Verizon Network Sec Isssues
Páginas: 12 (2797 palabras)
Publicado: 26 de enero de 2013
VI. Policies to be created, based on threats and vulnerabilities
“The online world was rife with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks. While these activities encompassed more than data breaches (e.g., DDoS attacks), the theft of corporate and personal information was certainly a core tactic. This re-imagined and re-invigorated specter of“hacktivism” rose to haunt organizations around the world” (“Data Breach”)
Verizon known as one of the largest wireless carrier on the United States has suffered one of the biggest data breaches when around of 855 incidents took place and more than 174 millions of records where compromised.
Today it is impossible to speak of a system one hundred percent secure, simply because the cost of totalsecurity is very high. That is why companies, in general, take risks: must choose between losing a business and getting the risk being hacked.
The question is that, in some specific organizations to have a security system very limited will prevent those from doing more business. If a Hacker wants to spend a hundred thousand dollars in equipment to decrypt an encryption, it can do so because it isimpossible to control it and trying to avoid it, millions of dollars could be spent.
Some corporations have developed documents, guidelines and recommendations that guide in the appropriate use of new technologies to get the most and avoid improper use of the same, which can result in serious problems in the goods and services of the companies in the world. In this sense, policies of securityinformation emerge as an organizational tool to bring awareness to each of the members of an organization about the importance and sensitivity of the information and critical services.
Policies to be created within different areas in Verizon are the following:
* Policy of physical security: physical access
Verizon should promote the use of biometrics and pins on every gate, so onlyauthorized personal can get access to the building and departments where equipment can also be protected.
* Policy of corporate network security:
* One policy to be created is the use of good firewalls and antivirus programs on Verizon. Verizon should conduct a various analysis within a month to elaborate a list of the traffic that needs to get blocked. Limit the protocols passingpackets specially TCP and UDP and some ICMP packets that need to be restricted. This will help to have a more reliable the network and to reduce risk of getting hacked.
* Another policy is password policy for all employees:
This specifies the length and the age, of a password, include alphanumeric, digits, special characters and nonexistent dictionary words, not guessable passwords as the name ofsomeone relative to the person, employees should not write their passwords down, etc.
* Safety of users:
On 2011 Verizon changed its privacy policy which basically promotes the monitoring of your web surfing information and apps information to be used on business reports.
One of the main policies for all companies should be the period allowed for which they keep this data. Keepingdata for long periods could raise the risk of hackers penetrating systems and stealing important and sensitive information about customers. While the FCC specified that all companies must get permissions from customers to keep this data Los Angeles Time said that are many the companies that collect this kind of information from customers.
Privacy of customer information, credit cards, etc.* Data security: Cryptography, classification, privileges, backup and recovery, antivirus, contingency plan.
* Verizon should develop and implement a policy of using cryptographic controls for the protection of the information.
The key management system should be based on a set of agreed standards, procedures and safe methods for:
a) Generate keys for various cryptographic...
“The online world was rife with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks. While these activities encompassed more than data breaches (e.g., DDoS attacks), the theft of corporate and personal information was certainly a core tactic. This re-imagined and re-invigorated specter of“hacktivism” rose to haunt organizations around the world” (“Data Breach”)
Verizon known as one of the largest wireless carrier on the United States has suffered one of the biggest data breaches when around of 855 incidents took place and more than 174 millions of records where compromised.
Today it is impossible to speak of a system one hundred percent secure, simply because the cost of totalsecurity is very high. That is why companies, in general, take risks: must choose between losing a business and getting the risk being hacked.
The question is that, in some specific organizations to have a security system very limited will prevent those from doing more business. If a Hacker wants to spend a hundred thousand dollars in equipment to decrypt an encryption, it can do so because it isimpossible to control it and trying to avoid it, millions of dollars could be spent.
Some corporations have developed documents, guidelines and recommendations that guide in the appropriate use of new technologies to get the most and avoid improper use of the same, which can result in serious problems in the goods and services of the companies in the world. In this sense, policies of securityinformation emerge as an organizational tool to bring awareness to each of the members of an organization about the importance and sensitivity of the information and critical services.
Policies to be created within different areas in Verizon are the following:
* Policy of physical security: physical access
Verizon should promote the use of biometrics and pins on every gate, so onlyauthorized personal can get access to the building and departments where equipment can also be protected.
* Policy of corporate network security:
* One policy to be created is the use of good firewalls and antivirus programs on Verizon. Verizon should conduct a various analysis within a month to elaborate a list of the traffic that needs to get blocked. Limit the protocols passingpackets specially TCP and UDP and some ICMP packets that need to be restricted. This will help to have a more reliable the network and to reduce risk of getting hacked.
* Another policy is password policy for all employees:
This specifies the length and the age, of a password, include alphanumeric, digits, special characters and nonexistent dictionary words, not guessable passwords as the name ofsomeone relative to the person, employees should not write their passwords down, etc.
* Safety of users:
On 2011 Verizon changed its privacy policy which basically promotes the monitoring of your web surfing information and apps information to be used on business reports.
One of the main policies for all companies should be the period allowed for which they keep this data. Keepingdata for long periods could raise the risk of hackers penetrating systems and stealing important and sensitive information about customers. While the FCC specified that all companies must get permissions from customers to keep this data Los Angeles Time said that are many the companies that collect this kind of information from customers.
Privacy of customer information, credit cards, etc.* Data security: Cryptography, classification, privileges, backup and recovery, antivirus, contingency plan.
* Verizon should develop and implement a policy of using cryptographic controls for the protection of the information.
The key management system should be based on a set of agreed standards, procedures and safe methods for:
a) Generate keys for various cryptographic...
Leer documento completo
Regístrate para leer el documento completo.