Guide To Business Security


The amount of insecurity that is faced by a business is very wide in the modern world. Confidentiality, integrity and availability of information are put to risk owing to the large number of ongoing attacks. Confidentiality means the information that should not be circulated is intercepted and made available to others in the market. Integrity means tampering with the information while availability means that information that is believed to be accessed at a point of time is attacked such that it cannot be made available to put to use. In the report to follow, we shall discuss the various security issues that a business faces in the present world and we shall categorize them into two main categories viz. the technical issues and the organizational weaknesses.

The technical issues of insecurity in business are well known since a long time in this computer age and internet age. Technical issues are the ones that are vulnerable that can be monitored and avoided using technical controls. Perhaps an installation of a new firewall system or an update towards your current version of anti-virus signatures could be useful. Let us consider the following points under technical issues:

Unencrypted communications

The communications systems in today?s world should be capable of making communications at a sigh speed. At the same time they should possess the quality of being reliable and trustworthy. Postal mails and telephonic calls were the means of communications in the early days. But these days, emails form the effective, quick and widely used forms of communications. We use emails in our day to day routine for communications with clients, colleagues, applying for jobs, customers and sharing of information between various professional individuals of the same area of expertise. Electronic communications types are very useful and serve the purpose when it comes to overcoming the geographical barriers owing to communications in the different parts of the world. With the internet at our disposal, communications between two parties irrespective of their locations in the world, are just as good as communicating with team members in a large office room and over the top of the partition of the cubicle.

Communications transmitted like this poses a lot of risk and subject to lot of unwanted attacks. Communications in plain text are in unencrypted forms and hence can be easily attacked and modified. It is possible to learn the contents of the message very easily and tamper with it before it makes way to the message inbox of the intended receiver. There two categories for this:

Man in the Middle attack (MITM)

MITM attacks control the communications between two parties and alter them. It is done by the injection of third party into the communications channel which takes a malicious form. The attacker must have an access to the communications channel, the attacker must be able to convince the victims that the information flow between them is not intercepted in any form and the attacker must alter it within less than the time taken to suspect by either of the victims

Replay attack

It?s a type of MITM attack where the information is stored by the attacker and used at an appropriate time to cause loss to either party. A good example would be misusing someone?s credit card number repeatedly.

Operating systems (OSs) that are insufficiently patched and the related applications In January month of year 2003, an SQL worm made its way to several databases across the globe and affected tens of thousands of computer systems merely in minutes. It was a denial of service (DoS) attack and it slowed down internet traffic to a great extent and exploited the drawbacks of the SQL database. Microsoft released the patch for this security weakness six months ago, but the patch was not installed my many system users which let the SQL work its way through their systems. A national vulnerability database keeps a track of all vulnerabilities.

Inadequate usage of Antivirus and firewalls

Usage of antivirus is a method of prevention. It is like driving with seat belts in order to prevent an accident. The disadvantage is this that the seat belts are to be worn every time as opposed to the accidents those do not happen that often. Similarly, the antivirus software is like a bug inside your computer system that will take action very occasionally as compared to the usage of your computer system. Most users face the risk to encounter the malicious software when they install any antivirus. Malware can enter a system from multiple points and can affect the computer system severely in the following ways:

Malware seeps into your system from the attachments with emails that you open and unknowingly download. Hence email servers these days facilitate the users with the online scanning of the email attachments that are sent to the users? inbox.

Media files such as audio, video and picture file associations that are affected by malware can enter the system when you play a multimedia storage device like a CD, DVD or even a USB. Real-time scanning of new devices used my modern antiviruses? defeats such purpose.

Multimedia files that are downloaded from the web storage servers like Rapidshare can be dangerous. This technique is called as drive-by downloads.

Computer drives that are ?shared? on a network pose a threat of getting exposed to attack from malware from other machines that are connected in a network. The malware that enters in such a way exploits the weakness in the firewall systems and the vulnerabilities that are present in the network on the computers.

