Explore Management Aspects Of Protocols and Topologies
Explore Management Aspects of Protocols and Topologies
Cybersecurity is of increased importance in this age of increased cyberthreats. This rings today, as the threat of cybersecurity continues to manifest in complexity and power. There is need to be a matching force to counter the ever increasing threat posed by hackers, malwares, spammers and viruses. Romanovsky, Telang and Acquisti (2011) outline that the cybersecurity threat in America particularly, continues to be more prominent than anywhere else in the world, and in most cases, policies and measures instituted follow the principle that it is not about “if” there will be a cyber security threat, but more about “when” it will manifest. Attitudes of vigilance, as such, come to dominate the mitigative measure instituted and more importantly creation of policies to hinder these attacks has become paramount among organizations across the country. Overall, mitigation is better than adaptation or adjustment after the attack. Mitigation implies making the impact less severe by controlling aspects that are vulnerable (Au and Choo, 2016). This features monitoring, and documenting risks, identifying all potential regions that an attack may manifest and finally instituting correct measures to prevent widespread attacks.
Mitigative measures can be observed in virtually all aspects of our interaction with technology in matters pertaining cybersecurity. For my smartphone, I have applied a variety of mitigative measures to prevent the ability of an unauthorized access by unknown or known third parties. While I have not encrypted my device, I use a very strong 12 digit password which can be substituted by my biometric profile, mostly my fingertips or eyes. I rarely use my eyes to access my smartphone, as such, I have become more accustomed to facial recognition software that came with the device. At home I have a private Wifi that is protected by a password, and in public I rarely use free or public wifi to access my bank or work softwares and applications. Sometimes, I utilize VPN to access work documents, and in most cases, my organization’s application and software is usually encrypted. I usually always update to the latest software, and constantly ensure that all files are secured before I transfer them to my phone or vice versa. With the dawn of Covid 19 virus, our organization allowed both work and personal devices at the workplace, but this came with a variety of control measures summarized under the company BYOD policies to prevent breach of data by unauthorized entities. My laptop applies the same measure my smartphone has, and in this way, I have managed to continually evade forced or unauthorized entry into my device, effectively protecting my data. The network of computers at work use a vastly different approach. Wired and wireless stared layout topology is what has been applied and is continually praised.
In a star topology all computers are connected to a central wired point which is a switch. Data from other nodes, passes through this point before it is remitted to the end node destination. Unlike the ring or bus topologies, the main advantage of this network is that even in the occasion that one computer fails of there is a breakage in wired connection the whole system does not effectively go down while waiting for this connection to be reestablished (Conrad et al, 2016). This is because, they do not depend on each node to retrieve the information but the hub/ switch. But in the event that the hub fails, then the whole system comes down. This is referred to as a “single point of failure” (Conrad et al, 2016). The physical server based infrastructure is usually only used for complex or high sensitivity data that if breached could be catastrophic for the organization. While majority of the organization has undergone virtualization, there is still elements that require physical-based server infrastructure. Here TCP protocol is usually instituted. Transmission Control Protocol (TCP) separates data into smaller packets that is shared over the network. It is mainly a communication based protocol and does not share big data. Unlike in security protocols such as HTTP and SSL, where both the server and the browser communicate (Das and Samdaria, 2014).
Securing the Star Topology Network
What defines a system’s success or failure lies in its ability to successfully institute a capable risk management system based on the interest and systems objectives and functions. The field of information security is a very dynamic field that experiences constant changes, development, and growth. While this is important to companies, it also prevents the problem of increased security risk, as threats are increasingly becoming more sophisticated and mature, constantly pushing network system operators to spend more in training and preventing attacks. Hartwig (2014) outlines that with more development in the field of information systems comes greater risks associated with the management of the system from attacks. Data security as such has become a very important industry that is continually evolving to match the threat. An Intrusion Detection System or IDS is an origination of intrusion detection that historically is signature-based. IDS looks for data payloads and packets and also watches traffic that it has had visibility to. IDS works to define certain payloads and packets as good or bad traffic. IDS has a mechanism to notify an individual through a console or an alerting mechanism, for one to take action on. It takes the action of notifying the system user of any malicious traffic and potentially preventing harm that may have resulted from this malicious activity (Jang-Jaccard and Nepal, 2014). The malicious activity may potentially cause a negative impact on the system environment. An IDS works to provide best-in-class security as it provides a holistic review of the network.
