Chapter 4.

0
Computer Security

Edit by Norkiah
 4.1 Remember the principles of
computer security

– Define names, purpose and characteristic of hardware

and software security
– Identify names, purposes and characteristic of data and
physical security
– Recognize computer security treat cause by social
engineering
Understanding the principles of
computer security
– One goal is to protect resources, and the other goal is to not
interfere with the functions of the system.
– A computer or network can be so protected that no one can
use it, or so accessible that anyone can do whatever they
want with it. The trick is to provide enough security to
protect your resources while still allowing users to work
unhindered.
– Also, too much security can sometimes force workers to find
nonsecure alternatives.
Understanding the fundamental
principles of computer security
– For example, if you require users to change their passwords
weekly, some of them might start writing their passwords down
to help remember them.
– The best protection against attacks is layered protection. If one
security method fails, the next might stop an attacker. When
securing a workstation, use as many layers of protection as is
reasonable for the situation and are justified by the value of the
resources you are protecting.
 Computer Security

Computer security basically is the protection of

computer systems and information from harm,
theft, and unauthorized use.
It is the process of preventing and detecting
unauthorized use of your computer system.
Understanding The Fundamental
Principles Of Computer Security
Traditionally, computer facilities have been physically
protected for three reasons:
a. To prevent theft of or damage to the hardware
b. To prevent theft of or damage to the information
c. To prevent disruption of service
Define the names, purposes and
characteristics of hardware and
software security

4.1.1
 Hardware Deconstruction / Recycling

– If you are upgrading to a new computer (desktop computer,

laptop, office copier, etc.) always remove and destroy the hard
drive before selling, donating, or recycling any computer
equipment
– Failure to destroy the hard drive before giving the computer away
could result in sensitive information ending up in the hands of the
new owner, who will then be able to copy old files and go through
your personal information stored there.
 Hardware
Deconstruction / Recycling
 There are many options available if you are looking to dispose
of an old hard drive.
 Some professional destruction methods include:
a. Shredding it using a local shredding company
b. Taking it to a computer recycling company
c. Mailing it to a hard drive destruction specialist
d. Bringing it in to a local computer shop that will dispose of it
 Smart card

– The most popular type of token used to authenticate

a user is a smart card, which is any small device that
contains authentication information.
– The information on the smart card can be keyed into
a logon window by a user, read by a smart card
reader (when the device is inserted in the reader), or
transmitted wirelessly
 Biometrics

– Some systems use biometric data to validate the person’s

physical body, which, in effect, becomes the token.
– A biometric device is an input device that inputs
biological data about a person, which can identify a
person’s fingerprints, handprints, face, voice, retinal, iris,
and handwritten signatures.
 Firewalls
Firewalls, both hardware and software, protect computers
from hackers and other online threats by blocking
dangerous pieces of data from reaching the system.

While hardware firewalls offer network-wide protection

from external threats, software firewalls installed on
individual computers can more closely inspect data, and can
block specific programs from even sending data to the
Internet.

On networks with high security concerns, combining both

kinds of firewalls provides a more complete safety net.
 Firewalls

Most firewall share common characteristics

1. They work as choke point
2. They can be configured to allow or deny any protocol traffic
3. They provide a logging function for audit purposes
4. They provide NAT (network Address Translation) function.
( A NAT firewall works by only allowing internet traffic to pass through the
gateway if a device on the private network requested it.)
5. Their operation system are hardened
6. They often serve as a VPN (Virtual Protocol Network)
endpoint. (VPN is a type firewall device that is design specifically to protect
against unauthorized and malicious user intercepting or exploiting a VPN
connection)
 Hardware Firewalls

Hardware Firewalls
A hardware firewall sits between your local network of computers and
the Internet.

SonicWall SOHO The firewall will inspect all the data that comes in from the Internet,
passing along the safe data packets while blocking the potentially
dangerous packets.

