CHAPTER 3

3.1 Security Troubleshooting

and Solutions
Security Basics and IT Professional
Department of Information & Communication Technology
Politeknik Mersing
 1. Explain Basic
Troubleshooting Process
2. Discuss Protection Against
Overview Malicious Software
3. Discuss Protection Physical
Security
CHAPTER 3 :

BASIC
TROUBLESHOOTIN
G PROCESS
 ● Is the PROCESS of
identifying, planning and
resolving a problem, error or
TROUBLESHOOT fault within a software or
computer system.
?
● It ENABLE the repair and
restoration of a computer or
software when it becomes
faulty, unresponsive or acts in
an abnormal way.

https://www.techopedia.com › definition › troubleshooting

Explain Basic Troubleshooting
Process
● The troubleshooting process is used to help resolve
security issues.
● Use the troubleshooting steps as a guideline to help you
diagnose and repair problems .
● Computer technicians must be able to analyze a
security threat and determine the appropriate method to
protect assets and repair damage.
Explain Basic Troubleshooting
Process
THREE (3) main phase in security troubleshooting
process.

● IDENTIFY
● DIAGNOSE
● SOLVE
Basic Troubleshooting Process
SIX (6) step troubleshooting process

STEP 1 : Identify the problem

STEP 2 : Established the theory of probable cause
STEP 3 : Test the theory to determine the cause
STEP 4 : Establish a plan of action to resolve the problem and
implement
the solution
STEP 5 : Verify full system functionality and implement preventative
measures
STEP 6 : Document findings, Actions and Outcomes
Basic Troubleshooting Process
STEP 1 : Identify the problem
Basic Troubleshooting Process
STEP 2 : Established the theory of probable cause

• After you have talked to the customer, you can establish a theory of
probable causes
• Create a list of the most common causes of security problems:
Basic Troubleshooting Process
STEP 3 : Test the theory to determine the cause
• Test theories of probable cause one at a time, starting with the quickest
and easiest.
• If the exact cause of the problem has not been determined after all
theories have been tested, establish a new theory of probable cause and
test it.
Basic Troubleshooting Process
STEP 4 : Establish a plan of action to resolve the
problem
and implement the solution

• After determining the exact cause of the problem, establish a plan of

action to resolve the problem and implement a solution.
• Sometimes quick procedures can determine the exact cause of the
problem or even correct the problem.
• If a quick procedure does not correct the problem, you might need to
research the problem further to establish the exact cause.
Basic Troubleshooting Process
STEP 4 : Establish a plan of action to resolve the
problem
and implement the solution
Basic Troubleshooting Process
STEP 5 : Verify full system functionality and implement
preventative measures

• Verify full system functionality and implement any preventive measures if

needed.
• Have the customer verify the solution and system functionality.
Basic Troubleshooting Process
STEP 6 : Document findings, Actions and Outcomes

• List of the tasks required to document the problem and the solution.
Common Problems & Solutions
For Security
• Security problems can be attributed to hardware, software, or connectivity
issues, or some combination of the three.
• The figure is a chart of common security problems and solutions
Common Problems & Solutions
For Security
Common Problems & Solutions
For Security
Common Problems & Solutions
For Security
Common Problems & Solutions
For Security
Others Security Problems and Solutions.
● Code injection

● Data breach

● Malware infection

● Distributed Denial of Service Attack

● Malicious Insiders
SOLUTION FOR SECURITY

CODE INJECTION DATA BREACH

● Avoiding vulnerable code ● Site traffic and transactions
● Filtering input should be encrypted with SSL.
● Permissions should be
carefully set for each group of
users.
● Servers should be scanned.
● Train and educate employees
in cyber hygiene.
SOLUTION FOR SECURITY

MALWARE INFECTION DISTRIBUTED DENIAL OF

● Several different tools are SERVICES ATTACK (DDoS)
needed for preventing ● Configure network hardware
infection. against DDoS attacks.
● Robust email scanning and ● Deploy a DDoS protection
filtering system is as malware appliance.
and vulnerability scans. ● Protect DNS servers.
● Any device or system infected
with malware must be
thoroughly scrubbed.
● Educate employees in
malware infection.
SOLUTION FOR SECURITY

