Surveillance Security - Report Example

Surveillance Security The report is about the implementation of surveillance security of Click Mobile Phones Ltd. As the company has faced some damages in the past due to insufficient security techniques, this report presents some recommendations to the director of the company to ensure physical and network security. An introduction is given along with the types of threats that the company may face. Then, physical infrastructure has been discussed with suggestions about surveillance security. User authentication and access control policy has been taken into account. Then, network policy has been discussed and recommendations have been given to stop malicious network traffic and intrusion. Business continuity policy has been discussed. Cost of recommended items has been stated along with installation charges. 2. Introduction The company, 1-Click Mobile Phones Ltd. which is a mobile phone mail order sales and repairs company based in the West Midlands (United Kingdom), needs physical surveillance and information security to ensure the security of workforce, system devices and equipment, resources, documents and sensitive information stored on physical media (like hardware programs and networks) from damaging proceedings like unauthorized access, fire, espionage, burglary, theft, vandalism, accidental loss or intentional crime that could cause severe harm to an activity or to the whole company. The security of hardware has to be made sure alongwith the guarantee that the servers are running smoothly and have internet access. 2.1. Types of Security Threats As 1-Click Mobile Phones Ltd. is setting up its fresh network, the workforce needs to take into account security threats that the network may face. Some of the major computer security threats the company may face include theft, fraud, backdoor, DoS (Denial of Service) attacks, data flood, malicious code, document grinding, and enumeration. Employees need to know that frauds, like gaining access to computers that control access to important resources as inventory systems and financial accounts, are more likely to be attempted by authorized persons who are also referred to as insiders and the situation is called employee sabotage (Bogue 2003). Network security threats include malware, anti-DNS pinning, banner grabbing, backjacking, hacking, land attack, blue boxing and domain hijacking. Company’s physical security also deals with environmental threats that include fire, windstorms, rainstorms, snowstorms, torrents, tornados, lightning, roof leaks, very high or very low temperature, heavy dust, earthquakes and moisture which can harm the computer system or network at a very high level. The company may also face electrical threats that include sudden surges or spikes in the power supply or voltage, congested electrical outlets, blackout and brownout. Business continuity plan is also discussed in this paper so that the company may be able to continue its business activities in all natural and manmade disasters like political threats such as violence, bomb blasts, strikes, surveillance, and so on. As the location of the company is by the riverside, the danger of flooding rises and thus the need for an effective business continuity policy is felt strongly. 3. Physical Infrastructure Policy As the company’s offices are located in techno-park near the riverside and the place becomes quite deserted after office hours, the risk of physical break-in increases. Here, we discuss the recommendations for the company’s personnel as to what steps they can take to secure the company physically. The company needs to make sure that the enemy does not get access to the computer system (routers, control boards, servers, electronic components). Physical security may start from as little a thing as locking the doors and windows and using security systems like burglar alarms, video surveillance system and security cameras with automatic log footage. CCTV systems should be placed on ground floor to keep a check on warehouse and stocks and the network communication office and on first floor in the finance and credit control offices. The director’s office on first floor must also have a video camera that would enable him to keep an eye on his employees. All entry and exit points of the building, where the sensitive network has been secured, should have properly armed physical security guards and intrusion detection system like explosive detectors, scanners and mobile jammers (Rao 2007). The company must look for devices that lock the computer cases to desks and lock the disk drives and the CPU as well. There are alarms and cable-type case locks that prevent a foreign electronic component to get attached to the system. Furthermore, the system must be password protected. If the system has been logged on by the authorized person, then he should never leave the system logged on before going for a break. Power supply must be secured by applying surge protectors on the power supply or by using devices like uninterruptible power supply (UPS) which are charged by the power main. Moreover, as there is great risk of flooding in the area the company is located in, there should be a flood alarm system to signal the personnel in case there is risk of flood. 3.1. Cost (Pounds) Item Name Item Price Installation Charges Total Cost Security Alarm 500 200 700 Night Vision Security Camera 5000 2500 7500 CCTV Waterproof Camera 6000 1000 7000 Computer Case Locks 450 100 550 UPS 500 200 700 Flood Alarm System 2000 500 2500 4. User Access Control & Authentication Policy The director of 1-Click Mobile Phones Ltd. wanted access control implemented in the network, that is, he wanted that the physical and electronic access to the network traffic should only and only be granted to authorized persons. For controlling the access physically, the company must use card key system or human security to eliminate the risk of unauthorized access. With the help of this card key system, each employee can be recognized separately. Surveillance system should be present in the network communication room at ground floor in order to capture images of whoever comes in the room and uses the system. For electronic access control, the network must be protected using logins and passwords so that no one is allowed to visit unauthorized websites. Passwords should be long enough with a mix of letters and numbers. It is important to use unusual passwords and not to use a same password for all applications because if one account gets cracked, all get cracked. Cookies must be cleared after using internet or using websites where passwords are used (Boyer 2008). It is recommended to implement password protection system that places passwords on executable program files and the administrator can specify the time the network can be accessed along with the feature of encryption/scrambling to protect the data from the outsiders. The policy includes user rights and group policy which does not allow anyone to access the network after office hours. It is important to hold sessions with employees to let them know the authentication policy. 