Beruflich Dokumente
Kultur Dokumente
ISSN: 2321-8827
Vol. 1 Issue 5, October - 2013
Abstract
Data breach is probable, damaging and costly to No matter the kind of computer network system,
organisations. There is a high probability that a there is the need for some type of security to
data breach is through some form of hacking. It is, protect data and other network resources [6], [7],
therefore, important to fortify network perimeter [8]. Noteworthy is the fact that external intrusion or
and to surf the internet smartly in order to reduce hacking is the most prevalent and probable data
the risk of a data breach, which this research is breach method [5], [9], [10], [11], and avoidable
focused on addressing. Converging views in extant through simple or intermediate controls [11].
and current literature prescribe that every Securing network entry points, and surfing the
computer should have installed appropriate Internet smartly are, therefore, important to
firewall and up-to-date antivirus, that network reducing the risk of data breaches, which this
perimeter and network segments within the network research is focused on addressing. Implementation
should be fortified with appropriate firewall(s) and of adequate perimeter security and internet surfing
well configured router(s), and that important prescriptions would raise the bar against successful
T
servers should be hardened and dedicated to hacking and result in fewer data breaches and a
providing only one service. The internet should be
SR
more secure computing environment.
surfed with focus and anonymously where
acceptable, while avoiding falling victim of scams Extensive literature review on the subject matter
and malwares. was performed. The relevant documents obtained
IJC
IJCSRTV1IS050024 www.ijcsrt.org 46
International Journal of Computer Science Research & Technology (IJCSRT)
ISSN: 2321-8827
Vol. 1 Issue 5, October - 2013
Firewalls are devices that control computer traffic matter), and making sure that the POS is a Payment
allowed between an entity’s networks (internal) and Card Industry Data Security Standard compliant
un-trusted networks (beyond the organisation’s application [15].
control), as well as traffic into and out of more
sensitive areas within an entity’s internal trusted Firewall at each internet connection and between
networks [8]. If the incoming network traffic does any demilitarized zone and the internet network,
not fit the rules or policies defined in the firewall, and router with strong access control list, are
the traffic is blocked or rejected and does not enter necessary for a more secure needs (PCI Security
the internal part of the computer or network [12]. Standards Council, 2010). A deeper or more
Network traffic gets from point A to point B based advanced form of packet filtering called “Stateful
on computing device address and port number of Inspection” (dynamic packet filtering) keeps track
specific application requesting the service. Network of the state of the communications above the source
traffic is broken into small pieces called packets. and destination ports and addresses. Rather than
The packet header identifies the source IP address letting traffic in simply because it is on the right
and port as well as the destination IP address and port, it validates that computer on the network
port, which firewalls use to restrict or allow traffic. actually asked to receive the traffic. It also
A basic sort of firewall known as packet filter may evaluates the context of the communications and
be used to deny all traffic from a certain source IP will reject it if it is not in the same context as the
address or to block incoming traffic on certain request. Stateful Inspections use rules or filters or
ports. A firewall can adopt one of two basic policies to check the dynamic state table to verify
policies to control access: whatever is not that the packet is part of a valid connection [16]. A
prohibited is allowed or whatever is not allowed is newer requirement in the multilayer filtering
prohibited [13].The ideal configuration for firewall systems is application filtering, which in addition
is to simply deny all incoming traffic and then filters packets based on the application payload in
create specific rules to allow communication from the network packets, and can prevent malicious
specific IP addresses or ports as the need arises. attacks and enforce user policies. Application layer
Wireless Local Area Network should disallow open filtering includes web browsing and e-mail
T
access and allow only pre-authorized wireless scanning and deep content analyses, including the
Network Interface Cards [6]. ability to detect, inspect, and validate traffic using
SR
personal computer or another device, which might the communications between the two devices, such
be the first port of call into a small office or home as a computer and server or one network and
office network, should generally implement. The another. All messages terminate at the firewall,
two are not mutually exclusive and should be used where they are captured, stored, logged, and
in conjunction with each other for added security examined. Some of these proxy servers will, upon
[12]. When using this type of router, the default successful screening of an incoming message,
password and default IP address used for the forward it to an appropriate application within the
internal network should be changed as soon as private network, but in most secure proxy servers, a
possible as they are easily available to attackers. It message originating outside an organization cannot
should be noted that cable home router firewall go any further than the firewall unless it passes all
does not provide any protection for users who use a the inspection criteria implemented at the firewall
dial-up telephone connection to access the internet. and an independent application, running within the
The most commonly used, and probably the most organization’s network, selects the message from a
effective, security measure for dial-up connections storage area on the proxy server and consciously
is known as “prearranged call-back” or simply brings it inside the protected network [17], [18].
