Computer Network Systems
LO4 - Be able to make networked systems secure
P1 describe the types of networks available and how they relate to particular network standards and protocols
M1 compare the benefits and disadvantages of peer-to-peer network and client/server networks [IE3]
P2 describe why different network standards and protocols are necessary
P3 explain the key components required for client workstations to connect to a network and access network
M2 design a networked solution to meet a particular situation with specific requirements [IE1, CT1]
D1 justify the design and choice of components used in a particular networked solution [IE6]
P4 explain the function of interconnection devices
P5 describe typical services provided by networks
D2 evaluate typical services available from a network operating system directory service.
P6 make a networked system secure.
M3 report on the business risks of insecure networks and how they can be minimised.
Organisations have always depended on information to ensure success.
Over the years, organisations have changed their information systems
from dealing purely with data processing to strategic and decision
support. Managers need information to plan successfully in the short,
medium and long term. It is also recognised nowadays that information
is required at all levels in an organisation and that information itself can
have many sources all of which are prone to hacking, theft and deletion,
internally and externally. The importance of valid information in gaining
competitive advantage needs to be stressed, just as protecting that
information is vital to a business success.
 Learners will gain an understanding of the ways in which data can be
processed and the applications that support organisations. They will also
be asked to evaluate the capacity of an information system to satisfy the
needs of the user.
P6 - Make a networked system secure.
D2 - Evaluate the procedures organisations should take to secure their
Before computers were networked, when a machine went down,
that was one computer. It took time to repair it but business
went on. With networks, the same happens but the user can
move and business goes on. But when a network goes down
through physical or software reasons, this can bring every
machine down. “Network down time” can seriously impact on
companies. For a school down time can mean some classes may
be cancelled or find an alternative method, but for companies
like Amazon, Play, E-bay etc, this can have a serious financial
impact on the company.
 North American business lost £21billion in down time last
year. Here
 In 2008 – Sainsbury’s ISP down time cost the company £1m in
online transactions.
Business confidence is one of the more integral
parts of modern business and the loss of
information, security breaches, down time, theft
or hacking can have a serious impact on the
confidence of customers. The more down time a
company has, the less confidence customers
have. Down time can cause a delay in the
delivery of goods which is vital for Play so they
might go to Amazon instead. Tesco’s internet
down time can force customers to shop at
Sainsbury’s online, and once a customer moves,
supermarkets do all they can to grab that loyalty.
Stolen credit card details from companies can be
hugely expensive in terms of business
confidence, just the idea that they security on
the network was weak can cause suppliers to
hold back, customers to shop elsewhere and the
management to investigate.
Network downtime, added security
measures, and loss of confidence
inevitably leads to the increased cost of
goods in order to pay for the damage.
Companies need to continuously pay
for network upgrades to maintain what
they have, need to learn from mistakes
and attacks and take stronger
preventative measures. When someone
is burgled, house insurance goes up,
they install a burglar alarm, it is the
nature of theft. The Business World is
the same.
In addition to the loss of business and increased product costs, the loss
of confidentiality can have an adverse impact on the performance of a
business. Loss of customer details is not just bad for business but
warrants an investigation by the Trading Standards Authority (TSA).
Filing to protect information adequately is a breach of the Data
Protection Act (DPA). Companies have to take all possible reasonable
steps to protect customer information and any theft from customers
from the theft of this information comes under the liability of the
There are different levels of confidentiality that need to be taken into
consideration, theft of credit card details is not as problematic as theft
of Hospital records for instance, medical and personal information can
lead to a heavier fine and perhaps prosecution from the TSA, and
companies who have been successfully prosecution by the TSA tend to
lose even more confidence from their customers and trading partners.
One of the stipulations of the DPA is that information should not be altered
without the express permission of the person. The nature of hacking allows
outside users to access this information for social or commercial gain,
allowing them to alter the information, adapt it, steal it or delete it. Once
hacked, once a virus gets through, once information has been stolen, this
leaves the system vulnerable to further attacks. Back door keys, Trojans, false
users and accounts, program installation, sleepers, these all allow further
attacks. Word gets out in the hacker community and others try, this is called
“vulnerability exploitation”.
The integrity of a system is like an ego, once broken and it becomes
vulnerable. Managers see this as a network problem and blame the network
manager causing conflict. The cost of the breach is weighed up against the
cost of repair.
Worse case scenario is that the breach is done by a malicious hacker intent on
damaging the network, deleting files, folders, server information, the OS, the
protected files etc. This is called a “Fire Sale”. The loss of confidence from
suppliers and others see this as a serious business weakness and can kill a
The most common method of protecting information on a Network of by settling passwords on everything, in logging
in, on access rights, on email systems, on the VLE, on the Intranet, on drive letters etc. Your network password is the
one thing that keeps an impostor from logging on to the network by using your username and therefore receiving the
same access rights that you ordinarily have. Rules exist such as:
Don’t use obvious passwords, such as your last name, your kid’s name, or your dog’s name.
Don’t pick passwords based on your hobbies.
Store your password in your head — not on paper. Especially bad: Writing down your password on a sticky note
and sticking it on your computer’s monitor.
Most network operating systems enable you to set an expiration time for passwords. For example, you can
specify that passwords expire after 30 days. When a user’s password expires, the user must change it. Your users
may consider this process a hassle, but it helps to limit the risk of someone swiping a password and then trying
to break into your computer system later.
