1

Juan Wilbur
Assignment 03-1

ASSIGNMENT 03-1: Ketch Co. Ethics

By: JUAN WILBUR

NTS 201: SECURITY ESSENTIALS

10/26/16
 2
Juan Wilbur
Assignment 03-1

At Ketch Co., customer satisfaction is one of the most important factors that helps keep

this company alive. As a company, we have sold millions of business software for organizations

small and large, which is a huge success for us. To keep our success, we must strengthen our

security for our customers as well as preventing anything from happening at our front. I highly

encourage that we consider Antivirus/Antimalware software, an IDS/IPS software, and secure

passwords with management. Our competitors and vicious computer hackers are always

exploring new ways to cause disasters to exploit us. If we educate our company and the

customers, we can survive through cyber hackers. So, with these three topics, we help

ourselves as a company and spread the word of security to our customers.

Antivirus software is a necessity when purchasing a computer. They scan downloads,

scan and clean the machine, and are constantly updating to prevent the user from running into

evolving malicious programs. There are many good antivirus programs such as AVG, Kaspersky

and Avast that can do the actions above and more. The sad part about network security is that

we are never truly secure, thats rule number one. So, we must educate how employees to back

up files and data. Another step into the light is to always read emails.

Phishing emails, are filled with misspelling, some type of urgency, and hyperlinks leading

into a dangerous malware that could corrupt the business systems or worse. If a person isnt

too careful, the email could look like a real email from any business, such as Amazon, Target,
 3
Juan Wilbur
Assignment 03-1

etc. There is an advanced version of phishing, it is called Spear phishing. The difference is kind

of should be obvious. Spear phishing requires a target, a higher up within the corporation like a

CEO or CISO and so on. The spelling within the email is significantly better, it text cuts straight

to the point by saying that the user account is accused of fraud, then will have a hyperlink at

the bottom claiming that they can fix it. Reading emails could save not only a home computer,

but a business.

A very basic necessity when a user owns a computer is to buy antimalware/antivirus

program. There are many out there that can do the job, but some are better than most. When

buying the newest edition of Windows, they often include a free program called Microsoft

Security Essentials. Personally, I use this program because it is free, the settings are very

simplistic and its protected me from malware in the past. It is but a simple scanner, that can

clean files, ask for file permission, and protects users from spyware, malware, worms, and other

weird programs. It is constantly updated, which means it gains more knowledge about viruses

being created today.

AVG and Kaspersky are both antimalware/antivirus programs that cost a shiny penny to

get a hold of. AVG offers many versions that help secure windows, Mac, and even android

systems. AVG is known for email server security, file server security, and network antivirus.

With email server security, users will have a virus free inbox that will protect the user from

spear phishing, phishing, Nigerian prince, and other malicious malware created by terrible
 4
Juan Wilbur
Assignment 03-1

people. The file server security protects clients personal information on a server that relates to

the business. Network antivirus allows the users within a business to surf the internet without

going into shady websites. Kaspersky is also like AVG, it offers a great scan engine, advanced

protection on almost every layer, core protection, and tons of advanced security plans. With

either one of the programs, businesses could be protected for a long time.

Before a fire is fully a flamed, there is a smoke detector just scan the scanning the air for

any unfamiliar chemical compounds. Once there is smoke in the air, the detector triggers the

alarm to warn people inside of the building. The same is also needed in and outside of firewalls

on servers. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are going

to be a major help to warn the business that they could be under attack. They both increase

security level of networks, monitoring traffic, inspecting, and scanning packets for malicious

data. There is a difference between the two, IDS provides the network with a level of

preventive security against any suspicious activity. The IDS achieves this objective through early

warnings aimed at systems administrators. However, unlike IPS, it is not designed to block

attacks. IPS is a device that controls access to IT networks to protect systems from attack and

abuse. It is designed to inspect attack data and take the corresponding action, blocking it as it is

developing and before it succeeds, creating a series of rules in the corporate security system.

A great program that does both roles of a IDS and IPS is Snort. Snort was made from the ground

up, designed with tight security and can do real time traffic analysis as well as packet logging on

IP networks. Snort is constantly updated to detect thousands of worms, vulnerability exploit

attempts, port scans, and other malicious programs.

 5
Juan Wilbur
Assignment 03-1

Last manageable thing that we need for our company is to inform our employees about

password management. Each employee is asked to come up with a password to log in to their

workstations. The password requirement length is 8 characters and goes up to 20 characters.

Every 3 months, we ask that the employees to change their passwords, to ensure tight security.

Employees will also must lock their computer after walking away from their workstations.

Employees that who share their password will be terminated.

With antivirus software, IDS or IPS, and password management will increase our security

significantly. Though, there is no such thing as complete safety, but this company will be secure

with this new information.

Resources:

http://www.avg.com/us-en/all-products?r=1#customer=home

http://usa.kaspersky.com/store/kaspersky-store

https://www.sans.org/security-resources/idfaq/what-is-intrusion-detection/1/1

https://www.snort.org/

http://searchsecurity.techtarget.com/answer/Where-to-put-an-IDS-inside-or-outside-of-the-
firewall

https://www.paloaltonetworks.com/documentation/glossary/what-is-an-intrusion-prevention-
system-ips