ITE PC v40 Chapter16 SpkrNotes

8/12/2019 ITE PC v40 Chapter16 SpkrNotes

http://slidepdf.com/reader/full/ite-pc-v40-chapter16-spkrnotes 1/19

ITE PC v4.0 Chapter 16 Instructor Professional Development Speaker Notes

Title Slide

Cisco Networking Academy programIT Essentials: PC Hardware and Software v4!C"apter #$: Advanced Sec%rity

Slide 2

Slide 2 – Purpose of this PresentationThe purpose of this PowerPoint is to provide to instructors an overview of ITEv4.0 Chapter 16 includin! the followin!"• #ist of chapter o$%ectives• &verview of the chapter contents includin! student wor'sheets

student la$s and student activities included in the course content• (eflection)*ctivities for instructors to co+plete to prepare to teach• *dditional resources

Slide 3

Slide , – Chapter 16 &$%ectives-pon co+pletion of this Chapter students will $e a$le to perfor+ tas's relatedto"• 16.1 &utline securit re/uire+ents $ased on custo+er needs• 16.2 Select securit co+ponents $ased on custo+er needs• 16., I+ple+ent custo+ers securit polic• 16.4 Perfor+ preventive +aintenance on securit• 16. Trou$leshoot securit

Slide 4

Slide 4 – Chapter 16 or'sheetsThere are three wor'sheets one activit and two la$s included in Chapter 16.These are availa$le at the $otto+ of associated pa!es of course content and$ clic'in! on the 3#a$s lin' in the Inde5 window of Chapter 16.or'sheets assi!n+ents includin! research +atchin! review /uestionstrou$leshootin! and roleplain! activit.• 16.1.1 or'sheet" Securit Polic 7*nswer securit /uestions re!ardin!

the securit of the e/uip+ent access privile!es Internet access of our ITEssentials classroo+.8

• 16.2.2 *ctivit" Securit 9evices 7Co+plete the securit device +atchin!activit8

• 16.2., or'sheet" :irewalls 7(esearch the details of two differenthardware firewalls. (ecord the details of each. (eco++end one forpurchase. (esearch the details of two different software firewalls. (ecordthe details of each. (eco++end one for purchase.8

• 16.,.2 #a$" indows ;P :irewall 7E5plore the indows ;P :irewall andconfi!ure so+e advanced settin!s.8

• 16.., #a$" :i5 a Securit Pro$le+ 7<ather data fro+ the custo+er andthen instruct the custo+er on how to correct a securit issue that ispreventin! connection to the wireless networ'.8

• 16.., (e+ote Technician" :i5 a Securit Pro$le+ 7Perfor+ a rolepla tocorrect a securit pro$le+.8

a! "00# p$ 1 of 1%




Slide 5

Slide – *dvanced Securit16.0 Chapter IntroductionThis chapter reviews the tpes of attac's that threaten the securit ofco+puters and the data contained on the+. * technician is responsi$le for thesecurit of data and co+puter e/uip+ent in an or!ani=ation. The chapterdescri$es how ou can wor' with custo+ers to ensure that the $est possi$leprotection is in place.

*fter co+pletin! this chapter students will +eet these o$%ectives"

• &utline securit re/uire+ents $ased on custo+er needs.• Select securit co+ponents $ased on custo+er needs.• I+ple+ent custo+ers securit plan.• Perfor+ preventive +aintenance on securit.• Trou$leshoot securit.

16.1 &utline securit re/uire+ents $ased on custo+er needs>etwor' technicians and the or!ani=ations +ana!e+ent should wor' to!etherto develop a securit polic to ensure that data and e/uip+ent have $eenprotected a!ainst all securit threats. * securit polic includes aco+prehensive state+ent a$out the level of securit re/uired and how thissecurit will $e achieved.hen creatin! a securit polic answer the followin! /uestions to deter+inesecurit factors"

• Is t"e comp%ter located at a "ome or a &%siness' ?o+e co+puters!enerall are +ore vulnera$le to wireless intrusion than $usinessco+puters. @usiness co+puters have a hi!her threat of networ' intrusiondue to users a$usin! their access privile!es.

• Is t"ere f%ll(time Internet access' The +ore a co+puter is e5posed tothe Internet the !reater the chance of attac's fro+ other infectedco+puters. * co+puter accessin! the Internet should include firewall andantivirus solutions.

• Is t"e comp%ter a laptop' Phsical securit is an issue with laptopco+puters. There are +easures to secure laptops such as ca$le loc's.

*fter co+pletin! this section students will +eet these o$%ectives"• &utline a local securit polic• E5plain when and how to use securit hardware

• E5plain when and how to use securit application softwareTeac"ing Strategy: The need for securit is related to how +an otherco+puters are used with the co+puter ou are trin! to protect. * laptop thatnever %oins the networ' needs phsical securit. * co+puter that %oins the localarea networ' needs protection a!ainst viruses. Co+puters or networ's thataccess the Internet need a thorou!h securit solution involvin! firewalls antivirus and phsical securit.

a! "00# p$ " of 1%




Slide 6

Slide 6 – &utline a Securit Polic16.1.1 &utline a local securit polic

* securit polic is a collection of rules !uidelines and chec'lists. >etwor'technicians and +ana!ers of an or!ani=ation wor' to!ether to develop therules and !uidelines for the securit needs of co+puter e/uip+ent. * securitpolic includes the followin! ele+ents"

• 9efine an accepta$le co+puter usa!e state+ent for anor!ani=ation.

• Identif the people per+itted to use the co+puter e/uip+ent in anor!ani=ation.

• Identif devices that are per+itted to $e installed on a networ' aswell as the conditions of the installation. Aode+s and wireless accesspoints are e5a+ples of hardware that could e5pose the networ' toattac's.

