Computers nowadays are being ubiquitous. Almost everyone uses it whenever and wherever they are. And because humans are social beings, they devised ways of connecting with other people through this ubiquitous equipment. This has become the birth of the internet.
These computers are used in a variety of ways, in businesses, at home, while traveling, at school, and in other places. The internet connection has already become a very powerful tool for business institutions. With it, the internet connection helped the organization know their employees more, helping them assess the working efficiency of each of the employees. The internet is a group of so-called protocols which make it capable of doing different functions like information access using the World Wide Web, relay messages like e-mails, and/or file transfers and transactions (Clarke, 1999).
Main body
Thus, through the internet, cyberspace has been one of the most rapidly growing technology and medium of communication through computer technologies. It is commonly used by students for their researches, and businessmen likewise. Online processing of data makes it easier, faster, and more convenient to use among people in terms of communicating with others and relating with them.
Considering those in business fields, most organizations or corporations consider using this computer technology. Because it is cost-efficient in different ways such as posting new ads or new job offers via the internet and other different purposes like keeping track of their workers.
Privacy in workplaces is important because it helps improve a good atmosphere among co-workers and it also helps build a better business sense. Though privacy can be positive in some sense, some still see it as a means of covering up or hiding what should be exposed for inspections or scrutiny (Posner, 1978). Therefore, every individual should have his or her private space. In this way, the person could be free and able to do things at his own pace and comfort.
But on the contrary, organizations tend to use surveillance among employees in their workplace. From this, the concept of ethics comes up. The idea of ethics in any field is formed because of one basic question, “Would you want the things you do to others to be also done to you?”. This is the question that every ethical framework is expected to answer.
Regarding the main question, “Is it ethical that employers monitor their employees, more specifically, their e-mails?” it should also be asked if they should be doing this in the first place.
In the viewpoint of the employers, monitoring their employee’s email activities would be a kind of protection; not only to their company’s security but also preventing any virtual attacks on their system as well (Introna, 2000). It could also be seen as keeping a log about what information comes in and what goes out of the company system. The action could prevent dishonest employees from sharing company information with other people. This could also be an act to prevent the system’s IP address from being spread on the net.
But the said action could also entail that the employers would be invading their personnels’ personal space, as well as their privacy while working. This would mean that they would be virtually manipulating the working efficiency of the employees, whether positively or negatively.
It is more possible that there would also arise some problems about their employees’ performance because there are people whose work efficiency increases when they are monitored, but there are also people that cannot function well whenever they know that someone is watching their actions. And if this is the case, the “preventive” act of the employers could endanger the company’s production.
On the other side of the coin, employees also have a say about the issue, because they are the ones that do the production. Their efficiency depends on many factors, and one of these is the company’s ability to provide them a healthy working environment. They need appropriate working stations, as well as working equipment. They are also people who need privacy while working.
Employees have the right to privacy too. In this way, the employer should also respect his or her employee. To be able to keep harmony and balance among employer-employee relationships, they could consider some rules in order to establish as well as maintain balance in their workplace. These rules could involve, (1) employers telling his or her employees why he needs information about them, (2) informed consent for the employees part when his or her personal information would be used, (3) employers are only to collect necessary personal information and to do it fairly and by lawful means, (4) the employee’s personal information should be updated, complete and accurate, and, (5) employees should be able to access their data and be able to change or update it (Canada, 2004).
Before employers can monitor or even access information about their employees, they should first tell the employee why the information is needed (Canada, 2004). When an employer wants to get information about an employee, like the person’s online information such as the username, email logs and password, and personal information like credit card number, birthday, etc. he/she must first ask for permission before doing so.
Also, they are expected not to use the said information for any other purposes except for the one mentioned in the letter of permission. Using this information may endanger an employee’s identity, so employers are also expected to keep the information as classified as possible. Employers can only access their employees’ email logs and emails, if and only if their employees give them access to them.
Employers, especially those that own the organization, are in a sense, an owner of an employee’s work because it is what they are paying them for. But regarding the nature of the labor itself, only the employee owns everything that he/she does. Because of this, only the employee has the right to choose which information can be seen accessed by the employer, and which of those could not be.
Because organizations should be bound by the Law, they should also use legal ways of acquiring information from their employees. They should have dialogs between and among them before getting the information.
The issue about employers monitoring their employees while they work would not only be an issue of privacy in the workplace but also in a sense, an issue of violation of the intellectual property rights of the employee. Everyone has his / her own way of doing and accomplishing things. When workers are closely monitored by their authorities, their own way of working is in danger of being copied and potentially owned by the organization, taken that the worker has an exceptional, highly efficient, and unique way of working.
But taking the instance from another point of view, it would be beneficial not only to the company but also to other workers. This is because it would be one way of keeping the business alive, which in turn keeps the workers in their jobs, which means they would still be financially stable.
Conclusion
Using a utilitarian ethical framework, it would be better if employers would not monitor their workers, because it would not only save them money and efforts but also would keep the morale of the workers and the public high towards the company. When authorities monitor its workers’ moves, it would spell disaster to the company because the consumers would lose faith in it because they may assume that the company is experiencing some problems with its production. it may also be assumed that the quality of their products is relatively low, which could cause lesser sales, which would ultimately cause bankruptcy.
Employers should trust their employees because they are the life of the company. When they lose morale, the company would also suffer.
References
Privacy in the Workplace (2004). Fact Sheet. Office of the privacy commissioner of Canada.
Clarke, R. (1999). Ethics and the Internet: The Cyberspace Behaviour of People, Communities and Organisations.
Introna, L. (2000). Workplace: Surveillance, Privacy and Distributive Justice. Computers and Society. 30, 4, pp. 33-39.
Posner, R. (1978). The Right to Privacy. Georgia Law Review. 12:283-422.
The process of configuring networks largely employs skills and competences obtained from vSphere Networking. However, it is crucial to mention that the latter mainly offers information and guidelines on how networks can be configured. In this case, planning of the entire process is fundamental. For instance, it is not possible to come up with vSphere standard switches and distributed switches without articulate planning. VMware vSphere requires complex networking that can only be achieved through the initial planning phase (Ferguson, 2012).
During planning, networking best practices, managing network resources and monitoring networks should be put into consideration. In other words, planning of vSphere networking should take into consideration the targeted audience and of course the anticipated benefits or gains. This implies that usage is of great importance.
System administrators who are well experienced in either Linux systems or Windows should be part of the planning team. In any case, network configuration usually follows immediately after the planning phase. Therefore, administrators should be very familiar with systems at hand. In addition, there are numerous aspects or elements of virtual machine technology that equally count towards planning a vSphere network.
When planning this type of network, a number of factors are worth considering. First, the working principle of a vSphere standard switch should be established. For instance, the same switch is used to create a connection among several Virtual Machines (VMs). Several physical and virtual machines using the same host on both vSSs and ESX/ESXi hosts (Mousannif, Khalil & Kotsis, 2013). This type of planning can take place on any location of a physical environment. Moreover, planners should be conversant with the capabilities of various vSS. This is crucial because it reaches a time when they are supposed to be developed, mounted and may be deleted.
Configuring vSphere Networking
In order to successfully configure vSphere networking, it is prudent to begin the procedure by establishing the capabilities of a vSS. The latter refers to a standard switch to be used in the configuration process. The external networks are linked to this switch. Hence, traffic can flow between the switch and VMS after the process of configuration is complete (Mousannif, Khalil & Kotsis, 2013). In the ESXi host, the vSS contains two ports. One of the ports plays the role of network management.
The port is connected to a network interface card. Alternatively, a physical world uplink can still be used to create such a connection. Each port utilizes an uplink adapter during configuration. Nevertheless, vSSs connections and the manner of creating them are the most important aspects when configuring vSphere networking.
There are two main types of vSS connections that can be created. It is mandatory to make use of both connections even though their distinctions are dramatic. VM ports and VMkernel ports are the two types of distinct connections in this case. Unless the working principles of each connection is vividly understood, the process of configuring vSphere networks can be very complex and challenging (Rong, Tsai, Chen & Huang, 2014).
VMkernel is connected to services VMkernel ports. In this case, the ESXi host contains a single VMkernel even though numerous ports of this type can be used in a configured system. Nevertheless, it is highly recommended that VMkernel service type should utilize an independent port. The VMkernel port offers a number of VMkernel services in a configured system (Henderson & Allen, 2010). IP storage is the first service provided by the above ports. The storage is attached to a given network. vMotion is yet another service offered by the ports. Other services include fault-tolerant logging and management because console parts are not available.
References
Ferguson, B. (2012). The Official VCP5 Certification Guide (VMware Press Certification). New York: VMware Press. Web.
Henderson, T., & Allen, B. (2010). VSphere rounds into form. Network World, 27(16), 24. Web.
Mousannif, H., Khalil, I., & Kotsis, G. (2013). Collaborative learning in the clouds. Information Systems Frontiers, 15(2), 159-165. Web.
Rong, C., Tsai, H., Chen, C., & Huang, C. (2014). Analysis of virtualized cloud server together with shared storage and estimation of consolidation ratio and TCO/ROI. Engineering Computations, 31(8), 1746. Web.