In order to properly protect a network without hindering performance,

hardware firewalls require expert setup, and so may not be a feasible
solution for companies without a dedicated IT department.
Zyxel ZyWALL 110 For businesses with many computers, however, being able to control
network security from one single device simplifies the job.
 Software Firewalls

Software Firewalls

A Software Firewall is a piece of software that is installed on

your computer in order to protect it from unauthorized
Sophos XG Firewall access.
Home Edition
Software firewalls are installed on individual computers on
a network. Unlike hardware firewalls, software firewalls can
easily distinguish between programs on a computer.
ZoneAlarm Free Firewall
This lets them allow data to one program while blocking
another. Software firewalls can also filter outgoing data, as
well as remote responses to outgoing requests.
AVS Firewall
 Software Firewalls

– Windows Firewall is a personal firewall that protects a

computer from intrusion and is automatically configured
when you set your network location in the Network and Sharing
Center.
– However, you might want to customize these settings. For
example, you can customize Windows Firewall to allow access
through Remote Desktop connections.
 Software Firewalls

Turn Windows Firewall On or Off

Windows Firewall in
Windows 10

Setting to allow an app or feature

through Windows Firewall.
Identify names, purposes and
characteristics of data and
physical security

4.1.2
Data Access (Basic Local Security Policy)

Data access refers to a user's ability to access or

retrieve data stored within a database or other
repository.

A data access right (DAR) is a permission that has

been granted that allows a person or computer
program to locate and read digital information at
rest. Digital access rights play and important role in
information security and compliance.
Data Access (Basic Local Security Policy)

– Windows offers a group of Administrative tools in the

Control Panel that are used by technicians and developers
to support Windows 7.
– To see the list of tools, open Control Panel and then click
Administrative Tools. The Home editions of Windows 7 do
not include the Local Security Policy (controls many security
settings on the local computer) or Print Management
(manages print servers on a network).
– Several Administrative tools are covered next, including
System Configuration, Services console, Computer
Management, and Event Viewer.
Data Access (Basic Local Security Policy)
– Access to this information is
controlled by a multi-level security
system which is built into the
solution.
– This gives you control over the
functionality of the solution as well
as the data-access for each user.
– Access and security rights may be
assigned to users either individually
or by role.
The security system provides the following
four levels of control.
 Module Access
The first security level controls user access to individual software modules. It is
invoked at login and prompts for a unique user name and password.

 Menu, Button and Data Views Level Access

The second security level controls access to menu items, buttons, and data views
within each software module.

 View and Edit Rights

The third security level controls whether or not a user has the right to edit data or is
limited to viewing only within a software module.

 Transaction Level Access

The fourth security level controls which transactions a user has access to within a
software module. Depending on the module, data level security can be defined by
individual or groups of employees, organizational units, or account structure elements.
 Windows 10 Security
1. Threat Protection
– Windows Defender uses the cloud, vast optics, machine learning, and behavior analysis to rapidly respond to
emerging threats.
– Microsoft Edge has been designed specifically to systemically disrupt phishing, malware, and hacking attacks.
– Device Guard offers protection against malware though application control—letting you block all unwanted apps.

2. Information Protection
– BitLocker enables organizations to protect sensitive information from unauthorized access with military-grade
encryption when a device is lost or stolen.
– Windows Information Protection separates and contains business data to prevent it from accidentally leaking to
unauthorized users, documents, apps, or locations on the web.
– Azure Information Protection works with Windows Information Protection and provides more capabilities to
classify, assign advanced permissions and share sensitive data.

3. Identity and Access Management

– Windows Hello is a password alternative that uses multiple factors to provide enterprise-grade security using
biometrics, a PIN, or even a companion device.
– Credential Guard helps protect against NTLM-based pass-the-hash (PtH) attacks by isolating user credentials
inside a hardware-based container.
 Encryption Technologies

 Encryption refers to any process used to make sensitive data more secure
and less likely to be intercepted by those unauthorized to view it.
 There are several modern types of encryption used to protect sensitive
electronic data, such as emails, files, folders and entire drives
 Many web browsers today tend to self-encrypt text while connecting to a
secure server. This is especially true of the URL starts with ‘https’.
 This means you are on a secure encrypted website (Hypertext Transfer
Protocol, Secure), and is a must-have for sites that collect critical
information like financial information.
 1. Rivest-Shamir-Adleman (RSA)
2. Advance Encryption Standard (AES)
ENCRYPTION TECHNIQUES 3. TwoFish
4. Data Encryption Standard (DES)
5. Triple DES

FILE ENCRYPTION TOOLS

Software Source Encryption
Securing
LastPAss Open source Storing data
BitLocker Microsoft Encryption Software Storing data
Open Source Security
VeraCrypt Available in Windows, OS X and Storing data
Linux
DiskCryptor Open source and free internal and external drives
designed for encrypting files and
7-Zip Open source and free documents
files, folders or entire groups of files
Encryption Technologies

