SlideShare una empresa de Scribd logo
1 de 37
Chapter 9: Security



  IT Essentials: PC Hardware and Software v4.0




ITE PC v4.0
Chapter 9                    © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   1
Purpose of this Presentation
          To provide to instructors an overview of Chapter 9:
           List of chapter objectives
           Overview of the chapter contents, including
              student worksheets
              student activities
              some potential student misconceptions

           Reflection/Activities for instructors to complete to
            prepare to teach
           Additional resources


ITE PC v4.0
Chapter 9                                © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   2
Chapter 9 Objectives
           9.1 Explain why security is important
           9.2 Describe security threats
           9.3 Identify security procedures
           9.4 Identify common preventive maintenance
            techniques for security
           9.5 Troubleshoot security




ITE PC v4.0
Chapter 9                               © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   3
Chapter 9 Worksheets and Activity
           9.1 Worksheet: Security Attacks
           9.2.1 Worksheet: Third-Party Anti-Virus Software
           9.2.3 Activity: Adware, Spyware, and Grayware
           9.4.2 Worksheet: Operating System Updates
           9.5.6 Worksheet: Gather Information from the Customer




ITE PC v4.0
Chapter 9                             © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   4
The Importance of Security
                              Private information,
                               company secrets, financial
                               data, computer equipment,
                               and items of national
                               security are placed at risk if
                               proper security procedures
                               are not followed.
                              A technician’s primary
                               responsibilities include data
                               and network security.


ITE PC v4.0
Chapter 9                    © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   5
Security Threats
          Types of attacks to computer security:
           Physical
              Theft, damage, or destruction to computer equipment.
           Data
              Removal, corruption, denial of access, unauthorized access, or
              theft of information.
          Potential threats to computer security:
           Internal threats
              Employees can cause a malicious threat or an accidental threat.
           External threats
              Outside users can attack in an unstructured or structured way.

ITE PC v4.0
Chapter 9                                  © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   6
Viruses, Worms, and Trojan Horses
               A computer virus is software code that is deliberately
                created by an attacker. Viruses may collect sensitive
                information or may alter or destroy information.
               A worm is a self-replicating program that uses the
                network to duplicate its code to the hosts on the network.
                At a minimum, worms consume bandwidth in a network.
               A Trojan horse is technically a worm and is named for its
                method of getting past computer defenses by pretending
                to be something useful.
               Anti-virus software is designed to detect, disable, and
                remove viruses, worms, and Trojan horses before they
                infect a computer.
ITE PC v4.0
Chapter 9                                  © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   7
Web Security
          Attackers may use any of these tools to install a program
          on a computer.
           ActiveX
              Controls interactivity on web pages

           Java
              Allows applets to run within a browser
              Example: a calculator or a counter

           JavaScript
              Interacts with HTML source code to allow interactive web
              sites
              Example: a rotating banner or a popup window

ITE PC v4.0
Chapter 9                                  © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   8
Adware, Spyware, and Grayware
           Typically installed without the user’s knowledge, these
            programs collect information stored on the computer,
            change the computer configuration, or open extra
            windows on the computer and all without the user’s
            consent.




ITE PC v4.0
Chapter 9                              © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   9
Denial of Service (DoS)
           Prevents users from accessing normal services
           Sends enough requests to overload a resource or even
            stopping its operation
           Ping of Death is a series of repeated, larger than
            normal pings intended to crash the receiving computer
           E-mail Bomb is a large quantity of bulk e-mail
            that overwhelms the e-mail server preventing users
            from accessing e-mail
           Distributed DoS is an attack launched from many
            computers, called zombies

ITE PC v4.0
Chapter 9                            © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   10
Spam and Popup Windows
     Spam is unsolicited email
      that can be used to send
      harmful links or deceptive
      content.
     Popups are windows that
      automatically open and
      are designed to capture
      your attention and lead
      you to advertising sites.

          Use anti-virus software, options in e-mail software, popup
          blockers, and common indications of spam to combat
          these.
ITE PC v4.0
Chapter 9                             © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   11
Social Engineering
                                            Never give out a
                                             password
                                            Always ask for the ID of
                                             the unknown person
                                            Restrict access of
                                             unexpected visitors
                                            Escort all visitors
                                             through the facility




ITE PC v4.0
Chapter 9                      © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   12
TCP/IP Attacks
          TCP/IP is used to control all Internet communications.




