Introduction to Rare Vintage Auto Parts Ltd
Rare Vintage Auto Parts Ltd is a company that deals with the distribution of different parts of motor vehicle to many consumers ranging from car mechanics to the motor vehicle manufacturing industries. The business consists of several stores that are integrated with the main office. Management of each store can obtain several parts of motor vehicles through sending an inventory to the main office by using a mobile phone. However, there are some security issues that have been discovered by the management of the business, and subsequently, requested for an investigation aiming at addressing some of the security issues. For instance, Information Technology (IT) manager accessed some of the illicit information 30 days ago, which forced the company to dismiss him.
Afterwards, IT administrator was replaced with unskilled IT personnel, and subsequently, network connection of Cottesloe shop failed to function on the same day. Also, network connection between Kalamunda and Joondalup stores experienced some problems. Following these developments, it became necessary for company management to issue a directive for investigations concerning the smooth running of the business operations. In addition, some of the security issues that affects wireless technology have also been examined in detail. Some of the issues includes the following; using Wired Equivalent Privacy (WEP) encryption for data security that is susceptible to attacks and antivirus only without firewalls for protection of data.
There are many methods and techniques that are used to collect data and information, for example, observation, interviewing, questionnaire and surveys. Regarding to this research, data and information were collected using the following methods; observation, interviewing and testing alongside some secondary sources such as relevant documents(Alshenqeeti, 2014).
Interviewing is associated with the process by which an interviewer asks an interviewee some questions regarding to a certain event that has taken place or the functionality of the specific system. For instance, in this context, more than 20 employees were asked some questions regarding to the functionality of the wireless connection alongside some of the problems that are encountered while using the system (Alshenqeeti, 2014). On the other hand, observation is the process of observing keenly how a certain system is used to perform its intended duties in the company or an organization. Hence, the functionality of wireless technology was observed keenly aiming at discovering some of the problems that are encountered by the employees, while using the wireless technology (Suen&Ary, 2014).
Furthermore, some of the secondary sources were also used in collecting data and information. Secondary sources are used to supplement primary sources of information. These sources are developed from the primary sources by people (Johnston, 2017). Some of the examples of secondary sources includes the following; books, magazines and newspapers. In this context, some of the files that were used by the former IT manager were examined and analyzed aiming at acquiring some information about security issues that were affecting wireless connection technology. Lastly, network connection was tested to ascertain if the wireless technology was functioning correctly basing on its predetermined goals and objectives (Navarro & Cho, 2016).
|
T H E C H A N C E S O F R I S K O C C U R R E N C E |
RISK HARSHNESS. |
|||
|
ACCEPTABLE |
TOLERABLE |
UNDESIRABLE |
INTOLERABLE |
|
|
LOW CHANCES OF OCCURRENCE |
Data is lost because of the absence of backup techniques, for example, cloud storage. |
Network tools and equipment are incorrectly used due to lack of rules and regulations. |
Network connection errors because of the absence of routers. |
Malfunctioning of the network because of not dividing the network into several portions usually referred to as subnetting. |
|
HIGH CHANCES OF OCCURRENCE |
Attack because of the absence of intrusion protection and detection mechanisms. |
Low performance because of integrating several network cards. |
Network connection errors because of high power gain APs. |
Attack because of broadcasting SSID. |
|
VERY HIGH CHANCES OF OCCURRENCE |
Vulnerability to attacks because of the absence of virtual private network (VPN) and firewall for data security. |
Low performance because of incompatible antenna. |
Destruction of data and information because of the absence of firewall. |
Attack because or poor concealing of data and information. |
Security Issues and Challenges
i. Wired Equivalent Privacy (WEP) encryption.
Data encryption is very essential in protecting company’s data and information against unauthorized access alongside other access control mechanisms such as using of username and passwords. There are many ways on which data can be encrypted, for example, hashing and symmetric methods. Data was encrypted using WEP in Rare Vintage Auto Parts Ltd company. WEP was created by IEEE as one of the standards for preventing intruders from accessing data and information that is shared between different users (Asuncion & Guadalupe, 2017).
The following are some of the weaknesses that are associated with WEP encryption that was adopted by Rare Vintage company:
Rivest Cipher (RC4) was not configured correctly. One of the major principles underlying adoption of RC4 is that there should be no any key that need to be used more than once. For instance, Initialization Vector (IV), which is a number that can be integrated with a unique key for concealing data and information is used more than once. Hence, making it easy for an intruder to access some of the repeated keys.
