My Masters Degree is Complete!

This is a very exciting update! As of Monday April 28, 2014, I have completed all of the requirements for my Master of Science in Cybersecurity from the University of Maryland University College (UMUC). This may seem kind of silly to be bragging about this, you have to understand that this is the culmination of many years of work. My wife and I have been together for about 15 years. If you count high school as well, I have been in school (of some kind) for over 12 of the 15 years we have been together! I finished my AAS in 2003, took a brief break and then went after my BS in 2005. I got that one in 2007 and took another break. I started in my M.Div and completed about 15 hours towards it before I realized it was not going to be easy to recoup the expense. Finally I chose the MS in Cybersecurity and now I am done with it!

So what will I do now? Well, I still have to make the trip out to Maryland in mid-May with my mother and my daughter so that I can attend my commencement. I was accepted as a member of Upsilon Pi Epsilon which came with a snazzy certificate, pin and honor cords to wear at the commencement ceremony. I have already received my cap, gown and academic hood to wear and my card to present to the commencement announcer. Basically, all that is left is to hop on the plane and go!

Once I get back from the graduation what will I do? That is where things get a little cloudy. The sole purpose of attaining my degree (other than personal growth) was so that I could become a teacher. The academic rules in the USA state that an instructor must hold at least one degree higher than the degree level of the students being taught. That is to say that since I have my Masters, I am permitted to teach Associate and Bachelor’s courses. I could also serve as a TA for professor who holds a doctorate and help co-teach Master’s classes but generally a TA can only TA for a Master’s if they, too, are attempting to attain a Doctorate which I am not.

Sure, I would love to be called “Doctor Dave” but my Masters was grueling enough with 3 kids and I will soon have 5. My wife has already threatened to disown me if I take on my PhD. Happy wife – happy life – that is my philosophy. Plus, I have already missed out so much on the lives of my 3 current children and I don’t want to miss out on any more of there lives or on the lives of my new twins due in August. So… this is as far as I go.

My hope now is that I will get picked up by a university to teach online classes for Bachelors or even associates level classes part time. If I get a position such as this, I can start to pay back the over $90k in student loans that I have racked up with the proceeds from teaching and still work my full time job. As it stands, I don’t think my current employer really considers my Masters degree as grounds for promotion but it is nice to have on my resume anyway.

For now, I am going to tie up the loose ends on my dad’s estate and I have been busily working on adding lots of new stuff to my RetroGamerBoy site. That’s all for now.

 

Wired and Wireless Security Best Practices

All organizations doing business in the modern world require some sort of network to support the operations of the organization even if the organization is a small local business. Regardless of the size of the organization, the data on their machines is one of their most prized possessions as it can contain everything from financial data to trade secrets can be kept resident on these machines  and must be secured (Caballero, 2009, p. 237). Although wired networks and wireless networks are rather different architectures, they share many similarities in how they are secured, therefore, this discussion will begin with the specific security practices that the networks share and then will expound on the more specialized needs of wireless networks.

In order to create a strong and secure network, the first thing that must be done is to establish a firm boundary at the physical level. The server room or data center should be offered as many physical protection methods as deemed possible by the organization. Some of these safeguards include: security officers, a visible authorization system (i.e. receptionist who checks IDs before allowing building access), a two or three level authentication system such as a user name and password, or a user name, password, and biometric check, and an auditing method (either paper or electronic) that logs access to the room or datacenter. If it is financially feasible, the company should also consider installing a closed circuit security camera system (Caballero, 2009).

Once a physical boundary is established, the attention should be shifted to focusing on the network boundaries (or perimeter). A firm line should be established between where the internet ends and the private LAN begins. Much like a building, the LAN should be protected by security guards that block the entrances and exits until the data has been authenticated. In order to accomplish this, the network should be secured by a network firewall that uses a bi-directional analysis method known as ‘stateful packet filtering’ (Caballero, 2009, p. 240) as this will analyze each packet as it passed through the network. Once the data passes on to the router to enter the LAN, it is wise to include router packet filtering to examine packets to see if they meet security policies that have been implemented. If the router allows for MAC Address filtering on wired connections, these should be activated as well because this adds additional security to prevent unauthorized devices (Prowse, 2011, p. 132). Once the router has been deployed, the next layer to secure the network would be to install an inline Intrusion Detection and Prevention System (IDPS) as this will scan the network for possible intrusions using either a signature analysis system or an anomaly based system (preferably a combination of both) that will flag administrators in the event of a perceived attack (Prowse, 2011, p. 155).

The various safeguards as outlined above are some of the primary practices used to secure wired networks but to secure wireless networks additional measures must be taken. Each wireless network broadcasts to a certain range which will allow some possibility of the signal traveling beyond the physical walls of the building. Because of this flaw in the security of wireless, it is advised that organizations reduce the signal strength incrementally until the signal is no longer detected outside the organization (Valacich & Schneider, 2010, p. 203). Another broadcast item is the Security Set Identifier (SSID) or the network name of the wireless access point which is set up to broadcast itself by default, one should turn this off so as to prevent unauthorized external access to the network. All wireless access points have the capability to use some sort of passkey to permit access including WEP, WPA, and WPA2 encryption schemes, to ensure security and authentication, the WPA2 encryption scheme should be activated and a high entropy password created to secure the access point. Also, it is imperative that MAC filtering be turned on for wireless clients so that only hosts who are added to the MAC filter list are able to receive connectivity. Lastly, if the devices being connected to the wireless point are 802.1X capable, this authentication system should be activated (Vacca, 2009, p. 797).

All of the safeguards above are some of the best ways to secure a network, especially from a hardware level. Despite the best security practices, the human element can still cause challenges to a security infrastructure. Thusly, a wise information security manager will also create a comprehensive security plan for all the users at the facility to follow and remind them often. No network is completely secure but implementing items such as these will allow a decent reduction in risk.

Bibliography

Caballero, A. (2009). Information Security Essentials for IT Managers: Protecting Mission-Critical Systems. In J. R. Vacca, Computer and Information Security Handbook (pp. 225-254). Burlington: Morgan Kaufmann Publishers.

Prowse, D. L. (2011). CompTIA Security+ SYO-201 Cert Guide. Indianapolis: Pearson Education.

Vacca, J. R. (2009). Configuring Wireless Internet Security Remote Access. In J. R. Vacca, Computer and Information Security Handbook (pp. 795-798). Burlington: Morgan Kauffman.

Valacich, J., & Schneider, C. (2010). Information Systems Today: Managing in the Digital World. Upper Saddle River: Prentice Hall.