Work Based Learning

[Coursework Two -
BUS200]

3/23/2011
20857870
John McGowan
Contents
Contents..........................................................................................................................2
1.0 Introduction..............................................................................................................3
2.0 The existing System.................................................................................................3
3.0 Problem within the system.......................................................................................3
3.1 Security Issues......................................................................................................3
3.2 Possible threats ....................................................................................................4
3.2.1 Introduction...................................................................................................4
3.3 Introduction..........................................................................................................4
3.4 What is a Virus ....................................................................................................4
3.5 Trojan horse:........................................................................................................4
3.6 Worms:.................................................................................................................5
3.7 Types of threats ...................................................................................................5
4.0 Legal and Ethical Considerations.............................................................................5
4.1 Personal Data........................................................................................................5
4.2 Data protection Act..............................................................................................6
5.0 Possible Solution......................................................................................................6
5.1 Introduction .............................................................................................................6
5.2 Computerisation.......................................................................................................6
5.2.1 Anti-Virus Automatic updates..........................................................................6
5.2.2 Network Firewall...............................................................................................7
6.0 Discussion with Staff ..............................................................................................8
7.0 Conclusion................................................................................................................8
7.0 Bibliography.............................................................................................................9
8.0 Appendix................................................................................................................10
Current Network Setup – Figure 1.0........................................................................11
Solution Network Setup – Figure 2.0 ......................................................................12
1.0 Introduction
This paper spectacles the research and investigation which was
carried out to find a computer related problem within the workplace.
Within this paper it will explain the existing system and how the
problem within this system affects the corporation’s security in
addition to the reputation of the community image. The research
taken out and presented within this paper is supported by well-
known concepts and theory.

2.0 The existing System

The system which is currently been used to carry out the
investigation is a personal computer unit. This personal computer is
using Windows 2003 server operating system which permits it to be
controlled and used over a small network. The programs installed on
the operating system are pretty ordinary and are used for daily
tasks for example word processing and online browsing.

3.0 Problem within the system

3.1 Security Issues

The computer unit is located in the volunteers department and
connected to the hospitals main network. The system is running
windows 2003 server operating system which allows the network to
run over an intranet network. The system does not contain any
advanced security tools for example a personal Firewall program.

This may be seen as negligence for example if an end-user was to

download an attachment. This attachment might also contain a
virus or a gateway for an unwanted user. As this is no advanced
security tools or update software, this certain virus would not be
stopped. Most viruses which are sent via email are hidden within
attachments are generally malware which gather and track certain
activities on the network.

This information was found out when the researcher was using the
personal computer to create a word document when a prompt
message appeared on the task bar asking the user to install a
firewall. It was brought to the researcher’s consideration to check
other security settings for any other recognized problems.
The situation was understood that the Anti-Virus program which was
installed was not formerly up to date and the definitions database
has not been updated for several months.
3.2 Possible threats

3.2.1 Introduction
The following information explains the possible threats which may
occur if no solution is taken into place. If the system was to get
infected by a virus or malware it would uncover the whole network
and be a major threat to the users plus the information currently
stored on the network database. Other systems connected to the
network will also become infected this allowing the virus to travel
and reproduce.

The hospitals database holds personal and confidential information

on their network, this absence of advanced security is seen as a
major problem.
An unwanted user may gain access to the system by using various
tools and methods. As there is no Firewall program installed it
leaves the system open to this threat and allows the unwanted user
to copy, edit and read information stored on the networks database.

Figure 1.0 within the appendix shows the current system setup and
the possible threats in a clear illustration.

3.3 Introduction
There are many types of viruses which aim to steal personal
information and also cause unwanted trouble for the system and the
users. The following evidence describes in detail about certain well
known viruses and how they would affect the system.

3.4 What is a Virus

Dr David J. Stang the author and member of The International
Computer Security Association (2003, pg 6) describes a Virus as “A
virus is software which is similar to both a worm and a Trojan. Like
the worm, it includes a means of reproducing. Like the Trojan it
attaches to some host file. To escape detection, it reproduces before
it cases any destruction.”

3.5 Trojan horse:

Trojan horses are a very common computer virus and can be easily
downloaded through other files. This virus hides itself within other
files such as documents, presentations and even emails. New Trojan
horses are been made daily therefore it is essential to have the anti-
virus database up to date. The Trojan horse does not reproduce
itself once it has gained access to the system but in fact makes the
system vulnerable to malicious intruders by allowing them to access
and read the files on the system.

3.6 Worms:
Dr David J. Stang the author and member of The International
Computer Security Association (2003, pg 5) describes a worm as “A
"Worm" is software which has been designed to propagate, make
additional copies of its self and perhaps to destroy or modify files. A
worm spreads copies of itself through network attached computers.
The first use of the term described a program that copied itself
benignly around a network, using otherwise unused resources on
networked machines to perform disturbed computation. Some
worms are security threats using networks to spread themselves
against the wishes of the system owners and disrupting networks by
overloading them.”

3.7 Types of threats

Without a good personal firewall installed certain threats can easily
be implemented into the system. This can be obtained by an
unwanted user using a server client program which allows them to
take a backdoor approach to Aintree hospitals network. Once the
unwanted user has gained access they can control, edit and read
data within the database.

4.0 Legal and Ethical Considerations

4.1 Personal Data

The hospitals database holds personal and confidential information.
If a virus was to affect the system or a hacker was to gain access
this personal information would be at risk. If patient records went
missing or was altered therefore the patient might receive the
wrong treatment or be given the wrong medication. If this was the
case it could be very dangerous but also the hospital could be sued
for not using the correct ethical considerations.
4.2 Data protection Act

The Data Protection Act was developed to give protection and lay
down rules about how data about people can be used. The 1998 Act
covers information or data stored on a computer or an organised
paper filing system about living people.

