DENSA TVET COLLEGE

Web Development and Database

Administration
Level - I

Module Title: Protect Application or System Software

Module code: EIS WDDBA1 05 0322
Nominal duration: 30Hour
LEARNING OUTCOME
LO1. Ensure user accounts are controlled
LO2. Detect and remove destructive software
LO3. Identify and take action to stop spam
LO4. Perform workplace duties following written notices

September, 2022
Addis Ababa, Ethiopia
DENSA TVET COLLEGE

Introduction to the Module

This learner’s guide is prepared to help you achieve the required competence in “Web
Development and Database Administration”. This will be the source of information for you to
acquire knowledge and skills required to Protect Application or System Software.
This module covers the units :
 Ensure user accounts are controlled
 Detect and remove destructive software
 Identify and take action to stop spam
 Perform workplace duties following written notices
Learning Objective of the Module
 Ensure user account are controlled
 Detect and identify destructive software, spam.
 To perform workplace duties with notices
Module Instruction
For effective use this modules trainees are expected to follow the following module instruction:
1. Read the information written in each unit
2. Accomplish the Self-checks at the end of each unit
3. Perform Operation Sheets which were provided at the end of units
4. Do the “LAP test” given at the end of each unit and
5. Read the identified reference book for examples and exercise

Page 2 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

Unit one: user accounts control

This learning unit is developed to provide the trainees the necessary information regarding the
following content coverage and topics:
 Modifying default user settings to conform security policy
 Modifying previously created user settings to update security policy
 Ensuring legal notices displayed at logon
 Accessing information service
This unit will also assist you to attain the learning outcomes stated in the cover page.
Specifically, upon completion of this learning guide, you will be able to:
 Document and report client requirements
 Meet client requirements in line with organizational requirements.

Page 3 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
1.1. Modifying default user settings to conform security policy
1.1.1. Introduction on user access control

User access control (UAC) is defined as the capacity of an organization and its systems to
allow or deny a user or an object access to its systems and resources. A user can be restricted
from accessing a program, database or file. An object in this definition represents passive
entities such as a system or a process. Systems and processes under the UAC are also restricted
from accessing other processes and programs.
User Account Control (UAC) helps prevent malware from damaging a PC and helps
organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the
security context of a non-administrator account, unless an administrator specifically authorizes
administrator-level access to the system. UAC can block the automatic installation of
unauthorized apps and prevent inadvertent changes to system settings.
1.1.2. Components of User Access Control

The UAC comprises three main components. Each of these components are governed by a set of
UAC policies forming management policy. The three components are:
 Identification and authentication are two processes that determine who or what, if at
all, has access to any of the systems and resources. Without proper identification and
authorization, policies dictate that absolutely no access to the system or resource is
granted. Without a valid passport, unique to an individual, the visa is not granted.
 Authorization determines what an authorized user or object can access and the scope of
that access. As a non-immigrant you can shop at any mall or store but you do not have
right to access the free national health care system as a national would.
 Accountability identifies and establishes exactly what the user or the process did within
the system once access was granted.
1.2. User Access Control Policies
These policies detail the specifics which are used in enforcing the restrictions by the user access
controls on the systems.
A. Identification Policies

1. User access—users must reveal their identity to the system. This means that the user needs to
tell the system who he/she is. This is done by using a username.
DENSA TVET COLLEGE

2. Object access—the system must identify the object requesting access to the system using a
matching identifier previously stored within its database
B. Authentication Policies

Required authentication policies must:

 be based on something known and personal to the user such as a secret password or
unique identification number.
 be based on an authenticating piece of hardware used to unlock the account; such as a
smart card or token which is always in sole possession of the owner.
 be based on some physical characteristic or biometric identification. Science has
established that no two people are perfectly identical. As such, characteristics such as
fingerprints, iris recognition, and voice recognition have become internationally accepted
characteristics for authentication.

1.3. User account control process and interaction

User Account Control (UAC) is a fundamental component of Microsoft's overall security vision.
UAC helps mitigate the impact of malware.
1.4. Logon process

The following shows how the logon process for an administrator differs from the logon process
for a standard user.