• 9efine the re/uire+ents necessar for data to re+ain confidentialon a networ'.

• 9eter+ine a process for e+ploees to ac/uire access toe/uip+ent and data. This process +a re/uire the e+ploee to si!n ana!ree+ent re!ardin! the co+pan rules. It will also list theconse/uences for failure to co+pl.

The securit polic should also provide detailed infor+ation a$out the followin!

issues in case of an e+er!enc"• Steps to ta'e after a $reach in securit• ho to contact in an e+er!enc• Infor+ation to share with custo+ers vendors and the +edia• Secondar locations to use in an evacuation• Steps to ta'e after an e+er!enc is over includin! the priorit of

services to $e restoredCA)TI*N: * securit polic +ust $e enforced and followed $ all e+ploees to$e effective.Teac"ing Strategy: * securit polic is a written docu+ent that details therules and courses of action that relate to all the co+puters and networ'e/uip+ent in an or!ani=ation $oth durin! datoda operations and in case of e+er!encies. * local securit polic +a specif what can and cannot $e done

with the co+puters on a networ'. The polic defines who can use co+putersand for what purposes. The polic protects the co+pan in case the networ' isused to perfor+ ille!al activities. The value of the securit polic is that it can$e created cal+l $efore an e+er!enc or securit incident happens. Thisprevents +a'in! poor decisions in ti+es of stress or crisis.St%dent Activity: The student course content includes the wor'sheet 16.1.1or'sheet" Securit Polic. To co+plete this wor'sheet students will answersecurit /uestions re!ardin! the securit of the e/uip+ent access privile!esInternet access of their IT Essentials classroo+.

a! "00# p$ & of 1%




Slide 7

Slide B – Securit ?ardware16.1.2 E5plain when and how to use securit hardwareThe securit polic should identif hardware and e/uip+ent that can $e used toprevent theft vandalis+ and data loss. There are four interrelated aspects tophsical securit"1. +estrict access Prevent unauthori=ed access to pre+ises usin! securit

hardware 7$io+etrics fences door loc's82. Protect t"e network infrastr%ct%re Protect networ' devices ca$lin!

and data fro+ theft da+a!e and ille!al access $ usin! protectivetechni/ues and hardware 7secured teleco++unications roo+s place allca$lin! in conduits wireless detection for unauthori=ed access pointshardware firewalls networ' +ana!e+ent sste+ that detects chan!es inwirin! and patch panels8

,. Protect individ%al comp%ters Protect individual co+puters fro+ theft orda+a!e $ usin! protective hardware 7ca$le loc's laptop doc'in! stationloc's loc'a$le cases secured ca!es surround des'top cases8

4. Protect data Protect data with hardware that prevents unauthori=edaccess or theft of +edia 7loc'a$le ?9 carriers secure stora!e andtransport of $ac'up +edia -S@ securit don!les8

:actors that deter+ine the +ost effective securit e/uip+ent to use to securee/uip+ent and data include the followin!"

?ow will the e/uip+ent $e used here is the co+puter e/uip+ent located

hat user access to data is re/uired

Slide 8

Slide D – Securit *pplications16.1., E5plain when and how to use securit application softwareSecurit applications protect the operatin! sste+ and software applicationdata.• Software firewall filters inco+in! data and is $uilt into indows ;P• Intr%sion ,etection Systems -I,S. +onitors chan!es in the pro!ra+

codes for unusual activit and sends reports if code is +odified• Application and *S patc"es update applications and the operatin!

sste+ to repair securit wea'nesses that are discoveredThere are several software applications availa$le to protect co+puters fro+

unauthori=ed access $ +alicious co+puter code"• irus protection• Spware protection• *dware protection• <raware protection

In developin! a polic +ana!e+ent should calculate the cost of data lossversus the e5pense of securit protection and deter+ine what tradeoffs areaccepta$le.

a! "00# p$ 4 of 1%




Slide 9

Slide F – Selectin! Securit Co+ponents16.2 Select securit co+ponents $ased on custo+er needsThe securit polic helps custo+ers to select the securit co+ponentsnecessar to 'eep e/uip+ent and data safe. If there is no securit polic oushould discuss securit issues with the custo+er. -se our past e5perience asa technician and research the current securit products on the +ar'et whenselectin! securit co+ponents for the custo+er. The !oal is to provide thesecurit sste+ that $est +atches the custo+ers needs. Consider the

followin! factors when decidin! on securit co+ponents"• *dvanta!es and disadvanta!es of a securit co+ponent• &verlappin! features and functions• Co+ponent setup and +aintenance re/uire+ents• @ud!et restrictions• (eal and perceived threats

*fter co+pletin! this section students will $e a$le to perfor+ the followin!tas's"• 9escri$e and co+pare securit techni/ues• 9escri$e and co+pare access control devices• 9escri$e and co+pare firewall tpesTeac"ing Strategy: hen considerin! the factor of co+ponent setup and+aintenance re/uire+ents research whether updates are auto+aticall

perfor+ed or +anuall perfor+ed. *fter installation what testin! and inspectionshould occur to confir+ that the co+ponent is functionin! properl henconsiderin! the cost of the securit to i+ple+ent consider the value of the dataor e/uip+ent that is $ein! protected. Consider the cost of losin! that data ore/uip+ent. The correct a+ount of securit is deter+ined when the cost ofputtin! a sste+ in place +eets the value of the data to $e protected.

