BEING VIGILANT

Preclusion of data theft like credit card information, bank account numbers, passwords, work related documents or sheets, etc. is crucial in current days interaction since many of our daily activities is contingent upon the security of the data paths. Computer security deals with computer associated assets that are subject to distinctive kind of threats and for which countless actions are taken to safeguard those assets. Computer security is the protection given to an automated information system in order to accomplish the appropriate purposes of upholding the integrity, availability, and confidentiality of information system resources. The resources comprise software, hardware, firmware, information/ data, and telecommunications.

Very frequently, computer and network security is not considered about until an issue appears. By this point, a fissure in security can trigger enormous and possibly harmful problems to business and/or their clients. By situating up a security plan and an alternative action plan, one can know that the information they possess in their computers and networks is safe and secure.

Sony Pictures Entertainment recently underwent a data breach when hackers posted intimidating posts on the company’s computers. The post started with a skull appearing on screens, and then an oddly threatening message conveying users that they had been hacked by something called Guardians of Peace (GOP). The post got strange as it claimed it to be just the beginning and then threats were also made to release documents by 11 PM the very same day (November 24, 2014). The company had to entirely shut down all email communications and employees were not permitted to use company computers during the time the company worked through where and what the threat was and if it was real. The threat did not give any particulars or any message on any kind of ransom for the data that had allegedly been hacked.

Sony picture’s single server was compromised and the attack was spread from there. Right after the revelation of the attack, the GOP team announced two lists, incorporating names of several documents, private key files, password files, financial data, PII, source code files (CPP), network maps and outlines, inventory lists for hardware and other assets, production outlines and schedules.  The GOP hacking team released preview copies of numerous Sony movies, including Fury, Annie, and Still Alice. The cyber attack instigated much more than the online circulation of pirated movies. A batch of sensitive employee records was also flowing on the Internet. Also the servers used by the members of the GOP to leak online employee information also belong to Sony Corporation. The hackers also stole more than 25 gigabytes of sensitive data on thousands of Sony employees, containing medical, salary information and Social Security numbers. The last set of files released comprises contracts between numerous TV stations and Sony Pictures Television. The documentation includes a detailed organizational chart of the Sony Pictures, which comprises a gigantic number of information like cell phone numbers of the employees and an internal phone list.

With the additional recent threat and data breach in multiple known organizations such as Target, Home Depot, Blue Cross Blue Shield – Anthem, the need for information security management has never been higher. Companies are trying to secure their network and data as never before. Companies have started to apply several security protocols and measures to avoid being the next target. Disallowing plain FTP of the file, building secure firewalls, mandating SFTP and VPN, continuously changing user credentials for databases and user accounts have become trending security practices.

A network administrator should be mindful of the kinds of security risks possible. They should also be mindful of some of the solutions available to alleviate those risks. Some of the attacks against a network cannot be prohibited and only effective supervision of the network and appropriate responses will decrease the risk related with the wireless portion of a network. Regardless of additional precautions, it is always possible that systems will be breached. This is the reason why it is imperative to have an emergency action strategy, a strategy that is developed to shut down and protect systems in case of a breach or an attack. One needs to make sure that all relevant personnel are mindful of the plan in case it needs to be executed. This strategy will support any damage or unintentional sharing of private information, permitting one to keep control of the situation.

References

Infosec Institute. (2015, n.d n.d). Cyber Attack on Sony Pictures is Much More than a Data Breach . Retrieved February 24, 2015, from Infosec Institute: http://resources.infosecinstitute.com/cyber-attack-sony-pictures-much-data-breach/

Privacy Rights Clearinghouse. (2014, November 24). Sony Pictures. Retrieved February 23, 2015, from Privacy Rights Clearinghouse Empowering Consumers. Protecting Privacy: https://www.privacyrights.org/data-breach-asc?title=sony

VPN AND IT’S USE BY BUSINESS ORGANIZATION

How many of you know what a VPN is? There is so much information about VPN that writing about it in a single blog post does not do justice to it. In this post, I am just going to go over basic VPN information; mainly the definition and it’s use in business.

