THE MWALIMU NYERERE MEMORIAL ACADEMY

KARUME CAMPUS ZANZBAR

DEPARTIMENT OF INFORMATION AND COMMUNICATION

TECHNOLOGY TECHNICIAN CERTIFICATE INFORMATION AND

COMMUNICATION TECHNOLOGY

SEMISTER: ONE

COURCE NAME: SYSEM ADMINISTRATION

COURCE CODE: ITT 06104

INSRUCTOR NAME: MADAM NGOLO

NATURE OF WORK GROUP ASSIGMENT

YEAR OF STUDY 2020/2021

NAME OF STUDENTS RAGESTRATION NUMBERS

NAJMA IDRISA MTWANA MNMA/ODZ.ICT/0021/19

MAJID MOHD SALIM MNMA/ODZ.ICT/0014/19

MUDATHIR RAMAZAN KHAMIS MNMA/ODZ.ICT/0007/19

QUESTION: Explain the various techniques and approaches used to secure computer systems
(prevention, detection, recovery).
In this question the first one to know the meaning of computer system, secure computer system

and to know the meaning of prevention, detection and recovery and then to explain the

techniques and approaches used to secure computer systems inform of prevention, detection and

recovery as a follow:-

Computer system: is a system of interconnected computers that share a central storage system
and peripheral devices as a printers, scanners, or routers. Each computer
connected to the system can operate independently, but has the ability to
communicate with other external devices and computers.

Secure computer system: this is the protection of computer systems and information from
harm, theft, and unauthorized use. Computer hardware is typically protected by
the same means used to protect other valuable or sensitive equipment, namely,
serial numbers, doors and locks, and alarms.

Prevention: the act or practice of stopping something bad from happening, the act
of preventing something to stop appear in the computer system

Here the following are techniques and approaches used to secure computer systems (prevention,
detection, recovery).

Ways of prevent the computer system:

Remove Unnecessary Software: Intruders can attack your computer by exploiting software
vulnerabilities (that is, flaws or weaknesses), so the less software you have
installed, the fewer avenues for potential attack. Check the software installed on
your computer. If you don’t know what a software program does and don’t use
it, research it to determine whether it’s necessary. Remove any software you feel
isn’t necessary after confirming the software is safe to be removed.

Disable Nonessential Services: Like unnecessary software, nonessential services increase the
opportunities for attack. Two services to look for are file sharing and print
sharing, which enable you to share files, such as photos and music, with other
 computer users and print to other computers on your network. The Conficker
malware used file sharing to infect computers and spread the infection to others.
Disabling file sharing would have eliminated one of the ways Conficker infected
computers at the time of the Conficker malware infection.

Install and Use Antivirus and Antispyware Software: Installing an antivirus and antispyware
software program and keeping it up to date is a critical step in protecting your
computer. Many types of antivirus and antispyware software can detect the
possible presence of malware by looking for patterns in the files or memory of
your computer. This software uses virus signatures provided by software
vendors to look for malware.

Operate Under the Principle of Least Privilege: In most instances of a malware infection, the
malware can operate only under the rights of the logged-in user. To minimize the
impact the malware can have if it successfully infects a computer, consider using
a standard or restricted user account for day-to-day activities and only 4 logging
in with the administrator account (which has full operating privileges on the
system) when you need to install or remove software or change system settings
from the computer.

Apply Software Updates and Enable Future Automatic Updates: Most software vendors
release updates to patch or fix vulnerabilities, flaws, and weaknesses (bugs) in
their software. Because intruders can exploit these bugs to attack your computer,
keeping your software updated is important to help prevent infection.

Ways of recover the computer system:

 Disconnect and isolate. If you suspect one of your computers has suffered a virus attack,
immediately quarantine the computer by physically disconnecting it, as infected
machines pose a danger to all other computers connected to the network. If you suspect
other computers may be infected, even if they aren't displaying any symptoms, still treat
them like they are. It's counter-productive to clean one machine while an infected
 computer is still connected to the network.
 
