Cisco Networking Academy program
IT Essentials 5.0
Chapter 10: Security
Chapter 10 Objectives
10.0 Explain why security is important
Technicians need to understand computer and network security. Private information, company secrets, financial data, computer equipment, and items of national security are placed at risk if proper security procedures are not followed.
10.0.1.1 Introduction
10.1 Security Threats
10.1.1.1 Adware, Spyware and Phishing
Malicious software (malware) is any software designed to damage or to disrupt a system:
Types of malware are; viruses, worms, Trojan Horses, adware, spyware, grayware, and other unwanted software.
10.1.1.2 Viruses, Worms, Trojan Horses, and Rootkits
10.1.1.3 Explain web security
Tools that are used to make web pages more powerful and versatile can also make computers more vulnerable to attacks.
ActiveX was created by Microsoft to control interactivity on web pages. If ActiveX is on a page, an applet or small program has to be downloaded to gain access to the full functionality.
Java is a programming language that allows applets to run within a web browser. Examples of applets include a calculator or a counter.
JavaScript is a programming language developed to interact with HTML source code to allow interactive web sites. Examples include a rotating banner or a popup window. Adobe Flash - used to create interactive media (animation, video and games) for the web.
Microsoft Silverlight -used to create rich, interactive media for the web, similar to flash.
To prevent against these attacks, most browsers have settings that force the computer user to authorize the downloading or use of ActiveX, Java, or JavaScript
10.1.1.4 InPrivate Browsing
10.1.1.5 Spam
Spam, also known as junk mail, is unsolicited e-mail. In most cases, spam is used as a method of advertising. However, spam can be used to send harmful links or deceptive content.
When used as an attack method, spam may include links to an infected website or an attachment that could infect a computer. These links or attachments may result in lots of windows designed to capture your attention and lead you to advertising sites. These windows are called popups. Uncontrolled popup windows can quickly cover the user's screen and prevent any work from getting done.
To combat spam and phishing, use anti-virus software and setting options in e-mail. Some spam still may get through, so look for these common indications of spam; no subject line, incomplete return address, computer generated e-mails, and return e-mails not sent by the user.
10.1.1.6 Explain TCP/IP Attacks
TCP/IP is the protocol suite used to control all communications on the Internet. The most common TCP/IP attacks are:
Denial of Service (DoS) is a form of attack that prevents users from accessing normal services, such as e-mail or a web server, because the system is busy responding to abnormally large amounts of requests. DoS works by sending enough requests for a system resource that the requested service is overloaded and ceases to operate.
Distributed DoS (DDoS) uses many infected computers, called zombies or botnets, to launch an attack. With DDoS, the intent is to obstruct or overwhelm access to the targeted server. Zombie computers located at different geographical locations make it difficult to trace the origin of the attack.
SYN Flood randomly opens TCP ports, tying up the network equipment or computer with a large amount of false requests, causing sessions to be denied to others
Spoofing - uses a forged IP or MAC address to impersonate a trusted computer.
Man-in-the-Middle - intercepting communications between computers to steal information transiting through the network.
Replay - data transmissions are intercepted and recorded by an attacker, then replayed to gain access.
DNS Poisoning - changing DNS records to point to imposter servers.
10.1.1.7 Worksheet – Security Attacks
10.1.2.1 Social Engineering
Social engineering occurs when an attacker tries to gain access to equipment or a network by tricking people into providing the necessary access information. Often, the social engineer gains the confidence of an employee and convinces the employee to divulge username and password information.
To protect against social engineering:
Never give out your password.
Always ask for the ID of unknown persons.
Restrict access to visitors.
Escort all visitors.
Never post your password in your work area.
Lock your computer when you leave your desk.
Do not let anyone follow you through a door that requires an access card.
How many people know someone who writes a password on a note and sticks it to the
monitor or under the keyboard?
10.1.2.2 Data Wiping, Hard Drive Destruction and Recycling
Methods are commonly used to either destroy or recycle data and hard drives:
Data wiping
Degaussing
Hard drive destruction
Hard drive recycling
10.2 Security Procedures
10.2.1.1 What is a Security Policy?
A security policy includes the following elements:
An acceptable computer usage statement for the organization.
The people permitted to use the computer equipment.
Devices that are permitted to be installed on a network, as well as the conditions of the installation. Modems and wireless access points are examples of hardware that could expose the network to attacks.
Requirements necessary for data to remain confidential on a network.
Process for employees to acquire access to equipment and data. This process may require the employee to sign an agreement regarding company rules. It also lists the consequences for failure to comply.
10.2.1.2 Worksheet – Answer Security Policy Questions
Teaching Strategy: Security policies describe what to do when faced with many emergencies. It is important to develop and distribute the security policy BEFORE the emergency happens. Local security policies may vary from company to company. They may also vary depending on the device to secure.
10.2.1.3 Security Policy Requirements
The security policy should also provide detailed information about the following issues in case of an emergency:
Steps to take after a breach in security
Who to contact in an emergency
Information to share with customers, vendors, and the media
Secondary locations to use in an evacuation
Steps to take after an emergency is over, including the priority of services to be restored
10.2.1.4 Usernames and Passwords
10.2.1.5 Password Requirements
10.2.1.6 File and Folder Permissions
10.2.1.7 Lab – Securing Accounts, Data, and the Computer in Windows 7
10.2.1.8 Lab – Securing Accounts, Data, and the Computer in Windows Vista
10.2.1.9 Lab – Securing Accounts, Data, and the Computer in Windows XP
10.2.2.1 Software Firewall
Every communication using TCP/IP is associated with a port number. HTTPS, for instance, uses port 443 by default. A firewall is a way of protecting a computer from intrusion through the ports. The user can control the type of data sent to a computer by selecting which ports will be open and which will be secured.