Page 5 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

By default, standard users and administrators access resources and run apps in the security
context of standard users. When a user logs on to a computer, the system creates an access token
for that user. The access token contains information about the level of access that the user is
granted, including specific security identifiers (SIDs) and Windows privileges.
1.5. The UAC User Experience
When UAC is enabled, the user experience for standard users is different from that of
administrators in Admin Approval Mode.
1.5.1 The consent and credential prompts
With UAC enabled, Windows 10 or Windows 11 prompts for consent or prompts for credentials
of a valid local administrator account before starting a program or task that requires a full
administrator access token. This prompt ensures that no malicious software can be silently
installed.
i. The consent prompt
The consent prompt is presented when a user attempts to perform a task that requires a user's
administrative access token. The following is an example of the UAC consent prompt.

Page 6 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

ii. The credential prompt

The credential prompt is presented when a standard user attempts to perform a task that requires
a user's administrative access token. Administrators can also be required to provide their
credentials by setting the User Account Control: Behavior of the elevation prompt for
administrators in Admin Approval Modepolicy setting value to prompt for credentials.

The following is an example of the UAC credential prompt.

iii. UAC elevation prompts

Here's how to turn User Account Control (UAC) on or off in Windows 10 and later:

Page 7 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

1. Type UAC in the search field on your taskbar. (If the search field isn't visible, right-click
the Start button and choose Search.)
2. Click Change User Account Control settings in the search results.
3. Then do one of the following:
o To turn UAC off, drag the slider down to Never notify and click OK.
o To turn UAC on, drag the slider up to the desired level of security and click OK.
4. You may be prompted to confirm your selection or enter an administrator password.
5. Reboot your computer for the change to take effect.

 The UAC settings.

 Always notify.

Page 8 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

The UAC prompt is shown when apps try to install software or make changes to your
computer and when you try to change Windows settings. The Desktop is dimmed when a
UAC prompt is shown.

 Notify me only when apps try to make changes to my computer.

This is the default setting for UAC. UAC prompts aren’t shown when you try to make
changes to Windows settings. The Desktop is dimmed when a UAC prompt is shown.

 Notify me only when apps try to make changes to my computer (do not dim my
desktop).

UAC prompts are not shown when you try to make changes to Windows settings, but the
Desktop isn’t dimmed when a UAC prompt is shown.

 Never notify.

1.6. Configure security policy settings in window 10

Security settings can control:
 User authentication to a network or device.
 The resources that users are permitted to access.
 Whether to record a user's or group's actions in the event log.
 Membership in a group.

Page 9 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

To manage security configurations for multiple devices, you can use one of the following
options:
 Edit specific security settings in a GPO.
 Use the Security Templates snap-in to create a security template that contains the security
policies you want to apply, and then import the security template into a Group Policy
Object. A security template is a file that represents a security configuration, and it can be
imported to a GPO, applied to a local device, or used to analyze security.
For more info about managing security configurations, see Administer security policy settings.
The Security Settings extension of the Local Group Policy Editor includes the following types of
security policies:
 Account Policies. These policies are defined on devices; they affect how user accounts
can interact with the computer or domain. Account policies include the following types of
policies:
o Password Policy. These policies determine settings for passwords, such as
enforcement and lifetimes. Password policies are used for domain accounts.
o Account Lockout Policy. These policies determine the conditions and length of
time that an account will be locked out of the system. Account lockout policies
are used for domain or local user accounts.
o Kerberos Policy. These policies are used for domain user accounts; they
determine Kerberos-related settings, such as ticket lifetimes and enforcement.

 Local Policies. These policies apply to a computer and include the following types of
policy settings:

o Audit Policy. Specify security settings that control the logging of security events
into the Security log on the computer, and specifies what types of security events
to log (success, failure, or both).

o User Rights Assignment. Specify the users or groups that have sign-in rights or
privileges on a device

Page 10 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

o Security Options. Specify security settings for the computer, such as

Administrator and Guest Account names; access to floppy disk drives and CD-
ROM drives; installation of drivers; sign-in prompts; and so on.