 Focus on the cleanup. Once you've physically disconnected the computer, focus on
removing the malicious code. Use virus removal tools written for the specific virus
causing the damage. Many of these tools can be found online. In addition, your anti-virus
software should have updates or patches available for the specific security threat. If your
antivirus software hasn't been updated recently, be sure to do so.
 
 Reinstall your operating system. After a virus attack, damages may range from changed
file names and obliterated files to permanently disabled software applications. The extent
of the damage depends on the particular virus. If your operating system is completely
destroyed, you'll need to reinstall your operating system by using the quick restore CD
that came with your computer. This will restore your computer to its original
configuration, meaning you'll lose any applications you may have installed or data files
you may have saved. So before you begin the reinstallation process, make sure you have
all the necessary information handy, including the original software, licenses, registration
and serial numbers.

 Restore your data. This assumes you've been diligent about backing up your files. If you
haven't been doing a regular backup of all the data and files on your computer's hard
drive, your files will most likely be permanently lost. If this is the case, learn from your
mistake and make sure to back up on a regular, ongoing basis. And keep in mind, not all
viruses target data files. Some only attack applications.
 
 Scan for viruses. After restoring and reinstalling, perform a thorough virus scan of your
network. Use the most recent virus definitions available for your anti-virus software. Be
careful not to overlook anything; scan all files and documents on all computers and
servers on your network.
 
  Prevent future attacks. Run anti-virus software and keep virus definitions current. Make
sure your security patches are up-to-date. And if you haven't been running anti-virus
software, start doing so immediately to prevent future attacks. Also, if you lost data files
in the recent attack, create and enforce a regular backup schedule. Change all of your
passwords, including ISP access passwords, FTP, e-mail and website passwords. Some
viruses can capture or crack passwords, leading to future vulnerabilities. By changing
your passwords, you'll be able to boost your security.

Ways of detect the computer system:

 Microsoft Process Explorer: Process Explorer provides an excellent way to determine

what processes are running on a computer. It also describes the function of each process.
More important, you can use Process Explorer to create a baseline of the running
processes used by the computer when it's operating correctly. If for some reason the
computer starts behaving poorly, run Process Explorer again and compare the scans. Any
differences will be good places to start looking for malware.
 Microsoft Baseline Security Analyzer: Microsoft Baseline Security Analyzer (MBSA)
is a vulnerability scanner that detects insecure configuration settings and checks all
installed Microsoft products for missing security updates. I recommend using MBSA
when upper management needs convincing. Making a case for needing a vulnerability
scanner is sometimes easier if the product is from the OEM.

Antivirus programs: Lately, antivirus software is getting little respect. Like everyone, I get
frustrated when my antivirus program misses malcode that other scanners mange to find. Still, I
would not run a computer without antivirus. It's too risky. I subscribe to the layered
approach when it comes to security.

Microsoft's Malicious Software Removal Tool: Malicious Software Removal Tool (MSRT) is

a good general malware removal tool, simply because Microsoft should know whether the
scanned code is theirs or not. Three things I like about MSRT are:

 The scan and removal process is automated.

 Windows Update keeps the signature file database current automatically.
 It has the advantage of being an OEM product, thus it's less intrusive and more likely to
be accepted by management.

REFERENCES:

cknow.com/vtutor/NumberofViruses.html. Last access on July (2008) [2]

Last access on July (2008) [3] R. Srinivasan , Protecting Anti-Virus Software Under Viral
Attacks, Master Degree of Science, Arizona State University (2007). [4] M.

Bailey, J. Oberheide, J. Andersen, Z. M. Mao, F. Jahanian, and J. Nazario, "Automated

classification and analysis of internet malware",

In Proceedings of the 10th Symposium on Recent Advances in Intrusion Detection (RAID’07),

(2007), pp 178–197. [5] J. cock, Computer Viruses and Malware, Springer (2006 )