10.2.2.2 Biometric and Smart Cards
Biometric Security compares physical characteristics against stored profiles to authenticate people. A profile is a data file containing known characteristics of an individual such as a fingerprint or a handprint. Common biometric devices available include fingerprint readers, handprint readers, iris scanners, and face recognition devices.
Smart cards store private information such as bank account numbers, personal identification, medical records, and digital signatures. Smart cards provide authentication and encryption to keep data safe.
10.2.2.3 Data backups
Data backups are one of the most effective ways of protecting against data loss. Establish data backup procedures which account for frequency of backups, storage for data backups, and securing data backups using passwords.
10.2.4.7 Firewalls
A hardware firewall passes two different types of traffic into your network:
Responses to traffic that originates from inside your network
Traffic destined for a port that you have intentionally left open
There are several types of hardware firewall configurations:
Packet filter - Packets cannot pass through the firewall, unless they match the established rule set configured in the firewall. Traffic can be filtered based on different attributes, such as source IP address, source port or destination IP address or port. Traffic can also be filtered based on destination services or protocols such as WWW or FTP.
Stateful packet inspection - This is a firewall that keeps track of the state of network connections traveling through the firewall. Packets that are not part of a known connection are dropped.
Application layer - All packets traveling to or from an application are intercepted. All unwanted outside traffic is prevented from reaching protected devices.
Proxy - This is a firewall installed on a proxy server that inspects all traffic and allows or denies packets based on configured rules. A proxy server is a server that is a relay between a client and a destination server on the Internet.
Demilitarized Zone
A DMZ is a subnetwork that provides services to an untrusted network. An email, web, or FTP server is often placed into the DMZ so that the traffic using the server does not come inside the local network. This protects the internal network from attacks by this traffic, but does not protect the servers in the DMZ in any way.
10.2.4.8 Worksheet – Research Firewalls
10.2.4.9 Port Forwarding and Port Triggering
10.2.4.10 Lab – Configure Wireless Security
10.2.5.1 Physical Equipment Protection Methods:
When a computer is stolen, the data is also stolen. There are several methods of physically
protecting computer and network equipment:
Secured telecommunications rooms, equipment cabinets, and cages
Cable locks and security screws for hardware devices
Wireless detection for unauthorized access points
Hardware firewalls
Network management system that detects changes in wiring and patch panels
Disabling AutoRun
By disabling the AutoRun feature on Windows XP, a user can minimize the security risk from a malicious program running automatically when new media is connected to the computer.
Two-factor Authentication
Computer equipment and data can be secured using overlapping protection techniques to prevent unauthorized access to sensitive data. An example of overlapping protection is using a password and a smart card to protect an asset.
Teaching Strategy: Since stealing the whole PC is the easiest way to steal data; physical computer equipment must be secured.
10.3 Common Preventive Maintenance Techniques for Security
10.3.1.1 Operating System Service Packs and Security Patches
10.3.1.2 Worksheet – Operating System Updates in Windows
Teaching Strategy: Attackers methods are constantly changing. As new exploits are discovered, manufacturers create patches and new procedures. The technician must be able to install these and the user should know how to recognize when updates are needed.
10.3.1.3 Data Backup
10.3.1.4 Lab – Data Backup and Recovery in Windows 7
10.3.1.5 Lab – Data Backup and Recovery in Windows Vista
10.3.1.6 Lab – Data Backup and Recovery in Windows XP
10.3.1.7 Configuring Firewall Types
10.3.1.8 Lab – Configure a Windows 7 Firewall
10.3.1.9 Lab – Configure a Windows Vista Firewall
10.3.1.10 Lab – Configure a Windows XP Firewall
10.3.1.11 Maintaining Accounts
10.4 Applying the Troubleshooting Process to Security
10.4.1 Applying the Troubleshooting Process to Security
10.4.1.1 Identify the Problem
10.4.1 Applying the Troubleshooting Process to Security
10.4.1.2 Establish a Theory of Probable Cause
10.4.1 Applying the Troubleshooting Process to Security
10.4.1.3 Determine the exact cause
10.4.1 Applying the Troubleshooting Process to Security
10.4.1.4 Establish a Plan of Action to Resolve the Problem and Implement a Solution
If a quick procedure does correct the problem, you can go to step 5 to verify the solution and full system functionality.
Evaluate the problem and research possible solutions. Divide larger problems into smaller problems that can be analyzed and solved individually. Prioritize solutions starting with the easiest and fastest to implement.
Check:
Helpdesk repair logs
Other techs
Manufacturer FAQs
Technical websites
News groups
Computer manuals
Device manuals
Online forums
Internet search
10.4.1 Applying the Troubleshooting Process to Security
10.4.1.5 Verify Solution and System Functionality
NOTE: Never ask a customer to reveal a password. If you need to access a computer and the customer cannot stay nearby, have the customer create a temporary password. Advise the customer to reset the password when the repair is complete.
10.4.1 Applying the Troubleshooting Process to Security
10.4.1.6 Document Findings
10.4.2.1 Identify common problems and solutions
[Direct the students to the curriculum to see all the charts explaining more common problems and solutions]
10.4.2.2 Worksheet – Gather Information from the Customer
Computer problems can be attributed to hardware, software, connectivity issues, or some combination of the three. You will resolve some types of computer problems more often than others. The worksheet is designed to reinforce your communication skills to verify information from the customer.