WHAT SIMPLE NETWORK SECURITY TIPS CAN YOUR COMPANY USE TO AVOID PROBLEMS?

Prepared for Spartanburg Community College AOT 134 Office Communications

Prepared by Richard Bennett AOT 134 Student Spartanburg Community College

November 30, 2011

VETERANS NETWORK SECURITY

5678 Veterans Parkway Spartanburg, SC 29301 November 30, 2011 8645761988 www.vetsecurity.com

Ms. Laura Totte-McVey, Instructor Spartanburg Community College P.O. Box 4386 Spartanburg, SC 29305 Ms. McVey The attached report, requested by your IT department, describes simple ways to improve your network security. We believe that you will find this report helpful in your everyday use of your computer network. This report was designed to suggest ways for you to improve your network security. It has been broken into two main sections: Problems associated with malware and a review of different types that may be encountered. Some employee actions that may cause your network security to be breached are included. This includes education for the employees to become better informed about network security. While becoming better informed, the employee will be able to apply this knowledge at home as well as at work.

The research data shows numerous ways that your network can be harmed. We have attempted to include relevant surveys and reports to uphold the reliability of this report. You will find a more detailed discussion in the report. We would be pleased to discuss this report with you to help you gain a better understanding of the complex issues. Please contact us to arrange a meeting time. Sincerely

Richard Bennett Senior Network Analyst

ii

TABLE OF CONTENTS
LETTER OF TRANSMITTAL...ii EXECUTIVE SUMMARY.iv PROBLEM1 BACKGROUND...1 DISCUSSION OF FINDINGS..2 Malware.2 Spyware and Adware.....2 Viruses...3 Spam...4 Trojan Horses.5 Worms...5 Employee Actions...5 Identity Theft.5 Password Guidelines...6 Phishing.7 CONCLUSIONS AND RECOMMENDATIONS.8 WORKS CITED.....10

iii

EXECUTIVE SUMMARY

Spartanburg Community College can benefit from the implementation of a few network security enhancements. Implementing an Anti-Virus software program and a Firewall system are simple solutions to limit the amount of potentially damaging effects to your network of computers. These barriers along with employee training can greatly improve your security and potentially save you from harmful intrusions. Our conclusion is based on the advice of several network security experts from a variety of companies. Extensive research was done to provide you with good information on the prevention of network intrusions. We have divided the findings into two separate areas of concern which are: Malware. This includes several known problems in todays society along with explanations of them and prevention tactics. Employee Actions. This includes actions that the employee may take that may introduce a computer virus into your system. This section also includes areas to educate the employee on prevention techniques.

We recommended that you implement these preventive measures. They are relatively low cost and will greatly enhance your network security.

iv

PROBLEM
The purpose of this paper is to identify: What simple network security tips can your company use to avoid problems? Many businesses lose money every year by becoming a victim of Network Security Breaches. Protecting your companys computer system from external or internal intrusion should be a high priority for you. There are numerous harmful programs that can affect your companys network of computers. By protecting your computer systems, you not only protect your companys assets, you also protect your clients information that they have entrusted to you. This report will identify ways that your company along with your employees can lessen the potential of a network security problem.

BACKGROUND
With your companys computers all connected, you are running a network within your office. There are many potential threats to your computer network today. These include outside attacks on your system as well as inside attacks by employee actions. Some of the major sources of threats are Spyware, Adware, Viruses, Spam, Trojan Horses, and Worms. Other sources are from employee actions. These can include poor password use. Employees can also be victims of Identity Theft or Phishing while using your companys computers. We will explore ways to limit your companys vulnerability to these type problems by a few simple measures.

