COMPUTER SECURITY

UNIT 2

FEBRUARY 21, 2025

DENMAK TRAINING SERVICES
72 KAGUVI STREET
Learning Outcome 2: Understand types
of software used to mount attacks and
defend against them
1. Types of malware and differing attack vectors

a. Comparing different types of ‘malwares’ including viruses, worms, trojans and

spyware

Malware, short for malicious software, encompasses various types of harmful software designed
to disrupt, damage, or gain unauthorized access to computer systems. Here’s a comparison of
some common types of malware:

Type Definition Propagation Method Key Characteristics

Virus A malicious program that
attaches itself to legitimate
software or files.
Worm A standalone malware that
replicates itself to spread
to other systems.
Trojan A deceptive program that
appears legitimate but
performs malicious
actions.
Spyware Software that secretly
monitors user activities
and collects information.
Requires user action (e.g.,
running infected files).
Exploits vulnerabilities in
networks.
User installation
(disguised as useful
software).
Often bundled with
legitimate software or
downloaded unknowingly.
Can replicate and spread
to other files.
Does not require a host
file; can spread
autonomously.
Can create backdoors
for other malware.
Can track personal data
and browsing habits.

Detailed Overview

 Virus
o Behavior: Infects files and can corrupt data.
o Impact: Can lead to data loss, system crashes, and unauthorized access.
 Worm
o Behavior: Self-replicating and can spread quickly across networks.
o Impact: Can consume bandwidth and slow down or crash networks.
 Trojan
Behavior: Misleading in nature; often used to steal sensitive information or install
o
other malware.
o Impact: Can lead to data theft or system compromise.
 Spyware
 o Behavior: Operates silently in the background to gather information.
o Impact: Privacy invasion and potential identity theft.

b. Different motivations of authors of malware

The motivations behind the creation of malware can vary widely among authors, and they can be
classified into several categories:

 Financial Gain
o Many malware authors create programs to steal personal information, such as
credit card details and banking credentials, to sell on the dark web or for direct
financial theft.
o Reference: McClure, S., Scambray, J., & Kurtz, G. (2012). Hacking Exposed: Network
Security Secrets & Solutions (7th ed.). New York; London: McGraw-Hill.
 Corporate Espionage
o Some malware is developed to infiltrate corporate networks to steal trade secrets
or sensitive information, often for competitive advantage.
o Reference: Gollmann, D. (2011). Computer Security (3rd ed.). Chichester: John Wiley &
Sons.
 Political Activism
o Hacktivists may develop malware as part of their agenda to promote political
causes, disrupt services, or protest against entities they oppose.
o Reference: Engebretson, P. (2011). The Basics of Hacking and Penetration
Testing: Ethical Hacking and Penetration Testing Made Easy. Waltham:
Syngress.
o •
 Revenge or Personal Vendettas
o Personal motivations can drive individuals to create malware to harm a specific
person or organization as a form of retribution.
o Reference: Bosworth, S., Kabay, M. E., & Whyne, E. (2009). Computer Security Handbook
(5th ed.). Hoboken: John Wiley & Sons.
 Experimentation and Skill Development
o Some authors create malware simply to test their skills, learn about
vulnerabilities, or for academic purposes, without any malicious intent.
o Reference: Lehtinen, R., Russell, D., & Gangemi, G. T. (2006). Computer Security Basics
(2nd ed.). Sebastepol: O’Reilly.
 Ideological Reasons
o Certain groups may create malware to spread their ideology, disrupt services of
organizations they view as unethical, or promote a specific agenda.
o Reference: Shimonski, R. J. (updated 2004). What You Need to Know About Intrusion
Detection Systems. WindowSecurity.com. [online] Available at:
<www.windowsecurity.com/articles/what_you_need_to_know_about_intrusion_detect
ion_systems.html> [Accessed 4 December 2012].
 Fun and Challenge
o For some, the creation of malware is seen as a challenge or a way to gain
recognition within certain communities, such as hacker forums.
 o Reference: Todd, B. (2000). Distributed Denial of Service Attacks. Linux Security. [online]
Available at: <www.linuxsecurity.com/resource_files/intrusion_detection/ddos-
whitepaper.html> [Accessed 4 December 2012].

c. Compare different attack vectors, the reasons why email is a popular vector

Overview of Attack Vectors

Attack vectors refer to the methods or pathways through which an attacker can gain unauthorized
access to a system or network. Common vectors include:

i. Phishing: Deceptive emails that trick users into providing sensitive information.
ii. Malware Delivery: Emails containing malicious attachments or links that install
malware.
iii. Social Engineering: Manipulating individuals into revealing confidential information.
iv. Credential Theft: Exploiting weak or reused passwords through email-based attacks.

Reasons for Email's Popularity as an Attack Vector

i. Widespread Use:
 Email is ubiquitous in both personal and professional communications, making it
a prime target for attackers.
 Most individuals and organizations rely heavily on email for day-to-day
operations.
ii. Low Technical Barrier:
 Crafting phishing emails or sending malicious attachments does not require
advanced technical skills.
 Attackers can easily use templates or existing malware to execute attacks.
iii. Trust and Familiarity:
 Users often trust emails from known contacts or organizations, making them
susceptible to deceit.
 Attackers exploit this trust to bypass security measures.
iv. Anonymity for Attackers:
 Email allows attackers to remain anonymous, making it difficult for victims to
trace the source of an attack.
 The ability to spoof email addresses adds to this anonymity.
v. Easily Automated:
 Email attacks can be automated at scale, allowing attackers to reach thousands of
potential victims simultaneously.
 Tools and services are available to facilitate mass email campaigns.

d. Typical symptoms of attack

 i. Heavy CPU Processing:
 Description: Unusually high CPU usage may indicate that malware is running in
the background.
 Example: A computer that becomes sluggish due to excessive resource
consumption.
ii. Excessive RAM Consumption:
 Description: Applications using more memory than expected can signal
malicious activity.
 Example: Programs crashing due to insufficient memory.
iii. High Network Activity:
 Description: Unexpected spikes in network traffic may indicate data exfiltration
or communications with a command and control server.
 Example: Network monitoring tools showing unusual outbound connections.
iv. Performance Degradation:
 Description: Slower system performance, such as longer load times for
applications, can be a symptom of infection.
 Example: A user experiences significant delays when opening documents or
applications.
v. Inability to Enter Standby Mode:
 Description: Malware may prevent a system from entering low-power states.
 Example: A laptop that won't sleep or hibernate even when prompted.
B. Additional Symptoms
i. Sudden Pop-Up Error Messages:
 Description: Frequent or unusual error messages can indicate malware presence.
 Example: Messages that appear unrelated to the user’s activities.
ii. Browser Home Page Changed:
 Description: Unauthorized changes to browser settings can signify malware.
 Example: A user’s default search engine has been altered without their consent.
iii. Email Account Compromise:
 Description: Accounts sending unsolicited messages may indicate they have been
hijacked.
 Example: Contacts receiving emails with suspicious links from a user’s account.
iv. Antivirus Software Issues:
 Description: Antivirus programs failing to update or function properly can signal
an attack.
 Example: Users receive alerts that their antivirus definitions are outdated.

e. Consequences of successful attack

i. Malicious Code Attacks:

 Description: Installation of harmful software that compromises system integrity.
 Example: A user’s system becomes infected with ransomware.
ii. Unauthorized Intrusions:
  Description: Attackers gain access to networks and systems without permission.
 Example: Cybercriminals accessing sensitive files on a corporate server.
iii. Denial of Service Attacks:
 Description: Making services unavailable to legitimate users can disrupt business
operations.
 Example: A website becoming inaccessible during peak hours due to
overwhelming traffic.
iv. Data Theft:
 Description: Compromising sensitive information, such as personal and financial
data.
 Example: Theft of credit card details from an e-commerce website.
v. Impact on E-Commerce:
 Description: Loss of consumer trust can lead to decreased sales and revenue.
 Example: Customers avoiding a breached site due to security concerns.

