Access over 20 million homework & study documents


Assignment 3 Network Security Planning




Showing Page:
Network Security and Ethical Hacking
Network Security & Ethical Hacking
Neal Patrick and his friends did not realise they were doing anything
unethical, in fact: when asked by Congress “At what point he questioned
the ethics of his actions” – he answered “Once the FBI knocked upon my
“I have found that inadequate network security is usually caused by a
failure to implement security policies and make use of the security tools
that are readily available. It’s vital that companies complete professional
risk assessments and develop comprehensive security plans and
infrastructures that are publicly supported by upper management”
Network security is not only about the WAN (Wide Area Network) but
also the LAN (Local Area Network) as the two go hand in hand. It is
possible to not only have an attack from the Internet but also internally.
The moment any form of computer device becomes network capable or
dependent of some form of network function, there is a given need for
protection to safeguard the flow of information to and from the said
device on a given network whether public or private and/or from a
trusted to non-trusted source.
The problem with locking down a network tightly is the administrative
overhead it creates. The more secure the network becomes the greater
the need is for someone or a team to administrate this. Eventually you
would reach a point where it becomes impossible for the end-user to
work due to the security practices in place. There has to be a fine
balance between the two whilst still safeguarding the network and the
information it contains.
This section of the report will delve into “Security Principles” and will
hopefully produce a thorough guide as to the best practice based on
time availability, finance constraints and knowledge within the company
to fulfil this role.

Sign up to view the full document!

lock_open Sign Up
It is fair to assume that the original LANs where based on a very basic
topology, select personnel used them (normally IT associated people),
they were cumbersome and slow and everything took an age to do
anything on them. There was no need for security at the time as there
was no perceived threat from within as everyone was trusted and as the
Internet did not exist there was no externally posed threat either.
Once LANs became linked up and WAN links were the norm plus the
birth of the Internet and an increase in LAN exposure to working
professionals (Non IT personal) there became a need to safeguard the
network not only from external threats but also internal threats as well.i
It’s worth mentioning that the need to safeguard personal information is
now a legal requirement under the Data Protection Act 1998 if
information is kept pertaining to a living person then that information
must be stored in an adequately secure environment scaling to the
severity of the data. For example, your email address does not have to
have large security back ends, a simple encryption in a database would
be fine, but medical records which are incredibly personal do require
larger amounts of security to ensure they cannot be viewed or edited by
unauthorised individuals.
Some governments in different countries are paving the way for the
future by introducing legislation with regards to network security. By
forcing people’s hands and introducing security principles to safeguard
data on a network this can only be a good thing. Once these laws
become enforceable, a badly designed or security lacking network will
be made accountable and companies or individuals will be penalized
An up to date example of the Government level IT Security legislation is
the E-PARASITE Act being pushed through the US Congress as this
report is written. The E-PARASITE act solicits the use of IT Security
measures within the US to “unilaterally censor foreign websites.” This act
provides the prime example of how the use of Security can trip the fine
line between keeping people safe and censoring their lives – this act has
become hot topic across the internet, companies such as Google, AOL
and Facebook has opposed such a law that would pose huge risks to
the internet. The precedent this sets, by allowing individuals and
companies to file litigation to force ISP’s, Search Engines, Payment

Sign up to view the full document!

lock_open Sign Up
Processors and Ad networks to block and cease business with websites
linked with online Piracy, and by extension, anything they consider illegal
by US law.
Whilst enforcing Security measures may be prudent, this law has given
way to a debate with excellent arguments: Critics say “The bill as drafted
would expose law-abiding US internet and technology companies to new
uncertain liabilities, private rights of action and tech mandates that would
require monitoring of websites.”
This opens the floor to a larger debate of whether it is right to be able to
do this, is this bill draconian and simply censoring the internet (which is
accessible by UN Human rights mandate) by allowing individuals to take
down websites with the slightest infringement or does it allow for a new
level of security and Copyright material, often the culmination of the
stolen Copyrighted material is from hacking and cracking of the
software/providers – the question is, would this stop or mitigate, or would
it only push them, the owners of infringing websites, deeper
Hacker (Internal & External)
Hackers are groups or individuals who gain access to a system. Some
only leave footprints, messages on a device or server to notify they have
visited. Some are more malicious and will steal data or damage data to
their own end. They are a big threat to network security and must be
treated with the upmost respect and network security staff needs to be
educated on the types of Hacker, which will be touched upon later in this
According to a survey undertaken in 2010 “Teenage Hacking Habits”
revealed that out of a sample of 1000 teenagers, 16% admitted to
hacking and that 51% hack from home.
There are many pre-conceived notions about hackers in modern society
and with tabloids and media constantly publishing articles about Black
“hackers” the difference is not known and understood. All forms of
hacking can be categorised in to three “shades” White, Grey and Black
Hacking. These colours are use to identify each type of hacking that is
performed. Of all the hackers out there today, there is one type of hacker
that remains in the shadows, this is no the hacker that steals top level
security files or breaks software encryption, or simply steals some

Sign up to view the full document!

lock_open Sign Up
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

I use Studypool every time I need help studying, and it never disappoints.