Network Security. Task 1 Security Measures

Size: px
Start display at page:

Download "Network Security. Task 1 Security Measures"

Transcription

1 Task 1 Security Measures Connecting your computer to a network, particularly the Internet, can put your computer and your data at risk. It is important, therefore, that you take some steps to secure your system and files. There are three main ways of securing your computer system and its data. You can protect it with physical security, by implementing password protection and by assigning different levels of access to different users and groups. Physical security is a security mechanism based on hardware components, e.g., door locks, camera or a pass card reader, or personnel e.g. a security guard. These measures provide physical protection of resources against deliberate and accidental threats. The most common method of data access security is password protection. A password may be required to start a machine, to log on to a network, to run particular programs or to access individual folders or files. Passwords are not foolproof, however. There are several basic rules that apply to use of passwords, aimed at ensuring that unauthorised users cannot discover them. Passwords should not be written down or shared with others; they should be changed regularly; they should be a reasonable length around 8 characters and not obvious; they should be a mix of lower and upper case letters, numbers and symbols; and the system must restrict the number of times an incorrect password can be entered. Finally, you can further protect data on a computer system by applying different levels of access rights to different users or groups of users. You can offer no access to your personal folders or files, other files may be set to read only for viewing files or public files can have read/write or full access (which also allows the deletion of files or folders) to allow collaborative work. Questions 1. Should network administrators be able to find out individuals passwords? 2. State two examples of bad passwords and describe why they are unsuitable. 3. State two examples of good passwords and describe why they are suitable. 4. Describe types of physical security you may have seen in films or on television. 5. Which type of access do pupils have to the Central Resource Library? 6. Which type of access do you have to your My Documents folder? 7. Which type of access does your teacher have to your My Documents folder? 8. Which type of access does your teacher have to the Central Resource Library? Page 1

2 Task 2 Encryption Encryption is the transformation of data into a form unreadable by anyone without a secret decryption key. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it was not intended, including those who can see the encrypted data. Encryption may be used to make stored data private or to allow a non-secure communications channel to serve as a private communications channel. A cryptographic system uses two keys - a public key known to everyone and a private key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them and it is virtually impossible to deduce the private key if you know the public key. Public-key systems, such as Pretty Good Privacy (PGP), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use. The only difficulty with public-key systems is that you need to know the recipient's public key to encrypt a message for him or her. Of course, it is possible to decrypt data by brute force, trying out every possible key until you get readable text. This however takes huge amounts of time depending upon the size of the key. The idea of a super computer designed to decrypt data is described in Dan Brown s novel, The Digital Fortress. Task To encrypt data, you must perform an operation on these binary codes. For example you might perform a logical XOR operation with a key. 0 XOR 0 = 0, 1 XOR 0 = 1, 0 XOR 1 = 1 1 XOR 1 = 0 E.g. FRED = XOR each character using a key, e.g = FRED XOR = EQFG To decrypt the data you must know the key and perform the same operation. If you try with another key the data will be garbled. Using ASCII codes, encode a four letter word using an 8 bit encryption key. Attempt to decrypt a classmates code. Page 2

3 Task 3 Security Requirements and Threats There are certain requirements of any network when transmitting data: Confidentiality user to user communication must be secure from unauthorised users viewing or accessing the data. Data Integrity data must be received without any changes being made to the data. Mathematical checks can be carried out to ensure that the binary data is not altered during its transmission. Availability the network must be reliable so that when users wish to make use of any network service, it is available. There are two main types of security threat when connected to a network. Passive threats where data transmissions are covertly monitored without a users knowledge and then using information without authorisation. Active threats when the data transmission is modified or a false stream is created. Questions 1. Describe a situation where the confidentiality of data is essential. 2. Describe a situation where the integrity of data is essential. 3. Describe a situation where the availability of a network is essential. 4. Describe a situation where a data stream could be under threat from a passive attack. 5. Describe a situation where a data stream could be under threat from an active attack. Page 3