2. Symptoms of attack and consequences of successful attack

a. Symptoms of attack can include heavy CPU processing, too much RAM being
consumed, high network activity, system running more slowly/performance
degradation, unable to enter standby mode, programs taking longer than usual to open

i. Heavy CPU Processing

 Description: Unusually high CPU usage can suggest that malicious software is running in
the background, consuming system resources.
 Indicators:
 Frequent spikes in CPU usage seen in task manager or monitoring tools.
 Applications freezing or crashing due to resource exhaustion.
ii. Excessive RAM Consumption
 Description: Malware can consume an abnormal amount of RAM, leading to
performance issues.
 Indicators:
 Slow system performance and lag when switching between applications.
 Applications that have difficulty loading or frequently crash.
iii. High Network Activity
 Description: Unexpected spikes in network traffic may indicate data exfiltration or
communication with a command-and-control server.
 Indicators:
 Increased data usage reported by monitoring tools, especially during idle times.
 Unexplained outbound connections or data transfers.
iv. System Running More Slowly / Performance Degradation
 Description: A general slowdown of system performance can be a sign of an ongoing
attack or infection.
 Indicators:
 Longer boot times and delays in opening applications.
  Difficulty in executing basic commands or tasks.
v. Inability to Enter Standby Mode
 Description: Malware may prevent a system from entering low-power states, indicating
abnormal behavior.
 Indicators:
 The system fails to sleep or hibernate even when prompted.
 Power management settings appear altered or unresponsive.

vi. Programs Taking Longer Than Usual to Open

 Description: If applications take significantly longer to launch, it may indicate underlying

issues related to malware.
 Indicators:
 Applications that previously opened quickly now experience delays.
 Frequent loading screens or crashes when trying to access software.

b. Sudden pop-up error messages, home of browser changed, email account sending
message with virus to contacts, antivirus no longer updating

i. Sudden Pop-Up Error Messages

 Description: Frequent or unexpected error messages may indicate the presence of
malware or system compromise.
 Indicators:
 Error messages that appear without any user action.
 Pop-ups that disrupt normal workflow, often urging users to install software or
provide personal information.

ii. Home Page of Browser Changed

 Description: Unauthorized changes to the default home page or search engine settings can
signal browser hijacking.
 Indicators:
 The browser opens to an unfamiliar website or search engine instead of the
configured home page.
 Users are redirected to suspicious sites when attempting to access known URLs.

iii. Email Account Sending Messages with Virus to Contacts

 Description: If an email account is compromised, it may send out malicious emails to the
user's contacts without their knowledge.
 Indicators:
 Contacts reporting suspicious emails received from the account, often containing
unexpected attachments or links.
  The user noticing sent messages in their "Sent" folder that they did not compose.

iv. Antivirus No Longer Updating

 Description: A failure of antivirus software to update its definitions can indicate

tampering or infection by malware.
 Indicators:
 Alerts or notifications indicating that the antivirus software is out of date or
unable to perform updates.
 Users unable to access antivirus settings or seeing disabled features.

c. Consequences include malicious codes attacks

i. Malicious Code Attacks

 Description: Malicious code refers to harmful software designed to disrupt, damage, or

gain unauthorized access to systems. This category includes various types of malware,
such as viruses, worms, trojans, and ransomware.
 Impact:
 System Compromise: Malicious code can gain control over the infected system,
allowing attackers to execute arbitrary commands.
 Data Corruption: Files may be corrupted or deleted, leading to data loss and
operational disruptions.
 Ransomware: Some malicious codes encrypt files, demanding a ransom for
decryption, which can lead to significant financial losses.
 Spread of Infection: Malware can propagate through networks, infecting
additional systems and increasing the scope of damage.

ii. Unauthorized Intrusions

 Description: Attackers may gain unauthorized access to networks and computer systems,
often exploiting vulnerabilities.
 Impact:
 Data Breaches: Sensitive information, such as personal data or intellectual
property, can be stolen or exposed.
 Loss of Control: Organizations may lose control over their systems, leading to
potential exploitation or manipulation.

iii. Denial of Service (DoS) Attacks

 Description: DoS attacks aim to make services unavailable to legitimate users by

overwhelming them with traffic.
 Impact:
  Service Disruption: Websites and services become inaccessible, impacting
business operations and customer satisfaction.
 Financial Loss: Downtime can lead to significant revenue losses, especially for e-
commerce platforms.

iv. Data Theft

 Description: Cyber-attacks can result in the unauthorized acquisition of sensitive

information, including financial data and personal details.
 Impact:
 Identity Theft: Stolen personal data can be used for fraudulent activities, leading
to financial and reputational harm.
 Regulatory Penalties: Organizations may face legal consequences and fines for
failing to protect sensitive information.

v. Impact on E-Commerce

 Description: Cyber-attacks can severely affect online businesses, leading to loss of

customer trust and revenue.
 Impact:
 Loss of Consumer Trust: Customers may hesitate to engage in transactions with
a company that has experienced a data breach.
 Reduced Sales: Compromised systems can lead to decreased sales and long-term
damage to brand reputation.

d. Unauthorized intrusions networks and computer systems and Denial of Service attacks,
theft of information

i. Unauthorized Intrusions

 Description: Unauthorized intrusions occur when attackers gain access to networks and
computer systems without permission, often exploiting vulnerabilities or using stolen
credentials.
 Impact:
 Data Breaches: Sensitive information, including personal, financial, and
proprietary data, can be stolen. This can lead to identity theft and financial fraud.
 Loss of Control: Organizations may lose control over their systems, allowing
attackers to manipulate, delete, or exfiltrate data.
 Reputation Damage: Public knowledge of a breach can severely damage an
organization’s reputation, leading to loss of customer trust and loyalty.
 Legal Consequences: Organizations may face lawsuits and regulatory penalties
for failing to protect sensitive information.

ii. Denial of Service (DoS) Attacks

  Description: DoS attacks aim to make a service or website unavailable to legitimate users
by overwhelming it with traffic or exploiting vulnerabilities.
 Impact:
 Service Disruption: Websites and online services become inaccessible, which can
halt business operations and lead to customer dissatisfaction.
 Financial Loss: Extended downtime can result in significant revenue losses,
especially for e-commerce sites that rely on continuous availability.
 Increased Costs: Organizations may incur additional costs to mitigate attacks,
such as investing in more robust infrastructure or security measures.

iii. Theft of Information

 Description: Cyber-attacks often aim to steal sensitive information, which can include
personal data, financial records, and trade secrets.
 Impact:
 Identity Theft: Stolen personal information can be used to impersonate
individuals, leading to financial loss and credit damage.
 Corporate Espionage: Theft of proprietary information can give competitors an
unfair advantage, harming the original organization’s market position.
 Regulatory and Compliance Issues: Organizations may face scrutiny and penalties
for failing to protect sensitive data, particularly if they are subject to regulations
like GDPR or HIPAA.

e. Impact on e-commerce including theft of credit card details and loss of consumer
trust/willingness to engage in e-commerce

i. Theft of Credit Card Details

 Description: Cyber-attacks targeting e-commerce platforms often aim to steal credit card
information and other payment details from customers.
 Impact:
 Financial Loss for Consumers: Victims of credit card theft may face
unauthorized charges, leading to financial hardship and stress.
 Chargebacks for Merchants: E-commerce businesses may incur chargebacks
when customers dispute fraudulent transactions, resulting in lost revenue and
additional fees.
 Increased Transaction Costs: Merchants may need to invest in enhanced
security measures and fraud detection systems, increasing operational costs.

ii. Loss of Consumer Trust

  Description: A significant cyber-attack can undermine consumer confidence in e-
commerce platforms, impacting their willingness to shop online.
 Impact:
 Reduced Customer Loyalty: Customers may choose to avoid brands that have
experienced data breaches, leading to a decline in repeat business.
 Negative Publicity: News of a breach can spread quickly, damaging a brand's
reputation and discouraging new customers from engaging with the platform.
 Shift to Competitors: Consumers may turn to competitors perceived as more
secure, leading to a loss of market share for affected businesses.

iii. Willingness to Engage in E-Commerce

 Description: Consumer hesitance to make online purchases can increase following high-
profile attacks or data breaches.
 Impact:
 Decreased Sales: A drop in consumer confidence can result in lower sales
volumes, impacting overall business performance.
 Long-Term Trends: If consumers develop a lasting fear of online shopping,
businesses may struggle to recover even after security improvements are made.
 Increased Customer Education: Businesses may need to invest in educating
customers about security measures and practices to regain trust.