Digital Certificates Digital Signatures

 Data Migration

– Data migration is the process of selecting, preparing, extracting, and

transforming data and permanently transferring it from one computer storage system
to another.
– To transfer (called migrating) user settings, application settings, and user data files to a
new installation, you can use Windows 7/Vista Windows Easy Transfer or USMT.
– The User State Migration Tool (USMT) is a command-line tool that works only when the
computer is a member of a Windows domain.
– Drive-imaging software is used to clone the entire hard drive to another bootable
media in a process called drive imaging or disk cloning.
 Data / Remnant Removal

– Data remnant removal is typically the name given to removing all usable
data from media (typically hard drives, but any media can be included)
– Various techniques have been developed to counter data remanence.
These techniques are classified as clearing, purging/sanitizing,
or destruction.
– Specific methods include overwriting, degaussing, encryption, and media
destruction.
 Data / Remnant Removal
1. Overwrite data on the drive. You can perform a low-level format of a drive to overwrite the
data with zeroes.
2. Physically destroy the storage media. Use a drill to drill many holes through the drive
housing all the way through to the other side of the housing.
3. For magnetic devices, use a degausser. A degausser exposes a storage device to a strong
magnetic field to completely erase the data on a magnetic hard drive or tape drive.
4. For solid state devices, use a Secure Erase utility. As required by government regulations for
personal data privacy, the American National Standards Institute (ANSI) developed the ATA
Secure Erase standards for securely erasing data from solid state devices such as a USB flash
drive or SSD drive.
5. Use a secure data-destruction service. For the very best data destruction, consider a secure
data-destruction service. To find a service, search the web for “secure data destruction.”
 Password Management

– A password needs to be a strong password, which means it should not be easy to

guess by both humans and computer programs designed to hack passwords.
– Passwords are a set of strings provided by users at the authentication prompts of
web accounts. Although passwords still remain as one of the most secure
methods of authentication available to date, they are subjected to a number of
security threats when mishandled.
– Password management is a set of principles and best practices to be followed by
users while storing and managing passwords in an efficient manner to secure
passwords as much as they can to prevent unauthorized access.
 Password Management
– A password needs to be a strong password, which means it should not be easy to guess
by both humans and computer programs designed to hack passwords.
– A strong password, such as @y&kK1ff, meets all of the following criteria:
i. Use eight or more characters (14 characters or longer is better).
ii. Combine uppercase and lowercase letters, numbers, and symbols.
iii. Use at least one symbol in the second through sixth position of your password.
iv. Don’t use consecutive letters or numbers, such as “abcdefg” or “12345.”
v. Don’t use adjacent keys on your keyboard, such as “qwerty.”
vi. Don’t use your logon name in the password.
vii. Don’t use words in any language. Don’t even use numbers for letters (as in
viii. “p@ssw0rd”) because programs can now guess those as well.
ix. Don’t use the same password for more than one system.
 Locking workstation
(e.g. hardware, operating system)

– To keep a system secure, users need to practice the

habit of locking down their workstation each time they
step away from their desks.
– The quickest way to do this is to press the Windows
key + L. Another method is to press Ctrl+Alt+Delete. If
the user is already logged on when she presses these
keys, the login screen in appears.
– To unlock Windows, the user must enter her password.
For this method to be effective, all user accounts need
a password.
Recognize computer security treat
cause by social engineering

4.1.3
Recognize Appropriately To Social Engineering
Situations

Social Engineering
Definition:
The practice of tricking people
into giving out private information
or allowing unsafe programs into
the network or computer.
 Recognize Appropriately To Social Engineering
Situations

A good support technician is aware of the criminal practices used, and is able to teach
users how to recognize this mischief and avoid it. Here is a list of important security
measures that users need to follow to protect passwords and the computer system:
– Never give out your passwords to anyone, not even a supervisor or tech support person
who calls and asks for it.
– Don’t store your passwords on a computer. Some organizations even forbid employees
from writing down their passwords.
– Don’t use the same password on more than one system (computer, network,
application, or web site).
 Shoulder Surfing

Be aware of shoulder surfing when other people secretly peek at your

monitor screen as you work. A privacy filter can help. Lock down your
workstation each time you step away from your desk.

