Page 105 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 105

Unit 7: Network Security




             audit networks, processes, people and technology that form an integral part of information  Notes
             systems of companies, at a rate that may be prescribed by Cert-in.
             “We may fix the man day rate, but there will be enough flexibility.

             For instance, much would depend on the size of the network that is to be audited and
             hence the rates would be a function of the number of man days as well as the size of the
             network to be assessed,” sources said.
             The bidding process would comprise two rounds, technical and financial. All the companies
             that qualify in the technical bid round would be asked to make financial bids.

             “The companies which qualify will be expected to match the lowest bid quoted by any
             player in the financial round,” they pointed out.
             He said the auditors would identify weaknesses in a network but clarified that the firms
             would not offer advisory services.
             This would ensure that the auditing and consulting functions are not mixed up, sources
             said.
             CERT-in was constituted in January last year to tackle any possible  hacking or  virus
             attacks on the information systems including the country’s vital networks such as power,
             railways, aviation and defence. It provides reactive and proactive services to enhance
             cyber security.

          Source:  http://www.thehindubusinessline.in/2005/02/07/stories/2005020701351300.htm

          7.6 Summary


              A network is simply a collection of computers or other hardware devices that are connected
               together, either physically or logically, using special hardware and  software, to allow
               them to exchange information and cooperate.

              Networks that connect computers lying within a small distance (such as a room, or within
               a building) from each other are called Local Area Networks (LANs).
              A wide area network connects computers which are very remotely placed. It may connect
               across the countries or continents or the entire globe.
              MAN is a network that interconnects users with computer resources in a geographical
               area larger than that covered by even a large local area network (LAN) but smaller than
               the area covered by a wide area network (WAN).

              Securing network  infrastructure is like securing possible entry  points of attacks on  a
               country by deploying appropriate defense.
              Network security consists of the provisions made  in an underlying computer network
               infrastructure, policies adopted by the network administrator to protect the network and
               the network-accessible resources from unauthorized access and consistent and continuous
               monitoring and measurement of its effectiveness (lack) combined together.
              Trusted networks are defined as “the networks within your security boundary, and are
               typically the networks you are trying to defend.”

              Untrusted network is considered as “the networks external your security perimeter.
              To avoid highly injurious “superworms” or hackers by means of unknown or unpatched
               exploits, unusual solutions are required that are intended to avert and react to unknown
               attacks, instead of known attacks.



                                           LOVELY PROFESSIONAL UNIVERSITY                                   99
   100   101   102   103   104   105   106   107   108   109   110