 Windows Firewall with Advanced Security. Specify settings to protect the device on
your network by using a stateful firewall that allows you to determine which network
traffic is permitted to pass between your device and the network.

 Network List Manager Policies. Specify settings that you can use to configure different
aspects of how networks are listed and displayed on one device or on many devices.

 Public Key Policies. Specify settings to control Encrypting File System, Data Protection,
and BitLocker Drive Encryption in addition to certain certificate paths and services
settings.

 Software Restriction Policies. Specify settings to identify software and to control its
ability to run on your local device, organizational unit, domain, or site.

 Application Control Policies. Specify settings to control which users or groups can run
particular applications in your organization based on unique identities of files.

 IP Security Policies on Local Computer. Specify settings to ensure private, secure

communications over IP networks by using cryptographic security services. IPsec
establishes trust and security from a source IP address to a destination IP address.

 Advanced Audit Policy Configuration. Specify settings that control the logging of
security events into the security log on the device. The settings under Advanced Audit
Policy Configuration provide finer control over which activities to monitor as opposed to
the Audit Policy settings under Local Policies.
1.7. Using appropriate utilities to check strength of passwords and its complexity rules
1.7.1. Best Practices for Password Strength

Page 11 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

Before you use password strength checkers, you need to understand a critical aspect of identity
and access management: password best practices. After all, what good is a password validation
tool if you don’t know how to compose a strong password?
Critically, most password strength checkers judge credentials based on two key factors: strength
and complexity. The longer the password, the more time a cracking program requires to uncover
it. A password of twelve characters proves far more secure than a password of eight characters.
Don’t Allow Repeated Passwords
 Don’t Allow The Sharing of Passwords
 Don’t Incorporate Personal Information into Your Passwords
 Remember Password Expiration Policies Don’t Work
1.7.2. Password Strength Checkers and Validation Tools

Of course, you should only use password strength checkers which you can trust. Obviously, a
trustworthy validation tool should never store your passwords in any capacity; they should only
process your passwords in the browser. Again, you should never input your password into sites
you don’t trust.
Another important note is that almost all of these password strength checkers and validation tools
call themselves educational tools; they provide non-binding advice and exist primarily to help
users understand what they need to improve their passwords.

1.8. Identify Security Gaps

1.8.1. Authenticating Users

Before a user can log on to a computer running Windows, connect to a shared folder, or browse a
protected Web site, the resource must validate the user’s identity using a process known as
authentication.

Windows supports a variety of authentication techniques, including

 the traditional user name and password,

 smart cards, and
 third-party authentication components.

Authentication is the process of identifying a user.

Smart Card

Page 12 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

Biometrics

Self-check-1
Directions: Answer all the questions listed below.
1. User Access Control is defined as ___________

A. the tools with which users access the controls of the systems within an organization.
B. the components with which users access the controls of a system's resources and database.
C. the capacity of a user to allow or deny a system or an object access its organization.
D. the capacity of an organization and its systems to allow or deny a user or an object access its
systems and resources

2. UAC comprises of three main components: _______________

A. Authenticity & Authoritarianism, Authorization and Accountability
B. Identification & Authentication, Authorization and Accountability
C. Identification & Authentication, Authorization and Accountancy
D. Identification & Authentication, Impassibility and Accountability

3. Consider the following password policy: Password must be at least 8 characters long, contain
a capital letter, a special character, a numeric character and no similar username phrases. Which
of the following is considered a strong acceptable password for the username: Herod45 under
this policy

E. A. herod76 B. claire*5647 C. Yasmany@12 D. 3456yelloW68

Directions: Answer all the questions listed below.

1. __________________ is the process of verifying the identity of people who are attempting to
access the network or system.
2. ____________________ are rules that administrators configure on a computer or multiple
devices for protecting resources on a device or network.
3. _________________________ prompts are color-coded to be app-specific, enabling for
immediate identification of an application's potential security risk.