4 Task 4 Denial of Service (DoS) Attacks In recent months there have been a series of news stories about criminals attempting to blackmail large companies by threatening to launch a Denial of Service attack on their website. The cost to a large e-commerce site of losing one day of trading can run into the hundreds of thousands of pounds as well as damaging their reputation and credibility. There is also the expense of restoring the server to full working order and securing it from further DoS attacks. In a DoS attack, you flood an Internet server with such a volume of traffic in a short time that it simply cannot cope and stops accepting requests for data. Typically, this would be a company s web or server and in severe cases can force the server to completely cease operating. DoS attacks can also be used as a weapon against spammers, software pirates and other cyber criminals. Controversially, the search engine Lycos made available a screensaver which, when installed on a users machine, launched a distributed DoS attack on servers which persistently send junk or spam s. Examples of denial of services are: Winnuke, Teardrop, Land, Nestea, Fraggle, Ping of Death, SYN flood, IP spoofing and Smurf attacks Task Investigate either one of the DoS examples named above or an example of a DoS attack against a large company. Prepare a presentation about your findings. Questions 1. Why would Amazon be wary of DoS attacks? 2. If no data is changed or deleted and if no viruses are released, could anyone conducting a DoS attack be charged under the Computer Misuse Act? 3. Do you agree with Lycos and their use of a DoS attack against spammers? Explain your decision. 4. How can cyber criminals make money through DoS attacks? 5. A mirror site is an exact replica of an Internet server. How can a mirror site help protect against. 6. What is meant by spoofing? 7. What is meant, therefore, by IP spoofing? Page 4

5 Task 5 Content Filtering Almost everyone with any experience or knowledge of the Internet will be aware of the volume of inappropriate and undesirable content on the World Wide Web. However there also exists a wealth of useful, educational and enjoyable content which you should be able to access easily. It is possible to by software programs which filter the content that can be viewed on a web browser. It screens out data by checking, for example, URLs or key words and blocking undesirable, dangerous or inappropriate Internet content. For home use the software can be installed on a single machine or organizations can block content at the server level. An alternative to trying to block the huge number of inappropriate sites is to create a walled garden. This is a sub-section of the Internet where users can only view a limited number of approved sites and all other content is blocked. While this ensures all content is suitable for the audience it does restrict the value of being able to actively research and exploit the huge number of valuable sites on the Internet. Task Search the web for information on either CyberSitter, NetNanny, CyberPatrol or similar. Write a short paragraph describing the product, how it works, how much it costs and how it can be customised to protect web users from being exposed to inappropriate content. Questions 1. In content filtering software, what are whitelists and blacklists? 2. Are there any drawbacks to installing and using content filtering software? 3. Why is content filtering important in educational settings? 4. Why is content filtering important in business settings? 5. What facilities are already available in Windows XP to filter Internet content? Page 5

6 Task 6 - Firewalls A firewall is a device that connects a local area network to the outside world and shields the network from unauthorised users. A firewall protects your network from unwanted Internet traffic by letting good traffic pass through while bad traffic gets blocked. When installed, a firewall exists between your computer(s) and the Internet. The firewall lets you request web pages, download files, chat, etc. while making sure other people on the internet can not access services on your computer like file or print sharing. Some firewalls are pieces of software that run on your computer. Other firewalls are built into hardware and protect your whole network from attacks. Software firewalls are programs that run on your computer and nestle themselves between your network card software drivers and your operating system. They intercept attacks before your operating system can even acknowledge them. Everyone connected to the Internet should be running some sort of firewall. Programs can be downloaded on the Internet that can scan huge ranges of IP address for vulnerabilities like file sharing services and exploit or harm your computer. Any kind of firewall will keep you safe from these types of attacks. Task Identify one software firewall and write a paragraph outlining the cost and main features of the program. Identify one hardware firewall and write a paragraph outlining the cost and main features of the device. Page 6

