P6 IT system protection plan
In this document, I will be producing a plan that will protect an IT system. It will focus on software-
based protection, including techniques such as user authentication and anti-virus. Additionally, it will
be designed to comply with the various organisational and legislative requirements documents.
Software-based protection
There are a large number of software packages that can be used to protect an IT system, these
include:
Anti-virus software and detection techniques
An anti-virus is a program that is designed, and subsequently downloaded, to
protect a computer against software virus threats. They work by detecting and
removing viruses, searching for and preventing the installation of viruses. Other
malicious software that is protected against by anti-virus software include
adware, worms and Trojans. The most common brand of anti-virus is McAfee;
often this comes installed on a new device, otherwise it can be brought for as little
as £19.99 (one device).
Alongside anti-virus software, there are detection systems that could be used to monitor an IT
system. Their main uses would be to watch for any malicious activity (e.g. hackers gaining access) or
any policy violations by users of the system (e.g. authorised downloading of software). There are
four main types of detection system, they are:
• Network intrusion detection system (NIDS)
• Host-based intrusion detection system (HIDS)
• Perimeter Intrusion Detection System (PIDS)
• VM based Intrusion Detection System
(VMIDS)
These systems can either take the form of a device or
software and work by ‘detecting anomalies’ in a
device or system; by working this way they aim to
catch hackers before they have the chance to do any
‘real damage’, e.g. infiltrating the network with
viruses. The main way they identify hackers is by
‘looking at the signatures of known attacks’.
Alongside the ability to recognise attackers, viruses can be
identified by their signature. This is like the DNA or fingerprint
of a virus – a way to see what it’s made up of – and is a ‘unique
string of bits’ or a ‘binary pattern’. Anti-virus and detection
software use these sets of bits to scan and detect the ‘presence
of malicious code’, meaning they can be removed as soon as
they are found.
Unit 7: IT Systems Security and Encryption
, Heuristic methods are forms of algorithms that quickly and consistency provide good results;
meaning when used in security, they scan for and identity behaviours that are typical of viruses very
efficiently. There are a number of rules that this style of antimalware may follow:
Search for programs that keep reproducing (copying itself into the system or other
programs)
Identify programs that try to remain in the memory after execution or ones that attempt to
write themselves onto the devices disk.
Search for programs that try to edit, copy or delete files that are necessary for the operation
system to run.
Identify programs that are already blacklisted as malicious, or those that listen to data being
sent over a network connection by binding to a TCP/IP port.
Search for software that decrypts itself when executed.
A benefit of such method is that they are good are preventing ‘Zero Day Attacks’ - an attack which
exploits weaknesses in software that are unknown to the user or developer - meaning the system
can be protected from any weaknesses that come with downloaded software that is not pre-
installed. However, this method has weaknesses due to them not looking for virus signatures - this
results in the algorithm searching for virus activity, rather than the signature of the virus.
There are a number of ways to deal with
identified threats such as viruses. The first of
these would be to report any suspicions of a
virus to the IT technicians; this will enable them
to investigate the issue and remove any
malicious files or software. Alternatively, you
could install antivirus software that has a
‘quarantine’ feature. This means that any
software that is flagged by the anti-virus would
be put into isolation to prevent any further
damage/stop it from effecting other parts of the device, system or network. The final method would
only be used in the most serious of circumstances as it involves a system restore. Using such a
drastic method would allow the virus to be wiped from the system, however, along with it, it would
remove all files and software from that device.
Firewalls and the filtering techniques
The use of firewalls is integral to system security at it allows all data, whether its incoming or
outgoing, to be filtered based on ‘predetermined security rules’. This therefore, only allows certain
data to enter or leave the network. Firewall systems can take the form of either a software program
or a hardware device, and typically work through the process of creating a ‘barrier’ between a
trusted internal network (company servers) and an untrusted external network (websites on the
internet).
Packet filtering is a technique used as part
of a firewall to analyse data and control
access across a network. It works by
analysing incoming and outgoing packets in
a ‘packet-filtering router’ and deciding
whether to let them pass into the network
Unit 7: IT Systems Security and Encryption
In this document, I will be producing a plan that will protect an IT system. It will focus on software-
based protection, including techniques such as user authentication and anti-virus. Additionally, it will
be designed to comply with the various organisational and legislative requirements documents.