In addition, key scheduling algorithms of WEP were identified and published. This algorithm was identified using some of the tools, for example, Air Snort (Asuncion & Guadalupe, 2017).
Mitigation
Protection of internet connections of the company using modern technologies, for example, Wi-fi Protected Access (WPA).
Enhancing the use of access control mechanisms, for example, username and passwords for allowing right user of the network to gain access to a certain data and information, hence preventing hackers from accessing the data without user’s consent and permission (Asuncion & Guadalupe, 2017).
i. Using Incorrect Antenna Type
Rare Vintage Auto Parts Ltd uses distinct types of antennas. For instance, 16Dbi Omni-directional and 6dBi antennas have been deployed. Antennas are divided into three major categories which include the following; omni-directional, semi-directional and directional antennas (Do, Moeglein, Gao & Zhang, 2017). These three antennas are differentiated by using specific directions that they can be applied.
For instance, omni-directional antenna can be used in all angles i.e. 360 degrees. On the other hand, semi-directional antennas can be used in a certain angle that has been identified in advance. In addition, directional antennas can be used in any specified directions. Parabolic is one of the common examples of directional antennas. Directional antennas have some distinct properties, thus making it possible to be used in different contexts (Do et al., 2017).
Data Collection Methods
Solutions
Incorporation of unidirectional antennas into wireless connections of the company, for example, a satellite dish.
Adopting of antennas with the same frequencies, thus enhancing consistency in sharing of data and information between different departments or stores within the company.
Reducing physical obstructions between different employees and departments by enabling direct interaction between the sender and the receiver of the information and data (Do et al., 2017).
ii. Incorporation of Service Set Identifier (SSID) into the wireless Connection Technology by the Company.
SSID is associated with naming of a wireless network, hence allowing several sections or departments within a company to be linked with a lot of ease. The name of the wireless network is always different from the other wireless networks in the same geographical region. For instance, a company can have more than one wireless networks, therefore, SSID can be used to differentiate between different networks for easy connection (Klein &Barbash, 2018). There are many challenges and problems that are encountered while using SSID in wireless technology. Some of the problems includes the following:
Concealing a wireless network using SSID is a waste of time since the hacker or an intruder can access the network with a lot of ease. For instance, there is no any data security mechanisms, for example, firewall in Rare Vintage Auto Parts Ltd.
The specific or unique name of a wireless network can be accessed easily. For instance, NetStumbler is one of the computer soft wares that can be used by the intruder to show all the names of the wireless networks that are available at a specific geographical area. Also, tools like Aircrack can be used by an intruder to identify a given SSID of a wireless network (Klein &Barbash, 2018).
Solutions
Modification of router passwords alongside other details of the network in case any employee has resigned or dismissed from the company.
Disabling SSID, hence making it difficult for an intruder to gain access of a given wireless network without the consent of the user and permission.
iii. Access Points with Higher Power Gains
The rate of increasing the signal strength is directly proportional to the rate of power increase, hence reducing unnecessary interference, while using wireless connections. However, there are some challenges that are associated with increasing the power of the access points. Some of the challenges and problems includes the following; 1) limited space or area for accessing wi-fi signal and 2) receivers with low power cannot send data to the access points, hence affecting the entire communication process (Islam et al., 2017).
Risk Assessment
Solutions
Reducing the number of access points by using low power gains (APs) aiming at increasing the space or the area that can be felt by the connection signal.
Using access points having similar power level with other devices, for example, receivers aiming at enhancing continuous flow of communication within the company (Islam et al., 2017).
iv. Absence of Firewall and Virtual Private Network (VPN)
A firewall is a wall that protects data and information against unauthorized access by the outsiders or hackers. Firewall checks all the files and messages that are send and received within a given network, hence making it difficult for any person to send malicious files across a given network. Internet connection is one of the necessities for sending and receiving data within the company or the outside world, therefore, increasing many risks such as virus and worms that are associated with the internet (Williams, Lohner, Harmon & Bower, 2015).
