MODULE – V

Module – v: End point device and Mobile phone security, Password policy, security patch management,
Data backup, Downloading and management of third-party software, Device security policy, cyber
security best practices, significance of host firewall and Ant-virus, Management of host firewall and
Anti-virus, Wi-fi security, configuration of basic security policy and permissions.

End point device

❖ What is Endpoint Security?

✓ Endpoint security involves the protection of end-user devices on your network, also known as
“endpoints.” Most businesses have multiple endpoints in their networks, including everything from
computers and laptops to mobile phones, tablets and servers. Small businesses might have only a few
connected devices, whereas enterprise-level operations could be dealing with thousands of devices all
connecting to their network and sharing data.

✓ With the Internet of Things (IoT) growing in leaps and bounds, it’s all too easy for hackers to exploit
device vulnerabilities to break into business networks in search of sensitive data. With the right
endpoint security solutions in place, however, you can protect your network from malicious attacks,
stopping them before they truly start or limiting their impact.

✓ Examples of endpoints include:

• Mobile computers and smartphones

• Sensors / actuators

• Industrial / smart manufacturing controllers

• Smart lighting and heating controllers

• Smart cameras and computer vision systems

• Security systems

• Point-of-sale (POS) terminals

❖ Objectives for targeting endpoints include, but are not limited to:
• Use an endpoint as an entry and exit point to access high-value assets and information on an
organization’s network.
• Access assets on the endpoint to exfiltrate or hold hostage, either for ransom or purely for
disruption.
• Take control of the device and use it in a botnet to execute a DoS attack.
❖ Why Is an Endpoint Important?
✓ Endpoints are rapidly increasing, due in part by the proliferation of the internet of things (IoT). In some
instances, so much data is collected by an IoT endpoint device that there can be challenges associated
with transmitting to the data center for processing. To address these issues and maximize data insights,
endpoint devices are increasingly empowered to “think” for themselves. Endpoint AI has emerged as
a way to make even the smallest endpoints intelligent and capable of performing some degree of real-
time analytics.
✓ By processing the data, they collect without moving it (or processing the data to the degree to which
only the relevant information need be transmitted), allows organizations to save bandwidth and:
• Minimize latency by avoiding the need to wait for responses from the cloud.

1|Page
 • Improve overall system performance by processing data locally.
• Reduce the power budget and increase battery life.
• Reduce reliance on the cloud and increase autonomy.
• Increase privacy and security by avoiding the transmission of data between systems.
• Reduce cost by using less network bandwidth.
❖ Endpoint Security Risks & Threats
✓ There are many endpoint security risks and threats to defend against, with new threats evolving daily.
As noted above, zero-day attacks are among the most common reported when it comes to endpoint
incursions. While insider threats are a concern, the largest threat to businesses today comes from
external criminal activity.

• Common Endpoint Threats

✓ Here are some of the most common endpoint threats today:
• Phishing. Phishing attacks involve individuals (or bots) posing as legitimate parties in an attempt to
gain access to sensitive data. This can occur over email, phone, text, or chat. Security awareness
training alongside technical solutions like screening phishing IP addresses and sandboxing inbound
email addresses can help to prevent or limit the impact of phishing.
• Ransomware. Ransomware blocks access to a device or files until the attacker gets what they demand
(often money or data). Anti-malware and antivirus solutions are your best defense.
• Device Vulnerabilities. Unpatched vulnerabilities in devices and software provide access points for
attackers. Be sure that all of your systems, hardware and software are up-to-date and running the
most recent versions.

