Assignment 4

Assignment 4


I have been asked to evaluate a network for the security threats and provide solutions. The network manager has provided me with the information on users. I have been asked to check:

·         Possible threats to the data stored in the system.
·         A list of potential security issues and breaches of the law you can identify
·         Poor practice and the effects these can have on the company.
·         Potential issues surrounding the loss of hardware and data, and also potential damage to the company.

.
The network manager informs you of the following details about the company at present:

  • 50 users
  • no log on to the network
  • internet (unrestricted access)
  • staff are ‘allowed’ to install and remove software
  • data is backed up once a month
  • data tapes are kept secure in a locked plastic box on top of the server
  • the company keeps records in a database on customers
This information includes:
    • purchases
    • account numbers
    • bank details
    • customer names and addresses
    • purchase history
    • All staff has access to the above database information.
    • Occasionally the manager has overheard staff discussing account details with other suppliers.
    • On more than one occasion he has heard staff providing address information to others over the
    • telephone.
  • Email is available to all.
  • IP address log is not kept of sites visited.
  • No firewall is in place.
  • No restrictions on internet access.
  • Downloads are not monitored
  • Entrance doors are not protected by keypad etc..





Possible treats that could be harming your computer:

50 users should have there own account and not be able to access all the information unless they need too for work reasons.

Internet access has to be restricted because there are websites out there made to cause harm to your computer as soon as you click on to it. They try to take your personal details and files on your computer.

Email is available to all. They should have a password on the emails that are important because if someone gets personal information the because the sender can sue the company if any of his person information get out to the public.

Data has to be backed up more than once a month. Back up the data once a day maybe even twice a day because if you forget to save or your hard drive is cleaned there is no way of getting your work back. Save your work onto a pen drive as well as the computer.

There has to be a log on to the network because if someone starts to mess around they could delete a lot of work and possible get in to the personal information.
Even if that does happen there will be no trice of who did it.

All staff has access to the information bellow
·         purchases
·         account numbers
·         bank details
·         customer names and addresses
·         purchase history

Al the staff should not have access to this information because people would only want one person to see all the details, not the whole company and for the people who need to access the database it needs to be password protected.

Downloads need to be notified because anyone in the company can download something without anyone knowing and it could be a serious danger to the database.

On more than one occasion he has heard staff providing address information to others over the telephone. People can not give out personal information about others what so ever, it is against the law. They can only give details to the person that owns the details only after they answer a security question.

Data Protection Act

During the second half of the 20th century, businesses, organisations and the government began using computers to store information about their customers, clients and staff in databases. For example:
  • names
  • addresses
  • contact information
  • employment history
  • medical conditions
  • convictions
  • credit history
Databases are easily accessed, searched and edited. It’s also far easier to cross reference information stored in two or more databases than if the records were paper-based. The computers on which databases resided were often networked. This allowed for organisation-wide access to databases and offered an easy way to share information with other organisations.


Types of computer misuse

Misuse of computers and communications systems comes in several forms:

Hacking

Hacking is where an unauthorised person uses a network, Internet or modem connection to gain access past security passwords or other security to see data stored on another computer. Hackers sometimes use software hacking tools and often target, for example, particular sites on the Internet.




Data misuse and unauthorised transfer or copying

Copying and illegal transfer of data is very quick and easy using online computers and large storage devices such as hard disks, memory sticks and DVDs. Personal data, company research and written work, such as novels and textbooks, cannot be copied without the copyright holder's permission.




Copying and distributing copyrighted software, music and film

This includes copying music and movies with computer equipment and distributing it on the Internet without the copyright holder's permission. This is a widespread misuse of both computers and the Internet that breaks copyright regulations.


Email and chat room abuses

Internet services such as chat rooms and email have been the subject of many well-publicised cases of impersonation and deception where people who are online pretend to have a different identity. Chat rooms have been used to spread rumours about well known personalities. A growing area of abuse of the Internet is email spam, where millions of emails are sent to advertise both legal and illegal products and services.


Identity and financial abuses

This topic includes misuse of stolen or fictional credit card numbers to obtain goods or services on the Internet, and use of computers in financial frauds. These can range from complex well thought out deceptions to simple uses such as printing counterfeit money with colour printers.

Viruses

Viruses are relatively simple programs written by people and designed to cause nuisance or damage to computers or their files.



Phishing
Phishing email messages are designed to steal your identity. They ask for personal data, or direct you to websites or phone numbers to call where they ask you to provide personal data. A few clues can help you spot fraudulent email messages or links within them.



Spam
The chances are that you have had emails offering you drugs without a prescription, or loans, or get-rich-quick schemes – sometimes cleverly disguised to look like personal email. This “spam” mail accounts for more than half of all the email sent worldwide, cluttering up inboxes and distracting users from more important messages.




Worm
Worms are similar to viruses but do not need a carrier program or document. Worms simply create exact copies of themselves and use communications between computers to spread. Many viruses, such as My Doom or Bagle, behave like worms and use email to forward themselves.




Spyware
Spyware refers to computer software, programs, that are installed, usually without the computer users knowledge and gather information about how the computer is being used and the websites the user visits.


Trojan
Trojan horses are programs that pretend to be legitimate software, but actually carry out hidden, harmful functions. Trojans cannot spread as fast as viruses because they do not make copies of themselves. However, they now often work hand-in-hand with viruses. Viruses may download



Identity theft
You work hard every day to make a living and support yourself and/or your family. What happens, though, when you find out that someone has used your name to get a credit card and has run up thousands of dollars in charges that you are now going to have to convince the credit card company that you are not responsible for? What if they opened bank accounts in your name, committed crimes using your name, or worse?!




Adware
Generically, adware is any software application in which advertising banners are displayed while the program is running. Adware has been criticized because it usually includes code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge.
                                                                                     


Viruses
A virus or worm is a computer program that can spread across computers and networks by making copies of itself, usually without the user’s knowledge. Viruses can have harmful effects. These can range from displaying irritating messages to stealing data or giving other users control over your computer.




Spoofing
Email spoofing is when the sender changes the name in an outgoing email so that it looks like the email came from somewhere or someone else. This practice is often used by spammers to stop people finding out who they are.

Subscribe to: Posts (Atom)