Download presentation
1
Security Awareness: Applying Practical Security in Your World
Chapter 2: Personal Computer Security
2
Objectives Define physical security and explain how to apply it
List the different types of data security Work with operating system security Security Awareness: Applying Practical Security in Your World
3
Personal Computer Security
Ensuring physical security of personal computers is one of the basic lines of defense Users tend to focus on one or two defenses Personal computer security: Physically secure Data secured on the personal computer Operating systems and software secured Security Awareness: Applying Practical Security in Your World
4
Physical Security Physical Security The process of protecting the computer itself Goal: prevent unauthorized users from reaching the equipment to use, steal or vandalize it Frequently overlooked security process Two types of PC equipment to be protected: Desktop Portable Security Awareness: Applying Practical Security in Your World
5
Protecting Desktop Equipment
Desktop equipment Equipment located in an office or not regularly moved to other locations Door locks are first line of defense Defended by: What you have What you know What you are (See Figure 2-1) Security Awareness: Applying Practical Security in Your World
6
Protecting Desktop Equipment
Figure 2-1 Security Awareness: Applying Practical Security in Your World
7
Using What You Have to Provide Protection
Door locks protect based on what you have: A KEY! Two types of door locks: Preset (or key-in-knob) lock Deadbolt lock Security Awareness: Applying Practical Security in Your World
8
Using What You Have to Provide Protection (continued)
Preset lock Deadbolt lock Security Awareness: Applying Practical Security in Your World
9
Door Lock Best Practices
Procedure to monitor use of locks and keys Keep track of keys issued Keep records of who uses and turns in keys Inspect locks regularly Change locks immediately upon theft or loss of keys Security Awareness: Applying Practical Security in Your World
10
Door Lock Best Practices (continued)
No markings identifying master keys Only issue keys to authorized persons Keys not in use must be secured in a locked safe Mark master keys with “Do Not Duplicate” and erase manufacturer’s serial numbers Security Awareness: Applying Practical Security in Your World
11
Using What You Know to Provide Protection
Cipher lock Use buttons that must be pushed in correct sequence to grant access What you know: COMBINATION Security Awareness: Applying Practical Security in Your World
12
Using Who You Are to Provide Protection
Biometrics Using unique human traits to authenticate Traits that can be used: Fingerprint Face Hand Iris Retina Voice Fingerprint matching is most common Different methods of scanning Biometrics weaknesses: expensive, difficult to use, and prone to errors and security breach Security Awareness: Applying Practical Security in Your World
13
Using Who You Are to Provide Protection (continued)
Fingerprint Scanner Figure 2-5 Security Awareness: Applying Practical Security in Your World
14
Using Who You Are to Provide Protection (continued)
Ridge points Selected locations Security Awareness: Applying Practical Security in Your World
15
Protecting Portable Equipment
Portable equipment is designed to be mobile Requires different steps to secure Device locks (See Figure 2-8) Notebook safes (See Figure 2-9) Stealth signal transmitter Software installed that cannot be detected If stolen, the transmitter sends a signal to the monitoring center when it connects to the Internet Signal can be analyzed to track down the device Security Awareness: Applying Practical Security in Your World
16
Protecting Portable Equipment (continued)
Device lock Notebook safe Security Awareness: Applying Practical Security in Your World
17
Data Security Data security More important than physical security
Data is more valuable than devices Two methods to secure data: Cryptography Scrambles data so no one can read it Access controls Restricts who has access to the data Security Awareness: Applying Practical Security in Your World
18
Cryptography Cryptography Science of transforming information so it is secure during transmission or storage Encryption: Changing original text into a secret, encoded message Decryption: Reversing the encryption process to change text back to original, readable form Security Awareness: Applying Practical Security in Your World
19
Cryptography (continued)
Public and Private Keys Private Key System (See Figure 2-10) Same key used to encrypt and decrypt messages Key must remain secret Distributing the private key can be difficult Public Key System (See Figure 2-11) Public key used to encrypt (Key openly distributed) Private key used to decrypt (Key must remain secret) Eliminates the need for secret distribution of keys Security Awareness: Applying Practical Security in Your World
20
Cryptography (continued)
Figure 2-10 Security Awareness: Applying Practical Security in Your World
21
Cryptography (continued)
Figure 2-11 Security Awareness: Applying Practical Security in Your World
22
Digital Signatures Digital signature Public key system used to prove that the person sending the message is who they claim to be Sender creates digital signature using their private key before encrypting the message with the receiver’s public key (See Figure 2-12) Security Awareness: Applying Practical Security in Your World
23
Cryptography (continued)
Figure 2-12 Security Awareness: Applying Practical Security in Your World
24
Digital Certificates Digital certificate Links or binds a specific person to a public key Issued by a Certificate Authority (CA) Public keys that have been digitally signed by a trusted third party (the CA) that attests to the identity of the key owner Security Awareness: Applying Practical Security in Your World