Cyberspace is a unique, human-made domain that was created for the facilitation of interaction and can be characterized as a globally interconnected infrastructure (Deibert and Rohozinski 15). It has made the free exchange of information via a networked system for more than half of the world’s population possible (Deibert and Rohozinski 15). Emerging risks in cyberspace pose a new threat to modern societies around the world that has the potential to undermine the safety of their citizens and bring significant disruption to political, social, and economic life.
To conceptualize cyberspace security, it is necessary to make a distinction between two risk dimensions: risk to cyberspace and risk through cyberspace (Deibert and Rohozinski 16). The risk of cyberspace can be characterized as a threat to the physical infrastructure of communication technologies. The risk through cyberspace, on the other hand, is a threat posed by cyberspace itself and is facilitated by the use of its technologies (Deibert and Rohozinski 16).
The Risks to Cyberspace
Even though the Internet was created to become a particularly resilient network, its rise and change of status from a small web of interconnected devices to the global hub of social and economic life introduced a wide range of security vulnerabilities to its physical structure. After being targeted numerous times with a malicious intent to bring disruption, many states have recognized cyberspace as “a key national asset” and have decided to establish special institutions that will protect critical infrastructure, thereby reducing risks to the normal functioning of the network (Deibert and Rohozinski 19).
It is important to keep in mind that cyberspace is a prerequisite for the existence of global capitalism in its current form; therefore, emerging risks to cyberspace threaten to undermine global capital markets and disrupt existing economic order. Therefore, the security requirements of cyberspace infrastructure and flow of information coincide with some of the national security imperatives and have to be protected by government actors. To this end, the Communications Security Establishment Canada (CSEC) and the National Security Agency (NSA) have developed national encryption standards and protection protocols (Deibert and Rohozinski 19).
Moreover, the task of securing critical infrastructure from deliberate attacks and other risks pushed many states to develop doctrines concerned with “the offensive operations in cyberspace” (Deibert and Rohozinski 20).
The Risks Through Cyberspace
The technological explosion of the last decade was associated with the creation of civic networks that helped to organize social and political activities of many nations more efficiently and allowed countless individuals to express their opinions without the help of intermediaries such as radio and press (Kim-Kwang Raymond 719). New media channels allowed for a significant shift in the landscape of public discourse by bringing sweeping changes to countries like Egypt. However, cyberspace has also been increasingly used for expressing the minority views of terrorist groups (Kim-Kwang Raymond 719).
They have used information and communication technology for spreading their military doctrines and promoting extremist activities. Numerous jihad-oriented groups have been known to explore the anonymous nature of cyberspace for radicalization and recruitment among different communities (Kim-Kwang Raymond 719). Moreover, they have also utilized them for funding terrorist activities and making contact with radicals all over the world. Another challenge presented by cyberspace is the ever-increasing criminal activities: online extortion, Distributed Denial of Service (DDoS) attacks, and unauthorized access (Kim-Kwang Raymond 719).
Conclusion
Numerous risks to cyberspace and through cyberspace result in a long-term negative impact on business and government activities; therefore, all cyber threats have to be properly addressed by security agencies and other organizations.
Works Cited
Choo, Kim-Kwang Raymond. “The Cyber Threat Landscape: Challenges and Future Research Directions.” Computers & Security 30.8 (2011): 719-731. Web.
Deibert, Ronald, and Rafal Rohozinski. “Risking Security: Policies and Paradoxes of Cyberspace Security.” International Political Sociology 4.1 (2010): 15-32. Web.
The Internet, a rapidly growing network system, is lining millions of individuals affecting the way they relate. It offers new spaces changing people’s manner of thinking, interaction, and the perception of sexuality, community construct, and how people perceive their identities. Cyberspace enables one to learn what the principles of virtual lives are. The vastness of virtual reality has made it possible to unravel cyberspace mysteries, navigate the virtual world, and engineer gadgets that could improve existing technology (Turkle, 1999). For the past decade, Sherry Turkle (1999) has been engaging in a clinical and ethnographic study to explore people’s representation on the Internet and how they negotiate the “real.” Many have found this experience challenging their traditional identity definition, which is often recast regarding parallel lives and multiple windows. The cyberspace has shifted the identity of users in a problematic notion influenced by several cultural trends, which encourages people to think, act, and bring out their hidden character.
The article focuses on the fundamentals of online life and how they impact identity. The construction and projection of created personae into cyberspace allow one to portray a textual description. There is no need for visual identification in the virtual space. Here, one can edit their “composition” and “personality” to fit their unmet social deprivation (Turkle, 1999). The hidden identity gives a person the chance to explore various aspects of the self while discovering new networks and socializing better with other Internet users. People in cyberspace can also explore their multi selves simultaneously by using different names on several social media platforms.
The Internet is a positively charged territory, bringing various feelings to different users. In contrast, some feel unease and uncomfortable fragmentation; some find a sense of relief and self-discovery. The creation of different personae on several online platforms emerges concerning the change of the virtual space. Cycling through online slots has been made possible through the existence of “windows,” a modern computing ability which enables users to place themselves in different settings at the same time. The practice of using windows has become a useful metaphor for expressing the self as a distributed, multiple, and “time-sharing” system.
Consequence-free experiment enables the progress of a “core self,” which is a personal sense giving life its meaning with regards to identity. Erik Erikson developed the ideas about a “psychosocial moratorium,” which is a crucial element in assessing identity development in young adults (Turkle, 1999). He emphasized the need for experimentation as a norm instead of what most people term as brave departure. Over recent years, social theorists, psychologists, philosophers, and psychoanalysts have developed ideas about the need to shift the perspective of the self as unitary actors. Decentralization is offered as a means of developing multiple theories to shape how people view things in a world full of technological influences.
The article has expanded understanding of the contemporary social world, shifting a complacent view of the unitary self. It has made it possible to confront traditional theories concerning the unitary self. As a result, questions emerge on the essence of the self, in particular, whether it functions as a collective community and how the self-divide its task among its essential vary. The cyberspace can be well applied to develop unique ideas about identity by creating various social practices. A computer culture can be used to improve awareness of every day’s life projection. Through constructive reflection on the real, people can use cyberspace for personal and social transformation to attain a clear perception of who they are, what they want, and how new technologies will impact their lives.
Cloud computing has revolutionized the way organizations in the aviation sector approach the management of information systems. A company may opt for a particular method of deploying the infrastructure and computing resources in a cloud computing system. The common cloud computing methods include public, private, community, and hybrid clouds. Such cloud computing deployment approaches provide an array of benefits to aviation cyberspace, especially regarding information safety and assurance. Hence, it is crucial to examine the importance of cloud computing while using examples to illustrate the application of private and hybrid deployment methods in aviation cyberspace.
Cloud Computing Deployment Models
As Jansen and Grance (2011) reveal, deployment models, help to classify different categories of consumers who use cloud-computing services. The two common deployment models in the aviation sector include private and hybrid clouds. A private cloud constitutes a framework that provides infrastructure and computational resources via the Internet to facilitate the accessibility of services to a single organization. A third party or the organization itself can manage this category of deployment models. The implication is a private cloud can also be hosted externally by the vendor or within the specific company’s data center (Jansen & Grance, 2011). This deployment model allows organizations to store, manage, and process classified data.
The $85 million deal between IBM and Emirates Airline sealed in January 2018 shows the extent to which leading aviation companies prefer the private cloud as a deployment method (Desouky, 2018). This agreement informed the decision by IBM, the cloud computing service provider, to concentrate on the day-to-day management of Emirates’ IT infrastructure. Emirates Airlines was required to focus on its strategic initiative in the competitive aviation sector.
Specifically, IBM handled the backup environment for Emirates. It also facilitated the implementation of a private cloud solution at the aviation company’s two data centers situated in Dubai, the United Arab Emirates (Desouky, 2018). Thus, the private cloud was hosted internally at the airline’s information stores to enable it to manage its information security effectively.
A hybrid cloud is regarded as one of the complex deployment models in the cloud-computing field. This form of cloud incorporates two or more deployment models, which include the public, private, or community clouds. Hence, each member accessing cloud services is considered a unique entity that is required to observe the proprietary of standardized technologies, which facilitates the application and accessibility of data (Jansen & Grance, 2011). Therefore, a hybrid cloud is shared among various members who demonstrate a particular have a degree of uniqueness when using multiple deployment methods.
Boeing, a leading aircraft manufacturer, has been applying the hybrid cloud deployment model for several years. It utilizes this framework to foster the management of information security as it carries out its operations. In 2014, David Nelson, the company’s chief cloud strategist, described how Boeing uses both the public cloud and on-premises data centers to establish a hybrid cloud computing environment (Butler, 2014). As a result, this company has managed to realize greater efficiency in running its applications. It has also recorded decreased costs of managing information security.
The Importance of Cloud Computing Information Security and Assurance
The above cloud computing deployment methods are beneficial to stakeholders in the aviation industry as far as information security and assurance are concerned. For instance, cloud computing helps to redefine aviation cyberspace, thus presenting an array of opportunities arising from the effective management of information security. The benefits of cloud computing information security and assurance range from reduced costs of ownership to enhanced customer engagement levels.
