Professional Documents
Culture Documents
Group 6
Group 6
TUENYE
KHAIRAT ABDULLA ALI MNMA/ODZ.ICT/0013/19
QUESTION: Explain the various techniques and approaches used to secure computer systems
(prevention, detection, recovery etc)
Computer security basically is the protection of computer systems and information from harm,
theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your
computer system. The following are the various techniques and approaches used to secure
computer systems :-
Prevention has long been a favored method to stopping cybercriminals from harming
organizations.
andimplemented.Securitypolicies,
securityawarenessprogramsandaccesscontrolprocedures,are
allinterrelatedandshouldbedevelopedearlyon.
must be protected and document these “what’s” in a formal policy. The policy must define the
responsibilities of the organization, the employees and management. It should also fix
Additionally, the policy must be clear, concise, coherent and consistent in order to be understood.
Without clear
understanding, the policy will be poorly implemented and subsequent enforcement, audit and
review will be ineffective. Once management endorses a completed policy, the organization needs
of security, the use of security measures, reporting procedures for security violations, and their
responsibilities as outlined in the information security policy. Security awareness programs should
be utilized for this purpose. The program should be a continuous process that maintains an
awareness level for all employees. The program should be designed to address organization wide
issues as well as more focused specialized training needs. The program should stress teamwork
and the importance of active participation. To motivate individuals, a recognition process should
be adopted to give out awards or rewards for employees that perform good security practices.
Access Controls:Access is the manner by which the user utilizes the information systems to get
information. Naturally all users should not have the ability to access all systems and its
information. Access should be restricted and granted on a need to know basis To manage this
access we establish user accounts by issuing identifiers, authentication methods to verify these
Detection of a system compromise is extremely critical. With the ever- increasing threat
environment, no matter what level of protection a system may have, it will get compromised given
a greater level of motivation and skill. A defense in layers strategy should be deployed so when
each layer fails, it fails safely to a known state and sounds an alarm. The most important element
of this strategy is timely detection and notification of a compromise. Intrusion detection systems
(IDS) are utilized for this purpose.IDS have the capability of monitoring system activity and
notifies responsibleperson when activities warrant investigation. The systems can detect
attacksignatures and also changes in files, configurations and activity. To be protected, the entire
system should be monitored. Intrusion detection tools should be strategically placed at the network
and application levels. However, monitoring a busy network or host is not asimple task. Intrusion
detection tools must have the ability to distinguish normal systemactivity from malicious activity.
This is more of an art than a science. The IDS must be fine-tuned or ‘tweaked” in order for the IDS
to work in accord with a particular network or host. This tuning process must take into account
As previously indicated, intrusion detection is much more than an alarm. Althoughit is an alarm,
it’s an alarm with brains. Once your IDS is properly configured and strategically placed, it’s only a
If your computer has been compromised it needs to be returned to a trusted state. The idea of
"cleaning" a system is not realistic, especially in the case of a system compromise, as there is no
reliable way to determine if the system has been completely cleaned. To return a computer to
a trusted state requires reformatting the hard drive and reinstalling the operating system. If your
computer has not already been disconnected from the network then do so before taking any of the
following steps.
Backup Data: Before reformatting the hard drive, back up important files. As a rule of thumb,
only backup data files (word processor documents, pictures, presentations, etc.). Backing up
program files and directories is not recommended because applications can be modified to reinfect
the system.
Wipe, Reformat and Reinstall: Wiping and reformatting the hard drive is necessary for two
reasons. First, installing Windows over an existing file system does not overwrite every file which
can result in the system still being compromised. Second, boot sector viruses are used to reinfect
systems that have been reinstalled. It is necessary that the boot block and the file system
are both overwritten. A reliable way to ensure this has been done is to wipe the hard drive. An
Passwords and Financial Information: A compromised system often has a key logger installed.
Key loggers are usually used to steal passwords and bank account information, but in general can
be used to let someone else know everything you type. It is highly recommended that you change
your password, as well as any password used to access sensitive, confidential, or financial
information. It is also highly recommended to put a credit watch on any financial accounts that
International Journal of Innovative Research & Development, vol. 3, no. 7, pp. 229-302, 2014.