a! "00# p$ ' of 1%




Slide 10

Slide 10 – Securit Techni/ues16.2.1 9escri$e and co+pare securit techni/ues

* technician should deter+ine the appropriate techni/ues to secure e/uip+entand data for the custo+er. 9ependin! on the situation +ore than onetechni/ue +a $e re/uired.Passwords -sin! secure encrpted lo!in infor+ation for co+puters withnetwor' access should $e a +ini+u+ re/uire+ent in an or!ani=ation.Aalicious software can +onitor the networ' to record plainte5t passwords. If

passwords are encrpted attac'ers would have to decode the encrption tolearn the passwords./ogging and A%diting Event lo!!in! and auditin! should $e ena$led to+onitor activit on the networ'. The networ' ad+inistrator audits the lo! file ofevents to investi!ate networ' access $ unauthori=ed users.0ireless Config%rations ireless connections are especiall vulnera$le toaccess $ attac'ers. ireless clients should $e confi!ured to encrpt data.Encryption Encrption technolo!ies are used to encode data $ein!trans+itted on a networ'. Each technolo! is used for a specific purpose.Encrption +ethods include"• Has" encoding is used to identif when a +essa!e has $een ta+pered

with durin! trans+ission. ?ash encodin! uses an al!orith+ 7S?* A98.• Symmetric encryption re/uires $oth sides of an encrpted conversation

to use an encrption 'e to $e a$le to encode and decode the data. Thesender and receiver +ust use identical 'es...

• Asymmetric encryption re/uires that a private 'e is used to encode a+essa!e and a pu$lic 'e is used to decode a +essa!e.

• 1irt%al Private Network -1PN. uses encrption to secure data as if it wastravelin! in a private corporate #*> even thou!h the data actuall travelsover an networ' for e5a+ple the Internet. The secured data pipelines$etween points in the P> are called Gsecure tunnelsG...

Teac"ing Strategy: There are +an techni/ues for securit. Hou %o$ is tochoose which is +ost appropriate for our client. To +a'e infor+edreco++endations to our client ou should $e 'nowled!ea$le of theadvanta!es and disadvanta!es of each securit techni/ue.

a! "00# p$ 6 of 1%




Slide 11

Slide 11 – *ccess Control 9evices16.2.2 9escri$e and co+pare access control devicesCo+puter e/uip+ent and data can $e secured usin! overlappin! protectiontechni/ues to prevent unauthori=ed access to sensitive data. *n e5a+ple ofoverlappin! protection is usin! two different techni/ues to protect an asset.This is 'nown as twofactor securit.Phsical access control devices are used to secure access to data ande/uip+ent $ phsical +eans.

• * lock is the +ost co++on device for securin! phsical areas. If a 'e islost all identicall 'eed loc's +ust $e chan!ed.

• * cond%it is a casin! that protects the infrastructure +edia fro+ da+a!eand unauthori=ed access. *ll ca$lin! should $e enclosed in conduits orrouted inside walls to prevent unauthori=ed access or ta+perin!. >etwor'outlets that are not in use should $e disa$led.

• * card key is a tool used to secure phsical areas. If a card 'e is lost orstolen onl the +issin! card +ust $e deactivated. The card 'e is +oree5pensive than securit loc's.

• 1ideo s%rveillance e2%ipment records i+a!es and sound for +onitorin!activit. The recorded data +ust $e +onitored for pro$le+s.

• Sec%rity g%ards control access to the entrance of a facilit and +onitorthe activit inside the facilit.

9ata securit devices are used to authenticate e+ploees and authori=edpersonnel to access to data on a co+puter and on a networ'. Twofactoridentification is a +ethod to increase securit. E+ploees +ust use $oth apassword and a data securit device si+ilar to those listed here to access data"• Smart card is a device that has the a$ilit to store data safel. The internal

+e+or is an e+$edded inte!rated circuit chip 7ICC8 that connects to areader either directl or throu!h a wireless connection. S+art cards areused in +an applications worldwide li'e secure I9 $ad!es onlineauthentication devices and secure credit card pa+ents.

• Sec%rity key fo& is a s+all device that rese+$les the orna+ent on a 'erin!. It has a s+all radio sste+ that co++unicates with the co+puter over a short ran!e. The fo$ is s+all enou!h so that +an people attach the+ totheir 'e rin!s. The co+puter +ust sense the si!nal fro+ the 'e fo$

$efore it will accept a userna+e and password.• * &iometric device +easures a phsical characteristic of the user such as

their fin!erprints or the patterns of the iris in the ee. The user will $e!ranted access if these characteristics +atch its data$ase and the correctlo!in infor+ation is supplied.

St%dent Activity: The student course content includes a +atchin! activit. Toco+plete this activit students will +atch the data securit device to its correctdefinition.

a! "00# p$ # of 1%




Slide 12

Slide 12 – :irewall Tpes16.2., 9escri$e and co+pare firewall tpes?ardware and software firewalls protect data and e/uip+ent on a networ' fro+unauthori=ed access. ?ardware and software firewalls have several +odes forfilterin! networ' data traffic"• Packet filtering is a set of rules that allows or denies traffic $ased on

criteria such as an IP address a protocol and)or a port used.• Pro3y firewall inspects all traffic and allows or denies pac'ets $ased on

confi!ured rules. * pro5 acts as a !atewa that protects co+puters insidethe networ'.

• Statef%l packet inspection 'eeps trac' of all channels of co++unicationand provides the $est de!ree of securit at all levels.

* "ardware firewall is a phsical filterin! co+ponent that inspects datapac'ets fro+ the networ' $efore the reach co+puters and other devices on anetwor'. ?ardware firewalls are often installed on routers. * hardware firewallis a freestandin! unit that does not use the resources of the co+puters it isprotectin! so there is no i+pact on processin! perfor+ance.