Page 13 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

2.1. Destructive Software

2.1.1. What is destructive software’s

Destructive software is referred to as malware (malicious software) and the term includes
viruses, worms, logic bombs ,rootkits, Trojan horses, adware, key stroke loggers and
spyware. Malware is software designed to in filtrate a computer system without the owner's
informed consent; hostile, intrusive, or annoying software.

Data-stealing malware isa threat that divests victims of personal or proprietary information
with the intent of monetizing stolen data through direct use or distribution.
2.1.2. The Common Types of Destructive Software

The common types of destructive software are:

 Virus
A computer virus is a piece of malicious code that has been designed to replicate itself when
introduced into any computing environment (its host). This host could be another computer
program, the computer's operating system partition, a document, or a removable drive.
Worm
Write Once, Read Many (Write One, Read Multiple or WORM); a software program capable of
reproducing itself that can spread from one computer to the next over a network; WORMs take
advantage of automatic file sending and receiving features found on many computers; self-
replicating Malware computer program
 Logic Bomb
Set of instructions inserted into a program that are designed to execute (or `explode') if a
particular condition is satisfied; when exploded it may delete or corrupt data, or print a spurious
message, or have other harmful effects; it could be triggered by a change in a file, by a particular
input sequence to the program, or at a particular time or date.
 Rootkit
A type of malware that is designed to gain administrative-level control over a computer system
without being detected
 Trojan Horse

Page 14 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

A Trojan, as the name implies, secretly carries often-damaging software in the guise of an
innocuous program, often in an email attachment.
 Adware
Adware is software that loads itself onto a computer and tracks the user's browsing habits or
pops up advertisements while the computer is in use. Adware and spyware disrupt your privacy
and can slow down your computer as well as contaminate your operating system or data files
 Key Logger
The practice of tracking (or logging) the keys struck on a keyboard, typically in a covert manner
so that the person using the keyboard is unaware that their actions are being monitored
 Spyware
Software that obtains information from a user's computer without the user's knowledge or
consent
 Screen Scrapers
To extract data from (a source such as a webpage) by picking it out from among the human-
readable content
 Backdoor
An undocumented way to get access to a computer system or the data it contains
 Bots
Also known as Crawlers or Spiders, bots are search engine programs that perform automated
tasks on the internet – they follow links, and read through the pages in order to index the site in a
search engine.
2.1.3. Virus Origin, History and Evolution

History of Viruses

One of the most recognized terms in the world of cyber security is computer virus. Like any
dangerous biological virus brings alarm to a scientist, the term computer virus brings fear to the
administrators or users of any computer system. Viruses are never a pleasure. So where did
viruses come from? Where and when did they start? How did they grow to become as menacing
as they are today?

Page 15 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

1940-1966: The Birth of Replicating Automata

1971: The Creeper Program

1974: The Rabbit Virus
1975: The First Trojan
1986: The Brain Boot Virus
2.1.4. Types of Viruses
Viruses are split into different categories, depending on what they do. Here are a few categories
of viruses:
 Boot Sector Virus
The Boot Sector of a PC is a part of your computer that gets accessed first when you turn it on. It
tells Windows what to do and what to load. It's like a "Things To Do" list. The Boot Sector is
also known as the Master Boot Record. A boot sector virus is designed to attack this, causing
your PC to refuse to start at all!
 File Virus
A file virus, as its name suggests, attacks files on your computer. Also attacks entire programs,
though.

