Professional Documents
Culture Documents
Chapter 4 Computer Security
Chapter 4 Computer Security
0
Computer Security
Edit by Norkiah
4.1 Remember the principles of
computer security
4.1.1
Hardware Deconstruction / Recycling
Hardware Firewalls
A hardware firewall sits between your local network of computers and
the Internet.
SonicWall SOHO The firewall will inspect all the data that comes in from the Internet,
passing along the safe data packets while blocking the potentially
dangerous packets.
Software Firewalls
4.1.2
Data Access (Basic Local Security Policy)
2. Information Protection
– BitLocker enables organizations to protect sensitive information from unauthorized access with military-grade
encryption when a device is lost or stolen.
– Windows Information Protection separates and contains business data to prevent it from accidentally leaking to
unauthorized users, documents, apps, or locations on the web.
– Azure Information Protection works with Windows Information Protection and provides more capabilities to
classify, assign advanced permissions and share sensitive data.
Encryption refers to any process used to make sensitive data more secure
and less likely to be intercepted by those unauthorized to view it.
There are several modern types of encryption used to protect sensitive
electronic data, such as emails, files, folders and entire drives
Many web browsers today tend to self-encrypt text while connecting to a
secure server. This is especially true of the URL starts with ‘https’.
This means you are on a secure encrypted website (Hypertext Transfer
Protocol, Secure), and is a must-have for sites that collect critical
information like financial information.
1. Rivest-Shamir-Adleman (RSA)
2. Advance Encryption Standard (AES)
ENCRYPTION TECHNIQUES 3. TwoFish
4. Data Encryption Standard (DES)
5. Triple DES
– Data remnant removal is typically the name given to removing all usable
data from media (typically hard drives, but any media can be included)
– Various techniques have been developed to counter data remanence.
These techniques are classified as clearing, purging/sanitizing,
or destruction.
– Specific methods include overwriting, degaussing, encryption, and media
destruction.
Data / Remnant Removal
1. Overwrite data on the drive. You can perform a low-level format of a drive to overwrite the
data with zeroes.
2. Physically destroy the storage media. Use a drill to drill many holes through the drive
housing all the way through to the other side of the housing.
3. For magnetic devices, use a degausser. A degausser exposes a storage device to a strong
magnetic field to completely erase the data on a magnetic hard drive or tape drive.
4. For solid state devices, use a Secure Erase utility. As required by government regulations for
personal data privacy, the American National Standards Institute (ANSI) developed the ATA
Secure Erase standards for securely erasing data from solid state devices such as a USB flash
drive or SSD drive.
5. Use a secure data-destruction service. For the very best data destruction, consider a secure
data-destruction service. To find a service, search the web for “secure data destruction.”
Password Management
4.1.3
Recognize Appropriately To Social Engineering
Situations
Social Engineering
Definition:
The practice of tricking people
into giving out private information
or allowing unsafe programs into
the network or computer.
Recognize Appropriately To Social Engineering
Situations
A good support technician is aware of the criminal practices used, and is able to teach
users how to recognize this mischief and avoid it. Here is a list of important security
measures that users need to follow to protect passwords and the computer system:
– Never give out your passwords to anyone, not even a supervisor or tech support person
who calls and asks for it.
– Don’t store your passwords on a computer. Some organizations even forbid employees
from writing down their passwords.
– Don’t use the same password on more than one system (computer, network,
application, or web site).
Shoulder Surfing
In order to protect yourself from shoulder surfing, you should take precautions when entering
personal information into devices or filling out forms in public.
Shoulder Surfing 1. Angle your computer or cell phone screen so that other people cannot see what you are typing.
2. Use a privacy screen to make your screen less visible to others.
3. If possible, sit or stand with your back to a wall when entering a password on a device in public
4. Stand in a quiet spot away from a crowd of people.
5. Try to avoid opening personal accounts in public.
6. Shield forms from viewing when filling out paperwork in public.
7. Use strong passwords to make it more difficult for someone to try and guess what you typed.
8. As always, remember to lock your computer or device when you leave your desk.
Tailgating
Users need to be on the alert for tailgating, which is when someone who is
unauthorized follows the employee through a secured entrance to a room or
building.
