SlideShare una empresa de Scribd logo

Chapter 10.0

Descargar como DOCX, PDF
A
Adebisi Tolulope

CISCO IT Essentials abridged note

EducaciónTecnología
1 de 15
Chapter 10 Security Computer and network security helps to ensure that only authorized personnel have access. It also helps to keep data and equipment functioning properly. Threats to security can be internal or external to come from the inside or outside of an organization, and the level of potential damage can vary greatly. Internal threats - Users and employees who have access to data, equipment, and the network External threats - Users outside of an organization who do not have authorized access to the network or resources Theft, loss, network intrusion, and physical damage are some of the ways a network or computer can be harmed. Damage or loss of equipment can mean a loss of productivity. Repairing and replacing equipment can cost the company time and money. Unauthorized use of a network can expose confidential information, violate the integrity of data, and reduce network resources. To successfully protect computers and the network, a technician must understand both types of threats to computer security: Physical - Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring Data - Events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information Security Threats Malware is any software created to perform malicious acts. Malware includes adware, spyware, grayware, phishing, viruses, worms, Trojan horses, and rootkits. Malware is usually installed on a computer without the knowledge of the user. These programs open extra windows on the computer or change the computer configuration. Malware can also collect information stored on the computer without the user’s consent. Types of Security Threats (i) Adware is a software program that displays advertising on your computer. Adware is usually distributed with downloaded software. Most often, adware is displayed in a pop-up window. Adware pop-up windows are sometimes difficult to control and open new windows faster than users can close them.
(ii) Spyware is similar to adware. It is distributed without user intervention or knowledge. After spyware is installed and run, it monitors activity on the computer. The spyware then sends this information to the individual or organization responsible for launching the spyware. (iii) Grayware is similar to adware. Grayware may be malicious and is sometimes installed with the user’s consent. For example, a free software program may require the installation of a toolbar that displays advertising or tracks a user’s website history. (iv) Phishing is where the attacker pretends to represent a legitimate outside organization, such as a bank. A potential victim is contacted via email, telephone, or text message. The attacker might ask for verification of information, such as a password or username, to possibly prevent some terrible consequence from occurring. A virus is a program written with malicious intent and sent by attackers. The virus is transferred to another computer through email, file transfers, and instant messaging. The virus hides by attaching itself to computer code, software, or documents on the computer. When the file is accessed, the virus executes and infects the computer. When the file is accessed, the virus executes and infects the computer. A virus has the potential to corrupt or even delete files on your computer, use your email to spread itself to other computers, prevent the computer from booting, cause applications to not load or operate correctly, or even erase your entire hard drive. A worm is a self-replicating program that is harmful to networks. A worm uses the network to duplicate its code to the hosts on a network, often without user intervention. A worm is different from a virus because it does not need to attach to a program to infect a host. Worms typically spread by automatically exploiting known vulnerabilities in legitimate software.  A Trojan is malicious software that is disguised as a legitimate program. It is named for its method of getting past computer defenses by pretending to be something useful.  A rootkit is a malicious program that gains full access to a computer system. Often, a direct attack on a system using a known vulnerability or password is used to gain Administrator- account level access. Because the rootkit has this privileged access, the program is able to hide the files, registry edits, and folders that it uses from detection by typical virus or spyware programs. Virus protection software, also known as antivirus software, is designed to detect, disable, and remove viruses, worms, and Trojans before they infect a computer. Web Security Tools that are used to make web pages more powerful and versatile can also make computers more vulnerable to attacks. These are some examples of web tools:
o ActiveX was created by Microsoft to control interactivity on web pages. If ActiveX is on a page, an applet or small program has to be downloaded to gain access to the full functionality. o Java is a programming language that allows applets to run within a web browser. Examples of applets include a calculator or a counter. o JavaScript is a programming language developed to interact with HTML source code to allow interactive web sites. Examples include a rotating banner or a popup window. Adobe Flash - used to create interactive media (animation, video and games) for the web. o Microsoft Silverlight -used to create rich, interactive media for the web, similar to flash. To prevent against these attacks, most browsers have settings that force the computer user to authorize the downloading or use of these tools. ActiveX filtering Pop-up Blockers SmartScreen Filter (Internet Explorer) Spam, also known as junk mail, is unsolicited e-mail. In most cases, spam is used as a method of advertising. However, spam can be used to send harmful links or deceptive content. TCP/IP Attacks TCP/IP is the protocol suite used to control all communications on the Internet. The most common TCP/IP attacks are: • Denial of Service (DoS) is a form of attack that prevents users from accessing normal services, such as e-mail or a web server, because the system is busy responding to abnormally large amounts of requests. DoS works by sending enough requests for a system resource that the requested service is overloaded and ceases to operate. • Distributed DoS (DDoS) uses many infected computers, called zombies or botnets, to launch an attack. With DDoS, the intent is to obstruct or overwhelm access to the targeted server. Zombie computers located at different geographical locations make it difficult to trace the origin of the attack. • SYN Flood randomly opens TCP ports, tying up the network equipment or computer with a large amount of false requests, causing sessions to be denied to others • Spoofing - uses a forged IP or MAC address to impersonate a trusted computer.
• Man-in-the-Middle - intercepting communications between computers to steal information transiting through the network. • Replay - data transmissions are intercepted and recorded by an attacker, then replayed to gain access. • DNS Poisoning - changing DNS records to point to imposter servers. Social Engineering Social engineering occurs when an attacker tries to gain access to equipment or a network by tricking people into providing the necessary access information. Often, the social engineer gains the confidence of an employee and convinces the employee to divulge username and password information. To protect against social engineering: • Never give out your password. • Always ask for the ID of unknown persons. • Restrict access to visitors. • Escort all visitors. • Never post your password in your work area. • Lock your computer when you leave your desk. • Do not let anyone follow you through a door that requires an access card. Hard Drive Disposal and Recycling (i) Data wiping is often performed on hard drives containing sensitive data such as financial information. It is not enough to delete files or even format the drive. Software tools can still be used to recover folders, files, and even entire partitions if they are not erased properly. Use software specifically designed to overwrite data multiple times, rendering the data unusable. It is important to remember that data wiping is irreversible, and the data can never be recovered. (ii) Degaussing disrupts or eliminates the magnetic field on a hard drive that allow for the storage of data. (iii) Hard Drive Destruction: The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces. (iv) Hard Drive Recycling - Hard drives that do not contain sensitive data can be reformatted and used in other computers.
