Cybersecurity Essentials Course

Lec. 3

Protection of Computing Devices

Dr. Eman Zahran
 Protection of the Computing devices

The computing devices are the portal to your online life, storing a
lot of your personal data. Therefore, it’s important to protect the
security of our devices.

Computing Device: Any electronic equipment controlled by a

CPU (central processing unit), including desktop and laptop
computers, smartphones and tablets
 Protection of the Computing devices Cont.

There are nine steps to assure the protection of

computing devices from Internet-based threats such
as:
1. Establish and configure a firewall to control the
flow of information between the computing
device and the Internet.
2. Install and use anti-malware on the local
computer.
3. Management of operating system and browsers
4. Remove unnecessary software from the computer.

5. Disable any nonessential services running on the computer.

6. Disable unnecessary OS default features.

7. Secure the web browser.

8. Apply operating system and application software updates and

patches.
9. Apply strong passwords.
 Firewall
concept of firewall
• A Firewall is a network security device or program that monitors and
filters incoming and outgoing network traffic based on an
organization's previously established security policies.

• At its most basic, a firewall is essentially the barrier that sits between a
private internal network and the public Internet to detect the threats.

• The main purpose of a firewall is to act as a barrier that allows non-

threatening traffic in and keeps dangerous traffic out.
Firewall Cont.
A firewall can be installed on a single computer with the
purpose of protecting that one computer (host-based
firewall) or it can be a standalone network device that
protects an entire network of computers and all of the host
devices on that network (network-based firewall).

For standalone or local computers, this can be addressed

through the local software firewall available with the
operating system.
 Scopes of a firewall's protection
The scope of firewall protection varies according to
targeted use such as:
1- Keep networks safe from external traffic sources (i.e., the
Internet).

2- Build "walls" around internal sub-networks (e.g., a

firewall that prevents HR personnel from accessing a system
reserved for the developing operations team).

3- Set up traffic scanning on a single device

 Types of Firewall

 Firewall Types based on Method of Operation

1- Packet filtering firewalls
2- Stateful inspection firewalls
3- Circuit-Level Gateways
4- Proxy Firewalls
Firewall Types based on Deployment
1- Software Firewalls
2- Hardware Firewalls
3- Cloud-based Firewalls
1- Packet filtering firewalls (static firewall)

Considered as entry-level firewalls

These firewalls look only at the packets and not the
connections and traffic passing across the network

packets that come are filtered and matched with rules that
have previously been made in building a firewall.

If the data is suitable, then the data can be received and vice
versa if it does not match the rules, then the data is rejected.
 Packet filtering firewalls Cont.
Pros of Packet filtering firewalls
• A low-cost solution.
• Fast packet filtering and processing.
• Excellent at screening traffic between internal
departments.
• Low resource consumption.
• Minimal impact on network speed and end-user
experience.
• Enables complex security policies through filtering on
packet headers.
• An excellent first line of defense in a multi-layered
firewall strategy
Packet filtering firewalls Cont.

Cons of Packet filtering firewalls:

No checks of packet payloads (the actual data).

Easy to bypass for an experienced hacker.

Vulnerable to IP spoofing attacks since it processes each

packet in isolation.

No user authentication or logging features.

Access control lists are challenging to set up and

manage.
2- Stateful inspection Firewalls
Stateful inspection firewall: Dynamic firewalls

It maintains records of all connections passing through it and can determine if a packet
is either the start of a new connection, a part of an existing connection, or is an invalid
packet.

Monitors the active status of the connection, then the information obtained will be used
to determine whether a network packet can penetrate the firewall.

Stateful inspection firewalls maintain a table database that tracks all open connections
and enables the system to check existing traffic streams. This database stores all key
packet-related info, including:
• The source IP.
• Source port.
• Destination IP.
• Destination port for each connection.
Stateful inspection Firewalls Cont.
Pros of stateful inspection firewalls:
• Consider previously inspected packets while filtering
traffic.
• Do not open numerous ports to allow traffic in or out, which
shrinks the attack surface.
• Detailed logging capabilities that help in digital forensics.
• Reduced exposure to port scanners.
Cons of stateful inspection firewalls:
• More expensive than packet-filtering firewalls.
• Require a high degree of skill to set up correctly.
• Often take a toll on performance and lead to network
latency.
3- Circuit-Level Gateways

• Do not filter individual packets, but they succeed in

protecting their private network from traffic and
keeping details private.
Pros of circuit-level gateways:
• Only process requested transactions and reject all other traffic.
• Simple to set up and manage.
• Resource and cost-efficient.
Cons of circuit-level gateways:
• Not a stand-alone solution as there's no content filtering.
4- Proxy Firewalls
These firewalls have deep packet inspection (DPI) capabilities
that check both payloads and headers of incoming traffic.