For an IDS to properly work, it needs to be positioned appropriately within the network as well as the network infrastructure. More importantly, the network infrastructure also needs proper configuration in order to deliver network traffic to the IDS. Jang-Jaccard and Nepal (2014) outline that in modern networks and in large network environments there is a need for more than one IDS to manage the traffic that is being brought in. This is in order for the system to have effective coverage and systemwide detection. Good management practices should also be instituted so as to create an adequate system of communication monitoring and addressing problems when detected. Normally, IDS works by scanning all the network traffic. there are a variety of threats that are usually posed to the system that includes (Burton et al, 2003):
● Denial of Service (DoS) attacks
● Vulnerability exploits
● Distributed DoS
The star system features a multilayered defense strategy to effectively address different levels of the network. The DMZ or demilitarized Zone is the most effective tool of all. It is used to divide what is effectively referred to as the internet and what is the internal company network (Pakstas, 2003). These two sections are separated by an outer firewall which is usually on the internet facing side, and and inner firewall which is on the internal network. While devices can access both the internet and the internal network, there is no communication established between the two realms.
The intranet and the extranet are additionally available. There is a safely secured environment from which networking can occur within the internal system. The internal corporate website is accessible through the intranet, and there is a variety of hardware and software instituted to ensure this. Research indicates that the intranet servers have internal, private IP addresses and are usually placed within the internal firewall never accessible to the world unless there is breach. External access can only be achieved through a VPN (Pakstas, 2003). The extranet on the other hand is made up of a significant size of the intranet, this is made accessible only to the firm’s external partners. It is encrypted and can only be accessed through authorization, and by use of the VPN. Authorization is usually hindered by firewalls, and security policies, as well as the IDS (Pakstas, 2003).
Advantages of Star Topology
The main advantages of a star topology includes the fact that it is robust for communication and productivity. Its framework, which is star shaped allows information to pass from one end to the other, and if a link between a single node and a switch fails, all other nodes are not affected (Diaz-Reyes, Ramirez-Paramo and Tenorio, 2021). It is also easier to install, as it does not require an elaborate and disruptive installation mechanism, where all nodes need to be stopped first. It is also the least expensive because each device only needs one I/O port and need to be connected to a hub with only one link (Diaz-Reyes, Ramirez-Paramo and Tenorio, 2021). This allows easier cybersecurity monitoring using IDS/ IPS systems. Less amount of cables are required, unlike a mesh, all devices only need one cable to be connected between them and the hub. As such, there is easy fault detection in the event that anything fails.
Disadvantages of Star Topology
As previously mention, the main problem with the star network lies in the hub. The single point of failure problem, as outlined indicates that in the event the hub goes down, none of the connected devices can work (Diaz-Reyes, Ramirez-Paramo and Tenorio, 2021). The hub is the main point of connection for all the devices and here in lies majority of the efforts to maintain its functionality. This dependency on the hub manifests in the hub requiring more resources, and a state of regular maintenance as it is the central system of the topology.
Au, M., & Choo, K. (2016). Mobile security and privacy (1st ed.).
Burton, J., Dubrawsky, I., Osipov, V., Baumrucker, C., & Sweeney, M. (2003). Cisco Security Professional’s Guide to Secure Intrusion Detection Systems. https://doi.org/10.1016/b978-1-932266-69-6.x5017-4
Conrad, E., Misenar, S., & Feldman, J. (2015). CISSP Study Guide (3rd ed.).
Das, M., & Samdaria, N. (2014). On the security of SSL/TLS-enabled applications. Applied Computing And Informatics, 10(1-2), 68-81. https://doi.org/10.1016/j.aci.2014.02.001
Díaz-Reyes, J., Ramírez-Páramo, A., & Tenorio, J. (2021). Rothberger and Rothberger-type star selection principles on hyperspaces. Topology And Its Applications, 287, 107448. https://doi.org/10.1016/j.topol.2020.107448
Hartwig, R. P. (2014). Cyber risks: The growing threat. Insurance Information Institute. Retrieved from https://www.iii.org/sites/default/files/docs/pdf/paper_cyberrisk_2014.pdf
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal Of Computer And System Sciences, 80(5), 973-993. https://doi.org/10.1016/j.jcss.2014.02.005
Pakstas, A. (2003). Intranets and Extranets. Wiley Encyclopedia Of Telecommunications. https://doi.org/10.1002/0471219282.eot182
Romanosky, S., Telang, R., & Acquisti, A. (2011). Do Data Breach Disclosure Laws Reduce Identity Theft? Journal of Policy Analysis and Management, 30(2), 256-286. Retrieved February 8, 2022, from http://www.jstor.org.idm.oclc.org/stable/23018983