Free Essay

Security System

In: Computers and Technology

Submitted By bsia
Words 6376
Pages 26
Enhanced security student
Self-service system

Contents

Chapter 1 Introduction to the study 3 1.1 Background of the project 3 1.1.1 Overview 3 1.1.2 Problem context 3 1.1.3 Rationale 4 1.1.4 Target Users 5 1.2 Scope and objectives 5 1.3 Project plan 6 1.3.1 System Functionality 6 1.3.2 Deliverables 7 1.3.3 Project Scheduling 8 1.3.4 Assumptions and Constraints 9 CHAPTER 2: LITERATURE REVIEW 10 2. Domain Research 10 2.1 Real Life Self-service system case studies 10 2.2 Protecting data in a self-service system 13 2.2.1 Data Encryption: 14 What is data encryption? 14 Types of Data encryption: 14 Types of data encryption methods: 15 2.2.2 Digital Signature 16 2.2.3 Firewalls 17 Network layer Firewall: 18 Application layer firewall: 18 Proxies: 19 2.24 Intrusion Detection System (IDS) 20 3. Technical Research 23 3.1 Language 23 JavaScript 23 PHP 24 VB.Net 24 3.2 Databases 25 MS Access 25 MS SQL Server 25 MySQL 26 Language and database justification: 26 3.3 System architecture 27 3.4 Methodology 29 Spiral Model 32 Methodology Justification 32 References: 34

Chapter 1 Introduction to the study 1.1 Background of the project 1.2.1 Overview

The paper is based on the improvement of the service at the administration office through the implementation of a new system to replace the traditional way currently used to deliver such services to the student community. It focuses mainly on the development and implementation of this system, the advantage and disadvantage of both the old and new platform of service delivery in the office (Ankit Fadia, 2003).

Information systems have been used to solve both simple and complex problems in many organizations, the use of computer in offices have proved to be more advantageous than otherwise. Information technology enables people to communicate swiftly and efficiently through sharing information i.e sending and receiving of emails, transfer and storage of large volumes of data in electronic forms (Rajesh,2002)

1.2.2 Problem context

Personal data in the wrong hands can be a very dangerous thing, this data can be immediately used or in the future. In most cases this information is used to steal from the victim. Once one has your phone number, home address and other personnel details; they can easily use the same against you to commit all sorts of crimes. The information they should be confidential when accessed by even your friends in a school setting can cause emotional stress people may know more about you of which they shouldn’t (Rajesh, 2002)

The problem with current model is service delivery in that the students queue whenever they want to inquire anything from the administration. Here the staffs available are few and efficiency is an issue as the students tends to select the personnel to handle their cases. This is because few perform better than if attended by others this result in longer queues when the preferred staff is on duty. The same scenario is evident during the peak inquiry hours that is from noon to around three in the evening.

After submission of your query the student has to keep checking in for the feedback. Since ther is no schedule followed, a student can check it number of times before they receive the feedback and if unsatisfied the process begins once again and again till he gets final feedback. This is time consuming and uses lots of paper resources of which information is never secure due to the following reasons : Lack of Integrity:

The witnesses form both the side , that is the staff member handling the document may decide to share the same with other unauthorized employees in the office . secondly when the students are crowded and dis organized there might be some sort of confusion and the documents may accidently be taken by other students.

No privacy:
There is no privacy of the information as the document pass through many department during the process and unlike the computerized method some specific data such as student name, age and class report cannot be filtered in other departments for instance marks scored in a certain unit being seen in the games department (Hassantga ,2013)

No confidentiality:
When a query is directed to the reistrar all the people handling the documents including the secretaries have access to the same.

1.2.3 Rationale

Data privacy is a right to all people is every organization and confidentiality is ethical, but most professional many a time fail to honour there code of conduct. They assume that in a learning institution setting students data is never sensitive. Some tend to ignore the regulations in place to govern the security of such information. However this might not be the major security bridges for the leakages, sometimes it happens unintentionally due to unavoidable reasons. Time wasted is never recovered and current procedure involved have proved to be more time resource consuming in terms of time and paper work. An electronic system is necessary for these inconveniences to be avoided (Bryan, n. d).

1.2.4 Target Users

The enhanced security self service target the students and the administration staff members . It aims at reducing the time spend by both during the inquiry process. It also boost the security and integrity of the information exchange between the students and various departments in the administrations. Other intitutions using similar systems have drastically reduced the cost of the most of the processes, for instance of using letters to have an inquiry in a given department one just has to login remotely using the user nambe and password the chat?send some inquiries to the adminitration. There is no paperwork and this reduces the cost as no purchase of tonnes of papers, on the other hand this prometes conservation of our forests as they are the main sources of raw materials for paper manufacture. Customisation of the system can lead to intgration of the other stakeholders of the institution to limitedly access the assential resources in this sytem enhancing their productivity.

1.2 Scope and objectives

The main aim of the project is to produce and implement a more efficient and secure mode of communication between the students and the staff to reduce the time and activities involved in the inquiry process and in the long run conserving the environment (Bryan, n. d).

It targets at complete elimination of paper work at the service unit in the administration through the use of green environment technology. Paper work costs the stakeholders in terms of ink, papers and other stationary not forgetting the transfer and storage cost. After spending such resources the security of the information is never guaranteed and any given time. (Bryan, n. d).
By implementing the remotely accessed query 'inquiry system it will ease the workload, crowds and the long queues at the service unit office This will ensure the procedures involved in submission of enquiryirequest are more convenient to students as well as easy handling of the same enquiries requests by the staff members thus increased performance efficiency.

Instead of checking in at the office every now and then the student can use ticketing service in the system to check the progress of their requests at any time and get timely feedback on time. The system will not include the use of videos as a mode of communication.

The system will deploy strong encryption features to enable only authorized people to access specific information through the use of usemame and password which will be given to registered valid members of the institution. There shall be a backup storage location for all the data This is to be provided by a cloud computing provider of choice, this will be a precaution incase the entire local storage equipment malfunction or get physical damage.