3. Different techniques used to protect against attacks

a. Evaluating different security risks present in a given situation

i. Risk Assessment

 Description: Conducting a comprehensive risk assessment helps identify, analyze, and

prioritize potential security risks within an organization.
 Steps:
 Identify Assets: Determine what valuable assets need protection (e.g., data,
systems, intellectual property).
 Identify Threats and Vulnerabilities: Assess potential threats (e.g., malware,
insider threats) and vulnerabilities (e.g., outdated software, weak passwords).
 Analyze Impact: Evaluate the potential impact of different threats on the
organization’s assets.
 Determine Likelihood: Estimate the likelihood of each threat occurring.
 Prioritize Risks: Rank risks based on their potential impact and likelihood to
focus on the most critical issues.

ii. Regular Security Audits

  Description: Performing regular security audits helps organizations assess the
effectiveness of their security measures and identify areas for improvement.
 Focus Areas:
 Policy Compliance: Ensure adherence to security policies and protocols.
 Vulnerability Scanning: Identify and address vulnerabilities in systems and
networks.
 Access Controls: Review user access levels and permissions to ensure they align
with job responsibilities.

iii. Threat Modeling

 Description: Threat modeling is a proactive approach to identifying and mitigating

potential security threats during the design phase of systems or applications.
 Steps:
 Define Security Objectives: Establish what the system aims to protect.
 Identify Assets and Entry Points: Determine what assets are vulnerable and how
attackers might gain access.
 Analyze Threats: Identify potential threats and categorize them (e.g.,
unauthorized access, data breaches).
 Develop Mitigation Strategies: Create strategies to mitigate identified threats.

iv. Incident Response Planning

 Description: Developing an incident response plan prepares organizations to effectively

respond to security incidents.
 Components:
 Preparation: Establish a response team and define roles and responsibilities.
 Detection and Analysis: Implement monitoring tools to detect incidents and
analyze their impact.
 Containment, Eradication, and Recovery: Outline steps to contain the incident,
remove threats, and recover affected systems.
 Post-Incident Review: Conduct a review to learn from the incident and improve
future responses.

b. Recommending a range of techniques used to protect against attacks, including

deployment of anti-virus software

i. Anti-Virus Software

 Description: Anti-virus software detects and removes malware, including viruses,

worms, and trojans.
 Benefits:
 Provides real-time protection against known threats.
  Regular updates ensure protection against emerging malware.
 Scans files and emails for malicious content.

ii. Firewalls

 Description: Firewalls act as a barrier between trusted internal networks and untrusted
external networks.
 Types:
 Hardware Firewalls: Physical devices that filter traffic entering and leaving a
network.
 Software Firewalls: Applications installed on individual devices to monitor and
control incoming and outgoing traffic.
 Benefits:
 Blocks unauthorized access to networks and systems.
 Monitors traffic for suspicious activity.

iii. Intrusion Detection and Prevention Systems (IDPS)

 Description: IDPS monitor network traffic for suspicious activity and can take action to
prevent intrusions.
 Benefits:
 Identifies and alerts on potential threats in real-time.
 Can automatically block malicious traffic based on defined rules.

iv. Multi-Factor Authentication (MFA)

 Description: MFA requires multiple forms of verification before granting access to

systems or accounts.
 Benefits:
 Adds an extra layer of security beyond just passwords.
 Reduces the risk of unauthorized access even if credentials are compromised.

v. Regular Software Updates and Patch Management

 Description: Keeping software and systems up to date with the latest security patches.
 Benefits:
 Addresses known vulnerabilities that could be exploited by attackers.
 Reduces the risk of malware infections and breaches.

vi. Data Encryption

 Description: Encrypting sensitive data both at rest and in transit to protect it from
unauthorized access.
  Benefits:
 Ensures that even if data is intercepted or accessed, it remains unreadable without
the decryption key.
 Protects sensitive information, such as credit card details and personal data.

vii. Security Awareness Training

 Description: Educating employees about cybersecurity best practices and recognizing

potential threats.
 Benefits:
 Helps employees identify phishing attempts and other social engineering tactics.
 Promotes a culture of security within the organization.

viii. Backup and Recovery Solutions

 Description: Regularly backing up data to ensure it can be restored in the event of a

cyber-attack or data loss.
 Benefits:
 Protects against data loss due to ransomware attacks or hardware failures.
 Facilitates quick recovery and minimizes downtime.

ix. Network Segmentation

 Description: Dividing a network into smaller segments to contain potential breaches.

 Benefits:
 Limits the spread of malware and unauthorized access.
 Enhances security by isolating sensitive systems and data.

x. Incident Response Plan

 Description: Developing a structured plan to respond to security incidents quickly and

effectively.
 Benefits:
 Ensures a coordinated response to minimize damage and recover quickly.
 Provides clear roles and responsibilities during a security incident.

c. Several counter measures that may help e.g., virus scan software with full weekly
scan and frequent updates

i. Anti-Virus Software

 Description: Deploy comprehensive anti-virus solutions to detect and eliminate malware.

  Countermeasures:
 Full Weekly Scans: Schedule full system scans weekly to identify and remove
threats.
 Frequent Updates: Ensure the software is updated regularly to protect against the
latest threats.

ii. Firewalls

 Description: Implement both hardware and software firewalls to monitor incoming and
outgoing network traffic.
 Countermeasures:
 Configuration Management: Regularly review and update firewall rules to
block unauthorized access.
 Logging and Monitoring: Enable logging to track suspicious activities and
analyze traffic patterns.

iv. Intrusion Detection and Prevention Systems (IDPS)

 Description: Utilize IDPS to monitor network traffic for potential threats.

 Countermeasures:
 Real-Time Alerts: Configure alerts for suspected intrusions to enable prompt
response.
 Regular Updates: Keep the IDPS signatures updated to identify new attack
vectors.

v. Multi-Factor Authentication (MFA)

 Description: Require multiple forms of verification for accessing sensitive systems.

 Countermeasures:
 Implementation Across All Access Points: Enforce MFA for all user accounts,
especially for administrative access.
 User Education: Train users on the importance of MFA and how to use it
effectively.

vi. Regular Software and System Updates

 Description: Keep all software and operating systems updated to patch vulnerabilities.
 Countermeasures:
 Automated Updates: Enable automatic updates for critical software to ensure
timely patching.
 Regular Review: Conduct periodic reviews of installed software to identify any
that require updates.
vii. Data Encryption

 Description: Encrypt sensitive data at rest and in transit to protect it from unauthorized
access.
 Countermeasures:
 Full Disk Encryption: Implement full disk encryption on all devices to safeguard
data.
 Secure Transmission Protocols: Use protocols like HTTPS, TLS, and VPNs for
secure data transmission.

viii. Security Awareness Training

 Description: Educate employees on cybersecurity best practices and threat recognition.

