[Abstract]
The purpose of this document is to analyze the collaboration system that is to be migrated into the Kucera Clothier’s company and identify security concerns with the system, as well as, identify methods to minimize the risk of an incident of unauthorized access to company information. This document is intended for anybody looking to gain a basic knowledge or understanding of security concerns with an introduction of a new technology into an organization.
[Content]
Kucera Clothiers is considering incorporating a collaboration system into their organization, however they want to ensure the collaboration system will resolve communication issues the organization is having without introducing new problems or concerns into the organization. When analyzing the security of a network system it is helpful to use the Open Source Interconnect (OSI) model by starting from the lowest layer of the model and working through each layer to the top while considering security techniques at each layer. The seven layers of the OSI model from the bottom to the top layer are the physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer (Teare, 1999). Using the OSI model aids as a guide to ensure a network or networked systems are secure at different levels of computer networking.
The physical layer is the most basic layer of ensuring networked devices are secured. By ensuring physical security of networked devices can ensure that unauthorized personnel do not have unauthorized access to network resources, computers, and even data that reside on the network. One way to ensure physical security of a collaboration system is by keeping the active equipment locked in a server room where only authorized personnel have access. If the ability exists it adds an additional layer of physical security by locking the equipment in an equipment rack. A method for protecting the network connectivity within the corporate headquarters and also within the satellite offices is by locking doors and offices during non business hours and by using security systems such as cameras, alarmed doors, and security personnel. Physical security enables owners of equipment and network resources to maintain control and management of their systems and equipment.
The data link layer is a layer that pertains to network devices, such as network switches, and although this layer doesn’t allow for a lot of security it does provide one additional layer of security. A technique for providing security at the data link layer for the collaboration system as well as other network resources is by using managed switches to the network. As part of the policy of the organization it should be mandated that all unused ports on a switch be disabled. This prevents unauthorized personnel to connect unauthorized devices to existing network resources in attempt to gain access to these resource and data. Another technique to providing security at the data link layer is to enable port security on a managed switch. Port security allows for a device to be connected, however if for some reason, that device is disconnected and different device is plugged in then the port will automatically disable and prevent use of this network resource (Davis, 2006). The data link layer of the OSI model does not provide many means of security, but applying security techniques that are available provide an additional level of security.
The network layer of the OSI model is where most routing takes place and there are different devices and techniques that can be used to ensure only authorized access to networks and network resources is obtained. Kucera Clothier’s will need to use network routers to ensure there are communications between the corporate headquarters in Chicago and the different satellite offices around the world. A security technique that can be applied on a router is to create access control lists (ACL) that prevent unauthorized access to a network from untrusted hosts or networks. In addition to using ACLs on routers, network firewalls can be installed and configured to inspect every packet that is either entering or exiting a network and then determine if the source of that packet is authorized to send the packet to the destination. In addition to inspecting every packet entering or leaving a network a network firewall can close all unused network service ports in order to prevent unauthorized access through an unused port. Router access control lists and network firewalls prevent unauthorized access to network resources by blocking unused ports, maintaining a list of trusted hosts or networks, and by inspecting packets to ensure it is authorized. Another method of ensuring security at the network layer is to use Internet Protocol Security, otherwise known as IPSec. IPSec provides packet encryption by encrypting the data that is contained within a packet, but leaving the source and destination information unencrypted so that the packet can be routed, but the data is secured. Because IPSec functions at the network layer of the OSI model the upper layers and data is protected. For remote satellite offices, IPSec can ensure that data transmitted from a satellite office to Kucera corporate headquarters is being transmitted securely. Network layer security can protect networks by checking access control lists, blocking ports, inspecting packets and even by providing encryption.
Security at the transport layer of the OSI model can be found in many different types of web traffic. One method of security the transport layer of the OSI model is by using transport layer security, otherwise known as TLS. TLS is a cryptographic protocol that provides data integrity and security. Another method that superseded TLS is secure sockets layer. Both TLS and SSL function by providing an end-to-end encryption between different network segment connections. Either TLS or SSL can be used in conjunction with the online collaboration system no matter if a user is using a voice over IP service, web service, e-mail service, or even an instant messaging service. The use of TLS and SSL provides transport layer security by ensuring point-to-point encryption is provided.
The presentation layer of the OSI model is less often used by most users, however there are certain ways to ensure security. The presentation layer provides the ability to connect different operating systems and different types of systems together while hiding the differences between these different systems. Arguably the presentation layer also provides the means to provide compression so that data passing along an encrypted path can be transmitted in less amount of time. Some, but not all of SSL encryption takes place at the presentation layer. The presentation layer is most likely the least used layer of the OSI model because not all of the network communications that take place at the presentation layer are needed. In many cases the options for presentation layer communications are optional as opposed to being required or better security techniques are provided at the transport layer or the application layer of the OSI model.
The application layer of the OSI model encompasses many different protocols that can be used during application development to ensure security at the application layer. When using an application there are ways to ensure data is being protected. Developers and system administrators can choose to use methods of secure communication within their applications such as secure FTP (SFTP), secure shell (SSH), lightweight directory access protocol (LDAP), time stamp protocol, simple mail transfer protocol, and the list can go on and on. Administrators can ensure a system, such as a collaboration system, maintains high levels of security by making small configurations to systems such as configuring a database server to only accept encrypted connections between trusted devices. Another method is to employ the use of a LDAP server to query a directory server to ensure a user is authorized and authenticated on a network. When transferring files a system administration can make a configuration to a system to only allow SFTP connections. This guarantees all data in transit is encrypted. Application layer security can be taken into consideration during the development of an application, application configurations can be made to maintain high levels of security, or even specific applications can be used to provide different security practices.
In conclusion, Kucera Clothier’s are considering using a collaboration system to resolve communication issues without inducing new problems into the organization, while protecting their data and by using the OSI model as a guideline Kucera Clothier’s can ensure all data and communications are being protected. Kucera can provide a layered approach to security by employing security techniques at each layer of the OSI model. Providing security techniques at each layer of the OSI model help to compliment each other so that data, network resources, and systems are safe and sound within their organization. If the layered approach is used Kucera can maintain peace of mind that all data, either in transit or residential on their networks, is safe and sound and waiting for the organization to use it at will.
References
1. Teare, D. (1999). Internetworking Basics. Internetworking Technology Handbook, Retrieved May 30th, 2009, from http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Intro-to-Internet.pdf
2. Davis, D. (2006, October 5th). Lock down Cisco switch port security. Retrieved May 31, 2009, from Tech Republic Web site: http://articles.techrepublic.com.com/5100-10878_11-6123047.html