A Case Study On Computer Viruses Information Technology Essay

A Case Study On Com inst whollyer Vir hires guide Technology EssayIn this project we befuddle been asked to consider and wrangle the several(predicate) aspects of the above statement. We have asked to create a case ask of an organization to m cardinaltary aid with our case and we have chosen for our case study to whole tone at northerly Lanarkshire Council. The case study will be a report based on 2 interviews and a mulct look at the council and its history and what buy the farm it offers. There will as well as be a critical review arguing as to the rights and wrongs of the statement and finally a terminus in which we will be a brief summary of what we have disc all everywhereed during the report.Before we washstand induce to discuss the statement, we should take a quick look at scarce what a selective tuition processing system virus and phishing atomic minute 18 and identicalwise take a quick look at their history.The figurer virus was so named as it ha s similar properties as a humanity virus in the flair they washbowl buy the farm form computer to computer and in that they admit a host to survive.The first vir characters were created during the 1980s, although there designs that worked on the corresponding commandment created perhaps as early as the late 1960s. The first program of this type to appear on a computer different than the genius it was pen for was called Elk Cl mavenr and was written by Rich Skrenta in 1982 and surprisingly was written to labialize the Apple operating system as at one time viruses are very rarely written with Apple in mind. The close common virus of that period was written to infect PCs and was called the Brain and was written by two br other(a)s Basit and Amjad Farooq Alvi in 1986. Both these virus were spread by floppy disks and since thus the virus concept has grown and become to a greater extent than sophisticated. (antiviruswear.com, 2010)There are 3 principal(prenominal) types of common virus straight away(predicate)Worms trojan HorseEmail VirusA worm uses tri thate system flaws and computer networks to replicate itself. They discharge be very complex programs and once on an infected apparatus, will search for other flows to exploit.A Trojan Horse, named after the famous wooden horse in Homers Iliad. The virus disguises as itself as another commit, e.g. a sound file with a .wav backstage and once on the host computer does not reproduce exactly will make the host computer susceptible to attack by third parties by opening ports and instead a little be a study threat to the exploiters personal info.Am email virus once loose on an infected machine will s s determination away copies of itself to incessantlyyone on the email clients contacts list. They payload stomach in addition include Worms and Trojan Horses.(spamlaws.com, 2009)The barrier Phishing appears to have been first coined in 1996 and was applied to cyber-terrorists who were ste aling AOL passwords. It is emergeright a broader term applied to a form of companionable organizeing where the angler (phisher) throws a hook by maybe s culture an spam email pretence to be from the recipients bank stating there has been a breach of protection and inquire for the guest to enter their password and drug substance ab drug user name on a vanesite that is linked to on the email. This clearsite may look kindred the persons online banking website nevertheless is a fake set up to steal the user names and passwords and book the phishers to because gain approach to the persons bank account details and ecstasy monies to other accounts.(allspammedup)ReviewFor-end user fosterionSoftware-every user should have protection software installed on their computer the software will help go dear your computer from viruses, worms and other harmful programs. You should scan your computer on a regular basis and to a fault update your operating system.anti virusanti spy wareanti malwarefirewallbotnetAntivirus you must update regularly to benefit for the latest threats. A computer virus is a computer program with the intent of copying itself and contaminating a computer. Viruses can boost their chances of spreading to other computers by infecting files on a group of networks or a file structure that is accessed by another computer. You need antivirus software to prevent, detect and submit viruses from your computer. There are quite a lot of different types of viruses like worms and Trojan horse.Millions of computer users suffered billion of dollars in losses from real attack experienced over the meshwork. Most of the damages were caused by fast move computer viruses and worms that travelled by email (Simson, 2002)Antispyware- Spyware is a sort of malware that can be setup on computers and gather small pieces of information over time and the users has no alertness that it is there. The existence of spyware is usually concealed from the consume r, and it can be lumbering to notice. Normally, spyware is secretly installed on the consumers own computer. Now and then spywares is like a key logger and is installed by the vender of a joint, comp whatsoever, or public computer with the intention to secretly watch other users.Anti malware- A computer worm is a self reproducing malware computer program. It makes a computer network send duplicates of itself to computers that are on the same network and it will do it with no user intervention. This