In order to protect yourself from shoulder surfing, you should take precautions when entering
personal information into devices or filling out forms in public.

Shoulder Surfing 1. Angle your computer or cell phone screen so that other people cannot see what you are typing.
2. Use a privacy screen to make your screen less visible to others.
3. If possible, sit or stand with your back to a wall when entering a password on a device in public
4. Stand in a quiet spot away from a crowd of people.
5. Try to avoid opening personal accounts in public.
6. Shield forms from viewing when filling out paperwork in public.
7. Use strong passwords to make it more difficult for someone to try and guess what you typed.
8. As always, remember to lock your computer or device when you leave your desk.
 Tailgating
Users need to be on the alert for tailgating, which is when someone who is
unauthorized follows the employee through a secured entrance to a room or
building.
Another form of tailgating is when a user steps away from her computer and
another person continues to use the Windows session when the system is not
properly locked.
To prevent unauthorized individuals from accessing your community,
consider implementing the following five anti-tailgating strategies.
Tailgating 1. Perform a Security Audit.
2. Educate Your Residents.
3. Implement Credentialed Access.
4. Use Simplified Visitor Management.
5. Setup Cameras.
 Email Hoax
– Beware of online social
engineering techniques. For
example, don’t be fooled by
scam email or an email hoax
such as the one shown here.
– When the user who received
this email scanned the attached
fi le using antivirus software,
Email Hoax the software reported the file
contained malware.
 Phishing
– Phishing (pronounced “fishing”) is a type of identity theft where the sender of an
email message scams you into responding with personal data about yourself.
– The scam artist baits you by asking you to verify personal data on your bank
account, ISP account, credit card account, or something of that nature. Often you
are tricked into clicking a link in the email message, which takes you to an official-
looking site complete with corporate or bank logos where you are asked to enter
your user ID and password to enter the site.

Prevent the Phishing

1. Two-factor authentication. it adds an extra verification layer when logging in to sensitive applications. 2FA relies on users having
two things: something they know, such as a password and user name, and something they have, such as their smartphones
2. Organizations should enforce strict password management policies. For example, employees should be required to frequently
change their passwords and to not be allowed to reuse a password for multiple applications.
3. Educational campaigns can also help diminish the threat of phishing attacks by enforcing secure practices, such as not clicking on
external email links.
 4.2 Understand Basic Concept
Of Security System
4.2.1 Explain basic concept of component for security
including hardware, software and data security issues
such as : a. BIOS and Smart card.
 BIOS / UEFI, Smartcard and Biometrics
 Authentication technologies and Backup
 Malicious Software
 File System
Explain basic concept of component
for security including hardware,
software and data security issues

4.2.1
 BIOS /UEFI
The security section of the BIOS is used to keep unauthorized people from making any changes to the
BIOS. Because settings in the BIOS are so critical to proper PC operation, many office IT staff choose to
lock out all non-IT personnel by using a password that only IT personnel know.

Security Option : This feature lets you password-protect the BIOS to prevent unauthorized users from
making changes. It can also be set to require a password for the PC to boot up. The options available
are Setup or System; this setting controls the options for the parameters below.

Set Supervisor Password : If you choose to select a Supervisor Password, a password will be required to
enter the BIOS after you choose setup, as described above. If you choose SYSTEM as described above,
then a password will be required for cold-booting, too.

Set User Password : A different password assigned to users is required to boot the PC, and if a
Supervisor Password has also been selected, permits the user to only adjust the date and time in the
BIOS.
AUTHENTICATION TECHNOLOGY
The process of identifying an individual, usually
based on a username and password.
In security systems, authentication is distinct
from authorization , which is the process of giving
individuals access to system objects based on
their identity.
Authentication merely ensures that the individual
is who he or she claims to be, but says nothing
about the access rights of the individual.
 Authentication Technology
There are generally three recognized types of authentication factors:
1. Type 1 – Something You Know – includes passwords, PINs, combinations, code words, or secret
handshakes. Anything that you can remember and then type, say, do, perform, or otherwise recall
when needed falls into this category.
2. Type 2 – Something You Have – includes all items that are physical objects, such as keys, smart
phones, smart cards, USB drives, and token devices. (A token device produces a time-based PIN or
can compute a response from a challenge number issued by the server.).
3. Type 3 – Something You Are – includes any part of the human body that can be offered for
verification, such as fingerprints, palm scanning, facial recognition, retina scans, iris scans, and voice
verification.
 Authentication Technology

