IT Fundamentals

Computer – a system that manipulates data according to a set of instructions.

Workstation = desktop

Desktop required peripheral devices(keyboard)

Benefits of desk tops - Basic design can be modified or upgraded to suit a purpose

The speed of the cpu determines the computer speed

More memory , more applications

Server – a computer that provides services to any other computer, usually a powerful computer
supporting large amounts of users. Servers make use of copies and backups making them FAULT
TOLERENT

Laptops – all in one computers

 Benefits: Size and weight, Integrated input devices (mouse and keyboard)

Internet of Things (IoT)

Internet of Things refers to any device that can be connected to a network, smart homes , cars.

Home automation

Any smart home device is considered home automation, alarm clocks

Setting up a PC system

Prerequisites to set up a pc :

– Correct environment (right temp and no dust or humidity), Safe physical installation, no
exposed wires or tripping hazards , Is the system healthy and ergonomic to use.

Ergonomic Concepts

RSI – repetitive strain injury.

Navigating an os

The main function of the os is to provide a stable environment from different software applications
to work and run. The os provides the applications access to the hardware.

When started up the computer preforms a Power-on Self-Test ( POST ) to ensure that the main
components are working.

Using the Task Bar

Used to manage running apps

ALT + TAB to switch tabs

The TASK VIEW button can also be clicked to view a list of running apps.
Recognizing Desktop icons

File – has a pic of the application on It.

Shortcuts – looks like a file icon but has a small arrow in the bottom left corner.

Folder – Looks like a file in a folder

Application Icons – contrast the screen well.

Device icons - the icon looks like a piece of technology

Working with Windows

Full/partial screen = maximize or restre

Functions of an Operating System

Os =interface between hardware and software applications.

Interface between User and Computer

This interface is called a shell

First types of operating systems like Microsoft Disk Operating system (DOS) used Command line
interface(CLI) or simple menu systems. This evolved into the GUI ( Graphical user interface)

Interface between Applications and Hardware

Another function of the OS is to “Drive” the computer hardware.

Kernel - The kernel is a computer program at the core of a computer's operating system and
generally has complete control over everything in the system. It is the portion of the
operating system code that is always resident in memory and facilitates interactions
between hardware and software components.

The OS is built from a kernel of core functions with additional driver software and system utility
applications.

Each hardware component requires a driver to work

The os is responsible for identifying the components and loading the drivers needed for the
components to work.

System health and functionality

A function of the os is to allow the user to monitor system health and performance.

This functionality allows the user to monitor component performance and determine if a
component is over worked and needs to be upgraded or if the component is faulty.

Data Management

Additional functionality of the os is for a user to interface with its Data management (can read ,
write or modify files and other items stored on the device.)

Types of operating systems

- Workstations , Servers , Mobile devices.

Workstations – This is the traditional desktop or laptop.

- Examples of this os are Windows , Apple os , Linux and Chrome OS \

- Work stations can be divided into categories:
- Enterprise clients – works as a client on a business network
- Network os – (NOS) , or server os designed to run on servers and create business
networks
- Home Client – designed to work on standalone and run a home or small office
environment.

Mobile os:

- Designed for handheld devices , examples are ( apple ios and Android )
- Cannot uninstall and reinstall mobile os as it can only run for the system it was designed
for.

Server os :

- Windows server , Linux , Unix are common examples.

- Common to have CLI and not GUI to make it more reliable.

Open source vs Commercial

Commercial os – user must purchase a license to install and can only use the os on a particular
device. The source code is kept hidden

Open Source – the code used to design the os is freely available, this means that developers are free
to make changes to the way the os works

- Examples include ( Unix , Linux , Android)

Embedded OS

Embedded systems are typically static environments, pc’s are dynamic environments

An embedded os is designed for a very specific purpose , these systems mainly preform accurately
time sensitive tasks.

These are also known as REAL TIME OPERATING SYSTEMS (RTOS)

Firmware

Firmware is embedded software. Firmware provides all the necessary functionality for interacting
with the device hardware.

This can but is not designed to be changed or updated

2 types of firmware

- The basic Input/Output System ( BIOS ) : the standard set of instructions that operates
the essential components of the PC
 - Unified Extensible Firmware Interface (UEFI) is a modern firmware interface that
replaces the traditional BIOS, providing a more flexible and secure way for computers
to start up and interact with hardware during the boot process.

Virtualization

Virtualization means that a computer can run multiple different Operating systems at the same
time.

Virtual platform requirements

- A computer that provides the necessary resources ( CPU , GPU and RAM)
- A hypervisor ( Virtual Machine Monitor VMM) manages the virtual machine
environment and facilitates the interaction with the host hardware
o A Type 1 ( “bare metal” ) hypervisor is installed directly onto the computer and
interacts with the hardware directly
o A type 2 hypervisor runs as a software application within the host os , this
means that the host os retains its control over the virtual environment.
- Guest Operating systems ( or Virtual Machine), the number of operating systems is
limited by the hardware capacity or by the hypervisor.

Uses of virtualization :

- Virtual Labs , create a virtual os to analyses or test viruses as it cannot infect the original
os
- Support legacy software applications, if host computers have been upgraded some
software might be outdated and incompatible.
- Development environments – test software under a different os
- Training – people can be trained to use a live os with out disrupting the original
working os.
- Windows 10 pro and enterprise have virtual hypervisors built in

Microsoft Windows

Is the dominant commercial os. Used by 90% of the world's computers.

Windows 10 was made in 2015 and is the “last” version of widows , all new versions will come as
updates.

Windows 10 : much better than windows 8

Windows 10 , windows 8 , windows 7 , windows vista , windows XP

Windows Editions:

- Windows 10 home – cannot be used to join a corporate Windows domain network

- Windows 10 pro – designed for SMME’s , allows networking and management features
over client devices
- Windows 10 Enterprise – same as windows 10 pro but for a larger scale
- Windows 10 Education / Pro Education – designed to be licensed by schools and
university’s
Windows 10 mobile

Microsoft has developed versions of windows for phones ( Windows CE, windows phone 7 and
windows phone 8 )

Apple macOS and ios

Main differences between these and any other os is that this os is only compatible with their
devices

macOS was designed off of UNIX

Apple ios

Is the operating system for apple iPhone and iPad , updates are free.

Linux, Chrome, and Android

Based on the UNIX operating system.

Widley deployed on web servers

Chrome OS

Derived from linux , this OS is designed to run on only Chromebooks and Cromeboxes(CHROME OS
IS FOR CHROME DEVICES) ( designed for the budget market )

Purpose is to mainly run web apps

Android

Smartphone and tablet os , this is open source.

File Explorer

Was called “windows explorer”. == Short Cut = START + E

This PC

This shows removable and unremovable drives

This also enables the user to change configuration settings

Network

This is a container for any network servers that a computer is connected to.

Control Panel

Is the location for basic user configurable settings

Ease of access Options

Help people with disability to use the computer effectively

- Touchscreen
- Voice control and narration
- Visual alternatives for sound
- On screen keyboards
- Magnifier
- Display Settings

Advanced Management Utilities

Used to configure more advanced aspects

Shortcuts(drop down) - Start + X

Opening a web page

Short Cuts – CTRL + T open new tabs

CTRL + TAB to cycle through tabs

URLS’s , Websites and Hyperlinks

Uniform Resource Locator ( URL )

A website is a collection of web pages (website is collective of webpages).

Hyperlinks help navigate through webpages , often organised as navigation bars

Browser Controls

Back – BACKSPACE

Forward – ALT + RIGHT ARROW

Stop – ESC

Refresh – F5

Management Interfaces

- Is a graphical or command line interface used to preform system configurations

- Ie. Control Panel or Windows settings , cmd , Registry Editor , Powershell
- Administration tools shortcut – START + X

Process and Service Management

When an app is launched its loaded into the RAM as a PROCESS

Task Manager – is the utility that allows users to shut down non responsive programs

Task Manager shortcuts – CTRL SHIFT ESC

Service Management

Is a process that doesn’t require any user interaction

Task Scheduler

Task scheduler sets a task to run at a particular time

Memory and Disk Management

- System memory , RAM , this is volatile

- Mass Storage , HDD or SSD
Memory Management
If the system runs out of memory , processes will be unable to start and running
programs will crash.
Memory cannot be configured

Virtual Memory/Pagefile

This is when the os loads more data than what the ram can handle , this causes the computer to use
the fixed disk to supplement the ram needed, this is called PAGEFILE or VIRTUAL MEMORY, virtual
memory is configurable.

Disk Management

This is windows GUI tool to format mass storage devices( disks and USB Drives ) and to manage
partitions.

Partions allow a single disk to be divided into multiple different logical areas.

Command Line Interfaces (CLI)

This is an alternative means of configuring an operating system or application.

Can have a Command line and no GUI

When you type the command and press enter , the shell executes the command, displays
associated output.

There may be more than one Command line interface included with an os , for example windows
CMD and PowerShell.

Access Control and Protection

Access Control means that a device or information stored can only be accessed by an authorized
person.

The os can restrict the privileges allocated to an account.

Administrator and Standard User Accounts

The account created during the setup is a local Admin, this account comes will all privileges like
saving to any file path, and configuring settings.

Least Privilege and User Account Control ( page 75 )

The principle of Least Privilege is that users should only have sufficient permissions required to
preform tasks necessary to them and no more.

User Account control prevents malware and other malicious acts from taking place with full
privileges, this is called a protected SANDBOX. When a user needs to exercise administrative rights
they are asked to enter the relevant credentials.

