Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Basics

Published byBetty Neal Modified over 6 years ago

Similar presentations

Presentation on theme: "Computer Security Basics"— Presentation transcript:

1 Computer Security Basics
Chapter 2 Computer Security Basics McGraw-Hill

2 Learning Objectives Describe security threats and vulnerabilities to desktop PCs and users Identify methods for protecting against security threats. Troubleshoot common security problems

3 Threats to Computers and Users
Malware (Malicious Software) Vectors: the mode of malware infection. Vectors Code on Web sites Trojan horse Searching for unprotected computers Sneakernet–the oldest vector

4 Trojan horse image Image: Carol and Mike Werner/Alamy

5 Threats to Computers and Users
Malware (cont.) Vectors: the mode of malware infection (cont.) Back doors (ex, Code Red worm then Nimda worm) Rootkits Pop-up downloads Drive-by downloads War driving Bluesnarfing

6 Online videos show examples of war driving

7 Threats to Computers and Users
Malware (cont.) Stealing Passwords Through Web sites Using password crackers Using keystroke loggers Hardware keystroke logger Product photo courtesy of

8 Threats to Computers and Users
Malware (cont.) Virus A program installed and activated without the knowledge or permission of the user Mischief or damaging results

9 Threats to Computers and Users
Malware (cont.) Worm A virus that self-replicates Travels between computer via many vectors Netsky and MyDoom worms generated disabling amounts of network traffic

10 Threats to Computers and Users
Malware (cont.) Botnets and Zombies A botnet is a group of networked computers that Infected with programs that forward information to other computers Bot (short for robot) program acts as an agent. Can be used for good or evil A zombie is a computer working mindlessly as part of the botnet

11 Threats to Computers and Users
Malware (cont.) Spyware Gathers information and sends to the people who requested it. Used to track surfing or buying patterns Used for industrial espionage Law enforcement uses spyware to track criminals Governments use it to investigate terrorism

12 Threats to Computers and Users
Malware (cont.) Adware Collects information about a user to display targeted advertisements Display ads in pop-ups or banners Clicking inside a banner or pop-up may trigger a pop-up download that installs a virus or worm

13 Threats to Computers and Users
Malware (cont.) Web Browser Hijacking Home page points to a site the user did not select Remedy by changing the default page in browser settings

14 Threats to Computers and Users
Malware (cont.) Spam and Spim Spam: unsolicited May be from legitimate or illegitimate source May involve a scam Perpetrators are called spammers Spim: Spam over Instant Messaging Bots (spimbots) collect instant messaging screen names Spim message may contain links to product Web sites Perpetrators are called spimmers

15 Threats to Computers and Users
Social Engineering Phishing Fraudulent method of obtaining personal financial information through the use of messages that appear to be from legitimate organizations Hoaxes Take many forms Example: seemingly from friend in trouble Example: seemingly from Microsoft with a link to a fix Point out that Microsoft does not send out fixes via .

16 Hoaxes take many forms Image: Henrik Kettunen/Alamy

17 Threats to Computers and Users
Social Engineering (cont.) Enticements to open attachments Fraud: The use of deceit and trickery to obtain money or other valuables Point out that you should never open an attachment from an unknown source. Nor should you click on a link inside an message. Copy and past the link into your browser to prevent the use of a URL alias.

18 Threats to Computers and Users
Identify Theft Personal information stolen to commit fraud A social security number and other key personal information is enough to steal someone’s identity Exposure to Inappropriate or Distasteful Content Invasion of Privacy

19 FTC ID theft Web page

20 Invasion of privacy Image: Troy Aossey/Digital Vision/Getting Images

21 Threats to Computers and Users
Misuse of Cookies Cookies may contain User preferences from visiting a site Information entered into a form at a Web site Browsing activity Shopping selections on a Web site Cookies can be a convenience Look for privacy statement Banner ad creators use cookies to track surfing habits Talk about first-party versus third-party cookies and tell students they will learn how to block cookies in the section on Defense Against Threats.

22 Threats to Computers and Users
Computer Hardware Theft Keeping Track of New Threats Federal Trade Commission (FTC) Bureau of Consumer Protection ( The People Behind the Threats Hackers Crackers Script Kiddies Click Kiddies Packet Monkeys

23 Guard against computer theft
Image: Image Source/Getty Images

24 Computer accidents Image: R and R Images/Photographer’s Choice/Getty Images

25 Figure 2-1 The FTC Bureau of Consumer Protection Web site

26 Organized crime Image: Digital Vision/Getty Images

27 Hacker Image: Comstock/Getty Images

28 Defense Against Threats
Education Some signs to look for are: Strange screen messages Sudden computer slowdown Missing data Inability to access the hard drive Image: artpartner-images.com/Alamyh

29 Defense Against Threats
Education (cont.) Non-computer activity of concern Unexplained charges on credit accounts Calls from creditors about overdue payments on accounts you never opened A turndown when applying for new credit for reasons you know are not true A credit bureau report of existing credit accounts you never opened

30 Defense Against Threats
Security Policies Define data sensitivity and data security practices Exist in both document form and software form Administrators configure computer security to enforce written policy Password policy should require strong passwords and state complexity requirement that are enforced on computers