Security Policies A security policy is a collection of rules, guidelines, and checklists. A security policy includes the following elements: • An acceptable computer usage statement for the organization. • The people permitted to use the computer equipment. • Devices that are permitted to be installed on a network, as well as the conditions of the installation. Modems and wireless access points are examples of hardware that could expose the network to attacks. • Requirements necessary for data to remain confidential on a network. • Process for employees to acquire access to equipment and data. This process may require the employee to sign an agreement regarding company rules. It also lists the consequences for failure to comply. Security Policy Requirements The security policy should also provide detailed information about the following issues in case of an emergency: • Steps to take after a breach in security • Who to contact in an emergency • Information to share with customers, vendors, and the media • Secondary locations to use in an evacuation Steps to take after an emergency is over, including the priority of services to be restored Passwords Password guidelines are an important component of a security policy. Passwords help prevent theft of data and malicious acts. Passwords also help to ensure that logging of events is correct by ensuring that the user is the correct person. Three levels of password protection are recommended: BIOS - Prevents the operating system from booting and the BIOS settings from being changed without the appropriate password. Login - Prevents unauthorized access to the local computer.
Network - Prevents access to network resources by unauthorized personnel. Guidelines for creating strong passwords are: Length - Use at least eight characters. Complexity - Include letters, numbers, symbols, and punctuation. Use a variety of keys on the keyboard, not just common letters and characters. Variation - Change passwords often. Set a reminder to change the passwords you have for email, banking, and credit card websites on the average of every three to four months. Variety - Use a different password for each site or computer that you use. File and Folder Permissions Permission levels are configured to limit individual or group user access to specific data. Both FAT32 and NTFS allow folder sharing and folder-level permissions for users with network access.  NTFS – File system that uses journals which are special areas where file changes are recorded before changes are made. • Can log access by user, date, and time. • Has encryption capability.  FAT 32 - no encryption or journaling  Principle of Least Privilege - only allow users access to the resources they need.  Restricting User Permissions-. If an individual or a group is denied permissions to a network share, this denial overrides any other permission given. Lab Activity Lab 10.2.1.7, 10.2.1.8, 10.2.1.9 Protecting Data The value of physical equipment is often far less than the value of the data it contains. To protect data, there are several methods of security protection that can be implemented. • A firewall is a way of protecting a computer from intrusion through the ports. The user can control the type of data sent to a computer by selecting which ports will be open and which will be secured.
• Biometric Security compares physical characteristics against stored profiles to authenticate people. A profile is a data file containing known characteristics of an individual such as a fingerprint or a handprint. Common biometric devices available include fingerprint readers, handprint readers, iris scanners, and face recognition devices. • Smart cards store private information such as bank account numbers, personal identification, medical records, and digital signatures. Smart cards provide authentication and encryption to keep data safe. • Data backups are one of the most effective ways of protecting against data loss. Establish data backup procedures which account for frequency of backups, storage for data backups, and securing data backups using passwords. • Data Encryption is where data is transformed using a complicated algorithm to make it unreadable. A special key must be used to return the unreadable information back into readable data. Software programs are used to encrypt files, folders, and even entire drives. Malware Software Protection Programs It may take several different programs and multiple scans to completely remove all malicious software. Run only one malware protection program at a time. Virus protection - An antivirus program typically runs automatically in the background and monitors for problems. When a virus is detected, the user is warned, and the program attempts to quarantine or delete the virus. Spyware protection - Antispyware programs scan for keyloggers, which capture your keystrokes, and other malware so that it can be removed from the computer. Adware protection - Anti-adware programs look for programs that display advertising on your computer. Phishing protection - Antiphishing programs block the IP addresses of known phishing websites and warn the user about suspicious websites. Common Communication Encryption Types Hash Encoding: Hash encoding, or hashing, ensures that messages are not corrupted or tampered with during transmission. Symmetric encryption requires both sides of an encrypted conversation to use an encryption key to encode and decode the data. The sender and receiver must use identical keys.
Asymmetric encryption requires two keys, a private key and a public key. The public key can be widely distributed, including emailing in cleartext or posting on the web.  The Service Set Identifier (SSID) is the name of the wireless network. A wireless router or access point broadcasts the SSID by default so that wireless devices can detect the wireless network.  Mac Address Filtering (MAC) address filtering is a technique used to deploy device-level security on a wireless LAN. Wireless Security Modes Most wireless access points support several different security modes. The most common ones are:  Wired Equivalent Privacy (WEP) – The first generation security standard for wireless. Attackers quickly discovered that WEP encryption was easy to break.  Wi-Fi Protected Access (WPA)- An improved version of WEP, uses much stronger encryption.  Wi-Fi Protected Access 2 (WPA2) -WPA2 supports robust encryption, providing government- grade security. A hardware firewall is a physical filtering component that inspects data packets from the network before they reach computers and other devices on a network. A hardware firewall passes two different types of traffic into your network: • Responses to traffic that originates from inside your network • Traffic destined for a port that you have intentionally left open There are several types of hardware firewall configurations: • Packet filter - Packets cannot pass through the firewall, unless they match the established rule set configured in the firewall. Traffic can be filtered based on different attributes, such as source IP address, source port or destination IP address or port. Traffic can also be filtered based on destination services or protocols such as WWW or FTP. • Stateful packet inspection - This is a firewall that keeps track of the state of network connections traveling through the firewall. Packets that are not part of a known connection are dropped. • Application layer - All packets traveling to or from an application are intercepted. All unwanted outside traffic is prevented from reaching protected devices. • Proxy - This is a firewall installed on a proxy server that inspects all traffic and allows or denies packets based on configured rules. A proxy server is a server that is a relay between a client and a destination server on the Internet. • Demilitarized Zone