 Countermeasures:
 Regular Training Sessions: Conduct training sessions at least semi-annually to
keep staff updated.
 Phishing Simulations: Implement phishing simulations to test and reinforce
employee awareness.

ix. Backup and Recovery Solutions

 Description: Establish a robust backup strategy to protect data from loss or corruption.
 Countermeasures:
 Regular Backups: Schedule automated backups daily or weekly, depending on
data criticality.
 Offsite Storage: Store backups in a secure offsite location or cloud service to
protect against physical disasters.

x. Network Segmentation

 Description: Divide the network into segments to limit access and contain breaches.
 Countermeasures:
 Access Control Policies: Implement strict access control policies to limit user
access to specific segments.
 Monitoring Traffic Between Segments: Monitor traffic between segments to
detect unusual behavior.

xi. Incident Response Plan

 Description: Develop and maintain a clear incident response plan.

 Countermeasures:
 Regular Drills: Conduct regular drills to ensure staff are familiar with response
procedures.
  Post-Incident Reviews: Analyze incidents after they occur to improve response
strategies.

d. Automatic updates of virus scans

Importance of Automatic Updates

Automatic updates for virus scans are essential for maintaining robust cybersecurity.
They ensure that the anti-virus software is always equipped with the latest threat
definitions and security patches, which helps protect against newly discovered malware
and vulnerabilities.
Key Features of Automatic Updates

i. Real-Time Protection:
 Description: Anti-virus software provides real-time scanning of files and
applications as they are accessed or downloaded.
 Benefit: Immediate detection and response to potential threats, minimizing the
risk of infection.
ii. Scheduled Scans:
 Description: Set automatic scans to run at regular intervals (e.g., daily,
weekly).
 Benefit: Ensures that the entire system is regularly checked for malware, even
if users forget to run manual scans.
iii. Frequent Definition Updates:
 Description: The software automatically downloads updates for virus
definitions and threat databases.
 Benefit: Protects against the latest known threats, enhancing overall security.
iv. Software Patching:
 Description: Automatic updates can also include patches for the anti-virus
software itself.
 Benefit: Fixes vulnerabilities in the software that could be exploited by
attackers.
v. User Notifications:
 Description: Users are notified when updates are installed or when scans are
completed.
 Benefit: Keeps users informed about the security status of their systems.

Best Practices for Automatic Updates

 Enable Automatic Updates: Always enable the automatic update feature in your
anti-virus software to ensure you receive the latest protections without delay.
 Configure Scheduled Scans: Set up scheduled scans during off-peak hours to
minimize disruption while ensuring regular system checks.
  Monitor Update Logs: Regularly review update logs to ensure that updates are
being applied successfully and to identify any issues.
 Combine with Other Security Measures: Use automatic virus scan updates in
conjunction with firewalls, intrusion detection systems, and user training for
comprehensive protection.

e. System update server (SUS)

What is a System Update Server (SUS)?

A System Update Server (SUS) is a central server used to manage and distribute software
updates and patches for operating systems and applications within an organization. It
allows IT administrators to streamline the update process, ensuring that all systems are
up-to-date and secure.

Key Features of SUS

 Centralized Management:
 Description: SUS provides a single point of control for managing updates
across multiple devices and systems.
 Benefit: Simplifies the administration of software updates, reducing the
workload on IT staff.
 Automated Deployment:
 Description: Automatically downloads and deploys updates to client
machines.
 Benefit: Ensures that all systems receive critical updates without the need for
manual intervention.
 Customization of Update Policies:
 Description: Administrators can configure policies to control when and how
updates are applied.
 Benefit: Allows for flexibility in scheduling updates to minimize disruptions
to users.
 Reporting and Monitoring:
 Description: Provides tools for monitoring the status of updates and
generating reports on compliance.
 Benefit: Helps IT teams track which systems are updated and identify any
issues or failures.
 Support for Multiple Platforms:
 Description: Many SUS solutions support various operating systems and
applications.
 Benefit: Facilitates the management of diverse environments within an
organization.

Benefits of Using a SUS

 Enhanced Security: By ensuring that all systems are regularly updated, a SUS reduces
vulnerabilities and protects against security threats.
 Reduced Downtime: Automated updates minimize the need for manual interventions,
reducing system downtime and user disruptions.
 Consistency Across Systems: Ensures that all devices have the same updates applied,
promoting uniformity and reducing compatibility issues.
 Cost Efficiency: Streamlines the update process, saving time and resources for IT teams,
which can be redirected to other critical tasks.

Best Practices for Implementing a SUS

i. Regular Maintenance: Keep the SUS server itself updated and maintained to
ensure optimal performance and security.
ii. Test Updates Before Deployment: Implement a testing phase for updates on a
small group of systems before a full rollout to catch potential issues.
iii. User Communication: Inform users of scheduled updates and any expected
downtime to manage expectations.
iv. Backup Systems: Regularly back-up systems before applying updates to ensure
quick recovery in case of update failures.
v. Monitor and Review: Continuously monitor update logs and system performance
post-deployment to identify and address any issues promptly.

f. Allowing only approved software to run on computer systems, removing

authorizations from user accounts, (so that, for example, they are unable to install
software not approved)

Overview
Allowing only approved software to run on computer systems and removing unnecessary
authorizations from user accounts are critical measures in enhancing security and
preventing unauthorized software installations. This approach helps mitigate risks
associated with malware, unapproved applications, and potential data breaches.
Key Strategies
 Software Restriction Policies (SRP)
 Description: Implement SRPs to define what software can run on systems based
on various criteria, such as file path, hash, or digital signature.
 Benefits:
 Prevents unauthorized applications from executing.
 Reduces the risk of malware infections.
 Ensures compliance with organizational software standards.
 Application Whitelisting
 Description: Create a list of approved applications (whitelist) that are allowed to
run on devices.
 Benefits:
  Only verified software is permitted, enhancing security.
 Simplifies the management of software installations and updates.
 User Account Control (UAC)
 Description: Configure UAC settings to limit user permissions, preventing
standard users from installing software.
 Benefits:
 Reduces the risk of unapproved software being installed inadvertently.
 Allows only administrators to make system-wide changes.
 Role-Based Access Control (RBAC)
 Description: Implement RBAC to assign permissions based on user roles within
the organization.
 Benefits:
 Ensures that only authorized personnel can install or modify software.
 Provides a clear structure for managing user permissions.
 Group Policy Management
 Description: Use Windows Group Policy to enforce software restrictions across
all systems in a network.
 Benefits:
 Centralized management of software policies.
 Easy implementation of changes across all devices.
 Regular Audits and Reviews
 Description: Conduct regular audits to review installed software and user
permissions.
 Benefits:
 Identifies unauthorized software and users with excessive permissions.
 Ensures compliance with organizational policies.
 User Education and Training
 Description: Provide training for users on the importance of software restrictions
and security best practices.
 Benefits:
 Raises awareness of security risks associated with unauthorized software.
 Encourages adherence to organizational policies.

Implementation Steps

i. Define Approved Software: Collaborate with IT and relevant departments to create a list
of approved applications based on business needs.
ii. Configure Software Restriction Policies: Set up SRPs or application whitelisting using
group policy or dedicated software management tools.
iii. Limit User Permissions: Review user accounts and remove administrative privileges
from users who do not require them for their roles.
iv. Communicate Changes: Inform users about the new policies and the rationale behind
restricting software installations.
v. Monitor Compliance: Use monitoring tools to ensure compliance with software
restrictions and address any violations promptly.
vi. Regularly Update Policies: Review and update the list of approved software and policies
as needed to adapt to changing business requirements and threats.

g. Running vulnerability scanners inside and outside the network

Overview

Vulnerability scanners are essential tools for identifying security weaknesses in an

organization’s IT infrastructure. By running scanners both inside and outside the
network, organizations can gain a comprehensive view of their security posture and
address vulnerabilities proactively.

Types of Vulnerability Scanners

1. External Vulnerability Scanners

 Purpose: Assess the security of systems accessible from outside the
organization’s network.
 Focus Areas:
 Public-facing servers (e.g., web servers, email servers).
 Network devices (e.g., firewalls, routers).
 Benefits:
 Identifies vulnerabilities that attackers might exploit from the internet.
 Helps ensure compliance with regulatory requirements and security
standards.
2. Internal Vulnerability Scanners
 Purpose: Evaluate the security of systems within the organization’s internal
network.
 Focus Areas:
 Workstations, servers, and databases.
 Network configurations and policies.
 Benefits:
 Detects vulnerabilities that may be exploited by insider threats or
malware.
 Provides insights into the security of internal systems and applications.

Implementation Steps

 Select Appropriate Scanning Tools

 Choose vulnerability scanners based on organizational needs, such as
Nessus, Qualys, or OpenVAS.
 Ensure the tools selected can perform both external and internal scans.
  Define Scanning Scope
 External Scans: Identify all public-facing IP addresses and services to
include in the assessment.
 Internal Scans: Map the internal network to include all critical assets and
systems.
 Schedule Regular Scans
 Frequency:
 External scans: Monthly or quarterly, depending on the threat
landscape.
 Internal scans: Weekly or bi-weekly for real-time detection of
vulnerabilities.
 Automated Scans: Set up automated scanning jobs to ensure consistency
and timely assessments.
 Configure Scan Settings
 Adjust settings to balance between thoroughness and system performance,
avoiding excessive load during peak hours.
 Enable options to check for specific vulnerabilities, compliance checks, and
misconfigurations.
 Analyze Scan Results
 Review reports generated by the scanners, focusing on the severity of
vulnerabilities.
 Prioritize vulnerabilities based on risk assessment and potential impact.
 Remediation and Mitigation
 Develop a plan to address identified vulnerabilities, including patching,
configuration changes, and other security measures.
 Assign responsibilities to relevant teams for timely remediation.
 Continuous Monitoring and Improvement
 Implement a continuous monitoring strategy to detect new vulnerabilities as
they arise.
 Regularly update the scanning tools and methodologies to keep pace with
evolving threats.

Best Practices

 Integrate with Other Security Tools: Combine vulnerability scanning with intrusion
detection systems (IDS) and firewalls for a comprehensive security strategy.
 Maintain an Asset Inventory: Keep an updated inventory of all assets to ensure
complete coverage during scans.
 Conduct Penetration Testing: Consider supplemental penetration testing to validate
findings from vulnerability scans and identify additional weaknesses.
 Train Staff: Educate IT staff on interpreting scan results and implementing remediation
strategies effectively.
h. Common myths about malware

 Myth: Only Windows Systems Are Vulnerable to Malware

 Fact: While Windows systems are frequent targets due to their popularity,
malware can affect any operating system, including macOS, Linux, and mobile
platforms like Android and iOS.
 Myth: Malware Only Affects Computers
 Fact: Malware can target various devices, including smartphones, tablets, and
Internet of Things (IoT) devices. As connected devices become more common,
they can also become entry points for attacks.
 Myth: You Only Get Infected by Downloading Files
 Fact: Malware can be delivered through various methods, including malicious
links, email attachments, compromised websites, and even through legitimate
applications that have been tampered with.
 Myth: Antivirus Software Provides Complete Protection
 Fact: While antivirus software is an essential tool for detecting and removing
malware, it cannot offer 100% protection. New malware variants may evade
detection, and user behavior plays a significant role in security.
 Myth: Mac Users Don’t Need Antivirus Software
 Fact: Although Macs have historically been less targeted, they are not immune
to malware. The rise in Mac usage has led to increased attacks, and using
antivirus software is advisable.
 Myth: Malware Can Only Affect Your Files
 Fact: Malware can do much more than just corrupt or delete files. It can steal
sensitive information, monitor your activities, hijack your system for botnets,
and even encrypt data for ransom.
 Myth: All Malware Is Easily Detectable
 Fact: Some malware, especially advanced persistent threats (APTs) and
rootkits, can be designed to operate stealthily, making them difficult to detect
and remove.
 Myth: Once Infected, You Can Just Delete the Malware
 Fact: Simply deleting the malware file may not remove it completely. Malware
can create backdoors or modify system settings, requiring specialized tools and
procedures for thorough removal.
 Myth: Only Large Organizations Are Targeted by Malware
 Fact: Small businesses and individuals are increasingly targeted by malware,
often because they have weaker security measures in place. Everyone is at risk.
 Myth: Opening Emails from Known Contacts Is Safe
 Fact: Even if an email comes from a known contact, it can be compromised.
Always be cautious with links and attachments, even if you trust the sender.

i. Firewalls and, boundary devices

Overview
 Firewalls and boundary devices are critical components of network security. They serve
as protective barriers between internal networks and external threats, controlling the flow
of traffic and ensuring that only authorized communications occur.

Firewalls

Definition
A firewall is a network security device that monitors and controls incoming and outgoing
network traffic based on predetermined security rules.

Types of Firewalls

1. Packet-Filtering Firewalls:
 Function: Inspects packets of data and allows or blocks them based on
source/destination IP addresses, protocols, and ports.
 Use Case: Basic filtering of traffic without deep inspection.
2. Stateful Inspection Firewalls:
 Function: Monitors the state of active connections and makes decisions based on
the context of the traffic.
 Use Case: Provides greater security than packet-filtering by keeping track of the
state of connections.
3. Proxy Firewalls:
 Function: Acts as an intermediary between the user and the internet, filtering
requests and responses.
 Use Case: Offers additional security by hiding the internal network from external
users.
4. Next-Generation Firewalls (NGFW):
 Function: Combines traditional firewall features with advanced capabilities, such
as intrusion prevention, deep packet inspection, and application awareness.
 Use Case: Provides comprehensive security for modern threats.

Key Features

 Traffic Filtering: Blocks or allows traffic based on rules.

 Logging and Monitoring: Records traffic patterns and alerts on suspicious activities.
 Virtual Private Network (VPN) Support: Enables secure remote access to the internal
network.

Boundary Devices

Definition
Boundary devices are security appliances that serve as the first line of defense at the
perimeter of a network, controlling and securing the entry and exit points.
 Types of Boundary Devices

1. Intrusion Detection Systems (IDS):

 Function: Monitors network traffic for suspicious activity and alerts
administrators.
 Use Case: Detects potential threats and provides insight into security incidents.
2. Intrusion Prevention Systems (IPS):
 Function: Monitors network traffic like an IDS but can also take action to block
or mitigate detected threats.
 Use Case: Provides proactive protection against attacks.
3. Unified Threat Management (UTM) Devices:
 Function: Combines multiple security features, such as firewall, IDS/IPS,
antivirus, and content filtering, into a single device.
 Use Case: Simplifies security management for small to medium-sized businesses.
4. Network Address Translation (NAT) Devices:
 Function: Hides internal IP addresses by translating them to a single external IP
address.
 Use Case: Enhances security by obscuring internal network structure.

Importance of Firewalls and Boundary Devices

 Threat Prevention: Protects against unauthorized access and various cyber threats,
including malware and intrusions.
 Policy Enforcement: Ensures compliance with organizational security policies by
controlling traffic based on established rules.
 Network Segmentation: Helps segment networks to limit the spread of potential attacks.
 Remote Access Security: Safeguards remote connections, ensuring secure access for
remote workers.

Best Practices

 Regularly Update Rules and Policies: Continuously review and update firewall rules
and device configurations to adapt to evolving threats.
 Monitor Logs: Regularly analyze logs for unusual patterns that could indicate security
issues.
 Conduct Penetration Testing: Test the effectiveness of firewalls and boundary devices
by simulating attacks.
 Implement Layered Security: Use multiple security devices and strategies to create a
defense-in-depth approach.

j. Intrusion detection systems

What is an Intrusion Detection System?

An Intrusion Detection System (IDS) is a security tool that monitors network traffic and
system activities for malicious actions or policy violations. It is designed to detect
unauthorized access or anomalies in real-time, providing alerts to system administrators.