1.3 Project plan

This involves the procedures that will be followed to put the new system in place. All the activities are put on a time budget to avoid late implementations or last minute rush on the execution of the project

1.3.1 System Functionality

The backbone of this project is to provide a cost effective self-service system that will ensure that personal data is secure and save from third parties. The aim is to offer a self-service system functionality by creating an easy-to-use web based user interface that is unavailable currently. For one to user the system he has to login the username allocated and password to the portal login page. If one does not remember the password the system allows him to acquire and new one through the official email address. The students are allowed to access the system from any part of the world through the internet while the administrative staff users can either be restricted to use the portals within the school intranet (Bryan, n. d). The system is centralized to enhance security this also allows easy auditing of the system to blow the employees performance while the use the system. The system has encryption and decryption capabilities of which all files or messages sent cannot be view by unintended persons.

The system will allow students to access it remotely at any time. The system is dynamic and subject to any further changes unlike the native way where an increase of students with inquiry cases causes overcrowding and long queues but for the system it can handle a large number of enquiries at the same time and as per the demands.

With automated address clearing the staff members will not at any given time manually update the addresses this process is an equivalent to the physical sorting of old files of papers and storing or destroying the ones that are no longer useful. Effective dating it the system will help in keeping the history and any trail of changes thus enabling system audit whenever need be. This makes the use of such system transparent and in case anything goes wrong it is possible to track the problem, unlike the paper based system whenever the staff misplaces a file or letter the student my lack prove to hold the responsible for such an inconvenience.

The existence of student profiles enables them to know the type of data available for the administrations for instance when the change their address the system updates the same automatically while the native procedure does not allow such changes as once submitted and can only change information by resubmitting the new one this means the process starts once again hence more time consuming.

1.3.2 Deliverables

After the project is complete the should be a complete documentation explaining how the project is supposed to be used and explanations on some trouble shooting procedures. It shows the literature reviews for similar systems and their successes, future improvements can also be recommended on the same documentation. This project requires a minimum od the following equipment;

1.3.2.1 Hardware

1. At least 10 computers (2GB RAM 250GB hard disk,2GHZ CPU and supporting Windows Vista or later) 2. A server with at least 6GB RAM and 10GB storage space. 3. Routers and other networking hardwares

13.2.2 Softwares 1. VB.net 2. MS Office 2013 3. My SQL 4. Cloud Management Softwares (to be provided by the provider)

1.3.3 Project Scheduling

1.3.3.1 Research

With the help of the instructors most of the research resources will be acquired online and from the school library. Further research on encr9sition shall be done with help from local or international IT security companies.

L3.3.2 Analysis

This will be basically studying the existing procedures and similar systems already working then defining the actual requirements and specifications of the system to be desiped. The best method to use in the analysis is through engagement of the end users in interviews and answering of questionnaires

L3.3.3 Design

This is the actual writing of the code for the whole system. The major programing language to be used Visual basic.

1.3.3.4 Testing

This involves the pilot testing for all the functions of the system. It aims at removing of all bugs from the system before it is fully put in place.

1.3.3.5 Implementation

All the data is to be converted to digital and saved into the system. Staff and students are registered and taught how to use it efficiently. They are allocated the usemames and passwords to ensure that all accounts are secure. They will be required to fill details on their profiles before they continue using it.

1.3.3.6 Documentation

This is where all the information concerning the system are written, this will help the users and or the technicians who will be maintaining the system in their day to day work. It also contains the version of the software, the patents and future suggestions on its improvements.

1.3.3.7 Maintenance and Upgrading

This will be an ongoing process whenever need arises.

1.3.4 Assumptions and Constraints

1. The system will be totally secure if the users use the right standards of password and avoid sharing the same. 2. All data sent via the self-sen-ice system are well encrypted and can only be viewed by the right parties. 3. The main challenge for this system is that it may require its administrators to constantly maintain the systems and this can bring business to a halt 1 the whole school. Sometimes it takes long periods of hours to a number of days and this might resolve to the use of the native papers system.

CHAPTER 2: LITERATURE REVIEW

This chapter mainly analyses the major existing literature on the security of the paper based model of inquiry and give justification as to how this project is important to existing subject of study and real life problem solving (Cascade, 2009)
2. Domain Research

2.1 Real Life Self-service system case studies

HR self-service system

A Self –service information system in HR scenario will empower managers and employees. (Cascade, 2009)

Some typical HR functions that HR would like to offer as a self –service to its employees are: * Request for leave * Online pay slips retrieval * Online Timesheets * Attendance * Online appraisals * Tax planning * Personal portfolio * Training and development

HR functions that HR would like to offer as a self –service to its Mangers are: * Leave Authorization * Add and verify attendance * Assigning goals and duties * Managing Time sheets * Training management * Performance reviews * Reporting

Benefits of implementing HR self-service systems: * Real time information Access * Retrieval of current and accurate knowledge * It ensure best practices in the organization * Reduces paperwork and ensures more efficiency and accuracy * Information security * Easy Auditing * Reduces the number of enquires for basic information. * Provides an 24/7 system availability * It help to adhere process to company policies * Good return on investment for the department.

Banking Self-service system:

A self – service banking system will empower its customers.

The Banking functions that a Bank would like to offer to its customers are: * Balance Enquiry * Net Balance for all accounts * Funds Transfer * Bills Pay * Prepaid Mobile or DTH recharge * Opening a fixed or recurring deposit * Credit card payments * ATM cash withdrawal and deposits * Cheque book request

Benefits of implementing banking self-service:

* 27/7 Banking available * Reduces employee’s effort at the bank branch. * Reduces the paperwork * Reduces customer effort to visit the branch for transactions. * Instant cash withdrawal facility * Bills pay and other recharges, a click away

Conclusion:

After studying the successful implementation of these self-service systems we have arrived to following conclusion:

* This system helps to provide enhanced work accuracy and efficiency. * Provides seamless availability of the services. * Reduces the Human effort. * Help to save paper and benefits the environment. * Speeds up the domain process. * Offer high data security * Provides high level of data integrity. * Provide important features for easy scalability of the current system. * Delivers high performance.

