Projects

  1. All (0)

Writers

  1. All (470)
Home portfolios Network security in Organizations in the 21st Century

Network security in Organizations in the 21st Century

Creator:

Area of Expertise:

  • Computer sciences/IT

Description

Network security in Organizations in the 21st Century Prospectus This research paper highly focuses on how information technology affects a firm’s network security and the importance of network security for business in the 21st century. Technology advancement affects all aspects of human life. It has come along with both merits and demerits. Through the technological advancement, the world has been turned into a global village. Presently, technology has been adopted in most organizations in order to improve the efficiency of most organizations. Most firms employ technology in their operations with the objective of ensuring that they remain competitive, and increase their market share. Irrespective of the firm’s objective, the issue of network security has become a major challenge in most organization. Cyber crime has been a major concern in the global firms, and that has made network security to be enhanced in most firms. Among the firms that have been affected by issues of network security, include Coca Cola, McDonalds, Toyota, eHarmony, and the twitter accounts of Associated press occurred on June 2012 and April 2013 respectively among others. In these firms, the importance of network security is a critical feature because most of the information is communicated through the cyber space. That requires the firms to protect their data from intruders and threats that can negatively affect the present and future operations. Most of the information is protected from cyber security threats that are very diverse in the 21st century. Network work security is a complex issue that entails policies and provisions that are used by a network administrator to protect a firm’s data from unauthorized access. Through the network administrator, the information stored in the database cannot be modified, or be monitored by external parties. The access is denied through user identification, and passwords or other authentication methods that include having a network guard, physical security, network analyzer, and antivirus software. IPv6 is used to ensure network security through the internet. Network security is ensures that security and privacy during transactions is guaranteed. In this research paper, several concepts from the book, The Information Society Reader, by Frank Webster and Raimo Blom are discussed. These issues involve issues pertaining network security, and reasons why technology is vital to guarantee a firm’s success. Besides networks issues in a number of firms across the globe, other concepts analyzed in include network security management measures. More so, the major issues that affect network security such as confidentiality, integrity, availability, privacy, and threats are also assessed. In efforts to address these concerns, the history, present, and the future of network security are evaluated. Through the firms analyzed, it is apparent that network security is a major concern because internet is expanding in a very high rate. The research paper further confirms that information security is mostly software based, the hardware is mostly employed in guarantying the security. That calls for the active research on hardware and software to ensure that information is safely guarded from an unauthorized access. Through the network security, intellectual property is safely guarded. Technology is evolving fast and concerns about network security will continue as threats continue emerge. When the network security is guaranteed, the operations of a firm are not affected because designated employees only access the firm’s data and files. 1.0 Introduction Networks in businesses are integral part of organizations in the 21st century. This is because firms through computer networks are able to communicate effectively, and efficiently, hence lowering the operational costs. Through the computer networks, organizations and their partners may become synonymous because they can share the same information randomly while limiting outsiders. Among the people who can access the data, stored in a firm’s network include the authorized employees, partners, and clients, among others. Through the networks, the business owners have the chance to connect in real time, hence adding value to the firm. With network, businesses are able find to solutions to their problems that do not affect other businesses. The computer networks employ electronic communications. In the 21st century, electronic communications are essential in a firm because they enable a firm to execute various functions at the same time. The organization functions that employ the electronic communications through the computer network include human resources, accounting, purchasing, and customer, service among others. In efforts to ensure that firms become successful, firms have to link their past, present, and future operations in a safe environment. In efforts to guarantee security of firms’ operations, firms employ both physical, and software based precautions. These precautions must be latest modules (Webster & Blom, 2004). Network security is a critical tool in any organization because of its ability to guarantee intellectual property security. The computer based network security employs data network that can easily be altered by some programs such as Trojan horses when installed in the routers. That emphasizes the importance of network security applications because of the emerging challenges. The challenges emerging are created by the communication that exists between those who develop the network and the security technology. In most instances, the networks are developed in an Open Systems Interface Model (OSI) (Fitzgerald and Dennis, 2009, p.16). The OSI main pros are evident in the modularity, employment of standard protocols, ease of use, and flexibility. Contrary to that, the network security is not a well-developed area, hence making the network security to face many challenges unlike the network design. The computer network security does not only entail the security of the data of the network, but also that of the computers in the network. Through that, the whole communication channel is protected from possible attackers. For computer network to be considered secure, among the features that must be considered include accessibility, authenticity, non-reputability, and integrity (Obaidat & Boudriga, 2007, p.218). For network to be considered secure issues that need to be considered include the possible attackers, the required degree of security, and features that make the network susceptible. Through an understanding of the present security issues facing organizations, network security developers are in a position to enhance security in an organization. It is paramount to note that there exists a difference between network security and data security. Network security entails a combination of efforts that deter individuals tampering with data/ information within the network with the use of attack hard networks and ciphers (Kartalopoulos, 2008, pp. 1469-1473). Technology advancement has come along with many challenges even though there has been expansion on the use of personal computers in organizations. Though most small and medium enterprises and large firms employ technology to increase the employee productivity, network security has become a concern. The solutions available to most firms are not consistent and keep on changing from time to time. That calls for an in-depth evaluation of the network security challenges in organizations in the 21st century in this research paper. The paper further analyzes how network security issues affects, such firms like Coca Cola, McDonalds, Toyota, eHarmony, and the twitter accounts. Lastly, methods used to make ensure network security such as network guard, physical security, network analyzer, and antivirus software are also evaluated. 