Network Security Network Security Protocol 1 Network Security Chapter 2. Network Security Protocols.
Network Security ResearchPaper
-
Upload
roger-barr -
Category
Documents
-
view
220 -
download
0
Transcript of Network Security ResearchPaper
-
8/7/2019 Network Security ResearchPaper
1/28
Network Security 1
NETWORK SECURITY IN FINANCIAL SERVICES INDUSTRY
Network Security in Financial Services Industry
By
Roger G. Barr
Masters of Information Technology, American Intercontinental University
Bachelor of Visual Communications, American Intercontinental University
Associate of Arts Business Administration, American Intercontinental University
-
8/7/2019 Network Security ResearchPaper
2/28
Network Security 2
Abstract
Security has always been a big problem with all types of organizations large and small. The big
reason for so much concern is that large amounts of data are transmitted on a daily basis, a lot of
this data is critical to the organization that is transmitting it. The types of data that are transmitted
can also be critical to the organizations clients, such data like social security numbers, credit card
information, license numbers and more. This type of data getting into the wrong hands can be
harmful to not only the client, but also to the organization. This paper discusses how
organizations prevent data from getting into the wrong hands. This paper covers these problems,
and also the direction network security in financial services will take in the future.
-
8/7/2019 Network Security ResearchPaper
3/28
Network Security 3
Network Security in Financial Services Industry
Table of Contents
Cover Page...........................1
Abstract....................................................................................................................................................2
Table of Contents ............................................................................................................................4
Chapter 1: Introduction5
Introduction to Network Security in the Financial Services Industry5
Summary of Chapter 16
Chapter 2: Review of Literature
Literature Review7
Network Usage and Attacks7
Data Breach Cases...9
Financial Data Risks12
Regulatory Guidance...13
Network Security Attacks14
OSI Architecture..17
Chapter 3: Methodology
Methodology of Network Security in The financial Industry .....................................................20
Chapter 4: Data Analysis
Summary Future direction of Financial Security in the Financial Services
Industry21
Chapter 5: Summary, Conclusion, Recommendation
Summary of Chapters..22
Conclusion.......21
Recommendation.22
Reference 24
-
8/7/2019 Network Security ResearchPaper
4/28
Network Security 4
Appendix.....25
Narrative..26
List of Tables and Figures27
-
8/7/2019 Network Security ResearchPaper
5/28
Network Security 5
Chapter 1
Introduction
One of the biggest problems that still haunt organizations today is network security. Not
only is the threat of viruses on everyones minds, there is also the question of what would happen
if critical data got into the wrong hands? It is bad enough if this happened on a personal level, on
your home PC. Now look at the bigger picture, what if this happens at a financial firm such as
banks or other lending institutions? Well this has happened and it continues to happen today.
What are financial institutions doing to alleviate this problem, and how will network security
play a role in prevention of this in the future? Networks large and small are being attacked from
the outside and from within, this can happen from Trojans to employees stealing information
from within. According to Ciampa (2005) more than 85,000 computer viruses were active as of
that date, and 956 new viruses were released as of 2004, one out of every three computers linked
to the internet has a Trojan, these type of attacks are not only launched against personal
computers, they are also launched against large networks. There have been numerous researches
done in network security in the results in the form of articles and books. The real question has to
be answered here, and this will be specific to the financial services part of network security
because this research is specific to this part of network security.
Problem Statement: How will network security help financial institutes protect personal
data, both today and in the future from breaches of security into their networks?
Scope: This research paper will target network security in financial systems service, this
is a quantitate approach to network security in financial institutes.
-
8/7/2019 Network Security ResearchPaper
6/28
Network Security 6
Limitation of the Study: This Research is limited to a collection of data from other
sources as well as personal knowledge of network security.
Summary of Chapter 1
This paper covers network security in financial systems and covers research that has been
conducted in this field both present and past and what still has to be done in the future to
alleviate the problems of data loss or destruction from outside sources. This paper presents data
in a quantitative approach, but is specific to the financial networks. This paper also has diagrams
that shop that help to explain and back-up the research done in this paper.
-
8/7/2019 Network Security ResearchPaper
7/28
Network Security 7
Chapter 2
Literature Review
Network Usage and Attacks
In this review we start narrow and then work our way up to the major point of issue at
hand. In an article on (Build4U, 2010) the author states that every minute your computer is
connected to the internet, either through dial-up, cable, DSL or broadband service your computer
is at risk, this is a very true statement and this statement also includes networks. Today there are
over 259.9 million users on the internet as shown in figure 1 below. Chart is taken from (Internet
World Stats, 2010).