Cloud computing is vital in aviation cyberspace because it not only lowers the total cost of ownership (TCO) but also provides other benefits (Vagdevi & Guruprasad, 2015). The deployment of cloud computing in the aviation sector is cost-effective since it significantly reduces administrative and maintenance costs. Furthermore, cloud-based disaster recovery (DR) is a very beneficial strategy for retrieving data after the occurrence of a disastrous event (National Institute of Standards and Technology, 2014). Compared to the traditional methods of DR, cloud-based DR is considerably affordable because organizations only pay for resources consumed while at the same time offering high-speed recovery.
Inter-cloud computing platforms such as hybrid clouds contribute to the flexibility of various deployment methods. They offer backups that provide uninterrupted availability of cloud services (Vagdevi & Guruprasad, 2015). Hence, cloud computing allows aviation companies to realize instant and sustainable protection of data. Therefore, according to NIST Cybersecurity Framework (2014), the resilience of cloud computing resources enables businesses in the aviation cyberspace to access real-time global services associated with the management, storage, and processing of data.
Overall, cloud computing is important since it significantly enhances the privacy and security of information. The integration of highly recurred infrastructure and computing resources ensures that a company using cloud services is protected from privacy and security threats such as data breaches, virus invasions, and DoS attacks (National Institute of Standards and Technology, 2014). Thus, data privacy and security associated with cloud computing fosters airline operations by guaranteeing high customer engagement levels and, consequently, the productivity of businesses in this sector.
Conclusion
Deployment methods applied in the aviation sector include private and hybrid clouds. The private cloud allows a single organization to access could computing services hosted either on-premises or externally by the provider. The hybrid cloud consists of a combination of deployment methods such as private and public clouds to ensure that an organization realizes the benefits arising from inter-cloud computing. The aviation cyberspace experiences greater information security and assurance from cloud computing, which reduces costs while at the same time enhancing data recovery and the privacy and security of information.
Vagdevi, P., & Guruprasad, H. S. (2015). A study on cloud computing in aviation and aerospace. International Journal of Computer Science & Engineering Technology, 6(3), 94-98.
In 2017, there have been 1579 serious data breaches, which have resulted in over 180 million records being exposed (“Annual Number”). The world’s largest hacking attacks, including the Chinese breach of Google in 2009, Office of Personnel Management Data Breech in 2014, presidential elections tampering in 2016, the WannaCry and Petya virus outbreaks in 2017, and the Equifax data breach, have managed to affect the lives of millions of people worldwide.
This statistic represents the importance of cybersecurity in the 21st century (Patil, 1). Globalization had brought forth the unification of various information hubs into huge databases, which process and store data about mechanisms, processes, as well as day-to-day activities.
One of the most prominent issues in modern cybersecurity is the slowness of adaptation to evolving cyber threats. With the promotion and expansion of the Internet of Things (IoT) technology, the amount of labor required to conduct and perform updates is much greater than the amount of labor required to devise a new way around the protective grid (Jing et al., 2481). It is the reason why hackers remain one step ahead of cybersecurity software developers.
Should a security breach happen, a culprit could steal valuable files, take control of a technological appliance, or cause harm in a multitude of different manners. This is a great threat to users, businesses, governments, and militaries around the world. The purpose of this paper is to evaluate potential avenues for cybersecurity to change from a reactive to a proactive approach against cyber threats.
Literature Review
There are two approaches to cybersecurity. One is proactive, based on actively seeking out potential breaches and selectively securing important assets, while the other is reactive, which is known as a perimeter defense. It is established by traffic control, firewalls, passwords and login sequences, and strict user control. It is what most companies use to keep their systems and databases safe. Benaroch (315) explores the possibility of establishing a more flexible system based on mitigation and active decision-making, which can significantly lower the costs of cybersecurity for an enterprise.
The researcher proposes three types of active approaches to cybersecurity: mitigation interventions, prevention interventions, and learning interventions. Prevention interventions are conducted via standard means of protection such as antiviruses or firewalls, mitigation interventions include shutting off accesses to important data and repairing the damage one has been dealt with, and learning interventions include simulations of cyber-attacks to find ways of eliminating or reducing their chances of success. Technical and software necessities include base security measures, IDS, backup servers, and personnel training (Benaroch 332).
Jing et al. (2481) analyze the vulnerability of mass-internet implementation technologies such as the Internet of Things (IoT). According to the article, IoT does not have any uniform coding standards that would be used by the majority of appliances. It makes designing a protection system difficult, as it would require to encompass dozens of different systems into its architecture. Different types of programming mean numerous types of weaknesses present. Jing et al. (2483) also state that many IoT appliances have difficulty receiving timely updates on their coding and security.
Because of this weakness, defenses become out of date very quickly. Lastly, different IoT appliances may have conflicting codes that make programs interfere with one another and creates potential weaknesses for hackers to exploit. Jing et al. (2497) suggest several ways of protecting flows of heterogeneous data for IoT, which are implementing unified coding patterns for different technologies, using WSN and RFID technologies to enhance the perception level of the security architecture, and intelligent transportation systems to protect the input and output of information.
Patil (2) suggests another possible solution to the proactive security strategy. Artificial intelligence can be used as a medium to facilitate internet security. With the advancements in AI, it is possible to implement it alongside WSN and RFID. AI can be used to run learning simulations to try and infiltrate the defense, try cause training crashes and breakdowns, and test the security systems for any flaws. Also, artificial intelligence would be capable of responding to threats proactively without having any input from human operators. It would enable the cybersecurity system to become more fluid and responsive. However, as Patil (5) states, the development of AI is a complicated and expensive process, making it viable only for large corporations, government databases, and the military.
Possible Solutions
Both sources dedicated to the security issues of IoT and various enterprises indicate that the uniformity of the coding language throughout the system helps increase its potential responsiveness against cyber threats, as the specialists would be able to update the systems much quicker and mitigate any long-standing damage left by the attack. However, implementing such would mean that the hackers would be able to infiltrate the system much deeper, should the programming architecture experience a critical flaw.
Implementing a unified coding system for IoT would be impossible without all the producers agreeing on a single programming language and architecture to follow, instead of developing their own. In order to succeed in introducing it, international standards for internet security would be necessary. As it stands, the very concept of IoT is relatively new, which contributes to the heterogeneity of it. However, as the international community realizes the threats posed by these attacks, cooperation would be possible.
Another suggestion involves implementing proactive, multilayered defenses in order to react to various security threats as they appear. According to Benaroch (232), these systems are as efficient, if not more cost-efficient than the defensive perimeter systems, as they activate only once an actual threat to the integrity of the database appears. However, this type of security system requires staff training, as some threats will not be sorted automatically. They are also more complex compared to the basic security systems.
It is recommended to use AI to complement the proactive defenses and use it to run screenings and checks of the existing systems. However, its use will be limited due to low levels of development and high costs of implementation. However, government agencies and the military could create such programs and utilize them to protect critical facilities.
Conclusions and Recommendations
The state of the world’s cybersecurity right now is relatively poor, which is evidenced by the number of successful breaches happening in 2011-2018. Companies implement new technologies and provide internet access to everything without establishing proper security measures first. The recommendations to improve the situation to protect complex heterogeneous flows of data, such as the IoT, would include proactive defenses, using homogeneous codes and languages, and implementing AI in cybersecurity. This requires a united approach and a consensus between nations to reduce the possibility of a hacker threat.
Works Cited
“Annual Number of Data Breaches and Exposed Records in the United States from 2005 to 2018 (In Millions).” Statista. Web.
Benaroch, Michel. “Real Options Models for Proactive Uncertainty-Reducing Mitigations and Applications in Cybersecurity Investment Decision Making.” Information Systems Research, vol. 29, no. 2, 2018, pp. 315-340.
Jing, Qi, et al. “Security of the Internet of Things: Perspectives and Challenges.” Wireless Networks, vol. 20, no. 8, 2014, pp. 2481–2501.
Patil, Pranav. “Artificial Intelligence in Cybersecurity.” International Journal of Research in Computer Application and Robotics, vol. 4, no. 5, 2016, pp. 1-5.
This project is exclusively developed to describe and demonstrate the operation and significance of an electronic mail server. This project proposal, together with drafts and diagrams of related documents, will be extensively used by a networking management team of an organization or computer network practitioners, in order to determine whether to approve work that is developed on this project. Furthermore, a clear as well as precise plan assists in setting expectations which will be used at later stages for evaluating the success of the project. This project mainly focuses on the technology underlying the electronic mail servers and basically what are electronic mails (LearntheNet.com, 2010).
Background
Electronic mail, or e-mails, as they are known to its many fans, has been in use for more than two decades. Earlier, in 1990, it was mainly used in academia. Throughout the 1990s, e-mails became known to the masses at large and developed rapidly and exponentially till the extent where the number of e-mails sent out per day is nowadays vastly more than the number of paper letters (Vleck, 2008). In practice, the major problem of sending messages to various different email addresses is typically solved by entering a list of multiple addresses separated by comma within the “To”, “BCC”, or “CC” fields of the message. However, there are two significant reasons why some SMTP mail servers programs do not support this technique:
They are not Spam programs. Adopting this technique for sending messages is frequently exercised while sending unsolicited and malicious commercial e-mails.