❖ Endpoint Security Solutions

✓ When it comes to endpoint security, there are three main categories to consider: endpoint security
software, hardware solutions and managed endpoint security service.
❖ Endpoint Security Software
✓ Endpoint protection starts with finding the right software to protect devices and data while limiting
access to your network. This software could include firewalls, antivirus programs, encryption
software, application control and more.
✓ Endpoint security software is not usually a single program. Instead, you will likely have several
programs working together to protect your entire network and the devices connected to it. You should
plan to have software installed on a centralized server as well as on individual endpoint devices.
✓ Endpoint control software is an essential component, ensuring the integrity and authenticity of
applications and their data. If applications have been infiltrated and they’re not behaving as they
should, endpoint protections must recognize the threat and stop these applications from executing,
potentially compromising sensitive data and putting the entire network at risk.
❖ Endpoint Security Hardware
✓ There are hardware solutions available that can help to improve your endpoint security as well. Some
of the most common hardware solutions include:
✓ There are hardware solutions available that can help to improve your endpoint security as well. Some
of the most common hardware solutions include:
• Firewalls & UTM Devices. UTM stands for “unified threat management”. These appliances create
a single point of defense that can make managing updates and security maintenance much
easier. Shop Now.
• Security Tokens. Tokens are devices used to manage multi-factor authentication to restrict access
and help to keep your data and networks safe.
• Physical Security Systems. Physical security solutions like cameras and alarms can help to detect
intrusions or tampering with your physical devices.

2|Page
 •
Network Access Control Systems. These systems can provide automatic device discovery,
monitoring, and management to help prevent unwanted endpoints from accessing your network
and/or limit activity to align with your policies.
❖ Mobile phone security:
✓ Mobile phones are becoming ever more popular and are rapidly becoming attractive targets for
malicious attacks. Mobile phones face the same security challenges as traditional desktop computers,
but their mobility means they are also exposed to a set of risks quite different to those of a computer
in a fixed location. Mobile phones can be infected with worms, trojan horses or other virus families,
which can compromise your security and privacy or even gain complete control over the device. This
guide provides the necessary steps, do’s, don’ts & tips to secure your mobile devices.
❖ key aspects of mobile phone security:
1. Device Locks:
✓ Set a strong PIN, password, pattern, fingerprint, or face recognition to lock your device. This adds an
extra layer of protection in case your phone falls into the wrong hands.
2. Software Updates:
✓ Keep your phone's operating system and applications up to date. Manufacturers regularly release
updates that often include security patches to address vulnerabilities.
3. App Permissions:
✓ Review and understand the permissions requested by each app before installation. Grant only the
necessary permissions to apps, and be cautious about apps that ask for excessive access to your device.
4. App Source:
✓ Download apps only from official app stores such as Google Play Store (for Android) or the Apple App
Store (for iOS). Avoid third-party app stores to minimize the risk of downloading malicious apps.
5. Antivirus Software:
✓ Consider installing reputable antivirus or security software on your device to protect against malware
and other security threats. There are several well-known options available for both Android and iOS.
6. Remote Tracking and Wiping:
✓ Enable features like "Find My iPhone" (iOS) or "Find My Device" (Android) to remotely locate, lock, or
erase your phone in case it's lost or stolen.
7. Secure Wi-Fi Connections:
✓ Avoid connecting to unsecured Wi-Fi networks, especially for sensitive activities like online banking.
Use a virtual private network (VPN) when connecting to public Wi-Fi.
8. Bluetooth and NFC:
✓ Turn off Bluetooth and NFC when not in use to prevent unauthorized access or attacks.
9. Backup Your Data:
✓ Regularly back up your important data to a secure cloud service or an external device. This ensures
that you can recover your information even if your device is lost or damaged.
10. Phishing Awareness:
✓ Be cautious of phishing attempts through emails, messages, or apps. Avoid clicking on suspicious links
and only provide personal information on trusted websites.
11. Biometric Security:
✓ If your device supports biometric authentication, such as fingerprint or facial recognition, consider
using these methods for added convenience and security.
✓ By implementing these practices, you can significantly enhance the security of your mobile phone and
protect your personal data from various threats.

