INTRODUCTIONThis project covers two aspects of Information Technology in

first part of the introduction we will explain the IT infrastructure of an

enterprise/ organization, then secondly we will explain what is Information

Technology security and what are the essential of it.

The Information Technology is the application of Servers,

computers, Laptops, Software, and other networking or internet devices to

store, retrieve, transmit and manipulate data or information in the context of

a business or the enterprise. The infrastructure of Information Technology

refers to composite hardware, software, network resources and services

required for the existence, operation and management of an enterprise IT

environment. It allows an organization to deliver IT solutions and services

to its employees, partners and their Customers. An Enterprise technology,

information and infrastructure refer the concept of Information Technology

(IT) resources and data that are shared across an Enterprise. The term

Enterprise is also known as “company” or a “firm” is an organizational

entity involved in the provision of goods and services to consumers. A

standard IT infrastructure is consists of the following components.

Hardware: Servers, Data Centers, Computers, embedded systems,Switches, Hubs, etc.

Software: It referred to Enterprise Resource Planning (ERP),Customer Relationship Management (CRM), Supply ChainManagement System (SCMS) and some other custom base softwarewhich are according to the requirement of the Client.

Network Resources we can divide them into two categoriesHardware which refers to a physical existence like Firewall and thesecond is Software base which are like Threat Management Gateway(TMG) or Internet Security Acceleration (ISA).

1

Meatware: It refers to Human entities which may operate or usecomputer for the computing process.

It provides a connectivity and availability of data from host or

remote place at any time so that the user may share the required information

from anywhere, anytime in the world. It may be centered within a data

center, with connection and the user’s authentication in different

environments using intelligent or dumb access devices. Below Figure show

the relationship between the between IT infrastructure and business

capabilities.

2

The Information

Technology (IT) Security may

also refer Computer Security or

Cyber security is the protection

of information systems from

theft or damage to the hardware,

software and information on

them.

It includes

controlling physical access to

the hardware protecting against

harm that may come via network

access, data and code injection as well as other harmful software.

Security on information is something to defend data from

unauthorized access, use, disclosure, disruption, modification, inspection,

recording or destruction. The protection afforded to an automated

information system in order to attain the applicable objectives the

information. The security of information is relay on three factors which are,

Integrity, Availability and Confidentially.

3

Background:History of communication is very old it was introduced in

Egyptian Ancient world at that time it was established through a special

massager which takes a lot of time. In the Middle of the 1950s there was a

need of faster way of communication to send their letters, signals and other

necessary documents the only way either mail service or telegram which is

fast but slower and less efficient than network.

Information Technology is one of the branches of

communication; it has been around because there was always a need of

communication over technology, which make it fast, reliable, efficient and

effective way of communication. We can divide Information Technology in

different ages namely Pre-mechanical, mechanical, electro-mechanical and

electronic which will discuss in the next section.

In the beginning of Electronic (Information Technology) there

was a need of infrastructures which is designed to help and support

enterprise to make it profitable which is the core factor of a business. In this

Infrastructure we need the departments which are interrelated (Marketing,

Production, sales, Finance, Supply chain, Accounts and Human

Resource) with each others. So that they can share the information as well

as data with each other according to the requirements, and when this

information share with other users there is a need of security of Data which

make it secure, protective, alteration-free and whenever it required it

always ask user authentication and when these messages, files and data

send/ shared or delivered then there must be a need of security for their

availability, integrity and confidentiality which makes them more secure,

reliable and authentic.

4

In an IT security we use different parameters according to our

requirement some are consist of software base and some of them are

Hardware which are physical devices in the detail of IT security we will

discuss and show how it work?

5

1.0 Evolution of IT InfrastructureThe IT Infrastructure in organizations today is an outgrowth

of over 50 years of evolution in computing platforms. We can divide them

in five stages, each of them representing a different configuration of

computing power and infrastructure elements, names are given below.

These are divided according to the nature of work in this topic we also

recommend what is the suitable system for an Enterprise.

General-Purpose Mainframe and Minicomputer (1959 to Present)

Personal computer/ desktop version

Thin Client

Client/ Server Base Networks

Enterprise/ Internet computing

Cloud computing platform

6

RecommendationTypes of computer and its types according to the requirement

of business we recommend them according to the requirement.

Like an organization focus on the business of data base or

Census record or they are National Data base we recommend them Main

Frame or Mini computer system because of bulk data processing and the

data is stored centrally the sites or branches they can update data, record

new data but they cannot alter data without authentication as well as

approval.

In a business like banking system where data is stored in

database server which is connected to the main branch and that main branch

has mainframe computer for entries the recommended system on the client

side is Thin

Client (No

Operating

System, No

Hard Drive

totally

Dependent on

Server) system

in which the

user can run

real time

application

which is stored

in a server so

that entries should be updated on same time.

Table 1 show the Stages in IT infrastructure evolution

INFRASTRUCTUR MAINFRAM PC ERA ENTERPRIS CLOUD

7

EDIMENSION

E ERA(1959 TO

PRESENT)

(1981 TOPRESENT

CLIENT/SERVER

ERA (1983TO

PRESENT)

E/INTERNETERA (1992

TOPRESENT)

COMPUTING ERA

(2000 TOPRESENT)

SIGNATUREFIRM(S) IBM

Microsoft/IntelDell

HP andIBM

NovellMicrosoft

SAPOracle

PeopleSoft

GoogleSalesforce.co

mIBM

Microsoft

HARDWAREPLATFORM

Centralizedmainframe

Wintelcomputers

Wintelcomputers

Multiple:• Mainframe

• Server• Client

Remoteservers

Clients (PCs,netbooks, cell

phones,smartphones)

OPERATINGSYSTEM

IBM 360IBM 370

Unix

DOS/Windows

LinuxIBM 390

Windows 3.1Windows

ServerLinux

Multiple:• Unix/ Linux

• OS 390• Windows

Server

LinuxWindowsMac OS X

APPLICATIONAND

ENTERPRISESOFTWARE

Fewenterprise-

wideapplications;departmentalapplications

createdby in-house

programmers

Noenterpriseconnectivity; boxedsoftware

Fewenterprise

wideapplications;

boxedsoftware

applicationsfor

workgroupsand

departments

Enterprise-wide

applicationslinked to

desktop anddepartmentalapplications:

• mySAP• Oracle E-Business

Suite• PeopleSoft

Enterprise One

Google AppsSalesforce.co

m

NETWORKING/TELECOMMUNIC

ATIONS

Vendorprovided:• SystemsNetworkWindows

Architecture

None orlimited

NovellNetWareWindows

2003Linux

AT&T voice

LANEnterprise-wide areanetwork(WAN)

InternetWi-Fi

Wirelessbroadband

cellularnetworks

8

(IBM)• DECNET

(Digital)• AT&T voice

TCP/ IPInternet

standards–enabled

INFRASTRUCTURE

DIMENSION

MAINFRAME ERA

(1959 TOPRESENT)

PC ERA(1981 TO

PRESENT

CLIENT/SERVER

ERA (1983TO

PRESENT)

ENTERPRISE/

INTERNETERA (1992

TOPRESENT)

CLOUDCOMPUTIN

G ERA(2000 TO

PRESENT)

SystemIntegration

Vendor-provided

None

Accountingand

consultingfirms

Service firms

SoftwaremanufacturerAccounting

andconsulting

firmsSystem

integrationfirms

Service firms

SaaS(Software asa Service)

firms

Data Storageand DatabaseManagement

Magneticstorage

Flat filesRelationaldatabases

Dbase IIand IIIAccess

Multipledatabase

servers withoptical andmagneticstorage

Enterprisedatabaseservers

Remoteenterprisedatabaseservers

InternetPlatforms

Poor to none(1959–1995)

None atfirstLater

browser-enabledclients

None at firstLater

• Apacheserver

• MicrosoftIIS

None in theearly years

Later:• Intranet-and

Internetdeliveredenterpriseservices

• Large serverfarms

Larger serverfarms

9

10

1.1 The Components of InfrastructureThe Information Technology Infrastructure is consisting of

seven major components and these components of infrastructure

coordinates with each other to provide firm with a coherent infrastructure.

In the end of 20th century most of the manufacturers

supplying components were often in competition with one another, offering

purchasing firms a mixture of incompatible, proprietary, partial solutions.

But increasingly the vendor firms have been forced by large customers to

cooperate in strategic partnerships with one another. For instance, a

hardware and services provider such as IBM cooperates with all the major

enterprise software providers, has strategic relationships with system

integrators (often accounting firms), and promises to work with whichever

database products its client firms wish to use (even though it sells its own

database management software called DB2). Let us examine the size and

dynamics of each of these infrastructure components and their markets.