This method does not involve quick message delivery whenever the SMTP server is loaded across a user’s computer (LearntheNet.com, 2010) (Vleck, 2008).
However, if the user enters multiple addresses within the ‘CC’ (carbon copy) or ‘BCC’ (blind carbon copy) fields of their e-mail message, the mail server program will send the e-mail message only to the first 50 consecutive e-mail addresses, thereby ignoring the remaining addresses. Gradually, when experience was gained, even more elaborate systems were proposed. During 1982, the ARPANET email proposals were issued as RFC 821 and RFC 822 which are specifications for transmission protocol and message format respectively. However, minor revisions like RFC 2822 and RFC 2821 have become Internet standards. Nevertheless, everyone still relate to Internet email as RFC 822 (Tanenbaum, 2005) (Kawamata & Jiro, 2001).
Indeed, in 1984, CCITT enlisted its X.400 recommendations. Two decades later, email systems on the basis of RFC 822 have been widely used, whereas those based on X.400 have vanished. The reason behind RFC’s success is not its good features, but because X.400 was so complex and poorly designed that nobody was able to implement it well. Additionally, given an option between simple minded and working RFC 822 based email system and a non-working X.400 email system, most of the enterprises chose the former (Vleck, 2008).
Server Problems to be addressed
Some of the complaints are as follows:
Messages had no internal format or structure, thereby making computer processing difficult. For instance, if a forwarded message was added to the body of another message, it was difficult to extract the forwarded part from the received message. 2. Sending a message to a specific group of persons was cumbersome. This facility is often needed by managers in order to send out memos to all of their subordinates. 3. The sender would never know if the message reached the destination or no. 4. The user interface was weakly integrated wherein the transmission system required users to first edit the file, leave the editor, and the invoke the file transfer program. 5. If a network user was planning to be away for several weeks on business and wanted every inbound e-mail to be managed by his secretary, this was extremely difficult to arrange. 6. Lastly, it was not very possible to create messages containing a combination of text, images, voice, videos, facsimile, and send them to the recipient (Tanenbaum, 2005). Indeed, when such a message is directed towards the ISP’s server, it creates copies of the original e-mail message corresponding to the number of addresses entered in the aforementioned fields. Afterwards, the server then sends every copy of the original message to the server; the ultimate outcome is precisely similar to the event as if a different message was being sent to every address on the list. Rather than resolving the problem, it has only been worsened. Furthermore, the server which must deliver those messages ends up producing congestion across the Internet, as a result of which its performance degrades. And no administrator acknowledges or appreciates such things, and almost all ISPs immediately close the accounts of the network users who attempt to send a huge number of messages at the same time (LearntheNet.com, 2010) (Kawamata & Jiro, 2001).
CC and To Fields: In cases when several addresses are being entered within the ‘To’ & ‘Cs’ fields, every recipient would be able to view every other recipient’s address from a user’s list. Then, the message would be seen very unprofessionally created (LearntheNet.com, 2010). Consequently, the marketing effect created by such a sending technique is highly unfavorable because of two main reasons:
Firstly, if the message to be sent is not personalized; that is, it is not addressed personally to the recipient. 2. Secondly, if the user was so unprofessional or careless to expose their entire mailing list to everyone’s sight; hence, to what extent can a user expect that the customers would be motivated to buy his goods or services and reveal their confidential and sensitive information, such as credit card data, user names, passwords, etc, to him? (LearntheNet.com, 2010)
BCC Field: The BCC field holds its significance in the fact that when a user enters recipient email addresses within the Bcc field of the message, the recipient would not be able to see the addresses in the list in a similar fashion as they are inserted into the ‘CC’ as well as the To’ fields. Furthermore, to make a particular message reach its target address and make the server accept it, it is extremely essential to enter a certain value within the ‘To’ field. This value, in turn, will be the same for every recipient and therefore, if a user enters, for example, [email protected], each message recipient will be able to see that address wherein his /her personal address must be (LearntheNet.com, 2010) (Oricode, 2010).
Whenever the server, at which the mailbox indicated by the corresponding address in the sender’s list is situated, accepts a message like this one, it may recognize it as Spam. Moreover, automated mechanisms are employed for blacklisting people who intend to send out Spam mails; of course everything relies on the software loaded at the server end and the administrator end. A message created by a user contains adequate information about them. Deactivating the account with the respective ISP is one of the steps which could be applied (Tanenbaum, 2005). Email, similar to most other types of communication, is equipped with its own styles and conventions. In particular, it is extremely informal and also contains a relatively low threshold of use. Moreover, the reason why it is worth confronting and solving the problem mentioned above is that people who would not think of writing a letter or even calling up to a very important person do not show any hesitation to send an informal and sloppily crafted e-mail. E-mail can be exchanged with people all around the world. Not only that, it also provides a economical, fast and a convenient way to sends out messages to friends, colleagues, and family (LearntheNet.com, 2010).
This project will produce a detailed description of what electronic mails are, their significance, features of emails, architecture as well as services. Apart from this, the project also throws light on the user agents involved, format of an email, and the various protocols involved in the development of an electronic mail (Oricode, 2010). However, this project will not talk about the message format of an email in depth. The message format is covered superficially in this project report.
Clear diagrammatic illustrations of the working of emails, how they are created and sent by the sender and viewed and read by the recipient are exclusively elaborated in a section dedicated to it. This project also provide and overview of the how Windows Server 2003 can be used as a messaging solution and the supporting technologies to aid the working of Electronic mails. Furthermore, this project can be tested on technologies such as Outlook Express and Microsoft Outlook where the client is configured for providing the best outcome and email service. The research paper deals with the various electronic mail server requirements along with a list of most efficient mail servers (Oricode, 2010) (The FreeBSD Documentation Project, 2010). The above mentioned bottlenecks or problems is accurately addressed by this project, by providing appropriate solutions and remedies that are derived exclusively from a number of diverse technologies, protocols, design and structures. The following plan has been used to manage and evaluate the project. Moreover, the primary assumptions affecting the project plan are also documented below:
What is an Electronic mail?
Email programs
Server Requirements
Architecture and Services
Messaging Protocols
Message Formats
Windows Server 2003 as a Messaging solution
Supporting technologies
Internet Black and White Lists
Moreover, the project also deals with how envelopes and message are distinguished into paper mail and electronic mail. A diagrammatic representation of how current technologies have been deployed and put to use for the development of electronic mails systems and their enhanced features to meet all possible requirements of the user and to offer them an excellent experience of emailing and communication.
The project report also presents the numerous benefits electronic mails have on user all across the globe backed by the efficiency in operation of the electronic mail servers. Significantly, the format of the email messages is also spoken of in this project report. These message formats have been evolved along with the evolution of electronic mails, and thus becomes much more beneficial for a user to precisely specify how the e-mail should look when received by the recipient, that is, the structure of the body of the email, how easily it may be read by the receiver, and finally, to whom all the message should be reached. This project is tested on the client side components such as Microsoft Outlook and Outlook Express. Supporting technologies which enhance the electronic mailing services within Windows Server 2003 is also elaborated in this documentation. Additionally, it also talk about its benefits in an organization that requires additional functionality as well as collaboration capabilities who aim at utilizing these supporting technologies.
A brief but a descriptive illustration of the concept of Internet black and white lists is also presented in this project report. The problem of back lists and white lists are addressed by presenting an effective solution that can be comprehended by users of all types. Apart from this, the research paper examines the major causes of failure encountered by enterprise email systems, together with offering preventative measures in order to reduce the percentage of unplanned email outages (IBM, 2006). These failures are directly related to Storage Area Network, Hardware server, Database corruption, Connectivity losses, and Natural disasters. This research paper also talks about the various security measures to be taken by users and network administrators while using the e-mail services. Techniques to be adopted by users to avoid misuse of any of their confidential information, attacks and viruses the emails are prone to, and security measures users must undertake, are covered in this research paper. The project is developed to be used by a computer user who uses emails to send mails and messages to numerous recipients across the world, network administrators who will deploy the project at the company servers or on standalone PCs, and any networking personnel who are capable of dealing with and expertise in electronic mail servers.
Executive Summary
Electronic mails or e-mails have lately become the most permeate kind of business communication. Emails have been enforcing a deeper impact on very aspect of enterprises, small or big, thereby enhancing the quality of communication amongst employees, management executives, clients, vendors, stakeholders, as well as business partners. E-mail systems continue to degrade in performance, even when large-scale enterprise investments are made in replication, tape back up systems, etc. Furthermore, as it is known that man-made as well as natural disasters may result in e-mail outages, new research studies have shown that e-mail systems are usually turned down by failures in technologies (IBM, 2006).