DISCUSSION OF FINDINGS
The results of this research show several benefits to your company by implementing a few security measures. We will discuss different problems and solutions for each to make your network more secure. To understand what network security is; it helps to understand that no single solution protects you from a variety of threats. You need multiple layers of security. If one fails, others still stand. Network security is accomplished through the use of hardware and software. The software must be constantly updated and managed to protect you from emerging threats. A network system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.(Cisco Systems)

MALWARE Programs designed to harm or compromise a computer are called malware, (as in malicious software). Malware includes a wide array of nasty batches of code that can wreak havoc on your computer, your network and even the Internet itself. Spyware and Adware You know you have adware installed when advertisements keep popping up on your computer. Some Adware programs can monitor your Internet usage to target the websites that you log onto, and then generate automatic pop-up advertisements based on your viewing habits.

They are also called Spyware, and are more difficult to track and find. Adware is often included automatically without you knowing it when you download from certain websites and free applications. When you click on a link to download a program, you often unwittingly give permission to download adware or spyware. Media companies pay publishers of freeware programs to include adware in their free downloads. These programs run in the background when you are online, and they can slow down your computer and affect its performance. (HowStuffWorks.com) Viruses A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet. Each time the spreadsheet program runs, the virus runs too, and it has the chance to reproduce, (by attaching to other programs), or wreak havoc on your computer system. An E-mail virus travels as an attachment to e-mail messages and usually replicates by automatically mailing itself to dozens of people in the victims e-mail address book. Some email viruses dont even require a double-click. They launch when you view the infected message in the preview pane of your e-mail software. (Johnston)

Spam Spam is a huge problem for anyone who gets e-mail. According to Business Week Magazine: (Business Week Magazine),in a single day in May [2003], No. 1 Internet service provider, AOL Time Warner (AOL), blocked 2 billion spam messages (88 per subscriber) from hitting its customers' e-mail accounts. Microsoft (MSFT), which operates the No. 2 Internet service provider, (MSN plus e-mail service Hotmail), says it blocks an average of 2.4 billion spams per day. According to the research firm Radicati Group in Palo Alto, Calif., spam is expected to account for 45% of the 10.9 trillion messages sent around the world in 2003. Here are some sobering spam statistics from the 2007 Symantec Internet Security Threat Report: (Security) Between July 1 and Dec. 31, 2006, 59 percent of all monitored e-mail traffic was spam. Spam written in English makes up 65 percent of all spam. The United States is the origin of 44 percent of the entire world's spam. Ten percent of all e-mail zombies are in the United States, making the U.S. the zombie computer capital of the world. One out of every 147 blocked spam e-mails contained some kind of malicious code.

Trojan Horses A Trojan horse is simply a computer program. The program claims to do one thing, (it may claim to be a game), but instead, does damage when you run it (it may erase your hard disk).Trojan horses have no way to replicate automatically. Worms A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there as well.

EMPLOYEE ACTIONS
Identity Theft Identity theft is a crime in which a person obtains someone elses personal information and uses it to commit fraud or deception. Typically, the information consists of identification numbers, credit cards, bank accounts, telephone calling cards, or Social Security accounts. It may also consist of stolen or forged identity documents, including drivers licenses, passports, employee identification cards, and medical insurance cards. The thief may use the information to charge purchases to the victims credit card, to withdraw funds from the victims bank,

to receive benefits from the government or insurance companies, or to impersonate the victim while committing a crime. The thief can obtain the data from discarded documents, (credit card receipts in a dumpster for example), by eavesdropping, through trickery (such as a bogus e-mail asking the recipient to verify an account number), and various other methods including computer hacking, burglary, or pick pocketing. Consumers are advised to never give identification information in response to an incoming telephone call or e-mail, to check carefully each months credit card statements, and to safeguard financial documents and destroy them when they are no longer needed. The victim should contact local police as soon as the crime is discovered. In the United States, identity theft is a federal crime under the Identity Theft and Assumption Deterrence Act of 1998. (HowStuffWorks.com) Password Guidelines An employee using weak passwords to access accounts is one of the major sources of breaches in network security. Passwords should be unique to each user ID and should be selected using the following guidelines: Choose a password that is easy to remember and that no one could guess. Do not use any part of your first or last name, your spouses or childs name, telephone number, street address, license plate number, Social Security number, birthday, and so on. Be sure your password is at least eight characters long, mixed with uppercase and lowercase letters, numbers, and special characters. You should also avoid using single-word passwords that are found in the dictionary. (Shelly/Vermaat 144)

