Design Model For Ozzicom Enterprise Network Security example essay topic

5,935 words
Design Model for OZZICOM enterprise network security. Since OZZICOM is a big company, that means it has a huge number of operations and accesses by users. These operations and processes needs a secure network. Here are some suggestions that could be included in designing a model for OZZICOM enterprise network security. Network Assessment and Optimisation Leverages deep expertise and a wide range of assessment tools to analyze network operations and provide recommendations for improving performance and mitigating risk. Disaster Recovery and Business Continuance Develops a disaster recovery plan to help prevent costly disruptions to a network and to normalize operations as quickly as possible in the event of a system failure.

IP Address and Design Implementation and Management Develops an IP address schema for sustained growth and efficient use of IP addresses. Provides a set of proven policies, procedures, guidelines, and tools for managing public and private address space for midsize and large enterprises. Application Network Review Helps ensure application production readiness, verifies bandwidth requirements, and identifies application bottlenecks. Directory Services Infrastructure Designs and implements a directory services infrastructure that delivers a high level of accuracy and security, and minimizes administrative tasks and costs. DNS Infrastructure Architecture and Design Designs a robust Domain Name System (DNS) architecture to support Internet and intranet name resolution. Capacity Planning and Optimisation Establishes a baseline for an existing enterprise's infrastructure and performs a gap analysis to pinpoint differences between the current infrastructure and identified requirements for projected growth.

Traffic Engineering and Quality of Service Analyses and optimists network traffic based on network capacity and priorities for various types of network traffic Security Assessment - Quickly identifies immediate security concerns and network weaknesses, and then uses this information as the foundation for a comprehensive network review. Penetration Testing - Uses a multi-phased process of penetration testing and access attempts to assess the type and extent of security-related vulnerabilities that may exist in your current security system. Security Policy Design - Translates an enterprise's existing security requirements into a documented security standard to ensure that information assets are protected throughout the network. Firewall Protection - Safeguards entry to an enterprise's network with a special security system that prevents external hackers from misusing Internet connections and dial-in lines.

Authentication - Leverages extensive authentication methodologies to verify that electronic messages come from their stated sources. Remote Access and Virtual Private Networks (VPNs) - Deploys and maintains the VPN to ensure that only authorized users can access the network. Uses sophisticated encryption technologies to encode data and prevent unintended recipients from capitalizing on it. Intrusion Detection - Utilizes advanced detection technology to scan for firewall "holes" and immediately detect and neutralize hacker attempts. Virus and Malicious Code Protection - Architects sophisticated protection mechanisms so that viruses and malicious code-which can be disguised as benign data such as e-mail-cannot penetrate your network.

Find possible security solution for the company discuss physical security and system security which includes (assigning responsibility, network security disaster contingency plan). also security awareness and compliance. The OZZICOM company is a big company that is accessed by huge number of people via the internet. So securing this environment is a very important factor that concerns the company. Lets start first by discussing the physical security solutions: 1. Surveillance and detection: by replacing video surveillance cameras... etc 2.

Alarm and sensors detectors 3. Security guards 4. Developed locks such as: finger print scanner or eye scanner. Regarding the system security or in another word software security, these solutions are effective: As more and more businesses shift from dial-up to always-on broadband Internet connections, such as DSL and cable, their networks are becoming more and more vulnerable to Internet hackers.

Here are some secuirty solutions: a) Email monitoring: a. Spot checks just are not enough anymore. The tide information system IS is turning towards systematic monitoring of corporate Email traffic using content monitoring software that scans for troublesome words that might compromise corporate security. The reason user of monitoring software said they are concerned about protecting their intellectual property and guarding themselves against litigation. Internet and other online Email systems are one of the favourite avenues of attack by hackers for spreading computer viruses or breaking into the network computers. Email is also the battleground for attempts by companies to enforce policies against illegal, personal or damaging messages by employees and there demands of some employees and others, who see such policies as violations or privacy rights.