25
Authentication Authentication Confirms the identity of the person requesting access Passwords Biometrics Tokens Smart cards Security Awareness: Applying Practical Security in Your World
26
Authentication (continued)
Passwords Secret combination of words or numbers that identify the user Used in combination with usernames (See Figure 2-13 at right) First line of defense WEAK SECURITY Security Awareness: Applying Practical Security in Your World
27
Authentication (continued)
Password shortcuts that compromise security: Short passwords Common word passwords Personal information password Same for all accounts Located (written down) under mouse pad or keyboard A stale, unchanged password Security Awareness: Applying Practical Security in Your World
28
Authentication (continued)
Techniques for choosing hard-to-crack passwords that are easy to remember: Long phrases Substitute special characters Replace letters with numbers Group multiple accounts by security level Choose same password, but make increasingly difficult to crack depending on security level Do not write down passwords on paper Password protected document (See Figure 2-14) Security Awareness: Applying Practical Security in Your World
29
Authentication (continued)
Password Options Figure 2-14 Security Awareness: Applying Practical Security in Your World
30
Authentication (continued)
Fingerprint scanner Biometrics Biometrics used for door locks, can also be used for access control to personal computers Fingerprint scanners (See Figure 2-15) Security Awareness: Applying Practical Security in Your World
31
Authentication (continued)
Tokens Security device that authenticates the user by embedding the appropriate permission in the token itself What you have (token) + What you know (password or PIN) = ACCESS GRANTED Security Awareness: Applying Practical Security in Your World
32
Authentication (Cont.)
Smart Cards Contains a chip that stores the user’s private key, login information and public key digital certificate Can be either credit cards or USB tokens (See Figure 2-16 below) Security Awareness: Applying Practical Security in Your World
33
Operating System Security
Modern operating systems have sophisticated security enhancements Most of these security tools not implemented by users—off by default Operating system hardening Process of making a PC operating system more secure Patch management Antivirus software Antispyware software Permissions Security Awareness: Applying Practical Security in Your World
34
Patch Management Patches Updates to software to correct a problem or weakness Critical step in securing a system Generally not automatically installed User must download and install (See Figure 2-17) or give specific permission for automatically downloaded patches to be installed Security Awareness: Applying Practical Security in Your World
35
Patch Management Figure 2-17
Security Awareness: Applying Practical Security in Your World
36
Patch Management (continued)
Patch management Describes the tools, utilities, and processes for keeping patches up-to-date Different types of software updates (See Table 2-1) Weakness of patch management: often up to the user to download and install the patch Automated patch management is becoming more prevalent Security Awareness: Applying Practical Security in Your World
37
Patch Management (continued)
Table 2-1 Security Awareness: Applying Practical Security in Your World
38
Antivirus and Antispyware Software
Antivirus software Works with the operating system to identify and destroy viruses Antivirus software companies regularly create updates to detect and destroy the latest viruses Definition files or signature files Antispyware software Software that disinfects a computer from spyware and monitors any spyware activity Spyware not only tracks what the user is doing, but can be used by hackers to identify security weaknesses Security Awareness: Applying Practical Security in Your World
39
Shares Share Any object that is shared with others
Necessary for today’s networked computers, but can open security weaknesses if not done correctly General rules for setting up shares: Determine who needs access and what level Use groups and assign permissions to the group rather than individuals Assign most restrictive permissions that still allow users to perform necessary tasks Organize resources Security Awareness: Applying Practical Security in Your World
40
Summary Physical security is protecting the computer and equipment itself. Easily and often overlooked area of personal computer security. One primary goal: prevent unauthorized users from reaching the equipment to steal, use or vandalize it. Door locks are the first line of defense in physical security. The steps taken to protect portable devices are different, because they are designed to be moved. Security Awareness: Applying Practical Security in Your World
41
Summary (continued) Data security is as important as physical security. Two procedures used to secure data: Cryptography Science of transforming information so that it is secure during transmission or storage Restrict users from accessing the data using a variety of tools Passwords—Biometrics—Tokens—Smart cards are examples of the tools used for authentication of identity Security Awareness: Applying Practical Security in Your World
42
Summary (continued) Operating system hardening is the process of making a PC operating system more secure Patch management Antivirus software Antispyware software Setting correct permissions for shares Security Awareness: Applying Practical Security in Your World
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.