Download File - IT Essentials Pc: Hardware/ software

Name ________________________________________________________ Date __________________
Chapter 10: Security
After completion of this chapter, students should be able to:









Explain why security is important and describe security threats.
Explain social engineering, data wiping, hard drive destruction and recycling.
Identify security procedures.
Explain what is required in a basic security policy and describe ways to protect data.
Describe wireless security techniques
Explain the tasks required to protect physical equipment.
Identify common preventive maintenance techniques for security.
Explain measures to maintain operating systems, backup data, configure firewalls, and maintain
accounts.
Apply the six steps of the troubleshooting process to security.
10.0 Security
1. Where can threats to security come from?
from the inside or outside of an organization, and the level of potential damage can vary greatly:
2. What are the two types general threats to computer security? Give examples of each.
Internal threats, External threats
10.1 Security Threats
3. What is Malware and what does it do?
Malware is any software created to perform malicious acts. Malware includes adware, spyware,
grayware, viruses, worms, Trojan horses, and rootkits. Malware is usually installed on a computer
without the knowledge of the user.
4. How Malware is typically installed?
without the knowledge of the user.
5. Differentiate the following types of Malware:
a. Adware-Adware is a software program that displays advertising on your computer.
Adware is usually distributed with downloaded software.
b. SpywareSpyware is similar to adware. It is distributed without user intervention or knowledge.
c.
Grayware- Grayware is similar to adware. Grayware may be malicious and is
sometimes installed with the user’s consent.
Chapter 10: Security
IT Essentials 5.0
Page 1 of 13
6. Explain what is Phishing and give an example:
Phishing is where the attacker pretends to represent a legitimate outside organization, such as a bank.
7. How is a virus transferred to another computer?
email, file transfers, and instant messaging.
8. Explain how does a virus typically work?
The virus hides by attaching itself to computer code, software, or documents on the computer.
9. What is considers the most potentially damaging type of virus and why?
One of the most damaging types of virus is used to record keystrokes.
10. What is a worm and explain how is a worm different from a virus?
A worm is a self-replicating program that is harmful to networks. A worm uses the network to duplicate its
code to the hosts on a network, often without user intervention
11. Explain how even if the worm does not damage data or applications on the hosts it infects, it
is harmful to networks because it:
A worm is different from a virus because it does not need to attach to a program to infect a host. Worms
typically spread by automatically exploiting known vulnerabilities in legitimate software.
12. What is a Trojan threat and where are they found?
A Trojan is malicious software that is disguised as a legitimate program. A Trojan threat is hidden in
software that appears to do one thing, but behind the scenes it does another
13. Trojans are often disguised as what?
a legitimate program
14. How much do computer viruses cost business annually? (search this)
$114 Billion per year
15. Explain what is Virus protection software and what does it do?
Virus protection software, also known as antivirus software, is designed to detect, disable, and
remove viruses, worms, and Trojans before they infect a computer. However, antivirus software
Chapter 10: Security
IT Essentials 5.0
Page 2 of 13
becomes outdated quickly, and it is the responsibility of the technician to apply the most recent
updates, patches, and virus definitions as part of a regular maintenance schedule.
16. What makes a Rootkit especially difficult to deal with?
Special rootkit removal software can be used to remove some rootkits, but sometimes a re-installation of
the operating system is necessary to ensure that the rootkit is completely removed.
17. What are five examples of web tools (just list) and explain how can attackers use them?
ActiveX - Technology created by Microsoft to control interactivity on web pages. If ActiveX is enabled on a
web page, an applet or small program must be downloaded to gain access to the full functionality.
Java - Programming language that allows applets to run within a web browser. Examples of Java applets
include a calculator or a page-hit counter.
JavaScript - Programming language developed to interact with HTML source code to allow websites to be
interactive. Examples include a rotating banner or a pop-up window.
Adobe Flash - Multimedia tool used to create interactive media for the web. Flash is used for creating
animation, video, and games on web pages.