   While businesses continue to push for development and get control over the costs, they are challenged to answer to a volatile financial environment, rising levels of guidelines and compliances, technical advancements and difficulty in handling high volume of data that businesses need to count on. With all the changes the companies are facing, they need to search for flexible and   expandable ways to handle Information and Communication Technology   infrastructures, without compromising on security and dependability.               

   "A VPN is a communications environment in which access is controlled to permit peer connections only within a defined community of interest, and is constructed though some form of partitioning of a common underlying communications medium, where this underlying communications medium provide services to the network on a non-exclusive basis”. Although this definition maybe the best definition for VPN, but honestly anyone who does not have knowledge on VPN will be confused with the definition.
   
   A VPN is a network that uses a public telecommunication infrastructure, like the Internet in order to deliver remote offices or individual users with protected access to their organization's network. A VPN safeguards privacy from security measures and tunneling protocols like L2TP (Layer Two Tunneling Protocol). The data is encrypted at the sending end and decrypted at the receiving end, and it sends the data through a tunnel that cannot be inserted by data that is not accurately encrypted. An extra level of safety includes encrypting not only the data, but also the originating and receiving network addresses. A VPN can be compared with a costly system of owned or rented lines that can simply be used by single organization. The objective of a VPN is to deliver the organization with the same proficiencies, but at a considerably lesser cost. There are three major types of VPN, Remote Access VPN, Intranet based site-to-site VPN and Extranet based site-to-site VPN. The Remote Access VPN is also termed as Virtual Private dial-up network (VPDN) and it is mostly used in settings where remote access to a network turn out to be vital. There are three types of VPN technologies; secure VPN technology, trusted VPN technology and hybrid VPN technology.

   Anybody could implement a VPN but the necessity for it is where the variance comes in. Many businesses have mobile employees, remote users, or company partners that may need to connect to the company network or access resources, information, or just complete some kind of interaction. In order to do complete this process safely, so the information is not viewed by outside sources, a VPN would be perfect. This latest technology unlocks the necessity for both small and large-scale businesses in respects to network security. Some of the businesses that may be using VPN include healthcare, retail, manufacturing, general businesses and banking/finance. In case of healthcare industry, in order for them to be able to confidentially transfer confidential patient information within the medical facilities and the health care providers, VPN is picture-perfect. In case of retail, the availability to securely transfer sales data or customer information between stores and the headquarters VPN is perfect. For manufacturing, VPN is good for being able to track inventory of goods and permitting the dealers to take a look at that and letting clients to buy online. For general businesses VPN could be used as means of securely exchanging communication between distant employees. For banking/financial industry VPN can allow account information to be transmitted securely within different branches and departments.

   The future should anticipate networks to join to design an integrated VPN to match the numerous different businesses that will shortly enter the market. Since greater numbers of VPN users are presently big businesses, smaller businesses should start to join the movement due to the growing variety of VPNs to pick from. Furthermore, designing enhanced protocols will also progress VPNs.

References

California State University Edu. (2002, November 22). VPN Report. Retrieved March 02, 2016, from California State University Education Northridge: www.csun.edu/.../VPN%20report

Huston, P. F. (n.d, n.d n.d). VPN. Retrieved March 02, 2016, from Emory University Education: http://www.emory.edu/BUSINESS/et/P98/vpn/

K, T. (2011, August n.d). Photo Credit: Virtual Private Networks (VPNs) – a key Business Enabler. Retrieved March 02, 2016, from TOM K Consulting: http://tomkconsulting.com/news019-about-VPNs.htm

Offley, R. (2012, February 27). Using Third-party Data Centers. (E. S.-e. Solution, Interviewer) Enterprise System Journal.

Rouse, M. (2015, n.d n.d). Virtual Private Network (VPN). Retrieved March 02, 2016, from Tech Target: http://searchenterprisewan.techtarget.com/definition/virtual-private-network