ITE PC v4.0
Chapter 9                             © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   13
Computer Disposal and Recycling
         Erase all hard drives, then use a third-party tool to fully
          erase all data.
         The only way to fully ensure
          that data cannot be recovered
          from a hard drive is to carefully
          shatter the platters with a
          hammer and safely dispose of
          the pieces.
         To destroy software media
          (floppy disks and CDs), use
          a shredding machine designed
          for shredding these materials.
ITE PC v4.0
Chapter 9                              © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   14
Security is Strengthened in Layers




ITE PC v4.0
Chapter 9                    © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   15
Security Policy
          Questions to answer in writing a local security policy:
             What assets require protection?
             What are the possible threats?
             What should be done in the event of a security
              breach?




ITE PC v4.0
Chapter 9                              © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   16
Protecting Equipment
          Since stealing the whole PC is the easiest way to steal
          data, physical computer equipment must be secured.
                                   Control access to facilities
                                   Use cable locks
                                   Lock telecommunication rooms
                                   Use security screws
                                   Use security cages around
                                    equipment
                                   Label and install sensors on
                                    equipment
ITE PC v4.0
Chapter 9                             © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   17
Protecting Data
          Methods of securing data:
             Password protection
             Data encryption
             Port protection
             Data backups
             File system security




ITE PC v4.0
Chapter 9                             © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   18
Levels of Wireless Security




ITE PC v4.0
Chapter 9                    © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   19
Installing Updates and Patches




         A technician recognizes when new updates and patches
         are available and knows how to install them.
ITE PC v4.0
Chapter 9                          © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   20
Updating Protection Programs
              Create a      Launch                               Click
                                                                                                  Run a
              restore      protection                           update
                                                                                                  scan
               point        program                             button



                                             Yes

              Review     Need to
                         manuall                                                          Manually
               scan      y treat                                                           treat or
              report       or                                                               delete
                         delete?

                                               No
                                                                                    Schedule future
                                                                                      automatic
                                                                                     updates and
                                                                                        scans
ITE PC v4.0
Chapter 9                               © 2007 Cisco Systems, Inc. All rights reserved.       Cisco Public   21
Operating System Updates and Patches
              Create a
                                    Check for                    Download                            Install
              restore
                                    updates                       updates                            update
               point




                                        Yes
                         Prompte
                           d to                                                          Restart
                         restart?                                                       computer

                                         No

                                                                       Test all aspects to
                                                                     ensure the update has
                                                                       not caused issues

ITE PC v4.0
Chapter 9                                       © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   22
Troubleshooting Process
              Step 1 Gather data from the customer
              Step 2 Verify the obvious issues
              Step 3 Try quick solutions first
              Step 4 Gather data from the computer
              Step 5 Evaluate the problem and implement the solution
              Step 6 Close with the customer




ITE PC v4.0
Chapter 9                                  © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   23
1. Gather Data from the Customer
           Customer information
              Company name, contact name, address, phone number

           Computer configuration
              Protection software, OS, network environment, connection type

           Description of problem
              Open-ended questions
              What changes were made to the security settings?
              Closed-ended questions
              Are the protection software signature files up-to-date?



ITE PC v4.0
Chapter 9                                  © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   24
2. Verify the Obvious Issues
          Examine the most obvious causes of a problem.
           A visual inspection can resolve some issues.
              Broken locks, signs of tampering, missing equipment

           Has an attacker accessed the equipment?
              Unfamiliar login address in login windows, unexplained entries
              in system security logs, missing or additional patch cords

           Wireless network issues
              Changes in access point configuration, unexplained
              connections in the access point status display




ITE PC v4.0
Chapter 9                                  © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   25
3. Try Quick Solutions First
           Check that all cables are connected to the proper locations
           Unseat and then reconnect cables and connectors
           Reboot the computer or network device
           Login as a different user
           Check that the anti-virus and spyware signature files are up-
            to-date
           Scan computer with protection software
           Check computer for the latest OS patches and updates
           Disconnect from the network
           Change your password
ITE PC v4.0
Chapter 9                                 © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   26
4. Gather Data from the Computer
           Third-party software, such as anti-virus and anti-
            spyware applications, can report on the files that have
            been infected.
           There are several tools available in the operating
            system that a technician can use:
              Verify that the signature file is current.
              Check the security software log file for entries.
              Task Manager is used to check for unknown applications that
              are running.




