Computer Network Systems LO4 - Be able to make networked systems secure P1 describe the types of networks available and how they relate to particular network standards and protocols M1 compare the benefits and disadvantages of peer-to-peer network and client/server networks [IE3] P2 describe why different network standards and protocols are necessary P3 explain the key components required for client workstations to connect to a network and access network resources M2 design a networked solution to meet a particular situation with specific requirements [IE1, CT1] D1 justify the design and choice of components used in a particular networked solution [IE6] P4 explain the function of interconnection devices P5 describe typical services provided by networks D2 evaluate typical services available from a network operating system directory service. P6 make a networked system secure. M3 report on the business risks of insecure networks and how they can be minimised. Organisations have always depended on information to ensure success. Over the years, organisations have changed their information systems from dealing purely with data processing to strategic and decision support. Managers need information to plan successfully in the short, medium and long term. It is also recognised nowadays that information is required at all levels in an organisation and that information itself can have many sources all of which are prone to hacking, theft and deletion, internally and externally. The importance of valid information in gaining competitive advantage needs to be stressed, just as protecting that information is vital to a business success. Learners will gain an understanding of the ways in which data can be processed and the applications that support organisations. They will also be asked to evaluate the capacity of an information system to satisfy the needs of the user. P6 - Make a networked system secure. D2 - Evaluate the procedures organisations should take to secure their networks Before computers were networked, when a machine went down, that was one computer. It took time to repair it but business went on. With networks, the same happens but the user can move and business goes on. But when a network goes down through physical or software reasons, this can bring every machine down. “Network down time” can seriously impact on companies. For a school down time can mean some classes may be cancelled or find an alternative method, but for companies like Amazon, Play, E-bay etc, this can have a serious financial impact on the company. North American business lost £21billion in down time last year. Here In 2008 – Sainsbury’s ISP down time cost the company £1m in online transactions. Business confidence is one of the more integral parts of modern business and the loss of information, security breaches, down time, theft or hacking can have a serious impact on the confidence of customers. The more down time a company has, the less confidence customers have. Down time can cause a delay in the delivery of goods which is vital for Play so they might go to Amazon instead. Tesco’s internet down time can force customers to shop at Sainsbury’s online, and once a customer moves, supermarkets do all they can to grab that loyalty. Stolen credit card details from companies can be hugely expensive in terms of business confidence, just the idea that they security on the network was weak can cause suppliers to hold back, customers to shop elsewhere and the management to investigate. http://www.xiom.com/whidlist/Monetary%20Loss Network downtime, added security measures, and loss of confidence inevitably leads to the increased cost of goods in order to pay for the damage. Companies need to continuously pay for network upgrades to maintain what they have, need to learn from mistakes and attacks and take stronger preventative measures. When someone is burgled, house insurance goes up, they install a burglar alarm, it is the nature of theft. The Business World is the same. http://www.xiom.com/whidlist/Monetary%20Loss In addition to the loss of business and increased product costs, the loss of confidentiality can have an adverse impact on the performance of a business. Loss of customer details is not just bad for business but warrants an investigation by the Trading Standards Authority (TSA). Filing to protect information adequately is a breach of the Data Protection Act (DPA). Companies have to take all possible reasonable steps to protect customer information and any theft from customers from the theft of this information comes under the liability of the Company. There are different levels of confidentiality that need to be taken into consideration, theft of credit card details is not as problematic as theft of Hospital records for instance, medical and personal information can lead to a heavier fine and perhaps prosecution from the TSA, and companies who have been successfully prosecution by the TSA tend to lose even more confidence from their customers and trading partners. One of the stipulations of the DPA is that information should not be altered without the express permission of the person. The nature of hacking allows outside users to access this information for social or commercial gain, allowing them to alter the information, adapt it, steal it or delete it. Once hacked, once a virus gets through, once information has been stolen, this leaves the system vulnerable to further attacks. Back door keys, Trojans, false users and accounts, program installation, sleepers, these all allow further attacks. Word gets out in the hacker community and others try, this is called “vulnerability exploitation”. The integrity of a system is like an ego, once broken and it becomes vulnerable. Managers see this as a network problem and blame the network manager causing conflict. The cost of the breach is weighed up against the cost of repair. Worse case scenario is that the breach is done by a malicious hacker intent on damaging the network, deleting files, folders, server information, the OS, the protected files etc. This is called a “Fire Sale”. The loss of confidence from suppliers and others see this as a serious business weakness and can kill a company. The most common method of protecting information on a Network of by settling passwords on everything, in logging in, on access rights, on email systems, on the VLE, on the Intranet, on drive letters etc. Your network password is the one thing that keeps an impostor from logging on to the network by using your username and therefore receiving the same access rights that you ordinarily have. Rules exist such as: Don’t use obvious passwords, such as your last name, your kid’s name, or your dog’s name. Don’t pick passwords based on your hobbies. Store your