School of Education

Internet Technologies At Work

Chapter 13: Securing the Internet

After completing Chapter 13, you will know how to:

End of Chapter Labs

Lab Project 13.1: Choosing a Virus Scanner

Schools and companies can lose a lot of time and money when viruses strike. It is critically important for both the servers and the client computers in your workplace to be protected from viruses. Imagine that you work for a school or company that has recently undergone a bad virus attack. Your employer wants to prevent such an attack from happening again. Your employer has asked you to recommend the brand of virus scanner that should be installed on all of the machines at your workplace. You have also been asked to look into protecting the computers your fellow employees have at home, to minimize the risk that employees might inadvertently transmit to the workplace a virus from their home computer. In adopting a virus scanner for use in your school or company, consider these issues:

  1. Dangerous viruses can spread quickly across the Internet. The virus scanner you recommend should have an update service that automatically updates the virus definitions when new viruses come on the Net.
  2. Home computers need to be protected as well as machines in the workplace. Especially if school children are using an employee’s computer at home, viruses from school can be transmitted to the employee’s home computer, from which the infection could propagate to the workplace.
  3. If there is a mix of Windows and Macintosh machines in the workplace and in coworker homes, you will need to consider virus protection for both brands of operating systems. Also consider other operating systems that may be used on your workplace network.
  4. Viruses can be caught both coming and going. Consider whether the virus scanner you are considering can scan outgoing as well as incoming messages.
  5. Consider all the ways information can come and go, including E-mail, IM, FTP, and peer-to-peer file sharing. Check to see whether the virus scanner you are proposing scans all these ways of transmitting viruses.
  6. New ways of transmitting viruses may have been discovered or invented since this book went to press. Check the virus alert centers at www.sarc.com and www.mcaffee.com to see if any new transmission modes have arisen.

Use a word processor to write up your virus scanner recommendation in the form of a brief essay. Report the brand names of the virus scanners you considered, identify the one you recommend for adoption in your workplace, and explain the reasons why you selected it instead of the others. If your instructor has asked you to hand in the report, make sure you put your name at the top, then save it on disk or follow the other instructions you may have been given for submitting this assignment.

(2)Lab Project 13.2: Determining Network Vulnerabilities

In a series of Microsoft white papers entitled “Best Practices for Enterprise Security,” Benson published a framework for determining network vulnerabilities. The framework consists of a series of questions organized according to the three categories of (1) physical security, (2) data security, and (3) network security. Imagine that your employer has asked you to use the Benson framework in determining the vulnerabilities of your school or workplace network. Use your word processor to write an essay in which you answer the questions in the Benson framework and make recommendations for shoring up vulnerabilities you uncover. The questions to answer are listed as follows:

Category I: Physical Security

  1. Are there locks and entry procedures to gain access to servers?
  2. Is there sufficient air conditioning and are air filters being cleaned out regularly? Are air conditioning ducts safeguarded against break-ins?
  3. Are there uninterruptible power supplies and generators and are they being checked through maintenance procedures?
  4. Is there fire suppression and pumping equipment, and proper maintenance procedures for the equipment?
  5. Is there protection against hardware and software theft? Are software packages and licenses and backups kept in safes?
  6. Are there procedures for storing data, backups, and licensed software off-site and onsite?

Category II: Data Security

  1. What access controls, integrity controls, and backup procedures are in place to limit attacks?
  2. Are there privacy policies and procedures to which users must comply?
  3. What data access controls (authorization, authentication, and implementation) are there?
  4. What user responsibilities exist for management of data and applications?
  5. Have direct access storage device management techniques been defined? What is their impact on user file integrity?
  6. Are there procedures for handling sensitive data?

Category III: Network Security:

  1. What kinds of access controls (Internet, wide area network connections, etc.) are in place?
  2. Are there authentication procedures? What authentication protocols are used for local area networks, wide area networks and dialup servers? Who has the responsibility for security administration?
  3. What types of network media (e.g., cables, switches, and routers) are used? What type of security do they have?
  4. Is security implemented on file and print servers?
  5. Does your organization make use of encryption and cryptography for use over the Internet, Virtual Private Networks (VPNs), e-mail systems, and remote access?
  6. Does the organization conform to networking standards?

If your instructor asked you to hand in your answers to these questions, make sure you put your name at the top of the essay, then copy it onto a disk or follow the other instructions you may have been given for submitting this assignment.

Note: The full text of the Benson white paper that contains these questions is at www.microsoft.com/technet/security/bestprac/bpent/sec1/secstrat.mspx. More security resources are at www.microsoft.com/technet/security.