* software firewall is an application on a co+puter that inspects and filtersdata pac'ets. * software firewall uses the resources of the co+puter resultin!in reduced perfor+ance for the user.N*TE: &n a secure networ' if co+puter perfor+ance is not an issue ou

should ena$le the internal operatin! sste+ firewall for additional securit.So+e applications +a not operate properl unless the firewall is confi!uredcorrectl for the+.St%dent Activity: The student course content includes the wor'sheet 16.2.,or'sheet" :irewalls. To co+plete this wor'sheet students will conductresearch for two different hardware firewalls and two different softwarefirewalls. (ecord the details of each and then reco++end one hardwarefirewall and reco++end one software firewall.

a! "00# p$ ( of 1%




Slide 13

Slide 1, – Confi!ure Securit Settin!s16., I+ple+ent custo+ers securit polic

*ddin! laers of securit on a networ' can +a'e the networ' +ore secure $utadditional laers of securit protection can $e e5pensive. Hou +ust wei!h thevalue of the data and e/uip+ent to $e protected with the cost of protectionwhen i+ple+entin! the custo+ers securit polic. *fter co+pletin! thissection students will $e a$le to perfor+ the followin! tas's"• Confi!ure securit settin!s

• 9escri$e confi!urin! firewall tpes• 9escri$e protection a!ainst +alicious softwareTeac"ing Strategy: The +ore securit protection applied to a networ' the+ore secure that networ' is. @ud!et affects the a+ount of securit e/uip+entthat $e afforda$l i+ple+ented. The value of the data 7custo+er identitresearch data for new products8 is usuall considered in deter+inin! thesecurit $ud!et for securin! that data. *ccess to an networ' especiall theInternet puts a co+puter at ris'. Even co+puters with low value data +ust $esecured so that others wont ta'e control of the co+puter and use it for+alicious purposes.16.,.1 Confi!ure securit settin!sTwo co++on securit errors are incorrect per+issions on folders and files andincorrect confi!uration of wireless securit.

• Confi!ure per+ission levels to li+it individual or !roup user access tospecific data $ file and)or $ folder. The networ' ad+inistrator can use:*T or >T:S to confi!ure folder sharin! or folderlevel per+issions forusers with networ' access. The networ' ad+inistrator can use filelevelper+issions with >T:S to confi!ure access to files.

• -se the followin! tools to confi!ure wireless securit"• 0ired E2%ivalent Privacy -0EP. encrpts the $roadcast data

$etween the wireless access point 7*P8 and the client usin! a 64$itor 12D$it encrption 'e.

• 0i(i Protected Access -0PA. provides $etter encrption andauthentication than EP.

• 5AC address filtering restricts co+puter access to a wirelessaccess point to prevent the casual user fro+ accessin! the networ'.

A*C address filterin! is vulnera$le when used alone and should $eco+$ined with other securit filterin!.• The wireless Service Set Identifier -SSI,. 6roadcasting

$roadcasts the identit of the networ'. Turnin! off the SSI9 +a'es thenetwor' see+ to disappear $ut this is an unrelia$le for+ of wirelessnetwor' securit.

• The !ain and si!nal pattern of the wireless antenna connected toa wireless access point can influence where the si!nal can $ereceived. *void trans+ittin! si!nals outside of the networ' area $installin! an antenna with a pattern that serves our networ' users.

Teac"ing Strategy: :ull control is an option for a folder per+ission li'e it is fora file per+ission. @e aware of an default per+issions used $ the operatin!sste+. :or e5a+ple older versions of indows would !ive everone fullcontrol of all files. Per+issions for sharin! a folder on a networ' can $edifferent fro+ folder or file level per+issions.

a! "00# p$ % of 1%




Slide 14

Slide 14 – Confi!ure :irewalls16.,.2 9escri$e confi!urin! firewall tpes@ openin! onl the re/uired ports on a firewall ou are i+ple+entin! arestrictive securit polic. *n pac'et not e5plicitl per+itted is denied. Incontrast a per+issive securit polic per+its access throu!h all ports e5ceptthose e5plicitl denied.Software firewalls usuall e5ist as a software application runnin! on theco+puter $ein! protected or as part of the operatin! sste+. There are

several thirdpart software firewalls. There is a software firewall $uilt intoindows ;P that is ena$led $ default in the indows ;P Service Pac' 2.• The easiest wa to confi!ure indows firewall is to si+pl turn it on and let

it run auto+aticall. If an application atte+pts to esta$lish a connection theuser has not authori=ed it will pro+pt the user and as' whether to allow itor not. To disa$le the firewall !o to" Start 7 Control Panel 7 Sec%rityCenter 7 0indows irewall

• The confi!uration of the indows ;P firewall can $e co+pleted in twowas"1. A%tomatically" The user is pro+pted to GJeep @loc'in!G G-n$loc'G or

G*s' Ae #aterG for an unsolicited re/uests. These re/uests +a $efro+ le!iti+ate applications that have not $een confi!ured previouslor +a $e fro+ a virus or wor+ that has infected the sste+.

2. 5anage Sec%rity Settings" The user +anuall adds the pro!ra+ orports that are re/uired for the applications in use on the networ'.

To add a pro!ra+ select"Start 7 Control Panel 7 Sec%rity Center 7 0indows irewall 7 E3ceptions7 Add Program.To disa$le the firewall select"Start 7 Control Panel 7 Sec%rity Center 7 0indows irewall .• Aan hardware firewalls can onl $e confi!ured for the ports that the

software or applications use. 9ependin! on the tpe of firewall theconfi!uration is done throu!h co++ands or <-I confi!uration screens. *ne5a+ple of a hardware firewall that can $e confi!ured throu!h a we$interface is the #in'ss device with a firewall capa$ilit.