“call-back”. A personal firewall application, which Application proxy has the added benefit of hiding
is installed on each individual computer system, the client machine’s true identity as the external
whether or not a router is providing protection for communications will all appear to originate from
the network, provides security for the computer the application proxy. The downside is that the
even on dial-up connection. Recent operating application proxy uses a lot more memory and
systems come with built-in firewall applications processing power and may slow down network
[14]. Most attacks directed against small performance. With recent boosts in processing
companies’ Point-Of-Sale (POS) systems can be power and with random access memory being less
prevented by changing administrative passwords on expensive, this issue is not as significant any
all POS systems, implementing a firewall or access longer.
control list on remote access/administration
services, avoiding using POS systems to browse the The perimeter security should be fortified through
web (or anything else on the Internet for that host hardening by removal or disabling of
IJCSRTV1IS050024 www.ijcsrt.org 47
International Journal of Computer Science Research & Technology (IJCSRT)
ISSN: 2321-8827
Vol. 1 Issue 5, October - 2013
by just a NIDS [20]. An IPS is a kind of hybrid Summary of what the literature is about, summary
between an IDS and a firewall, which can alter or of evaluation of the literature and bibliographical
create and enforce firewall rules on detecting information are necessary for refreshing the
probable malicious traffic. Active intrusion memory and avoiding plagiarism [22].
response system (AIRS) using behavioural analysis
of inter-network communications, employing
signal processing, expert decision algorithms,
3.2. Avoiding Net Pitfalls
statistical algorithms, and closed feedback
Some of the pitfalls of the Net are exposure to data
techniques, is a more robust option, which should
theft, presence of malicious software, exposure to
be evaluated based on their self adaptive
inappropriate content, cyber bullying, presence of
mechanism, behaviour analysis, closed feedback
cyber predators, and the ease of damaging one’s
mechanism, countermeasures, real-time, and
reputation.
visualization capabilities [21].
Business should be transacted only at trusted
Firewalls, well configured routers, intrusion
websites, which provide secure connection
detection or prevention devices, and host hardening
indicated by the Uniform Resource Locator (URL)
will not protect from every possible computer
beginning with the prefix “https” where personal
attack, but exposure to risk is greatly reduced and
and credit details are requested. Further
security is increased with one or more of these
information may be found about the site’s security
technologies in place. If information is highly
by right-clicking on the web page, selecting
desired or targeted for other reasons, understanding
properties, and then clicking on the certificate
the motives, skills, and methods of our adversaries
button. The URL in the browser must match the
is important to any well-considered and well-
name in the certificate. Responsible and
prepared defence [11].
trustworthy websites hold certificates that are
issued by licensed certification authorities. A list of
the licensed authorities in the United States of
America can be found on the State Department’s
website at www.secstate.wa.gov/ea/ca_lic.htm [23].
IJCSRTV1IS050024 www.ijcsrt.org 48
International Journal of Computer Science Research & Technology (IJCSRT)
ISSN: 2321-8827
Vol. 1 Issue 5, October - 2013
website (www.netalert.gov.au/home.html). The photos of them and browse the photos of others.
main types are filters, labels and safe zones. Filters Many sites are broad-based. Other sites are more
allow or disallow access to sites based on settings,
specific, based on the type of members, interests,
IJC
IJCSRTV1IS050024 www.ijcsrt.org 49
International Journal of Computer Science Research & Technology (IJCSRT)
ISSN: 2321-8827
Vol. 1 Issue 5, October - 2013
may harvest users' personal information and avoided with limited exceptions. Niche online
contacts for use in e-mail spam [32]. dating within reachable locality done with deserved
care and caution is advisable.
3.4.2. Dating sites safety tips. Personal
information, such as email address, telephone or
cell numbers, home or work address, should never
be displayed on profile. An un-identifiable name Most data breaches are preventable through these
should be use in signing up. Person met online to means. However, clear understanding of business
be met offline should be really known - person's needs and processes related to the storage,
full name, address, cell phone or home phone processing, and transmission of data, and
number and even the place of work, and verified understanding of the motives, skills, and methods
before the meeting. It takes a long time to do, and of attackers, and are important to any well-
the desire is for the person to take precedence in considered and well-prepared defence.
many circumstances. Care should be taken to report
stalkers and harassers that are bugging or sending 5. References
messages. It is vitally important to avoid sending [1] Wikipedia. ( 2012). Data Breach. Retrieved
nude photographs. Besides, it should be noted that from http://en.wikipedia.org/wiki/Data_breach
photographs are unreliable as they could be
[2] Attrition. (2011). Entities that suffer large
deceptive [33].
personal data incidents (list). Retrieved from
http://attrition.org/errata/dataloss
4. Summary and Conclusion
[3] PrivacyRights. (2011). A chronology of data
A personal computer with direct access to external breaches reported since the Choicepoint incidence (list).
network requires turning on its operating system Privacy Rights Clearing House. Retrieved from
http://www.privacyrights.org/ar/ChronDataBreaches.htm
T
built-in firewall, and installation of effective anti-
virus software with real-time update. A small [4] National Conference of State Legislatures.