You can also configure user accounts so that when they change passwords, they can’t specify a password that
they’ve used recently. For example, you can specify that the new password can’t be identical to any of the user’s
past three passwords.
You can also configure security policies so that passwords must include a mixture of uppercase letters, lowercase
letters, numerals, and special symbols. Thus, passwords like DIMWIT or DUFUS are out. Passwords like
[email protected] or duF39&US are in.
P6.1 – Task 01 – Using the headings below, State why Passwords are essential to Network systems with examples of
the risks and give examples of strong and weak passwords.
Loss of Service
Loss of
Increased Costs
Authorisation permissions - User rights control what a user can do on a
network-wide basis. Permissions enable you to fine-tune your network
security by controlling access to specific network resources, such as files or
printers, for individual users or groups. For example, you can set up
permissions to allow users into the accounting department to access files in
the server’s \ACCTG directory. Permissions can also enable some users to read
certain files but not modify or delete them.
Setting permission rights will restrict
non-essential staff from looking at or
using information.
Access Control lists - Access control rights limit the user from damaging,
modifying or accessing a file beyond their access levels. It restricts the file
rights to whatever the network manager sets and can be done in whole
groups like Students or a Class like Languages. Setting these rights protects
P6.2 – Task 02 – Using the headings below, State the policy of Access Control
Lists and Permission Rights on files, folders and programs and state the need
to secure these right within a school environment.
Loss of Service
Loss of
Increased Costs
Having data backed up is the cornerstone of any disaster recovery plan. Without backups, a
simple hard drive failure can set your company back days or even weeks. In fact, without
backups, your company’s very existence is in jeopardy. For schools this is a legality and three
backups are necessary, nightly, weekly and off site copy.
The main goal of backups is simple: Keep a spare copy of your network’s critical data so that,
no matter what happens, you never lose more than one day’s work. The easiest way to do
this is to make a copy of your files every day. If that’s not possible, techniques are available to
ensure that every file on the network has a backup copy that’s no more than one day old.
The goal of disaster planning is to make sure that your company can resume operations
shortly after a disaster occurs, such as a fire, earthquake, or any other imaginable calamity.
Backups are a key component of any disaster recovery plan, but disaster planning entails
much more.
The most common media for making backup copies of network data is tape. Depending on
the make and model of the tape drive, you can copy as much as 80GB of data onto a single
tape cartridge.
All versions of Windows come with a built-in backup program. In addition, most tape drives
come with backup programs that are often faster or more flexible than the standard
Windows backup. You can also purchase
sophisticated backup programs
that are specially designed for large
Normal backups - A normal backup, also called a full backup, is the most basic type of
backup. In a normal backup, all files in the backup selection are backed up — regardless of
whether the archive bit has been set. As each file is backed up, its archive bit is reset, so
backups that select files based on the archive bit setting won’t back up the files.
Copy backups - A copy backup is similar to a normal backup, except that the archive bit is not
reset as each file is copied. As a result, copy backups don’t disrupt the cycle of normal and
incremental or differential backups.
Daily backups - A daily backup backs up just those files that have been changed the same day
that the backup is performed. A daily backup examines the modification date for each file to
determine whether a file should be backed up. Daily backups don’t reset the archive bit.
Incremental backups - An incremental backup backs up only those files that you’ve modified
since the last time you did a backup. Incremental backups are a lot faster than full backups
because your network users probably modify only a small portion of the files on the server in
any given day. As a result, if a full backup takes three tapes, you can probably fit an entire
week’s worth of incremental backups on a single tape.
Differential backups - A differential backup is similar to an incremental backup, except that it
doesn’t reset the archive bit as files are backed up. As a result, each differential backup
represents the difference between the last normal backup and the current state of the hard
drive. To do a full restore from a differential backup, you first restore the last normal backup,
and then you restore the most recent differential backup.
If you simply copy your files as a form of backing up, then restoring those files is no problem.
You can overwrite current files with the backups, or you can copy files to a new hard disk, for
example. If you use a backup program to create backups, you need to restore the backup to get
your files back in working order. You cannot simply copy the backups to a new hard disk; you
must run a restore.
You should test your backups periodically to make sure that they’re going to work. You don’t
want to take the time and trouble to back up, only to find that the backup is worthless when you
really need it. Following are some guidelines for restoring your backups.
 Before you start to restore your backups, write-protect the media so that you don’t
accidentally overwrite it. Write-protect means to disable the tape or disc from recording
new data over the old. Different media use different write-protect methods; see the
instructions that come with the media.
 If you have a hard disk failure, you need to reinstall the operating system and your
applications on a new hard disk. Then you need to install the backup software before you
restore your backup of files.
 Always restore your last full backup first. Then restore incremental or differential backups in
order, from the earliest to the latest.
 After you restore your data, hold on to the backup media for a few days to make sure that
everything is working, just in case you need to go back to the backup.
P6.3 – Task 03 – Using the headings below, describe the importance and method of restoring
files on a network and give examples related to your Client of the need to generate a Policy of
Loss of Service
Loss of
Increased Costs
Encryption refers to the process of translating plain text information into a secret code
so that unauthorized users can’t read the data. Encryption isn’t new. Secret agents
have long used codebooks to encode messages, and breaking the code has always
been one of the top priorities of counter-intelligence.