The reasons for email monitoring are: Potential legal liability from information contained in Email Potential leaking of corporate secrets Use of email for racial or sexual harassment Complying with official regulations Personal and non business use of email Email monitoring policy: A statement that computer systems are the companies property and are to be used for business purposes only. A clear definition of what is and is not appropriate use of email A statement of employees that they cannot expect email to be private and that all email will be monitored An explanation that violations can lead to disciplinary action up to and including termination (introduction to IS) b) Virus defences: Every pc has to be protected from the latest viruses, worms, trojan horses and other malicious programs like back orifice that can wreck havoc on pcs, especially if the pc is periodically linked to the corporate network The latest computer virus prevalence survey from ICSA Labs found that computer viruses cost companies in the United States and Europe an average of $81,000 in 2002. And according to the Computer Security Institute, computer viruses generated a total cost of $49.9 million in the United States last year. The survey also determined that the monthly rate of computer virus infection in U.S. and European companies and organizations grew from 10 per 1,000 PCs in 1996 to 105 per 1,000 PCs last year.

That's way many companies are spending lot of money in building defences against the spread of these viruses Common ways that viruses spread: email attachments shared files floppy disks Infected documents and infected word processors c) Encryption Security This software package is used to scramble date or convert it prior to Transmission to a secret code that masks the meaning of the data to Unauthorized recipients. There are two kinds of cryptosystems: symmetric and asymmetric. Symmetric cryptosystems use the same key (the secret key) to encrypt and decrypt a message, and asymmetric cryptosystems use one key (the public key) to encrypt a message and a different key (the private key) to decrypt it. Asymmetric cryptosystems are also called public key cryptosystems. Symmetric cryptosystems have a problem: how do you transport the secret key from the sender to the recipient securely and in a tamper proof fashion? If you could send the secret key securely, then, in theory, you wouldn't need the symmetric cryptosystem in the first place -- because you would simply use that secure channel to send your message.

Frequently, trusted couriers are used as a solution to this problem. Another, more efficient and reliable solution is a public key cryptosystem, such as RSA, which is used in the popular security tool d) Firewall Computer security There are currently two distinct types of firewalls in common use on the Internet today. The first type is more properly called a packet filtering router. This type of firewall utilizes a multi-homed machine and a set of rules to determine whether to forward or block individual packets. A multi-homed machine is simply a device with multiple network interfaces.

The second type, known as a proxy server, relies on daemons to provide authentication and to forward packets, possibly on a multi-homed machine which has kernel packet forwarding disabled. Sometimes sites combine the two types of firewalls, so that only a certain machine (known as a bastion host) is allowed to send packets through a packet filtering router onto an internal network. Proxy services are run on the bastion host, which are generally more secure than normal authentication mechanisms. e) Password Security Password protect your computer and restrict access to it with Security Administrator. It enables you to impose a variety of access restrictions to protect your privacy and stop others from tampering with your PC. You can deny access to Control Panel applets, disable boot keys, context menus, DOS windows, Registry editing, Internet and network access.

Also one of the awareness and compliance that the company may face is the copyright issue. The company should protect her products throuhg the copyright law. Consider backup strategies for the company The best way or the best back up strategy should be based on the following steps: The effectiveness of a good backup program depends on your approach to file backup management. The following are key considerations: How valuable are your files? What would be the consequences of losing these files? Could you replace them? f so, what would be the time and cost required?

How often do these files change? Do you need to keep older versions of files? Does the device you use to back up files have any limitation of time, media capacity, or expense? Do you need to transport or distribute your backed-up files? Once backed-up, how important is immediate access to these files?

These issues can be divided into certain basic categories: value, change, performance, media capacity, and portability. Strategies frequently are based on a combination of these considerations and should develop a plan that lets you restore files easily should it become necessary. Value When you devise a strategy, consider your cost in time and money to replace lost files. For example, if you work for an insurance company managing client information and claims, then you would probably consider file loss disastrous.

The consequence of losing irreplaceable files makes it desirable to back up your files every day to different media. Change How often your files change is another key element to consider when planning an effective strategy. for example, losing even part of one day's input at a mail-order house would result in many lost orders and lost revenues. Your strategy might be to backup only changed files periodically throughout the day to ensure that a recent copy of all files exists. Media capacity and device performance You should backup completely once a day but this is not always possible due to time, media, or device restrictions.

You must assess your physical setup (for example, type and size of the available backup device) to effectively plan a strategy. Your strategy depends upon the kind of backup device you use, just as you may choose a device in response to the kind of strategy you consider necessary. Portability Media portability may also influence the strategy you implement. For instance, in situations where files must be circulated within your department or sent to another site, you would want to use a backup device to physically transport your media.

