Cryptography and Network Security

Verified

Added on  2020/04/01

|18
|4309
|40
AI Summary
This assignment delves into the crucial aspects of network security, encompassing cryptography, secure communication protocols, cloud computing challenges, and the unique security considerations of the Internet of Things (IoT). It draws upon various sources to provide a detailed understanding of these topics, highlighting their importance in today's interconnected world.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: PROFESSIONAL SKILLS FOR INFORMATION & COMMUNICATION
Unit code and name
Assessment number
Professional Skills for Information and Communication Technology
Assessment due date
Word count (actual)
--------------------------------------------------------------------------------------------------
Student name
Student number
E-mail address
Campus lecturer/tutor
Unit Coordinator

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
Executive Summary
The business report focuses on the issues of network security that enables an organization to
protect all the crucial data of the company. In this report, some suggestions of three network
security applications are highlighted that provide an opportunity for business growth.
Confidentiality, integrity and availability are three building components of network security. In
recent times, all the business incorporates computer technology and many businesses opted for
online business that requires an IT support. In such cases, the importance of network security can
be witnesses. Such technology that is used in recent times are Cloud Access Security Brokers,
Endpoint detection and response (EDR), Indicators of Compromise (IOC) and Intelligence-
driven security operations centers (ISOCs). In this report the three applications that are selected
for implementing in the business are Authentication Application (Kerberos), Web Security
Standards (SSL/TLS)- Citrix NetScaler Solution and Wire Shark. All these applications provide
security to the web services so that all the details can be secured from any breaches of data.
Document Page
2PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
Table of Contents
1.0 Introduction................................................................................................................................3
2.0 Discussion..................................................................................................................................5
2.1 Concept of information or network security..........................................................................5
2.2 Three information/network security applications currently in the market and their uses.....6
2.2.1 Authentication Application (Kerberos)..........................................................................6
2.2.2 Web Security Standards (SSL/TLS)- Citrix NetScaler Solution....................................7
2.2.3 Wire Shark......................................................................................................................8
2.3 Success/failure factors...........................................................................................................9
2.3.1 Authentication Application (Kerberos)..........................................................................9
2.3.2 Web Security Standards (SSL/TLS)- Citrix NetScaler Solution....................................9
2.3.3 WireShark.....................................................................................................................10
2.4 Proposal how these applications can expand organization in the next five years...............10
2.5 Whether the organization should focus on customizing off-the-shelf applications or
develop products in-house to provide the ongoing security maintenance services to client
organizations..............................................................................................................................11
3.0 Conclusion...............................................................................................................................14
4.0 Recommendation.....................................................................................................................14
5.0 Reference List..........................................................................................................................15
Document Page
3PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
1.0 Introduction
Data and information are important for any business and it represent confidential details
regarding the company. In Australia, the communication and energy sector are leads in having
the most compromised systems; while, in terms of DDoS activity, the communication sectors
and financial sectors are the highest (Australian Cyber Security Centre 2017). However, all the
sectors in Australia are suffered from network security attacks and mining and resource sectors
suffered from highest number of spam and malicious e-mails (Australian Cyber Security Centre.,
2017).
Image 1: Sectors with compromised systems in Australia
(Source: Australian Cyber Security Centre, 2017)
Moreover, the network security also illustrates the problem of cybercrime and
procurement fraud that is also growing tremendously in Australia according to the PwC’s 2016
Global Economic Crime Survey (Perlman et al., 2016).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
Image 2: Global Economic Crime Survey 2016
(Source: Global Economic Crime Survey 2016 2017)
Kahate (2013) moreover stated that data security in network should be accomplished as
there is always a threat from hackers to hack all the crucial details of the company and utilize the
same for unethical purpose. Thus, every organization needs to develop network data security in
order to prevent industry sabotage and espionage of the important data. In this business report,
the concept of information/network security will be illustrated along with three recent demands
of network security applications adopted by organizations. In addition to that, the pros and cons
of these applications and a proposal for implementing these applications for the next five years
will also be presented. Lastly, discussion on whether to adapt customizing off-the-shelf
applications or developing products in-house for security maintenance services will also be
given.