Phishing Suppose you check your e-mail one day and find a message from your bank. Youve gotten email from them before, but this one seems suspicious, especially since it threatens to close your account if you dont reply immediately. What do you do? This message and others like it are examples of phishing, a method of online identity theft. In addition to stealing personal and financial data, phishers can infect computers with viruses and convince people to participate unwittingly in money laundering. Most people associate phishing with e-mail messages that spoof, or mimic, banks, credit card companies, or other businesses like Amazon and eBay. These messages look authentic and attempt to get victims to reveal their personal information. The steps you normally take to protect your computer, like using a firewall and anti-virus software, can help protect you from phishing. You can review the web sites SSL certificates and your own bank and credit card statements for an extra measure of safety.

In addition, phishers tend to leave some telltale signs in their e-mail messages and Web pages. When you read your e-mail, you should be on the lookout for: (Wilson) Generic greetings, like Dear Customer. Correspondence from your bank should have your full name on it. Threats to your account and requests for immediate action. Requests for personal information. Most businesses dont ask for personal information by phone or e-mail. Suspicious links. Links that are longer than normal, contain the @ symbol, or are misspelled could be signs of phishing. Misspellings and poor grammar.

CONCLUSIONS AND RECOMMENDATIONS

There are some simple ways to make your network safer by hardware/software installations and educating employees about security. Some tips for preventing Viruses and Other Malware are: (Shelly/Vermaat 187) Never start a computer with removable media inserted in the drives or plugged in the ports, unless the media are uninfected. Never open an e-mail attachment unless you are expecting it and it is from a trusted source. Set the macro security in programs so that you can enable or disable macros. Enable macros only if the document is from a trusted source.

Install an antivirus program on all of your computers. Update the software and the virus signature files regularly.

Scan all downloaded programs for viruses and other malware. If the antivirus program flags an e-mail attachment as infected, delete or quarantine the attachment immediately.

Before using removable media, scan the media for malware. Follow this procedure even for shrink-wrapped software from major developers. Some commercial software has been infected and distributed to unsuspecting users.

Install a personal firewall program. Stay informed about new virus alerts and virus hoaxes.

Based on these recommendations and the education of your employees, your computer network should be protected against malicious attacks.

WORKS CITED
1. Business Week Magazine. "How Spam Works." Business Week May 2003. 2. Cisco Systems. What is Network Security? 16 November 2011. 16 November 2011 <http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/secure_ my_business/what_is_network_security/index.html>. 3. HowStuffWorks.com. How Stuff Works. 21 November 2011. 21 November 2011 <http://computer.howstuffworks.com/remove-adware.htm>. 4. . Identity Theft. 21 November 2011. 21 November 2011 <http://people.howstuffworks.com/identity-theft-info.htm>. 5. Johnston, Stuart J. Bugs & Fixes: Save your PC from virus attacks . 27 February 2002. 26 November 2011 <http://www.pcworld.com/article/81968/bugs_and_fixes_save_your_pc_from_virus_attacks.ht ml>. 6. Security, Symantec Enterprise. "white paper. Internet security threat." September 2007. Symantec.com. 21 November 2011 <http://eval.symantec.com/mktginfo/enterprise/white_papers/entwhitepaper_internet_security_threat_report_xii_09_2007.en-us.pdf>. 7. Shelly/Vermaat. Discovering Computers & Microsoft Office 2010. Boston: Course Technology, 2012. 8. Strickland, Jonathon. How Zombie computers work. 23 November 2011. Jonathon Strickland. 23 November 2011 <http://computer.howstuffworks.com/zombie-computer3.htm>. 9. Wilson, Tracy V. HowStuffWorks "How Phishing Works". 21 November 2011. 21 November 2011 <http://computer.howstuffworks.com/phishing.htm.printable>.

10