Creating Other User Accounts

Windows supports 2 types of accounts :

- Local Accounts , these are defined on one computer only

- Microsoft accounts, these are connected to Microsoft’s cloud services.
These accounts can be signed into on multiple devices and can synchronize settings ,
apps and data between them

To Create a new account , Open Settings > Accounts > Family and other people > Add
someone else to this PC

Managing User Accounts

Users can manage their own accounts from Settings > Accounts

Users can configure the following :

- Your Info ( your picture and name )

- Email and App Accounts
- Sign In options
- Access work or school ( users can define additional accounts that can be used to access
other networks )

Support and Troubleshooting

Once the problem has been understood there are 3 options :

- Repair
- Replace
- Ignore
-
Troubleshooting PC issues

Step 1 – inspect physical device for damage , cables, ports or any peripherals

Step 2 - When starting up , look for lights or listen for indication that components are working. None
of these = power issue.(no noise or lights = power issue).

Step 3 - if the problem is between the computer and peripherals check cables and connections , if
that isn’t the issue the drivers might be the issue.(last option is driver is the issue).

Getting Support

Don’t attempt solutions that are beyond your expertise. Use the vendors website to find the Set up
or maintenance guide. You will need the product code for this.(vendor guide needs product code).

Press F1 for online help in windows 10

Contacting Technical Support

When you contact support a ticket will be opened. They require the following information:

- Name and Contact Information

- The Software of device you are having problems with( version number)
- Possibly the date you purchased the product
- A Description of the problem and any error messages or error codes

Advanced Search engine techniques

Use syntax to help with advanced searches

- “” Quotation marks are used to match keywords exactly to the input

- + is used to find the word that follows it in the document exactly
- - is used to exclude a word from direct matches
- OR(|) can be used to find either of the words
- * represents a missing or unknown word ( search engines will fill in the blank with
possible matches )
Advanced search is also available through a GUI
Units of measurement

Bits and Bytes(K - M - G - T).

KiloByte(KB) = 1000 bytes

MegaByte(MB) = 1 000 000 bytes / 1000 Kilobytes

GigaByte(GB) = 1 000 000 000 bytes/ 1000 Megabytes

TeraByte(TB) = 1000 000 000 000 bytes / 1000 Gigabytes

PetaByte(PB) = 1000 000 000 000 000 bytes / 1000 Terabytes

** There is different system notation of these units

KiliByte(KiB) = 1024 bytes ( small i in the middle shows value is 1024).

MebiByte(MiB) = 1024 Kilibytes Microsoft uses this system

GibiByte(GiB) = 1024 MebiBytes

Processing Speed Units

Megahertz (MHz) – 1 million cycles per second (Hz = million p/s).

Gigahertz (GHz) – 1000 Million cycles per second (Gig = 1000)

ASCII Data Representation

- American Standard Code for Information Interchange

- Each character has a 7 bit binary number, this results in 128 different characters.
- Developed in 1963

Unicode

- a set of code charts that handle visual reference

- A data encoding method
- A set of standard character encodings
- A set of reference data files
- Additional properties include : Character properties , Rules for normalization, rendering
, display order ( languages that read right to left )
- Represented by one of the different Unicode character encoding standards ( UTF-8,
UTF-16, UTF-32)

Investing in Security

Data and information is an asset , we protect this asset with security controls.

This figure called RETURN ON SECURITY INVESTMENT is the measure used to compare the cost of
the security compared to the possible loss.

Security Controls

`This is a control to ensure data is only accessible to persons with the correct authorisation.

Examples:

- Backup, this means copies of important data the can be accessed quickly if needed
- Access Control , this Is to ensure only the correct people can access information , this is
done by using the following:
o Permissions – assign permissions to users or groups
o User restrictions, like restricting users to read only.
o Data Encryption - this means data is encoded in a way that only the person with
the correct key can see. Even if someone obtained the data it would be
unreadable.
o Firewalls - on a network firewalls control how the host and network
applications interact.

Intellectual Property

IP is the most valuable information asset that an origination owns.

Copy Right

- Is the legal protection granted to specific types of work , detailing the rights of the
owner such as publication distribution or sale.
 - Copyright does not apply to an idea that is not actualized , nor does it apply to names
phrases or titles.
- Copyright lasts for a number of years after the owners death , anywhere between 15
and 70 years ---++++++++++++++++++++++

Trademarks

Copyright doesn’t apply to names , so companies will trademark their name and\or logo

2 different trademark symbols TM and R ™ ®

Patents

- A Legal protection for some kind of invention , these must be applied for and are not
automatic, however the idea doesn’t need to be made in reality. (can be on an idea)
-

Digital Products

A digital product is sold or distributed as binary computer data.

Examples:

- Software, computer games, eBooks, Music … ect

- Easy to copy and steal

Software Licensing Agreements

EULA - end user license agreement ( T’s and C’s )

Group use/site License – Instead of buying individual licenses for every computer in a business, you
can by group licenses.

Concurrent Licenses - this restricts the software to a set number of users on the platform at one
given time.(Netflix restricting 5 users).

Client Access License ( CAL ) - this is a license bought for software to be installed on a network
server for unlimited user interaction , this is done so the software does not need to be installed on
every machine.

Database Concepts

Flat file systems vs Databases

- Databases support a wider variety of Datatypes and have methods in place to reinforce
this datatype.
- Databases can manage tables and create
- Scaling in size is less costly using databases , if you need to double the size of a flat file
this could cost double the price, this does not apply to databases
- Databases provide better access control and authorization systems.
Database Structures

Relational Databases

- This is the standard databases(Relational database), with tables connected using

relationships.
- Called Relational Database Management systems ( RDBMS ) use structured Queary
language ( SQL ) or one of the following
o Microsoft SQL Server
o Oracle Database
o MySQL
o Microsoft Office Access

Primary Key and Foreign Key

Each record in a database table needs to be unique, this is done by using a primary key , one
field in the table is a unique key asssociated to that specific record.

If this unique primary key is used as a field in another table this is referred to as the foreign
key.

The structure of the database in terms of the fields defined in each table and the
relationships between primary and foreign keys is referred to as the SCHEMA

Constraints

- Garbage in Garbage Out ( GIGO ) , this is the concept used to teach people to make sure
the values entered into a database conform and are consistent with what information
the fields are supposed to store.
- Constraints can be added to enforce a specific data type, for example:
o Primary keys have constraints ensuring each record must be unique ‘
o Other constraints could be that a field cannot be left blank or null
o You can define the structure of the data type like an ID number or telephone
number

Semi-Structured and Unstructured Databases

- Unstructured data has no rigid formatting, like a word doc , images and text files
- Typically, Much easier to create
- These can store a much larger variety of data types that a relational database can

Document and Key/Value Pair Databases

- A document database is an example of semi structured databases. Rather than define

tables and fields the database grows by adding documents to it.
- The database query engine must be designed to phrase each document type and
extract information from it
- Documents are commonly use XML ( eXtensible Markup Language)
- Key/Value pair databases means there is a key such as “user01_surname” and a value of
“Warren”
- Key/Value pairs are non-relational because there are no formal structures to link the
different data objects and files. However relationships can still be found through
searches and queries , this summarizes and correlates data points
Relational Methods

Data Definition Language ( DDL ) is used to Create , edit or delete databases or tables

- Create
- Alter Table
- Drop
- Create Index

Data Manipulation Language (DML) is used to Insert, update, delete or select records in a table.

Hardware
Memory ( RAM )

- Front Side Bus = Bus between CPU and RAM, must be as fast as possible.

Network

- NIC , Network Interface Card

Motherboard Components 8

The motherboard is the Printed Circuit Board ( PCB ).

This comes with some built in processors , sockets, and slots for upgradeable components.

The built in components usually include : Graphics , Video , and Network adaptors

Processors

A Microprocessor is a programmable integrated circuit ( this consists of purified silicon doped with
a metal oxide , usually copper or aluminium. This process creates millions of transistors and signal
pathways which provide the electrical on/off states that are the basis of the Binary System.

Reduced Instruction Set Computing ( RISC )

Features Of Processors

- The Control Unit fetches the Next instruction and in turn executes it itself or passes it
to the Arithmetic Logic Unit ( ALU ) or Floating-Point Unit ( FPU ).

Instruction Set ( 32- vs 64 – bit )

The advantage of 64-bit is the ability to use more system memory. 32-bit systems are limited to
addressing up to 4 GB – 64-Bit systems can address 256 Terabytes ( or More )

BIOS vs UEFI

- BIOS : Basic Input/Output System

- UEFI : Unified Extensible Firmware Interface
-
Computer Ports and Connector Types

Ports are used to connect peripheral devices and cabling to the computer.

- HDMI
- DVI
- SATA
- USB
- RJ-45 Network
- Audio Ports

USB 1.0 vs 2.0 vs 3.0

- USB 1.1: is rated for 12Mbps.

- USB 2.0 is rated for 480Mbps.
- USB 3.0 is rated 5Gbps up and down.
- USB 3.1 SuperSpeed mode is rated for 10Gbps.

Graphics Devices

The variety of colour options for a display is measured in colour /bit depth

HD display Cables

HDMI – High Definition Multimedia interface , requires royalties to be paid

DisplayPort – requires an alternative to HDMI as it is royalty free

Thunderbolt – Can be used as a display interface or as a general peripheral port

Input Devices

Mouse:

- Mechanical Mouse has a physical ball that gets rolled on a firm surface, this in turn
moves the mouse pointer on the screen.
- Optical Mouse, this uses LEDs to detect movement over a surface.
- Laser Mouse, this uses an infrared laser which gives greater precision than an optical
mouse.

Configuring Peripherals

These devices can be configured using the windows built in drivers or using the vendors own driver.

Using Control Panel or Device Manager

START + SPACEBAR will switch between keyboards layouts.