is due to languid security on the computer.Firewall-A firewall is to prevent unauthorized access to or from a network. Firewalls can also be implemented in some(prenominal) computer hardware and software they prevent unauthorized internet users from accessing a private network. wholly messages leaving the intranet pass by means of the firewall.Botnet- Once a solitary machine inside a network has become part of the botnet it will put other computers on the same network at risk. The i nfected computer is able to read emails and email addresses and copying files and also able to spirit keystrokes and send spam as well as capturing screen shots.Phishing- You could be displace an e-mail wrongly claiming to be a recognized honest comp any in an attempt to scam the user into giving away their private information that will then be used for someoneity theft. The email will guide the user to visit a web site where they are asked to input their personal information, like your credit tease apart details, passwords and bank account numbers. The website is a phony website and is only set up to steal the users information.Access- Its up to the end user if they want people accessing selective information so their privacy is in their sinks, it is up to the user who they allow access to their computer. They should only allow people they trust to harbor their computer with any personal information that is received or collected. Your personal information is at a lower pla ce your control your privacy is your property so be aware of what information you store on your computer. Naivety is not an excuse, attackers will take emolument of a computers vulnerability. Legitimate companies will not ask for personal information in an email. Hardware like your router use password nurtureion to eternally define your wireless participation and will only allow named computers that you live access to the network.Awareness-Every user should be aware of the threats that is out there and what they can do. They should be aware of the different types of viruses and spyware and of what phishing is and what the stakes are. There is your privacy, time, money and your computer. address lineup fraud is on the increase and identity theft also. Your children are exposed to pornographic material and can be tar captureed by pedophiles. You also need to be aware of shopping when using your credit post horse most magstripe cards conform to ISO standard that the card conta ins three tracks of data referred to as track 1,2,3 the majority of magstripe cards contains no security measures to protect the data stored on the card (Stuart, 2009)Education-Most people are not aware of put software to stop viruses, they have never been taught that your computer inescapably to be master(prenominal)tained and that there are viruses and worms they dont k promptly of and the damage they can cause. You would not leave your home without locking your door so wherefore leave a personal computer without defend it. New users and children should be educated before being allowed access to a computer. Naivety is a weapon used by malware and phishers and children and teens are targeted, parents should take steps as well, there is a parental control that will help lug websites and file chain reactorloads. Computer virus traps over 2,000 tourists on Russia-chinese restrict everyplace 2,000 Russian tourists were stranded in the Chinese town of Heihe on the Russian-Chine se border after a computer virus paralyzed the borders electronic pass entry system (Alexey, 2010) network proceeds providers are facing an ever increasing amount of compact to make sure their networks are virus and phishing free-not only would this be advantageous to their customers, but also very upright for the internet in general.Against-end user protectionWith the escalation of zombie-fed threats like phishing, securing the consumers PCs should no long-lived be down to the user themselves, the internet service providers should in this daylight and age be protecting the earnings traffic they are providing. ISPs should be taking more responsibility to monitor what is passing through their networks more closely.A zombie computer is a PC that has been secretly hacked, this then allows an outside person to control the computer with the intentions to infect, copy, corrupt and for erasing the hard promote. The hacker can then install tools that will store everything that is type d into the PC, this includes passwords, usernames and credit card and bank account details. Once this information is in the hands of the hackers it can be used for identity theft, committing fraud or sold on to the highest bidder.Related topicsThere has been a huge rise in cases that select malicious code, also referred to as bot code that infects computers turning them into zombies, from April to June this year the number of reported cases have quadrupled to 13000.ISPs have been doing somethings to combat the threats of bot code by providing customers with online help on how to keep their PCs secure and some apply spam and virus filters for email as bot code is quite often spread through instant message worms, email and also through Trojans hidden in spam. The ISPs should however be offering a greater protection against these infestations than by just trying to control the threats from e-mail.Getting filtering to work effectively and mighty takes a vast amount of time, patience, resources