Another form of tailgating is when a user steps away from her computer and
another person continues to use the Windows session when the system is not
properly locked.
To prevent unauthorized individuals from accessing your community,
consider implementing the following five anti-tailgating strategies.
Tailgating 1. Perform a Security Audit.
2. Educate Your Residents.
3. Implement Credentialed Access.
4. Use Simplified Visitor Management.
5. Setup Cameras.
Email Hoax
– Beware of online social
engineering techniques. For
example, don’t be fooled by
scam email or an email hoax
such as the one shown here.
– When the user who received
this email scanned the attached
fi le using antivirus software,
Email Hoax the software reported the file
contained malware.
Phishing
– Phishing (pronounced “fishing”) is a type of identity theft where the sender of an
email message scams you into responding with personal data about yourself.
– The scam artist baits you by asking you to verify personal data on your bank
account, ISP account, credit card account, or something of that nature. Often you
are tricked into clicking a link in the email message, which takes you to an official-
looking site complete with corporate or bank logos where you are asked to enter
your user ID and password to enter the site.
4.2.1
BIOS /UEFI
The security section of the BIOS is used to keep unauthorized people from making any changes to the
BIOS. Because settings in the BIOS are so critical to proper PC operation, many office IT staff choose to
lock out all non-IT personnel by using a password that only IT personnel know.
Security Option : This feature lets you password-protect the BIOS to prevent unauthorized users from
making changes. It can also be set to require a password for the PC to boot up. The options available
are Setup or System; this setting controls the options for the parameters below.
Set Supervisor Password : If you choose to select a Supervisor Password, a password will be required to
enter the BIOS after you choose setup, as described above. If you choose SYSTEM as described above,
then a password will be required for cold-booting, too.
Set User Password : A different password assigned to users is required to boot the PC, and if a
Supervisor Password has also been selected, permits the user to only adjust the date and time in the
BIOS.
AUTHENTICATION TECHNOLOGY
The process of identifying an individual, usually
based on a username and password.
In security systems, authentication is distinct
from authorization , which is the process of giving
individuals access to system objects based on
their identity.
Authentication merely ensures that the individual
is who he or she claims to be, but says nothing
about the access rights of the individual.
Authentication Technology
There are generally three recognized types of authentication factors:
1. Type 1 – Something You Know – includes passwords, PINs, combinations, code words, or secret
handshakes. Anything that you can remember and then type, say, do, perform, or otherwise recall
when needed falls into this category.
2. Type 2 – Something You Have – includes all items that are physical objects, such as keys, smart
phones, smart cards, USB drives, and token devices. (A token device produces a time-based PIN or
can compute a response from a challenge number issued by the server.).
3. Type 3 – Something You Are – includes any part of the human body that can be offered for
verification, such as fingerprints, palm scanning, facial recognition, retina scans, iris scans, and voice
verification.
Authentication Technology
Password
Two-Factor Authentication
Captcha Test
7. Keep Your Personal Information Safe. 10. Use Multiple Strong Passwords.
This is likely the most difficult thing to do on the Internet. Many hackers will Never use the same password, especially on your bank account. Typically,
access your files not by brute force, but through social engineering. They we use the same email address or username for all of our accounts. Those
will get enough of your information to gain access to your online accounts are easy to see and steal. If you use the same password for everything, or
and will glean more of your personal data. They will continue from account on many things, and it is discovered, then it takes only seconds to hack your
to account until they have enough of your info that they can access your account. Use a strong password. Use lower case, upper case, numbers, and
banking data or just steal your identity altogether. Be cautious on message symbols in your password. Keep it easy to remember but difficult to guess.
boards and social media. Lock down all of your privacy settings, and avoid Do not use dates or pet names.
using your real name or identity on discussion boards.
Keep a Current Threat and Changes Happen in Computer Security
• HFS is a file system type developed by Apple Inc. for use on computers running Mac OS.
• Two main variants of HFS exist: Mac OS Standard (“HFS Standard” or “HFS”) and Mac OS extended (“HFS extended” or “HFS+”).