4.1. Cost (Pounds) Item Name Item Price Installation Charges Total Cost Card Key System 2000 500 2500 Password Protection System 500 250 750 5. Network Policy As it is a mail order company, the main concern is about network intrusion through hacking and viruses via email attachments and unauthorized websites. Although there is basic firewall protection being implemented by the company, still there is need for sophisticated IDS (Intrusion Detection System) in order to eliminate the risks of identity theft, online fraud, DoS (Denial of Service) attacks, malicious code, malware, anti-DNS pinning or domain hijacking. Network intrusion can be detected by keeping a strict check on proper configuration, management and monitoring of the firewall settings, intrusion detection system’s logs, anti-virus upgrades and anti-spyware softwares. It is important to frequently review all routers and DNS servers to make sure that firewall settings have been applied to the whole network. Firewall must be scanned through a vulnerability scanner to make sure that it only allows the pre-defined and requisite actions and services to pass through. Establishing a Virtual Private Network (VPN) is a good suggestion to protect the network from getting intruded and to reduce the security breach. I would suggest the technical staff to install Norton Anti-virus software and ZoneAlarm PRO Firewall 2010 which is the best IDS softwares. To ensure wireless security, it is important to have respective service packs installed in the PCs. A service pack is “a service pack is a collection of updates and fixes” that should accompany with the operating system (Fisher 2010). If they have Windows Vista operating system, then they must install Windows Vista Service Pack 1. Similarly, for Windows XP, they should install Windows XP Service Pack 3. The main purpose of service packs is that they help from security breaches like network intrusion, viruses, Trojan horses, and etcetera. IDS that I would recommend to secure wireless network are SSID (Security Set Identifier). 5.1. Cost (Pounds) Item Name Item Price Installation Charges Total Cost Anti-virus Software 50 5 55 Firewall 60 5 65 Intrusion Detection System 1000 500 1500 Service Packs CD 20 5 25 6. Business Continuity Policy 1-Click Mobile Phones Ltd.’s ground floor had been subject to damage once due to flood arising from the river. Thus the company is very concerned about its business continuity in case a physical threat like flood, fire, theft, sabotage, electric breakdown, earthquake, and etcetera, may occur. There can be political threats too which may result in vandalism, physical destruction or closing of the offices for an unlimited time period. Hence, the business continuity plan must include fire alarms and extinguishers, flood alarm system and a weather forecast tool. Plus, there should be a catastrophe recovery plan made ahead of time which should tell what to do in case of emergency and how to recover. Another important technique the company must use is to make backups of files containing important data. This way, one will always have a copy of the information that is lost. Doing so also helps in identifying the crucial information that will be at threat and thus one can carry out necessary steps to restore the information to a certain level. The company must have a complete backup kept in some other secure place. Moreover, in case the disaster destroys the whole place, the high authorities of the company should always have a second place in mind where they should move and carry on the business with no time wasted. Staff must also be trained as to what actions to take in emergencies. Every worker must know his role beforehand so that there is no confusion when the unfortunate event occurs. 6.1. Cost (Pounds) Item Name Item Price Installation Charges Total Cost Weather Forecast Tool 100 15 115 Fire Alarm 200 50 250 Fire Extinguisher 50 10 60 Second Option for where to move 1000 500 1500 7. Total Expenditure The total sum of all items that I recommended in the whole paper to secure the business and its network equals to 25,770 pounds. 8. Summary To sum up, physical infrastructure of 1-Click needs surveillance system both at the ground and the first floor. CCTV video cameras, fire alarms and flood sensors are a must to save the building and the network from manmade and natural disasters. Access control should be implemented both at the physical level and at the electronic level. Network must be secured using passwords that should be unique. Surveillance should also be present in the network communication room to keep check on whoever uses the network. Firewalls, anti-virus softwares and intrusion detection systems must be properly configured and implemented. The officials should be mentally prepared for natural disasters and should keep a complete backup of records at another secure place. A second option should always be there about where to shift in case whole building and all resources gets damaged. 9. Conclusion To sum up, surveillance security has become vital in today’s world of catastrophic events which occur due to human error and the environment. It is very important to identify physical threats that could tamper with the network system so that measures could be taken accordingly. If physical security is not given consideration, it can result in irreversible damage to the whole organization. The computer systems today, thanks to the precious information stored on them, have become more prone than ever before to physical attacks like data theft, copying and selling of information, hacking and viruses. 1-Click Mobile Phones Ltd. is also concerned about these issues for which I recommended some items and surveillance systems which will ensure complete security of the company. References Bogue, R 2003, ‘What is physical security?’, Lock IT Down: Dont Overlook Physical Security On Your Network, viewed 11 December 2010, Boyer, A2008, ‘Passwords and Pins’, The Online Identity Theft Prevention Kit: Stop Scammers, Hackers, and Identity Thieves from Ruining Your Life, Atlantic Publishing Company, USA. Fisher, T 2010, ‘Service pack’, About.com: PC Support, viewed 12 May 2010, Rao, S 2007, ‘Physical & environmental controls for building premises’, Physical Security, viewed 11 May 2010, Read More