Types of Intrusion Detection Systems

 Network-Based IDS (NIDS)

 Description: Monitors network traffic to detect suspicious activities
across the entire network.
 Functionality: Analyzes packets and headers for known attack signatures
and unusual traffic patterns.
 Example: Placed at network entry points to monitor all incoming and
outgoing traffic.
 Host-Based IDS (HIDS)
 Description: Monitors activities on individual hosts or devices.
 Functionality: Analyzes system logs, file integrity, and user activity for
signs of intrusion.
 Example: Installed on servers or workstations to provide detailed
monitoring of specific systems.
 Hybrid IDS
 Description: Combines features of both network-based and host-based
systems.
 Functionality: Provides comprehensive monitoring by analyzing both
network traffic and host activity.
 Benefit: Offers a more robust security solution by covering multiple layers
of the environment.

Key Functions of IDS

 Traffic Analysis: Monitors and analyzes network traffic for anomalies or

known attack patterns.
 Alert Generation: Sends alerts to administrators when suspicious activity
is detected, allowing for timely responses.
 Log Management: Records and stores logs of detected incidents for
future analysis and compliance purposes.
 Forensic Analysis: Provides data that can be analyzed post-incident to
understand the nature and impact of an attack.

Detection Methods

 Signature-Based Detection
 Description: Compares incoming data against a database of known
attack signatures.
 Advantage: Highly effective for known threats.

Limitation: Ineffective against new, unknown attacks (zero-day

vulnerabilities).
 Anomaly-Based Detection
 Description: Establishes a baseline of normal behavior and flags
deviations from this norm.
 Advantage: Can detect previously unknown threats.
 Limitation: May produce false positives due to benign anomalies.

k. Network security

Overview

Network security encompasses measures and protocols designed to protect the integrity,
confidentiality, and availability of computer networks and data. It involves a combination
of hardware, software, policies, and procedures to safeguard networks from unauthorized
access, misuse, and attacks.

Key Components of Network Security

i. Firewalls
 Function: Act as barriers between trusted internal networks and
untrusted external networks.
 Types: Packet-filtering, stateful inspection, proxy, and next-generation
firewalls.
ii. Intrusion Detection and Prevention Systems (IDPS)
 Intrusion Detection System (IDS): Monitors network traffic for
suspicious activity and alerts administrators.
 Intrusion Prevention System (IPS): Monitors and actively blocks
potential threats based on predefined rules.
iii. Virtual Private Networks (VPN)
 Function: Encrypts internet connections to secure data transmission,
especially for remote users.
 Use Case: Provides secure access to private networks over public
networks.
iv. Antivirus and Anti-malware Solutions
 Function: Detects, prevents, and removes malicious software from
networks and devices.
 Importance: Essential for protecting endpoints and servers from
malware infections.
v. Access Control
 Definition: Mechanisms that restrict access to network resources based
on user roles and permissions.
  Types: Role-Based Access Control (RBAC), Mandatory Access Control
(MAC), and Discretionary Access Control (DAC).
vi. Network Segmentation
 Function: Divides a network into smaller, isolated segments to limit the
spread of attacks and enhance performance.
 Benefits: Improved security and better control over network traffic.
vii. Data Loss Prevention (DLP)
 Function: Monitors and controls data transfer to prevent unauthorized
access and data breaches.
 Use Case: Protects sensitive information from being leaked or
mishandled.
viii. Encryption
 Function: Protects data by converting it into a coded format that can only
be read by authorized users.
 Importance: Ensures data confidentiality during transmission and
storage.

Best Practices for Network Security

i. Regular Updates and Patching

 Keep software, operating systems, and security devices updated to protect
against known vulnerabilities.
ii. Strong Password Policies
 Implement complex password requirements and encourage regular
password changes to enhance account security.
iii. User Education and Awareness
 Train employees on security best practices, phishing detection, and safe
internet usage to reduce human error.
iv. Monitoring and Logging
 Continuously monitor network traffic and maintain logs for analysis to
detect and respond to security incidents.
v. Incident Response Plan
 Develop and maintain a plan to respond to security breaches, including
steps for containment, eradication, and recovery.
vi. Regular Security Assessments
 Conduct vulnerability assessments and penetration testing to identify and
address potential weaknesses in the network.

Learning Outcome 3: Understand

attacks based on social engineering
1. Phishing, spam and other scam email content
a. Comparing phishing, spam and other scam email content
 Phishing Emails

Purpose: To trick recipients into revealing sensitive information (e.g.,

passwords, credit card numbers) or installing malware.
Characteristics:
Urgency: Often creates a sense of urgency (e.g., "Your account will be
suspended!").
Impersonation: Mimics legitimate organizations (banks, tech companies).
Links: Includes malicious links that lead to fake websites.
Personalization: May use the recipient's name or other personal details to
appear credible.

 Spam Emails

Purpose: Primarily to advertise products or services, often without permission.

Characteristics:
Volume: Sent in bulk to a wide audience, typically unsolicited.
Content: Can include advertisements, promotions, or low-quality content.
Legitimacy: Often from unknown senders; may contain misleading subject
lines.
Opt-out Options: May offer a way to unsubscribe, though this is not always
legitimate.

 Other Scam Emails (e.g., Nigerian Prince Scams)

Purpose: To deceive recipients into sending money or providing personal

information.
Characteristics:
Unusual Requests: Often involves offers of large sums of money in exchange
for help (e.g., "You have inherited money!").
Emotional Appeal: May play on emotions, such as sympathy or greed.
Poor Grammar: Frequently contains spelling and grammatical errors.
Unrealistic Promises: Offers that seem too good to be true (e.g., quick riches).

Comparison Summary

Aspect Phishing Spam Other Scams

Stealing sensitive Advertising Deceiving for

Purpose
info products/services money or info
Aspect Phishing Spam Other Scams

Moderate
High (immediate
Urgency Low (informative) (often plays on
action required)
emotions)

Impersonates Unknown or
Unknown or
Sender legitimate fabricated
dubious senders
organizations identities

Can be
Links Often malicious Typically legitimate malicious or
harmless

High
Content Variable, often low Often poorly
(craftsmanship to
Quality quality written
deceive)

b. Types of phishing attacks e.g. deceptive phishing through a misleading

email, malware-based phishing using malicious software on user’s PC, key
loggers or screen loggers, session hijacking, web Trojans, hosts file
poisoning

 Deceptive Phishing

 Description: The most common type of phishing attack, where attackers

impersonate legitimate organizations to trick users into providing sensitive
information.
 Method: Typically involves misleading emails that appear to be from trusted
sources (e.g., banks, online services).
 Example: An email claiming that your account has been compromised, urging
you to click a link to verify your identity.

 Malware-Based Phishing

 Description: This type involves the use of malicious software to compromise

a user's system.
 Method: Attackers may send emails with attachments or links that, when
clicked, install malware on the user's device.
  Example: A seemingly legitimate document attachment that, once opened,
installs a Trojan that captures user data.

 Keyloggers and Screen Loggers

 Description: These are types of malware specifically designed to capture

keystrokes or screen activity.
 Method: Once installed on a device, they monitor and record user input or
screen content, sending the data back to the attacker.
 Example: A user unknowingly downloads a keylogger that records their login
credentials and sends them to the attacker.

 Session Hijacking

 Description: This attack takes advantage of a user's active session to gain

unauthorized access.
 Method: Attackers intercept session tokens or cookies, allowing them to
impersonate the user.
 Example: An attacker uses a man-in-the-middle attack to steal session
cookies from a user logged into a web application.

 Web Trojans

 Description: A type of malware that exploits vulnerabilities in web browsers

or applications.
 Method: When a user visits a malicious website, the Trojan is downloaded
and executed, often without the user's knowledge.
 Example: A website that appears legitimate but installs a Trojan that can
monitor web activity and capture sensitive data.

