Implementing Protection Strategies for Security Companies

---

IBM Security Project

---

Introduction

For this project, we will be working for a company that investigates security threats to IT companies and how to implement strategies to protect those organisations.

Organisational Requirements

IBM has many organisational requirements. IBM needs to ensure that the user in hand has access to the appropriate information and data, and is denied access to any confidential or restricted data. This ensures confidence and integrity within the organisation. 

When it comes to IBM’s security, they need to keep the cybercriminals to a minimum. There are 2.5 million cybercrime offences in 2015, and IBM tends to not be one of them.

IBM systems are a target for cybercriminals – investigate and report on current threats to INM website and software.

-          Protect their websites from criminal activity

-          Protect their software

-          Support different groups of users, connect to multiple devices

-          Connect to Wifi and internet

-          Be able to restrict access of certain users with files

-          Have a firewall and antivirus

Physical Security Threats

Physical security threats are a big part of IT system security. There are many different types of physical threats that can affect IBM. Some of these are:

Theft and Burglary

It is quite obvious that tech is very expensive and valuable. That’s why they’re one of the biggest targets for thieves and burglars. It is very important to secure your tech from all potential burglary scenarios. This will include installing a whole bunch of security systems such as installing locks and alarms. It is not necessarily anything advanced since all you have to do is either purchase an alarm and install it in the piece of tech you wish to protect or attach a chain to the tech so that no one can steal it. It would probably quite beneficial to also invest in some sort of a tracking device, in case the tech is very expensive and could be easily stolen, like some sort of a portable device of high value. That way, in case someone does run off with it, we can make sure that the device will be tracked and taken back.

Vandalism

Vandalism is defined as any activity that involves deliberate destruction. Vandalism is often spoken about in the media, but the truth is that in many ways it violates some of the physical security measures that people have worked hard to put in place. Not only does it destroy some of these physical measures, but it also takes a toll on many resources that required hefty investments of time and money. Imagine if someone went to your car and breaks your side mirror just when you had it repaired and it was quite expensive. This is not just a harmless act that is committed by teenagers. They are crimes that threaten your physical security and the well being that you have worked hard to achieve

Natural Disasters

Natural disasters can dramatically damage a business and they are unpredictable. Some of the most common natural disasters that affect a business are earthquakes, flood, wildfires etc. The biggest problem with business is that the cannot predict when a natural disaster will occur or how bad it will be. When a business cannot predict how bad a possible disaster will be, it’s risky when deciding how to react to this, as they don’t want to waste resources,  money and take unnecessary actions. Natural disasters don’t happen often but when they do, it can have a major impact on the physical security of the business and can be extremely costly. Business can help fight the natural disasters impact on security by investing with equipment that can help the company stay alert of natural disasters that could occur, weather warning, news of other natural disasters close by etc.

Software protection Techniques

Tor browser

The Tor Browser allows the user to surf the web without leaving any trace of them behind. It is a Firefox-based browser that allows the user to disallow all the scripts and cookies that might be used in order to spy on the user or record their steps on the web. Its main feature is “bouncing between servers all across the word – making it impossible for the people from outside the system to properly trace the user’s IP address and location.

One of the other advantages of the Tor Browser is that its open source. This means it can be reprogrammed and it’s more flexible than other browsers. This can be very beneficial for a business like IBM, considering they’re IT specialist and they might want to experiment or optimize their browsers to their specific requirements.

The IT system can use it in order to download and surf the web in peace. There is a disadvantage of the browser itself being relatively slow and prone to latency due to the high level of security it provides. Loading videos and opening new pages might prove to be a bit of a problem. This is kind of like the price for the high security of the Tor Browser – the drawback of relatively slow internet browsing. This is because the browser itself uses many different connections and IP addresses in order to hide the user’s identity. The Tor Browser connects people to different servers through multiple connections from multiple countries to hide the user’s IP address.

