Securing systems and data

Unit objectives:
Identify common security threats
Identify and use physical security
methods
Identify and use digital security
methods
Destroy data securely
Remove malware infections
Topic A
Topic A: Identifying common threats
Topic B: Physical security
Topic C: Digital security
Topic D: Data destruction and disposal
Topic E: Malware detection and
removal
Social engineering
Exploits trust between people
Often a verbal trick or believable lie
Goals
Fraud
Network intrusion
Espionage
Identity theft
Network disruption
Malware
Viruses, worms, and Trojans are most
common types of malware
Other types:
Spam
Adware
Grayware
Rootkits
Malware that gives the user root
(administrator-level) access to a
system
Phishing
E-mails or Web sites mimic legitimate
site
Used to gather usernames and
passwords
Shoulder surfing
Observe information by looking over
your shoulder
Doesnt have to be related to PC
Modern version debit card and PIN
number
Spyware
Software installed without your knowledge
Can change PC configuration
License agreement might state that
program will be installed
Often on peer-to-peer and file-sharing
networks
Integrates into IE
Pop-up blocker helps reduce spyware
Windows Defender
Spybot Search & Destroy
Viruses, worms, Trojan horses
Replicate themselves
Infect computers when triggered by an
event
Effect can be minimal or devastating
Worms
Replicate without user intervention
Attach to file or packet
Can use address book
Malicious attacks
Use up resources
Trojan horses
Deliver destructive code
Appear to be harmless
Can
Delete data
Mail copies of itself
Steal personal information
Open other computers for attack
Topic B
Topic A: Identifying common threats
Topic B: Physical security
Topic C: Digital security
Topic D: Data destruction and disposal
Topic E: Malware detection and
removal
Physical access security protects:
Data
Employees
Power sources
Utility lines
Equipment
Building
Lock doors
Lock server rooms with key or key
card locks.
Use separate rooms for low-security
computers and high-security systems.
Lock PC cases where available.
Install a physical locking mechanism.
Dumpster diving
Internal phone directories
Organizational charts
Policy manuals
Calendars
Outdated hardware
System manuals
Network diagrams
Technical information
Biometrics
Fingerprint scanner
Hand geometry scanner
Voice verification
Signature verification
DNA scan
Key fobs
RFID badge
Uses radio waves to transfer data
from the card
Used for ID and tracking
RSA token
Smart card
USB device
Proprietary dongle
Privacy filter
Thin piece of plastic, or glass, that fits
over screen display
Distorts screen except when viewed
from head-on
Retinal scanner
Biometric device that scans the
surface of the retina to obtain the
blood vessel patterns found there
Information then stored in database
Users retina is scanned and
compared to the database
If a match is found, then access is
granted
Topic C
Topic A: Identifying common threats
Topic B: Physical security
Topic C: Digital security
Topic D: Data destruction and disposal
Topic E: Malware detection and
removal
Antivirus software
Real-time scanner
Scans various sources
Inoculation calculates and records
checksums
Definition files
Update automatically or manually
Antivirus products
Norton AntiVirus
ESET Smart Security
ESafe
F-Port
Titanium AntiVirus +
avast!
Kaspersky AntiVirus
Microsoft Security Essentials
Firewalls
Control information thats sent and
received from outside the network
Software, hardware, or a combination
Ensure legitimate communications
Install on a gateway:
Router
Server
Computer
Help prevent attacks and infections
from malicious software
Firewall functions
Filter by
Data packets
Ports
Applications
Inappropriate information
Two levels
Network connection to Internet
Individual PC
Basic alarms or more control for
example, shut down traffic
Hardware firewall
Stands between LAN and the Internet
Used in home networks
Broadband router is a hardware
firewall
Software firewall
Recommended for always on
connections
Use in addition to hardware firewall
Included with Windows OSs from
Windows XP SP2 forward
Available from other third-party
vendors
Proxy server