 Hosts File Poisoning

 Description: Involves altering the local hosts file to redirect users from
legitimate websites to malicious ones.
 Method: Attackers modify the hosts file on a user's device, changing the IP
address of trusted sites to point to malicious servers.
 Example: A user tries to visit their bank's website but is redirected to a fake
site that looks identical, where they unknowingly enter their login credentials.

c. System configuration attacks, data theft, DNS-based phishing

(‘pharming’), content injection, ‘man in-the-middle’ phishing, search
engine phishing
 System Configuration Attacks

 Description: These attacks target the configuration settings of devices or

networks to exploit vulnerabilities.
 Method: Attackers may gain unauthorized access to systems and modify
configurations to weaken security measures.
 Example: Changing firewall settings to allow unauthorized traffic or disabling
security features to facilitate further attacks.

 Data Theft

 Description: Directly involves stealing sensitive information from individuals

or organizations.
 Method: Attackers use various methods, including phishing emails and
malware, to access confidential data.
 Example: Gaining access to a database through stolen credentials and
extracting customer information for malicious use.

 DNS-Based Phishing (Pharming)

 Description: A technique that redirects users from legitimate websites to

fraudulent ones without their knowledge.
 Method: Attackers manipulate DNS settings or exploit vulnerabilities in DNS
servers to point users to fake websites.
 Example: A user types in a legitimate URL, but is redirected to a malicious
site designed to steal login credentials.

 Content Injection

 Description: Involves injecting malicious content into a legitimate website.

 Method: Attackers exploit vulnerabilities in web applications to alter the
content displayed to users.
 Example: Modifying a trusted website's page to include a fake login form that
captures user credentials.

 Man-in-the-Middle (MitM) Phishing

 Description: An attack where the attacker intercepts communication between

two parties, often without either party knowing.
 Method: Attackers can capture data being exchanged, modify it, or
impersonate one of the parties.
 Example: An attacker intercepts a user's connection to a bank and captures
login information while relaying the user's requests to the bank.
  Search Engine Phishing
 Description: Involves creating fake websites that appear in search engine
results to lure unsuspecting users.
 Method: Attackers optimize malicious sites for search engines, making them
appear legitimate and enticing to click.
 Example: A user searches for a well-known service and clicks on a sponsored
link that leads to a fraudulent page asking for personal information.

d. Use of social engineering to target specific individuals or roles compared to

’broadcast’ attacks

 Targeted Attacks (Spear Phishing)

 Description: Specific individuals or roles are targeted, often utilizing

personalized information to increase the likelihood of success.
 Method:
 Attackers gather information about the target, such as job role,
interests, or recent activities.
 Customizes messages to create a sense of trust and relevance.
 Examples:
 An email appearing to be from a CEO asking a finance employee to
transfer funds.
 A message that references a recent company event, making it more
relatable and convincing.

 Broadcast Attacks (Bulk Phishing)

 Description: Generic messages sent to a large number of recipients without

personalization, aiming for a broad audience.
 Method:
 Attackers create messages that can apply to many individuals, often
with little specific detail.
 Relies on the sheer volume of emails to achieve some level of
success.
 Examples:
 A mass email claiming that a user has won a prize and asking for
personal details to claim it.
 Phishing emails that impersonate a well-known service provider but
lack specific information related to the recipient.

Comparison Summary
 Targeted Broadcast
Attacks Attacks
Aspect
(Spear (Bulk
Phishing) Phishing)

Large
Specific
groups of
Audience individuals
individual
or roles
s

High Low
Personalizati
(customized (generic
on
messages) messages)

Minimal,
Detailed
often
Information knowledge
unrelated
Used about the
informatio
target
n

Higher due Lower,

Success Rate to trust and relies on
relevance volume

Prize
CEO
scams,
impersonatio
Examples generic
n, tailored
service
messages
alerts

4. How to make password security strong and factors that make it weak

a. Key problem is selecting a password that is easy to remember

 How to Make Password Security Strong

i. Use Complex Passwords
 Combine uppercase and lowercase letters, numbers, and special
characters.
 Aim for a minimum length of 12-16 characters.
ii. Avoid Common Words and Phrases
 Steer clear of easily guessable passwords, such as "password,"
"123456," or personal information (e.g., birthdays).
 iii. Use Passphrases
 Create a memorable phrase by combining random words or a
sentence. For example, "BlueSky!Dances@2025".
iv. Enable Two-Factor Authentication (2FA)
 Add an extra layer of security by requiring a second form of
verification (e.g., a text message code or authentication app).
v. Use a Password Manager
 Store and generate complex passwords securely, reducing the need
to remember multiple passwords.
vi. Regularly Update Passwords
 Change passwords periodically, especially for sensitive accounts,
and immediately after any suspected breach.

 Factors That Make Passwords Weak

i. Simplicity and Predictability

 Using simple passwords (e.g., "abc123") or predictable patterns
(e.g., "qwerty") makes them easier to guess.
ii. Reusing Passwords
 Using the same password across multiple accounts increases
vulnerability; if one account is compromised, others are at risk.
iii. Using Personal Information
 Incorporating easily obtainable personal information (e.g., names,
dates of birth) can lead to quick guesses by attackers.
iv. Short Passwords
 Passwords that are too short (e.g., less than 8 characters) are more
susceptible to brute-force attacks.
v. Infrequent Changes
 Failing to update passwords regularly allows attackers more time to
exploit them.

 Key Problem: Selecting a Memorable Password

 Challenge: Striking a balance between complexity and memorability

is crucial. Many users opt for simpler passwords because they are
easier to remember.

Solutions:

 Mnemonic Devices: Create acronyms or phrases that are easy to

recall but complex when written out (e.g., "My cat Fluffy loves to
eat tuna every Tuesday!" → "McFl2eT@T!").
  Personalized Variations: Take a base word and personalize it with
unique characters or numbers (e.g., "Summer2021!" becomes
"5umm3r!21").
 Use of Password Managers: As mentioned, these tools can help
generate and remember complex passwords, alleviating the need to
memorize every detail.

b. Factors contributing to weak passwords include use of personal information,

use of real words, using same name/word for different sites

 Use of Personal Information

 Description: Incorporating easily obtainable personal details (e.g.,

names, birthdays, addresses) into passwords makes them predictable.
 Risk: Attackers can often gather this information through social media
or public records, making it easier to guess passwords.

 Use of Real Words

 Description: Creating passwords that consist of common words or

phrases (e.g., "password," "letmein") is a significant vulnerability.
 Risk: Many attackers use dictionary attacks, where they try every word
in the dictionary to crack passwords. Real words are thus more
susceptible.

 Using the Same Name/Word for Different Sites

 Description: Reusing the same password or similar variations across

multiple accounts.
 Risk: If one account is compromised, all other accounts using the same
password become vulnerable. This practice leads to a chain reaction of
security breaches.

Additional Contributing Factors

 Short Passwords
 Passwords that are too brief (e.g., fewer than 8 characters) are easier
to crack using brute-force attacks.
 Predictable Patterns
 Using sequences (e.g., "123456") or keyboard patterns (e.g.,
"qwerty") makes passwords easily guessable.
 Failure to Update Passwords
 Not changing passwords regularly allows attackers more time to
exploit them if they are compromised.
c. Same character types

 Lack of Diversity in Character Types

 Description: Using passwords that consist of only one type of character
(e.g., all lowercase letters, all numbers) reduces complexity.
 Risk: Attackers can easily guess passwords when they contain limited
character variety, as the number of possible combinations is significantly
reduced.

Example of Weak Passwords

 All Lowercase Letters: "abcdefg"

 All Numbers: "123456"
 Single Character Type: "password123" (only letters and numbers)

Importance of Character Diversity

 Complexity: Mixing uppercase letters, lowercase letters, numbers, and

special characters creates a more complex password.
 Increased Combinations: The more varied the character types used, the
greater the number of potential combinations, making the password
harder to crack.
 Resistance to Attacks: Diverse passwords are more resilient against
both brute-force attacks and dictionary attacks.