Following these developments in wireless network connections, it becomes very difficult to protect a network against attacks using antivirus solutions only, for example, windows defender, Avast and Avira antiviruses. Broadcasting of SSID in Range Vintage Auto Parts Ltd company makes it possible for any person to access its network remotely. Also, there are no any network protection mechanisms, for example, VPN, hence the network is visible to the outside world and it can be accessed with a lot of ease without struggling. Furthermore, the absence of Intrusion Detection Mechanism (IDS) has made it impossible for the IT team in realizing when the wireless network is accessed by an unauthorized person within the company or outside (Williams et al., 2015).
Solutions
- Installation of firewall, therefore, preventing unauthorized people from accessing company’s wireless network.
- Deployment of Intrusion Detection Mechanism (IDS) for detecting any person entering in the wireless network without unauthorized access or user’s consent.
- Using Virtual Private Network for concealing company’s wireless network from the outside world (Williams et al., 2015).
v. The network is not Subnet for all the Devices
The broadcast domain connection is that all the devices are interconnected using the same subnetwork for all the infrastructure in which it causes network congestion thus communication becomes slow and network capability speed is also reduced. The operations are on the same subnet in broadcast domain.
Data and information are sent to all the devices that are connected in the Wireless Local Area Network (WLAN). The WLAN functionality can be affected in case all the interconnected devices within the WLAN generates undesirable messages commonly referred to as spamming, therefore, affecting the entire performance of the WLAN. Securing of the company’s network is a bit tricky, since there are various IP addresses of different devices within the company using the same subnetwork (Vershkov et al., 2016).
Resolution Strategies
Resolutions
1. Ensuring that all the devices within the network have been designated from one another by using different identification numbers (IDs).
2. Separating different subnetworks for easy identification of network regions, for example, host and the subnet. This can be achieved by using several tools such as 32-bit key.
3. Allocating different subnet masks to different devices, therefore, enhancing uniformity in network connection and increasing the rate of the network connection (Vershkov et al., 2016).
vi. Lack of written policies on security and procedures in the company
All the organizations and companies that rely on network connection must have principles and policies that should be stated explicitly for governing the entire network systems. For instance, all the principles and policies must be recorded, therefore, fostering the ease of implementation by the company management (Peltier, 2016). Hence, ensuring that all the policies have been followed strictly by all the company employees. For easy enforcement, all the policies must be easily comprehended by relevant company employees, for example, the director and IT administrator of the company. The chief purpose of security policies is to ensure that all the components that constitutes a given wireless network, for example, laptops, ethernet cables and computers alongside data and information are protected. In addition, security policies also explain how several enterprises within the company must be governed and controlled, for instance, the procedures for setting email passwords and storing of data and information are determined in advance. Furthermore, some of the ways on which some of the problems and challenges need to be solved are also discussed in advance, for example, misuse of company’s networking tools such as computers by the employees (Peltier, 2016).
Mitigation
Simply, Rare Vintage Auto Parts Ltd company should set some rules and policies aiming at governing wireless networking components and tools. The laws should be modified from time to time, since any business or company operations tend to change from time to time, therefore, security of the network can be enhanced as a result. In addition, IT personnel must be educated from time to time, since wireless network security is very crucial and vital in an organization. Changes in network security is inevitable as there is many advancements in modern technology especially in networking field (Peltier, 2016).
vii. Absence of designated and back up router on network
Network congestion is reduced with a big margin using designated router by assisting in showing all the modifications that have been made in any given wireless network. It’s very difficult to incorporate network topologies, for example, star, ring and bus into the wireless network in the absence of designated routers. Therefore, direction of messages and data from the source to its destination cannot be controlled, hence, resulting in a lot of complications such as misunderstanding and confusions between the network users. In addition, there is no any back up router that has been installed in Rare Vintage Auto Parts Ltd company, hence there is no different instances of similar data that can be used in case the available data has developed some complications such as data manipulations either by the employees or the outsiders (Laurent et al., 2014).
Conclusion
Solution
i. Controlling communications between different departments within the company using multi-access networks. These networks can also be used to reduce unnecessary congestions within the company.
ii. Identifying designated and back-up routers, therefore, the data and information can be retrieved easily in case the available data has been corrupted (Laurent et al., 2014).
viii. Combining Different Network Cards Standards
Different standards, for example, 802.11b networking card and 802g card can be incorporated into the same network. Slow functionality of WEP encryption can result in lowering of performance of the 802.11g to the level of 802.11b. The rate of sending and receiving data in wireless network with different network cards is lowered. Although there are some of the advantages that are associated with combining of different network cards such as less costs are incurred by the company management while installing the network cards, but it can result in many complications in day-to-day business operations of the company (Teixeira, Silva, Leoni, Macedo & Nogueira, 2014).
