Professional Documents
Culture Documents
LO 2 - INFORMATION SHEET - Monitor and Administer System and Network Security - ICT HNS3 05 0710
LO 2 - INFORMATION SHEET - Monitor and Administer System and Network Security - ICT HNS3 05 0710
LO 2 - INFORMATION SHEET - Monitor and Administer System and Network Security - ICT HNS3 05 0710
TVET INSTITUTE
Learning Guide 2
Course Title: Computer System and Network
Security
Module Title: Administering Network
Infrastructure
Course Content: Secure File and Resource Access
LO2- Secure File and Resource
Instruction
Access
There are multiple layers of security in a network, including physical, wireless, and data. Each layer is
subject to security attacks. The technician needs to understand how to implement security
procedures to protect equipment and data.
This learning guide is developed to provide you the necessary information regarding the following
content coverage and topics –
This guide will also assist you to attain the learning outcome stated in the cover page.
Learning Activities:
*Your teacher will evaluate your output either satisfactory or not satisfactory. If not satisfactory,
your teacher shall advice you on additional work. But if satisfactory you can proceed to the next
topic.
Securing File and Resource Access
Computer System and Network Security Page 2
Information Sheet – 1 Security and Access Features of Operating
System
Adding layers of security on a network will make the network more secure, but can be expensive.
You must compare the value of the data and equipment to be protected with the cost of protection
when implementing the customer's security policy.
One way to contribute security in the network is by securing your computer system.
Security is the important feature that should be looked for in an operating system. An operating
system in the computer takes care of all security issues of computer and data in it. Log in passwords,
firewall settings, and every such aspect related to security depends on the ability of the operating
system. Some of the computers in network may involve in file sharing, and other data sharing. So it
is important in such cases to have powerful secured operating systems.
A firewall is a device or set of devices designed to permit or deny network transmissions based upon
a set of rules and is frequently used to protect networks from unauthorized access while permitting
legitimate communications to pass.
Many personal computer operating systems include software-based firewalls to protect against
threats from the public Internet. Many routers that pass data between networks contain firewall
components and, conversely, many firewalls can perform basic routing functions.
A firewall selectively denies traffic to a computer or network segment. Firewalls generally work by
opening and closing the ports used by various applications. By opening only the required ports on a
firewall, you are implementing a restrictive security policy. Any packet not explicitly permitted is
denied. In contrast, a permissive security policy permits access through all ports, except those
explicitly denied. In the past, software and hardware were shipped with permissive settings. As users
neglected to configure their equipment, the default permissive settings left many devices exposed to
Software Firewalls
All firewall software is not created equal, and consumers must research firewall software based on
their individual Internet activity. Firewall software is the first and most important line of defense
against cyber-terrorism, teenage hackers, professional hackers, organized crime, email spammers,
spyware, viruses, unauthorized cookies, DoS attacks and other types of malicious software and
cyber-attacks. Knowing the types of firewall software available and the type of protection they
provide will allow the consumer to choose wisely.
Firewall Functions
Firewall software functions as the front-line of defense against unwanted probes into the
information stored on each individual computer. This includes the type of software on the system
and the custom data created by the computer owner. All firewall software provides some level of
protection against unauthorized intruders, protecting the computer from communication to and
from unauthorized connections, making the computer virtually invisible to cyber-criminals and other
intruders randomly searching the Internet for vulnerable computers or other smart appliances.
Levels of Protection
Firewall software is created with different levels of security algorithms. Microsoft Windows, for
example, comes with the most basic firewall built into the operating program. The purpose of the
Windows Firewall is to provide entry-level firewall protection until the Windows user activates the
security solutions offered by Microsoft's strategic partners, usually Norton or McAfee security
solutions.
The most advanced firewall software will protect and monitor all 65,535 communication ports,
which allow access to the Internet. Advanced firewall software will ask permission from the
computer user before any communication is approved, inside or outside the computer.
Firewall Features
The two specific features consumers should look for in their firewall software are:
1. Built-in Intrusion Detection (IDS), which alerts users when someone is attempting to access
their computer. IDS protection is similar to a home protection system; it acts as an intruder
alarm system for the computer.
