Assignment 4 – Security Risks
For my assignment I have been asked to evaluate and review a situation involving security threats and to provide solutions to these problems. I will discuss how each of theses problems can be sorted and fixed so it can make it a lot safer for the users in this company. In this company it concerns 50 users and these problems that are needed to be dealt with.
No log on to the network;
For a company not to have a log on to the network leaves the company very vulnerable for other users to access their site. The threat of information being deleted or changed is very high risk. A way of solving this problem is to ensure all users have separate user accounts. These accounts ensure each user has a unique username and a password to keep information secure. The company should there for set up a user name and password method for each user working in the company.
Internet (unrestricted access);
The amount of dangers for having unrestricted access to the internet is very high. This means any website can be viewed without a pop-up blocker appearing up showing the risks there may be to opening that specific page. These risks could leave the systems open to many viruses, worm, Trojans etc.
Staff is ‘allowed’ to install and remove software;
Staff that is able to install and remove software may leave the systems open to viruses, Trojans, etc. This would mean having to remove the firewall from the systems and any form of worms or Trojans may threaten to hit the systems. Users must have a verification check put in place to ensure they don’t access websites with a high risk threat. It should also be pointed out to the staff that specific sites should not be accessed and blocking certain pages ensures this.
Data is backed up once a month;
Leaving data stored once a month is not very appropriate for businesses because this sort of backup is considered far too long to leave unsaved. The information should be backed up and saved every single day.
Data tapes are kept secure in a locked plastic box on top of the server;
Leaving the data tapes beside the actual server is very unsafe because in the event of a fire this information can be lost very easy. If anything were to happen to this information there would be absolutely no way in retrieving it back. The safest thing the owner of these tapes should do would be to keep the back tapes kept away from the workplace in a separate building in a ‘safe’ place. If someone were to take this box and use it in a disruptive manner it would be considered a violation on the data protection act and that is breaking the law.
The company keeps records in a database on customers;
The information that the company includes with each of the customers includes a lot of private information. This information should only remain for the company worker and the customer. The reason why this information should remain between the worker and the customer is because it contains past purchases and the purchases history. This information can be misused inappropriately, addresses can be duplicated and the details could be stolen so that the information can be charged onto this person’s name. Along with bank details if the information is not secure others can. Not everyone in the company should have access to everyone’s database. Only those that have the authority should be allowed to enter into this information. Staff have been heard talking to one another about other peoples accounts and this should not be allowed and is a violation to the data protection act. Another form of unauthorized access is considered deliberate and usually to cause havoc on ones account.
E-mail is available to all
The threat there to someone that has their email on show for everyone is that it could be hit with a lot of spam. This spam usually is a URL address and is sent to the user to try and click into. The customer could be inundated with many messages. The messages are usually sent by hackers and are known as ‘spoofing.’ This is when the hacker uses an unauthorized IP address and they are trying to draw in the user by trying to make them believe that they are a genuine. These messages should never be opened an e-mail filter should be put in place to prevent any unwanted messages or viruses.
IP address log is not kept of sites visited
The reason why IP addresses must be kept monitored is so that there will be no suspicious activity allowed on any of the systems. All systems are to be kept under control frequently and all users’ accounts can be checked up at any time by the administrator to ensure that they are doing the job correctly.
No Firewall is in place
Having no firewall in place is very dangerous, without a firewall this leaves the systems very vulnerable and leaves the threat of Viruses and Trojans. A firewall must always be turned on.
No restrictions on internet access
If there were no restrictions on internet access any site can be loaded and searched. Only those sites that need to be used should only be accessed. Certain sites must be blocked. For example if the user hadn’t the authority to access youtube. The administrator would block all users from accessing this site.
Downloads are not monitored
Downloads must be kept monitored at all times, these downloads could be threatening to the computer systems. It is the duty of the administrator to ensure that nothing irregular should be allowed to be downloaded, this could danger the systems in many ways and could disrupt with the software.
Entrance doors are not protected by keypad
There are a few major problems that occur when anybody can access into the building. People can enter and gain unauthorized access to anything they want. This could include theft of hardware, disks and could even access onto the systems. The entry needs to be protected, without the company could be at high risk of losing classified information.