The Information Commissioners Office describes the security

discussed within the Data protection Act in brief as the following
“This means you must have appropriate security to prevent the
personal data you hold being accidentally or deliberately
compromised. In particular, you will need to:

• Design and organise your security to fit the nature of the

personal data you hold and the harm that may result from
a security breach;
• Be clear about who in your organisation is responsible for
ensuring information security;
• Make sure you have the right physical and technical
security backed up by robust policies and procedures and
reliable, well-trained staff; and be ready to respond to any
breach of security swiftly and effectively.”

5.0 Possible Solution

5.1 Introduction
The following information shows possible computer solutions to
overcome the existing problems. This information is broken down
into detail which is supported by using accurate theory.

5.2 Computerisation

5.2.1 Anti-Virus Automatic updates

An antivirus program is designed to detect certain unwanted files on
a system this including viruses and malware. Once the program is
updated it downloads certain database definitions from the antivirus
server. These definitions will contain certain new viruses and
malware prevention settings. When a new virus or malware is
created is could in fact infect the current system and bypass
Antivirus software unless the software which is currently been used
has this virus stored within its database.

By using automatic update settings within the software this will

allow the software to be updated on a daily basis without any
difficulty. The updates may include new database definitions and
new security features.

William T. Polk the author of Anti-virus tools and techniques for

computer systems (1995, pg 43) Shows his theory and the
understanding needed in order to prevent certain viruses and
threats from gaining access and attacking the system. William goes
on to mention “To provide general protection from attacks by
computer viruses, unauthorized user, and related threats, users and
manager need to climate to reduce vulnerabilities. A general
summary of the vulnerabilities that computer viruses and related
threats are most likely to exploit is as follows:

• Lack of user awareness - users copy and share infected

software, fail to detect signs of virus actability, do not
understand proper security techniques
• Absence of or inadequate security controls - personal
computers generally lack software and hardware security
mechanisms that help to prevent and detect unauthorized
use, existing controls on multi-user systems can sometimes
be sub mounted by knowledgeable users
• Unauthorized use - authorized users can break in to systems,
authorized users can exceed levels of privilege and misuse
systems.”

5.2.2 Network Firewall

Zone alarm offers a Two-Way Firewall which makes your PC invisible to

hackers and stops spyware from sending your data out to the
Internet. By installing this personal firewall it will overcome any
unwanted users gaining access to the system. This firewall is
currently free therefore no expenses are needed from the NHS. The
Firewall also updates on a daily basis with new settings and
information needed to prevent such attacks on the system. Figure
2.0 within the appendix shows the possible solution system setup in
a clear illustration.

Sumit Ghosh the author of Principles of secure network systems

design (2002, pg 94) describes the principle of a firewall as the
following “The philosophy underlying firewalls is to shield the
network from the external world and concentrate attacks at a single
point that can be effectively monitored to the network
management. The advantages are as follows:

• All possible attacks on the system are guide to a single point:

the firewall

• Additional protection and strategic planning may be

accomplished through monitoring the firewall activity.”

6.0 Discussion with Staff

The researcher was able to have an on-going discussion with Jeff
who is a manager within the admin department. After the
researcher mentioned this problem to Jeff, Jeff responded quite
relieved as this problem could have exploded into something a lot
more effective and dangerous.

7.0 Conclusion

The NHS is a well-known company and is very trusted within the

community; this lack of security can be seen as negligence and
shows a flaw within the trust of its community. As personal
information is at risk it shows a trust risk as if this information was
to be brought outside to the world, the trust within the public would
be affected. The NHS has been infected and hacked in the past for
example:

Dan Goodin an author for an online news website The Register

shares the following information: “The UK’s National Health Service
has been hit by a voracious, data-stealing worm that’s easily
detected by off-the-shelf security software, according to researchers
who directly observed the mass compromise.” By simply installing
a free firewall and altering a few settings for the Anti-Virus program
the hospitals network will be safe. This will restore trust within the
work place and also within the community.
7.0 Bibliography
Dr David J. Stang (2003). Computer Viruses. 2nd ed. USA: International
Computer Security Association . 5 - 6.

Sumit Ghosh (2002). Principles of secure network systems design. USA: Stevens
Institute Of Technology . 94.

William T. Polk (1995). Anti-virus tools and techniques for computer systems.
USA: ndc. 43.

Dan Goodin. (2010). NHS computers hit by voracious, data-stealing

worm. Available:
http://www.theregister.co.uk/2010/04/23/nhs_worm_infection/. Last accessed
20th March 2011.

Eugene Aseev. (2010). Monthly Malware Statistics: January 2010. Available:

http://www.securelist.com/en/analysis/204792099/Monthly_Malware_Statistics_J
anuary_2010. Last accessed 15 March 2011.
8.0 Appendix
Current Network Setup – Figure 1.0

The following diagram shows the current system.

Two users are connected at one time to one network which is

connected to a server database. User two opens an email
attachment which contains a virus; since the Anti-Virus program is
currently out of date the virus passes through the system. The virus
also passes through the network and reproduces itself. The virus
has also infected system one. An un-wanted user (hacker) connects
to the wireless router bypassing any security features, as this does
not contain a stable security feature such as a personal firewall the
hacker can easily connect. Once the hacker has connected they
may retrieve data from the data plus system one and system two.
Solution Network Setup – Figure 2.0

The following diagram shows the possible solution.

Two users are connected at one time to one network which is

connected to a server database. The systems in which the users are
connected to are using up to date Anti-Virus software. Each system
has a personal firewall installed; each system is secure and safe
from treats and viruses.