 Macro Virus
These types of virus are written specifically to infect Microsoft Office documents (Word, Excel
PowerPoint, etc.) A Word document can contain a Macro Virus. You usually need to open a
document in a Microsoft Office application before the virus can do any harm.
 Electronic Mail (Email) Virus
Email can be used to transmit any of the above types of virus by copying and emailing itself to
every address in the victim’s email address book, usually within an email attachment. Each time
a recipient opens the infected attachment, the virus harvests that victim’s email address book and
repeats its propagation process.
2.2. Virus Infection, Removal and Prevention
2.2.1. Virus Infection
The most common way that a virus gets on your computer is by an email attachment.
Nowadays, they utilized the use of removable storage devices to spread viruses. The most
common is the use of flash drive. Since removable drives like flash drive, CD/DVDs have the

Page 16 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

auto run functionality, a simple command that enables the executable file to run automatically,
they exploited and altered it so it will automatically run the virus (normally with .exe, .bat, .vbs
format) when you insert your flash drive or CD/DVDs.
2.2.2. Virus Infection Symptoms
Common symptoms of a virus-infected computer include

 A computer program disappears from its memory, especially if there is no known

removal of the program.
 Unfamiliar music or sounds unexpectedly starts playing through the speakers.
 Icons appear on the desktop unrelated to any programs that are currently being
installed, or new icons seem to appear when no software has been installed.
 An antivirus program will not run, or a new one will not install properly or at all.
 Previously installed antivirus programs will suddenly disable and can not be restarted.
 Files that have been recently opened suddenly have more than one extension, such
as .exe, .vbs, .gif, or .jpg.
 Dialog boxes and menus seem to be distorted or different.
 Unusual error messages will pop up.
 Items are not printing correctly.
 Disk drives or disks become inaccessible.
 An application or applications are not working correctly.
 The computer isn’t running as well as usual, or the computer reboots on its own.
 The computer restarts continuously.
 The computer locks up frequently or stops responding.
 The computer seems to be losing processing speed.
Take caution with symptoms

All of these symptoms may be caused by viruses, worms, or Trojan horses; however, it’s not the
only thing that may be causing some of the individual symptoms. Some of the symptoms may be
because of faulty hardware or software. Or, they may be caused by overburdening the processes
(running too many programs at once) or the disk space (too many files on the computer). Or, an
older computer just may be wearing down with age, and/or not keeping up with newer software
and operating system.

Page 17 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

2.2.3. Preventing viruses

There are several steps a person can take to make sure these symptoms do not appear on their
computer. These include:

 Modify behavior
 Use reputable antivirus software
 Keep computers update

2.3. Selecting and installing virus protection and scheduling

2.3.1. Installing virus protection
Installing virus protection or antivirus software is used to prevent, detect, and remove malware,
including but not limited to computer viruses, computer worm, trojan horses, spyware
and adware.

Based on research, these are the best antivirus:

1. Norton 360 – Best antivirus for individual PC and Mac users. Delivers well-regarded
internet security that can include ID theft protection with LifeLock.
2. TotalAV – Best antivirus for web browsing protection. Actively scans for suspicious
websites and monitors for criminal use of your private information.
3. Intego Antivirus – Best web protection for Mac users. The company is a rarity, focusing
its services and builds primarily on OSX and iOS devices.
4. McAfee Total Protection – Offers well-respected protection for individuals or families.
5. VIPRE Antivirus – Consistently scores above more well-known brands in independent
testing lab analyses.
6. Bitdefender Internet Security – Maintains consistently reliable performance and
includes a webcam protection tool.
7. Kaspersky Lab Internet Security – Best selection of features. Includes a secure,
encrypted browser for online shopping.
8. Panda Antivirus – Among the only providers with an “unlimited devices” option for
extensive device protection.

Page 18 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

9. ESET Internet Security – Provides a highly-awarded internet security tool for every
major operating system.
10. Avira Antivirus – Blocks phishing attacks on social media and email.
11. Avast – Analyzes app behavior for potential malicious activity
12. AVG Internet Security – Actively used by over 200 million people worldwide.
13. Trend Micro – Well-respected brand with a significant focus on business endpoint
protection.
14. Sophos – Multi-device coverage with free option
15. Webroot – Incredibly feature-rich for the offered price.
16. Comodo Internet Security – No frills antivirus scanning and real-time protection
2.3.2. Schedule a scan in Microsoft Defender Antivirus

Microsoft Defender Antivirus regularly scans your device to help keep it safe. We try to do this
while you’re not using your device so it doesn’t interfere with your work. You can also schedule
Microsoft Defender Antivirus to scan at a time and frequency that you choose.

