Chapter 9

Computer Security

9. Introduction• Private information, company secrets, financial data,

computer equipment, and items of national security

are placed at risk if proper security procedures are not

followed.

Objectives

• Explain why security is important.

•Describe security threats.

•Identify security procedures.

•Identify common preventive maintenance techniques.

•Troubleshoot security.

9.1 Why Security is Important?

• Theft, loss, network intrusion, and physical damage are

some of the ways a network or computer can be harmed.

• Damage or loss of equipment can mean a loss of productivity.

• Repairing and replacing equipment can cost the company time and money.

• Unauthorized use of a network can expose confidential information and reduce

network resources.

• Computer and network security help to keep data and

equipment functioning and provide access only to appropriate

people.

• Therefore, primary responsibilities of a technician include data and network security.

9.2 Security Threats

• Physical – Events or attacks that steal, damage, or destroy

equipment, such as servers and switches.

• Data – Events or attacks that remove, corrupt, deny access,

allow access, or steal information

Source of Threats

Internal - Employees have access to data, equipment, and the network

Threats to Computer Security

• Malicious threats are when an employee intends to cause damage.

• Accidental threats are when the user damages data or equipment unintentionally.

9.2 Security Threats

Source of Threats

External - Users outside of an organization that do not have

authorized access to the network

• Unstructured – Attackers use available resources, such as

passwords or scripts, to gain access

• Structured – Attackers use code to access operating systems and software.

• Physical loss or damage to equipment can cost money and reputation of your company.

• Data threats are constantly changing as attackers find new ways to gain entry to your

system.

9.2.1 Viruses, Worms, and Trojans

• A virus is a program written with malicious intent and sent out by attackers.

• It is transferred to another computer through e-mail, file transfers, and instant messaging.

Viruses

• When the file is accessed, the virus executes and infects the computer.

• It has the potential to corrupt or even delete files on your computer.

• Stealth viruses can infect a computer and lay dormant until summoned by the attacker.

• A worm is a self-replicating program that is harmful to networks.

• It duplicates its code over the network to the hosts, often without any user intervention.

Worms

• It doesn't attach itself to a program to infect a host.

• Though worms doesn't damage data or applications, it is harmful to network, as it

consumes bandwidth.

9.2.1 Viruses, Worms, and Trojans

• Trojans are often disguised as useful software.

• It is hidden in software that appears to do one thing, and yet behind the scenes it does

another.

Trojans

• A Trojan is technically a worm that can reproduce like a virus and spread to other

computers.

• An infected computer in a network could be sending critical data to others along with

Trojan horses.

• Anti-virus is software designed specifically to detect, disable, and remove viruses, worms,

and Trojans before they infect a computer.

9.2.2 Web Security

ActiveX – Technology created by Microsoft to control interactivity on web pages.

• Tools that are used to make web pages more powerful and versatile can also make

computers more vulnerable to attacks.

Java – Programming language that allows applets to run within a web browser.

JavaScript – Programming language that interact with HTML source code to allow

interactive websites.

• Attackers might use any of these tools to install

harmful programs on a computer.

• To prevent these attacks, most browsers asks for

user's authority to download or execute the codes.

9.2.3 Adware, Spyware, and Grayware

• Adware is a software program that displays advertising on your computer.

• Usually distributed with downloaded software.

Adware

• Most often, adware is displayed in a popup window.

• Adware popup windows are difficult to control and opens new windows faster than users

can close them.

• Grayware or malware is a file or program that is potentially harmful.

• Many grayware attacks are phishing attacks where users are persuade to provide their

credentials.

Grayware/Malware

• It can be removed using spyware and adware removal tools.

9.2.3 Adware, Spyware, and Grayware

• Spyware, a type of grayware, is similar to adware.

• It is distributed without any user intervention or knowledge.

Spyware

• Once installed, the spyware monitors activity on the computer and sends the information

to the attacker who developed it.

• Phishing is a form of social engineering where the attacker pretends to represent a

legitimate outside organization, such as a bank.

• A potential victim is contacted via e-mail.

Phishing

• For security, use the postal service to share sensitive information.

9.2.4 Denial of Service (DoS)• DoS is a form of attack that prevents users from accessing normal services, such as e-mail

and a web server.

• Here, the system is busy responding to abnormally large amounts of requests.

• Attackers send enough requests for a system resource that the requested service is

overloaded and ceases to operate.

• Distributed DoS (DDoS) is another form of attack that uses many infected computers,

called zombies (Bots), to launch an attack.

• With DDoS, the intent is to obstruct or overwhelm access to the targeted server.

Types: Ping of Death, E-mail Bomb.

• Zombie computers located at different geographical locations make it difficult to trace the

origin of the attack.

9.2.4 Denial of Service (DoS)

9.2.5 Spam and Popup Windows• Spam, also known as junk mail, is unsolicited email,

commonly used as a method of advertising.

• However, it is also used to send harmful links or

deceptive content.

• These links can result in lots of windows designed to grab your attention and lead you to

advert sites.

• These windows are called POPUPS.

• Example: Links to an infected websites or an

attachment that could infect a computer.

• Many anti-virus and e-mail software programs automatically detect and remove spam from

an e-mail inbox.

