“Let’s fight, Help and Win” 
Security and Data at Rest and in Transit
A protected protocol can be defined as a network protocol, which will be effective in ensuring the security as well as integrity of information that is in transit through a network connection. Some kinds of security protocols that are extensively necessary are Secure Socket Layers (SSL), Secure Shell (SSH), Transport Layer Security (TLS), Hypertext Transfer Protocol Secure (HTTPS), Secure Hypertext Transfer Protocol (S-HTTP) and Hypertext Transfer Protocol (HTTP). SSL is prominently required for securing messages, which are essential to be transmitted through the internet and thereby will necessitates to utilize port 443. TLS is quite similar to SSL; however, it is not interoperable. It is worthy to mention that few applications can make use of either SSL or TLS in the process of data transmittal. Secure Shell protocol is required, as it will allow maintenance of security in iterative remote control of systems. HTTPS protocol is also necessary for securing form of HTTP, which is in turn required for encryption of information prior to its transmittal. HTTP is considered as an unsecure protocol, which will be eventually used for clear text while transmission of data. S-HTTP protocol has never been widely utilised and is never considered as secure as HTTPS.
According to the necessity of transmitting sensitive information, which is necessary to be transmitted through the network, it can be strongly suggested that implementation of the SSL protocol can be the best-proposed solution. Enforcement of this protocol will eventually enable SSL Handshake Protocol for acute establishment of a highly secured channel for acute transmission of encrypted data. Implementation of SSL protocol will be accurate for checking of dates on the certificates for seeing in case whether they are valid and while the name matches with the URL that has been typed on any browser. SSL will be asking the query whether it should be the certificate authority (CA), which is responsible for issuance of certificate can be trustworthy while validation of authentication. Furthermore, it will be recommended for utilization of SSH protocol for deliverance of a secured interactive remote control system. SSH should be used in Ron Rivest, Adi Shamir, and Leonard Adleman (RSA), which is a public key cryptography for maintenance of both authentication and connection. Finally, HTTPS will be enforced for securing hypertext, which is to be utilized in SSL encryptions prior to data transmission through the Internet.
The public key infrastructure (PKI) is a reliable procedure used for encryption followed by decryption of data and this altitude of security can be very effective for multifaceted authentication method. The certifications that will be used in due process will promisingly insure safety level in security because of validation of data. Certifications can be denied or approved owing to data that has been provided to CA. This form of approved validation is effective for verifying that the user is having the authority of having accessibility over the network. Revoking certifications, in case when they are stolen or lost holds much significance for ensuring security in the university database as the management do never yearn for this authentication to be in hand of an intruder or network attacker. Overall, this will be an effectual method for ensuring authentication, which will be actually verifying the client is a trusted one.
B. Secure Protocol Implementation
The Maryland University College is an international renowned body, which is responsible of providing services either through face to face interaction such as in classroom or through the web i.e. online. It is worthy to mention that employees, visitors and students extensively rely on the utilization of online resources of university for accomplishment of day-by-day tasks. The university is comprehensively reliant on online transactions for security, which is inclusive but is never restricted towards payments, email services and enrollments. Having these necessary services being accessed through the web utilizing an internet browser, it can be assuredly recommended that UMUC requires to implement hypertext transfer protocol secure (HTTPS) with the purpose of keeping transactions protected as well as secured from unauthorized individuals or malicious stuffs.
Hypertext Transfer Protocol (HTTP) is a technique to encode and transport data in between a client like a web browser as well as a web server. HTTP is considered as the prime protocol to transmit information through the Internet. The College is undoubtedly reliant on making use of the web for carrying out most of their transactions, whether it is in relevant to students, employees or other activities. The HTTP protocol, which is an unencrypted one, does never provide protection to data from being altered or intercepted, which can make users in the University subjected to eavesdropping followed by tracking as well as modification of received information. With the functioning of hypertext transfer protocol secure (HTTPS), UMUC will be effective for guaranteeing the connections in the web with the opportunity of having the following features:
- Confidentiality: The connection of visitor is encrypted followed by obscuring of URLs, sensitive metadata and cookies.
