Human culture has been transformed by recent developments in information technologies. From slow and unreliable conventional messaging systems, today's communications technologies make connectivity not only quick, effective, secure, and accurate, but also inexpensive and usable. People thousands of miles away can not only send and receive undistorted messages in fractions of a second but they can also video chat and connect with stations in space. Fiber optics has enabled the majority of these advancements.
Telecommunications, communications, defense, and technology are both keywords. The Internet has revolutionized global communication methods by connecting people on a scale unimagined fifty years ago. New programs, software, and platform applications have been popularised via social media. However, this rapid uptake has also created serious security concerns for individuals and organizations as unscrupulous individuals use data mining technology to invade privacy rights and use information about internet sites that individuals have accessed (Viega et al., 2002). They do this largely by accessing the complex algorithms that are used to develop online profiles (metadata) of all individuals who access the Internet via search engines or social media platforms. State surveillance, hacktivist groups and state sanction espionage in different countries as well as rules and regulations enacted under the guise of terrorism to access people’s personal data fully make it vital to take electronic communications networks and their security seriously (Stallings, 2006).
In light of this, the current research proposal will examine the issue of communications network security.
Discussion topics will include:
The identification of potential vulnerabilities in a communications network.
The role of information communications security experts.
The laws that govern the safety of communications networks.
Measures that can be enacted in the event of communications network security breaches.
The paper will examine the following sub-topics in detail:
Contextual information:
This will include some preface information on electronic communications networks and security iterating development as well as changes thereto
Threat assessment:
This section will include an analysis based on common threats to the safety of communications networks.
Advances in cyber-attacks on communications network:
This section will include an analysis of cyberspace terrorism and the motives for safety breaches in communication networks.
Use of secure communications channels through secure firewalls:
Cisco Networks’ secure communications will be examined in this section.
Privacy invasion in communications networks and social media platforms.
Biometric measures: is the iris or fingerprint more secure for authorized communications links?
Security control for a secure communications network.
The paper will conclude with a comprehensive discussion on the above topics, supported by research and explanations. These will align with the themes of the proposal and will be supported by explanations pertaining to security concerns, known threats to communication networks and measures that should be taken to prevent them.
Communications Network and Security
Communication technology is one of the fastest changing industries in the world. Advances in hardware accessories and software have made it possible to share information over huge distances within milliseconds. Millions of individuals use Local Area Networks (LAN) and (Wide Area Networks) WAN to communicate easily, local authorities use Internet based programs to manage public sphere activities such as traffic and cyber based applications have been popularized by social media. This explosion in popularity can be partly attributed to satellite connections, which do not have any physical limits and new networking capabilities, which function more efficiently due to wireless networking (as opposed to wired networks) (Aronson, 2004).
The current technologies are a vast improvement on their predecessors. The architecture of the Internet is more powerful and cheaper than the traditional networks offered by landline phones (Aronson, 2004, p.4).
The Internet enhances an organization’s network, the services it offers and its structural costs.
However, the Internet and the www require communication technologies that are more complex and consequently need more bits for transmission.
In addition, these strides in communication technologies have increased security concerns as criminals and unscrupulous individuals use them to invade people’s privacy, attack organizations and profit unduly.
Threat assessment
It is a well-known fact that using a communication network opens it up to attack due to sharing, system complexity, unknown perimeters and paths. Anonymity makes it possible for an attacker to launch an attack from miles away without ever coming into direct contract with the computer system, its users or administrators (Pfleeger & Pfleeger, 2003).
Storing files in network hosts that are user remote also makes them vulnerable to attack. When data is stored remotely, the file or data may pass through several hosts before the user receives it. This is complicated by the fact that although the administrator of one host may observe several security policies, they cannot control other network hosts. Consequently, an attack may originate from anywhere and pass to any host. Networks also make it possible for workload and resource sharing which creates access avenues. In addition, computer Operating Systems (OS) are complex, which makes failsafe reliable security nearly impossible. A network control/operating system is even more complex than an OS, and this increases security threats (Pfleeger & Pfleeger, 2003).
Consequently, the expandability of a network translates into uncertainty about its boundary. A single host may be a node on two separate networks and resources present in one network will be more accessible to users on the same network. Despite the advantage of wide accessibility, this uncontrolled or unknown group (with possible malicious users) can be a threat to security. The existence of several paths from a particular host to another also endangers security, as control over messages routing is reduced (Pfleeger & Pfleeger, 2003). Fortunately, an isolated home user or an office with few employees is not likely to be a target for cyber based attacks, even when adding a network.