Software firewalls can be either an independent application or part of the operating system. There
are several third-party software firewalls. There is also a software firewall built into Windows XP, as
shown in Figure 2.
Configuring the Windows XP or Windows Vista firewall can be completed in two ways:
Automatically – The user is prompted to Keep Blocking, Unblock, or Ask Me Later for any
unsolicited requests. These requests may be from legitimate applications that have not been
configured previously or may be from a virus or worm that has infected the system.
Manage Security Settings – The user manually adds the program or ports that are required
for the applications in use on the network. Figure 2 shows Windows Vista firewall exception.
The Windows firewall blocks all incoming network connections, except for specific programs and
services. For example, the Windows Update service and Internet Explorer are allowed through the
firewall by default. An exception, as shown in Figure 3, is a rule that opens a blocked port in the
firewall for a specific need. For instance, to allow an FTP connection you must create an exception
that will open up port 21. Each different type of connection requires a unique port number to pass
data through the firewall.
a. Monitoring
b. Deleting
c. Copying
d. Moving
a. Router
b. Hub
c. Bridge
d. Switch
3. Which of the following will NOT help secure your desktop PCs?
4. True or false: If you have a firewall on your network you don't need to turn on Windows Firewall.
a. True
b. False
5. True or false: If you set your antivirus software to auto-update then you don't need Windows
Automatic Updates.
a. True
b. False
a. True
b. False
In this activity you will explore the Windows XP Firewall and configure some advanced settings.
Recommended Equipment
Step 1 :
From computer 1, right-click the desktop, select New > Folder. Name the folder FTTI. Share
the folder, use the default name FTTI.
From computer 2 open My Network Place > select View workgroup computers and connect
to computer 1.
Note: Use computer 1 for the rest of the lab unless otherwise stated.
Step 2 :
Navigate to the Windows XP Firewall:
The Firewall indicator shows the status of the firewall. The normal setting is “ON”.
Step 3 :
The Windows Firewall window opens.
In the space below, state why turning off the Windows Firewall is not advised.
From the Windows Firewall window select the Exceptions tab. Programs and services that
Windows Firewall is not blocking will be listed with a checkmark.
You can add applications to this list. This may be necessary if your customer has an
application that requires outside communications but for some reason the Windows Firewall
cannot perform the configuration automatically. You must be logged on to this computer as
an administrator to complete this procedure.
From computer 1:
To turn off an exception, remove the check mark from File and Printer Sharing > OK.
From computer 2:
Open My Network Place > View workgroup computers and connect to computer 1.
From computer 1:
To turn on an exception, add a check mark to File and Printer Sharing > OK.
From computer 2:
Log off computer 2. Use computer 1 for the rest of the lab.
Step 6 :
From the Windows Firewall control menu select the Advanced tab to view the Network
Connection Settings. Network Connection Settings displays the different connections
configured for your computer.
Step 7 :
There are many applications that users do not normally see that also need to get through
the Windows Firewall to access your computer. These are the network level commands that
direct traffic on the network and the Internet.
Under the ICMP heading, click the Settings button. You will see the menu where ICMP
exceptions are configured.
In the space below, list the requests for information that your computer will respond to.
A network has many different types of security settings. Technicians must configure security settings
for folders and files, wireless devices and clients, and hardware and software firewalls.
Permission levels are configured to limit individual or group user access to specific data. Both FAT
and NTFS allow folder sharing and folder-level permissions for users with network access. Folder
permissions are shown in Figure 1. The additional security of file-level permissions is provided with
NTFS. File-level permissions are shown in Figure 2.
When configuring network share permissions for a computer that has NTFS, you must create a
network share and assign shared permissions to users or groups. Only users and groups with both
NTFS permissions and shared permissions can access a network share.
File and network share permissions can be granted to individuals or through membership within a
group. If an individual or a group is denied permissions to a network share, this denial overrides any
other permission given. For example, if you deny someone permission to a network share, the user
cannot access that share, even if the user is the administrator or part of the administrators group.
