Question

In: Operations Management

During an onsite visit with the Chief Information Security Officer (CISO), he tells you how upset...

During an onsite visit with the Chief Information Security Officer (CISO), he tells you how upset he is that they found Telnet in use by their network administrators. The reason was that the version of the router and switch operating system currently in use does not support security protocols. You assure the CISO that the upgrade will resolve that problem among other weaknesses he might be unaware of.

you will act as the network administrator. Suggest some other network security protocols that will be used to protect data on the network and explain why they would work better.

Solutions

Expert Solution

Network security protocols are primarily designed to prevent any unauthorized user, application, service or device from accessing network data. This applies to virtually all data types regardless of the network medium used.

Network security protocols generally implement cryptography and encryption techniques to secure the data so that it can only be decrypted with a special algorithm, logical key, mathematical formula and/or a combination of all of them. Some of the popular network security protocols include Internet Security Protocol, Secure Hypertext Transfer Protocol (HTTPS) and Secure Socket Layer (SSL).

Secure Socket Layer:

  • SSL is a widely used general purpose cryptographic system used in the two major Internet browsers: Netscape and Explorer.
  • It provides an encrypted end-to-end data path between a client and a server regardless of platform or OS.
  • Secure and authenticated services are provided through data encryption, server authentication, message integrity, and client authentication for a TCP connection through HTTP, LDAP or POP3 application layers.
  • It rivals S-HTTP

HTTPS:

  • Hypertext Transfer Protocol over Secure Socket Layer (HTTPS)
  • HTTPS is the use of Secure Sockets Layer (SSL) as a sub-layer under the regular HTTP in the application layer. It is also referred to as Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) or HTTP over SSL, in short.
  • HTTPS is a Web protocol developed by Netscape, and it is built into its browser to encrypt and decrypt user page requests as well as the pages that are returned by the Web server. HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP

Internet Security Protocol:

  • IPSec is a suite of authentication and encryption protocols developed by the Internet Engineering Task Force (IETF) and designed to address the inherent lack of security for IP-based networks.
  • IPSec, has a very complex set of protocols described in a number of RFCs including RFC 2401 and 2411.
  • Although it was designed to run in the new version of the Internet Protocol, IP Version 6 (IPv6), it has also successfully run in the older IPv4 as well.
  • IPSec sets out to offer protection by providing the following services at the network layer:
  • Access Control – to prevent an unauthorized access to the resource.
  • Connectionless Integrity – to give an assurance that the traffic received has not been modified in any way.
  • Confidentiality – to ensure that Internet traffic is not examined by non-authorized parties. This requires all IP datagrams to have their data field, TCP, UDP, ICMP or any other datagram data field segment, encrypted.
  • Authentication – particularly source authentication so that when a destination host receives an IP datagram, with a particular IP source address, it is possible to be sure that the IP datagram was indeed generated by the host with the source IP address. This prevents spoofed IP addresses.
  • Replay protection – to guarantee that each packet exchanged between two parties is different.
  • IPSec protocol achieves these objectives by dividing the protocol suite into two main protocols: Authentication Header (AH) protocol and the Encapsulation Security Payload (ESP) protocol.
  • The AH protocol provides source authentication and data integrity but no confidentiality.
  • The ESP protocol provides authentication, data integrity, and confidentiality.
  • Any datagram from a source must be secured with either AH or ESP ( See diagrams of these).

Related Solutions

You have been employed by Challenger Constructions as their first Chief Information Security Officer (CISO). You...
You have been employed by Challenger Constructions as their first Chief Information Security Officer (CISO). You have been tasked by the Board to conduct a review of the company’s risks and start to deploy security policies to protect their data and resources. You are concerned that the company has no existing contingency plans in case of a disaster. The Board indicated that some of their basic requirements for contingency planning include: A Recovery Time Objective (RTO) of 4 hours A...
You have been employed by Challenger Constructions as their first Chief Information Security Officer (CISO). You...
You have been employed by Challenger Constructions as their first Chief Information Security Officer (CISO). You have been tasked by the Board to conduct a review of the company’s risks and start to deploy security policies to protect their data and resources. You are concerned that the company has no existing contingency plans in case of a disaster. The Board indicated that some of their basic requirements for contingency planning include: A Recovery Time Objective (RTO) of 4 hours A...
Imagine this is your first day as Senior Chief Information Security Officer (CISO) of Company A....
Imagine this is your first day as Senior Chief Information Security Officer (CISO) of Company A. The Chief Financial Officer (CFO) calls you wondering what should have been done differently during a recent incident involving your predecessor. The following incidents recently occurred and were closed out without any alert to senior staff or the CFO. The Chief Financial Officer’s admin reported that their laptops were performing erratically and many popup screens kept appearing while browsing the Internet. Upon inspection, it...
You are the president of high performing division and the Chief Executive Officer tells you in...
You are the president of high performing division and the Chief Executive Officer tells you in order increase the profits by another $260M over forecast; you need to layoffs 9 people. And also by doing this you will be promoted with 26k salary increase and stock option and also the analyst say the stock would go up in time to cash in our stock options. What you will do? Explain the pros and cons of your actions for a. yourself,...
A chief information security officer is creating a security committee involving multiple business units of a...
A chief information security officer is creating a security committee involving multiple business units of a corporation. Which of the following is the best justification to ensure collaboration across business units? A risk to business unit is a risk avoided by all business units, and liberal BYOD policies create new unexpected avenues for attackers to exploit Enterprises single point of coordination is required to ensure cyber-security issues are addressed in protected, compartmentalize groups without business unit collaboration, introduced by one...
The chief executive officer of Indira Investment Cc has appointed you because he requires certain information...
The chief executive officer of Indira Investment Cc has appointed you because he requires certain information considering that you are currently a studying Accounting at UNAM. The CEO has high expectations of you. He has asked you to prepare next year’s budget. You are currently busy analysing the company’s telephone costs of the 9 months of 2017, in order to arrive at a cost function that you can use. The company provided you with the following information: Month Total cost...
Tom Brady went to Supercuts and is upset as his haircut went awry. He tells Supercuts...
Tom Brady went to Supercuts and is upset as his haircut went awry. He tells Supercuts that they will be hearing from his lawyer and “the haircut is an assault” and “will cause both him and Giselle emotional distress.” He also adds that the “haircut is also clearly negligence.” He sees you walking with your Business Law textbook, which you never leave home without and asks you what you think. What do you tell him?
You are the Chief Information Officer for General Manufacturing Incorporated. They are the leading supplier of...
You are the Chief Information Officer for General Manufacturing Incorporated. They are the leading supplier of plastic containers for consumer and commercial use. Fifteen years ago, they went live with an ERP system. Since that time, they have outgrown the system and it has become clear that they need a new one. Additionally, they have not sold their products directly to the public online but provided them to other industry users or to retail chains. They want to change so...
You are the Chief Information Officer for a trucking company. You need to maintain constant contact...
You are the Chief Information Officer for a trucking company. You need to maintain constant contact with your entire fleet of trucks – both in terms of voice and data connections. What wireless technologies will enable you to do this? Explain why you are recommending the technologies that you are. Title this case “Conducted and Wireless Media.”
As the CISO, you are responsible for development and implementation of various security policies to ensure...
As the CISO, you are responsible for development and implementation of various security policies to ensure the protection of company sensitive information and systems. There are different levels of policy from executive level to issue specific and system level policies. Discuss how the program policy leads to the other types of policies. Provide at least two examples of issue specific policies and two system specific (codified) policies. Include at least one research reference and associated in-text citation using APA standards....
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT