Order Now
Uncategorized

Network Security Of Data Access: IT Security Problems And Solutions

12 min read
Posted on 
April 25th, 2025
Home Uncategorized Network Security Of Data Access: IT Security Problems And Solutions

Discussion

Network security is the proper authorization of data access within any specific network that is significantly controlled or managed by the administrator of network. The typical users are given an identification code as well as a password, which enables them in accessing the sensitive data, information or even programs in the authority (Pathan 2016). Any type of unwanted intrusion is prevented by this network security. The following report will be providing a detailed description communication as well as network security for a particular organization in the given scenario. The several IT security risks such as breaching of data, phishing, DDoS attacks and several others with their mitigation plans will be described here.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

IT or information technology security can be defined as the collection of several strategies that are used to manage the tools, policies and processes for the purpose of preventing, detecting, countering and documenting the threats or risks for the digital as well as non digital information (Stallings 2017). The information technology security mainly involves the establishment of the collection of business processes, which would be protecting the confidential information assets, not knowing how much that information is being formatted or is being processed (See Appendix A). Whenever, any type of problem occurs within the information technology security, it is termed as IT security problem. There are several types of attacks and risks that occur within the IT security and these risks become problems for the confidential information (Kahate 2013). Two types of attacks are possible in IT security, which are either accidental or is intentional.

In the year of 2011, one of the most famous cases of hacking took place, known as Comodo Certificate Authority Fraud Hack. This particular hacking made every computer system and network vulnerable and the IT engineers were concerned about their information and data security. The contractor maintained the networks of small business customers (Grimes 2018). For ensuring the privacy and security of financial data of the customers, proper security measures should be taken properly. The proposed security risks of the information technology after analysis of Comodo case study with their proposed solutions are given in the following paragraphs.

Comodo Certificate Authority Fraud Hack is considered as one of the most dangerous hacking cases that is registered in the cyber world. A hacker from Iran was accused of duping the specific certificate authority with the major purpose to issue the digital certificates for the unauthenticated as well as unauthorized parties (Grimes 2018). This hacker from Iran moved the certificates from Microsoft and Mozilla for removing Comodo, being the most trusted and authorized CA or certification authority. He took out the digital certificates for the significant websites of Google, Live.com, Skype and Yahoo.

Major IT Security Risks

This particular case study of fraud hacking, the various IT security threats that are extremely nefarious for the organizational data and information of the customers are given below:

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper
  1. i) Threats to Digital Certificates: The most dangerous security risk related to information technology is the specific threat to digital certificates. The attack of digital certificate occurred within the hacking case of the Comodo Certificate Fraud Hack (Perlman, Kaufman and Speciner 2016). The Iranian hacker has hacked and removed the digital certificates from the various popular websites like Google, Live.com, Skype and Yahoo. This type of certificate is responsible for allowing the organizations, persons or even systems for exchanging the confidential information in a safe and secured manner. The digital certificates take the help of PKI or public key infrastructure. The data is often lost by these certificates.
  2. ii) Breaching of Data: Another significant threat to the IT or information technology is the breaching of data (Rhodes-Ousley 2013). It is the specific kind of incident, where the confidential or sensitive data is disclosed within an unauthorized manner. These types of data mainly include PII data or the personally identifiable information or the other basic information. The most common data breaching exposures are for credit card number, corporate information, social security number, software source code and many more (Khan and Pathan 2013). The passwords of the computer networks are another significant type of data that are dangerous for the organization.

iii) Eavesdropping: The third significant and nefarious attack is the eavesdropping. This is considered as one of the most common and popular network security threat for any specific organization (Manshaei et al. 2013). The security threat of eavesdropping majorly states that listening to the private or num public communications as well as conversations by not taking any permission from the authenticated user. The eavesdropping security risk is both unethical as well as illegal for the cyber world. The network types can be easily hacked by eavesdropping. Often, the hacker does not change the confidential data by eavesdropping, however, in this manner, the confidentiality is lost. The VoIP or voice over internet protocols communication software is more threatening for the electronic eavesdropping mostly by the code injection like Trojan horses (Bikos and Sklavos 2013). The specific organization will be suffering from the various attacks, since all of these hackers and attackers can easily sneak into the network for accessing the confidential data.

