security policy

Security policy is basically what it means to be secure for a system, organization or other entity. The topic of security policy is very wide as there are many forms of it. They include computer security policy, information security policy, national security policy, network security policy and virtual security policy,

In an organization, the constraints that are addressed include the behaviour of the members of the organization. They include the workers and staffs. Also, there are constraints imposed on adversaries by mechanisms such as the doors, locks and keys used.

A security policy may also be a document that states how a company plans to protect the company’s physical and information technology assets. Unlike a contract, a security policy is considered to be a living document because it is never finished. A contract will stay the same after it is signed but a security policy is never completed. This is due to the fact that there is consistently new technology, and employees need change.

On the other hand, a network security policy is a generic document that outlines rules for computer network access. Written by a committee, it determines how policies are enforced in the network. It specifies rules for individuals or groups of individuals throughout the company.


source: searchsecurity.techtarget.com/definition/security-policy

Common networking attacks threats and solutions

The first thing that comes to mind when I hear the words network attacks is viruses and Trojans. Although that is partly true, there is so much more to networking attacks than just virus attacks. Due to the ever growing world of IT, there are more ways that our network can be attacked. People who want to cause trouble are finding new ways to do so. After doing my research, I have successfully found out there are four primary types of attacks. They include Reconnaissance, Access, Denial of Service and last but not least the threat of Worms, Viruses and Trojan Horses. Firstly, reconnaissance attacks are basically a kind of information on network systems. By doing this, they discover weaknesses of network. Secondly, network access attacks is hacking and getting access to a web account or sensitive information. Whether it is password attack, trust exploitation or port redirection, there will always be a way to hack. Thirdly, DOS attacks prevent the usage of services by simply consuming system resources. This attack should get special attention because it is easy to execute and hard to eliminate. Examples of DOS include ping of death and SYS flood. Lastly there is Worms and Trojans. A worm executes code and makes copies of itself on the infected computer and may infect other host on network. A Trojan on the other hand is a program or software that has a hidden purpose. It looks like something else but does a whole other thing that it is not meant to do.

There are solutions to almost every problem including the ones stated above. For the issue of password attacks, users can be educated to use complex password and restricting the number of failed login attempts. For DOS attacks, it can be avoided by using special anti-DOS Access Control Lists. For worms, there are different ways to handle the problem. One ways is to contain the spread of worms while another is to scan for vulnerable systems. And finally, for the issue of Trojans, most anti-virus software can detect  viruses and Trojans.

source: http://www.orbit-computer-solutions.com/Malicious-Code-Attacks.php