ITEc12

Name ________________________________________________________ Date __________________

Chapter 12: Security
After completion of this chapter, students should be able to:
Explain why security is important and describe security threats.
Explain social engineering, data wiping, hard drive destruction and recycling.
Identify security procedures.
Explain what is required in a basic security policy and describe ways to protect data.
Describe wireless security techniques
Explain the tasks required to protect physical equipment.
Identify common preventive maintenance techniques for security.
Explain measures to maintain operating systems, backup data, configure firewalls, and maintain accounts.
Apply the six steps of the troubleshooting process to security.

12.0 Security
1.       What are the two type’s general threats to computer security?  Give examples of each.

 Physical and Data


12.1 Security Threats
2.       What is Malware and what does it do?

 Malware is any software created to perform malicious acts. The word malware is an abbreviation of malicious software.


3.       How Malware is typically installed?

 on a computer without the knowledge of the user

4.     What is a Trojan threat and where are they found?
 A Trojan horse usually looks like a useful program but it carries malicious code
5.     Trojans are often disguised as what?
 Trojan horses are often provided with free online games
6.     How much do computer viruses cost business annually? (search this)
 $55 billion dollars per year
7. 	Explain what is Virus protection software and what does it do?
 Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware software, is computer software used to prevent, detect and remove malicious software. Antivirus software was originally developed to detect and remove computer viruses, hence the name.


8.       Differentiate the following types of Malware:
a. 	Worms
 A worm is a self-replicating program that is harmful to networks with the intent to slow or disrupt network operations
Worms typically spread automatically by exploiting known vulnerabilities in the legitimate software


b.	Adware
 Usually distributed by downloading online software
It displays advertising on your computer most often as in a pop-up window
Adware pop-up windows are sometimes difficult to control and open new windows faster than users can control them


c. 	Spyware
 Similar to adware but used to gather information about a user and send the information to another entity, without the user’s consent.

Spyware can be low threat, gathering browsing data, or it can be high threat where personal or financial information is gathering
 d.	Ransomware


e.     Rootkits

12.1.1.2 Activity – Identify Malware Types Instructor Check _____________
9.     Explain what is Phishing and give an example:
 Phishing is when a malicious party sends an email, calls on the phone, or places a text with the intent to trick the recipient into providing personal or financial information

10.  What is SPAM and what threat can it pose?
 Spam, also known as junk mail, is unsolicited email. In most cases, spam is used as a method of advertising


11.  What are some of the indicators of SPAM?
An email has no subject line.
An email is requesting an update to an account.
The email is filled with misspelled words or strange punctuation.
Links within the email are long and/or cryptic.
An email is disguised as correspondence from a legitimate business.
The email requests that you open an attachment.


12.  Explain  these common attacks:

SYN Flood
 A SYN request is the initial communication sent to establish a TCP connection. A SYN flood attack randomly opens TCP ports at the source of the attack and ties up the network equipment or computer with a large amount of false SYN requests


DoS
 DoS is a type of attack that creates an abnormally large amount of requests to network servers, such as email or web servers. The goal of the attack is to completely overwhelm the server with false requests creating a denial of service for legitimate users.


DDoS
 A DDoS attack is like a DoS attack but is created using many more computers, sometimes in the thousands, to launch the attack.


Spoofing
 In a spoofing attack, a computer pretends to be a trusted computer to gain access to resources. The computer uses a forged IP or MAC address to impersonate a computer that is trusted on the network.


Man-in-the-Middle
 An attacker performs a man-in-the-middle (MitM) attack by intercepting communications between computers to steal information transiting through the network


Replay
 To perform a replay attack, data transmissions are intercepted and recorded by an attacker. These transmissions are then replayed to the destination computer


DNS Poisoning
 DNS records on a system are changed to point to imposter servers. The user attempts to access a legitimate site, but traffic is diverted to an imposter site.


12.1.1.6 Activity – Identify the TCP/IP Attacks Instructor Check ____________

13.   What does the term zero-hours describe?

 A zero-day attack, sometimes referred to as a zero-day threat, is a computer attack that tries to exploit software vulnerabilities that are unknown or undisclosed by the software vendor


14.   A      social engineer       is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information.

15.   Basic precautions to help protect against social engineering include:

 Never give out your login credentials (e.g., username, password, PIN).
Never post credential information in your work area.
Lock your computer when you leave your desk.