2.2 Protecting data in a self-service system

The Data security:

In this system, the effect of the lack of security in very evident. Since the problem solution is not only automation but the protection of data as well. As we put Student information on the data network, it becomes vulnerable to many hacking attacks. Therefore to identify a secure system we need to first figure out the answers of some questions:

What are we protecting?
What are the authorization levels?
What are security restrictions?

Major Security Problems:

* User access control * Vulnerable internet connection * Unauthorized access to data. * Corruption of internal database. * Denial of service attack * Delay of intranet traffic due to crypto mismanagement

Solutions

* Data encryption * Digital Signature * Firewalls * Intrusion detection

2.2.1 Data Encryption:

What is data encryption?

This is a process of encoding data on one end and decoding it to other end with the help of encryption and decryption keys, the encryption turns the message text in unreadable format. The Keys defines how messages are encoded and how can it be decoded. (Ankit Fadia, 2003)

Benefits of encryption:

* It is an economic way of protecting data.
Data encryption locally and on the network is the most reliable and economic way of protecting data. Even if the data is stolen from the network, it is available in the unreadable form and cannot be made readable without decryption key.

* Surety of complete data security.
The data protection is 100% sure. I gives a piece of mind to the user and administrator. It is a foolproof solution in case of data leakage.

* Data can be protected even if the hardware systems are been stolen
There are the encryption discs available, which can keep data encrypted even on the local hard drive. Even if the hardware is stolen, data remains protected with encryption.

* Protects unauthorized access to the information.
Encryption helps to set access passwords, recovery questions and special identity techniques, which allows only authorized user to access data.

Types of Data encryption:

There are 3 types of Encryption. 1. Secret Key Symmetric encryption. 2. Public key encryption 3. One way encryption.

Secret Key Symmetric encryption

This is relatively simple type of encryption, first used by Julius Cesar. In which both the parties have password information in advance. The best example is when we exchange data between two mobile via Bluetooth and also in some of the bank transactions (OTP- one time password), this encryption is widely used.
The main disadvantage of this encryption is, the password has to be sent to other party. And the communication mode should be very secure.

Public Key encryption:

A public key encryption system is that the public and private keys are connected in such a way that only the public key can be used to encrypt messages and only the matching private key can be used to decrypt them This encryption is been used in our student information system, in case data is accessed over the network.

The main disadvantage of this system is that we need to know the recipient's public key to encrypt a message for him or her and this requires a global registry of public keys.

One way encryption:

This encryption will help to keep the password file, digital signature etc. encrypted. The required password is stored in the encrypted form, in hash encoding. When user enters the password, its compared with the password stored and accordingly access is granted or denied.

The system like our Student information portal will use different kinds of one way authentications, before it actually reveals the required data. This is mainly used with our system when we access student data locally.

Types of data encryption methods:

* Software based Data encryption * Hardware Based Data encryption

Software based data encryption:
In this type of data encryption, we will have software for our hardware like hard drive, flash drive etc. to facilitate data encryption. This software allows the users to create an encrypted Cellar on the drive, all the file are encrypted and stored in this area.
The main disadvantage of this system is it makes data transfer slow, as it uses system resources (CPU,RAM) and is data transfer is time consuming.

Hardware Based Data encryption: This system is better than Software based data encryption system. As data transfer is faster and stable as it does not uses system resources and hardware used is robust and resistant to physical damage. The encryption is done at storage device level only. The encryption is done at storage device level only But this system is costlier then Software based data encryption because of high manufacturing cost of hardware .

2.2.2 Digital Signature

Digital Signature is a type of cryptography, a mathematical structure for representing the genuineness of a digital message or document.
How it works?
Creation: The digital signature is based on the hash value computation. The hash value is calculated using a base number, using a Hash algorithm..
Verification: A digital signature is verified by comparing the reference of the original message and the given public key. This determines whether the provided digital signature was created for the same message using the private key.

Benefits of Using Digital signature: * They authenticate the source of the message. * It confirms the identity of the sender. * It ensures that message received / delivered is unaltered. * A digital signature has legal importance .An entity cannot deny the document being signed by the digital signature.

2.2.3 Firewalls

A Firewall is software installed between Local area Network and Wide area network to assess network traffic. It controls incoming traffic and validates the nature of it . If the traffic is legitimate it will pass through, otherwise it will be rejected before entering in the network. (Karanjit Siyan, 1996)
Firewall
Firewall

Firewall
Wan
Wan
LAN
LAN

Our domain
Our domain
A firewall system:

Violation
Violation
Firewall system
Firewall system

Authorized access
Authorized access

Types of firewall:

* Network layer * Application layer * Proxies

Network layer Firewall:

This firewall works on the Network layer of OSI model, where packet transfer mainly happens. This firewall works as a packet filter.
It has predefined rules for the data transfer, as set by the administrator. This firewall will validate the packets as per these rules and control the packet transfer.
There are two types of network layer firewalls:
Statefull :
This firewall work on a state table rules set.
Whenever packet comes to the destination network it will use network state information like active sessions, TCP and UDP ports, IP address etc. If the packet does not matches the state table information it will be evaluated with the rules set for the new connections. If the rule set matches, the packet transfer is allowed.

Stateless:
This is a faster way of packet transfer ,as it is not based on session and also consumes less memory and system resources. But on the other hand it cannot make more complex decisions on stage communications between hosts have reached. But they are very effective in filtering stateless network protocols.
Application layer firewall:

This protocols works on the application layer of the TCP/IP protocol.
Main features of this firewall: * It can effectively control viruses and worms by restricting malignant packets. * It blocks the inappropriate packets and usually drop them then and there. * It will assess connection establishment also. * It does socket level filtering between application layer and lower OSI layers. * It work more like application packet filters, rather than port based filter.