Solutions
The company should adopt 802.11g network cards, therefore, increasing the speed of network connection. Also, it increases the speed of sending and receiving of data between various departments of the company. Although it’s a bit expensive to implement 802.11g network, but the performance of wireless network is enhanced and therefore, enabling the company to achieve its predetermined goals and objectives (Teixeira et al., 2014).
ix. Absence of enterprise backup and recovery management program.
There are many ways and methods that can be used to protect data and information against corruption and unauthorized access, for example, using antivirus solutions such as windows defender and Avira. However, data back-up is the best data protection mechanism. Data backup is very crucial in any business or an organization (Atluri& Tirumala, 2015).
Mitigation
i. Installation of data back-up servers for keeping important documents, for example, company’s financial information.
ii. Deployment of recovery soft wares, for example, Recuva and Puran file recovery to be used in retrieving data and information that has been corrupted or lost.
iii. The company should incorporate cloud storage mechanism by subscribing yearly to the cloud service providers, for example, Microsoft Azure and IBM cloud, hence, enhancing the security of data (Atluri& Tirumala, 2015).
Appropriate Counter Measures
1. Buying and Setting up of Checkpoints’ 730 Unified for Risk Management
This can assist in enhancing wireless security with a lot of ease and comfort. The Range Rare Vintage Auto Parts Ltd company need to adopt Checkpoint 730 hardware appliances UTMs alongsideother security soft wares. Regarding to some of the security soft wares that need to be installed alongside firewall systems, installation of Checkpoints’730 will be of great importance in enhancing wireless security in the company (Weiss, 2016).
References
Software Security Features
3Gbps firewall should be installed, therefore, enabling many users within the company to utilize wireless technology easily.
Incorporating Virtual Private Networks (VPN) alongside other tools such as firewall systems, hence enhancing network security.
Installing of checkpoint 730 to the wireless connections of the company. The entire checkpoint 730 system is quite cheap, for instance, $5662.00 only is required for its installation (Weiss, 2016).
2. Amazon Web Service Software
The company should adopt cloud storage mechanism. Cloud storage is associated with the process of storing data and information online. Then, this data and information can afterwards be accessed anytime when the need arises. In addition, cloud storage is very cheap, therefore, reducing costs of storing information and data. Only $17255.00 per year can be used by the company to migrate fully to this technology. There are many advantages of cloud computing technology (Wittig & Wittig, 2016).
Pros of Cloud Storage Technology
1. It is very cheap as compared to other methods of storing data, for instance, the company cannot incur costs of purchasing its own server as its provided by cloudservice providers.
2. There is no need of deploying security mechanism techniques as it’s taken care of by cloud service providers, for example, encryption of data and information, thus reducing the costs that are incurred by the company to protect its data against attacks.
3. It requires less space as compared to other methods of storing data, for example, external hard disks, hence it’s a very convenient method that should be adopted by the company (Wittig & Wittig, 2016).
Implementation of Software and Hardware Security Features.
Adopting of Latest Networking Trends Policies
The company should adopt latest policies in networking field such as Bring Your Own Device (BYOD) policy. There should be laws that must be formulated to govern all the company infrastructures such as computers alongside private resources of company employees, for example, laptops and mobile phones (Bharadwaj, 2016).
Privacy of Company and Employees’ Information and Data
The management of Rare Vintage Auto Ltd company should respect data and information of its employees that have been stored in company’s database. Similarly, employees have an obligation of respecting data and information of the company. Therefore, the company need to implement access control mechanisms, for example, network passwords as one of the ways on which the security of data and information within a wireless network can be enhanced (Terzi, D, Terzi, R, &Sagiroglu, 2015).
Acceptable Use
In BYOD policy, the employeesof Rare Vintage Auto Ltd company should access freely some of the data and information about the company such as goals and objectives of the company alongside day-to-day business schedules (Afreen, 2014). This information and data can be accessed using the following employees’ devices; laptops, mobile phones and computers. However, the following uses of personal devises must be prohibited and declared illegal by company management:
Chatting on social media sites, for example, Facebook and Instagram.
Sharing of illicit information about the company through the social media.
