Web security is another major topic under information security. All our web applications today are being developed in any one of the design languages like DHTML and XHTML. They have their own scripting languages running along those pages. Today PHP has evolved as one of the major web scripting language mainly because it open source and that it is supported by the most famous wamp server. W stands for Windows, A for apache web server, M stands for MySQL a free database and p stands for PHP. Many of the applications today are being developed like this and they are deployed in any of the standards web servers or rather hosted with the help of third party. The security of the information now is a great question mark. If the web hosting facility is not secure enough or rather if the web application has not been designed with enough security considerations, then there is every chance of the information getting infected. A recent report says that one site of every 10 is infected. That is why many of the antivirus software have developed their own module for web security. In AVG you may notice a mark near each links to indicate of it is affected or not.
Certifications on Network Security
Having said about the aspects of the information security it is time to see how we actually work on security in real world. The network components vendors like CISCO have its own series of certifications. It starts with CCNA (Cisco Certified Network Associate). Here you get to learn about the basics of networking, IP addressing, subnetting etc. This will give you a foundation after which you will be all set to explore further. Finally after a series of certifications you will arrive at a certification program called CCIP. It stands for Cisco Certified Internetwork Professional. Earning such a certification will give you the greatest advantage in your career. You may end up as a Security Manager or sometimes even a Chief Information Officer (CIO) with sufficient experience. This exam however will require only a valid CCNA. So it doesn’t matter if you have completed all other certifications in between the series. All these exams costs a considerable amount, but it is really worth it. With the basics of CCNA here you get to learn about routing, implementing QoS in a network facility, BGP and MPLS. Lot of training institutes are available in the city for detailed training on such exams.
Intrusion Detection System
An intrusion is when an attacker gains control over the system by exploiting its vulnerabilities. This may occur when backdoors or trapdoors are taken control and the system acts differently. To counter attack an intrusion various intrusion detection systems are available. Two most popular types are host based intrusion detection system and network based intrusion detection system. Host based intrusion detection system are similar to an antivirus software. They have a large database of various signatures of known infections. The IDS compares this with the host files for detecting infections. They may reside in one machine and can service for all other machines that are in the network.
The other type of intrusion detection system is network based intrusion detection system. Here it resides on the perimeter of the network and scans all the incoming packets. It verifies the packet header and packet information for malformed packets. This type of IDS scans the monitoring port of a switch called switched port analysis. There is a technology called Honeypot which is gaining more and more popularity. It creates a virtual network which cheats the intruder as if it was the original network itself. It helps to learn the intent of the intruder which can later be observed as an access control policy in firewalls.
Employment policies
To get employed in a security organization there are various criteria that one must satisfy. An organization may put you through a series of processing steps. It is different from other jobs such that they are of crucial importance to the organization’s liability and huge trust has to be invested over them. At first an organization may run various background checks over the individual. They check with the law enforcement agencies if you have got any records. Also there are rules preventing your rights to deny any company to view your personal records without your consent. Then they may check your certifications like CCIP and other certification programs on security. They can also ask you to comply with an agreement or a bond. It can also be thought of as a contract. When one gets employed then he has to abide by the laws of security in the nation and also to the policies in the organization. Violating this may lead to serious problems. The organization has the rights to file a case against you with proper evidence. Various training programs and seminars shall be arranged during the first few months. Occasionally they may put you in probation to keep track of your performance.
Careers in Information Security
Today many are so obsessed with the software jobs. At this juncture it is a bit wise to think of new and challenging jobs like a place in Information Security Domain. The field is a new one where there are plenty of job opportunities for the young and talented. Further it is considered to be the most interesting job today because the nature of the job is almost a logical or an information war. But it does require more expertise in the security technologies available today. CCIP is one of the famous certification programs available from CISO that may fetch you a job as security technician or with sufficient experience a security manager. It is also necessary to explain the organization’s security structure. At the top level there may be a chief information security officer (CISO). Then we have the security manager, security administrators and security technician. All of them have their own responsibilities and duties. The CISO works with the upper management to establish the security policies. He then discusses this with his subordinates. He may conduct reviews and periodic meetings and keeps track of the progress and functioning of the security equipments in the organization. So start thinking of a different career like a security processional.
Continuing Strategies
Now that we have seen the threats to the security of an organization and various security models let us take the case of a successful attack. We have to decide on various continuing strategies. This refers to the way by which we can set up plans for recovering and restoring business after a hit. We say a company is hit when its security system is being breached. To counter attack such a situation an organization has to plan for its worst case scenario. For this reason they develop various plans like Incident Response Plan, Disaster Recovery Plan and Business Continuity Plan. There is a clear difference between an incident and disaster. The differentiation factor is the magnitude of the security breach or the amount and intensity of a hit. Initially one must perform a business impact analysis to identify what is the impact of the threats that are likely to occur. It may result in findings of what are those services that can be offered without any interruption and what other services will be brought down by the hit. There are various terminologies associated with such plans called hot sites, cold sites and warm sites. It refers to the place where the continuity of business has to be set up.
Security Architecture Design
Based on the above explained models there are many different security architectures possible. Here we intend to provide a brief note on two different types of security architectures. The first is the concept of defence in depth. This means to implement security measures layer by layer. An organization has various layers in its computing space both logically and physically. At one level say at the physical level they may implement redundancy to provide the fault tolerant feature to the system. Logically an organization may set up a packet filtering firewall, host based intrusion detection system, network based intrusion detection system, proxies etc. These controls form a measure in various layers of an organization.
The other type of architecture is the Security Perimeter architecture. It involves the perspectives of classifying the organization into various security perimeters. It is seen as various boundaries in an organization and each boundary must be associated with a security control. For example the outer perimeter is being protected by a packet filtering firewall. The intermediate perimeter has demilitarized zone. The proxy servers are placed here. Web servers are also placed here to prevent any direct access to the organization’s systems. In the inner perimeter host based and network based intrusion detection system are placed which scans for anomalies in the network and host anomalies.
