CIT 1100. In this chapter you will learn how to: Explain the threats to your computers and data Describe key security concepts and technologies.

CIT 1100

Local Security

In this chapter you will learn how to: Explain the threats to your computers and data

Describe key security concepts and technologies

Local Security

Threats to your data and PC come from two directions: accidents and malicious people Accidents happen, and even well-meaning

people can make mistakes This chapter examines the following issues:

◦ Unauthorized access◦ Social engineering◦ Data destruction - accidental or deliberate◦ Administrative access◦ Catastrophic hardware failures◦ Theft◦ Viruses/spyware

Analyzing Threats

Unauthorized access occurs when a person accesses resources without permission Not all unauthorized access is malicious- this problem

arises when users randomly poking around in a computer discover that they can access resources they shouldn’t

Unauthorized access becomes malicious when outsiders knowingly take advantage of weaknesses in your se curity to gain information, use resources, or destroy data!

One way to gain unauthorized access is through intrusion

You might imag ine someone kicking in a door and hacking into a computer, more often than not it's someone sitting at a home computer, trying various passwords over the Internet

Unauthorized Access

Dumpster diving is the generic term for anytime a hacker goes through your refuse, looking for information which is also a form of intrusion The amount of sensitive information that

makes it into any organization's trash bin boggles the mind!

When it comes to getting information, the trash is the place to look!

Unauthorized Access

Most of attacks that result in a loss of data come under the heading of social engineering, using people inside the networking environ ment to gain access Unauthorized information may be a network

login, credit card numbers, company customer data , social security numbers

It's common for social engineering attacks to be used together, if you discover one of them being used against your organization, it's a good idea to look for others

Social Engineering

Hackers can physically enter your building under the guise of someone who might have a legitimate reason for being there Dressing the part of a legitimate user with

fake badge enables malicious people to gain access to locations and thus potentially your data

Following someone through the door is a very common method referred to as Tailgating

Infiltration

The telephone scam is a very common social engineering attack, the attacker makes a phone call to someone in the organization to gain information Calling the help desk to acquire “forgotten”

password information Similar to telephone scams is a technique

called Phishing, trying to acquire user names password or other secure information using e-mail

Telephone Scams

Data destruction means more than just intentionally or accidentally erasing or corrupting data Authorized us ers with access to certain data then uses

that data beyond what they are authorized to do "If I wasn't allowed to change it, the system wouldn't let me do it!" is too often the response

Every operating system enables you to create user accounts and grant those accounts a certain level of access to files and folders in that computer

Administrator, supervi sor, or root user, have full control over just about every aspect of the computer, be certain the people with this access are capable

Data Destruction

You need to create redundancy in areas prone to failure (such as installing backup power in case of electrical failure) and perform those all-important data backups Keep track of where you store the discs or

hard drives used to back up your computer Loss of backup materials can be truly

catastrophic

System Crash/Hardware Failure

Once you've assessed the threats to your computers and networks, you need to take steps to protect those valuable resources

If you can control access to the data, programs, and other computing resources, you've secured your systems

Access control is composed of four interlinked areas:◦ Physical security◦ Authenti cation ◦ Users and groups◦ Security policies

Security Concepts and Technologies

The first order of security is to block access to physical hardware from people who shouldn't have access Don't leave a PC unat tended when logged in If you see a user's computer logged in and

unattended, lock the computer To lock a computer press the WINDOWS

LOGO KEY-L combination on the keyboard to lock the system the user must login to re-enter

Secure Physical Area

Security starts with authentication, which is how the computer determines who can access it and what that user can do There are two methods of authenticating,

software and hardware Software authentication requires the use of a

Strong password 8 characters including numbers, letters and punctuation

Hardware Authentication Smart cards and biometric devices enable modern systems to authenticate users

Authentication

The file system on a hard drive matters a lot when it comes to security On a Windows machine with multiple users,

you should use NTFS rather than Fat32 or you have no security at all

NTFS enables you to encrypt files and folders to better protect them from potential hackers

Primary drives and any secondary drives in computers in your care should be formatted as NTFS

Filesystems

Windows uses user accounts and groups as the basis of access control A user ac count is assigned to a group, such

as Users, Power Users, or Administrators, and by as sociation gets proper permissions on the computer

Using NTFS enables the highest level of control over data resources

Assigning users to groups is a great first step in controlling a local machine

Users and Groups

Access to user accounts should be restricted to the assigned individuals, and those who configure the permissions to those accounts Accounts should have permission to access

only the resources they need and no more Tight control of user accounts is critical to

preventing unauthorized access Dis abling unused accounts is an important

part of this strategy

User Account Control Through Groups

Setting up Groups to Simplify Administration Define the new Groups:

◦ Sales◦ Management

Default Groups: ◦ Everyone◦ Users◦ Guests

Assigning permissions to a group in Win 7

Too generic for our example

Members of the Sales Group are able to view Customer account information and prices.

Members of the Management group can modify Customer account information and pricing

Parental Controls allows you to monitor and limit the activities of any standard user in Windows 7/ Vista Giving parents and managers a level of control over

the content their children and employees can access Activity Re porting logs show:

◦ Applications run or attempted to run ◦ Web sites visited or attempted to visit ◦ Files downloaded and more

Block various Web sites by type or URL Allow only certain Web sites, a far more powerful

option Limit the time users can log in

Parent Control

To report any security issues so a network administrator or technician can address them, there are two tools within Windows so that the OS reports problems to you- Event Viewer: to view application or system

errors for troubleshooting Auditing: create an entry in a Security Log

when certain events happen

Reporting

The most common use for Event Viewer is to view application or system errors for troubleshooting

Event Viewer

From the Control Panel select System and security

Select Administrative Tools

Select Event Viewer

Errors will be show as Event Types

Event Viewer also allows you to click a error link to take you to the online Help and Support Center at Microsoft.com which gives a detailed explanation of the error and suggests fixes

Incidence reporting after gathering data about a particular system or network problem, you may need to follow up with an incident report Incidence Reports are useful in a couple of

ways: First it provides a record of work completed Second it provides information when combined

with other information may reveal a pattern The Event Viewer is a useful tool for creating

incident reports

Incidence Reporting