Microsoft Silverlight - Tool used to create rich, interactive media for the web. Silverlight is similar to Flash
with many of the same features.
18. What is InPrivate browsing and what are two ways to activate it in Internet Explorer?
InPrivate browsing prevents the web browser from storing the following information: Usernames
Passwords
19. What is SPAM?
Spam, also known as junk mail, is unsolicited email. In most cases, spam is used as a method of
advertising. However, spam can be used to send harmful links, malicious programs, or deceptive content
to try to obtain sensitive information such as a social security number or bank account information.
20. How can Spam be used with a virus?
spam can include links to an infected website or an attachment that could infect a computer
21. What are six common SPAM indications?
An email has no subject line.
An email is requesting an update to an account.
Chapter 10: Security
IT Essentials 5.0
Page 3 of 13
The email is filled with misspelled words or strange punctuation.
Links within the email are long and/or cryptic.
An email is disguised as correspondence from a legitimate business.
The email requests that you open an attachment.
22. Explain these common attacks:
SYN FloodA SYN flood attack randomly opens TCP ports at the source of the attack and ties up the
network equipment or computer with a large amount of false SYN requests.
DoS- DoS is a form of attack that prevents users from accessing normal services, such as
email or a web server, because the system is busy responding to abnormally large amounts
of requests. DoS works by sending so many requests for a system resource that the
requested service is overloaded and ceases to operate
DDoS- A DDoS attack uses many infected computers, called zombies or botnets, to launch
an attack.
Spoofing- In a spoofing attack, a computer pretends to be a trusted computer to gain access
to resources. The computer uses a forged IP or MAC address to impersonate a computer
that is trusted on the network.
Man-in-the-Middle- An attacker performs a Man-in-the-middle attack by intercepting
communications between computers to steal information transiting through the network.
Replay- These transmissions are then replayed to the destination computer.
DNS Poisoning- DNS records on a system are changed to point to imposter servers. The
user attempts to access a legitimate site, but traffic is diverted to an imposter site. The
imposter site is used to capture confidential information, such as usernames and passwords.
10.1.1.7 Worksheet - Security Attacks
23. A ___Social engineering _is a person who is able to gain access to equipment or a network
by tricking people into providing the necessary access information.
24. Seven basic precautions to help protect against social engineering:
Never give out your password.
Chapter 10: Security
IT Essentials 5.0
Page 4 of 13
Always ask for the ID of unknown persons.
Restrict access to visitors.
Escort all visitors.
Never post your password in your work area.
Lock your computer when you leave your desk.
Do not let anyone follow you through a door that requires an access card.
25. _Data wiping_ is the process of removing sensitive data from hardware and software before
recycling or discarding.
26. The only way to fully ensure that data cannot be recovered from a hard drive is to:
Degaussing
10.2 Security Procedures
27. Explain what is a security policy and why is it needed?
A security policy is a collection of rules, guidelines, and checklists. Network technicians and managers of
an organization work together to develop the rules and guidelines for the security needs of computer
equipment.
28. What elements should be included in a security policy?
An acceptable computer usage statement for the organization.
The people permitted to use the computer equipment.
10.2.1.2 Worksheet - Answer Security Policy Questions
29. What questions should you ask to determine security factors?
Is the computer located at a home or a business?, Is there full-time Internet access?
30. What are at least 4 key areas a security policy should address?
Process for handling network security incidents
Process to audit existing network security
General security framework for implementing network security
Behaviors that are allowed
Behaviors that are prohibited
Chapter 10: Security
IT Essentials 5.0
Page 5 of 13
31. What are at least emergency procedures a security policy should address?
Steps to take after a breach in security
Who to contact in an emergency
Information to share with customers, vendors, and the media
Secondary locations to use in an evacuation
Steps to take after an emergency is over, including the priority of services to be restored
32. Explain what is the difference computer between data classified public versus top secret
from a business perspective?
