Security and control in an Internet environment with specific reference to privatenet system

DSpace/Manakin Repository

Show simple item record

dc.contributor.advisor Prof. A. du Toit en_US
dc.contributor.author Nembambula, Malindi
dc.date.accessioned 2012-09-12T12:47:21Z
dc.date.available 2012-09-12T12:47:21Z
dc.date.issued 2012-09-12
dc.date.submitted 1997
dc.identifier.uri http://hdl.handle.net/10210/7672
dc.description M.Comm. en_US
dc.description.abstract "For better for worse, most computer systems are not in that way today. Security is in general, a trade-off with convenience of remote access via networks to their computers. Inevitably, they suffer from some loss of security. It is the purpose of the research to discuss how Inter-networks connection could be secured." (Cheswick, 1994:3) By definition, the public Internet is a giant network which is composed of thousands of small to 'large networks. It is important to realize that the Internet is considered a public network, similar to the public telephone network, because the general public has easy access to it. This is great for ease of use and accessibility of a virtually infinite amount of information, however it creates great challenges to achieving the information security objectives of confidentiality, integrity, availability, and accountability. The confidentiality, integrity, availability, and accountability security objectives, are at risk due to the increased potential that, once connected to the Internet, any one of the hundreds of thousands of Internet users could use the Internet services offered by an organization (i.e. telnet, file transfer protocol, world wide web, etc.) to attack their private network and gain unauthorised access to computer resources and information. These attacks could result in confidential and restricted data and computer resources being controlled by unauthorised people, to the modification and sabotage of confidential and restricted data and computer resources. Other major exposures to the information security objectives exist because an organisation's Internet traffic will, almost always, take a route on a network which the organisation has little or no control' over. This risk is compounded by the ease of which network traffic may be accessed without authorisation through the tactics of snooping, hijacking, and spoofing. Snooping occurs when a "data scope," which may be a computer with snooping software or a common piece of network analysing hardware, which is placed on a portion of a network and information is displayed as it is transmitted through the network. Hijacking, on the other hand, occurs when Internet traffic is stolen by an imposing host on the same network as the target host. Spoofing, is similar to hijacking except that a host acts as an impostor of another host on the same network and steals traffic meant for a target host, at the same time confusing the target host by sending fake information in the place of the stolen information. The methods for snooping, hijacking, and spoofing are varied and can be quite technical but they are common and pose serious exposures to information security objectives. The security objective of availability is also at risk due to increased Internet traffic levels, and denial-of-service attacks like the infamous Internet worm which caused hundreds of Internet hosts to grind to a halt for several hours. However, Internet is not secure by default, nor will it perform at its best by default, thus there is a need for Internet to be secured, and more specifically for PrivateNet system technology to be applied. The purpose of this short dissertation is threefold, namely: To help the computer auditor to understand the information security risks associated with the client' use of the Internet; To evaluate the capabilities of the features provided by the PrivateNet system in addressing the security objectives of availability, confidentiality, accountability and integrity in an Internet environment; and To help the information security managers to identify the areas where security needs to be enhanced in the Internet environment. en_US
dc.language.iso en en_US
dc.subject Internet - Auditing. en_US
dc.subject Internet - Security measures. en_US
dc.subject Auditing - Access control. en_US
dc.title Security and control in an Internet environment with specific reference to privatenet system en_US
dc.type Mini-Dissertation en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UJDigispace


Advanced Search

Browse

My Account