SR
office or home office network requires a rightly (2012). State Security Breach Notification Laws.
Retrieved from
configured cable or DSL router-based firewall and
http://www.ncsl.org/default.aspx?tabid=13489
IJC
Exploring the resources of the Net maximally [8] PCI Security Standards Council. (2010). PCI
requires wisdom in order to avoid its potential Data Security standard. Retrieved from:
pitfalls. A definite purpose for accessing the Net https://www.pcisecuritystandards.org/documents/pci_dss
_v2.pdf
each time and a constant focused attention is
required. The site to visit should be clear or [9] Adebayo, A. O., Omotosho, O. J., and
effective use of particular search engine(s) is (are) Adekunle, Y. A. (2012). Statistical Insight into Breach
Data toward Improved Countermeasures. Journal of
entailed. Everything online should be verified, even
Information and Knowledge Management, Vol. 2, No. 8
when published by supposed trusted sites. The pp 40-51.
computer or other devices through which the Net is
accessed should be protected with firewall, up-to- [10] Culnan, M J, and Williams, C C. (2009). How
Ethics Can Enhance Organizational Privacy: Lessons
date antivirus and filtering software to guard from the ChoicePoint and TJX Data Breaches. MIS
against malicious codes and abuse. Posting Quarterly December 2009, Vol. 33, Issue 4 (pp. 673-687)
personally identifying information online should be
IJCSRTV1IS050024 www.ijcsrt.org 50
International Journal of Computer Science Research & Technology (IJCSRT)
ISSN: 2321-8827
Vol. 1 Issue 5, October - 2013
[11] Verizon Risk Team. (2012). 2011 Data Breach [27] Shostack, A & Stewart, A. (2009). The new
Investigation Report. Retrieved from approach to Information Security. Harlow, Essex:
http://www.verizonbusiness.com/resources/reports/rp_da Pearson Education
ta-breach-investigations-report-2011_en_xg.pdf
[28] Wikipedia – Online Dating. (2012). Online
[12] Bradley, T., & Carvey, H. (2006). Essential dating Service. Retrieved from
Computer Security. Rockland, MA, US: Syngress http://en.wikipedia.org/wiki/Online_dating_service
Publishing
[29] Sullivan, J. C. (2008). "Let’s Say You Want to
[13] Parenty, T. (2003). Digital Defense. Boston: Date a Hog Farmer". New York Times. Retrieved from
Harvard Business School Press http://www.nytimes.com/2008/04/27/fashion/27niche.ht
ml?_r=1&ref=fashion&oref=slogin
[14] Microsoft. (2004). Understanding Windows
Firewall. Microsoft.com. Retrieved from [30] Madden, M., & Lenhart, A. (2006). "Online
www.microsoft.com/windowsxp/using/security/internet/s daters tend to identify with more liberal social attitudes,
p2_wfintro.mspx compared with all Americans or all internet users." Pew
Internet & American Life Project. Retrieved from
[15] Verizon. (2012). Point-of-Sale Security Tips. http://www.pewinternet.org/Reports/2006/Online-
Retrieved from www.verizon.com/enterprise/databreach Dating/05-Who-Is-Dating-Online/04-Online-daters-tend-
to-identify-with-more-liberal-social-attitudes.aspx?r=1
[16] Tyson, J. (2005). How Firewalls Work.
Retrieved from www.howstuffworks.com/firewall.htm [31] Epstein, R. (2007). The Truth about Online
Dating: Scientific American. Retrieved from
[17] Kiernan, P. (2010). Network and Perimeter http://www.scientificamerican.com/article.cfm?id=the-
Security. Retrieved from truth-about-online-da&page=4
download.microsoft.com/.../June_8_ME_Network%20an
d%20security.ppt [32] E-consultancy. (2011). Blogs. Retrieved from
http://econsultancy.com/us/blog
[18] Martin, R J, & Weadock, G E. (1997).
Bulletproofing Client/Server Systems. New York, NY, [33] Free Date Club. (2011). Online Dating Safety.
T
US: McGraw-Hill Retrieved from
http://www.freedateclub.com/?L=cms.Free-Online-
SR
[19] Northcutt, S., Zeltzer, L., Winters, S., Kent, K., Dating-Safety
& Ritchey, R. W. (2005). Inside Network Perimeter
Security, 2nd Ed. Indianapolis: SAMS
IJC
IJCSRTV1IS050024 www.ijcsrt.org 51