Security

Fundamentals of IT
|
Introduction

• Security is an important aspect to consider when working with

computers
• Computers and servers hold private information, financial data,
company secrets that should be accessed only by the right people
• The network administrator or technician should ensure that
security measures are well implemented in the network

7/15/2016 Security | 2
Security Attacks and Threats

• Attacks can be physical or Data related

– Physical – damage to computers or theft

– Data – corruption of data, denial of access, unauthorized access, theft

of information

• Threats can be internal or external

– Internal – caused by employees in the company either accidental or
malicious
– External – caused by outsiders from the company

7/15/2016 Security | 3
Security Threats - Malware

• Data related attacks are caused by several application such as:

• Viruses
• These are software codes that trigger a malicious event on the computer
• They are usually attached to an executable file and can be transferred
from one computer to another using eternal data storage devices
• It can be used to collect sensitive information such as personal profile or
financial data
• A virus usually causes a denial of service or damage data or software
such as drivers

7/15/2016 Security | 4
Security Threats - Malware

• Worm

• This is a self replicating program that uses the network to

duplicate its code to other hosts on the network
• Its effects on the computer are similar to that of a virus in that it
can corrupt drivers and applications, denial of service, etc.

• However since it’s a program on its own, it does not require the
user to run the program for it to work

• It can also be spread through file sharing using external storage

devices

7/15/2016 Security | 5
Security Threats - Malware

• Trojan horse

• This is a type of worm that presents itself as a useful program

• However it requires the user to trigger it such as downloading and
running a file from the Internet or email
• Once activated it attacks the files stored such as denial of service,
annoying pop up windows or worse corrupting system files or
programs

7/15/2016 Security | 6
Security Threats - Malware

• Adware – a software program that displays advertising on a

computer usually distributed with downloaded software.
– Most often, adware is displayed in a pop-up window which are
sometimes difficult to control and open new windows faster than users
can close them.

• Spyware - a software program that monitors activity on the

computer. The spyware then sends this information to the
individual or organization responsible for launching the spyware.

7/15/2016 Security | 7
Denial of Service

• This is where a user is prevented from accessing normal services in a

computer
• The malware sends enough requests to overload the resource or stop its
operation
• Examples include:
– Ping of death – a series of repeated pings larger than the normal pings
intended to crash the receiving computer
– Email bomb – a large number of emails sent to the email server to
overwhelm it preventing users from accessing their emails
– Distributed DOS – when a series of requests come from several computers to
the same recipient causing it to be overwhelmed and crashing

7/15/2016 Security | 8
Exercise

• Research on how denial of service from viruses comes about, and

the examples

7/15/2016 Security | 9
Social Engineering

• Also known as phishing

• The attacker pretends to represent a legitimate outside organization,
such as a bank.
• A potential victim is contacted via email, telephone, or text message.
• The attacker might ask for verification of information, such as a
password or username, to possibly prevent some terrible consequence
from occurring.
• Preventive measure include never giving out passwords, as for the ID of
the person asking for the information, restrict access to information and
monitor visitors

7/15/2016 Security | 10
Web Security Threats

• Tools that are used to make web pages more powerful and versatile can
also make computers more vulnerable to attacks.
• They include:
– ActiveX - Technology created by Microsoft to control interactivity on web
pages.
• If ActiveX is enabled on a web page, an applet or small program must be
downloaded to gain access to the full functionality.
– Java - Programming language that allows applets to run within a web
browser. Examples of Java applets include a calculator or a page-hit
counter.
– Adobe Flash - Multimedia tool used to create interactive media for the
web. Flash is used for creating animation, video, and games on web pages.

7/15/2016 Security | 11
Web Security Threats

• When using a browser, the sites visited collect information on the

information searched, the personal information on logging in such as
usernames and passwords
• This is common in a public network such as cyber cafes, hotels and
airports
• To prevent this from happening, use Private browsing which prevents
the browser form retaining personal information or browsing habits
• Once the browser is closed, the information is deleted and the session
ended.

7/15/2016 Security | 12
Access to Data and Equipment

• Deleting files from a hard drive does not remove them completely from
the computer.
• The operating system removes the reference to the file in the file
allocation table, but the data remains.
• This data is not completely removed until the hard drive stores other
data in the same location, overwriting the previous data.
• Hard drives should be fully erased (data wiped) to prevent the
possibility of recovery using specialized software.
• After the data on the hard drive has been completely erased, the hard
drive can be destroyed or recycled.

7/15/2016 Security | 13
Access to Data and Equipment

• There are several measures to follow to prevent access to this information

such as:
• Data Wiping
• It’s a procedure performed to permanently delete data from a hard drive.
• Data wiping is often performed on hard drives containing sensitive data such as
financial information.
• Software tools can still be used to recover folders, files, and even entire
partitions if they are not erased properly.
• Use software specifically designed to overwrite data multiple times, rendering
the data unusable.
• Note: Data wiping is irreversible, and the data can never be recovered.

7/15/2016 Security | 14
Access to Data and Equipment

• Degaussing
• It disrupts or eliminates the magnetic field on a hard drive that allow for the
storage of data.
• An electromagnet is a magnet, that when a current is applied, its magnetic
field becomes very strong.
• A degaussing tool takes about 10 seconds to degauss a hard drive, so it can
save a lot of time and money if a large number of hard drives need to be
securely erased.
• There are also degaussing wands that can be used for smaller jobs, where it
uses powerful magnets instead of electromagnets and costs much less.
– To use a degaussing wand, a hard drive must be disassembled and the platters
exposed to the wand for approximately 2 minutes.

7/15/2016 Security | 15
Access to Data and Equipment

• Hard Drive Destruction

• Destroying the hard drive is the best option for companies with
sensitive data.
• To fully ensure that data cannot be recovered from a hard drive,
carefully shatter the platters with a hammer and safely dispose of
the pieces.

