Threats To The System
Download as PPTX, PDF•2 likes•2,056 views
The document discusses threats to computer systems from various perspectives including users, hardware, software, and network security issues. It emphasizes that system administrators are responsible for ensuring systems run smoothly and efficiently while addressing any problems that may arise. Key duties involve monitoring systems, maintaining up-to-date software, and protecting systems from security threats.
Threats To The System
- 1. Threats to the System
- 2. Threats to the SystemIt is the system administrator’s responsibility to ensure that a system operates smoothly and efficiently.
- 3. An administrator must regularly monitor systems and correct any problems that may arise, and also maintain these systems to ensure that each user can access the most up-to-date software on a daily basis.
- 4. The main areas that a system administrator is responsible for are users, hardware, software, server operating systems and network administration.Threats to the SystemUsers
- 5. Threats to the SystemThe user is the most important aspect of a system administrator’s daily work.
- 6. The administrator is dedicated to looking after one or more systems.
- 7. Each system will have a number of users who access it daily.
- 8. For the most part, their day-to-day use of the system will run smoothly.
- 9. There will be instances, however, where the system administrator’s help may be required.Threats to the SystemDepending on the size of the organisation, the system administrator might not communicate with users directly.
- 10. A help desk may have been established to field telephone queries and attempt to solve them before they reach the system administrator.
- 11. This allows the system administrator to shift their focus from customer service to maintenance and monitoring.Threats to the SystemThe users of a system are not always people with little or no technical knowledge - some require access to certain areas of the system.Threats to the SystemHardware
- 12. Threats to the SystemThere is a wide range of computer hardware that a system administrator may be asked to look after.
- 13. Most organisations will have different types of PC workstations and servers, but it is not unusually to find an organisation that has a policy of buying servers and workstations from a single manufacturer.Threats to the SystemIf a system requires an upgrade, or a new system is to be purchased, the system administrator will need to work with the hardware reseller to determine the correct hardware configuration for the job.Threats to the SystemWhat is System Security
- 14. Threats to the SystemMost organizations store their business data on computer systems.
- 15. Much of this data is both confidential and valuable.
- 16. System security ensures that the data is not damaged, modified or disclosed to unauthorized people.Threats to the SystemData can be inadvertently damaged, modified or disclosed through:Physical damage to the computer system, such as that caused by fire or flood
- 17. Damage to the data itself, such as system malfunction or virus infection
- 18. Unauthorised users breaking into the system
- 19. Legitimate users operating beyond their authorised boundaries within the systemThreats to the SystemDifferent operating systems offer different facilities for securing the system.
- 20. At the higher security levels, many operating systems are able to support advanced features such as data encryption.
- 21. A more basic level of security may simply require user authentication using a username and password.Threats to the SystemThe level of security implemented on any system is largely going to depend on the sensitivity and importance of data stored on that system.Threats to the SystemTo offer a basic level of operating system security, these facilities are required:User level authentication (usernames and passwords)
- 22. Files system access control (file permissions)
- 23. Files system usage control (disk quotas)
- 25. Network access controlThreats to the SystemEstablishing Organisational Security Requirements
- 26. Threats to the SystemTo determine the basic security requires of an organisation, the following issues need to be considered:What needs to be protected?
- 27. How can the organisation educate users on good security practise?
- 28. Does the organisation have an effective system backup and storage plan?
- 29. Is system security regularly monitored and maintained?Threats to the SystemWhat needs to be protected?
- 30. Threats to the SystemIt will be necessary to work closely with the management and staff to determine the data on the system that can be considered irreplaceable, or could result in a significant loss of income or business if lost. Threats to the SystemExamples of important data could include:Accounts information
- 31. Program code
- 33. Operations information (job-tracking database)Threats to the SystemA level of importance, based on this information should be recommended to management.
- 34. Any resources that might be required during implementation (such as tape drives, security consultants) should also be outlined.Threats to the SystemUser Education
- 35. Threats to the SystemEven the most rigid security system can be laid to waste if users keep their passwords written on post-it notes attached to their workstation monitors.
- 36. This kind of security flaw is common in many organisations and should be considered the first order of business when designing computer security policies.Threats to the SystemTo keep track of security and user education, organise a contact for users who think a security breach has occurred.
- 37. While most reports are false alarms, it is still important to ensure the user is satisfied that security is a going concern.
- 38. Keeping a record of these reports will also enable a system administrator to determine just how effective security and user education is within an organisation.Threats to the SystemDelivery of this education can be done in a number of different ways:Regular workshops
- 39. Newsletters
- 41. One-on-one tutorialsThreats to the SystemIntranet websites have become popular as a means of user education in medium to large organisations.
- 42. They are cheap and easy to set up, and the software infrastructure already exists within most of the modern server operating systems.Threats to the SystemSystem Backups
- 43. Threats to the SystemFull system backups need to be regularly performed and then stored off site.
- 44. In the event of a major disaster (fire, flood, earthquake), the system can be reconstructed with new hardware.
- 45. When choosing an offsite location, ensure that physical security is adequate.
- 46. It may be easier to steal the system backup tapes from that location than to attempt to access the system directly.Threats to the SystemMonitoring Security
- 47. Threats to the SystemTo maintain system security, it is necessary to monitor it closely to ensure that the right people are accessing the right resources.
- 48. The integrity of the operating system must also be maintained.
- 49. This can be a difficult process if the system administrator is not an expert in computer security.Threats to the SystemThere are two ways in which the system administrator can monitor security:Keeping up to date with all the operating system updates and being aware of what services those updates affect.Subscribing to a security advisory organisation such as AusCERT (www.auscert.org.au), an organisation dedicated to informing system administrators of vulnerable points in the security of their systems
- 50. Threats to the SystemUser Productive and Security
- 51. Threats to the SystemHeaving security can impose a burden on users.
- 52. People are becoming accustomed to accessing computer systems with ease.
- 53. If you must impose heavy restrictions, be prepared to explain why.
- 54. The best approach is to try to create a culture of security awareness, where users know the risks of unsafe practices.Threats to the SystemIn responding positively, they will police the system themselves because they appreciate its value to them.