11

12

RecommendationThe computer system hardware which is a initial component

of a infrastructure is recommended in a fine Information Technology

Environment are authorized brands which are easily repairable, replace/

upgrade as well as configured do not use any unbranded time which are

comparatively lower in price This component includes client machines

(desktop PCs, mobile computing devices such as iPhones and BlackBerrys,

and laptops) and server machines. The client machines use primarily Intel

or AMD microprocessors (Gartner, 2008; Metrics 2.0, 2008). The server

market is more complex than a desktop one there are two largest

manufacturers namely Intel and AMD. Servers are required according to the

requirement of user/ organization. Similarly, the operating system is

according to the requirement of user and client. On the Client side 90

percent of PCs handled Microsoft Windows operating System to manage

the resources and activities of the computer and provide user GUI base in

which they drag and drop options by clicking. These Microsoft based O.S

are more commonly used as well as they are more compatible with a lot of

application. However Linux, UNIX or other O.S they are also reliable but

mostly not found in client based system that’s why it not friendly user and

before use we need to trained staff which is more complex and time

consuming.

The third component of Enterprise base software which is

used for database is the application which is used by a firm for its business

purpose which is core function of an organization to provide facility to their

user and client’s to generate profit. This application varies according to the

requirement of user that what they actually looking for? What type of

business they run? Either they are B2B or B2C.

13

Globally, firms spend more than $250 billion a year on

networking and telecommunications hardware and more than a trillion

dollars on networking services (consisting mainly of telecommunications

and telephone company

charges for voice lines and

Internet access; these are

not included in this

discussion). Windows

Server is the predominant

local area network

operating system, followed

by Linux and UNIX. Large

enterprise-wide area networks primarily use some variant of UNIX. Most

local and wide area networks use the TCP/ IP protocol suite as their

networking standard.

The leading networking hardware providers are Cisco,

Lucent, Nortel, and Juniper Networks. Telecommunications platforms are

typically provided by telecommunications/ telephone services companies

that offer voice and data connectivity, wide area networking and Internet

access.

On commercial purpose there are very few options available

in data base management which are responsible for organizing and

managing the firm’s data so that can be efficiently accessed and used. In

addition there are also some organization or service providers providing the

service of physical data storage so that a company can store data in NAS or

SANs base storage. They provide multiple storages in which user can store

data and backup in another drive or mirror the data by configuring

NAS/SANs according to the requirements. The physical data storage data is

dominated by EMC Corporation for large scale system and small number of

14

PCs hard drive manufacturer led by Seagate, Maxtor, Western Digital and

Hitachi. Again it is recommended on the bases of nature of business as well

as the size of a business following are the firms who provide database

management system.

Below table 2 shows the Data base software.

Serial No SoftwareCompany/

Manufacturer

1. DB2 IBM

2. Oracle Oracle

3. SQL server Microsoft

4. SAP SAP SE

The 6th important component of Infrastructure is Internet

platforms overlap with, and must relate to, the firm’s general networking

infrastructure. Globally, firms spend billions on Internet related

infrastructure, such as hardware, software, and management services to

support a firm’s Web site—including Web hosting services—and for

intranets and extranets. A Web hosting service maintains a large Web

server, or series of servers, and provides fee-paying subscribers with space

to maintain their Web sites. The major Web software application

development tools and suites are supplied by Microsoft (the Microsoft.

NET family of development tools used to create Web sites using Active

Server Pages for dynamic content), Sun (Sun’s Java is the most widely used

tool for developing interactive Web applications on both the server and

client sides), IBM (Web-Sphere is IBM’s suite of electronic business tools

and applications), and a host of independent software developers, including

Macromedia (Flash), media software (Real Media), and text tools (Adobe

Acrobat).

15

Consulting and system Integration Services

Although 20 years ago it might have been possible for a large

firm to implement all its own IT infrastructure, today this is far less

common. Even large firms do not have the staff, skills, budget, or necessary

experience to do so. Implementing new infrastructure requires significant

changes in business processes and procedures, training and education, and

software integration. Leading consulting firms providing this expertise

include Accenture, IBM Global Services, Electronic Data Systems, HP

Technology Solutions, Infosys, and Wipro Technologies.

Software integration means ensuring the new infrastructure

works with the firm’s older, so-called legacy systems and ensuring the new

elements of the infrastructure work with one another. Legacy systems are

generally older transaction processing systems created for mainframe

computers that continue to be used to avoid the high cost of replacing or

redesigning them. Replacing these systems is cost-prohibitive and generally

not necessary if these older systems can be integrated into a contemporary

infrastructure.

Below is the example of consulting and system integration.

16

Omnetric Group isdedicated to the global delivery of IntegratedInformation Technology and operationalsolutions and services, helping utilitycompanies to achieve greater grid reliabilityand efficiency. It is joint venture betweenSiemens AG and Accenture. CombiningSiemens’ leading energy technology productportfolio with Accenture’s systems integration,consulting and managed services capabilities.The Group support clients with innovativesolutions wherever they may be on their path toa smarter grid.

17

1.2 Contemporary Hardware Platform Trends

Although the cost of computing has fallen exponentially, the

cost of the IT infrastructure has actually expanded as a percentage of

corporate budgets. Why? The costs of computing services (consulting,

systems integration) and software are high, and the intensity of computing

and communicating has increased as other costs have declined.

For instance, employees now use much more sophisticated

applications, requiring more powerful and expensive hardware of many

different types (laptop, desktop, mobile handheld computers).

Firms face a number of other challenges. They need to

integrate information stored in different applications and even on different

platforms (telephone, legacy systems, intranet, Internet sites, desktop, and

mobile devices). Firms also need to build resilient infrastructures that can

withstand huge increases in peak loads and routine assaults from hackers

and viruses while conserving electrical power. Firms need to increase their

service levels to respond to growing customer and employee expectations

for service. Following are the hardware platform trends.

The emerging mobile digital platform

Grid Computing

Cloud Computing and the Computing Utility

Autonomic Computing

Virtualization

Multicore Processors

Recommendation

18

As we know Grid computing is a virtual Supercomputing

machine placed in geographically remote and which is made by some

special software that required high speed of connectivity. It is used for high

level of scientific research to find the best solution, the advantage of this

technology is low cost and we recommend this machine in corporate sector

for Research and Development process in limited budget.

For example, Royal Dutch/ Shell Group

is using a scalable grid computing platform that

improves the accuracy and speed of its scientific

modeling applications to find the best oil reservoirs.

This platform, which links 1024 IBM servers running

Linux, in effect creates one of the largest commercial

Linux supercomputers in the world.

Another Hardware platform is cloud computing it is a third

party platform which is provided for the commercial data storage in which

data is permanently stored remotely and accessible from anytime and

anywhere in the world, the most important reason for selecting this

platform is the cost cutting Analysis because organization don’t need to

spend on fixed infrastructure as well as they don’t need money to upgrade

equipments every year.

19

Autonomic ComputingIt is a Computer systems have become so complex that some

experts believes they may not be manageable in the future. With operating

systems, enterprise, and database software Grid computing On-demand

computing Utility computing. It is estimated that one-third to one-half of a

company’s total IT budget is spent preventing or recovering from system

crashes.

About 40 percent of these crashes are

caused by operator error. The reason is not that

operators are not well trained or do not have the right

capabilities; rather, it happens because the

complexities of today’s computer systems are too

difficult to understand, and IT operators and

managers are under pressure to make decisions about

problems in seconds. One approach to dealing with

this problem from a computer hardware perspective is

to employ autonomic computing.

It is an industry-wide effort to develop systems that can

configure themselves, optimize and tune themselves, heal themselves when

broken, and protect themselves from outside intruders and self-destruction.

Imagine, for instance, a desktop PC that could know it was invaded by a

computer virus. Instead of blindly allowing the virus to invade, the PC

would identify and eradicate the virus or, alternatively, turn its workload

over to another processor and shut itself down before the virus destroyed

any files. A few of these capabilities are present in desktop operating

systems. For instance, virus and firewall protection software can detect

viruses on PCs, automatically defeat the viruses, and alert operators. These

programs can be updated automatically as the need arises by connecting to

an online virus protection services.

20

21

1.3 Contemporary Software Platform TrendsThere are five major themes in contemporary software

platform evolution: • Linux and open source software • Java • Web services and service-oriented architecture • Software mashups and Web 2.0 applications • Software outsourcing

Before recommendations I prefer to explain these platforms

shortly. Linux is an O.S which is a free version available on internet most

of the mobile applications and mobile base software are developed in it

however open source is a community of several programmers around the

world providing a platform to program a free version of software and

upload it for other users.

