Question

Cyber security

Security Policy:

1. , write a small antivirus policy for the IT infrastructure and users in a
   1. small business
   2. an elementary school
   3. You may research anti-virus policies of organizations on the web, please use and cite responsibly.

Security Recommendation: Rose Shumba manages the IT security for a school. Given the wide range of people who use the school’s computers, it is challenging for Rose to prevent virus infections. She has installed an anti-virus on each machine and has a policy prohibiting software downloads.

Comment on:

1. How secure is the network from viruses?
2. What areas has Rose not secured?
3. What recommendations would you make to Rose to increase the security?

Answer 1

A. How Secure is the network from Viruses?

the policy adopted by Rose Shumbha prohibits software downloads. this prevents any body from downloading the softwares online and hence the network is secure from all viruses which can enter the network while downloading softwares

B. Rose has not secured following areas

1. USB and other hardware points : Viruses can also enter the system through hardwares like Pen drives/CD drives etc. Rose has not secured such points.

2. Software Installations Permissions:. Software installations being done through offline installers also try to communicate online which may also lead to viruses.

3. Unsecured School Gateway: Installing antivirus on individual systems can protect that system. Possibilities are there thqat the viruses may enter through the gate way / proxy server also.

4. Unsecured Browser: Viruses can also enter through the browsers

C. What recommendations would you make to Rose to increase the security?

I would like to recommend following policies to be included

1. There should be hardware restrictions throughout the network infrastructure. For example the USB drives and CD drives must be disabled on the systems. any use of pen drives , CD drives and other plug ins must be allowed only after propper scanning . this facilities should be available at central level under expert supervision

2. Installation of softwares should be screened and allowed only after proper check and permission by competent expert authority.

3. The school gateway/ proxy server must be secured enough by using firewall etc so that no external entity gains access of the internal infrasturucture without undergoing proper check. all the incomming mails and outgoing mails must be screened and monitored.

4. A lot of viruses may enter through the browsers. There fore there should be proper filtering and restrictions on the websites at proxy server level. The various security features of the browsers may also be enabled to ensure the integrity and security of the infrastructure.