2.0 Network Security History Among the recent issues that have triggered network security issues, revolve around the felony perpetuated by Kevin Mitnick. The crime by Mitnick is regarded as the largest cyber crime in the United States history. According to Moore (2010), “Kevin Mitnick became regarded as a serious criminal and holds the distinction of being the first computer-related criminal to be featured on the FBI's Most Wanted list” (23). Millions dollars were lost by several corporations hence bringing into limelight the issue of network security. These firms’ losses mainly involved loss in intellectual property. Mitnick took the advantage of the inexistence of internet protocol that had not yet developed at the time the crimes were committed. That has triggered for the modern network security developers to pay critical attention to the development of a secure network. The internet began to be developed in 1969 in efforts to enhance networking by the department of defense through the Advance Research Project agency Network (ARPANet). The ARPANet was initially very successful because it allowed scientists and firms to share data. It is until 1980’s when the internet was finally developed from the ARPANet during the computer boom. Firms began to use the internet services in 1980’s while the public began to use the internet 1990’s. Microsoft and Netscape were major players in the 1990’s that played a critical role in guarantying the development of internet browser (Banks, 2008). Irrespective of the fact that the internet was developed in 1990’s, issues of network security date back in the 1930 during the World War I. This was in efforts to secure the encrypted texts by Allan Turing. The encrypted scripts were developed by Polish crytographers in 18 as an enigma engine. The security guaranteed by Turing was critical in communication during World War I (Kirkland, 2010). Issues of computer hacking and computer related crimes began to emerge in 1980’s resulting to the development of the 1986 Computer Fraud and Abuse Act. Ian Murphy who stole data stored from the military computers necessitated the creation of this act. The Morris Worm was unleashed through the internet to all the vulnerable computers. Robert Morris, who created the Morris Worm was later convicted for attacking approximately more than 6000 computers. That crime triggered the formation of a response team to address the issues of network security. With internet becoming available to the public in 1990’s, issues of security became a concern. The response team was referred to as the Computer Emergency Response Team (CERT). Security breaches caused many individuals and corporations to incur huge losses. Many firms employed security measures to avoid these loses through intranet or privatized networks. That resulted to the present day development of the internet protocol suite by the internet engineering task force (IETF). The internet protocol suite enables data to be protected during communication between networks (Weiss, 2010). 3.0 The Importance of Network Security in Organizations Presently, the importance of security within the network has become intensified. The emergence of electronic commerce and data communications across business entities is creating new threats day after day. The national defense and other government organs have become vulnerable. This requires effective network security measures to be installed. The essence of security is based on the following reasons: • Occasionally, security breaches are very costly in references to the organization disruptions and financial losses • Organizations transact voluminous sensitive information across the globe through the internet that requires to be protected from unauthorized access • Networks created by the internet are cheap and effective means of communications between many users compared to other means of communication • Managers and directors are required to ensure organization data security to guarantee smooth operations • Unauthorized access of a firms information adversely affects the firm’s reputation because it breaches confidentiality • It prevents an organization data from being destroyed, which can destroyed affects the operations of a firm • Proper network security is critical in ensuring that sensitive information that guarantees a firm remains at a competitive advantage • It ensures that data cannot be manipulated. For example, when a hacker manipulates financial data, the firms can end up being sued by the shareholders. When many computers are integrated in a system, the network is more susceptible to external extrusion. Therefore, it is imperative to ensure that the network has a security network security that is continuously being improved. The essence of network security is based on enhancing productive and smooth operations of a firm. 4.0 Vulnerability of the Network Vulnerability of the network security among organizations forces many firms to employ intranet protections. Internet engineering task force provides security through layers in the internet protocol suite. The provided security mechanism enables data to be protected as it flows in a network. Internet protocol security (IPSec) is a standard security architecture that is concerned with the network security. The IP security features the present IPv4 and the future generation IPv6. IPSec is geared towards overcoming the challenges being faced by present computer networks such as the security issues. 4.1 IPv4 Architecture The IPv4 security protocol was created to solve some network security issues but it emerged that has some inefficiencies that are being addressed by the IPV6. The IPv4 inefficiencies revolve around routing, security, space, and quality. The security issues facing many firms presently are caused by the inefficiencies of IPv4. There is no existence of any specific requirement to secure IPv4. IPSec secures the network through cryptography of the packet payloads. IPSec addressed those inefficiencies through the development of IPv6. Through IPv6, IPSec aims at providing network security while focusing on integrity, and confidentiality, and thus improving the quality of the network quality (Bidgoli, 2006). 4.2 IPv6 Architecture This was developed by IPSec in efforts to overcome the challenges brought about by IPv4. Of concern in this situation is the issue of the network security. IPSec ensures lower network security risks throughout the network unlike in the IPv6 (Andress, 2005). To enhance maximum security, IPSec employs the features of both IPv6 and IPv4. It is essential to note that IPv6 secures the network more than the IPv4. Other benefits of IPv6 over IPv4 include better quality, and scalability (Sotillo, 2006). 5.0 Network Security Attacks through the present IPv4 As discussed previously, the major network security attributes are availability, integrity, privacy, and confidentiality. Integrity and confidentiality revolve around similar definition. Network availability refers to ability of the physical computer hardware being accessed by unauthorized personnel. Network privacy refers to the need by organization to protect its secrets. These attributes have unique attack methods and the manner in which network security is maintained through technology. This is demonstrated in the diagram below 5.1 Common Methods of Network Security Attacks Network security attacks take different forms. There are some attacks that collect information from a network; such include phishing and eavesdropping. Some attacks alter the normal functioning of the network; such includes the Trojans and viruses among others. Other attacks, such as the denial of access occurs when the resources within the network are consumed uselessly. 