Reviewing Computer Security Precautions And Procedures Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

You are appointed as the new Network Manager for Sylhet Solutions Inc. It is a large multi-national organization which has an extensive network of PCs comprising more than 1000 systems. This organization relies heavily on its vast network for its day to day operation. Any potential risks need to be identified and minimized as far as possible.

Recently a large number of PCs were affected by a virus, causing a work stoppage among the administration and accounting department. Following this incident of large scale virus infection, the company management has decided to completely review all the computer security precautions and procedures in use within the organization.

This assignment has been designed to ensure that you can identify potential threats to the security of the organization's network and formulate appropriate action plans and security policies to minimize the risks.

Aim

To produce a comprehensive Security Review report detailing the various potential threats to the organization's network along with proposed solutions, which will help to minimize the risks. You are required to identify any appropriate technologies and equipment required. In addition, you are required to produce a set of Acceptable Use Polices to be introduced and to act as guidelines for staff using the organization's network.

The Security Review report and associated policies will form the basis of a presentation to the management in order to highlight the security risks and your proposed solutions.

TASK 1

Task 1 - 25 Marks

Research and document the various aspects of network security that need to be considered for the organization including each of the following topics:

Access control (5 marks)

User authentication (5 marks)

Firewalls (5 marks)

Virus protection (5 marks)

Accessing the Internet (5 marks)

Network security

To begin with a computer network is group of computers interlinked by connecting devices for the sole purpose of sharing of information, resources and communication. And network security concerns with protecting a computer network from intruders, who most indefinitely would misuse, access and change unauthorized information. By connecting to a network, a person increases the likelihood, of putting his/her information at stake. Access to a network can be gained by computers, cell phones, and PDA's and they all more or less have the same risk of danger. Nowadays with wireless networks, hardware firewalls can't be built like networks linked with cables and so is much more prone to invasion. The particular aspects of network security described below should be considered when connecting a device to a network.

Network Access control

Network access control deals with limiting access to a network, to only those who are authorized to access, so as to prevent data intrusion. The main theory of network access control is the synchronization of the concepts of user authentication and end point security. This mode of protection given to a network uses a set of rules to describe and implements a policy which defines how to protect the network nodes from devices that try to access the network. The main concept of access control is the synchronization of user authentication and end point security.

User authentication

When it comes to a network, there have to be different privileges to different people. When it comes to giving and restricting access to different documents to different people there are two ways in which this can be done.

By using a user name and password.

By using the host name of the browser that is being used.

For things like restricting access to documents used within a company, the hostname of the browser should be used. But when it comes to networks, where all the documents are scattered everywhere, and the network administrator needs to give accessing privileges on an individual basis the user name and password comes into play. There are basically two steps for creating and administrating user names and passwords.

The first step is to make a file that contains the user names and passwords.

Then the second step is to let the sever know which and which files are to be accessed once the user name and password are entered.

And thus the main objective of user authentication is to control access to the information in a network by recognizing yourself as authorized personnel. And so further preventing the network and it resources from crackers and hackers.

Firewalls

A firewall is software, which provides protection to a personal computer or network, by restricting unauthorized access, and other unsafe entities available like the internet. All the information through the network is constantly scrutinized, by the available firewall. If by any chance the information trying to gain access to the network doesn't meet the policies and criteria of the firewall access is denied. Nowadays operating systems usually come with an inbuilt firewall or else a person can opt to install a firewall separately. There also can be software firewalls and hardware firewalls or a combination of hardware and software. Basically there are four types of firewalls, namely;

Application gateway - This firewall applies its security functions to specific applications, such as FTP and telnet. This is a very effective firewall to use, except for the fact that it imposes a performance reduction.

Circuit level gateway - The circuit level gateway firewall, applies its security mechanisms to TCP and UDP connections once they have a connection made. So once a connection is established, the packets can flow in between the host, without any further checking of them.

Packet filter - The packet filter checks every packet that passes through the network, and the packets are checked against a set of user defined rules and is accepted or rejected according to that. Given that it is quite difficult to configure, its effective and mostly user transparent. And it is also vulnerable to IP spoofing.

Proxy server - The proxy sever, in turn intercepts all the messages going into and out of the network. And also it effectively conceals the true network addresses.

Virus protection

The tendency to which a device is infected by viruses increases when a device connects to the internet, thus breaking down the whole network. Viruses, in order to get in to computer or network, must attach to some other document or program in order to initiate. After initiating the virus can attack the whole system. There are varied techniques in which a virus can infect a computer. Some viruses steal data or destroy data, and use malicious access to computer resources. This stolen information is used for the competition of stealing customer information and also for identity theft. And sometimes this stolen information is destroyed for malevolent reasons or just to upset business processes. And sometimes a virus is used as a doorway for accessing computers information, and exploiting its use by destroying them and can go as far as crashing a person's computer system. In spite of all these dangers of viruses there is always a cure. By installing a firewall and a regularly updated virus guard can considerably reduce the probability of virus attacks.

Accessing the internet

Accessing the internet makes a computer more prone to various disasters, since it is a portal that connects the whole world. So on must indeed be aware of how these disasters come by and how to prevent them. The potential dangers of the internet can include viruses, hackers, crackers, data loss and so on. So in order to prevent all this trouble organizations can; install and keep updated a good anti virus and firewall, prevent access to other sites except organization approved sites, keep people in the organization from downloading unnecessary file and software. Following policies implemented by the organization can save everyone a lot of trouble, money and precious time.

Internet usage policies: limiting the browsing capabilities of employees

E-mail usage policies: limiting e-mail usage for only doing what the company needs

Password policy: have administrator passwords and other needed passwords to allow access to the company documents to only authorized personnel

Instant messaging policy: using the IM facility for only company related work

Software installation policy: forbid the installation of unnecessary software.

Task 2

Task 2 - 10 Marks

A user in your company calls to report that she's unable to log on to e-mail. You respond with a couple of quick questions. Because you know that no one else is using the network right now, you cannot determine if the problem is unique to her machine or if the problem affects the entire network. Probing further, you also learn that she's unable to print. You decide this problem is probably easier to troubleshoot from the user's computer.

Using the structured troubleshooting method, outline the things you must check and the questions you must ask when you arrive at the user's office. Based on the possible responses to your questions, describe the actions you will take to correct the potential causes.

Troubleshooting

One of my colleagues in the company I work for called to inform that she was having problems logging into her email account using one of the computers connected to the network at office. I as the network administrator asked her a couple of quick questions only to find out that she was also having trouble printing. As she was the only one using the network, getting to the root of the problem over the phone was difficult. So I drove to office planning to start troubleshooting with her computer.

Troubleshooting by definition is simply finding the problem with a computer or network and finding a solution to it. Structured troubleshooting is by far the best way to solve problems with a network. It consists of a series of steps;

Define the problem clearly and note down the evident facts

The problem is the inability to log in an email account and printing, both problems in a computer connected to a network. No one else was using any other computers in the network at the time of the problem.

Gather more information on the subject and analyze the problem further.

The following questions provided answers to get to the root of the problem.

Question 1: Have you been able to log into your email account before using this computer?

Answer: Yes

Question 2: Have you been able to print before using this particular computer?

Answer: Yes

Question 3: Is the printer in question connected to the network?

Answer: Yes

Question 4: Did you try connecting to the intranet mail server?

Answer: Yes

Question 5: Have you had any other problems logging into your email account before this incident?

Answer: No

Question 6: Did anyone else, use any other computers at the time?

Answer: No

Question 7: Did both the mentioned problems occur at once?

Answer: Yes

Question 8: Did you make any changes to the configuration settings on the computer?

Answer: No

Question 9: Did you plug or unplug any cables attached to the network?

Answer: No

Question 10: Did any other problems besides the once mentioned occur at the time?

Answer: No

Question11: Did you install any software to the computer before trying to log into your email account or print?

Answer: No

Question 12: Did you plug and open any removable disks into the computer before scanning and disinfecting it first?

Answer: No

Determine the probable causes of the problem.

The problem may be caused due to the company's network failure.

The cables between peripherals in the network can be damaged.

The cables connecting the peripherals might not be fixed properly.

Viruses might have infected the network.

The router might be broken.

The problem might be caused due to a problem with software installed in the network.

There might be software malfunction.

The network configurations might be configured in a wrong way.

A virus infection might have taken place through the installation of software.

The problem might be with the hardware connected to the network.

Cables connecting the network peripherals might be damaged.

The cables might be loosely fitted.

The network Card interface might have failed.

The hardware connected to the network might have failed.

Determine the probable solutions to the problems.

The problem may be caused due to the company's network failure.

Check the cables and verify that they aren't broken.

Check the connections between the cables and verify that they aren't connected loosely.

Scan the computer and network thoroughly for viruses.

Check for any problems with the router

The problem might be caused due to a problem with software installed in the network.

Check all the software in the computer for any malfunctions and that all the necessary software are installed.

Check whether the network is configured in the right way.

Scan very thoroughly for computer viruses.

The problem might be with the hardware connected to the network.

Check the cables connecting the network peripherals to check that they are not damaged.

