Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Computer and Networking Security
Document related concepts
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Network tap wikipedia , lookup
Policies promoting wireless broadband in the United States wikipedia , lookup
Computer security wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Transcript
The Complete A+ Guide to PC Repair 5/e Addison Wesley is an imprint of Chapter 14 Computer and Network Security © 2011 Pearson Addison-Wesley. All rights reserved. Chapter Objectives • Detail common components contained in a security policy. • Recommend laptop security methods and devices. • Describe techniques and devices use in computers and networks. • Detail and perform operating system and data protection. • Detail and perform operating system and data protection. • Plan, configure, implement, and troubleshoot a basic wireless network with security implemented. • Optimize a Windows-based system for security. • Define common wireless security terms. © 2011 Pearson Addison-Wesley. All rights reserved. • Explain common techniques used when dealing with irate customers. Security Overview Computer and network security relates to the protection of PC hardware, software, and data and techniques used when communicating across a wired or wireless network. This chapter focuses on issues related to a PC technician job and the processes and terminology with which the technician should be familiar. © 2011 Pearson Addison-Wesley. All rights reserved. Security Policy Security policy – One or more documents that provide rules and guidelines related to computer and network security. © 2011 Pearson Addison-Wesley. All rights reserved. Physical Security • Typical physical security includes door locks, cipher locks, keys, guards, and fences, but physical security regarding computers can mean much more. © 2011 Pearson Addison-Wesley. All rights reserved. Physical Security • Electronic key cards – An alternative to a key for room or building access. • Benefits – They are easy to program and issue/revoke than the time it takes to issue a key or to get back a key from a dismissed employee or one who quits. – Information is stored on a centralized database instead of a checkout sheet maintained by an administrative support person. – Access to information, such as who entered a room and at what time, can be logged and monitored more easily than with a checkout sheet. – More layers of control can be exercised and administered. – When keys are issued and one is lost or unattainable, the lock must be rekeyed and new keys issued. © 2011 Pearson Addison-Wesley. All rights reserved. Physical Security Devices © 2010 Pearson Addison-Wesley. All rights reserved. Tech Tip – Use the Lock Computer option When away from your desk, use the Lock Computer option. Press CTRL+ALT+DEL and select Lock Computer. © 2010 Pearson Addison-Wesley. All rights reserved. Biometric Devices © 2011 Pearson Addison-Wesley. All rights reserved. Protecting the Operating System and Data • Some of the more important security tips from previous chapters – Use the NTFS file system. – Back up data often and keep the backups in a different location in case of natural disaster or fire. – Back up the System State. – Ensure operating system and application service packs and updates are applied regularly. – Install antivirus software with the latest virus definitions. – Set share permissions appropriately. © 2011 Pearson Addison-Wesley. All rights reserved. Protecting the Operating System and Data • Some of the more important ones follow: – Use BitLocker and TPM (Trusted Platform Module). • BitLocker encrypts an entire disk volume, including the operating system, user files, swap files, and hibernation files. – Optionally place operating system files and data files on separate hard drive partitions. – If donating an older computer or replacing a hard drive, the data needs to be removed, and if feasible, the hard drive partitions(s) deleted and recreated. – Encrypt data that needs to be protected. • EFS (encrypting file system) - An encryption feature of Windows 2000 and higher; only the authorized user may view or change a file encrypted with EFS. © 2011 Pearson Addison-Wesley. All rights reserved. Tech Tip – All subfolders are shared When you share a folder, all subfolders are automatically shared unless you make the subfolders private. © 2011 Pearson Addison-Wesley. All rights reserved. Tech Tip • Can you encrypt someone else’s files? The answer is yes if you have the write attribute, create files/write data and list folder/read data permissions for the file. © 2011 Pearson Addison-Wesley. All rights reserved. Protecting Access to Local and Network Resources Authentication – used to determine what network resources can be used. Authorization – Controls what network resources such as