MALICIOUS INSIDER
● Setting logical access control policies to implement the principle of least
privilege.
● Monitoring the network with audit and transaction logs.
● If a malicious insider attack is detected, the insider’s access privileges
should immediately be revoked.
DATA BACKUP IN WINDOWS
● Windows backups can be done manually or scheduled to takes place
automatically.
● To successfully back up and restore data in Windows, the appropriate
user rights and permissions are required:

○ All users can back up their own files and folders. They can also back up files
for which they have the Read permission.

○ All users can restore files and folders for which they have the Write
permission.

○ Members of the Administrators, Backup Operators, and Server Operators (if

joined to a domain) can back up and restore all files, regardless of the
assigned permissions.
DATA BACKUP IN WINDOWS
● Types of backup:
DATA BACKUP IN WINDOWS
Data Backup Steps
● Open Control Panel.
● Click on System and Security.
● Click on Backup and Restore (Windows 7).
DATA BACKUP IN WINDOWS
Data Backup Steps
● Under the "Backup" section, click the Set up backup option on the
right.
DATA BACKUP IN WINDOWS
Data Backup Steps
● Select the removable drive to store the backup.
DATA BACKUP IN WINDOWS
Data Backup Steps
● Click the Next button.
● Under the "What do you want to backup?" section, select the Let me
choose option.

Quick tip:
You can select the Let Windows choose option,
but if you want to make sure that everything you
want is getting backed up, the Let me choose is
the option that you want to select.
DATA BACKUP IN WINDOWS
Data Backup Steps
● Click the Next button.
● Under the "Data Files" section, check all the items as required.
● Under the "Computer" section, check the Local Disk (C:).
(If you have multiple drives, they will also appear in this list.)
DATA BACKUP IN WINDOWS
Data Backup Steps
● Check the Include a system of drives: System Reserved, (C:) option.
DATA BACKUP IN WINDOWS
Data Backup Steps
● Click the Next button.
● Click the Change schedule option.
DATA BACKUP IN WINDOWS
Data Backup Steps
● Check the Run backup on a schedule option.
● Specify the frequency, date, and time when Windows 10 should backup
your computer.
DATA BACKUP IN WINDOWS
Data Backup Steps
● Click the OK button.
● Click the Save settings and exit button.

Once you complete the steps, an initial backup of your device will be created, and then
incremental backups will be performed on the schedule you specified.
THANK
YOU
3.2 PROTECTION
AGAINST
MALICIOUS
SOFTWARE
 Learning Outcomes

Identify Malicious Software protections programs

Identify signature file updates
 Malicious Software
protections programs
Malicious Software Protection
Programs
Change your passwords.
Install and maintain antivirus software.
Keep software updated.
Use caution with links and attachments.
Back up data.
Block pop-up advertisements.
Install or enable a firewall.
Use an account with limited
Use anti-spyware tools.
permissions.

Disable external media AutoRun and Monitor accounts.