• A Demilitarized Zone (DMZ) is a subnetwork that provides services to an untrusted network. An email, web, or FTP server is often placed into the DMZ so that the traffic using the server does not come inside the local network. This protects the internal network from attacks by this traffic, but does not protect the servers in the DMZ in any way. • Port forwarding is a rule-based method of directing traffic between devices on separate networks: • Used when specific ports must be opened so that certain programs and applications can communicate with devices on different networks. • Router determines if the traffic should be forwarded to a certain device based on the port number found with the traffic. For example HTTP – Port 80. • Port triggering allows the router to temporarily forward data through inbound ports to a specific device. • For example, a video game might use ports 27000 to 27100 for connecting with other players. These are the trigger ports. Lab Activity Lab: 10.3.1.4, 10.3.1.5, 10.3.1.6, 10.3.1.8, 10.3.1.9, 10.3.1.10 Question 1. A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? DDoS spam social engineering anonymous keylogging
2. Which two security precautions will help protect a workplace against social engineering? (Choose two.) performing daily data backups encrypting all sensitive data stored on the servers registering and escorting all visitors to the premises ensuring that all operating system and antivirus software is up to date ensuring that each use of an access card allows access to only one user at the time 3. What are two typical physical security precautions that a business can take to protect its computers and systems? (Choose two.) Perform daily data backups. Implement biometric authentication. Disable the autorun feature in the operating system. Replace any software firewalls with a hardware firewall. Ensure that all operating system and antivirus software is up to date. 4. Which physical security technology can hold user authentication information, include software license protection, provide encryption, and provide hardware and software authentication that is specific to the host system? card key access two-factor security biometric authentication Trusted Platform Module (TPM) 5. It has been noted that the computers of employees who use removable flash drives are being infected with viruses and other malware. Which two actions can help prevent this problem in the future? (Choose two.)
Set virus protection software to scan removable media when data is accessed. Configure the Windows Firewall to block the ports that are used by viruses. Disable the autorun feature in the operating system. Repair, delete, or quarantine the infected files. Enable the TPM in the CMOS settings. 6. In which situation would a computer technician use the fixmbr command at the command prompt of a Windows XP computer to resolve a security issue? when a virus has damaged the boot sector of the system disk when a virus has damaged the master boot record of the system disk when the folder permissions for user members of a group are incorrect when unauthorized users have changed the CMOS settings and the CMOS password must be reset 7. All users working with a particular Windows 7 computer are able to install unauthorized software. In addition to educating the users about correct security behavior, which action should also be performed to solve this issue? Disable the users' accounts. Enable UAC on the computer. Set the user folder permissions to Deny. Change the user file permissions to Read Only. 8. You want to dispose of a 2.5 terabyte hard drive that contains confidential financial information. What is the recommended procedure to achieve this? Drill through the HDD. Smash the platters with a hammer. Immerse the HDD in a weak solution of bicarbonate of soda. Use data wiping. 9.
What is the most effective way of securing wireless traffic? WPA2 SSID hiding WEP wireless MAC filtering 10. Which two items are used in asymmetric encryption? (Choose two.) a token a DES key a private key a public key a TPM 11. Which two characteristics describe a worm? (Choose two.) executes when software is run on a computer is self-replicating hides in a dormant state until needed by an attacker infects computers by attaching to software code travels to new computers without any intervention or knowledge of the user 12. Which type of security threat uses email that appears to be from a legitimate sender and asks the email recipient to visit a website to enter confidential information? adware phishing stealth virus worm 13.
Which three questions should be addressed by organizations developing a security policy? (Choose three.) What assets require protection? How should future expansion be done? What is to be done in the case of a security breach? When do the assets need protecting? What insurance coverage is required? What are the possible threats to the assets of the organization? 14. What does a malware detection program look for when running a scan? a service pack patterns in the programming code of the software on a computer patches that prevent a newly discovered virus or worm from making a successful attack mirror sites 15. Port triggering has been configured on a wireless router. Port 25 has been defined as the trigger port and port 113 as an open port. What effect does this have on network traffic? Any traffic that comes into port 25 allows outgoing port 113 to be used. All traffic that is sent into port 25 to the internal network will also be allowed to use port 113. Any traffic that is using port 25 going out of the internal network will also be allowed to transmit out port 113. All traffic that is sent out port 25 will open port 113 to allow inbound traffic into the internal network through port 113. 16. Which two characteristics of network traffic are being monitored if a network technician configures the company firewall to operate as a packet filter? (Choose two.) packet speed physical addresses packet size
ports protocols 17. What is the primary goal of a DoS attack? to facilitate access to external networks to prevent the target server from being able to handle additional requests to obtain all addresses in the address book within the server to scan the data on the target server 18. Which question would be an example of an open-ended question that a technician might ask when troubleshooting a security issue? Is your security software up to date? Have you scanned your computer recently for viruses? Did you open any attachments from a suspicious email message? What symptoms are you experiencing? 19. Which action would help a technician to determine if a denial of service attack is being caused by malware on a host? Disconnect the host from the network. Log on to the host as a different user. Disable ActiveX and Silverlight on the host. Install rogue antivirus software on the host. 20. A technician is troubleshooting a computer security issue. The computer was compromised by an attacker as a result of the user having a weak password. Which action should the technician take as a preventive measure against this type of attack happening in the future? Check the computer for the latest OS patches and updates. Verify the physical security of all offices.
Ensure the security policy is being enforced. Scan the computer with protection software. 21. A user has reported that a computer web browser will not display the correct home page even if the default page is reset. What is the likely cause of this problem? UAC has been disabled on the computer. The computer has been infected with spyware. A virus has damaged the boot sector of the system disk. Folder permissions have been changed from Deny to Allow. 22. What is the name given to the programming-code patterns of viruses? grayware mirrors signatures virus definition tables

