Modifying the executable code the web browser the browser plug-ins

ICT50418 – Diploma of Information Technology Networking

ICTNWK513 – Manage System Security

Purpose:

Protecting yourself by securing your devices, software and connections is important, making the right setting when doing things on the web can make a huge safety online. It also can help you identify your biggest security risks so you can make changes that will protect your company from those risks.

 Web Browser Plug-ins:

o ActiveX

JavaScript allows you to interact with complex features on web pages. Every time a web page does more than just sit there and display static information for you to look at, having JavaScript enabled in the browser for supported website enable to view timely content updates, interactive maps, animated 2D/3D graphics and interactive video features. If you are unable to view and interactive content on any JavaScript enabled website, you are allowed to enable it from the web browsers settings.

 Prohibited websites

As an employee you can download text, images, videos, software and other file formats from the internet. However, it is prohibited to download pirating software and non-licence software although the trial-versions are supported. If any case arises or in case of a complain of breaching this policy, the employee will be fully responsible for any consequences. All downloads may be monitored and/or blocked by 4Phone if they are deemed to be harmful and/or not productive to business. The 4Phone recommends you use the default Google

Chrome web browser as this automatically blocks harmful downloads that try to cause problems on your computer, like:
▪ Giving you viruses
▪ Leaking your private data
▪ Changing your browser and computer settings
▪ Adding unwanted extensions or toolbars to your browser

Online shopping is a form of electronic commerce which allows consumers to directly buy goods or services from a seller over the internet using a web browser. You are permitted to do online purchasing as per your wish by using the company network, but the company does not responsible for any purchases made online. Please make sure when making payments, check that you are using a secure connection. The URL of the payment page will use ‘https’ instead of ‘http’, and a padlock icon will be displayed by your browser. If the website looks suspicious or you have doubts – do not proceed.

o On-line selling

Online solicitation when you engage through email, texts, the internet or other electronic methods to try to get a someone to engage in sexual conversations or activities, either in person or via the internet. Soliciting for some form of illegal activity such as paying for or

trading something of value for sex is still a crime. However, solicitation online through chat, email or a program usually requires the person to show up at a physical location. You should not attempt solicitation at all costs, if any incident will be handed over to the local law enforcement authorities through the safety and security department.

 Browser patches

Updating the browser or installing browser patches fix security vulnerabilities ang bugs of the web browser enabling user to surf the web in a secure platform. Modifying the executable code of the Web browser or the browser's plug-ins. The Web browser is the most vulnerable application when it comes to security, because Web pages contain programming code (see JavaScript). Any Web page that is merely viewed may damage the user's computer if the page contains malicious code, and the browser and operating system retain the vulnerabilities being exploited. This is why the 4Phone employs schedule Web browsers and operating systems automatic updating to apply patches on a regular basis. You’ll get regular notifications asking you to install all the new patches or to schedule a time for the update to install automatically.

 Using private data

Private data is being stored in different ways in the web environment, firstly the browser cache is a place where your browser stores bits and pieces of downloaded websites – images, scripts, CSS style sheets, and more. Secondly, form and search history. When you access a web page that uses the data in the future, your browser can load it from the cache. This saves bandwidth and speeds up page load times as well as automatically recommends and fill form data for you. By default, this has been enabled in your web browser as the company employ strict user access policy as only you have access to your computer data. It is vital to protect your user login details and should not be shared with anyone else including with your work colleague and family members.

can be configured to display a specific website in the browser's preferences. By default, the

company’s website has been set up to open by 4Phone as the webpage. This has been done to

User compliance
I understand and will abide by this web browsing policy. I further understand that should I commit any violation of this policy; my access privileges may be revoked, disciplinary action and/or appropriate legal action may be taken.

________________ _________________ ________________ Employee name Employee signature Date

		internet.	to identify unusual activities.
		Access to rooms where computers operate should be restricted to computer operations personnel. Key cards can be used to access the restricted premises.	Key card monitoring and CCTV can be placed to ensure the vital hardware is protected from unauthorized access.
			Regular computer maintenance check and cleaning and cable testing tagging and echo checks to verify that a hardware device is performance ready. System software can maintain a system log detailing all activity during processing.
	Environmental Hazards		Different sensors can be placed in critical locations so that the network devices and computer equipment can be protected by setting triggers to be notified.
Computer Operations			Review/assess procedures for batch job processing and monitoring and

		low (after office hours). Failure of this process will result in misleading information available to organisational decision makers
			6	A comprehensive backup plan used in the event of an emergency.
		Some application requires licenses based on the number of users using the application at a time. Not estimating the correct estimate, it
Data Security	Unauthorized online data inputs through terminals
Data Security	Entry of unauthorized personnel login to the system	Allowing users to login to systems without establishing single sign-on process or login page

When a single individual performs all steps in a process, that person has the opportunity to perform an intentional or unintentional act that may compromise the confidentiality,
integrity, or availability of data.

6

only	with	the

person’s ability to perform.

Part 4 - Update security plans

After performing our assessment, we have devised the following security plan.

New - David Blair will update the staff handbook to include new policies on

Zoe Harding who is the HR manager will be getting a long service leave and the new person who is replacing her position comes from a different field. As these changes heavily rely on IT based user instruction, temporary the work load has been assigned to the IT manager.

New - We expect to give up to three hours of user training for all employees as a result of these changes. Additionally, we will be including a workshop for employees to get hands on experience of new changes.

IT Manager has decided to include an additional hour allowing employees to experiment the new changes after the training session concludes.

Step 1 – Identify threats to the system

Can you identify the system topology?

 Email System

 Information Dashboards (Web-Reports)

 Only 4Phones employees and authorised contract personnel shall be allowed access to the 4Phones network.

 Passwords must be at least 6 characters long and the system will prompt users to change their password every month. Previous passwords cannot be used.

 Mailing lists will be created to facilitate the distribution of a message to more than one person. These must be used with care to ensure the correct people receive a message.

Internet usage

External access to the network from the Internet

 Internet access will be provided to the 4Phones web server and email server

and which system components have been identified to be a security risk?

documents to unintended recipients. Apart from that publishing confidential data on public

websites by mistake and misconfiguring assets to allow for unwanted access. This

Do you think the Security Plan will be able to manage the security risks?

Yes, I think the Security Plan will be able to manage the security risks.

Do you agree with the contents of the user training?

Yes, I agree with the contents of the user training as this covers the general idea about importance of security by giving a background knowledge about IT security to non-technical users. Furthermore, the training has aligned with everyday tasks such as device security and software security. Lastly, employees are getting a chance to go through the existing and new policies to increase their awareness of the correct procedures when handling with 4Phones information systems.

 Check operating systems and connections
 Always Empty recycles bins
 Clean out MS windows’ (OS) temporary internet files Always delete old zip files
 Confirm that backups are being done on a regular basis

Is there a policy stating how often preventive maintenance must be done?

 Is there a risk review procedure?

Yes, 4Phones has a risk review procedure. The security plan needs the network undertaken and regularly.

enable the organisation to evaluate the existing defences and preventive or corrective

controls in place. The identified areas of improvements can then be mapped against the