5.1.1 Eavesdropping This kind of attack occurs when the communications within the network are intercepted. Through that, the perpetrator can secretly acquire the messages being communicated within the network. The messages can be distorted when being passed between the sender and the recipient. Alternatively, the perpetrator can acquire sensitive information that can be used against a firm. Eavesdropping may entail acquiring packets of data during data transmission across the network. The data packets may contain sensitive information such as passwords. This form of network security attack is carried out using network sniffers tools. The network sniffers collect data packers depending on their quality; they later decode the data and store it. The success of the sniffers to acquire data depends on the Local Area Network environment with HUBs, Switches, and the Wide Area Network Environment. Network eavesdropping is made easier when the HUB is employed within the local area network environment because of the HUBs ability to transfer all the data to all the ports. Eventually all the information needed by the attacker is collected. It is very complicated to discover network eavesdropping because it is executed in a very passive manner. Stewart (2010) notes that “To thwart eavesdropping and related attacks based on eavesdropping, you should encrypt all traffic over a network communication link” (p. 164). 5.1.2 Viruses According to Dubrawsky (2009), “A computer virus is defined to as a self-replicating computer program that interferes with the hardware, software, or operating system (OS) of a computer” (p. 6). Network attacks through virus can have diverse impacts on the network. It can damage files, disrupt work, and even bring down the operations of organizations. Virus attacks do not necessarily have cause damage directly. The virus may be a combination of malicious programs that limit the optimal performance of operations. Among the common types of virus include Trojan horses, and worms. They can appear to be script files or executable files. Worms are self replicating. While virus require programs to propagate, worms do not require programs files to propagate. Upon opening a program infected with virus, the virus gets activated. There exist two categories of worms that can attack a network; these are the network-aware worms and mass mailing worms. Network aware works infects computers that are connected through the network, while the mass mailing worms attack computers within the network through emails. 5.1.2 Phishing Phishing is a network attack crime that involves efforts being made in the network to acquire sensitive information such as credit card details, passwords, and usernames. When an outsider acquires this information, the network that discloses that information through attacks appears to untrustworthy. Phishing is very common in online/ electronic transactions, and in the social media. Perpetrators normally send links that are infected with the malware. This is done through email spoofing, this requests the user to fill in confidential information in websites that are normally identical to the one the user is using, hence disclosing the confidential information. This computer network security attack is a way that deceives the users through social engineering. Phishing attacks in most cases targets the networks operating in online transactions like the online banking. Phishing can result to identity theft. The data base of TD Ameritrade was broken into resulting to stealing its clients social security number, addresses, telephone numbers, emails,, and their transactions. A later phishing attack was ensued to get the clients passwords and usernames. The Russian Business Network, which operates from St. Petersburg committed most phishing attacks in 2006. There are a number of phishing methods that are employed by phishers. These include filter evasion, website forgery, link manipulation, tabnabbing, and evil twins. Phone phishing involves an attack whereby the attacker uses the phone to make a call pretending to be from bank concerning a client problem, the client then gives his/ her personal details, and the accounts gets attacked. Evil twin entails creation of a counterfeit wireless network that appears identical to the public one. Whenever anyone logs on, the attackers acquire their credit information or password, which is later used for malicious damages. Tabnabbing involves creation of multiple tabs to users, which eventually the user to a site that is infected. Phishing can result to a user being denied to access his/ her email. To some extent, the victims of the attack through the network can incur financial losses. Phishing attacks for financial gains by the attackers are widespread in most firms’ networks across the globe. Firms are therefore required to ensure maximum network security is maintained. 5.1.5 IP Spoofing Attacks IP spoofing attacks involves development of internet protocol packets using an IP address that is forged. This is done within the intention of hiding the identification of the sender. Further, it can be employed to impersonate other computer systems. This is commonly used in denial of service attacks, and by the network intruders. This kind of attack is possible where there is trust between the computers in the network, thus the users in the network do not require passwords to access the data stored in the system. That makes an intruder to access data stored in a certain computer in the network without restriction. 5.1.6 Denial of service Denial of service attack is an attack whereby the required users of the network are denied access to information stored within the network. The motive of the attack may vary, however, it entail disconnecting the computers connected through internet from the host. When done for malicious purposes, it focuses web servers of high profile users such as banks and credit cards. This is sometimes executed by giving the system so many commands resulting to server overload. Thus it reduces efficiency in communication between the intended users and the network. Further, it can require resetting the whole network because of provision of inefficient service (Shabtai, 2010, pp. 35-44). Characteristics of network experiencing such kind of attack include: • When the network performance is unnecessary slow that usual • Being unable to access certain sites within the network • Disconnection from the network • When some data within the network cannot be accessed • Unexpected increase in the received spam emails. Methods of attack include through distributed attack, nuke, teardrops attack, unintentional denial of service, peer-to-peer attack, permanent denial to attacks, and application level floods, among many others. 6.0 Methods of Enhancing Network Security Several strategies are being employed to improve network security in most organizations. The present methods are continuously being improved through investments in research and development. The security measures include ways of preventing and detecting attacks. The most recent security measure includes the use of cryptographic systems through the internet. That ensures that data within the network is transformed into unintelligible data with security engineering. The data is transformed using ciphers and codes. Firewall acts as a security measure by forming a perimeter protection that prevents outsiders from accessing data within the network. Software and hardware can be used in the implementation of firewall. Intrusion detention system (IDS) uses both software and hardware to protect the network from intrusion by detecting attacks. The IDS also block attacks and alerts the system administrators (Anson, et, al, 2012). Anti-malware scanners and scanners are employed as security measures against malicious software such as virus and worms. In efforts to enhance security between websites and web browser, protocols such as Secure Socket Layer (SSL) are employed. Through the SSL, a secure channel of communication within the network and the LAN is created through authentication of the authorized within the network while using certificates. IPv6, which is an improvement of IPv4, provides improved security within the network; however, IPv6 continues to remain vulnerable because of mobility, flooding, and header manipulation issues (Bidgoli, 2006). Despite the many challenges facing organizations in references to the network security, these firms use a