Figure 1
-
8/7/2019 Network Security ResearchPaper
8/28
Network Security 8
Network security attacks can happen at any time whether it is day or night, these attacks
can come in different forms. The author also states that ignoring these threats can cost you
thousands. This also holds true to financial organizations because they have the key to peoples
personal data such as social security numbers, license numbers, phone numbers and much more.
In this day and age people can do their banking online, banks have websites that you can start a
bank account on or check your personal funds. It is very easy for a hacker to use tools to track
your network footsteps, meaning track what keys you press on your keyboard and by doing so
they have your bank account. This is bad news for the person whom just had their account stolen,
or all the information in their account, because other information like your social security
number can be used for other malicious purposes. This is also bad news for the financial
institution because they have to go through the financial burden of trying to find out who breach
their system and your account, and find ways to make their system more secure.
Hackers can even use a personal computer that belongs to someone else as what is called
a zombie, with this zombie thy can launch attacks against any computer and high profile
computer systems such as financial institutions, BuildWeb4U (2010). Standard security measures
are not enough, it is not enough just to have virus protection, and it does not protect a network
against direct attacks. Anytime a computer is always on the internet such as in the case of
broadband and cable or DSL connections, you have a greater chance of your network being
breached.
-
8/7/2019 Network Security ResearchPaper
9/28
Network Security 9
Data Breach Cases
In an article by (Freshfields, Bruckhaus & Deringer, 2008), the authors state that data
security is a major priority. This article shows how important financial security is all over the
world; this article is about financial security in the United Kingdom. This article mentions the
abbreviations (FSA) which stands for Financial Services Authority which oversees the financial
services in the United Kingdom. This article is also a measure of how far and how important
financial security is. This article talks about the increasingly complicated methods now are
employed by fraudsters in obtaining, and using customer data to commit financial crimes,
Freshfields, Bruckhaus & Deringer, (2008).
The article talks about financial institutions in the past that have lost customer data and
found themselves in trouble with facing regulatory actions, and monetary loss due to the
commission of identifying frauds, as mentioned earlier in my paper. This also exposes financial
institutions to reputational damage because of their lack of responsiveness to network security.
One of the problems with financial institutions is there is a lack of regulatory action, so financial
institutions do not take the problem as serious as they should. One of the biggest motivations to a
financial organization should be their reputation, because they stand to lose not only customer
accounts, but they also stand to lose commercial accounts which can be very devastating to a
financial institution.
This article by (Freshfields, Bruckhaus & Deringer, 2008) gives real cases of a financial
institute that did not take the proper measures to protect client information. The first case is with
an organization called Capita. Capita is a third party administrator for collective investment
schemes and was responsible for maintaining client records, they were in charge of carrying out
their clients instructions of purchasing and the repurchase of investments.
-
8/7/2019 Network Security ResearchPaper
10/28
Network Security 10
Capita discovered they had problems with actual attempted frauds against clients these
frauds had been carried out by some of its own staff. The FSA in March 2006 found Capita did
not undertake an adequate assessment of its fraud risk, especially when it came to internal fraud,
and they found that Capita did not have adequate steps to that it had effective controls to reduce
the risk of fraud, Freshfields, Bruckhaus & Deringer, (2008).
Another case that FSA reported was in February 2007, when National Building Society
was fined by the FSA for failing to have effective systems and controls for the use of storage of
customer information on portable storage devices. This came to light following a laptop being
stolen from a National employees home in 2006. FSA found that Nationwide did not have
adequate procedures to respond to data security incident once it had occurred. Nationwide was
not aware that the laptop contained confidential customer information; they made the mistake of
not starting an investigation until three weeks later.
In April 2008, the FSAs financial crime and intelligence division came out with a report
describing how financial services firms within the UK are failing to address the risk that their
data may be lost or stolen and may as a result be used to commit financial crimes, Freshfields,
Bruckhaus & Deringer, (2008). The reports sets out the findings of a review of industry practices
and standards in managing risk of data loss or even the theft by employees and third party
suppliers, this is not just happening in the UK, it is also very much alive here in the United
States, the very same thing happens in all major countries that use financial systems networks.
