CMGT 400: Securing And Protecting Information
Securing and Protecting Information
Securing and Protecting Information
CMGT/400
May 27, 2013
Securing and Protecting Information
Introduction
The last few years have been marked by numerous malicious applications that have increasingly targeted online activities. As the number of online activities continues to grow strong, ease of Internet use and increasing use base has perfected the criminal targets. Therefore, attacks on numerous users can be achieved at a single click. The methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. …show more content…
Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks.
Security Authentication Process
Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication process is incorporated in identification of the foreign program. Therefore, the most common authentication application is done through incorporation of passwords. Before description of the authentication process, it is important to explain some of the important terms. In this concept, the term AAA is commonly employed to mean authentication, accounting, and authorizations. Let us now differentiate between these terms.
* Authentication: This process confirms that the user is who they are claiming to be.
* Authorization: This process ensures that the user has the authority of issuing certain commands.
* Identification: This process is incorporated to ensure that the user is able to recognize the user that has been described to an automated system of data processing.
The following steps are incorporated in the process of login. To ensure recognition by an application, the user is supposed to identify itself. Achievement of identification is enhanced when the credentials are presented. In the authentication step, the claimed identity of the user is verified. After authentication process is complete, authorization is incorporated in definition of what the user is able to do in the application. During all this process, the accounting process keeps track of the user actions. Just like in other security processes, this method is a chain (Laudon, 2012). Should there be a break in one of the elements; the whole chain is likely to fall apart. This draws emphasis on the significance of authentication system. The accounting and authorization are only likely after correct identification and authentication of the users (Conklin, 2012).
Effects of authentication for new information systems
An application security has the capability of trading off between the high security level and more usability.
Therefore after adding more security to authentication, the effect is witnessed through reduction in the acceptance rate of users while increasing the usability. Consequently, it is very challenging to find the most secure system of authentication that the users can accept. Users are always seeking new features and applications whose interfaces will be easy to use. At the same time, these users express worries that the dangers continues to increase. In addition, the legislations continue to punch companies and manufacturers towards protection of their clients’ …show more content…
privacy.
Another factor is the increase in the user mobility. These users are seeking to have their application gain access to their home desktop and also on vacation, at home and everywhere using their cell phones. These needs pose major requirements to the applications security.
Preventive measures for securing data
Disk redundancy
For numerous database servers, the standard feature is disk redundancy. Most servers incorporate numerous redundant arrays of independent disks (RAID) as part of their configurations. The level of RAID to be applied will be based on the type of database application that is to be utilized. RAID 10 (which combines RAID 1 and RAID10) incorporates striped array of disks. In RAID 10, multiple disks are used to give the best performance (LaRoche, 2008).
Information archiving
Depending fully on RAID is hardly able to improve data security. Information archiving (for instance storage data on media tape) is highly recommended. Various drives can therefore be used to backup various information capacities. These include digital linear tapes (DLT) and digital audio tapes (DAT).
Tape media storage
Most administrators utilize secure locations for their backup media storage.
The commonly used secure location includes fireproof vaults. Offsite storage of critical backups is often necessary. Apparently, data storage in other areas apart from company’s branch office calls for initial investigations of the approach that will handle offsite storage.
Security systems and devices
Various authentication methods are used and range from the simple to complex. The security level provided will vary depending on the utilized technique and deployment method. The most dominant method involves authentication with a password and username. However, this is also one of the most insecure methods. We can describe these devices and systems depending on the three factors:
* Knowledge: This is based on something that the user is well aware of such as password or pin
* Possession: This is based on something that the user has such as a USB Token or a Smart Card.
* Attribute: This is based on what the user is. This includes the biometric characteristics such as the eye pattern or the
fingerprint.
Conclusion
The modern technology world is characterized by a skyrocketing number of online applications. Therefore, every company is seeking an opportunity to have its business introduced to the online world. However, this rush comes with a cost: the new applications security is neglected, particularly when it comes to authentication. With the single factor authentication being unable to fully guard against Internet security breach issues, this paper draws another perspective through which this security issue can be addressed through the authentication process. By application of the authentication approach that is comprehensively defined in this paper, it becomes possible to prevent the current attacks while ensuring that the users are provided with the best technology that can successfully be utilized when operating over the Internet.
References
Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. (2012). Principles of Computer Security: CompTIA Security+ and Beyond (3rd ed.).
Laudon, K. C., & Laudon, J. P. (2012). Management Information Systems. Managing the Digital Firm (12th ed.).
LaRoche, G. (2008). Fingering Transactional Strong Authentication. Security: Solutions for Enterprise Security Leaders, 45 (3): 110-112.