• When a client sends a request to access a network, the

message first goes to the proxy server. The firewall checks
the following:
• Previous communications between the client and devices
behind the firewall.
• Header information.
• The content itself.
• The proxy then masks the request and forwards the message
to the web server. This process hides the client's ID.
• The server responds and sends the requested data to the
proxy, after which the firewall passes the information to the
original client.
Software Firewalls
Definition:
A software firewall (or a host firewall) installs directly on the host device.
This type of firewall protects only one machine (network endpoint, PC, laptop,
server, etc.), so admins must install a version of the software on each device
they want to protect.
Since admins attach a software firewall to a specific device, there's no
avoiding some resource usage. These firewalls inevitably eat up some system
RAM and CPU, which is a deal-breaker for some use cases
Pros of software firewalls:
• Excellent protection for their assigned device.
• Isolate individual network devices from one another.
• Readily available.
Cons of software firewalls:
• Consume the device's CPU, RAM, and storage.
• Require configuration for each host device.
• Day-to-day maintenance is difficult and time-consuming.
• Not all devices are compatible with every firewall, so you may have to use
different solutions within the same network.
Hardware Firewalls
A hardware firewall (or an appliance firewall) is a separate piece
of hardware that filters traffic entering and coming out of a network. Unlike a
software firewall, these self-contained devices have their own resources and do
not consume any CPU or RAM from host devices.
Pros of hardware firewalls:
• Protect multiple devices with one solution.
• Top-tier perimeter security as malicious traffic never reaches host devices.
• Do not consume resources of host devices.
• An admin manage only one firewall for the entire network.
Cons of hardware firewalls:
• More expensive than software firewalls.
• Insider threats are a considerable weakness.
• Configuration and management require more skill than software-based
firewalls.
Some Hardware Firewall vendors
Dlink, Linksys and CISCO
Cloud-Based Firewalls
Many providers offer cloud-based firewalls that they deliver on-
demand over the Internet. These services are also known
as Firewall-as-a-Service (FWaaS).
It is a firewall hosted by the cloud
Pros of cloud firewalls:
• The service provider handles all admin tasks (installation,
deployment, patching, troubleshooting, etc.).
• Users are free to scale cloud resources to meet the traffic load.
• No need for any in-house hardware.
• High levels of availability.
 Cloud-Based Firewalls Cont.

Cons of cloud firewalls:

• A lack of transparency regarding exactly how
the provider runs the firewall.
• Like other cloud-based services, these
firewalls are difficult to migrate to a new
provider.
• Traffic flows through a third party, which
raises latency and privacy concerns.
• Expensive in the long run.
 Criteria for selecting a Firewall

Firewalls are not a one-size-fits-all security solution for

every business, and organizations must identify what
firewall type is right for their network security needs.
There are many parameters when deciding to choose a
firewall which are :
• Security Level
• Definition of Rules
• Blocks and Intruder Protection
• Resource Usage
• Performance Speed
• Cost to Start and Maintain
Characteristics used in firewall access
policy
• IP Address and Protocol Values
• User Identity
• Network Activity
 Characteristics used in firewall access policy
Cont.
• IP Address and Protocol Values
Controls access based on the source or destination addresses and port
numbers and direction of flow being inbound or outbound.
This type of filtering is used by packet filter and stateful inspection
firewalls. It is typically used to limit access to specific services

• A packet is a piece of data formatted for Internet transfer that

contains:
• The payload (the actual content).
• A header (info about the data, such as who sent it and to whom).
 Characteristics used in firewall access
policy Cont.
• User Identity: Controls access based on the users
identity, typically for inside users who identify
themselves using some form of secure authentication
technology
.
 Characteristics used in firewall access
policy Cont.
• Network Activity:
Controls access based on considerations such as the
time or request, e.g., only in business hours; rate of
requests, e.g., to detect scanning attempts; or other
activity patterns
 Policy Actions

• Packets flowing through a firewall can have one

of three outcomes:
– Accepted: permitted through the firewall
– Dropped: not allowed through with no indication
of failure
– Rejected: not allowed through, accompanied by
an attempt to inform the source that the packet was
rejected
 Blacklists and White Lists
Two fundamental approaches to creating firewall policies (or rule sets)
• Blacklist approach (default-allow)
– All packets are allowed through except those that fit the rules
defined specifically in a blacklist.
– Pros: flexible in ensuring that service to the internal network is
not disrupted by the firewall
– Cons: unexpected forms of malicious traffic could go through