password in your head — not on paper. Especially bad: Writing down your password on a sticky note and sticking it on your computer’s monitor. Most network operating systems enable you to set an expiration time for passwords. For example, you can specify that passwords expire after 30 days. When a user’s password expires, the user must change it. Your users may consider this process a hassle, but it helps to limit the risk of someone swiping a password and then trying to break into your computer system later. You can also configure user accounts so that when they change passwords, they can’t specify a password that they’ve used recently. For example, you can specify that the new password can’t be identical to any of the user’s past three passwords. You can also configure security policies so that passwords must include a mixture of uppercase letters, lowercase letters, numerals, and special symbols. Thus, passwords like DIMWIT or DUFUS are out. Passwords like 87dIM@wit or duF39&US are in. P6.1 – Task 01 – Using the headings below, State why Passwords are essential to Network systems with examples of the risks and give examples of strong and weak passwords. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity Authorisation permissions - User rights control what a user can do on a network-wide basis. Permissions enable you to fine-tune your network security by controlling access to specific network resources, such as files or printers, for individual users or groups. For example, you can set up permissions to allow users into the accounting department to access files in the server’s \ACCTG directory. Permissions can also enable some users to read certain files but not modify or delete them. Setting permission rights will restrict non-essential staff from looking at or using information. Access Control lists - Access control rights limit the user from damaging, modifying or accessing a file beyond their access levels. It restricts the file rights to whatever the network manager sets and can be done in whole groups like Students or a Class like Languages. Setting these rights protects files. P6.2 – Task 02 – Using the headings below, State the policy of Access Control Lists and Permission Rights on files, folders and programs and state the need to secure these right within a school environment. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity Having data backed up is the cornerstone of any disaster recovery plan. Without backups, a simple hard drive failure can set your company back days or even weeks. In fact, without backups, your company’s very existence is in jeopardy. For schools this is a legality and three backups are necessary, nightly, weekly and off site copy. The main goal of backups is simple: Keep a spare copy of your network’s critical data so that, no matter what happens, you never lose more than one day’s work. The easiest way to do this is to make a copy of your files every day. If that’s not possible, techniques are available to ensure that every file on the network has a backup copy that’s no more than one day old. The goal of disaster planning is to make sure that your company can resume operations shortly after a disaster occurs, such as a fire, earthquake, or any other imaginable calamity. Backups are a key component of any disaster recovery plan, but disaster planning entails much more. The most common media for making backup copies of network data is tape. Depending on the make and model of the tape drive, you can copy as much as 80GB of data onto a single tape cartridge. All versions of Windows come with a built-in backup program. In addition, most tape drives come with backup programs that are often faster or more flexible than the standard Windows backup. You can also purchase sophisticated backup programs that are specially designed for large networks. Normal backups - A normal backup, also called a full backup, is the most basic type of backup. In a normal backup, all files in the backup selection are backed up — regardless of whether the archive bit has been set. As each file is backed up, its archive bit is reset, so backups that select files based on the archive bit setting won’t back up the files. Copy backups - A copy backup is similar to a normal backup, except that the archive bit is not reset as each file is copied. As a result, copy backups don’t disrupt the cycle of normal and incremental or differential backups. Daily backups - A daily backup backs up just those files that have been changed the same day that the backup is performed. A daily backup examines the modification date for each file to determine whether a file should be backed up. Daily backups don’t reset the archive bit. Incremental backups - An incremental backup backs up only those files that you’ve modified since the last time you did a backup. Incremental backups are a lot faster than full backups because your network users probably modify only a small portion of the files on the server in any given day. As a result, if a full backup takes three tapes, you can probably fit an entire week’s worth of incremental backups on a single tape. Differential backups - A differential backup is similar to an incremental backup, except that it doesn’t reset the archive bit as files are backed up. As a result, each differential backup represents the difference between the last normal backup and the current state of the hard drive. To do a full restore from a differential backup, you first restore the last normal backup, and then you restore the most recent differential backup. If you simply copy your files as a form of backing up, then restoring those files is no problem. You can overwrite current files with the backups, or you can copy files to a new hard disk, for example. If you use a backup program to create backups, you need to restore the backup to get your files back in working order. You cannot simply copy the backups to a new hard disk; you must run a restore. You should test your backups periodically to make sure that they’re going to work. You don’t want to take the time and trouble to back up, only to find that the backup is worthless when you really need it. Following are some guidelines for restoring your backups. Before you start to restore your backups, write-protect the media so that you don’t accidentally overwrite it. Write-protect means to disable the tape or disc from recording new data over the old. Different media use different write-protect methods; see the instructions that come with the media. If you have a hard disk failure, you need to reinstall the operating system and your applications on a new hard disk. Then you need to install the backup software before you restore your backup of files. Always restore your last full backup first. Then restore incremental or differential backups in order, from the earliest to the latest. After you restore your data, hold on to the backup media for a few days to make sure that everything is working, just in case you need to go back to the backup. P6.3 – Task 03 – Using the headings below, describe the importance and method of restoring files on a network and give examples related to your Client of the need to generate a Policy of Recovery. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity Encryption refers to the process of translating plain text information into a secret code so that unauthorized users can’t read the data. Encryption isn’t new. Secret agents have long used codebooks to encode messages, and breaking the code has always been one of the top priorities of counter-intelligence. Both Windows 2000 Server and Windows Server 2003 have a feature called Encrypted File System, or EFS for short, that lets you save data on disk in an encrypted form. This prevents others from reading your data even if they manage to get their hands on your files. Encryption is especially useful in environments where the server can’t be physically secured. If a thief can steal the server computer (or just its hard drive), he or she may be able to crack through the Windows security features and gain access to the data on the hard drive by using low-level disk diagnostic tools. If the files are stored in encrypted form, however, the thief’s efforts will be wasted because the files will be unreadable. All forms of encryption use some sort of key to encrypt and decrypt the data. In World War II and Cold War spy movies, the key is a codebook that has a list of code words or phrases that match up to real words or phrases. The most basic type of data encryption, called synchronous data encryption, uses numeric keys that are used to apply complex mathematical operations to the source data in order to translate the data into encrypted form. These operations are reversible, so if you know the key, you can reverse the process and decrypt the data. For example, suppose that the encryption technique is as simple as shifting every letter of the alphabet up by the value of the key. Thus, if the key is 3, then A becomes D, B becomes E, etc. The message “Elementary, my dear Watson” becomes “Hohphqwdub, pb ghdu Zdwvrq.” This message is incomprehensible, unless you know the key. Then, reconstructing the original message is easy. The actual keys and algorithms used for cryptography are much more complicated. Keys are typically binary numbers of 40 or 128 bits, and the actual calculations used to render the data in encrypted form are complicated. The classic dilemma of cryptography is this: How can I securely send the key to the person with whom I want to exchange messages? The answer is you can’t. You can’t encrypt the key, because the other person would need to know the key in order to decrypt it. That’s where public key encryption comes into play. Public key encryption is a technique in which two keys are used: a private key and a public key. The keys are related to each other mathematically. Either of the keys can be used to encrypt the data, but the encryption process isn’t completely reversible: You have to have the private key in order to decrypt the data. ◦ Other Methods include: ◦ transposition - characters switched around ◦ Substitution - characters replaced by other characters Cryptography serves 3 purposes: ◦ Helps to identify authentic users ◦ Prevents alteration of the message ◦ Prevents unauthorised users from reading the message Encryption Keys ◦ Sent with, sent after, kept on network of user and client. P6.4 – Task 04 – Using the headings below, describe Encryption and Encryption Keys and state how secure this method might be in securing the data within a school environment. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity Biometric identification systems can be grouped based on the main physical characteristic that lends itself to biometric identification: Fingerprint identification - Fingerprint ridges are like a picture on the surface of a balloon. As the person ages, the fingers get do get larger. However, the relationship between the ridges stays the same, just like the picture on a balloon is still recognizable as the balloon is inflated. Hand geometry - Hand geometry is the measurement and comparison of the different physical characteristics of the hand. Although hand geometry does not have the same degree of permanence or individuality as some other characteristics, it is still a popular means of biometric authentication. Palm Vein Authentication - This system uses an infrared beam to penetrate the users hand as it is waved over the system; the veins within the palm of the user are returned as black lines. This has a high level of authentication accuracy due to the complexity of vein patterns of the palm. Because the palm vein patterns are internal to the body, this would be a difficult system to counterfeit. Retina scan - A retina scan provides an analysis of the capillary blood vessels located in the back of the eye; the pattern remains the same throughout life. A scan uses a low-intensity light to take an image of the pattern formed by the blood vessels. Iris scan - An iris scan provides an analysis of the rings, furrows and freckles in the coloured ring that surrounds the pupil of the eye. More than 200 points are used for comparison. Face recognition - Facial characteristics (the size and shape of facial characteristics, and their relationship to each other). Typically, this method uses relative distances between common landmarks on the face to generate a unique "faceprint." Signature - Although the way you sign your name does change over time, and can be consciously changed to some extent, it provides a basic means of identification. Voice analysis - The analysis of the pitch, tone, cadence and frequency of a person's voice. There does not appear to be any one method of biometric data gathering and reading that does the "best" job of ensuring secure authentication. Each of the different methods of biometric identification have something to recommend them. Some are less invasive, some can be done without the knowledge of the subject, some are very difficult to fake. Face recognition - Of the various biometric identification methods, face recognition is one of the most flexible, working even when the subject is unaware of being scanned. It also shows promise as a way to search through masses of people who spent only seconds in front of a camera. Face recognition systems work by systematically analysing specific features that are common to everyone's face - the distance between the eyes, width of the nose, position of cheekbones, jaw line, chin and so