Solved by Expert Tutors
Solved by Expert Tutors
Question

Heightened concern about cyber-terrorism and the increasing need to

open internal networks to outside access are pushing corporations to bolster network and data center security, on both the IT front and physically. The goal is to add multiple layers of protection and redundancy around the data center and its hardwares, softwares, databases and network links, while still maintaining the levels of service demanded by the business. On the physical side, companies are boosting their business continuity and disaster recovery capabilities by buying and building redundant hardware and facilities or paying for such services, and geographically separating their IT assets. The technology effort, meanwhile, is focused on supplementing traditional network firewall protection with newer intrusion monitors, access control tools and tougher IT age policies.
The need for such protection is being driven by both the increasing threat of cybercrimes and the growing use of Internet to link companies with partners and customers, says David Rymal, Sector of technology at Province Health Systems in Everett, Washington. "There is an increasing pressure to enable wide and unfettered access from our business units. We are getting so many nests to open up ports in our firewall that pretty soon it is going to look like Swiss cheese" Rymal says. "The more of them you have open, the more vulnerabilities you create."
The whole notion of "Web services" under which companies will use common Web protocols to link their business systems with those of external partners and suppliers, is only going to increase the need for better security, users say. Adding to the pressures is the growing number of remote workers and the trend toward wireless applications. This has meant finding better ways of identifying and authenticating users and controlling the access they have on the network. "You have to keep in mind that the minute you open your servers or services to the Internet, you are going to have bad people trying to get in," says Edward Rabbinovitch, the Vice President of global networks and infrastructure operations at Cervalis Inc., a Stamford, Connecticut-based Internet hosting service.
Companies are also building "air gaps" between their outside facing applications and black end data. Providence Health, for instance, doesn't permit external Internet connections or wireless access to terminate on any internal machine. It's far safer to end such connections outside the firewall and then screen all external requests through secure network services, Rymal says.
Antivirus and email filtering tools are being supplemented in many companies with new measures aimed at reducing the risk of attack via email. "Email, to me, is always the weakest link, because you are open to just about anything and everything that comes over the Web," says George Gualda, CIO at Link Staffing Services Inc. in Houston.
Link prohibits attachments of certain types and sizes on its network. All Internet based chatting is banned, and users aren't allowed to download and install software. Scripting functions are disabled to prevent unauthorized scripts from wreaking havoc, says Gualda. Link Staffing uses a secure virtual private network (VPN) service from OpenReach Inc. to connect its 45 remote sites. The OpenReach VPN provides firewall and encryption services, but Link placed an extra firewall in front of the VPN anyway.
While it's impossible to guarantee 100 percent security, companies should make things as difficult as possible for outsiders or insiders to steal or damage IT assets, IT managers say. Cervalis security, for instance, begins at its ingress points - where the Internet meets its networks. The company uses strict port control and management on all of its Internet facing routers to ensure that open ports don't provide easy access for malicious attackers. Redundant, load-balanced firewalls that are sandwiched between two layers of content switches filter all traffic coming in from the Internet. Network based intrusion detection systems are sprinkled throughout the Cervalis network.
 Augmenting physical and electronic security measures with IT security policies that are clearly articulated and enforced is also crucial, Gualda says. Link Staffing has a tough IT usage policy that employees must abide by. Failure to comply can result in termination, say Gualda, who has fired two employees for this reason in the past. To enforce the policy, the company uses monitoring and auditing tools to inventory employee computer usage.
Securing operations also means auditing IT security by regularly going through a checklist of maintenance items, IT managers say. Periodic reviews and external audits are also needed to ensure that there is adequate security. "There is never going to be a 100% security solution; there is always theoretical way for someone to wind their way through," Rabbinovitch of Cervalis says. "The task, therefore, is to make it as challenging as possible for the hacker." 



-Why is there a growing need for IT security defenses and management in business? What challenges does this pose to effective IT security management?                                                                                                                               
-What are some of the IT security defenses companies are using to meet these challenges? Use each of the companies in this case as an example
-Do you agree with the IT usage policies of Link Staffing and the security audit policies of Cervalis? Why or why not?   

Step-by-step answer

itur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus effici


s ante, dapibus a molestie consequat, ultrices ac magna. Fusce du

  • ipsum dolor sit amet, consectetur adipiscing
  • nec facilisis. Pellente
  • ongue vel laoreet ac, dic
  • facilisis. Pellentesque
  • congue vel laoreet ac, dictum vitae odio. Don
  • Fusce dui lectus,
  • ongue vel laoreet ac

onec aliquet. Lorem ipsum dolor sit amet, consectetur adipisc

nec facilisis. Pell

ur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magn

a molestie consequat, ultrices ac magna. Fusce dui le

ng elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus effici

sum dolor sit amet, consectetur adipiscing elit. Nam lacin

acinia pulvinar tortor nec facilisis. Pellentes

molestie consequat, ultrices ac magna. Fusce dui lectus,

sus ante, dapibus a molestie consequat, ultrices ac magna. Fusc

consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pelle

Donec aliquet. Lorem

acinia pulvi

icitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. N

risus ante, dapibus a molestie consequat, ultrices ac magn

  • , dictum vitae odio. Donec alfacilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a mol
  • ctum vitae odio. Donec aliqusum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus effic
  • usce dui lectus, congue velipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Na

congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet,

  • tesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac ma
  • cing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dap
  • ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia
  • o. Donec aliquet. Lorem ipsum dolor sit amet
  • tesque dapibus efficitur laoreet. Nam risus ante, dapibus a

Subscribe to view the full answer

Why Join Course Hero?

Course Hero has all the homework and study help you need to succeed! We’ve got course-specific notes, study guides, and practice tests along with expert tutors.

  • -

    Study Documents

    Find the best study resources around, tagged to your specific courses. Share your own to gain free Course Hero access.

    Browse Documents
  • -

    Question & Answers

    Get one-on-one homework help from our expert tutors—available online 24/7. Ask your own questions or browse existing Q&A threads. Satisfaction guaranteed!

    Ask a Question
Let our 24/7 Computer Science tutors help you get unstuck! Ask your first question.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes