chapter 9 computer security. 9. introduction private information, company secrets, financial data,...
TRANSCRIPT
Chapter 9
Computer Security
9. Introduction• Private information, company secrets, financial data,
computer equipment, and items of national security
are placed at risk if proper security procedures are not
followed.
Objectives
• Explain why security is important.
•Describe security threats.
•Identify security procedures.
•Identify common preventive maintenance techniques.
•Troubleshoot security.
9.1 Why Security is Important?
• Theft, loss, network intrusion, and physical damage are
some of the ways a network or computer can be harmed.
• Damage or loss of equipment can mean a loss of productivity.
• Repairing and replacing equipment can cost the company time and money.
• Unauthorized use of a network can expose confidential information and reduce
network resources.
• Computer and network security help to keep data and
equipment functioning and provide access only to appropriate
people.
• Therefore, primary responsibilities of a technician include data and network security.
9.2 Security Threats
• Physical – Events or attacks that steal, damage, or destroy
equipment, such as servers and switches.
• Data – Events or attacks that remove, corrupt, deny access,
allow access, or steal information
Source of Threats
Internal - Employees have access to data, equipment, and the network
Threats to Computer Security
• Malicious threats are when an employee intends to cause damage.
• Accidental threats are when the user damages data or equipment unintentionally.
9.2 Security Threats
Source of Threats
External - Users outside of an organization that do not have
authorized access to the network
• Unstructured – Attackers use available resources, such as
passwords or scripts, to gain access
• Structured – Attackers use code to access operating systems and software.
• Physical loss or damage to equipment can cost money and reputation of your company.
• Data threats are constantly changing as attackers find new ways to gain entry to your
system.
9.2.1 Viruses, Worms, and Trojans
• A virus is a program written with malicious intent and sent out by attackers.
• It is transferred to another computer through e-mail, file transfers, and instant messaging.
Viruses
• When the file is accessed, the virus executes and infects the computer.
• It has the potential to corrupt or even delete files on your computer.
• Stealth viruses can infect a computer and lay dormant until summoned by the attacker.
• A worm is a self-replicating program that is harmful to networks.
• It duplicates its code over the network to the hosts, often without any user intervention.
Worms
• It doesn't attach itself to a program to infect a host.
• Though worms doesn't damage data or applications, it is harmful to network, as it
consumes bandwidth.
9.2.1 Viruses, Worms, and Trojans
• Trojans are often disguised as useful software.
• It is hidden in software that appears to do one thing, and yet behind the scenes it does
another.
Trojans
• A Trojan is technically a worm that can reproduce like a virus and spread to other
computers.
• An infected computer in a network could be sending critical data to others along with
Trojan horses.
• Anti-virus is software designed specifically to detect, disable, and remove viruses, worms,
and Trojans before they infect a computer.
9.2.2 Web Security
ActiveX – Technology created by Microsoft to control interactivity on web pages.
• Tools that are used to make web pages more powerful and versatile can also make
computers more vulnerable to attacks.
Java – Programming language that allows applets to run within a web browser.
JavaScript – Programming language that interact with HTML source code to allow
interactive websites.
• Attackers might use any of these tools to install
harmful programs on a computer.
• To prevent these attacks, most browsers asks for
user's authority to download or execute the codes.
9.2.3 Adware, Spyware, and Grayware
• Adware is a software program that displays advertising on your computer.
• Usually distributed with downloaded software.
Adware
• Most often, adware is displayed in a popup window.
• Adware popup windows are difficult to control and opens new windows faster than users
can close them.
• Grayware or malware is a file or program that is potentially harmful.
• Many grayware attacks are phishing attacks where users are persuade to provide their
credentials.
Grayware/Malware
• It can be removed using spyware and adware removal tools.
9.2.3 Adware, Spyware, and Grayware
• Spyware, a type of grayware, is similar to adware.
• It is distributed without any user intervention or knowledge.
Spyware
• Once installed, the spyware monitors activity on the computer and sends the information
to the attacker who developed it.
• Phishing is a form of social engineering where the attacker pretends to represent a
legitimate outside organization, such as a bank.
• A potential victim is contacted via e-mail.
Phishing
• For security, use the postal service to share sensitive information.
9.2.4 Denial of Service (DoS)• DoS is a form of attack that prevents users from accessing normal services, such as e-mail
and a web server.
• Here, the system is busy responding to abnormally large amounts of requests.
• Attackers send enough requests for a system resource that the requested service is
overloaded and ceases to operate.
• Distributed DoS (DDoS) is another form of attack that uses many infected computers,
called zombies (Bots), to launch an attack.
• With DDoS, the intent is to obstruct or overwhelm access to the targeted server.
Types: Ping of Death, E-mail Bomb.
• Zombie computers located at different geographical locations make it difficult to trace the
origin of the attack.
9.2.4 Denial of Service (DoS)
9.2.5 Spam and Popup Windows• Spam, also known as junk mail, is unsolicited email,
commonly used as a method of advertising.
• However, it is also used to send harmful links or
deceptive content.
• These links can result in lots of windows designed to grab your attention and lead you to
advert sites.
• These windows are called POPUPS.
• Example: Links to an infected websites or an
attachment that could infect a computer.
• Many anti-virus and e-mail software programs automatically detect and remove spam from
an e-mail inbox.
