Report: Security Concerns in IoT Device Communication Networks

Verified

Added on 2023/04/08

AI Summary

This report addresses the critical security concerns associated with Internet of Things (IoT) devices and networks. It focuses on the implementation of robust security measures to protect against potential threats and vulnerabilities. The report details the importance of endpoint hardening, including techniques to secure individual IoT devices, and the role of encryption in safeguarding data transmitted across networks. Furthermore, it explores the significance of Public Key Infrastructure (PKI) in establishing device trust and ensuring secure communication. The report also examines network security protocols, such as context-aware user authentication and access control mechanisms, and emphasizes the need for strong password policies and network-layer encryption to prevent unauthorized access. The information provided in this report is crucial for organizations seeking to leverage the benefits of IoT communications while maintaining a high level of data security and overall productivity. This report is a student contribution to Desklib, a platform providing AI-based study tools.

Running head: MANAGING SECURITY
MANAGING SECURITY
Name of the Student:
Name of the University:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1MANAGING SECURITY
Introduction
Maintaining the security and privacy of the network and cyberspace is important for any
organization. The management of the organization needs to take necessary steps for the
implementation of the security plan in the organization. The security of the company discussed
in this paper is XYZ organization. Recently, this organization has proposed to implement the
system that will help in the encryption and decryption of the message. Apart from that the
control of the connecting device is going to be implemented. This means while connecting the
device to the internet the authorization from the particular person is needed.
Discussion
XYZ Company has proposed two steps for ensuring the safety and security for the
organization. The organization is going to implement an encryption- decryption system to ensure
the integrity of data. On the other hand the control for connecting the device requires the
permission of authorized employees.
Implementation encryption- decryption system for maintain the integrity of data:
In order to implement the encryption and decryption system in the organization the
application of the requirements are needed to be done at the device application and network
application. In the network application this can be implemented through the RSA algorithm
(Meneses et al.,2016). On the other hand in order to implement the system in the device the
encoding-decoding mechanism is used. The messages are encrypted as a cipher text which is the
abstract form of the message. The encrypted data is sent to the IP address of the target system.
After getting approval from the sender, the receiver of the message can, read the plain text (Cao

2MANAGING SECURITY
et al.,2016). The encryption and decryption can be done through a single key. This is called
public key encryption.
The reason for using the public key encryption is that it will be helpful for the
organization to implement and easily manageable as only single key is used for encryption and
decryption purpose (Thakur et al., 2018). Apart from that, it has been seen that public key
encryption is kore secured than the private key encryption.
For securing the hardware access, username and password can be used. In this case, there
should be individual username for each users (Meneses et al., 2016). However, the password
would appeared in encrypted version. While putting the password it will appear in asterisk
format so that other person apart from the user cannot see the password.
Taking permission before connecting the device to the network:
Another initiative taken by the organization is to take permission of the authorized
employee before connecting the device to the internet. This will help to mitigate the possibility
of the unauthorized access in the system. Apart from that the monitoring of the activities of the
employee in the system can be detected (Aljawarneh & Yassein, 2017). This will help to prevent
the internal attacks related to the security. Apart from that implementation of this system will
help in maintaining the accountability and traceability of data consumed for the organizational
purpose.
In order to implement the system, the access of the system is needed to be controlled.
This can be done creating separate login account for the individual employees. In this case, the
employees in the organization can login to the system through their user id and password
(Mesquida & Mas, 2015). The activity of the employees on the system can be tracked down by

3MANAGING SECURITY
the admin through the navigation system. Without logging to the account, internet cannot be
accessed. Apart from that admin permission is needed before downloading some software in the
system.
For maintain overall security in cyber space:
From taking initiatives for data integration and maintain hardware and system security it
is important for the organization to maintain the security in the cyber space. In order to maintain
the security in cyber space, the use of firewall is needed to be implemented in the organization
(Furnell et al., 2018). Apart from that it has been seen that in some cases, the original version of
the software is not used in XYZ Company. It is important for the organization to use the original
version of the software so that, the software can get the periodic update which is important for
maintaining the security (Gilad-Bachrach et al., 2016). The installation of the anti-virus software
is needed to be implemented in the system. Apart from that the use of VPN can make the
network of the organization secures. While transferring the data and accessing the webpages it is
advisable for the users to disable the UDP as it would help to prevent many cyber security
vulnerabilities.
Apart from that the employees in the XYZ organizations are needed to be trained for
maintain the security of the system. A training can be arranged for enhancing the awareness of
maintain the cyber security while handling the system. Apart from that the employees are needed
to be aware not access suspicious emails as they can contain malicious links those can affect the
system.
Conclusion

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4MANAGING SECURITY
The discussion is about the implementation of the security system in XYZ Company. The
organization has taken certain steps for maintaining the security in the organization. The
encryption-decryption of the data along with fiving control to the employees to connect the
device to the internet are such initiatives. It can be said from the discussion that for
implementation of these initiatives the modifications are needed for both the network layer and
the device. Apart from that the use of the username and password would be helpful for maintain
the internal security. From the discussion it can be said that the use of the username and
password can be initiated in the two phase. The user has to open the system using his or her own
username and password. After that while connecting the system with the network the respective
user has to put username and password one more time. Moreover, for maintain the cyberspace
security, the organization has adopted some initiatives such as implementation of firewall and
VPN which will make the network of the organization secured.

5MANAGING SECURITY
References
Aljawarneh, S., & Yassein, M. B. (2017). A resource-efficient encryption algorithm for
multimedia big data. Multimedia Tools and Applications, 76(21), 22703-22724.
Barker, E., & Mouha, N. (2017). Recommendation for the triple data encryption algorithm
(TDEA) block cipher (No. NIST Special Publication (SP) 800-67 Rev. 2 (Draft)).
National Institute of Standards and Technology.
Cao, X., Du, L., Wei, X., Meng, D., & Guo, X. (2016). High capacity reversible data hiding in
encrypted images by patch-level sparse representation. IEEE transactions on
cybernetics, 46(5), 1132-1143.
Furnell, S., Esmael, R., Yang, W., & Li, N. (2018). Enhancing security behaviour by supporting
the user. Computers & Security, 75, 1-9.
Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K., Naehrig, M., & Wernsing, J. (2016, June).
Cryptonets: Applying neural networks to encrypted data with high throughput and
accuracy. In International Conference on Machine Learning(pp. 201-210).
Meneses, F., Fuertes, W., Sancho, J., Salvador, S., Flores, D., Aules, H., ... & Nuela, D. (2016).
RSA encryption algorithm optimization to improve performance and security level of
network messages. Int. J. Comput. Sci. Netw. Secur., 16(8), 55-62.
Mesquida, A. L., & Mas, A. (2015). Implementing information security best practices on
software lifecycle processes: The ISO/IEC 15504 Security Extension. Computers &
Security, 48, 19-34.

6MANAGING SECURITY
Thakur, S., Singh, A. K., Ghrera, S. P., & Elhoseny, M. (2018). Multi-layer security of medical
data through watermarking and chaotic encryption for tele-health
applications. Multimedia tools and Applications, 1-14.