7/15/2016 Security | 16
Security Policies

|
Security Measures

• To protect data and equipment in an organization, implementing

the measures in layers is effective:

Wireless Security

Data Protection

Physical Equipment

Local Security Policy

7/15/2016 Security | 18
Security Policies

• A security policy is a collection of rules and guidelines for protecting data and
equipment and meet the security requirements of the organization
• It includes:
1. An acceptable computer usage statement for the organization.
2. The people permitted to use the computer equipment.
3. Devices that are permitted to be installed on a network, as well as the conditions
of the installation. Modems and wireless access
4. Requirements necessary for data to remain confidential on a network.
5. Process for employees to acquire access to equipment and data. This process may
require the employee to sign an agreement regarding company rules. It also lists
the consequences for failure to comply.

7/15/2016 Security | 19
Protecting Equipment

• Ensure the following requirements are met:

1. Use cable locks and security screws to secure devices physically

2. Control access of personnel to the facilities

3. Lock telecommunication rooms and servers

4. Label and install sensors on the devices to track their movement

7/15/2016 Security | 20
Protecting Data

• These measures include:

1. Password Protection – these can be implanted on the BIOS, Lgin and
Network
a) When assigning password, it should be complex enough mostly a combination of
password length, uppercase, lowercase, symbols and numbers
b) The passwords need to be changed often, usually three to four months

2. File system security – protect files by setting who’s authorized to access

them
a) Both FAT32 and NTFS allow folder sharing and folder-level permissions for users
with network access
b) These can be, no one is allowed to read, one allowed to read or allowed to read
and write

7/15/2016 Security | 21
Protecting Data

• Some software and tools can be used to implement security

measures on the network or the computer
• A combination of these tools ensure a high level of security while
protecting the data
• They include:
– Firewalls
– Biometric Cards
– Data Encryption and Back up

– Applications to prevent malicious attacks

7/15/2016 Security | 22
Protecting Data - Firewalls

• This is a program or a hardware that runs on a computer to allow or deny

traffic between the computer and other computers to which it is connected.
– Hardware firewalls are normally found in access points such as routers
• The software firewall applies a set of rules to data transmissions through
inspection and filtering of data packets.
• Windows Firewall is an example of a software firewall. It is installed by default
when the OS is installed.
• A software firewall is capable of protecting a computer from intrusion through
data ports.
• Firewalls block incoming and outgoing network connections, unless exceptions
are defined to open and close the ports required by a program.

7/15/2016 Security | 23
Protecting Data – Biometric Security

• Biometric security compares physical characteristics against stored profiles to

authenticate people.
• A profile is a data file containing known characteristics of an individual.
• Common biometric devices available include fingerprint readers, retina
scanners, and face and voice recognition devices.
• The user is granted access if their characteristics match saved settings and the
correct login information is supplied.
• They are ideal for highly secure areas when combined with a secondary
security measure such as a password or pin.
• However, for most small organizations, this type of solution is too expensive.

7/15/2016 Security | 24
Protecting Data – Smart Cards

• A smart card is a small plastic card, about the size of a credit card,
with a small chip embedded in it
• The chip is an intelligent data carrier, capable of processing,
storing, and safeguarding data.
• Smart cards store private information, such as bank account
numbers, personal identification, medical records, and digital
signatures.

• Smart cards provide authentication and encryption to keep data

safe

7/15/2016 Security | 25
Protecting Data – Data Back up and
Encryption
• Back up – It is one of the most effective ways of protecting against data loss.
– Data can be lost or damaged in circumstances such as theft, equipment failure, or
a disaster.
– Data backups should be performed on a regular basis and included in a security
plan while considering storage and validation.
• Encryption - data is transformed using a complicated algorithm to make it
unreadable.
– A special key must be used to return the unreadable information back into
readable data.
– Software programs are used to encrypt files, folders, and even entire drives.
– These include Encryption File System and BitLocker in Windows

7/15/2016 Security | 26
Protecting Against Malicious Software

• Running virus and spyware scanning programs to detect and remove unwanted
software is highly recommended.
• Many browsers now come equipped with special tools and settings that prevent the
operation of several forms of malicious software.
• It may take several different programs and multiple scans to completely remove all
malicious software.
1. Virus protection - An antivirus program typically runs automatically in the background
and monitors for problems.
• When a virus is detected, the user is warned, and the program attempts to quarantine or
delete the virus
2. Spyware protection
3. Adware protection
4. Phishing protection - block the IP addresses of known phishing websites and warn the
user about suspicious websites.

7/15/2016 Security | 27
Exercise

• Find out how an antivirus works

7/15/2016 Security | 28
Security Updates and Patches

• Frequently updating software installed prevents the computer

from attacks.
• Operating systems require updates especially for the drivers
installed
• Windows routinely checks the Windows Update website for
high-priority updates that can help protect a computer from the
latest security threats.

• These updates include security updates, critical updates, and

service packs.

7/15/2016 Security | 29
Security Updates and Patches

• Depending on the setting you choose, Windows automatically

downloads and installs any high-priority updates that your
computer needs or notifies you as these updates become available.
• Patches are code updates that manufacturers provide to prevent a
newly discovered virus or worm from making a successful attack

7/15/2016 Security | 30
Security Updates and Patches

7/15/2016 Security | 31
Common Problems and Solutions

7/15/2016 Security | 32
Ole Sangale Road, Madaraka Estate. PO Box 59857-00200, Nairobi, Kenya
Tel: (+254) (0)703 034000/200/300 Fax : +254 (0)20 607498
Email: [email protected] Website: www.strathmore.edu
|