file, folders, printers, video conferencing equipment, fax machines, scanners, and so on can be accessed and used by a legitimate network user or device. © 2011 Pearson Addison-Wesley. All rights reserved. Protecting Access to Local and Network Resources • Windows and other operating systems and applications use the Kerberos protocol to provide authentication. – Kerberos uses a KDC (key distribution center) to authenticate users, applications, and services. – Password protection is a common method used. © 2011 Pearson Addison-Wesley. All rights reserved. Protecting Access to Local and Network Resources • A workgroup environment is a LAN where each computer maintains its own networked resources such as whether a file or printer is shared with others. – Workgroup networks are more common is home and small business environments and are sometimes called peer-to-peer networks. • A domain environment is more common in the business world where network servers are used to authenticate logins, provide for file storage, and provide services such as email and Web access. © 2011 Pearson Addison-Wesley. All rights reserved. Windows Workgroup Model © 2011 Pearson Addison-Wesley. All rights reserved. Windows Domain Model © 2011 Pearson Addison-Wesley. All rights reserved. Protecting Access to Local and Network Resources • Another method of controlling login passwords is through a local- or domain-based account policy. • A local policy is created on a computer, and it could be used to disable auto-playing of CD/DVDs, turn off personalized menus, or keep someone from changing the Internet Explorer home page. – Through the defined policy, criteria for auditing can also be set. • Auditing – Also called event logging or logging. – Tracking defined network events © 2011 Pearson Addison-Wesley. All rights reserved. Protecting Access to Local and Network Resources • Files and folders can be shared in either a network workgroup or domain. • Local share - Something such as a printer, folder, or disc that has been made available across a network. • Administrative share - Shares created by Microsoft for drive volumes and the folder that contains the majority of Windows files. An administrative share has a dollar sign at the end of the name. © 2011 Pearson Addison-Wesley. All rights reserved. Protecting Access to Local and Network Resources Hidden Share Any local share can be made a hidden share (not seen by default through the network). Add a dollar sign ($) after the share name to hide it. © 2011 Pearson Addison-Wesley. All rights reserved. Internet Security • Before upgrading an Internet browser, you must determine the current Web browser version. – With any Windows-based application, the version is determined by starting the application, clicking the Help menu option, and selecting the About x (where x is the name of the application) in Windows XP or selecting the question mark menu item in Vista or Windows 7. © 2011 Pearson Addison-Wesley. All rights reserved. Internet Security Encryption Proxy Server Method of security data from unauthorized users. Data is converted into an unreadable format. A server that acts as a gobetween for an application and another server. © 2011 Pearson Addison-Wesley. All rights reserved. Internet Security • A proxy server can also cache frequently accessed Web pages and provide them when requested from a client instead of accessing the real Web server. • To configure any proxy server, you need the following information: − IP address of the proxy server − Port number of the proxy server − Optionally a username and password, but some organizations use server-based authentication © 2011 Pearson Addison-Wesley. All rights reserved. Internet Security • Computer security is a huge concern. If the computer connects to the Internet it should be connected behind a firewall. • Firewall – Software or a hardware device that protects one or more computers from being electronically attacked. • A software firewall is a good solution for individual computers. A hardware firewall is a good solution for home and business networks. © 2011 Pearson Addison-Wesley. All rights reserved. Internet Security Port Forwarding Sending data through a firewall based on a particular port number or protocol. Port Triggering Temporarily sending data through a firewall based on a preconfigured condition. © 2011 Pearson Addison-Wesley. All rights reserved. Windows XP Firewall © 2011 Pearson Addison-Wesley. All rights reserved. Windows Firewall Security Alerts © 2011 Pearson Addison-Wesley. All rights reserved. Internet Options Window © 2011 Pearson Addison-Wesley. All rights reserved. Internet Options General Tab Sections © 2011 Pearson Addison-Wesley. All rights reserved. Tech Tip Antivirus and antispyware applications are still needed even when a firewall is installed A computer protected by a firewall still needs