Information Security Threats and Vulnerabilities
In computing, the Peer-to-Peer (P2P) networking is based on a distributed architecture to balance the work load among peers. In Peer-to-Peer networking, the organizations share and distribute the requisite files, videos and audios to the stakeholders. Despite various benefits, the utilization of the Peer-to-Peer networking also associates risks to the data and application of the security consulting firm. Keeping in view the given scenario, the security consulting firm is utilizing the Peer-to-Peer networking solution to distribute promotional audios and videos to their customers. And the security firm is increasing the business tremendously, utilizing the Peer-to-Peer networking solution and satisfying their customers. However, due to the associated risks of the Peer-to-Peer networking solution, the firm recently is concerned regarding the data leakage of their potential customer. The document identifies and assesses the risks associated with the P2P file sharing software, unauthorized installation on the firm’s personal computers (desktops), servers, and laptops. The document contains three (3) technology-based solutions to mitigate the risks of utilizing the P2P solution. Finally, the document assesses and evaluates the three (3) solutions and recommends the best solution to avoid risks in P2P file sharing.
The information security threats and vulnerabilities increase are due to unauthorized installation on the firm’s computer. The case of unauthorized installation, the possibility of installing infected software increases that would lead to the vulnerabilities of worms, malware, viruses and spyware activities. It can further lead to the penetration of the vulnerabilities in the computer network of the firm by electronic mails and intranet file sharing. Moreover, the threats and vulnerabilities can damage the whole computer network if the unauthorized file sharing software installed on the firm’s network server. Once the worms, spyware and malware get into the server, have the capabilities to halt the computer network completely. And if the security of the computer network compromises, the crucial information of the clients or stakeholders can be leaked and damaged. And ultimately, the firm can lose the satisfaction and trust of the potential customers (FCC Cyber Security Planning Guide, 2014).
Solutions Comparison
In order to cater the above-given information security threats and vulnerabilities, the first proposed technology-based solution is to deploy a firewall and the Demilitarized Zone (DMZ). The implementation of the firewall facilitates to restrict the unauthorized access to a computer network from intruders or hackers. And the DMZ facilitates to provide a restricted area between the internal or trusted network and external or un-trusted network. The advantages of implementing this solution include, but are not limited to the high information security and excellent performance of the computer network. However, the weaknesses of the solution is the denial of services (DoS) keeping in view the internal network traffic (National Institute of Standards and Technology, 2009).
The second technology based proposed solution is the installation of the antivirus software to the firm’s network server. The enterprise antivirus software edition should be deployed on the server, while, the clients should have installed the endpoint protection. The implementation of the antivirus software would facilitate the firm to scan the firm’s videos and audios for viruses, worms and spyware before being downloaded to the computers. In this regard, the firm can avoid the leakage of the client’s information. However, the limitations of the solution include, some of the viruses cannot be detected by the antivirus software and can destroy or leak the client’s information. Moreover, the antivirus software should always be kept up-to-date, if not; the penetration of viruses in the computer systems cannot stop (Pfleeger and Pfleeger, 2006).
The technology of data encryption can be utilized as a third proposed solution for the security consulting firm. The files and data stored or shared over the network should be encrypted in a way that the viruses or intruders could not able to access them. Moreover, the firm is required to develop a circle of users in a way that the encryption key has provided them to decrypt or view the encrypted files, audios and videos. One of the main advantages of encryption is to avoid the unauthorized access from the intruders while the potential stakeholders having the encryption key can view the files. The disadvantage of the solution is that the intruder can get the key or decrypts the files can lead into major information security leakage (FTC, 2010).
Recommendation
Keeping in view the advantages and weaknesses of the above-given information security solutions, the implementation of the firewall and the Demilitarized Zone identified to be the best solution for implementation in the security consulting firm.
References
FCC Cyber Security Planning Guide. (2014). Retrieved on September 27th, 2014, from http://transition.fcc.gov/cyber/cyberplanner.pdf
FTC. (2010). Peer-to-Peer File Sharing: A Guide for Business. Retrieved on September 27th, 2014, from http://www.business.ftc.gov/documents/bus46-peer-peer-file-sharing-guide-business
National Institute of Standards and Technology (NIST). (2009) Special Publication (SP) 800-41 Rev. 1, Guidelines for firewall and firewall policy. Retrieved from: http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf
Pfleeger, C. P. and Pfleeger, S. L. (2006). Security in Computing, 4th Edition. Prentice Hall, pp 880