Storing company’s data and information unless directed by company’s management.
Operating other businesses apart from Rare Vintage Auto Ltd company.
Interfering with other employees’ work through sharing sexual information to them (Afreen, 2014).
The following guidelines should be followed while accessing company’s network using personal devices.
Employees’ devices such as laptops and mobile phones should have a stronger password. For instance, the password should contain the minimum of 7 characters. In addition, characters must consist of the following; symbols, letters and numbers.
The IT personnel must update employees’ devices after every 90 days regarding to log in credentials of the company wireless network.
Mobile phones that are operating on android operating system will not be configured.
iPhone and iPad whose firmware have been modified will not be considered.
Access to the company’s data and information will be prohibited unless permitted by the owner of the company (Afreen, 2014).
The following are some of the ways on which employees’ devices will be disconnected completely from accessing company’s wireless network.
i. Terminating of employees’ contract following some agreements between company management and the company.
ii. When some malicious files have been detected in company’s wireless network.
iii. When the employee has sold his/her device, for example, mobile phone to another person (Afreen, 2014).
References
Alshenqeeti, H. (2014). Interviewing as a data collection method: A critical review. English Linguistics Research, 3(1), 39.
Atluri, R., & Tirumala, A. S. (2015). U.S. Patent No. 9,098,455. Washington, DC: U.S. Patent and Trademark Office.
Afreen, R. (2014). Bring your own device (BYOD) in higher education: opportunities and challenges. International Journal of Emerging Trends & Technology in Computer Science, 3(1), 233-236.
Asuncion, A., & Guadalupe, B. (2017). Wired Equivalent Privacy (WEP).
Bharadwaj, A. (2016). Safeguarding confidential business information is not anti-competitive.
Do, J. Y., Moeglein, M., Gao, W., & Zhang, G. (2017). U.S. Patent No. 9,736,649. Washington, DC: U.S. Patent and Trademark Office.
Garba, A. B., Armarego, J., & Murray, D. (2015). A policy-based framework for managing information security and privacy risks in BYOD environments. International Journal of Emerging Trends & Technology in Computer Science, 4(2), 189-98.
Islam, S. R., Avazov, N., Dobre, O. A., & Kwak, K. S. (2017). Power-domain non-orthogonal multiple access (NOMA) in 5G systems: Potentials and challenges. IEEE Communications Surveys & Tutorials, 19(2), 721-742.
Johnston, M. P. (2017). Secondary data analysis: A method of which the time has come. Qualitative and quantitative methods in libraries, 3(3), 619-626.
Klein, O., &Barbash, J. (2018). U.S. Patent Application No. 15/127,098.
Laurent, D. M. S., Miner, D. M., Boltz, D. T., Ostrom, C. D., &Wasden, M. B. (2014). U.S. Patent No. 8,724,635. Washington, DC: U.S. Patent and Trademark Office.
Navarro, P. J., & Cho, S. H. (2016). Flight Testing, Data Collection, and System Identification of a Multicopter UAV.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Paczkowski, L. W., Parsel, W. M., Persson, C. J., &Schlesener, M. C. (2016). U.S. Patent No. 9,374,363. Washington, DC: U.S. Patent and Trademark Office. -rules
Suen, H. K., &Ary, D. (2014). Analyzing quantitative behavioral observation data. psychology press.
Teixeira, F. A., e Silva, V. F., Leoni, J. L., Macedo, D. F., & Nogueira, J. M. (2014). Vehicular networks using the ieee 802.11 p standard: An experimental analysis. Vehicular Communications, 1(2), 91-96.
Terzi, D. S., Terzi, R., &Sagiroglu, S. (2015, December). A survey on security and privacy issues in big data. In Internet Technology and Secured Transactions (ICITST), 2015 10th International Conference for (pp. 202-207). IEEE.
Vershkov, I., Goldenberg, D., Zahavi, E., Crupnicoff, D., &Lipshteyn, M. (2016). U.S. Patent No. 9,385,949. Washington, DC: U.S. Patent and Trademark Office.
Williams, B. O., Lohner, M. K., Harmon, K., & Bower, J. (2015). U.S. Patent Application No. 14/558,536.
Weiss, K. P. (2016). U.S. Patent Application No. 15/241,869.
Wittig, M., & Wittig, A. (2016). Amazon web services in action(p. 424). Manning.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