ITE PC v4.0
Chapter 9                                     © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   27
5. Evaluate Problem & Implement Solution
              1. Evaluate the information gathered from the
                 customer and from the laptop
              2. Determine possible solutions
              3. Implement the best solution
              4. If a proposed solution doesn’t correct the problem,
                 reset the computer back to the original state and try
                 another proposed solution.
              NOTE: Never ask a customer to reveal a password.



ITE PC v4.0
Chapter 9                                © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   28
6. Close with the Customer
           Discuss with customer the solution implemented.
           Have customer verify problem is solved.
           Provide all paperwork to customer.
           Document steps of solution in work order and in
            technician’s journal.
           Document components used in repair.
           Document time spent to resolve the problem.




ITE PC v4.0
Chapter 9                             © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   29
Common Problems and Solutions
              Problem Symptom                                           Possible Solution
                                                   Set Windows Automatic Update to run
    A computer runs updates and requires
                                                   daily at a convenient time, such as
    rebooting at inconvenient times.
                                                   lunchtime.
    A wireless network is compromised even         Upgrade to 128-bit WEP security, WAP, or
    though 64-bit WEP encryption is in use.        EAP-Cisco security.
                                                   After recovering any sensitive data,
    A stolen laptop is returned by the police.
                                                   destroy the hard drive and recycle the
    It is no longer needed by the user.
                                                   computer.
    A user complains that his system is            This may be a denial of service attack. At
    receiving hundreds or thousands of junk        the e-mail server, filter out e-mail from
    e-mails daily.                                 the sender.
    A printer repair person no one
                                                   Contact security or police. Advise users
    remembers seeing before is observed
                                                   never to hide passwords near their work
    looking under keyboards and on
                                                   area.
    desktops.

ITE PC v4.0
Chapter 9                                        © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   30
Chapter 9 Summary
          Following proper security procedures will protect computers
           and network equipment, and the data they contain, from
           physical danger such as fire and theft, as well as from loss
           and damage by employees and attackers.
           Security threats can come from inside or outside of an
            organization.
           Viruses and worms are common threats that attack data.
           Develop and maintain a security plan to protect both data
            and physical equipment from loss.
           Keep operating systems and applications up to date and
            secure with patches and service packs.

ITE PC v4.0
Chapter 9                               © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   31
Instructor Training
          Activities




ITE PC v4.0
Chapter 9                       © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   32
Activities for Instructor Training
          1. Take the Quiz provided in Chapter 9 course content.
          2. Conduct Internet research to pre-screen online
             resources for students to use in completing the
             following student worksheets:
                9.1 Worksheet: Security Attacks
                9.2.1 Worksheet: Third-Party Anti-Virus Software
                9.4.2 Worksheet: Operating System Updates

          3. Brainstorm a list of at least 4 additional
             troubleshooting scenarios to provide students more
             opportunities to practice this skill.
              For an example, refer to the student worksheet, 9.5.2 Gather
                 Information from the Customer.
ITE PC v4.0
Chapter 9                                 © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   33
Instructor Training Discussion
           Share with the other instructors the list of online
            resources found that students might use in completing
            the research activity worksheets.
           Share with the other instructors the list of additional
            troubleshooting scenarios.
           Participate in a role-playing activity of one of the
            troubleshooting scenarios.
           Following the role-playing activity, discuss the different
            ways you might incorporate role-playing activities into
            your classroom. Share ideas of how to make the
            student successful in these activities.

ITE PC v4.0
Chapter 9                               © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   34
Additional Resources
           Whatis?com: IT Encyclopedia and Learning Center
            http://whatis.com
           TechTarget: The Most Targeted IT Media http://techtarget.com
           ZDNet: Tech News, Blogs and White Papers for IT Professionals
            http://www.zdnet.com
           HowStuffWorks: It's Good to Know
            http://computer.howstuffworks.com
           CNET.com http://www.cnet.com
           PC World http://www.pcworld.com
           ComputerWorld http://www.computerworld.com
           WIRED NEWS http://www.wired.com
           eWEEK.com http://www.eweek.com
ITE PC v4.0
Chapter 9                                  © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   35
Q and A




ITE PC v4.0
Chapter 9           © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   36
ITE PC v4.0
Chapter 9     © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   37

