Network Security Management

Introduction

Information security professionals have a significant part in any organization’s attitude in liability management with regard to 21^st Century security and privacy risks. Civil courts normally enforce legislation where plaintiffs suing firms are awarded large punitive damages to serve as deterrents against weak organizational systems and networks. New systems administrators ought to minimize such liability as well as lessen risks associated with physical and electronic threats. They have to exhibit a thorough understanding of contemporary legal settings, regulations, laws, and emerging issues to protect firms against losses accruing from legal suits. This presentation delves on important topics of systems security for the Windows operating system.

Describes unique ethical, legal, and policy issues associated with the administration of systems and networks.

Future security management professionals have to have a working understanding of the organization’s scope relative to ethical and legal obligations. This involves knowledge of contemporary legal requirements, emergent regulations and laws and any other issues requiring attention. It is a common occurrence that some facets of individual freedoms have to be traded for social order. Through ethics, society defines acceptable behaviors through rules and laws dictating organizational conduct in modern societal settings. Ethics are founded on prevailing cultural mores though many are considered universal.

Types of law include criminal law; tort law, civil law, public law and private law. Criminal law is enforceable through state prosecution; tort law enables individuals to seek restitution against each other for financial, personal or physical injury; civil laws entail various laws prescribed by enshrined legal codes; public laws include administrative, constitutional and criminal legislation while private law encompasses labor, family and commercial laws regulating associations between a person and the organization.

Policies are sets of expectations describing appropriate and inappropriate behaviors as developed and formalized to regulate employee conduct in the workplace. Policy is enforceable since all employees acknowledge it through signed consent forms, are easily accessible for employee reference and easily understood so that a firm can penalize staff for any violations.

The security management professional is also tasked with ensuring all organizational members are cognizant with the ten commandments of computer ethics as provided by The Computer Ethics Institute.

Explains how to administer basic user and group security from within a specified operating system

A fundamental system administrator task involves establishing user accounts for every authorized user within a firm. The basic user account bears the information a particular user requires to log into and use a system without the need for the root password for the system. After setting up a user account, the system administrator can then add a user into a predetermined group of users. This allows for group permissions to be set up on a file as well as directory limiting access to group members only.

For the Solaris operating system, user names, IDs and group IDs are unique to a given organizations but might span across different domains. User names should have two to eight numerals and letters where the initial character has to be a letter while the others should contain numerals or lowercase letters. Using hyphens, underscores or a period is not recommended as this may interfere with software products. Users must be part of a primary group specified within the operating system to which files created by the user are assigned. Secondary groups specify other groups that a user may belong to and can be as many as 15. The administrator can manage a group locally or via a name service like NIS or LDAP to allow for central administration.

Explains how to implement virus protection; explanation details a specific process.

The systems administrator is charged with instituting policies and enabling procedures that includes physical security documentation; authorization, authentication and accountability parameters; security awareness protocols for users; risk assessment procedure; incident response mechanism; virus protection; business continuity framework; and audits of partner and vendor relationships.

Virus protection involves establishing an antivirus toolkit that employs different techniques to detect malware. However, it is impossible to have potent virus protection without ensuring security awareness is well communicated throughout the entire organization. To further support organizational virus protection, it is necessary to comply with accredited regulatory standards as defined by industry leaders.it is critical to involve a regular far reaching audit compliance framework to enable reassessment of risks and necessary updating of virus protection.

Describe how to configure a network-based firewall and how to configure proxy settings

            Firewalls work to ensure the safety of an organization’s information system network against viruses and intruders. A proxy is a fundamental machine within a network allowing other machines to share a common internet connection. As an intermediate server, a proxy accepts requests relayed by clients and directs them to other connected network resources. It enables users in a firm’s network to use diverse internet services. It also plays the critical role of ensuring safety and security within a network. A firewall proxy restricts connections emanating from a particular proxy to the outside as well as securing the servers within a local area network. The conventional firewall basically limits connections from outside a LAN. Firewall rules works to match traffic over a network in a given sequence as determined by a systems administrator.

Apply the assessment’s evaluation to a daily used concept.

            After a staff member is promoted, departments within an organization communicate to systems administrator on the need to provide new user authorization access for the employee. It is critical to educate the employee on expected ethical and legal conduct as well as organizational policies relative to greater network authorization.

The administrator then generates a fresh user account for the promoted staff and avails additional privileges for group accounts. The greater privileges accorded to the employee allow for internet access which implies the administrator has to provide information to ensure virus protection. The proxy server allowing for the new user to access internet resources is dependent on a firewall which discriminates against information or resources the staff can acquire.

Conclusion

The security administrator is at the front line in educating management as well as employees within a company on their ethical and legal obligations as well as the accurate application of information security/technology to enable keenly keeping to primary objectives. As this presentation has provided, user and group accounts allow administrators to adequately ensure that different users with different authorization and authentication can use additional resources without compromising organizational processes.

References

Pipyros, K., Mitrou, L., Gritzalis, D., & Apostolopoulos, T. (2016). Cyberoperations and International Humanitarian Law: A review of obstacles in applying International Law rules in Cyber Warfare. Information & Computer Security, 24(1), 38-52.

Stewart, J. M. (2013). Network Security, Firewalls and VPNs. Burlington, MA: Jones & Bartlett Publishers.

Whitley, E. A., Gal, U., & Kjaergaard, A. (2014). Who do you think you are? A review of the complex interplay between information systems, identification and identity. European Journal of Information Systems, 23(1), 17-35.

Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for Internet of Things. Journal of network and computer applications, 42, 120-134.

  Do you need high quality Custom Essay Writing Services?