RF and Near Field Communications ( NFC )

Radio frequency ID (RFID) is a means of tagging and tracking objects using specifically encoded tags
, when an RFID reader scans a tag , the tag responds with the information programmed to it.

These tags can either be unpowered that only responds when scanned at a close range ( 25m ) or
can be powered with an active range of 100m
Near Field Communications ( NFC ) – is a peer to peer version of RFID. NFC device can work as both
a tag and reader. NFCs exchange information between devices

Networking Interfaces

Networking interfaces allow computers to be connected and exchange data.

Most Pcs come with network adaptors or Network Interface Cards ( NIC )

Ethernet Connector ( RJ-45)

- Ethernet Cables use a copper twisted pair with an RJ-45 Connection

Telephone Connector ( RJ-11)

- Telephone cables are used to connect fax machines , they use twisted pair cabling with
an RJ-11 Connection.
- This is smaller than an Ethernet RJ-45 port , so one will never use the wrong port
- This cable is used to connect modems to the DSL port on the telephone master socket

Installing and Uninstalling Peripherals

Plug and Play Installation

- This means when you connect a new device, windows identifies it and tries to install a
device driver for the device.
- Devices connected via the USB port are Hot-Swapable, meaning they can be added or
removed while the system is running(Hot-Swappable).

Manual Driver Installation

- When plug and play doesn’t work, try and locate the driver on the windows Update
website, if no driver is available there, you will need to obtain one from the product
manufacturer.

Devices and Printers

- These devices may have more configuration steps after installation(Bluetooth)

- If you double click on a device in the device manager you will see all the available
properties and configuration settings.

Removing and Uninstalling Devices

- To uninstall a driver, usually start by uninstalling the software package used to install
the driver
- Alternatively, Open Device Manager ( use Start + X ) > locate the device > Right Click >
Uninstall

Display Devices

Flat Screen Displays

 - Liquid Crystal Display ( LCD ) are used by portable computers and have replaced the
older Cathode Ray Tube
- Each Pixel in a colour LCD uses filters to generate the 3 primary colours, from here
transistors vary in intensity to get the wide variety of colour available to us.

Touch Screens

- Used for input , typically used in the absence of a physical keyboard and mouse
- Capacitive touchscreens , this means a touch screen with the correct software can
support multitouch events , such as rotating and zooming.

Digital Projectors

- Suitable for presentations or meetings(Large format Display)

- There are both CRT and LCD versions available but Digital Light Processing ( DLP ) is the
best option.
- Compatible with HDMI , DVI , Thunderbolt and VGA interfaces

Display Settings

Screen Resolution

- This is the number of pixels used to create the screen image.

- Measured by the number of pixels wide by the number of pixels high.
- Screen Resolutions are usually 4:3( standard ) or 16:10 ( wide screen ) – aspect ratio

Installing and Configuring Duel Monitors

- These can be used in 1 of 3 modes (options available in settings).

o Duplicate
o Extend
o Show only 1 or only 2

Configuring a touchscreen

- Configured using the Tablet PC Settings and Pen and Touch apps.
- The Tablet PC Settings allow you to calibrate the display and set orientation options.
- Pen and touch settings will allow you to configure gesture settings , such as hold down
to right click.

Multimedia Ports and Devices

This refers to ports used to play and record Audio and Video using different inputs and outputs.

There are both analogue and digital ports out there , analogue signals need to be converted into
digital and this can reduce quality.

Audio Card

- This is the card used to process audio signals and provide an interface for connecting
equipment.
 - This chip comes embedded on the motherboard but an expansion card might be
installed as an upgrade to make better quality recordings.

Speaker and Microphone Jacks

- These use 3.5mm jacks.

- High end sound cards will include an S/PDIF Jack , these can use Coax or RCA
connectors or Fiber Optic.

Printer Types

- Inkjet and laser are the most common.

- Laser printers work by using a fine powder called toner then fixed to the page by using
high heat and pressure in the fuser unit.
- Inkjets, typically cheap to buy but expensive to run. Slower and nosier than Laser
printing. Colours are created by combining 4 colours: Cyan, Magenta, yellow and black.

Scanners and Cameras

a scanner is an imaging device designed to create a digital file from a page or document.

Types of scanners

- A flatbed scanner – works like a photocopier.

System Memory

DRAM

- Dynamic Ram stores each data bit as an electrical charge within a single bit cell

SDRAM

- SDRAM is synchronized to the system bus. It has a 64-bit data bus. This results in a
bandwidth of 528Mbps.
- Uses the Dual Inline Memory Module (DIMM) slot

Double Data Rate SDRAM ( DDR or SDRAM )

- This is an updated version of SDRAM featuring double pumped data transfers. This
means with a bus speed of 100Mhz the ram = 1600Mbps

Mass Storage Devices

HDD

- HDD , uses magnetic disks to store information

- HDD range from 100GB to 10TB
- HDD performance is measured by how quickly it can read and write, this is controlled by
how fast the magnetic disk spins ( Revolutions per Minute - RPM).

SSD

- SSD, can upgrade to HDD this makes use of no moving parts , this is possible due to
flash memory
-
Optical Drives

- Compact Disks ( CDs), Digital Video Discs or Digital Versatile Discs (DVDS), and Blue-ray
Discs (BDs)
- CDs – 700mbs
- DVD – 17GB
- CD-R , uses Write once Read Many ( WORM ) media.

DVD Media

- DVD-5 , Single Layer /Single Sided – 4.7GBs

- DVD-9 , Dual Layer, Single Sided – 8.5GB
- DVD – 10 Single Layer , Double sided – 9.4GB
- DVD-18 Dual Layer , Double sided – 17.1GB
- DVD – Video up to 17.1GBs

Blu-Ray Discs

- Currently only single sided

- 25GBS per layer
- Can have Single, Dual , Tripple and Quad Layers up to 128GB total.

Managing The File System.

For the OS to be able to read and write to a drive it must be partitioned and formatted with a file
system.

Partitioning means to divide a disk into logically separated storage areas, this improves the
performance of the disk.

On the Primary disk one of the partitions must be made active, this is referred to as the system
partition, used to boot the computer. – this is hidden from file explorer and doesn’t have a drive
letter associated with it.

File Systems…..START HERE POES

- File Allocation Table (FAT), this is typically used for older 32bit windows files with a
maximum file size of 4GB and a max Partition size of 32 GB
- New Technology File System (NTFS), this uses 64bit allowing for Partitions of 2TBs
- FAT32 is used for USBs

File System Features

- Compression, the file system can automatically reduce the size of the stored data
without losing data.
- Encryption, this file system can automatically encrypt data in a file when it is saved, to
access this partition you will need a password or a key.
- Permissions, these file systems maintain an n Access Control List for each file or folder
object.
- Journaling, these file systems will track changes and who made them, this means the
journal can be used to recover files in the event of sudden data loss.
- Limitations, in terms of size and their max capacity of individual file sizes.
-
File Attributes and Permissions

Attributes include Name, date created, accessed or Modified, Its size, its description and one of the
following: (RASH)

- Read Only (R)

- Archive (A)
- Systems (S)
- Hidden (H)

Word Processing Software

Txt. Basic text format with no binary information linking the file to a particular software application

Rt
f. Rich Text Format, generic file format for sharing documents between different word processing
applications

ODF. The open Document format , XML based specification – this is better than RTF

Doc/docx. Words document format

Presentation Software

Ppt/pptx.

PDF – Portable Document Format

Image File Types

Jpg/jpeg – Joint Picture Expert Group

Gif. Graphical Interchange Format only supports 8 bits

Tiff. Tagged Image File format.

Png. Portable Network Graphics

Bmp.

Video File Types

Mpg, this is an early MPEG ( Motion Pictures Expert Group )

Mp4

Flv. Flash Video

Wmv. (Windows Media Video)

Avi. Legacy windows-only format

Audio File Types

Mp3

AAC . Advanced Audio Coding – successor of MP3

M4a.
Flac. Free Lossless Audio Codec

Wav. Early windows audio format

Executable Files

Exe.

Msi. This is a windows installer file ( used to install and uninstall applications )

App. This is an exe for apple

Bat/cmd/vbs/js/ps1- contains a sequence of commands executed by the computer’s interpreter.

Compression Formats

Zip.

Tar

Rar. This is the proprietary format is used by the WinRAR compression Program.

7z. This is the format used by the open source 7-ZIP compression Utility

Gz.

Network Components
A network is 2 or more computer systems linked together by some form of communication medium
that enables the computer systems to share information. 30

Network Clients and Servers

- Network Clients: are computers and software that allows users to request resources
shared by a server

LANs and WANs

- Networks of different Sizes are classified in different ways

- A Network in a Single location is described as Local Area Network ( LAN )
- Networks in different geographic locations but with shared links are called Wide Area
Networks ( WAN ) , a WAN is more likely to make use of a service provider.
- Internet Service Providers ( ISP’s)

Network Media

Network end points are referred to as nodes or hosts.

- Wired data connections use copper or other cabling to transmit signals ( such as
Ethernet )
- Wireless (Wi-Fi) data connections use radio signals to transmit data over the air
Addressing And protocols

- Network signals must be packaged in such a way that each host is able to understand
them.
- Each host also needs to have the ability to recognize the location of other hosts on the
network.
- The above functions are provided in a network protocol.
- A network protocol identifies each host on the network using a unique address.
- It also identifies a PACKET Structure
- A PACKET generally consists of a header ( indicating the protocol type, source address,
destination address … ect ) and a PAYLOAD ( the data ).

TCP/IP - Transmission Control Protocol/Internet Protocol

TCP/IP Protocol Suite Layers

This is the primary protocol of the internet and the worldwide web.