Java is an O.S independent, processor-independent, object-

oriented programming language that has become the leading interactive

programming environment for the Open source software Java. It was

created by James Gosling and the Green Team at Sun Microsystems in

1992. This platform has migrated into cellular phones, smartphones,

automobiles, music players, game machines, and finally, into set-top cable

television systems serving interactive content and pay-per-view services. It

is designed to run on any computer or computing device, regardless of the

specific microprocessor or operating system the device uses. Sun has

created a Java Virtual Machine that interprets Java programming code for

that machine. In this manner, the code is written once and can be used on

any machine for which there exists a Java Virtual Machine that can handle

text, data, graphics, sound, and video, all within one program if needed.

Web services refer to a set of loosely coupled software

components that exchange information with each other using universal Web

services are XML, which stands for Extensible Markup Language was

22

developed in 1996 as a more powerful and flexible markup language than

hypertext markup language (HTML) for Web pages. Hypertext markup

language (HTML) is a page description language for specifying how text,

graphics, video, and sound are placed on a Web page document. By tagging

selected elements of the content of documents for their meanings, XML

makes

In the past, software such as Microsoft Word or Adobe

Illustrator came in a box and was designed to operate on a single machine.

Increasingly, software is downloadable from the Internet and composed of

interchangeable components that integrate freely with other applications on

the Internet. Individual users and entire companies mix and match these

software components to create their own customized applications and to

share information with others. The resulting software applications are

called mashups. The idea is to take software from different sources and

combine it in order to produce an application that is “greater than” the sum

of its parts. Part of the movement called Web 2.0 Web mashups combine

the capabilities of two or more online applications to create a kind of hybrid

that provides more customer value than the original sources alone. One area

of great innovation is the mashups of mapping and satellite image software

with local content. For instance, Zoocasa is a new real estate search engine

in Canada that is using Google Maps to display real estate listings. The

Zoocasa home page is a simple search box in which the user enters a city or

neighborhood and can define search criteria by price, number of bedrooms,

and number of bathrooms. The Zoocasa search results are then presented on

a Google Map and listed in a sidebar beside the map. One innovative

feature of the map is that if you click on a property marker, the sidebar

automatically scrolls to display the property details. Google, Yahoo!, and

Microsoft now offer tools to allow other applications to pull in information

from their map and satellite images with relatively little programming. You

23

have performed a mashups if you have ever personalized your Facebook

profile or your blog with a capability to display videos or slide shows. The

small pieces of software code that enable users to embed content from one

site into a Web page or another Web site are called widgets.

Widgets are small software programs that can be added to

Web pages or placed on the desktop to provide additional functionality. For

example, the Flixter widget on Facebook profiles transports users to a place

where they can list the films they have seen along with their ratings and

reviews, view their friends’ ratings and reviews, and what is playing in

theatres. Web widgets run inside a Web page or blog. Desktop widgets

integrate content from an external source into the user’s desktop to provide

services such as a calculator, dictionary, and Web services to provide a

standard intermediate layer of software to “talk” to other companies’

information systems. Mashups Widgets 158 Part II Information Technology

Infrastructure or display of current weather conditions. The Apple

Dashboard, Microsoft Windows Vista Sidebar, and Google Desktop

Gadgets are examples of desktop widgets. Widgets also provide storefront

windows for advertising and selling products and services. Random House

Inc. has a widget that enables visitors to its Web site to click through to

purchase new book releases from its online store. Amazon.com and Wal-

Mart have toolbar widgets that enable surfers to search their Web stores

while staying on their social network or another personal page. Widgets

have become so powerful and useful that Facebook and Google launched

programs to attract developers of widgets for their Web sites.

24

RecommendationMost of the firm’s believe in outsourcing for IT services now

a days the reason behind this the operating cost, equipment cost,

depreciation on equipment, lack of in house experience, out casting of their

technology as well as the Staff training. Organizations may divert their

attention from their core businesses.

However those firms who are particularly providing services

they have talented IT professionals, state of the art infrastructure, latest

technology with high level of services as well as the focused strategy. These

people are focused in it better to say their core business is to provide finest

solution and services to their client. In my recommendation on software

platform Outsourcing is one of the fine solutions of software requirement

which can meet according to business requirement and their core business

don’t get any type of disturbance.

In order to achieve their goals and objects the Outsourcing

Parties (A & B) the service provider and an outsourcer having a contract

between them is called Service Level Agreement (SLA).

25

Service-Level AgreementThe SLA is a formal contract between customers and their

service providers

that defines the

specific

responsibilities of

the service

provider and the

level of service

expected by the

customer. SLAs

typically specify

the nature and level

of services

provided, criteria for performance measurement, support options,

provisions for security and disaster recovery, hardware and software

ownership and upgrades, customer support, billing, and conditions for

terminating the agreement.

Many companies nowadays cannot afford to have an onboard

IT support team or they are too large to handle all the IT operations or

simply realized that the IT is distracting their attention from the core

business and they cannot tolerate any down. There are many companies

providing IT services to make their services as SLA.

Another example of SLA like a company establishing a new

business or upgrading and they wanted redesign the IT infrastructure and its

security essential, they signed a contract with an IT solution provider that

they help to redesign the structure as well as we will provide a service for 2

26

years which may include the device up-gradation, security measurements as

well as the training of the staff that contract between the customer and

service provider is called “SLA”. During the period of 2 years the service

provider is bond to provide solution of those problems occurs regardless of

its level of complexity and companies are confident that help is available on

a phone call away and team will be here in any minute.

27

1.4 Management IssueCreating and managing an IT Infrastructure raises multiple

challenges, dealing with platform and technology changes, management

and governance and making wise infrastructure investments.

Dealing with platform and Infrastructure changeAs an organization grows, they need to reform their

infrastructure and when it changes there must be a need of IT infrastructure.

On the other hand technology changes rapidly some time company does not

require changes in IT but the technology requirement pursued to change in

infrastructure.

Today’s challenge in IT infrastructure is the licensing and

compatibility of hardware, new inventions are made every day and these

inventions are mostly not compatible with previous Technology.

Management and Governance

A long-standing issue among information system managers

and CEOs has been the question of who will control and manage the firm’s

IT infrastructure. Other important questions about IT governance include:

Should departments and divisions have the responsibility of making their

own information technology decisions, or should IT infrastructure be

centrally controlled and managed? What is the relationship between central

information systems management and business unit information systems

management? How will infrastructure costs be allocated among business

units? Each organization will need to arrive at answers based on its own

needs.

Making wise Infrastructure investments

28

IT infrastructure is a major investment for the firm. If too

much is spent on infrastructure, it lies idle and constitutes a drag on firm

financial performance. If too little is spent, important business services

cannot be delivered, and the firm’s competitors (who spent just the right

amount) will outperform the under investing firm. How much should the

firm spend on infrastructure? This question is not easy to answer.

A related question is whether a firm should purchase its own

IT infrastructure components or rent them from external suppliers. As we

discussed earlier, a major trend in computing platforms—both hardware

and software—is to outsource to external providers. The decision either to

purchase your own IT assets or rent them from external providers is

typically called the rent versus buy decision.

29

S.W.O.T AnalysisIt is a business technique which is used to understand an

organization’s Strengths and Weaknesses, and for identifying of both

Opportunities and threats. The strength and weakness are the Internal and

comes from internal resources which you can resolve internally, however

Opportunities and threats are external resource which comes from outside.

Internal

Helpful Harmful

Strengths are the advantages ofyour organization

Weaknesses areas which tobe improved

External Opportunities factors that maycontribute to an organization and

can build up your strength

Threats are the potentialproblems by external

factors that an organizationmay face

The higher management must take a look on SWOT Analysis

which helps to find out that what we can do and what opportunities which

we should avail after this. Following are the keys elements which are

identified in early SWOT Analysis.

30

Strengths Intelligent people Established processes Problem solving Capability in delivering business

value

Weaknesses Technology obsession Vulnerability Lack of understanding of business Inability to communicate in business

speak

Opportunities Integrate with the business Innovation Quantifying value to the business

(analytics) Process improvement

Threats Change Accountability Viruses or Hacking Reduced budget Cloud/ outsourcing Rogue IT

31

Risk ManagementRisk is defined as the likelihood of financial loss. Risk is a

business concepts not a technological one. However the management is the

administrative functions of a business whether it is a profitable or

government organization defines the department function to perform job

effectively and efficiently. Risk management is identification, assessment

and prioritization of risk followed by coordinated and economical

application of resources to minimize, monitor and control the probability or

impact of unfortunate events or to maximize the realization of

opportunities. Risk management’s objective is to assure uncertainty does

not deflect the endeavor from the business goal.

