PC Support & Repair Chapter 12 Security 9 days including study guide and test
Objectives After completing this chapter, you will meet these objectives: Explain why security is important. Describe security threats. Identify security procedures. Identify common preventive maintenance techniques for security. Troubleshoot security. This chapter reviews the types of attacks that threaten the security of computers and the data contained on them. A technician is responsible for the security of data and computer equipment in an organization. You will learn how to work with customers to ensure that the best possible protection is in place. To successfully protect computers and the network, a technician must understand both physical and data threats.
Security threats 12.1
Malware Any software to create malicious acts Adware, spyware, grayware, viruses, worms, Trojan horses, rootkits Usually installed without user knowledge Open extra windows, changes computer’s config, redirect browser, collect info, etc.
Type of Malware: VIRUS Virus Transferred through email, flash drives, file transfers, IM When file is access, virus executes
Type of Malware: TROJAN HORSE Looks ok but has malicious code Often in free online games Can open a hole in software for an attack Example: You download a free game on your phone and then your phone starts dialing random numbers or downloads weird stuff on its own.
Type of Malware: WORMS Self-replicating program Duplicates across network w/out you knowing Doesn’t need to attach to program Ties up network bandwidth & prevent users from doing normal stuff Gets in from unpactched software Worms typically spread by automatically exploiting known vulnerabilities in legitimate software.
Type of Malware: ADWARE Displays ads on computer Usually in pop ups Pops up faster than you can close Comes in software you download
Type of Malware: SPYWARE Software installed w/out you knowing Intercepts & collects data; gets passwords Gathers info about you & sends it to someone else w/out your consent Gather browsing data Steal personal or financial info After spyware is installed and run, it monitors activity on the computer. The spyware then sends this information to the individual or organization responsible for launching the spyware.
Type of Malware: RANSOMWARE Similar to adware Denies access to computer Demands a paid ransom to get PC control back
Type of Malware: ROOTKITS Gains administrator-level access to computer Uses known vulnerability or password to get admin access Very difficult to detect; almost invisible to anti-malware software Has the rights to control and modify security programs Installed in the boot sector BIOS boots system from rootkit Thinks rootkit is the OS Rootkit runs in RAM May have to reinstall OS to get rid of it Since it runs in RAM before the OS boots, it’s completely invisible to anti-malware
Solution to Malware To detect, disable, and remove malware before it infects a computer, always use antivirus software, antispyware, and adware removal tools These software programs become outdated quickly It is the responsibility of the technician to apply the most recent updates, patches, and virus definitions as part of a regular maintenance schedule Many organizations establish a written security policy stating that employees are not permitted to install any software that is not provided by the company.
Activity
Activity- ANSWERS
Review- 5Q What type of threat installs software on your PC to monitor your activity? Spyware What is the most difficult threat to protect against because it installs in the boot sector? Rootkit What places ads on the desktop without you doing anything? Adware Name two types of malware. Adware, spyware, virus, worm, Trojan, rootkit What program is self-replicating? Worm
Review- 4Q Which attack comes by email and directs you to a web page to enter personal info? Phishing Which software is installed on your computer w/out your knowing when you download a program and it displays product “windows” on the screen? Adware What ties up the networks bandwidth? Worm How do you make sure your AV software can protect you from the latest viruses? Download the latest virus updates
Threat: PHISHING Email, phone, or text to get personal or financial information Can also be used to persuade users to unknowingly install malware on their computers Looks legit Bank Ask to verify password or account to prevent something bad from happening Through link to real-looking web page Spear phishing When a phishing attack is targeted at a specific individual or organization Organizations must educate their users regarding phishing attacks. There is rarely a need to provide sensitive personal or financial information online. Legitimate businesses will not ask for sensitive information through email. Be suspicious. When in doubt, make contact by mail or phone to ensure the validity of the request.
Threat: SPAM Unsolicited junk mail Can be for ads or include harmful links or malware Goal is to get sensitive info Sent out by compromised PCs to others Reduced by ISP filter, antivirus software, email programs that filter it Watch for email with: No subject line Misspelled words & strange punctuation Long, cryptic hyperlinks Request to open an attachment Organizations must also make employees aware of the dangers of opening email attachments that may contain a virus or a worm. Do not assume that email attachments are safe, even when they are sent from a trusted contact. The sender’s computer may be infected by a virus that is trying to spread itself. Always scan email attachments before opening them.
Threat: (DoS) DENIAL OF SERVICE ATTACK Overload a system so it can’t do its normal work Crash or flood server Regular Example: You go to bank to cash a check Bank is filled with people who don’t even have a bank account They are just there to disrupt normal service Prevents users from accessing services on network; System is busy responding to the large amounts of requests; Resources get overloaded & shut down PING OF DEATH Many, large pings EMAIL BOMB Large amounts of bulk email overloads server
Threat: (DDOS) DISTRIBUTED DENIAL OF SERVICE ATTACK Uses infected “zombie” or “botnet” computers to launch attacks Zombies are all over the place; can’t trace Botnets are used to accept and pass on attacks/viruses.
