Term Paper: Social Security Company Network

Pages: 5 (1451 words)  ·  Bibliography Sources: 1+  ·  Level: College Senior  ·  Topic: Education - Computers  ·  Buy This Paper


[. . .] g., U.S. v. Microsoft). (Erlanger 23)

Internet: The World Wide Web presents a nightmare from a security standpoint. The Internet is the pathway in which vulnerabilities of the company are manifested. The hacker community typically launches their 'zero day' and old exploits on the Internet via IRC chat rooms, through Instant Messengers, and free Internet email providers (hotmail, yahoo, etc.). (Goncalves et al. 53) Therefore, the Internet usage policy should restrict access to these types of sites.

Moreover, software should be employed to filter out many of the forbidden sites that include pornography, chat rooms, free web-based email services, personals, etc. Several internet content filtering applications that maintain a comprehensive database of forbidden URLs will be installed.

Anti-Virus Software: Anti-virus software is a 'must' in the detection and mitigation of viruses. There should be frequent updates of virus definition files. In addition, removable media, attachments to e-mail, and other files should be scanned before opening. Anti-virus software should be configured to automatically scan all incoming and outgoing files.

Back-up and Recovery: A comprehensive back-up and recovery plan is critical to mitigating incidents. The company should be prepared to deal with natural or other disasters which may occur. Off-site storage locations are essential in this regard.

The company should be able to restore data from a tape back-up, if the system crashes, or gets hacked, and/or files get inadvertently deleted. At a minimum, the company's back-up recovery plan should include: back-up schedules; identification of the type of tape back-up (full, differential, etc.); tape storage location (on and off-site); tape labeling convention and rotation procedures; and checking log files (Erlanger 25).

Intrusion Detection: A Network Intrusion Detection System (NIDS) is a system that is responsible for detecting anomalous, inappropriate, or other data that may be considered unauthorized occurring on a network. Unlike a firewall, a NIDS captures and inspects all traffic, regardless of whether it's permitted or not. Based on the contents, at either the IP or application level, an alert is generated. (Wreski et al. 67)

Intrusion detection tools will help assist in the detection and mitigation of access attempts into the company's network. A combination of both network and host-based NIDS will be implemented.

Remote Access: Company accountants access the system via HTTP in conjunction with the Secure Sockets Layer (SSL) protocol. This requires use of a high-performance server as well as a server-side X.509 certificate that supports SSL processing. (Greenberg18) Installing a strength-testing mechanism (that tests the relative difficulty of guessing a given string) will weed out weak passwords. All users and administrators must select new user names and passwords, and system log-ons should timeout after 20 minutes of inactivity. An intrusion-detection alert mechanism should kick in when someone attempts more than seven incorrect log-ons.

Dial-up access to the company's network represents a great risk. Procedures that should be implemented in order to allow dial-up access must include: installation of personal firewalls on remote client machines (i.e., Norton or BlackIce Defender); ensuring that antivirus software, service packs and security patches are maintained and up-to-date; ensuring that modems are configured to not auto answer; ensuring file sharing is disabled; and prohibiting users from configuring the company's computers to access personal Internet Service Provider accounts.

Auditing: All security programs should be audited on a routine and random basis to assess their effectiveness. The company security officer has the authority to conduct audits of the program as he or she sees fit.

Awareness Training: Security Awareness Training for the company's staff must be performed to ensure a successful implementation of the program. Staff completing training should be required to sign a written certification statement. This signed statement helps the security officer and management enforce the company's security policies.

Works Cited

Erlanger, Leon. "Defensive Strategies." PC Magazine 5 November 2002.

Frye, Emily. "The tragedy of the cybercommons: Overcoming fundamental vulnerabilities to critical infrastructures in a networked world." The Business Lawyer November 2002: 349-382.

Goncalves, Marcus and Brown, Steven. Check Point Firewall 1:Administration Guide 2000. Emeryville: McGraw-Hill Osborne Media, 1999.

Greenberg, Eric. Network Application Frameworks, Boston: Addison Wesley Longman, 1998

Ogletree, Terry William. "Firewalls: The First Line of Defense." PC Magazine, 12 June 2001

Wreski, Dave and Pallack, Christopher. "Network Intrusion Detection Using Snort,." Features. 19 June 2000. Linux.… [END OF PREVIEW]

Four Different Ordering Options:

Which Option Should I Choose?

1.  Buy the full, 5-page paper:  $28.88


2.  Buy + remove from all search engines
(Google, Yahoo, Bing) for 30 days:  $38.88


3.  Access all 175,000+ papers:  $41.97/mo

(Already a member?  Click to download the paper!)


4.  Let us write a NEW paper for you!

Ask Us to Write a New Paper
Most popular!

Security Program Network Risk Assessment Term Paper

Privacy Issues Raised by Social Networking Essay

Internet Technology Marketing and Security Research Paper

Security Policy Dr. Fossett's Dental Office Term Paper

Security Issues of Cloud Computing Data Analysis Chapter

View 974 other related papers  >>

Cite This Term Paper:

APA Format

Social Security Company Network.  (2003, May 16).  Retrieved July 18, 2019, from https://www.essaytown.com/subjects/paper/social-security-company-network/7258380

MLA Format

"Social Security Company Network."  16 May 2003.  Web.  18 July 2019. <https://www.essaytown.com/subjects/paper/social-security-company-network/7258380>.

Chicago Format

"Social Security Company Network."  Essaytown.com.  May 16, 2003.  Accessed July 18, 2019.