This is also the primary protocol for private internets.

The four layers are as follows :

- Link or Network Interface Layer: responsible for putting frames onto the physical
network. This layer doesn’t contain a TCP/IP. Data at the link layer is packaged in a unit
called a frame.
- Internet Layer: encapsulates packages into Internet Datagrams and deals with routing
between different networks, 3 key protocols are used at this layer :
o Internet Protocol (IP) this is the main protocol in the TCP/IP suite it is
responsible for logical addressing and routing of packets between hosts and
networks
o Address Resolution Protocol ( ARP) this is used for hardware address
resolution. Each host has a link usually called the Media Access Control (MAC)
address. To deliver packets this local MAC must be resolved to a logical IP
Address using ARP.
o Internet Control Message Protocol (ICMP) sends messages and reports on
errors regarding packet delivery.
- Transport Layer: These protocols provide communication sessions between computers,
each application is identified as the Transport layer by a PORT Number, using the
following 2 protocols:
o Transport Control Protocol (TCP): provides connection orientated delivery. This
means that the delivery is reliable and that packets are delivered in the correct
sequence.
o User Diagram Protocol(UDP): provides connectionless delivery, there is no
guarantee that the packets will arrive in the correct sequence.

 Application Layer: the top-level architecture contains protocols that provide the
communications formats for exchanging data between hosts, such as transmitting an email
message or requesting a web page.
Internet Protocol

IP Packet Structure:

Any information received from the transport layer is wrapped in a datagram.

- Source IP Address: Identifies the sender of the datagram by IP address.

- Destination IP address: Identifies the destination of the datagram by IP address.
- Protocol: Indicates whether the data should be passed to UDP or TCP at the destination
Host.
- Checksum: Verifies the packets integrity upon arrival at the destination.
- Time to Live: The number of seconds a datagram is allowed to stay on the network
before being discarded , otherwise packets will endlessly loop around the an internet, a
router will decrease the TTL by at least one second when it handles the packet.

IP Addresses

An IP Address is a 32-bit binary value, to make this easier for configuration it is expressed as 4
decimal numbers separated by full stops ( ig. 172.30.15.12)

Each Number represents a byte value ( a decimal Number between 0 – 255)

Network Prefixes and Subnet Masks

An IP address encodes 2 pieces of information:

- The network Number (The Network ID), this number is common to all hosts on the
same IP network.
- The Host Number(host ID), this unique number identifies a host on a particular
network or logical subnetwork.

To differentiate between the Network ID and Host ID portions within an address each host must be
configured with a network prefix length or subnet mask, this combined with the IP address is used
to determine the identity of the network to which the host belongs.

Packet Delivery and Forwarding

Mac Addresses

- Frames use a different addressing method than IP. At the data link layer, each host is
identified by the address of its network interface.
- The MAC address is assigned to the network adaptor at the factory.
- This is a 48 bit hexadecimal number , often displayed as 6 groups of 2 hexadecimal digits
with a colon or hyphen as a separator or no separator is used.

Address Resolution Protocol (ARP)

- If 2 systems are to communicate using IP, the host sending the packet must map the IP
Address of the destination host to the hardware address of the destination host.
- ARP helps the computers on a local network find the MAC address of the destination
computer using the IP address.
Routing

- If the destination IP address is a local one (same network ID as the source), the host
uses ARP messaging to discover the local destination host. If the network IDs are
different, the sending host uses ARP messaging to discover a router on the local
Segment and uses that to forward the packet. The router forwards the packet to its
destination possibly via immediate routers.
- This means that if the receiver is not on the same network , the host will use ARP to
locate which router the receiver belongs to, and send the packets either directly or via
a path of other routers until it reaches the receiver.

DNS and URLs

- Domain Network Systems (DNS), is a hierarchical, client/server-based distributed

database name management system. The purpose of the DNS database is to resolve
resource names to IP addresses. In the DNS, the clients are called resolvers, and the
servers are called name servers. The DNS database is distributed because no one DNS
server could hold all possible DNS records. Instead, the hierarchical nature of the DNS
namespace enables DNS servers to query one another for the appropriate record
- DNS helps your computer find the IP address for websites based off of Easy-to-
remember names like Google.com, the URL ( Universal Resource Locator ) is made up of
many parts:
o Protocol: HTTP / HTTPS, this tells your computer how to interact with the
webpage
o Domain Name: facebook.com, google.com, this is the human readable name.
o Path: /home, /help , this locates the specific web page on the website
o Parameters: parameters are usually the unreadable part of the URL that tells
the web page what content to show you.

Host Names and Fully Qualified Domain Names

A host name is given to an IP host.

A host name can be any string with up to 256 alphanumeric characters.

The host name can be combined with information about the domain in which the host is located to
produce a Fully Qualified Domain Name (FQDN)

HTTP

- Hypertext Transfer Protocol is the basis of the world wide web

- This allows web browsers to request resources from a HTTP server, this submits a
request for a URL, the server acknowledges this and returns the data.
- To run a website, organisations will typically lease a server or a space on a server from
an ISP.

HTML

- HTTP is usually used to serve HTML web pages, which are plain text files with code tags
describing how the page should be formatted.
- A web browser can interpret these tags and display the text and other resources
associated with the page such as picture or sound files.
SSL/TLS

- Secure Sockets Layer ( SSL ) , the reason SSL was invented was due to the lack of encryption
or authentication between the server and client.
- Transport Layer Security ( TLS ) , was developed from SSL.
- SSL/TLS is closely associated with HTTP , creating HTTPS/ HTTP over SSL or HTTP Secure

Electronic Mail (Email)

- is a messaging system that can be used to transmit text messages and binary file
attachments encoded using Multipurpose Internet Mail Extensions (MIME).
- Email can involve the use of multiple protocols.
- MAPI ( Message Application Programming Interface)
- Simple Mail Transfer Protocol ( SMTP) 3
- 3
- 6./7\455
- MX ( Mail Exchanger)
- Post Office Protocol v3 ( POP3)
- Internet Message Access Protocol (IMAP) u

Configuring Email

- To configure an email account, you will need the username, password and default email
address, plus incoming and outgoing server addresses and protocol types from the ISP.

Internet Service Types

- The Type of equipment used in homes and in small businesses are often described as
SOHO( Small Office, Home Office)
- A SOHO network us typically based around a single multifunction device.
- This type of network device can perform the following functions:
o Switch , connects 4 or 8 computers together in an Ethernet LAN using RJ-45
network ports and twisted pair cabling
o Access Point (AP) – creates a Wifi wireless network ( WLAN) between computers
and mobile devices equipped with suitable adaptors and also switches
communications between the wired and wireless networks
o Internet router/modem – connects the wired and wireless network clients to the
internet via a WAN link

Digital Subscriber Line (DSL)

- popular SOHO internet service types

- DSL works over ordinary Telephone lines( the line must be of sufficient quality)
- Most DSL Lines are Asymmetric – ADSL – (uplink is slower than the downlink - the speeds
achievable are dependent on the quality of the telephone lines and the distance to the local
telephone exchange)

Fiber Optic

- Fiber can be spanned over long distances.

- Fiber to the Home (FTTH) is substantially expensive
- Fiber to the Curb(FTTC) is a compromise solution meaning that the Fiber network
terminates at a cabinet in a near by street and each resident is connected to it via
telephone cabling using Very High Bit Rate DSL ( VDSL )
Cable

- Cable Access TV ( CATV ) service , these networks are often described as Hybrid Fiber
Coax ( HFC ) as they combine Fiber optic core network with coax links to
custo0me0000.r premises equipment.
- The cable router is interfaced to the computer through an ethernet adapter and then to
the cable network by a short segment of coax, terminated using an F-Connector

- Cable based on the Data Over Cable Service Interface Specification (DOCSIS) version 3.0
supports downlink speeds of up to about 1.2Gbps. Most service providers packages do
not offer this kind of speed however, 100Mbps is the typical premium package.

Verifying a Wired Connection

When an ethernet is connected to your PC you will see 1 of 3 icons appearing in the bottom right
corner:

- A red Cross on the icon indicates that either the cable isn’t connected correctly , the
cable is broken or the router is broken.
- A yellow alert on the icon means that the link has not been configured correctly with
the Ip address information AND cannot connect to the internet
- The Plain icon, means that everything is working, and you are connected to the internet
- The IP address information is usually configured by the router, using a service called the
Dynamic Host Configuration Protocol ( DHCP ). You would need to investigate the
settings on the adapter or the switch / router.

Wireless internet Services

Cabled internet services will usually offer the best bandwidth, they are not always available.
Wireless services can be used in areas where it is too difficult or expensive to lay cable.

Microwave Satellite

- Satellite systems provide larger coverage than what can be achieved with other
technologies.
- The microwave dishes are aligned to orbital satellites that can relay signals between
sites directly or via another satellite.
- Satellite TV has a large wide spread use , this allows for domestic Internet connectivity,
this is expanding into satellite internet for communities where DSL cables are less
available.
- Satellite connections experience severe latency problems as the signal has to travel
thousands of miles more than terrestrial connections, this creates a delay 4-5 times
longer than usual
- To create a satellite connection the ISP installs a satellite dish at the customers
premises and aligns it with the orbital Satellite. The Satellites orbit the equator(
northern hemisphere the satellite dish will point south.)
- The antenna is connected via coaxial cabling to a DVB-S (Digital Video Broadcast
Satellite) modem. This can be installed in the PC as an expansion card or as an external
box connected via USB or ethernet port.
Cellular Radio

- Cellular data connections use radio transmissions but at a greater range than WiFi,
- A cell phone makes a connection using the nearest available transmitter. These
transmitters have an effective range of 8km
- Cellular radio works in the 850MHz and 1900 MHz frequency (in America)
- 900 and 1800 MHz frequency (in the rest of the world)

Cellular digital communications standards developed in 2 competing formats, established in

different markets:

o GSM ( Global System For Mobile Communication ) based phones allow

subscribers to use SIM ( Subscriber Identity Module) card to use an unblocked
handset with their chosen network provider
o TIA/EIA IS-95 (cdmaOne) based handsets . With CDMA the handset is managed
by the provider not the SIM.