-
8/7/2019 Network Security ResearchPaper
11/28
Network Security 11
Figure 2
Chart by Roger G. Barr, Information from (Jenkins, G., 2009)
This chart is information from (Jenkins, G. 2009) a website called (IveBeenMugged)
the stats show that in 2008, 2.4% of all breaches involved data where encryption or strong
protective measures were in place. 8.5 percent involved password protection, malware attacks,
hacking, and insider theft accounted for nearly 30 percent of breaches that cited a cause, stated
by the ITRC. Insider theft doubled between 2007 and 2008, they accounted for 15.7 percent of
the4 breaches, Jenkins (2009).
To find the statistics by state the ITRC has a website that lists them state by state,
http://www.idtheftcenter.org/ITRC%20Breach%20Report%202010.pdf.
ITRC 2008 Data Breach Statitics
Strong Potective Measures
Password Protection
Malware, Hacking
Insider Attacks
-
8/7/2019 Network Security ResearchPaper
12/28
Network Security 12
Financial Data Risks
In an article by (Corbin, K., 2010) called Database Security Lacking at Financial Services
Firms the author states that sloppy operating practices across financial services sector leave
firms venerable to breaches that could expose sensitive data or put customers and employees
privacy at risk, according to a new study from the Ponemon Institute. This study was
commissioned by enterprise software and consulting firm called Compuware (NASDAQ,
CPWR), they identified several key areas where financial services companies could take hits or
damage to the company from loose data policies that were demonstrated in their study. Larry
Ponemon, the head of the Ponemon Institute said that While there is a great deal of progress
being made, there is still a long way to go. A survey at 80 large financial firms of their top
security officials found that 83 percent use real data, which is credit card or account numbers,
when developing and testing applications, Corbin, K., 2010. The conclusion of this survey was
that Ponemon found that a majority of the firms that were surveyed do not take sufficient steps to
safeguard these types of information.
The author states that one of the most important things a company can do is to assure their
future success is to plug their security leaks that were identified in this study. Every day you can
measure the risks that take place with the financial industry as far as network security is
concerned, you read about it and hear about it almost on a daily basis. The latest warnings comes
amid a growing wave of data breaches that have targeted not only financial institutes but
universities and insurance firms and others, Corbin, K., 2010.
-
8/7/2019 Network Security ResearchPaper
13/28
Network Security 13
In this study only 47 percent of the companies said that they have deployed intrusion
detection systems, while 56 percent stated that they have implemented identity compliance
procedures. Similarly 41 percent of financial houses said they have deployed data loss prevention
technologies. Not protecting customer or client data becomes a public relations nightmare that
invariably follows high profile data breaches, Corbin, K., 2010. Financial institutes also face
falling out of compliance with government regulations; financial institutes should have their
customers best interest in mind by safeguarding customer data.
The survey canvassed financial firms with at least 500 employees that are based in North
America, but operate globally, this included banking, investment, insurance, credit card and
mortgage firms, Corbin, K., 2010.
Regulatory Guidance
In this article by (LeDuc, S., 2005) She states that the Federal banking regulatory agencies
issued an Interagency Guidance Program for Unauthorized Access to Customers Information
and Customers Notice. This guidance interprets 501(b) of the Gramm-Leach-Bliley Act
(GLBA) as well as the security guidelines 1 issued by the Federal banking regulatory agencies,
LeDuc (2005). This guidance addresses procedures that need to be used by financial institutions
in order to respond to unauthorized access to or use of customer information by third parties.
The regulatory agencies expect banks to implement these guidance steps right away
whether they are a small or large banking institution. The guidance states that if sensitive bank
customer information is stolen or illegally accessed, the bank is required to first notify its
-
8/7/2019 Network Security ResearchPaper
14/28
Network Security 14
primary regulator then if certain conditions exist the bank needs to notify affected customers,
LeDuc, S (2005)
Network Security Attacks
Banks and all other financial institutions work off of networks whether it is wired or
wireless, in banks computers are often left on so that they are ready for use the next day, this
goes back to what I said earlier in this paper about computers and networks that are online all the
time become very vulnerable. In a Book called Security+ Guide to Network Security
Fundamentals (2
nd
Ed) by (Ciampa, M., 2005) Ciampa states that An attacker who can access
the internal network directly through the cable plant has effectively bypassed the network
security perimeter and can launch his attacks at will. This statement is actually frightening,
because hackers can to this to get into financial systems data unless their network is secure.
Attackers can connect their laptop computer to internal cable plant and launch what is called a
Man-In-The-Middle attack this is a replay or Transmission Control Protocol/Internet Protocol
(TCP/IP) hijacking attack, Ciampa (2005).