This research paper not only gives an in-depth study of what email servers and systems are, but also covers their features, and underlying protocols that supports their operations. The paper also studies the major causes of email system failures at enterprise level and also provides an efficient guidance in order to reduce the probability of the occurrences of such unintentional e-mail outages. The research paper aims at addressing the practical problem of sending out messages to various e-mail addresses by entering a list of email addresses separated by comma, in the ‘To’, ‘CC’ and ‘BCC’ fields of an email message. The very first email systems consisted of file transfer protocols, which required the convention that the first line of the message should contain the recipient’s address. However, as time passed, the limitations of this approach became even more obvious (IBM, 2006). Therefore, this research study was written to provide an in-depth study of the developments of the e-mail systems, requirements of an e-mail server, and the protocols and technologies on which an e-mail server depends.
Introduction to Electronic mail systems: The Internet electronic mail system is stated as one of the most essential and important resources in the Internet services. With the e-mail system, one can exchange electronic mail with people across the globe. Moreover, it offers an economical fast and a convenient way to send messages to colleagues, friends, and family.
Speed: E-mails are much faster as compared to traditional mails. An e-mail message is capable of traveling around the world within minutes.
Cost: When an Internet user pays a service provider for a connection to the Internet, no extra charge is applied for sending and receiving e-mails. Moreover, an Internet user does not have to pay extra charges even if they send a long message to a recipient across the globe. Exchanging e-mails can possible save you money over long distance calls as well. Convenience: One does not need to buy and stick stamps for e-mails and drop the emails into one’s mailbox. Only an e-mail program is required to help a user send, receive, and manage their emails (Lewis, 2008) (Kawamata & Jiro, 2001) (The FreeBSD Documentation Project, 2010). An electronic mail server is a computer which moves and stores mails across networks and over the Internet. In other words, in order to enable a computer to become an electronic mail server, the computer should have the ‘mail server’ software installed in it. Moreover, a mail server is capable of sending as well as receiving mails.
For sending mails, the mail server software employs SMTP, short for, Simple Mail Transfer Protocol (Lewis, 2008). The working of SMTP is explained below:
The mail client that is the software used for composing or creating the email, such as Outlook Express, sends the mail to the mail server which is already configured within the software package of the mail client. The SMTP server configuration stores the mail server’s address.
The SMTP server analyzes the “To”, “Cc”, and “Bcc” field addresses in order to find out which server the email is supposed to reach.
Eventually, the SMTP server sends the e-mail to the destination mail server.
Due to the latest trend of spam mails, certain SMTP servers are getting increasingly sophisticated. Indeed, some SMTP servers examine the ‘From’ field address for making sure that the email address contained in it is a legitimate one for that particular domain prior to sending the email (Lewis, 2008).
SMTP server contains three unique kinds of authentication techniques:
Anonymous Access: This entails that no username or password is needed
Basic Authentication: A user account and password is needed, and is sent out as plain text across the network. Moreover, it is suggested that TSL, Transport Layer Security, encryption be utilized with basic authentication for avoiding unauthorized identification of user names as well as passwords.
Integrated Windows Authentication: This feature entails that the user account and password extracted from the Active Directory is utilized during the authentication processes. At the receiver end, in order to receive the email, the mail server software uses either POP3 (Post Office Protocol 3) or IMAP (Internet Message Access Protocol). Working of POP3 is as follows:
The POP3 server receives the e-mail originating from an SMTP server
Then, the POP3 server analyzes the “To”, “Cc”, and “Bcc” field addresses in order to find out which server the email is supposed to reach.
The POP3 server then sends the mail to the “inbox” or “mailbox” for that address, only if the recipient email address is legitimate for that domain. However, if it is not a legitimate address, the POP3 server sends back an error message to the SMTP server.
Finally, when the user opens their mail client such as Outlook Express, the in-built software package checks the POP3 server for new email. Then, the address of the mail server may be seen within the configuration of POP3 server (Lewis, 2008).
POP3 allows three distinct types of authentication services in order to verify user connections at the POP3 services.
Local Window Account Authentication: This method is used if the server is not included as a part of the Active Directory, or if the user accounts are required to be stored at the server at which the POP3 services reside
Encrypted Password File Authentication: This method is used whenever the server is not utilizing Active Directory, or if the user accounts are required to be stored at the server at which the POP3 services reside
Active Directory Integrated Authentication: The e-mail server is a domain controller or a member server that is included in the Active Directory domain. Furthermore, IMTP is the latest protocol being used to receive emails, and is used by several mail server software packages in place of POP3 for receiving mails.
A newer and broadly-used function of certain mail server packages is the Mail Filtering feature. These are the mail servers that function as ‘spam detectors’, which analyze the inbound mail and inspects whether or not the mail is ‘spam’. Significantly, the aspects for determining whether the mail is “spam” are based on the package. Common factors are: keywords, letter combinations, the originating domain, etc (Lewis, 2008).
E-mail Programs: Commonly, there are certain popular email programs including Eudora Light, Outlook Express, Netscape Mail, etc. Al of these programs contains almost the same features, and allows a user to create, send, receive as well as organize their messages (Kawamata & Jiro, 2001).
How e-mails get around the Internet
Architectures and services
This section provides an overview of what exactly e-mail systems can do and the ways in which they are organized. E-mail systems typically comprises of two sub-systems: the user agents and the message transfer agents. The user agents allow people to read as well as send e-mails. The message transfer agents are responsible for moving the email messages from origin to target address. The user agents are nothing but local programs which offer a menu-based, command-based, or graphical method in order to interact with the email system. On the other hand, the message transfer agents are typically system daemons, which are processes running in the background. Their main role is to move emails through the system (Tanenbaum, 2005) (The FreeBSD Documentation Project, 2010) (AOM Software, 2010).
Typically, e-mail servers or systems perform five fundamental functions.
Composition: It refers to the process of creation of messages and answers for those messages. Even though any general text editor may be utilized for the message body, the system itself is capable of providing assistance for addressing and the several header fields that are attached to every message. For instance, while answering a message, the email system may extract the sender’s address from the incoming email and can automatically insert it at a proper place within the reply.
Transfer: It refers to the process of moving messages from the sender/ originator to the receiver. In large parts, this needs a connection to be established with the destination or some intermediate machine, producing the output of the message, and releasing the connection. Furthermore, the email system must perform this work automatically, without disturbing the user (Tanenbaum, 2005).
Reporting: Reporting deals with informing the sender of the message as to what happened to the message. Questions such as Was it rejected? Was it delivered? Was is lost?, etc are answered by the reporting process. Moreover, numerous applications are there wherein confirmation of delivery of the message is not only important but also necessary and may have legal significance.
Displaying: This function deals with displaying the incoming messages that is needed so that user can read their emails. Most of the times conversations are required or a special viewer should be invoked, for instance, if the message is a digitized voice or a PostScript file. Simple conversations as well as formatting are also sometimes attempted.
Disposition: Disposition is the last step and is related to what the receiver does with the message after he/she receives it. In this, possibilities include discarding it after reading, discarding it before reading, saving it, so on and so forth. Moreover, it must be possible to retrieve and re-read the saved messages, or forward them, or process them in other manners (Tanenbaum, 2005).
In addition to these fundamental services, certain email systems, particularly internal corporate ones, offer a variety of advanced features. Whenever a person is moving are they are away from their workplace for a period of time, they may wish to forward their emails; hence the system must be capable of doing this automatically. Indeed, almost every system allows its users to create mailboxes in order to store incoming emails. Commands are needed for creation and destruction of mailboxes, inspecting the contents of mailboxes, inserting and deleting messages from mailboxes, etc. Furthermore, corporate managers frequently find it necessary to send messages to each other and to each of their subordinates, clients, customers, or suppliers. As a result, a technique of mailing lists was developed, which is nothing but a list of email addresses. Whenever a message is sent out to the mailing list, identical copies of it are delivered to every recipient on the list. In essence, other advanced features include carbon copies (CC), blind carbon copies (BCC), secret or encrypted email, high priority email, and the power for secretaries to read as well as answer their bosses’ emails (Oricode, 2010) (Vleck, 2008) (Tanenbaum, 2005) (The FreeBSD Documentation Project, 2010). Emails are now being widely used within organizations and industries for intra-company communications. For this, it allows for far flung employees to communicate and cooperate on complex projects, even across many time zones. Furthermore, by eliminating most cues that are associated with age, rank, sex, etc, email debates are likely to focus on thoughts and ideas, and not on corporate status (Oricode, 2010) (AOM Software, 2010).
Particularly, a primary idea fundamental to email systems is the distinction between the ‘envelope’ and its contents. The envelope is used to encapsulate the message. The envelope contains all the important information required for transporting the message, like the destination address, security level, priority, all of which are unique from the message itself. The envelope is used by the message transfer agents for routing, similar to the working of a post office.
Every email is divided into 2 sections, namely the header section and the body section. The header part defines the control information for the user agents, such as the source and destination of the message, the time it was mailed, the person who created the message, etc (Tanenbaum, 2005). Next, the body of the message is totally for the human recipient and contains the main content of the message that may be plain text, or Multipurpose Internet Mail Extensions (MIME). MIME permits a sender’s mail server to accurately encode 8-bit binary files by using a mail system which supports only plain text. Moreover, a MIME enabled mail server first encodes binary data as text and the recipient’s mail server then decodes the text back to a binary file (Oricode, 2010).