There are many different cellular Internet Service types (3G , 4G, 5G ) – support for a particular type
is dependent on the local Cell Tower.

- GPRS/EDGE (General Packet Radio Services/Enhanced Data Rates for GSM Evolution) is
a precursor (BEFORE) to 3G
- Evolved High Speed Packet Access (HSPA+), 3G signals.
- CDMA200/Evolution Data Optimized (EV-DO) are the main 3G standards.
- Long Term Evolution (LTE) standard 4G signal
- LTE Advanced (LTE-A) – this aims for 300Mbps but is about 40MBps.

Setting Up a Wireless Network

A typical SOHO network appliance provides 4 wired ethernet ports. This is the reason most SOHO
networks rely heavily on Wi-Fi (only 4 wired ethernet ports).

Wireless Standards and Compatibility

Wireless networking is understood to be the Institute of Electrical and Electronic Engineers 802.11
standards for Wireless LANs (WLAN) AKA WIFI. There are several versions of this standard starting
with legacy 802.11a & 802.11b

- The newer 802.11n has a much-improved 600Mbps

- The Latest 802.11ac is now widely supported (1.7Gbps)p
- Most SOHO routers support 802.11/g/n/ac this means that a router can support devices
with network adaptors suited for all 3 versions of this.

Configuring an Access Point

- To configure an Access Point you need to connect a PC to a LAN port on the SOHO router
- Find the routers IP address (the SOHO routers set up guide)
- Enter the IP address into a browser.
- Enter the Username and password listen on the user guide.
- Use the SYSTEM page to change passwords and permissions.
 SSID

- Service Set ID
- This is the visible network name.
- Change this to make your network uniquely identifiable.

Configuring Wireless Security

- You should enable encryption on the network.

- This encrypts packets being sent over the network and only the router or computer
with the correct cypher key can access this information.
o WEP ( Wired Equivalent Privacy ) – this is old and flawed[.
o Wi-Fi Protected Access ( WPA ) – was the upgrade to WEP, but uses the same
cypher with a new component called Temporal Key Integrity Protocol (TKIP)
o WPA2 – this uses the 802.11i security standard, this uses the Advanced
Encryption Standard( AES ) , this cypher is much stronger than the TKIP

Speed Limitations (Attenuation and Interference)

- Attenuation: The loss of signal strength in a network cable or connection.

- The average device can reach Wi-Fi from 30m away

- The further the distance > The Weaker the signal > The lower the data Transfer rate.
- The distance between the wireless client and the access point determines the of signal.
- Each Device determines an appropriate data rate based on the quality of the signal
using a mechanism called Dynamic Rate Switching/Selection (DRS)
- The rate of data transfer is determined by the 802.11 standard. If the signal is weak the
data transfer rate will reduce to preserve a more stable connection.
- Radio signals experience a lot of interference due to dense materials or anything
exhibiting a radio signal (Wi-Fi, motors, microwaves … etc.)
- Bluetooth can be interfered by its not often due to the 2.4Ghz signal and its
modulation technique.

Connecting to an Enterprise Network

- An enterprise network uses the same components as a SOHO network, but these
components are separated and multiplied.
- On an enterprise, network switches, access points and routers will be used.

Caled Enterprise Network Access`

- Offices often have RJ-45 ports running to every desk.

- These cables will run back to a room where it is connected to an Ethernet switch.

Wireless Enterprise Network Access …00.10

This works in the same way SOHO works but on a bigger scale.

- This network can support more devices than a consumer level one.

Enterprise Network Routers

- Switches and Access points can provide 1000s of connections, this is inefficient.
- The ports are divided into groups using a technology called Virtual LAN ( VLAN)
 - Each VLAN is associated with a different subnet.
- Communications between different VLANs must go through a router.

Safe Browsing Practices

Using Free Open Networks

- To reduce risk of data leaks or interceptions on these networks use a Security Enabled
Protocol (SSL/TLS)
When using a public workstation:

-Clear the Cache before shutting down/logging off and don’t allow passwords to be cached.

Malware Threats- Web browsers are the most exploited point for infecting systems with Malware
or for stealing information.(websites are where most malware is from)

- Malware can be categorised in the following ways:

o Viruses and Worms , malware principally designed to spread to other PCs
o Trojan Horse, an application that appears legit that conceals malicious functions
like remote connection (fake standard bank).
o Adware , software or configuration files installed within your agreement that
allows a company to track what pages you visit and displays personalised ads
for you(5g rumors).
o Spyware, malware installed covertly, possibly as a trojan or as a result of a virus
or worm, spyware can track your keystrokes , your activity and the camera and
0m9icrophone.

Spyware and Adware Symptoms

- Pop ups or additional toolbars

- Searches returning different results to other computers.
- Slow performance / excessive crashing
- Redirection(when you open a page but get sent to another page)

Configuring Browser Security

Malware may be able to infect your computer cause it isn’t up to date, leaving vulnerabilities
available to exploit. This is avoidable by installing the latest security updates and using safe
browsing practices.

Active Content Types

HTTP is limit.

preferred in terms of it serving content other than text and images. Many Websites use active
content to play video or add animated and interactive features. There are many ways of creating
this content :

- Scripting , scripts can run on the server or on the client side. Usually done in Java Script
- Add-ons , these are mini apps that work within the browser, this can be used to extend
or change the functionality of the browser.
 - Flash/Silverlight- provide interactive web applications and video. The browser must
have one of these plug ins installed to view this content.
- Java(fully featured programming language)- used to develop complex web applications.
Java applications require the Java Virtual

Disabling Client-Side Scripting

- Most sites will use Server-side scripting, meaning that code runs on the server to
display the page you are looking at.
- Most websites rely on client-side scripting, (can be disabled).

Managing Add-ons

- Extensions- these can run scripts to interact with the pages you are looking at.
- Plug-ins- these are designed to play embedded content in a web page.
Themes- these change the appearance of the browser using a custom image and colour
schemes.
All Add-ons should be digitally signed by the developer to indicate that the code is as
published.

Managing Cookies and PII

Cookies

- A cookie is a plain text file created by a website when you visit it. The purpose of cookies
is to store session information so the website can be personalised for you.
- This information is referred to as Personally Identifiable Information (PII)

There are 2 classes of cookies.

- First Party Cookies – set by the domain you visit

- Third Party Cookies – set by another domain. If you visit a website (domain) and a
third-party advertiser captures cookies.

Cookies have:

- The site can record more info than you know about.
- Information can be shared with other sites.
- Cookies cant contain malware, but malware can access cookies.
- Spyware and adware can use cookies to track what sites you use to display targeted ads
- Cookies should self-expire , but some sites set this date very far in the future.
- Confidential information such as passwords should be stored in a secure cookie only
readable under the SSL/TLS session it was created in.

Pop-Up Windows

- Pop-Up is a sub-window that appears over the main window.

- These can be placed using scripts or add-ons.
- This is done using Cascading Style Sheets (CSS) , this is HTML’s extended formatting
language(CSS IS HTML’S EXTENDED FORMATTING LANGUAGE).

Controlling Cookies and Pop-ups

- +There are setting options to set what cookies to accept and how long to keep them.
 Disabling AutoFill and Clearing Browser Cache

- Another privacy issue is that passwords and usernames can be saved into forms,
anyone using a public computer should have the knowledge to clear this.

Private Browsing Mode

- In privet mode the browser doesn’t store cookies or temporary files and doesn’t add
pages to the history list.

Digital Certificates and Anti-phishing

- When web browsers communicate with a secure HTTPs server the browser accepts the
servers digital certificate to use its public key to encrypt communications.
- Public keys are linked to privet keys, therefore a public key cannot be used to decrypt
the encrypted message.
- The privet key is used to decrypt messages, this is referred to as Asymmetric Encryption.
- Having a certificate is not in itself any proof of identity. The browser and server rely on
third party Certificate Authority (CA).
- This framework is called Public Key Infrastructure (PKI)

Valid and Invalid Certificates

- If the certificate is trusted the browser will show a padlock icon in the Address Bar.
- If the certificate is highly trusted the address bar is coloured green.
- If the certificate is untrusted or invalid the address bar will be coloured red/maroon.

Enabling a Firewall
- A firewall restricts access to a computer or network to a defined list of hosts and
applications. Basic packet filtering firewalls works based on filtering network data
packets as they try to pass in or out of the machine.

Types of Firewalls

- TCP/IP networks – each host is identified by an IP address, while each application

protocol is identified by a PORT NUMBER. Packet filters can be applied to IP addresses
and Port Numbers.
- A Stateful Inspection firewall can analyse the contents of network data packets
provided they are not encrypted. After analysing the contents, the packets can be
blocked if any suspicious signatures are detected.
- A Hardware Firewall is a dedicated appliance with the firewall installed as Firmware.
- A Software Firewall is installed as an application on a workstation or server.
- A Host Firewall (personal Firewall) may be installed on a client PC to protect it.

