Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 2 Desktop Security

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 2 Desktop Security"— Presentation transcript:

1 Chapter 2 Desktop Security
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 2 Desktop Security

2 Objectives Describe the type of attacks that are launched against a desktop computer List the defenses that can be set up to protect a desktop computer Describe the steps for recovering from an attack Security Awareness: Applying Practical Security in Your World, 2e

3 Attacks on Desktop Security
Malicious software (malware) Can break into and create havoc on desktop computers Internet service providers (ISPs) in North America Spend $245 million annually to combat malware Virus Secretly attaches itself to document or program and executes when document or program is opened Security Awareness: Applying Practical Security in Your World, 2e

4 Security Awareness: Applying Practical Security in Your World, 2e

5 Viruses Require a host to carry them from one system to another
Possible effects Cause a computer to continually crash Erase files from a hard drive Install hidden programs Reduce security settings Reformat the hard disk drive Security Awareness: Applying Practical Security in Your World, 2e

6 Viruses (continued) Symptoms that indicate virus infection
Program suddenly disappears from computer New programs do not install properly Out-of-memory error messages appear Unusual dialog boxes or message boxes appear Computer runs slowly and takes a long time to start Significant amount of modem activity Security Awareness: Applying Practical Security in Your World, 2e

7 Worms Difference between worms and viruses Virus Worm
Must attach itself to a computer document Spreads by traveling along with the document Requires action by computer user to begin execution Worm Does not attach to a document to spread Can travel by itself Needs user to perform an action Security Awareness: Applying Practical Security in Your World, 2e

8 Logic Bombs Computer programs that lay dormant until triggered by a specific logical event Once triggered Can perform various malicious activities Extremely difficult to detect before triggered Security Awareness: Applying Practical Security in Your World, 2e

9 Basic Attacks Social engineering Password guessing
Physical theft or lost data Improper use of recycled computers Security Awareness: Applying Practical Security in Your World, 2e

10 Social Engineering Relies on tricking and deceiving someone to access a system Dumpster diving Digging through trash receptacles to find Computer manuals Printouts Password lists Security Awareness: Applying Practical Security in Your World, 2e

11 Password Guessing Password Characteristics of weak passwords
Secret combination of letters and numbers that validates or authenticates a user Characteristics of weak passwords Passwords that are short Common word used as a password Using the same password for all accounts Personal information in a password Security Awareness: Applying Practical Security in Your World, 2e

12 Security Awareness: Applying Practical Security in Your World, 2e

13 Password Guessing (continued)
Brute force Attacker attempts to create every possible password combination Dictionary attack Attacker takes each word from dictionary and encodes it Attacker then compares the encoded dictionary words against those in the encoded password file Security Awareness: Applying Practical Security in Your World, 2e

14 Security Awareness: Applying Practical Security in Your World, 2e

15 Physical Theft or Lost Data
February 2005 Bank of America lost computer backup tapes Containing personal information on about 1.2 million charge card users May 2005 AOL reported that information on 600,000 current and former employees was missing June 2005 Citigroup announced that personal information on 3.9 million consumer lending customers of its CitiFinancial subsidiary was lost or stolen Security Awareness: Applying Practical Security in Your World, 2e

16 Improperly Recycled Computers
Many organizations and individuals recycle older computers by giving them to schools, charities, or selling them online Deleting files does not remove the information Only deletes filename from hard disk table Even reformatting a drive, or preparing the hard drive to store files, may not fully erase data on it Security Awareness: Applying Practical Security in Your World, 2e

17 Desktop Defenses Patch software Microsoft Windows operating system
Software security updates Microsoft Windows operating system Most frequently distributed patch software Microsoft Releases patches on second Tuesday of every month Typically releases 5-15 software patches for download and installation Security Awareness: Applying Practical Security in Your World, 2e

18 Desktop Defenses (continued)
Microsoft classifies patches based on level of vulnerability that patch fixes Critical Important Moderate Low Security Awareness: Applying Practical Security in Your World, 2e

19 Desktop Defenses (continued)
Update configuration options Automatic Download Notify Turnoff Security Awareness: Applying Practical Security in Your World, 2e

20 Security Awareness: Applying Practical Security in Your World, 2e

21 Antivirus Software Best defense against viruses
Generally configured to Constantly monitor for viruses Automatically check for updated signature files Allows for manual signature updates Security Awareness: Applying Practical Security in Your World, 2e

22 Security Awareness: Applying Practical Security in Your World, 2e

23 Security Awareness: Applying Practical Security in Your World, 2e

24 Strong Authentication Methods
Basic rules for creating strong passwords Passwords must have at least eight characters Passwords must contain a combination of letters, numbers, and special characters Passwords should be replaced every 30 days Passwords should not be reused for 12 months Same password should not be used on two or more systems or accounts Security Awareness: Applying Practical Security in Your World, 2e

25 Security Awareness: Applying Practical Security in Your World, 2e

26 Strong Authentication Methods (continued)
Biometrics Uses unique human characteristics for authentication Most common biometric device Fingerprint scanner High-end scanners Relatively expensive Can be difficult to use Can reject authorized users while accepting unauthorized users Security Awareness: Applying Practical Security in Your World, 2e