Hence it is very important to download the latest virus signatures in the database that is released by the vendors of the antivirus on a regular basis. OS patching and application patching should be done on a daily basis. Developers of malware know this very fact and hence when a malware is loaded into a computer system, it infects the system and blocks the code to update the antivirus. This is simple to implement since the domain names from which the updates are done are mapped into the local IP addresses and are blocked. Personal firewalls block the ports that are not active for legitimate purposes. Hence, the worms that sneak in through the ports get blocked.

The firewalls that are available for windows are available at a low cost. Some of them are even available for free. The only thing is that the care should be taken such that the firewalls should be installed properly so as to provide that additional layer of security. Inefficient usage of firewalls leads to manifestation of poor performances in devices on which they are installed. This can lead to unnecessary usage of bandwidth. This is applicable to devices that are affected with the bot net software. This will increase the cost of removing the malware once it has been detected in the system. Also, the help desk service that provides technical support for performance related issues is to be bothered again and again. There two particular types of dangerous malwares. They are key loggers and video frame grabbers. These are design to steal the information from a computer system and send it to the user remotely.

Boundary security that is weak

Now days, the systems have become more distributed and have adopted more service-oriented architectures. The need has arisen where the data is to be moved away, also far away from the boundaries that are defined by the organization. In these days the companies might have a database that is hosted and governed by a third party organization and there are these database protocols that are needed for web browsing, email applications and instant messaging. Internal applications that are needed for services that are web based are provided by the business partners. Confidential data is moved to and fro between these two systems. Hence there arises the need to provide the digital certificates that ensure relevant authentication of the transaction. Mostly SSL is used for business communications. VPNs or the Virtual Private Networks are used so that the users connect via the corporate network.

These days, the perimeters that are defined by the network are more prone to the attacks from the hackers. Multiple layers of security that overlap each other are more reliable than the single boundaries. These depths in the defense mechanisms protect the data and the systems.

Poor security for applications

Vulnerabilities that are known to affect the applications include flaws in the injection mechanisms; for e.g. the attacks in the SQL database. In these, the SQL commands are sent as the part of the data that is fend into the systems. Scripting attacks allow the hacker to run scripts remotely into a victim?s web browser. There is this stealing of username and passwords of the users from the database. Information communications flaws in which the information that is confidential and private is sent over the communications channel such that it is in unencrypted form or rather it has an ability to get decrypted easily. Thus we have explored the various security flaws in the corporate world and the mechanisms to overcome them which form the essential part of business security.

Secure File Transfer : By using Egress Switch you can share large files securely without compromising the security of your data. Files that are too large to be sent via email can be uploaded to a hosted storage solution and and sent securely.

Related directory categories

Access Control Systems
Biometric Security Products
Burglar Alarms
Locks And Safes
Security Alarms
Security Cameras
Self Defense
Surveillance Products
Security Systems
Security Gates
Safety Supplies Directory
Security Consulting
Information Security
Vehicle Security Products
Home Security
Home Automation Software
Safety And Security Hardware
Industrial Safety Products
Child Safety Products
Retail Shopping > Security Products
Car Safety Products
Sports Safety Equipment
Police Equipment And Gear
Military Equipment
Law Enforcement Products
Fire Escape Ladders
Security Management

Related business information

Home Security Business

More business articles

  • Guide To Employee Management In Business
  • Guide To Business Performance Management
  • Guide To Giving Corporate Gifts And Gift Certificates To Small Businesses
  • Guide To Small Business Team Building
  • Guide To Choose The Right Business Partner
  • Guide To Business Sales Force Development
  • Guide To Preparing A Business For Sale
  • Guide To Business Models For Strategic Planning
  • Guide To Market Your Business On International Level
  • Disclaimer: The suggestions in the article(wherever applicable) are for informational purposes only. They are not intended as medical or any other type of advice