7 Task 7 Network Failure From your previous study, you should be aware of the main topologies: star, ring, bus and mesh. Each topology can fail if there is a problem with one of the nodes, the cabling linking the nodes or the software running on the nodes. Different topologies, however, react to these failures in different ways. Copy and complete the following table or amend your table from the previous module, describing the effect of node, channel and software failure in different topologies. Topology Node Failure Channel Failure Software Failure Star Ring Bus Mesh Page 7

8 Task 8 Avoiding Network Failure In task 7, you saw that a network can fail if there is a problem with a computer system, its software or its cabling. It is important that you do your best to protect your system. You may do this by installing anti-virus software, using fault tolerant hardware, using a UPS or regularly maintaining your hardware. There are different types of virus: Viruses infect other files; Worms make copies of themselves; Trojans perform malicious actions but do not spread; Malware is an all-encompassing term that describes any malicious software program or file operating without the users explicit consent. Anti-virus software can perform a system scan to search for viruses or run permanently, scanning s and downloads to prevent your system from becoming infected. One of the most important components of a server is the hard disk. Since it contains the operating system, users files and all installed programs, any problem with the server hard disk can render the network unusable. To help prevent this, you may implement a Redundant Array of Independent (formerly Inexpensive) Disks, RAID. The basic idea behind RAID is to combine multiple small, inexpensive disk drives into an array to minimise the risk of data loss from hard drive failures. By mirroring data, i.e. having multiple copies on separate disks, you can reduce the dependence on a single hard disk. It is vitally important that any servers on your network are not shut down unexpectedly or incorrectly. To protect this from happening you may install an Uninterruptible Power Supply, UPS. This also regulates the voltage supply, protecting your hardware from voltage surges. Finally, a regular programme of maintenance should be undertaken. This may include such tasks as scanning and defragmenting disks, running a virus check and installing any updates or patches for operating systems or software programs. Also, when purchasing hardware you must consider the warranty options, for example is there a same day replacement service or a 24 hour hotline to help you deal with hardware problems? Task With your teacher s help, investigate which strategies are in place to avoid network failure in your school network. Prepare a presentation on this topic. State whether you feel the precautions are adequate and what additional measures, if any, you would add. Page 8

9 Task 9 Backup Strategies In a client server network, the server controls which users can log onto the network, which resources they may access and which files they may use. An effective backup strategy, therefore, is to have a backup server, often known as a mirror. With a backup server in place, mirroring exactly the contents of your main server, as soon as there is a problem with your main server the backup server can immediately replace it. This is not cost effective, however, since an expensive server might never be used. An alternative solution might therefore to only keep a mirror disk, an exact copy of the server s hard disk so that in the event of any disk failure the disks can be swapped over. This mirror disk must be synchronised at regular intervals to minimise data loss in the event of a disk failure. Large capacity hard disks are also expensive and so, for less critical information, a backup may be made onto magnetic tape. This is the cheapest form of backing storage but is not suitable for primary backing storage as it is a sequential medium rather than offering direct or random data access. Finally, when making duplicate copies or backups, it is important that a backup schedule is in place to ensure that a minimum of data is lost in the event of a network failure. It is recommended that three generations of backup are kept, these are called the grandparent, parent and child file according to their age. Backups should be kept in a secure location, away from the server and away from each other. Questions 1. What is meant by sequential data access? 2. What is meant by random or direct data access? 3. Name a sequential access medium. 4. Name two direct access data medium. 5. Does your school network use a backup server, a mirror disk, magnetic tape backups or a combination of all three to ensure the security of data? 6. What advice would you give to a pupil working on an important essay at home? 7. Why should backups be kept in different locations? 8. If a backup server is such an expensive option, why would some networks use them? Page 9

