Explain what an organisation can do to minimise security breaches in networked systems
Give a summary of what this is and some information about how this type of attack might take place the source of the attack and the damage it could do/effect it will have
Securing networked systems.
The unit spec is:
And the outcomes being covered are:
1.1 Describe how networks can be attacked
2.1 Describe how networked systems can be protected
2.2 Explain what an organisation can do to minimise security breaches in networked systems
You will probably be asked to put together a power point presentation/word document that covers the above. I’ll go into the unit content in a second but in general it needs to be set out in a way that we can easily pick out the evidence which addresses those outcomes. For example I would start with a section called something like “Network Threats”.
Then run through some different threats as an example:
- Type of Attack – Virus/Malware DDoS Phishing etc.
Description – Give a summary of what this is and some information about how this type of attack might take place the source of the attack and the damage it could do/effect it will have
- How to protect against this type of attack.
Mention any software/hardware that can be used to protect against it or minimise the effect of the attack
So you need to come up with a few different examples of the attacks and how to protect against it.
Here is the Unit Content (page 3 of the specification) which relates to the above:
Attacks: types eg denial of service back door spoofing mathematical brute force software exploitation viruses rootkits worms Trojans spyware adware
Sources of attacks: internal eg disaffected staff; external eg via internet connections or through unsecured wireless access point viruses introduced by email
Email systems: security features eg secure MIME spam hoaxing relay agents
Wireless systems: security features eg site surveys MAC association WEP/WPA keys TKIP
Networked devices: security features eg router switch wireless access point
Transmission media: issues eg use of shielding
Personal access control: devices eg biometrics passwords usernames permissions digital signatures
Security control at device level: access control eg protocols log in certificates
Encryption: eg encrypting files for confidentiality encryption with application-specific tools recovering encrypted data
Intrusion detection systems: devices eg firewalls virus protection spyware protection file monitoring folder monitoring use of honeypots alarms.