AutoPlay features.
Avoid using public Wi-Fi.
 Install And Maintain Antivirus
Software
❖ Antivirus software recognizes malware and protects computer .
❖ Installing antivirus software from a reputable vendor is an important
step in preventing and detecting infections.
❖ Always visit vendor sites directly rather than clicking on advertisements
or email links.
❖ Attackers are continually creating new viruses and other forms of
malicious code, it is important to keep antivirus software up-to-date.
 Use Caution With Links And
Attachments
❖ Take appropriate precautions when using email and web browsers to
reduce the risk of an infection.
❖ Be wary of unsolicited email attachments and
❖ Use caution when clicking on email links, even if they seem to come
from people you know.
 Block Pop-up Advertisements
❖ Pop-up blockers disable windows that could potentially contain
malicious code.
❖ Most browsers have a free feature that can be enabled to block pop-up
advertisements.
 Use An Account With Limited
Permissions
❖ When navigating the web, it's a good security practice to use an
account with limited permissions.
❖ If you do become infected, restricted permissions keep the malicious
code from spreading and escalating to an administrative account.
 Disable External Media AutoRun
And AutoPlay Features
❖ Disabling AutoRun and AutoPlay features prevents external media
infected with malicious code from automatically running on your
computer.
 Change Your Passwords
❖ If your computer is infected, change your passwords.
❖ This includes any passwords for websites that may have been cached
in your web browser.
❖ Create and use strong passwords, making them difficult for attackers to
guess.
 Keep Software Updated
❖ Install software patches on computer so attackers do not take
advantage of known vulnerabilities.
❖ Consider enabling automatic updates, when available.
 Back Up Data
❖ Regularly back up your documents, photos, and important email
messages to the cloud or to an external hard drive.
❖ In the event of an infection, your information will not be lost.
 Install Or Enable A Firewall
❖ Firewalls can prevent some types of infection by blocking malicious
traffic before it enters your computer.
❖ Some operating systems include a firewall; if the operating system you
are using includes one, enable it.
 Use Anti-Spyware Tools
❖ Spyware is a common virus source, but you can minimize infections by
using a program that identifies and removes spyware.
❖ Most antivirus software includes an anti-spyware option; ensure you
enable it.
 Monitor Accounts
❖ Look for any unauthorized use of, or unusual activity on, your
accounts—especially banking accounts.
❖ If you identify unauthorized or unusual activity, contact your account
provider immediately.
 Avoid Using Public Wi-Fi
❖ Unsecured public Wi-Fi may allow an attacker to intercept your
device’s network traffic and gain access to your personal information.
 1.
Signature Files
Update
 Signature Files contain the latest list and behavior of
known viruses. Anti-virus programs release signature file
updates regularly, sometimes daily, sometimes more
often, because new viruses are being identified on a
daily basis. It is best to configure your anti-virus program
to automatically check for updates these updates.
Why Need To Update Signature Files?

❖ Antivirus needs information on all the newest viruses and

other security threats in order to successfully protect your
data.
❖ To make sure that it has all of the information it needs to fight
the most recent threats.
Update Windows Security
signatures
❖ Select Start > Settings > Update & Security > Windows Security > Virus & threat protection.

❖ Select Check for updates (or Virus & threat protection updates in previous versions of Windows 10).

❖ Under Threat definitions, select Check for updates.

❖ If Windows Security finds a new signature, it will download and install it.

• Note: that if you get an error message while trying to download or update a signature, you can wait
for at least one hour and try again or update signatures manually.

• Also, make sure the signature you want to download is 50 MB or larger to ensure you get the
complete signature file.
Thank You
!!!
Any questions?
 3.3
PROTECTION
PHYSICAL
EQUIPMENT
LEARNING OUTCOME
01 Identify physical computer and network equipment
protection methods.

02 Describe Security Hardware

✔ Service Pack
✔ Security Patches
Physical Computer And Network
Equipment Protection Methods
Physical
PHYSICAL SECURITY
Security? ▪ Is a vital part of any security plan and is fundamental to all security
efforts--without it, information security, software security, user
access security and network security are considerably more difficult,
if not impossible, to initiate.
▪ Refers to the protection of building sites and equipment (and all
information and software contained therein) from theft, vandalism,
natural disaster, manmade catastrophes, and accidental damage
(e.g., from electrical surges, extreme temperatures, and spilled
coffee).
▪ It requires solid building construction, suitable emergency
preparedness, reliable power supplies, adequate climate control,
and appropriate protection from intruders.
Protecting Physical
Equipment
Physical security is as important as data security. Protect the
network infrastructure, such as cabling, telecommunication
equipment, and network devices, with the following methods :

Secured telecommunications
rooms, equipment cabinets, and
cages

Cable locks and security

screws for hardware devices

Wireless detection for

unauthorized access points

Hardware firewalls

Network management system

that detects changes in wiring
and patch panels
 Protecting Physical Equipment
Other Methods