The concept of Risk is very balance the more threat you got

your Risk is high. For example a hacker (Threats) attacks on system which

has no security backups (No Antivirus and disable Firewall configuration)

then Risk is High below picture explain this concept.

Some common threat-sources include:

• Natural Threats—floods, earthquakes, hurricanes • Human Threats—threats caused by human beings, including both

unintentional (inadvertent data entry) and deliberate actions (network based attacks, virus infection, unauthorized access)

• Environmental Threats—power failure, pollution, chemicals, waterdamage

32

Vulnerabilities can be identified by numerous means.

Different risk management schemes offer different methodologies for

identifying vulnerabilities. In general, start with commonly available

vulnerability lists or control areas. Then, working with the system owners

or other individuals with knowledge of the system or organization, start to

identify the vulnerabilities that apply to the system.

The following tools and techniques are typically used to

evaluate the effectiveness of controls; they can also be used to identify

vulnerabilities:

Vulnerability Scanners – Software that can examine an operating

system, network application or code for known flaws by comparing

the system (or system responses to known stimuli) to a database of

flaw signatures.

Penetration Testing – An attempt by human security analysts to

exercise threats against the system. This includes operational

vulnerabilities, such as social engineering

Audit of Operational and Management Controls – A thorough

review of operational and management controls by comparing the

current documentation to best practices (such as ISO 17799) and by

comparing actual practices against current documented processes.

33

LikelihoodDetermining likelihood is fairly straightforward. It is the

probability that a threat caused by a threat-source will occur against

vulnerability. In order to ensure that risk assessments are consistent, it is an

excellent idea to utilize a standard definition of likelihood on all risk

assessments. Below table show the sample of likelihood.

Definition

Low 0-25% chance of successful exercise of threat during aone-year period

Moderate 26-75% chance of successful exercise of threat during a one-year period

High 76-100% chance of successful exercise of threat during aone-year period

34

1.5 Competitive Forces Model for IT

Infrastructure Investment

Competitive forces model you can use to address the question

of how much your company should spend on IT Infrastructure? This model

is designed consist of 6 components compared to Porter’s 5 original

competitive forces. The following section describes these six forces or

factors and their impact on the firm’s IT services and infrastructure.

Market Demand for Your Firm’s Services

Your Firm’s Business Strategy

Your Firm’s Information Technology (IT) Strategy, Infrastructure,and Cost

Information Technology Assessment

Competitor Firms’ IT Services

Competitor Firm IT Infrastructure Investments

Total Cost of Ownership of

Technology Assets

Your firm’s expenditures on IT infrastructure with that of

your competitors, you will need to consider a wide range of costs. The

actual cost of owning technology resources includes the original cost of

acquiring and installing hardware and software, as well as ongoing

administration costs for hardware and software upgrades, maintenance,

technical support, training, and even utility and real estate costs for running

and housing the technology. The total cost of ownership (TCO) model can

35

be used to analyze these direct and indirect costs to help firms determine

the actual cost of specific technology implementations. Table below

describes the most important TCO components to consider in a TCO

analysis.

When all these cost components are considered, the TCO for

a PC might run up to three times the original purchase price of the

equipment. Hidden costs for support staff, downtime, and additional

network management can make distributed client/ server architectures—

especially those incorporating mobile wireless devices—more expensive

than centralized mainframe architectures. Hardware and software

acquisition costs account for only about 20 to 40 percent of TCO, so

managers must pay close attention to administration costs to understand the

full cost of the firm’s hardware and software. It is possible to reduce some

of these administration costs through better management. Many large firms

are saddled with redundant, incompatible hardware and software because

their departments and divisions have been allowed to make their own

technology purchases.

These firms could reduce their TCO through greater

centralization and standardization of their hardware and software resources,

Companies could reduce the size of the information systems staff required

to support their infrastructure if the firm minimizes the number of different

computer models and pieces of software that employees are allowed to use.

In a centralized infrastructure, systems can be administered from a central

location and troubleshooting can be performed from that location. Below

illustrates the concept of TCO.

Total Cost of Ownership

Iceberg Model

36

(There’s always more that lies under the surface)

37

2.1 IT Security EssentialsThe protection afforded to an automated information system

in order to attain the applicable objectives of preserving the integrity,

availability and confidentiality of information system resources (includes

hardware, software, firmware, information/data, and telecommunications).

Protecting information and information Systems from

unauthorized access, use, disclosure, disruption, modification, or

destruction. Information security is concerned with the confidentiality,

integrity and availability of data regardless of the form the data may take:

electronic, print, or other forms. The Security Requirements of an

organization consist of following three elements which we called the

security essentials of IT.

Confidentiality

Preserving authorized restrictions on information access and

disclosure, including means for protecting personal privacy and proprietary

information. Confidentiality is necessary, but not sufficient to maintain

privacy, it is a process to keep data secret from unauthorized user or

systems are not able to reach or access.

Integrity

Integrity means that data cannot be modified without

Authorization Examples: Manual deletion or alteration of important data

files, Virus infection, Employee altering their own salary, website

vandalism, polling fraud In Information Security, the term “data integrity”

should not be confused with Database referential integrity. Guarding

against information modifications or destruction, including ensuring

information non-repudiation and authenticity.

38

Availability

Ensuring timely and reliable access to and use of information

but availability does not mean that anyone, anytime can access and copy

data, there should be a security to reach on information.

Authenticity In computing, e-Business and information security it is

necessary to ensure that the data, transactions, communications ordocuments (electronic or physical) are genuine (i.e. they have not beenforged or fabricated.)

In Information Technology security is one of the essentialelements to protect and secure data, for this purpose network administratormay use different level of security following are the names and in theupcoming topic we will discuss in detail.

1. Computer security/ Information Technology Security

2. Internet Security

3. Cyber warfare

4. Information security

5. Mobile security

6. Network Security

2.2 Information Technology Security

Information technology security is information security

applied to technology (most often some form of computer system). It is

worthwhile to note that a computer does not necessarily mean a home

desktop. A computer is any device with a processor and some memory.

Such devices can range from non-networked standalone devices as simple

as calculators, to networked mobile computing devices such as smartphones

39

and tablet computers. IT security specialists are almost always found in any

major enterprise due to the nature and value of the data within larger

businesses. They are responsible for keeping all of the technology within

the company secure from malicious cyber attacks that often attempt to

breach into critical private information or gain control of the internal

systems.

In the introduction of this project we already discuss what

actually Computer security is and why it is so much important for an

enterprise it is also known as cyber-security or IT security, is the protection

of information systems from theft or damage to the hardware, the software,

and to the information on them, as well as

from disruption or misdirection of the services they provide which may

includes controlling physical access to the hardware, as well as protecting

against harm that may come via network access, data and code injection

and due to malpractice by operators, whether intentional, accidental, or due

to them being tricked into deviating from secure procedures. The field is of

growing importance due to the increasing reliance on computer systems and

the Internet in most societies, wireless networks such as Bluetooth and Wi-

Fi and the growth of smart devices including mobile phones television and

Personal Digital Assistance PDA/ tiny devices as part of the Internet of

Things. The information Technology is performed for protection of data

which rotate on Confidentiality, availability and integrity which we already

discussed earlier.

Vulnerability Computing Computer security or Information Technology Security can be

attacked by different ways so we need to secure our system and protect

them by using different technology (hardware & software) which may

40

helpful to secure our data. It is a weakness which allows an attacker to

reduce system assurance. It intersects in three elements: a system

susceptibility or flaw, attacker access to the flaw and attacker capability to

exploit the flaw.

Vulnerability doesn’t mean that it should be attack or attack

by outside, it is more that if a system or computing devices become

humidity, dust and unprotected it also come in the umbrella of vulnerability.

Vulnerabilities are classified according to the asset class they are related to.

41

***Hardware*** ***Software***

Susceptibility to humidity

Susceptibility to dust

Susceptibility to soiling

Susceptibility to unprotected storage.

Insufficient testing

Lack of audit trail

***Network*** ***Organizational***

Unprotected communication lines

Insecure network architecture.

Lack of regular audits

Lack of continuity plans

Lack of security

***Personnel*** ***Physical site***

Inadequate recruiting process

Inadequate security awareness

Area subject to flood

Unreliable power source

Following are the categories of threat which may harmful for Computersystem.

Denial of services attack

Backdoors

Direct access attacks

Eavesdropping

Spoofing

Tampering

Privilege escalation

Phishing

Click jacking

Social Engineering

42

RecommendationComputer security manager or network manager should not

only follow the recommended security controls on Information systems but

also consider following measures. These measurements may include

tactical and strategic mitigations and are intended to enhance existing

security programs.

Deploy a Host Intrusion Detection System (HIDS) to help block and

identify common attacks.

