Assume you are the network manager with several servers and over 500 client PCs. All computers are connected to the Internet via routers that you control. Read over the top 20 list at the above reference website.
Answer the following questions:
Are you qualified to address all of these issues in your organization?
What are your thoughts about the needs of organizations for a security specialist given the type of information you see here?
Do you need highly skilled people in your organization?
Does it appear that this might be a very time consuming problem with the number of computers and users you have in this organization?
What impact does it have when your 500 + users tinker with their settings on personal PCs and download shareware from the Internet?
Discuss each of these issues in light of the information presented in the background and references.
1. Are you qualified to address all of these issues in your organization?
Although the job requires a great deal of training and skill in a wide range of network-related subjects, it is a potentially rewarding career.
Let's examine what it takes to be a Network Security Specialist.
The network security specialist's role is highly technical in nature. Unlike a typical network administrator, the security specialist needs training not just in standard networking technologies, but in a variety of specialized security methods and technologies, as well. This means spending extra time in security-specific classes and studying for unique certifications as well as gaining a generalized background in networking.
For example, a typical security specialist needs to be proficient in standard computer hardware, operating systems, and applications. This training enables him or her to understand how computers operate and how people commonly use them in the workplace.
Beyond that, the specialist needs to become a full-fledged network administrator, learning basic networking theory. This involves training in:
· Network operating systems. Because organizations use various kinds of NOSes, the security specialist needs to have hands-on experience with Microsoft Windows, UNIX, Novell NetWare, and other network-specific products. This includes learning how these network operating systems interact with various desktop operating systems, and how they interact with one another. This is because some organizations combine different operating and network operating systems.
· Platforms. In a complex organization, desktop computers might be connected to a standard network server, or to a minicomputer or mainframe system. Each configuration has its own special network configuration and security-related issues.
· Protocols. Networking protocols are the rules that networked systems use to communicate with one another. All networks are built on a set of protocols, and some networks use different protocols. An understanding of these rules is essential to the network security specialist.
· Routers and gateways. These devices, which involve complex hardware and software systems, enable networks to be connected to one another. They also create a weak spot where security can be breached.
Once the specialist masters the basics of networking, he or she must learn about security and the many threats to networks. This involves training in:
· Policies. Every organization must adopt strict policies to protect its networks. Some of these policies are human, or behavioral. Others are technological, involving precise configurations, the setting of user rights, the use of passwords, and other tasks.
· Firewalls. A firewall is an organization's defense against intrusion from the outside. A firewall protects a network from unauthorized traffic coming from outside. A well-constructed firewall defends a network from infiltration by hackers, who attempt to access networks over the Internet. Firewalls must be constantly maintained and watched to ensure they are doing their job.
· Encryption. Encryption involves the encoding and decoding of data as it travels from its source to its destination. Encrypted data is useless to anyone who cannot decode it, and is an essential security safeguard when transferring data across the Internet, or even across a local area network that is connected to the Internet.
· Packet Sniffing and other network-protection strategies. There are many highly technical methods available for guarding a network from unauthorized traffic. Some of these methods, such as packet sniffing, are incorporated into firewalls. Other methods are stand-alone and must be implemented separately. Depending on the network and organization, multiple methods may be used.
In addition to these issues, many security experts study programming and the development methods used on the Internet. The security expert needs to understand how hackers, crackers, and malicious Webmasters can use the Internet to infiltrate corporate networks and individual computers. This knowledge enables the security specialist to use the broadest array of weapons available.
HOW NETWORK SECURITY SPECIALISTS WORK
Network security specialists can work in a variety of ways. Many large companies have one or more specialists on their IT staff, working full-time on security issues. But security experts also can work on a consulting basis, either individually or through one of the many IT outsourcing services.
Either way, network security specialists are often involved when an organization starts to design its new network or plans an upgrade to the system. As part of the networking team, the security specialist must learn how the organization plans to use its network, the features it requires, and the level of Internet access it desires.
From there, the specialist is charged with assessing the security threats that the network may be vulnerable to, then choosing methods for defending the network against those threats. Strategies may include the use of specific firewall technologies, password systems, encryption methods, user access rights, and much more.
Once the network is in place, the specialist may be assigned the task of "cracking" it, or actually trying to attack the network using the same methods a hacker would use. This practice reveals potential security holes, which can then be plugged.
2. What are your thoughts about the needs of organizations for a security specialist given the type of information you see here?
There has been a growing demand for IT professionals with expertise in network security, especially as it relates to corporate networks that connect to the Internet. In my opinion, it is worth considering hiring a network specialist just for the job of taking care of network security issues alone, especially with large networks of 500 users or more. But it also boiled down to what your organization's goals and objectives are and the level of data sensitivity that needed to be protected from prying eyes as well as financial viability (e.g. can your organization afford to pay for an additional staff).
3. Do you need highly skilled people in your organization?
Yes. In an organization everyone has his or her designated fields of responsibility. So it is highly desirable that skilled personnel employed in their respective fields of expertise. ...
A network security specialist's role is investigated.