Más contenido relacionado

La actualidad más candente

It essentials pc hardware and software overview
It essentials pc hardware and software overviewIt essentials pc hardware and software overview
It essentials pc hardware and software overview
Ahmed Sultan
 

La actualidad más candente (20)

ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
 
ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2
 
CCNA 1 Routing and Switching v5.0 Chapter 2
CCNA 1 Routing and Switching v5.0 Chapter 2CCNA 1 Routing and Switching v5.0 Chapter 2
CCNA 1 Routing and Switching v5.0 Chapter 2
 
CCNAv5 - S1: Chapter 3 - Network protocols and communications
CCNAv5 - S1: Chapter 3 - Network protocols and communicationsCCNAv5 - S1: Chapter 3 - Network protocols and communications
CCNAv5 - S1: Chapter 3 - Network protocols and communications
 
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
 
ITE - Chapter 2
ITE - Chapter 2ITE - Chapter 2
ITE - Chapter 2
 
CCNAv5 - S4: Chapter 4 Frame Relay
CCNAv5 - S4: Chapter 4 Frame RelayCCNAv5 - S4: Chapter 4 Frame Relay
CCNAv5 - S4: Chapter 4 Frame Relay
 
CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
 
CCNA 1 Routing and Switching v5.0 Chapter 10
CCNA 1 Routing and Switching v5.0 Chapter 10CCNA 1 Routing and Switching v5.0 Chapter 10
CCNA 1 Routing and Switching v5.0 Chapter 10
 
It essentials pc hardware and software overview
It essentials pc hardware and software overviewIt essentials pc hardware and software overview
It essentials pc hardware and software overview
 
CCNAv5 - S4: Chapter 9 troubleshooting the network
CCNAv5 - S4: Chapter 9 troubleshooting the networkCCNAv5 - S4: Chapter 9 troubleshooting the network
CCNAv5 - S4: Chapter 9 troubleshooting the network
 
IT Essentials (Version 7.0) - ITE Chapter 7 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 7 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 7 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 7 Exam Answers
 
CCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanCCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The Wan
 
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsCCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point Connections
 
CCNAv5 - S1: Chapter 1 Exploring The Network
CCNAv5 - S1: Chapter 1 Exploring The NetworkCCNAv5 - S1: Chapter 1 Exploring The Network
CCNAv5 - S1: Chapter 1 Exploring The Network
 
Unified Extensible Firmware Interface (UEFI)
Unified Extensible Firmware Interface (UEFI)Unified Extensible Firmware Interface (UEFI)
Unified Extensible Firmware Interface (UEFI)
 
IT Essentials Chapter 10
IT Essentials Chapter 10IT Essentials Chapter 10
IT Essentials Chapter 10
 

Destacado (17)

ITE - Chapter 3
ITE - Chapter 3ITE - Chapter 3
ITE - Chapter 3
 
CCNA RS_NB - Chapter 9
CCNA RS_NB - Chapter 9CCNA RS_NB - Chapter 9
CCNA RS_NB - Chapter 9
 
ITE v5.0 - Chapter 3
ITE v5.0 - Chapter 3ITE v5.0 - Chapter 3
ITE v5.0 - Chapter 3
 
CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1
 
Computer hardware presentation
Computer hardware presentationComputer hardware presentation
Computer hardware presentation
 
Computer hardware component. ppt
Computer hardware component. pptComputer hardware component. ppt
Computer hardware component. ppt
 
ITE - Chapter 11
ITE - Chapter 11ITE - Chapter 11
ITE - Chapter 11
 
ITE - Chapter 8
ITE - Chapter 8ITE - Chapter 8
ITE - Chapter 8
 
Welcome to computer basics
Welcome to computer basicsWelcome to computer basics
Welcome to computer basics
 
ITE - Chapter 13
ITE - Chapter 13ITE - Chapter 13
ITE - Chapter 13
 
Module 4 excel2010
Module 4 excel2010Module 4 excel2010
Module 4 excel2010
 
Ite pc v40_chapter8
Ite pc v40_chapter8Ite pc v40_chapter8
Ite pc v40_chapter8
 
Ite pc v40_chapter10
Ite pc v40_chapter10Ite pc v40_chapter10
Ite pc v40_chapter10
 
IT Essential - Course Overview
IT Essential - Course OverviewIT Essential - Course Overview
IT Essential - Course Overview
 
