Two Case Studies in Information Security and Social Networks (Case Study Sample)

Two Case Studies in Information Security and Social Networks
[Author Name(s), First M. Last, Omit Titles and Degrees]
[Class]
[Professor]
[Due Date]
Author Note
[Include any grant/funding information and a complete correspondence address.]
Two Case Studies in Information Security and Social Networks
Case 1: Securing a Home Computer
Some Preventive steps regarding file security and privacy.
As the old saying goes, “An ounce of prevention is worth a pound of cure”. Therefore, the first step to consider when regarding a new home computer is the security of my data. My files and pictures are worth (to me) more than the hardware. So, the first step I would have is to acquire secondary storage media such as an external hard drive.
The external hard drive unit would allow me to have air-gapped backups of my data, and it would be for protection against ransomware. With safe offline backup ransomware immediately deescalates from a massive threat to a moderate annoyance CITATION Zim191 \l 11274 (Zimba & Chishimba, 2019).
Regarding the backup strategy, one is none and two is one. Therefore, I would keep two copies on-site (one in the computer and one in the external, unplugged backup drive) and I would hire one of the available cloud services to have backup space off-site. Some might suggest going entirely cloud-based and forgoing the on-site backup drive, but that makes no sense to me. The cloud is not a magical all-perfect entity that will forever keep the files in pristine condition. It is just someone else’s computer, and this is why I would not entirely rely on cloud backups as they are also subject to human error, malware attacks, or they may simply go out of business CITATION Buc18 \l 11274 (Bucur, Dehelean, & Miclea, 2018).
All of my important personal files and backups (such as scans of documentation, financial records, etc.) will be encrypted for an additional security layer.
Lastly, there is known malware that makes use of the webcam and microphone, so I would keep those disconnected at all times except when using them.
The Firewall and its Rules
The firewall, much like all of computer security, is an exercise in balancing security with practicality.
If the computer was set to be used by someone else, I would have to think about the use case, what is the minimum service(s) I would need to enable for the end-user, and be ready to help them when they invariably attempt to access something that was blocked.
However, this computer is for my personal use. As such, I plan on simply using the included firewall functionality (Windows does include a firewall) and simply configuring it to deny all traffic. This would be impractical for someone else, of course, but for my personal usage case I can just create exceptions whenever I need to.
This will ensure maximum security, as only what is actually used will eventually have exceptions created for it CITATION Ros20 \l 11274 (Contreras, 2020). This might slow me down a little in my use of the computer, especially in the first days when most exceptions will have to be created, but I feel that overall this will save time because I would not have to think about which rules to make (I would just make them as I needed them), as well as generate the maximum possible security while preserving usability.
The Internet: Browser settings, password policies, and Online Banking
I would install a reputable, open-source web browser such as Firefox or Brave, and leave it on its default settings as these browsers already are quite good at privacy. However, I would make sure to install an ad-block extension, as many ads include tracking software and they can even act as malware entry points CITATION Maz19 \l 11274 (Mazel, Garnier, & Fukuda, 2019).
Regarding my password policy, modern web browsers include functionality to generate and store safe passwords for use on websites, however, it is known that browser hijacking malware can read the stored passwords resulting in serious security breaches CITATION Jen21 \l 11274 (Camacho, 2021).
Therefore, my password policy would be: to use a desktop password manager with an encrypted password database, such as KeePass or similar, and to use 20 bytes long passwords for my social media and other websites. These would of course be unique to each site and changed yearly, or earlier if word of a password leak reaches me. To that end, I would check haveibeenpwned (which is a site that lists password leaks) monthly.
Furthermore, for critical applications such as my financial accounts and my e-mail account (the e-mail is considered critical because it can be used to reset a password on many sites), I would use 20 bytes long randomly generated passwords that I would memorize.
I feel that would provide an adequate balance between usability and security, as I only would have to memorize three passwords (email, finances, and the master key for the password manager) and get the benefits of unique, secure passwords on each site that I browse.
Lastly, while not directly related to password policy, I would enable two-factor authentication for my finances, email, and social media accounts associated with my personal real-life name as this greatly enhances security CITATION Jar18 \l 11274 (Jarecki, Shirvanian, & Saxena, 2018).
Regarding online banking, I would start by typing in the URL of my bank instead of using any hyperlinks or saved favorites, which can be altered by a malicious actor.
Once the page loaded, I would check that the site was using HTTPS with my browser’s functionality to said effect (Usually a padlock icon next to the URL), and then check the certificate also using my browser’s functionality (which usually involves clicking the padlock). This sounds like a hassle but it can be done in a few seconds so it really is not.
Antivirus
There is no need to reinvent the wheel here. Any of the many available antivirus software will do fine. If pressed for money, I would rather use the Windows Defender app that is included with Microsoft Windows. I would prioritize my money towards having decent online and offline backups because the data is what is really important about the computer. The software can always be reinstalled, but pictures of family and friends cannot be re-taken.
If I had some extra money to splurge on an antivirus app, I would lean towards Malwarebytes, as it is one of the top-rated antivirus applications, and it claims to provide ransomware protection CITATION Mar221 \l 11274 (Martens, 2022).
However, one key thing to note about antivirus software is that it only protects against existing and known threats, and the internet is full to the brim of new malware being created daily. I would rely more on data backups for data security and use the antivirus as a preventive tool, but certainly, I would not put 100% of my trust in antivirus software because of the aforementioned fact that antiviruses are not infallible and new malware is constantly being created.
Patches and Updates
Windows automatically updates, so there is no need to do anything there. All reputable open-source web browsers also can automatically update, although in some of them the feature must be enabled. Antiviruses also automatically update their virus database and software. So by default all patches and updates to critical security applications and the operating system are all covered, although I would check just to be sure that all were set to automatically update, which they should. If I was limited on my Internet access speed, I would configure updates to happen at times when I was not using the computer (such as late at night) to prevent update downloads from interrupting or slowing down my internet use.
The Big Picture: What does all of this do?
Automated encrypted backups (including offline and cloud backups) will prevent malware such as ransomware from being a serious threat. Furthermore, they will also protect against user errors such as accidentally deleting files and against hardware damage (either for technical or natural causes) or theft. Also, by being encrypted, the privacy conundrum of uploading personal files to the cloud is solved CITATION Sun20 \l 11274 (Sun, 2020).
The strict firewall rules will make it harder for malware to enter my system, for attackers to steal my files, and only at a minor inconvenience because I can make exceptions when I need them.
Using strong, random, unique passwords prevents identity theft, financial theft, and extortion. Also, by virtue of being unique, passwords leaked from one site cannot be used to access my accounts on other sites. Last but not least, the use of a password manager makes this practical as memorizing and renewing passwords manually is a recipe for disaster CITATION Ora21 \l 11274 (Orange County Credit Union, 2021).
The other safe web use practices would also help protect against identity theft and malware attacks.
Installing an antivirus and keeping it updated would provide protection against a majority of known threats, but I would not rely on it for protection because new malware is constantly being created.
Lastly, I would make sure to keep all of my critical software (operating system, web browser, and antivirus) automatically up to date with patches and updates, to ensure resilience to known threats. Again, I would not rely on those for data security, as new unknown threats are always a possibility, but they would be crucial in protecting against the hassle of being attacked by old malware.
Case ...