You must also choose a device with media compatible with other devices and with the environments to which you send the data. Media Use only high-quality media for your backups. GRBackPro is careful to check that each media is reliable but you can increase your long term reliability of the backup when you use high-quality media. Hardware Unsure that your hardware is fully operational. A backup program cannot operate effectively if the drive is not perfectly working.

Faulty disk controllers and other circuitry ca also cause information to be written incorrectly to the media compromising existing files. Labeling Clearly label all backup media. This will allows you to easily retrieve them when you have lost a file. Media Rotation There are two types of backups: Full Modified (also known as incremental or differential) A Full backup of your files require mode time and media. A full backup however, should be performed regularly (at least once a week, depending on your work volume). A modified backup saves time and media.

Usually, only a few files on you hard disk are new or have been changed since each week. The Incremental mode backs up any files that have changed or been created since the most recent Full or Incremental backup. The Differential mode backs up all files that have changed or been created since the most recent Full backup. Finally, to minimize data loss and computer downtime when a hard disk crash occurs, you should follow these rules when backing up your data: 1. Perform a Full backup of your hard disk, and make sure that the option Clear archive attribute bit on the source file on the Backup dialog is checked. Place this backup in a safe place.

2. Perform Modified backups as a part of your future backup strategy rather than backing up your entire system. This method saves time and media. When you select the Differential mode the backup program backs up only those files that have been modified or created since the last Full backup.

3. Maintain at least two sets of backups with Modified backups, and rotate these sets to be prepared for a system crash. Restoring the latest backup set updates your system to its latest stable state. Would you recommend encryption? For some security reason encryption can be one of the most efficient way to protect the system of the company especially when exchanging sensitive data (e. g., financial or personal information) over the Internet, senders and receivers require secure communications. For example, a user of a Web services protocol such as SOAP may want to encrypt the payload part of the XML message but not the information necessary to route the payload to its recipient.

Or, an XForms application might require that the payment authorization be digitally signed, and the actual payment method, such as a credit card number, be encrypted. And, of course, XML Encryption can be used to secure complete data objects as well such as such as an image or sound file. What is encryption? how does it work? List at least four method of encryption technologies that are available and explain 2 of them. Encryption is the process of scrambling information such that it is only readable by intended recipients, after unscrambling. While an encrypted message or file may be accessible to a wide community, such as network intermediaries, it is not meaningful to those intermediaries, or to eavesdroppers who may be watching information packets travel across a network.

Encrypted data has been rendered opaque by mathematically encrypting it in a way that makes it unreadable to anyone except those possessing the secret, or "key" to decrypt it. How does it work? If the security settings of your browser are correct, you will be informed of any potential recipient web sites that are suspicious or should be avoided. That is how unauthorised third parties will be prevented from getting access to data during transfer: whenever a form is used for transferring sensitive data, it will automatically be subject to SSL-mode (Secure Socket Layer-mode). The corresponding encryption is based on the SSL-certificate consisting of two keys: the public and the private key. If you are sending personal data to Trusted Shops, you are using Trusted Shops public key for data encryption.

During the data transfer to Trusted Shops, your personal data is protected from unauthorised access by third parties. Only Trusted Shops is in possession of the private key required! All this happens automatically whenever you select a secure connection that can be easily identified by the https preceding the URL address (e.g. http: / web) and the activated lock or key symbol in your browser window. Methods of Encryption There are several methods can be used to encrypt data streams, all of which can easily be implemented through software, but not so easily decrypted when either the original or its encrypted data stream are unavailable. (When both source and encrypted data are available, code-breaking becomes much simpler, though it is not necessarily easy). Here are some methods: 1- Data Encryption Standard (DES): DES was designed in the early 1970's and adopted by the U.S. government by 1977.

It encrypts 64-bit blocks of text using a 56-bit key. This yields trillions of possible permutations. Unfortunately, the 56-bit encryption can be broken by high powered, but affordable, workstations (Bruno). Because DES can be so readily compromised, many suppliers are using a variation referred to as "triple DES". Under this system, each block of text is encrypted three times using three different keys.

Although there is an increasing number of alternative algorithms available, and the U.S. government has yet to embrace it, triple DES is emerging as a "de facto commercial standard" (Bruno). Encryption can be improved further by using longer keys. However, the U.S. government currently restricts export of keys longer than 40 bits. This is a length that is not difficult for many to crack. A further discussion surrounding the U.S. government and encryption can be found later in the paper.

