The Key Elements Of The Information Security System | Sunshine Machine Works

The enhancement of the information security system of Sunshine Machine Works can enhance consistently the protection of the data transmission and data sharing within the company’ network. The protection of the intranet is imperative to protect the database of the company as well as the private information of customers of the company. In this regard, tunneling and the use of OCI model can help to protect the company’s network, whereas SSL can enhance the secure use of the database and information sharing between the company’s database and employees. Hence, Sunshine Machine Works has to enhance their information security system to protect their network from breaches and unauthorized access of the third parties through the introduction of cryptographic tunneling and SSL.

Cryptographic tunneling is a way in which data is transferred between two networks securely. All the data being transferred is fragmented into smaller packets or frames and then passed through the tunnel (Carmouche, 2007). In such a way, the data transmitted is divided into small fragments, which are transmitted within the intranet of the company.

Every frame passing through the tunnel will be encrypted with an additional layer of tunneling encryption and encapsulation, which is also used for routing the packets to the right direction (Carmouche, 2007). The encryption is pivotal to protect the data and prevent the risk of information breaches. As the data are divided into frames and all of them are encrypted, the risk of information breaches decreases as every frame is encapsulated by encryption and protected from the unauthorized use. This encapsulation would then be reverted at the destination with decryption of data, which is later sent to the desired destined node (Bollaparagada & Khalid, 2005). In such a way, it is only the target user, the receiver of the information, who can decrypt the information and obtain the data as the sender intended them to convey. Therefore, the encryption tunnel serves as the encapsulation for the data being transmitted since only two end users have the access to the full information, i.e. the sender and the receiver of the information. Neither party can access the information because of the encryption, while the division of the information into frames makes the interception of the information even more difficult and challenging for the third parties.

Benefits of the encryption tunneling are obvious. First, the encryption tunneling provides the high level of security due to the protection of the data and minimization of the risk of the access. The encryption tunneling brings positive effects as the network acquires multiple layers of the data protection. The tunneling creates the encryption at the sender level. Then the data is encrypted and divided into frames. The next step is the protection of the data transmission, which is another layer of the data encryption. Finally, it is only the receiver of the information, who can decrypt the information that is another layer of the data protection. If the third parties attempt to break through the encryption, they need to have the decryption tool, like code or key, which only the end user, i.e. the receiver normally possesses. The several layers of the data encryption and protection make the encryption tunneling very reliable.

At the same time, Sunshine Machine Works managers and employees should not worry about the complexity and difficulty of using the encryption tunneling. In fact, end users will not have any inconveniences while using the encryption tunneling. The software used in the encryption tunneling will do the major part for users, whereas users will need to have just the general knowledge of how the encryption tunneling functions. For example, they need to have the understanding of electronic signing procedure. They should get the information that they will receive a key to send or receive the information and that they have to keep that key secret and unavailable to the third party. Moreover, some software secures the key to prevent the risk of compromising the key as only the user has the access to the key and knows the key.

At this point, it is possible to refer to the example of using the encryption tunneling, such as SSL. SSL Certificates have a key pair: a public and a private key. These keys work together to establish an encrypted connection (Easttom, 2006). The certificate also contains what is called the “subject,” which is the identity of the certificate/website owner (Easttom, 2006). The public key is available to the server and the certificate/website owner, whereas the private key is available to the user only and neither party has access to the information about the key. Naturally, the user should never uncover the information about the key to any third parties to prevent the risk of intrusion or information breaches.

The user creates a certificate signing request, which creates a private key and a public key (Bollaparagada & Khalid, 2005).  The CSR data file that the user sends to the SSL Certificate issuer (called a Certificate Authority or CA) contains the public key (Bollaparagada & Khalid, 2005). The CA uses the CSR data file to create a data structure to match the user’s private key without compromising the key itself. The CA never sees the private key (Bollaparagada & Khalid, 2005). In such a way, the user secures his/her information with the help of the private key, whereas the CA uses the public key as the tool to communicate information and conduct all the required manipulations with the information the user want to transmit. Once the user receives the SSL Certificate, he/she should install it on his/her server. The user should also install an intermediate certificate that establishes the credibility of the user’s SSL Certificate by tying it to the user’s CA’s root certificate (Bollaparagada & Khalid, 2005). In such a way, the user turns out to be the only person, who can get access to the information he/she transmits.

In fact, the most important part of an SSL Certificate is that it is digitally signed by a trusted CA like DigiCert (Easttom, 2006). The digital sign enhances the information protection because neither party can access the data without the digital sign. Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa (Easttom, 2006). In such a way, there are three crucial levels of the data protection respectively to the number of keys. The private key is virtually the most important one because it is available to the user only and neither part can normally get access to the key.

Thus, managers and employees of the Sunshine Machine Works should be aware of the key elements of the information security system based on the encryption tunneling and the use of SSL. The understanding of how the information security functions will help them to minimize the risk of information breaches, whereas the intranet of the company will be fully protected. In such a situation, if the encryption tunneling and SSL are properly used, the company can obtain the reliable and stable information security system that will maintain the protected data sharing within the company.

 

References:

Bollaparagada, V., & Khalid, M. (2005). IPSec VON Design. Indianapolis: Cisco Press.

Carmouche, J. H. (2007). IPsec Virtual Prive Network Fundamentals. Indianapolis: Cisco Press.

Easttom, C. (2006). Network Defense and Countermeasures. Upper Saddle River, New Jersey: Person Education Inc.

The terms offer and acceptance. (2016, May 17). Retrieved from

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016.

[Accessed: March 29, 2024]

freeessays.club (2016) The terms offer and acceptance [Online].
Available at:

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]
close
Haven't found the right essay?
Get an expert to write you the one you need!
print

Professional writers and researchers

quotes

Sources and citation are provided

clock

3 hour delivery

person