Password
Two-Factor Authentication

Captcha Test

Public and Private Key-pairs Captcha Test Biometric Authentication

 Backup

– A notebook hard drive is likely to contain a recovery

partition or the notebook might come bundled with
recovery CDs.
– You might be able to create recovery media by using a
program installed on the hard drive.
– Use the media to diagnose problems with the
notebook, create system backups, and reimage the hard
drive if the hard drive is replaced or becomes corrupted.
 MALICIOUS SOFTWARE
 The words “Malicious Software” coin the word “Malware” and
the meaning remains the same. Malicious Software refers to any
malicious program that causes harm to a computer system or
network.
 Malicious Malware Software attacks a computer or network in
the form of viruses, worms, trojans, spyware, adware or rootkits.
 Their mission is often targeted at accomplishing unlawful tasks
such as robbing protected data, deleting confidential documents
or add software without the user consent.

Computer Virus
A computer virus is a
malicious software which self-
replicates and attaches itself
to other files/programs. It is
capable of executing secretly
when the host program/file is
activated. The different types
of Computer virus are
Memory-Resident Virus,
Program File Virus, Boot
Sector Virus, Stealth Virus, Trojan Horses
Unlike a computer virus or a
Macro Virus, and Email Virus.
worm – the trojan horse is a
non-replicating program
that appears legitimate.
After gaining the trust, it
secretly performs malicious
and illicit activities when
executed. Hackers make use
of trojan horses to steal a
user’s password information,
destroy data or programs on
the hard disk. It is hard to
detect!
Malicious Software
Worms Rootkit
A worm is a malicious A rootkit is a malicious
software which similar to software that alters the
that of a computer virus is a regular functionality of an
self-replicating program, OS on a computer in a
however, in the case of stealthy manner. The
worms, it automatically altering helps the hacker to
executes itself. Worms take full control of the
spread over a network and system and the hacker acts
are capable of launching a
Spyware/Adware as the system administrator
Spyware secretly records
cumbersome and destructive on the victim’s system.
attack within a short period.
information about a user and
Almost all the rootkits are
forwards it to third parties. The
designed to hide their
information gathered may cover
existence.
files accessed on the computer, a
user’s online activities or even
user’s keystrokes.
Adware as the name interprets
displays advertising banners while
a program is running. Adware can
also work like spyware, it is
deployed to gather confidential
information. Basically, to spy on
and gather information from a
victim’s computer.
 How to Prevent Malware From Infecting
Your Computer
1. Install Anti-Virus/Malware Software.
This tip may go without saying, and I almost
just casually mentioned it in my opening
paragraph. However, I have seen many
computers—especially home computers—
that don’t have anti-virus/malware
protection. This protection is a must-have
first step in keeping you computer virus free.
2. Keep Your Anti-Virus Software Up to Date.
Having protection software is the first step;
maintaining it is the second. Free anti-virus
software is better than nothing, but keep in
mind that it’s not the best solution. Microsoft
does provide a security package for “free.” It’s
free in that if you have Windows on your
machine, you are granted access, but you did
pay for your Windows license. Many users
aren’t aware of this program, but it’s actually
decent protection.
3. Run Regularly Scheduled Scans
with Your Anti-Virus Software.
This too may seem like a no-brainer,
but many of us forget to do this. Set
up your software of choice to run at
regular intervals. Once a week is
preferred, but do not wait much
longer between scans. It’s difficult to
work on your computer while your
anti-virus software is running. One
solution is to run the software at night
when you aren’t using your computer.
However, we often turn off our
computers at night, and so the scan
never runs. Set your anti-virus
software to run on a specific night,
and always leave your computer
running on that day. Make sure it
doesn’t shut off automatically or go
into hibernation mode.
4. Keep Your Operating System Current.
Whether you are running Windows, Mac OS X, Linux, or any
other OS, keep it up to date. OS developers are always
issuing security patches that fix and plug security leaks.
These patches will help to keep your system secure. Similarly,
keep your anti-virus software up to date. Viruses and
malware are created all the time. Your scanning software is
only as good as its database. It too must be as up to date as
possible.
5. Secure Your Network.
Many of our computers connect to our files, printers, or the
Internet via a Wi-Fi connection. Make sure it requires a password
to access it and that the password is strong. Never broadcast an
open Wi-Fi connection. Use WPA or WPA2 encryption. WEP is no
longer strong enough as it can be bypassed in minutes by
experts. It’s also a great idea to not broadcast your SSID (the
name of your Wi-Fi network). You can still access it with your
device, you will just have to manually type in the SSID and the
password. If you frequently have guests who use your Internet,
provide a guest SSID that uses a different password, just in case
your friends are evil hackers.
 How to Prevent Malware From Infecting
Your Computer
6. Think Before You Click. 9. Back Up Your Files.
Avoid websites that provide pirated material. Do not The best thing you can do is back up your files—all of
8. Don’t Use Open Wi-Fi.
open an email attachment from somebody or a company them. Ideally you will have your files (your data) in at
When you are at the local coffee
that you do not know. Do not click on a link in an least three places: the place where you work on them,
shop, library, and especially the
unsolicited email. Always hover over a link (especially on a separate storage device, and off-site. Keep your
airport, don’t use the “free” open
one with a URL shortened) before you click to see where files on your computer, back them up to an external
(non-password, non-encrypted)
the link is really taking you. If you have to download a file hard drive, then back them up in a different location.
Wi-Fi. Think about it. If you can
from the Internet, an email, an FTP site, a file-sharing You can use a backup service or simply get two
access it with no issues, what can a
service, etc., scan it before you run it. A good anti-virus external hard drives and keep one at work, at a
trained malicious individual do?
software will do that automatically, but make sure it is friend’s house, at a family member’s house, or in a
being done. safe deposit box.