VPN (Virtual private network)

A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices are directly connected to the private network. Apps running on a computing device like a laptop,  desktop, smartphone, across a VPN may benefit from the functionality, security and management of the private network.

VPN technology was developed to allow remote users and branch offices to access corporate applications and resources.  To ensure security the private network connection is established using an encrypted layered protocol and VPN users use authentication methods, including passwords or certificates, to gain access to the VPN. As for some examples, one of the biggest and well-known sites that offer you this are ExpressVPN, NordVPN, CyberGhost, IPVanish and Surfshark.

https://www.quetext.com/report/f0a4962bd1c0e6b239b0

Antivirus

Antivirus is also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses as explained by the name. Antivirus software started to provide protection from other computer threats. In the modern day, antivirus software can protect users from BHO’s, browser hijackers, ransomware, keyloggers, etc.

IBM uses antivirus to protect their security services to detect malware and to circumvent the complication and to protect data from viruses. Prevent a  security breach from ruining your business.

https://www.quetext.com/report/5116cd292a1c327f93c5

OSS ( Online Security Software)

Security software is a software in which protects and secures the data held within a computer. It provides protection of data, as well as manages the access controls to files and data. Online security software is a software which protects and secures data through a network. Here are two of many network security types:

Access Control

Your network should not be open to anyone and everyone; this is where access control comes in. Access control allows the network owner to give permission to certain users to access their network. This is a good way to stop unauthorized people from accessing files found within the network. With this control, the owner of the network is able to either completely disable access to people/devices, or enable certain people/devices to access the files.

Application Security

Any applications that are used within an organization needs to be protected. Every application has flaws which could be easy for hackers and other attackers to access the organization’s network. There are a few different types of security software used to protect applications within an organization. One of the most used forms of application and network protection is the firewall.

Firewall

A firewall is a network security system that is used to detect if information, which is being imported in, is harmful or not depending on the security rules within the system. Firewalls come in two different forms, them being hardware and software. There are a few types of firewalls used to protect data.

Proxy Firewall

A proxy firewall provides access from one network to another network for a particular application. Proxy servers also provide more uses other than just providing protection for the computer systems. The additional functionalities that the proxy firewall has are that it provides content caching and security; this is done by preventing immediate connections from users and devices outside of the network. This, however, might affect the capabilities and applications this can support.

Stateful Inspection Firewall

The stateful inspection firewall, also known and thought to be the ‘traditional’ firewall

Encryption software

Encryption software is a type of program which enables data to be encrypted and decrypted. This ensures that files, applications and any other data secured and unavailable for any unauthorized users to access. Encryption software encrypts data by using one or more encryption algorithms. 

Pros:

★      Data encryption allows the data to stay separated from where the original device security is stored.

★      Encryption finds a way around any problems ahead which provides ensured protection of data and intellectual property.

Cons:

★      Encryption keys can be a drawback because the more encryption keys there are, the more difficult it is to maintain all the keys. If you lose the encryption key, you lose the data which is encrypted also.

★      The use of data encryption can be quite expensive due to the fact that the systems must be upgraded to perform the tasks that are set.

Intrusion detection system (IDS)

IDS are special software made for detecting suspicious behaviour, files and viruses within the network’s traffic. Most IDS are capable of scanning and assessing the threat, then informing the user, however, some of them are capable of fixing or stopping the threat themselves, like blocking traffic from the suspicious IP address. Quite a useful tool in a large network with a lot of outside – inside traffic.

An IPS is a different variant of an IDS, that also checks data packets within a network and whether or not they’re a threat.  Unlike an IDS, the IPS doesn’t track and log the traffic and it doesn’t issue notifications, instead, the IPS rejects the potentially malicious packets, and blocks the suspicious IP addresses as well. An IPS are really good and effective when working along with an IDS since the IDS detects the treat, and the IPS prevents it.