Threat: SYN FLOOD A SYN request initializes TCP communication Ties up the server bc it replies to nothing Others are denied service
Threat: SPOOFING Computer pretends to be a trusted computer to gain access to resources IP spoofing- hiding the source IP MAC spoofing- mainly used in wireless networks to avoid MAC filtering
Threat: MAN-IN-THE-MIDDLE ATTACK Intercepting communications between computers to steal information traveling through the network Could also be used to manipulate messages and relay false information between hosts
Threat: REPLAY ATTACK Hacker sniffs packets to get authentication info Then hacker uses info to connect to server Replay attack- server thinks it’s the last client & will connect
Threat: DNS POISONING DNS records are changed to point to imposter server User attempts to access a legitimate site, but traffic is diverted to an imposter site Imposter site used to capture confidential information, such as usernames and passwords
Threat: ZERO DAY ATTACK A hole in software that is unknown to the vendor Security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it
THREAT: SOCIAL ENGINEERING An attempt to fraudulently get sensitive info from users Usernames, passwords, credit card #, account #, ss #, etc. They pretend to be a trustworthy person
Social Engineering Techniques Pretexting Pretends to need personal info to confirm identity of recipient Phishing Spear Phishing Targeted phishing attack Tailgating Following an authorized person into secure area There’s also: Shoulder surfing Looking over someone’s shoulder to get the info Eavesdropping Listening to conversations to get the info Dumpster diving Looking for trash with info on it
Attack!
Attack again!
What’s your password? https://youtu.be/opRMrEfAIiI
Preventing Social Engineering Attacks The end user is the weak link Teach users: Never give out your login credentials Never post credential information in your work area Lock your computer when you leave your desk Implement an access or entry control roster listing who is permitted in Do not let anyone follow you through a door that requires an access card Always ask for the ID of unknown persons Restrict access to visitors Escort all visitors
Activity- NOT ALL ARE USED
Activity- ANSWERS
Review- 4Q What kind of attack uses zombie computers to attack another system? DDoS How do DoS and DDoS attack a server? They overload it so the server cannot do its normal functions; possibly crashes Which attack tricks you into entering your personal info through email and a spoofed web site? Phishing What attack gets the info before it gets to its destination? Man-in-the-middle
Review- 3Q A visitor at your work looks over your shoulder & sees your password. They then go home & use it to access the network. What is this called? Social engineering What is the best way to prevent social eng.? Train staff What kind of attack is when a hole in software is found and is taken advantage of before it gets patched? Zero day attack
Security procedures 12.2
Create a Security Policy
Local Windows Security Policy In Active Directory networks, Windows policies are set on server & are active when user logs in On stand-alone computers: Control Panel > Administrative Tools > Local Security Policy On a domain: use gpedit.msc to edit group policy. Could search for secpol.msc in Search. Windows 10 Home edition does not come with Local Security Policy. You can save and export the policy.
Username & Password Change defaults Use a standard naming convention for users EX: jsmith Don’t use other users login info BIOS password Local PC password Network password 2nd to last picture is local security policy password settings. Password must meet complexity requirements - The password must not contain the user's account name or parts of the user's full name that exceed two consecutive characters. The password must contain three of the following four categories: uppercase letters, lowercase letters, numbers, and symbols. Store passwords using reversible encryption - Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information. Last picture is Account Lockout Policy:
Local Windows Password Create a Windows password Lock PC when not around it or set screen saver with login
Activity TestOut Lab 12.5.4 Configure BIOS/UEFI Security TestOut Lab 12.7.5 Enforce Password Settings
Web Security Browser settings: ActiveX Filtering Pop-up Blocker SmartScreen Filter Detects phishing & malicious items on websites InPrivate Browsing Like Chrome’s incognito mode Internet Explorer uses ActiveX to load other media-rich software applications in the browser. These were reused across sites and if you okay’d one, it could be loaded maliciously from another website.
Protect Data Software Firewall Smart Card Biometrics Key fob Allows/denies traffic to & from network Smart Card Plastic card with chip Stores information Biometrics Fingerprint, eye, facial, etc. Key fob
Data Backups Full weekly or monthly Should be stored off-site Then frequent partial Should be stored off-site Protect backup with password Check to make sure backup is good
File and Folder Permissions Right-click the file or folder and select Properties > Security > Edit… Level Description Full Can do everything Modify Change & delete but NOT create new Read and Execute Can see contents & run Read Can see & open Write Can create & make changes
File & Folder Encryption- EFS EFS (Encrypting File System) in Windows Can encrypt files or folders Can only be opened by the user who encrypted them or by an administrator Right-click on file/folder, Properties, Advanced, Encrypt Encrypted files will be green
Data Encryption- BitLocker in Windows Used to encrypt entire hard drive 1st- initialize TPM in BIOS 2nd- turn on BitLocker in Control Panel Needs a TPM (Trusted Platform Module) on the motherboard to store the encrypted keys OR a flash drive to store the keys To use BitLocker, at least two volumes must be present on a hard disk. A system volume is left unencrypted and must be at least 100 MB. This volume holds the files required by Windows to boot. TPM is a chip on the motherboard. Note: BitLocker encryption can also be used with removable drives by using BitLocker To Go. BitLocker To Go does not use a TPM chip, but still provides encryption for the data and requires a password.
