HARAR POLYTECHNIC COLLEGE

Hardware and Network Servicing

NTQF Level III

Unit of Competence: Monitor and Administer System and

Network Security
Module Title: Monitoring and Administer System
and Network Security
LG Code: ICT HNS3 M05 LO4-11
TTLM Code: ICT HNS3 TTLM 0719v1

LO4: Determine Network Security

INTRODUCTION Learning Guide # 8

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 1 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

Information Sheet 1 Planning and Implementing Security

Security refers to the measures taken to protect certain things or elements of information. There are three main
elements.

Confidentiality

This means keeping information secret and safe. It means controlling access to information so that only the
people with authorisation will access the information. No one else should have access to the information.
With Network Security this means keeping all information stored in a network environment confidential and
safe. This means keeping unauthorised people off the network and preventing them from browsing around and
accessing thing they have no authority to access.

Integrity

This refers to the correctness of information. It means making sure that the information is kept as it should be
and not altered or changed by unauthorised people. It also means protecting the information from changes or
corruption by other things like system or program failures or external events.
With Network Security this means keeping all information stored in a network environment as it should be.
Information includes user generated data, programs, computer services and processes (email, DNS, etc). This
means protecting information from unauthorised changes and deletion by people, network devices or external
influences.

Availability

This refers to the ability to access and use information. It means making sure that the information can be
accessed whenever it’s required. If information is not available it is useless.
With Network Security this means keeping all information stored in a network environment ready and
accessible to those who need it when they need it. Information includes user-generated data, programs,
computer services and processes (email, word processing application, etc).

Creating a security policy doesn't have to be a difficult task. Breaking down all necessary components can turn
an overwhelming task into one that is easily manageable and executable Planning. It is common for many
companies to notice a security problem and then immediately look for technology solutions to plug up the hole.
In the end, companies wonder why they have an abundance of solutions that do not efficiently secure company
assets. This is where planning becomes a necessity.

The Importance of Planning

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 2 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

Planning your security policy requires a close analysis of employee behavior in different job roles and is also
the time for company security goals to be articulated. Having problems and goals evaluated simultaneously
makes it easier to come up with all-inclusive solutions that will be effective and advantageous for all. A good
rule of thumb when planning a security policy is to base the policy around risks rather than technology. A
policy should not change as the technology changes. A security policy should contain some important function
 The security policy must be understandable
 The security policy must be realistic
 The security policy must be consistent
 The security policy must be enforceable
 The security policy must be documented, distributed and communicated properly.
 A successful security policy needs to be flexible
 A successful security policy must be reviewed.

The Planning Stage helps to address this, by focusing on employee behavior. This is crucial because, changes in
policy often start with changes in procedure. "Organizations need to understand that much of information
security and privacy work that needs to be done are people-based policies, procedures, training, and awareness
response activities.

Planning Your Security Policy

There are three factors to keep in mind when planning your policy. The first requires you to express the goals of
your policy. What are you trying to accomplish? What are you trying to protect? The second step requires you
to scan the work environment and identify vulnerabilities that exist within current processes. The final step asks
you to create a plan of action that will help alleviate the faults. All are equal contributors to planning success.

Step 1: Setting Goals for Your Security Policy

Your security policy goals should run parallel with the goals set for your company. For example, if your
company is customer oriented, then a goal of your security policy should be to protect your customer and their
data through use of encryption and network security.

Furthermore, all parties should play a role in goal setting. This is crucial because if a security breach was to
occur, each department plays a different role in the recovery process, as well as in re-evaluating procedures for
policy improvement. Global involvement allows each department time to invest in the policy, ensuring a higher
level of cooperation when the time comes to implement the policy.

Step 2: Identifying Security Vulnerabilities

A company must examine existing procedures and identify all processes that pose a security risk. For example,
policies regarding data management; how data is protected during storage, how long it is kept and proper
methods for data deletion are common pains in the corporate world. Some questions that may help identify such
vulnerability include:

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 3 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

 What types of sensitive information does your company handle?

 Which department handles each piece of sensitive information?
 Is sensitive information stored with non-sensitive information?