10 Homework Exercise 1 1. Describe, with examples, three levels of access which can be set on a file. (3) 2. Describe two types of physical security. (2) 3. (a) What is meant by a key in relation to data encryption? (1) (b) Describe one disadvantage of data encryption. (1) 4. A school pupil wants to obtain information as part of a homework exercise. She finds a suitable file which can be downloaded but when she tries to download the file in school, she finds that the FTP access has been barred. (a) Why might FTP access be barred by the school? (1) (b) Which application on the school network has barred FTP access? (1) 5. Network users will be able to delete and save files to their home directory but may not be allowed to change other files which they would need to access. How could a network administrator implement this? (1) 6. Describe the threats to network security posed by the following people: (a) Pupils accessing the staff network (1) (b) Employees in a law firm (1) (c) Accountants working for a company (1) (d) Ex-employees of a company (1) 7. What is meant by data integrity? (1) TOTAL(15) Page 10

11 Homework Exercise 2 1. An online music store is worried about network security. (a) Why might it be worried about passive network threats? (1) (b) How could it ensure the confidentiality of data saved on its servers? (1) The store receives a threatening requesting payment of a large sum of money or else they will be subjected to a DoS attack. (c) What is meant by a DoS attack? (1) (d) Why would a DoS attack be damaging? Give two reasons. (2) 2. A school office has a local area network of desktop computers. Each office worker has arranged for one folder on their local hard disk to be shared so that other workers can copy files out of that folder. This allows workers to transfer files and messages between their computers. (a) (i) What name is given to this type of networking? (1) (ii) How can each worker ensure that only certain workers can access the shared folder on their computer? (1) (iii) How can they ensure that the other workers can only copy out of the folder and not into the folder? (1) (b) The school management have decided that it would be better to store all shared files on a central computer so that all office staff can access them from there. This was decided on the grounds of data security and data integrity. (i) What name is given to this type of networking? (1) (ii) Name one additional item of software and one additional item of hardware that would be required to implement this new system. (2) (c) For the type of network described in part (b): (i) (ii) Explain how this mode of networking provides data security and data integrity. (2) Describe an additional service which could be provided by this new networking mode and explain why it could not be provided before. (2) TOTAL(15) Page 11

12 Homework Exercise 3 1. A large insurance company makes extensive use of the Internet and . The company also has computer based networked information systems and its own intranet. Some of the company s staff have access to the entire network from home using a dial-up connection. (a) (b) (c) Suggest two reasons why access to the company s network is slower from home than it is from the office. (2) The IT manager is worried that the company s network might be broken into by unauthorised people. Describe two ways a firewall could prevent unauthorised access. (2) The dial-up server offers a callback facility. When an employee dials from home, the dial-up server checks their user name and password, terminates the connection and then re-establishes the link to the employee s home number. Give two reasons why this feature is used in addition to the firewall. (2) 2. A college is planning the installation of 200 new computer workstations. Unlike its original suite of computers, these will be networked. (a) Explain how the security of user files may be ensured in this network. (1) (b) Explain why a backup strategy is necessary for this network. (1) (c) Describe a suitable backup strategy, and explain how it could be implemented. (2) 3. Why would a UPS be an important part of any large network? (1) 4. Why is a firewall described as a two way security device? (1) 5. Which network topology is most resistant to network failure? Explain your answer. (1) 6. (a) Why is Internet filtering software desirable? (1) (b) How does this software work? (2) TOTAL(16) Page 12

Chapter 8: Security Measures Test your knowledge

Chapter 8: Security Measures Test your knowledge Security Equipment Chapter 8: Security Measures Test your knowledge 1. How does biometric security differ from using password security? Biometric security is the use of human physical characteristics (such

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003 Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan LAW OFFICE SECURITY for Small Firms and Sole Practitioners Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan 1. Introduction CONTENTS 2. Security Consciousness Having a Firm Security

More information

Chapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy

Chapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy Chapter 12 Objectives Chapter 12 Computers and Society: and Privacy p. 12.2 Identify the various types of security risks that can threaten computers Recognize how a computer virus works and take the necessary

More information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

CloudDesk - Security in the Cloud INFORMATION

CloudDesk - Security in the Cloud INFORMATION CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES

More information

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup

More information

E Safety Policy. 6 th March 2013. Annually. 26 th February 2014

E Safety Policy. 6 th March 2013. Annually. 26 th February 2014 E Safety Policy This e safety policy was approved by the Governing Body on: The implementation of this e safety policy will be monitored by: Monitoring will take place at regular intervals: Reporting to

More information

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web.

