NETWORK BASED SECURITY INFORMATION SYSTEM FOR SHELL PRETROLEUM COMPANY

CHAPTER ONE

1.0 INTRODUCTION

In todays trend of information and security treat the main tool use in businesses to protect their internal network is the firewall. A firewall is a hardware and software system that allows only external users with specific characteristics to access a protected network. While firewalls are indispensable protection for the network at keeping people out, todays focus on e-business applications is more about letting the right people inside your network. Network security can be defined as protection of networks and their services from unauthorized modification, destruction, or discovery, and provision of guarantee that the network performs in critical situations and have no harmful effects for neither user nor for employee. The International Telecommunication Union ITU, the International Information Processing IFIP, World background Organization WCO is all running to develop standards related to electronic commerce. DES was the result of a research project set up by International Business Machines IBM corporation in the late 1960s which resulted in a cipher known as LUCIFER. In the early 1970s it was determined to commercialize LUCIFER and a number of important changes were introduced. The encryption technology for network security, implementing information encryption and transmission on the network by using DES algorithm. Information security strategies deal with two issues: protecting the integrity of the business network and its internal systems. The field of information Technology IT Security as information technologies is represent merely component of information systems. A setting of a security can be defined as an organized framework consisting of concepts, beliefs, principles, policies, procedures, techniques, and measures that are required in order to protect the individual system property as well as the system as a whole against any intentional or unplanned threat.

1.1BACKGROUND OF STUDY

Information system occupies a vital and unique position in any organization by virtue of the data and information, which it contains. Security of information is of great importance to any given organization this makes the information reliable since information stored can be referenced whenever necessary access by unauthorized persons.

This project analysis the activities and importance of securing information in any organizations and to see that the information is accurately maintained to help the management in decision making and control of the diverse activities of the organization.

The Shell petroleum company are one of the Nigerian petroleum supplying company as a result keeps record of vital information given to them by any client so as to enable them make supply and sells.

Therefore, for effective administration and management, the provision of network based security information system for every source of data is certainly inevitable, since it will take care of all the problems and inadequacies of the manual system.

Security plays very important role on information. Most security initiatives are defensive strategies aimed at protecting the network base and collection of information and data, including the exchange of data such as electronic data interchange, email, access to data shared databases, electronic bulletin boards, and automatic data capture bar codes, etc. In information and network data security system the situation there are five interrelated and interacting components people, software, hardware, procedures and data, one comes to the conclusion that security systems are and should be looked upon as information systems, comprising a technological communications and an organizational framework, rather than pure technological infrastructure. Security harms of TCP/IP TCP/IP, which is the main protocol used by Internet, has good behavior of interconnection, the independent technology of net, it support to many other protocols of application, and so on. Result based on the risk analysis, security policy is created. It consists of two parts: 1 General security policy: The description of its processes and Organization, security policy Objectives, security infrastructure, identification of Assets, confidential data and general threats, Description of present status and description of Security measures, contingency plans. 2 System security policy: It defines implementation of security policy in a specific system of a company. With security mechanisms based on security policy being in place, it is important to monitor their actual functionality. Internet security method 1 Physical Internet security 2 Encryption techniques: The information on the net, which is transporting or storing, could be encrypted in order to prevent the steeling behaviors from the third party. Encryption is the most common method of ensuring confidentiality. 3 Virtual private network VPN technology: VPN technology using variable public network as a transmission medium of information, through the additional security tunnels, user authentication and access control technology similar to a private network security. 4 Data encryption technology: The so called data encryption is to re-encode the information in order to hide the information content, so that unauthorized users cannot obtain the information content, it is an important security way in ecommerce. 5 Firewall techniques: Firewall technology is a secure access control technology. The basic types mainly are application gate, circuit level gate firewall based on the packet filtering, and firewall based on the all state checking. Firewall technology used in an insecure public network security environment to accomplish local network security. Firewalls should a small part of the business security infrastructure

5 Strengthen the preventing and treatment of viruses: Viruses are the most showing threat to client systems. Setting the client level protecting, web access, email serve level protection, and file application serve level protection. Setting all the system files and executive file read only is useful to protect important files. Restraining using floppy disk with uncertain resource, as well as the piratical software, is significant for cutting the spread path of the viruses. The emails should be kept unread, the same to the accessories. The multiple privilege access schemes present in Unix, VMS and other multiuser operating systems prevents a virus from damaging the entire system. It will only damage a specific users files. A part of concern should also be put into the insecurity the system itself, which needs updating from the realty explorer regularly. If the system had be found to be contagious unluckily during the checking, corresponding methods should be carried out to clear the viruses away from the net.

1.2STATEMENT OF THE PROBLEM

In spite of the level of computation of various organizations, this particular organization on discussion is still at the grass root level. It requires a certain degree of protection especially of vital equipment’s, properties and information and this cannot be realized through the current system of operation, which is the manual system.

1.3PURPOSE OF THE STUDY

The purpose of this study is to provide a network based, security information system and interactive package that will accurately and efficiently record all data and information about business operation and management.

It will also eradicate the numerous problems associated with the manual technique of securing information in order to facilitate the transfer and retrieval of information between the various departments of the organization,

1.4AIMS AND OBJECTIVES

Having studied the activities of the police station some benefits could be derived from the computerization of information system and this includes:

1.Higher security efficiency of information

2.Quicker access to individual data

3.Faster treatment of information security oriented cases.

4.Provision of output information in a readily comprehensible form to those persons involved in the activities of the organization. Provision of communication channels. To compass formal and informal component.

To provide storage facilities for data not immediately required or that may be required to be used more than once.

1.5THE SCOPE OF THE STUDY

This study will cover shell Petroleum Company and its operation and activities carried out in terms of information sharing and data. Also the scope is centered on eradicate the numerous problems associated with the manual technique of securing information in order to facilitate the retrieval of information.

1.6LIMITATIONS

A lot of militating constraints were encountered during the course of this write up. They are:

Inaccessibility to some documents, which arose due to security, imposed on some of the organization documents by the management. It was not also possible to make an indept study of these documents, which would have helped in the development of the project work.

Time was a major limitation to this write up, there wasn’t enough time to study the details of the various field of the information department of the organization unavailability of textbook needed for this write up was not found in the institution library.

1.7ASSUMPTIONS

For easy implementation of this study some assumption were made.

It is assumed that the software to be designed for the study will help shell petroleum in an effective service delivery.

Finally, it is also assumed that by computerizing this organization, information security has been implemented to handle their day to day cases in a better and more organized manner.