Both Windows 2000 Server and Windows Server 2003 have a feature called Encrypted
File System, or EFS for short, that lets you save data on disk in an encrypted form. This
prevents others from reading your data even if they manage to get their hands on
your files.
Encryption is especially useful in environments where the server can’t be physically
secured. If a thief can steal the server computer (or just its hard drive), he or she may
be able to crack through the Windows security features and gain access to the data on
the hard drive by using low-level disk diagnostic tools. If the files are stored in
encrypted form, however, the thief’s efforts will be wasted because the files will be
All forms of encryption use some sort of key to encrypt and decrypt the data. In World
War II and Cold War spy movies, the key is a codebook that has a list of code words or
phrases that match up to real words or phrases.
The most basic type of data encryption, called synchronous data encryption, uses numeric keys that are used to apply complex
mathematical operations to the source data in order to translate the data into encrypted form. These operations are reversible, so if
you know the key, you can reverse the process and decrypt the data. For example, suppose that the encryption technique is as
simple as shifting every letter of the alphabet up by the value of the key. Thus, if the key is 3, then A becomes D, B becomes E, etc.
The message “Elementary, my dear Watson” becomes “Hohphqwdub, pb ghdu Zdwvrq.” This message is incomprehensible, unless
you know the key. Then, reconstructing the original message is easy.
The actual keys and algorithms used for cryptography are much more complicated. Keys are typically binary numbers of 40 or 128
bits, and the actual calculations used to render the data in encrypted form are complicated.
The classic dilemma of cryptography is this: How can I securely send the key to the person with whom I want to exchange
messages? The answer is you can’t. You can’t encrypt the key, because the other person would need to know the key in order to
decrypt it. That’s where public key encryption comes into play. Public key encryption is a technique in which two keys are used: a
private key and a public key. The keys are related to each other mathematically. Either of the keys can be used to encrypt the data,
but the encryption process isn’t completely reversible: You have to have the private key in order to decrypt the data.
Other Methods include:
◦ transposition - characters switched around
◦ Substitution - characters replaced by other characters
Cryptography serves 3 purposes:
◦ Helps to identify authentic users
◦ Prevents alteration of the message
◦ Prevents unauthorised users from reading the message
Encryption Keys
◦ Sent with, sent after, kept on network of user and client.
P6.4 – Task 04 – Using the headings below, describe Encryption and Encryption Keys and state how secure this method might be in
securing the data within a school environment.
Loss of Service
Loss of
Increased Costs
Biometric identification systems can be grouped based on the main physical characteristic that
lends itself to biometric identification:
 Fingerprint identification - Fingerprint ridges are like a picture on the surface of a balloon. As
the person ages, the fingers get do get larger. However, the relationship between the ridges
stays the same, just like the picture on a balloon is still recognizable as the balloon is inflated.
 Hand geometry - Hand geometry is the measurement and comparison of the different
physical characteristics of the hand. Although hand geometry does not have the same degree
of permanence or individuality as some other characteristics, it is still a popular means of
biometric authentication.
 Palm Vein Authentication - This system uses an infrared beam to penetrate the users hand as
it is waved over the system; the veins within the palm of the user are returned as black lines.
This has a high level of authentication accuracy due to the complexity of vein patterns of the
palm. Because the palm vein patterns are internal to the body, this would be a difficult system
to counterfeit.
 Retina scan - A retina scan provides an analysis of the capillary blood vessels located in the
back of the eye; the pattern remains the same throughout life. A scan uses a low-intensity
light to take an image of the pattern formed by the blood vessels.
 Iris scan - An iris scan provides an analysis of the rings, furrows and freckles in the coloured
ring that surrounds the pupil of the eye. More than 200 points are used for comparison.
Face recognition - Facial characteristics (the size and shape of facial characteristics,
and their relationship to each other). Typically, this method uses relative distances
between common landmarks on the face to generate a unique "faceprint."
Signature - Although the way you sign your name does change over time, and can
be consciously changed to some extent, it provides a basic means of identification.
Voice analysis - The analysis of the pitch, tone, cadence and frequency of a person's
There does not appear to be any one method of biometric data gathering and
reading that does the "best" job of ensuring secure authentication. Each of the
different methods of biometric identification have something to recommend
them. Some are less invasive, some can be done without the knowledge of the
subject, some are very difficult to fake.
 Face recognition - Of the various biometric identification methods, face
recognition is one of the most flexible, working even when the subject is
unaware of being scanned. It also shows promise as a way to search through
masses of people who spent only seconds in front of a camera. Face recognition
systems work by systematically analysing specific features that are common to
everyone's face - the distance between the eyes, width of the nose, position of
cheekbones, jaw line, chin and so forth. These numerical quantities are then
combined in a single code that uniquely identifies each person.
Fingerprint identification
Fingerprints remain constant throughout life. In over 140 years of fingerprint comparison worldwide, no two
fingerprints have ever been found to be alike, not even those of identical twins. Good fingerprint scanners have
been installed in PDAs like the iPaq Pocket PC; so scanner technology is also easy. Might not work in industrial
applications since it requires clean hands.
 Hand geometry biometrics - Hand geometry readers work in harsh environments, do not require clean conditions,
and forms a very small dataset. It is not regarded as an intrusive kind of test. It is often the authentication method
of choice in industrial environments.
 Retina scan - There is no known way to replicate a retina. As far as anyone knows, the pattern of the blood vessels
at the back of the eye is unique and stays the same for a lifetime. However, it requires about 15 seconds of careful
concentration to take a good scan. Retina scan remains a standard in military and government installations.