Longer keys do not necessarily guarantee security. Mathematics tells us that if keys are made long enough, it would take hundreds of years without a supercomputer to crack the code. However, as demonstrated by a French hacker in August of 1995 and again later by two computer science graduate students at the University of California at Berkeley in December of the same year, it is possible to quickly find shortcuts to finding the secret key. It has been demonstrated that on some systems the random numbers generated are not necessarily very random. The graduate students used two days to evaluate the vulnerabilities and write a program which could guess the encryption key within one minute (Sandberg 5). Another possible way around the encryption keys is by eavesdropping and timing precisely how long it takes the secret key to be computed.

Once this is known, it allows the hacker to significantly reduce the number of possible permutations 2- stream cipher: stream cipher is a type of symmetric encryption algorithm. Stream ciphers can be designed to be exceptionally fast, much faster than any block cipher while block ciphers operate on large blocks of data, stream ciphers typically operate on smaller units of plaintext, usually bits. The encryption of any particular plaintext with a block cipher will result in the same cipher text when the same key is used. With a stream cipher, the transformation of these smaller plaintext units will vary, depending on when they are encountered during the encryption process. A stream cipher generates what is called a key stream (a sequence of bits used as a key). Encryption is accomplished by combining the key stream with the plaintext, usually with the bit wise XOR operation.

The generation of the key stream can be independent of the plaintext and cipher text, yielding what is termed a synchronous stream cipher, or it can depend on the data and its encryption, in which case the stream cipher is said to be self-synchronizing. Most stream cipher designs are for synchronous stream ciphers. One-time pads Current interest in stream ciphers is most commonly attributed to the appealing theoretical properties of the one-time pad. A one-time pad, sometimes called the Vern am cipher uses a string of bits that is generated completely at random.

The key stream is the same length as the plaintext message and the random string is combined using bit wise XOR with the plaintext to produce the cipher text. Since the entire key stream is random, even an opponent with infinite computational resources can only guess the plaintext if he or she sees the cipher text. Such a cipher is said to offer perfect secrecy, and the analysis of the one-time pad is seen as one of the cornerstones of modern cryptography while the one-time pad saw use during wartime over diplomatic channels requiring exceptionally high security, the fact that the secret key (which can be used only once) is as long as the message introduces severe key management problems. While perfectly secure, the one-time pad is in general impractical. Stream ciphers were developed as an approximation to the action of the one-time pad.

While contemporary stream ciphers are unable to provide the satisfying theoretical security of the one-time pad, they are at least practical. As of now there is no stream cipher that has emerged as a de facto standard. The most widely used stream cipher is RC 4. Interestingly, certain modes of operation of a block cipher effectively transform it into a key stream generator and in this way, any block cipher can be used as a stream cipher; as in DES in CFB or OF modes. However, stream ciphers with a dedicated design are typically much faster 3- data repositioning 4- opportunistic encryption Design a WAN model for this company considering all security issues discussed earlier. a professional WAN design should save the company time and money by; Not wasting time designing an inappropriate solution. Identifying all the issues involved in the installation so that the installation team are fully prepared.

Setting the correct performance expectation so that our customers know exactly what will be delivered. Ensuring that the installation is successful first time without the need for repeated visits The requirement analysis for WAN design are quite similar to that of LAN design. The most scalable design for Wide Area Network implementation is a 'Hierarchical model' with each layer performing a particular function. Enterprise WANs can be made up of several different WAN technologies. Placement of servers is very critical in order to control traffic patterns across the WAN.

Analyze Requirements (of the network and its users) Business issues Technology issues Administrative issues Gather Data - o Corporate Structure o Business information flow o Applications in use o Current topology o Performance characteristics of current network o Determine if documented policies are in place o Mission-critical data o Mission-critical operations o Approved protocols and platforms o Control versus distributed authority Business requirements Technical requirements New applications or business operations Availability requirements - o Throughput o Response time o Access to resources Design Rule: First and foremost you must understand the customer and find out what availability means to your customer. Analyze Network Load Requirements Client / Server applications Host / terminal applications Routing protocols Regularly scheduled services, such as file backup Estimate worst-case traffic load during the busiest times for users and during regularly scheduled network services Design Rule: Before developing an internet work structure and provisioning hardware, determine the network traffic load. Evaluate applications that cause traffic problems A point-to-point link provides a single, re-established WAN communications path from the customer premises through a carrier network, such as a telephone company, to a remote network. A point-to-point link is also known as a leased line because its established path is permanent and fixed for each remote network reached through the carrier facilities. The carrier company reserves point-to-point links for the private use of the customer. These links accommodate two types of transmissions: data gram transmissions, which are composed of individually addressed frames, and data-stream transmissions, which are composed of a stream of data for which address checking occurs only once.