31 Defense Against Threats
Install Comprehensive Security Software Firewalls Network-based Firewalls Technology used in firewalls IP packet filter Proxy service Encrypted authentication Virtual private network (VPN) Personal Firewalls Come with most OSs Come with third-party security software

32 Figure 2-2 Security software with many bundled components

33 Table 2-1 Firewall Technologies

34 Figure 2-3 Security page from a Cisco Wireless-N Router

35 Figure 2-4 A private network protected by a firewall

36 Figure 2-5 This message can simply mean that you are using a third-party firewall, and Windows Firewall is disabled

37 Defense Against Threats
Install Comprehensive Security Software (cont.) Anti-Spam Antivirus Pop-Up Blockers Privacy Protection/Controlling Cookies Parental Controls

38 Figure 2-6 Most spam filters have extensive configuration options

39 Figure 2-7 The Internet Explorer Pop-up Blocker Settings page

40 Figure 2-8 Use the top part of the privacy page in Internet Options to control the use of cookies

41 Defense Against Threats
Install Comprehensive Security Software (cont.) Content Filtering Block or allow certain sites May be part of multifunction package May be included in browser Services on Internet give ratings to Web sites Configure filter to allow or disallow unrated sites Content Advisor in Internet Explorer Keep Up-to-Date with security patches

42 Check Out the Content Advisor in Internet Explorer
Defense Against Threats Step-by-Step 2.01 Check Out the Content Advisor in Internet Explorer

43 Figure 2-9 The Content tab in Internet Options

44 Figure 2-10 Content Advisor page displays when you click the Enable button in Internet Options

45 Defense Against Threats
Authentication and Authorization Authentication Verification of who you are One-factor: Something you know (user name and password) Two-factor: Something you know and something you have (token) Three-factor authentication: Two-factor plus biometric data (retinal scan, voice print, or fingerprint)

46 Defense Against Threats
Authentication and Authorization (cont.) Authorization Determines level of access Includes both authentication and verification of access level Permission is an action that a security account can perform on an object User right is a systemwide action a security account can perform on a computer Logging on Installing device drivers

47 Defense Against Threats
Passwords Password: a string of characters entered for authentication Don’t take for granted Do not use same password everywhere Defense against threats Use long and complex passwords Do not use common words

48 Defense Against Threats
Security Account Basics Security account assigned permissions and rights User Accounts Assigned to single person Contains user name, password, and often more Built-in user accounts Administrator (Windows) Root (Mac OS X and Linux Guest (disabled by default Account Types Standard user Administrator

49 Figure 2-11 An administrator account may create accounts of either type

50 Defense Against Threats
Security Account Basics (cont.) Group Accounts Contain one or more individual accounts May contain other groups Some built-in (Administrators, Users, Guests) Some created when software is installed Some created by Administrator

51 Defense Against Threats
Security Account Basics (cont.) Computer Accounts Computer may have security accounts In a Windows Active Directory domain Windows computers log on to the domain with computer accounts Tell students that if their school or work has a Windows Active Directory domain, Windows computers logon to the domain when they startup each day. Ask if they can think of why this would be true. See if they understand that this guarantees that the computers are not “rogue” computers. Of course, each user must also log on.

52 Defense Against Threats
Security Account Basics (continued) Windows Vista/7 User Account Control (UAC) When administrator type account attempts to do something privileged Desktop dims (it is unavailable) UAC displays Consent Prompt User must click Yes to continue the action When a standard type account attempts the same UAC displays Credentials Prompt User must provide an administrator user name and password Ensure that students understand the reason for UAC. The text explains the scenario, but students may miss the significance of the protection UAC gives you. Chapter 6, Figures 6-27 and 6-28 show examples of both UAC prompt.

53 Defense Against Threats
Security Account Basics (cont.) Mac OS X has function similar to UAC Certain dialog boxes have a lock symbol If lock is turned on in a dialog box, only “safe” actions can be completed Unlocking dialog box with credentials to reveal advanced settings

54 Figure 2-13 Unlock a dialog box in Mac OS X to access advanced settings

55 Defense Against Threats
Best Practices When Assigning Permissions Principle of least privilege Assign permissions that allow each user only the level of access required to complete assigned tasks Do not give users more permissions than required

56 Defense Against Threats
Best Practices with User Names and Passwords You are at risk if you answer “yes” to: Do you have too many passwords to remember? Do you use the same password everywhere? Do you have your password written on a sticky note or your calendar? Have you used the same password for more than a few months? Reusing the same user name also puts you at risk

57 Defense Against Threats
Best Practices with User Names and Passwords (continued) Don’t give away your user name and password Using the same credentials for online banking and for a “fun” Web site is risky Web sites are created just to collect such information

58 Defense Against Threats
Best Practices with User Names and Passwords (continued) Create strong passwords One that meets certain criteria Example: At least 8 characters consisting of letters, numbers, and other symbols Easy to remember Difficult for others to guess

59 Defense Against Threats
Best Practices with User Names and Passwords (cont.) Always use strong passwords for these accounts: Banks, investments, credit cards, online payment providers Work-related accounts Online auction sites and retailers Sites holding your personal information

60 Defense Against Threats
Encryption Transformation of data into code Decrypted with a secret key or password Most online methods use digital certificate A secret key in the form of a file Encrypt data before sending over network Encrypt stored data files Secure HTTP (HTTPS) uses Secure Sockets Layer (SSL) security protocol Ask how many students do online banking or purchase items online. Ask if they know to look for the HTTPS protocol in the address box of the browser?