Proxies:

Proxies have several security benefits. * This firewall helps to hide machines behind the proxies. * It uses caching to speed up the processing. * It prevents multiple downloads and saves bandwidth. * It can create and audit data transfer logs. * It can block undesired sites. * It scans inbound and outbound contents

2.24 Intrusion Detection System (IDS)

An IDS is a device or a software that is placed between a firewall and World wide web. It monitors, detects and responds to network policy violation and other malicious activities.
Its analysis and detects the symptoms of security problems by collecting various information from system and network resources. (Rajesh K.S 2002)

Switch
Switch
Firewall
Firewall
IDS
IDS
Internet
Internet

LAN
LAN

Intrusion detection System

Benefits of IDS: * It monitors server, routers and other critical system resources. * It helps administrator to alter, organize and understand complex OS audit trails and other logs * Provide user friendly interface to the administrator. * It comes with a vast database of security threats. * It can distinguish and report modifications to data files.

Types of IDS: * Host - Based (HIDS) * Network – Based (NIDS) * Hybrid

Host IDS

Features of HIDS:
Advantages:
* It works in switched networking environment * Can also operate efficiently in encrypted environs * It can detects and collects the most relevant information, faster than any other IDS
Disadvantage
* It uses system resources of the host server. * Does not have capabilities to protect complete infrastructure.

Network IDS

Features of NIDS:
Advantage:
* It does packet level analysis. * It can support large infrastructure and enterprises. * It works on the amount of traffic not on the amount of infrastructure. * Does not depend on system resources. * Provides better solution against Denial of service attack.

Disadvantage: * Cannot work in encrypted network environment. * Not compatible with modern switched networks. * It cannot efficiently handle high-speed networks. * It detects attack based on its predefined database and sometimes does not respond to new types of attacks.
Hybrid IDS

It is the combination of network and host based IDS. This provides the advantages of both systems. It is useful in all network and system environments. It enhances the IDS capabilities detect attack patterns.
The main disadvantage is there is no industry standard to define this hybridisation and it is difficult to implement as well

IDS techniques

* Misuse detection * Target Monitoring * Anomaly detection * Stealth Probes

Misuse Detection:
It’s a simple model to understand the abnormal behaviour of network activities. It’s simple to update and work with. But at time it in unable to recognise unknown attacks, out of its attack definition database.

Target Monitoring:
It works on encrypted network. Its main purpose is to generate an encrypted file and compare it with the original one periodically. It does not require monitoring and is easy to implement.

Anomaly detection
This technique collects data from various system resources over the time and creates a norm based on the set data pattern. If it sees violation of the norms it will immediately raise and alert.

Stealth Probes
This technique uses wide area sampling to detect threats. It will collect variety of data from the system and checks its behaviour for a long period. It will foresee the possible attacks on the network.
3. Technical Research

3.1 Language

The basic necessity to implement this system is to have a good front end application on the web for the student to enter and modify their data. The programming languages that can best cater this requirement is: * JavaScript * PHP * VB.Net
JavaScript

It is a client side scripting language with following features: * Interface to interact with the user on the web. * Supported by all major browsers * Its dynamic * Can alter document content * Type safe
Advantages of java script: * Client Site processing
JavaScript supports client site scripting. It support user level validation at client side which allows efficient user of system resources and does strains the bandwidth. * Easy to Understand
It is easy to understand and program. The syntax is also very close to English. The syntax is similar to C. * Support extended functionalities.
It enables developers to write snippets of JavaScript which can provide extended functionality to web pages.
Disadvantage of JavaScript: * The extended functionality makes it vulnerable to malicious code to be append in the interface. That opens lot of threats to security. * Different layout engines will, interpret JavaScript code differently. This can lead to inconsistency in interface and functionality

PHP

It’s a server side scripting language which is mainly used for developing web application and web services.
Advantages of PHP: * Open source scripting language. * Simple and easy to learn * Supports both structural and object oriented programming. * It is support by most of the web servers. * It supports plug ins from most of the databases. * Easy to deploy * Cost effective solution
Disadvantage:
* Security flaws and unidentified vulnerabilities, since it is open source.

VB.Net
It’s an object oriented programming language with GUI based development environment.

Advantages:

* Very simple programming Language. * Works on IDE, Interactive development environment. * Easy to develop and modify in its Graphical user interface environment. * Its Object oriented programming language. * It uses XML to communication between network layers * It offers robust security features. * The CLR feature in VB.net takes care of garbage collection i.e it releases the memory as soon as object is no more in use. This helps in optimal use of system resources.

3.2 Databases

The databases that can support multiple queries and process data efficiently in this scenario is: * MS Access * MS SQL * My SQL

MS Access

Microsoft Office Access is a database management system from Microsoft, for small databases.
It combines the relational Microsoft Jet Database Engine with a GUI and software-development tools
Main Features: * Easy to use. * Can store database up to 2 GB. * People with basic computer knowledge can also use this database. * It can be remotely accessed. * Provide access control feature. * Good for small database requirement.

MS SQL Server

Microsoft SQL Server is a relational database management system (RDBMS) developed by Microsoft. It’s a software hose primary function is to store and retrieve data as requested by other applications. This RDBMS supports data for the applications housed locally or remotely over the network.

Features: * Its scalable can handle huge amount of data. * Does not gives very user access to raw data * Administrator can apply user level validation and access control. * Very secure * Maintains transaction logs and allows data to roll back to original version.

MySQL

It’s an open source Relational Database System which can be used by the developers under General Public License.

The Main features of My SQL are: * It’s easy to use, since it supports basic SQL functions * It’s secure: supports password encryption and other data security measures. * It’s inexpensive: since its open source. * It’s faster in data processing * It give very high performance because of its unique storage engine architecture * Highly scalable and flexible, it can supports large number of embedded applications. * It supports most of the operating systems * It also supports most of the development interfaces.