combination of several security measures to ensure that their operations are not affected. They combine authentication, encryption, and firewalls that eventually create an intranet linked via the internet, which is guarded. Intranet refers to a private network that employs the internet protocols while extranet is a network that can be accessed by a number of parties who may include clients, suppliers, and employees. Intranet limit sharing of data within an environment that is controlled, hence referred to as private network, however, the data protected by intranet is vulnerable when security is not tightened. Usage of closed intranet comes with disadvantages because essential information may not reach the required users. It is recommended that firms should employ open intranet in order to enable data to be shared between parties who may need it. The security measures that open intranet need include: • Complex ant-malware software • Firewall that can identify, and report outsiders attempts to intrude into the network • Strict instructions to employees while opening spam email and email attachments • Encryption of all data transfers, and connections • Authentication of the network through the use of timed passwords, and synchronization In case the network requires to be connected though the network, it can be connected through the Virtual Private Network (VPN). The VPN connects a network that may be located in different geographical locations across the globe. Global firms in their operations employ this security measure. VPN enables real connection across the globe in real time. That enables virtual connections of all the parties of the networks (Lewis, 2004). 7.0 Present Development of Network Security The field of network security has continued to be improved with emerging new technologies. The old criterion of network security has continued to used, however, the biometric identification is being added. Through the biometric identification, the network security is being enhanced with better authentication beyond that provided by passwords. Through the improvement by the biometrics, a safer network security is guaranteed hence reducing the chances of unauthorized access in organizations’ networks. The new technology has played a critical role in the development of smart cards that are more secure that the credit cards. Network security has remained very dynamic with newly improved encryption and firewalls being developed and implemented. The research being carried out mainly uses the present developments to project future security developments (Webster & Blom, 2004). 7.1 Hardware Developments Presently, biometric measures are being developed and implemented to enhance network security. Biometrics employed in enhancing security in networks requires the use of some software support. Biometric identification of the users within the network makes certain that security is maintained. The secure biometric identification of the voice has been employed by some organization in the 21st century. For firms with small budgets, they may find is expensive to afford the hardware required for biometric identification. That consequently makes their network susceptible to attacks (Reid, 2004). Through technology advancement, there has been development of computer mouse that can read the thumbprint, but that comes along with additional cost. It is paramount to note that the network security benefits that come along with such developments are lower than the cost in the long-run. The high cost is attributed to the fact that every computer across the globe must be fitted with the biometric mouse. In the case of voice biometric security identification, the software recognizing the voice may be centralized. However, whether the voice or hardware biometric security identification are implemented, both require software support (Reid, 2004, p. 3). Presently, the password system within the networks is being replaced with the biometric security measures. There are many risks involved in maintaining password is complicated even in an organizations using a small network. Authorized personnel forget their passwords easily because the passwords must be changed regularly. In some instances, the users may end up saving their passwords within the network thereby compromising the network security. These challenges related to the passwords are being solved by biometric identification methods. The smart cards have also greatly improved the network security. The smart cards have encrypted keys and other information essential for identification and authentication procedures. The principle behind the use of the smart card is to provide indisputable confirmation of an individual’s identity. Smart cards can be employed in several ways within the network. They can be used to logging securely into the network while providing safe and sound email transactions and communications. To boost the security of the smart card, the user is provided with a personal identification number (PIN) that must be fed before the user can access the network system. The PIN is analogous to the ones employed by the automatic teller machines (ATM). The smart cards are secure because upon being prompted to feed the PIN, the Pin is not transmitted across the network. In addition, a PIN cannot be used without the smart card, while it also impossible to use the smart card without PIN. T he smart card are cost effective compared to biometric identification methods, but not as secure as the latter. According to Shinder (2003), “With smart cards, the security of a network can be greatly enhanced because it is necessary to physically possess the card” (p. 81). 7.2 Software Developments The issue of soft development in network security is immeasurable. Research and development mainly focuses on improving the existing security measures. There are new emerging viruses while the antivirus software continue to be improved. That process of updating is similar to that of intrusion detention systems and firewalls. Most of the researchers invest in analyzing the attack patters in order to develop appropriate software to overcome the network security issues. The biometric devices need appropriate software that will interpret the security issues correctly. Neural network is required in the development of facial recognition software. 8.0 The Future of the Network Security The present network security applications will play a very important role in guarantying the safety of the future. Biometrics need to be fully adopted. The present researchers mainly focus on minute improvements of the past safety measures. The minor developments cannot match the development being undertaken by the attackers. That has triggered an ongoing attacks on organizations networks. According to Douligeris (2007), in future, companies need to invest heavily in network security. Sufficient budgets will be a key tool towards achieving the desired network security. More so, the budget should have a provision for continuous improvement. 9.0 Case Studies of Network Security Attacks In the past couple of years, several network attacks have been reported. According to Gaudin (2013), the Associated Press twitter account was hacked, and begun to spread false news. The false news were that the United States President, Obama, had been injured after an explosion occurred in the White House. This highly negatively affected the United States securities market, however, after it was announced that the news false, the markets was restored. Prior to the hacking of the AP twitter account, the there had been reports that the corporate office of AP had tried to be attacked through phishing. This is an indication of the level of network security widespread. Sensitive files of Coca-Cola in China were accessed by attackers after the Paul Etchells, the deputy president of Coca-Cola Pacific group clicked a malicious link in his email (Smith, 2012). Smith also noted that BG Group, Chesapeake Energy, and ArcelorMittal are multinational whose networks have also been attacked. According to Internet Security (2011), the eHarmony, an online dating website was hacked and the passwords of the users accessed. That necessitated the system administrators to request its users to change their logging in details. “Please be assured that eHarmony uses robust Internet security measures, including password hashing and full data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches” (Patterson, 2012). According to Gaynor (2008), McDonalds understands the importance of network security thus employing the services of Clean Pipes in securing the 720 stores located in Australia. In efforts to secure its financial services in the United Kingdom, Toyota has improved its network security by hiring the services of Palo Alto Networks that uses firewalls, anti-malware software, SSL, and intrusion prevention systems (Sawas, 2013). 