Check for any loose connections between the cables.

Check if the network interface card is working properly.

Check to see if all the hardware is functioning properly.

Define clearly the solution which is to be implemented.

Solutions for network failure

Verify that the cables are not damaged and if they are try using new cables.

Verify that the cable connections are not loosely fitted, if they are fit them properly.

Scan the machine for viruses, and install and up-to-date virus guard and remove all the viruses.

Verify that the router is working properly, if not replace with a new router. And also check whether the router is configured correctly.

Solutions for software failure

Verify that all the network configurations are correct otherwise configure them correctly.

Verify that all the necessary software is installed and working correctly otherwise, install the software needed.

Use and up-to-date virus guard and scan the computer thoroughly for viruses. If the computer is already ruined format the whole computer and configure the computer all over again.

Solutions for hardware failure

Verify that all the cables in use are not broken. If so replace them all with new cables.

Verify that all the cables are properly connected. If not reconnect them all properly.

Verify that the router is responding and working by using (ping :192.168.4.241). If this does not work then use the TRACERT command to identify the problems. And see if the router is working properly if not replace the router with a new one or reconfigure it again.

Scan the computer with an updated antivirus guard and clean the computer.

Observe carefully the results of this implementation.

After implementing all the necessary steps check for the results and see if the problem persists. Make a test plan to suit the situation put it into action.

If the solution implemented solved, then document your actions.

If the implemented solution works and the problem is solved then document the problem solving technique. If not, start all over again!

To prevent any further problems, devise preventive measures.

Measures to prevent network failure

Once in a while check whether the cables are damaged and replace them.

Once in a while check whether the cables are properly fitted and reconnect them properly.

Scan the computers regularly with and updated virus guard and keep the computers clean.

Once in a while check that the router is properly configured and working.

Measures to prevent software failure

Once in a while check that all the software is properly working and all the necessary software are installed.

Inform all users on how to prevent viruses from infecting computers.

Make sure no one configures the computers without unknowingly and lacking a knowledge of network configuration.

Keep and updated virus guard and have regular scans of the computer.

Measures to prevent network failure

Once in a while check if the cables are not broken and are fitted properly and replace broken cables.

Make sure that the router is working properly and is properly configured.

Scan the computer with an updated virus guard and have firewall regularly

Task 3

Task 3 - 20 Marks

For an Internet-connected local area network (LAN) with which you are familiar (for example your company or college network):

Determine whether the LAN is connected to the internet through a firewall. If so, determine the manufacturer and the model number of the firewall; what are the security features available in the Firewall. If no firewall is in place, research 3 Firewall products and report with its manufacturer and model number and the features (15 marks)

Give reasons for the appropriateness of a particular firewall for your organization (5 marks)

Firewall

A firewall is software, which provides protection to a personal computer or network, by restricting unauthorized access, and other unsafe entities available like the internet. All the information through the network is constantly scrutinized, by the available firewall. If by any chance the information trying to gain access to the network doesn't meet the policies and criteria of the firewall access is denied. Nowadays operating systems usually come with an inbuilt firewall or else a person can opt to install a firewall separately. There also can be software firewalls and hardware firewalls or a combination of hardware and software. Basically there are four types of firewalls, namely;

Application gateway - This firewall applies its security functions to specific applications, such as FTP and telnet. This is a very effective firewall to use, except for the fact that it imposes a performance reduction.

Circuit level gateway - The circuit level gateway firewall, applies its security mechanisms to TCP and UDP connections once they have a connection made. So once a connection is established, the packets can flow in between the host, without any further checking of them.

Packet filter - The packet filter checks every packet that passes through the network, and the packets are checked against a set of user defined rules and is accepted or rejected according to that. Given that it is quite difficult to configure, its effective and mostly user transparent. And it is also vulnerable to IP spoofing.

Proxy server - The proxy sever, in turn intercepts all the messages going into and out of the network. And also it effectively conceals the true network addresses.

The three types of firewalls explained below are software firewalls.

Comodo Internet Security

Model: Comodo Internet Security Premium

Manufacturer: Comodo Group (Jersey city, New Jersey)

Features

The Comodo firewall, in order to send data, has the ability to surpass leak tests and connect with the server.

Hackers, sometimes attempt to change and execute code used in the default browser. Comodo has the ability to prevent such an attempt. And also if a malevolent HTML page tries to execute it is also prevented.

Another way in which hackers try to exploit personal information is by using packet sniffers and key loggers. Comodo detects, squelches and stops the key loggers from repeatedly trying to hack the information.

