Posted at 11.20.2018
In this project we have been asked to consider and discuss the different aspects of the above mentioned statement. We've asked to make a research study of a business to help with our case and we've chosen for our case study to look at North Lanarkshire Council. The case study will be a report based on 2 interviews and a short look at the council and its record and what services it offers. There may also be a crucial review arguing as to the rights and wrongs of the statement and lastly a conclusion in which we will be a brief summation of what we have discovered during the report.
Before we can commence to discuss the statement, we should take a quick look at precisely what a trojan and phishing are and also take a quick look at their background.
The trojan was so known as as it has similar properties as a individual virus in the manner they can cross form computer to computer and for the reason that they desire a host to make it through.
The first viruses were created through the 1980's, although there programs that worked on the same principle created maybe as early as the overdue 1960's. The first program of this type to appear over a computer other than the main one it was written for was called Elk Cloner and was compiled by Rich Skrenta in 1982 and incredibly was written to strike the Apple operating-system as today infections are very almost never written with Apple at heart. The most frequent virus of that period was written to infect PC's and was called the mind and was written by two brothers Basit and Amjad Farooq Alvi in 1986. Both these computer virus were spread by floppy disks and since that time the virus theory has grown and become more innovative.
" (antiviruswear. com, 2010)"
There are 3 main types of common disease today
A worm uses security defects and computer sites to replicate itself. They can be highly complex programs and once on an contaminated machine, will search for other moves to exploit.
A Trojan Horse, named after the famous wooden equine in Homers Iliad. The virus disguises as itself as another document, e. g. a sound record with a. wav expansion and once on the web host computer does not reproduce but can make the sponsor computer vunerable to assault by third parties by opening plug-ins and can be a major hazard to the user's personal data.
Am email trojan once opened by using an afflicted machine will send copies of itself to everyone on the e-mail clients' associates list. They payload can also include Worms and Trojan Horses.
(spamlaws. com, 2009)The term Phishing appears to have been first coined in 1996 and was put on hackers who had been stealing AOL passwords. It really is now a broader term put on a form of social engineering where in fact the angler (phisher) throws a hook by maybe mailing an spam email pretending to be from the recipients loan company stating there has been a breach of security and asking for the customer to enter their security password and end user name on a website that is linked to on the email. This website may appear to be the persons online bank website but is a fraudulent create to steal the user labels and passwords and invite the phishers to then gain access to the person's bank-account details and transfer monies to other accounts.
Software-every user should have security software installed on their computer the software will help protect your computer from infections, worms and other harmful programs. You must scan your computer on a regular basis and also upgrade your operating system.
Antivirus - you must revise regularly to benefit for the latest hazards. A computer virus is some type of computer program with the purpose of duplicating itself and contaminating some type of computer. Viruses can boost their likelihood of spreading to other computer systems by infecting data on a group of systems or a data file framework that is seen by another computer. You need antivirus software to avoid, discover and remove viruses from your computer. There are very a great deal of different kinds of viruses like worms and Trojan horses. "Millions of computer users endured billion of dollars in loss from real assault experienced online. Most of the damages were induced by fast paced computer infections and worms that travelled by email" (Simson, 2002)
Antispyware- Spyware and adware is a sort of malware that can be setup on pcs and collect small bits of information as time passes and the users does not have any awareness that it is there. The living of spyware is usually concealed from the consumer, and it can be hard to notice. Normally, spyware is secretly installed on the consumers own computer. Now and then spywares is like an integral logger and it is installed by the vendor of the joint, company, or public computer with the motive to secretly watch other users.
Anti malware- A computer worm is a do it yourself reproducing malware computer program. It makes some type of computer network send duplicates of itself to personal computers that are on the same network and it'll do it without user intervention. That is due to weakened security using the pc.
Firewall-A firewall is to avoid unauthorized usage of or from a network. Firewalls can even be integrated in both hardware and software they prevent unauthorized internet surfers from accessing an exclusive network. All messages going out of the intranet go through the firewall.
