- FINANCIAL IMPLICATION OF INTERNAL CONTROL SYSTEM IN AN ORGANISATION (A Case Study of Mercury Microfinance Bank)
- THE EFFECTIVENESS OF INTERNAL CONTROL SYSTEM IN AN ORGANIZATION (A Case Study of Dangote Group of Companies)
- THE IMPACT OF QUALITY CONTROL ON THE ORGANIZATION PERFORMANCE (A CASE STUDY OF GUINNESS NIGERIA PLC)
- EFFECT OF INTERNAL CONTROL SYSTEM IN ENHANCING DECISION-MAKING IN COMMERCIAL BANKS (A CASE STUDY OF FIRST BANK OF NIGERIA PLC)
- THE IMPACT OF INTERNAL CONTROL SYSTEM ON FRAUD PREVENTION IN FINANCIAL INSTITUTION [A CASE STUDY OF ACCESS BANK PLC]
- EFFECTIVENESS OF INTERNAL CONTROL SYSTEM IN NIGERIAN BANKS [A CASE STUDY OF SKYE BANK PLC]
- INTERNAL AUDIT AS A CONTROL FOR EFFICIENT MANAGEMENT IN NIGERIA PUBLIC ENTERPRISES (A CASE STYDY OF LSDPC)
- THE EFFECT OF BUDGETING AND BUDGETARY CONTROL ON ORGANIZATION PERFORMANCE IN LOCAL GOVERNMENT (A CASE STUDY OF OJO LOCAL GOVERMENT)
- EFFECT OF INTERNAL CONTROL ON ORGANIZATION PERFORMANCE OF LOCAL GOVERNMENT (A STUDY OF OJO LOCAL GOVERNMENT)
- INTERNAL CONTROL PROCESS AS AN EFFECTIVE TOOL FOR MANAGEMENT (STUDY OF NATIONAL PETROLEUM INVESTMENT MANAGEMENT SERVICES)
APPLICATION OF SECURED NETWORK ON INTERNAL CONTROL OF AN ORGANIZATION
The main objective of this project is to find a way of improving data and voice communication over Lagos State University network and to ensure the integrity of data that is sent across the network during communication and transmission of data.
Finally, there is no doubt that an overview of the whole project has achieved its aim and objectives. I believe that proper implementation of this project will improve data integrity and communication security within Lagos State University network.
TABLE OF CONTENT
Title page i
Table of Content iv
1.0 INTRODUCTION 1
1.1 STATEMENT OF THE PROBLEM 2
1.2 AIM AND OBJECTIVES OF THE STUDY 3
1.3 SIGNIFICANCE OF THE STUDY 4
1.4 SCOPE OF THE STUDY 4
1.5 METHODOLOGY 5
1.6 DEFINITION OF TERMS 5
2.0 OVERVIEW OFCOMPUTER NETWORK SECURITY 7
2.1 NETWORK OVERVIEW 12
2.2 ORGANIZATIONS IMPLEMENTING LOCAL
AREA NETWORK INFRASTRUCTURE 16
2.2.1 IMPLEMENTATION OF METROPOLITAN
NETWORK AND WIDE AREA NETWORK 17
2.3 NETWORKING MEDIUM AND DEVICES 18
2.4 NETWORK PROTOCOL 19
2.5 COMPUTER SECURITY 19
2.6 PHYSICAL COMPUTER THREAT AND SECURITY
MEASURES ENFORCED 22
2.7 NETWORK SECURITY ISSUES AND REVIEW 24
2.8 NETWORK SECURITY AND DATA
TRANSMISSION REQUIREMENT 25
2.8.1 NETWORK SPECIFIC COMMUNICATION
THREAT AND ATTACK 26
2.9 DATA ENCRYPTION AND DECRYPTION ANALYSIS 29
2.10 TYPES OF CRYPTOGRAPHIC ALGORITHMS
THAT CAN BE IMPLEMENTED 30
SYSTEMS ANALYSIS AND DESIGN
3.0 INTRODUCTION 32
3.1 SYSTEM DESCRIPTION 32
3.1.1 HISTORICAL BACKGROUND 33
3.1.2 NETWORK RESOURCES SHARED
AT LASUCOM GROUP 35
3.1.3 NETWORKING WHAT AND HOW 35
3.2 DESIGN APPROACH 38
3.3 PROGRAM LAYOUT AND DESIGN 38
3.3.1 OUTPUT DESIGN 38
3.3.2 INPUT DESIGN 39
3.3.3 ALGORITHM FOR SHA-1 BITWISE PROCESS 41
SYSTEMS IMPLEMENTATION AND DOCUMENTATION
4.1 SYSTEM IMPLEMENTATION 44
4.2 SITE PREPARATION 44
4.3 HARDWARE SPECIFICATION 45
4.4 SOFTWARE SPECIFICATION 45
4.5 PROTOCOL SPECIFICATION 46
4.6 HARDWARE MAINTENANCE 47
4.7 PROGRAM DOCUMENTATION 48
4.8 CHOICE OF PROGRAMMING LANGUAGE 49
SUMMARY, CONCLUSION AND RECOMMENDATIONS
5.0 SUMMARY 58
5.1 LIMITATIONS 58
5.2 CONCLUSION 58
5.3 RECOMMENDATION 58
APENDIX 1 FLOW CHART 60
APENDIX 2 PROGRAM LISTING 61
The use of the internet for electronic transfer of both business and personal information has been on the increase in the past decade. As a result, Internet has become a key resource of information. But the same Internet can be and has been used by terrorists, criminals and others to communicate information about unlawful activities. Organizations such as LASUCOM must adopt effective and practical security solution assets.
