In a distributed network environment, network security has become one of the most important areas of concerns for most organizations (Flowerday & Tuyikeze, 2016). The increased use and convergence of the internet, computer-based networks, extranets, wide area networks (WAN), intranets, local area networks (LAN) and emails, have increased security threats and concerns to most organizations. It is imperative that every organization designs a security policy plan that binds all employees to the use of company networks.
A number of items must be included in the security policy plan, which employees must follow while using the company network system (Flowerday & Tuyikeze, 2016). To secure network, there is need for security protocols such as strong passwords, authenticity access, restricting access and use of organization computer hardware, software and networks. Such security procedures and policies ensure that data is available for the authorized people and the network and computer systems can only be used by the authorized employees. Although there are many security items, confidentiality, access control and data integrity are the most important items in organization security policy plan.
One of the most serious security threats in a network is access to information by unauthorized people/entities. Data or information confidentiality ensures information is available to only the authorized individuals. Restricting access to organization information ensures that any data in the network is only accessible to the authorized people, which help against the loss of data to unauthorized entities thus maintaining privacy of communications. The lack of confidentiality can lead to security breaches such as access and use of important company emails with confidential information by outside third parties.
The other item is great importance in network security is access control. Access control is useful in permitting or denying network use based on a number of parameters for example authentication of the network users, the source and destination of information. It helps in restricting unauthorized access and theft of information over the company network. All users must be identified before being allowed to use the network through ID and passwords. The lack of strong user access control could lead to security breaches resulting from spoofing, which can lead to massive loss of important data.
Read also Enterprise Network Attacks
Another fundamental component of information security in the use of organization network is data integrity. The development and implementation of security policy plan must include data integrity. According to (Paquet, 2013), data integrity refers to the consistency and accuracy of data. Adopting in organization security policy plan and observing it ensures that only the authorized people over the network can access and change data, providing a way of detecting data breaches during transmission over the network. In addition, data integrity helps in reinforcing data authenticity. Lack of data integrity can result in alteration of company information by a third party.
The use of wireless local area networks exposes an organization to increased risks of attacks (Potter, 2003). Unlike the wired network that requires physical access, a wireless network can be attacked from a distance. There are a number of threats in the wireless networks, which include denial of service, passive capturing and ad-hoc networks. Special security considerations in wireless networks include the use of end-to-end under authentication and use of shared key, which should be communicated to both sides before a communication is established.