• To confi!ure a hardware firewall ou nor+all re/uire the followin!

infor+ation"• Port tpe" TCP or -9P• Port nu+$er" 06,• Source address" &ri!inatin! IP address• 9estination address" 9estination IP address

St%dent Activity: The student course content includes the la$ 16.,.2 #a$"indows ;P :irewall. To co+plete this la$ students will e5plore the indows;P :irewall and confi!ure so+e advanced settin!s.

a! "00# p$ 10 of 1%




Slide 15

Slide 1 – Protect *!ainst Aalware16.,., 9escri$e protection a!ainst +alicious software5alware is +alicious software that is installed on a co+puter without the'nowled!e or per+ission of the user. Certain tpes of +alware such asspware and phishin! attac's collect data a$out the user that can $e used $an attac'er to !ain confidential infor+ation. Hou should run +alicious softwarescannin! pro!ra+s to detect and clean the unwanted software. It +a ta'eseveral different anti+alware pro!ra+s and +ultiple scans to co+pletel

re+ove all +alicious software"• Anti(vir%s programs tpicall run auto+aticall in the $ac'!round and

+onitor for suspected viruses. These pro!ra+s can also $e invo'ed $ theuser as needed. hen a virus is detected the user is warned and pro!ra+atte+pts to /uarantine or delete the virus.

• Anti(spyware programs scan for 'estro'e lo!!ers and other +alware soit can $e re+oved fro+ the co+puter.

• Anti(adware programs loo' for pro!ra+s that launch advertisin! popupwindows.

• P"is"ing programs $loc' the IP addresses of 'nown phishin! we$sitesand warn the user a$out suspicious we$sites.

• Phishin! attac's often arrive $ e+ail. *n official loo'in!for+ appears which as's the user to verif personal infor+ation

or account infor+ation includin! I9 nu+$ers or passwords. &ther phishin! attac's tric' the user into providin! the infor+ationneeded to clai+ a pri=e. &nce the provide their infor+ation ausers data is +ade availa$le for sale to identit thieves or if acredit card nu+$er is involved to fraudulent users.

N*TE: Aalicious software +a $eco+e e+$edded in the operatin! sste+.Special re+oval tools are availa$le fro+ the operatin! sste+ +anufacturer toclean the operatin! sste+.

Slide 16

Slide 16 – &peratin! Sste+ -pdates16.4 Perfor+ preventive +aintenance on securitSeveral +aintenance tas's are necessar to ensure that securit is effective.This section covers how to +a5i+i=e protection $ perfor+in! updates$ac'ups and reconfi!uration of the operatin! sste+s user accounts and

data. *fter co+pletin! this section students will $e a$le to +eet theseo$%ectives"• 9escri$e the confi!uration of operatin! sste+ updates• Aaintain accounts• E5plain data $ac'up procedures access to $ac'ups and secure phsical

$ac'up +edia16.4.1 9escri$e the confi!uration of operatin! sste+ updates• *n operatin! sste+ is a li'el tar!et of attac' $ecause o$tainin! control of

it can provide control of the co+puter. Jeepin! our operatin! sste+updated can prevent potential attac's.

• indows ;P auto+aticall downloads and installs updates to operatin!sste+s $ default. The followin! options availa$le in indows ;P !iveusers the a$ilit to control when software is updated"

• A%tomatic: *uto+aticall downloads and installs without userintervention.

• *nly ,ownload )pdates: 9ownload the updates auto+aticall$ut the user is re/uired to install the+.

• Notify 5e: >otif the user that updates are availa$le and !ives theuser the option to download and install.

• T%rn off A%tomatic )pdates: Prevents auto+aticall chec'in! forupdates. -pdates have to $e discovered downloaded and installed$ the user.

• If the user is on a dialup networ' the indows -pdate settin! should $econfi!ured to notif the user of availa$le updates or it should $e turned off.

a! "00# p$ 11 of 1%




Slide 17

Slide 1B – -ser *ccount Aaintenance16.4.2 Aaintain accounts• E+ploees in an or!ani=ation +a re/uire different levels of access to

data. E+ploees can $e !rouped $ %o$ re/uire+ents and !iven access tofiles accordin! to !roup per+issions.

• hen an e+ploee leaves an or!ani=ation access to data and hardwareon the networ' should $e ter+inated i++ediatel.

• Te+porar e+ploees and !uests +a need access to the networ'. hen

!uests are present the can $e assi!ned to the <uest account.Teac"ing Strategy: >etwor' users are trusted with varin! a+ounts ofinfor+ation and access to resources. hat the can access usuall dependsupon their %o$ responsi$ilities. hen a user chan!es %o$s it is i+portant to !ivethe+ access to an new resources the will re/uire to perfor+ their %o$. *t thesa+e ti+e resources the no lon!er need should $e restricted.

Slide 18

Slide 1D – 9ata @ac'ups16.4., E5plain data $ac'up procedures access to $ac'ups and securephsical $ac'up +edia

* data $ac'up stores a cop of the infor+ation on a co+puter to re+ova$le$ac'up +edia that can $e 'ept in a safe place. If the co+puter hardware failsthe data $ac'up can $e restored so that processin! can continue.9ata $ac'ups should $e perfor+ed on a re!ular $asis.

@ac'up operations can $e perfor+ed at the co++and line or fro+ a $atch fileusin! the >T@*CJ-P co++and. The default para+eters for >T@*CJ-P will$e the ones set in the indows $ac'up utilit. *n options ou want to override+ust $e included in the co++and line. The >T@*CJ-P co++and cannot $eused to restore files.• * full or nor+al $ac'up archives copies of all files on the drive.• *n incre+ental $ac'up archives copies of onl those files created or

chan!ed since the last nor+al or incre+ental $ac'up. It +ar's files ashavin! $een $ac'ed up.

• * differential $ac'up archives copies of all files created or chan!ed sincethe last nor+al or incre+ental $ac'up $ut it does not +ar' files as havin!$een $ac'ed up.

