Server Malware Protection Policy - Assignment Example

Server malware protection policy Malware such as virus, Trojans and worms bring out a serious threat to data processing systems today. Many companies have had their data corrupted, and some have even lost their confidential information. It is thus significant for a company to develop a server malware protection policy to help tackle the various malware that lead to the loss of data. The thesis of this paper is to look at ways of dealing with the various forms of malware that corrupt data. Introduction Malware refers to a malicious software that is designed to infiltrate, do wrong or unwanted actions to a computer system without the knowledge the owner. Examples of such malware are Viruses, Worms, Trojan horses, Spyware, and Rogue security software. Similarly, the term server refers to whatever computer system domiciling in the physically secured data center owned and operated by the Company. In summation, this includes any organization operating an operating system specifically designed for server usage as determined by the Company. The different types of servers include Microsoft Server 2000 and Microsoft Server 2003. Antivirus The policy provides that all servers of the company MUST be equipped and fitted with an anti-virus application. The installed anti-virus application should be one that offers a real-time scanning protection of files and applications running on the target system. The scanning of the files will aid in protecting the computer from being attacked by the viruses that may lead to the loss of data. Similarly, the anti-virus is of importance in case non-administrative users have remote access capability of the data processor machine. Again the anti-virus is required if the system is a file server or, HTTP/FTP access is open from the Internet and or if other “risky” protocols/applications are available to the system from the Internet at the free will of the Organization’s Security Administrator. Mail server anti-virus The server malware protection policy requires that all the mail servers being utilized by the company to have an anti-virus installed in them. For instance, in case the target system is a mail server, then, it MUST be equipped with either an outside or internal anti-virus scanning application. The application’s purpose is to examine all mail destined to and from the mail host. Likewise, while the external anti-virus application scan the inbound mail as a backup is being done, the local anti-virus scanning applications may be put off. Anti-spyware The server malware protection policy necessitates that all servers being used by the company to get set with an anti-spyware application so as to provide and offer a real-time protection to the target system. A spyware can install on a computer without ones knowledge. The spyware changes the computer’s configuration and can track Internet search habits and also redirect the net browser to a dissimilar website unlike the one you intend to go to. The company, therefore, needs to install an anti-spyware application so as to provide protection in case of a state of business in which a non-technical or non-administrative user gets remote access to the system. Likewise, the anti-spyware is to aid in providing security when any outbound access is permitted to the Internet. Similarly, the anti-spyware is of assistance if a non-technical or non-administrative user can install software on his own without permission. Login applications The company needs to employ the use of an operating system with a secure logon application and authentication process. The logon and authentication process should have secure passwords that prevent malicious people from accessing the computer and its documents. The company needs to use passwords to protect its data so as to avoid and prevent access by non-administrators and non-technical users. The company should also create a password policy that is to be employed by administrators in the computers. Awareness Creation The company needs to create an education program to its staff and computer users towards virus protection. Similarly, the staff should be educated the different ways to prevent the computer from getting attacked by a virus. The company should implement awareness programs that include guidance to users on malware incident prevention. All users and company employees should be cognizant of how the malware spreads the risks the malware poses, the unfitness of technical commands to preclude all events and the purpose of users in preventing incidents. The company should also have regular malware-oriented training and exercises. (Mell et al., 2005) Likewise, the awareness program by the company should make the employees and the computer machine users aware of the policy and the procedures that apply to malware handling; such as how to detect malware and how to report suspected infections. An effective awareness program should be developed by the company that states and explains proper rules of behavior for the use of the organization’s IT systems and information, i.e., not downloading items from untrusted sources. (Mell et al., 2005) Encrypting Data. The policy also offers that the company encrypts its data using a cypher so as to provide protection for the data. Encryption is the most efficient manner to achieve data security (Newman, 2010). The transformation of the company’s data into a secret code will assist prevent the acquisition of the confidential information by other users. Similarly, only people with a secret code will be able to access the company’s vital information. The company should also do away with the default usernames and passwords for the computer applications and passwords that could be used by non-administrators. Changing the default usernames and passwords also aid in preventing the infection by the malware, since they use these passwords to gain unauthorized access. Similarly, the organization should consider using the guides to the applications and operating systems. These configuration guides and checklists, contain recommendations that improve the default level of security. Conclusion Companies need to develop a server malware protection policy so as to aid in tackling the attack by the various forms of malware. Consequently, companies should fit their data processors with anti-virus applications, anti-spyware applications and mail server applications. Consequently, the companies need to create awareness to their employees and the computer users and as well, ensure encryption of company data and secure logging applications are in place. References Mell, P., Kent, K., Nusbau, J. (2005). Guide to Malware Incident Prevention and Handling: Recommendations of the National Institute of Standards and Technology. Newman, R., C (2010).Computer Security: Protecting Digital Resources: Protecting Digital Resources. Jones and Barlett’s Publishers. Read More