Practices to control the un-authorized access to your online business?

Answer 1

Following are various examples of management and procedural controls. • Build any system from original, clean master copies. Boot only from original diskettes whose write protection has always been in place. • USB port enabled devices should not be used until it has been scanned on a stand-alone machine that is used for no other purpose and is not connected to the network. • Antivirus software should update virus definitions frequently. • Have vendors run demonstrations on their personal machines. • Scan before any new software is installed, as commercial software occasionally is supplied with a Trojan horse. • Insist that field technicians scan their disks on a test machine before they use any of their disks on the system. • Ensure all servers are equipped with an activated current release of the virus-detection software. • Ensure bridge, router and gateway updates are authentic. • Exercise an effective back up plan. • Educate users so they will heed these policies and procedures. For example many viruses and worms today are propagated in the form of e-mail attachments. • Review antivirus policies and procedures at least once a year. • Prepare a virus eradication procedure and identify a contact person. Technical controls Technical methods of preventing viruses can be implemented through software. The following actions can reduce the risk of infection to hardware and operating systems, • Use boot virus protection (i-e., built-in, firmware-based virus protection). • Use remote booting, local hard drive of the system is not used for the boot up process. Use a hardware-based password. • Use write-protected tabs on diskettes. • Ensure insecure protocols are blocked by the firewall from external segments and the internet.