Configuring the Windows Defender Firewall

- This is enabled on all network connections by default unless replaced by a third-party

firewall.
- Running more than 1 firewall is a bad idea, they will conflict with each other.
- To configure the firewall, open Windows Defender Security Centre >> Firewall &
networking protection, from here the firewall can be configured like allowing an app
through the firewall.
 Turning off the firewall

- This is only advisable if you have a 3rd party firewall.

- Settings > active network > Off

Configuring Proxy Settings

On networks with firewalls monitoring and controlling all traffic passing between the local
network and the internet clients might be forced to use a proxy server.

- The proxy server can be configured as a firewall and apply other types of content
filtering rules.

Local Network Sharing and Storage

- One of the main uses of a network is for file sharing.

File Server (Direct Attached Storage)

- When a computer is on a network any external storage device can be shared with other
computers. When this happens, it can be referred to as Direct Attached Storage. The
computer is acting as a file sharing server.

Network Attached Storage (NAS)

- A network attached storage appliance is one or more hard drives housed in an

enclosure with basic server firmware running. (Usually some form of Linux)
- The NAS appliance provides access to its storage devices using various file sharing
protocols. The appliance is accessed over the network using a wired Ethernet port.
- The NAS appliance can be configured by connecting to its web page like a SOHO router,
open a web browser and type the IP address of the device.

Network Printer Sharing

- Share the printer via windows, an admin can share any locally installed printer via its
Sharing tab in the Properties dialog.
o Locally installed means that Windows communicates with the print device
directly over the relevant port.
o disadvantage =both the PC and Printer must be switched on for this to work.
-Use a hardware print server
o Some printers come embedded with print servers. This allows client computers
to connect with them over the network without having to go via the server.
o If the printer supports wired connections, it needs to be attached to a switch or
home router via an RJ-45 cable. Same applies for Wi-Fi if it isn’t supported.

Windows File Sharing

- for Windows to connect to a network and share resources the computers must have an
appropriate client software installed.
- Windows Client Software is installed by default.

File and Printer Sharing

-any file/folder can be shared with other computers(If the network location & firewall settings have
been configured)
Browsing Network Shares and Drives

When a folder has been shared, the host computer will be visible on the network.

- You can access a shared folder by its UNC ( Universal Naming Convention ) in the
address bar.
- A UNC is comprised of a double back slash (\\) followed by the server name and then a
single slash and the shared folder name. \\kvserver\clients

Hosted Sharing and Storage

The sharing options mentioned above refer to computers on the same network. If you want to make
resources available on .0.0.2, you need to make use of a hosted storage solution.

HTTP/HTTPS and File 0

- HTTP can use Hyperlinks to other documents as well as web pages, hyperlinks can point
to any type of file, this means a web server can host any type of file download.

File Transfer Protocol (FTP )

- The FTP is used to upload and download files between clients and servers.
- Like HTTP, FTP has no encryption methods but can use them.

Cloud Computing

- Hosted storage means leasing a web server from a service provider.

- This can be used for storage or for processing and memory.

Backups

When you consider a storage solution, you should also consider backups of data and configuration
settings.

Backup Considerations:

- Keep at least one back up in a different location to the computer, this prevents loss of
data due to physical threats (fire, flood etc…).
- Keep the back up in a secure location.
- Keep more than one copy of the data.
- Make backups regularly.

Backup Storage Types:

- Locally attached Storage, use hard disks or flash drives attached to the local PC or
server.
- Network Attached Storage, this allows multiple machines to make backups in the same
place.
- Offsite/ Cloud based, back up over the internet to a cloud-based storage solution.

File Backups and Critical Data

When you do a backup not all files are backed up, but the critical data such as personal information
might be stored in system settings files, when these are backed up the same level of security should
be in place to protect this data. C=
Database Backups

Database backups require the use of dedicated software to that purpose.

- One method of this is called replication, this provides redundancy in the event of loss of
data
- Every database has a transaction Log it is important to include this in the back up as this
allows for roll backs in the transactions

OS Backups

- An OS back up makes a copy of the os and all installed applications so that a

workstation can be recovered without having to manually reinstall software and
configuration settings.
- A bare metal backup is one that can be applied directly to a partitioned drive without
the separate stage of reinstalling the OS. Bare Metal backups typically work by making
an image.
- Bare Metal backups require multi-gigabyte storage.

Windows Backup

- Backup and Restore (Windows 7), enables you to preform selective, scheduled and ad-
hoc backups.
- File History (Windows 8 and 10) enables automated backups, as files are modified, the
versions are tracked and backed up automatically.
- Settings > Update and Security > Backup

Scheduling and Frequency

One should select the type of backup and what files to include, then one will need to define
a schedule for these backups will run and how frequently this occurs.

On a SOHO network, backups are usually scheduled for overnight, and business will typically
do this once a day.

Restoring Data and Verifying Backups

It is important to test that backups work correctly. An example of why this is important is if
you have been making regular backups for months but all of them exclude an extremely
important file.

- The following are backup verification and testing issues:

o Error detection, problems with the backed-up media or configuration can cause
backups to fail.
o Configuration, when setting up a new job it is wise to check that all expected
data has been backed up.
o Test Restore, this means users can test backups by restoring it to a test file that
doesn’t overwrite the current data.
Using a Mobile Device
Gesture Based Interaction

Modern mobile devices use capacitive touchscreens. These capacitive displays support multitouch,
meaning that gestures can be interpreted as events and responded to by software in a particular
way.

- Tap, usually the equivalent of a mouse clicks.

- Tap and Hold, usually the equivalent of a right click.
- Swiping, usually for switching between documents or apps, this can extend to single,
double, and triple finger swipes.
- Pinch and Stretch, used to zoom in and out.
- Sliding, move objects around the screen.

Kinetics and Screen Orientation

Kinetics can refer either to operating a device by moving it around or using a camera in the
device to recognise your hand movements.

Mobile devices use accelerometers and gyroscopes to detect when the device is moved,
and it uses this to switch between landscape and portrait modes.

Speech Recognition and Hands Free

This is an important interface for controlling mobile devices using natural language
requests. (Siri, Google Now , Microsoft’s Cortana )

Full Device Encryption

All but the earliest versions of mobile device OS had full device Encryption.

- All data on the device is encrypted, but the key is stored on the device, meaning that to
wipe the device all that is needed to be done is to wipe the key from the device and all
00other data will become useless.
- Email data and any apps using the “Data Protection” option are also encrypted using a
key delivered from the user’s passcode.

Mobile Applications and App Stores…(SDK = SOFTWARE DEVELOPMENT KEY).

- Apps are installable programs that extend the functionality of the mobile device. An
app must be written and compiled for a particular mobile Operating System (Apple IOS,
Android , or Windows).

- Third Party developers can create apps for IOS using Apples Software Development Kit
(SDK). He SDK can only be installed and run on a computer using macOS. Apps must be
submitted to and approved by Apple before they are released to users.

- Android app model is more relaxed, with apps available from both google play and
third-party sites, such as Amazon app store. The SDK for Android apps is available to
install on Linux, Windows m and macOS Development machines.
- Apps are supposed to run in a sandbox and have only the privileges granted by the user.
Network Connectivity

There are 2 choices for connecting a smartphone or tablet to the internet:

- Use Mobile Data access (the cellular providers network)

- Use a Nearby Wi-Fi network.

Airplane mode

Most airlines prevent passengers from using radio-based devices while onboard. A device can be put into
airplane mode to comply with these restrictions.

- Airplane mode disables:

o Cellular data , Wi-Fi , GPS , Bluetooth

Email Configuration

- These settings are configured on the phone in the same way you would set up a mail account on
a pc.
- IOS:
o Settings > Mail > Contacts > Calendars > Add Account
- Android:
o Settings > Accounts

Synchronisation and Data Transfer

Mobile device synchronisation refers to copying data back and forth between a PC and Phone.

- This can be used to share email, calendar, and contacts with a locally installed application.
- Setting up an “over the air” server or cloud service sync for email is generally easier.

- IOS can sync with a pc via the iTunes program. The device must be connected to the pc via a USB
to Apple Lightning Cable or Wi-Fi Link.

- Android based phones are set up to sync with Google Gmail email and calendar/ contact
manager services.

Remote Backup
Devices can store gigabytes of data but if bandwidth is sufficient, it is feasible to use a cloud storage provider.

This can allow files to be shared and synchronised between multiple devices.

Computer Security Basics

Security is the practice of controlling access to something (a Resource).

Security must balance against accessibility.

Confidentiality, Integrity and Availability (CIA)

- Confidentiality, this means that the information should only be known to authorised users.
- Integrity, this means that the information is stored and transferred as intended and that any
modification is authorised.
- Availability, this means that the information is accessible to those authorized to view or modify
it.
Security Threats

- Confidentiality Concerns :
o Snooping, this is any attempt to get access to information on a host or storage device (
Data at rest ) that you are not authorized to view. An attacker might steal a password or
find an unlocked workstation with a logged-on user account or possibly install spyware
on the host.
o Eavesdropping/wiretapping, this is snooping on data or telephone conversations as
they pass over the network. Snooping on traffic passing over a network is often called
sniffing. It can be easy for an attacker to “tap” a wired network or intercept unencrypted
wireless transmissions. Networks can use segmentation and encryption to protect data
in transit.
o Social Engineering/dumpster diving, this means getting users to reveal information or
finding printed information.

Integrity Concerns

- Integrity means that data being stored and transferred has not been altered without
authorization. Some integrity attacks include:
o Man-in-the-middle (MitM) , this is where a host sits between two communicating
nodes , and transparently monitors , captures and relays all communications between
them. This attack might be able to change the messages exchanged between a sender
and receiver without them realising.
o Replay(voice recording), when a host captures another hosts response to some server
and replays that response to gain unauthorised access.
o Impersonation(guesses to password), this is when an attacker tries to figure out a
password or other credentials to gain access to a host.