33. What security problem is created when people use each other’s password to log-in?
Less secure.
34. Explain the three levels of password protection that are recommended:
BIOS - Prevents the operating system from booting and the BIOS settings from being changed without
the appropriate password, as shown in Figure 1.
Login - Prevents unauthorized access to the local computer, as shown in Figure 2.
Network - Prevents access to network resources by unauthorized personnel, as shown in Figure 3.
35. List and explain four good password rules/ requirements:
Length - Use at least eight characters.
Complexity - Include letters, numbers, symbols, and punctuation. Use a variety of keys on the
keyboard, not just common letters and characters.
Variation - Change passwords often. Set a reminder to change the passwords you have for email,
banking, and credit card websites on the average of every three to four months.
Variety - Use a different password for each site or computer that you use.
36. What is the key difference in file and folders sharing privileges when comparing NTFS and
FAT32?
Both FAT32 and NTFS allow folder sharing and folder-level permissions for users with network access.
Folder permissions are shown in Figure 1. The additional security of file-level permissions is provided only
with NTFS. File-level permissions.
37. What is meant “Principle of Least Privilege”?
Users should be limited to only the resources they need in a computer system or on a network. They
should not be able to access all files on a server, for example, if they need to access only a single folder.
Chapter 10: Security
IT Essentials 5.0
Page 6 of 13
It may be easier to provide users access to the entire drive, but it is more secure to limit access to only
the folder that is needed to perform their job.
10.2.1.7 Lab - Securing Accounts, Data, and the Computer in Windows 7
10.2.1.8 Lab - Securing Accounts, Data, and the Computer in Windows Vista
10.2.1.9 Lab - Securing Accounts, Data, and the Computer in Windows XP
38. What is a software firewall and how does it work?
A software firewall is a program that runs on a computer to allow or deny traffic between the computer
and other computers to which it is connected. The software firewall applies a set of rules to data
transmissions through inspection and filtering of data packets.
39. What do biometric devices use to give access to people? Give one example
Biometric devices, which measure physical information about a user, are ideal for highly secure
areas when combined with a secondary security measure such as a password or pin. However, for most
small organizations, this type of solution is too expensive.
40. What make a “smart card” operate?
A smart card is a small plastic card, about the size of a credit card, with a small chip embedded in it, as
shown in Figure 3. The chip is an intelligent data carrier, capable of processing, storing, and safeguarding
data. Smart cards store private information, such as bank account numbers, personal identification,
medical records, and digital signatures. Smart cards provide authentication and encryption to keep data
safe.
41. Where are data backups kept and why?
Backing up data is one of the most effective ways of protecting against data loss. Data can be lost or
damaged in circumstances such as theft, equipment failure, or a disaster. If the computer hardware fails,
the data can be restored from the backup to functional hardware.
42. What are some considerations for data backups?
Frequency - Backups can take a long time. Sometimes it is easier to make a full backup monthly or
weekly, and then do frequent partial backups of any data that has changed since the last full backup.
However, having many partial backups increases the amount of time needed to restore the data.
Storage - For extra security, backups should be transported to an approved offsite storage location on a
daily, weekly, or monthly rotation, as required by the security policy.
Security - Backups can be protected with passwords. The password is entered before the data on the
backup
43. How does data encryption work on a drive?
A special key must be used to return the unreadable information back into readable data. Software
programs are used to encrypt files, folders, and even entire drives.
Chapter 10: Security
IT Essentials 5.0
Page 7 of 13
44. How can the Bit-Locker application be used?
Once the volume has been shrunk, a system file can be created to comply with the requirements of
BitLocker.
45. When facing a suspect warning window, what key combination may help safely close it?
ALT+F4
46. When a machine reports an infection, what should be the first action taken and why?
Step 1. Right-click Computer > Properties > System Protection tab.
10.2.3.2 Worksheet - Third-Party Antivirus Software
47. Why must software manufacturers regularly create and dispense new patches to fix flaws
and vulnerabilities?