 Iris scan - Like a retina scan, an iris scan also provides unique biometric data that is very difficult to duplicate and
remains the same for a lifetime. The scan is similarly difficult to make (may be difficult for children or the infirm).
However, there are ways of encoding the iris scan biometric data in a way that it can be carried around securely in
a "barcode" format.
 Signature - A signature is another example of biometric data that is easy to gather and is not physically intrusive.
Digitised signatures are sometimes used, but usually have insufficient resolution to ensure authentication.
 Voice analysis - Like face recognition, voice biometrics provide a way to authenticate identity without the subject's
knowledge. It is easier to fake (using a tape recording); it is not possible to fool an analyst by imitating another
person's voice.
P6.5 – Task 05 – Using the headings below, describe the different technologies that exist in biometrics and analyse
their relative value within your Clients Network.
Loss of Service
Loss of
Increased Costs
The most secure method of prevention against theft are physical measures
that are taken, seen and unseen. Under the DPA, all possible measures within
reason must be taken to secure confidential information. These can include:
 CCTV – Internally and externally, it is common to have these on buildings
but companies also have them in the network room, the corridors,
reception and wherever there is money stored. Some have motion sensors
so they record as soon as there is movement.
 Locks – Standard locks on doors are usual, in most buildings staff rooms
have locks. Network rooms particularly have locks, all entrances and exits.
But network server cupboards and racks have locks, laptop cabinets, filing
cabinets and keys allocated only to those who have rights. These locks can
be keys or numbered.
 Key cards – These are more secure as they record access and log times.
They are more difficult to fake and can be cancelled electronically is lost or
stolen unlike keys.
P6.6 – Task 06 – Using the headings below, state the different methods of
physical security available and for your client, state the possible benefits and
implications of these security measures.
Loss of Service
Loss of
Increased Costs
A firewall is a security-conscious router that sits between the Internet and your network with a
single purpose: preventing external attacks. The firewall acts as a security guard between the
Internet and your Network. All network traffic into and out of the system must pass through the
firewall, which prevents unauthorised access to the network. Some type of firewall is a musthave if your network has a connection to the Internet, whether that connection is broadband,
T1, or some other high-speed connection. Without it, sooner or later a hacker will discover and
breach your unprotected network.
You can set up a firewall using two basic ways. The easiest way is to purchase a firewall program,
which is basically a self-contained router with built-in firewall features like one Alarm or Sophos.
Most firewall appliances include a Web-based interface that enables you to connect to the
firewall from any computer on your network using a browser. You can then customise the
firewall settings to suit your needs.
Alternatively, you can set up a server computer to function as a firewall computer (SSL). The
server can run just about any network operating system, but most dedicated firewall systems
run Linux. Whether you use a firewall appliance or a firewall computer, the firewall must be
located between your network and the Internet, see figure. Here, one end of the firewall is
connected to a network hub, which is, in turn, connected to the
other computers on the network. The other end of the firewall
is connected to the Internet. As a result, all traffic from the LAN
to the Internet and vice versa must travel through the firewall.
P6.7 – Task 07 – Using the headings below, describe the two different
kinds of firewalls available for Networks and explain the need for your Client to
maintain this protection.
Loss of Service
Loss of
Increased Costs
Adware is software that generates advertisements such as pop-ups on Web pages that are not part of a page's code. Adware can add links to your
favorites and icons on the desktop. It will often change your home page and your search engine to sites that earn income from various advertisers.
This income is dependent on how many people visit the adware site, or how many people click on the links or advertisements. Many adware
programs do not give users enough notice or control.
From a technical viewpoint, the most obvious problem caused by unauthorised programs is computer instability. Badly infected systems may operate
very slowly, crash constantly, or not start at all. The owners of such badly infected machines may face serious problems when trying to clean up their
machines. Their attempts to use popular anti-spyware software may fail if the number of items that require removal is so great that the software
cannot cope with the load. Sometimes when the hijacking software is removed the computer's ability to connect to the internet may be damaged.
There is also a privacy and security risk. Adware may exhibit spyware tendencies, reporting where you go on the internet, when and how often, what
you enter into search engines, and what advertisements you respond to. Adware may add itself to the pop-up blocker exception list in Windows, or
to the Windows Firewall exceptions.
Home page and search engine hijacking - When a user's preferred choice of home page or search engine is changed to an unknown site an
unwary victim may be exposed to an increased risk of further malware or spyware infection. It is not unusual for malware sites to direct hijacked
computers to other Web sites that download and install even more malware. There may also be an increased risk of exposure to unwanted or
unsavory content such as gambling or adult links via advertisements or sponsored links.
Tool bars that appear out of nowhere - Often such toolbars are search engine based. Sometimes they cannot be turned off permanently and
reappear on reboot, and sometimes they cannot be turned off at all. Sometimes, as part of their installation, they will disable other toolbars that
may already be installed – for example, if a reputable toolbar such as GoogleBar, or AltaVista's toolbar is installed the hijacker will turn off those
toolbars to remove competition.
Search results from hijacking toolbars may be restricted to only sites that pay for positioning, otherwise known as "sponsored" results.
Pop-up windows - Pop-up advertisements can be very intrusive. Sometimes they interfere with Web
browsing by taking over the entire computer screen. They can be difficult or impossible to close. In
bad cases, many windows will appear in rapid succession, making the computer virtually unusable.