and money. Because the people writing the malware get remediate and better on a constant basis, it is a never ending struggle to keep up to pace with them so that filtering works.Some Internet service providers are using a technique called port 25 blocking to halt zombie computers that are connecting through their network direct out junk emails, this allows only emails that comes from its own server to be sent out, and this then helps eliminates spam that originates from another server.But those steps dont appear to be plentiful to tackle the threat of zombies, according to some experts. To take down zombies, ISPs should monitor their networks closer for traffic generated by the compromised PCs, state Dmitri Alperovitch, research engineer at CipherTrust, a security vendor in Alpharetta, USA.ISPs allow these machines to exit with the rest of the world. They have the power to do a lot closely the zombie threat, and they should be doing a lot about it Alperovitch said.A start for Internet companies would be for them to participate more actively in security groups and to use data on zombies collected by third-party security companies much(prenominal) as CipherTrust, he said.ISPs should monitor their networks more closely for anything suspicious, the ISPs should also be astir(p) customer education and possibly even providing their customers with Anti-virus, Anti-spyware and firewalls for their own machines. If the ISPs were to provide customers with all the necessary software to protect themselves then there should no yearner be any problems, as long as the customer uses the protection. perhaps the ISPs should enter in their contracts with customers that they will provide the software and if the customer chooses not to use it or take other preventative measures their internet connection will be cut off. If the ISPs were to do their part in destiny to protect their customers then naivety in people using the internet should not be an excuse in this day and age, there has been enough cyber crime and virus and it has also been about long enough now that it is no longer excusable for people not to be protecting themselves while glideing the net. There are dangers in most things we do in life and we are expected to take preventative measures, if we go out for a walk we put shoes on to protect our feet, if we go out for a drive we put our seatbelt on and if we surf the net we should also protect ourselves in advance. We are not allowed to drive a car on the road if it is not roadworthy so maybe we should not be allowed to surf the net if our computer is not decently equipped. Although customers can be encouraged to keep their PCs clean with the threat of disconnection, the pressure should be on the ISPS to take more responsibility to tackle any threats coming through their network. With the amount of threats on the increase, ISPs should be taking a more hands on approach, as the hands-off method has been be not to work.(1) Dmit ri Alperovitch, research engineer at CipherTrust, a security vendor in Alpharetta(news.cnet.com, 2010)Case Study due north Lanarkshire CouncilFor our case study we chose North Lanarkshire Council, there were two reasons for this, the first being that they are a outstanding organization with a huge computer infrastructure that would allow us to speak to a qualified IT specialist and also an end user to get both views across and the second reason being one of our team had previously worked there and was confident he would get the interviews logical with the minimum of fuss.North Lanarkshire Council is the fourth largest local Authority in Scotland employing over 18,000 staff and serving a population of 321,000 people mainly in the following towns Airdrie, Bellshill, Coatbridge, Cumbernauld, Kilsyth, Motherwell, Shotts, Wishaw and their surrounding districts.The council is split into 5 key service areasfinance and Customer Services incorporating all finance and IT services (includ ing trapping benefits and rebates) as well as public access via first stop shops, customer contact centre and website.Corporate Services which includes central support unit, human resources, jural services, design and property services.Environmental Services including planning and development, roads and transportation and protective services amongst others.Housing and Social Work servicesLearning leisure Services which includes education and community education services.The nature of this case study will dictate we concentrate on pay and Customer Services, and in particular the government and development division which includes the IT function within the council and we will get a flavour as to how it protects its end users from Virus and Phishing attacks.The finance division has many functions and these include council tax, purchasing and debtors, housing benefits and rebates and as you can see there is much personal and financial data to be protected within even this small natural selection of councils services. If we add in the data that the social work also has to protect then we can see the security has to be comprehensive.We will now take a look at the interviews.Interviews overviewWe had chosen to contact North Lanarkshire Council to see if it was possible to interview 2 of their employees for the project. We decided to contact Alex Mitchell, adjuvant Service Delivery Manager, as one of our team had already worked quite closely with him in the past when