Post on 17-Dec-2015
In this chapter you will learn how to: Explain the threats to your computers and data
Describe key security concepts and technologies
Local Security
Threats to your data and PC come from two directions: accidents and malicious people Accidents happen, and even well-meaning
people can make mistakes This chapter examines the following issues:
◦ Unauthorized access◦ Social engineering◦ Data destruction - accidental or deliberate◦ Administrative access◦ Catastrophic hardware failures◦ Theft◦ Viruses/spyware
Analyzing Threats
Unauthorized access occurs when a person accesses resources without permission Not all unauthorized access is malicious- this problem
arises when users randomly poking around in a computer discover that they can access resources they shouldn’t
Unauthorized access becomes malicious when outsiders knowingly take advantage of weaknesses in your se curity to gain information, use resources, or destroy data!
One way to gain unauthorized access is through intrusion
You might imag ine someone kicking in a door and hacking into a computer, more often than not it's someone sitting at a home computer, trying various passwords over the Internet
Unauthorized Access
Dumpster diving is the generic term for anytime a hacker goes through your refuse, looking for information which is also a form of intrusion The amount of sensitive information that
makes it into any organization's trash bin boggles the mind!
When it comes to getting information, the trash is the place to look!
Unauthorized Access
Most of attacks that result in a loss of data come under the heading of social engineering, using people inside the networking environ ment to gain access Unauthorized information may be a network
login, credit card numbers, company customer data , social security numbers
It's common for social engineering attacks to be used together, if you discover one of them being used against your organization, it's a good idea to look for others
Social Engineering
Hackers can physically enter your building under the guise of someone who might have a legitimate reason for being there Dressing the part of a legitimate user with
fake badge enables malicious people to gain access to locations and thus potentially your data
Following someone through the door is a very common method referred to as Tailgating
Infiltration
The telephone scam is a very common social engineering attack, the attacker makes a phone call to someone in the organization to gain information Calling the help desk to acquire “forgotten”
password information Similar to telephone scams is a technique
called Phishing, trying to acquire user names password or other secure information using e-mail
Telephone Scams
Data destruction means more than just intentionally or accidentally erasing or corrupting data Authorized us ers with access to certain data then uses
that data beyond what they are authorized to do "If I wasn't allowed to change it, the system wouldn't let me do it!" is too often the response
Every operating system enables you to create user accounts and grant those accounts a certain level of access to files and folders in that computer
Administrator, supervi sor, or root user, have full control over just about every aspect of the computer, be certain the people with this access are capable
Data Destruction
You need to create redundancy in areas prone to failure (such as installing backup power in case of electrical failure) and perform those all-important data backups Keep track of where you store the discs or
hard drives used to back up your computer Loss of backup materials can be truly
catastrophic
System Crash/Hardware Failure
Once you've assessed the threats to your computers and networks, you need to take steps to protect those valuable resources
If you can control access to the data, programs, and other computing resources, you've secured your systems
Access control is composed of four interlinked areas:◦ Physical security◦ Authenti cation ◦ Users and groups◦ Security policies
Security Concepts and Technologies
The first order of security is to block access to physical hardware from people who shouldn't have access Don't leave a PC unat tended when logged in If you see a user's computer logged in and
unattended, lock the computer To lock a computer press the WINDOWS
LOGO KEY-L combination on the keyboard to lock the system the user must login to re-enter
Secure Physical Area
Security starts with authentication, which is how the computer determines who can access it and what that user can do There are two methods of authenticating,
software and hardware Software authentication requires the use of a
Strong password 8 characters including numbers, letters and punctuation
Hardware Authentication Smart cards and biometric devices enable modern systems to authenticate users
Authentication
The file system on a hard drive matters a lot when it comes to security On a Windows machine with multiple users,
you should use NTFS rather than Fat32 or you have no security at all
NTFS enables you to encrypt files and folders to better protect them from potential hackers
Primary drives and any secondary drives in computers in your care should be formatted as NTFS
Filesystems
Windows uses user accounts and groups as the basis of access control A user ac count is assigned to a group, such
as Users, Power Users, or Administrators, and by as sociation gets proper permissions on the computer
Using NTFS enables the highest level of control over data resources
Assigning users to groups is a great first step in controlling a local machine
Users and Groups
Access to user accounts should be restricted to the assigned individuals, and those who configure the permissions to those accounts Accounts should have permission to access
only the resources they need and no more Tight control of user accounts is critical to
preventing unauthorized access Dis abling unused accounts is an important
part of this strategy
User Account Control Through Groups
Setting up Groups to Simplify Administration Define the new Groups:
◦ Sales◦ Management
Default Groups: ◦ Everyone◦ Users◦ Guests
Assigning permissions to a group in Win 7
Too generic for our example
Members of the Sales Group are able to view Customer account information and prices.
Members of the Management group can modify Customer account information and pricing
Parental Controls allows you to monitor and limit the activities of any standard user in Windows 7/ Vista Giving parents and managers a level of control over
the content their children and employees can access Activity Re porting logs show:
◦ Applications run or attempted to run ◦ Web sites visited or attempted to visit ◦ Files downloaded and more
Block various Web sites by type or URL Allow only certain Web sites, a far more powerful
option Limit the time users can log in
Parent Control
To report any security issues so a network administrator or technician can address them, there are two tools within Windows so that the OS reports problems to you- Event Viewer: to view application or system
errors for troubleshooting Auditing: create an entry in a Security Log
when certain events happen
Reporting
The most common use for Event Viewer is to view application or system errors for troubleshooting
Event Viewer
From the Control Panel select System and security
Select Administrative Tools
Select Event Viewer
Errors will be show as Event Types
Event Viewer also allows you to click a error link to take you to the online Help and Support Center at Microsoft.com which gives a detailed explanation of the error and suggests fixes
Incidence reporting after gathering data about a particular system or network problem, you may need to follow up with an incident report Incidence Reports are useful in a couple of
ways: First it provides a record of work completed Second it provides information when combined
with other information may reveal a pattern The Event Viewer is a useful tool for creating
incident reports
Incidence Reporting