Examples include:
180SearchAssistant, Bonzi Buddy, ClipGenie, Comet Cursor, Cydoor, DollarRevenue, ErrorSafe,
Gator, Security Tool, VirusProtectPro
Spyware is software that collects and transmits user specific behaviour and information, with or
without permission. Sometimes, permission to collect and transmit is assumed to have been
given simply by the act of installing software or loading a Web page.
Like ads, data collection can be okay if done with consent or for a reasonable purpose. For
example, software that transmits user specific information for the legitimate purpose of
confirming eligibility for updates or upgrades should not be classed as spyware. Programmers
are entitled to ensure that their software is not being pirated, and that the users of pirated
software are not receiving the same benefits as legitimate users.
Spyware is a type of software intrusive camera that can be installed on computers, and which
collects small pieces of information about users without their knowledge. The presence of
spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is
secretly installed on the user's personal computer. Sometimes, however, spywares such as
keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in
order to secretly monitor other users, registering key presses and passwords.
While the term spyware suggests software that secretly monitors the user's computing, the
functions of spyware extend well beyond simple monitoring. Spyware programs can collect
various types of personal information, such as Internet surfing habits and sites that have been
visited, but can also interfere with user control of the computer in other ways, such as installing
additional software and redirecting Web browser activity. Spyware is known to change computer
settings, resulting in slow connection speeds, different home pages, and/or loss of Internet
connection or functionality of other programs.
Examples of Spyware
CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package
directs traffic to advertisements on Web sites including It displays pop-up ads,
rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these
Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When
users follow a broken link or enter an erroneous URL, they see a page of advertisements.
HuntBar, aka WinTools, was installed by an ActiveX drive-by download at affiliate Web sites, or by
advertisements displayed by other spyware programs—an example of how spyware can install more
spyware. These programs add toolbars to Internet Explorer, track browsing behaviour, redirect rival
references, and display advertisements.
MyWebSearch has a plug-in that displays a search toolbar near the top of a browser window, and it spies
to report user search-habits. MyWebSearch is notable for installing over 210 computer settings, such as
over 210 MS Windows registry keys/values. Beyond the browser plug-in, it has settings to affect Outlook,
email, HTML, XML, etc.
WeatherStudio has a plug-in that displays a window-panel near the bottom of a browser window. The
official website notes that it is easy to remove WeatherStudio from a computer, using its own uninstallprogram.
Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which
users visit. It also alters HTTP requests for rival advertisements linked from a Web site, so that the
advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over
the Web sites of competing companies.
Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec and reports information back
to the company. Some information can be the search-history, the Websites visited, and even keystrokes.
More recently, Zlob has been known to hijack routers set to defaults.
A computer virus is simply a malicious computer program that can copy itself and infect a computer. The term "virus" is also commonly used to refer
to other types of malware. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the
target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD,
DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that
is accessed by another computer.[3][4]
Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread
itself automatically to other computers, while a Trojan horse is a program that appears harmless but hides malicious functions. Some viruses and
other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves.
Some viruses do nothing beyond reproducing themselves. Examples include:
The worm appeared in 1999, following in the footsteps of Melissa. The worm deleted Word, Excel, and PowerPoint files and
randomly altered other types of files sending fake error message to the user. Instead of using Outlook to gather e-mail addresses, it watched the
in-box of the infected computer and then sent automatic replies to senders, using the same e-mail subject as the original message.
Magistr is one of the most complex viruses to hit the Internet. Its victims were hooked by an infected e-mail attachment. The virus in 2001, sent
garbled messages to everyone in the infected user's e-mail address book. Attached were files pulled at random from the infected PC's hard drive
plus an executable file with the Magistr code. This virus was not as widespread as many others, but it was very destructive. Magistr overwrites
hard drives and erases CMOS and the flashable BIOS, preventing systems from booting. It also contained anti-debugging features, making it hard
to detect and destroy.
The Melissa virus swamped corporate networks with a tidal wave of e-mail messages in 1999. Through Microsoft Outlook, when a user opened an
e-mail message containing an infected Word attachment, the virus was sent to the first 50 names in the user's address book. The e-mail fooled
many recipients because it bore the name of someone the recipient knew and referred to a document they had allegedly requested. So much email traffic was generated that companies like Intel and Microsoft had to turn off their e-mail servers. The Melissa virus was the first virus capable
of hopping from one machine to another on its own with multiple variants.
The Klez worm, which blends different virus traits, was first detected in 2001. Klez isn't as destructive as other worms, but it is widespread, hard
to exterminate and still active. It spreads via open networks and e-mail regardless of the e-mail program you use. Klez sometimes masquerades as
a worm-removal tool. It may corrupt files and disable antivirus products. It steals data from a victim's e-mail address book, mixing and matching
new senders and recipients for a new round of infection.
LoveLetter is the worm everyone learned to hate in 2000. The infection affected millions of computers and caused more damage than any other
computer virus to date. Users were infected via e-mail, through Internet chat systems, and through other shared file systems. The worm sent
copies of itself via Microsoft Outlook's address book entries. The mail included an executable file attachment with the e-mail subject line,
"ILOVEYOU." The worm had the ability to overwrite several types of files. It modified the Internet Explorer start page and changed Registry keys.
It also moved other files and hid MP3 files on affected systems.
