Acer Laptop - Information Security Evaluation - Case Study Example

Student ID number Student name Unit name Information Security Unit number Name of lecturer/tutor Assignment name Due date Introduction The internet has become a very unsafe place where our data is at risk our privacy is violated, our identity stolen, our careers destroyed, our houses burned down, our credit is destroyed and even bullied and destroyed. With cyber crime which has become a big business this days, our smart phones, laptops, desktops, credit cards and all other computing gadgets that are connected to a network are at risk. The perpetrators are smarter and well organized in running the cyber crimes. Many people are aware of dangers posed by information security threats but are not aware of ways in which they can protect themselves. The truth is, the only realistic way of preventing a perpetrator from accessing your system is to cut if off completely from the internet and even then, access can still be gained. This report is a security evaluation of my Acer laptop which I usually use at home and at school to do my assignments, research and social networking. My Acer laptop runs on Windows 7 professional operating software as shown in figure 1. My Acer laptop is part of a small network at home which consist of a HP desktop and a printer. As ICT student, I am the work who assist my family with both hardware and software maintenance and ensures the security of the system  Methodology After undertaking an extensive research, I intend to use Rick Hellewell checklist as it helps to address most issues associated with home computer security such as viruses, hacking, and worms. Moreover, it assists in documenting things when they are working so as to be in a position to fix things when they break down (Hellewell, 2004). Hellewell has also come up with “simple steps for computer security” which user need to do to ensure that their computer are safe, they include; Firewall-This is a security gateway is comprised of software and hardware that controls access to the computer network. You should disconnect your computer from the internet and the set up a firewall to protect it against hackers. If you don’t have a firewall the other alternative is to get a router from you favorite computer store and place it between your computer and your cable/DSL modem (Digitalchoke.com,2011). Windows Update- After installing the firewall, you can now reconnect your computer to the internet and get the windows operating system current and the easiest way is through automatic update. After installing all the critical updates, you should make sure your automatic updates are set for daily checks. Anti-Virus- Just like everything else, anti-virus program is very important. You should install an anti-virus program and make sure it is kept current by updating it once a week or daily during periods of heavy viral attacks. After installing it, it should be configure to check all files, check email, and all downloaded files. By using Rick Helewell checklist, I as the assessor I will be in position to simulate the action of security control through using a well defined set of documentation which is representative of what the security control is likely to possess, working under specific constraints to attempt to circumvent the security features of the system. The checklist can be used to detect weaknesses of a system and indicate the level of effort on the part of security to breach the system safeguards (Digitalchoke.com, 2011). The step that I follow to conduct my review to manage my evaluation process was first to see which area to assessed according to approach. Select the appropriate assessment procedures to be used during the assessment based on the security controls and control enhancements that are to be included in the assessment. Test was conducted according to then checklist and results came as I review based on the test (Digitalchoke.com, 2011). The findings of your review and recommendations for improvement From the evaluation I conducted using Rick Hellewell checklist, I found out that my computer was safe from both physical and logical security threats. With use of passwords to access the systems, I have been able to limit access to only those who have authorized access. I had firewalls installed which were working and it was protecting my computer from hackers and from spoofing. From the checklist, I had kaspersky antivirus installed and it was protecting me from virus and worms. It was also alerting me every time I attempted to download a web page that has hidden viruses or any time I tried to conned storage disks that were virus stricken. The check list also indicated that my windows were up to date. It is very important for the windows to always be updated. Keeping all the software’s in my laptop up to date will protect my computer from any information security threat. From Rick Hellewell steps of ensuring that your system is safe, Rick Hellewell recommended a few simple steps including installing firewalls, anti-virus software, windows update, installing adware and spy mate and ensuring safe surfing. I have been following these steps to ensure that the system is safe (Digitalchoke.com, 2011). A brief reflection on the methodology or review approach Rick Hellewell checklist is a security evaluation method which is suitable for both for home user security and as well as organizations. The review is an easy step by step technique that can e used by any home user but it may require the assistance of an ICT professional to understand the review of some of the information security areas. The controls that the technique has are reasonable and can be applied to real life and can easily be followed. I went through the checklist to evaluate the security of my Acer laptop and here are the results: The Home User’s Security Checklist for Windows I am not running Windows as Administrator. Why shouldn't I run as Administrator? Running windows as an administrator would make my laptop to be at risk of being vulnerable to Trojan horse as well as other information security threat. Visit unfamiliar sites which may have Trojan codes that could be downloaded to the system. Trojan horse may reformat my hard disk; delete all my files among other damages (Microsoft.Com ,2013). User Accounts I picked a good and strong password to log in to Windows: What are some rules for good passwords I have mixed letters and numbers as well as symbols. I have some of them in upper case and others in lower case. My password is 8 characters long and it has therefore met all the rules of a good password I have an administrative-level user id with a strong password I have used my name as the Administrative level user ID as the system is mine and I also have a strong password for it. I know how to log in as an administrator user. And do it only when necessary.  