Botnet- Once a solitary machine inside a network is becoming part of the botnet it will put other computers on the same network in danger. The contaminated computer can read messages and email addresses and copying files and also in a position to track record keystrokes and send spam as well as taking screen images.
Phishing- You will be delivered an e-mail wrongly professing to be always a identified genuine company in an attempt to scam an individual into giving away their private information that will be used for identity theft. The e-mail will guide an individual to visit a site where these are asked to input their private information, like your visa or mastercard details, passwords and bank-account numbers. The website is a phony website and is merely setup to grab the user's information.
Access- It's up to the finish user if they want people being able to access data so their level of privacy is their hands, it is up to the user who they allow access to their computer. They need to only allow people they trust to protect their computer with any personal information that is received or gathered. Your individual information is under your control your privacy is your property so be familiar with what information you store on your computer. Naivety is no excuse, attackers will take good thing about a personal computers vulnerability. Genuine companies will not ask for private information in an email. Hardware like your router use security password cover to constantly secure your cordless connection and can only allow called computers that you know usage of the network.
Awareness-Every user should be aware of the hazards that exists and what they can do. They must be aware of the different types of trojans and spy ware and of what phishing is and what the stakes are. There is your personal privacy, time, money and your computer. Credit cards scams is on the increase and identification theft also. Your kids are exposed to pornographic material and can be targeted by pedophiles. You also have to be alert to shopping when working with your credit greeting card "most magstripe credit cards conform to ISO standard that the cards contains three paths of data referred to as keep track of 1, 2, 3 nearly all magstripe cards consists of no security actions to protect the data stored on the greeting card" (Stuart, 2009)
Education-Most people have no idea of installing software to avoid viruses, they haven't been educated that your personal computer needs to be managed and that we now have infections and worms they don't really know of and the harm they can cause. You would not leave your home without locking your door why leave a personal computer without safeguarding it. New users and children should be informed before being allowed access to some type of computer. Naivety is a weapon utilized by malware and phishers and children and teens are targeted, parents should do something as well, there is a parental control that will help block websites and record downloads. "Trojan traps over 2, 000 holidaymakers on Russia-chinese boundary Over 2, 000 Russian tourists were stranded in the Chinese town of Heihe on the Russian-Chinese boundary after a trojan paralyzed the border's electric pass entry system" (Alexey, 2010)
Internet companies are facing an ever increasing amount of pressure to make certain their sites are trojan and phishing free-not only would this be beneficial to their customers, but also very beneficial for the internet generally.
With the escalation of zombie-fed risks like phishing, obtaining the consumers Computers should no more be right down to an individual themselves, the internet companies should in this point in time be protecting the Internet traffic they may be providing. ISPs should be taking more responsibility to watch what is transferring through their sites more tightly.
A zombie computer is a Computer that has been secretly hacked, this then allows an outside person to regulate the computer with the intentions to infect, duplicate, corrupt and then for erasing the hard drive. The hacker can then set up tools that will store everything that is typed into the PC, this consists of passwords, usernames and visa or mastercard and bank-account details. Once these details is in the hands of the hackers it could be used for personal information theft, committing scams or sold on to the highest bidder.
There is a huge climb in instances that involve harmful code, also referred to as bot code that infects personal computers turning them into zombies, from April to June this season the amount of reported situations have quadrupled to 13000.
ISPs have been doing something's to combat the hazards of bot code by giving customers with online help on how to keep their Computers secure plus some apply spam and virus filters for email as bot code is frequently propagate through instant message worms, email and also through Trojans covered in spam. The ISPs should however be offering a greater cover against these infestations than by just trying to control the threats from e-mail.
Getting filtering to work well and properly takes a vast amount of time, tolerance, resources and money. As the people writing the malware get better and better on a constant basis, this is a never ending struggle to keep up to pace with them so that filtering works.
Some Internet providers are by using a technique called "port 25 blocking" to halt zombie personal computers that are connecting through their network sending out junk messages, this allows only email messages that originates from its server to be delivered, which then helps eliminates spam that hails from another server.