Language and database justification:

After a complete analysis of Programming languages and database, we would like to settle with the combination that can support: * High data security * Scalability * Optimum utilization of system resources. My SQL and Visual .net will be best fit for this system development. ( Novell Doc: NW 6.5 SP8)
On the other hand when we connect .Net framework and MySQL database we will have all the advantages of using ADO.Net

What is ADO.Net?
It is a software components used by the programmers to retrieve and modify data from a Relational database source. (Hassantga ,2013)
Benefits of ADO.Net: * It allows programmers to write data access codes, which is useful even if the database has been changed. * It makes the system highly scalable by representing whole database or even a data table as disconnected object. * Interoperability. It uses XML to transmit data, which makes it platform independent and highly interoperable. * High performance. * It can pass through firewalls as well.

4.3 System architecture

User Interface:
The system will have majorly 3 components. The user interface is programmed in VB.net. These interfaces are programmed to provide a media to students to gather information regarding their queries.

System Components:

1. Academics * Academics records * Results * Degree information * Scholarships * Admission desk 2. Finances * Account receivables * Cash receipts * Other expenses * Scholar ships 3. Administrative * Faculty information * Campus arrangements * Admission desk * Student information

Data Security and Validations:
This layer will validate information coming from the user interface and check for user’s access control as well. The validated information is then passed to the database for information gathering.

Once the query was received by the database it generates the massage /document, which is digitally signed by the web server. This digital signature ensures the authenticity of the data and also confirms its integrity. If the message is altered or tempered during the communication, the digital signature appears invalid at the time of decryption.

Network Layer:
The network layer will contain: * Routers and switches for network communication. * IDS and firewalls for network security

Database Infrastructure
All the student information will house here in a Database Management System. We will implement My SQL as our Relational database management system (RDMS).
This system will manage student data and process queries as per their requirement (queries received from interface components).

User Interface
(VB.Net)
User Interface
(VB.Net)
Academics
Form

Academics
Form

Finance
Form

Finance
Form

Administrative
Form
Form
Administrative
Form
Form

Data Access control rule set
Data Access control rule set
Networking Layer
Networking Layer
Data security
(Encryption and decryption of digital signature )
Data security
(Encryption and decryption of digital signature )

Database infrastructure
Database infrastructure

MY SQL
MY SQL

System Architecture
System Architecture

3.4 Methodology
System analysis methodologies: * Structured analysis and design method (SSDM)Waterfall model * Spiral Model

Structured analysis and design method (SSDM) Waterfall model
It is a waterfall model that works on the analysis and design of the information systems.
(Mike Goodland, 1995)

Stages in SSDM:

Stage 0: Feasibility study
This stage determines whether the proposed information system is feasible in all aspects or not.
The feasibility study is done in following areas : * Technical – If system can be achieved with the technology available in the market? * Financial -- If system building, component procurement and implementation cost fits the assigned funds for the project. * Organizational – If the proposed new system is compliant with current practices. * Ethical – If the proposed system is socially acceptable.

To answer these questions the users and experts from each domain are interviewed and a detailed report is deduced to determine system feasibility.

Stage 2: Current system analysis
This stage is very important phase of SSDM. In this phase an analyst studies the current system environment by interviews, questionnaires, observation and existing documentation of the current system.

The phase helps to understand system better as it: * Helps to learn prevailing business terminologies * It proved the basic requirements for the new system. * To analyze inefficiencies and flaws in the current system. * System data model can be made. * System boundaries can be identified and defined.

Stage 3: Business system options

Is this stage a analyst determines several business options and present it the user. They hold interviews, presentations and group discussions to figure out:

* Extend of system automation * Different levels of access control * System architecture * Total implementation expenses * The influence of the new system

Stage 4: Technical system option
Once the business system is identified, analyst figures out different technical option to implement the proposed system. This phase will mainly focussed on :

* Hardware architecture and configuration * software to be used * Training and staffing requirements * Physical space to be occupied by new system and its limitations * How human and computer will interact?

Stage 5: Logical design:

This stage will determine the data processing logic in the system. In this stage the analyst will work towards, planning of the computer and human interaction.
This stage will mainly focus on: * System directories * Logical data structure * Logical process modelling for system and user interactions * Stress & Bending moment.

Stage 6: Physical design:

This is the final stage where all logical specifications are converted into real software and hardware. This is a highly technical stage where software, hardware and logical processes are integrated to complete a system implementation, for example logical data structure are applied to the Database management software.

Spiral Model

The Spiral model is derived from waterfall model only but it includes high level of risk analysis and is good for large and mission critical projects only.

A spiral model has following phases:

1. Planning: In this phase a complete requirement analysis is conducted for the project. 2. Risk analysis: Risks are identified and alternate solution is suggested. 3. Evolution: Lets customer to access the output of the system before it continues to next spiral. 4. Engineering: This the last phase of development lifecycle in which the final version of software is developed and tested.

Methodology Justification

We would advocate SSDM here, for implementation of Student self-service system as compared to Spiral model. The reason being: (Bryan Cohen, n. d)

1. The spiral model will be very costly to implement. 2. Its time consuming. 3. Spiral model is good for high risk projects. 4. SSDM is very structured way of designing and implementing an information system. 5. With such thorough steps to understand system requirements in SSDM, it is almost impossible to misunderstand any information.

References:

* Ankit Fadia 2003, Network Security, Macmillan India Ltd. * Benefits of ADO.NET. 2013. Benefits of ADO.NET. [ONLINE] Available at:http://msdn.microsoft.com/en-us/library/3y0bb1zd(v=VS.80).aspx. [Accessed 21 June 2013].