Hardware Destruction Data wiping Hard drive destruction Used to remove sensitive data Formatting is not enough Overwrites data multiple times Hard drive destruction Shatter platters with hammer Shred CD’s & floppies Hard drive recycling (no sensitive data) Format & reuse or donate Deleting files from a hard drive does not remove them completely from the computer. The operating system removes the reference to the file in the file allocation table, but the data remains. This data is not completely removed until the hard drive stores other data in the same location, overwriting the previous data. To wipe data: use data wiping software or a degaussing wand on magnetic drives. An SSD should use Secure Erase. Secure erase software takes a long time to erase a disk. Many programs offer multiple choices for overwriting data. Special patterns of 1s and 0s, mathematical algorithms, random bits, and multiple overwrites can be used. Degaussing disrupts or eliminates the magnetic field on a hard drive that allow for the storage of data. An electromagnet is a magnet, that when a current is applied, its magnetic field becomes very strong. A degaussing tool can cost US$20,000 or more, so it is not a practical solution for most users. It takes about 10 seconds to degauss a hard drive, so it can save a lot of time and money if a large number of hard drives need to be securely erased. There are also degaussing wands that can be used for smaller jobs, as shown in Figure 1. A degaussing wand uses powerful magnets instead of electromagnets and costs much less. To use a degaussing wand, a hard drive must be disassembled and the platters exposed to the wand for approximately 2 minutes.
Activity
Activity- ANSWERS
Activity TestOut Lab 12.3.6 Require a Screen Saver Password TestOut Lab 12.8.4 Encrypt Files TestOut Lab 12.10.4 Configure the Windows Firewall
Review- 3Q A fingerprint reader is what kind of security? Biometrics Where should backups be stored? Off-site The IRS is replacing their computers. What should you do to the old hard drives to protect any sensitive data before you recycle the PC’s? Destroy with a hammer or degausser
Security techniques 12.2
Protection Antivirus Software Spyware protection Adware protection An antivirus program runs automatically in background & monitors for problems When virus is detected, user is warned & program attempts to quarantine or delete virus Spyware protection Antispyware programs scan for keyloggers, which capture your keystrokes, and other malware so that it can be removed Adware protection Anti-adware looks for programs that display ads on computer Phishing protection Antiphishing programs block the IP addresses of known phishing websites and warn you about suspicious websites Watch out for the Rogue Antivirus software!!!
Removing a Virus Identify what’s happening Disconnect from the network Let IT know Boot to Safe Mode & scan (or install AV) May need Safe Mode with Networking Use other tools Delete system restore files after cleaned Customer in a hurry? Remove HD & connect to external dock Copy data they need to another PC
Signature File Updates Get your updates for your AV software Auto update
Wireless Security Disable SSID (Service Set Identifier) Change & disable the broadcast MAC address filter Only listed MAC addresses allowed/prevented Encrypt & authenticate data WEP (weak) WPA (better) WPA2 (best) Turn WPS off (easy brute force attack) Many routers offer WiFi Protected Setup (WPS). WPS allows very easy WiFi security setup. With WPS, both the router and the wireless device will have a button that, when both are pressed, automatically configures WiFi security between the devices.
Review- 4Q To secure your wireless network you should disable this & enable this… Disable the SSID broadcast Enable WPA2 encryption T or F. Passwords should be text only. T or F. You should set a password lockout rule. What hardware/software security method on the motherboard supports storing encryption keys, digital certificates, and passwords? TPM
Review- 3Q What was the 1st wireless encryption, which is also the weakest? WEP What security method has a chip on a card? Smart Card What wireless security method will ensure ONLY your computers are accessing the network? MAC address filtering
Hardware firewalls 12.2
Hardware Firewall Configurations Integrated into SOHO routers Packet filtering Every packet inspected Must match rule for allow or deny Based on protocols/ports in/out SPI (Stateful Packet Inspection) Packets must be part of a known connection Proxy Server Inspects all packets against rules
DMZ Demilitarized Zone If you have a server that needs to be accessed from the outside world, place it in a zone that is not in your network Prevents attacks from getting in the LAN.
Port Forwarding Specific ports must be opened so that certain applications can communicate with devices on different networks Port forwarding is a rule-based method of directing traffic to a certain device in the network Used in gaming or security cameras Port triggering will do the same but for a specific device.
Activity Packet Tracer Lab 12.2.5.8 Configure Wireless Security
Protecting Equipment Physical Access Cable locks Locked rooms Security cages Alarms Web cams RFID tags Access Multifactor authentication Disable AutoRun & AutoPlay
Preventive maintenance for security 12.3
Common Preventive Maintenance Techniques Download OS service packs & patches Make regular data backups Enable Windows Firewall & manually add ports Maintain accounts Group users; disable employee accounts when they leave; login times, etc.
Common problems for security 12.4
Common Problems
PC Support & Repair Chapter 12 Security 9 days including study guide and test