Message formats
RFC 822: Email messages contain a primitive envelope, a number of header files, a blank line, and a message body. Every header field logically comprises of a line of ASCII text that contains the field name, a colon and a value. The primary header fields referred to the message transport is as follows:
To: this field indicates the DNS address of the primary receiver/ recipient. This can have multiple recipients also (Tanenbaum, 2005).
Cc (Carbon copy): This field specifies the email address of a secondary recipient (Tanenbaum, 2005). However, with respect to delivery, there is no difference between the primary and the secondary recipient.
Bcc (Blind carbon copy): This filed is similar to the Cc field, with only difference of the line being eliminated from every copy of original message being sent to the primary receiver and the secondary receiver (Tanenbaum, 2005). Moreover, this field enables users to send out copies of the original message to third party recipients without the primary as well as secondary recipients knowing about the action.
From: Indicates who created the message.
Sender: Indicates who sent the message; contains the e-mail address belonging to the actual sender. The ‘Sender:’ field is different from the ‘From:’ field (Tanenbaum, 2005). Received: The line that contains this field is included by the message transfer agent during the transfer route to the destination. This line stores the agent’s identity, the date and the time when the message was received, together with other additional information which may be used for detecting bugs within the routing system.
Return-Path: The final message transfer agent adds this field and indicates how the recipient can get back to the sender. Theoretically, this data may be derived from every ‘Received:’ header; however it is hardly filled in and only holds the sender’s address (Oricode, 2010) (Tanenbaum, 2005).
Server Requirements
A standalone computer that is running as a mail server must have ample disk space in order to store the messages. In cases where the computer is running GUI-intensive mail server software, such as an amount of commercial products, then the computer must have high memory and a high speed processor. For instance, the system requirements list of Microsoft Exchange Server indicates that the machine must have a 733 mHz processor, minimum of 1 GB disk space, and 512 MB RAM (Lewis, 2008) (AOM Software, 2010).
Cost: An issue
Cost could be an issue for a small business or a home user. In this case, there exist several open-source solutions which cost little to no money. For instance, the Apache servers consist of mail servers which are free of cost, and they also run on almost every common platform such as Windows, Linux, and UNIX. However, the disadvantage of these “cheap solutions” lies is their configuration is not as easy and do not have additional features in comparison to their commercial counterparts (Lewis, 2008) (Louwrens, 2003).
Windows Server 2003 as an efficient messaging solution
Both Exchange Server and Windows Server 2003 offer POP3 functionality to their users. Nonetheless, in Windows Server 2003 just the fundamental POP3 functions are provided to the user and administrator. This involves only a limited amount of messaging experience with availability of administrative features. Therefore, POP3 services are stated to be most ideal for small-scale organizations that require only the basic administration and messaging functionality. Additionally Exchange Server offers an enhanced collaboration and messaging environment to the administrator and the user. It also supports several Internet protocols. Microsoft introduced the E-mail services in Windows Server 2003. As aforementioned, the basic configuration needed for loading and running the email services includes the services of SMTP and POP3 (Louwrens, 2003) (AOM Software, 2010).
Supporting Technologies
Several supporting technologies are available in Microsoft technologies that enhance the emailing services in Windows Server 2003. Organizations that require additional collaboration capabilities and functionality utilize these technologies.
Free/ Busy information: The publishing of ‘Free/busy’ notification on a website is possible with Microsoft Outlook (Louwrens, 2003).
Public Key Infrastructure: For enabling secure mail communication with an organization, a PKI (Public Key Infrastructure) should be implemented. PKI certificates to digitally sign the mail messages prior to sending, is assigned to users. Mail communications among organizations need more complex security, so a third party certification authority is recommended. S/MIME is used at the client side in order to ensure that the mail is digitally signed as well as encrypted before sending.
Additional feature such as Windows share-point services, scalability features, and real-time communication server is also employed (Louwrens, 2003).
Internet Black Lists and White lists
Two of the most damaging and least effective techniques for combating spam are the white lists and the black lists. Commonly, these lists intend to harm innocent computer users and avoid crucial business emails from being delivered. If the user is sending emails from an email server residing on their computer, and the IP address is resides on one of the lists, then that may affect the user in two opposing ways:
The messages will not be delivered if the email server of a recipient verifies the IP addresses of inbound connection with those contained in the white and black lists
If the message successfully reaches the recipient, then the recipient is able to run anti-spam software which employs block lists in order to group the messages into spam mails. The sender’s email may be seen residing in a folder of spam mails or be permanently discarded and never be accessed by the recipient.
Black Lists
A black list is nothing but a list of spam users containing addresses as well as domains having spam email servers which the sender is aware of (Oricode, 2010). This list is used for blocking every email that arrives from particular servers across the Internet which is can be used to send spam mails. Examples of black lists are SpamCop and Open Relay Database. Almost every anti-spam product has its own black list (Oricode, 2010).
White Lists
These are exactly opposite in nature and functionality to black lists. White lists are a list of known, authorized and trusted email addresses as well as domains which are invariably allowed to send out emails, irrespective of the content in it. These lists are used to complying the senders to authenticate their identity before the delivery of emails, to the recipient (Oricode, 2010).
Conclusion
Therefore, the research study provided in this paper addresses every aspect related to the functioning of electronic mail systems. The topics covered in this paper clearly represent the in-depth study backed by the underlying technology and protocols, employed by the email systems. It also talked about how email systems are beneficial by presenting a detailed study of its operations and configuration on different clients. The research paper also allows its readers to gain knowledge of the requirements of an email server, what are the precise uses of the fields in the email message format, and what they should do if cost is a major issue while using mail servers in their business or home and personal use. The paper also accurately addresses the problem of messages can be sent to several recipient at the same time through the use of “To”, “Cc” and “Bcc” fields. The paper advices users that this problem can be solved by not sending out email messages to recipients to whom the messages are not personally addressed. Moreover, the paper also talked about the additional technologies that support electronic mail systems and servers, and the concept of black lists and white lists that are used for sending out emails to the concerned recipient by having knowledge of their identity. To conclude, e-mail is short for electronic mail or message that is sent between two devices. Besides computers, e-mails can be sent as well as received from portable and mobile devices like PDAs, cell phones, etc. With e-mails it is possible to communicate through personal and work-related mails having attachments for documents, photos, audio and video. Electronic mail systems are the simplest form of communication in today’s world and almost every person having access to the Internet depends on e-mail systems to send messages and stay in touch with the family, friends and business partners, across the world.
Establishing a computer network goes a long way in improving the operations of any company irrespective of its size. The ultimate goal while executing such a project is to achieve results in the least time possible and at the lowest possible cost. Below is a list of a project team that will take part in designing and installing computer network for Igloos Hotels Ltd.
The organizational format of the project team will be a pure project organization. The overall team leader supervises three departmental heads. Alex Jamison heads software installations; Jennifer Hudson heads hardware installations, whereas Mary Fox heads the operations department. Jeff Archer is the overall team leader.
For the project to be successful, all the various teams working together should promote teamwork and mutual support for each other. As well, all team members should understand their individual roles and responsibilities and should strive towards the ultimate success of the entire project.
Most importantly, a dedicated and inspirational leader would help a great deal in guiding and directing the whole project team without which the project would lack direction and crumble. The team leader should liaise between the various departmental heads in order to ensure that all is running smoothly.
On their part, the departmental leaders should take charge of their departmental roles and responsibilities, and as well liaise with the other departmental heads.
For instance, the software installations and the hardware installations team leaders should determine their resource requirements in good time and forward such to the operations head. The operations head should see to it that all required materials are availed in good time, and as well oversee the day-to-day operations of the project.
Network security is an intricate topic traditionally handled only by professionally trained and experienced persons. Yet, as more and more individuals become connected through computer networks, a rising number of people need to comprehend the fundamentals of security in a networked environment.
In the domain of networking, network security comprises of provisions and guidelines established by the network administrator to curb and monitor illegal or unauthorized access, misuse, alteration, or denial of the computer network and other network-based resources (Stallings 2010).
Network security comprises of a range of computer networks, both private and public, that are employed in day-to-day tasks such as carrying out business transactions and communication among firms, public and private institutions, enterprises, and persons. Network security does just as its name goes, protects the network and manages all processes being done on the network.
Objective
The objective of the paper is to expound on network security and its importance in computer networks. Background information on computer networks will also be provided as well as risk management, network threats, firewalls, and hardware and software devices that can be used to improve the security of a computer network.
Introduction to Computer Networks
An elementary comprehension of computer networks is essential in order to understand the codes of network security. A network is any set of interconnected lines, basing this definition on the current topic, a computer network is basically a set of linked computers. Networks enable users to share resources and information, and are classified base on a variety of protocols (Network Security Threats 2011).
For instance, a classification based on the connection manner focuses on the hardware and software systems used to link the individual computer units, such as optical fiber, wireless connection, or coaxial cable communication. Networks can also be categorized on scale, this gives Local Area Network (LAN), wide area Network, virtual Private Network (VPN), among others (Stallings 2010).