• Whitelist approach (default-deny)

– Packets are dropped or rejected unless they are specifically
allowed by the firewall
– Pros: A safer approach to defining a firewall rule set
– Cons: must consider all possible legitimate traffic in rule sets

27
 Firewalls
Some Software Firewalls
Zone Alarm
Microsoft Widows Firewall
MacAfee Security Suite
Norton Security Suite
Some Hardware Firewall vendors
Dlink
Linksys
CISCO
Protection of Computing Devices Cont.

 Protection using Firewalls

1- Keep the Firewall On
• In Windows 10 firewall is on by default
• In old version windows firewall needs to be configured
 Locate the personal firewall on your own computer and.
 make modifications to its settings to provide the best possible
protection
2- Keep the firewall up to date
 Make sure your downloaded is evaluated by expertise
organizations.
 keep one firewall running at a time.
 keep one firewall running at all times.
 Protection of Computing Devices
Cont.
Customize Settings Window for Windows Firewall
• Turn on the firewall.
• decide if you want to block all incoming traffic or
if you want to be notified if and when a program
is blocked.
The firewall inspects all traffic going to and coming
from the outside connection and can be configured
to control traffic flow between the Internet and the
local device based on desirable properties.
Windows 10 firewall configuration
Windows 10 firewall configuration Cont.
Windows 10 firewall configuration
Cont.
Windows 10 firewall configuration Cont.
 Windows 10 firewall configuration
Cont.
Examining Windows Firewall with Advanced
Security
Open the advanced setting tab
This window gives you another option to control
settings for each of the three types of networks.
You can also customize the various settings and
set rules for logging.
Windows 10 firewall configuration
Cont.
 Protection of Computing Devices Cont.

• Configuration of firewall in Windows 7

Steps:
1. Go to the Start menu and open up the Control Panel.
2. Select System and Security.
3. Click on Windows Firewall
4. Click Turn Windows Firewall on or off
5. If the firewall is not already active, click Turn on Windows Firewall
for each of the network types that your computer supports.
• For other Windows:
1- Visit: http://support.microsoft.com/en-us/windows
2- Follow the instruction.
 Protection of Computing Devices
Cont.
• Installing and Using Anti-Malware Software
Anti-malware software can be installed using an inclusive
malware-prevention product or by combining different types of
specific prevention programs, such as antivirus and antispyware
products from different vendors.
Protection of Computing Devices Cont.
How does a computer get infected with malware or being intruded?
• Malicious software, such as viruses and spyware, are designed to gain
unauthorized access to your computer and your data.

Sources:
• Executes malicious code via user actions (email attachment)
• inserting USB drives
• Configuration errors (e.g., weak passwords)
• Physical access to computer

Consequences:
• Once installed, viruses can destroy your data and slow down your computer. They
can even take over your computer and broadcast spam emails using your account.
• Spyware can monitor your online activities, collect your personal information or
produce unwanted pop-up ads on your web browser while you are online.

Solution:
Install antivirus and antispyware.
Antivirus and Antispyware for data protection
Cont.
Antivirus and Antispyware for data protection
Cont.
Tips for installing antivirus and Antispyware
• Download software from trusted websites. However, you
should always use antivirus software to provide another layer
of protection.

• This software, which often includes antispyware, is designed

to scan your computer and incoming email for viruses and
delete them.

• Keeping your software up to date will protect your computer

from any new malicious software that emerges.
 Using Antivirus Programs

• All computers with connections to the Internet should be

protected by an antivirus solution before they are ever
attached to the Internet. In these cases, setting the
software to run at each boot-up is more desirable.

• In addition, most antivirus software includes utilities to check

email and files downloaded to the computer through network
or Internet connections
Using Antivirus Programs Cont.

• If the computer is a standalone unit, it might be nonproductive to

have the antivirus software run each time the system is booted up.

• It would be much more practical to have the program check any

removable media attached to the system, only because this is the
only possible non-network entryway into the computer.

• The most common means of virus protection involve installing a

virus scanning (antivirus) program that checks disks and files before
using them in the computer.