Such questions should spur some thought as to what changes need to be made in order to begin alleviating the
risks that accompany current processes within departments.
Step 3: Creating a Plan of Action
After identifying which processes require change, create a plan of action for mitigating these risks. Each plan
should consider how long it will take for the each change to occur, what type of training is necessary for each
individual/department to meet the newly adopted standards and also what responsibilities each
individual/department can be held accountable for (i.e. how often are gap analyses regarding security
conducted and who conducts them.

Other challenges include budget limitations and optimizing upon security measures while still adhering to
auditing standards. Such measures "should be traceable from one document to another so that audits can easily
verify that policies are being enforced.

After procedures have been established, decision makers should be able to identify "which personnel roles are
responsible for which activities, which activities need to be logged, how often inspections and reviews are
done internally. They should also have followed up with a procedure for making additional changes to the
policy in the future.

4.1 Security paradigm/standard

Today’s security risks are diverse and overflowing — botnets, database breaches, phishing
Attacks, targeted cyber and others Security paradigm

Security Solutions

• Access control lists

• Use proxy server

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 4 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

• Application layer gateways/state full firewalls

• Network interruption detection system

• Antivirus software (servers and desktops)

• Access control server/user authentication and authorization or Network user authentication

• IP source guard and Dynamic Host Configuration Protocol (DHCP)

• Switch port security

Many network design, implementation, and operational choices can have a large impact on the cost
effectiveness of increasing security. The predominant costs associated with these options are the changes in
network implementation and operations.

• Password policy

• Multilevel administration and authorization levels

• Private LANs for network and system admin

• Log-in services to track access and configuration changes

• Regular audits

• Regular analysis and implementation of new security technologies

• Regular reviews and updates of security policy

• Frequently reviewing system logs

• Cross training on systems and regular training updates for administrators

• Publishing all user security guidelines and penalties

• Cipher lock or keyed lock access to network and computing systems

• Badge access to network and computing systems

• Video surveillance of network and computing systems

• Video surveillance of external doors

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 5 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

• Security Guards

• Background checks on employees and administrators

• System level key locks

4.2 Security treats(denial of services, modification, and others)

Viruses and Worms:

 A Virus is a “program or piece of code that is loaded onto your computer without your knowledge and
runs against your wishes.

 Viruses can cause a huge amount of damage to computers.

 An example of a virus would be if you opened an email and a malicious piece of code was downloaded
onto your computer causing your computer to freeze.

 In relation to a network, if a virus is downloaded then all the computers in the network would be affected
because the virus would make copies of itself and spread itself across networks.

 A worm is similar to a virus but a worm can run itself whereas a virus needs a host program to run.

Solution: Install a security suite, such as Kasper sky Total Protection that protects the computer against
threats such as viruses and worms.

1. Trojan Horses:

 A Trojan horse is “a program in which malicious or harmful code is contained inside it appears that
harmless programming or data in such a way that it can get control and do its chosen form of damage,
such as corrupted the file allocation table on your hard disk.

 In a network if a Trojan horse is installed on a computer and tampers with the file allocation table it
could cause a massive amount of damage to all computers of that network.

 Solution: Security suites, such as Norton Internet Security, will prevent you from downloading Trojan
Horses.

2. SPAM:

 SPAM is “flooding the Internet with many copies of the same message, in an attempt to force the
message on people who would not otherwise choose to receive it.

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 6 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

 SPAM may not be the biggest risk to a network because even though it may get maddening and plentiful
it still doesn’t destroy any physical elements of the network.

 Solution: SPAM filters are an effective way to stop SPAM, these filters come with most of the e-mail
providers on line. Also you can buy a variety of SPAM filters that work effectively.

3. Phishing:

 Phishing is “an e-mail fraud method in which the performer sends out legitimate-looking emails in an
attempt to gather personal and financial information from recipients.

 phishing is one of the worst security threats over a network because a lot of people that use computers
linked up to a network are unpaid and would be very vulnerable to giving out information that could
cause situations such as theft of money or identity theft.

 Solution: Similar to SPAM use Phishing filters to filter out this unwanted mail and to prevent threat.