12.2 Security Policy
16.   Explain what is a security policy and why is it needed?

 A security policy is a set of security objectives that ensure the security of a network, the data, and the computer systems in an organization


17.   What questions should you ask to determine security policy factors?

 Which assets require protection?
What are the possible threats?
What to do in the event of a security breach?
What training will be in place to educate the end users?


18.   What six elements should be included in a security policy?

Identification and Authentication Policies
Password Policies
Acceptable Use Policies
Remote Access Policies
Network Maintenance Policies
Incident Handling Policies

19.   What do most networks that use Windows computer use to maintain policy?


 Active Directory


20.   What security problem is created when people use each other’s password to log-in?


 Privacy problem


21.   Explain the three levels of password protection that are recommended:

 BIOS – Prevents the operating system from booting and the BIOS settings from being changed without the appropriate password.
Login – Prevents unauthorized access to the local computer.
Network – Prevents access to network resources by unauthorized personnel.

22.  List and explain four good password guidelines/ requirements:


23.  How can an Administrator enforce password requirements using the system?
 They can send minimal length, complexity


24.  What can be used to prevent a “brute force” attack?

 Use the Account Lockout Policy in Account Policies to prevent brute-force login attempts.

25.  What can password protection can be done on a local machine?

 To prevent unauthorized users from accessing local computers and network resources, lock your workstation, laptop, or server when you are not present.


26.  Can local policy be automated and how if so?

 You can copy and export it

12.2.1.8 Lab – Configure Windows Local Security Policy
27.  How can I limit the impact of malicious Active X controls on web-sties?
 ActiveX filtering

28.  What is a pop-up and how can you limit their impact?
 A pop-up is a web browser window that opens on top of another web browser window. Some pop-ups are initiated while browsing, such as a link on a page that opens a pop-up to deliver additional information or a close-up of a picture


29.  What is a SmartScreen filter?
 This feature detects phishing websites, analyzes websites for suspicious items, and checks downloads against a list which contains sites and files that are known to be malicious.


30.   What is InPrivate browsing prevent the browser from doing and what are two ways you activate it in Internet Explorer?

It helps from web browsers from storing:
Usernames
Passwords
Cookies
Browsing history
Temporary Internet files
Form data


31.   What is a software firewall and how does it work?

 A software firewall is a program that runs on a computer to allow or deny traffic between the computer and other computers to which it is connected. The software firewall applies a set of rules to data transmissions through inspection and filtering of data packets

32.   Where can you get a firewall for Windows 7?

 Step 1. Control Panel > Windows Firewall > Advanced settings.
Step 2. Choose to configure either Inbound Rules or Outbound Rules in the left pane and click New Rule… in the right pane, as shown in Figure 2.
Step 3. Select the Port radio button and click Next.
Step 4. Choose TCP or UDP.
Step 5. Choose All local ports or Specific local ports to define individual ports or a port range and click Next.
Step 6. Choose Block the connection and click Next.
Step 7. Choose when the rule applies and click Next.
Step 8. Provide a name and optional description for the rule and click Finish.


33.   What do biometric devices use to give access to people?  Give one example

 Biometric security compares physical characteristics against stored profiles to authenticate people
Example: fingerprint scanners


34.   What makes a “smart card” operate?

 a small chip embedded in it.


35.   Where are data backups kept and why?

 A data backup stores a copy of the information on a computer to removable backup media that can be kept in a safe place. Backing up data is one of the most effective ways of protecting against data loss.


36.   What are some considerations for data backups?
 Data backups should be performed on a regular basis and included in the security policy. Data backups are usually stored offsite to protect the backup media if anything happens to the main facility

37.  What is meant “Principle of Least Privilege”?

 Users should be limited to only the resources they need in a computer system or on a network.

38.  Complete the following chart on folder permission levels:
Level
Description
Full
 Users can see the contents of a file or folder, change and delete existing files and folders, create new files and folders, and run programs in a folder
Modify
 Users can change and delete existing files and folders, but cannot create new ones
Read and Execute
 Users can see the contents of existing files and folders and can run programs in a folder
Read
 Users can see the contents of a folder and open files and folders
Write
 Users can create new files and folders and make changes to existing files and folders


39.   How does data encryption work on a drive?

 Encryption is where data is transformed using a complicated algorithm to make it unreadable


40.   How can the Bit-Locker application be used?

 To use BitLocker, at least two volumes must be present on a hard disk. A system volume is left unencrypted and must be at least 100 MB. This volume holds the files required by Windows to boot.