Availability Concerns

Availability - (keeping the server available to work on) means keeping a service running so that authorised
users can access and process data whenever necessary.

- Denial Of Service (DoS), this is any situation where an attacker targets the availability of a
service. A DoS attack might tamper with a system or try to overload it in some way. On the web,
a Distributed Denial of Service (DDos) uses hosts compromised with bot malware to launch a
coordinated attack against a web service. The size of the botnet determines how easily the
attacker can overwhelm the service.
- Power Outage, it is common for data corruption to occur when a computer is turned off vs shut
down.
- Hardware Failure, if a component in a server fails then the server often fails. If an HDD breaks its
likely to lose that data. Use backups to help this issue.
- Destruction, physical damage to servers can stop services or lose data. (Fire, Terrorism , coffee
spill )
- Service Outage, anyone using a 3rd party service like cloud storage have the vulnerability of this
service failing.

Authorisation, Authentication and Auditing

The following Access Control methods help guard the above threats.

- Authentication(2fa) means one or more methods of proving that a user is who they say they are
and associates that person with a unique computer or network user account.
- Authorisation means creating one or more barriers around the resource such that only
authenticated users can gain access.
- Accounting(log book) means when and by whom a resource was accessed.
Social Engineering - Social Engineering refers to means of getting users to reveal confidential information or
obtaining unauthorised physical access to a resource.

Impersonation - The most classic impersonation attack is for an attacker to phone into a department, claim
they have to adjust something on the users system remotely and get the user to reveal their password.

Trust and Dumpster Diving - This refers to obtaining documents that a company has thrown away.

Identity Fraud

- This can mean either compromising someone’s computer account or masquerading as that person.

- This is often done by means of social engineering, by getting someone to reveal their logon or
other secure information through a phishing attack.
- This is also possible through careless transmission, storage, and disposal of Personally
Identifiable information (PII).

Shoulder Surfing

- This refers to stealing a password or PIN by watching the user type it in (over their shoulder ,
CCTV, or binoculars)

Defeating Social Engineering Attacks

-Social Engineering is best defeated by training users to recognise and respond to these kinds of situations.

-Users should learn to lock their workstations and mobile devices when leaving them unattended.

Business Continuity

-Most organizations are reliant on the availability of their apps and data to continue trading.

-Without continuous access to these apps and data, most organizations cannot function properly.

Fault Tolerance and Contingency Planning

-Fault Tolerance are systems that contain additional components to help avoid Single points of Failure.

-Most contingency plans depend on providing redundancy at both hardware component and system level.

-If a component or system fails redundancy means that the service can failover to the backup either
seamlessly or with minimum interruption.

Data Redundancy

Combining hard disks into an array of disks can help to avoid service unavailability due to one or more disks
failing. The Redundant Array of Independent disks (RAID) has evolved to offer many different fault tolerance
solutions.

-RAID 1, AKA disk mirroring. This makes 2 copies of the data, and the system can use both disks or just one in
the event of a failure.

-AID 5, known as striping with parity. At least 3 disks are combined into a single logical drive. Data is written
in stripes across all disks in the set. A calculation is preformed to determine PARITY information. The parity
data is written to a different disk with each write operation. In the event of a single disk failure, the parity
information in each stripe can be used to determine the missing data. But if 2 disks fail the whole array will
fail.
Network Redundancy…start here.

Servers are useless without network connection. Due to the cheap cost of network cards, often servers have
multiple cards. These are used as a fault tolerance and as a team of cards (adaptor teaming). This provides
LOAD BALANCING.

Network Cabling should be designed to allow for multiple paths between various servers. This ensures that if
one part fails the rest remains functional. (Redundant connections)

Power Redundancy

Network appliances and servers require a stable power supply to operate. Spikes in voltages or black outs can
interrupt this power.

Power Redundancy means deploying systems to ensure that equipment is protected against these events
and that operations can either continue uninterrupted or be resolved quickly.

- Dual Power Supplies, enterprise servers are often provisioned with 2 power supply units (in case
one fails).
- Redundant Circuits, critical infrastructure might provision multiple power circuits in the event of
one failing.
- Uninterrupted Power Supply (UPS), this is a large battery that can continue to provide power to
connected devices for short periods of time (gives users a waring of power failure, or gives the
system time to reset itself)
- Backup Power generator, UPS cannot provide power indefinitely. A generator can provide
redundancy in these events.

Disaster Recovery

- Prioritization, this means figure out which systems are the biggest priority and develop plans to
restore these systems before any else are restored.
- Data Restoration, using restorations or a backup. Use integrity checks for this as data is possibly
corrupted.
- Restoring Access, once all systems are up and running, slowly restore user access and monitor all
is working in accordance with standards (make sure everything is working fine).

Security Devices

Device Hardening refers to a set of policies that make mobile and workstation computers more secure.

- Anti-virus/ Anti-Malware , , , Patching/Updates

- Enabling Passwords
- Default/weak passwords
- Disabling unused features (reduce possible points of exploitation)

Malware

- This is a term that is used to describe any malicious software threats and tools designed to
vandalize or compromise computer systems.

Computer Viruses - Viruses are programs designed to replicate and spread amongst computers.

- Program Viruses, these are sequences of code that insert themselves into another executable
program or script, when the application is executed the virus code becomes active.
- Macro Viruses, these viruses affect Microsoft Office Documents exploiting the macro
programming language “Visual Basic for Applications” (VBA) used to automate tasks.
- Worms, memory-resident viruses that replicate over network resources, such as email, by
exploiting faults in software programs.
Trojans (condoms make you think your doing good/safe but they have malicious intent)

This is a malware that pretends to be a useful application but has hidden malicious intent.

- Many trojans function as a backdoor application, once installed this gives the attacker the ability
to install other software , delete or corrupt files ect..

Spyware

Spyware is a program that monitors user activity and sends the information to someone else (key loggers)

Ransomware

Ransomware is a type of malware that tries to extort money from the victim.

Preventing Malware Infections

The route by which malware infects a computer is called the Vector

- Visiting “unsavoury” websites with an unpatched browser, low security mode and no anti-virus
software.
- Opening links in an unsolicited email.
- Infection from another compromised machine on the same network.
- Executing a file from unknown origin (mostly email)
- Becoming a Victim to a “zero day” exploit (malware unknown to anti-virus)

Steps to reduce the risk and impact of Malware:

- Perform Regular backups.

- Apply OS and App Security Patches
- Install and use security (anti-virus) software (this must be kept up to date)
- Select Security software that scans automatically (This provides more protection against web
and email threats)
- Do not log on with admin privileges except where necessary, limit admin privileges to a few,
selected accounts.
- Be cautious when downloading and installing new software. (downloading , opening files , and
clicking links)

Anti-virus software

- Anti-virus is software that can detect malware and prevent it from executing.
- Anti-Virus works by either using a database of known virus patterns (called definitions ,
signatures , or patterns) or by heuristic identification ( meaning that the software uses
knowledge of the behaviour of viruses and blocks the behaviour.
- Some major vendors include : Symantec, McAfee , Sophos , Kaspersky

On Access Scanning(scanning as a file is accessed)

- This reduces performance somewhat but is considered essential for effective protection against
malware.
- When the computer accesses a file, the anti-virus scans this file and blocks access to it if it
detects anything suspicious.

Scheduled Scans

- A User can perform a full computer scan, this can inspect more files then an on access scan.
- This uses a lot of performance and is best when their computer is not being used intensively.
Quarantining and Remediating Infected Systems

- Worms can propagate over networks; upon detection it is best to first disconnect network links.
- A user can adjust anti-virus settings for the action to take upon detection of malware

-Remove( Cleaning ) , Quarantine , Erase

Windows Defender

-This is built in anti-virus that combines anti-malware software and a windows firewall to prevent threats.

Spam

- Spam is unsolicited email messages.

- These are used to launch phishing attacks and spread viruses, Trojans, and worms either
through a file attachment or a link to a website.
- Identify Potential Hazards
o Attachments, any type of executable code is potentially hazardous.
o Hyperlinks, malicious code can also be put on a website.

Phishing(baiting like standard bank fraud)

Phishing is a technique for tricking a user into revealing confidential information by requesting it in an
official-looking email. The email will contain a link to a counterfeit site or a site that has been compromised.

Pharming(123 movies pop ups) attempts to redirect web traffic to a counterfeit page, usually by corrupting
the way the computer resolves the website name in the web address to the IP address of a particular server.

Anti-Spam

Most email software comes with a built-in filter for junk email. You can set how aggressive the filter is in
terms of blocking messages, configure sender “Whitelists” and “Backlists”.

Software Sources and Patch Management

When installing new software applications or drivers, it is important to obtain the setup files from a Legitimate
source, these include :

- Vendor app stores (windows, google play )

- Merchant app stores (amazon app store)
- Authorised Resellers (original equipment manufacturers (OEM) vendors)

Patch Management

-Patch Management is an important maintenance task to ensure that PCs operate reliably and securely.

-A Service Pack (SP) is a collection of previous updates but may also contain new features and functionality.

Windows Update Scheduling and Frequency

- Quality Updates – security and Critical updates

- Feature Updates – introduce new functionality.

- Microsoft Updates are available in several channels:

o Windows Insider Program enables users to get early access to feature updates.
o Semi-annual channel (Targeted), updates are ready for most people.
o Semi-annual channel, updates are ready for widespread use and have been in use for a
period of time by those on the semi annual channel ( targeted )
 o Long Term Servicing Channel, only available for Windows 10 Enterprise editions on the
LSTB Channel. This defers feature updates for a significant period and is ideal for
specialist devices, such as ATMs.