antivirus and antispyware applications for protection. Having a firewall on each computer on a network as well as on a router or modem that connects to the Internet (or a device dedicated to providing firewall services) is common in both the home and business environment. © 2011 Pearson Addison-Wesley. All rights reserved. Internet Security • Most Web browsers allow some method of deleting cookies. Cookie – a program written to collect information on the hard drive including Web browsing preferences, sites visited, shopping cart contents, etc. © 2011 Pearson Addison-Wesley. All rights reserved. Internet Explorer – Security Tab © 2011 Pearson Addison-Wesley. All rights reserved. Custom Level Security Settings © 2011 Pearson Addison-Wesley. All rights reserved. Custom Settings Options © 2011 Pearson Addison-Wesley. All rights reserved. Windows Firewall Troubleshooting © 2011 Pearson Addison-Wesley. All rights reserved. Unsolicited Internet Message Types © 2011 Pearson Addison-Wesley. All rights reserved. Internet Security • There are freeware programs available as well as full security suites such as ones from McAfee or Symantec that include software firewalls and components to prevent these types of malicious software applications from executing. • Spam is another problem. People who send this type of email are known as spammers. – Spam – Email that is unsolicited and comes from unknown people or businesses. © 2011 Pearson Addison-Wesley. All rights reserved. Internet Security A technique used to trick people into Social divulging information including Engineering personal information or corporate knowledge. Phishing VPN (Virtual Private Network) (fishing) Attempts to get personal information through email from a company that appears legitimate. A network device connecting to a remote network device by “tunneling” over an intermediate network such as the Internet. © 2011 Pearson Addison-Wesley. All rights reserved. Tech Tip – Both VPN sides must match The two devices used to create the VPN tunnel must have identical VPN settings as the device on the other side of the VPN tunnel. © 2011 Pearson Addison-Wesley. All rights reserved. Security Incident Reporting Many companies define what to do when a security incident has occurred. If a security incident occurs and you do not know what to do, talk to your supervisor. The supervisor should have the experience to guide you or know to whom you should go to resolve the issue. © 2011 Pearson Addison-Wesley. All rights reserved. Incident Reporting © 2011 Pearson Addison-Wesley. All rights reserved. Wireless Network Security Overview • Security has been a big concern with wireless network installers because most people are not familiar with network or wireless security. • Wireless networks by their nature are insecure. • Data transmitted over air can be in clear text, which means that with special frame capturing software on a computer with a wireless NIC installed, the data can be captured and viewed. © 2011 Pearson Addison-Wesley. All rights reserved. Wireless Authentication Open Authentication Shared Key 802.1x Sends a frame to the AP with the sender’s identity (MAC address) Uses a group of characters that both the end device and AP have in common. Uses some form of EAP that uses a server that holds usernames and passwords. © 2011 Pearson Addison-Wesley. All rights reserved. Wireless Encryption WEP TKIP AES 2 standards-based versions: 64-bit (40-bit) and 128-bit (104-bit) Improves WEP by changing encryption keys periodically. 128-, 192-, and 256-bit encryption keys © 2011 Pearson Addison-Wesley. All rights reserved. Wireless NIC Properties Window with WEP Enabled © 2011 Pearson Addison-Wesley. All rights reserved. Tech Tip — Firewalls and wireless A firewall can’t always help A firewall can protect a computer connected to a wireless network. However, it cannot prevent the data being sent wirelessly from being hijacked. The firewall simply protects a hacker from accessing the computer. © 2011 Pearson Addison-Wesley. All rights reserved. Tech Tip – Using WEP If you use WEP… …all wireless NICs have to be configured for WEP with the same type (length) WEP key as the AP. © 2011 Pearson Addison-Wesley. All rights reserved. Default Settings • Most access points come with a default password and SSID. – Change both of these settings as soon as the access point is powered on. – Default passwords are posted on the Internet and a hacker could lock out access from the access point. Change Default Password Change the AP’s default password during installation. Do not leave it to the default. © 2011 Pearson Addison-Wesley. All rights reserved. Default Settings • Almost all access points are configured for SSID broadcasting. • SSID Broadcasting – Used with wireless network access points to periodically send out a beacon frame that includes the SSID. – Wireless