Four companies A., B, C and D, which have similar activities but are not part of a group, have the following computer configurations,
Company A: Three stand-alone micro-computers (CPU, VDU, Keyboard, hard disk and mouse) each having its own printer.
Company B Small office with 11 micro-computers linked in a Local Area Network (LAN). Each micro-computer has its own processing ability, but is linked via the LAN to central printers, disk storage, file server and tape streamer devices. The LAN is completely~ self-contained”, This means that there are
no modems or other similar external devices attached to it.
Company C Four processing locations connected a Wide Area Network (WAN). Each location has a LAN in the same configuration as company B, although there is also a dedicated landline to two of the three. offices (offices are connected in a ring to two of the other offices). Each server is updated with. data from the other three locations at 15 minutes interval.
Company D Twenty processing locations, each with its own LAN in the same configuration as company B. All locations are connected in a star configuration to head office. File servers at each location are updated from head office after every five minutes, Each location has a reserved external., telephone line for selected customers to use. Orders customers are
transmitted direct on to the company D‘s Computer system
(a) State, with reasons, for each company, what security procedures should be applied to
ensure there is no unauthorised access to its computer system.
(b) Company B is planning to establish additional branches and wants to upgrade its systems to duplicate those of company D.
State and explain the data communication systems you would recommend
a) Terminologies in the question:
LAN (Local Area Network)
This refers to a computer network in which computers and peripheral devices are in close proximity. Specifically a LAN is a collection of computers within a single office or building that connect to a common electronic connection commonly known as a network backbone.
Wide Area Network (WAN)
This refers to a computer network that is countrywide or world wide. It normally connects networks over a large physical area such as different buildings, towns or even countries.
Ring network configuration
In this configuration, each device is connected to the other devices in the network to form a ring.
Star network configuration
This consists of a number of small computers or peripheral devices linked to a central unit called a main hub.
(i) Company A
Since the computers are stand-alone, there is no need for network security mechanisms. Physical measures that could be used to ensure security include:
o Use of bolting door locks at computer room entrances. These locks require the traditional metal key to gain entry.
o Use of combination door locks (cipher locks). These use a numeric keypad or dial to gain entry.
o Electronic door locks. This system uses a magnetic or embedded chip-based plastic card key or token entered into a sensor reader to gain access.
o Manual logging of visitors to the company to discourage intruders.
o Electronic logging of visitors to the company to discourage intruders.
o Identification badges (photo Ids).
o Video cameras.
o Security guards.
o Not advertising the location of computer facilities to make it hard for intruders who have already gained entry into a company‘s premises to locate the computer facilities.
Logical security measures that could be used to prevent unauthorized access:
o Username and password identification at each terminal to control access to microcomputer resources.
o Data stored on the stand-alone microcomputers should be encrypted so that an intruder who has already gained access to the data to be able to read data.
o Token devices, one-time passwords. This is a two-factor authentication that generates one-time passwords that are good for only one logon session.
o Biometric security access control- based on a physical feature of the user such as finger print or eye retina scan.
o Data classification- assigning classes or levels of sensitivity to computer files, management can establish guidelines for the level of access control that should be assigned. Confidential data should be given the highest priority when being protected from unauthorized access.
(ii) Company B
The physical security procedures described for company A could be applied to company B to ensure that no one has a physical chance of tapping into the corporate LAN. The logical security procedures described for company A would still apply to company B. In addition other logical measures would be required for the corporate LAN. These include:
o Use of terminal identification files communication software to check the authentication of a terminal when it tries to send or receive messages.
o Data encryption- to protect messages from disclosure during transmission.
o Network monitoring devices may be used to inspect activity from known or unknown users.
(iii) Company C
Again, the physical security measures described for company A could be used for company C to secure the computer facilities from physical unauthorized access. The logical security measures for company A would still hold for company C. Additional logical security procedures required would be similar to that of company B since company B‘s configuration
(a LAN) is similar to Cs configuration (a WAN composed of many LANs similar to Bs). Specific emphasis should be on securing data in transit as the servers are updated. An appropriate data encryption algorithm (scheme) would suffice.
(iv) Company D
The physical security measures should be similar to those of company A. The measures should be enforced in each of the twenty processing locations. The logical security measures should be similar to those of companies A, B, and C with the exception that the security system would be centralized about the head office system to make it more full proof. This is because in a star configuration, requests for data access must first be channeled to a central node in the network according to the polling media access control mechanism. The intrusion detection at the central node (head office computer server) would thus be able to monitor all system user requests.
Security procedures that should be applied:
b) Data communication systems I would recommend:
These would enable digital data to be transmitted over the telephone links present in company D‘s network configuration converting it to an analog form and then reconverting it at the receiving end.
2. Telecommunication links- to provide inter connectivity between the processing locations and the head office.
3. A much more powerful network operating software (e.g. Linux, Unix, Windows NT) to be able to cope with the large number of users. The network operating software should also be able to support frequent updates of file servers at each location.
They are required to combine all links from the PCs in a processing location into a telecommunication link. Multiplexors are thus needed to share telecommunication links amongst the many users.