• If you are running Mac OS X, your bootable drive is almost certainly using HFS+, not standard HFS. HFS+ allows for larger files with longer file names to be stored on the disk.
• FAT is a brief for File Allocation Table, which dates back to the beginnings of DOS programming.
• The File Allocation Table (FAT) file system was the primary file system in Microsoft's older operating systems, it is a file system that was created by Microsoft in 1977.
• FAT was the primary file system used in all of Microsoft's consumer operating systems from MS-DOS through Windows ME
• The version of this type is: FAT 12 FAT 16 FAT 32
NTFS
• NTFS is a file system type that is commonly used for Microsoft Windows.
• It is the standard file system for Windows NT, Windows 2000, Windows XP, Windows Vista and Windows 7.
• It provides numerous improvements over the FAT file system, including better security and better disk utilization.
• NTFS is a proprietary file system developed by Microsoft Corporation for its Windows line of operating systems, beginning with Windows NT 3.1 and Windows 2000, including
Windows XP, Windows Server 2003, and all their successors to date
How does the file system handle
security?
– The file system is crucial to data integrity.
– Main method of protection is through access control Accessing file system
operations (ex. modifying or deleting a file) are controlled through access
control lists or capabilities
– Capabilities are more secure so they tend to be used by operating systems on
file systems like NTFS or ext3.
– Secondary method of protection is through the use of backup and recovery
systems
How does the file system handle
security?
– The file system is crucial to data integrity.
– Main method of protection is through access control Accessing file system
operations (ex. modifying or deleting a file) are controlled through access
control lists or capabilities
– Capabilities are more secure so they tend to be used by operating systems on
file systems like NTFS or ext3.
– Secondary method of protection is through the use of backup and recovery
systems
Attacks on the file system
1. Access Controls
2. Encryption
3. RAID
4. Recovery when data is corrupted
File System Security
General File System Encryption
– Encryption is also a method used by file systems to secure data, NTFS for example offers file encryption
using DESX
– Two method of disk encryption
• Full Disk Encryption
• File System Encryption
– File system encryption has a few advantages over full disk encryption for example
• File based key management
• Individual management of encrypted files
• Access control can be further strengthened through the use of public key cryptography
• Keys are only held in memory while the file is being used
File system Security
RAID
– RAID stands for Redundant Array of Independent Disks
– Offers drawbacks and advantages over a single disk, each with different
applications
– Types of RAID
• RAID 0 “Striping set without parity”
• RAID 1 “Mirrored set without parity”
• RAID 3 “Striped set with byte level parity”
• RAID 4 “Striped set with block level parity”
• RAID 5 “Striped set with distributed parity”
• RAID 6 “Striped set with dual distributed parity”
File System Security
Recovery when data is corrupted
1. Checksum codes
2. Reed Soloman Codes (cd’s to fix errors caused by
scratches)
3. Given the right type of RAID, the system can recover
easily.
• Parity Schemes
• Protection against individual drive failure
TO KEEP A COMPUTER SECURITY AND
AVOID THE THREATs
• Make sure all schedule maintenance is performed and updates
Operation • Service packs are installed on the system in the environment
system • Many manufacturer are releasing security updates on their products to deal with newly discovered vulnerabilities
Updates • The OS automatically notify users when updates become available; this notification help bust administrators remembers to keep
their system current
• Make sure all applications are kept to the most current levels
Application • Older software may contain vulnerabilities that were not detect until after the software was released
Updates • Applying updates to the application software will minimize the impact of attacks to the system
• Schedule update process
• Most newer networks device can provide high levels of security
Network • Configured to block certain types of traffic and IP addresses
Device • Make sure logs are reviewed and Access Control List (ACL) updated to prevent hackers from disrupting
Updates the system.
• Network devices are also frequently updated to counter new vulnerabilities and threats
• Be aware of any changes in the organization or in industry that make existing policies out-of-
Policies and date
Procedure • Setting a review date as a part of organizations policy – creation procedures.
• Periodically review to document to verify the organization policies are effective and current.
• Enforce organization use policies to secure the threats
End of Slide
Thank you for reading