Sometimes hackers attempt to install system infections that go undetected in the system reboot and starts infecting every time the user opens windows explorer. Comodo detects such attempts and strikes the infections dead.

Registry keys are protected, by detecting and stopping any process that tries to influence the security descriptors associated with the registry keys. And it will also not allow a driver to be loaded to the operating system by malware.

Hackers try and attack certain known and common product components with the intention of terminating its vital processes, because each and every security product relies on specific registry entries. So if by any chance, a suspicious process tries to send a message to shut down, Comodo has the ability to stop obeying orders.

Comodo all in all, since it is more than a firewall has the ability to detect and block, Trojans, key loggers, viruses, worms, root kits and other malware.

The signatures of the programs that are supposed to run on the machine are checked against a database and first run on a virtual sandbox to determine whether it is safe to run them on the computer.

Ease of use

Security policies predefine by the firewall can be enabled or disabled to liking of user, after the user has read the firewalls expert system advice.

Security considerations appear with every detection of malware and alert pop ups.

Kaspersky Internet Security

Model: Kaspersky Internet Security 2011

Manufacturer: Kaspersky Lab (Moscow, Russia)

Features

Kaspersky internet security is special, effective and current since it is a two way firewall.

Every network connection made to the computer is monitored. Every time the firewall detects a new network, it provides the user an opportunity to assign a status to the network according to whether it is a LAN at an organization or at home where access to printers and files are required, whether it is public network like the internet, whether it is trusted network where traffic can go unchallenged.

Virtual private networks and wireless networks are provided with full protection.

Spam, malware, key loggers, and phishing sites are blocked by this firewall.

A database containing current threat-signatures is updated regularly through the firewall's global threat monitoring system.

It also detects and blocks worms, Trojans horses, adware, spy ware, viruses. Emails, internet traffic and files are scanned too. When objects that might need to be in quarantine or be disinfected are scanned using the firewall, they are checked against database of known malware. Even if they are new, their behavior is analyzed carefully, if they are found to be having similar behavior to objects known to be malevolent in the past they are at once categorized as suspicious.

Parental control is at its fullest, with the possibility for parents to block unwanted sites and describe the times in which their children will most likely to be surfing.

Applications are prevented from accessing private data by isolating them in a safe environment sandbox.

Tools are provided to delete temporary files and cookies, to make a rescue disk and to diminish any traces of user activity.

Even though key loggers are blocked when it comes to entering passwords and user names the firewall has a virtual keyboard thus making sure that the information is safe.

3. Online Armor Premium

Model: Online Armor Premium 4.0.0.44

Manufacturer: Tall Emu Pty Ltd (Sydney, Australia)

Features

Online Armor Premium detects all sorts of worms and Trojan horses that trick its way into the computer, by using data leaking( Here data seeps out of the firewall, therefore the hackers can exploit the permission rules used by known applications). If information about the permission rules is exposed then hackers can gain access to the network without the firewall knowing of its presence.

Firewalls are tricked by hackers in other ways too such as, entering a foreign piece of code or DDL (dynamic-link library) on to the address space of the firewall, so the firewall does not suspect that its being corrupted. Online Armor Premium also has the capability of preventing such attacks.

Another way that a firewall can be fooled by un-trusted applications is by using an interface utilized by a trusted application and run it to secretly leak out important information out into the internet. This is also prevented by Online Armor Premium. It has additional capacity to pass all leak tests.

Online Armor Premium is also vigilant against things such as spy tests which utilize packet sniffers and key loggers. Some malicious items survive the rebooting process of the system and goes on to infect the computer, and some other applications which threaten the system by allocating system privileges to them.

Sometimes malicious items try to change the user's browser homepage the firewall alerts the user every time this happens. And also is vigilant against different types of key loggers and phishing emails.

The firewall has a black list and good list and judge's item according to it. If it's suspicious of anything it lets a user make the call.

Choice of firewall

Considering all the three firewalls, the most unique and effective firewall is the Kaspersky internet Security. The reasons behind the decision are;

It's more focused on the security of a network than the other two. Since our main objective is to provide protection to network, this suits the task well.

When it comes to a network at a school, children are more prone to use the internet too. Since Kaspersky internet security is capable of giving full parental control, the network administrator will find it easy to block unwanted sites.

Emails, Trojans, worms and every other malicious item is detected and removed by the firewall and its inbuilt virus guard so the network can't be harmed by them.

The database is regularly updated so the network is protected against the newest types if viruses available.

Task 4

Task 4 - 30 Marks

Create a set of Acceptable Use Policies specially customized for your organization for each of the following:

Accessing the WWW (10 marks)

Instant Messengers and chat room (10 marks)

Email Usage policy (10 marks)

Each of these documents should provide a set of guidelines for users which will minimize any associated security threats.