The attackers can also use a technique called sniffing, which is capturing data packets
that are traveling through the network. Hardware or software that performs these functions is
called sniffers. To protect the data plant the first line of defense would have to be is there has to
be adequate physical security, what physical security does is protect the infrastructure and has
one primary goal; that is to prevent unauthorized users from reaching the equipment or cable
plant and to prevent them using, stealing or vandalizing it, , Ciampa (2005).
-
8/7/2019 Network Security ResearchPaper
15/28
Network Security 15
Figure 3
Diagram created by Roger Barr, Data taken from Ciampa (2005)
The base design of a secure network is shown in figure 3; a security perimeter surrounds the
network and computers, with a single entry point for external traffic, such as traffic from the
internet. Securing cabling outside of the protected network, this is not the primary security issue
for most organizations. The priority is protecting access to the cable plant within the internal
network, Ciampa (2005).
-
8/7/2019 Network Security ResearchPaper
16/28
Network Security 16
Attackers frequently position sniffers near targets where they can gather the most sensitive
information; this could be a server that supplies financial data to a bank. Physical security can be
compromised if the proper equipment is not installed to prevent outsiders form accessing the
cable plant. The security measures could include changing door locks, alarm systems, proper
lighting, plus having good security procedures in place for all employees or even guests into the
financial institution.
More intruders gain access to the power plan through social engineering, this can be done
by several means pretending to be there to repair something, this is done more than any other
means of gathering sensitive data. There are several ways to secure data that is stored on a file
server and this would be accomplished by using strong passwords, network security devices,
antivirus software, physical security, education and management evolvement. There are things
that organizations have to be aware of internally too, that could be employees coping information
on CDs and bring that information home.
What employee theft of data does is compromise the system more by the employee losing
the disk and the information getting into more hands, or the employee selling the disk. Another
thing is a worm or virus can be introduced to the media, if the employee brings back the disk and
uses it for a malicious intent. A workstation like you would have in the bank refers to personal
computers attached to a network. Also called a client workstations are generally connected to a
LAN and share resources with other work stations that are in the same network. A server is a
computer on a network that is dedicated to managing and also controlling that network. The
server is responsible for holding the files and managing the processes that provide the resources
to the network users, Ciampa (2005).
-
8/7/2019 Network Security ResearchPaper
17/28
Network Security 17
Both workstations and servers can be victims of all the different types of attacks. To harden
these systems there are there are several things that have to be done:
Disable nonessential service. Do not allow users to grant permissions to other users over objects. Install antivirus software and keep it updated (very important). Regularly update operating systems and applications. Require strong passwords with a minimum length of eight characters, which expires
after 30 days and cannot be reused.
Review audit logs regularly.
Set access control lists (ACLs) for all network users. Use CHAP, Kerberos, and certifications when possible. Use Security Templates. When using biometric devices, require addition authentication such as tokens.
Data taken from Ciampa (2005)
OSI Architecture
Encryption is another form of protecting data; it is a very important form that is often
over looked. The author of Cryptography and Network Security Principles and Practices (4th
Ed)
by William Stallings, states to assess effectively security needs of an organization and to
evaluate and choose various security products and policies, the manager responsible for security
needs some systematic way of defining the requirements for security and characterizing the
approaches to satisfying those requirements, Stallings (2006).
-
8/7/2019 Network Security ResearchPaper
18/28
Network Security 18
The author states that this is difficult when youre dealing with a centralized data
processing environment, with the use of LANs and WANs this problem becomes compounded.
ITU-T2 Recommendations X.800, Security Architecture for OSI, defines such a system
approach, Stallings (2006). This architecture comes in handy to managers when organizing the
task of handling security. This architecture was developed as an international standard; computer
and communications vendors have developed security features for their products from this
architecture. The OSI security architecture focuses on security attacks, mechanisms as well as
services; these can be defined by the following:
Security attack: Any action that compromises the security of information owned by
an organization.
Security Mechanism: A process (or a device incorporating such a process) that isdesigned to detect, prevent, or recover from a security attack.
Security Services: A processing of communication service that enhances thesecurity of data processing systems and the information transfers of an organization.
The services are intended to counter security attacks, and they make use of one or
more security mechanisms to provide the service.
Data taken from Stallings (2006)
A means of classifying security attacks, used by both X.800 and RFC 2828, is the terms
both passive and active attacks. A passive attack attempts to learn or make use of the information
from the system but at the same time it does not affect the system resources. An active attack
attempts to alter the resources or affect its operation, Stallings (2006).