forth. These numerical quantities are then combined in a single code that uniquely identifies each person. Fingerprint identification Fingerprints remain constant throughout life. In over 140 years of fingerprint comparison worldwide, no two fingerprints have ever been found to be alike, not even those of identical twins. Good fingerprint scanners have been installed in PDAs like the iPaq Pocket PC; so scanner technology is also easy. Might not work in industrial applications since it requires clean hands. Hand geometry biometrics - Hand geometry readers work in harsh environments, do not require clean conditions, and forms a very small dataset. It is not regarded as an intrusive kind of test. It is often the authentication method of choice in industrial environments. Retina scan - There is no known way to replicate a retina. As far as anyone knows, the pattern of the blood vessels at the back of the eye is unique and stays the same for a lifetime. However, it requires about 15 seconds of careful concentration to take a good scan. Retina scan remains a standard in military and government installations. Iris scan - Like a retina scan, an iris scan also provides unique biometric data that is very difficult to duplicate and remains the same for a lifetime. The scan is similarly difficult to make (may be difficult for children or the infirm). However, there are ways of encoding the iris scan biometric data in a way that it can be carried around securely in a "barcode" format. Signature - A signature is another example of biometric data that is easy to gather and is not physically intrusive. Digitised signatures are sometimes used, but usually have insufficient resolution to ensure authentication. Voice analysis - Like face recognition, voice biometrics provide a way to authenticate identity without the subject's knowledge. It is easier to fake (using a tape recording); it is not possible to fool an analyst by imitating another person's voice. P6.5 – Task 05 – Using the headings below, describe the different technologies that exist in biometrics and analyse their relative value within your Clients Network. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity The most secure method of prevention against theft are physical measures that are taken, seen and unseen. Under the DPA, all possible measures within reason must be taken to secure confidential information. These can include: CCTV – Internally and externally, it is common to have these on buildings but companies also have them in the network room, the corridors, reception and wherever there is money stored. Some have motion sensors so they record as soon as there is movement. Locks – Standard locks on doors are usual, in most buildings staff rooms have locks. Network rooms particularly have locks, all entrances and exits. But network server cupboards and racks have locks, laptop cabinets, filing cabinets and keys allocated only to those who have rights. These locks can be keys or numbered. Key cards – These are more secure as they record access and log times. They are more difficult to fake and can be cancelled electronically is lost or stolen unlike keys. P6.6 – Task 06 – Using the headings below, state the different methods of physical security available and for your client, state the possible benefits and implications of these security measures. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity A firewall is a security-conscious router that sits between the Internet and your network with a single purpose: preventing external attacks. The firewall acts as a security guard between the Internet and your Network. All network traffic into and out of the system must pass through the firewall, which prevents unauthorised access to the network. Some type of firewall is a musthave if your network has a connection to the Internet, whether that connection is broadband, T1, or some other high-speed connection. Without it, sooner or later a hacker will discover and breach your unprotected network. You can set up a firewall using two basic ways. The easiest way is to purchase a firewall program, which is basically a self-contained router with built-in firewall features like one Alarm or Sophos. Most firewall appliances include a Web-based interface that enables you to connect to the firewall from any computer on your network using a browser. You can then customise the firewall settings to suit your needs. Alternatively, you can set up a server computer to function as a firewall computer (SSL). The server can run just about any network operating system, but most dedicated firewall systems run Linux. Whether you use a firewall appliance or a firewall computer, the firewall must be located between your network and the Internet, see figure. Here, one end of the firewall is connected to a network hub, which is, in turn, connected to the other computers on the network. The other end of the firewall is connected to the Internet. As a result, all traffic from the LAN to the Internet and vice versa must travel through the firewall. P6.7 – Task 07 – Using the headings below, describe the two different kinds of firewalls available for Networks and explain the need for your Client to maintain this protection. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity Adware is software that generates advertisements such as pop-ups on Web pages that are not part of a page's code. Adware can add links to your favorites and icons on the desktop. It will often change your home page and your search engine to sites that earn income from various advertisers. This income is dependent on how many people visit the adware site, or how many people click on the links or advertisements. Many adware programs do not give users enough notice or control. From a technical viewpoint, the most obvious problem caused by unauthorised programs is computer instability. Badly infected systems may operate very slowly, crash constantly, or not start at all. The owners of such badly infected machines may face serious problems when trying to clean up their machines. Their attempts to use popular anti-spyware software may fail if the number of items that require removal is so great that the software cannot cope with the load. Sometimes when the hijacking software is removed the computer's ability to connect to the internet may be damaged. There is also a privacy and security risk. Adware may exhibit spyware tendencies, reporting where you go on the internet, when and how often, what you enter into search engines, and what advertisements you respond to. Adware may add itself to the pop-up blocker exception list in Windows, or to the Windows Firewall exceptions. Home page and search engine hijacking - When a user's preferred choice of home page or search engine