- Authenticity: The visitor is connecting with real website, and never through a “man-in-the-middle” or to impersonator
- Integrity: The data that has been sent in between the visitor as well as the website has never been corrupted or modified.
Information has been sent through unsecured HTTP, which can be straightforwardly accessed as well as compromised by malevolent attacks.
According to high necessity and handling of web by services that has been provided by the Maryland University College, it has always been highly prioritised that these services are extensively protected. Through implementation of hypertext transfer protocol secure (HTTPS), introduction of UMUC will undoubtedly guarantee that the data that has been on the web are accurately secured along with authorizing users with the allowance of accessing such data. Utilization of HTTPS will secure sockets layer (SSL) or transport layer security (TLS) with the purpose of keeping the information encrypted prior to its sending over the network.
While combining with proposed solutions that have been mentioned above, the University College necessitates of keeping in their mind that the safeguard of information that has been stored on information sent over emails, workstations and assure that scarped data has been protected. UMUC promisingly necessitates adopting as well as establishing protocols for file encryption, which will be keeping the data under intense protection. It can be proposed that UMUC can put into action encryption of files, hard drives as well as directories with the opportunity of providing data protection in addition. It can be recommended that UMUC should be focused on stabilizing the exploitation of encrypting file system (EFS), Pretty Good privacy (PGP), GNU Privacy Guard (GPG) and full volume encryption.
File encryption is a procedure involved in encryption of every file that are present in the storage medium as well as permitting accessibility on the encrypted data following appropriate authentication has been ensured. The acute storage encryption solution to be applicable for a specific situation is extensively dependent on storage type, the amount of data necessary to be protected, environment where storage should be located as well as the threats that are necessary to be resolved. The UMUC should be considering Encrypting File System, GNU privacy guard and Full Volume Encryption. The EFS will ensure additional level of file and directories’ security. It will also ensure cryptographic protection to every file that is on the NTFS file system by making use of public key encryption. GnuPG is a free and complete implementation of Open PGP standard, which is defined by PGP or RFC4880. BitLocker Drive Encryption is considered as the data protection element that should be availed on Windows Server 2008 R2 and in some versions of Windows 7. With the integration of BitLocker alongside operating system will be effective in addressing the severe threats due to data theft as well as exposure from stolen, lost or incongruously decommissioned systems. BitLockerhelps will be effective in keeping information on the hard drive totally protected even if stolen.
The UMUC should be stabilising the intended solutions of file encryption with the objective of hardening the security of information that has been stored or being transferred through the network. Such type of solutions will be freed for using along with some of those being standard of modern computers. Establishing a policy, which necessitates implementation of such type of solutions, will promisingly make sure that employees stay adhered to the exercises of the organization[7].
The ways malicious attacks are occurring is so dynamic that UMUC can never be reliant on the single principle with the purpose of keeping data that has been sent over the network safely. UMUC should be considering establishing a technique, which will be effective in keeping the data integrity secure. It can be proposed that the implementation of hashing by making use of SHA-1 hash algorithm will be undoubtedly perfect. The most important application of hash functions in relevance to cryptography has been message integrity. The hash value will be providing a digital fingerprint of the contents of the message, which desirably ensures message has never been altered through an intruder, virus or other means. Hash algorithms is expected to be effective as of exceedingly low probability, which two varied plaintext messages would be yielding the similar hash value.
While implementation of a hashing algorithm there should be one key element, which professionals or organisations should be keeping in mind that the larger the hash is the more secured it will be. SHA-1 should be consisting of a lengthy 160 bits, which is toused in different public key cryptographic algorithms and thus well-organized hardware incorporation of SHA-1 holds much importance. It is also significant that UMUC better knows that it is never bounded until the implementation of only SHA-1. The other hashing function that can be implemented is Hashed Message Authentication Code, which will be responsible for combining authentication through a shared secret along with hashing[10].