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web. Topic 8 Database Security LEARNING OUTCOMES When you have completed this Topic you should be able to: 1. Discuss the important of database security to an organisation. 2. Identify the types of threat that

More information

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly

More information

NETWORK AND INTERNET SECURITY POLICY STATEMENT

NETWORK AND INTERNET SECURITY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

More information

Storing and securing your data

Storing and securing your data Storing and securing your data Research Data Management Support Services UK Data Service University of Essex April 2014 Overview Looking after research data for the longer-term and protecting them from

More information

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent

More information

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere. Benefits & Features CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere. What can I do with Internet Banking? You can inquire

More information

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0 BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

PEER-TO-PEER NETWORK

PEER-TO-PEER NETWORK PEER-TO-PEER NETWORK February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach 100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...

More information

Storage, backup, transfer, encryption of data

Storage, backup, transfer, encryption of data Storage, backup, transfer, encryption of data Veerle Van den Eynden UK Data Archive Looking after your research data: practical data management for research projects 5 May 2015 Overview Looking after research

More information

Threat Events: Software Attacks (cont.)

Threat Events: Software Attacks (cont.) ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to

More information

Computer Security Maintenance Information and Self-Check Activities

Computer Security Maintenance Information and Self-Check Activities Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.

More information

Acceptable Usage Policy

Acceptable Usage Policy Acceptable Usage Policy Anittel Document Version 1.0 27 March 2015 anittel.com.au 1300 10 11 12 IT Support Services Telecommunications Internet & Data Cloud Services Hardware & Software Contents INTRODUCTION...

More information

Seminar Computer Security

Seminar Computer Security Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

More information

WEB ATTACKS AND COUNTERMEASURES

WEB ATTACKS AND COUNTERMEASURES WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

Acceptable Usage Policy

Acceptable Usage Policy Version 2.1 20141230 Acceptable Usage Policy Acceptable Usage Policy Contents 1. PURPOSE OF THIS POLICY... 2 2. GENERAL... 2 3. APPLICATION... 2 4. UNREASONABLE USE... 2 5. UNACCEPTABLE USE... 3 6. SPAM...

More information

How to stay safe online

How to stay safe online How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

Email Security: A Holistic Approach for SMB. 041: Email Security. Insight White Paper

Email Security: A Holistic Approach for SMB. 041: Email Security. Insight White Paper Implementing the latest anti-virus software and security protection systems can prevent many internal and external threats. But these security solutions have to be updated regularly to keep up with new

More information

Computers and Society: Security and Privacy

Computers and Society: Security and Privacy 1 Chapter 12 Computers and Society: Security and Privacy 2 Chapter 12 Objectives 3 Computer Security: Risks and Safeguards What is a computer security risk? 4 Computer Security: Risks and Safeguards 1

More information

E-BUSINESS THREATS AND SOLUTIONS

E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were

More information

How Do People Use Security in the Home

How Do People Use Security in the Home How Do People Use Security in the Home Kaarlo Lahtela Helsinki University of Technology Kaarlo.Lahtela@hut.fi Abstract This paper investigates home security. How much people know about security and how

More information

HIPAA Security Training Manual

HIPAA Security Training Manual HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,