4. Packet Sniffers:

 A packet sniffer is a device or program that allows listen on traffic traveling between networked
computers. The packet sniffer will capture data that is addressed to other machines, saving it for later
analysis.

 In a network a packet sniffer can filter out personal information and this can lead to areas such as
identity theft so this is a major security threat to a network.

 Solution: “When strong encryption is used, all packets are unreadable to any but the destination address,
making packet sniffers useless. So one solution is to obtain strong encryption.

5. Maliciously Coded Websites:

 Some websites across the net contain code that is malicious.

 Malicious code is “Programming code that is capable of causing harm to availability, integrity of code or data, or
confidentiality in a computer system.

 Solution: Using a security suite, such as AVG, can detect infected sites and try to prevent the user from
entering the site.

6. Password Attacks:

 Password attacks are attacks by hackers that are able to determine passwords or find passwords to different
protected electronic areas.

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 7 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

 Many systems on a network are password protected and hence it would be easy for a hacker to hack into the
systems and steal data.

 This may be the easiest way to obtain private information because you are able to get software online that
obtains the password for you.

 Solution: At present there is no software that prevents password attacks.

7. Hardware Loss and Residual Data Fragments:

 Hardware loss and residual data fragments are a growing worry for companies, governments etc.

 An example this is if a number of laptops get stolen from a bank that have client details on them, this would
enable the thief’s to get personal information from clients and maybe steal the clients identities.

 This is a growing concern and as of present the only solution is to keep data and hardware under strict
surveillance.

8. Shared Computers:

 Shared computers are always a threat.

 Shared computers involve sharing a computer with one or more people.

 The following are a series of tips to follow when sharing computers: “Do not check the “Remember my ID
on this computer” box

 Never leave a computer unattended while signed-in … Always sign out completely …Clear the browsers
cache … Keep an eye out for “shoulder surfers” … Avoid confidential transactions … Be wary of spy
ware … Never save passwords … Change your password often.

9. Zombie Computers and Botnets:

 A zombie computer or “drone” is a computer that has been secretly compromised by hacking tools which
allow a third party to control the computer and its resources remotely.

 A hacker could hack into a computer and control the computer and obtain data.

 Solution: Antivirus software can help prevent zombie computers.

Solution: Network Intrusion Prevention (NIP) systems can help prevent botnets

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 8 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

Note: A cracker is someone who breaks into someone else's computer system, often on a network; bypasses
passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker
can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there.
Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system.

4.3 Security policy

A security policy is a document that states in writing how a company plans to protect the company's physical
and information technology (IT) assets. A security policy is often considered to be a "living document",
meaning that the document is never finished, but is continuously updated as technology and employee
requirements change. A company's security policy may include an acceptable use policy, a description of how
the company plans to educate its employees about protecting the company's assets, an explanation of how
security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of
the security policy to ensure that necessary corrections will be made.
4.4 Security configuration with group policy object

Domain Security Policies

One of the first security areas that you need to deal with when you deploy AD is account policy. Account policy
is the portion of a GPO's security settings that lets you set required password length, password complexity, and
intruder lockout for domain user accounts. To set account policy on a GPO, open the Microsoft Management
Console (MMC) Group Policy Object Editor, locate the GPO, and navigate to Computer
Configuration\Windows Settings\Security Settings\Account Policies under that GPO.

When you need an account policy to apply to AD domain logons (i.e., user accounts defined in AD), you need
to define that policy within a GPO that's linked to the domain because the domain controllers (DCs) in an AD
domain process only account policies that are contained in GPOs that are linked to the domain. DCs also ignore
three other security policies unless these policies are linked to the domain:

 Automatically log off users when logon time expires

 Rename administrator account
 Rename guest account

These three policies are located in Computer Configuration\Windows Settings Security Settings\Local
Policies\Security Options under the GPO.

You might wonder why Microsoft requires account policies and these three security policies to be in a domain-
linked GPO. When you promote a member server to a DC in an AD domain, AD stores the DC in the Domain

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 9 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

Controllers OU by default. However, if you move a DC to another OU, the DC can then receive different
security policies. Account policies and the three specified security policies need to be consistent across all DCs,
so Microsoft designed the GPO processing code to ignore these policies unless they're linked to the domain,
thus ensuring that all DCs, regardless of location, receive the same policies. (Microsoft permits other security
policies, such as audit policy and restricted groups, to be different on DCs in different OUs.