Use an application proxy in front of web servers to filter out

malicious requests.

Ensure that the "allow URL_fopen" is disabled on the web server to

help limit PHP vulnerabilities from remote file inclusion attacks.

Limit the use of dynamic SQL code by using prepared statements,

queries with parameters, or stored procedures whenever possible.

Information on SQL injections

Disable active scripting support in email attachments unless required

to perform daily duties.

Consider adding the following measures to your password and

account protection plan.

Use a two factor authentication method for accessing

privileged root level accounts.

Use minimum password length of 15 characters for

administrator accounts.

Require the use of alphanumeric passwords and symbols.

Enable password history limits to prevent the reuse of

previous passwords.

Prevent the use of personal information as password such as

phone numbers and dates of birth.

43

Deploy NTLMv2 as the minimum authentication method and

disable the use of LAN Managed passwords.

Use minimum password length of 8 characters for standard

users.

Disable local machine credential caching if not required

through the use of Group Policy Object (GPO).

Deploy a secure password storage policy that provides

password encryption.

If an administrator account is compromised, change the password

immediately to prevent continued exploitation. Changes to

administrator account passwords should only be made from systems

that are verified to be clean and free from malware.

Implement guidance and policy to restrict the use of personal

equipment for processing or accessing official data or systems (e.g.,

working from home or using a personal device while at the office).

Develop policies to carefully limit the use of all removable media

devices, except where there is a documented valid business case for

its use. These business cases should be approved by the organization

with guidelines for their use.

Implement guidance and policies to limit the use of social

networking services at work, such as personal email, instant

messaging, Facebook, Twitter, etc., except where there is a valid

approved business case for its use.

Implement recurrent training to educate users about the dangers

involved in opening unsolicited emails and clicking on links or

attachments from unknown sources.

Require users to complete the agency's "acceptable use policy"

training course (to include social engineering sites and non-work

related uses) on a recurring basis.

44

Ensure that all systems have up-to-date patches from reliable

sources. Remember to scan or hash validate for viruses or

modifications as part of the update process.

45

2.3 Internet Security

Internet security is a branch of Information Technology

security which specifically related to the Internet often involved in web

browsing, on a general level it may applies to operating system or

application. Usually it has threat which attack from outside of the network

there are some physical and intangible protection we should make on

Internet security. The purpose is to establish rule on Internet security to

make secure Internet access and avoid risk on email and sharing

information. There are different methods of securing data including

encryption and from the ground up engineering. Following are the names of

threats and remedies which can be attack on a network.

Threats

Malicious Software

Computer viruses

Trojan Horse

Spyware and Worms

Phishing

Application Vulnerabilities

Remedies

Network Layer Security

46

In a network layer or TCP/IP protocols may secured with

cryptographic methods. These protocols include Secure Socket Layer/

Transport Layer Security for web traffic, pretty Good Privacy PGP, for

email and IPsec for the network layer security.

Internet Protocol Security (Ipsec)

It is designed to secure TCP/IP communications which works

on authenticating and encrypting each IP packets of any communication

session. It can be used for protecting of the flow of data between pair of

hosts, between a pair of security gateway and a host. It was developed by a

group of Columbia University funded by Clinton Administration for the

exchanging of messages which make it more secure and encrypted trusted

information system.

DARPA is one of the research and development authority

which comes in Ministry of Defense, USA they designed an IP

Encapsulating Security Protocol (ESP) which was specifically work for US

Navy to transmit secret messages so that no one can eavesdrop. All these

are methods of IPSec.

Security Token

It is a system which is generated for some of the websites

which offers customers the ability to use a six digit code which randomly

changes every 30-60 seconds. These numbers are mathematical

computational figures which manipulate numbers based on current time

built into the device.

Electronic mail (Email) security

47

Email is fastest way of delivering messages; it is used by

corporate, individual users. Securing of these emails is essential part of

security or protection for this purpose we make different protocols to safe

them and these protocols are called Mail user agent, mail transfer agent.

Pretty Good Privacy

It is used to provide confidentiality by encrypting messages to

be transmitted or data files to be stored in an encryption algorithm such as

TRIPLE DES or CAST-128. Email messages can be protected by using

cryptography in various ways such as.

Singing an email messages to ensure its integrity and confirm the

identity of its reader.

Encryption the body of an email message to ensure its

confidentiality.

Encrypting the communications between mail servers to protect the

confidentiality of both message body and message header.

Message Authentication CodeIt is a method which is used to create a secret key to encrypt

messages.

48

RecommendationsInternet security works on inbound and outbound and an

administrator must consider internet security as an essential. A Internet may

secure by Hardware products like firewalls and some software products like

Antivirus. We recommend internet security on following bases.

Encrypt your data Implement DLP and auditing Use digital certificates to sign all of your sites Implement a removable media policy Secure websites against MITM and malware infections Use a spam filter on email servers Use a comprehensive endpoint security solution Network-based security hardware and software Maintain security patches Educate your users

Internet security productsFirewalls

A computer Firewall controls the access between networks. Itgenerally works on gateways and filters of packets. It acts as a intermediateserver between SMTP and HTTP connections.

Types of FirewallPacket Filter is a 1st generation which helps to filter packets

while it is going outbound or coming inbound the main purpose is to filteron every packet and monitor users thoroughly.

Application Level firewall is another type of firewall which works on OSI model to serve internet access and make a secure network.

49

Next Generation FirewallIt combines a traditional firewall with other network devices

to filter functionalities like application firewall using deep packet

inspection or intrusion prevention system. In this firewall a hardware- or

software-based network security system that is able to detect and block

sophisticated attacks by enforcing security policies at the application level,

as well as at the port and protocol level.

Application visibility, application control and

threat prevention is handled by three unique

identification technologies, App-ID, User-ID,

and Content-ID, to allow organizations to deploy

Palo Alto Networks’ next-generation firewalls and

enable the secure use of new applications while

50

managing the inherent risks. These fine-grained

policy management and enforcement capabilities

are delivered at low latency, multi-gigabit

performance with the company’s innovative Single

Pass Parallel Processing (SP3) Architecture.

Browser choiceSelecting a web browser is one of a part of internet policy because

third party browsers are less secure in an internet email in a corporate

environment.

Antivirus

By keeping your computer clean of hostile viruses and malware, you

can reduce the risk of important personal information sent to the wrong

hands. Use Antivirus software or if you have already try update your

antivirus files frequently.

Password managers

A password manager is a software application that helps a user store

and organizes passwords. Password managers usually store passwords

encrypted, requiring the user to create a master password; a single, ideally

very strong password which grants the user access to their entire password

database.

Security suites

Security suites were first offered for sale in 2003 (McAfee) and

contain a suite of firewalls, anti-virus, anti-spyware and more. They may

now offer theft protection, portable storage device safety check, private

Internet browsing, cloud anti-spam, a file shredder or make security-related

decisions (answering popup windows) and several were free of charge as of

at least 2012.

51

52

2.4 Network SecurityNetwork security is consisting of policies and practices

adopted to monitor authorized and unauthorized user so that no one can

modify, misuse and computer networks. It involves the authorization of

access of data which is controlled by network administrator. For making

network secure and smoothly the administrator should assign a user name

with password or any other authentication if required, use original Software

and protect hardware from any misuse like no one can plug in Flash drives

in their USB ports, no user has any administrator rights.

Network security may establish according to the management

policy with different kinds of situations. A home or small office required

different security scenario however an Enterprise may required different

security scenario. In the upcoming topic we will discuss types of attacks,

types of attack we will categorized into two main categories which are

Active and Passive attacks.

Active AttacksThere are many types of active attacks in Network security

few of them we discussed in Computer Security following are the names of

these attacks.

DNS spoofing Man in the middle ARP Poisoning VLAN hopping Smurf Attack Buffer/ Heap overflow Format string attack SQL Injection Cyber Attack

Passive Attack

53

These Passive attacks are not commonly found now a days

but still they are threats to network and an administrator should aware of

these we called these attacks Wiretapping, Port scanner and Idle Scan.

54

RecommendationsAs you can see, depending on your environment and the location of

hosts, a complex set of rules can be required on your firewall. Don't let the

complexity prevent you from properly configuring the firewall, however. A little

work initially can mean a better, more secure monitoring solution. The following

sections discuss issues regarding firewall protection for MARS and network-based

IPSs and IDSs. The suggestions given are a good place to begin, but they by no

means work in every network. For example, the TCP and UDP ports described in

the preceding sections are only defaults. You can configure most of these services,

which are common in many networks, to use other ports. Check Point firewalls,

for example, are commonly configured to use different ports than the defaults of

TCP ports 18184, 18190, and 18210.

