Sie sind auf Seite 1von 4


Security management is the process of administering and managing the security of the
network as well as the information and data’s in it. It deals with how system integrity is
maintained amid the man-made threats and risks, intentional or unintentional. It ranges
from identification of risks to determination of security measures and controls.

Securing the network is also a protection to information, which is one of the many assets
a corporation or private business. The protection of information and information systems
from unauthorized access, use, disclosure, disruption, modification, inspection, recording or
destruction of information in order to provide confidentiality, integrity and availability. In this
writing some aspects will be discuss which a person should take into account in managing
the security of the network. Improving security management in a network, someone can say
the harder the problem can be the better security a network can have. From passive to
active attacks to the network and so on. In keeping a better security for the network is giving
importance to the key elements for information security.

Making a network secure the person should know the problem that occurred, analyse
the problem and make solutions that must be implemented. Not only the network is
protected also the sensitive information and network resources of a certain corporation or
business is secured.

A network that needs a better security should have objectives concerning security.

Efficient policy implementation is achieved through a multi-step risk management

process that identifies assets, threats resources, vulnerabilities, potential impacts, and
possible controls. Standardized the laws and regulations affect how data is accessed,
processed, stored and transferred. In following the laws and rules we can achieved the
three main objective:

Confidentiality- information and data is not made available or disclosed to

unauthorized individuals, entities or processes.

Integrity- keeping the information or data complete, intact and accurate and is not
modified in an unauthorized manner.

Availablity- the information must be available when needed.

An IP address that is used to gather sensitive information or sensitive data.

This kind of threat to a network is called IP address spoofing. IP address spoofing

is the creation of IP packets with a false source IP address, for the purpose of hiding the identity
of the sender or impersonating another computing system. It also has a disguised intention of
harming the actual owner of the IP address.

Sometimes IP spoofing is used to hijack a browser, a visitor who types in the URL
of a legitimate site is taken to a fraudent Web page created by hijacker. If the user interacts
with the dynamic content on a spoofed page, the hijacker can gain access to sensitive
information or computer or network resources. HE could steal or alter sensitive data such as a
credit card number or password, or install malware. The hijacker uses proxy server to send false
IP address to the owner of the IP address

Success of security management is on the implementation of steps to make a
better and more secured a network secured. Here are some steps to attain it:

Step 1- Determine and evaluate the network asset

In this step you identify the asset or important things in the network. Like these

Physical- computer hardware and software that process sensitive information.

Information- This include the sensitive data like credit card passwords, account username
and network resources.

People- The ones who can access the network.

After determining the assets you can determine the security level the network

Step 2- Analyze the risk

An effective security management system is the careful of how much security is

needed. Identify what kind of problem has occurred. Where it came from and what are the
effects it can do to the network. You should also know how did it occur. Analyzing the risk
can help you know how much security is needed, but remember that too much security can
be hard to use . And too little can make the system compromise intentionally or
Analyzing the risk also accepting it because sometimes some risk are acceptable.
Here are some reasons some risk are acceptable:

 The threat is minimal.

 The possibility of compromise is unlikely.
 The threat will soon go away.
 The security violations can be easily detected and immediately corrected.

After identifying the risk you can now know the effect it can do to the network.

Step 3- Implementation of the security solutions.

In this phase you should know the solution to the problem that occurred. You have
analysed that the problem occurred is IP address spoofing.

Here are the solution to IP address spoofing:

 Filter the packets entering the network is one way to avoid spoofing. And also filtering of
the incoming and outgoing traffic should be implemented.
 ACLs helps prevent spoofing by not allowing falsified IP addresses to enter.
 Accreditation to encryption should be provided in order to allow only trusted hosts to
communicate with.
 SSL certificates should be used to reduce the risk of spoofing at a greater extent.

Step 4- Re-evaluate network assets and the risks.

In this step you are going to check if the solution you implement has worked. It is
important to re-evaluate to check if the solutions provided had response to the problem. We
may not know that we really need to change new components to avoid such risks again.

Step 5- Maintain and check always the security

In keeping the network secured, you should always maintain and check if there are
risks that occur. With these you can avoid greater problems to the network.

Presented by: Presented to:

Regina Shane S. Latayan Ms. Luzviminda Mariano
BSIT-II Instructor