Information is been shared using various mediums and means in most organizations both to control its activities and to ensure that organization goals and objectives are met. This project will be looking into the Application of Secured Network on Internal Control of an Organization; with more attention placed on the need of making sure that the network is secured. The internet has improved tremendous technology advancements for organizations, resulting in improved business efficiencies and productivity gains. Security threats such as hacking, viruses and remote technologies are threating. A recent trend is the shift to financially motivated attacks and exploits: The 2009 Computer Crime and Security Survey shows that the most expensive computer security incidents were those involving financial fraud.
Increased collaboration and globalization introduce further security challenges. Mobile users bring their laptops and handheld devices in and out of the school’s network. Remote-access users connect from their offices and from public locations. Students who are business outsourcing require direct partner access into the internal network. Onsite visitors, vendors, and contractors may need access to the internal network to accomplish their work. Even “in the-office” workers are subject to threats coming through internet access, and e-mail use. Traditional security products designed to protect closed environments with well-defined security boundaries are no longer effective in securing a network.
Most IT and security departments also face budgetary and personnel resource constraint. Adding to the challenge are the growing complexity and sophistication of new security threats, often, less-than-efficient operations. The college must streamline work processes, improve operational efficiency, and reduce security incidents and financial losses to remain competitive.
1.1 STATEMENT OF THE PROBLEM
There are many problems facing network security generally, but to mention few;
v Network infrastructure problem i.e problem with the network model and Architecture implemented.
v Problem of the nature of medium used for communication.
v Physical limitation of equipment used for communication (cable type, data transmission method and computer equipment used)
v OSI model security infrastructure
v Hacking and cracking infrastructure
To effectively protect the college network, the college as an organization need to address several key security questions, including:
v Does the college have full control over who is accessing the network and where each user is permitted to go?
v Does the college have the ability to implement security policies on endpoints-before they connect? Other problems are:
1.2 AIM AND OBJECTIVES OF THE STUDY
The purpose of this study is to ensure that LASUCOM implement the right type of network infrastructure and to ensure maximum security of LASUCOM network through implementation of security infrastructure that cannot be easily breached i.e using Cryptographic Hash Function to achieve these goals.
This project explains how the college can use Cryptographic Hash Function to strengthen their security. It discusses how Cryptographic Hash Function is integrated into the college’s lifecycle in terms of supporting role b assed access control Cryptographic Hash Function helps reduce the potential loss of the college’s sensitive information. This helps prevent unauthorized access via the wired, wireless, or remote-access network for better running of the college.
1.3 SIGNIFICANCE OF THE STUDY
The project is basically on how to proffer a better means of securing the organization’s data over the network and to better serve the college while using the internet facility.
1.4 SCOPE OF THE STUDY
The scope of the project is limited to network model and secure information sharing within LASUCOM using computer hardware and software network infrastructure.
Majority of communication medium, system and technology this day stands the risk of been broken into by unscrupulous individual who either use the opportunity to steal data, back information, crack company security or to seek revenge by attacking network with virus. Having seen these problem posed on network communication, there will be a serious need for secure information infrastructure to be put in place for organization information security.
The following steps will be followed in carrying out this project:
v Detailed study of the network type and Architecture use in Communication.
v An oral interview will also be carried out to get necessary information about LASUCOM network problem types and its associated security issues.
v Review of different security infrastructure used in transferring information from one location to another.
v Design of different kind of level of network model for secure and non-secure information sharing.
v Creating a security procedure and data originality check procedure for network i.e (cryptographic, Authentication, variation, secrecy rules).
v Enabling security on Equipment used for a network.
1.6 DEFINITION OF TERMS
Cryptography: Art of secret communication and writing.
Security: Act of save keeping, protecting data and information from unauthorized users.
Networking: This is an interconnectivity of two or more systems for communication purposes.
Sneaker net: is not informal term describing the transfer of electronic information especially computer files, by physically moving removable media such as magnetic tape, floppy disks, compact discs, USB flash drives, or external hard drives from one computer to another.
Network Security: consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
Information Security: means protecting information and information systems from authorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Intrusion Prevention System (IPS): also known as Intrusion Detection and Prevention System (IDPS), they are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.
Security Management: is a broad field of management related to asset identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.