Recomendados

Chapter 6.0
Chapter 6.0Chapter 6.0
Chapter 6.0Adebisi Tolulope
 
Chapter 12.0
Chapter 12.0Chapter 12.0
Chapter 12.0Adebisi Tolulope
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacymalik1972
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
computer security
computer securitycomputer security
computer securityAzhar Akhtar
 
Chapter 11
Chapter 11Chapter 11
Chapter 11Mohd Khairil Borhanudin
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security riskshazirma
 

Recomendados

Chapter 6.0
Chapter 6.0Chapter 6.0
Chapter 6.0Adebisi Tolulope
 
Chapter 12.0
Chapter 12.0Chapter 12.0
Chapter 12.0Adebisi Tolulope
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacymalik1972
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
computer security
computer securitycomputer security
computer securityAzhar Akhtar
 
Chapter 11
Chapter 11Chapter 11
Chapter 11Mohd Khairil Borhanudin
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security riskshazirma
 
Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Anna Stirling
 
Secure Use of IT
Secure Use of ITSecure Use of IT
Secure Use of ITMichael Lew
 
Web browser week5 presentation
Web browser week5 presentationWeb browser week5 presentation
Web browser week5 presentationDeepak John
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Modul 1-sample-test
Modul 1-sample-testModul 1-sample-test
Modul 1-sample-teststacio
 
Network Threats
Network ThreatsNetwork Threats
Network ThreatsDan Oblak
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security conceptssonuagain
 
iGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTiGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTjonspav
 
System failure
System failureSystem failure
System failurechrispaul8676
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Computer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & PrivacyComputer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & PrivacySamudin Kassan
 
Computer Security
Computer SecurityComputer Security
Computer SecurityCristian Mihai
 
The effects of using ict
The effects of using ictThe effects of using ict
The effects of using ictodalyfer
 
NSA and PT
NSA and PTNSA and PT
NSA and PTRahmat Suhatman
 
Slicksheet best practicesforkeepingyourhomenetworksecure
Slicksheet best practicesforkeepingyourhomenetworksecureSlicksheet best practicesforkeepingyourhomenetworksecure
Slicksheet best practicesforkeepingyourhomenetworksecureMargus Meigo
 
I Tservices Group Consultancy
I Tservices Group ConsultancyI Tservices Group Consultancy
I Tservices Group ConsultancyDBALLIANCE Ltd UK
 
Computer security
Computer securityComputer security
Computer securityDhani Ahmad
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)Wail Hassan
 
Computer Security
Computer SecurityComputer Security
Computer Securityvishal purkuti
 
PACE-IT, Security+1.4: Common Network Protocols (part 2)
PACE-IT, Security+1.4: Common Network Protocols (part 2)PACE-IT, Security+1.4: Common Network Protocols (part 2)
PACE-IT, Security+1.4: Common Network Protocols (part 2)Pace IT at Edmonds Community College
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptxJoselitoJMebolos
 

Más contenido relacionado

La actualidad más candente

Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Anna Stirling
 
Secure Use of IT
Secure Use of ITSecure Use of IT
Secure Use of ITMichael Lew
 
Web browser week5 presentation
Web browser week5 presentationWeb browser week5 presentation
Web browser week5 presentationDeepak John
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Modul 1-sample-test
Modul 1-sample-testModul 1-sample-test
Modul 1-sample-teststacio
 
