Security Vulnerabilities In A Company Computer System Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

"Business need to connect remote-site branch offices to their corporate headquarters, provide security enhanced Internet access from branch offices, and utilize minimum bandwidth more efficiently"[Microsoft,2010].

Plantain Building Company (PBC) is a national house building company which is divided into several other regional offices among which one of them is the regional office located in Cardiff whose manager is Theo Barratt. Plantain Building Company (PBC) is the company that buys land which is available for residential development, applies for planning permission, builds new houses on the lands and sells them to the general public. In the Cardiff regional office it comprises of 27 desktops and printers that are 2years old running with Windows XP operating system, MS Office and some licensed packages including anti-virus which is maintained by local computer company on the contract basis. All the users have the same user name and password given to log on into any system. But the manager has been given the different user name and password as he accesses the financial information held in the Head Office. Also there is no firewall to the server as the internet connection is limited and most of the communication is done via telephone. Mostly this computer system is used for the administrative purposes like storing the data regarding the existing land availability. The important database is backed up in the disk and is kept in the office supplies store room.

This company consist of Land manager, Project manager among which project manager plays the major role. The Project manager has the responsibility of differing geographical areas and is responsible for the development and completion of house building sites. He has to access plans and the building specification of the houses that the company builds. The Project manager accesses the computer system for the main House Types database which actually is held in the Head Office but a copy of it will be in the computer system that is accessed by him. But occasionally the Head Office sends a copy of the new House Types database which will be later copied into the computer system by the administrator. The Land Manager buys the land when it is available and he is responsible for maintaining the bank of available land on the computer system. He uses the computer system to access the Land database that he uses to maintain his Land records.

The task for this case study is to prepare a report for Theo Barratt to present it to the Financial Directors of the Plantain Building Company to justify that the expenditure needed to secure the computer system in Cardiff is necessary. Theo Barratt has little interest and knowledge in IT so he likes to be given simple, cost effective solutions that will not cause significant changes to existing work practice.

The agenda for the financers which are to be fulfilled for maintaining the security of the branch are discussed below.

Current computer system operations:

In the regional office of Cardiff there are 27 computers with printers that are bought from a local company which is maintained by them under the maintenance contract among which most of them are two years old and are used purely for the administrative tasks. There are almost 27 computers with printers which are running with Windows XP operating system, MS office and some other licensed packages including anti-virus. All the systems are networked to the server and this server doesn't have a firewall as there is limited internet access. Out of the 27 desktops only some have the internet access though individually everyone is allotted with each system. The entire users log on to the computer with the same user id and password as everyone is provided with the same user id and password to login but Theo Barratt has a different user id and password as he accesses financial information held in Head Office.

The computer system is mainly used for the administrative purposes. The computer system does have a network link to the Head Office computer system with which various financial statements are compiled and submitted using the computer network. Mostly, computer system is used to store data regarding the availability of the land and also store the details of various house building sites and their development status. Specifically for calculating materials requirements, CAD drawing and available house types we make use of various packages.

The Project Manager accesses the computer system for the main house data types which is held in the head office but a copy of it will be in the computer system that will be accessed by him. The administrator copies the House Types database in the computer system which will be occasionally sent by the Head Office. The Land Manager uses to computer system for maintain the bank of the available land i.e. he uses the computer system to access the land database that he uses for maintaining the land records.

Security Vulnerabilities:

In the current case study, the security vulnerabilities that are associated with it is

Anti-Virus for all the PC'S.

Same email id for all the users.

No Firewall allotted to the server.

Same user name and password for all the pc.

The above issues can be described as follows:

Anti-Virus for all the PC's:

Anti-virus is used to secure the system. It saves the computer from virus. If there is no Anti-Virus the data may get lost due to the viruses that may affect it. When we consider finances which are of prime importance then we can't make use of it by providing each pc with a specific anti-virus which will increase the budget drastically.

Same email id for all the users:

Providing with the same email id would be difficult for any of the user to access that at a time. There is only one email address so if one user has already logged in into it then the other when tries to login would lead to connection errors.

No Firewall allotted to the server:

A firewall is a guard which helps to protect the computers against the attacks caused from various external agents. A firewall is connected to a network to secure the transmission of data. So, if there is no firewall connected then to secure the transmission of data in a network doesn't take place.

Same user name and password for all the PC's:

Having the same user name and password to all the system is vulnerable. We cannot access the share folder remotely even if the permission is granted for everyone. When you try to share the folder the error you get is 'not accessible, you might not been having the permission to use this network resource'.

Proposals for Addressing Security Issues:

The following are the proposals for addressing security issues:

New Anti-Virus for the server.

Different user name and password for all the pc.

Provide firewall to the server.

Password should be change after each user changes or after every month to reduce the Trojan attacks.

Maintenance of servers after each month.

Automated back-up programme after each day at particular time.

Access the company's network from home

The above proposals can be described as:

New Anti-Virus for the server:

Providing Anti-Virus to the server is better than providing anti-virus to all the pc's:

This reduces the finances as it is of prime importance. There are many Anti-Viruses used for the servers. Some of the Anti-Viruses are Bit-Defender, Kaspersky, etc. We are providing Anti-Virus to the server such that the server scans all the pc's in a network and rejects connection if infection is there.

Different user name and password to all the PC's:

Basically when the PC is used for the general administrative purpose having the same user name and password login into the computer we cannot access the share folder. So, if we provide with the different user name and password we can access the share folder.

Provide firewall to the server:

A firewall protects the computer from the attacks caused from various external agents and also used to secure the transmission of data. It acts as a wall between the Local Area Network and Wide Area Network. It is a part of the network or the computer system which is designed to permit the authorized communication and block the unauthorized communication. It can be implemented in the combination of both hardware and software. It prevents the unauthorized internet users from accessing the private networks. It checks each and every message and blocks the message that does not meet the specified criteria [Wikipedia, 2010].

Password should be changed after each user changes or changed after every each month to reduce the Trojan virus. This keeps the computer system as well as the network save especially from the Trojan virus. Once if the Trojan virus enters into the network or the computer system, some of the important data might be lost.

Maintenance of Servers after each month:

Maintaining the server always makes the network as well as the computer system secure. One of the advantages of it is, there is very less chances of any virus entering into the network or the computer system.

Automated backup program:

Automated backup programmes that are used to create local backups purely simplifies administrative task. The main advantage of this Automatic backup program is that we need not spend the time in manually taking the backup of the organization. This eliminates the daily pressure of the administrator of backing up the data manually and the time saved here can be used in some other responsibility. It is necessary to take a backup of the important database. Mostly all the data used by the land manager or the project manager saves it in the pc. So if at all there might be any problem with the network or any problem with the PC or any virus has attacked it then the data will be lost which would be difficult to get back [techrepublic,2010].

Access Company's Network from Home:

We can access the company's network from home by allowing the user to access VPN through net by particular id and password. VPN (Virtual Private Network) is a private network in which only the intended recipient has access.


By considering the points specified above we can say that the company is in need for upgrading the current computer operations and hence will be happy if you allocate it as soon as possible. Keeping in mind the above specified points we can say that the finances are to be given to the branch office for security purpose. We can design the same structure as previously present but with some restrictions for access of each user to all databases. Hence, making it more user friendly. By following the above specified points we can decrease the work load present on the administrator drastically thereby increasing his efficiency of work. We can also say that instead of putting forth so many changes to the current systems we can use the current mode of operations just by granting few permissions and hence restricting the access of all users. Thereby, decreasing the chances of data being taken away from the company premises.