61 Defense Against Threats
Encryption (cont.) NTFS Encrypting File System (EFS) Windows BitLocker Drive Encryption In Ultimate Editions of Windows Vista and Windows 7 Encrypts an entire drive Mac OS X FileVault encrypts the Home Folder

62 Figure 2-14 Turn NTFS encryption on or off using the Properties of a folder

63 Figure 2-15 Configuring FileVault in Mac OS X

64 Defense Against Threats
Data Wiping Remove data from old computers before disposing of them Permanently remove data from storage Reformat does not really remove data Data wiping software writes over data Data wiping available for any rewritable storage device You cannot recover data after data wiping

65 Defense Against Threats
Physical Security Limit access to building or room Laptops are more vulnerable to theft Security for mobile computing Be extra wary of the danger of theft Encrypt sensitive and confidential data

66 Troubleshooting Common Security Problems
Troubleshooting Log-on Problems Caps lock key turned on Figure Log-on error message

67 Troubleshooting Common Security Problems
Troubleshooting Log-on Problems (continued) Too many log-on attempts Figure Log-on lockout message Insert Figure 2-18 here Figure The Account Lockout Policy with values set for lockout duration, threshold, and a period of time after which the counter resets

68 Figure The Account Lockout Policy with values set for lockout duration, threshold, and a period of time after which the counter resets

69 Troubleshooting Common Security Problems
Troubleshooting Log-on Problems Caps lock key turned on Too many log-on attempts Troubleshooting Suspected Malware Attack Run a scan of all drives and memory Try a reputable online scanner Using the Administrator Account in Troubleshooting Logon in Safe Mode to built-in local Administrator

70 Chapter 2 Summary LO 2.1Threats to Computers and Users
Threats include malware, phishing, social engineering, identity theft and fraud, exposure to inappropriate or distasteful content, invasion of privacy, misuse of cookies, hoaxes, and computer hardware theft. Other threats include accidents, mistakes, and natural and unnatural disasters. A vector is a mode of malware infection, such as , code on Web sites, Trojan horses, search-ing out unprotected computers, sneakernet, back doors, rootkits, pop-up downloads, drive-by downloads, war driving, and bluesnarfing.

71 Chapter 2 Summary The people behind computer security threats come from all over the world, and increasingly they are part of organized crime. Certain terms, describing their techniques, define the individuals. These terms include hackers, crackers, script kiddies, click kiddies, and packet monkeys. Many methods are used to steal passwords, including capturing them from unsecured Web sites, using password crackers, and keystroke loggers.

72 Chapter 2 Summary LO 2.2 Defense Against Threats
Education is an important defense against threats. It includes knowing what the threats are and learning to recognize the signs of a threat or an infection. Security policies describe how an organization protects and manages sensitive information. You should follow and enforce security policies. You should install comprehensive security software, including (at minimum) personal firewalls, anti-spam software, antivirus software, and pop-up and privacy protection.

73 Chapter 2 Summary You will improve your security if you under- stand authentication and authorization and its implementation on your computer and in your organization. You can combat threats by following the rule of least privilege when assigning permissions and using best practices with user names and passwords. Encryption technologies protect your data.

74 Chapter 2 Summary Data wiping practices can remove even deleted data from computers. Physical security of computers and networks is also important, especially for mobile computing.

75 Chapter 2 Summary LO 2.3 Troubleshooting Common Security Problems
Log-on failure may be the result of something as simple as having the Caps Lock key turned on. The OS can lock you out from logging on to your computer if you exceed the number of failed log-on attempts configured in the Account Lockout Policy for a network or an individual computer. An administrator may need to modify the policy.

76 Chapter 2 Summary If you suspect a computer is infected by a virus and have an antivirus program installed, run a scan of all drives and memory. If this does not discover a virus, and you are still suspicious, connect to one of many Web sites that offer free online scans, such as

77 Chapter 2 Summary Windows has an administrator account, “Adminis-trator.” Disabled by default, this account has no password in Windows Vista and Windows 7. The Administrator account is enabled if your computer is not a member of a Windows Active Directory domain (the norm for a home computer) and it starts in Safe Mode. In that case, you can log on with this account and attempt to troubleshoot the reason for the computer going into Safe Mode.

Download ppt "Computer Security Basics"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 2 Computer Security Basics McGraw-Hill.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 2 Computer Security Basics McGraw-Hill.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.

Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
The Internet Netiquette and Dangers. Outline Netiquette Dangers of the Internet.

The Internet Netiquette and Dangers. Outline Netiquette Dangers of the Internet.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.

Similar presentations

Ads by Google