Ite pc v40_chapter9_edited_h

© 2007 Cisco Systems, Inc. All rights reserved. Cisco PublicITE PC v4.0Chapter 1 1

CHAPTER 9Fundamental Security

IT Essentials: PC Hardware and Software v4.0

ITE PC v4.0Chapter 1 2© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public

Objectives■ Why is security important?

■ What are security threats?

■ What are some security procedures?

■ What are the preventive maintenance techniques

for security?

■ What can be done to troubleshoot security?


■ Define viruses, worms, and Trojan horses.

■ Explain web security.

■ Define adware, spyware, and grayware.

■ Explain denial of service.

■ Describe spam and popups.

■ Explain social engineering.

■ Explain TCP/IP attacks.

■ Explain hardware deconstruction and recycling.


Security Threats

To successfully protect computers and the network, a technician must understand both of the following types of threats to computer security:

■ Physical: Events or attacks that steal, damage, or destroy such equipment as servers, switches, and wiring.

■ Data: Events or attacks that remove, corrupt, deny access to, allow access to, or steal information.


■ Internal: Employees who have access to data, equipment, and the network. Internal attacks can be characterized as follows:

■ Malicious threats are when an employee intends to cause damage.

■ Accidental threats are when the user damages data or equipment unintentionally.


■ External: Users outside an organization who do not have authorized access to the network or resources. External attacks can be characterized as follows:

■ Unstructured attacks, which use available resources, such as passwords or scripts, to gain access to and run programs designed to vandalize.

■ Structured attacks, which use code to access operating systems and software.


Viruses, Worms, and Trojan Horses

Virus is attached to small pieces of computer code, software, or documents. It executes when the software is run on a computer.

A virus is transferred to another computer through e-mail, file transfers, and instant messaging.

The virus hides by attaching itself to a file on the computer. When the file is accessed, the virus executes and infects the computer. A virus has the potential to corrupt or even delete files on your computer, use your e-mail to spread itself to other computers, or even erase your hard drive.


A worm is a self-replicating program that is harmful to networks. A worm uses the network to duplicate its code to the hosts on a network, often without any user intervention.

A Trojan horse technically is a worm. It does not need to be attached to other software. Instead, a Trojan threat is hidden in software that appears to do one thing, and yet behind the scenes it does another. Trojans often are disguised as useful software. The Trojan program can reproduce like a virus and spread to other computers.


Virus protection software, known as antivirus software, is software designed to detect, disable, and remove viruses, worms, and Trojans before they infect a computer.


Web Security

Web security is important because so many people visit the World Wide Web every day. Some of the features that make the web useful and entertaining can also make it harmful to a computer.


Adware, Spyware, and Grayware Adware is a software program that displays

advertising on your computer. Most often, adware is displayed in a popup window. Adware popup windows are sometimes difficult to control; they open new windows faster than users can close them.

Grayware or malware is a file or program other than a virus that is potentially harmful. Many grayware attacks are phishing attacks, which try to persuade the user to unknowingly give attackers access to personal information.


Spyware, a type of grayware, is similar to adware. It is distributed without any user intervention or knowledge.

Phishing is a form of social engineering, in which the attacker pretends to represent a legitimate outside organization, such as a bank.


Denial of Service Denial of service (DoS) is a form of attack that

prevents users from accessing normal services, such as e-mail or a web server.

DoS attacks can affect servers and computers in the following ways:

■ Ping of death is a series of repeated, larger-than-normal pings that are intended to crash the receiving computer.

■ An e-mail bomb is a large quantity of bulk e-mail sent to individuals, lists, or domains, intending to prevent users from accessing e-mail.


Distributed DoS (DDoS) is another form of attack that uses many infected computers, called zombies, to launch an attack.


Spam and Popup Windows

Spam, also known as junk mail, is unsolicited e-mail. In most cases, spam is used for advertising. However, spam can be used to send harmful links or deceptive content.

(popups) designed to capture your attention and lead you to advertising sites. Uncontrolled popup windows can quickly cover your screen and prevent you from getting any work done.


Social Engineering

A social engineer is a person who gains access to equipment or a network by tricking people into providing the necessary information.

Often, the social engineer gains the confidence of an employee and convinces that person to divulge username and password information.


The following are some basic precautions to help protect against social engineering:

■ Never give out your password.

■ Always ask for the ID of unknown persons.

■ Restrict the access of unexpected visitors.

■ Escort all visitors.

■ Never post your password in your work area.

■ Log off or lock your computer when you leave your desk.

■ Do not let anyone follow you through a door that requires an access card.


Security Procedures

You should use a security plan to determine what will be done in a critical situation.

Security plan policies should be constantly updated to reflect the latest threats to a network.

A security plan with clear security procedures is the basis for a technician to follow.

Security plans should be reviewed each year.


Security Pyramid

Wireless security

Data protection

Physical Equipment

Local security policy


What Is Required in a Basic Local SecurityPolicy?

Although local security policies may vary between organizations, all organizations should

ask the following questions:

■ What assets require protection?

■ What are the possible threats?

■ What should be done in the event of a security breach?


What Is Required in a Basic Local SecurityPolicy?

A security policy should describe how a company defines security issues:

■ A process for handling network security incidents

■ A process for auditing existing network security

■ A general security framework for implementing network security

■ Behaviors that are allowed

■ Behaviors that are prohibited

■ What to log and how to store the logs: Event Viewer, system log files, or security log files

■ Network access to resources through account permissions

■ Authentication technologies (such as usernames, passwords, biometrics, and smart cards) to access data


Tasks Required to Protect PhysicalEquipment

Physical security is as important as data security. When a computer is stolen, the data is also stolen.

There are several ways to physically protect computer equipment:

■ Control access to facilities.

■ Use cable locks with equipment

■ Keep telecommunication rooms locked.

■ Fit equipment with security screws

■ Use security cages around equipment

■ Label and install sensors, such as Radio Frequency Identification (RFID) tags, on equipment.


Locking Devices

For access to facilities, there are several means of protection:

■ Card keys that store user data, including level of access

■ Biometric sensors that identify the user’s physical characteristics, such as fingerprints

or retinas

■ Posted security guard

■ Sensors, such as RFID tags, to monitor equipment


Ways to Protect Data

Password protection can prevent unauthorized access to content. To keep attackers from gaining access to data, all computers should be password-protected.

Two levels of password protection are recommended:

■ BIOS prevents BIOS settings from being changed without the appropriate password.

■ Login prevents unauthorized access to the network.


Data Backups

■ Frequency of backups: Backups can take a long time. Sometimes it is easier to make full backup monthly or weekly and then do frequent partial backups of any data that has changed since the last full backup

■ Storing backups: Backups should be transported to an approved offsite storage location for extra security.

■ Security of backups: Backups can be protected with passwords. These passwords have to be entered before the data on the backup media can be restored.

Technology

Ite pc v40_chapter9_edited_h