Ite pc v40_chapter13
Ite pc v40_chapter13Ite pc v40_chapter13
Ite pc v40_chapter13
 
Ite pc v40_chapter11
Ite pc v40_chapter11Ite pc v40_chapter11
Ite pc v40_chapter11
 
T4 u2 basics
T4 u2 basicsT4 u2 basics
T4 u2 basics
 

Similar a IT Essentials Chapter 9

Ite pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_hIte pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_h
Dave Arvin
 
CCNA Discovery 1 - Chapter 8
CCNA Discovery 1 - Chapter 8CCNA Discovery 1 - Chapter 8
CCNA Discovery 1 - Chapter 8
Irsandi Hasan
 
Ite pc v40_chapter8
Ite pc v40_chapter8Ite pc v40_chapter8
Ite pc v40_chapter8
Dave Arvin
 
CCNA Discovery 2 - Chapter 8
CCNA Discovery 2 - Chapter 8CCNA Discovery 2 - Chapter 8
CCNA Discovery 2 - Chapter 8
Irsandi Hasan
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
sathiyamaha
 
Computer security aspects in
Computer security aspects inComputer security aspects in
Computer security aspects in
Vishnu Suresh
 

Similar a IT Essentials Chapter 9 (20)

Ite pc v40_chapter9
Ite pc v40_chapter9Ite pc v40_chapter9
Ite pc v40_chapter9
 
Ite pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_hIte pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_h
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
 
Ite pc v40_chapter8 for student
Ite pc v40_chapter8 for studentIte pc v40_chapter8 for student
Ite pc v40_chapter8 for student
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
 
CCNA Discovery 1 - Chapter 8
CCNA Discovery 1 - Chapter 8CCNA Discovery 1 - Chapter 8
CCNA Discovery 1 - Chapter 8
 
Ite pc v40_chapter8
Ite pc v40_chapter8Ite pc v40_chapter8
Ite pc v40_chapter8
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security v
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
Network Security v1.0 - Module 1.pptx
Network Security v1.0 - Module 1.pptxNetwork Security v1.0 - Module 1.pptx
Network Security v1.0 - Module 1.pptx
 
CCNA Discovery 2 - Chapter 8
CCNA Discovery 2 - Chapter 8CCNA Discovery 2 - Chapter 8
CCNA Discovery 2 - Chapter 8
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11
 
Ite pc v40_chapter8
Ite pc v40_chapter8Ite pc v40_chapter8
Ite pc v40_chapter8
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
 
OWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsOWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention Methods
 
Network Security.pptx
Network Security.pptxNetwork Security.pptx
Network Security.pptx
 
Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11
 
CCNA Icnd110 s01l02
CCNA Icnd110 s01l02CCNA Icnd110 s01l02
CCNA Icnd110 s01l02
 
Computer security aspects in
Computer security aspects inComputer security aspects in
Computer security aspects in
 

Último

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 

Último (20)

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
Understanding Accommodations and Modifications
Understanding  Accommodations and ModificationsUnderstanding  Accommodations and Modifications
Understanding Accommodations and Modifications
 
PROCESS RECORDING FORMAT.docx
PROCESS      RECORDING        FORMAT.docxPROCESS      RECORDING        FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17  How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17  How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 