But those steps don't appear to be enough to handle the risk of zombies, according to some experts. "To take down zombies, ISPs should keep an eye on their networks deeper for traffic produced by the compromised PCs", said Dmitri Alperovitch, research engineer at CipherTrust, a security merchant in Alpharetta, USA. "ISPs allow these machines to talk to the rest of the world. They may have the energy to execute a whole lot about the zombie menace, and they should be performing a lot about it" Alperovitch said. "A start for Internet companies would be to allow them to participate more actively in security organizations and also to use data on zombies accumulated by third-party security companies such as CipherTrust", he said.
ISPs should screen their systems more strongly for anything suspicious, the ISPs should also be enhancing customer education and possibly even providing their customers with Anti-virus, Anti-spyware and firewalls for their own machines. If the ISPs were to provide customers with all the current necessary software to protect themselves then there should no longer be any problems, as long as the customer uses the safeguard. Maybe the ISPs should type in their deals with customers that they can provide the software and if the customer chooses not to utilize it or take other preventative measures their web connection will be take off. If the ISPs were to do their part in helping to protect their customers then naivety in people utilising the web shouldn't be a justification in this day and age, there's been enough cyber offense and computer virus and it has also been about long enough now that it is no more excusable for folks not to be guarding themselves while surfing the net. You will find dangers generally in most things we do in life and we are expected to take precautionary measures, if we venture out for a walk we put shoes to protect our feet, if we venture out for a drive we put our seatbelt on and if we surf the net we ought to also protect ourselves in advance. We aren't permitted to drive a car on the highway if it's not roadworthy so maybe we have to not be permitted to go online if our computer is not properly equipped. Although customers can be urged to keep their PCs clean with the risk of disconnection, the pressure should be on the ISPS to consider more responsibility to tackle any threats arriving through their network. With the quantity of risks on the increase, ISPs should be taking a more hands on way, as the hands-off method has shown not to work.
(1) Dmitri Alperovitch, research engineer at CipherTrust, a security vendor in Alpharetta
(news. cnet. com, 2010)
For our case study we decided North Lanarkshire Council, there were two known reasons for this, the first because they are a large business with a huge computer infrastructure that could allow us to talk with a qualified IT specialist and also a finish individual to get both views across and the second reason being one of our team had previously performed there and was comfortable he would have the interviews assemble with the the least fuss.
North Lanarkshire Council is the fourth greatest local Expert in Scotland using over 18, 000 staff and portion a population of 321, 000 people mainly in the next cities Airdrie, Bellshill, Coatbridge, Cumbernauld, Kilsyth, Motherwell, Shotts, Wishaw and their encompassing districts.
The council is split into 5 key service areas:
Finance and Customer Services incorporating all money and IT services (including casing benefits and rebates) as well as open public access via first stop retailers, customer contact centre and website.
Corporate Services which includes central support unit, recruiting, legal services, design and property services.
Environmental Services including planning and development, roads and travel and defensive services amidst others.
Housing and Friendly Work services
Learning & leisure Services which includes education and community education services.
The nature of the research study will determine we focus on Finance and Customer Services, and specifically the government and development section which include the IT function within the council and we will get a flavour as to how it shields its end users from Disease and Phishing problems.
The finance division has many functions and these include council duty, purchasing and debtors, real estate benefits and rebates and as you can see there is much personal and financial data to be secured within even this small collection of council's services. If we add the info that the interpersonal work also offers to safeguard then we can see the security must be comprehensive.
We will now check out the interviews.
We got chosen to get hold of North Lanarkshire Council to see if it was possible to interview 2 of their employees for the job. We decided to contact Alex Mitchell, Helper Service Delivery Manager, as one of our team had already did the trick quite strongly with him in the past when he worked well for the North Lanarkshire Council IT Team. Alex arranged in concept and asked we email him 2 pieces of questions one targeted at the end individual and the other targeted at a person who would be more alert to the security actions in place from the IT section.
He duly replied and said that the head of IT Security, Kenny Yates would be pleased to meet for an interview and also provided us the name of a finish user, namely a Lesley Bone who was pleased to answer the end user questions.