Document Page
5PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
2.0 Discussion
2.1 Concept of information or network security
In this era of technology almost every work is accomplished through computers,
machines and technological innovations. Tankard (2012) also depicts that computers are also
used for the purpose of information security and trust in systems apart from completing the work
fast and accurately. The terms information security can be describes through three concepts-
confidentiality, integrity and availability (Kahate, 2013).
Image 3: Information Security
(Source: Global Economic Crime Survey 2016 2017)
Manshaei et al. (2013) describes that the attainment of control for accessing the
information from one system is known as confidentiality. Moreover, the assurance of
transformation of information and programs in authorized manner is termed as integrity;
whereas, assurance that only authorized members have the accessibility of information and
Document Page
6PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
resources is known as availability (Schneider 2012). Many organizations also develop security
policy for the purpose of protection responsibilities, information values and organizational
commitment (Tankard, 2012).
In recent times, the security comes with the solutions of cloud as there are huge data for
each single entity (organization). Yu et al. (2012) highlighted that cloud technology not only
allows storing significant number of data but it also provide the chance to manipulate the data
easily without redundancy. Cloud Access Security Brokers is the recent technology that provides
Service (SaaS) apps to offer visibility and control options (Gonzalez et al. 2012). Endpoint
detection and response (EDR) solutions is also a new technology that allows detection of
security breaches and respond quickly so that accurate solutions can be incorporated (Mell,
2012). EDR is also combined with Indicators of Compromise (IOC) which also used to identify
the network breaches at the initial stage. Another technology that is based on detection and
response paradigm is Intelligence-driven security operations centers (ISOCs) that use the
context-aware components to offer an adaptive architecture (Yu et al., 2012). In addition to that,
the Remote Browser is used for to protect the e-mails from malicious messages and attacks.
2.2 Three information/network security applications currently in the market and their uses
The three network security applications that can be used by an organization are-
authentication application (Kerberos), Web Security Standards (SSL/TLS) and e-mail and IP
security (Kahate, 2013).
2.2.1 Authentication Application (Kerberos)
The authentication application “Kerberos”, the database of the clients are protected
through private keys and the users register their preferred secret keys with Kerberos.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
Schrittwieser et al. (2012) sated that this concept is closely related to the data encryption and the
Kerberos shared a session key and then forwards it to the clients and servers for message
encryption. The success of this application is Kerberos Version 5 (Stallings & Brown, 2012). In
this case, client requests for a ticket granting service from the application, which then transferred
the ticket to the clients and encrypted the ticket by following client’s secret key. The issued
ticket is then used by the server in order to evaluate whether or not it is the same client to whom
the ticket is issued. Perlman et al. (2016) highlight that the ticket is used as many times till it
expires. The client presents the ticket to the server with client’s name, timestamp and encrypted
session key that are also referred as authenticator.
2.2.2 Web Security Standards (SSL/TLS)- Citrix NetScaler Solution
Fahl et al. (2012) depicts that there are some risks and treats based on locations and type
of attacks. The risk may arise in server or client network that is then known as system security
and the risk may arise in terms of network traffic that is referred as web security. Additionally,
there are two types of attacks- passive attacks and active attacks. (Hodges et al., 2012) describes
that passive attacks illustrates the accessing the traffic between server and browser. This attacks
also denotes the accessing the crucial data and information on a website. In addition to that, the
active attacks also referred to the situation where one person impersonating another user, alters
information on a website and altering message in traffic. In order to overcome this adversity the
application that is used is Netscape that originates the Secure Socket Layer (SSL). Raza et al.
(2014) highlighted that the SSL also evaluates the concept of connections and sessions. Perlman
et al. (2016) stated that SSL only offer data encryption between SSL and TLS enabled mail
servers.