Identification of Potential Vulnerabilities
Vulnerability scanners help to identify, define and classify security holes (vulnerabilities) in a server, computer, communications infrastructure or network. They do this by locating patches missed on target systems and reporting related vulnerabilities. Scanners can also identify outdated software versions, misconfigurations and missing patches.
Vulnerabilities that constitute network threats include unnecessary services, software defects, unsecured accounts and misconfigurations. Vulnerability scanners that have been tested and used successfully include McAfee Vulnerability Manager, Retina Network Security Scanner, Nessus Vulnerability Scanner from Tenable and Nexpose Vulnerability Management from Rapid (Awad, Hassanien & Baba, 2013).
Privacy Invasion
Privacy invasion constitutes a major threat to communication networks and social platforms. Personal space can be invaded in a variety of ways and purposes, such as when attorneys use jurors' social accounts to vet them and potential employers use job applicants’ personal information. Sexual predators and hackers may also use a victim’s personal information (Smith, 2012, para.1) for nefarious ends.
Cyber-attacks
Cyber-attacks constitute another threat to the security of communications networks, particularly for large organizations such as governments and corporations. While a good number of the attacks are modest, such as emails containing Trojan horses, the threat that they pose continues to raise concern. It is often difficult to contain malicious messages because they seem genuine and appeal to people’s sympathies. They usually contain attachments or links to websites that are unsafe and users may access these in ignorance. Once an attacker gains access to a victim's computer networks and systems, they will invariably infect it. Attacks can take many forms, such as phishing, which aims to access personal or confidential information for financial profit, identity theft and the more complex denial of service, which is becoming increasingly prevalent. This entails sending large volumes of traffic to computer systems, consuming the system’s resources and causing it to eventually crash (Butts & Shenoi, 2014).
Motives for Safety Breaches
People attack communications networks for a variety of psychological reasons, including revenge, hate, personal gain, and ‘joyrides’. This phenomenon points to wider social ills. A good number of misdirected youngsters are motivated by peer pressure and seek to break computer networks to demonstrate their ‘competence’. Others are driven by greed and financial gain, while still others are motivated by ignorance (Kizza, 2015).
Securing the Communications Network
Effective security in a communications network refers to the creation of environments that are secure for several resources. A resource can be regarded as secure if it is guarded against external and internal unauthorized access. Computer system protection must therefore be provided for the tangible objects (hardware) and the intangible object (software) or data and information in the system. There are a variety of methods to protect communication networks such as authentication, access control, integrity, confidentiality, and nonrepudiation (Kizza, 2015).
Hardware access control
Hardware access control is a security system component that is used by means of pre-provided identification to the user. Simply put, it limits who gains access to what services. Examples include identification cards, visual event monitoring, video surveillance, passwords and biometric identification. The latter includes voice and iris recognition as well as fingerprints and appears to be the fastest growing choice for large organizations. Currently, fingerprints offer the most advanced level of security.
Software access Control Systems/ Firewalls
Software access control falls into two categories: remote and Point Of Access (POA) monitoring. In the former, terminals are linked by either telephone lines, modem and wireless connections (Kizza, 2015, p.45). Firewalls are also installed to protect software from unintended users’. They detect threats and report on them. Firewalls are very popular, and are used by large organizations such as the Cisco Network. However, they are vulnerable to tunneling by hackers. POA monitoring makes it possible to monitor personal activities using a PC-based application. The application gathers and stores access events, other system operations events and download access rights (via terminals).
Confidentiality/Security Control for Secure Communications Networks
Confidentiality/security controls for secure communication networks protect system information and data from disclosure to unauthorized personnel. When data leaves a client computer via a network, it can be channeled into an insecure environment. This means that the recipient cannot fully trust that there are no third parties who eavesdrop. Confidentiality/security controls therefore use encryption algorithms (cryptography) to protect data in transit (Kizza, 2015).
Role of Information Communications Security Experts
Due to increased threats to telecommunications security, the demand for information communication security experts has increased. These individuals protect information systems, including infrastructure and network, safeguard asset and financial information, customer data and other critical systems information. They also design and develop software and security devices to ensure that organization and client information and products are safe (Chandana, 2013).