7. Keep Your Personal Information Safe.
This is likely the most difficult thing to do on the Internet. Many hackers will
access your files not by brute force, but through social engineering. They
will get enough of your information to gain access to your online accounts
and will glean more of your personal data. They will continue from account
to account until they have enough of your info that they can access your
banking data or just steal your identity altogether. Be cautious on message
boards and social media. Lock down all of your privacy settings, and avoid
using your real name or identity on discussion boards.
10. Use Multiple Strong Passwords.
Never use the same password, especially on your bank account. Typically,
we use the same email address or username for all of our accounts. Those
are easy to see and steal. If you use the same password for everything, or
on many things, and it is discovered, then it takes only seconds to hack your
account. Use a strong password. Use lower case, upper case, numbers, and
symbols in your password. Keep it easy to remember but difficult to guess.
Do not use dates or pet names.
 Keep a Current Threat and Changes Happen in Computer Security

Make sure all scheduled all applications are

Make sure all scheduled
kept to the most current levels.
maintenance is
performed and updates Most newer network device
Older software may contain vulnerablelities can provide high levels of
Service packs are
that were not detected until after the security
installed on all the
software was released. Configured
system in the
Applying updates to the application software
environment
will minimized the impacts of attacks to the
system.
Schedule update process
 FILE SYSTEM
– File system is a system for organizing data in an efficient manner, directories and
files, generally in terms of how it is implemented in the disk operating system,
collection of files and directories stored on a given drive (floppy drive, hard drive,
RAM drive, etc.).
– File systems allocate space, multiple physical units on the device.
– A file system can be thought of as an index or database containing the physical
location of every piece of data on a hard drive. A file system is setup on a drive
during a format.
– The file system manages access to the data of the files, and manages the available
space of the device(s) which contain it.
 Type of File System
HFS

• HFS is a file system type developed by Apple Inc. for use on computers running Mac OS.
• Two main variants of HFS exist: Mac OS Standard (“HFS Standard” or “HFS”) and Mac OS extended (“HFS extended” or “HFS+”).
• If you are running Mac OS X, your bootable drive is almost certainly using HFS+, not standard HFS. HFS+ allows for larger files with longer file names to be stored on the disk.

