Embed Doc
Copy Link
Readcast
Collections

CommentGo Back

Download

Security Report for Barringtonsports.com

: Northgame Ltd – Barrington Sports

From

: Adam Bullock – Security Adviser

Date

: 06 March 2009 You have recently employed me to do a risk assessment of potentialsecurity threats that you could experience and to notify you of anyways in which you can prevent the security problems frombecoming a problem within you company.

Potential Problems

There are many individual risks and they along with an explanationare listed below;

•

Viruses

•

Spyware

•

Malware

•

Hackers

•

Humans (staff)

•

Spam

•

Data Loss

Potential Problems – Explanations, Examples & SolutionsViruses

A computer virus is much like a virus that a human gets. A humanvirus makes its way into the body, normally undetected and isdesigned to cause harm. A computer virus is much the same – itnormally gets in undetected and is designed to cause harm, usuallyto corrupt, delete or multiply data.Viruses can get onto your machine via numerous different methods;CD, DVD, floppy disk, internet, network or removable storage. Theviruses can get onto those many mediums without the user knowing– just by the user visiting a website, the virus can download itself tothe storage device without anyone knowing about it. The solution to computer viruses is simple – by an antivirusprogramme. They provide you with real time protection fromviruses. For example, McAfee, Norton, Sophos – all these antivirusprogrammes are available over and internet but cost, normally ayearly or monthly subscription. You can get free antivirusprogrammes that have shown up in tests to be just as good or evenbetter in some cases than the ones you pay for! Some of these are;AVG, Avast, Clam.If you run an active domain computer network it is advisable topurchase a network edition of your chosen antivirus software – thisAdam Bullock – Security AdvisorPage| 1

Security Report for Barringtonsports.comenables all computers to be protected and they then get updated atthe same time.Click here for an example of how a virus can affect a company.–“Computer virus affects hospital.”

Spyware

Spyware is a piece of code that again, normally enters the userscomputer undetected and is designed to collect user data or partlycontrol the user’s computer without the user knowing.Again, normally got from a website that the user has been on whichhas then downloaded itself onto the storage device. There are many ways of protecting yourself from spyware just likevirus protection. You will need to get an antispyware programme.Most antispyware programmes are free however you can purchasesome. Ad-Adware is free but you can buy the pro edition and pay forit. Another free programme is SpyBot Search & Destroy which is oneof the best in my opinion. You can also get some Spywareprotection from your antivirus programme.Click here for an example of how spyware can affect a company orindividual.– “Facecrooks.”

Malware

The word malware is from the two words ‘malicious’ and ‘software’.It was made as a sort of umbrella term for viruses and spyware – allthe ‘malicious’ software that you can harm your computer.

Hacking

Hacking is a method of gaining unauthorised access to a computeror network. There are two types of hackers.

The first type is someone who does it for fun – they gainaccess to the computer network and then don’t do anythingelse. That for them is enough – just beat the system and that’sthat.

The second type is one who gets into the computer network,looks around for information and then could sell thatinformation onto 3

parties, or, they would have a look aroundand mess around with things. E.g. delete data, move data,corrupt data, mess around with settings so the network maynot work properly etc. To protect yourself from hackers there are many ways to do so. Anti-malware programmes will help a bit – as some malware can assist ahacker to gain access to your computer. You should also havesoftware and hardware firewalls. Hardware firewalls normally comeAdam Bullock – Security AdvisorPage| 2

Security Report for Barringtonsports.comin the form of a router and software firewalls come in many differentforms, obviously they are software not hardware but there are manydifferent companies that make software firewalls. When youpurchase a Windows PC you get the windows firewall you can alsoget a firewall when you buy some antimalware protection. Forexample when you purchase McAfee then that package comes witha software firewall.Click here to view an article on company networks and hacking. –“Hacker ‘threat’ to NI business”

Spam & Spoof Email

Spam email is email that gets sent to everyone and anyone. It isnormally advertising many different products; anything from TV’sand DVD players to Viagra and sex toys.Most email providers provide a spam filer in the inbox – any emailthat looks like it could be spam is moved into that spam folder(before you see it) so that it can still be rescued if it is not spam,however it is not fool proof – some emails that are genuine and notspam may end up in the spam box.Spoof emails are emails that are sent like spam email to anyone andeveryone. They are designed to make someone believe they havewon something, normally money.Spoof emails are normally counted as spam so they normally getsend to the spam box.Click here for some examples of spam email.

Data Loss

It is easy for any one of the above to corrupt or delete data fromyour company computer systems. It could just be one virus or onemember of staff pressing the wrong button. Also, natural disastersare a threat to your data. One flood could be the end of all of yourdata.It is a good idea to keep backups of all your data. These could bekept on tape that leave the premises every time you do or theycould be kept on a server off site. This way you would not have toremember to take everything back and forth to work and not haveto worry if you forgot or lost the tapes.

Passwords, Permissions & Encryption

It is a good idea for passwords to be changed at least once every 30days to prevent unortharised people guessing the password, thepassword should not be used more that once and should includeatleast one number and symbol and a variation of capital and noncapital letters.Adam Bullock – Security AdvisorPage| 3