CCD2C01-P02-1100083C

Security Policy 

  Security policy is an official statement of guideline where people who are granted access to an organization's technology and information must accept. 

  There are many examples of security policy. Some examples includes server security policy, Email security policy and network security policy.

   Firstly, server security policy is used to establish standards for the base configuration of internal server equipment that is owned by a company. Effective implementation of this policy will minimize unauthorized access to the company information and technology.

  Secondly, Email security policy is used to achieve 3 different types of objective. Commercial objective. productivity objective and legal objective. Commercial objective is by teaching employees how to send effective emails and stating target answering times, you can professionalize your email replies and therefore gain competitive advantage. Productivity objective is by setting out rules for the personal use of email you can improve productivity and avoid misunderstandings. Legal objective is by clearly stating what is considered as inappropriate email content you can minimize the risk of law suits and minimize employer's liability by showing that the company warned employees of inappropriate email use.

  Lastly,  network security policy is intended to protect the integrity of the networks and to mitigate the risks and losses associated with security threats of the specific network. It can be use to prevent any abuse and inappropriate use. Network security policy can be used to control data access and web browsing. It can also be use to enable passwords encryption and control email attachments.

CCD2C01-P02-1100083C

Common Networking Attacks Threats and Solution 

  

  There are many kinds of network attacks threats available. Some examples are password attacks, computer virus and denial of service attacks.

  

  The first example is password attacks.Password attacks comes in many form. Some common examples are password resetting and password guessing. 

  

  Password resetting works by using cracking programs that are actually password resetters. These programs can help by locating and resetting the Administrator's password.

  For password guessing, there are 2 different ways to obtain someones' password. The 2 ways are dictionary attacks and hybrid attacks. 

  Dictionary attacks work on the assumption that most passwords consist of words or numbers taken from a dictionary. By downloading various databases with specific vocabularies can help increase the chance of obtaining the password. 

 Hybrid attacks comes in many different ways, but most people or program will mix uppercase and lowercase characters, add numbers anywhere of the password, spell the password backward or slightly misspell it, and include characters such as !@$*&.

  The main solution towards password attacks are educating users to use complex password and also restrict the number of failed log in attempts.

  The next example is computer virus. Virus refers to malicious software that are combined with another program to execute an undesired function to the computer.

  The main solution towards computer virus are by using anti virus protector and spyware remover.

  The last example is denial of service (DoS) attacks. In DoS attack, the threat agent sends many authentication requests to fill up the server. All of the requests will then give a false return addresses, so the server can't find the agent when it tries to send the authentication approval. The server waits for a while before closing the connection. When the connection is close, the attacker sends more requests, and the process begins again; hanging up the service indefinitely.

  The main solution towards DoS attack is by setting up a filter that look for attacks by noticing the attacking patterns. If that same pattern comes in frequently, the filter will block messages containing that pattern, preventing the Web servers from hanging up.

http://news.cnet.com/2100-1017-236728.html

http://ezinearticles.com/?Solutions-To-Computer-Viruses&id=770561

http://www.windowsitpro.com/article/kerberos/types-of-password-attacks-

http://www.orbit-computer-solutions.com/Network-Access-Attacks.php