Document Page
8PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
Image: Message transfer by using Web Security Standards
(Source: Perlman et al. (2016)
A connection offers suitable types of services; whereas, the session is considered as
association between the server and a client. This application offer secure communication over the
internet and the major functions of this application are- client authentication, data encryption
and data integrity checks.
2.2.3 Wire Shark
Wireshark is an application that is use to capture, filter and inspect packets. This
application is also known as Ethereal. This application also protects the IP address of a website
from malicious attacks and is compatible with all kind of operating system like Linux, macOS,
BSD, Solaris, Microsoft Windows and Unix-like operating systems. The major functionality that
this application performs are collecting data from live network connection or from a captured
already-captured packet and also from different networks like IEEE 802.11, PPP, and loopback.
Document Page
9PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
This allows them to detect any discrepancies in the initial stages. The IP address and data display
can be protected through display filters that detect intruder through their misconducts and
safeguard company’s website and business.
2.3 Success/failure factors
2.3.1 Authentication Application (Kerberos)
The prime advantage of this application is that it considered crucial details like client’s
name, timestamp and encrypted session key. This application also provides faster authentication
as it uses a unique ticketing system and only the matched tickets will allow permits by the
resource servers.
The disadvantage is that the ticket can be used more than once till expiry. This allow
hackers to access all the details if they jack the ticket before it expires.
2.3.2 Web Security Standards (SSL/TLS)- Citrix NetScaler Solution
The prime benefit is that all the organization’s members can communicate securely with
their own browsers. Another advantage that can be get from this kind of application is deep
inspection of the technology and SSL-encrypted traffic through bi-directional parsing and
analysis. Citrix NetScaler Solution provides protection for infrastructure and users and XML
protection that allows the organization to detecting and blocking common application threats.
However, the disadvantage that is related to this approach is that if a member sends a
message from unsecured (non-SSL) email systems, the message will no longer be a secured site
and will not be protected by SSL.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
2.3.3 WireShark
The prime advantage of Wireshark is that it provides security protocols to IP and DHCP
for leading companies like AppleTalk and BitTorrent. Another advantage is that since this
application is developed under an open source model it is easy to include new support tools
along with their each updates.
The disadvantage is that small organization or new online industry does not incorporate
such advance security system due to lack of budget and thus, these applications are not suitable
for such organization.
2.4 Proposal how these applications can expand organization in the next five years
The applications that have been mentioned will help in expanding of the business of the
organization. The small companies should always focus on the information technology
infrastructure. When the organization is generating revenue slowly they should have spent some
amount of money on the infrastructure of the organization so that the information technology
department can support the operation of the organization (Nguyen, Newby & Macaulay, 2015).
The relationship between information technology and operations is very important, as it
constitutes the business model. When the business of an organization grows information
technology infrastructure will have to be increased to make changes in the operations of the
organization. Therefore, the organization will require sophisticated software requirements, which
is more robust (Bollou, F. 2014). This will support the increase in the number of user
applications in the system so the new sophisticated network system that will help in protecting
the data and the user applications. In the coming years, the number of employees in the
organization will increase and so will the business clients. These network tools will provide
security to the organizational data and will help in managing multiple networks at a single time.
Document Page
11PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
During the expansion of the business, the transition of the business will be facilitated by the
expansion of the network security applications. The amount of data that has been stored in the
database of the organization will be huge so the organization will have to make that no data is
lost during the transition of the data. This can be maintained by including the above-mentioned
network tools which are necessary for keeping the various types of data in the organization safe
and secure.
This network security software is used by most of the multinational companies in the
market and the organization while providing solution to their clients. Therefore, by using these
software, the organization will be able to create a secure network for the clients which will help
in improving their reputation in the market. When the organization is able to fulfill the needs,
and wants of the organization then it will create opportunities to expand their business (Zhang &
Warner, 2017). The companies in the market will acknowledge the company as a viable option
for providing them with solutions. Thus, by including the network security tools, the
organization is able to enhance the quality of service they provide to the clients which will
definitely be a positive step towards the expansion of business and acquisition of more clients.
