Professional Documents
Culture Documents
The Mwalimu Nyerere Memorial Academy
The Mwalimu Nyerere Memorial Academy
The Mwalimu Nyerere Memorial Academy
SEMISTER: ONE
QUESTION: Explain the various techniques and approaches used to secure computer systems
(prevention, detection, recovery).
In this question the first one to know the meaning of computer system, secure computer system
and to know the meaning of prevention, detection and recovery and then to explain the
techniques and approaches used to secure computer systems inform of prevention, detection and
recovery as a follow:-
Computer system: is a system of interconnected computers that share a central storage system
and peripheral devices as a printers, scanners, or routers. Each computer
connected to the system can operate independently, but has the ability to
communicate with other external devices and computers.
Secure computer system: this is the protection of computer systems and information from
harm, theft, and unauthorized use. Computer hardware is typically protected by
the same means used to protect other valuable or sensitive equipment, namely,
serial numbers, doors and locks, and alarms.
Prevention: the act or practice of stopping something bad from happening, the act
of preventing something to stop appear in the computer system
Here the following are techniques and approaches used to secure computer systems (prevention,
detection, recovery).
Remove Unnecessary Software: Intruders can attack your computer by exploiting software
vulnerabilities (that is, flaws or weaknesses), so the less software you have
installed, the fewer avenues for potential attack. Check the software installed on
your computer. If you don’t know what a software program does and don’t use
it, research it to determine whether it’s necessary. Remove any software you feel
isn’t necessary after confirming the software is safe to be removed.
Disable Nonessential Services: Like unnecessary software, nonessential services increase the
opportunities for attack. Two services to look for are file sharing and print
sharing, which enable you to share files, such as photos and music, with other
computer users and print to other computers on your network. The Conficker
malware used file sharing to infect computers and spread the infection to others.
Disabling file sharing would have eliminated one of the ways Conficker infected
computers at the time of the Conficker malware infection.
Install and Use Antivirus and Antispyware Software: Installing an antivirus and antispyware
software program and keeping it up to date is a critical step in protecting your
computer. Many types of antivirus and antispyware software can detect the
possible presence of malware by looking for patterns in the files or memory of
your computer. This software uses virus signatures provided by software
vendors to look for malware.
Operate Under the Principle of Least Privilege: In most instances of a malware infection, the
malware can operate only under the rights of the logged-in user. To minimize the
impact the malware can have if it successfully infects a computer, consider using
a standard or restricted user account for day-to-day activities and only 4 logging
in with the administrator account (which has full operating privileges on the
system) when you need to install or remove software or change system settings
from the computer.
Apply Software Updates and Enable Future Automatic Updates: Most software vendors
release updates to patch or fix vulnerabilities, flaws, and weaknesses (bugs) in
their software. Because intruders can exploit these bugs to attack your computer,
keeping your software updated is important to help prevent infection.
Disconnect and isolate. If you suspect one of your computers has suffered a virus attack,
immediately quarantine the computer by physically disconnecting it, as infected
machines pose a danger to all other computers connected to the network. If you suspect
other computers may be infected, even if they aren't displaying any symptoms, still treat
them like they are. It's counter-productive to clean one machine while an infected
computer is still connected to the network.
Focus on the cleanup. Once you've physically disconnected the computer, focus on
removing the malicious code. Use virus removal tools written for the specific virus
causing the damage. Many of these tools can be found online. In addition, your anti-virus
software should have updates or patches available for the specific security threat. If your
antivirus software hasn't been updated recently, be sure to do so.
Reinstall your operating system. After a virus attack, damages may range from changed
file names and obliterated files to permanently disabled software applications. The extent
of the damage depends on the particular virus. If your operating system is completely
destroyed, you'll need to reinstall your operating system by using the quick restore CD
that came with your computer. This will restore your computer to its original
configuration, meaning you'll lose any applications you may have installed or data files
you may have saved. So before you begin the reinstallation process, make sure you have
all the necessary information handy, including the original software, licenses, registration
and serial numbers.
Restore your data. This assumes you've been diligent about backing up your files. If you
haven't been doing a regular backup of all the data and files on your computer's hard
drive, your files will most likely be permanently lost. If this is the case, learn from your
mistake and make sure to back up on a regular, ongoing basis. And keep in mind, not all
viruses target data files. Some only attack applications.
Scan for viruses. After restoring and reinstalling, perform a thorough virus scan of your
network. Use the most recent virus definitions available for your anti-virus software. Be
careful not to overlook anything; scan all files and documents on all computers and
servers on your network.
Prevent future attacks. Run anti-virus software and keep virus definitions current. Make
sure your security patches are up-to-date. And if you haven't been running anti-virus
software, start doing so immediately to prevent future attacks. Also, if you lost data files
in the recent attack, create and enforce a regular backup schedule. Change all of your
passwords, including ISP access passwords, FTP, e-mail and website passwords. Some
viruses can capture or crack passwords, leading to future vulnerabilities. By changing
your passwords, you'll be able to boost your security.
Antivirus programs: Lately, antivirus software is getting little respect. Like everyone, I get
frustrated when my antivirus program misses malcode that other scanners mange to find. Still, I
would not run a computer without antivirus. It's too risky. I subscribe to the layered
approach when it comes to security.
REFERENCES:
Last access on July (2008) [3] R. Srinivasan , Protecting Anti-Virus Software Under Viral
Attacks, Master Degree of Science, Arizona State University (2007). [4] M.