A computer worm is a self-replicating malware computer program. It uses a computer network to send copies of itself to other
computers on the network, often without permission. This is due to security shortcomings on the target computer. Unlike a virus, it does
not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by
consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Many worms that have been created are only designed to spread, and don't attempt to alter the systems they pass through. However, as
the Morris worm and Mydoom showed, the network traffic and other unintended effects can often cause major disruption. A "payload"
is code designed to do more than spread the worm–it might delete files on a host system (e.g., the ExploreZip worm), encrypt files in a
cryptoviral extortion attack, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected
computer to allow the creation of a "zombie" computer under control of the worm author. Examples include:
Melissa - In 1999, hungry and curious minds downloaded a file called List.DOC in the Usenet discussion group, assuming that
they were getting free access to over 80 pornographic websites. Little did they know that the file within was responsible for massmailing thousands of recipients and shutting down nearly the entire Internet. Melissa spread through Microsoft Word 97 and Word
2000, mass emailing the first 50 entries from a user's address book in Outlook 97/98 when the document was opened. The Melissa
worm randomly inserted quotes from The Simpsons TV show into documents on the host computer and deleted critical Windows
files. The Melissa worm caused $1 billion in damages.
Nimda - In 2001, Nimda ("admin" backwards) infected a variety of Microsoft machines very rapidly through an email exploit. Nimda
spread by finding email addresses in .html files located in the user's web cache folder and by looking at the user's email contacts as
retrieved by the MAPI service. The consequences were heavy: all web related files were appended with Javascript that allowed
further propagation of the worm, users' drives were shared without their consent, and "Guest" user accounts with Administrator
privileges were created and enabled. It was estimated that Nimda caused $530 million in damages after only one week of
propagation. Several months later, reports indicated that Nimda was still a threat.
ILOVEYOU (also known as VBS/Loveletter or Love Bug Worm) Users got an email in 2000 with the subject line "ILOVEYOU." If you
deleted it, you were safe from one of the most costly worms in computer history. The attachment in that email, a file called LOVELETTER-FOR-YOU.TXT.vbs, started a worm that spread like wildfire by accessing email addresses found in users' Outlook contact lists.
Unsuspecting recipients, believing the email to be harmless, would execute the document only to have most of their files
overwritten. The net result was an estimated $5.5 billion to $8.7 billion in damages. Ten percent of all Internet-connected computers
were hit. Onel A. de Guzman, the creator of the virus and a resident of the Philippines, had all charges dropped against him for
creating the worm because there were no laws at the time prohibiting the creation of computer worms.
A Trojan virus is malware that appears to perform a desirable function for the user prior to run
or install but instead opens a door access of the user's computer system. It is a harmful piece of
software that looks legitimate. Users are typically tricked into loading and executing it on their
A horse may modify the user's computer to display advertisements in undesirable places, such
as the desktop or in uncontrollable pop-ups, or it may be less notorious, such as installing a
toolbar on to the user's Web browser without prior notice. This can create revenue for the
author of the Trojan.
Trojan horses in this way require interaction with a hacker to fulfil their purpose. It is possible for
individual hackers to scan computers on a network using a port scanner in the hope of finding
one with a malicious Trojan horse installed, which the hacker can then use to control the target
computer. Examples include:
 Code Red virus of 2001 provides a frightening example of the powerful combination of worms
and Trojans. Code Red contaminated tens of thousands of computers and caused $2 billion in
damages. After propagating itself using the techniques of a worm, Code Red attempted to use
the coordinated power of infected machines to launch a distributed denial of service (DOS)
attack against at predetermined date.
 Backdoor.LegMir.BZ is a backdoor worm. On execution it installs
itself as a legitimate program, copies itself with various names
and at various locations on the infected machine, opens a port
and gives unauthorised access to attackers. It also has the ability
to capture passwords and send that information to the author
of this program.
Malware is software that damages your system, causes instability such as changing settings or interfering
with a computer's registry and security settings. Some adware can also be classified as spyware. For example
BonziBUDDY, an application marketed as an "Intelligent software agent", corrupted many of the user's system
files, forcing the display of many obscene advertisements (composed mostly of infected Flash coding); these
and the main application logged browsing details and sent them to various third parties.
The best-known types of malware, viruses and worms, are known for the manner in which they spread,
rather than any other particular behaviour. The term computer virus is used for a program that has infected
some executable software and that causes that when run, spread the virus to other executables.
Typical examples include malware carrying computer viruses or worms.
 Albert Gonzalez was accused of masterminding a ring to use malware to steal and sell more than 170
million credit card numbers in 2006 and 2007—the largest computer fraud in history. Among the firms
targeted were BJ's Wholesale Club, TJX, DSW Shoe, OfficeMax, Barnes & Noble, Boston Market, Sports
Authority and Forever 21.
 A Trojan horse program stole more than 1.6 million records belonging to several hundred thousand
people from Monster Worldwide Inc’s job search service. The data was used by cybercriminals to craft
phishing emails targeted at users to plant additional malware on users’ PCs.
 Customers of Hannaford Bros. Co, a supermarket chain based in Maine, were victims of a data security
breach involving the potential compromise of 4.2 million debit and credit cards. The company was hit by
several class-action law suits.
 The Torpig Trojan has compromised and stolen login credentials from approximately 250,000 online bank
accounts as well as a similar number of credit and debit cards. Other information such as email, and FTP
accounts from numerous websites, have also been compromised and stolen.