2.5 Whether the organization should focus on customizing off-the-shelf applications or
develop products in-house to provide the ongoing security maintenance services to client
organizations
The needs of the various business organization vary depending upon their magnitude.
The application required for the larger organization will be different from that of the small-scale
organizations. Similarly, the application will depend on the industry and the operational process
of the organization. The application sued for the manufacturing industry will be completely
different from that of the retail industry. The companies in the market will making the
Document Page
12PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
applications on the basis of the business model of their respective organizations. The
organization in today’s world are trying to improve their business process using integration
which may provide them with competitive advantage in the market (Jolly et al., 2015). The
clients will have to identify the right software required for their organization so it is the duty of
the vendor to provide the organization with a proper guidance which will help them to
understand their requirements. This will help to identify the type of software which will be
feasible for the operations in the organization.
The off the shelf software have lower cost at an upfront level and contains a lot of
features most of which is not required by the organization. This software includes support and
can contain maintenance contracts. The upgrades of this software are available for free or at a
lower cost than the other products (Morrow, 2016). Moreover, when it is used as software as a
service the installation cost is even more low as it does not contain any hardware. The products
that are made at an inhouse level will consist of the minimum requirements of the clients and
other requirements can be added to the software according to the needs of the clients. This
software is tailor made which consist of the exact need of the consumer and changes can be
made in this system very easily. However, the initial cost of the setting up this software is high
and all the extra requirements will be billable and will increase the overall cost of setting up the
software. The in-house product is custom made and will consist of the additional cost as it is
specific to the organization only (Sekowski & Gibbons, 2016). However, the immediate needs
and the long-term goals of the organization are two important aspect which has to be taken in to
account as balancing both the aspect will be crucial for the clients. However, the organization
will have to look in to the needs of the client to identify which type will be better for the client.
There are some organization who may require a lot of features so in that scenario it is advisable

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
to use the off the shelf products as the cost will be low and the delivery can be made at a faster
rate. However, as most of the clients are of smaller magnitude and consist of small and medium
scale industry then it will be best if they provide the organization with in house products. Thus, it
can be concluded that in house product will be the best option for the organization as it will help
them to provide a better quality of service (Kruger, Abu-Mahfouz & Hancke, 2015).
Document Page
14PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
3.0 Conclusion
In this business report, it is concluded that the information security can be described
through three concepts- confidentiality, integrity and availability. This security is necessary so
that an organization can securely transmit their details and message with their employees.
However, in recent times, hackers and IT intruders hacks all the authentications and access to the
company’s useful information. Such technologies for network security in recent times are Cloud
Access Security Brokers, Endpoint detection and response (EDR), Indicators of Compromise
(IOC) and Intelligence-driven security operations centers (ISOCs). However, in this buiness
report the three application that is taken into consideration are- Authentication Application
(Kerberos), Web Security Standards (SSL/TLS)- Citrix NetScaler Solution and Wire Shark.
In addition to that, it is also concluded that all these application uses unique tools not
only for securing the website from hackers but these application also determines discrepancies in
the initial stages. Moreover, all the small business organizations or entities need IT process to
support their business approaches. Thus, implementing these tools will helps all the
organizations especially the inline business as all their business processes will be accomplished
through online services and websites. This will provide the enterprises the opportunity to grow.
4.0 Recommendation
Thus, it is recommended that the organization should make use of the network security
software to expand the business of the organization. The organization will have to provide in
house software as a means of solution to their clients which will help them in providing better
service than before.
Document Page
15PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
5.0 Reference List
Australian Cyber Security Centre. (2017). Australian Cyber Security Centre. [online] Available
at: https://www.acsc.gov.au/publications/ACSC_Threat_Report_2016. [Accessed 19
Sep. 2017].