41.	______________________ is the process of removing sensitive data from hardware and software before recycling or discarding.
Data wiping

42.	The only ways to fully ensure that data cannot be recovered from a hard drive is to:

Either decimate the drive physically or degaussing will work.


43.	Will a Degaussing wand work on a SSD. Why or why not?

No, because the SSD is all electronic parts, not hard drive platters.


44.	How should drives with potentially sensitive media be disposed of?

Either degaussing for HDD or Physically destroying the an SSD in a shredder.

12.2.3.9 Activity – Identify Data Protection Terminology Instructor Check____________
45.	When facing a suspect warning window, what key combination may help safely close it?
Alt + f4


46.	When a machine reports an infection, what should be the first action taken and why?
Run your own anti-virus programs, because you trust them, don’t trust their fake “error: virus detected” warnings.


47.	Why must software manufacturers regularly create and dispense new patches to fix flaws and vulnerabilities?

To ensure that their software or product stays up to date to the newly created viruses so people use it because it.


48.	How are signature files used in keeping computers free from malicious software?

Code patterns malicious programs use are detected and made into things called signatures. When the anti-virus uses the signatures it will detect everything that uses that bit of malicious code.


49.	Explain what is hash encoding and where is it used?

Hash encoding, or hashing, ensures the integrity of the message. This means it ensures that the message is not corrupt or been tampered with during transmission


50.	What are the most popular hashing algorithms?

Secure Hash Algorithm (SHA) which is replacing the older Message Digest 5 (MD5) algorithm.


51.	What is symmetric encryption?( Give an example in your answer)

Symmetric encryption ensures the confidentiality of the message. If an encrypted message is intercepted, it cannot be understood.
Both sides need the key to read the message.


52.	What is asymmetric encryption? (Give an example in your answer.)

Asymmetric encryption also ensures confidentiality of the message. It requires two keys, a private key and a public key. The public key can be widely distributed, including emailing in plaintext or posting on the web.
Emailing


53.	When is the private key used?
In symmetric encryption

54.	What does the SSID do and how could it be an exploit?


An SSID is the name of a routers Wi-Fi and networks. So people can exploit it by putting their own server in a McDonalds and naming it “McDonalds Wi-Fi” and tricking people to join it.


55.	Define the following (you may need to search this):
Wired Equivalent Privacy (WEP) – A security type for networks, outdated and doesn’t work as well as newer ones, such as WEP2.

Wi-Fi Protected Access (WPA) – A security protocol for Wi-Fi meant to protect computers. Its has a lot of issues that its brother WPA2 has fixed, so WPA2 is better. Just like WEP.

Lightweight Extensible Authentication Protocol (LEAP), also called EAP-Cisco- Cisco LEAP is an 802.1X authentication type for wireless LANs (WLANs) that supports strong mutual authentication between the client and a RADIUS server using a logon password as the shared secret. It provides dynamic per-user, per-session encryption keys.


56.	Before WPS (Wi-Fi Protected Setup) what did people do for network security and how does WPS help now?

People used none, WPS helps because it adds a layer of security. Its easy to break into now so its not the best, but its brother WPS2 is better.


57.	Why is UPnP a potential threat?

Because when you start it up, it auto accepts devices so you don’t have to, so it can accept malicious things without you even knowing.


58.	Where can you get firmware updates for your router?

From the manufactures website.

59.	Explain the types of hardware firewall configurations:
•	Packet filter - Packets cannot pass through the firewall, unless they match the established rule set configured in the firewall. Traffic can be filtered based on different attributes, such as source IP address, source port or destination IP address or port. Traffic can also be filtered based on destination services or protocols such as WWW or FTP.
•	Stateful packet inspection (SPI) - This is a firewall that keeps track of the state of network connections traveling through the firewall. Packets that are not part of a known connection are dropped. The SPI firewall is enabled in Figure 1.
•	Application layer - All packets traveling to or from an application are intercepted. All unwanted outside traffic is prevented from reaching protected devices.
•	Proxy - This is a firewall installed on a proxy server that inspects all traffic and allows or denies packets based on configured rules. A proxy server is a server that is a relay between a client and a destination server on the Internet.
60.	What is a network DMZ and what things are usually place there?
A DMZ is a Demilitarized Zone, used to puts un-trusted networks or emails and such in there so people don’t ever come into contact with them on.
12.2.4.8 Worksheet - Research Firewalls

61.	What is port forwarding and when might you use it at home?

You can use it make ports for applications trusted so they run trusted.