Recommended Practices

 Combine Character Types: Create passwords that mix:

 Uppercase letters (A-Z)
 Lowercase letters (a-z)
 Numbers (0-9)
 Special characters (!@#$%^&*)
Example of a Strong Password
 Strong Password: "P@ssw0rd!2025" (includes uppercase, lowercase,
numbers, and special characters)

d. Techniques to strengthen passwords including use of passphrase, mixing

character types, not using real words, changing password regularly, using
different passwords for each website

Techniques to Strengthen Passwords

 Use Passphrases
  Description: Create a memorable phrase by combining random words or
a sentence.
 Example: "PurpleElephant!Dances@2025"
 Benefit: Longer and more complex than typical passwords, making
them harder to crack while remaining easier to remember.

 Mix Character Types

 Description: Incorporate a variety of character types, including:

 Uppercase letters (A-Z)
 Lowercase letters (a-z)
 Numbers (0-9)
 Special characters (!@#$%^&*)
 Example: "Giraffe&Rain123!"
 Benefit: Increases the complexity and number of possible combinations,
making passwords more resistant to attacks.

 Avoid Using Real Words

 Description: Refrain from using common words or phrases in

passwords.
 Example: Instead of "sunshine," use "3n$un$h!ne".
 Benefit: Reduces vulnerability to dictionary attacks, where attackers
guess passwords based on common words.

 Change Passwords Regularly

 Description: Update passwords periodically, especially for sensitive

accounts.
 Recommendation: Change passwords every 3 to 6 months.
 Benefit: Limits the risk of long-term exposure if a password is
compromised.

 Use Different Passwords for Each Website

 Description: Avoid reusing the same password across multiple

accounts.
 Benefit: If one account is breached, it prevents attackers from accessing
other accounts with the same password.

 Use a Password Manager

  Description: Utilize a password manager to generate and store complex
passwords securely.
 Benefit: Eliminates the need to remember multiple passwords, allowing
for unique and strong passwords for each account.

e. Using a password management tool to store and remember passwords securely,

e.g. a Password Vault program, allows storage of site address, logon IDs, and
passwords using one master password (that must be remembered)

Using a Password Management Tool

Benefits of a Password Management Tool

i. Secure Storage
 Description: Password management tools, such as password
vaults, store all your passwords securely in an encrypted format.
 Benefit: Reduces the risk of password theft by keeping
passwords out of plain sight and inaccessible to unauthorized
users.
ii. Simplified Access
 Description: Users can store site addresses, login IDs, and
passwords all in one place.
 Benefit: No need to remember multiple passwords; just
remember one master password.
iii. Strong Password Generation
 Description: Many password managers can generate complex,
random passwords.
 Benefit: Encourages the use of unique passwords for each site,
enhancing security.
iv. Automatic Form Filling
 Description: Password managers can autofill login forms on
websites.
 Benefit: Saves time and reduces the likelihood of entering
incorrect credentials.
v. Cross-Device Synchronization
 Description: Most password managers offer synchronization
across devices (e.g., computers, smartphones, tablets).
 Benefit: Access your passwords from anywhere, ensuring
convenience without compromising security.

Master Password
  Importance: The master password is the key to accessing the
password vault. It should be strong, memorable, and unique.
 Tips for Creating a Strong Master Password:
 Use a long passphrase combining random words and special
characters (e.g., "Bunny!Dance@2025").
 Avoid using easily guessable information, like names or
birthdays.
 Consider using a mnemonic to help remember it.

REFERNCES
Books
 Bosworth, S., Kabay, M. E. and Whyne, E., eds. 2009. Computer Security Handbook. 5th
ed. Hoboken: John Wiley & Sons.
 Engebretson, P., 2011. The Basics of Hacking and Penetration Testing: Ethical Hacking
and Penetration Testing Made Easy. Waltham: Syngress.
 Gollmann, D., 2011. Computer Security. 3rd ed. Chichester: John Wiley & Sons.
 Lehtinen, R., Russell, D. and Gangemi, G. T. 2006. Computer Security Basics. 2nd ed.
Sebastepol: O’Reilly. McClure, S., Scambray, J. and Kurtz, G., 2012. Hacking Exposed:
Network Security Secrets & Solutions. 7th ed. New YorkDifferent motivations of authors
of malware
REFERNCES
Books
 Bosworth, S., Kabay, M. E. and Whyne, E., eds. 2009. Computer Security Handbook. 5th
ed. Hoboken: John Wiley & Sons.
 Engebretson, P., 2011. The Basics of Hacking and Penetration Testing: Ethical Hacking
and Penetration Testing Made Easy. Waltham: Syngress.
 Gollmann, D., 2011. Computer Security. 3rd ed. Chichester: John Wiley & Sons.
 Lehtinen, R., Russell, D. and Gangemi, G. T. 2006. Computer Security Basics. 2nd ed.
Sebastepol: O’Reilly.
 McClure, S., Scambray, J. and Kurtz, G., 2012. Hacking Exposed: Network Security
Secrets & Solutions. 7th ed. New York
 ; London: McGraw-Hill.
Journals
 Computing, Springer. [online] Available at: <www.springer.com/computer/journal/607>
[Accessed 4 December 2012].
 Journal of Computing, Journal of Computing. [online] Available at:
<www.journalofcomputing.org/> [Accessed 4 December 2012].
Websites
 About.com: JavaScript, n.d. Password Generator. About.com: JavaScript. [online]
Available at: <http://javascript.about.com/library/blpasswd.htm> [Accessed 4 December
2012].
 Blackwell, G. 2005. When Hackers Attack. ECommerce-Guide. [online] Available at:
<www.ecommerce guide.com/solutions/building/article.php/3484666/When-Hackers-
Attack.htm> [Accessed 4 December 2012].
 HellBound Bloggers, n.d. 8 Symptoms of Computer Virus [Security]. HellBound
Bloggers. [online] Available at: <http://hellboundbloggers.com/2010/12/13/symptoms-
of-computer-virus/> [Accessed 12 December 2012].
 Indiana University, n.d. Information Security & Policy: Phishing. Indiana University.
[online} Available at: <http://protect.iu.edu/cybersecurity/safeonline/phishing>
[Accessed 4 November 2012].
 Landesman, M., 2008. What are Social Engineering Attacks? About.com: Antivirus
Software. [online] Available at: <http://antivirus.about.com/b/2008/10/10/what-are-
social-engineering-attacks.htm> [Accessed 4 December 2012].
 US_CERT, updated 2008. Recognising and Avoiding Email Scams. US_CERT. [online]
Available at: <www.us cert.gov/reading_room/emailscams_0905.pdf> [Accessed 4
December 2012].
Other
 Waldron, H., 2012. Avira Security – Symptoms of Malware Infection. MSMVPs.
[online] Available at: <http://msmvps.com/blogs/harrywaldron/archive/2012/11/19/avira-
security-symptoms-of-malwareinfection.aspx> [Accessed 11 December 2012].
 Shimonski, R. J., updated 2004. Denial of Service 101. WindowSecurity.com. [online]
Available at: <www.windowsecurity.com/articles/Denial_of_Service_101.html>
[Accessed 4 December 2012].
 Shimonski, R. J., updated 2004. What You Need to Know About Intrusion Detection
Systems. WindowSecurity.com. [online] Available at:
<www.windowsecurity.com/articles/what_you_need_to_know_about_intrusion_detectio
n_systems.html [Accessed 4 December 2012].
Todd, B., 2000. Distributed Denial of Service Attacks. Linux Security. [online] Available
at: <www.linuxsecurity.com/resource_files/intrusion_detection/ddos-whitepaper.html>
[Accessed 4 December 2012].