9.2.5 Spam and Popup Windows

Check following in emails to verify,

• No subject line

• Incomplete return address

• Computer generated e-mail

• Return e-mail not sent by the user

9.2.6 Social Engineering• A social engineer is a person who is able to gain access to equipment or a network by

tricking people into providing the necessary access information.

• They gains confidence of an employee and convinces

them to disclose username and password information.

• When inside, the social engineer might look over shoulders to gather information, seek

out papers on desks with passwords and phone extensions, or obtain a company directory

with e-mail addresses.

• A social engineer might pose as a technician to try to

gain entry into a facility.

9.2.6 Social Engineering

Basic precautions

• Never give out your password.

• Always ask for the ID of unknown persons.

• Restrict access of unexpected visitors.

• Escort all visitors.

• Never post your password in your work area.

• Lock your computer when you leave your desk.

• Do not let anyone follow you through a door that

requires an access card.

9.2.7 TCP/IP Attacks• TCP/IP is the protocol suite that is used to control all of the communications on the

Internet.

Common TCP/IP Attacks:

• DoS – Sends abnormally large amounts of requests to a system preventing access to the

services

• DDoS – Uses "zombies" to make tracing the origin of the DoS attack difficult to locate

• SYN flood – Randomly opens TCP ports, tying up the network equipment or computer

with a large amount of false requests, causing sessions to be denied to others.

• Spoofing – Gains access to resources on devices by pretending to be a trusted computer

• Man-in-the-middle – Intercepts or inserts false information in traffic between two hosts

9.2.7 TCP/IP Attacks

Common TCP/IP Attacks:

• DNS poisoning – Changes the DNS records on a system to point to false servers where the

data is recorded

• Replay – Uses network sniffers to extract usernames and passwords to be used at a later

date to gain access

9.2.8 Data Wiping, Hard Drive Destruction and Recycling

Data Wiping

• It is performed on hard drives containing sensitive data such as financial information.

• It is not enough to delete files or even format the

drive.

• Data wiping, also known as secure erase, is a procedure performed to permanently delete

data from a hard drive.

• Use a third-party tool Darik's Boot and Nuke (DBAN)

to overwrite data multiple times, rendering the data

unusable.

9.2.8 Data Wiping, Hard Drive Destruction and Recycling

Hard Drive Destruction

• Destroying the hard drive is the best option for companies with sensitive data.

• To fully ensure that data cannot be recovered, one should carefully shatter the platters

with a hammer and safely dispose the pieces.

• Companies with sensitive data should always establish clear policies for hard drive

disposal.

• Other storage media, like CDs, must also be destroyed using Shredding Machine.

Hard Drive Recycling

• Hard drives that do not contain sensitive data should be reused in other computers.

• It can be reformatted or reinstalled.

9.3 Identify Security Procedures

9.3.1 Basic Local Security Policy

• Though local security policies may vary between organizations, there are questions all

organizations should ask:

• What assets require protection?

• What are the possible threats?

• What to do in the event of a security breach?

• A security policy should describe how a company addresses security issues.

• Security policies should be reviewed regularly and updated as necessary.

• Password guidelines are an important component of a security policy.

• You should also define employee access to data (Public, Top Secret) in a security policy.

Security Policy Content

9.3.2 Protecting Physical Equipment• Physical security is as important as data security. When a computer is taken, the data is

also stolen.

• Control access to facilities.

• Use cable locks with equipment.

• Keep telecommunication rooms locked.

• Fit equipment with security screws.

• Use security cages around equipment.

• Label and install sensors, such as RFID tags, on

equipment.

• Install physical alarms triggered by motion-

detection sensors.

• Use webcams with motion-detection and

surveillance software.

Methods to physically protect computer equipment:

9.3.2 Protecting Physical Equipment

• Card keys

• Biometric

• Security Guard

• Sensors

Protecting access to the facility

• One form of hardware security is the Trusted Platform Module (TPM).

9.3.3 Ways to Protect Data

Password Protection

• Login – Prevents unauthorized access to the local computer and the network

Data Encryption

• BIOS – Prevents the operating system from booting, and prevents BIOS settings from

being changed.

• Traffic between resources and computers on the network can be protected from attackers

monitoring or recording transactions by implementing encryption.

Software Firewall

• A software firewall is a program that runs on a computer to allow or deny traffic between

the computer and the network to which it is connected.

• Example: VPN.

9.3.3 Ways to Protect Data

Data Backups

• Frequency of backups: daily, weekly, monthly.

• Storage of backups: stored in offsite location.

• Security of backups: protect with passwords.

• Backing up data is one of the most effective ways of protecting against data loss.

Smart Card Security

• A smart card is a small plastic card, about the size of a credit card, with a small chip

embedded in it.

• Smart cards provide authentication and encryption to keep data safe.

9.3.3 Ways to Protect Data

Biometric Security

• Biometric Devices: fingerprint readers,

handprint readers, iris scanners, and face

recognition devices.

• Biometric security compares physical characteristics against stored profiles to

authenticate people.

File System Security - FAT vs NTFS

9.3.4 Wireless Security Techniques

9.4 Preventive Maintenance for Security

9.4.2 Updating OS Service Packs and Security Patches

9.5 Troubleshoot Security

9.5 Troubleshoot Security

9.5.1 Troubleshooting process

9.5 Troubleshoot Security

9.5.2 Common Problems and Solutions

Thank You