Network Security

The world has been experiencing a rapid digital transformation of processes, services, and even complete business models, and an increase in the demand for reliable data storage, processing, and retrieval (Wei et al., 2019; El-Seoud et al., 2017). On the other hand, the increase in the number of cybersecurity attacks has been prominent (Brooks, 2022). This has fueled my journey through the network security (NS) module, especially due to my medical and educational background that focuses on patients' and students' privacy and information security.

There are several implications for digitalization and the information security risk it involves. Legal percussions emerge from storing, processing, and sharing information related to individuals. In my opinion, it is common sense to protect the personal information stored and accessed in a digital format as we have done for paper documents for decades. However, I realize that digital information systems have made information disclosure only a few clicks away and made the pathways of shared or hacked information countless unless careful measures are placed and revisited.

On the other hand, an ethical duty lies on the shoulder of information, network security professionals, and other workers with privileged access to protected information. For example, my profession as a dentist gives me access to dental and medical patient records where only my ethical and professional attitudes prevent me from unwarranted viewing or disclosure.

Professional implications are characterized by the need to continuously seek the best knowledge and training available in the fields of information and network security and stay proactive in a way that enhances the security and privacy of the information we oversee. The NS module gave me an overall view of the network assessment methodology.

In the first assignment, I was faced with the challenge of planning a vulnerability audit and assessment for an online electronic health record system, during which I learned how to implement a baseline analysis by exploring the standards to which such an online service must adhere. Also, I appreciated the process of determining the assets of a system to understand the possible attack surfaces and to help in planning for mitigations.

Although it was puzzling to balance work, family life, and online learning, I managed to attend two seminars, one of which was about breach case analysis, during which I presented the 2021 LinkedIn breach case. In this presentation, I had the opportunity to discuss how the breach happened and the mitigations that could have been implemented. This incident had social implications, like the increased risk of phishing attempts, hacked accounts, and identity theft, in addition to the mistrust after such an event.

Going through the module, I discovered the massive number of tools available for network scanning, assessment, and penetration testing. I was fascinated to find that many of them are free, which can be advantageous on some occasions but dangerous on others. In other words, hacking can cost the intruder nothing but mental work while costing businesses millions of dollars, if not more.

In the second part of the assignment, I practiced using Nmap to implement host discovery, port scanning, OS detection, and service detection. Also, I learned how to explore the vulnerabilities of a system using Nmap and Nessus. In addition, I had the opportunity to explore different vulnerability databases to acquire more descriptions of the problem, severity level, references, and solutions.

We reviewed logging and log analysis tools in the fifth week of the module. It is a blessing to have such tools available. The information generated is beneficial for troubleshooting, diagnosis, and digital forensics, yet it could be overwhelming and impossible to review manually.

In the last module, we explored future internet architectures in a debate format. Although I was not able to attend the live debate due to work duties, I was able to participate in a related discussion forum to support my group. My group’s position was to defend the MobilityFirst architecture, which is a proposed solution to overcome many of the limitations of the current internet architecture summarized by maintaining device identifiers through different networks, allowing dual-homing, and facilitating equal web viewing experience on different screen sizes (Internet-Class, 2016; Seskar et al., 2011)

The NS module has given me a positive and eye-opening experience in network security. However, it was challenging due to the vast number of tools, techniques, and frameworks available and, of course, the vast number of vulnerabilities available! It taught me how to approach the process of network security assessment systematically and iteratively. I am confident that the information and skills I gained in this module will help me improve the security of the systems I am working on; I am grateful for this experience. Thank you, Dr. Beran!

References

Brooks, C. (2022) Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know. Available from: https://www.forbes.com/sites/chuckbrooks/2022/06/03/alarming-cyber-statistics-for-mid-year-2022-that-you-need-to-know/?sh=394fd8de7864 [Accessed].

El-Seoud, S. A., El-Sofany, H. F., Abdelfattah, M. a. F. & Mohamed, R. (2017) Big Data and Cloud Computing: Trends and Challenges. International Journal of Interactive Mobile Technologies (iJIM) 11(2): 34.

Internet-Class (2016) What internet architecture challenges does mobility cause? Available from: https://www.youtube.com/watch?v=RpGkabE0hT8 [Accessed 21 October 2022].

Seskar, I., Nagaraja, K., Nelson, S. & Raychaudhuri, D. (2011) MobilityFirst Future Internet Architecture Project.

Wei, J., Sanborn, S. & Slaughter, A. (2019) Digital Innovation Creating The Utility of the Future. Available from: https://www2.deloitte.com/us/en/insights/industry/power-and-utilities/digital-transformation-utility-of-the-future.html [Accessed 28 September 2022].