10.0 Conclusion The network security is an area of major concern for most organizations in the 21st century. The network attacks have become very common, and the costs are very high. The costs include financial costs as a result of libels when information about individuals is accessed without authorization. The firms’ whose network is accessed by unauthorized persons adversely affects its publicity. Although a lot of resources are being employed in improving the network security, challenges emerging from unauthorized access continue to affect most firms across the globe. The advantages of a safe network are paramount to the success of all firms. The losses incurred due to unauthorized access can be addressed through creation of an impeccable network. Presently, there has been development of security measures that are not very remarkable. Although most network security developers understand the factors that make networks vulnerable, the developed protocols are not efficient enough. Among the most common methods of attacks, include phishing, denial of service, IP spoofing attacks, virus, and eavesdropping, among others. These modes of attack have continued to evolve, hence making them hard to contain. Among the features that make a network security to be safe, and thwart attempted attacks, include being available, integrity, confidentiality, privacy, and threats. The organizations whose networks do not pay attention to these features are likely to fall victims of attackers. The subject of network security dates back in the beginning of 20th century but no optimal solution to attacks has been developed. The case involving Mitnick is the greatest reported network attack that has been recorded, however, firms, individuals, and governments continue to fall victims of network security attacks. In efforts to improve the network security, protocols have been developed. IPv6 is the latest internet protocol that is being employed. Other methods that are applicable in ensuring the safety of organization networks include the firewalls, anti-malware software, intrusion detention system, and secure socket layers. These security measures employ both software and hardware. Biometric measures of enhancing security are the latest methods of security network that are being applied. The biometric measures involve the use of improved security engineering. The smart cards are developed using the biometric identification criterion. They have proved to be safer that the passwords that are used to gain access to networks. Software and hardware are being improved to counter the network attacks that continue to evolve. In future, lest sufficient resources are allocated in research and development of secure network measures, issues of network security will continue haunt organizations beyond 21st century.   11.0 References Anson, S., Bunting, S., Johnson, R., & Pearson, S. (2012). Mastering Windows network forensics and investigation. Hoboken, N.J: Wiley. Banks, M. A. (2008). On the Way to the Web: The Secret History of the Internet and Its Founders. Verlag: APress/Springer. Bidgoli, H. (2006). Handbook of Information Security Volume 1. Hoboken: John Wiley & Sons. Douligeris, C. (2007). Network security: Current status and future directions. Hoboken, NJ: IEEE Press. Dubrawsky, I. (2009). The CompTIA Security + certification guide: Exam SYO-201. Burlington, MA: Elsevier. Dubrawsky, I. (2009). The CompTIA Security + certification guide: Exam SYO-201. Burlington, MA: Elsevier. FitzGerald, J., & Dennis, A. (2009). Business data communications and networking. Hoboken, NJ: John Wiley. Gaudin, S. (23 April, 2013). AP's Twitter account hacked; false 'Obama injured' tweet sent. Retrieved on 19th July 2013, from http://www.computerworld.com/s/article/9238627/AP_s_Twitter_account_hacked_false_Obama_injured_tweet_sent Gaynor, B. (28 Oct. 2008). McDonalds partners with Earthwave to provide Australians with Family Friendly internet services. Retrieved on 19th July 2013, from http://www.earthwave.com.au/press/28102008_McDwifi.pdf Kirkland, K. (2010). Computer science: Notable research and discoveries. New York: Facts On File. Lewis, M. (2004). Troubleshooting virtual private networks. Indianapolis, Ind: Cisco. Moore, R. (2010). Cybercrime: Investigating High-Technology Computer Crime. Burlington: Elsevier Science. Network Eavesdropping . Retrieved on July 17, 2013, from https://www.owasp.org/index.php/Network_Eavesdropping Network Eavesdropping. (n.d.). Retrieved on 19th July 2013, from https://www.owasp.org/index.php/Network_Eavesdropping Obaidat, M. S., & Boudriga, N. A. (2007). Security of e-systems and computer networks. Cambridge [u.a.: Cambridge Univ. Press. Reid, P. (2004). Biometrics for network security. Upper Saddle River, N.J: Prentice Hall PTR. Sawas, A. (14 June, 2013). Toyota Financial Services boosts network security. Retrieved on July 17, 2013, from http://cw.com.hk/news/toyota-financial-services-boosts-network-security Shabtai, A. et, al. (2010). "Google Android: A Comprehensive Security Assessment". IEEE Security & Privacy Magazine 8 (2): 35–44 Shinder, T. W. D. S. D. L. (2003). Mcse planning and maintaining a windows server 2003 infrastructure: Exam 70-293 study guide ... guide & dvd training system. S.l.: Syngress Media Inc. Smith (11/05/2012). Coca-Cola hacked by Chinese and kept it a secret. Retrieved on 19th July 2013, from http://www.networkworld.com/community/blog/coke-hacked-chinese-and-kept-it-secret Stewart, J. M. (2010). Network security firewalls & VPNs. Mississauga, Ont: Jones & Bartlett Learning. Stewart, J. M. (2010). Network security firewalls & VPNs. Mississauga, Ont: Jones & Bartlett Learning. Webster, F. & Blom, R. (2004). The Information Society Reader. NY: Routledge Weiss, J. (2010). Protecting industrial control systems from electronic threats. New York: Momentum Press. Network security in Organizations in the 21st Century Prospectus This research paper highly focuses on how information technology affects a firm’s network security and the importance of network security for business in the 21st century. Technology advancement affects all aspects of human life. It has come along with both merits and demerits. Through the technological advancement, the world has been turned into a global village. Presently, technology has been adopted in most organizations in order to improve the efficiency of most organizations. Most firms employ technology in their operations with the objective of ensuring that they remain competitive, and increase their market share. Irrespective of the firm’s objective, the issue of network security has become a major challenge in most organization. Cyber crime has been a major concern in the global firms, and that has made network security to be enhanced in most firms. Among the firms that have been affected by issues of network security, include Coca Cola, McDonalds, Toyota, eHarmony, and the twitter accounts of Associated press occurred on June 2012 and April 2013 respectively among others. In these firms, the importance of network security is a critical feature because most of the information is communicated through the cyber space. That requires the firms to protect their data from intruders and threats that can negatively affect the present and future operations. Most of the