Circuit switching is a WAN switching method in which a dedicated physical circuit is established, maintained, and terminated through a carrier network for each communication session. Circuit switching accommodates two types of transmissions: data gram transmissions and data-stream transmissions. Used extensively in telephone company networks, circuit switching operates much like a normal telephone call. Packet switching is a WAN switching method in which network devices share a single point-to-point link to transport packets from a source to a destination across a carrier network.

Statistical multiplexing is used to enable devices to share these circuits. Asynchronous Transfer Mode (ATM), Frame Relay, Switched Multi megabit Data Service (SMDS), and X. 25 are examples of packet-switched WAN technologies. Regarding the security issues, the security procedures that we applied in designing a model for OZZICOM enterprise network security. 1. Security Assessment 2. Penetration Testing 3.

Security Policy Design 4. Firewall Protection 5. Remote Access and Virtual Private Networks (VPNs) 6. Intrusion Detection 7. Virus and Malicious Code Protection List the internal and the external threats that might face the OZZICOM system Incidents of both internal and external computer crimes appear to be on the rise. Recent surveys indicate that disgruntled employees may account for up to eighty-nine percent (89%) of attacks and security violations.

Threats that surface from the inside are: Acts of revenge, stemming from employee rivalry and / or jealousy. Employees providing access to company resources to friends and family, thus exposing other company resources to unacceptable risk. Theft of company intellectual property, (for instance, sharing with friends outside the company). Collecting or selling company trade secrets (corporate espionage). Hardware / Software theft.

Lack of accountability. Increasingly, companies are relying on outside contractors (not in itself a bad thing), and giving these contractors full employee privileges. However, considering the lack of accountability potentially implicit in short-term contracting, certain precautions should be taken. The best way to deal with this risk is to do background checks on all contractors, and weigh and evaluate all authorization they are given access to.

Some of these privileges not always be obvious. For example, if a contractor has LAN access, you may be inadvertently granting him or her full access to all internal file shares and system resources on your Intranet. Does your Intranet server contain propriety documentation for internal employee-programmers? If so, are there restrictions stopping non-programmers or employees from accessing these sensitive documents, if all that is required is internal LAN access?

It also must be said that the most powerful person in your company is not a manager or corporate officer, but the sys admin. Since this person has full access to most systems, and in many cases designed the security system used to keep others out it is the sys admin who knows the inside of the system, knows how the networks are configured, and what trust mechanisms exist between machines. Thus he or she has the best understanding of how to do damage. Commonly, sys admins are also the only people with super user access passwords or the software authorization codes.

This situation poses another risk in that it presents itself as a single point of failure. To prevent such risks, I typically recommend to my clients that the establishment of alternative root or administrator accounts be created with a strong randomized password. This password should then be broken into three parts and given to officers of the company. Thus, when denial of access problems occur (e.g. : if the sys admin is hit by a truck, or simply snowed in at an airport halfway across the country), emergency access can be obtained with minimal difficulty. Programmers and engineers are notorious for installing administrative backdoors in to their workstations and development servers.

Crackers or other employees frequently discover and use these backdoors for nefarious purposes. The best protection against the above is having a independent third party, or at least a team of programmers from a different department / project, professionally review the integrity of your source code tree. Other employee based security violations include dialing up to a ISP from work thus inadvertently becoming a back door on to the company LAN. In many other cases employees install backdoors to allow themselves to work remotely from home or satellite offices, thus creating alternate unrestricted access pathways that are vulnerable to attack.

What kind of security should you consider for dial-up access? discuss First of all to extend the accessibility of the company server can prove to be a valuable resource for your employees that spend time away from the office, or perhaps a means to bring timely information to a remote broadcast; but, at the same time, you provide a prime opportunity for hackers to gain entry onto the network. Whichever remote access solution you decide upon, the first and most important detail to be considered is securing the network. You have no doubt heard of, or perhaps even have set up, a firewall. The firewall is a security mechanism used to control access to your network.