* Bryan Cohen, n. d., Advantages & Disadvantages of SSADM | eHow. 2013. Advantages & Disadvantages of SSADM | eHow. [ONLINE] Available at: http://www.ehow.com/list_6781448_advantages-disadvantages-ssadm.html. [Accessed 20 June 2013].

* Cascade, 2009, Guide To Rolling Out Self-Service HR Systems. 2013. Guide To Rolling Out Self-Service HR Systems. [ONLINE] Available at: http://www.ncc.co.uk/article/?articleref=600008&hilight=Guide+To+Rolling+Out+Self-Service+HR+Systems+2009+. [Accessed 21 June 2013].

* Hassantga ,2013, MySqlBackup.NET - MySQL Backup Solution for C#, VB.NET, ASP.NET - CodeProject. 2013. MySqlBackup.NET - MySQL Backup Solution for C#, VB.NET, ASP.NET - CodeProject. [ONLINE] Available at:http://www.codeproject.com/Articles/256466/MySqlBackup-NET-MySQL-Backup-Solution-for-Csharp-V. [Accessed 21 June 2013].

* Karanjit Siyan, 1996. Internet Firewalls and Network Security. Edition. New Riders Pub. * Mike Goodland, 1995. SSADM Version 4: A Practical Approach. Edition. McGraw-Hill Publishing Co.. * Novell Doc: NW 6.5 SP8: Novell MySQL Administration Guide - Benefits of MySQL. 2013. Novell Doc: NW 6.5 SP8: Novell MySQL Administration Guide - Benefits of MySQL. [ONLINE] Available at: http://www.novell.com/documentation/nw65/web_mysql_nw/data/aj5bj52.html. [Accessed 21 June 2013].

* Rajesh K.S 2002, Cisco security Bible, Hungry Minds, INC , New York.…...

Similar Documents

Premium Essay

Computer Systems Security

...Michael Anderson Principles of Info Security Professor Corey Jackson Outline In order for a company to be successful it needs to ensure that the security of its network is up to par and can protect the data from 2.0 Incident-Response Policy for Gem Infosys. |Gem Infosys Policy Sections | |1.0 |Identification of Incidents/Threats | | |Gem Infosys incident-response policy requires that every personnel including the Information Security Office (ISO), report suspicious| | |activity during system usage, or while conducting a proactive monitoring of the organization’s network and information system | | |activities (Yale University Policy, 2012; SANS Institute, 2001). Reports will be done via incident reporting system tickets which | | |shall be sent to the authorized individuals or departments. | | |Symptoms of Computer Security Incidents; | | |System alarm from incorporated intrusion detection tools | | |Unsuccessful login attempts ...

Words: 1040 - Pages: 5

Free Essay

Social Security System of Bangladesh

...Non-Traditional Security in Bangladesh: Issues and Outlooks Bangladesh Institute of International and Strategic Studies (BIISS) Following is an attempt to analyze the challenges in the field of non-traditional security issues and explore relevant outlooks dealing with these challenges in the context of Bangladesh. 1. Threats to Societal Security Inflow of Small Arms and Drug: This is an external or trans-national source. Estimates differ and perhaps will be less than what is happening in the context of India or Pakistan. But it is causing security threats to the state and the society, for at least two reasons: first, the rate is increasing at an alarming pace; second, Bangladesh is a soft state and a soft society, the impact is easily felt.[i] Use of small arms, use of drugs are gaining autonomous proportion in the sense the administration and law enforcing agencies have practically little control over the trafficking and use. Law and Order and Social Violence: The south western districts are again becoming restless following increase in the number of incidences of killings and overrunning of police posts by the outlawed and extremists who seem to be reemerging from the banned parties like Purba Banglar Communist Party and Biplobi Communist Party in the southwestern districts.[ii] The northern districts in recent months have been subjected to terrorist attack.[iii] One of the horrendous crimes in recent times was the slaughtering of six persons in a......

Words: 2986 - Pages: 12

Free Essay

Information Systems Security

...data that resides in and among computer systems must be protected against security threats that exploit vulnerabilities. Organizations must therefore impose appropriate controls to monitor for, deter and prevent security breaches. Three areas have been considered, in a typical sense, as the basic critical security requirements for data protection: confidentiality is used to assure privacy; principles of integrity assure systems are changed in accordance with authorized practices; and, availability is applied to maintain proper system functions to sustain service delivery (Dhillon, 2007, p. 19). These security requirements are represented in Figure 1, Classic Critical Security Requirements. This figure depicts the cross-domain solutions of informal controls, also known as human relationships, and formal and technical controls, which provide for organizational and physical information security controls, respectively. Two additional security requirements have recently been added that are of particular importance to networked environments because attacks now extend far beyond traditional firewall perimeters. These are authentication, which is used to assure a message actually comes from the source it claims to have originated; and, nonrepudiation, which can be applied to prevent an entity from denying performance of a particular action related to handling data, thereby assuring validity of content and origin. Figure 2, Core Data Security Set, depicts the interrelationship......

Words: 1759 - Pages: 8

Premium Essay

Information Systems Security

...Information Systems Security Strayer University CIS 333 June 18, 2014 David Bevin Information Systems Security The scope of our assignment as an information officer at Whale Pharmaceuticals is to safeguardour daily operations which require a combination of both physical and logical access controls to protect medication and funds maintained on the premises and personally identifiable information and protected health information of our customers. The immediate supervisor has tasked us with identifying inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate all risks identified. There are few basic things to be cognizant of as we carry out this task. Security is easiest to define by breaking it into pieces. An information system consists of the hardware, operating system, and application software that work together to collect, process, and store data for individuals and organizations. Information systems security is the collection of activities that protect the information system and the data stored in (Kim & Solomon 2012). We should also be aware of what we are up against. Cyberspace brings new threats to people and organizations. People need to protect their privacy. Businesses and organizations are responsible for protecting both their intellectual property and any personal or private data they handle. Various laws require organizations to use security controls to protect private and......