  1. iv) Distributed Denial of Service Attacks: This is the fourth most popular and significant attack that occurs within any type of computer network (Cheminod, Durante and Valenzano 2013). The entire security system of the computer network gets shaken with this specific attack. The DoS or denial of service attack occurs within only one system, in which the attacker gets in for making the entire system completely unavailable for the authenticated users. This attacker does this particular activity by simply disruption of the systems in the connectivity of the Internet (Raw, Kumar and Singh 2013). The distributed denial of service attacks or the DDoS attacks is termed as the most dangerous attacks and the specific incoming network traffic is being flooded eventually by the hacker and by this data is stolen.
  2. v) Phishing: Phishing can be defined as the fraudulent activity that is done for the purpose of obtaining and accessing the sensitive information like usernames, passwords or even network data credentials (Hossain, Fotouhi and Hasan 2015). The various malicious activities of the phishing threat are eventually carried out only when the attacker acts as one of the most trustworthy and authenticated entity. The user does not get any idea that how his data is being hacked by the within electronic mails or other modes of electronic communications. Spoofing and instant messages are the most popular modes, how this phishing threat acts. The several users get directed by the hacker in entering into any fake website, or entering their details into that website or even clicking on a link (Scott-Hayward, O’Callaghan and Sezer 2013). This contractor should take phishing into account about the network security of his clients.

After properly analyzing the hacking case study of Comodo Certificate Authority Fraud Hack, some of the major security threats are being identified and these threats are required to be eradicated to perfectly maintain the integrity or confidentiality of data (Kumar, Jain and Barwal 2014). The few relevant solutions for these above mentioned security risks are given below:

  1. i) Solutions for Digital Certificate Threats: The major solution for the threats of digital certificates is by utilizing the most trusted certificate authorities within the websites (Zhao and Ge 2013). The CAs that is obtained from the public key infrastructure should be utilized in this case and hence the data is secured.
  2. ii) Solutions for Breaching of Data: The simplest solution for stopping data breaching is the use of passwords within the network. Passwords are considered as the most basic form of data security and should be used in every organization (White, Fisch and Pooch 2017). However, these passwords should be altered on a timely basis, so that the hacker does not get hold of the data.

iii) Solutions for Eavesdropping: Encryption deployment is the best solution for any type of eavesdropping security threat. It is the simplest procedure of encoding the sensitive information or message in such a manner that only the authenticated users could access them (Cheminod, Durante and Valenzano 2013). It is a process of lock and key, where the message is locked from the unauthorized access and only the correct key can open it. The plain message is transferred to cipher text in this process and thus is termed as the most secured method of protecting the data. This could easily stop eavesdropping (See Appendix B).

  1. iv) Solutions for DDoS Attacks: There are some of the most relevant solutions for the distributed denial of service attacks or DDoS attacks. A significant mitigation technique of this attack is present that helps to mitigate as well as restrict the overall impact of this attack (Khan and Pathan 2013). This mitigation technique is implemented in the respective network that is being attached to connectivity of Internet by a proper protection for the target network or for the relay network. The organization can appoint an IT engineer in this purpose to secure their computer network after a significant maintenance of the network and data.
  2. v) Solutions for Phishing: Implementing VPN within the organization can stop the security threat of phishing (Kahate 2013). The access of LAN connection is limited by the virtual private network and thus it has the capacity for stopping these fraudulent activities.