User policies

Policies are a set of guidelines implemented in an organization, to control the use of the company's resources in a proper way. Policies should be followed by users in order to prevent damage to the company and the user. All polices should be understandable and clear to the user. Described below are some ways in which policies should be implemented in an organization.

Accessing the internet

Precautions

Policies should be applied to an organization when accessing the internet to prevent the misuse of resources.

The use and protection of company user names and passwords are vital.

The use of a properly updated antivirus and firewall is essential.

Personal information should most definitely not be given to anyone over the internet.

Downloading unwanted files should be prohibited, as they may contain viruses and other hacking software.

Sticking to sites approved by the organization is necessary. Thus using the internet for only company approved work is vital.

Installing of unauthorized software is prohibited

The following policies when implemented in an organization can do the following:

By scanning and downloading attachments the induction of viruses to the system is reduced.

Using antivirus guards and firewalls should reduce still the induction of viruses to the system and unwanted people too.

By not giving any personal information over the web or not giving you username and password to anyone hackers and crackers can be reduced.

By not installing unauthorized software, the induction of viruses to the system can be reduced.

E-mail usage policy

Precautions

Use the email facility for only company related purposes.

Strong and hard to crack user names and passwords must be used.

Breaching security standards of the email system is prohibited.

Always scan and download any attachments

Unauthorized access to data on any email system, is prohibited

Don't open spam emails unless your 100% sure that it is from a secure source

Log off from your email account without failure when your leaving.

By following the above stated precautions in an organization one can prevent:

Any unauthorized personnel form accessing company information.

Hackers and crackers will find it hard to hack into the system.

Viruses can be prevented form getting into the system.

By deleting unwanted emails and such, time spent on finding your needed emails from junk is reduced.

Chat room policy

Precautions

Accepting and adding contacts form unknown people is banned and blocking unwanted contacts is safe

The use of company Instant Messaging service is only for business purposes, no personal use of the services is permitted and is safe.

Delete all the messages when your done reading and responding to them to save time.

Never join unknown chat rooms

Never share personal details over chat rooms

Never give away user names or passwords through the chat room

Log-off without failure when done

The above procedures when followed can prevent the following

If you receive messages from unknown people do not read them, this reduces the viruses that can get in and block unwanted and don't add unknown contacts so as to reduce the unknown messages.

By deleting old messages time can be saved in order to find the latest messages and space can be saved.

If the user does not join unknown chat rooms, it will help to reduce the virus threat.

Don't share personal details of yourself like user names, passwords or any company information through the web this reduces the possibility of threats to the company and yourself

When done, log-off, otherwise if you keep the account logged-on, any intruder with bad intentions can do harmful things while you are not at the PC.

Use only company approved websites, prevents lot if trouble.

Task 5

Task 5 - 15 Marks

Microsoft IPSec Diagnostic Tool assists Network administrators with troubleshooting network related failures, Download the utility from www.microsoft.com.

Run this diagnostic tool under the supervision of your tutor. Using this tool collect and report IPSec policy information on the system, trace collection for VPN, NAP client, Windows Firewall, Group policy updates, Wireless and System events, specific to your network. Your work needs to be evidenced by Screen shots. (15 marks)

Introduction

IPSec Diagnostic tool can be used to check for common problems on a network. When problems are found, the tool suggests appropriate repair commands. The tool also collects IPsec policy information on the computer, and it parses the IPsec logs to determine the reasons for network failures. Additionally, you can use this tool for collecting traces of VPN connections and for collecting information about NAT clients, about Windows Firewall configuration, about Group Policy updates, about Wireless events, and about System events.

In the window shown below are the two functionalities of IPsec diagnostic tool can be seen, which is the local mode and the remote mode.

Local mode: This tool requires it to be run on the computer system under examination, and this also can be used to perform live trouble shooting. Information necessary to diagnose network issues can be collected by this. Then the CAB file contains all the logs and data which were collected.

Remote mode: this facility offers failure diagnosis by using IPSec logs. Here the tool parses IKE(Windows Vista), Oakley(Windows XP, Windows Server 2003) logs Netsh and IPSec logs and also the output of the IPSec dump. And also another advantage is that this allows the diagnosis to run on a machine other than the one under investigation. One of the other inputs to this is the IP address of the machine( which is remote) in which the connectivity has failed.

The user interface

The diagnosis started when the button "start diagnosis" is pressed.

The diagnosis is in progress.

The diagnosis is in progress

The diagnosis is complete

The generated report

Thank you

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.