IT Essentials Chapter 9

  • 1. Chapter 9: Security IT Essentials: PC Hardware and Software v4.0 ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1
  • 2. Purpose of this Presentation To provide to instructors an overview of Chapter 9:  List of chapter objectives  Overview of the chapter contents, including student worksheets student activities some potential student misconceptions  Reflection/Activities for instructors to complete to prepare to teach  Additional resources ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2
  • 3. Chapter 9 Objectives  9.1 Explain why security is important  9.2 Describe security threats  9.3 Identify security procedures  9.4 Identify common preventive maintenance techniques for security  9.5 Troubleshoot security ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3
  • 4. Chapter 9 Worksheets and Activity  9.1 Worksheet: Security Attacks  9.2.1 Worksheet: Third-Party Anti-Virus Software  9.2.3 Activity: Adware, Spyware, and Grayware  9.4.2 Worksheet: Operating System Updates  9.5.6 Worksheet: Gather Information from the Customer ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 4
  • 5. The Importance of Security  Private information, company secrets, financial data, computer equipment, and items of national security are placed at risk if proper security procedures are not followed.  A technician’s primary responsibilities include data and network security. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 5
  • 6. Security Threats Types of attacks to computer security:  Physical Theft, damage, or destruction to computer equipment.  Data Removal, corruption, denial of access, unauthorized access, or theft of information. Potential threats to computer security:  Internal threats Employees can cause a malicious threat or an accidental threat.  External threats Outside users can attack in an unstructured or structured way. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 6
  • 7. Viruses, Worms, and Trojan Horses  A computer virus is software code that is deliberately created by an attacker. Viruses may collect sensitive information or may alter or destroy information.  A worm is a self-replicating program that uses the network to duplicate its code to the hosts on the network. At a minimum, worms consume bandwidth in a network.  A Trojan horse is technically a worm and is named for its method of getting past computer defenses by pretending to be something useful.  Anti-virus software is designed to detect, disable, and remove viruses, worms, and Trojan horses before they infect a computer. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 7
  • 8. Web Security Attackers may use any of these tools to install a program on a computer.  ActiveX Controls interactivity on web pages  Java Allows applets to run within a browser Example: a calculator or a counter  JavaScript Interacts with HTML source code to allow interactive web sites Example: a rotating banner or a popup window ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 8
  • 9. Adware, Spyware, and Grayware  Typically installed without the user’s knowledge, these programs collect information stored on the computer, change the computer configuration, or open extra windows on the computer and all without the user’s consent. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 9
  • 10. Denial of Service (DoS)  Prevents users from accessing normal services  Sends enough requests to overload a resource or even stopping its operation  Ping of Death is a series of repeated, larger than normal pings intended to crash the receiving computer  E-mail Bomb is a large quantity of bulk e-mail that overwhelms the e-mail server preventing users from accessing e-mail  Distributed DoS is an attack launched from many computers, called zombies ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 10
  • 11. Spam and Popup Windows  Spam is unsolicited email that can be used to send harmful links or deceptive content.  Popups are windows that automatically open and are designed to capture your attention and lead you to advertising sites. Use anti-virus software, options in e-mail software, popup blockers, and common indications of spam to combat these. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 11
  • 12. Social Engineering  Never give out a password  Always ask for the ID of the unknown person  Restrict access of unexpected visitors  Escort all visitors through the facility ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 12
  • 13. TCP/IP Attacks TCP/IP is used to control all Internet communications. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 13
  • 14. Computer Disposal and Recycling  Erase all hard drives, then use a third-party tool to fully erase all data.  The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces.  To destroy software media (floppy disks and CDs), use a shredding machine designed for shredding these materials. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 14
  • 15. Security is Strengthened in Layers ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 15
  • 16. Security Policy Questions to answer in writing a local security policy:  What assets require protection?  What are the possible threats?  What should be done in the event of a security breach? ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 16
  • 17. Protecting Equipment Since stealing the whole PC is the easiest way to steal data, physical computer equipment must be secured.  Control access to facilities  Use cable locks  Lock telecommunication rooms  Use security screws  Use security cages around equipment  Label and install sensors on equipment ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 17
  • 18. Protecting Data Methods of securing data:  Password protection  Data encryption  Port protection  Data backups  File system security ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 18
  • 19. Levels of Wireless Security ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 19
  • 20. Installing Updates and Patches A technician recognizes when new updates and patches are available and knows how to install them. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 20
  • 21. Updating Protection Programs Create a Launch Click Run a restore protection update scan point program button Yes Review Need to manuall Manually scan y treat treat or report or delete delete? No Schedule future automatic updates and scans ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 21
  • 22. Operating System Updates and Patches Create a Check for Download Install restore updates updates update point Yes Prompte d to Restart restart? computer No Test all aspects to ensure the update has not caused issues ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 22