55

Ingress Firewall Rules

To simplify the work involved, you should define some

network object groups on your firewall. If you're not familiar with this

term, think of object groups as variables that you can use while configuring

the firewall to make life easier. Rather than referring to a large list of IP

addresses or

TCP/UDP ports, you

can simply refer to a

name instead. The

following examples

use an object group

called CORP_NET,

which consists of all

IP addresses used on

your organization's

network. Ingress

traffic refers to

traffic that is inbound to a firewall (toward CS-MARS) from a less trusted

network. Figure shows both ingress traffic and egress traffic, or traffic that

leaves CS-MARS to go toward the less trusted network.

The following ingress rules are a good starting point for most

companies:

1. Step 1 Permit syslog and SNMP trap traffic (UDP 162 and 514) from

security operations (SecOps).

2. Step 2 Permit NetFlow traffic (UDP 2049) from SecOps.

56

3. Step 3 Permit HTTPS (TCP 443) from SecOps if a large number of

people will be accessing the web console of MARS to run ad hoc

reports. Otherwise, permit HTTPS to a restricted range of addresses.

4. Step 4 Permit SSH (TCP 22) to a very restricted set of addresses. If

the security management network has its own VPN gateway, which

might be a function of the firewall, you might want to require

administrators to establish a VPN connection before permitting SSH.

5. Step 5 Permit HTTP (TCP 80) from any monitored web servers

running iPlanet or Apache. If you're using NetCache appliances,

permit HTTP from it as well.

6. Step 6 If your MARS deployment consists of multiple MARS LCs

that communicate to a centralized MARS GC, permit required

management traffic between those systems (TCP 443 and 8444).

7. Step 7 Deny all other traffic.

Egress Firewall Rules

Egress firewall rules refer to filters that restrict traffic from

the protected network to less trusted networks. Ideal security would restrict

outbound traffic to only those ports that are necessary for proper

functioning of the MARS appliance. However, in real life, this might be

unmanageable. You need to determine the proper balance between security

and manageability.

For example, a strict default egress policy might make sense

for your company's public-facing web server. Hopefully, connectivity from

the Internet to your web server (ingress rule) is permitted only on either

TCP 80 or 443, depending on whether your web server uses encrypted

HTTP. The egress policy should deny all traffic that originates from the

web server to hosts on the Internet. In other words, someone should never

57

be allowed to browse the Internet from your web server, to download files

from the web server, or to have other communications from the web server

to the Internet. By applying a proper egress rule on the firewall that denies

it, an attacker is also denied that same communications path. In most

instances where a web server, or any other server, is compromised by a

hacker, the hacker's next steps include copying files to the web server. This

is either to deface websites, install root kits, or retrieve the software needed

to further hack into the network. Strict egress filters raise the difficulty

level, often to a level that exceeds the capabilities of the hacker.

Depending on your environment and which MARS features

you're using, strict egress filters might be unmanageable. However, you

should evaluate them to see whether they are workable in your

environment.

The following list of egress filters serves as a good starter set

for most networks:

1. Step 1 Permit traffic required for name resolution to CORP_NET—

for example, Domain Name System (DNS) and Server Message

Block (SMB) for Windows hosts (TCP and UDP 53, TCP 137 and

445) to CORP_NET.

2. Step 2 Permit Network Time Protocol (NTP) to specified NTP

servers, either on your network or internetwork.

3. Step 3 Permit device discovery traffic on CORP_NET for routers

and switches—for example, Telnet (TCP 23), SSH (TCP 22), and

SNMP (UDP 161).

4. Step 4 Permit HTTPS to CORP_NET to allow MARS to discover

Cisco IDS/IPS sensors as well as to allow event retrieval from Cisco

IDSs/IPSs and Cisco routers running IOS IPS, and to allow

58

communications between MARS LCs and GCs. If possible, restrict

this range to a subset of CORP_NET.

5. Step 5 Permit FTP (TCP 21) to a centralized FTP server that contains

configuration files of routers and switches, if you want to take

advantage of this feature.

6. Step 6 Permit Simple Mail Transfer Protocol (SMTP) (TCP 25) to

allow MARS to e-mail reports and alerts to your SMTP gateway.

7. Step 7 Permit NFS (UDP 2049) if your MARS archive server resides

on a different network (not recommended).

8. Step 8 Permit TCP 8444 to allow communications between MARS

LCs and GCs, if they reside in different locations.

9. Step 9 Deny all other traffic.

If you want to take advantage of the MARS internal

vulnerability assessment capabilities, the preceding list of rules will not

work. Instead, use the following egress filter list.

1. Step 1 Permit all TCP and UDP traffic sourced from CS-MARS or a

third-party vulnerability scanner.

2. Step 2 Permit NTP traffic to defined NTP servers, if they do not exist

locally on SecOps.

3. Step 3 Deny all other traffic.

In day-to-day use of MARS, when you choose to get more

information about a specific host, the internal vulnerability assessment

feature of MARS initiates a port scan of the host. You cannot accurately

define an egress rule list that permits the vulnerability assessment to take

place while also restricting outbound ports. If you already use a supported

third-party vulnerability assessment tool, such as QualysGuard, you do not

59

need to use the internal tool. Otherwise, using the tool can greatly improve

the accuracy of information presented to you by MARS.

Network-Based IDS and IPS Issues

A network-based IPS offers an additional level of protection

to complement that provided by a state-full inspection firewall. An IPS is

closely related to an IDS. At first glance, the most obvious difference

between the two is how they are deployed.

An IDS examines copies of network traffic, looking for

malicious

traffic

patterns. It

then

identifies

them and can

sometimes be

configured to

take an

automated

response

action, such

as resetting TCP connections or configuring another network device to

block traffic from an attacker.

NOTE

It is important to remember that an IDS detects malicious

traffic after it has already happened. Although automated response actions

can take place, it is usually too late to stop the attack.

60

IDS is typically deployed beside a traffic flow. It receives

copies of network traffic from the network switches, hubs, taps, or routers.

Because it does not sit in the flow of traffic, it does not break anything that

MARS requires. It often issues a large number of alerts based on traffic

generated from MARS, especially if you're using the internal vulnerability

assessment feature. You need to tune your IDS so that it does not alert on

the vulnerability scans that originate from MARS. You might want to adjust

the IDS tuning so that scans from MARS to your CORP_NET are ignored,

but scans directed to the Internet trigger an alert. It is generally considered a

bad practice to automatically scan hosts outside your own network; the

practice might even be illegal. Make sure that MARS is not configured to

scan anything that is not on your own network. Your firewall egress rules

should not allow this either. However, in the case of a miss configuration,

your IDS can alert the appropriate personnel so that the configuration errors

can be corrected.

An IPS sits in the path of network traffic, usually as a

transparent device (like a bridge), and watches for many of the same

behaviors as an IDS. A major difference between the two, though, is the

capability of the IPS to act instantly when malicious traffic is seen.

61

NOTE

In addition to the automated actions an IDS can take, an IPS

can also prevent the malicious traffic from passing through it. Because

traffic must pass through an IPS, the IPS can prevent MARS from

functioning properly if it is miss configured. Take time to closely watch

alerts generated by your IPS and tune it appropriately. Like the IDS, you

should tune the IPS to allow vulnerability scanning to occur from MARS to

CORP_NET, while preventing it from scanning the Internet.

Some of the newest types of IPSs, such as the Cisco IPS, have

a feature called traffic normalization. This feature, in particular, causes the

MARS vulnerability assessment to fail. Traffic normalization enables

several functions, including the following:

Prevents illegal combinations of TCP flags from passing, or removes

the illegal flags

Prevents fragmented traffic from passing, or rebuilds it so that it is

not fragmented

Changes all packets in a traffic flow to have the same time to live

(TTL)

62

This is just a small sampling of what a traffic normalize does.

In general, you can think of it as an engine that takes traffic that does not

conform to standards, and either prevents the traffic from passing through

the IPS or makes it conform to standards first. By itself, traffic

normalization breaks a large amount of attacks and reconnaissance

activities. It also stops vulnerability assessment tools from being able to

accurately determine information such as the operating system that a target

host is running.

NOTE

Cisco IPS 5.x and 6.x software, by default, does not generate

alerts on most traffic normalization signatures. To properly tune the

software, you need to enable alerts on that family of signatures.

If you're protecting your security management network with

an IPS that supports traffic normalization, you need to tune it to either

ignore the scans from MARS and Qualys (or other vulnerability scanners)

or disable the traffic normalization capabilities.

63

2.5 Mobile SecurityIn early stage of computer security, Mobile security is not

much important in fact there was no mobile security. As technology has

rapidly changes and transforming into mobile devices it is required and

much more required then any computer security requirement because

mobile devices are independent devices and every user in this world has got

at least one of it.