Software-based protection
There are a large number of software packages that can be used to protect an IT system, these
include:
Anti-virus software and detection techniques
An anti-virus is a program that is designed, and subsequently downloaded, to
protect a computer against software virus threats. They work by detecting and
removing viruses, searching for and preventing the installation of viruses. Other
malicious software that is protected against by anti-virus software include
adware, worms and Trojans. The most common brand of anti-virus is McAfee;
often this comes installed on a new device, otherwise it can be brought for as little
as £19.99 (one device).
Alongside anti-virus software, there are detection systems that could be used to monitor an IT
system. Their main uses would be to watch for any malicious activity (e.g. hackers gaining access) or
any policy violations by users of the system (e.g. authorised downloading of software). There are
four main types of detection system, they are:
• Network intrusion detection system (NIDS)
• Host-based intrusion detection system (HIDS)
• Perimeter Intrusion Detection System (PIDS)
• VM based Intrusion Detection System
(VMIDS)
These systems can either take the form of a device or
software and work by ‘detecting anomalies’ in a
device or system; by working this way they aim to
catch hackers before they have the chance to do any
‘real damage’, e.g. infiltrating the network with
viruses. The main way they identify hackers is by
‘looking at the signatures of known attacks’.
Alongside the ability to recognise attackers, viruses can be
identified by their signature. This is like the DNA or fingerprint
of a virus – a way to see what it’s made up of – and is a ‘unique
string of bits’ or a ‘binary pattern’. Anti-virus and detection
software use these sets of bits to scan and detect the ‘presence
of malicious code’, meaning they can be removed as soon as
they are found.
Unit 7: IT Systems Security and Encryption
, Heuristic methods are forms of algorithms that quickly and consistency provide good results;
meaning when used in security, they scan for and identity behaviours that are typical of viruses very
efficiently. There are a number of rules that this style of antimalware may follow:
Search for programs that keep reproducing (copying itself into the system or other
programs)
Identify programs that try to remain in the memory after execution or ones that attempt to
write themselves onto the devices disk.
Search for programs that try to edit, copy or delete files that are necessary for the operation
system to run.
Identify programs that are already blacklisted as malicious, or those that listen to data being
sent over a network connection by binding to a TCP/IP port.
Search for software that decrypts itself when executed.
A benefit of such method is that they are good are preventing ‘Zero Day Attacks’ - an attack which
exploits weaknesses in software that are unknown to the user or developer - meaning the system
can be protected from any weaknesses that come with downloaded software that is not pre-
installed. However, this method has weaknesses due to them not looking for virus signatures - this
results in the algorithm searching for virus activity, rather than the signature of the virus.
There are a number of ways to deal with
identified threats such as viruses. The first of
these would be to report any suspicions of a
virus to the IT technicians; this will enable them
to investigate the issue and remove any
malicious files or software. Alternatively, you
could install antivirus software that has a
‘quarantine’ feature. This means that any
software that is flagged by the anti-virus would
be put into isolation to prevent any further
damage/stop it from effecting other parts of the device, system or network. The final method would
only be used in the most serious of circumstances as it involves a system restore. Using such a
drastic method would allow the virus to be wiped from the system, however, along with it, it would
remove all files and software from that device.
Firewalls and the filtering techniques
The use of firewalls is integral to system security at it allows all data, whether its incoming or
outgoing, to be filtered based on ‘predetermined security rules’. This therefore, only allows certain
data to enter or leave the network. Firewall systems can take the form of either a software program
or a hardware device, and typically work through the process of creating a ‘barrier’ between a
trusted internal network (company servers) and an untrusted external network (websites on the
internet).
Packet filtering is a technique used as part
of a firewall to analyse data and control
access across a network. It works by
analysing incoming and outgoing packets in
a ‘packet-filtering router’ and deciding
whether to let them pass into the network
Unit 7: IT Systems Security and Encryption
