emphasize security training and system security updates so often that system security can begin to interfere with the volume… [END OF PREVIEW] . . . READ MORE

Two Ordering Options:

?
Which Option Should I Choose?
1.  Buy full paper (6 pages)Download Microsoft Word File

Download the perfectly formatted MS Word file!

- or -

2.  Write a NEW paper for me!✍🏻

We'll follow your exact instructions!
Chat with the writer 24/7.

Network Management Data Voice and Video Thesis


Cloud Computing and Data Security Term Paper


Incident Response and Computer Forensic Investigation Research Paper


Network Design Essay


Security Policy Dr. Fossett's Dental Office Term Paper


View 200+ other related papers  >>

How to Cite "Protecting a Network From Intrusion and Data Loss" Research Paper in a Bibliography:

APA Style

Protecting a Network From Intrusion and Data Loss.  (2011, February 22).  Retrieved April 5, 2020, from https://www.essaytown.com/subjects/paper/protecting-network-intrusion-data-loss/981140

MLA Format

"Protecting a Network From Intrusion and Data Loss."  22 February 2011.  Web.  5 April 2020. <https://www.essaytown.com/subjects/paper/protecting-network-intrusion-data-loss/981140>.

Chicago Style

"Protecting a Network From Intrusion and Data Loss."  Essaytown.com.  February 22, 2011.  Accessed April 5, 2020.
https://www.essaytown.com/subjects/paper/protecting-network-intrusion-data-loss/981140.