information is protected from cyber security threats that are very diverse in the 21st century. Network work security is a complex issue that entails policies and provisions that are used by a network administrator to protect a firm’s data from unauthorized access. Through the network administrator, the information stored in the database cannot be modified, or be monitored by external parties. The access is denied through user identification, and passwords or other authentication methods that include having a network guard, physical security, network analyzer, and antivirus software. IPv6 is used to ensure network security through the internet. Network security is ensures that security and privacy during transactions is guaranteed. In this research paper, several concepts from the book, The Information Society Reader, by Frank Webster and Raimo Blom are discussed. These issues involve issues pertaining network security, and reasons why technology is vital to guarantee a firm’s success. Besides networks issues in a number of firms across the globe, other concepts analyzed in include network security management measures. More so, the major issues that affect network security such as confidentiality, integrity, availability, privacy, and threats are also assessed. In efforts to address these concerns, the history, present, and the future of network security are evaluated. Through the firms analyzed, it is apparent that network security is a major concern because internet is expanding in a very high rate. The research paper further confirms that information security is mostly software based, the hardware is mostly employed in guarantying the security. That calls for the active research on hardware and software to ensure that information is safely guarded from an unauthorized access. Through the network security, intellectual property is safely guarded. Technology is evolving fast and concerns about network security will continue as threats continue emerge. When the network security is guaranteed, the operations of a firm are not affected because designated employees only access the firm’s data and files. 1.0 Introduction Networks in businesses are integral part of organizations in the 21st century. This is because firms through computer networks are able to communicate effectively, and efficiently, hence lowering the operational costs. Through the computer networks, organizations and their partners may become synonymous because they can share the same information randomly while limiting outsiders. Among the people who can access the data, stored in a firm’s network include the authorized employees, partners, and clients, among others. Through the networks, the business owners have the chance to connect in real time, hence adding value to the firm. With network, businesses are able find to solutions to their problems that do not affect other businesses. The computer networks employ electronic communications. In the 21st century, electronic communications are essential in a firm because they enable a firm to execute various functions at the same time. The organization functions that employ the electronic communications through the computer network include human resources, accounting, purchasing, and customer, service among others. In efforts to ensure that firms become successful, firms have to link their past, present, and future operations in a safe environment. In efforts to guarantee security of firms’ operations, firms employ both physical, and software based precautions. These precautions must be latest modules (Webster & Blom, 2004). Network security is a critical tool in any organization because of its ability to guarantee intellectual property security. The computer based network security employs data network that can easily be altered by some programs such as Trojan horses when installed in the routers. That emphasizes the importance of network security applications because of the emerging challenges. The challenges emerging are created by the communication that exists between those who develop the network and the security technology. In most instances, the networks are developed in an Open Systems Interface Model (OSI) (Fitzgerald and Dennis, 2009, p.16). The OSI main pros are evident in the modularity, employment of standard protocols, ease of use, and flexibility. Contrary to that, the network security is not a well-developed area, hence making the network security to face many challenges unlike the network design. The computer network security does not only entail the security of the data of the network, but also that of the computers in the network. Through that, the whole communication channel is protected from possible attackers. For computer network to be considered secure, among the features that must be considered include accessibility, authenticity, non-reputability, and integrity (Obaidat & Boudriga, 2007, p.218). For network to be considered secure issues that need to be considered include the possible attackers, the required degree of security, and features that make the network susceptible. Through an understanding of the present security issues facing organizations, network security developers are in a position to enhance security in an organization. It is paramount to note that there exists a difference between network security and data security. Network security entails a combination of efforts that deter individuals tampering with data/ information within the network with the use of attack hard networks and ciphers (Kartalopoulos, 2008, pp. 1469-1473). Technology advancement has come along with many challenges even though there has been expansion on the use of personal computers in organizations. Though most small and medium enterprises and large firms employ technology to increase the employee productivity, network security has become a concern. The solutions available to most firms are not consistent and keep on changing from time to time. That calls for an in-depth evaluation of the network security challenges in organizations in the 21st century in this research paper. The paper further analyzes how network security issues affects, such firms like Coca Cola, McDonalds, Toyota, eHarmony, and the twitter accounts. Lastly, methods used to make ensure network security such as network guard, physical security, network analyzer, and antivirus software are also evaluated. 2.0 Network Security History Among the recent issues that have triggered network security issues, revolve around the felony perpetuated by Kevin Mitnick. The crime by Mitnick is regarded as the largest cyber crime in the United States history. According to Moore (2010), “Kevin Mitnick became regarded as a serious criminal and holds the distinction of being the first computer-related criminal to be featured on the FBI's Most Wanted list” (23). Millions dollars were lost by several corporations hence bringing into limelight the issue of network security. These firms’ losses mainly involved loss in intellectual property. Mitnick took the advantage of the inexistence of internet protocol that had not yet developed at the time the crimes were committed. That has triggered for the modern network security developers to pay critical attention to the development of a secure network. The internet began to be developed in 1969 in efforts to enhance networking by the department of defense through the Advance Research Project agency Network (ARPANet). The ARPANet was initially very successful because it allowed scientists and firms to share data. It is until 1980’s when the internet was finally developed from the ARPANet during the computer boom. Firms began to use the internet services in 1980’s while the public began to use the internet 1990’s. Microsoft and Netscape were major players in the 1990’s that played a critical role in guarantying the development of internet browser (Banks, 2008). Irrespective of the fact that the internet was developed in 1990’s, issues of network security date back in the 1930 during the World War I. This was in efforts to secure the encrypted texts by Allan Turing. The