Application Updates

- Applications are more vulnerable than windows itself, as they are less likely to be patched and
often rely on the user to make the updates.

Updating Anti-Virus Software

Updating Anti-Virus is highly important.

There are 2 types of updates that are necessary:

- Virus Definitions/patterns/signatures – this is information about new viruses. (daily/hourly)

- Scan Engine/components – this improves the scan software itself.

Driver Updates

2 types of drivers :

- Windows Hardware drivers

- Third Party Hardware Drivers.

These can be updated on the third-party website or through Device Manager.

Access Controls

- An Access Control System is a set of technical Controls that govern how subjects may interact
with objects.
- Subjects in this sense are users or software processes or anything else that can request and be
granted access to a resource.
- Objects are the resources.
- Access Control Lists (ACL), this is a list of subjects and the rights or permissions they have been
granted on the object.

An access Control system is usually described in terms of 4 main processes:

- Identification, creating an account or ID that identifies the user or the process on the computer
system
- Authentication, proving that a subject is who or what it claims to be when it attempts to access
the resource.
- Authorization, determining what rights or permissions subjects should have on each resource
and enforcing those rights.
- Accounting, tracking authorized and unauthorized usage of a resource or use of rights by a
subject.

Least Privilege and Implicit Deny

The more permissions that you allocate to more users, the more you increase the risk that a privilege will be
misused.

- Least Privilege, this means that a user should be granted rights necessary to preform their job
and no more.
- Implicit Deny, this means that unless there is a rile specifying that access should be granted, any
request for access is denied.
Authorization Access Models

Access Control models are generally classed as one of the following:

- Discretionary Access Control (DAC), stresses the importance of the Owner. The owner is
originally the creator of the resource, though ownership can be assigned to another user. The
owner is granted full control over the resource, meaning that he or she can modify its ACL to
grant rights to others
- Role -Based Access Control (RBAC) adds an extra degree of administrative control to the DAC
model. Under RBAC, a set of organizational roles are defined and users allocated to those roles.
- Mandatory Access Control (MAC), is based on the idea of security clearance levels. Rather than
defining access control lists on resources, users can only access the data on their clearance level
or below.

Accounting and Non-repudiation

- The accounting part provides an audit log of how users have authenticated to the network and
used their access privileges.
- Accounting is an important part of ensuring non-reputation(mark kv).
- Non-repudiation is the principle that the user cannot deny have performed some action. (Apart
from logging, several mechanisms can be used to provide non repudiation)

-Video, surveillance camera can record who goes in or out of a particular area.

o Biometrics, strong authentication can prove that a person was genuinely operating
their user account and that an intruder had not hijacked the account.
o Signature, similarly, a physical or digital signature can prove that the user was an
author of a document (they cannot deny writing it).
o Receipt, issuing a token or receipt with respect to some product or service is proof that
a user requested that product and that it was delivered in a timely manner.

Authentication Factors - Authentication is the process of ensuring that each account is only operated by its proper user .

Different authentication technologies are categorised as: Something you know(Such as a password),
Something you have(such as a smart card) , or Something you are(such as a fingerprint)

- Something you know Authentication.

o Usually, a username and password
o A Personal Identification Number (PIN) is another method of a pattern lock.
o Personally Identifiable Information (PII), often used as Security Questions
- Something You have Authentication.
o Often used for high-risk applications like banking, a hardware token is often used.
o Smart Cards, USB FOB are methods used for authentication as a Digital Certificate.
- Something you are Authentication.
o Employs some sort of biometric recognition system
Downsides, often produce false positives or false negatives.
- Somewhere you are Authentication(Location based authentication)
o This could use GPS (Global Positioning System) and or IPS (Indoor Positioning System)
o The IP address can also be used, GEOIP.

Multifactor and Two Factor Authentication

- An authentication product is considered strong if it combines the use of more than one
authentication data type.
- Single Factor Authentication systems can easily be compromised.
- Two Factor Authentication combines something like a smart card or biometric mechanism with
“something you know”.
Single Sign On

Single Sign On (SSO) = a user only must Authenticate to a system once to gain access to all its resources.

Uses of Encryption - Encryption is an ancient technique for hiding information. Someone obtaining an
encrypted document, or Cipher Text, cannot understand that information unless they possess a key.

The Following Terminology is used to discuss cryptography:

- Plain Text (or clear text) , this is an unencrypted message

- Cipher Text, this is an encrypted message.
- Cipher, this is the process (or algorithm) used to encrypt and decrypt a message.

Symmetric Encryption

In Symmetric Encryption, a single Secret Key is used to both encrypt and decrypt data. If the key is lost or
stolen, the security is breached.

- The main problem with symmetric encryption is secure distribution and storage of the key.
- The Main benefit of Symmetric encryption is speed, this uses less processor and system memory
than asymmetric encryption.
- Early Ciphers used between 32- and 64-bit keys. Currently 1024 bit keys would be used.

Asymmetric Encryption

In asymmetric encryption, or Public Key Cryptography , a Secret Privet Key is used to decrypt Data.

A mathematically related Public Key is used to encrypt data, The public key can be widely distributed to anyone
with whom the host wants to communicate, because the Privet Key cannot be derived from the public key.

- This is used mostly for authentication technologies such as digital certificates and digital
Signatures, and key exchange.
- Key Exchange is where 2 hosts need to know the same symmetric encryption key without any
host finding out what it is.

Public Key Infrastructure (PKI)

- Asymmetric Encryption is an important part of Public Key Infrastructure.

- PKI is a solution to the problem of authenticating subjects on a public networks.
- Under PKI, users or server computers are validated by a Certificate Authority (CA), which issues
the subject a digital certificate.

Digital Signatures

Public/Private key pairs can use the reverse encryption/decryption relationship to SIGN messages.

- The User will use their private key wrapped in a digital certificate to the message recipient. The
Fact that the public key embedded in the certificate can decrypt the signature proves that the
sender signed it, because the encryption must have been performed with the linked private key.

Cryptographic Hashes

A hash is a short representation of data.

- You take a variable amount of information, and the hash function converts it to a fixed length
string.
- A Cryptographic hash is designed to make it impossible to recover the original data from the
hash and ensure that no two pieces of information produce the same hash.
- This can be used to prove that a message has not been tampered with:
 o For example, when creating a digital signature, the sender computes a cryptographic
hash of the message and then encrypts the hash with his or her private key. When the
recipient receives the message and decrypts the hash, the recipient computes its own
version of the message and compares the 2 values to confirm they match.
- The most common cryptographic hash algorithms are SHA-1, SHA-2 (Secure Hash Algorithm) and
MD5 (Message Digest)

Data States

- Data at Rest, this state means that the data is in some sort of persistent storage media.
o In this state it is possible to encrypt the data using whole disk encryption , mobile
device encryption , database encryption and file or folder level encryption.
- Data in Transit, this is the state when data is transmitted over a network
o Such as communicating with a webpage via HTTPS or sending an email.
o In this state data can be protected by a Transport Encryption protocol, such as Secure
Sockets Layer (SSL)/ Transport Layer Security (TLS)

Virtual Private Network (VPN)

A VPN connects the components and resources of 2 private networks over another public network or
connects a remote host through the internet or any other network.

It uses special connection protocols and encryption technology to ensure that the tunnel is secure, and the
user is properly authenticated.

Password Cracking and Management

Even if credentials are only transmitted with cryptographic protection, an attacker might be able to use
password cracking software to decipher it. This type of software uses different methods to obtain the
password from a cryptographic hash:

- Dictionary, the software matches the hash to those produces by ordinary words found in a
dictionary- could also include any other words or simple phrases that people might naively use
as passwords(pet name company name).
- Brute Force, the software tries to match the hash against one of every possible combination it
could be.

Password Best Practices

- Length , a longer password is more secure. (9-12 characters for a normal password, 14+ for
admin accounts)
- Complexity
o No Single words, its better to use words , numbers, and punctuation in a combination)
o No obvious phrases in simple form, birthday, user name , job title and so on.
o Mix upper and lowercase

- Memorability - passwords that are random and too complex are hard to remember , causing
users to write these passwords down , rather use something memorable and incorporate
numbers and symbols.
- Maintain Confidentiality - don’t write passwords down or share them.
- History/Expiration - change your password periodically.
- Reuse across sites - many users don’t want to remember passwords for many different sites and
resort to using the same password for everything. This is unsecure.
Password Managers/Filters

A Password policy should balance using strong passwords and memorable passwords. Ensuring that the user
selects memorable passwords and do not resort to reusing them across sites or writing them down.

Password Reset

A reset mechanism allows a user who has forgotten their password to reset it by using “What do you know”
authentication like security questions, another method is to set up a contact method and back up method to
use “What you have” authentication.

Policies and Procedures

A policy is an overall statement of intent, to establish the correct working practices.

- Standard Procedures and Guidelines

o A standard is a measure by which to evaluate compliance with the policy.
o Procedure - often referred to as SOP (Standard Operating Procedures), is a step-by-step
listing of all the actions that must be completed for any given task.
o Guidance - guidelines exist for areas of policy where there are no procedures, guidelines
also describe circumstances where it is acceptable to deviate from a specific procedure.
- Personnel Management Policies

Human Resources (HR) is the department tasked with recruiting and managing people.
Personnel management policies can be conceived as applying in three phases.

o Recruitment (Hiring) - locating and selecting people to work job roles, Security issues
include screening and background checks.
o Operation (Working) - HR communicates the importance of security and is responsible
for correct training of employees in this regard.
o Termination - voluntarily or involuntarily, termination is a difficult process with
numerous security implications.