System Insecurity - Firewalls

The firewall is normally an intermediate system between the secure internal networks and the less secure external networks. It is intended to keep corporate systems safe from intruders, hackers, and accidental entry into the corporate system. The primary types of firewalls are screening routers, proxy servers, and stateful inspectors. Before choosing a firewall architecture, a company must have the right mind set regarding threat. The purpose of this paper is to provide an introduction to firewall concepts and help develop this mind set

De-perimeterisation as a cycle: tearing down and rebuilding security perimeters

If an organisation wants to secure its IT assets, where should the security mechanisms be placed? The traditional view is the hard-shell model, where an organisation secures all its assets using a fixed security border: What is inside the security perimeter is more or less trusted, what is outside is not. Due to changes in technologies, business processes and their legal environments this approach is not adequate anymore.\ud This paper examines this process, which was coined de-perimeterisation by the Jericho Forum.\ud In this paper we analyse and define the concepts of perimeter and de-perimeterisation, and show that there is a long term trend in which de-perimeterisation is iteratively accelerated and decelerated. In times of accelerated de-perimeterisation, technical and organisational changes take place by which connectivity between organisations and their environment scales up significantly. In times of deceleration, technical and organisational security measures are taken to decrease the security risks that come with de-perimeterisation, a movement that we call re-perimeterisation. We identify the technical and organisational mechanisms that facilitate de-perimeterisation and re-perimeterisation, and discuss the forces that cause organisations to alternate between these two movements

The relevance of firewall technology in combating internet insecurity

The prevalence of internet insecurity and fraud all over the world is seriously contending with the gains of internet and information technology. They had being serious attempts and researches to combat this hydra-headed problem of internet insecurity and one of which is the discovery of firewall. A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between a trusted and secure internal network and another outside network. This paper extensively analyzed the firewall security technology and made a discovery that this technology is still very much relevant in combating system network insecurity.Keyword: Firewall, insecurity, internet, networ

Assessing database and network threats in traditional and cloud computing

Cloud Computing is currently one of the most widely-spoken terms in IT. While it offers a range of technological and financial benefits, its wide acceptance by organizations is not yet wide spread. Security concerns are a main reason for this and this paper studies the data and network threats posed in both traditional and cloud paradigms in an effort to assert in which areas cloud computing addresses security issues and where it does introduce new ones. This evaluation is based on Microsoft’s STRIDE threat model and discusses the stakeholders, the impact and recommendations for tackling each threat

Information Security Audit in e-business applications

Electronic business (e-business) are different than other business because it involves any commercial or business activity that takes place by means of electronic facilities (buy and selling online), including on the Internet, proprietary networks and home banking, instead of through direct physical exchange or contact. This system creates an environment that operates at a much greater speed than traditional methods and involves much less paper–based evidence of activities. These e-business related risks should not be considered in isolation but rather as part of the overall internal control framework of an entity. It is essential to identify and assess the risks associated with an e-business environment and management should develop an e-business strategy that identifies and addresses risks. The e-business Information Systems (IS) audit is a critical component of the e-business plan. This paper tries to present a risk analysis for e-business applications in order to establish the IS audit particularities in this field.e-business, risk analysis, IS audit, confidentiality, reliability, integrity, availability