Mobile computing is the commonly used terminology for

portable computer, Smartphone, tablets, PDAs and Pablets. These devices

are multipurpose and it always connected with a network. Mostly common

users don’t understand their security they know only how to protect their

personal data or files in it. Following are the different threats and attacks.

ThreatsVarious types of threat found in mobile computing devices.

These threats can disrupt the operation of the Smartphone, and transmit or

modify user data. For these reasons, the applications deployed there must

guarantee privacy and integrity of the information they handle. In addition,

since some apps could themselves be malware, their functionality and

activities should be limited (for example, restricting the apps from

accessing location information via GPS, blocking access to the user's

address book, preventing the transmission of data on the network,

sending SMS messages that are billed to the user, etc.). These threats have

three primary targets, Data, Identity and Availability.

Attacks based on SMS and MMS

Some mobile phone models have problems in managing

binary SMS messages. It is possible, by sending an ill-formed block, to

cause the phone to restart, leading to denial of service attacks. If a user with

a Siemens S55 received a text message containing a Chinese character, it

would lead to a denial of service. Another potential attack could begin with

64

a phone that sends an MMS to other phones, with an attachment. This

attachment is infected with a virus. Upon receipt of the MMS, the user can

choose to open the attachment. If it is opened, the phone is infected, and the

virus sends an MMS with an infected attachment to all the contacts in the

address book. There is a real-world example of this attack.

Attacks based on communication Network

The attacker may break the encryption of algorithm on a

GSM network due to these the service providers must test their devices

that circuit or packets which are moving some source to destination are

safely moving or no one is spying on it. Another type of attack in

communication is WIFI in which attackers try to hack the long in

information of a router and alter the information which helps them to

manipulate the user without noticing them. The third type is Bluetooth in

which unregistered devices send files with viruses and then spread into

device Operating system to make it down.

65

2.6 Cyber warfareCyber warfare is defined as “Actions taken against any other

nation in cyber world” like hacking their government websites, downing

their servers and manipulate information system/ altering their national data

bases.

As we already discuss the attacks and threats in earlier topics

e.g., denial of services, viruses, eavesdropping, malware and Trojan horses

cyber warfare has also got same threat5s and attacks but in cyber war the

purpose is not only to get the information it is more than that. Many

countries it is consider as war against a nation or a country.

The internet security company “McAfee” stated that in their

annual report that approximately 120 countries in this world have

developing ways to use the internet as a weapon and target financial

markets and other nation’s data base or government computer systems/

utilities.

ChinaDiplomatic cables highlight US concerns that China is using

access to Microsoft source code and 'harvesting the talents of its private

sector' to boost its offensive and defensive capabilities.

Germany

In 2013, Germany revealed the existence of their 60-person

Computer Network Operation unit. The German intelligence agency, BND,

announced it was seeking to hire 130 "hackers" for a new "cyber defense

station" unit. In March 2013, BND president Gerhard Schindler announced

that his agency had observed up to five attacks a day on government

authorities, thought mainly to originate in China. He confirmed the

attackers had so far only accessed data and expressed concern that the

stolen information could be used as the basis of future sabotage attacks

66

against arms manufacturers, telecommunications companies and

government and military agencies.

Pakistan

In recent days some tension between Pakistan and

India created and both nations line up against each other on border. A group

of hackers from India try to hack some of the Pakistani Government

websites in which they succeed for their aggression of war. Therefore, a

group of hacker from Pakistan hacked the radio frequency of Indian

Aviation that if any of the planes want to land inside Indian Air zone they

must listen first the National songs of Pakistan including “Dil Dil

Pakistan”.

67

2.7 Physical security & RecommendationsEvery general computer networking class teaches the OSI

networking models, and we all learn that everything begins at the bottom,

with the physical level. Likewise, when it comes to IT security, physical

security is the foundation for our overall strategy. But some organizations,

distracted by the more sophisticated features of software-based security

products, may overlook the importance of ensuring that the network and its

components have been protected at the physical level. We'll take a look at

10 of the most essential security measures you should implement now, if

you haven't already done so.

1. Lock up the server room

Even before you lock down the servers, in fact, before you

even turn them on for the first time, you should ensure that there are good

locks on the server room door. Of course, the best lock in the world does no

good if it isn't used, so you also need policies requiring that those doors be

locked any time the room is unoccupied, and the policies should set out

who has the key or key code to get in. The server room is the heart of your

physical network, and someone with physical access to the servers,

switches, routers, cables and other devices in that room can do enormous

damage.

2. Set up surveillance

Locking the door to the server room is a good first step, but

someone could break in, or someone who has authorized access could

misuse that authority. You need a way to know who goes in and out and

when. A log book for signing in and out is the most elemental way to

68

accomplish this, but it has a lot of drawbacks. A person with malicious

intent is likely to just bypass it.

A better solution than the log book is an authentication

system incorporated into the locking devices, so that a smart card, token, or

biometric scan is required to unlock the doors, and a record is made of the

identity of each person who enters.

A video surveillance camera, placed in a location that makes

it difficult to tamper with or disable (or even to find) but gives a good view

of persons entering and leaving should supplement the log book or

electronic access system. Surveillance cams can monitor continuously, or

they can use motion detection technology to record only when someone is

moving about. They can even be set up to send e-mail or cell phone

notification if motion is detected when it shouldn't be (such as after hours).

3. Make sure the most vulnerable devices are in that locked

room

Remember, it's not just the servers you have to worry about. A

hacker can plug a laptop into a hub and use sniffer software to capture data

traveling across the network. Make sure that as many of your network

devices as possible are in that locked room, or if they need to be in a

different area, in a locked closet elsewhere in the building.

4. Use rack mount servers

Rack mount servers not only take up less server room real

estate; they are also easier to secure. Although smaller and arguably lighter

than (some) tower systems, they can easily be locked into closed racks that,

69

once loaded with several servers, can then be bolted to the floor, making the

entire package almost impossible to move, much less to steal.

5. Don't forget the workstations

Hackers can use any unsecured computer that's connected to

the network to access or delete information that's important to your

business. Workstations at unoccupied desks or in empty offices (such as

those used by employees who are on vacation or have left the company and

not yet been replaced) or at locations easily accessible to outsiders, such as

the front receptionist's desk, are particularly vulnerable.

Disconnect and/or remove computers that aren't being used

and/or lock the doors of empty offices, including those that are temporarily

empty while an employee is at lunch or out sick. Equip computers that must

remain in open areas, sometimes out of view of employees, with smart card

or biometric readers so that it's more difficult for unauthorized persons to

log on.

6. Keep intruders from opening the case

Both servers and workstations should be protected from

thieves who can open the case and grab the hard drive. It's much easier to

make off with a hard disk in your pocket than to carry a full tower off the

premises. Many computers come with case locks to prevent opening the

case without a key.

You can get locking kits from a variety of sources for very

low cost, such as the one at Innovative Security Products.

70

7. Protect the portables

Laptops and handheld computers pose special physical

security risks. A thief can easily steal the entire computer, including any

data stored on its disk as well as network logon passwords that may be

saved. If employees use laptops at their desks, they should take them with

them when they leave or secure them to a permanent fixture with a cable

lock, such as the one at PC Guardian.

Handhelds can be locked in a drawer or safe or just slipped

into a pocket and carried on your person when you leave the area. Motion

sensing alarms such as the one at SecurityKit.com are also available to alert

you if your portable is moved.

For portables that contain sensitive information, full disk

encryption, biometric readers, and software that "phones home" if the

stolen laptop connects to the Internet can supplement physical precautions.

8. Pack up the backups

Backing up important data is an essential element in disaster

recovery, but don't forget that the information on those backup tapes, disks,

or discs can be stolen and used by someone outside the company. Many IT

administrators keep the backups next to the server in the server room. They

should be locked in a drawer or safe at the very least. Ideally, a set of

backups should be kept off site, and you must take care to ensure that they

are secured in that offsite location.

Don't overlook the fact that some workers may back up their

work on floppy disks, USB keys, or external hard disks. If this practice is

71

allowed or encouraged, be sure to have policies requiring that the backups

be locked up at all times.

9. Disable the drives

If you don't want employees copying company information to

removable media, you can disable or remove floppy drives, USB ports, and

other means of connecting external drives. Simply disconnecting the cables

may not deter technically savvy workers. Some organizations go so far as to

fill ports with glue or other substances to permanently prevent their use,

although there are software mechanisms that disallow it. Disk locks, such as

the one at SecurityKit.com, can be inserted into floppy drives on those

computers that still have them to lock out other diskettes.

