Security Policy

A security policy contains a access rule or regulation which keep the IT systems safe and secure from insiders who want to hack their own company's IT systems. For example, only all administrators can have access to all files while normal users can have access to only their allocated files.

Security policies also define the security structure of the company. As such, it is important that security policies must be able to be understood by other employees. They must be able to find that each policy is important as well as being useful. Employees must also be able to abide by the policy with upmost strictness and be reviewed for feedback for improvements.

Security policies must also be clear in assigning different responsibilities for any employee affected. For example, having a no access to internet access for a period of time. It also needs to be clear in punishments should any policy being violated and being enforced. This will deter would-be policy violators who will not take the risk in getting caught violating the security policies of their company.

Lastly, a legal team should be engaged to view every security policy to ensure there is no infringement on copyright and it is legal for it to be carried out.


Below is a brief video on Security policy:

References:
http://www.windowsecurity.com/articles/Defining_a_Security_Policy.html

Common Network Attacks, Threats and Solutions

Attacks:
(1)Identity Spoofing (IP Address Spoofing)

  -  Identity spoofing is the assumption of ip addresses that deceives networks and operating systems in identification. It is normally used on IP packs. One such program in use for IP spoofing would be the NetShade(on MAC). You may find more information on the video below.

(2)Denial-of-Service Attack(DDoS)

   -   A Denial-of-Service attack usually prevents normal use of a computer or network by users, which includes loss of access to network resources and a temporary shutdown due to overloading of IP packets.
______________________________________________________________________

Threats:

 Phishing
   - Phishing is the acquire of any information using a bogus email message or a bogus message in instant messaging via social engineering. A link will be included in those messages, which is the link which the hacker takes advantage of the information entered in the link by unsuspecting victims.

Check the video out below on how it works:

_______________________________________________________

Solutions:

   Penetration testing
      - It is a method of evaluating security on a network or a computer by staging an attack on the
             systems in order to find out the weaknesses in them. Some common programs used for
             penetration testing is backtrack. The video below is a simulation of a penetration testing on  
             passwords.

References:
http://technet.microsoft.com/en-us/library/cc959354.aspx

http://www.csoonline.com/article/472866/top-9-network-security-threats-in-2009

http://en.wikipedia.org/wiki/Phishing