It is not advisable to log in as an administrator due to exposure to security risks but I do it only when it is very necessary Windows Update Windows Update is set to automatically download and install updates from Microsoft. ) My windows updates have been configured to update automatically every day at 3.00 as shown below Figure 2– Windows Update Configuration I use Windows XP rather than older versions, because it more secure and fast. I have not installed service patch 2 but I intend to install it I use Microsoft Office 2012 installed, I always check Microsoft Office Update for updates. Plus, I visit Office Update every week. I understand that Microsoft will never send out updates and patches, or announcements about updates and patches, via email This is a caution against falling victim of phishing Anti-Virus I have anti-virus software installed and running. I have installed ESET NOD32 antivirus software. ESET protects my laptop from viruses as well as any internet attack by n authorized persons. It filters spam mail and protects me from malicious programs My anti-virus software automatically updates itself all the time that there is an update available every 4 days. My anti-virus software expires on this date: 1/02/2014. My anti-virus software automatically scans my computer for viruses every 2 days I configured my anti-virus software to check all files as they are saved to my hard disk or downloaded from the Internet. Figure 3 below shows the levels of file protection. The anti-virus pops up with an alert when suspicious files are about to be downloaded. My anti-virus software configured to check for dangerous Internet activity. Figure 3 – Levels of Protection   My anti-virus software automatically scans my IM (instant messaging) software. My antivirus software is able to scan the instant messaging software. This is important because IM allow people to share files peer to peer and in the process, a Trojan horse may be installed and allow hackers to gain full access of the computer (Hindocha,2013). I understand that some so-called viruses are actually hoaxes and I shouldn't worry about them. And I know where to find information about virus hoaxes. Virus Hoaxes are false alerts that come through forwarded emails that warn users of internet warm, computer virus or other security threats that do not exist (Emery,2013), Internet Before I connected to the Internet, I have enabled Windows XP firewall - Yes Figure 4 below shows how I enable firewall in windows XP Figure 4 – Firewall setting I've tested my computer's connection to the Internet and my Firewall settings. YES Email I've configured my email program securely. NO I have not configured the email programs as I do not know how to do it. I intend to get help with that I know how to use email attachments securely. YES Before any attachment is downloaded from my email, a virus scan is run. This ensures that all attachment are free from virus I never open attachments unless I am expecting them. YES As part of safe surfing, I make sure that I only open those attachments that I recognize the senders. I never open attachments that are programs (files that end with .bat, .chm, .cmd, .com, .exe, .hta, .ocx, .pif, .scr, .shs, .vbe, .vbs, or .wsf), even if their icon looks safe. YES Files with extension are not safe to open as they may contain virus. I never respond to spam, even to "unsubscribe". I recognize that some spam email only need to be opened after which they spread the virus and worms to the system. Therefore, I filter all spam to the spam box where they are automatically deleted after a short time. I understand that AOL, eBay, PayPal, my bank, and other Web sites related to my money will never send out requests for passwords, PINs, credit card numbers, my mother's maiden name, or other sensitive information via email. YES I do not respond to phishing messages which only try to get sensitive information from users such as passwords and usernames for credit cards while disguising as trustworthy agents of the banks (Microsoft.Com, 2013). The Web I've configured my Web browser (Internet Explorer, Mozilla) securely. In Firefox the figure 5 below shows the configurations setting that I have to secure my browser. Figure 5– Secure Web Browser I've tested my Web browser's security. YES By configuring security setting on the web browser as shown in figure 5, figure 6 below shows a prompt window asking to either allow access or not allow. Figure 6 – Web browser's security When I buy online, I make sure that sensitive information is entered only on secure pages (https). Although it is difficult to know which pages are safe and which are not. One can confirm by keying in the company’s url without accepting the suggested pages and also making sure that this pages have a security stamp Anti-Spyware – See figure 3- Levels of Protection. This addresses the checklist below. I have anti-spyware software installed and running. My anti-spyware software is made by this company: ESET. My anti-spyware software's title is ESET NOD 32 anti-spy. Ant spy are intended to deal with any spy mate on a computer system My anti-spyware software automatically updates itself every days. YES ( My anti-spyware software must be manually updated, and I know how to do that. YES   My Home Network I have a more than one computer at home, and they are connected via a network.   Personal Firewalls I have a personal firewall installed and running. My personal firewall software is made by this company: Microsoft. My personal firewall's title is Microsoft firewall. Firewalls are a computer program that allows the user to keep a system free from intruders by blocking traffic in and out of the users private network. Routers and High-Speed Connections I have a "broadband" connection (DSL, cable modem), so I have a router/firewall installed and I use it. I use wireless connection which is not open and has been secured with a password Additional concerns for wireless routers I have a wireless router/firewall installed and I use it. YES I've configured my wireless router/firewall to use encryption (WEP or WPA).YES   References Digitalchoke.com (2011). The Home User's Security Checklist for Windows. Retrieved on 11th March 2013 from http://www.digitalchoke.com/daynotes/reports/home-checklist.php Digitalchoke.com (2011).Simple Steps to Protect Your Computer. Retrieved on 11th March 2013 from http://www.digitalchoke.com/daynotes/reports/simple-steps.php Microsoft.Com (2013) How to recognize phishing email messages, links, or phone calls. Retrieved on 11th March 2013 from http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx Microsoft.Com (2013).Why you should not run your computer as an administrator. Retrieved on 11th March 2013 from http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_whynot_admin.mspx?mfr=true Hindocha N (2013). Instant Insecurity: Security Issues of Instant Messaging. Retrieved on 11th March 2013 from http://www.symantec.com/connect/articles/instant-insecurity-security-issues-instant-messaging Emery D (2013), virus hoax. Retrieved on 11th March 2013 from http://urbanlegends.about.com/od/glossary/g/virus_hoax.htm Read More