10. Protect your printers

You might not think about printers posing a security risk, but

many of today's printers store document contents in their own on-board

memories. If a hacker steals the printer and accesses that memory, he or she

may be able to make copies of recently printed documents. Printers like

servers and workstations that store important information, should be located

in secure locations and bolted down so nobody can walk off with them.

Also think about the physical security of documents that

workers print out, especially extra copies or copies that don't print perfectly

and may be just abandoned at the printer or thrown intact into the trash can

where they can be retrieved. It's best to implement a policy of immediately

shredding any unwanted printed documents, even those that don't contain

confidential information. This establishes a habit and frees the end user of

the responsibility for determining whether a document should be shredded.

72

Summary

Remember that network security starts at the physical level.

All the firewalls in the world won't stop an intruder who is able to gain

physical access to your network and computers, so lock up as well as lock

down.

73

2.8 Information Security Policy

The policies regarding Information Technology are depends

on the nature of a business of a firm and what actually they are serving to

their clients or customers. For example the data center implement that

policy which are not implemented by online stores similarly a retail outlet

may implement that policy which never be implemented by others.

Enterprise has adopted an Information Security Policy as a

measure to protect the confidentiality, integrity and availability of an

organizational data as well as any information systems that store, process or

transmit institutional data. It is defined as any data that is owned or licensed

by any organization. Information system is defined as any electronic

system that stores, processes or transmits information.

Policies

Throughout its lifecycle, all Institutional Data shall be

protected in a manner that is considered reasonable and appropriate given

the level of sensitivity, value and criticality that the Institutional Data has to

be defined in an organization policy which is developed by management.

Individuals who are authorized to access company Data shall adhere to the

appropriate Roles and Responsibilities. Following are the primary role in

context of information security.

Data Steward

Data custodian

User

74

Data Steward

Data Steward is a person who is responsible to manage and

fitness of data or data elements which are content and metadata He’s got a

special assignment in an organization that’s processes, policies, guidelines

and responsibilities for administering organizations' entire data in

compliance with policy and/or regulatory obligations. A data steward may

share some responsibilities with a data custodian (which we will discuss

later). Data Steward is responsible of Data Quality, in regard to the

key/critical data elements existing within a specific enterprise operating

structure, of the elements in their respective domains which varies

according to the requirement of organization which may includes

capturing/documenting (Meta) information for their elements. Data

stewards begin the stewarding process with the identification of the

elements which they will steward, with the ultimate result

being standards, controls and data entry.

Data custodian

Data Custodians are responsible for the safe custody,

transport, storage of the data and implementation of business rules. Simply

put, Data Stewards are responsible for what is stored in a data field, while

Data Custodians are responsible for the technical environment and database

structure. Common job titles for data custodians are Database Administrator

(DBA), Data Modeler, and ETL Developer. In a corporate environment

where many computer users are available the data custodian has a lot of

responsibly to perform his job, they must ensure,

Access to the data is authorized and controlled

Data stewards are identified for each data set

75

Technical processes sustain data integrity

Processes exist for data quality issue resolution in partnership withData Stewards

Technical controls safeguard data

Data added to data sets are consistent with the common data model

Versions of Master Data are maintained along with the history ofchanges

Change management practices are applied in maintenance of thedatabase

Data content and changes can be auditedUser

A User is any employee, contractor or third-party affiliate

who is authorized to access institutional data or information systems. Users

are responsible for:

Adhering to information security policies, guidelines and

procedures.

Reporting suspected vulnerabilities, breaches and/or misuse of

institutional data to a manager, IT support staff or the Information

Security Office.

User must safeguard institutional data

Safeguard electronic communications (avoid opening and clicking of

attachments of un-trusted source and use always an official email

accounts)

Avoid risky behavior online and report suspected security breaches

( be cautious when file sharing , browsing web pages and clicking on

URL)

76

Safeguarding Institutional DataAn institutional data can be classified into three categories,

Public DataIt is a data which is shared and seen by mass level and

everyone can share that information for example websites in which yopu

seen the information which are published for public so that everyone can

get the information.

Private DataIn this type of data the information is shared and looked by

limited user so that they can the information for example an email which is

shared with the staff of the organization but not with general public.

Restricted DataIn third type of data it is very restricted with other user only

authorized persons are able to see the information for example in a data

center only authorized person are allowed to go inside unauthorized person

are not allowed strictly. Following are the core elements which help to

safeguard institutional data.

Protecting Electronic Data.

Safeguard your password (should change periodically, strong combination).

Secure your computer by updating O.S, Install and update Antivirus, lock screen.

Protecting physical data.

Protecting verbal communication.

Disposing of data when it is no longer uses, dispose disk drive or any other

storage.

77

GLOSSARYAdhere is defined as To stuck on with any substance or to stuck with policy Botnet is a term which is used for number of internet are connected to computerscommunicating with similar machines in which components are located over the network CGI program is any program designed to accept and return data that conforms tothe CGI specificationCLI is referred as Command Line Interface Code injection It explains the Computer bug that may cause by processing invalid data.Covert listening device known as a bug or a wire, is usually a combination of a miniature radiotransmitter with a microphone. The use of bugs, called bugging, is a common techniquein surveillance, espionage and in police investigations.DARPA stands for Defense Advance Research Project AgencyDiplomatic Cables also known as a diplomatic telegram or embassy cable, is a confidentialtext message exchanged between a diplomatic mission, like an embassy or a consulate, andthe foreign ministry of its parent countryDumb access devices: it refers to the devices which are designed to single purposeEavesdropping secretly listen to a conversation.Enterprise is defined as simply another name for a business, the word enterprise describes theactions of someone who shows some initiative by taking a risk by setting up, investing in andrunning a business.Iceberg Model: The iceberg model is a systems thinking tool designed to help an individual orgroup discover the patterns of behavior, supporting structures, and mental models that underlie aparticular event.Intelligent Device: Like Smartphone, PDA or other.IoT: stands for Internet of Things. A proposed development of the Internet in which everydayobjects have network connectivity, allowing them to send and receive data. Key loggers are computer software which is used to monitor the keyboard action and records allactivities. Malpractice is an "instance of negligence or incompetence on the part of a professional".Manipulate data is used to selecting, inserting, deleting and updating data in a database.Meatware: Refer to Human entities that operate or use computer or computing process.Multitier: A multi-tier application is any application developed and distributed among morethan one layer. It logically separates the different application-specific, operational layers. NAS Network Attach StorageOmnetric: A joint venture between Accenture and SiemensPhishing is a term which used to obtain username, password and credit card detailsQoS: Quality of Service is a term which is used to measure the level of services provided. Raid stands for Redundant Array of Inexpensive Disk is storage which can be used as networkstorageSLA Service Level Agreement SANs Serial Attach Storage is a point-to-point serial protocol that moves data to and fromcomputer storage devices such as hard drives and tape drives. Saas is referred as System as a serviceVulnerability is term which is used computing/ Network is being attack or going to be un safefrom harmful files or other sources.

78

Worm it is computer software which is designed to Harm network in an organization.Zoocasa is property search engine which has collaboration with Google map in Canada

79

References:https://www.techopedia.com/definition/29199/it-infrastructurehttps://www.techopedia.com/definition/8282/meatwarehttps://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/enterprise-technology-information-and-infrastructurehttps://en.wikipedia.org/wiki/Businesshttp://searchdatacenter.techtarget.com/definition/infrastructurehttp://www.pearsoned.ca/highered/showcase/laudon/pdf/9780135078853_ch05.pdfhttps://www.google.com.pk/search?q=IT+security&biw=1600&bih=745&source=lnms&sa=X&ved=0ahUKEwjxjLbSnJvPAhVaImMKHXJUDdQQ_AUIBSgA&dpr=1https://www.google.com.pk/?gws_rd=cr&ei=4sfgV6uJH8KfaKXiguAJ#q=Enterprise+ppthttps://community.spiceworks.com/topic/460251-how-to-build-a-secure-network-for-an-enterprise-organisationhttps://en.wikipedia.org/wiki/Security_controlshttps://en.wikipedia.org/wiki/Vulnerability_(computing)#Information_security_management_system

The list below is for the Enterprises which providing the information on

this project regarding the service to their clients for Information Technology

Infrastructure and security Essential.

S. No Name Purpose Website

1. Orange Technologies Solution & Support www.orangetechsolution.com2. Premier Systems Pvt. Ltd Solution & Support www.premier.com.pk3. CGI Solution & Support www.cgi.com4 Accenture Solution & Support www.accenture.com

5. OMNETRICJoint venture of

Solution andServices

www.omnetric.com

6 CiscoNetwork Hardware

and Solutionwww.cisco.com

7 SANSInstitute forInformation

Security Trainingwww.sans.org

8 Internet Society Internet solution www.internetsociety.org

80