Networks are made up of ‘nodes’, which are the individual computers in the network, and at least one server and/or ‘host’ computers. The nodes are linked together by communication systems, which may be private, such as that within an institution, or can be accessed by the public, such as the internet. Several private networks also use the internet.
The moment a computer network is instituted, it immediately becomes vulnerable to network security threats such as viruses and bugs that may affect the normal functioning of a computer. Besides, the personal information such as usernames, passwords, credit card numbers and other critical information may be at risk if the computer does not have adequate security measures. There are very many threats in a network, some of which are so severe and can bring down a large network consisting of thousands of computers.
Virus
In the domain of computer networks, a virus refers to a computer program that can replicate itself, similar to the biological virus. A computer virus spreads from one computer to another through an executable program that attaches itself on programs, files and folders.
It can spread through various means, for example, if one computer in a network becomes ‘infected’ with a virus, the rest of the computers in the network may become infected too if the security features are inadequate.
It can also be spread through USB devices, CD, DVD, or portable had drives. A computer virus may also spread by mailing a web address link to all addresses so that when a person clicks on the message to go the website, the virus enters this new computer.
Certain viruses are less harmful, however, some are very harmful and can infect a computer in the network through various ways (Simmonds 2004). A virus can corrupt the files or software in a computer. Others may attack the computer hardware and bring the whole computer down.
Yet, some viruses may allow a person to have partial control of a computer, this allows for unauthorized access to files and critical information stored in the computer’s hard drive. Although the Windows platform is by far the most vulnerable, other operating systems can also be attacked by viruses.
Network threats arising from viruses can be managed through various ways, however, the most common technique is to install an antivirus software. UNIX-based systems such as Mac OS and Linux are far more secure than Windows. Some anti-virus programs can scan file contents and even zipped folders while some can also scan sent and received mails, a practice known as ‘on-access scanning’ (Simmonds 2004).
Vulnerability to viruses can also be reduced by carrying out data backups regularly on storage media that are not connected to the network or computer. Security patches availed by software manufacturers can also assist in reducing attacks by viruses. Secondary storage media must be scanned before opening in the host computer.
Malware
Malware, short form of malicious software, is a program created to interrupt normal computer operations or deny a user network or computer resources, gain partial control of the computer, access files stored in the computer, gather network-based information such as passwords, and other cruel or dishonest behavior (Curtin 1997).
Malware consists of a large number of malicious programs that includes viruses, Trojans horses, worms, spyware, false adware, rootkits and other malicious programs. In 2009, malware was listed as the second most dangerous threat to computer networks. Today, millions of malware are created daily to exploit networks with weak security features.
Threats arising from malware can be removed using antivirus programs. Most antivirus have an added feature of removing various malwares from the network of individual PCs. Besides, anti-spyware software can be used to prevent spyware threats.
Denial-of-Service Attacks
A Denial-of-Service (DoS) attack is a practice aimed at making network resources unavailable to some users. This vice entails the resolute efforts of a person or group of persons to prevent an internet site or service functioning normally or bringing it down altogether. This network threat is commonly committed against websites or services hosted on high profile internet servers such as financial institutions and credit card payment services (Stallings 2010).
One mode of attack involves flooding a web server with requests in such a way that it cannot respond to legitimate communication requests, or responds in a sluggish manner that virtually renders it unusable. In general, DoS attacks are executed by either compelling the targeted systems to reset, or using up its resources so that it is unable to offer the intended services.
DoS attacks are perhaps the most malicious and hardest to prevent or manage. They are the most malicious due to the ease with which they can be launched and the difficulty of tracing their origins, and it is difficult to deny the requests of the attacker without also blocking out genuine requests for service.
DoS attacks can be prevented through various ways. The first technique is to use firewalls. Firewalls have simple instructions of blocking or allowing certain IP addresses, or ports, however, firewall are not very effective in some DoS attacks as they cannot distinguish legitimate traffic from DoS traffic. Switches and routers can also be used to prevent these attacks (Kizza 2006). Intrusion-prevention systems (IPS) have been successfully used to halt DoS attacks that have signatures attached to them.
Unauthorized Access
This is a very wide terminology as it can refer to various types of attacks, however, the objective of these attacks is to access some information that the computer or server is not supposed to reveal. Unauthorized access to a computer or server can be achieved by using viruses, malware and other malicious programs.
This form of threat can be waded off by using antivirus programs and security patches. Another strategy used by intruders to access a computer on a network is a technique known as packet sniffers. Packet sniffers can be used on a vulnerable network and they just ‘listen’ on the server for words such as password or login in the packet stream, then sends the information thereafter to the perpetrator.
This way, an intruder is able to obtain usernames, passwords, credit card information and other critical information from unsuspecting users (Bragg et al 2010). This type of threat can be prevented by using clear-text passwords, besides, data encryption can help divert such attacks.
When using a wireless network, it is advisable that one should use a long or complicated password, also, it is advisable that the strongest security supported by the wireless connection hardware should be used, such as encryption tools. Passwords can also be changed regularly.
General Methods for Preventing Network Attacks and Reducing Vulnerability on Networks
The most commonly used technique for reducing network threats is the installation of antivirus programs. These programs must be regularly updated and security patches and updates installed. Improving the security of the network infrastructure can also involve switching on features that enhance network security on switches, routers, and other hardware (Fadia 2006).
These security features ensure a secure connection, enhance perimeter security, prevents intrusion, protects identity services, and general security management. Fixing intrusion detection systems and firewalls offers protection for most areas of the network and allows for a safe connection. Working on a virtual private network (VPN) can also enhance security. VPNs provide network access control and encryption services.
Network security can also be improved by undertaking regular network security audits. A network security audit simply means that an expert comes and examines the security of the network, he also checks for loopholes that may be used attack the system and fixes them.
The audit can go beyond an inspection of the computers in the network and may comprise a site assessment of the physical security of the organization. A network security audit fixes an organization security flaws in the network and makes it difficult for perpetrators to attack the network (Network Security Threats 2011).
Since network threats come in a variety of forms and cannot be totally eliminated, it is advisable that secure updated data backups should be kept on systems that are detached from the network. None of these strategies will singly eliminate the threats arising from a network connection, but when they are used together, they can be exceedingly effectual at keeping a network safe. Besides, well –thought-out organizational policies can be effective at preventing unauthorized access to critical and parts of the network.
References
Bragg, R., Rhodes-Ousley, M., Strassberg, K. (2004). Network security: the complete reference. New Jersey: John Wiley & Sons, Inc.
Curtin, M. (1997). Introduction to Network Security. Web.
Fadia, A. (2006). Network security: a hacker’s perspective. TX: Thompson Course Technology.
Kizza, J. M. (2006). Computer network security and cyber ethics. New York: McGraw-Hill.
Network Security Threats. (2011). What Is A Network Security Audit? Web.
Simmonds, A., Sandilands, P., van Ekert, L. (2004). An Ontology for Network Security Attacks. Lecture Notes in Computer Science, 3285: 317–323.
Stallings, W. (2010). Cryptography and network security: principles and practice. NY: Prentice Hall.
Stallings, W. (2010). Network security essentials: applications and standards. NY: Prentice Hall.
Technology is an element of our culture that influence us and that is in turn shaped by people in order to suit their needs. Transformation of any aspect of our technology in turn changes the way we do our socio-economic and political activities. Information Communication Technology (ICT) in particular has undergone great advancement in the recent past and is still undergoing changes thereby altering the way we carry out virtually all of our activities. While there are numerous advantages that accrue from progress of the ICT like improving the speed at which information, news and ideas are transferred from one part of the globe to another and efficiency in various types of jobs, there are equally numerous criminal activities that have evolved alongside progress of the ICT. In other words, crime has also been transformed by ICT so that today we have what is called cyberspace crime that has brought up numerous legal and security challenges with respect to use of computers and the web. The purpose of this essay is to research on three types of crime that is frequently committed on the web and find out what can be done to prevent these crimes. It also seeks to establish whether different countries have different attitudes towards these crimes, whether the current computer and internet related laws are adequate and find out if criminals can be prosecuted across borders.
What is cybercrime?
Since time immemorial all human societies whether big or small, rich or poor, strong or weak, sophisticated or primitive have always forbidden activities that are deemed to be contrary to accepted societal values and morals Miller and Jentz (15). Arguably crime has always been a challenge to public order in all societies from the very humble beginnings of humanity. According to Darrow, a crime is.an act outlawed by the law of a country and which is deemed adequately serious to deserve providing punishment for its commission (6). Here it is important to note that it does not necessarily follow that the act is either good or bad; the penalty follows for the breach of the law and not essentially for the moral wrongdoing Darrow (6).Apparently something is not necessarily bad because it is outlawed by the law. There are various types of crime including property crime, white-collar crime, and public order crime like drunkardness, pornography and prostitution among others. Cybercrime is a new form of crime that has evolved alongside advancement in the use of internet and the computers.
Cybercrime can be defined as an act related to the use of the internet and computers that is outlawed by laws that are now commonly known as cyber or computer-related laws that is considered sufficiently serious enough to deserve a punishment for its commission Gupta (5). Cybercrime primarily differs from ordinary crime in the sense that whereas traditional criminals use guns and other ordinary tools cybercriminals use computer technology Brenner (10).Therefore, cybercrime basically correspond to movement of real-world crime into internet and computer world or cyberspace which is basically the tool criminals use to commit old crimes in new ways Brenner (10).