01 Physical barriers

01 Natural surveillance

01 Security lighting

01 Alarm systems and sensors

01 Video surveillance

01 Mechanical access control systems

01 Electronic access control systems

Identification systems and access

01
policies
Security Hardware
Security
Hardware SECURITY HARDWARE
▪
? ▪
The operating system (OS) controls almost all functions on a
computer.
All computers rely on an OS to provide the interface for interaction
between users, applications and hardware.
▪ The OS boots the computer and manages the file system.
▪ Almost all modern operating systems can support more than one
user, task, or CPU.
▪ The fundamental job of an OS is to make the hardware usable for
programs.
▪ No matter which operating system you use, it's important that you
update it regularly by updating :
✔ Service Pack
✔ Security Update
▪ These two update is one of method to protect your hardware.
 SERVICE PACK
01 ▪ A SERVICE PACK is a collection of updates and fixes, called
patches, for an operating system or a software program.
▪ Many of these patches are often released before a larger service
pack, but the service pack allows for an easy, single installation.
▪ An installed service pack also tends to update the version number
for OS.
▪ Service packs often include new features in addition to fixes.
▪ This is why one version of a program or OS can be much different
than another on a different computer.
▪ This is especially true if one person remains on an early service
pack and another is two or three service packs ahead.
 SECURITY PATCH
02 ✔ PATCH is refer to a small adjustment to the code of the
software you’re using.
✔ A patch updates one component of the software, perhaps to fix
a bug or error discovered after product release.
✔ A “hotfix” is quite similar, though developers typically use the
word hotfix to describe a fix users can apply without having to
restart their software.
✔ SECURITY PATCH is a change applied to an asset to correct
the weakness described by a vulnerability.
✔ Security patching is crucial for protecting devices and data.
✔ Users and organizations need to implement patch management
procedures that safeguard them from cyberattacks.
Service
IMPORTANCE OF SERVICE PACK
Pack ▪ Each service pack helps improve performance and get the most
functionality .
▪ A service pack contains all the fixes and patches released for a
version of a product as of that date, including all previous service
packs.
▪ Occasionally, service packs even add functionality.
Security
IMPORTANCE OF SECURITY PATCH
Patch ▪ Reduce exposure to cyberattacks
▪ Avoid lost productivity
▪ Protect your data
▪ Protect customer data
▪ Protect others on your network
IMPORTANCE REDUCE EXPOSURE TO CYBER ATTACK
OF SECURITY ▪ A cyberattack can seem like an impossibility until it becomes a
reality.
PATCH ▪ It can feel like a cyberattack comes out of the blue without warning,
but quite often.
▪ Security patches are available before hackers exploit a vulnerability
and use it to infiltrate systems.

AVOID LOST PRODUCTIVITY

▪ One unexpected consequence of cyberattacks is the lost
productivity that results from system downtime.
▪ A cyberattack can lead to two types of monetary losses :
✔ The cost of patching systems
✔ The cost of delayed projects and unproductive employees.
IMPORTANCE PROTECT YOUR DATA
OF SECURITY ▪ Don’t underestimate the value of the data stored on your devices.
▪ Hackers can use personal information from one system to gain
PATCH access to another.
▪ Especially if they gain login information from a person who uses the
same credentials for multiple systems.

PROTECT CUSTOMER DATA

▪ Businesses have a responsibility to safeguard the information users
entrust to their systems.
▪ There can be severe consequences for companies that fail to live up
this standard.
▪ Example :
✔ Equifax, which the Federal Trade Commission has ordered
to provide $125 or 10 years of free credit monitoring to
people affected by the 2017 breach of its consumer data.
IMPORTANCE PROTECT OTHERS ON YOUR NETWORK
OF SECURITY ▪ Once a worm infiltrates a computer network, it can spread quite
rapidly to other devices connected to your network.
PATCH ▪ In this way, one unpatched system or unvigilant user can cause
disastrous consequences to an entire network of systems.
THANK YOU!!