1. In the search box on your taskbar, enter Task Scheduler and open the app.

2. In the left pane, expand Task Scheduler Library>Microsoft>Windows, and then scroll
down and select the Windows Defender folder.

3. In the top center pane, double-click Windows Defender Scheduled Scan.

Page 19 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

4. In the Windows Defender Scheduled Scan Properties (Local Computer) window,

select the Triggers tab, go to the bottom of the window, and then select New.

5. Specify how often you want scans to run and when you’d like them to start.

Self-check-2
Test 1
Directions: Answer all the questions listed below.
_______1. What is a computer virus?

A. A virus is John Walker code that has been designed to replicate files in the
computing environment.
B. It is an infective digital agent that typically consists of nucleic acid bytes in the
transport layer of the computing network and is able to multiply itself within the host
causing disruptions.
C. A virus is Basit and Amjad Farooq code that has been designed to replicate the
brain boot files in the computer.
D. It is malicious code that had been designed to replicate itself in its host causing
system disruptions, instability, unauthorized modifications, or disability of core
functions and processes.
_______2. The beginning of computer viruses stemmed from _____.

A. The Replicating Automata concept

B. The Bob Thomas theroem

C. The Basit and Amjad Farooq paper

Page 20 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
 DENSA TVET COLLEGE

D. The Onel de Guzman concept

______3. The first computer virus developed was the _____.

A. Creeper Program

B. Replicating Automata

C. Love Letter Virus

D. Brain boot Virus

Test 2
Directions: Matching Column A with the Column B.
ColumnA ColumnB
______ 1. Logic Bomb A. A type of malware that is designed to gain administrative-

______ 2. Rootkit level control over a computer system without being

detected
______ 3. Adware
B. Software that obtains information from a user's computer
______ 4. KeyLogger without the user's knowledge or consent
______ 5. Spyware C. A virus that attacks files on your computer and also
attacks entire programs.
______ 6. Boot Sector Virus
D. A virus that is designed to attack a boot sector, causing
______ 7. File Virus
your PC to refuse to start at all
______ 8. Macro Virus E. Typeover’s that are written specifically to infect
Microsoft Office documents

Page 21 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

F. Software that loads itself onto a computer and tracks the

user's browsing habits
G. Practice of tracking the keys struck on a keyboard,
typically in a covert manner
H. Setofinstructionsinsertedintoaprogramthataredesignedtoex
ecuteorexplode if a particular condition is satisfied

Lap Test -2
Instructions: Given necessary templates, tools and materials you are required to perform the
following tasks
1. Install & Use SMADAV Antivirus
A. Install SMADAV antivirus
A. Auto Scan Schedule – Weekly every Monday and Friday at 4:00 AM
B. Scan your storage drive
3.1. Definition of Spam
Spam is any kind of unwanted, unsolicited digital communication that gets sent out in bulk.
Often spam is sent via email, but it can also be distributed via text messages, phone calls, or
social media.
What does spam stand for?

Spam is not an acronym for a computer threat, although some have been proposed (stupid
pointless annoying malware, for instance). The inspiration for using the term “spam” to describe

Page 22 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

mass unwanted messages is a Monty Python skit in which the actors declare that everyone must
eat the food Spam, whether they want it or not. Similarly, everyone with an email address must
unfortunately be bothered by spam messages, whether we like it or not.
3.2. Types of spam
Spammers use many forms of communication to bulk-send their unwanted messages.
Phishing emails

Phishing emails are a type of spam cybercriminals send to many people, hoping to “hook” a few
people. Phishing emails trick victims into giving up sensitive information like website logins or
credit card information.
A. Email spoofing

Spoofed emails mimic, or spoof, an email from a legitimate sender, and ask you to take some
sort of action.
Tech support scams