Words: 3283 - Pages: 14

Premium Essay

Maintaining Information Systems Security

...Maintaining Information Systems Security Akilah S. Huggins University Of Phoenix CMGT/400 August 11, 2014 Maintaining Information Systems Security Introduction With the growing development of information systems and networks, security is a main concern of organizations today. The fundamental objectives of information systems security are privacy, integrity, and accessibility. The foundation of organization's security lies in planning, creating and actualizing proper information systems' frameworks' security strategy that adjusts security objectives with the organization's requirements. In this paper the objective is to describe the importance of policies and standards for maintaining information systems security. Specifically, the paper include the discussion of the role employees—and others working for the organization to maintain the information systems security. Also the position paper aim to examine the different levels of security and how an organization can provide the proper level of effort to meet each information security need and how this relates to what is in an organization’s information security policy. Thesis Statement The aim and objective of the underlying paper is to analyze and evaluate the phenomena of maintaining information system security. Importance of Policies and Standards for Maintaining Information Systems Security. Information system security policies primarily address threats.......

Words: 1235 - Pages: 5

Premium Essay

Collective Security System

...Collective security system as a limitation to State’s sovereignty Collective security system as a limitation to State’s sovereignty Alexandra Foucaud Since 1648 and the Treaty of Westphalia and the recognition of the sovereignty of each State, States have been commonly accepted as the key feature of world politics. Nevertheless, the Westphalian system did not prevent the outbreak of the two World Wars of the 20 th Century. After, the First World War emerged, at the instigation of President Wilson, a first try to set up a collective security system with the creation of the League of Nations, which would, eventually, not last long. After the Second World War, all “free” States affirmed their will “to save succeeding generations from the scourge of war, which twice in our lifetime has brought untold sorrow to mankind, and to reaffirm faith in fundamental human rights, in the dignity and worth of the human person, in the equal rights of men and women and of nations large and small, and to establish conditions under which justice and respect for the obligations arising from treaties and other sources of international law can be maintained, and to promote social progress and better standards of life in larger freedom »1 thus establishing a new collective security system (CSS) which purpose was “To maintain international peace and security, and to that end: to take effective collective measures for the prevention and removal of threats to the peace, and for the suppression of......

Words: 3058 - Pages: 13

Premium Essay

It Security System Audits

...Phase 1 During the initial audit, it was discovered that training for all employees has not been implemented. Security measures are not in place to prevent protection from physical threats. Network security measures have not been implemented with a firewall, or with an antivirus system to prevent malware. Cross functionality of the systems are not considered with respect to the disaster recovery, incident response planning. The IT department does not have the diagram of the infrastructure mapped out with a topology which would also aid in the event of a disaster or other incident. Permissions are not enforced with appropriate industry standards, acknowledging the laws of least privilege. Policies and procedures should be implemented and enforced to mitigate security issues, and should be updated no less than annually. Phase 2 Lack of information technology governance can harm a company in many ways. Ensuring that employees with roles of protecting the infrastructure have the proper training and support of senior management will help to support security and compliance concerns. Failure to adhere to industry best practices can lead to compliance concerns, loss of confidentiality of data and potentially it can lead to lawsuits. Without proper permissions access monitoring, the company cannot enforce policy or procedures. This can lead to virus or malware infiltrating your network, which can cause an interruption in productivity, loss of revenue and can ultimately......

Words: 415 - Pages: 2

Premium Essay

System Security Plan

...name: Course: Date: Introduction System security plan document describe all the possible system security control measures, their application status and how they are implemented. It can therefore facilitates the implementation of security processes by guiding the individual involved in this process. This document addresses the first version of system security plan (SSP) of automated banking system. The purpose of this report is to describe the controls that are in place or are in the plan, the expected behavior and the responsibilities of the individuals who uses or access the system. The document structures the planning process of implementing the security control procedures to provide adequate security and cost-effective security protection for the system. Management, operational and technical controls have been identified and discussed in details. The different family of system security controls are defined and discussed comprehensively how their implementation status and how they are implemented. DOCUMENT CHANGE CONTROL Version | Release Date | Summary of Changes | Addendum Number | Name | Version 1 | 22/4/2015 | | 1 | System security plan 1 | SYSTEM IDENTIFICATION Automated banking system is a company application system that has been categorized as a primary system according to FIPS 199. ABS will......

Words: 1354 - Pages: 6

Premium Essay

Operating System Security Flaws

...Operating System Security Flaws Donique Tulloch POS/355 Introduction to Operational Systems - Yevgeniy Tovshteyn Operating System Security Flaws Vulnerable, as defined by the dictionary is being capable of or susceptible to being hurt or wounded by a weapon. In computer science, to be vulnerable means to be open to attack. Vulnerability in a computer’s system is a weakness and this weakness can be preyed on by attackers to take advantage of the system’s private data. In using a system, we are assured that the data we input is stored securely and processed for the intended purpose only. So the susceptibility of the system, the attacker’s access to this flaw and the capability to exploit this flaw compose the elements of computer vulnerability. For this flaw to be exploited, the attacker must have an attack surface, meaning the attacker must have some technique or tool to exploit the system. One classification of a vulnerability is security bug or defect, where a firewall may be out of date or in this case, Windows Defender is significantly out of date leaving the system with a window of vulnerability to attacks. This window would be from when the bug was discovered, access was removed, a fix was available and if or when an attack was disabled. Windows Defender was designed as a free software to defend against unwanted attacks as a combination of Microsoft Security essentials. With proper security patch updating, Windows should have minimal security bug and any other......