P6.8 – Task 08 - Using the headings below, Describe with examples Spyware, Adware and Malware and
describe how your company can minimise the threat of each of these.
Loss of Service
Loss of
Increased Costs
The impact of each type of disaster varies from company to company. What
may be a disaster for one company may only be a mere inconvenience for
another. For example, a law firm may tolerate a disruption in telephone
service for a day or two. Loss of communication via phone would be a major
inconvenience, but not a disaster. To a telemarketing firm, however, a day or
two with the phones down is a more severe problem because the company’s
revenue depends on the phones.
One of the first steps in developing a business continuity plan is assessing the
risk of the various types of disasters that may affect your organisation. To
assess risk, you weigh the likelihood of a disaster happening with the severity
of the impact that the disaster would have. For example, the impact of a
meteor crashing into your building is probably pretty severe, but the odds of
that happening are miniscule. On the other hand, the odds of your building
being destroyed by fire are much higher, and the impact of a devastating fire
would be about the same as the impact of a meteor.
Analysing these risks is called Risk Assessment and the higher the risk, the
greater the need to take adequate precautions.
Environmental disasters are what most people think of first when they think of
disaster recovery.
 Fires can be caused by unsafe conditions, by carelessness, such as electrical wiring
that isn’t up to code, by natural causes, such as lightning strikes, or by arson.
 Earthquakes can cause not only structural damage to your building, but they can
also disrupt the delivery of key services and utilities, such as water and power to
your company
 Weather disasters can cause major disruption to your business. Moderate weather
may close transportation systems so that your employees can’t get to work.
Severe weather may damage your building or interrupt delivery of services, such
as electricity and water.
 Flooding can wreak havoc with electrical equipment, such as computers. If
floodwaters get into your computer room, chances are good that the computer
equipment will be totally destroyed. Note that flooding can be caused not only by
bad weather, but also by burst pipes or malfunctioning sprinklers.
 Lightning storms can cause electrical damage to your computer and other
electronic equipment if lightning strikes your building or causes surges in the local
power supply.
Deliberate disasters are the result of deliberate actions by others. For example:
 Vandalism or arson may damage or destroy your facilities or your computer systems.
The vandalism or arson may be targeted at you specifically by a disgruntled employee
or customer, or it may be random.
 Theft is always a possibility. You may come to work someday to find that your servers
or other computer equipment have been stolen.
 Don’t neglect the possibility of sabotage. A disgruntled employee who gets a hold of
an administrator’s account and password can do all sorts of nasty things to your
Disruption of Services
 Electrical power is crucial for computers and other types of equipment. Electrical
outages are not uncommon, but fortunately, the technology to deal with them is
readily available. UPS (uninterruptible power supply) equipment is reliable and
 Communication connections can be disrupted by many causes.
 An interruption in the water supply may not shut down your computers, but it can
disrupt your business by forcing you to close your facility until the water supply is reestablished.
Equipment failure
 Modern companies depend on many different types of equipment for their daily operations. The
failure of any of these key systems can disrupt business until the systems are repaired:
◦ Computer equipment failure can obviously affect business operations.
◦ Air-conditioning systems are crucial to regulate temperatures, especially in computer rooms.
Computer equipment can be damaged if the temperature climbs too high.
◦ Elevators, automatic doors, and other equipment may also be necessary for your business.
Other disasters
 You should assess many other potential disasters. Here are just a few:
◦ Labour disputes., Loss of key staff due to resignation, injury, sickness, or death.
◦ Workplace violence.
◦ Public health issues, such as epidemics, mould infestations, and so on.
◦ Loss of a key supplier.
◦ Nearby disaster, such as a fire or police action across the street that results in your business being
temporarily blocked off.
P6.9 – Task 09 – Using the headings below, describe the different types of risks that exist to information
storage and describe to your client and the level of risk they pose.
Loss of Service
Loss of
Increased Costs
The best way to protect your network from virus infection is to use an antivirus program. These programs have a catalogue of
several thousand known viruses that they can detect and remove. In addition, they can spot the types of changes that viruses
typically make to your computer’s files, thus decreasing the likelihood that some previously unknown virus will go
It would be nice if Windows came with built-in antivirus software, but alas, it does not. So you have to purchase a program on
your own. The two best known antivirus programs for Windows are Norton AntiVirus and McAfee’s VirusScan.
The people who make antivirus programs have their fingers on the pulse of the virus world and frequently release updates to
their software to combat the latest viruses. Because virus writers are constantly developing new viruses, your antivirus
software is next to worthless unless you keep it up to date by downloading the latest updates (Dat files). The following are
several approaches to deploying antivirus protection on your network:
You can install antivirus software on each network user’s computer. This technique would be the most effective if you
could count on all your users to keep their antivirus software up to date. Because that’s an unlikely proposition, you may
want to adopt a more reliable approach to virus protection.
Managed antivirus services place antivirus client software on each client computer in your network. Then, an antivirus
server automatically updates the clients on a regular basis to make sure that they’re kept up to date.
Server-based antivirus software protects your network servers from viruses. For example, you can install antivirus
software on your mail server to scan all incoming mail for viruses and remove them before your network users ever see
Some firewall appliances include antivirus enforcement checks that don’t allow your users to access the Internet unless
their antivirus software is up to date. This type of firewall provides the best antivirus protection available.
