A+ Describe security fundamentals

CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
In this session, you will learn to:
Objectives
Describe security fundamentals.
Identify security protection measures.
Identify methods for securing data and the physical
components of computer systems.
Ver. 1.0 Session 14 Slide 1 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Security fundamentals are important to implement a secure
Security Fundamentals
personal computer, to protect it from the threats.
Security implementations are constructed from fundamental
building blocks.
Ver. 1.0 Session 14 Slide 2 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
A corporate security policy is a formalized statement that
Corporate Security Policies
defines how security will be implemented within a particular
organization.
Formal policy
statement
Individual policy
Resources to
protect
Implementation
measures
Ver. 1.0 Session 14 Slide 3 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
A security incident report is any mechanism that
Security Incident Reports
documents and communicates a possible or confirmed
security incident and any response to the incident.
Timely
reporting
Paper
form
Documents and
communicates
incident and
response
Ver. 1.0 Session 14 Slide 4 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Authentication is a network security measure in which a
Authentication
computer user or some other network component proves its
identity in order to gain access to network resources.
Who I am
How do I know?
User name & password
Approved
Ver. 1.0 Session 14 Slide 5 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
There are several major categories of authentication
Authentication Methods
methods in use today, such as:
User name and password
Biometrics
Smart cards
Multi-factor
User Name
Password
User name/password
Fingerprint scanner
Ver. 1.0 Session 14 Slide 6 of 32
Biometrics
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Authentication Methods (Contd.)
Smart cards
Password
Multi-factor
Ver. 1.0 Session 14 Slide 7 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Authentication Methods
Biometrics are authentication schemes based on
Biometric individuals’ physical characteristics, such as fingerprints or
vocal patterns.
Types of biometrics are:
Fingerprint scan
Retinal scan
Voice recognition
Face recognition
Biometric authentication token
Ver. 1.0 Session 14 Slide 8 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Password are managed securely by:
Password Management
Create complex passwords
Change passwords regularly
Implement SSO
Store passwords securely
Use password-management software for multiple passwords
Do not share passwords
Password
Ver. 1.0 Session 14 Slide 9 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Access control is a security measure that gives an
Access Control
administrator the ability to allow or deny access to
resources, objects, and data.
1. User authenticated 2. Allowed or denied access
to resources
Ver. 1.0 Session 14 Slide 10 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Account Windows 2000 Professional and Windows XP Professional
User Types
includes the following type of user accounts provide initial
access to the computer.
Built-in Administrator
Guest
Administrator Guest
Ver. 1.0 Session 14 Slide 11 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Built-in Group accounts that control the basic system
Groups
security include:
Administrators
Backup Operators
Guests
Power Users
Users
Ver. 1.0 Session 14 Slide 12 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Three primary mechanisms for managing access control
Access Control Measures
are:
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role-based Access Control (RBAC)
Discretionary Access Control
(DAC)
Mandatory Access Control
(MAC)
Role-based Access Control
(RBAC)
Ver. 1.0 Session 14 Slide 13 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Rights are security mechanisms that enable users to
Rights
perform system-wide actions, such as shutting down the
computer.
Change system time
Log on
Back up files
Shut down computer
System-wide abilities
Ver. 1.0 Session 14 Slide 14 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Auditing is a security measure that tracks user and
Auditing
operating system activities by recording selected types of
events in a log.
Security log
User and system
activities
Ver. 1.0 Session 14 Slide 15 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Security Protection Measures
Security protection measures enable you to manage a
secure personal computer.
Ver. 1.0 Session 14 Slide 16 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Encryption is a security measure in which information is
Encryption
encoded or scrambled so that it cannot be read unless the
recipient knows the decoding mechanism, or key.
Client Server
Ox12j Data
Encrypted data Decrypted data
Ver. 1.0 Session 14 Slide 17 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Three main techniques for encrypting data are:
Data Encryption Methods
Hashing
Symmetric encryption
Asymmetric encryption
Hashing Symmetric
Ver. 1.0 Session 14 Slide 18 of 32
Asymmetric
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Malicious software is any unwanted software that has the
Malicious Software
potential to damage a system, impede performance, or
create a nuisance condition.
Attacker
Ver. 1.0 Session 14 Slide 19 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Types of malicious software are:
Types of Malicious Software
Viruses
Worms
Trojans
Logic Bombs
Spyware
Adware
Grayware
Spam
Hoaxes
Ver. 1.0 Session 14 Slide 20 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Malicious Software To protect the system against malicious software the
Protection Techniques
techniques are:
Anti-virus and other protective software
Email attachment security
Pop-up blockers
Spam blocks and filters
Trusted installation sources
User awareness
Ver. 1.0 Session 14 Slide 21 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
A firewall is a software program or hardware device that protects
Firewalls
networks from unauthorized data by blocking unsolicited traffic.
Allowed traffic
Firewall
Denied traffic
Ver. 1.0 Session 14 Slide 22 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
To secure the file system from access by unauthorized users
File System Security Measures
measures that are taken are:
File system permissions
File encryption
Format partitions to NTFS
Ver. 1.0 Session 14 Slide 23 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Implementing all system security measures is to protect
Data and Physical Security
computing systems themselves along with the information
stored on them and passed between them.
The security techniques will help select and implement the
appropriate level of data and physical security on supported
systems.
Ver. 1.0 Session 14 Slide 24 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Physical Access Controls are measures that restrict
Physical Access Controls
access to specific physical areas.
Various types of physical access controls are:
Locks and keys
Swipe cards
PIN entry
Biometric access
Human guards
Double-key entry
Physical barriers
Alarms
Monitoring devices
Ver. 1.0 Session 14 Slide 25 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Data Access Policies
A data access policy is a group of policy provisions or
software policy settings that control who can access
computer systems and the data they store.
Ver. 1.0 Session 14 Slide 26 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Protection
There are various methods you can employ to increase the
Workstation security of computer workstations and laptops, such as:
Add a BIOS password
Add a physical lock
Lock the workstation when idle
Password-protect screen savers
Ver. 1.0 Session 14 Slide 27 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Backup security measures include:
Backup Security
Policy settings to restrict backup and restore rights
Store backups in secure onsite and offsite locations
Control physical access to backups
Ver. 1.0 Session 14 Slide 28 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
To migrate data securely:
Data Migration
Data encryption protocol
VPN over the Internet
Intrusion detection systems
Direct connection for short-range transfers
Password-protect email attachments
Ver. 1.0 Session 14 Slide 29 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Data Data removal mechanisms are:
Removal
Deleting data not sufficient
One format not sufficient
Use multiple reformats
Use bulk erasure
Destroy inexpensive media
Ver. 1.0 Session 14 Slide 30 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
Media and hardware can be disposed by:
Media and Hardware Disposal
Recycle
Donate
Use disposal contractor
Security measures while disposing off media and hardware:
Shred or burn documents
Bulk erase electronic media
Break disks
Ver. 1.0 Session 14 Slide 31 of 32
CIonmsptaTlIliAn gA +W Cinedrotiwficsa XtPio nP:r oPfeersssoionnaal lC Uomsinpgu tAetrt eSnedcuerdi tIyn Cstoanllcaetpiotsn
In this session, you learned that :
Summary
The security is essential part for building a secure personal
computer.
The security protection measures that are implemented to
manage the security of the personal computer.
The methods that are necessary to prevent data from data
loss.
The methods that are necessary for safe disposal of physical
components of computer systems as they can create
environmental hazards.
Ver. 1.0 Session 14 Slide 32 of 32