2.2.5.8 Packet Tracer – Configure Wireless Security
62.	Explain how each user level factor  is a potential security concern and what can be done:


•	BIOS/ UEFI Passwords
Without it, people can flash boot from a USB and use their software that is not allowed.

Use a password to stop it.

•	AutoRun and AutoPlay
If something gets autorun permissions and autoruns that means a virus or unwanted program can start without your permission or without you noticing.

Turn off autorun abilities to stop this.

•	Multifactor Authentication
If someone has your accounts password they can easily get in.

Use 2FA to have a code that changes every 30 seconds or 60 seconds to make sure they can never get in.

•	Bring Your Own Device (BYOD)
Bringing your own device is an issue because people can bring theirs and use things and do things you cant keep track of and they can do some illegal business.

Don’t.

63.	What are at least five methods of physically protecting computer equipment?

•	Secured telecommunications rooms, equipment cabinets, and cages
•	Cable locks and security screws for hardware devices
•	Wireless detection for unauthorized access points
•	Hardware firewalls
•	Network management system that detects changes in wiring and patch panels
•	Wireless devices to prevent physical resets


64.	To limit access to a facility, what are some methods that can be used?

•	Card keys that store user data, including level of access
•	Identification badges with photographs
•	Biometric sensors that identify physical characteristics of the user, such as fingerprints
•	Posted security guard
•	Sensors, such as RFID badges, to monitor location and access

65.	What are some questions to ask when determining the level of needed security?
•	How the equipment is used
•	Where the computer equipment is located
•	What type of user access to data is required


12.2.6.3 Activity – Identify the Physical Security Device Instructor Check___________

12.3 Common Preventive Maintenance Techniques for Security
66.	What is a patch and how is it different from a service pack?

Patches are code updates that manufacturers provide to prevent a newly discovered virus or worm from making a successful attack.

67.	What is the difference between an incremental backup and a differential backup? Use a diagram to support your answer: (May need to search this)
Differential backups backup data from the first backup. So say day 1 you backup, then day 2 you back up, day 2 saves data since day 1’s backup, then day 3 hits, day 3 saves data since day 1’s backup.
Incremental backups backup data from the last backup. So day 1 you back up, then day 2 you back up. Day 2 saves since day 1 one, then day 3 hits, day 3 backs up with the data from day 2.


68.	When should backups be run?

At night when workers and people are not around to mess with the PC’s and the backup doesn’t inconvenience people.
12.3.1.3 Lab – Configure Data Backup and Recovery in Windows 7 /8 (10)
69.	What is the difference between a restrictive verses permissive security policy when dealing with firewalls?

Permissive allows things to go on through, while restrictive blocks connections that the administrator have not allowed.

12.3.1.5 Lab - Configure a Windows  Firewal 7 /8 (10)


70.	When should an employee’s access be terminated and why?
When they are walking out the door, because if they still have access you can be in trouble, and don’t revoke it too soon because they might still have work or something to turn in important.

71.	When should guest accounts be used?
When temporary employees or guests need to connect to the network. That is when you should use guest accounts.
72.	What are the three built- in Groups?
Guest, User, Administrator.

73.	What can help limit areas of vulnerability that allow a virus of malicious software to enter the network by using Group membership?
UAC to configure settings to prevent malicious code.


12.3.1.9 Lab – Configure Users and Groups in Windows
12.4 Basic Troubleshooting Process for Security
74.	List 3 open ended questions to help identify the problem.


A - When did the problem start?


B - What problems are you experiencing?


C - What websites have you visited recently>


75.	List 3 closed ended questions to help identify the problem

A  - Is your security software up to date?


B - Have you scanned your computer for viruses recently?


C - Have you shared your password?


76.	What are some common probable causes for security problems? (at least 4)

Virus, Trojan horse, Worm, and Spyware.

77.	What are three quick procedures that can be done to help test your previous theory(s)?


A - Disconnect from the Network


B - Enforce security policy


C – Secure Work environment.


78.	If a quick procedure does not correct the problem, what needs to happen?

You might need to research the problem further to establish the exact cause.


79.	What are some additional resources that can be used to establish a plan of action?            (list at least 4)

Help desk repair logs, Other technicians, Manufacturers FAQ, Technical websites.


80.	After you have determined the exact cause of the problem what needs to occur?

You need to make a plan of action.


81.	What is the final step(s) in troubleshooting and what are at least three actions you may do in that final step(s)?

1.	Execute the plan of action
2.	Verify that it is fixed
3.	Document the issue and that it has either been resolved or not.


12.4.2.2 Lab – Document Customer Information in a Work Order