encrypted scripts were developed by Polish crytographers in 18 as an enigma engine. The security guaranteed by Turing was critical in communication during World War I (Kirkland, 2010). Issues of computer hacking and computer related crimes began to emerge in 1980’s resulting to the development of the 1986 Computer Fraud and Abuse Act. Ian Murphy who stole data stored from the military computers necessitated the creation of this act. The Morris Worm was unleashed through the internet to all the vulnerable computers. Robert Morris, who created the Morris Worm was later convicted for attacking approximately more than 6000 computers. That crime triggered the formation of a response team to address the issues of network security. With internet becoming available to the public in 1990’s, issues of security became a concern. The response team was referred to as the Computer Emergency Response Team (CERT). Security breaches caused many individuals and corporations to incur huge losses. Many firms employed security measures to avoid these loses through intranet or privatized networks. That resulted to the present day development of the internet protocol suite by the internet engineering task force (IETF). The internet protocol suite enables data to be protected during communication between networks (Weiss, 2010). 3.0 The Importance of Network Security in Organizations Presently, the importance of security within the network has become intensified. The emergence of electronic commerce and data communications across business entities is creating new threats day after day. The national defense and other government organs have become vulnerable. This requires effective network security measures to be installed. The essence of security is based on the following reasons: • Occasionally, security breaches are very costly in references to the organization disruptions and financial losses • Organizations transact voluminous sensitive information across the globe through the internet that requires to be protected from unauthorized access • Networks created by the internet are cheap and effective means of communications between many users compared to other means of communication • Managers and directors are required to ensure organization data security to guarantee smooth operations • Unauthorized access of a firms information adversely affects the firm’s reputation because it breaches confidentiality • It prevents an organization data from being destroyed, which can destroyed affects the operations of a firm • Proper network security is critical in ensuring that sensitive information that guarantees a firm remains at a competitive advantage • It ensures that data cannot be manipulated. For example, when a hacker manipulates financial data, the firms can end up being sued by the shareholders. When many computers are integrated in a system, the network is more susceptible to external extrusion. Therefore, it is imperative to ensure that the network has a security network security that is continuously being improved. The essence of network security is based on enhancing productive and smooth operations of a firm. 4.0 Vulnerability of the Network Vulnerability of the network security among organizations forces many firms to employ intranet protections. Internet engineering task force provides security through layers in the internet protocol suite. The provided security mechanism enables data to be protected as it flows in a network. Internet protocol security (IPSec) is a standard security architecture that is concerned with the network security. The IP security features the present IPv4 and the future generation IPv6. IPSec is geared towards overcoming the challenges being faced by present computer networks such as the security issues. 4.1 IPv4 Architecture The IPv4 security protocol was created to solve some network security issues but it emerged that has some inefficiencies that are being addressed by the IPV6. The IPv4 inefficiencies revolve around routing, security, space, and quality. The security issues facing many firms presently are caused by the inefficiencies of IPv4. There is no existence of any specific requirement to secure IPv4. IPSec secures the network through cryptography of the packet payloads. IPSec addressed those inefficiencies through the development of IPv6. Through IPv6, IPSec aims at providing network security while focusing on integrity, and confidentiality, and thus improving the quality of the network quality (Bidgoli, 2006). 4.2 IPv6 Architecture This was developed by IPSec in efforts to overcome the challenges brought about by IPv4. Of concern in this situation is the issue of the network security. IPSec ensures lower network security risks throughout the network unlike in the IPv6 (Andress, 2005). To enhance maximum security, IPSec employs the features of both IPv6 and IPv4. It is essential to note that IPv6 secures the network more than the IPv4. Other benefits of IPv6 over IPv4 include better quality, and scalability (Sotillo, 2006). 5.0 Network Security Attacks through the present IPv4 As discussed previously, the major network security attributes are availability, integrity, privacy, and confidentiality. Integrity and confidentiality revolve around similar definition. Network availability refers to ability of the physical computer hardware being accessed by unauthorized personnel. Network privacy refers to the need by organization to protect its secrets. These attributes have unique attack methods and the manner in which network security is maintained through technology. This is demonstrated in the diagram below 5.1 Common Methods of Network Security Attacks Network security attacks take different forms. There are some attacks that collect information from a network; such include phishing and eavesdropping. Some attacks alter the normal functioning of the network; such includes the Trojans and viruses among others. Other attacks, such as the denial of access occurs when the resources within the network are consumed uselessly. 5.1.1 Eavesdropping This kind of attack occurs when the communications within the network are intercepted. Through that, the perpetrator can secretly acquire the messages being communicated within the network. The messages can be distorted when being passed between the sender and the recipient. Alternatively, the perpetrator can acquire sensitive information that can be used against a firm. Eavesdropping may entail acquiring packets of data during data transmission across the network. The data packets may contain sensitive information such as passwords. This form of network security attack is carried out using network sniffers tools. The network sniffers collect data packers depending on their quality; they later decode the data and store it. The success of the sniffers to acquire data depends on the Local Area Network environment with HUBs, Switches, and the Wide Area Network Environment. Network eavesdropping is made easier when the HUB is employed within the local area network environment because of the HUBs ability to transfer all the data to all the ports. Eventually all the information needed by the attacker is collected. It is very complicated to discover network eavesdropping because it is executed in a very passive manner. Stewart (2010) notes that “To thwart eavesdropping and related attacks based on eavesdropping, you should encrypt all traffic over a network communication link” (p. 164). 5.1.2 Viruses According to Dubrawsky (2009), “A computer virus is defined to as a self-replicating computer program that interferes with the hardware, software, or operating system (OS) of a computer” (p. 6). Network attacks through virus can have diverse impacts on the network. It can damage files, disrupt work, and even bring down the operations of organizations. Virus attacks do not necessarily have cause damage directly. The virus may be a combination of malicious programs that limit the optimal performance of operations. Among the common types of virus include Trojan horses, and worms. They can appear to be script files or executable files. Worms are self replicating. While virus require programs to propagate, worms do not require programs files to propagate. Upon opening a program infected with virus, the virus gets activated. There exist two categories of worms that can attack a network; these are the network-aware worms and mass mailing worms. Network aware works infects computers that are connected through the network, while the mass mailing worms attack computers within the network through emails. 