The data $ac'up +edia is %ust as i+portant as the data on the co+puter. Hou

should store the $ac'up +edia in a cli+atecontrolled offsite stora!e facilitwith ade/uate phsical securit. The $ac'ups should $e readil availa$le foraccess in case of an e+er!enc.Teac"ing Strategy: @ac'in! up PCs and networ's not onl ensures relia$ilit$ut it is also i+portant for securit. :or instance if a co+puter is stolen then arecent $ac'up can restore the data that is +issin!. It is %ust as i+portant to safe!uard $ac'up tapes as it is the ori!inal co+puters or data. @ac'ups should $e+ade on a re!ular $asis prefera$l dail. If our co+pan has a +edia rotationschedule and $ac'up schedule then si+pl follow those policies and!uidelines. If no plan e5ists for $ac'in! up data and rotatin! the $ac' up +ediathen create a schedule. *n e5a+ple is included in the course content.

Slide 19

Slide 1F – Trou$leshootin! Process16. Trou$leshoot securit

Securit is often challen!in! to trou$leshoot $ecause an issues with it areoften difficult to find dia!nose research and resolve. :ollowin! thetrou$leshootin! process will help ou in resolvin! an issues or pro$le+s withsecurit. This section uses a scenario to descri$e how to trou$leshoot securit. *fter co+pletin! this section students will +eet these o$%ectives" (eview the trou$leshootin! process.

Identif co++on pro$le+s and solutions.

*ppl trou$leshootin! s'ills

a! "00# p$ 1" of 1%




Slide 20

Slide 20 – #evelone Technician <athers 9ata16..1 (eview the trou$leshootin! processThe first step in the trou$leshootin! process is to !ather data fro+ thecusto+er. The technician +ust or!ani=e the infor+ation a$out the custo+erthe device and the reported pro$le+.Scenario: The levelone helpdes' technician receives a call and creates awor' order with the followin! infor+ation"• The custo+er cannot surf the Internet or access an resources on the

networ'.• ireless does not see+ to $e wor'in! properl at the office.• The custo+er has chec'ed all settin!s.The helpdes' technician was una$le to resolve the pro$le+ so the wor' orderis escalated to a leveltwo technician.

Slide 21

Slide 21 – &penended Kuestions16..1 (eview the trou$leshootin! process

*s a leveltwo technician ou would contact the custo+er to verif infor+ationin the wor' order and !ather additional data. ?ere are so+e openended/uestions to help ou trou$leshoot the pro$le+"• hich specific networ' resources are ou trin! to access with our

wireless sste+• *re there an networ' resources that ou can access $ wireless

• hen were ou last a$le to access the networ' usin! wireless at theoffice

• ?ow does our co+puter perfor+ usin! wireless at other locations

Slide 22

Slide 22 – #eveltwo Technician 9raws Conclusions16..1 (eview the trou$leshootin! process@ased on the infor+ation !iven $ the custo+er to the openended /uestionsthese conclusions can $e deter+ined"• In the office no resources can $e accessed.• hen operatin! awa fro+ the office no pro$le+s are e5perienced.• The pro$le+s started %ust after a new wireless router was installed.

Slide 23

Slide 2, – Closedended Kuestions16..1 (eview the trou$leshootin! process?ere are so+e closedended /uestions that a leveltwo technician +i!ht as' to!ather +ore infor+ation fro+ the custo+er in this scenario"• Is our networ' ca$le plu!!ed in• hen ou plu! in our networ' ca$le does everthin! wor' correctl:ro+ the answers to these /uestions ou deter+ine that the custo+er ise5periencin! a wireless connection pro$le+. Therefore focus our efforts on apro$le+ with wireless connectivit in the office.

a! "00# p$ 1& of 1%




Slide 24

Slide 24 – erif the &$vious Issues16..1 (eview the trou$leshootin! processThe second step in the trou$leshootin! process is to verif that the o$viousissues have $een chec'ed and are not causin! the pro$le+. In this e5a+pleou as' the custo+er the followin! /uestions to verif the o$vious issues"• 9oes the access point appear to $e on Ensure that the access point is

powered on.• hat li!hts on the access point are on or flashin!

• 9oes anone else have this pro$le+• ?ave ou $een a$le to connect to the Internet since the wireless router was

up!raded• 9oes this pro$le+ occur onl at our des' or at other areas of the office as

well This is a chec' for interference with the wireless si!nal.• ?ave ou $een a$le to connect throu!h wireless at an other locations

Slide 25

Slide 2 – Conclusions fro+ Chec'in! the &$vious16..1 (eview the trou$leshootin! processIn this case as'in! /uestions a$out the o$vious issues does not ield asolution to the users pro$le+. It does however provide the followin! valua$leinfor+ation"• The co+puter can connect successfull when usin! an Ethernet ca$le in

the office. This su!!ests that the userna+e and password are valid.

• The co+puter can connect successfull when usin! a wireless connectionat other locations. This su!!ests that the wireless card in the usersco+puter operates nor+all.

• The wireless connection will not wor' at an location in the office. Thissu!!ests that the pro$le+ is not interference.

• Since other users do not have the sa+e wireless connection pro$le+ itsu!!ests that there is a wireless confi!uration issue.

Slide 26

Slide 26 – Kuic' Solutions16..1 (eview the trou$leshootin! process>e5t ou should tr /uic' solutions to resolve the pro$le+. @ased oninfor+ation o$tained fro+ the custo+er ou can deter+ine a few /uic'solutions for the custo+er to tr.• The /uic' solutions will either resolve the issue or provide ou with

additional infor+ation to resolve the pro$le+"• Chec' the wireless si!nal stren!th at different locations in the

office.• *tte+pt to connect to the access point with securit te+poraril

turned off to see if a securit settin! is the pro$le+• The wireless si!nal stren!th see+s nor+al $ased on the wireless client

software in the users co+puter. hen the access point securit is turnedoff the custo+er can access networ' resources. This su!!ests that thepro$le+ is a confi!uration issue.