.
Using Antispyware
there are basically two types of antispyware products available:
1- Antispyware that finds and removes spyware after it has been
installed
2- Antispyware that blocks spyware when it is trying to install
itself (Real time prevention Antispyware).
Both of these methods stand a better chance of keeping
computers free from spyware when they are combined with user
information about how to avoid spyware.
Detect and Remove Antispyware
• The detect-and-remove method
is by far the simpler type of
antispyware product to write.
Therefore, there are several
commercially available
products that use this method.
Like antivirus software
packages, this type of
antispyware product relies on
databases of existing definitions
to recognize spyware threats.
• These databases must be
updated frequently to recognize
new spyware versions that have
been identified.
Real time prevention Antispyware

The real-time-prevention type of

antispyware product does not rely on
historical data to identify spyware.
Instead, it monitors certain
configuration parameters and notifies
the user when suspicious installation
activity occurs.
 Other ways for fighting spyware

 Install a web browser other than Internet Explorer (for

example, Chrome or Firefox).

 Download the newest browser version that offers better

security features.

 Download only software from reputable sites to prevent

spyware that comes attached to other programs.
 Removing Unnecessary Software
Keeping unused software products on a Computer provides
additional avenues of possible attack and exploitation.
If you don’t know what a suspected software program does,
research it and get rid of it if it is not important to the operation of
that system.

Disabling Nonessential Services

Some viruses are designed to exploit nonessential services

in order to migrate from device to device. In particular,
disengage any file-sharing or device-sharing services that
are running, unless they are somehow required for proper
operation of the system (this is almost never the case in
non-consumer usage).
 Protection of Computing Devices Cont.

Managing the operating system and browser

• Hackers are always trying to take advantage of
vulnerabilities that may exist in your operating system
(such as Microsoft Windows or macOS) or web browser
(such as Google Chrome or Apple Safari).
• Therefore, to protect your computer and your data:
1- You should set the security settings on your computer
and browser to medium level or higher.
2- You should also regularly update your computer’s
operating system, including your web browser,
3- You should download and install the latest software
patches and security updates from the vendors.
 Software Sources Validation

 To reduce security risks, always be sure to get your software, cloud

services, device drivers, and firmware updates from legitimate sources like:
• Vendor app stores – like Windows Store and Google Play Store

• Authorized resellers – like Best Buy and Costco

• Original Equipment Manufacturers (OEMs) – like Dell and Samsung

• Software Manufacturers – like Adobe and Microsoft

• Avoid software from untrusted sources

• Non-approved apps are untested and could contain malware

 Browsers

In today’s remote and cloud-based world, the browser

has become an important tool in our daily lives. Google
Chrome, Microsoft Edge, Mozilla Firefox, and Apple
Safari are the most common.
Browsers are often pre-installed, but are not typically
set up in the most secure way.
The internet has many risks, so it is vital to configure
and maintain browser security so you can protect
against those risks.
 Browser Updates

Because browsers are a favorite target for hackers, keeping them

updated is very important.
Browsers, by default, automatically update themselves.
The updates are installed and applied when you restart your
browser.
If your desktop or laptop is part of a corporate network, your IT
department may be managing the configuration and manually
applying updates to the browsers installed on your system.
Disabling Nonessential Services

Photo-sharing and music-sharing services should always be

disabled, while file and printer should be disabled unless required
to pass information from one device to another to perform work
tasks.
Disabling Unnecessary OS Default Features
Autorun is a highly exploitable feature of the Microsoft line of
operating systems. When this feature is enabled, the OS will
detect the presence of the removable media and execute its
contents. If the USB or CD/DVD contains a virus, it will
automatically be executed and infect the host computer.
 Autorun
A feature used by malicious actors to infect
malware into user devices.
The malware on the CD or USB will start
installing automatically as soon as you insert it to
your device.
If this feature is enabled in your device, it will
be detected as a vulnerability by many
vulnerability scanners.
It is a security best practice to disable Autorun
Disabling Autorun feature
Settings - Devices - select the AutoPlay toggle to turn it off
Securing the Web Browser
The web-browsing class of application software has attracted an
increasing number of attacks.
Initial browser configurations may not offer much in the way of
security.
It is usually necessary to configure a new browser’s security
options to safeguard the system from attack through this portal.
Applying Updates and Patches

People and groups that produce malware are always busy

designing the next exploit. For this reason, operating systems and
applications must constantly be updated to counteract these
efforts.
This requires a planned methodology for obtaining and applying
the latest upgrades and security patches for each software product
on the system.
Applying Strong Passwords
The main user authentication tool used with personal computing
devices is the username and password login. In