Words: 986 - Pages: 4

Premium Essay

Principles of Information-Systems Security

...As an Information Security Engineer for a large multi-international corporation, that has just suffered multiple security breaches that have threatened customers' trust in the fact that their confidential data and financial assets such as Credit-card information; one must implement security measures that will protect the network through a vulnerable wireless connection within the organization, while also providing a security plan that will protect against weak access-control policies within the organization. The first step of protecting against Credit-card information through a vulnerable wireless connection within the organization would be to first protect your wireless broadband from cyber-attacks, which don’t involve any costly measures. One must always remember to lock down the wireless network. By default the password for your panel is often a standard one set-up by the manufacturer (for example ‘admin’). It’s very important that you change this as soon as possible, because it would me that many hackers would already have the password for it. When picking a strong password use a case sensitive combination of alphabets and numbers, six characters and more. Also remember to make it something unique and not the same as something else like your Facebook or Twitter password. Next too consider is the fact that most routers come with a WEP or WPA key built in for good measure, and each router has a different code so there is no need to stress when it comes to this aspect.......

Words: 902 - Pages: 4

Premium Essay

Information System Security

...Claudia Goodman IT302 Homework 2 Security-Enhanced Linux The NSA has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. It recognizes the critical role of operating system security mechanisms in supporting security at higher levels. End systems must be able to enforce confidentiality and integrity requirements to provide system security. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. Application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security. The results of several of these projects in this area have yielded a strong, flexible mandatory access control architecture called Flask. This has been mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel. This provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements and it allows threats of tampering and bypassing of application security mechanisms to be addressed while enabling the confinement of damage that can be caused by malicious or flawed applications. This is simply an example of how mandatory access controls that can confine the actions of any process, including......

Words: 1522 - Pages: 7

Premium Essay

Security Systems in Bangalore

...Security System Security System, any of various means or devices designed to guard persons and property against a broad range of hazards, including crime, fire, accidents, espionage, sabotage, subversion, and attack. Most Security System emphasize certain hazards. The principal security concerns are shoplifting and employee dishonesty. A typical set of categories to be protected includes the personal safety of people in the organization, such as employees, customers, or residents; tangible property, such as the plant, equipment, finished products, cash, and securities, such as highly classified national-security information or “proprietary” information (e.g., trade secrets) of private organizations. An important distinction between a security and protection system and public services such as police and fire departments is that the former employs means that emphasize passive and preventive measures. Security systems are found in a wide variety of organizations, ranging from government agencies and industrial plants to apartment buildings and schools. Sufficiently large organizations may have their own proprietary security systems or may purchase security services by contract from specialized security organizations. The origins of security systems are obscure, but techniques for protecting the household, such as the use of locks and barred windows, are very ancient. As civilizations developed, the distinction between passive and active security was recognized, and......

Words: 621 - Pages: 3

Premium Essay

Information Systems and Security

...Information Systems are the backbone to support the management, operation and decision function of every business or organization. Information Systems (IS) are composed of hardware, software, infrastructure and trained personnel where all the information are digitally processed and be accessible for the use of authorized personnel. Let first resume Information Systems history: • In the 70’s, IS was made of mainframe computers were the data was centralized. They have fewer functions like payroll, inventory and billing process. • Then in the 80’s came the automation process where computers and peripheral devices started to be connected using Local Area Network (LAN). Also started the use of word processors and spreadsheets to automate the flow of information within departments. • In the 90’s the advance of technology brings the ability of corporation to stablish connection between branches and remote offices using Wide Area Network (WAN). Corporations started to look for systems and data integration, leaving behind stand-alone systems. • In the 2000, the introduction of the Internet expand WAN for global enterprises and business involved in supply chain and distribution between countries. Data sharing across systems was the main focus for corporations. The use of electronic mail (email) become a global standard communication between corporations. • In Current time, the advance on technology brings Wireless connectivity where new devices like tablet pc and......

Words: 764 - Pages: 4

Free Essay

Intro to System Security

...1.0 Overview Standards for network access and authentication are highly required to the company's information security. Any user accessing the company's computer systems has the ability to compromise the security of all users of the network. Appropriate Network Access and Authentication Policy decrees the chances of a security breache by requiring application authentication and access standards across the network in all locations. 2.0 Purpose The purpose of this policy is to illustrate what must be done to ensure that users connecting to the corporate network are authorized users in compliance with company standards, and are given the least amount of access required to perform their job function. 3.0 Scope The scope of this policy includes all users who have access to company provided computers or require access to the corporate network and systems. This policy applies not only to employees, but also to guests, contractors, and anyone requiring access to the corporate network. Public accesses to the company’s externally-reachable systems, such as its corporate website or public web applications, are specifically excluded from this policy. 4.0 Policy 4.1 Account Setup During initial account setup, certain checks must be performed maintain the integrity of the process. The following policies apply to account setup: • Positive ID with Human Resources • Users will be granted least amount of network access required to perform his or her job function...

Words: 937 - Pages: 4

Premium Essay

Information Systems & Security

...Kyle A. Metcalf November 20, 2011 Information Systems and Security Table of Contents Statement of Purpose 3 Access Control Modules 3 Authentication 4 Education & Management Support 5 User Accounts & Passwords 6 Remote Access 6 Network Devices & Attack Mitigation 9 Strategy 9 Physical Security 10 Intrusion Protection 10 Data Loss Prevention 11 Malware and Device Vulnerabilities 11 Definitions 11 Dangers 12 Actions 13 Web and Email Attack Mitigation 13 References 15 Statement of Purpose The managing partners of Metcalf Law Group, LLP (MLG, LLP), a small but growing Law Firm, have hired an IT Director to address the numerous short and long-term objectives. This document outlines those objectives, risks associated with the network and solutions to mitigate those risks, and policies and procedures to create and maintain a safe and secure system environment for MLG, LLP. Firm management has requested formal policies be put in place for Remote Access. MLG’s clients, including MP3, the Firm’s largest and most important client, want to ensure that all communication that occurs from remote locations is secure. Firm management has also requested a formal policy that outlines the Firm’s network security structure. The proposal will address security zones, firewalls, intrusion detection, and any other items that will help secure the network. Firm management also wants to address the issue of spyware and virus attacks. ......

Words: 3222 - Pages: 13