is changed to an unknown site an unwary victim may be exposed to an increased risk of further malware or spyware infection. It is not unusual for malware sites to direct hijacked computers to other Web sites that download and install even more malware. There may also be an increased risk of exposure to unwanted or unsavory content such as gambling or adult links via advertisements or sponsored links. Tool bars that appear out of nowhere - Often such toolbars are search engine based. Sometimes they cannot be turned off permanently and reappear on reboot, and sometimes they cannot be turned off at all. Sometimes, as part of their installation, they will disable other toolbars that may already be installed – for example, if a reputable toolbar such as GoogleBar, or AltaVista's toolbar is installed the hijacker will turn off those toolbars to remove competition. Search results from hijacking toolbars may be restricted to only sites that pay for positioning, otherwise known as "sponsored" results. Pop-up windows - Pop-up advertisements can be very intrusive. Sometimes they interfere with Web browsing by taking over the entire computer screen. They can be difficult or impossible to close. In bad cases, many windows will appear in rapid succession, making the computer virtually unusable. Examples include: 180SearchAssistant, Bonzi Buddy, ClipGenie, Comet Cursor, Cydoor, DollarRevenue, ErrorSafe, Gator, Security Tool, VirusProtectPro Spyware is software that collects and transmits user specific behaviour and information, with or without permission. Sometimes, permission to collect and transmit is assumed to have been given simply by the act of installing software or loading a Web page. Like ads, data collection can be okay if done with consent or for a reasonable purpose. For example, software that transmits user specific information for the legitimate purpose of confirming eligibility for updates or upgrades should not be classed as spyware. Programmers are entitled to ensure that their software is not being pirated, and that the users of pirated software are not receiving the same benefits as legitimate users. Spyware is a type of software intrusive camera that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users, registering key presses and passwords. While the term spyware suggests software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet connection or functionality of other programs. Examples of Spyware CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites. Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. HuntBar, aka WinTools, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to Internet Explorer, track browsing behaviour, redirect rival references, and display advertisements. MyWebSearch has a plug-in that displays a search toolbar near the top of a browser window, and it spies to report user search-habits. MyWebSearch is notable for installing over 210 computer settings, such as over 210 MS Windows registry keys/values. Beyond the browser plug-in, it has settings to affect Outlook, email, HTML, XML, etc. WeatherStudio has a plug-in that displays a window-panel near the bottom of a browser window. The official website notes that it is easy to remove WeatherStudio from a computer, using its own uninstallprogram. Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for rival advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies. Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec and reports information back to the company. Some information can be the search-history, the Websites visited, and even keystrokes. More recently, Zlob has been known to hijack routers set to defaults. A computer virus is simply a malicious computer program that can copy itself and infect a computer. The term "virus" is also commonly used to refer to other types of malware. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.[3][4] Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers, while a Trojan horse is a program that appears harmless but hides malicious functions. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves. Examples include: The Explorer.zip worm appeared in 1999, following in the footsteps of Melissa. The worm deleted Word, Excel, and PowerPoint files and randomly altered other types of files sending fake error message to the user. Instead of using Outlook to gather e-mail addresses, it watched the in-box of the infected computer and then sent automatic replies to senders, using the same e-mail subject as the original message. Magistr is one of the most complex viruses to hit the Internet. Its victims were hooked by an infected e-mail attachment. The virus in 2001, sent garbled messages to everyone in the infected user's e-mail address book. Attached were files pulled at random from the infected PC's hard drive plus an executable file with the Magistr code. This virus was not as widespread as many others, but it was very destructive. Magistr overwrites hard drives and erases CMOS and the flashable BIOS, preventing systems from booting. It also contained anti-debugging features, making it hard to detect and destroy. The Melissa virus swamped corporate networks with a tidal wave of e-mail messages in 1999. Through Microsoft Outlook, when a user opened an e-mail message containing an infected Word attachment, the virus was sent to the first 50 names in the user's address book. The e-mail fooled many recipients because it bore the name of someone the recipient knew and referred to a document they had allegedly requested. So much email traffic was generated that companies like Intel and Microsoft had to turn off their e-mail servers. The Melissa virus was the first virus capable of hopping from one machine to another on its own with multiple variants. The Klez worm, which blends different virus traits, was first detected in 2001. Klez isn't as destructive as other worms, but it is widespread, hard to exterminate and still active. It spreads via open networks and e-mail regardless of the e-mail program you use. Klez sometimes masquerades as a worm-removal tool. It may corrupt files and disable antivirus products. It steals data from a victim's e-mail address book, mixing and matching new senders and recipients for a new round of infection. LoveLetter is the worm everyone learned to hate in 2000. The infection affected millions of computers and caused more damage than any other computer virus to date. Users were infected via e-mail, through Internet chat systems, and through other shared file systems. The worm sent copies of itself via Microsoft Outlook's address book entries. The mail included an executable file attachment with the e-mail subject line, "ILOVEYOU." The worm had the ability to overwrite several types of files. It modified the Internet Explorer start page and changed Registry keys. It also moved other files and hid MP3 files on affected systems. A computer worm is a self-replicating malware computer program. It uses a computer network to send copies of itself to other computers on the network, often without permission. This is due to security shortcomings on the target computer. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Many worms that have been created are only designed to spread, and don't attempt to alter the systems they pass through. However, as the Morris worm and Mydoom showed, the network traffic and other unintended effects can often cause major disruption. A "payload" is code designed to do more than spread the worm–it might delete files on a host system (e.g., the ExploreZip worm), encrypt files in a cryptoviral extortion attack, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" computer under control of the worm author. Examples include: Melissa - In 1999, hungry and curious minds downloaded a file called List.DOC in the alt.sex Usenet discussion group, assuming that they were getting free access to over 80 pornographic websites. Little did they know that the file within was responsible for massmailing thousands of recipients and shutting down nearly the entire Internet. Melissa spread through Microsoft Word 97 and Word 2000, mass emailing the first 50 entries from a user's address book in Outlook 97/98 when the document was opened. The Melissa worm randomly inserted quotes from The Simpsons TV show into documents on the host computer and deleted critical Windows files. The Melissa worm caused $1 billion in damages. Nimda - In 2001, Nimda ("admin" backwards) infected a variety of Microsoft machines very rapidly through an email exploit. Nimda spread by finding email addresses in .html files located in the user's web cache folder and by looking at the user's email contacts as retrieved by the MAPI service. The consequences were heavy: all web related files were appended with Javascript that allowed further propagation of the worm, users' drives were shared without their consent, and "Guest" user accounts with Administrator privileges were created and enabled. It was estimated that Nimda caused $530 million in damages after only one week of propagation. Several months later, reports indicated that Nimda was still a threat. ILOVEYOU (also known as VBS/Loveletter or Love Bug Worm) Users got an email in 2000 with the subject line "ILOVEYOU." If you deleted it, you were safe from one of the most costly worms in computer history. The attachment in that email, a file called LOVELETTER-FOR-YOU.TXT.vbs, started a worm that spread like wildfire by accessing email addresses found in users' Outlook contact lists. Unsuspecting recipients, believing the email to be harmless, would execute the document only to have most of their files overwritten. The net result was an estimated $5.5 billion to $8.7 billion in damages. Ten percent of all Internet-connected computers were hit. Onel A. de Guzman, the creator of the virus and a resident of the Philippines, had all charges dropped against him for creating the worm because there were no laws at the time prohibiting the creation of computer worms. A Trojan virus is malware that appears to perform a desirable function for the user prior to run or install but instead opens a door access of the user's computer system. It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. A horse may modify the user's computer to display advertisements in undesirable places, such as the desktop or in uncontrollable pop-ups, or it may be less notorious, such as installing a toolbar on to the user's Web browser without prior notice. This can create revenue for the author of the Trojan. Trojan horses in this way require interaction with a hacker to fulfil their purpose. It is possible for individual hackers to scan computers on a network using a port scanner in the hope of finding one with a malicious Trojan horse installed, which the hacker can then use to control the target computer. Examples include: Code Red virus of 2001 provides a frightening example of the powerful combination of worms and Trojans. Code Red contaminated tens of thousands of computers and caused $2 billion in damages. After propagating itself using the techniques of a worm, Code Red attempted to use the coordinated power of infected machines to launch a distributed denial of service (DOS) attack against www.whitehouse.gov at predetermined date. Backdoor.LegMir.BZ is a backdoor worm. On execution it installs itself as a legitimate program, copies itself with various names and at various locations on the infected machine, opens a port and gives unauthorised access to attackers. It also has the ability to capture passwords and send that information to the author of this program. Malware is software that damages your system, causes instability such as changing settings or interfering with a computer's registry and security settings. Some adware can also be classified as spyware. For example BonziBUDDY, an application marketed as an "Intelligent software agent", corrupted many of the user's system files, forcing the display of many obscene advertisements (composed mostly of infected Flash coding); these and the main application logged browsing details and sent them to various third parties. The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any other particular behaviour. The term computer virus is used for a program that has infected some executable software and that causes that when run, spread the virus to other executables. Typical examples include malware carrying computer viruses or worms. Albert Gonzalez was accused of masterminding a ring to use malware to steal and sell more than 170 million credit card numbers in 2006 and 2007—the largest computer fraud in history. Among the firms targeted were BJ's Wholesale Club, TJX, DSW Shoe, OfficeMax, Barnes & Noble, Boston Market, Sports Authority and Forever 21. A Trojan horse program stole more than 1.6 million records belonging to several hundred thousand people from Monster Worldwide Inc’s job search service. The data was used by cybercriminals to craft phishing emails targeted at Monster.com users to plant additional malware on users’ PCs. Customers of Hannaford Bros. Co, a supermarket chain based in Maine, were victims of a data security breach involving the potential compromise of 4.2 million debit and credit cards. The company was hit by several class-action law suits. The Torpig Trojan has compromised and stolen login credentials from approximately 250,000 online bank accounts as well as a similar number of credit and debit cards. Other information such as email, and FTP accounts from numerous websites, have also been compromised and stolen. P6.8 – Task 08 - Using the headings below, Describe with examples Spyware, Adware and Malware and describe how your company can minimise the threat of each of these. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity The impact of each type of disaster varies from company to company. What may be a disaster for one company may only be a mere inconvenience for another. For example, a law firm may tolerate a disruption in telephone service for a day or two. Loss of communication via phone would be a major inconvenience, but not a disaster. To a telemarketing firm, however, a day or two with the phones down is a more severe problem because the company’s revenue depends on the phones. One of the first steps in developing a business continuity plan is assessing the risk of the various types of disasters that may affect your organisation. To assess risk, you weigh the likelihood of a disaster happening with the severity of the impact that the disaster would have. For example, the impact of a meteor crashing into your building is probably pretty severe, but the odds of that happening are miniscule. On the other hand, the odds of your building being destroyed by fire are much higher, and the impact of a devastating fire would be about the same as the impact of a meteor. Analysing these risks is called Risk Assessment and the higher the risk, the greater the need to take adequate precautions. Environmental disasters are what most people think of first when they think of disaster recovery. Fires can be caused by unsafe conditions, by carelessness, such as electrical wiring that isn’t up to code, by natural causes, such as lightning strikes, or by arson. Earthquakes can cause not only structural damage to your building, but they can also disrupt the delivery of key services and utilities, such as water and power to your company Weather disasters can cause major disruption to your business. Moderate weather may close transportation systems so that your employees can’t get to work. Severe weather may damage your building or interrupt delivery of services, such as electricity and water. Flooding can wreak havoc with electrical equipment, such as computers. If floodwaters get into your computer room, chances are good that the computer equipment will be totally destroyed. Note that flooding can be caused not only by bad weather, but also by burst pipes or malfunctioning sprinklers. Lightning storms can cause electrical damage to your computer and other electronic equipment if lightning strikes your building or causes surges in the local power supply. Deliberate disasters are the result of deliberate actions by others. For example: Vandalism or arson may damage or destroy your facilities or your computer systems. The vandalism or arson may be targeted at you specifically by a disgruntled employee or customer, or it may be random. Theft is always a possibility. You may come to work someday to find that your servers or other computer equipment have been stolen. Don’t neglect the possibility of sabotage. A disgruntled employee who gets a hold of an administrator’s account and password can do all sorts of nasty things to your network. Disruption of Services Electrical power is crucial for computers and other types of equipment. Electrical outages are not uncommon, but fortunately, the technology to deal with them is readily available. UPS (uninterruptible power supply) equipment is reliable and inexpensive. Communication connections can be disrupted by many causes. An interruption in the water supply may not shut down your computers, but it can disrupt your business by forcing you to close your facility until the water supply is reestablished. Equipment failure Modern companies depend on many different types of equipment for their daily operations. The failure of any of these key systems can disrupt business until the systems are repaired: ◦ Computer equipment failure can obviously affect business operations. ◦ Air-conditioning systems are crucial to regulate temperatures, especially in computer rooms. Computer equipment can be damaged if the temperature climbs too high. ◦ Elevators, automatic doors, and other equipment may also be necessary for your business. Other disasters You should assess many other potential disasters. Here are just a few: ◦ Labour disputes., Loss of key staff due to resignation, injury, sickness, or death. ◦ Workplace violence. ◦ Public health issues, such as epidemics, mould infestations, and so on. ◦ Loss of a key supplier. ◦ Nearby disaster, such as a fire or police action across the street that results in your business being temporarily blocked off. P6.9 – Task 09 – Using the headings below, describe the different types of risks that exist to information storage and describe to your client and the level of risk they pose. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity The best way to protect your network from virus infection is to use an antivirus program. These programs have a catalogue of several thousand known viruses that they can detect and remove. In addition, they can spot the types of changes that viruses typically make to your computer’s files, thus decreasing the likelihood that some previously unknown virus will go undetected. It would be nice if Windows came with built-in antivirus software, but alas, it does not. So you have to purchase a program on your own. The two best known antivirus programs for Windows are Norton AntiVirus and McAfee’s VirusScan. The people who make antivirus programs have their fingers on the pulse of the virus world and frequently release updates to their software to combat the latest viruses. Because virus writers are constantly developing new viruses, your antivirus software is next to worthless unless you keep it up to date by downloading the latest updates (Dat files). The following are several approaches to deploying antivirus protection on your network: You can install antivirus software on each network user’s computer. This technique would be the most effective if you could count on all your users to keep their antivirus software up to date. Because that’s an unlikely proposition, you may want to adopt a more reliable approach to virus protection. Managed antivirus services place antivirus client software on each client computer in your network. Then, an antivirus server automatically updates the clients on a regular basis to make sure that they’re kept up to date. Server-based antivirus software protects your network servers from viruses. For example, you can install antivirus software on your mail server to scan all incoming mail for viruses and remove them before your network users ever see them. Some firewall appliances include antivirus enforcement checks that don’t allow your users to access the Internet unless their antivirus software is up to date. This type of firewall provides the best antivirus protection available. P6.10 – Task 10 - Using the headings below, describe what an Antivirus program is and in detail describe the precautions your client should take to protect their network. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity Companies can increase their network security by adding in electronic controls to combat illegal access. There are many programs and routines Network Managers use to secure their system. For example: Call-back – The network when contacted returns the IP address (Pinging), and confirms the sender information before allowing contact. Handshaking – Network confirmation sends signals to confirm the sender is not a false address. E.g. generate random number and require user to perform some action (multiply first and last numbers together) Encryption and network Cipher Keys Text Captcha boxes for progression to stop hacking websites from randomising logins and DOS attacks. One time Key registration for users (Email or Network confirmation to avoid random generated users) More secure transfer protocols on networks such as: ◦ SSH-TRANS, a transport layer protocol; ◦ SSH-AUTH, an authentication protocol; ◦ SSH-CONN, a connection protocol. ◦ More importantly the network manager will keep logs, these show all the activity on the network and can be broken down by user and site. Sites that are dangerous can be put on the block list, internal attacks can be traced to an IP address or a User Name. When a problem is detected, the Network Manager can isolate the attacker or website and deal with it. P6.11 - Task 11 – Using the headings below, state and explain the different Software methods of detecting an intruder and state the need for your Client to manage the network needs through software and vigilance. Loss of Service Loss of Business Increased Costs Confidentiality System Integrity Schools have a limited budget and a lot of clients. At primary level the amount of potential internal damage has to be weighed up against the threat from the outside. With the Data Protection Act all schools have to take measures to maintain a degree of security within reason and budget to protect information. Virus checkers and firewalls are cheap, SSL servers are not. Physical security again burglary is vital whereas Biometrics is less important. Backing up and restoring is a need but only of Staff and Actual Data, there is less need for student backups at this early stage. D2.7 – Task 12 - Within your PowerPoint, In terms of the Primary School and in reference to Brooke Weston, evaluate the current levels of security the school will need to prepare for in order to maintain a degree of security. Passwords Authorisation Backing up and restoring Encryption Biometrics Levels of Risk Security Issues Intrusion Detection Systems Antivirus Software Physical Security The stages of configuring and setting up network systems is now in place and training for the technicians is in place. At this stage you will need to demonstrate the stages of preparing machines for connection to the network. Before this happens you will need to secure the computers against attack. A laptop has been given as a demonstration machine for staff. A booklet needs to be drawn up on the stages of installing, securing and connecting to the standard WAN system. P6.12 – Task 13 – Create a guide that demonstrates to a new user with network rights the stages of installing and configuring a Virus Checker and Firewall protections. P6.12 – Task 14 – Create a guide that demonstrates to a new user with network rights the stages of configuring a new User Account. P6.12 – Task 15 – Within this guide that demonstrates to a new user with network rights the stages of configuring the TCP/IP setting to connect to an existing network. P6.12 – Task 16 – Within this guide that demonstrates to a new user with network rights the stages of configuring Pop3 and SMTP Mail services. P6.12 – Task 17 – Within this guide that demonstrates to a new user with network rights the stages of configuring a Network Printer. P6.1 – Task 01 – State why Passwords are essential to Network systems with examples of the risks and give examples of strong and weak passwords. P6.2 – Task 02 – State the policy of Access Control Lists and Permission Rights on files, folders and programs and state the need to secure these right within a school environment. P6.3 – Task 03 – Describe the importance and method of restoring files on a network and give examples related to your Client of the need to generate a Policy of Recovery. P6.4 – Task 04 – Describe Encryption and Encryption Keys and state how secure this method might be in securing the data within a school environment. P6.5 – Task 05 – Describe the different technologies that exist in biometrics and analyse their relative value within your Clients Network. P6.6 – Task 06 – State the different methods of physical security available and for your client, state the possible benefits and implications of these security measures. P6.7 – Task 07 – Describe the two different kinds of firewalls available for Networks and explain the need for your Client to maintain this protection. P6.8 – Task 08 - Describe with examples Spyware, Adware and Malware and describe how your company can minimise the threat of each of these. P6.9 – Task 09 – Describe the different types of risks that exist to information storage and describe to your client and the level of risk they pose. P6.10 – Task 10 - Describe what an Antivirus program is and in detail describe the precautions your client should take to protect their network. P6.11 - Task 11 – State and explain the different Software methods of detecting an intruder and state the need for your Client to manage the network needs through software and vigilance. D2.7 – Task 12 - Evaluate the current levels of security the school will need to prepare for in order to maintain a degree of security. P6.12 – Task 13 – Create a guide that demonstrates to a new user with network rights the stages of installing and configuring a Virus Checker and Firewall protections. P6.12 – Task 14 – Create a guide that demonstrates to a new user with network rights the stages of configuring a new User Account. P6.12 – Task 15 – Within this guide that demonstrates to a new user with network rights the stages of configuring the TCP/IP setting to connect to an existing network. P6.12 – Task 16 – Within this guide that demonstrates to a new user with network rights the stages of configuring Pop3 and SMTP Mail services. P6.12 – Task 17. – Within this guide that demonstrates to a new user with network rights the stages of configuring a Network Printer.