Acts as an intermediary between networked

computers and the Internet
Filters traffic in both directions
Filters by port or protocol
Access control list (ACL)
Port and packet filters
Port scanning is a popular attack
method
Open port allows access to network
Port filtering can prevents internal or
external access on specified ports
Port forwarding
Communication for specific port
forwarded to specified computer
Allows remote connection to specified
computer in private LAN
For example, Web server
Internal computer must have static IP
address which firewall uses to forward
communication
Port triggering
Internal computers outgoing
communication request triggers an
open port
Open port allows inbound
communication back to client
More secure than port forwarding
Incoming ports not open all the time
Open only when client has application
actively using triggered port
Doesnt require static IP address
Security Center and the Action Center
Firewall
Automatic updates
Malware protection
Viruses
Spyware
Other security settings

continued
Security Center, continued
Security Center in Vista
1. Click Start
2. Choose Control Panel
3. Click Security
4. Click Security Center
Action Center in Windows 7
Control Panel, System and Security
Win7 Action Center indicating a problem
Windows Firewall status
1. Open the Control Panel
2. Click System and Security (Windows
7) or Security (Windows Vista)
3. Click Windows Firewall
Windows Firewall
Configuring Windows Firewall
1. Open the Control Panel
2. Click System and Security (Windows 7) or
Security (Windows Vista)
3. Click Windows Firewall
4. Click Change settings, or Turn Windows Firewall
on or off.
5. Enter administrator credentials and click OK; in
Windows Vista, click Continue
6. On Exceptions tab, specify firewall exceptions
(Vista) or click Allow a program or feature through
Windows Firewall (Windows 7)
7. On Advanced tab, control protected network
connections
8. Click OK
Windows Firewall Advanced settings
Windows Defender
Real-time protection
Alert levels
Severe
High
Medium
Low
Not yet classified
Can be used with other spyware
protection tools
Spybot Search & Destroy
Free product
Update spyware definitions each time
you use
Can be used with Windows Defender
Configuring Windows Defender
Regularly update signatures
Default configuration usually sufficient
Scan computer regularly
Once per week
Can view History list
Date & times of scans
Spyware detected
Actions taken
Quarantines programs
Disables or removes
Blocking, disabling, removing
Run a blocked program
Disable a blocked program
Remove a blocked program
User authentication
How your identity is validated against
a database that contains your
account.
Can be identity-based, or resource-
based.
Set user account standards
Naming conventions
Strong passwords
User education
Take proper care of trash and other
discarded items.
Make employees aware of social
engineering scams/malicious software
and how they work.
Least privilege
Give each user account only those
privileges which are essential to that
user's job duties.
Administrators should log on as
regular users when performing routine
tasks.
Topic D
Topic A: Identifying common threats
Topic B: Physical security
Topic C: Digital security
Topic D: Data destruction and disposal
Topic E: Malware detection and
removal
Standard/low-level formatting
Standard formatting: deletes the file
system, not the actual data
Low-level formatting: creates the
tracks and sectors on a hard drive,
and is only done at the factory
Hard drive sanitation
Deletes all data, including all
associated file system structures,
operating system formatting and
information
Overwriting
Replaces existing data with new data
consisting of all zeros, or a
combination of ones and zeros
Drive wiping
Considered a more secure data
destruction method than overwriting
Completely erases all data
Physical destruction
Shredder
Drill
Electromagnet
Degaussing tool
Topic E
Topic A: Identifying common threats
Topic B: Physical security
Topic C: Digital security
Topic D: Data destruction and disposal
Topic E: Malware detection and
removal
Common security problems
Unexpected browser behavior
Security alerts
E-mail problems
Connectivity issues
Performance or stability problems
Unfamiliar programs
System changes
Permission errors
Disabled security tools
Malware removal tools
Operating system disc
Windows Defender
Antimalware software
Event Viewer
System Restore
Bootable recovery tools
Recovery Console
Windows Recovery Environment
Third-party rescue CDs
Malware removal process
1. Identify the malware symptoms
2. Quarantine the infected system
3. Disable System Restore
4. Repair the infected system
5. Secure the system
6. Enable System Restore
7. Educate the end user
Quarantining infected systems
Disable file transfers and shared
resources
Isolate backups and external storage
devices
Isolate other potentially infected
systems
Remove system from local network if
possible
Disabling system restore
Repairing the infected system
Use updated tools
Use multiple tools
Multiple scanner types
Specific removal tools
Use secured environments
Safe mode
Bootable rescue discs
Verify malware removal
Securing the system
Verify that Windows and antivirus
applications automatically update
Update and secure vulnerable
applications
Web browsers
Plugins
Disable unnecessary services
Configure Windows Firewall
Configure system policies
Educating the end user
Specific instructions for avoiding
current problem
Best practices for recognizing and
avoiding other threats
Report new risks to management
Unit summary
Identified common security threats
Identified and use physical security
methods
Identified and use digital security
methods
Destroyed data securely
Removed malware infections