A major downside of IDS is that it is quite prone to false alarms. This might become a problem in a large corporation where the whole corporation or network reacts with a serious shutdown of the network, or just waste some employee’s time. Every single time a false alarm was present, the people from the security department would have to dedicate some time to assess the threat only to learn that it wasn’t a threat at all. This could put the network at risk, because whilst the security department is focusing on the false alarm, there might’ve been an actual threat they should’ve paid attention to, or they needed more employees focusing on said threat, but they split between the false one and the real one, resulting in the real threat actually damaging the network in some way or another.

Organisation protection techniques

Account permissions Edrick

Backups

     Backups are crucial when it comes to securing your data in a working environment. They allow you to access an emergency version of the data from the past that was saved on the server. Depending on the backup settings, it might save things every month, every week, or every day. This means that upon losing data, you can recover only the data you’ve saved, and depending on when was that last save, the data might be out of date or inaccurate to some extent, not to mention the lost data that might’ve been not saved before the loss of data. In summary: A copy of the data is saved on a separate server or storage device. According to the settings, the data will be copied every month/week/day. Once someone loses the data, the can recover it from the backup. It is advised to keep your storage devices all in locations just in case of an accident where everything in the room gets destroyed, all of the back-ups will be destroyed as well.

Password protections

Password protection is a crucial part of security for any business or person. Passwords are used to access files, accounts, data and personal information. They create a barrier between the public or unwanted people and information that could be sensitive or private. Password strength is extremely important because it stops hackers from being able to easily access whatever’s behind the passwords, the more characters a password has, the harder and longer it takes a hacker to gain access. For example, a good, strong password would generally include more than 7 characters and typically include at least 1 number, symbol or upper case character.

Bad password protection within a business can lead to serious breaches of sensitive and important data, it is important to keep the passwords within a business strong and frequently change them.  Frequently changing a password will help keep internal password leeks to a minimum and keeps the hackers away as they have to keep retrying to crack a new password every time you change it. For example, If the business has a password requirement of 10 characters with special characters and numbers, it will roughly take a hacker 4 months to crack the passwords. So to help with security, the business would have a forced password reset for everyone every 3 months.

Employee training

They tell employees what they’re going to cover introduce it with a brief overview of the training subjects main point tell them the information that can’t be revealed to the world and needs to stay in the company and that they don’t open emails that include viruses and phishing emails and that they won’t download disallowed applications

Employees can’t share crucial information outside the company’s building and they need to ensure that by giving them an explanation as to why they can’t talk about it.

Plan

19/3/19 – 24/05/19

Task	Time period
Research Research different protection techniques. OSS, Encryption software. VPN, Firewall. Tor browser, IDS. Anti-virus, VPN       2.  Research organisational and legislative requirements Organisation requirements. Legislative requirements.	Week 1 – 19/03/19 – 26/03/19
Make plan Decide on techniques that fit the requirements Product plan Analyse/Evaluate the plan. It is effective? How will it meet the requirements? Legislation/ legal issues.	Week 2 – 26/03/19 – 02/04/19 + Week 3 – 02/04/19 – 07/04/19
Implementation Find software that fits all requirements. Download software / make an account. Enable all security features needed Screenshot security features and settings Display and explain how each feature is working	Week 4 – 23/04/19 – 30/04/19
Test it on a system Make a table with testing criteria Test the software Write down results Review	Week 5 – 30/04/19 – 07/05/19
Gather feedback  Create a feedback form Gather feedback from 4 Employee	Week 6 – 07/05/19 – 14/05/19
Review the software	Week 7 – 14/05/19 – 24/05/19

Implementation

For this project, I researched many different security software companies and found one that fit all of our requirements.  Bitdefence security is paid security software for PCs. I managed to access a free trial version as for the testing I do not have a budget.

Installing the software

Creating an account

The dashboard where you can see live updates of the security status of the PC.

These are the 3 main menus that are located on the dashboard of the software.

The privacy tab includes software features such as password manager, file encryption, webcam protection, data protection, safepay, parental controls and a VPN.