  • 23. Troubleshooting Process Step 1 Gather data from the customer Step 2 Verify the obvious issues Step 3 Try quick solutions first Step 4 Gather data from the computer Step 5 Evaluate the problem and implement the solution Step 6 Close with the customer ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 23
  • 24. 1. Gather Data from the Customer  Customer information Company name, contact name, address, phone number  Computer configuration Protection software, OS, network environment, connection type  Description of problem Open-ended questions What changes were made to the security settings? Closed-ended questions Are the protection software signature files up-to-date? ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 24
  • 25. 2. Verify the Obvious Issues Examine the most obvious causes of a problem.  A visual inspection can resolve some issues. Broken locks, signs of tampering, missing equipment  Has an attacker accessed the equipment? Unfamiliar login address in login windows, unexplained entries in system security logs, missing or additional patch cords  Wireless network issues Changes in access point configuration, unexplained connections in the access point status display ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 25
  • 26. 3. Try Quick Solutions First  Check that all cables are connected to the proper locations  Unseat and then reconnect cables and connectors  Reboot the computer or network device  Login as a different user  Check that the anti-virus and spyware signature files are up- to-date  Scan computer with protection software  Check computer for the latest OS patches and updates  Disconnect from the network  Change your password ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 26
  • 27. 4. Gather Data from the Computer  Third-party software, such as anti-virus and anti- spyware applications, can report on the files that have been infected.  There are several tools available in the operating system that a technician can use: Verify that the signature file is current. Check the security software log file for entries. Task Manager is used to check for unknown applications that are running. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 27
  • 28. 5. Evaluate Problem & Implement Solution 1. Evaluate the information gathered from the customer and from the laptop 2. Determine possible solutions 3. Implement the best solution 4. If a proposed solution doesn’t correct the problem, reset the computer back to the original state and try another proposed solution. NOTE: Never ask a customer to reveal a password. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 28
  • 29. 6. Close with the Customer  Discuss with customer the solution implemented.  Have customer verify problem is solved.  Provide all paperwork to customer.  Document steps of solution in work order and in technician’s journal.  Document components used in repair.  Document time spent to resolve the problem. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 29
  • 30. Common Problems and Solutions Problem Symptom Possible Solution Set Windows Automatic Update to run A computer runs updates and requires daily at a convenient time, such as rebooting at inconvenient times. lunchtime. A wireless network is compromised even Upgrade to 128-bit WEP security, WAP, or though 64-bit WEP encryption is in use. EAP-Cisco security. After recovering any sensitive data, A stolen laptop is returned by the police. destroy the hard drive and recycle the It is no longer needed by the user. computer. A user complains that his system is This may be a denial of service attack. At receiving hundreds or thousands of junk the e-mail server, filter out e-mail from e-mails daily. the sender. A printer repair person no one Contact security or police. Advise users remembers seeing before is observed never to hide passwords near their work looking under keyboards and on area. desktops. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 30
  • 31. Chapter 9 Summary Following proper security procedures will protect computers and network equipment, and the data they contain, from physical danger such as fire and theft, as well as from loss and damage by employees and attackers.  Security threats can come from inside or outside of an organization.  Viruses and worms are common threats that attack data.  Develop and maintain a security plan to protect both data and physical equipment from loss.  Keep operating systems and applications up to date and secure with patches and service packs. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 31
  • 32. Instructor Training Activities ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 32
  • 33. Activities for Instructor Training 1. Take the Quiz provided in Chapter 9 course content. 2. Conduct Internet research to pre-screen online resources for students to use in completing the following student worksheets: 9.1 Worksheet: Security Attacks 9.2.1 Worksheet: Third-Party Anti-Virus Software 9.4.2 Worksheet: Operating System Updates 3. Brainstorm a list of at least 4 additional troubleshooting scenarios to provide students more opportunities to practice this skill. For an example, refer to the student worksheet, 9.5.2 Gather Information from the Customer. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 33
  • 34. Instructor Training Discussion  Share with the other instructors the list of online resources found that students might use in completing the research activity worksheets.  Share with the other instructors the list of additional troubleshooting scenarios.  Participate in a role-playing activity of one of the troubleshooting scenarios.  Following the role-playing activity, discuss the different ways you might incorporate role-playing activities into your classroom. Share ideas of how to make the student successful in these activities. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 34
  • 35. Additional Resources  Whatis?com: IT Encyclopedia and Learning Center http://whatis.com  TechTarget: The Most Targeted IT Media http://techtarget.com  ZDNet: Tech News, Blogs and White Papers for IT Professionals http://www.zdnet.com  HowStuffWorks: It's Good to Know http://computer.howstuffworks.com  CNET.com http://www.cnet.com  PC World http://www.pcworld.com  ComputerWorld http://www.computerworld.com  WIRED NEWS http://www.wired.com  eWEEK.com http://www.eweek.com ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 35
  • 36. Q and A ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 36
  • 37. ITE PC v4.0 Chapter 9 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 37