Network Threats
Network ThreatsNetwork Threats
Network ThreatsDan Oblak
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security conceptssonuagain
 
iGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTiGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTjonspav
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Computer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & PrivacyComputer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & PrivacySamudin Kassan
 
The effects of using ict
The effects of using ictThe effects of using ict
The effects of using ictodalyfer
 
Slicksheet best practicesforkeepingyourhomenetworksecure
Slicksheet best practicesforkeepingyourhomenetworksecureSlicksheet best practicesforkeepingyourhomenetworksecure
Slicksheet best practicesforkeepingyourhomenetworksecureMargus Meigo
 
I Tservices Group Consultancy
I Tservices Group ConsultancyI Tservices Group Consultancy
I Tservices Group ConsultancyDBALLIANCE Ltd UK
 
Computer security
Computer securityComputer security
Computer securityDhani Ahmad
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)Wail Hassan
 

La actualidad más candente (20)

Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Discovering Computers: Chapter 11
Discovering Computers: Chapter 11
 
Secure Use of IT
Secure Use of ITSecure Use of IT
Secure Use of IT
 
Web browser week5 presentation
Web browser week5 presentationWeb browser week5 presentation
Web browser week5 presentation
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
 
Modul 1-sample-test
Modul 1-sample-testModul 1-sample-test
Modul 1-sample-test
 
Network Threats
Network ThreatsNetwork Threats
Network Threats
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security concepts
 
iGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTiGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICT
 
System failure
System failureSystem failure
System failure
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
Computer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & PrivacyComputer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & Privacy
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
The effects of using ict
The effects of using ictThe effects of using ict
The effects of using ict
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
 
Slicksheet best practicesforkeepingyourhomenetworksecure
Slicksheet best practicesforkeepingyourhomenetworksecureSlicksheet best practicesforkeepingyourhomenetworksecure
Slicksheet best practicesforkeepingyourhomenetworksecure
 
I Tservices Group Consultancy
I Tservices Group ConsultancyI Tservices Group Consultancy
I Tservices Group Consultancy
 
Computer security
Computer securityComputer security
Computer security
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
PACE-IT, Security+1.4: Common Network Protocols (part 2)
PACE-IT, Security+1.4: Common Network Protocols (part 2)PACE-IT, Security+1.4: Common Network Protocols (part 2)
PACE-IT, Security+1.4: Common Network Protocols (part 2)
 

Similar a Chapter 10.0

Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptxbabepa2317
 
Internet security
Internet securityInternet security
Internet securityat1211
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyHaider Ali Malik
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfsrtwgwfwwgw
 
Security communication
Security communicationSecurity communication
Security communicationSay Shyong
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking - Mark - Fullbright
 

Similar a Chapter 10.0 (20)

Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Computer security and
Computer security andComputer security and
Computer security and
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
 
Internet security
Internet securityInternet security
Internet security
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Computing safety
Computing safetyComputing safety
Computing safety
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Security communication
Security communicationSecurity communication
Security communication
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking
 

Último

Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
TEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxTEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxruthvilladarez
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Millenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxMillenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxJanEmmanBrigoli
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 

Último (20)

Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
TEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxTEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docx
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Millenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxMillenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptx
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 