Securing a network includes the proper selection and configuration of several different technologies.
Some of these technologies, which are shown in Figure 3, are used to configure wireless security.
The type of security needed by the network will indicate which security technologies must be
enabled and configured in each network device.
The gain and signal pattern of the antenna connected to a wireless access point can influence where
the signal can be received. Avoid transmitting signals outside of the network area by installing an
antenna with a pattern that serves your network users.
Many wireless devices built by a specific manufacturer have the same default username and
password for accessing the wireless configuration. If left unchanged, unauthorized users can easily
log on to the access point and modify the settings. When you first connect to the network device,
change the default username and password. Some devices allow you to change both the username
and the password, while others only allow you to change the password.
Most wireless access points support several different security modes. The most common ones are:
Wired Equivalent Privacy (WEP) – This encrypts the broadcast data between the wireless
access point and the client using a 64-bit or 128-bit encryption key. Figure 4 shows the WEP
configuration.
Wi-Fi Protected Access (WPA) – This is an improved version of WEP. It was created as a
temporary solution until 802.11i became ratified. Now that 802.11i has been ratified, WPA2
has been released. It covers the entire 802.11i standard. WPA uses much stronger
encryption than WEP encryption.
Wi-Fi Protected Access 2 (WPA2) – This is an improved version of WPA. WPA2 supports
robust encryption, which provides government-grade security. WPA2 can be enabled with
password authentication (Personal) or server authentication (Enterprise).
FIGURE 4. WEP
Securing File and Resource Access
Computer System and Network Security Page 17
SSID
A wireless access point broadcasts the SSID by default so that wireless devices can detect the
wireless network. You can disable SSID broadcasting on a wireless network to prevent the wireless
access point or router from revealing the name of the wireless network.
Disabling SSID broadcasting can make it more difficult for legitimate clients to find the wireless
network. Manually enter the SSID on wireless devices to connect to the wireless network when the
SSID broadcast has been disabled on the wireless router or access point. Simply turning off the SSID
broadcast is not sufficient to prevent unauthorized clients from connecting to the wireless network.
Instead of turning off the SSID broadcast, use stronger encryption such as WPA or WPA2.
MAC address filtering is a technique used to deploy device-level security on a wireless LAN. Because
every wireless client has a unique MAC address, wireless access points can prevent wireless clients
from connecting to the wireless network if they do not have authorized MAC addresses. MAC
address filtering, as shown in Figure 5, is vulnerable to attack when used alone and should be
combined with other security techniques.
The MAC address of a wireless NIC can be found by typing ipconfig /all at the command prompt. For
devices other than computers, the MAC address can usually be found on the label of the device or
within the manufacturer’s instructions. On wireless networks with a large number of clients, MAC
address filtering can become tedious because you must enter each MAC address in the filter.
MAC address filtering is not a strong layer of security. Instead of using MAC address filtering, use
stronger encryption techniques such as WPA or WPA2.
Firewalls
A firewall is a device or application installed on a network to protect it from unauthorized users and
malicious attacks. A software firewall is software installed on a computer to block specific incoming
or outgoing traffic. For example, a firewall that is configured to block outgoing traffic on port 21 will
The Linksys WRT300N wireless router is also a hardware firewall. A hardware firewall isolates your
network from other networks. A hardware firewall will pass two different types of traffic into your
network:
Packet filter – This configuration does not allow packets to pass through the firewall, unless
they match the established rule set configured in the firewall. Traffic can be filtered based
on many attributes, such as source IP address, source port or destination IP address or port,
and destination services such as WWW or FTP.
Application layer – This configuration intercepts all packets traveling to or from an
application. It prevents all unwanted outside traffic from reaching protected devices.
Proxy – This configuration intercepts all traffic between computers and different networks
and uses established rules to determine if data requests should be allowed.