Laws governing the Safety of Communications Network
The Communication Assistance for Law Enforcement Act (CALEA) was enacted on 25 October 1994 to prevent law enforcement agencies from invading people’s privacy using electronic surveillance measures. The act requires telecommunications carriers to allow law enforcement agents to conduct electronic surveillance once they have a court order or other form of legal authorization. The CALEA statue defines telecommunication carriers as facilities, equipment or services that enable a subscriber or customer to terminate, originate or direct communications (Ward, Kelly, & Anderson, 2017).
The Title 6 U.S. Code § 194 provides for the enhancement of public safety communications interoperability. In addition, the Data Protection Act of 1998 (DPA) provides individuals with rights that are specific to matters of their personal information and places specific obligations on the organizations responsible for personal information processing (Information Commissioner's Office, 2012).
Responding to Communications Network Security Breach
When a network security breach occurs, a breach management plan should be implemented. An effective plan incorporates the following four critical elements (Information Commissioner's Office, 2012):
Containment and recovery. Data security breaches demand not just an initial response to investigate and control the situation but a recovery plan that involves damage litigation where necessary.
Assessment of ongoing risk. Some security breaches do not cause major risks but simply inconvenience people in need of the data to perform their jobs/functions. It is therefore important to assess potential severe consequences to the individual, the seriousness of the situation and the likelihood of it reccurring (Information Commissioner's Office, 2012) before making containment decisions.
Notification of breach. Managing security breaches effectively involves informing affected organizations and people about them. However, this does not serve as an end in itself. Notification must have another clear purpose, such as enabling the affected party to take steps to protect themselves, allowing legal bodies to function or offering advice and resolving complaints.
Evaluation and response. It is critical that not only are the causes of the breach managed but the effectiveness of a suitable response. If the breach has been caused by ongoing or systemic problems (in whole or part), dealing with it as a once off event and continuing with a business as usual approach will not be effective. Similarly, if inadequate or unclear breach management policies interfere with the response, a review and update of these must be undertaken (Information Commissioner's Office, 2012).
Conclusion
Advancements in telecommunications have improved the quality of life for millions of people throughout the world by enabling them to communicate faster. Unfortunately, they have also increased security threats to personal privacy, organizational information and government infrastructure. This is largely due to the fact that security measures to protect hardware and software have not kept up with advancements in technology. It is therefore vital to continue research into better methods of protection, particularly as it impossible to completely eliminate network communications threats. It is however possible to manage and reduce adverse effects when a breach occurs.
References
Aronson, J. D. (2004). Causes and consequences of the communications and internet revolution. Internet Revolution, 1-39.
Awad, A. I., Hassanien, A. E., & Baba, K. (2013). Advances in Security of Information and Communication Networks. Cairo: Springer.
Butts, J., & Shenoi, S. (2014). Critical Infrastructure Protection VII. Arlington: Springer.
Chandana. (2013, June 17). Key Roles & Responsibilities of IT Security Professionals. Retrieved March 5, 2017, from IT Security Management: https://www.simplilearn.com/it-security-professionals-key-roles-responsibilities-article
Information Commissioner's Office. (2012). Guidance on Data Security Breach Management. Information Commissioner's Office.
Kizza, J. M. (2015). Guide to Computer Network Security. London: Springer.
Pfleeger, S. L., & Pfleeger, C. P. (2003, March 28). Security in Networks. Retrieved March 4, 2017, from InformIT: http://www.informit.com/articles/article.aspx?p=31339&seqNum=2
Smith. (2012, March 7). Privacy Invasion: Social Media monitoring required to attend college or to be hired? Retrieved March 4, 2017, from NetworkWorld: http://www.networkworld.com/article/2221850/microsoft-subnet/privacy-invasion--social-media-monitoring-required-to-attend-college-or-to-be-hired.html
Stallings, W. (2006). Cryptography and network security: principles and practices. Pearson
Education India.
Viega, J., Messier, M., & Chandra, P. (2002). Network Security with OpenSSL: Cryptography for Secure Communications. “O’Reilly Media, Inc.".
Ward, D., Kelly, J., & Anderson, K. (2017, February 9). Communications Assistance for Law Enforcement Act. Retrieved March 5, 2017, from Federal Communications Commission: https://www.fcc.gov/public-safety-and-homeland-security/policy-and-licensing-division/general/communications-assistance
We will email this sample to you with pleasure!
Type your email