-
8/7/2019 Network Security ResearchPaper
19/28
Network Security 19
In all the articles and information taken from books on this research paper all point out the
importance of financial institutions responsibilities of securing their networks and what the
implications would be for not doing so. There are several different measures pointed out by the
authors of these articles and books for securing a network both internally and externally, by
keeping data from being compromised. This is very important to a financial institution
especially, because customer data can be lost or stolen and have a big effect on the financial
organization which could hurt their status, and be the cause for fines by the government
regulatory commissions.
Regulatory guidelines are set to help both the financial industry and to especially help the
customer so that their critical information is not stolen and used for malicious intents. All the
information from these sources clearly state the importance of protecting personal data, and
shows the need for better security measures by the financial institutes like banks, credit card
companies, mortgage companies and any institute that collects personal data from its customers
and clients that could even be large companies.
Though our main focus here are financial institutions data security goes a long way and this
paper also serves as a reminder to these companies that there is a greater need for more secure
systems and better security planning and training. Education of employees is where it should
start and continue to encompass the wider picture of securing every access point within an
organization.
-
8/7/2019 Network Security ResearchPaper
20/28
Network Security 20
Chapter 3
Methodology
This research took a quantitative approach by using different resources of information
such as books by popular authors with scholarly information and Scholarly articles. Diagrams
were created by me using data from articles and books that were written on the subject that was
presented. Books on Cryptology, Network Security along with several papers written by
researchers were used along with several cases presented that have to do with breaches of data by
hackers on financial institutions. Each case that was presented was an actual case that happened
to a real organization. I chose these sources because they were the best representation of data by
scholarly sources on this subject. I analyzed the data in sequence, in accordance to how network
security should be measured when doing research on such a topic, from narrow to wide.
All the information is broad based, meaning it covers security for many different types of
institutes, but my scope was limited to financial institutes such as banks and any institute that has
to do with our financial system, here in the United States and globally because network security
is a global problem, it does not begin and end on one shore. The materials used from the books I
chose are books that have been used in college courses to teach network security and encryption
which is a part of network security, which is a whole other subject that can get very deep. All
the information resources chosen over the internet were from information sites, articles and
publications that were written by scholarly sources.
-
8/7/2019 Network Security ResearchPaper
21/28
Network Security 21
Chapter 4
Data Analysis
How will network security help financial institutes protect personal data, both today and in the
future from breaches of security into their networks?
This is an important question, because it is very important for financial institutions like
banks to protect personal data so that it does not get into the wrong hands, through this research
paper we have come up with some of the answers to this question. The first thing is more
education given to employees and management alike that work and run these financial
institutions. It is also very important to have a network security plan that is going to work and
that is not real complicated to implement.
In order for security to work at these institutions there has to be cooperation from both
staff and management, and there has to be a plan to cover security from internal threat and
external threat. As stated earlier in this paper there are physical as well as network security that
has to be dealt with physical would be securing cable plants from intruders walking in setting up
a laptop and stealing data. Network security evolves measures like the ones listed on (p 16) of
this paper. The answer to this question is that securing a financial network or any other network
has to be a total package of cooperation, education, and dedication to wanting to do what is right
and to do what is necessary to protect other people information.
Security is a combined effort and more security measures by financial security regulatory
commissions will also help both financial institutions as well as customers. This will help by
setting regulations that financial institutions must follow to protect personal data on their
systems.
-
8/7/2019 Network Security ResearchPaper
22/28
Network Security 22
Chapter 5
Summary, Conclusion, Recommendation
In this paper we have discussed a lot of material on Network Security and Financial
Institutions, this paper covered a lot of material about companys lack of security measures. This
paper also covered the different types of threats there are that threaten a network on a daily basis,
this paper also covered X.800 and hackers and their techniques as well as what physical security
and what network security is. This paper displayed several real life cases of actual breaches to
three different organizations networks, all being financial institutes. This paper gave a problem
statement and latter throughout the paper showed what can be done to address this problem, this
paper also displayed different diagrams, two of which were created by me using data from the
sources I used and the other came directly from the web source giving full credit to the source.
My observations in all the research that I did was that there has been a lack of network and
physical security in financial institutions for as long as computers have existed, and it continues
to be a wide based problem extending globally. There are attacks on networks every day and still
the same security problems exist. Another observation I get from this research is that there is a
lack of education on the part of financial institutions on network security, yet most of their
transactions are network based, it seems the concerns while training their personnel is for the
most part paper work that has to do with the bank, but not on how to secure this data when
entered in their system.
