Security and privacy
There has been significant growth in networking and hence increasing the operational risks and threats facing networks in enterprises. Enterprises should hence conduct a risk analysis to determine the vulnerability of their networks, network resources, and data, and hence integrate appropriate network security solutions. However, due to the exponential growth in networking and internet capabilities, traditional firewall approaches have become inadequate in the provision of reliable security and privacy of information systems. A typical example of network security is the hardened firewall host in which all inside or outside users get required to connect to the trusted applications on the firewall machine before making further connections. The firewall gets configured to protect against unauthenticated interactive logins from outside the organization. The primary functions of the hardened firewall include security processes getting concentrated on one machine, hiding names of systems on LAN and email addresses from outsiders and simplifying network service management. This traditional firewall approach, however, has several shortcomings and does not meet client security and privacy needs.
Hardened firewalls fall short of their security and confidentiality mission of networks since their security processes get concentrated on one machine and also that they work alone. These security solutions are not effective alone in protecting an interconnected network from intrusion, and until they can communicate and work with other security processes, they will remain inefficient. Traditional firewalls cannot communicate with vulnerability scanners and are entirely deaf to the alarms of intrusion protection monitors. These shortcomings limit their capability in network protection. Through mobile and wireless access technologies, intranets have expanded beyond the traditional enterprises’ limits out into the Internet thus increasing the network’s vulnerability. Threats originating within wireless networks could occur in any form, with active and passive attacks, malicious codes or software tools that aid unauthorized attack using a mobile device. Mobile gadgets hence get used within enterprises without getting detected as intruder access sensitive and private information. When mobile devices get attached to network connections, they open a backdoor threat for external world, and also they operate as hidden zombies to launch attacks and distribute malware to their PCs or aim to alter or disclose sensitive data.
The convergence of wireless Internet protocol technologies and mobile devices sets new security challenges as they inherit all known vulnerabilities of the Internet Protocol. The lack of reliable network security provision by traditional security solutions provides Internet Protocol weaknesses that allow for exploitation and misuse and spoofing.
Traditional network security solutions also have another shortcoming in that they lack a macro-level quantitative decision framework (Janczewski, Wolfe & Shenoi, 2013). Researchers are hence focusing their study on utilizing game theory so as to offer a holistic network security solution. The relationship that exists between the defender and attacker gets modeled as the interaction between two competing elements in a game theoretic scenario. The malware aims at spreading extensively whereas the defender aims at securing the network against the attack and at the same time ensuring cost effectiveness.
Security and Privacy Expectations
In the next two years, it is expected that networking will continue to evolve, and risks related to mobile devices will increase. More complex threats will affect enterprises in all sections such as financial attacks, thefts and users’ privacy. Therefore, it is expected that more enhanced network security mechanisms will get proposed, developed and deployed to counteract the emerging security issues. Network security infrastructure in the next two years is expected to cater for the following, an end-to-end solution for all mobile gadgets within a carrier’s network, coordination among network carriers, manufacturers and technology providers and mass coverage of all mobile devices and geographic locations. Going by the trend set by SecureComm 2012, network engineers expect that the trend of awareness concerning privacy issues associated with emerging technologies to continue increasing exponentially. The SecureComm 2012 call-for-papers attracted 73 submissions from 35 nations in four continents that are Australia, Asia, Europe and North America (Keromytis & Di Pietro, 2013).
Future Network Security Solutions
New and innovative solutions for security and privacy will emerge in the future to protect data and information systems. The solutions in the next two years will seek to address the shortcomings of traditional security solutions. Next-generation networks that will be in use in the future will require next-generation firewalls that will integrate a defense-in-depth architecture strategy to offer effective security and privacy. Traditional firewalls will get used together with intrusion prevention systems, content filtering packages and The Web and email security gateways to provide enterprise network security. In this manner, the next-generation tools will be exploiting their individual strengths in offering secure net as well as blocking any internal and external malicious behavior. The next-generation firewalls will also utilize Deep Packet Inspection (ISP) technology so as to decrypt and monitor Secure Sockets Layer (SSL) traffic into and leaving the network. The network security approaches in the future will also be able to function on different devices. The future security solutions that will get designed and deployed in the next two years will look for weaknesses, emphasizing independently on mobile technologies, Internet Protocols, software as well as the end-user knowledge. Enhanced solutions such as third party audit tools will get installed on mobile devices that offer with log mechanisms that can monitor actions. The approaches include SmartSteg that is a new solution in steganography technique on mobile devices allowing secure and confidential communication between computers and mobile devices (Bica, Naccache & Simion, 2016).
Bica, I., Naccache, D., & Simion, E. (Eds.). (2016): Innovative Security Solutions for Information Technology and Communications: 8th International Conference, SECITC 2015, Bucharest, Romania, June 11-12, 2015. Revised Selected Papers (Vol. 9522). Springer.
Janczewski, L. J., Wolfe, H. B., & Shenoi, S. (Eds.). (2013): Security and Privacy Protection in Information Processing Systems: 28th IFIP TC 11 International Conference, SEC 2013, Auckland, New Zealand, July 8-10, 2013, Proceedings (Vol. 405). Springer.
Keromytis, A. D., & Di Pietro, R. (Eds.). (2013): Security and Privacy in Communication Networks: 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers (Vol. 106). Springer.