Login Signup
Verified Document

Gfis Authentication Technology And Network Security Issues Research Paper

Related Topics:
Port Security Firewalls Wireless Network Security Breach
Open Document Cite Document

GFI Turn-Around IT Strategy Turn-around Information Technology Strategy for Global Finance, Inc. (GFI)

GFI's Authentication Technology and Network Security Issues

GFI TURN-AROUND IT STRATEGY

Global Finance Inc. offers services in the finance industry. This is a sensitive area of business that requires tight security policies and strategies to be implemented on the network of such an organization. GFI has, however, not given much attention to the IT department, especially, its security and thus the loopholes that exist and have been exploited by black-hat hackers. This is clear from the facts provided that the company's oracle database has been compromised in terms of availability, confidentiality and the integrity of the data stored. Organizations in the finance industry have the integrity, confidentiality and availability of their databases as one of their biggest assets. A simple mistake or gap on such an organization's technology policy and implementation may lead to huge losses that may see the organization going out of business. Any business organization that deals in the finance industry requires a strong IT department that is able to come up with strong policies, carefully implement them, monitor them and control any breaches on the system. To function as required and safeguard the assets of an organization, the strong IT department requires a sufficient budget and dedication from the top management.

A number of gaps in the network security and technology strategy of GFI can be identified from the details provided. Below is a discussion on the gaps and how the gaps expose the organization to various risks.

Authentication Technology and Loopholes at GFI

Authentication is a key aspect as far as the protection of information technology assets of an organization is concerned. various forms of authentication are available for use by organizations to keep unauthorized people from accessing the resources of the organization and probably compromising the confidentiality, availability and integrity of the data held in its databases. Some of the most common forms of authentication mechanisms include the use of suitable standard passwords and usernames for users while logging into the systems of an organization to carry out their roles. Biometric authentication is an effective method utilized by some systems to authenticate users into accessing the resources of an organization. Some organizations combine more than one authentication mechanism to improve the security of their assets (Cole et al., 1978).

GFI does not seem to consider authentication as an important aspect in its information technology strategy. Authentication mechanisms of an organization should trickle down from a policy to implementation by an able IT department. Going by the information provided about GFI, the organization does not have a policy of the most appropriate authentication mechanism in ensuring that only authorized individuals access certain resources of the organization. Thus, there is nothing that the IT department is expected to implement as far as authentication mechanisms are concerned. The GFI IT department should take time and design an authentication and accountability policy (Guichard & Apcar, 2001).

The simplest and effective authentication policy can revolve around the nomenclature of user names of the GFI staff combined with passwords of desirable parameters. Unique staff numbers can be used as user IDs when accessing the organizations systems to ensure accountability. In addition to the user names, passwords meeting the desired standards can be used to authenticate the users. Some of the necessary password parameters should revolve around the minimum length of passwords, complexity aspect of passwords, password expiry aspects, lockout durations when wrong passwords are used to access resources, maximum number of wrong password attempts when logging in and a requirement for users to change their passwords upon first logon. Weak authentication mechanisms are a dangerous aspect that exposes systems to black-hat hackers in compromising the resources of an organization (Mark & Lozano, 2010).

Going by the information provided, black-hat hackers have already accessed the resources of GFI and caused a number of undesirable effects. The IT department is said to have witnessed a sudden huge amount of data flowing into the oracle database. Possibly, this could be a denial of service attack launched by malicious attackers. They might have taken advantage of the poor or lack of an authentication policy and strategy by GFI. Social engineering could be one of the methods through which the hackers realized information about lack of authentication mechanisms by the organization as the huge surge of data...

Parts of this document are hidden

View Full Document
svg-one

The hackers might have launched brute force attacks using hacking tools such as Kali Linux and managed to get into the system. To prevent such attacks, there has to be a policy on accountability and authentication, specifying the standards of password parameters as mentioned earlier. The policy should then be implemented by the IT department. With the password policy enforced, it will be difficult for the black-hat hackers to launch brute force attacks as they will be locked out of the system after a given number of wrong password attempts (Evans, 2003).
GFI's Network Security Issues and Recommended Mitigation Measures

GFI has a number of network security issues touching both on its WAN and LAN. To start off, let us focus on the LAN security loop-holes. There is no clear separation between guest broadcast domains and the staff broadcast domains. The information provided points towards the possibility of one being able to connect and access into the organizational network from the Wi-Fi solution implemented by GFI. Malicious individuals can take advantage of this loophole to access the resources of GFI. It is advisable that VLANs be used to establish a clear demarcation between guest networks and staff networks. Probably, the guest network should be set up in a separate VLAN from the staff VLANs. Access rules should then be implemented to prevent traffic from guest networks from flowing into staff VLANs. The range of IPs used in the VLANs should be different from the usual ones. Probably, the only resource that should be accessed by visitors from the organization's LAN via the guest VLAN is the internet. This can be achieved by using the VLAN strategy and access rules strategy mentioned earlier. An access list should be included in the configuration of the router to prevent the guests from accessing staff resources, but allowing them to access the internet. The range of IPs in the guest network should be included in the set of IPs eligible for network address translation (NAT) and a route configured from the guest network to the internet (Furht, 2010).

To access the GFI LAN, one does not require a standard authentication, going by the information provided. This is a LAN weakness as elaborated earlier. Double authentication strategies are usually suggested for organizations to secure their networks from man-in -- the middle attacks and other possible attacks. GFI might be using a WEP password on its wireless local area network or the hotspot might be open. With an open access point, one will be able to easily log into the network and launch possible attacks. With WEP passwords, hackers can crack the passwords using various hack tools and this might lead to access into the whole organization's network. GFI should consider implementing either WPA or WPA2 password standards in their Wi-Fi access points as passwords with these standards are not easily cracked. The Wi-Fi authentication can be combined with a web-based authentication to protect the GFI network even further (In Kremar et al., 2014).

The distances within which the Wi-Fi access points transmit the signal is of essence when tightening the security of an organization's network. At GFI, the wireless local area network is strong enough to cover huge distances hence they can be accessed from places outside the organization. This makes it easy for attackers to launch attacks into the GFI network with ease. One does not need to crawl with antennas within the premises of GFI to tap into the network through the broadcasted Wi-Fi signals. Restricting the Wi-Fi signals within the GFI premises could limit the chances of hackers getting into the organization's network as they could be spotted and stopped on time. However, the ability of the GFI access points to transmit signals over huge distances to premises outside GFI gives the hackers ample time as they can do their hacking comfortably without being spotted. To prevent this, the IT department should configure the access points to broadcast their signals within the premises of GFI. A possible alternative solution could be orienting the antennas to face directions that will prevent signals from leaking to regions outside the GFI premises.

Looking at network security from the WAN section, data flowing through the VPN tunnels established over the internet is not encrypted. If this data is in the form of "http" traffic, it can be trapped used hacking tools such as Cain and Abel. The packets trapped can then be stripped down into both the payload and headers. Some of the packets carry password and username information. This can be obtained once these packets are stripped using the hacking tools. One can then log into the networks using the obtained credentials.…

Continue Reading...
Sources used in this document:
References

Barry, D. K. (2013). Web services, service-oriented architectures, and cloud computing. San Francisco, Calif: Morgan Kaufmann.

Camison, C. (2009). Connectivity and knowledge management in virtual organizations:

Cole, G. D., Branstad, D. K., & Institute for Computer Sciences and Technology. (1978).

Design alternatives for computer network security. Washington: The Bureau.
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Analyzing the Biometric Technology Phenomenon
Words: 2000 Length: 5 Document Type: Term Paper

Biometric Technology Biometrics are those easily measurable physiological, behavioral or anatomical characteristics, which can be used in identifying an individual. A common biometric modality is fingerprints, but there are others like DNA, voice patterns, irises, facial patterns, and palm prints. Biometrics have been quite beneficial in the last couple of years for law enforcement and intelligence (investigative) purposes, mostly to the FBI and its associates. in the intelligence and law enforcement

Read More
Essay
Biometric Information Systems and Privacy
Words: 1381 Length: 4 Document Type: Essay

The truth of the matter is the biometric templates for identity enrolment that are stored on a server are not in the real since images rather they are mathematical representations of the data points that the biometric algorithm is able to extract from the scanned fingerprint, finger vein, palm vein or iris. The identifying template is a binary file that has a series of zeros and ones. The algorithm then

Read More
Essay
Biometric Security in Both the
Words: 1181 Length: 4 Document Type: Term Paper

It also helps to reduce the threat of identity theft as this is frequently initiated through the hacking of such highly vulnerable wireless communication devices. According to ThirdFactor, the same BioLock technology is currently being adapted to meet the needs of the Microsoft Windows and Mac OS packages on the market's near horizon. This suggests that the pacesetting consumer brands in the technology, software, cell phone and computing industries

Read More
Essay
Biometric Entry and Ignition System
Words: 946 Length: 3 Document Type: Term Paper

However, a very determined criminal, as mentioned above, might go as far as cutting off fingers in order to circumvent this problem. Nonetheless, fingerprinting appears to make car theft somewhat more challenging than the ordinary immobilizing device. Main Conclusions Because of its groundbreaking technology and the fact that it makes car theft more difficult than ordinary immobilizing devices, biometric fingerprinting devices for immobilizing and car door locking holds particular advantages over

Read More
Essay
Biometric Payment Trends in Southern
Words: 1644 Length: 6 Document Type: Term Paper

The Homeland Security main division is also located in California. Security, not only in terms of personal banking security but as well home security is an issue in Southern California as evidenced in a February 7, 2007 news report entitled: "Police: Billionaire Robbed by Man Posing as Delivery Person." The report relates a Southern California financier whose home was invaded by a deliveryman. The report states the fact that:

Read More
Essay
Biometric Optical Technology Retina Biometric
Words: 1338 Length: 5 Document Type: Term Paper

2) False acceptance which is through confusion of one user and another or the acceptance of an invalid individual as being a user that is legitimate. Although the rate of failure is easily adjusted through modifying the threshold through decreasing the rate of failure on the end of rejection or acceptance the increase of failure on the other end of the spectrum increases In the act of choosing equipment with biometric

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now