• >e5t ou should deter+ine if the pro$le+ e5ists with the custo+ers PCconfi!uration or with the networ'in! e/uip+ent confi!uration.

a! "00# p$ 14 of 1%




Slide 27

Slide 2B – <ather 9ata fro+ the Co+puter 16..1 (eview the trou$leshootin! process• There are useful utilit pro!ra+s in +ost operatin! sste+s to help

technicians to !ather infor+ation fro+ the co+puter. &ne i+portantpro!ra+ is the IP Confi!uration tool Gipconfi!G.

• Since the securit on the wireless router includes A*C $asedauthentication it is i+portant to deter+ine the A*C address of theco+puter. *s' the custo+er to perfor+ the followin! steps"

1. Select Start 7 +%n 2. Tpe cmd in the (un $o5. The Co++and #ine interface should

appear,. Enter ipconfig 8all at the co++and pro+pt. The values of the

A*C address fro+ the wireless >IC and the Ethernet >IC +a $euseful in trou$leshootin! this pro$le+. rite these down since theare lon! and difficult to re+e+$er.

• >o resolution to the pro$le+ has $een found at this point. The pro$le+ is+ost li'el to $e found in the confi!uration of the wireless access pointsecurit settin!s.

Slide 28

Slide 2D – Evaluate Pro$le+ L I+ple+ent Solution16..1 (eview the trou$leshootin! process• &nce all of the data has $een !athered evaluate the infor+ation and

research possi$le solutions. Tr a possi$le solution one at a ti+e. If thepro$le+ is corrected +ove to the ne5t step in the trou$leshootin! process.Jeep i+ple+entin! a solution $ased on our research until the pro$le+ issolved.

• In our note$oo' ou have written the followin! notes a$out thecusto+ers co+puter"

• or's usin! the Ethernet ca$le• or's usin! wireless at ho+e• 9oes not wor' when connected to the office wireless access point• or's usin! wireless when the securit is disa$led• >o one else has the pro$le+

• This is the onl co+puter that is havin! a pro$le+ on the networ'. Theco+puter can connect to the networ' when usin! the Ethernet ca$le. This

pro$le+ occurred after the new wireless access point was installed. Thepro$le+ disappears when the securit settin!s are te+poraril disa$led.This indicates that the pro$le+ is due to incorrect wireless access pointconfi!uration settin!s.

• hen ou chec' the wireless access point confi!uration ou discover thatthe A*C address filter had $een incorrectl confi!ured for this custo+er.The access point was not acceptin! si!nals fro+ the users co+puter sincethe A*C address of the co+puter was not included in the A*C addressfilter list. The pro$le+ is solved $ addin! the co+puter to the wirelessaccess point A*C address filter list.

a! "00# p$ 1' of 1%




Slide 29

Slide 2F – Close with the Custo+er 16..1 (eview the trou$leshootin! process• *fter ou have co+pleted the repair it is i+portant to discuss the results

with the custo+er and co+plete the docu+entation. This process willco+plete the trou$leshootin! steps and repair process.

• If possi$le ver$all verif the solution directl with the custo+er. If thecusto+er is availa$le allow the custo+er to de+onstrate for the+selvesthat the repair has solved the pro$le+. If the solution is accepta$le the

technician can update and close the wor' order. In so+e situations thecusto+er +a not $e a$le to co++unicate directl with the technician. Inthese cases a repair representative should infor+ the custo+er of thewor' that was perfor+ed.

• 9ocu+entation should include a restate+ent of the pro$le+ the stepsta'en in the trou$leshootin! process and the solution. Hou should alsorecord the ti+e needed to solve the pro$le+. *t a +ini+u+ two copies ofthe docu+entation should $e created one for the custo+er and one forthe technician.

Slide 30

Slide ,0 – Co++on Pro$le+s and Solutions16..2 Identif co++on pro$le+s and solutionsSecurit pro$le+s can $e attri$uted to hardware software networ's or so+eco+$ination of the three. Hou will resolve so+e tpes of securit pro$le+s

+ore often than others.&ther co++on pro$le+s and possi$le causes to consider"Pro$le+" * custo+er reports that a $ac'up that was started the ni!ht $efore isstill !oin!.• Possi$le solution" *dvise the custo+er to i+ple+ent a different tpe of

$ac'up that saves ti+e.Pro$le+" * visitin! consultant usin! a !uest account cannot access neededfiles.• Possi$le solution" <rant access to the files for the duration of the visit.

hen the consultant leaves disa$le the account.Pro$le+" * user refuses our re/uest to e+ail ou their student I9 nu+$er andpassword.• Possi$le solution" Infor+ the user that there was no such re/uest. <ather

infor+ation and warn others a!ainst this phishin! attac'.Pro$le+" * user can locate a file on the server $ut cannot download it.• Possi$le solution" Chan!e the user per+issions on this file fro+ read to

read and e5ecute.Pro$le+" * user cannot connect to the networ' usin! a wireless router evenafter the proper securit 'e has $een installed.• Possi$le solution" erif that the users A*C address is listed in the A*C

address filter ta$le.

a! "00# p$ 16 of 1%




Slide 31

Slide ,1 – :i5 a Securit Pro$le+16.., *ppl trou$leshootin! s'ills>ow that ou understand the trou$leshootin! process it is ti+e to appl ourlistenin! and dia!nostic s'ills. The first la$ is desi!ned to reinforce our s'illswith securit issues. Hou will instruct the custo+er on how to correct a securitpro$le+ that is preventin! connection to the wireless networ'.St%dent Activity: The student course content includes the la$ 16.., #a$" :i5a Securit Pro$le+. To co+plete this la$ students will !ather data fro+ the

custo+er and then instruct the custo+er on how to correct a securit issue thatis preventin! connection to the wireless networ'.St%dent Activity: The student course content includes the la$ 16.., (e+oteTechnician" :i5 a Securit Pro$le+. To co+plete this la$ students willparticipate in a rolepla activit to correct a securit pro$le+. This la$ isdesi!ned to reinforce our co++unication and trou$leshootin! s'ills withsecurit pro$le+s. In this la$ students will perfor+ the followin! steps"