Conclusion

Therefore, conclusion could be easily drawn that the network security is the significant practice to prevent as well as protect a network from the unauthorized or unauthenticated intrusion and access. It can also be defined as the simple procedure of taking software and physical preventative measures for the purpose of protecting the underlying network infrastructures from malfunction, improper disclosure, unauthorized access, modifications or destruction. A secured and better platform is created for the users, programs and computers to perform the permitted critical functionalities in the most secured environment. Comodo Certificate Authority Fraud Hack is a popular case study, where several IT security risks have exploited the data. After analyzing this case, few risks are identified with their probable solutions to the network.

Relevant Solutions for the IT Security Risks

There are several risks that are vulnerable to the computer network of the organization. These risks can easily destruct the computer network and thus should be properly treated by undertaking several security measures. The most nefarious IT security threats are DDoS attacks, phishing, breaching of data, eavesdropping and various others. There are some of the recommendations that would be effective for the company and these are given below:

  1. i) Using Encryption on the WAP: The most important recommendation for this particular organization is using encryption on the wireless access points or WAPs. This would be extremely effective since the WPA2 encryption would be enabled by this. Thus, the confidentiality and integrity of data will be saved subsequently.
  2. ii) Changing the Passwords:  The specific passwords of the users’ networks should be changed in a specific time span for letting the attackers to not guess the password at any time and data will be safe.

iii) Hiding Off the SSD: SSD or service set identifier helps the attackers or hackers to guess the passwords easily and promptly. However, hiding this identifier would restrict this option in wireless networking and thus data are saved.

References

Bikos, A.N. and Sklavos, N., 2013. LTE/SAE Security Issues on 4G Wireless Networks. IEEE Security & Privacy, 11(2), pp.55-62.

Cheminod, M., Durante, L. and Valenzano, A., 2013. Review of security issues in industrial networks. IEEE Transactions on Industrial Informatics, 9(1), pp.277-293.

Grimes, R. 2018. The real security issue behind the Comodo hack. [online] CSO Online. Available at: https://www.csoonline.com/article/2623707/hacking/the-real-security-issue-behind-the-comodo-hack.html  [Accessed 25 Aug. 2018].

Hossain, M.M., Fotouhi, M. and Hasan, R., 2015, June. Towards an analysis of security issues, challenges, and open problems in the internet of things. In Services (SERVICES), 2015 IEEE World Congress on (pp. 21-28). IEEE.

Kahate, A., 2013. Cryptography and network security. Tata McGraw-Hill Education.

Khan, S. and Pathan, A.K., 2013. Wireless networks and security. Berlin: Springer.

Kumar, V., Jain, A. and Barwal, P.N., 2014. Wireless sensor networks: security issues, challenges and solutions. International Journal of Information and Computation Technology (IJICT), 4(8), pp.859-868.

Manshaei, M.H., Zhu, Q., Alpcan, T., Bac?ar, T. and Hubaux, J.P., 2013. Game theory meets network security and privacy. ACM Computing Surveys (CSUR), 45(3), p.25.

Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.

Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security: private communication in a public world. Pearson Education India.

Raw, R.S., Kumar, M. and Singh, N., 2013. Security challenges, issues and their solutions for VANET. International Journal of Network Security & Its Applications, 5(5), p.95.

Rhodes-Ousley, M., 2013. Information security: the complete reference. McGraw Hill Education.

Scott-Hayward, S., O’Callaghan, G. and Sezer, S., 2013, November. SDN security: A survey. In Future Networks and Services (SDN4FNS), 2013 IEEE SDN For (pp. 1-7). IEEE.

Stallings, W., 2017. Cryptography and network security: principles and practice (p. 743). Upper Saddle River, NJ: Pearson.

White, G.B., Fisch, E.A. and Pooch, U.W., 2017. Computer system and network security. CRC press.

Zhao, K. and Ge, L., 2013, December. A survey on the internet of things security. In Computational Intelligence and Security (CIS), 2013 9th International Conference on (pp. 663-667). IEEE.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now