CONTENTS Introduction 2 – 3 What Is a Firewall? 3 – 4 Types of Attack 4 - 5 Firewall Technologies 5 – 6 Choosing a Firewall 7 – 8 Conclusion 8 – 9 Abstract The world is surging towards a digital revolution where computer networks mediate every aspect of modern life. Not many years ago, most computers were carefully guarded mainframes, held tightly in the hands of skilled professionals. The systems and their guardians combined to provide ironclad protection of the organization’s all important data. Today the world is scary, anyone can get their hands on to the personal computers and even link into networks. Today the threat to the information on the network has grown to the …show more content…
. Generally there are three types of attack that could potentially affect your business: • Information theft: Stealing company confidential information, such as employee records, customer records, or company intellectual property • Information sabotage: Changing information in an attempt to damage an individual or company’s reputation, such as changing employee medical or educational records or uploading derogatory content onto your Web site • Denial of service (DoS): Bringing down your company’s network or servers so that legitimate users cannot access services, or so that normal company operations such as production are impeded Firewall Technologies The ICSA (International Computer Security Association) classifies firewalls into three categories: Packet Filter Firewall Every computer on a network has an address commonly referred to as an IP address. A packet filter firewall checks the address of incoming traffic and turns away anything that doesn’t match the list of trusted addresses. The packet filter firewall uses rules to deny access according to information located in each packet such as: the TCP/IP port number, source/destination IP address, or data type. Restrictions can be as tight or as loose as you want. An ordinary router on a network may be able to screen traffic by address, but hackers have a little trick called source IP spoofing that makes data
Fraud: Dishonest, confidentiality-breaking, financially sneaky employees, customers, and business partners exist. One wrong move and the fraudulent person can damage the company's reputation and image to the point of closure.
Denial of service – Denial of service or DOS is an attempt to make a machine or network unavailable to its users. The services that were available to the user wouldn’t be available anymore. Although the result of a DOS attack does not lead to data theft. However a great deal of time and money can cost the company. An example of a service being stopped is email, or can be a loss of network connectivity. There could be no access to shared storage and no one would be able to access the internet while the DOS attack.
* Burglary, larceny, theft of trade secrets, theft of services, arson, receipt of stolen goods, forgery.
Encryption - apply encryption to the network with software and hardware solutions. For instance, software can be used to encrypt the financial records for anyone unauthorized to see the information, and a hardware solution can be used to build a VPN from any remote
reason why they need a firewall as it will not let certain data in by unknown sources.
Computers have become part of our daily complex lives; we depend heavily on computers to help break our complicated lives down. Most people now prefer to do things the digital way and so does companies. Most of trading (buying and selling) is now online which requires computers. In order to satisfy our hunger for digital living, there is a need for technology called the operating system to carry out the activities we require our computers to do. Computers and technology come in different forms and sizes and due to the capitalistic nature of our economy everyone is allowed to come up with their own form of computer and even the technology to run it. In recent years’ companies have gained interest doing business digitally and since software have become easier to write or code, it is also vulnerable- easy for programmers to access and exploit called hacking. Hackers are unapproved clients who break into a technological framework, change or decimate data, frequently by introducing hazardous malware without the insight and assent of the host company. Companies are now at risk of losing much more than money by doing business the digital way. It is in this view that the Security Exchange
We have direct approach, dumpster diving, spying and eavesdropping, technical expert, support staff and the voice of authority (Gulati, p.3). The direct approach involves carelessness in security issues, which is when an employee forgets their pass card in a building and an attacker gets access to the pass card. For an intruder, this is the first step in access information (Gulati, p.3). Physical access to a company provides a good platform for hacking. On the other hand, dumpster diving is the disposing items of that the company deemed outdated or out of use, which contains personal identification information it becomes easy for a perpetrator to access that information. The information of the thrash items may include the policy and procedures of a company and the hacker may use this information in order to convince the victim about his/her authority or authenticity (Gulati, p.5). Spying and eavesdropping involves getting access to ID and passwords through observations or eavesdropping. The contact details may be accessed through written documents, phone call and observing a user
The violation of the information resources of the company was caused by an employee accessing the data systems from an outside source. The information included employee personal information and company manufacturing documents. The security was lax and should not have allowed for such access from outside. The possible impacts are many and must be carefully analyzed.
Misuse of the employer’s computer system, vandalism, or theft of software or proprietary data will result in Employer reporting the activity to the police and may result in criminal sanctions.
Fraudulent acts by individuals can negatively impact the company’s reputation and incur significant legal costs, and lead to incarceration, not to mention the downfall of the entire organization.
- Breaking away with Data Mart’s servers or any hardware for the purposes of stealing them, destroying them, or selling them for money
Abuse the trust of service user’s and cares or the access you have to personal information about them or to their property, home or workplace.
A firewall is an access control security tool used to prevent unwanted access to a network. It
Impersonation is another method of stealing information and gaining access by pretending to be somebody else. Impersonation can take place in person, over the phone, or via email. During the impersonation, the attacker can pretend to be a fellow employee, Partner Company, an auditor, new employee, another employee from satellite office, CEO, senior manager, system manufacturer, or desktop support
Additionally, some malware creates a denial of service by design, increasing the possibility of an attack on the organization’s infrastructure. While most organizations understand denial of service very well since it impacts productivity but many ignore the impact on confidentiality and integrity. Attackers access the organization’s data they can use this to sell to third parties and make a profit.