Chapter 10.0

  • 1. Chapter 10 Security Computer and network security helps to ensure that only authorized personnel have access. It also helps to keep data and equipment functioning properly. Threats to security can be internal or external to come from the inside or outside of an organization, and the level of potential damage can vary greatly. Internal threats - Users and employees who have access to data, equipment, and the network External threats - Users outside of an organization who do not have authorized access to the network or resources Theft, loss, network intrusion, and physical damage are some of the ways a network or computer can be harmed. Damage or loss of equipment can mean a loss of productivity. Repairing and replacing equipment can cost the company time and money. Unauthorized use of a network can expose confidential information, violate the integrity of data, and reduce network resources. To successfully protect computers and the network, a technician must understand both types of threats to computer security: Physical - Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring Data - Events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information Security Threats Malware is any software created to perform malicious acts. Malware includes adware, spyware, grayware, phishing, viruses, worms, Trojan horses, and rootkits. Malware is usually installed on a computer without the knowledge of the user. These programs open extra windows on the computer or change the computer configuration. Malware can also collect information stored on the computer without the user’s consent. Types of Security Threats (i) Adware is a software program that displays advertising on your computer. Adware is usually distributed with downloaded software. Most often, adware is displayed in a pop-up window. Adware pop-up windows are sometimes difficult to control and open new windows faster than users can close them.
  • 2. (ii) Spyware is similar to adware. It is distributed without user intervention or knowledge. After spyware is installed and run, it monitors activity on the computer. The spyware then sends this information to the individual or organization responsible for launching the spyware. (iii) Grayware is similar to adware. Grayware may be malicious and is sometimes installed with the user’s consent. For example, a free software program may require the installation of a toolbar that displays advertising or tracks a user’s website history. (iv) Phishing is where the attacker pretends to represent a legitimate outside organization, such as a bank. A potential victim is contacted via email, telephone, or text message. The attacker might ask for verification of information, such as a password or username, to possibly prevent some terrible consequence from occurring. A virus is a program written with malicious intent and sent by attackers. The virus is transferred to another computer through email, file transfers, and instant messaging. The virus hides by attaching itself to computer code, software, or documents on the computer. When the file is accessed, the virus executes and infects the computer. When the file is accessed, the virus executes and infects the computer. A virus has the potential to corrupt or even delete files on your computer, use your email to spread itself to other computers, prevent the computer from booting, cause applications to not load or operate correctly, or even erase your entire hard drive. A worm is a self-replicating program that is harmful to networks. A worm uses the network to duplicate its code to the hosts on a network, often without user intervention. A worm is different from a virus because it does not need to attach to a program to infect a host. Worms typically spread by automatically exploiting known vulnerabilities in legitimate software.  A Trojan is malicious software that is disguised as a legitimate program. It is named for its method of getting past computer defenses by pretending to be something useful.  A rootkit is a malicious program that gains full access to a computer system. Often, a direct attack on a system using a known vulnerability or password is used to gain Administrator- account level access. Because the rootkit has this privileged access, the program is able to hide the files, registry edits, and folders that it uses from detection by typical virus or spyware programs. Virus protection software, also known as antivirus software, is designed to detect, disable, and remove viruses, worms, and Trojans before they infect a computer. Web Security Tools that are used to make web pages more powerful and versatile can also make computers more vulnerable to attacks. These are some examples of web tools:
  • 3. o ActiveX was created by Microsoft to control interactivity on web pages. If ActiveX is on a page, an applet or small program has to be downloaded to gain access to the full functionality. o Java is a programming language that allows applets to run within a web browser. Examples of applets include a calculator or a counter. o JavaScript is a programming language developed to interact with HTML source code to allow interactive web sites. Examples include a rotating banner or a popup window. Adobe Flash - used to create interactive media (animation, video and games) for the web. o Microsoft Silverlight -used to create rich, interactive media for the web, similar to flash. To prevent against these attacks, most browsers have settings that force the computer user to authorize the downloading or use of these tools. ActiveX filtering Pop-up Blockers SmartScreen Filter (Internet Explorer) Spam, also known as junk mail, is unsolicited e-mail. In most cases, spam is used as a method of advertising. However, spam can be used to send harmful links or deceptive content. TCP/IP Attacks TCP/IP is the protocol suite used to control all communications on the Internet. The most common TCP/IP attacks are: • Denial of Service (DoS) is a form of attack that prevents users from accessing normal services, such as e-mail or a web server, because the system is busy responding to abnormally large amounts of requests. DoS works by sending enough requests for a system resource that the requested service is overloaded and ceases to operate. • Distributed DoS (DDoS) uses many infected computers, called zombies or botnets, to launch an attack. With DDoS, the intent is to obstruct or overwhelm access to the targeted server. Zombie computers located at different geographical locations make it difficult to trace the origin of the attack. • SYN Flood randomly opens TCP ports, tying up the network equipment or computer with a large amount of false requests, causing sessions to be denied to others • Spoofing - uses a forged IP or MAC address to impersonate a trusted computer.
  • 4. • Man-in-the-Middle - intercepting communications between computers to steal information transiting through the network. • Replay - data transmissions are intercepted and recorded by an attacker, then replayed to gain access. • DNS Poisoning - changing DNS records to point to imposter servers. Social Engineering Social engineering occurs when an attacker tries to gain access to equipment or a network by tricking people into providing the necessary access information. Often, the social engineer gains the confidence of an employee and convinces the employee to divulge username and password information. To protect against social engineering: • Never give out your password. • Always ask for the ID of unknown persons. • Restrict access to visitors. • Escort all visitors. • Never post your password in your work area. • Lock your computer when you leave your desk. • Do not let anyone follow you through a door that requires an access card. Hard Drive Disposal and Recycling (i) Data wiping is often performed on hard drives containing sensitive data such as financial information. It is not enough to delete files or even format the drive. Software tools can still be used to recover folders, files, and even entire partitions if they are not erased properly. Use software specifically designed to overwrite data multiple times, rendering the data unusable. It is important to remember that data wiping is irreversible, and the data can never be recovered. (ii) Degaussing disrupts or eliminates the magnetic field on a hard drive that allow for the storage of data. (iii) Hard Drive Destruction: The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces. (iv) Hard Drive Recycling - Hard drives that do not contain sensitive data can be reformatted and used in other computers.