Most firewalls are hardware devices; however, several software products are available for small networks and individual workstations. The hardware-based firewall has been around for several years, and is also known as a "proxy server" or "gateway". The concept behind it is simple: an outside user would first establish contact with the proxy server, which would require the proper authentication, typically in the form of user name and password. Once the user is verified and authorized, the proxy server will then establish a "session" between the user and server. You will recall that the networking model that is in use today is defined by a document known as the Open Standards Interconnect (OSI) and is comprised of seven layers: physical, data link, network, transport, session, presentation and application. Each layer provides services to the other layers immediately before and / or after it.

Firewalls generally operate at either the Network or Application layer. A proxy server is an example of a firewall operating at the application layer. Essentially, a firewall operating at the application layer eliminates the direct flow of data between the network and an outside user. Firewalls operating at the "network" layer route traffic based on the source and destination addresses, as well as the intended port of each IP packet. The definition and use of ports is a lengthy subject but, simply put, it presents "virtual slots" used to map connections between two hosts at the Transport Control Protocol (TCP) or User Datagram Protocol (UDP) levels. Network firewalls permit traffic into a network based on a set of rules that are programmed by the network administrator.

The rules determine what type of traffic is permitted on the network and what will be blocked. The current generation of network routers has sufficient intelligence that allows them to be programmed to act as a simple firewall. Dial-up access By far the simplest method for remote access, dial-up access to your network can be accomplished in a variety of ways, depending on the number and location of users that will need to use the network. The most rudimentary method to implement dial-in access would be to add a basic PC workstation equipped with one or more modems and a network card to your existing network. Outside users would dial the telephone line (s) that have been assigned to the modem (s). The login process may vary depending on the type of network operating system and configuration of the host PC.

Most dial-in access uses the standard dialer client program that you probably use to dial-in to your Internet Service Provider. You would create a dial location containing the telephone number and protocols for your dial-in number. Another means to gain remote access would be to use a program such as PC Anywhere or Co Session that would mimic the operation of the PC located in the office as if you were there. One drawback of this method is that someone could watch what you are doing remotely on the office PC and possibly gain privileged information.

Accommodating a larger user base is slightly more complicated and requires either the use of centrally located modem banks or access provided by the telephone company. Modem banks are typically rack-mounted equipment frames that accept plug-in modem modules. Each module is attached to a dedicated telephone line. Modem banks aggregate traffic flowing through the individual modems into a single signal such as T 1 or USB. Another approach, offered by the various telephone companies, allows users to access your server using local dial lines through leasing access to local modem banks located within a particular region or nationally. The data from these connections are delivered directly to your server using your existing Internet connection.

Extranets and VPNs Extranets permit the access of company information through a web site using any Internet connection including dial-in, VPN, T 1, etc. Implementation of an extranet typically doesn't require much in the way of external hardware, with the exception of a good firewall. The design of a proper extranet requires the collaboration of web designers and IT managers. Using the global presence of the Internet, VPNs provide a secure and cost-effective solution to connect remote users to your network. One recent study predicts that, over the next three years, the majority of businesses will use VPNs. As you will recall, the VPN works through a process called "IP Tunneling".

IP tunneling permits the transport of both IP and non-IP protocols over any TCP / IP network, including the Internet. The VPN also offers a higher lever of encryption, thus eliminating the possibility of any data becoming "readable" by potential hackers. Implementation of a VPN is achieved using the standard network hardware, such as a firewall, router, etc. More recently, single devices are available that integrate the firewall, router and a means to manage bandwidth into a single device which supports all the VPN specific protocols. Specialized software that handles the log-on / off, IP tunneling and encryption processes is loaded on the remote computer. Starting a VPN session is as easy logging on to your ISP.

As with any major addition to your network, it's important to have a complete understanding of the potential benefits vs. the security risks, and always maintain a security plan that is applied consistently. 10 discuss aspects of security such as data accessibility, data integrity, data confidentiality. Data accessibility: Data Accessibility is the key to efficiency in most organizations. The ability to retrieve specific documentation instantaneously, without the need to either hunt through a filing cabinet or search through large network drives for a document or file. Conventional documents on the file server do not contain a description in their name or any indication as to what they are related to or what the file contains. Data integrity: is an umbrella term that refers to the consistency, accuracy, and correctness of data stored in a database.

Data integrity is not about physical security, fault tolerance, or data preservation (backups) Data confidentiality: Ensuring that information is not accessed by unauthorized persons.