5.1.2 Phishing Phishing is a network attack crime that involves efforts being made in the network to acquire sensitive information such as credit card details, passwords, and usernames. When an outsider acquires this information, the network that discloses that information through attacks appears to untrustworthy. Phishing is very common in online/ electronic transactions, and in the social media. Perpetrators normally send links that are infected with the malware. This is done through email spoofing, this requests the user to fill in confidential information in websites that are normally identical to the one the user is using, hence disclosing the confidential information. This computer network security attack is a way that deceives the users through social engineering. Phishing attacks in most cases targets the networks operating in online transactions like the online banking. Phishing can result to identity theft. The data base of TD Ameritrade was broken into resulting to stealing its clients social security number, addresses, telephone numbers, emails,, and their transactions. A later phishing attack was ensued to get the clients passwords and usernames. The Russian Business Network, which operates from St. Petersburg committed most phishing attacks in 2006. There are a number of phishing methods that are employed by phishers. These include filter evasion, website forgery, link manipulation, tabnabbing, and evil twins. Phone phishing involves an attack whereby the attacker uses the phone to make a call pretending to be from bank concerning a client problem, the client then gives his/ her personal details, and the accounts gets attacked. Evil twin entails creation of a counterfeit wireless network that appears identical to the public one. Whenever anyone logs on, the attackers acquire their credit information or password, which is later used for malicious damages. Tabnabbing involves creation of multiple tabs to users, which eventually the user to a site that is infected. Phishing can result to a user being denied to access his/ her email. To some extent, the victims of the attack through the network can incur financial losses. Phishing attacks for financial gains by the attackers are widespread in most firms’ networks across the globe. Firms are therefore required to ensure maximum network security is maintained. 5.1.5 IP Spoofing Attacks IP spoofing attacks involves development of internet protocol packets using an IP address that is forged. This is done within the intention of hiding the identification of the sender. Further, it can be employed to impersonate other computer systems. This is commonly used in denial of service attacks, and by the network intruders. This kind of attack is possible where there is trust between the computers in the network, thus the users in the network do not require passwords to access the data stored in the system. That makes an intruder to access data stored in a certain computer in the network without restriction. 5.1.6 Denial of service Denial of service attack is an attack whereby the required users of the network are denied access to information stored within the network. The motive of the attack may vary, however, it entail disconnecting the computers connected through internet from the host. When done for malicious purposes, it focuses web servers of high profile users such as banks and credit cards. This is sometimes executed by giving the system so many commands resulting to server overload. Thus it reduces efficiency in communication between the intended users and the network. Further, it can require resetting the whole network because of provision of inefficient service (Shabtai, 2010, pp. 35-44). Characteristics of network experiencing such kind of attack include: • When the network performance is unnecessary slow that usual • Being unable to access certain sites within the network • Disconnection from the network • When some data within the network cannot be accessed • Unexpected increase in the received spam emails. Methods of attack include through distributed attack, nuke, teardrops attack, unintentional denial of service, peer-to-peer attack, permanent denial to attacks, and application level floods, among many others. 6.0 Methods of Enhancing Network Security Several strategies are being employed to improve network security in most organizations. The present methods are continuously being improved through investments in research and development. The security measures include ways of preventing and detecting attacks. The most recent security measure includes the use of cryptographic systems through the internet. That ensures that data within the network is transformed into unintelligible data with security engineering. The data is transformed using ciphers and codes. Firewall acts as a security measure by forming a perimeter protection that prevents outsiders from accessing data within the network. Software and hardware can be used in the implementation of firewall. Intrusion detention system (IDS) uses both software and hardware to protect the network from intrusion by detecting attacks. The IDS also block attacks and alerts the system administrators (Anson, et, al, 2012). Anti-malware scanners and scanners are employed as security measures against malicious software such as virus and worms. In efforts to enhance security between websites and web browser, protocols such as Secure Socket Layer (SSL) are employed. Through the SSL, a secure channel of communication within the network and the LAN is created through authentication of the authorized within the network while using certificates. IPv6, which is an improvement of IPv4, provides improved security within the network; however, IPv6 continues to remain vulnerable because of mobility, flooding, and header manipulation issues (Bidgoli, 2006). Despite the many challenges facing organizations in references to the network security, these firms use a combination of several security measures to ensure that their operations are not affected. They combine authentication, encryption, and firewalls that eventually create an intranet linked via the internet, which is guarded. Intranet refers to a private network that employs the internet protocols while extranet is a network that can be accessed by a number of parties who may include clients, suppliers, and employees. Intranet limit sharing of data within an environment that is controlled, hence referred to as private network, however, the data protected by intranet is vulnerable when security is not tightened. Usage of closed intranet comes with disadvantages because essential information may not reach the required users. It is recommended that firms should employ open intranet in order to enable data to be shared between parties who may need it. The security measures that open intranet need include: • Complex ant-malware software • Firewall that can identify, and report outsiders attempts to intrude into the network • Strict instructions to employees while opening spam email and email attachments • Encryption of all data transfers, and connections • Authentication of the network through the use of timed passwords, and synchronization In case the network requires to be connected though the network, it can be connected through the Virtual Private Network (VPN). The VPN connects a network that may be located in different geographical locations across the globe. Global firms in their operations employ this security measure. VPN enables real connection across the globe in real time. That enables virtual connections of all the parties of the networks (Lewis, 2004). 7.0 Present Deve