B. Current event scams

C. Advance-fee scams
D. Malspam
E. Spam calls and spam texts

3.3. How can I stop spam?

While it may not be possible to avoid spam altogether, there are steps you can take to help
protect yourself against falling for a scam or getting phished from a spam message:
 Learn to spot phishing

All of us can fall victim to phishing attacks. To protect yourself, learn to check for some key
signs that a spam message isn’t just annoying—it’s a phishing attempt:

1. Sender’s email address:

2. Missing personal information
3. Links:
4. Grammatical errors:
5. Too-good-to-be-true offers:

Page 23 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

6. Attachments:

 Report spam
 Use two factor-authentication (2FA)
 Install cyber security

3.4. Configuring and using Spam filters

3.4.1. What is a spam filter?

A spam filter is a program used to detect unsolicited, unwanted and virus-infected emails and
prevent those messages from getting to a user's inbox. Like other types of filtering programs, a
spam filter looks for specific criteria on which to base its judgments.

Internet service providers (ISPs), free online email services and businesses use email spam
filtering tools to minimize the risk of distributing spam

3.4.2. What are the different types of spam filters?

There are many different types of spam filters. The most frequently used filters include the
following:

 Blocklist filters.
 Content filters.

Page 24 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

 Header filters.
 Language filters.
 Rule-based filters.
 Reporting and documenting Spams

Self-check-3
Directions: Answer all the questions listed below.

1. List and explain different types of spam filters.

2. List and explain two types of Spam at least.

Page 25 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

3. How can I stop spam?

Operation sheet 3.2 Setting Windows local Security policy

 Operation title: Procedures of setting local security policy
 Purpose: To practice and demonstrate the knowledge and skill required to set window
security policy
 Instruction: follow the procedure and complete the task

Note: You will need to be an administrator to open the Local Group Policy Editor.

The Local Group Policy Editor is a Microsoft Management Console (MMC) snap-in that gives a
single user interface through which all the Computer Configuration and User Configuration
settings of Local Group Policy objects can be managed. The Local Security Policy settings are
among the security settings contained in the Local Group Policy Editor. An administrator can use
these to set policies that are applied to the computer. In this project, you will view and change
local security policy settings.

1. Click Start.
2. Type secpol.msc into the Search box and then click secpol.

Note: You may be prompted at this point for an administrator password or confirmation.

3. First create a policy regarding passwords. Expand Account Policies in the left pane and
then expand Password Policy.
4. Double-click Enforce password history in the right pane. This setting defines how many
previously used passwords Windows will record. This prevents users from “recycling”
old passwords.
5. Change passwords remembered to 4.
6. Click OK.
7. Double-click Maximum password age in the right pane. The default value is 42,
meaning that a user must change his password after 42 days.

Page 26 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

8. Change days to 30. After changing it to 30, take a screenshot and paste it below this step.
Make sure your VM number in the top left is visible in the screenshot or no credit will be
given for this step.
9. Click OK.
10. Double-click Minimum password length in the right pane. The default value is a length
of 8 characters.
11. Change characters to 10.
12. Click OK.
13. Double-click Password must meet complexity requirements in the right pane. This
setting forces a password to include at least two opposite case letters, a number, and a
special character (such as a punctuation mark).
14. Click Enabled.
15. Click OK.
16. Double-click Store passwords using reversible encryption in the right pane. Because
passwords should be stored in an encrypted format this setting should not be enabled.
17. If necessary, click Disabled. After clicking disabled, take a screenshot and paste it below
this step. Make sure your VM number in the top left is visible in the screenshot or no
credit will be given for this step.
18. Click OK.
19. In the left pane, click Account lockout policy.
20. Double-click Account lockout threshold in the right pane. This is the number of times
that a user can enter an incorrect password before Windows will lock the account from
being accessed. (This prevents an attacker from attempting to guess the password with
unlimited attempts.)
21. Change invalid login attempts to 5.
22. Click OK.
23. Note that the Local Security Policy suggests changes to the Account lockout duration
and the Reset account lockout counter after values to 30 minutes.
24. Click OK.
25. Expand Local Policies in the left pane and then click Audit Policy.
26. Double-click Audit account logon events.