Bollou, F. (2014). ICT infrastructure expansion in sub-Saharan Africa: An analysis of six West
African countries from 1995 to 2002. In Advances in Research Methods for Information
Systems Research (pp. 151-164). Springer US.
Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., & Smith, M. (2012,
October). Why Eve and Mallory love Android: An analysis of Android SSL (in) security.
In Proceedings of the 2012 ACM conference on Computer and communications security
(pp. 50-61). ACM.
Global Economic Crime Survey 2016. (2017). Global Economic Crime Survey 2016. [online]
Available at: https://www.pwc.com/gx/en/services/advisory/forensics/economic-crime-
survey.html [Accessed 19 Sep. 2017].
Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Näslund, M., & Pourzandi,
M. (2012). A quantitative analysis of current security concerns and solutions for cloud
computing. Journal of Cloud Computing: Advances, Systems and Applications, 1(1), 11.
Hodges, J., Jackson, C., & Barth, A. (2012). Http strict transport security (hsts) (No. RFC 6797).
Jolly, R., Ahmed, K. B. R., Zwickl, C., Watson, I., & Gombar, V. (2015). An evaluation of in-
house and off-the-shelf in silico models: implications on guidance for mutagenicity
assessment. Regulatory Toxicology and Pharmacology, 71(3), 388-397.
Kahate, A. (2013). Cryptography and network security. Tata McGraw-Hill Education.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
16PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
Kruger, C. P., Abu-Mahfouz, A. M., & Hancke, G. P. (2015, March). Rapid prototyping of a
wireless sensor network gateway for the internet of things using off-the-shelf
components. In Industrial Technology (ICIT), 2015 IEEE International Conference
on (pp. 1926-1931). IEEE.
Manshaei, M. H., Zhu, Q., Alpcan, T., Bacşar, T., & Hubaux, J. P. (2013). Game theory meets
network security and privacy. ACM Computing Surveys (CSUR), 45(3), 25.
Mell, P. (2012). What's special about cloud security?. IT Professional, 14(4), 6-8.
Morrow, K. J. (2016). Upstream Tools Hasten Product Development.
Nguyen, T. H., Newby, M., & Macaulay, M. J. (2015). Information technology adoption in small
business: Confirmation of a proposed framework. Journal of Small Business
Management, 53(1), 207-227.
Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a
public world. Pearson Education India.
Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a
public world. Pearson Education India.
Raza, S., Duquennoy, S., Höglund, J., Roedig, U., & Voigt, T. (2014). Secure communication for
the Internet of Things—a comparison of linklayer security and IPsec for 6LoWPAN.
Security and Communication Networks, 7(12), 2654-2668.
Schneider, D. (2012). The state of network security. Network Security, 2012(2), 14-20.
Schrittwieser, S., Frühwirt, P., Kieseberg, P., Leithner, M., Mulazzani, M., Huber, M., & Weippl,
E. R. (2012, February). Guess Who's Texting You? Evaluating the Security of
Smartphone Messaging Applications. In NDSS.
Document Page
17PROFESSIONAL SKILLS FOR INFORMATION AND COMMUNICATION TECHNOLOGY
Sekowski, J., & Gibbons, J. (2016). Evaluation of US Commercial-Off-the-Shelf Hand-Held
Assays to Detect Opiate Pain Reliever Compounds in Multiple Biofluids. ECBC Aberdeen
Proving Ground United States.
Stallings, W., & Brown, L. (2012). Computer security. Principles and practice (2 nd ed).
Edinburgh Gate: Pearson education limited.
Tankard, C. (2012). Big data security. Network security, 2012(7), 5-8.’
Yu, H., Powell, N., Stembridge, D., & Yuan, X. (2012, March). Cloud computing and security
challenges. In Proceedings of the 50th Annual Southeast Regional Conference (pp. 298-
302). ACM.
Zhang, X., & Warner, M. E. (2017). Business retention and expansion and business clusters–A
comprehensive approach to community development. Community Development, 48(2),
170-186.
1 out of 18
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]