The protection features tab includes an antivirus that’s pre-installed, firewall, advanced threat defence, safe files, ransomware remediation, online threat prevention, anti-spam and vulnerability.

The utility tab includes one-click optimizer, startup optimizer, disk cleanup and anti-theft.

Firewall

BitDefender comes with a free firewall integrated into the software, you can change what’s allowed through the firewall and what’s not, you can also change the rules of the firewall manually. Within the firewall settings, you can also see what comes through the firewall and see what comes through different internet connections on the PC network.

Anti-Virus

Bitdefender also has a quick scan antivirus feature that scans our whole PC for any suspected viruses within software or files.  The anti-virus software included in Bitdefender also includes a shield that you can manually turn on or off that protects ant future incoming files and scans than for potential viruses and alerts the user.

File Encryption

Within the Bitdefender software, you can add your files to a vault and encrypt the vault so that you can keep private files secure.

Multiple Devices

Within Bitdefender, they have included a feature called ‘Parental Control’ and this feature allows the main user (administrator) to add multiple devices to one account and restrict the other users access to certain files, webpages and more.

Employee Feedback

I have created an employee feedback form and attached a link below. I have also asked 3 of the employees to complete the form and I have attached images of the completed forms below.

 

 

Test

Test	Expected results	Actual results	Evidence
Does the firewall work correctly?
Does it restrict access to different users?
Does the antivirus work correctly?
Does it encrypt files efficiently?

Review

Overall, for this project, We believe that the Bitdefender software was a good choice to use for IBM. It fits all the requirements, it doesn’t cost too much and you can get it on a free trial, it’s easy to use and it has a good user-friendly interface, and you can set it to have an administrator to restrict the access of files and website of other users.

The software includes many features within the software that is useful and effective. The firewall that is included within the software has many different features and settings. It’s easy to use and you can easily see the rules of the firewall and what has recently been granted and denied access through the firewall. It includes a search button so that you can search through all the files incoming through the wall for something specific and you can easily reset the rules.

One disadvantage of the software used is that for a beginner who doesn’t know anything about firewalls, or VPN etc, will find it hard to use and understand the software as its quite advanced in detail. This could potentially mean that new employees will have to undergo some extent of training to be fully comfortable with the software and to use it to its full potential.

In conclusion, We believe that the software was a success and it meets the requirements needed. Employee feedback shows that they are pleased with the outcome of this project and that there aren’t any major issues that need to be fixed.

Sources and references

➢      En.wikipedia.org. (2019). Tor (anonymity network). [online] Available at: https://en.wikipedia.org/wiki/Tor_(anonymity_network) [Accessed 12 Mar. 2019].

➢      Techopedia.com. (2019). What is Encryption Software? – Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/29702/encryption-software [Accessed 12 Mar. 2019].

➢      Techopedia.com. (2019). What is an Intrusion Detection System (IDS)? – Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/3988/intrusion-detection-system-ids [Accessed 19 Mar. 2019].

➢      Paloaltonetworks.com. (2019). What is an Intrusion Detection System? – Palo Alto Networks. [online] Available at: https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids [Accessed 19 Mar. 2019].

➢      SearchSecurity. (2019). What is intrusion detection system (IDS)? – Definition from WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/intrusion-detection-system [Accessed 19 Mar. 2019].

➢      Rouse, M. (2019). What is intrusion prevention? – Definition from WhatIs.com. [online] SearchSecurity. Available at: https://searchsecurity.techtarget.com/definition/intrusion-prevention [Accessed 2 Apr. 2019].

➢      Services, P. (2019). What Is Network Security?. [online] Cisco. Available at: https://www.cisco.com/c/en/us/products/security/what-is-network-security.html [Accessed 29 Apr. 2019].

➢      https://unitedlocksmith.net/blog/5-most-common-types-of-physical-security-threats [Accessed 29 Apr 2019].

Security System Software (Bitdefender)

➢      https://www.bitdefender.co.uk/Downloads/ [Accessed 15 May 2019]