Software manufacturers must regularly create and dispense new patches to fix flaws and vulnerabilities
in products. If a computer is left unprotected by a technician, an attacker can gain access.
48. How are signature files used in keeping computers free from malicious software?
Because new viruses are always being developed, security software must be continually updated. This
process can be performed automatically, but a technician should know how to manually update any
type of protection software and all customer application programs.
49. Explain what is hash encoding and where is it used?
Hash encoding, or hashing, ensures that messages are not corrupted or tampered with during
transmission. Hashing uses a mathematical function to create a numeric value that is unique to the
data.
50. What are the most popular hashing algorithms?
51. What is symmetric encryption?( Give an example in your answer)
Symmetric encryption requires both sides of an encrypted conversation to use an encryption key to
encode and decode the data. The sender and receiver must use identical keys. Symmetric encryption is
shown in Figure 2. DES and 3DES are examples of symmetric encryption
52. What is asymmetric encryption? (Give an example in your answer.)
Asymmetric encryption requires two keys, a private key and a public key.
Chapter 10: Security
IT Essentials 5.0
Page 8 of 13
53. When is the private key used?
The intended recipient is the only party to have the private key, which is used to decrypt the messages.
54. What does the SSID do and how could it be an exploit?
The Service Set Identifier (SSID) is the name of the wireless network. A wireless router or access point
broadcasts the SSID by default so that wireless devices can detect the wireless network. Manually enter
the SSID on wireless devices to connect to the wireless network when the SSID broadcast has been
disabled on the wireless router or access point.
55. How can MAC address filtering be used as a technique to deploy device-level security on a
wireless LAN?
MAC address filtering is a technique used to deploy device-level security on a wireless LAN. Because
every wireless device has a unique MAC address, wireless routers and access points can prevent wireless
devices from connecting to the network if the devices do not have authorized MAC addresses
56. Define the following:
Wired Equivalent Privacy (WEP) – Wired Equivalent Privacy (WEP) - The first generation security
standard for wireless. Attackers quickly discovered that WEP encryption was easy to break. The
encryption keys used to encode the messages could be detected by monitoring programs. After
the keys were obtained, messages could be easily decoded.
Wi-Fi Protected Access (WPA) -Wi-Fi Protected Access (WPA) - An improved version of WEP,
WPA covers the entire 802.11i standard (a security layer for wireless systems). WPA uses much
stronger encryption than WEP encryption.
Wi-Fi Protected Access 2 (WPA2) - An improved version of WPA. This protocol introduces higher
levels of security than WPA. WPA2 supports robust encryption, providing government-grade
security. WPA2 has two versions: Personal (password authentication) and Enterprise (server
authentication).
Lightweight Extensible Authentication Protocol (LEAP), also called EAP-Cisco-
Chapter 10: Security
IT Essentials 5.0
Page 9 of 13
10.2.4.5 Packet Tracer Activity: Wireless Security Techniques Instructor Check:____________
57. What are two ways in which changing the power level in wireless devices can be beneficial?
58. Explain why is it important to change to password (and username if possible) on a wireless
device from the default?
So no one can get it.
59. Before WPS (Wi-Fi Protected Setup) what did people do for network security and how does
WPS help now?
WPS has a major security flaw. Software has been developed that can intercept traffic and recover the
WPS PIN and the pre-shared encryption key
60. Explain the types of hardware firewall configurations:
Packet filter - Packets cannot pass through the firewall, unless they match the established rule set
configured in the firewall. Traffic can be filtered based on different attributes, such as source IP address,
source port or destination IP address or port. Traffic can also be filtered based on destination services or
protocols such as WWW or FTP.
Stateful packet inspection - This is a firewall that keeps track of the state of network connections traveling
through the firewall. Packets that are not part of a known connection are dropped.
Application layer - All packets traveling to or from an application are intercepted. All unwanted outside
traffic is prevented from reaching protected devices.