Hardware firewalls are mainly used to block ports to prevent unauthorized access in and out of a
LAN. However, there are situations when specific ports must be opened so that certain programs
and applications can function properly. Port forwarding is a rule-based method of directing traffic
between devices on separate networks. When traffic reaches the router, the router determines if
the traffic should be forwarded to a certain device based upon the port number found with the
traffic. For example, port numbers are associated with specific services such as FTP, HTTP, HTTPS,
and POP3. The rules determine which traffic will be sent onto the LAN. For example, a router might
be configured to forward port 80, which is associated with the HTTP protocol. If the router then
receives a packet with the destination port of 80, the router will forward this traffic to a web server
inside the network.
Port triggering allows the router to temporarily forward data through inbound ports to a specific
device. You can use port triggering to forward data to a computer only when a designated port range
is used to make an outbound request.
For example, a video game might use ports 27000 to 27100 for connecting with other players. These
are the trigger ports. A chat client might use port 56 for connecting the same players so that they
can interact with each other. An example of a port triggering rule is when any gaming traffic uses an
outbound port that is within the triggered port range, inbound chat traffic on port 56 will be
forwarded to the computer that is being used to play the video game and chat with friends. When
the game is over and the triggered ports are no longer in use, port 56 will no longer be allowed to
send traffic of any type to this computer.
3. Allows the router to temporarily forward data through inbound ports to a specific device
5. This configuration intercepts all traffic between computers and different networks and uses
established rules to determine if data requests should be allowed
a. Packet Filtering
b. Application Layer
c. Proxy
d. SSID
In this activity, you will configure and test the wireless settings on the Linksys WRT300N.
Recommended Equipment
Step 1 :
Step 2 :
Connect computer 1 to an Ethernet ports on the wireless router with an Ethernet patch
cable.
Plug in the power of the wireless router. Boot the computer and log in as an administrator.
Step 3 :
Type ipconfig.
Step 4 :
Open a Browser (Internet Explorer or Mozilla) and connect to the wireless router.
Step 5 :
Click Wireless Security tab, then for Security Mode select WPA2 Personal.
Encryption – AES
Pre-shared Key – Ftti123456789
Key Renewal – 3600
Step 6 :
Connect to the wireless network. If asked for a security key or passphrase enter:
Ftti123456789
Step 7 :
Select Enabled > Prevent > click Wireless Client List button.
Select Save to MAC Address Filter List check box for computer 2.
Click Add.
Step 9 :
From computer 2:
In the command prompt window type ping IP address. Where IP address is the IP address of
computer 1.
Highlight the Router Password, type ICTFTTI. Type the same password in Re-enter to
confirm.
Step 11 :
Step 12 :
Step 13 :
Then type the Triggered Range 6660 to 7000, Forwarded Range 113 to 113 and then
click Enabled checkbox.
Viruses, worms, and Trojan horses can cause serious problems on networks and end systems.
A virus is a malicious code that is attached to legitimate programs or executable files. Most viruses
require end-user activation and can lay dormant for an extended period and then activate at a
specific time or date. A simple virus may install itself at the first line of code on an executable file.
When activated, the virus might check the disk for other executable, so that it can infect all the files
it has not yet infected. Viruses can be harmless, such as those that display a picture on the screen, or
they can be destructive, such as those that modify or delete files on the hard drive. Viruses can also
be programmed to mutate to avoid detection.
In the past, viruses were usually spread via floppy disks and computer modems. Today, most viruses
are spread by USB memory sticks, CDs, DVDs, network shares, or email. Email viruses are now the
most common type of virus.
Worms are a particularly dangerous type of hostile code. They replicate themselves by
independently exploiting vulnerabilities in networks. Worms usually slow down networks.
Whereas a virus requires a host program to run, worms can run by themselves. They do not require
user participation and can spread extremely fast over the network.
Worms are responsible for some of the most devastating attacks on the Internet. For example, the
SQL Slammer Worm of January 2003 slowed down global Internet traffic as a result of Denial of
Service. Over 250,000 hosts were affected within 30 minutes of its release. The worm exploited a
buffer overflow bug in Microsoft's SQL Server. A patch for this vulnerability was released in mid-
2002, so the servers that were affected were those that did not have the update patch applied. This
is a great example of why it is so important for the security policy of an organization to require
timely updates and patches for operating systems and applications.