More information

Acceptable Usage Policy

Acceptable Usage Policy Contents 1. INTRODUCTION... 2 2. PURPOSE... 2 3. APPLICATION... 2 4. YOUR OBLIGATIONS AND PROHIBITED USE... 2 5. SPAM... 3 6. EXCESSIVE USE... 3 7. SECURITY... 4 8. COPYRIGHT... 4 9. CONTENT... 4 10. REGULARTORY

More information

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans

More information

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

More information

Email Management and Security Good Practice Guide. August 2009

Email Management and Security Good Practice Guide. August 2009 Email Management and Security Good Practice Guide August 2009 contents 1 Introduction to Good Practice Guides 3 2 Email Management and Security Overview 3 2.1 Understanding Good and Better Practice 4 3

More information

Network and Workstation Acceptable Use Policy

Network and Workstation Acceptable Use Policy CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

Stable and Secure Network Infrastructure Benchmarks

Stable and Secure Network Infrastructure Benchmarks Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day

More information

Protect your personal data while engaging in IT related activities

Protect your personal data while engaging in IT related activities Protect your personal data while engaging in IT related activities Personal Data (Privacy) Ordinance Six Data Protection Principles Principle 1 purpose and manner of collection of personal data Collection

More information

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF

More information

Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos

Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos David Watterson & Ross Cavazos Chief Information Officer IT Director City of Billings Yellowstone County Local Government IT Group Vice-Chairmen Classic Battle of Good vs Evil GOOD EVIL Firewall E-Mail

More information

Countermeasures against Bots

Countermeasures against Bots Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer

More information

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

More information

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

PROTECT YOUR COMPUTER AND YOUR PRIVACY! PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Data Handling in University Information Classification and Handling Agenda Background People-Process-Technology

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

More information

Acceptable Use Policy Revision date: 26/08/2013

Acceptable Use Policy Revision date: 26/08/2013 Acceptable Use Policy Revision date: 26/08/2013 Acceptable usage Policy for all Services As a provider of web site hosting and other Internet-related services, Corgi Tech Limited offers its customer (also

More information

Using a Firewall General Configuration Guide

Using a Firewall General Configuration Guide Using a Firewall General Configuration Guide Page 1 1 Contents There are no satellite-specific configuration issues that need to be addressed when installing a firewall and so this document looks instead

More information

GiftWrap 4.0 Security FAQ

GiftWrap 4.0 Security FAQ GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels

More information

ACCEPTABLE USAGE PLOICY

ACCEPTABLE USAGE PLOICY ACCEPTABLE USAGE PLOICY Business Terms - February 2012 ACCEPTABLE USAGE POLICY Business Terms Version February 2012 Acceptable Usage Policy Feb12.Docx 1 Contents 1. INTRODUCTION... 3 2. PURPOSE... 3 3.

More information

2) applied methods and means of authorisation and procedures connected with their management and use;

2) applied methods and means of authorisation and procedures connected with their management and use; Guidelines on the way of developing the instruction specifying the method of managing the computer system used for personal data processing, with particular consideration of the information security requirements.

More information

Mountain Ash Comprehensive School Ysgol Gyfun Aberpennar. Network Security Policy

Mountain Ash Comprehensive School Ysgol Gyfun Aberpennar. Network Security Policy Mountain Ash Comprehensive School Ysgol Gyfun Aberpennar Network Security Policy Updated: September 2010 Next update: September 2013 Table of Contents: Supervised Use page 1 Privacy...page 1 User Access..page

More information

High Speed Internet - User Guide. Welcome to. your world.

High Speed Internet - User Guide. Welcome to. your world. High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

More information

SHORT MESSAGE SERVICE SECURITY

SHORT MESSAGE SERVICE SECURITY SHORT MESSAGE SERVICE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

October Is National Cyber Security Awareness Month!