Proxy - This is a firewall installed on a proxy server that inspects all traffic and allows or denies packets
based on configured rules. A proxy server is a server that is a relay between a client and a destination
server on the Internet.
61. What is a network DMZ and what things are usually place there?
A DMZ is a subnetwork that provides services to an untrusted network. An email, web, or FTP server is
often placed into the DMZ so that the traffic using the server does not come inside the local network.
Chapter 10: Security
IT Essentials 5.0
Page 10 of 13
10.2.4.8 Worksheet - Research Firewalls
62. What is port forwarding and when might you use it at home?
data through inbound ports to a specific device
10.2.4.10 Lab - Configure Wireless Security
63. What are the four interrelated aspects of physical security?
64. What are at least five methods of physically protecting computer equipment?
Use cable locks with equipment.
Keep telecommunication rooms locked.
Fit equipment with security screws.
Use security cages around equipment.
Label and install sensors, such as Radio Frequency Identification (RFID) tags, on equipment.
65. To limit access to a facility, what are some methods that can be used?
For users that need to access sensitive network resources, a token can be used to provide two-factor
authentication. A token can be hardware type, such as a pin card, shown in Figure 3, or a software type,
such as a soft token program
66. What is a patch and how is it different from a service pack?
Patches are code updates that manufacturers provide to prevent a newly discovered virus or worm from
making a successful attack.
10.3.1.2 Worksheet - Operating System Updates in Windows
67. What is a full back-up?
Type copies all selected files and marks each file as having been backed up.
68. What is an incremental backup?
Backs up only files that have been created or changed since that last full of incremtal backup
69. What is the difference between an incremental backup and a differential backup? Use a
diagram to support your answer:
Chapter 10: Security
IT Essentials 5.0
Page 11 of 13
They do two different things and they are just different.
70. When should backups be run?
Daily.
10.3.1.4 Lab - Data Backup and Recovery in Windows 7
10.3.1.5 Lab - Data Backup and Recovery in Windows Vista
10.3.1.6 Lab - Data Backup and Recovery in Windows XP
71. What is the difference between a restrictive verses permissive security policy when dealing
with firewalls?
Firewalls generally work by opening and closing the ports used by various applications. By opening only
the required ports on a firewall, you are implementing a restrictive security policy
10.3.1.8 Lab - Configure a Windows 7 Firewall
10.3.1.9 Lab - Configure a Windows Vista Firewall
10.3.1.10 Lab - Configure a Windows XP Firewall
72. What can help limit areas of vulnerability that allow a virus of malicious software to enter
the network?
Employees can be grouped by job requirements and given access to files according to group permissions
73. When should an employee’s access be terminated and why?
When they leave the job and go to a new one.
74. When should guest accounts be used?
Only for the guest that are there for the short time.
10.4 Basic Troubleshooting Process for Security
75. List 3 open ended questions to help identify the problem.
A when did the problem start
B who else has used your computer
C what websites have you visited lately.
76. List 3 closed ended questions to help identify the problem
A is your security software up to date
Chapter 10: Security
IT Essentials 5.0
Page 12 of 13
B have you scanned for virurses
C have you shared your password
77. What are some common probable causes for security problems? (at least 4)
Viruses, Trojan horse, adware, spyware
78. What are three quick procedures that can be done to help test your previous theory(s)?
A disconnect from the network
B reboot the computer or network device
C secure equipment room
79. If a quick procedure does not correct the problem, what needs to happen?
You need to come up with a new theory.
80. What are some additional resources that can be used to establish a plan of action?
(list at least 4)
Help desk, news groups, other technicians, online forums
81. After you have determined the exact cause of the problem what needs to occur?
You need to document what you did to figure it out.
82. What is the final step(s) in troubleshooting and what are at least three action you may do in
that final step(s)?
Notify the customer and document.
10.4.2.2 Worksheet - Gather Information from the Customer
Chapter 10: Security
IT Essentials 5.0
Page 13 of 13