Types of Cybercrimes
There are various types of cybercrimes including hacking, child pornography, cyber stalking, soft ware piracy, virus dissemination, denial of service attack and online frauds such as spoof websites and email security alerts, spoofing, lottery frauds and virus Hoax E-mails Gupta (5). These crimes continue to develop and become more complicated so much so that naive members of the public may not be able to differentiate between lawful actions from illegal cyber acts by individuals who pose as innocent web users. For purposes of this task we shall look at the following three cyber crimes.
Hacking
Hacking has been a common cyberspace crime long before invention of the internet in 1970s.Hacking refers to unlawful intrusion into a computer system without the go-ahead of the computer user or owner Gupta (5). Gupta observes that hacking entails all acts that are aimed at breaking into a computer and/or network without permission of the owner (5).Main purposes behind hacking are greed, destructive mentality, and desire to reach outlawed information, curiosity, vengeance, power and publicity Gupta (5).
According to Gupta (5) hackers write or use readymade computer programs to assault the intended computer. As mentioned above, different hackers tend to have different motives. On one hand some hackers are driven by a malicious desire to destruct out of which they get satisfaction. On the other hand some hackers crack other peoples systems for selfish material gains through acts such as stealing credit card information, transmitting money from victims’ bank accounts to their accounts from where they withdraw the money Gupta (5). There is also a category of hackers who get monetary gains by intimidating giant companies that they are going to publish stolen sensitive information which is significant in nature Gupta (5).Due to the wide media coverage that governments receive their websites are the hottest aims of the hackers around the world. Hackers are usually categorized as crackers and phreaks. Computer security experts and the purists assert that those hackers who break into computer systems should be properly called crackers and those aiming at the phones should be known as “phreaks” Gupta (5).
Cyber Stalking
Stalking in general terms refers to multiple acts of harassment directed towards a victim like destroying the victim’s property, making harassing phone calls, following the victim and leaving written messages or objects on the victims SNW platform Gupta (6).According to Gupta “Cyber stalking refers to the use of the internet, e-mail, or other electronic communications devices to stalk another person” (p. 7). It is a new form of harassment that is rising to shocking levels in big cities like Mumbai in India. Gupta points out that cyber stalking as well as offline may end up in to serious brutal acts such as bodily injury to the victim and that cyber stalking should be taken and viewed seriously (7).
A cyber stalker mails distressing or intimidating messages to their target victim. The purpose of both online and offline stalkers is the wish to control the victim’s life Gupta (8). A typical stalker gathers personal details about their target victims like names, family background, telephone numbers, place of work, daily routine of the target victim, address of residence, dates of birth among others from web resources like the various profiles the victim may have filled up while opening chat or e-mail accounts or signing-up an account with a given website Gupta (8).If the stalker is a friend or an acquaintance of the victim accessing the above enumerated information is easier. This information may be used by the stalker to sabotage the reputation of the victim by for instance posting it on any website associated to sex-services or dating services Gupta (8). By posting the information on such websites the stalker posses as if it is the victim who is posting the information and welcoming people to call the victim on her telephone number for sexual services Gupta (8).
Software piracy
Software piracy refers to theft of software through unlawful copying of legitimate programs or faking and supply of materials planned to pass for the original Gupta (9).Examples of software piracy include end user copying such as friends loaning disks to one another or organizations failing to report the total number of software installations they have made, forging or counterfeiting in terms of extensive doubling-up and delivery of unlawful copied software, illegitimate internet downloads by intrusion and hard disk loading whereby hard disk dealers loads illegally copied software Gupta (9).Users of illegally copied software looses a lot. For example, he or she obtains untested software that may have been copied many times possibly containing hard-drive-infecting viruses, misses technical support in case of software failure, looses warranty protection ,and lacks legal right to use the product Gupta (9).
Cyber laws and Prevention of Cybercrimes
Cyber laws have not fully developed to an extent that they can be said to be adequate to protect innocent and largely uninformed and unsuspecting users of the computers and the internet. For instance Jaishankar argues that current laws are not adequate in the sense that most of them are not set to deal specifically with computer and internet related crimes (315).One main weakness of these laws according to Jaishankar (315) is their wording which he asserts largely addresses traditional crimes committed in real-world situations thereby making them inappropriate to crimes in cyberspace. Jaishankar adds that cyber laws are still developing and that they continue to change (315). In the developed countries where ICT has taken roots cyber laws are relatively developing at a faster pace because of the widespread online crime and victimization of many people particularly women via the so –called Social Net Works. However, presence of adequate laws should not be equated with stamping out and discontinuation of cyber criminal activities or signify knowledge of these laws by members of the public.Therefore, the members of the public must be sensitized adequately on cyber crimes and cyber laws available so that they can be able to identify cyber crimes and help in fighting the menace that has cost many individuals and organizations millions of dollars. The mentality by some members of the public that cyber criminals are not reachable by the long hand of the law should be erased as fast as possible in order to minimize cases of cyber crimes which are a serious stumbling block to meaningful socioeconomic progress now that more and more people are working from the comfort of their homes through the internet. Also it is important to note that where there are no cyber laws an act of omission committed with the aid of computers and internet can be prosecuted and criminal punished in accordance with available traditional laws. In other words, absence of cyber laws does not make an offense committed with aid of a computer and the internet liable to punishment by courts of law.
There are various security methods that organizations, institutions as well as individuals can use to prevent and preserve integrity and security of their computers and networks including system control, computer emergence or computer incident response teams, encryption, computer-use monitoring, early warning systems and biometrics to manage access (Dempsey 261;Bidgoli 335).Gupta recommends that in order to guard against cybercrime organizations and individuals should always follow general guiding principles on cyber safety like avoiding to respond to obscene, belligerent or threatening messages (14).According to Gupta you should never plan to meet a person you have only ‘met’ on the web and that in the event that you arrange such a meeting you should inform someone close where you are going to meet the stranger (15).That person should keep in contact with you via the phone for instance to monitor you safety and wellbeing while with the stranger. You can as well be accompanied by someone close if the stranger you are meeting does not object the idea and if he or she does someone close can be in the vicinity of the meeting venue. Do not take chances with your safety while meeting a stranger for whatever reason Gupta (15). You should not give out personal identification information like you name, telephone number or home address in a chat room as well as important information such as your gender and age should never be revealed to anyone Gupta (15). Avoid mailing your photograph to anyone on the net unless you know the person well enough Gupta (15). Uphold email safety by avoiding inputting any private information that might help make available access to your bank accounts. We should use firewalls, avoid opening to unknown email attachments, use the latest versions of antivirus programs, avoid running programs of unknown origins, turn off your computer or disconnect from the net work when not in use among many other protection measures Gupta (16).
Conclusion
To sum up, different countries have different attitudes towards cybercrime. However, criminal acts committed with the aid of the computers and web generally underpins contravention of the law everywhere because the computer is simply a tool used to commit a crime that otherwise could be committed without a computer. These differences depend on levels of development in terms of ICT and the extent in usage of computers. For instance, in China cyberspace crime are largely identified with males Fisher and Lab (251).At the moment international cyberspace laws are poorly developed thus making criminal prosecutions across borders problematic.
Hess notes that to be prosecuted across the borders an act committed through the aid of the computers and the internet must constitute a crime in the two countries involved (30). At the moment this is not the case at the international levels despite the heightened rate of globalization which ironically has been accelerated by use of computers and the internet. This however does not mean there are absolutely no legal frameworks up on which criminals can be sued because after all a crime is a crime whether online or offline or that there is nothing that can be done to international cybercriminals miller and Gentz (216).Hess (30) suggests that even though national legal traditions must be respected in accordance to principle of general international laws, current needs for well developed and adequate cyber laws necessitates the need for countries to describe crimes in cyber space in a similar way (30).
Works Cited
Bidgoli, Hossein. The Internet encyclopedia, Volume 2. New York, NY: John Wiley and Sons, 2004.
Brenner, Susan W. Cybercrime: criminal threats from cyberspace. New York, NY: ABC-CLIO, 2010.
Darrow, Clarence. Crime: Its Cause and Treatment. Teddington, Middlesex: Echo Library, 2007.
Dempsey, John S. Introduction to Private Security. New York, NY: Cengage Learning, 2007.
Fisher, Bonnie S.and Lab, Steven P. Encyclopedia of Victimology and Crime Prevention, Volume 1. New York, NY: SAGE, 2010.
Gupta, Gajendra. Advanced Java. Daryaganj, New Delhi: Laxmi Publications, 2006.
Hess, Patrick. Cyber terrorism and information war. New Delhi: PVT. LTD. 2002.
Jaishankar K. Cyber Criminology: Exploring Internet Crimes and Criminal Behavior. Georgia, Atlanta: CRC press, 2011.
Miller, Roger LeRoy and Jentz, Gaylord A. Fundamentals of Business Law: Excerpted Cases. New York, NY: Cengage Learning, 2009.