  • 5. Security Policies A security policy is a collection of rules, guidelines, and checklists. A security policy includes the following elements: • An acceptable computer usage statement for the organization. • The people permitted to use the computer equipment. • Devices that are permitted to be installed on a network, as well as the conditions of the installation. Modems and wireless access points are examples of hardware that could expose the network to attacks. • Requirements necessary for data to remain confidential on a network. • Process for employees to acquire access to equipment and data. This process may require the employee to sign an agreement regarding company rules. It also lists the consequences for failure to comply. Security Policy Requirements The security policy should also provide detailed information about the following issues in case of an emergency: • Steps to take after a breach in security • Who to contact in an emergency • Information to share with customers, vendors, and the media • Secondary locations to use in an evacuation Steps to take after an emergency is over, including the priority of services to be restored Passwords Password guidelines are an important component of a security policy. Passwords help prevent theft of data and malicious acts. Passwords also help to ensure that logging of events is correct by ensuring that the user is the correct person. Three levels of password protection are recommended: BIOS - Prevents the operating system from booting and the BIOS settings from being changed without the appropriate password. Login - Prevents unauthorized access to the local computer.
  • 6. Network - Prevents access to network resources by unauthorized personnel. Guidelines for creating strong passwords are: Length - Use at least eight characters. Complexity - Include letters, numbers, symbols, and punctuation. Use a variety of keys on the keyboard, not just common letters and characters. Variation - Change passwords often. Set a reminder to change the passwords you have for email, banking, and credit card websites on the average of every three to four months. Variety - Use a different password for each site or computer that you use. File and Folder Permissions Permission levels are configured to limit individual or group user access to specific data. Both FAT32 and NTFS allow folder sharing and folder-level permissions for users with network access.  NTFS – File system that uses journals which are special areas where file changes are recorded before changes are made. • Can log access by user, date, and time. • Has encryption capability.  FAT 32 - no encryption or journaling  Principle of Least Privilege - only allow users access to the resources they need.  Restricting User Permissions-. If an individual or a group is denied permissions to a network share, this denial overrides any other permission given. Lab Activity Lab 10.2.1.7, 10.2.1.8, 10.2.1.9 Protecting Data The value of physical equipment is often far less than the value of the data it contains. To protect data, there are several methods of security protection that can be implemented. • A firewall is a way of protecting a computer from intrusion through the ports. The user can control the type of data sent to a computer by selecting which ports will be open and which will be secured.
  • 7. • Biometric Security compares physical characteristics against stored profiles to authenticate people. A profile is a data file containing known characteristics of an individual such as a fingerprint or a handprint. Common biometric devices available include fingerprint readers, handprint readers, iris scanners, and face recognition devices. • Smart cards store private information such as bank account numbers, personal identification, medical records, and digital signatures. Smart cards provide authentication and encryption to keep data safe. • Data backups are one of the most effective ways of protecting against data loss. Establish data backup procedures which account for frequency of backups, storage for data backups, and securing data backups using passwords. • Data Encryption is where data is transformed using a complicated algorithm to make it unreadable. A special key must be used to return the unreadable information back into readable data. Software programs are used to encrypt files, folders, and even entire drives. Malware Software Protection Programs It may take several different programs and multiple scans to completely remove all malicious software. Run only one malware protection program at a time. Virus protection - An antivirus program typically runs automatically in the background and monitors for problems. When a virus is detected, the user is warned, and the program attempts to quarantine or delete the virus. Spyware protection - Antispyware programs scan for keyloggers, which capture your keystrokes, and other malware so that it can be removed from the computer. Adware protection - Anti-adware programs look for programs that display advertising on your computer. Phishing protection - Antiphishing programs block the IP addresses of known phishing websites and warn the user about suspicious websites. Common Communication Encryption Types Hash Encoding: Hash encoding, or hashing, ensures that messages are not corrupted or tampered with during transmission. Symmetric encryption requires both sides of an encrypted conversation to use an encryption key to encode and decode the data. The sender and receiver must use identical keys.
  • 8. Asymmetric encryption requires two keys, a private key and a public key. The public key can be widely distributed, including emailing in cleartext or posting on the web.  The Service Set Identifier (SSID) is the name of the wireless network. A wireless router or access point broadcasts the SSID by default so that wireless devices can detect the wireless network.  Mac Address Filtering (MAC) address filtering is a technique used to deploy device-level security on a wireless LAN. Wireless Security Modes Most wireless access points support several different security modes. The most common ones are:  Wired Equivalent Privacy (WEP) – The first generation security standard for wireless. Attackers quickly discovered that WEP encryption was easy to break.  Wi-Fi Protected Access (WPA)- An improved version of WEP, uses much stronger encryption.  Wi-Fi Protected Access 2 (WPA2) -WPA2 supports robust encryption, providing government- grade security. A hardware firewall is a physical filtering component that inspects data packets from the network before they reach computers and other devices on a network. A hardware firewall passes two different types of traffic into your network: • Responses to traffic that originates from inside your network • Traffic destined for a port that you have intentionally left open There are several types of hardware firewall configurations: • Packet filter - Packets cannot pass through the firewall, unless they match the established rule set configured in the firewall. Traffic can be filtered based on different attributes, such as source IP address, source port or destination IP address or port. Traffic can also be filtered based on destination services or protocols such as WWW or FTP. • Stateful packet inspection - This is a firewall that keeps track of the state of network connections traveling through the firewall. Packets that are not part of a known connection are dropped. • Application layer - All packets traveling to or from an application are intercepted. All unwanted outside traffic is prevented from reaching protected devices. • Proxy - This is a firewall installed on a proxy server that inspects all traffic and allows or denies packets based on configured rules. A proxy server is a server that is a relay between a client and a destination server on the Internet. • Demilitarized Zone