Due to adverse weather conditions it became very difficult to set up the interviews and in the long run Lesley emailed her answers to us and we completed a phone interview with Kenny. Gladly, these were both pretty frank and provided a very good sign of how the council deals with computer security and exactly how it protects the finish user.
As was said previously there have been 2 packages of questions as some questions were asked to both people as well as others didn't make sense to ask the average person worried so were more tailored as to an end customer or the more technical question. The results were as follows.
Lesley demonstrated that as an end user she possessed an awareness of dangers and experienced security in place inside your home but was very hazy as to what to do if she was affected by one and it appeared to be apparent that whenever given these questions she realized that maybe security is something she should consider and give more thought to in general.
Kenny on the other hands provided us a great understanding as to how difficult a job it is to safeguard an company such as NLC. He demonstrated that it was not simply right down to the council's duty of care to its employees to protect them and the data they keep but there are extensive legal requirements a few of which also get audited which may have to be adopted and can lead to fines and removal from federal government secure networks if that audit is failed.
He also said that consciousness training is now taking place and this seemed to tie up in as Lesley had said she experienced received no specific training so but there have been a liable use policy available for quite a while.
The main issues for the council as Kenny views as the growth of remote control and home working so that as users have more scope to make use of unauthorized equipment on council networks and he also said naivety is the key cause of contamination in council equipment.
Finally when asked that which was the main risks he said that spam and email type worm trojans are the key concern and cultural engineering techniques are getting more advanced but the primary risk was could be lack of investment credited to recent cutbacks and this could leave the council open to attack.
The full interviews can be read. See appendices.
We were asked to comment and discuss the next statement "It is up to end-users to safeguard themselves sufficiently from risks such as infections and phishing - they can be responsible, naivety is no excuse. " And here is the conclusion we has come up with.
Firstly an individual has a degree of responsibility, a home end user especially must at least have awareness that these threats exist, what they are, what they do and must know and carry out the minimum amount steps to safeguard themselves by at least installing a complete security collection on all pc's and also making sure that anyone with access to the internet has the same understanding. Also they must be wary concerning who has gain access to and should protect their personal computers and cellular devices with a secure security password.
There is also a lot going on in the background that the end user is unaware of and this is also assisting to protect them from risks, from working categories, regulations and government acts and even their bankers and retailers to their Internet service Supplier and the security software authors. They are all working hard to minimize the consequences of trojan and phishing.
In an company it is a lot different and the end user has hardly any to do to safeguard themselves even as we found in the interviews. That job is considered on by the IT department which is an extremely difficult job to protect an organisation. Due to legal commitments there needs to be very tight security, especially in organisations like the one we looked at North Lanarkshire Council and interestingly it turned out that the primary source of protection ended up being the amount of investment manufactured in it and maintaining up to now as everything goes so fast in the IT world of course, if the organisations don't continue they will get trapped out.
Finally is naivety a justification, the answer should be a resounding no, it appears to be one of the main causes of contamination and way more additionally it is the primary tool of folks who write the pathogen or use their cultural anatomist tools in the phishing problems.
Alexey, K. (2010, 04 19). WorldComputer disease traps over 2, 000 tourists on Russian-Chinese border. Retrieved from rianovosti: http://en. rian. ru/world/20100419/158646482. html
allspammedup. (n. d. ). allspammedup. Retrieved from allspammedup: http://www. allspammedup. com/2009/02/history-of-phishing/
antiviruswear. com. (2010). antivirus. Retrieved from antivirus: http://www. antivirusware. com/articles/history-computer-viruses. html
news. cnet. com. (2010). media. cnet. com. Retrieved from information. cnet. com: http://news. cnet. com/ISPs-versus-the-zombies/2100-7349_3-5793719. html#ixzz16FkK89Lv
Simson, G. (2002). web security, level of privacy and business. cambridge: o, reilly.
spamlaws. com. (2009). spamlaws. Retrieved from spamlaws: http://www. spamlaws. com/virus-comtypes. html
Stuart, M. (2009). hacking open 6. ny: mcgraw.