The term Trojan Horse originated from Greek mythology. Greek warriors offered the people of Troy
(Trojans) a giant hollow horse as a gift. The Trojans brought the giant horse into their walled city,
unaware that it contained many Greek warriors. At night, after most Trojans were asleep, the
warriors burst out of the horse and overtook the city.
A Trojan Horse in the world of computing is malware that carries out malicious operations under the
guise of a desired function. A virus or worm could carry a Trojan Horse. A Trojan Horse contains
hidden, malicious code that exploits the privileges of the user that runs it. Games can often have a
Trojan Horse attached to them. When running the game, the game works, but in the background,
the Trojan Horse has been installed on the user's system and continues running after the game has
been closed.
The Trojan Horse concept is flexible. It can cause immediate damage, provide remote access to the
system (a back door), or perform actions as instructed remotely, such as "send me the password file
once per week."
Custom-written Trojan Horses, such as Trojan Horses with a specific target, are difficult to detect.
Trojan Horses are usually classified according to the damage that they cause or the manner in which
they breach a system:
Note that mitigation techniques are often referred to in the security community as
countermeasures.
The primary means of mitigating virus and Trojan horse attacks is anti-virus software. Anti-virus
software helps prevent hosts from getting infected and spreading malicious code. It requires much
more time to clean up infected computers than it does to maintain up-to-date anti-virus software
and anti-virus definitions on the same machines.
Anti-virus software is the most widely deployed security product on the market today. Several
companies that create anti-virus software, such as Symantec, Computer Associates, McAfee, and
Trend Micro, have been in the business of detecting and eliminating viruses for more than a decade.
Many corporations and educational institutions purchase volume licensing for their users. The users
are able to log in to a website with their account and download the anti-virus software on their
desktops, laptops, or servers.
Anti-virus products are host-based. These products are installed on computers and servers to detect
and eliminate viruses. However, they do not prevent viruses from entering the network, so a
network security professional needs to be aware of the major viruses and keep track of security
updates regarding emerging viruses.
a. Virus
b. Worms
c. Tojan Horse
a. Virus
b. Worms
c. Tojan Horse
a. Virus
b. Worms
c. Tojan Horse
a. Virus
b. Worms
c. Tojan Horse
5. A malware that carries out malicious operations under the guise of a desired function.
a. Virus
b. Worms
c. Tojan Horse
a. Virus
b. Worms
c. Tojan Horse
AVG offers a wide choice of scanning options; you can scan any part of the computer you like, and
extensive scanning settings allow you to tailor the scans to your needs.
To easily check any part of your computer for viruses and malware, the following scans have been
predefined by the manufacturer:
The Whole computer scan and Specific files or folders scan can be edited and launched from the
Main Screen -> Computer scanner. The screen also offers scheduling options, and additional
buttons: view Scan history, or the contents of the Virus Vault.
In this activity, you will implement and schedule an anti-virus scan specifically AVG version 9.0
Step 4: Under schedule running, choose Run at a specific time interval option and Selected days
_________ at ____________
Step 5: Under advanced schedule options, tick Run on computer startup if task has been missed
Instructions: You are required to answer the following individually with the presence of your
teacher.
A. In this activity, you will use the Internet, a newspaper, or a local store to gather information
about third-party anti-virus software.
Using the Internet, a newspaper, or a local store, research 2 different anti-virus software
applications. Based on your research, complete the table below.
B. Which anti-virus software would you purchase? List reasons for your selection
NOTE: THE FOLLOWING QUESTIONS SHOULD BE ANSWERED WITHOUT THE AID OF THE INTERTNET
D. List down the steps on how to disable echo request traffic on a computer using Windows XP
Operating System
Self-check 1
1. A
2. A
3. D
4. B
5. B
6. B
Self-check 2
1. B
2. A
3. D
4. C
5. C
Self-check 3
1. B
2. A
3. A
4. B
5. C
6. C