Page 27 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

27. Check both Success and Failure. After checking the settings, take a screenshot and paste
it below this step. Make sure your VM number in the top left is visible in the screenshot
or no credit will be given for this step.
28. Click OK.
29. Right-click Security Settings in the left pane.
30. Click Reload to have these policies applied.
31. Close all windows.

Lap Test -3
Instructions: Given necessary templates, tools and materials you are required to perform the
Following tasks
1. .Turn on your Windows Defender Firewall
2. Turn on User Account Control

4.1. Receiving and Following Instructions

Receiving Instructions from someone else, especially if they are speaking to you:
 Stop whatever else you are doing
 Focus on the person speaking
 If you can, make notes about the details
 When the person has finished, tell them what you understood from their instructions to
make sure you have understood them correctly
The instructions were not heard correctly due to:
 Too much noise around – ask to move to a quieter place

Page 28 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

 The person not speaking loudly or clearly enough – ask them to speak up
Not enough detail was given:
 Ask for more information– don’t assume you know what they mean
The meaning was unclear:
 Check the outcome and the purpose of the task
4.2. Written
Information Sources
In the workplace, written information can take the form of:
 Letters
 Memos
 Informal Notes
 Faxes
 E-mails
 Text Messages
 Workplace Signs
 Instruction Manuals

The following points should help you to follow written instructions in a more effective way.
 Read through all the instructions or steps before beginning the task. This will give a
clear picture of what the whole tasks involves
 If diagrams are provided take the time to look at them carefully. As you work through
the task check the diagrams to make sure that your work matches the example given.
 If you are not sure of the meaning of any words or terms take the time to find out the
correct meaning. Ask your workplace supervisor if you guess correctly you may find
that you cannot complete the task or that the finished task is not done properly.
 Avoid the temptation to try to complete the task before reading all the instructions.
Although the job may take a little longer, it will save time in the long run as you may
avoid mistakes.

Page 29 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

Following Spoken Instructions

 Spoken instructions are generally received face to face or via the telephone. The
following points should help you follow spoken instructions in a more effective way.
 When following spoken instructions, it is absolutely essential that you listen. Avoid
jumping to conclusions or assuming that you know how to complete the task. Use all
your listening skills to ensure that you receive the message accurately.
 Ask questions if you are uncertain about particular steps. Sometimes people are afraid
to ask questions because they think they will look stupid. Remember questioning
shows that you are keen and interested and it is always better to ask questions rather
than make a mistake.
 Be sure that you understand all he words or terms being used.
 If you are receiving instructions over the telephone, always write down the
information accurately.
 Repeat the instructions back to the instructor to be sure that you have fully understood
all the details.
 It often helps if you can complete the task once with the instructor. This will give you
a chance to ask questions and check other things as you work through the job.

Self-Check 4
Directions: Answer all the questions listed below. Use the Answer sheet provided in the next page:

______ 1. In the workplace, written information can take the form of:
A. Letters
B. Memos
C. Informal Notes
D. All
______ 2. _______ Instructions are generally received face to face or via the telephone.
A. Spoken
B. Written

Page 30 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

C. A and B
D. None

Page 31 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023
DENSA TVET COLLEGE

Reference
https://www.techtarget.com/searchsecurity/definition/spam-filter
https://study.com/academy/practice/quiz-worksheet-history-of-computer-viruses.html
https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/
how-user-account-control-works
https://support.kaspersky.com/15407#block1
https://edu.gcfglobal.org/en/basic-computer-skills/how-to-update-your-software/1/
https://www.studocu.com/row/document/adama-science-and-technology-university/
management-information-system/protect-application-or-system-software/19989898
https://www.malwarebytes.com/cybersecurity/business/what-is-endpoint-protection
https://www.techtarget.com/search/query?q=reporting
%20spam&type=definition&pageNo=1&sortField=

Page 32 of 32 DENSSA TVET Protecting Application or System Version -1

COLLEGE Software JAN, 2023