  • 9. • A Demilitarized Zone (DMZ) is a subnetwork that provides services to an untrusted network. An email, web, or FTP server is often placed into the DMZ so that the traffic using the server does not come inside the local network. This protects the internal network from attacks by this traffic, but does not protect the servers in the DMZ in any way. • Port forwarding is a rule-based method of directing traffic between devices on separate networks: • Used when specific ports must be opened so that certain programs and applications can communicate with devices on different networks. • Router determines if the traffic should be forwarded to a certain device based on the port number found with the traffic. For example HTTP – Port 80. • Port triggering allows the router to temporarily forward data through inbound ports to a specific device. • For example, a video game might use ports 27000 to 27100 for connecting with other players. These are the trigger ports. Lab Activity Lab: 10.3.1.4, 10.3.1.5, 10.3.1.6, 10.3.1.8, 10.3.1.9, 10.3.1.10 Question 1. A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? DDoS spam social engineering anonymous keylogging
  • 10. 2. Which two security precautions will help protect a workplace against social engineering? (Choose two.) performing daily data backups encrypting all sensitive data stored on the servers registering and escorting all visitors to the premises ensuring that all operating system and antivirus software is up to date ensuring that each use of an access card allows access to only one user at the time 3. What are two typical physical security precautions that a business can take to protect its computers and systems? (Choose two.) Perform daily data backups. Implement biometric authentication. Disable the autorun feature in the operating system. Replace any software firewalls with a hardware firewall. Ensure that all operating system and antivirus software is up to date. 4. Which physical security technology can hold user authentication information, include software license protection, provide encryption, and provide hardware and software authentication that is specific to the host system? card key access two-factor security biometric authentication Trusted Platform Module (TPM) 5. It has been noted that the computers of employees who use removable flash drives are being infected with viruses and other malware. Which two actions can help prevent this problem in the future? (Choose two.)
  • 11. Set virus protection software to scan removable media when data is accessed. Configure the Windows Firewall to block the ports that are used by viruses. Disable the autorun feature in the operating system. Repair, delete, or quarantine the infected files. Enable the TPM in the CMOS settings. 6. In which situation would a computer technician use the fixmbr command at the command prompt of a Windows XP computer to resolve a security issue? when a virus has damaged the boot sector of the system disk when a virus has damaged the master boot record of the system disk when the folder permissions for user members of a group are incorrect when unauthorized users have changed the CMOS settings and the CMOS password must be reset 7. All users working with a particular Windows 7 computer are able to install unauthorized software. In addition to educating the users about correct security behavior, which action should also be performed to solve this issue? Disable the users' accounts. Enable UAC on the computer. Set the user folder permissions to Deny. Change the user file permissions to Read Only. 8. You want to dispose of a 2.5 terabyte hard drive that contains confidential financial information. What is the recommended procedure to achieve this? Drill through the HDD. Smash the platters with a hammer. Immerse the HDD in a weak solution of bicarbonate of soda. Use data wiping. 9.
  • 12. What is the most effective way of securing wireless traffic? WPA2 SSID hiding WEP wireless MAC filtering 10. Which two items are used in asymmetric encryption? (Choose two.) a token a DES key a private key a public key a TPM 11. Which two characteristics describe a worm? (Choose two.) executes when software is run on a computer is self-replicating hides in a dormant state until needed by an attacker infects computers by attaching to software code travels to new computers without any intervention or knowledge of the user 12. Which type of security threat uses email that appears to be from a legitimate sender and asks the email recipient to visit a website to enter confidential information? adware phishing stealth virus worm 13.
  • 13. Which three questions should be addressed by organizations developing a security policy? (Choose three.) What assets require protection? How should future expansion be done? What is to be done in the case of a security breach? When do the assets need protecting? What insurance coverage is required? What are the possible threats to the assets of the organization? 14. What does a malware detection program look for when running a scan? a service pack patterns in the programming code of the software on a computer patches that prevent a newly discovered virus or worm from making a successful attack mirror sites 15. Port triggering has been configured on a wireless router. Port 25 has been defined as the trigger port and port 113 as an open port. What effect does this have on network traffic? Any traffic that comes into port 25 allows outgoing port 113 to be used. All traffic that is sent into port 25 to the internal network will also be allowed to use port 113. Any traffic that is using port 25 going out of the internal network will also be allowed to transmit out port 113. All traffic that is sent out port 25 will open port 113 to allow inbound traffic into the internal network through port 113. 16. Which two characteristics of network traffic are being monitored if a network technician configures the company firewall to operate as a packet filter? (Choose two.) packet speed physical addresses packet size
  • 14. ports protocols 17. What is the primary goal of a DoS attack? to facilitate access to external networks to prevent the target server from being able to handle additional requests to obtain all addresses in the address book within the server to scan the data on the target server 18. Which question would be an example of an open-ended question that a technician might ask when troubleshooting a security issue? Is your security software up to date? Have you scanned your computer recently for viruses? Did you open any attachments from a suspicious email message? What symptoms are you experiencing? 19. Which action would help a technician to determine if a denial of service attack is being caused by malware on a host? Disconnect the host from the network. Log on to the host as a different user. Disable ActiveX and Silverlight on the host. Install rogue antivirus software on the host. 20. A technician is troubleshooting a computer security issue. The computer was compromised by an attacker as a result of the user having a weak password. Which action should the technician take as a preventive measure against this type of attack happening in the future? Check the computer for the latest OS patches and updates. Verify the physical security of all offices.
  • 15. Ensure the security policy is being enforced. Scan the computer with protection software. 21. A user has reported that a computer web browser will not display the correct home page even if the default page is reset. What is the likely cause of this problem? UAC has been disabled on the computer. The computer has been infected with spyware. A virus has damaged the boot sector of the system disk. Folder permissions have been changed from Deny to Allow. 22. What is the name given to the programming-code patterns of viruses? grayware mirrors signatures virus definition tables