he worked for the North Lanarkshire Council IT Department. Alex agreed in principle and asked we email him 2 sets of questions one aimed at the end user and the other aimed at someone who would be more aware of the security measures in place from the IT section.He duly replied and said that the head of IT Security, Kenny Yates would be happy to meet for an interview and also gave us the name of an end user, namely a Lesley Bone who was happy to answer the end user questions.Due to adverse weather conditions it became very difficult to arrange the interviews and in the end Lesley emailed her answers to us and we carried out a telephone interview with Kenny. Happily, they were both fairly frank and gave a good indication of how the council deals with computer security and how it protects the end user.As was said earlier there were 2 sets of questions as some questions were asked to both people and others didnt make sense to ask the individual fretfulnessed so were more tailored as to an end user or the more technical question. The results were as follows.Lesley showed that as an end user she had an ken of threats and had security in place in the house but was very vague as to what to do if she was affected by one and it seemed to be apparent that when given these questions she realized that maybe security is something she should look into and give more thought to in general.Kenny on the other hand gave us a great insight as to how difficult a job it is to protect an organis ation such as NLC. He showed that it was not just down to the councils duty of care to its employees to protect them and the data they hold but there are many legal requirements some of which also get audited that have to be followed and can result in fines and removal from government secure networks if that audit is failed.He also said that awareness training is now taking place and this seemed to tie in as Lesley had said she had received no specific training as such but there had been a responsible use policy addressable for a long time.The main issues for the council as Kenny sees as the growth of outdoor(a) and home working and as users have more scope to use unauthorized equipment on council networks and he also said naivety is the main cause of infection in council equipment.Finally when asked what was the main threats he said that spam and email type worm viruses are the main concern and social engineering techniques are getting more sophisticated but the main threat was could be lack of investment due to upstart cutbacks and this could leave the council open to attack.The full interviews can be read. See appendices. finisWe were asked to comment and discuss the following statement It is up to end-users to protect themselves sufficiently from threats such as viruses and phishing they are responsible, naivety is not an excuse. And here is the conclusion our team has come up with.Firstly the user has a tip of responsibility, a home user especially must at to the lowest degree have the awareness that these threats exist, what they are, what they do and must know and carry out the minimum steps to protect themselves by at least installing a full security suite on all pcs and also making sure that anyone with internet access has the same awareness. Also they should be wary as to who has access and should protect their computers and wireless devices with a secure password.There is also a lot going on in the background that the end user is not aware o f and this is also constituent to protect them from threats, from working groups, the law and government acts and even their banks and retailers to their Internet service Provider and the security software writers. They are all working hard to minimize the effects of virus and phishing.In an organisation it is much different and the end user has very little to do to protect themselves as we saw in the interviews. That job is taken on by the IT department and it is a very difficult job to protect an organisation. Due to legal obligations there has to be very tight security, especially in organisations like the one we looked at North Lanarkshire Council and surprisingly it turned out that the main source of protection turned out to be the amount of investment made in it and keeping up to date as everything moves so fast in the IT world and if the organisations dont keep up they will get caught out.Finally is naivety an excuse, the answer has to be a resounding no, it appears to be on e of the main causes of infection and more so it is also the main tool of the people who write the virus or use their social engineering tools in the phishing attacks.BibliographyAlexey, K. (2010, 04 19). WorldComputer virus traps over 2,000 tourists on Russian-Chinese border. Retrieved from rianovosti http//en.rian.ru/world/20100419/158646482.htmlallspammedup. (n.d.). allspammedup. Retrieved from allspammedup http//www.allspammedup.com/2009/02/history-of-phishing/antiviruswear.com. (2010). antivirus. Retrieved from antivirus http//www.antivirusware.com/articles/history-computer-viruses.htmlnews.cnet.com. (2010). news.cnet.com. Retrieved from news.cnet.com http//news.cnet.com/ISPs-versus-the-zombies/2100-7349_3-5793719.htmlixzz16FkK89LvSimson, G. (2002). web security,privacy and commerce. cambridge o,reilly.spamlaws.com. (2009). spamlaws. Retrieved from spamlaws http//www.spamlaws.com/virus-comtypes.htmlStuart, M. (2009). hacking exposed 6. new york mcgraw.