devices can automatically detect the SSID from this beacon. • Wireless access points sometimes include other network functions such as firewall, router, and switch and sometimes include a port to add a hard drive and support network-accessible storage. © 2011 Pearson Addison-Wesley. All rights reserved. Default Access Point SSIDs or Cisco © 2011 Pearson Addison-Wesley. All rights reserved. Tech Tip – Disable SSID Broadcasting Disable SSID Broadcasting If possible and feasible, disable SSID broadcasting and manually enter the SSID in the AP and wireless NICs. Even though this requires more effort, it protects the wireless network to some extent. © 2011 Pearson Addison-Wesley. All rights reserved. Wireless Security Conclusion • A lot of issues have been raised about wireless security. It is an important issue. – Change the default password and make it as long as possible. – Change the default SSID. – Enable encryption on the access point to the highest level possible and still allow wireless NIC access. – Put the wireless network on it own subnetwork and place it behind a firewall if possible. – If provided, MAC authentication allows you to input valid MAC address that are allowed to associate to the access point. © 2011 Pearson Addison-Wesley. All rights reserved. Wireless Security Conclusion – If supported, authenticate using a Radius server. – If the SSID is manually configured, periodically change the SSID. – Assign a static IP address to the access point rather than using DHCP for it. – Disable remote management of the access point. – Place the access point in the center of the wireless network and not next to an outside window. – Use wireless network scanning software to test the network security. – Require that wireless clients use a VPN (virtual private network) tunnel to access the access point and wireless network. © 2011 Pearson Addison-Wesley. All rights reserved. Wireless Network Troubleshooting • Troubleshooting wireless networks is sometimes easier than a wired network because of the mobility factor. • A laptop with a wireless NIC installed can be used to troubleshoot connectivity, configuration, security, and so on. • Most wireless network problems stem from inconsistent configuration. © 2011 Pearson Addison-Wesley. All rights reserved. Wireless Network Troubleshooting • The list that follows are some general wireless networking tips: – Is the SSID correct? – Is the type of wireless network (ad hoc or infrastructure) correctly configured? – Is the wireless NIC seen by the operating system? – Is WEP enabled? – Is open or shared key authentication being used? – Can any devices attach to the access point? – Is anything causing interference or attenuation? – Is there a channel ID overlap problem? © 2011 Pearson Addison-Wesley. All rights reserved. Wireless Network Troubleshooting – If a manufacturer’s utility is being used and Windows XP is installed, does the Network Properties window have the Use Windows to configure my wireless network settings checkbox unchecked? If not, uncheck to allow the utility to configure the NIC. For Vista, automatic wireless network configuration is enabled by default. • Use the netsh wlan show settings command to see if automatic configuration is enabled. • Use the set autoconfig enabled=yes interface=name (where name is the name shown when looking at the WLAN settings). © 2011 Pearson Addison-Wesley. All rights reserved. Soft Skills – Dealing with Irate Customers • It is fitting to leave the last customer-related topic to dealing with people who are angry, upset, frustrated, and so on. • This issue is faced by many technicians who have come to help or are troubleshooting a problem over the phone. • Dealing with irate customers is a skill that you can fine-tune. • Listening to fellow technicians tell how they successfully (or unsuccessfully) dealt with a difficult customer can also help. © 2011 Pearson Addison-Wesley. All rights reserved. Soft Skills – Dealing with Irate Customers • Some key tips for dealing with difficult customers include the following: – Realize that not only does the customer want their computer problem fixed, but also they sometimes need to vent, be heard, and listened to. – Listen carefully to the customer with your full attention. – Do not argue with the customer. – Avoid coming across as a bureaucrat or blaming others. © 2011 Pearson Addison-Wesley. All rights reserved. Soft Skills- Dealing with Irate Customers • Some key tips for dealing with difficult customers include the following: – Maintain your professionalism at all times no matter what the customer’s reaction is. – Do not let an angry customer ruin your day. – Be assertive, not passive or aggressive. © 2011 Pearson Addison-Wesley. All rights reserved. Questions??? Addison Wesley is an imprint of © 2011 Pearson Addison-Wesley. All rights reserved.