My recommendation is that financial institutions do a more thorough job training personnel
during their initial training and also concentrate that training in the direction of securing personal
data in their system. I also recommend that management get more involved in network security
within their organization, this is very important so that there is cooperation between
-
8/7/2019 Network Security ResearchPaper
23/28
Network Security 23
management, training and their employees. If security is stressed on regular bases there will be
improvements that can be seen very quickly. There is a great need for more research on this
subject to answer the unanswered questions of why doesnt organizations take security more
serious with so much on the line for them? What measures will help organizations to realize how
important security is to their networks?
-
8/7/2019 Network Security ResearchPaper
24/28
Network Security 24
References
BuildWebSite4U (2010) Computer Internet Security, Retrieved May 1, 2010, from http://www.
Buildwebsite4u.com/articles/internet-security.shtml
Ciampa, M (2005) Security+ Guide To Network Security Fundamentals (2nd
Ed), ThomsonLearning Inc., 25 Thomson Place, Boston MA, 02210
Corbin, K (2010) Database Security Lacking at Financial Services Firms, Retrieved April 28,
2010 from http://www.esecurityplanet.com/trends/article.php/3868381/Database-Security-Lacking-at-Financial-Services-Firms.htm
Freshfields, Bruckhaus & Deringer (2008) Data Security in Financial Services, Retrieved April30, 2010, from http://www.freshfields.com/publication/pdfs/2008/sept08/23489.pdf
InternetWorldStats (2010) Internet Usage Statistics the Big Picture, Retrieved May 1, 2010, fromhttp://www.internetworldstats.com/stats.htm
ITRC (2010) Identity Theft Resource Center, Retrieved April 28, 2010 from
http://www.idtheftcenter.org/ITRC%20Breach%20Report%202010.pdf
Jenkins, G (2009) ITRC 2008 Data Breach Statistics; Insider Theft Doubled, Retrieved April 28,2010 from http://ivebeenmugged.typepad.com/my_weblog/2009/01/20090121.html
LeDuc, S (2005) New Data Security Guidance for Banks Not Suggested, These Elements Are
Required, Retrieved April 7, 2010, fromhttp://www.gcglaw.com/resources/financial/data_security.html
Stallings, W. (2006) Cryptography and Network Security (4th
Ed), PEARSON, Prentice Hall,Upper Saddle River, NJ 07458
-
8/7/2019 Network Security ResearchPaper
25/28
Network Security 25
Appendix
Where to Go for More Information on This Subject, there are several books and articles on this
subject, Books that I recommend are;
Stallings, W. (2006) Cryptography and Network Security (4th Ed), PEARSON, Prentice Hall,Upper Saddle River, NJ 07458
Cryptography and Network Security by Williams Stallings, this book covers the importance of
Cryptography and Network Security and the role that cryptography takes on in securing data
through data encryption.
Ciampa, M (2005) Security+ Guide To Network Security Fundamentals (2nd Ed), ThomsonLearning Inc., 25 Thomson Place, Boston MA, 02210
Another book that I recommend is Security+ Guide To Network Security Fundamentals by Mark
Ciampa, this book is very detailed covering everything from different types of network attacks to
how to secure a network from intruders.
There are also very good websites on this subject which I have listed in the reference section of
this paper.
-
8/7/2019 Network Security ResearchPaper
26/28
Network Security 26
Narrative
I had a lot of challenges when conducting this study one was trying to pick the right
materials to present for the subject matter, because network security is such a wide topic because
it covers everything from personal attacks to attacks over large networks, cryptography, physical
security, management and a lot more. This information that is obtained from books and articles
deals with network security more in general than it does on specific topics so it is very time
consuming to find the right information on this topic, when you look for scholarly sites most of
them you have to pay for to obtain information on the subject matter. There are sites also listed
that you cannot get into because they are other college sites. So it is hard to gather information
on this subject, you have to look at 40 different sites just to obtain one paper that really has to do
with your research.
The results are what I expected to find except for the difficulty in finding the information
like I stated. Another challenge was trying to get this paper done in six weeks with an overload
work schedule that I have, this research was very time consuming and even though you have six
weeks to do it, the amount of time after work to get this amount of information still turns out to
be very little. So those were the biggest challenges. I like a challenge but I believe doing a 25
page paper with the amount of other paper work for this course, was a big challenge.
-
8/7/2019 Network Security ResearchPaper
27/28
Network Security 27
Tables and Figures
Figure 1. Internet users in the world by geographic regions 2009
Figure 2. ITRC 2008 Data Breach Statistics
Figure 3. Network Perimeter
-
8/7/2019 Network Security ResearchPaper
28/28