The most misleading thing about Group Policy is its name—Group Policy is simply not a way of applying
policies to groups! Instead, Group Policy is applied to individual user accounts and computer accounts by
linking Group Policy Objects (GPOs

4.5 Understanding Security Filtering

Security filtering is based on the fact that GPOs have access control lists (ACLs) associated with them. These
ACLs contain a series of ACEs for different security principals (user accounts, computer accounts, security
groups and built-in special identities), and you can view the default ACL on a typical GPO as follows:

1. Open the Group Policy Management Console (GPMC)

2. Expand the console tree until you see the Group Policy Objects node.
3. Select a particular GPO under the Group Policy Objects node.
4. Select the Delegation tab in the right-hand pane

More specifically, if you want a GPO to be processed by a security principal in a container linked to the GPO,
the security principal requires at a minimum the following permissions:

 Allow Read
 Allow Apply Group Policy

The actual details of the default ACEs for a newly created GPO are somewhat complex if you include advanced
permissions, but here are the essentials as far as security filtering is concerned:

Security Principal Read Apply Group Policy

Authenticated Users Allow Allow
CREATOR OWNER Allow (implicit)
Domain Admins Allow
Enterprise Admins Allow
ENTERPRISE DOMAIN Allow
CONTROLLERS
SYSTEM Allow

Note that Domain Admins, Enterprise Admins and the SYSTEM built-in identity have additional permissions
(Write, Create, Delete) that let these users create and manage the GPO. The fact that Authenticated Users have
both Read and Apply Group Policy permission means that the settings in the GPO are applied to them when the

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 10 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

GPO is processed, that is, if they reside in a container to which the GPO is linked. But who exactly are
Authenticated Users? The membership of this special identity is all security principals that have been
authenticated by Active Directory. In other words, Authenticated Users includes all domain user accounts and
computer accounts that have been authenticated by a domain controller on the network. So what this means is
that by default the settings in a GPO apply to all user and computer accounts residing in the container linked to
the GPO.

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 11 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

4.6. Using the Window firewall

Windows Firewall is a software component of Microsoft Windows that provides firewalling and packet filtering
functions. windows Firewall provides host-firewall protection on computers running Windows Server 2003
with Service Pack 1 (SP1) and Windows XP with Service Pack 2 (SP2). As a host firewall, Windows Firewall
runs on each of your servers and clients, providing protection from network attacks that pass through your
perimeter network or originate inside your organization, such as Trojan horse attacks, worms, or any other type
of malicious program spread through unwanted incoming traffic.

The following figure shows how Windows Firewall works in conjunction with perimeter network firewalls.

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 12 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

Windows Firewall inspects and filters all IP version 4 (IPv4) and IP version 6 (IPv6) network traffic. It is a
stateful firewall, which means it tracks the state of each network connection and determines whether incoming
traffic is allowed or blocked. Windows Firewall blocks incoming traffic unless it is in response to a request by
the host (in which case, it is asked for traffic) or has been specifically allowed (in which case, it has been added
to the Windows Firewall exceptions list). Aside from a few Internet Control Message Protocol (ICMP)
messages, Windows Firewall allows all outgoing traffic.

Windows Firewall is designed to be a supplemental security solution. You cannot use Windows Firewall as a
perimeter firewall. Windows Firewall should be part of a comprehensive security architecture that implements a
variety of security technologies, such as border routers, perimeter firewalls, interference detection systems,

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 13 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

virtual private networking (VPN), IEEE 802.1X authentication for wireless and wired connections, and Internet
Protocol security (IPsec).

4. 7 Install and update latest antivirus

Prevent virus infections: Anti-virus software is one of the main defenses against online problems. It
continually scans for viruses, including Trojans and worms. To be effective it must be kept up-to-date.

Why install anti-virus software?

Without anti-virus software you are very vulnerable to computer viruses, including:

 Infected email attachments.