• (eceive the wor' order• (esearch the pro$le+• Ta'e the custo+er throu!h various steps to tr to resolve the

pro$le+• 9ocu+ent the pro$le+ and the resolution

Slide 32

Slide ,2 – Chapter 16 Su++ar

In this chapter securit +easures for co+puter e/uip+ent and networ's weredescri$ed. This infor+ation will help ou select securit e/uip+ent andprocedures for our custo+ers. The followin! concepts were included in thischapter"• Securit re/uire+ents for custo+ers differ $ecause of $ud!et restraints

the tpe of e/uip+ent to secure and the decision re!ardin! hardware andsoftware securit.

• * securit polic should $e developed and used to deter+ine the tpe offirewall to $e installed.

• ?ardware and software securit tools are availa$le to protect data on anetwor'.

• Securit policies should $e followed $ everone in the or!ani=ation.• Preventive +aintenance is an effective part of securit.

Slide 33

Slide ,, – Instructor Trainin! *ctivities

Slide 34

Slide ,4 – *ctivities for Instructor Trainin!These activities are su!!ested for use in instructor trainin!.

1. Ta'e the Kui= provided in Chapter 16 course content.2. Collect e5a+ples fro+ the recent news of people loosin! !overn+entlaptops or copin! sensitive data in an unencrpted for+. -se these e5a+plesas discussion points in 16.1.1 &utline a local securit polic.,. Conduct Internet research to prescreen online resources for students to usein co+pletin! the wor'sheet 16.2., :irewalls.4. @rainstor+ a list of at least 4 securit pro$le+s to use for students topractice their trou$leshootin! s'ills.

a! "00# p$ 1# of 1%




Slide 35

Slide , – Instructor Trainin! 9iscussion• Share with the other instructors the list of online resources found that

students +i!ht use in co+pletin! the research portions of the wor'sheet.• Share with the other instructors the list of additional trou$leshootin!

scenarios.• Participate in a roleplain! activit of one of the trou$leshootin! scenarios.• :ollowin! the roleplain! activit discuss the different was ou +i!ht

incorporate roleplain! activities into our classroo+. Share ideas of how

to +a'e the student successful in these activities.

Slide 36

Slide ,6 – *dditional (esources• #in'ss" #earnin! Center http"))www.lin'ss.co+ • ?o+e PC :irewall <uide http"))www.firewall!uide.co+ • ?owStuffor's" Its <ood to Jnow

http"))co+puter.howstuffwor's.co+)firewall.ht+ • -nited States Co+puter E+er!ence (eadiness Tea+" C$er Securit

Tip http"))www.uscert.!ov)cas)tips)ST04004.ht+l • Aicrosoft" Securit at ?o+e" :irewall :*Ks

http"))www.+icrosoft.co+)atho+e)securit)protect)firewall.+sp5 • Consu+erSearch" :irewalls (eviews @est :irewalls 79ece+$er 20068

http"))www.consu+ersearch.co+)www)software)firewalls)inde5.ht+l • Aatousec" Co+parison of Top :ive Personal :irewalls 7&cto$er 20068

http"))www.+atousec.co+)pro%ects)windowspersonalfirewallanalsis)topfiveco+parison.php

• Co+puter Shopper PC P(& -J" Personal :irewalls 7Mune 20068http"))www.pcpro.co.u')shopper)la$s)222)softwarela$spersonalfirewalls)introduction.ht+l

• Infor+ation ee'" Safet :irst" :irewalls for Hour 9es'top PC7*u!ust 20068 http"))www.infor+ationwee'.co+)software)show*rticle.%ht+larticleI9N1F220124B

• hatisco+" IT Encclopedia and #earnin! Center http"))whatis.co+ • TechTar!et" The Aost Tar!eted IT Aedia http"))techtar!et.co+ • O9>et" Tech >ews @lo!s and hite Papers for IT Professionals

http"))www.=dnet.co+ • C>ET.co+ http"))www.cnet.co+ • PC orld http"))www.pcworld.co+ • Co+puterorld http"))www.co+puterworld.co+ • I(E9 >ES http"))www.wired.co+ • eEEJ.co+ http"))www.ewee'.co+

Slide 37

Slide ,B – K and *

a! "00# p$ 1( of 1%

http://www.linksys.com/

http://www.firewallguide.com/

http://computer.howstuffworks.com/firewall.htm

http://www.us-cert.gov/cas/tips/ST04-004.html

http://www.microsoft.com/athome/security/protect/firewall.mspx


http://www.consumersearch.com/www/software/firewalls/index.html

http://www.matousec.com/projects/windows-personal-firewall-analysis/top-five-comparison.php


http://www.pcpro.co.uk/shopper/labs/222/software-labs-personal-firewalls/introduction.html



http://www.informationweek.com/software/showArticle.jhtml?articleID=192201247




http://whatis.com/

http://whatis.com/

http://techtarget.com/


http://www.zdnet.com/

http://www.cnet.com/


http://www.pcworld.com/



http://www.computerworld.com/


http://www.wired.com/


http://www.eweek.com/


http://www.linksys.com/

http://www.firewallguide.com/

http://computer.howstuffworks.com/firewall.htm

http://www.us-cert.gov/cas/tips/ST04-004.html


http://www.consumersearch.com/www/software/firewalls/index.html







http://whatis.com/


http://www.zdnet.com/









Slide 38

ITE PC v40 Chapter16 SpkrNotes

Documents

Transcript of ITE PC v40 Chapter16 SpkrNotes