Abstract
The modern network and Internet security vulnerabilities expose state and local government networks to numerous threats such as denial of service (DoS) attacks, computer viruses, unauthorized access, confidentiality breaches, and so forth. For example, in June 2005, the state of Delaware saw a spike of 141,000 instances of “suspicious activity” due to a variant of the mytopb worm, which could have brought the state’s network to its knees had appropriate steps not been taken (Jarrett, 2005; National Association of State Chief Information Officers [NASCIO], 2006b). On an average day, the state of Michigan blocks 22,059 spam e-mails, 21,702 e-mail viruses, 4,239 Web defacements, and six remote computer takeover attempts. Delaware fends off nearly 3,000 attempts at entering the state’s network daily (NASCIO, 2006b). Governments have the obligation to manage their information security risks by securing mission- critical internal resources such as financial records and taxpayer sensitive information on their networks. Consequently, public-sector information security officers are faced with the challenge to contain damage from compromised systems, prevent internally and Internet-launched attacks, provide systems for logging and intrusion detection, and build frameworks for administrators to securely manage government networks (Oxlenhandler, 2003). This chapter discusses some of the cost-effective measures needed to address government agency information security vulnerabilities and related threats.
Key Terms in this Chapter
Firewall: A firewall is a system designed to prevent unauthorized access to or from a network. Firewalls can be implemented in both hardware and software, or a combination of both. There are several types of firewall techniques. These include packet filter, application gateway, circuit-level gateway, and proxy server.
Denial of Service (DoS) Attack: A DoS attack is a type of computer attack that prevents any part of a system on a network from functioning in accordance with its intended purpose. It is a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic.
Router: A router is a device used to link two networks. Routers play a key role by transferring and routing all the data communication across the network in a proper mode. Each router maintains a routing table and address resolution protocol (ARP) cache. A router keeps a record of the network node addresses and current network status.
IP Address: It is an identifier for a computer or device on a TCP/IP (transmission-control protocol/Internet protocol) network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods.
Confidentiality: Confidentiality is the concept of ensuring that data are disclosed only to authorized subjects (e.g., individuals, processes). Confidentiality protects data from unauthorized disclosure. It could involve ensuring all user data is protected or fields are selectively protected. Traffic flow confidentiality may also be provided, protecting the information that may be derived from a traffic analysis. Confidentiality is one of the three goals of a security program
Availability: This is the property that a given resource will be usable during a given period. It is the state that exists when required automated services or system data can be obtained within an acceptable period at a level and in the form the system user wants. Availability is one the three goals of a security program.
Data Integrity: This is the concept of being able to assure that data or voice transmissions can be maintained in an unimpaired state or condition and is not subject to unauthorized modification, whether that modification is intentional or inadvertent. It protects against modification, insertion, deletion, or replay of data. Data integrity is one of the three goals of a security program.
Virus: A virus is a program or piece of code that is loaded onto your computer without your knowledge and infects programs already in existence by inserting new code. Viruses can replicate themselves and are dangerous because they can quickly use all available memory and bring the system to a halt.
Service Level Agreement (SLA): An SLA is a service contract between a network service provider and a subscriber guaranteeing a particular service’s quality characteristics. These agreements are concerned with network availability and data delivery reliability.
Antivirus Program: It is a utility that searches a hard disk for viruses and removes any that are found. Most antivirus programs include an automatic update feature that enables the program to download profiles of new viruses so that it can check for new viruses as soon as they are discovered.