Securing and Protecting Information
CMGT/400
May 27, 2013
Securing and Protecting Information
Introduction
The last few years have been marked by numerous malicious applications that have increasingly targeted online activities. As the number of online activities continues to grow strong, ease of Internet use and increasing use base has perfected the criminal targets. Therefore, attacks on numerous users can be achieved at a single click. The methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. …show more content…
Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks.
Security Authentication Process
Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication process is incorporated in identification of the foreign program. Therefore, the most common authentication application is done through incorporation of passwords. Before description of the authentication process, it is important to explain some of the important terms. In this concept, the term AAA is commonly employed to mean authentication, accounting, and authorizations. Let us now differentiate between these terms.
* Authentication: This process confirms that the user is who they are claiming to be.
* Authorization: This process ensures that the user has the authority of issuing certain commands.
* Identification: This process is incorporated to ensure that the user is able to recognize the user that has been described to an automated system of data processing.
The following steps are incorporated in the process of login. To ensure recognition by an application, the user is supposed to identify itself. Achievement of identification is enhanced when the credentials are presented. In the authentication step, the claimed identity of the user is verified. After authentication process is complete, authorization is incorporated in definition of what the user is able to do in the application. During all this process, the accounting process keeps track of the user actions. Just like in other security processes, this method is a chain (Laudon, 2012). Should there be a break in one of the elements; the whole chain is likely to fall apart. This draws emphasis on the significance of authentication system. The accounting and authorization are only likely after correct identification and authentication of the users (Conklin, 2012).
Effects of authentication for new information systems
An application security has the capability of trading off between the high security level and more usability.
Therefore after adding more security to authentication, the effect is witnessed through reduction in the acceptance rate of users while increasing the usability. Consequently, it is very challenging to find the most secure system of authentication that the users can accept. Users are always seeking new features and applications whose interfaces will be easy to use. At the same time, these users express worries that the dangers continues to increase. In addition, the legislations continue to punch companies and manufacturers towards protection of their clients’ …show more content…
privacy.
Another factor is the increase in the user mobility. These users are seeking to have their application gain access to their home desktop and also on vacation, at home and everywhere using their cell phones. These needs pose major requirements to the applications security.
Preventive measures for securing data
Disk redundancy
For numerous database servers, the standard feature is disk redundancy. Most servers incorporate numerous redundant arrays of independent disks (RAID) as part of their configurations. The level of RAID to be applied will be based on the type of database application that is to be utilized. RAID 10 (which combines RAID 1 and RAID10) incorporates striped array of disks. In RAID 10, multiple disks are used to give the best performance (LaRoche, 2008).
Information archiving
Depending fully on RAID is hardly able to improve data security. Information archiving (for instance storage data on media tape) is highly recommended. Various drives can therefore be used to backup various information capacities. These include digital linear tapes (DLT) and digital audio tapes (DAT).
Tape media storage
Most administrators utilize secure locations for their backup media storage.
The commonly used secure location includes fireproof vaults. Offsite storage of critical backups is often necessary. Apparently, data storage in other areas apart from company’s branch office calls for initial investigations of the approach that will handle offsite storage.
Security systems and devices
Various authentication methods are used and range from the simple to complex. The security level provided will vary depending on the utilized technique and deployment method. The most dominant method involves authentication with a password and username. However, this is also one of the most insecure methods. We can describe these devices and systems depending on the three factors:
* Knowledge: This is based on something that the user is well aware of such as password or pin
* Possession: This is based on something that the user has such as a USB Token or a Smart Card.
* Attribute: This is based on what the user is. This includes the biometric characteristics such as the eye pattern or the
fingerprint.
Conclusion
The modern technology world is characterized by a skyrocketing number of online applications. Therefore, every company is seeking an opportunity to have its business introduced to the online world. However, this rush comes with a cost: the new applications security is neglected, particularly when it comes to authentication. With the single factor authentication being unable to fully guard against Internet security breach issues, this paper draws another perspective through which this security issue can be addressed through the authentication process. By application of the authentication approach that is comprehensively defined in this paper, it becomes possible to prevent the current attacks while ensuring that the users are provided with the best technology that can successfully be utilized when operating over the Internet.
References
Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. (2012). Principles of Computer Security: CompTIA Security+ and Beyond (3rd ed.).
Laudon, K. C., & Laudon, J. P. (2012). Management Information Systems. Managing the Digital Firm (12th ed.).
LaRoche, G. (2008). Fingering Transactional Strong Authentication. Security: Solutions for Enterprise Security Leaders, 45 (3): 110-112.