Network and Communications Security

Published date01 March 1995
DOIhttps://doi.org/10.1108/eb025699
Pages163-168
Date01 March 1995
AuthorRob Melville
Subject MatterAccounting & finance
COMPUTER SECURITY
Network and Communications Security
Rob Melville
Journal of Financial Crime Vol. 3 No. 2 Computer Security
A network is a multi-user computer system where
components of the system are linked to enable
sharing of resources. The size and type of the net-
work depends on the needs of the organisation,
from Local Area Networks (LANs), which are
restricted to one site or building, to Wide Area
Networks (WANs), which may be international in
scope. Communication between the system com-
ponents may be through cable, telephone lines,
radio,
satellite or optical fibre according to the
sophistication of the organisation's technology.
Working definitions of security can be expressed
as:
appropriate control of data and equipment to
ensure only authorised users are able to gain
access to and make use of facilities
appropriate control of the integrity of informa-
tion to ensure it is input, transmitted, processed
and received by intended recipients completely
and accurately.
Security can be broken down into three main ele-
ments:
confidentiality: access to information and data is
restricted to those with a 'need to know'
integrity: data and information is maintained in
the condition in which it is created unless
changes are authorised and valid. (A simple
example is that two plus two always equals
four)
availability: data and information are available to
the user on demand, with sufficient resilience
designed into systems to enable recovery from
hardware and software failure.1
All of these elements should be considered when
reviewing network security. It is also worth
emphasising that security is a subset of
manage-
ment's duty to control systems, not an esoteric
problem for technical experts. Management set tar-
gets and monitor progress towards achievement of
targets; a significant part of these targets should be
the confidence in the systems' ability to deliver
correct, complete and timely information whether
these systems use computers and networks or not.
The regular surveys of computer fraud published
by the Audit Commission consistently identify
breaches in computer security which result from a
lack of simple management controls.2
Security is not intended to limit the use of soft-
ware, hardware or manual facilities. Effective
security is dynamic and proactive, not static and
reactive; it is designed to ensure integrity and resil-
ience of systems and information.
Many organisations now rely greatly on net-
working and telecommunications, whether as
LANs or WANs. Given the enormous capital cost
of laying land lines for telecommunications, most
networks, which connect to remote locations, rely
to some extent on existing telephone technology,
which was originally designed for analogue rather
than digital communication.
Any study of the communications area must
include peripheral and associated activity. This
enables a simple model of network and communi-
cations security to be expressed:
Control the Environment
Control the Communication Lines
Control the People
Control the Machines
ENVIRONMENTAL CONTROLS
There are two main objectives of environmental
security, and for even a small organisation, these
basic physical controls should be implemented:
Protection of the physical link to the Front End
Processor (FEP). (This may not apply to a
Page 163

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT