Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness: Applying Practical Security in Your World

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Awareness: Applying Practical Security in Your World"— Presentation transcript:

1 Security Awareness: Applying Practical Security in Your World
Chapter 2: Personal Computer Security

2 Objectives Define physical security and explain how to apply it
List the different types of data security Work with operating system security Security Awareness: Applying Practical Security in Your World

3 Personal Computer Security
Ensuring physical security of personal computers is one of the basic lines of defense Users tend to focus on one or two defenses Personal computer security: Physically secure Data secured on the personal computer Operating systems and software secured Security Awareness: Applying Practical Security in Your World

4 Physical Security Physical Security  The process of protecting the computer itself Goal: prevent unauthorized users from reaching the equipment to use, steal or vandalize it Frequently overlooked security process Two types of PC equipment to be protected: Desktop Portable Security Awareness: Applying Practical Security in Your World

5 Protecting Desktop Equipment
Desktop equipment  Equipment located in an office or not regularly moved to other locations Door locks are first line of defense Defended by: What you have What you know What you are (See Figure 2-1) Security Awareness: Applying Practical Security in Your World

6 Protecting Desktop Equipment
Figure 2-1 Security Awareness: Applying Practical Security in Your World

7 Using What You Have to Provide Protection
Door locks protect based on what you have: A KEY! Two types of door locks: Preset (or key-in-knob) lock Deadbolt lock Security Awareness: Applying Practical Security in Your World

8 Using What You Have to Provide Protection (continued)
Preset lock Deadbolt lock Security Awareness: Applying Practical Security in Your World

9 Door Lock Best Practices
Procedure to monitor use of locks and keys Keep track of keys issued Keep records of who uses and turns in keys Inspect locks regularly Change locks immediately upon theft or loss of keys Security Awareness: Applying Practical Security in Your World

10 Door Lock Best Practices (continued)
No markings identifying master keys Only issue keys to authorized persons Keys not in use must be secured in a locked safe Mark master keys with “Do Not Duplicate” and erase manufacturer’s serial numbers Security Awareness: Applying Practical Security in Your World

11 Using What You Know to Provide Protection
Cipher lock  Use buttons that must be pushed in correct sequence to grant access What you know: COMBINATION Security Awareness: Applying Practical Security in Your World

12 Using Who You Are to Provide Protection
Biometrics  Using unique human traits to authenticate Traits that can be used: Fingerprint Face Hand Iris Retina Voice Fingerprint matching is most common Different methods of scanning Biometrics weaknesses: expensive, difficult to use, and prone to errors and security breach Security Awareness: Applying Practical Security in Your World

13 Using Who You Are to Provide Protection (continued)
Fingerprint Scanner Figure 2-5 Security Awareness: Applying Practical Security in Your World

14 Using Who You Are to Provide Protection (continued)
Ridge points Selected locations Security Awareness: Applying Practical Security in Your World

15 Protecting Portable Equipment
Portable equipment is designed to be mobile  Requires different steps to secure Device locks (See Figure 2-8) Notebook safes (See Figure 2-9) Stealth signal transmitter Software installed that cannot be detected If stolen, the transmitter sends a signal to the monitoring center when it connects to the Internet Signal can be analyzed to track down the device Security Awareness: Applying Practical Security in Your World

16 Protecting Portable Equipment (continued)
Device lock Notebook safe Security Awareness: Applying Practical Security in Your World

17 Data Security Data security  More important than physical security
Data is more valuable than devices Two methods to secure data: Cryptography  Scrambles data so no one can read it Access controls  Restricts who has access to the data Security Awareness: Applying Practical Security in Your World

18 Cryptography Cryptography  Science of transforming information so it is secure during transmission or storage Encryption: Changing original text into a secret, encoded message Decryption: Reversing the encryption process to change text back to original, readable form Security Awareness: Applying Practical Security in Your World

19 Cryptography (continued)
Public and Private Keys Private Key System (See Figure 2-10) Same key used to encrypt and decrypt messages Key must remain secret Distributing the private key can be difficult Public Key System (See Figure 2-11) Public key used to encrypt (Key openly distributed) Private key used to decrypt (Key must remain secret) Eliminates the need for secret distribution of keys Security Awareness: Applying Practical Security in Your World

20 Cryptography (continued)
Figure 2-10 Security Awareness: Applying Practical Security in Your World

21 Cryptography (continued)
Figure 2-11 Security Awareness: Applying Practical Security in Your World

22 Digital Signatures Digital signature  Public key system used to prove that the person sending the message is who they claim to be Sender creates digital signature using their private key before encrypting the message with the receiver’s public key (See Figure 2-12) Security Awareness: Applying Practical Security in Your World

23 Cryptography (continued)
Figure 2-12 Security Awareness: Applying Practical Security in Your World

24 Digital Certificates Digital certificate  Links or binds a specific person to a public key Issued by a Certificate Authority (CA) Public keys that have been digitally signed by a trusted third party (the CA) that attests to the identity of the key owner Security Awareness: Applying Practical Security in Your World

25 Authentication Authentication  Confirms the identity of the person requesting access Passwords Biometrics Tokens Smart cards Security Awareness: Applying Practical Security in Your World

26 Authentication (continued)
Passwords Secret combination of words or numbers that identify the user Used in combination with usernames (See Figure 2-13 at right) First line of defense WEAK SECURITY Security Awareness: Applying Practical Security in Your World

27 Authentication (continued)
Password shortcuts that compromise security: Short passwords Common word passwords Personal information password Same for all accounts Located (written down) under mouse pad or keyboard A stale, unchanged password Security Awareness: Applying Practical Security in Your World

28 Authentication (continued)
Techniques for choosing hard-to-crack passwords that are easy to remember: Long phrases Substitute special characters Replace letters with numbers Group multiple accounts by security level Choose same password, but make increasingly difficult to crack depending on security level Do not write down passwords on paper  Password protected document (See Figure 2-14) Security Awareness: Applying Practical Security in Your World

29 Authentication (continued)
Password Options Figure 2-14 Security Awareness: Applying Practical Security in Your World

30 Authentication (continued)
Fingerprint scanner Biometrics Biometrics used for door locks, can also be used for access control to personal computers Fingerprint scanners (See Figure 2-15) Security Awareness: Applying Practical Security in Your World

31 Authentication (continued)
Tokens  Security device that authenticates the user by embedding the appropriate permission in the token itself What you have (token) + What you know (password or PIN) = ACCESS GRANTED Security Awareness: Applying Practical Security in Your World

32 Authentication (Cont.)
Smart Cards  Contains a chip that stores the user’s private key, login information and public key digital certificate Can be either credit cards or USB tokens (See Figure 2-16 below) Security Awareness: Applying Practical Security in Your World

33 Operating System Security
Modern operating systems have sophisticated security enhancements Most of these security tools not implemented by users—off by default Operating system hardening  Process of making a PC operating system more secure Patch management Antivirus software Antispyware software Permissions Security Awareness: Applying Practical Security in Your World

34 Patch Management Patches  Updates to software to correct a problem or weakness Critical step in securing a system Generally not automatically installed User must download and install (See Figure 2-17) or give specific permission for automatically downloaded patches to be installed Security Awareness: Applying Practical Security in Your World

35 Patch Management Figure 2-17
Security Awareness: Applying Practical Security in Your World

36 Patch Management (continued)
Patch management  Describes the tools, utilities, and processes for keeping patches up-to-date Different types of software updates (See Table 2-1) Weakness of patch management: often up to the user to download and install the patch Automated patch management is becoming more prevalent Security Awareness: Applying Practical Security in Your World

37 Patch Management (continued)
Table 2-1 Security Awareness: Applying Practical Security in Your World

38 Antivirus and Antispyware Software
Antivirus software  Works with the operating system to identify and destroy viruses Antivirus software companies regularly create updates to detect and destroy the latest viruses Definition files or signature files Antispyware software  Software that disinfects a computer from spyware and monitors any spyware activity Spyware not only tracks what the user is doing, but can be used by hackers to identify security weaknesses Security Awareness: Applying Practical Security in Your World

39 Shares Share  Any object that is shared with others
Necessary for today’s networked computers, but can open security weaknesses if not done correctly General rules for setting up shares: Determine who needs access and what level Use groups and assign permissions to the group rather than individuals Assign most restrictive permissions that still allow users to perform necessary tasks Organize resources Security Awareness: Applying Practical Security in Your World

40 Summary Physical security is protecting the computer and equipment itself. Easily and often overlooked area of personal computer security. One primary goal: prevent unauthorized users from reaching the equipment to steal, use or vandalize it. Door locks are the first line of defense in physical security. The steps taken to protect portable devices are different, because they are designed to be moved. Security Awareness: Applying Practical Security in Your World

41 Summary (continued) Data security is as important as physical security. Two procedures used to secure data: Cryptography Science of transforming information so that it is secure during transmission or storage Restrict users from accessing the data using a variety of tools Passwords—Biometrics—Tokens—Smart cards are examples of the tools used for authentication of identity Security Awareness: Applying Practical Security in Your World

42 Summary (continued) Operating system hardening is the process of making a PC operating system more secure Patch management Antivirus software Antispyware software Setting correct permissions for shares Security Awareness: Applying Practical Security in Your World

Download ppt "Security Awareness: Applying Practical Security in Your World"

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.

Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Chapter 2 Desktop Security

Chapter 2 Desktop Security
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Similar presentations

Ads by Google