October Is National Cyber Security Awareness Month! (0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html

More information

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

When you listen to the news, you hear about many different forms of computer infection(s). The most common are: Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,

More information

Data Security 2. Implement Network Controls

Data Security 2. Implement Network Controls UNIT 19 Data Security 2 STARTER Consider these examples of computer disasters. How could you prevent them or limit their effects? Compare answers within your group. 1 You open an email attachment which

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

1.0 Overview. 4.0 Policy 4.1 General Use and Ownership

1.0 Overview. 4.0 Policy 4.1 General Use and Ownership 1.0 Overview Keuka College provides access to modern information technology in support of its mission to promote excellence and achievement across its mission areas of instruction, research, and service.

More information

HoneyBOT User Guide A Windows based honeypot solution

HoneyBOT User Guide A Windows based honeypot solution HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Introduction to Computer Security Table of Contents

Introduction to Computer Security Table of Contents Introduction to Computer Security Table of Contents Introduction... 2 1 - Viruses... 3 Virus Scanners... 3 2 - Spyware... 7 Spyware Scanners... 8 3 - Firewalls... 10 Windows Firewall... 10 4 - References...

More information

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy 1. General Interoute reserves the right to modify the Acceptable Use Policy ( AUP ) from time to time. Changes to this Acceptable Use Policy will be notified to Customer in accordance

More information

COB 302 Management Information System (Lesson 8)

COB 302 Management Information System (Lesson 8) COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam

EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored

More information

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS? What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

More information

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15. NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

More information

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT

More information

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud Cloud Computing Chapter 10 Disaster Recovery and Business Continuity and the Cloud Learning Objectives Define and describe business continuity. Define and describe disaster recovery. Describe the benefits

More information

HAZELDENE LOWER SCHOOL

HAZELDENE LOWER SCHOOL HAZELDENE LOWER SCHOOL POLICY AND PROCEDURES FOR MONITORING EQUIPMENT AND APPROPRIATE ICT USE WRITTEN MARCH 2015 SIGNED HEADTEACHER SIGNED CHAIR OF GOVERNORS DATE.. DATE. TO BE REVIEWED SEPTEMBER 2016

More information

WLAN Security Networking with Confidence

WLAN Security Networking with Confidence WLAN Security Networking with Confidence Introduction So you ve just installed a new wireless local area network (WLAN) in your small business or home. The access point is on and connected, the client

More information

Secure Email Frequently Asked Questions

Secure Email Frequently Asked Questions Secure Email Frequently Asked Questions Frequently Asked Questions Contents General Secure Email Questions and Answers Forced TLS Questions and Answers SecureMail Questions and Answers Glossary Support

More information

HOW SAFE IS YOUR DATA??

HOW SAFE IS YOUR DATA?? HOW SAFE IS YOUR DATA?? MANAGER AAffordable Protection for Electronic Business Data MANAGER YOUR KEY TO... Peace of mind Data Security Off-Site Data Protection State of the art Virus Protection Professional

More information

Common Remote Service Platform (crsp) Security Concept

Common Remote Service Platform (crsp) Security Concept Siemens Remote Support Services Common Remote Service Platform (crsp) Security Concept White Paper April 2013 1 Contents Siemens AG, Sector Industry, Industry Automation, Automation Systems This entry

More information

Authorised Acceptable Use Policy 2015-2016. Groby Community College Achieving Excellence Together

Authorised Acceptable Use Policy 2015-2016. Groby Community College Achieving Excellence Together Groby Community College Achieving Excellence Together Authorised Acceptable Use Policy 2015-2016 Reviewed: Lee Shellard, ICT Manager: May 2015 Agreed: Leadership & Management Committee: May 2015 Next review:

More information

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3 CLEO ~Remote Access Services Remote Desktop Access User guide CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3 August 2007 page 1 of 16 CLEO 2007 CLEO Remote Access Services 3SGD

More information

Comprehensive Anti-Spam Service

Comprehensive Anti-Spam Service Comprehensive Anti-Spam Service Chapter 1: Document Scope This document describes how to implement and manage the Comprehensive Anti-Spam Service. This document contains the following sections: Comprehensive

More information