Hashing is the most effectual technique that will grant integrity to information, which has been sent through the web. This is the most feasible method by the enforcement of which UMUC can proficiently verify whether the data in transit has been modified or not. Hashing has never been a mean of using it for encryption. However, it will only be utilised for checking the integrity of the file[8].
In case the infrastructure fails, some work is necessary to be restored to the operational state. However, clients or users would not be having any kind of accessibility in due time and the time at which the system will be recovered is directly depending on mechanism that has been used. These recovery aspects can be captured by various metrics as these are directly associated with costing which is significant to be thought of not just because of the desired metrics but also minimum viable organisational objectives. Prior to devising of an exclusive strategy, UMUC should be first having a series of requirements chalked down for evaluation of feasible solutions. The set of requirements should be aligned by which the solutions can easily be evaluated.
For restoration of mailbox operations, the Client Access Server (CAS) role is necessary to be installed over to the Exchange server. The other proposed solution can be Tivoli Storage FlashCopy Manager, which is necessary to be configured for using a varied CAS in the domain. The time when UMUC completes data backups, the file size of Exchange database can be increased as of incremented database commitments, which can easily be triggered by backed up operations. The RPO is the acceptable amount of data that can be lost in the event of a failure. The Recovery Time Objective (RTO) is the solution time, which is necessary for restoration of the system to its operational state following an uncertain failure. The Recovery Time Objective (RTO) is the required time for restoring the system to its previous operational state after an occurrence of failure. The granularity in recovery time is highly concerned with the specificity by which the users at UMUC can feasibly choose an exacting point in time since the times of yore for acute restoration of the system.
In case the UMUC environment has been configured in appropriate way, the operations related to mailbox restoration will effectively work in the similar way just like previous versions of Microsoft Exchange Server. The various above-mentioned solutions, which can be helpful for IT professionals are justifiable to make investments in backup and recovery services to UMUC’s Chief Information Officer (CIO) as well as other business decision makers. By analysis of the ways to save costing on backup and restoration, UMUC can more feasibly justify their expense to ensure improvements in its acute solutions and thereby protect itself from almost any emergency that might arise.
References
[1] Baker, B., Gupta, O., Naik, N. and Raskar, R., 2016. Designing neural network architectures using reinforcement learning. arXiv preprint arXiv:1611.02167.
[2] Bansal, K., Masurekar, U., Maskalik, S., Shah, S., Srinivasan, A. and Agarwal, M., NiciraInc, 2017. Firewall rule management. U.S. Patent 9,787,641.
[3] Basak, D., Toshniwal, R. and Sequeira, A., VMware Inc, 2017. Firewall configured with dynamic membership sets representing machine attributes. U.S. Patent 9,621,516.
[4] Bhargava, R. and Reese, D.P., McAfee LLC, 2015. System and method for network level protection against malicious software. U.S. Patent 8,938,800.
[5]Carames, H.V., Quest Software Inc, 2016. Firewall multi-level security dynamic host-based sandbox generation for embedded url links. U.S. Patent Application 14/665,315.
[6] Chen, W., Wilson, J., Tyree, S., Weinberger, K., & Chen, Y. (2015, June). Compressing neural networks with the hashing trick. In International Conference on Machine Learning (pp. 2285-2294).
[7] Erin Liong, V., Lu, J., Wang, G., Moulin, P. and Zhou, J., 2015. Deep hashing for compact binary codes learning. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 2475-2483).
[8]Serber, P.D., International Business Machines Corp, 2015. Distributed network protection. U.S. Patent 9,021,591.
[9] Shen, F., Shen, C., Liu, W. and Tao Shen, H., 2015. Supervised discrete hashing. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 37-45).
[10] Zhu, H., Long, M., Wang, J. and Cao, Y., 2016, March. Deep hashing network for efficient similarity retrieval. In Thirtieth AAAI Conference on Artificial Intelligence.