Access control is the main element in computer security, it prevents unauthorized users from having or gaining access to resources and prevents legitimate users from accessing resources in an unauthorized manner (Stallings, W., & Brown, L. (2015), p. 114). Logical Security protects computer-based data from software-based and communication-based threats. Physical Security, also called infrastructure security, protects the information systems that contain data and the people who use, operate, and maintain the systems. Physical security also must prevent any type of physical access or intrusion that can compromise logical security (Stallings, W., & Brown, L. (2015), p. 535).
Threats to Server and Network Security; Physical and Logical
Physical Threats to Server and Network Security can include many different threats including Environmental Threats, which can include things such as temperature and humidity and fire and smoke. Environmental threats include conditions in the environment that can damage or interrupt the service of information systems and the data they contain (Stallings, W., & Brown, L. (2015), p. 538); Natural Disasters such as hurricanes and lightning. Natural disasters are categorized into six major categories so that precautions can be taken to minimize risk; and Human Caused Threats can be grouped into the following groups: unauthorized physical access, theft, vandalism and misuse. Human threats are difficult to deal with because they are less predictable and they are designed to overcome prevention measures.
Two main repercussions to physical threats on network security can mean physical damage to the infrastructure of an information system that could have been avoided if proper planning had been taken in advance and depending on the nature of the business, civil and criminal penalties can be imposed if data is not properly secured.
Logical Threats to Server and Network Security are many. Examples include: Client and Host attacks which includes password cracking. Password cracking involves using large password dictionaries to guess and crack passwords. These attacks are based off the fact that many users are allowed to choose their own passwords and many of them are short or actual dictionary words. Ways to help mitigate the risk of password cracking is to use computer generated passwords or have a password checker in the system that randomly checks passwords and alerts the user if the password comes up in the dictionary; Eavesdropping, theft, and copying includes theft and copying of software; Replay which is stolen passwords and passcodes; Trojan Horse attacks an application or physical device masquerades as an authentic application or device for the purpose of capturing a user password (Stallings, W., & Brown, L. (2015), p. 105) Denial of Service attacks involve attempting to disable a user authentication service by flooding the service with numerous authentication requests (Stallings, W., & Brown, L. (2015), p.105)
Repercussions to logical threats on the network security can mean unauthorized access to systems and resources.
Guidelines and Procedures to Implement Physical Control
The one guideline to have in place to protect against all physical control attacks is to use cloud computing. In cloud computing, all data and documents are save in a cloud atmosphere and can always be retrieved regardless of what type of physical control has been compromised. For example, if there is a fire and all data is burned in the fire, the data is still retrievable from the cloud.
Other policy guidelines would include the use of environmental control equipment with sensors that can warn of danger and imminent danger to the equipment. Sensors can detect temperature, humidity, fire, smoke, and water; The use of Uninterrupted Power Supply. This is a battery backup unit that can maintain power to processors, monitors, and other equipment for a period of minutes (Stallings, W., & Brown, L. (2015), p.545); Using controlled areas that are guarded by personnel, barriers that isolate the areas with single entry points and locks. Another important guideline is to use sensors, alarms and surveillance systems that monitor the server rooms.
Guidelines and Procedures to Implement Logical Control
Guidelines and procedures to implement logical control include User Authentication. User authentication includes Password based authentication which almost all multi user systems use a variety of password login. The password is used to verify the identity of the user. Control auditing can be used to monitor who was denied access and how many attempts they used to try to gain access. Activity reports can be used to maintain logs of everyone who attempted to access any and all servers.; Biometric Authentication is a verification of ID based on physical properties, there can be a number of characteristics that are used in authentication for biometric applications including facial characteristics, fingerprints, hand geometry, retinal pattern, iris scanning, signature and voice recognition. Token based authentication involves using items that the user has such as memory cards, smart cards, and electronic identity cards. Memory cards can store information like a security code that will allow access to a system or area. The smart card contains an entire microprocessor inside of it. Electronic identity cards are on the rise in some countries. These cards are similar to national identification cards that hold all the personal information for the user, similar to a Driver’s License. 2-Factor authentication is a combination of two or more of the above authentications (Laureate Education, Inc. (Executive Producer). (2012). This is the most secure because users may lose one of the above authentications and it may be available to attackers. While using 2-factor authentication, it requires the user have access to two or more, meaning that it is more secure and the chance that the attacker has access to two of the above items is less than if the authentication only required one factor.
In conclusion, there are many factors that come into play when designing system and network security. An assessment must be conducted to discover the risks and vulnerabilities and then action must be taken to mitigate those risks. The security features can include physical and logical controls and all must be taken into consideration. A policy must be written and followed that includes the threats and guidelines and controls to prevent the threats on the system.
Laureate Education, Inc. (Executive Producer). (2012). Authentication. Baltimore, MD: Author.
Stallings, W., & Brown, L. (2015). Computer security: Principles and practice (3rd ed.). Upper Saddle River, NJ: Pearson.