File Allocation Table (FAT)

• FAT is a brief for File Allocation Table, which dates back to the beginnings of DOS programming.
• The File Allocation Table (FAT) file system was the primary file system in Microsoft's older operating systems, it is a file system that was created by Microsoft in 1977.
• FAT was the primary file system used in all of Microsoft's consumer operating systems from MS-DOS through Windows ME
• The version of this type is:  FAT 12  FAT 16  FAT 32

NTFS

• NTFS is a file system type that is commonly used for Microsoft Windows.
• It is the standard file system for Windows NT, Windows 2000, Windows XP, Windows Vista and Windows 7.
• It provides numerous improvements over the FAT file system, including better security and better disk utilization.
• NTFS is a proprietary file system developed by Microsoft Corporation for its Windows line of operating systems, beginning with Windows NT 3.1 and Windows 2000, including
Windows XP, Windows Server 2003, and all their successors to date
 How does the file system handle
security?
– The file system is crucial to data integrity.
– Main method of protection is through access control Accessing file system
operations (ex. modifying or deleting a file) are controlled through access
control lists or capabilities
– Capabilities are more secure so they tend to be used by operating systems on
file systems like NTFS or ext3.
– Secondary method of protection is through the use of backup and recovery
systems
 How does the file system handle
security?
– The file system is crucial to data integrity.
– Main method of protection is through access control Accessing file system
operations (ex. modifying or deleting a file) are controlled through access
control lists or capabilities
– Capabilities are more secure so they tend to be used by operating systems on
file systems like NTFS or ext3.
– Secondary method of protection is through the use of backup and recovery
systems
 Attacks on the file system

There are three most common methods

1. Race condition attacks
– Occurs when a process performs a sequence of operations on a file, under the assumption that they are executed
atomically.
– Can be used by the attacker to change the characteristics of that file between two successive operations on it resulting in
the victim process to operate on the modified file.
2. Using ADS to hide files
– Alternate Data Streams(ADS) allows multiple data streams to be attached to a single file.
– A file can be hidden behind a file as an attached stream that could be hundreds of megabytes in size, however a directory
listing will only display the file’s normal size.
3. Directory Traversal
An exploit caused by lack of insufficient security validation of user supplied input file names
For example the attacker would pass this as input. ../../../../../../../../../etc/password to retrieve the password file from the
server.
 Attacks on the file system

How does the file system ensure data integrity ?

There are various methods of protecting the files on a file system.

1. Access Controls
2. Encryption
3. RAID
4. Recovery when data is corrupted
 File System Security
General File System Encryption
– Encryption is also a method used by file systems to secure data, NTFS for example offers file encryption
using DESX
– Two method of disk encryption
• Full Disk Encryption
• File System Encryption
– File system encryption has a few advantages over full disk encryption for example
• File based key management
• Individual management of encrypted files
• Access control can be further strengthened through the use of public key cryptography
• Keys are only held in memory while the file is being used
 File system Security

RAID
– RAID stands for Redundant Array of Independent Disks
– Offers drawbacks and advantages over a single disk, each with different
applications
– Types of RAID
• RAID 0 “Striping set without parity”
• RAID 1 “Mirrored set without parity”
• RAID 3 “Striped set with byte level parity”
• RAID 4 “Striped set with block level parity”
• RAID 5 “Striped set with distributed parity”
• RAID 6 “Striped set with dual distributed parity”
 File System Security
Recovery when data is corrupted

1. Checksum codes
2. Reed Soloman Codes (cd’s to fix errors caused by
scratches)
3. Given the right type of RAID, the system can recover
easily.
• Parity Schemes
• Protection against individual drive failure
 TO KEEP A COMPUTER SECURITY AND
AVOID THE THREATs
• Make sure all schedule maintenance is performed and updates
Operation • Service packs are installed on the system in the environment
system • Many manufacturer are releasing security updates on their products to deal with newly discovered vulnerabilities
Updates • The OS automatically notify users when updates become available; this notification help bust administrators remembers to keep
their system current
• Make sure all applications are kept to the most current levels
Application • Older software may contain vulnerabilities that were not detect until after the software was released
Updates • Applying updates to the application software will minimize the impact of attacks to the system
• Schedule update process
• Most newer networks device can provide high levels of security
Network • Configured to block certain types of traffic and IP addresses
Device • Make sure logs are reviewed and Access Control List (ACL) updated to prevent hackers from disrupting
Updates the system.
• Network devices are also frequently updated to counter new vulnerabilities and threats
• Be aware of any changes in the organization or in industry that make existing policies out-of-
Policies and date
Procedure • Setting a review date as a part of organizations policy – creation procedures.
• Periodically review to document to verify the organization policies are effective and current.
• Enforce organization use policies to secure the threats
End of Slide
Thank you for reading