27 Security Awareness: Applying Practical Security in Your World, 2e

28 Protecting Laptop Computers
Device lock Consists of a steel cable and a lock Economical, simple and quick to install Very portable Stealth signal transmitter Software installed on laptop that cannot be detected Security Awareness: Applying Practical Security in Your World, 2e

29 Security Awareness: Applying Practical Security in Your World, 2e

30 Cryptography Science of transforming information
So that it is secure while being transmitted or stored Does not attempt to hide the existence of data Scrambles data so that it cannot be viewed by unauthorized users Security Awareness: Applying Practical Security in Your World, 2e

31 Cryptography (continued)
Encryption Changing original text to secret message using cryptography Decryption Changing secret message back to its original form Security Awareness: Applying Practical Security in Your World, 2e

32 Public and Private Keys
Private key system Same key is used to encrypt and decrypt message Public key system Two mathematically related keys are used Public key and a private key Security Awareness: Applying Practical Security in Your World, 2e

33 Security Awareness: Applying Practical Security in Your World, 2e

34 Security Awareness: Applying Practical Security in Your World, 2e

35 Digital Signatures Digital signature
Code attached to an electronic message that helps to prove that Person sending message with public key is not an imposter Message was not altered Message was sent Encrypted hash of a message that is transmitted along with message Security Awareness: Applying Practical Security in Your World, 2e

36 Digital Signatures (continued)
Hash Creates encrypted text that is never intended to be decrypted Used in a comparison for authentication purposes Security Awareness: Applying Practical Security in Your World, 2e

37 Security Awareness: Applying Practical Security in Your World, 2e

38 Security Awareness: Applying Practical Security in Your World, 2e

39 Digital Certificates Link or bind a specific person to a public key
Provided by a certification authority (CA) Public key that has been digitally signed by a recognized authority (the CA) Attesting that owner of the key is not an imposter Security Awareness: Applying Practical Security in Your World, 2e

40 Properly Retiring Old Computers
Files that should be removed when selling or donating an old computer contacts messages All personal documents All files in the recycle bin or trash folder Internet files All nontransferable software Security Awareness: Applying Practical Security in Your World, 2e

41 Recovering from Attacks
Major steps to take when preparing for an attack Back up your data Back up system information Creating a data backup involves Copying data onto digital media Storing it in a secure location Security Awareness: Applying Practical Security in Your World, 2e

42 Recovering from Attacks (continued)
Questions when creating a data backup What information should be backed up? How often should it be backed up? What media should be used? Where should the backup be stored? How should the backup be performed? Security Awareness: Applying Practical Security in Your World, 2e

43 Saving Automated System Recovery (ASR) Data
Windows XP Automated System Recovery (ASR) Includes an ASR backup and ASR restore ASR backup records System state System services All disks associated with operating system components Security Awareness: Applying Practical Security in Your World, 2e

44 Restoring the Computer
To recover from an attack using ASR Insert original operating system installation CD into the CD drive Restart computer Press the F2 key when prompted Insert the ASR floppy disk when prompted Follow remaining directions on the screen Security Awareness: Applying Practical Security in Your World, 2e

45 Clean up the Attack Microsoft Windows Malicious Software Removal Tool
Helps remove infections by specific malware When done, displays a report describing outcome Security Awareness: Applying Practical Security in Your World, 2e

46 Restore Data from Backups
Most vendors Provide an automated wizard that guides user through process of restoring files After any successful attack Analyze why attack got through defenses Security Awareness: Applying Practical Security in Your World, 2e

47 Summary Malicious software Social engineering Patch software
Programs designed to break into or create havoc on desktop computers Social engineering Relies on trickery and deceit Is considered a basic attack Patch software Describes software security updates Security Awareness: Applying Practical Security in Your World, 2e

48 Summary (continued) Strong passwords
Important defense mechanism against attackers Important to perform regular data backups If a computer becomes infected with malware Remove computer from network Try to reboot computer Security Awareness: Applying Practical Security in Your World, 2e

Download ppt "Chapter 2 Desktop Security"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
B.A. (Mahayana Studies) 000-209 Introduction to Computer Science November 2005 - March 2006 9. Safety and Security What are the main safety and security.

B.A. (Mahayana Studies) Introduction to Computer Science November March Safety and Security What are the main safety and security.
Security Awareness Chapter 2 Desktop Security. Objectives After completing this chapter, you should be able to do the following: Describe the different.

Security Awareness Chapter 2 Desktop Security. Objectives After completing this chapter, you should be able to do the following: Describe the different.
Security Awareness Chapter 2 Desktop Security. After completing this chapter, you should be able to do the following:  Describe the different types of.

Security Awareness Chapter 2 Desktop Security. After completing this chapter, you should be able to do the following:  Describe the different types of.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.
COMPUTER BACKUP A disaster will happen to you one day…an accidentally deleted file, a new program that caused problems or a virus that wreaked havoc, wiping.

COMPUTER BACKUP A disaster will happen to you one day…an accidentally deleted file, a new program that caused problems or a virus that wreaked havoc, wiping.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Similar presentations

Ads by Google