P6.10 – Task 10 - Using the headings below, describe what an Antivirus program is and in detail describe the precautions
your client should take to protect their network.
Loss of Service
Loss of
Increased Costs
Companies can increase their network security by adding in electronic controls to combat illegal access. There are
many programs and routines Network Managers use to secure their system. For example:
Call-back – The network when contacted returns the IP address (Pinging), and confirms the sender information
before allowing contact.
Handshaking – Network confirmation sends signals to confirm the sender is not a false address.
E.g. generate random number and require user to perform some action (multiply first and last numbers
Encryption and network Cipher Keys
Text Captcha boxes for progression to stop hacking websites from randomising logins and DOS attacks.
One time Key registration for users (Email or Network confirmation to avoid random generated users)
More secure transfer protocols on networks such as:
◦ SSH-TRANS, a transport layer protocol;
◦ SSH-AUTH, an authentication protocol;
◦ SSH-CONN, a connection protocol.
◦ More importantly the network manager will keep logs, these show all the activity on the network and can be
broken down by user and site. Sites that are dangerous can be put on the block list, internal attacks can be
traced to an IP address or a User Name. When a problem is detected, the Network Manager can isolate the
attacker or website and deal with it.
P6.11 - Task 11 – Using the headings below, state and explain the different Software methods of detecting an
intruder and state the need for your Client to manage the network needs through software and vigilance.
Loss of Service
Loss of
Increased Costs
Schools have a limited budget and a lot of clients. At
primary level the amount of potential internal damage has
to be weighed up against the threat from the outside. With
the Data Protection Act all schools have to take measures
to maintain a degree of security within reason and budget
to protect information. Virus checkers and firewalls are
cheap, SSL servers are not. Physical security again burglary
is vital whereas Biometrics is less important. Backing up
and restoring is a need but only of Staff and Actual Data,
there is less need for student backups at this early stage.
D2.7 – Task 12 - Within your PowerPoint, In terms of the
Primary School and in reference to Brooke Weston,
evaluate the current levels of security the school will need
to prepare for in order to maintain a degree of security.
Backing up and
Levels of
Security Issues
Detection Systems
The stages of configuring and setting up network
systems is now in place and training for the
technicians is in place. At this stage you will need to
demonstrate the stages of preparing machines for
connection to the network. Before this happens you
will need to secure the computers against attack. A
laptop has been given as a demonstration machine
for staff. A booklet needs to be drawn up on the
stages of installing, securing and connecting to the
standard WAN system.
P6.12 – Task 13 – Create a guide that demonstrates
to a new user with network rights the stages of
installing and configuring a Virus Checker and
Firewall protections.
P6.12 – Task 14 – Create a guide that demonstrates
to a new user with network rights the stages of
configuring a new User Account.
P6.12 – Task 15 – Within this guide that
demonstrates to a new user with network rights the
stages of configuring the TCP/IP setting to connect
to an existing network.
P6.12 – Task 16 – Within this guide that
demonstrates to a new user with network rights the
stages of configuring Pop3 and SMTP Mail services.
P6.12 – Task 17 – Within this guide that
demonstrates to a new user with network rights the
stages of configuring a Network Printer.
P6.1 – Task 01 – State why Passwords are essential to Network systems with examples of
the risks and give examples of strong and weak passwords.
P6.2 – Task 02 – State the policy of Access Control Lists and Permission Rights on files,
folders and programs and state the need to secure these right within a school environment.
P6.3 – Task 03 – Describe the importance and method of restoring files on a network and
give examples related to your Client of the need to generate a Policy of Recovery.
P6.4 – Task 04 – Describe Encryption and Encryption Keys and state how secure this
method might be in securing the data within a school environment.
P6.5 – Task 05 – Describe the different technologies that exist in biometrics and analyse
their relative value within your Clients Network.
P6.6 – Task 06 – State the different methods of physical security available and for your
client, state the possible benefits and implications of these security measures.
P6.7 – Task 07 – Describe the two different kinds of firewalls available for Networks and
explain the need for your Client to maintain this protection.
P6.8 – Task 08 - Describe with examples Spyware, Adware and Malware and
describe how your company can minimise the threat of each of these.
P6.9 – Task 09 – Describe the different types of risks that exist to information
storage and describe to your client and the level of risk they pose.
P6.10 – Task 10 - Describe what an Antivirus program is and in detail describe the
precautions your client should take to protect their network.
P6.11 - Task 11 – State and explain the different Software methods of detecting an
intruder and state the need for your Client to manage the network needs through
software and vigilance.
D2.7 – Task 12 - Evaluate the current levels of security the school will need to
prepare for in order to maintain a degree of security.
P6.12 – Task 13 – Create a guide that demonstrates to a new user with network
rights the stages of installing and configuring a Virus Checker and Firewall
P6.12 – Task 14 – Create a guide that demonstrates to a new user with network
rights the stages of configuring a new User Account.
P6.12 – Task 15 – Within this guide that demonstrates to a new user with network
rights the stages of configuring the TCP/IP setting to connect to an existing network.
P6.12 – Task 16 – Within this guide that demonstrates to a new user with network
rights the stages of configuring Pop3 and SMTP Mail services.
P6.12 – Task 17. – Within this guide that demonstrates to a new user with network
rights the stages of configuring a Network Printer.

Unit 09 - Work To Do Home page