 Drive-by infections caused by visiting corrupt websites.
 Viruses that attack over the internet (“worms”).
 Spyware that is introduced by virus infections.
 Viruses that are spread using macros in application documents.
 Depending on the software you use, it may detect some (but not all) spyware.

Being infected by a virus can have very serious consequences including:

 Identity theft.
 Fraud.
 Loss of data.
 A slow or unusable computer.

What anti-virus software does?

Anti-virus software covers the main lines of attack:

 It scans incoming emails for attached viruses.

 It monitors files as they are opened or created to make sure they are not infected.
 It performs periodic scans of every file on the computer.

What anti-virus software does NOT do?

Anti-virus software will not protect you against:

 Programs that you choose to install that may contain unwanted features.
 Spam.
 Against any kind of fraud or criminal activity online.
 A hacker trying break into your computer over the internet.

It is not effective if it is switched off for any reason.

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 14 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

It is less effective (and mostly useless) if it is not kept up-to-date with the latest virus signatures.

A virus signature is like a criminal’s mug hot. Each time a new virus is released, security firms analyze it and
create a new signature that lets anti-virus software block the new virus.

How to choose anti-virus software

For personal and home office use there are a number of basic choices that you can take to decide which anti-
virus software to buy.

Standalone anti-virus or security suite

Most anti-virus software companies sell a standalone program that only scans for viruses as well as security
suite packages that include other protective software such as a firewall, spam filtering, anti-spyware and so on.

 Advantages of a suite: a suite should cover all the bases, share a single user interface and be easier and
cheaper than buying each individual program separately.
 Drawbacks: while the anti-virus component should be good, sometimes the other elements in a suite
aren’t as good as the best of breed software from other suppliers. Also, some of the other components
may be available for free.

Free or commercial antivirus

There are a number of anti-virus products that are free for personal or non-commercial use.

In most cases, these ‘free’ products are scaled-back versions of commercial products to which the software
manufacturer hopes you will, one day, upgrade. Unless getting free software is critical, it is preferable to buy a
fully-supported commercial product.

Download free evaluation software

Several software developers offer free downloadable trial versions of their software that range from 3 to 12
months.

How to evaluate anti-virus software

The main criteria are:

 Price.
 Review on reputable technical websites such as Cnet.
 How easy it is to set up and use.
 Level and quality of technical support, including the support website.
 Frequency and responsiveness of signature updates. This is hard for most people to evaluate but well-
known and reputable software companies should be okay.

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 15 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

How to buy anti-virus software

Then it is a matter of buying it or downloading it. Suppliers include: high street retailers, online retailers or
direct purchase and download from the software developers over the internet.

Business anti-virus software

For networks of five or more computers and for business use, you should consider business versions of popular
anti-virus software that are designed to make installation, updating and management easier on multiple
computers.

Suppliers of anti-virus software

Many companies make commercial anti-virus software, including:

 Trend Micro.
 Sophos.
 Symantec.
 F-Secure.
 Kaspersky.
 McAfee

Virus protection advice

 Do not open any files attached to an email from an unknown, doubtful or untrustworthy source, no
matter how charming it may seem.
 Switch on macro protection in Microsoft Office applications like Word and Excel.
 You don’t have to use the anti-virus program that came with your new computer but if you decide to
stick with it, don’t forget to subscribe once the free trial period is over so that you stay up-to-date.
 Only use one anti-virus program at a time. Uninstall one anti-virus program before you install another.
 Providing you update virus signatures regularly, as a general rule, you don’t need to buy every single
new release of the anti-virus software to stay protected.
 Free online scans are useful diagnostic tools but they are not a substitute for a proper anti-virus program
that is installed on your PC. Prevention is better than cure.

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 16 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17
 HARAR POLYTECHNIC COLLEGE

Written Test
Self-Check 1

Name:____________________ Date:_________________
Instruction: Answer all the questions listed below, if you have some clarifications- feel free to ask your teacher.

Operation Sheet 1 Starting the computer

Learning Guide For Hardware and Version 1 Date: July: 2019 Page 17 of
Network Servicing Author: Harar Polytechnic College/ICT Department 17