9.2.5 Spam and Popup Windows
Check following in emails to verify,
• No subject line
• Incomplete return address
• Computer generated e-mail
• Return e-mail not sent by the user
9.2.6 Social Engineering• A social engineer is a person who is able to gain access to equipment or a network by
tricking people into providing the necessary access information.
• They gains confidence of an employee and convinces
them to disclose username and password information.
• When inside, the social engineer might look over shoulders to gather information, seek
out papers on desks with passwords and phone extensions, or obtain a company directory
with e-mail addresses.
• A social engineer might pose as a technician to try to
gain entry into a facility.
9.2.6 Social Engineering
Basic precautions
• Never give out your password.
• Always ask for the ID of unknown persons.
• Restrict access of unexpected visitors.
• Escort all visitors.
• Never post your password in your work area.
• Lock your computer when you leave your desk.
• Do not let anyone follow you through a door that
requires an access card.
9.2.7 TCP/IP Attacks• TCP/IP is the protocol suite that is used to control all of the communications on the
Internet.
Common TCP/IP Attacks:
• DoS – Sends abnormally large amounts of requests to a system preventing access to the
services
• DDoS – Uses "zombies" to make tracing the origin of the DoS attack difficult to locate
• SYN flood – Randomly opens TCP ports, tying up the network equipment or computer
with a large amount of false requests, causing sessions to be denied to others.
• Spoofing – Gains access to resources on devices by pretending to be a trusted computer
• Man-in-the-middle – Intercepts or inserts false information in traffic between two hosts
9.2.7 TCP/IP Attacks
Common TCP/IP Attacks:
• DNS poisoning – Changes the DNS records on a system to point to false servers where the
data is recorded
• Replay – Uses network sniffers to extract usernames and passwords to be used at a later
date to gain access
9.2.8 Data Wiping, Hard Drive Destruction and Recycling
Data Wiping
• It is performed on hard drives containing sensitive data such as financial information.
• It is not enough to delete files or even format the
drive.
• Data wiping, also known as secure erase, is a procedure performed to permanently delete
data from a hard drive.
• Use a third-party tool Darik's Boot and Nuke (DBAN)
to overwrite data multiple times, rendering the data
unusable.
9.2.8 Data Wiping, Hard Drive Destruction and Recycling
Hard Drive Destruction
• Destroying the hard drive is the best option for companies with sensitive data.
• To fully ensure that data cannot be recovered, one should carefully shatter the platters
with a hammer and safely dispose the pieces.
• Companies with sensitive data should always establish clear policies for hard drive
disposal.
• Other storage media, like CDs, must also be destroyed using Shredding Machine.
Hard Drive Recycling
• Hard drives that do not contain sensitive data should be reused in other computers.
• It can be reformatted or reinstalled.
9.3 Identify Security Procedures
9.3.1 Basic Local Security Policy
• Though local security policies may vary between organizations, there are questions all
organizations should ask:
• What assets require protection?
• What are the possible threats?
• What to do in the event of a security breach?
• A security policy should describe how a company addresses security issues.
• Security policies should be reviewed regularly and updated as necessary.
• Password guidelines are an important component of a security policy.
• You should also define employee access to data (Public, Top Secret) in a security policy.
Security Policy Content
9.3.2 Protecting Physical Equipment• Physical security is as important as data security. When a computer is taken, the data is
also stolen.
• Control access to facilities.
• Use cable locks with equipment.
• Keep telecommunication rooms locked.
• Fit equipment with security screws.
• Use security cages around equipment.
• Label and install sensors, such as RFID tags, on
equipment.
• Install physical alarms triggered by motion-
detection sensors.
• Use webcams with motion-detection and
surveillance software.
Methods to physically protect computer equipment:
9.3.2 Protecting Physical Equipment
• Card keys
• Biometric
• Security Guard
• Sensors
Protecting access to the facility
• One form of hardware security is the Trusted Platform Module (TPM).
9.3.3 Ways to Protect Data
Password Protection
• Login – Prevents unauthorized access to the local computer and the network
Data Encryption
• BIOS – Prevents the operating system from booting, and prevents BIOS settings from
being changed.
• Traffic between resources and computers on the network can be protected from attackers
monitoring or recording transactions by implementing encryption.
Software Firewall
• A software firewall is a program that runs on a computer to allow or deny traffic between
the computer and the network to which it is connected.
• Example: VPN.
9.3.3 Ways to Protect Data
Data Backups
• Frequency of backups: daily, weekly, monthly.
• Storage of backups: stored in offsite location.
• Security of backups: protect with passwords.
• Backing up data is one of the most effective ways of protecting against data loss.
Smart Card Security
• A smart card is a small plastic card, about the size of a credit card, with a small chip
embedded in it.
• Smart cards provide authentication and encryption to keep data safe.
9.3.3 Ways to Protect Data
Biometric Security
• Biometric Devices: fingerprint readers,
handprint readers, iris scanners, and face
recognition devices.
• Biometric security compares physical characteristics against stored profiles to
authenticate people.
File System Security - FAT vs NTFS
9.3.4 Wireless Security Techniques
9.4 Preventive Maintenance for Security
9.4.2 Updating OS Service Packs and Security Patches
9.5 Troubleshoot Security
9.5 Troubleshoot Security
9.5.1 Troubleshooting process
9.5 Troubleshoot Security
9.5.2 Common Problems and Solutions
Thank You