3|Page
❖ How does Mobile Device Security work?
✓ Securing mobile devices requires a multi-layered approach and investment in enterprise solutions.
While there are key elements to mobile device security, each organization needs to find what best fits
its network.
✓ To get started, here are some mobile security best practices:
• Establish, share, and enforce clear policies and processes
• Mobile device rules are only as effective as a company’s ability to properly communicate those policies
to employees. Mobile device security should include clear rules about:
1. What devices can be used
2. Allowed OS levels
3. What the company can and cannot access on a personal phone
4. Whether IT can remote wipe a device
5. Password requirements and frequency for updating passwords
1. Password protection
✓ One of the most basic ways to prevent unauthorized access to a mobile device is to create a strong
password, and yet weak passwords are still a persistent problem that contributes to the majority of
data hacks. Another common security problem is workers using the same password for their mobile
device, email, and every work-related account. It is critical that employees create strong, unique
passwords (of at least eight characters) and create different passwords for different accounts.
2. Leverage biometrics
✓ Instead of relying on traditional methods of mobile access security, such as passwords, some
companies are looking to biometrics as a safer alternative. Biometric authentication is when a
computer uses measurable biological characteristics, such as face, fingerprint, voice, or iris recognition
for identification and access. Multiple biometric authentication methods are now available on
smartphones and are easy for workers to set up and use.
3. Avoid public Wi-Fi
✓ A mobile device is only as secure as the network through which it transmits data. Companies need to
educate employees about the dangers of using public Wi-Fi networks, which are vulnerable to attacks
from hackers who can easily breach a device, access the network, and steal data. The best defense is
to encourage smart user behaviour and prohibit the use of open Wi-Fi networks, no matter the
convenience.
4. Beware of apps
✓ Malicious apps are some of the fastest growing threats to mobile devices. When an employee
unknowingly downloads one, either for work or personal reasons, it provides unauthorized access to
the company’s network and data. To combat this rising threat, companies have two options: instruct
employees about the dangers of downloading unapproved apps, or ban employees from downloading
certain apps on their phones altogether.
5. Mobile device encryption:
✓ Most mobile devices are bundled with a built-in encryption feature. Users need to locate this feature
on their device and enter a password to encrypt their device. With this method, data is converted into
a code that can only be accessed by authorized users. This is important in case of theft, and it prevents
unauthorized access.
Password policy
✓ A password policy is a set of rules designed to improve security by establishing strict password
requirements for your users. These rules are enforced on all users in your account.
✓ A password policy is a set of rules and requirements designed to enhance the security of user accounts
by ensuring that passwords are strong, unique, and regularly updated. Implementing a strong
password policy is crucial for protecting sensitive information and preventing unauthorized access.
❖ Password policy settings
o Password policy controls password settings for all users on your account. You can configure the
following password settings:

4|Page
• Minimum password length
• Minimum uppercase characters
• Minimum numeric characters
• Minimum special characters Valid special characters: @ # $ % ^ & * ( ) - _ = + ’ " { } | ; : < > , . / ? !
• Password history restriction - Prevents users from entering previously used passwords when updating
their passwords.
• Password expiration - The number of days before a password expires and a new one must be set.
o The following two password policies cannot be changed or disabled:
• Does not match the username
• Does not appear in compromised password database

❖ Why We needed Password Policy & Compliance

o Password policies and compliance are rules and methods that enforce the user for using a secure and
robust password. A billion credentials were stolen last year from multiple data breaches

1. Use longer passwords: Hackers use methods like brute force attacks to gain access to your
accounts. In a brute force attack, hackers run a program and check all possible combinations of
letters, numbers, and symbols until the correct one is found.
2. Do not reuse passwords: When large-scale data breaches occur, email addresses and passwords
are often leaked online. If you reuse credentials across multiple accounts and one of them gets
compromised, hackers can easily access your other accounts as well.
3. Do not use personal information: Many people use names, birthdays, phone numbers, and other
personal details in their passwords. While these are easy to remember, such data are readily
available online and accessible to hackers.
4. Change passwords in the event of a compromise: These days, we witness massive credential spills
on a day-to-day basis. Whenever such an incident is reported, if you have ever dealt with the victim
organization, immediately change the password used.
5. Never text or email your passwords: When you share a username and password with someone
over email or text, even if that person may not share it with anyone else, your credentials can get
exposed if their email account or device gets compromised.
6. Avoid password recycling: Organizations should ensure that end-users do not recycle old
passwords. The policy should enforce a minimum password age. Otherwise, end-users could
change their password multiple times within a few minutes and reuse their previous password.
7. Start using a password manager: Maintaining an excel sheet or writing it down on a sheet of paper
are dangerous ways to store your passwords. The most effective solution to maintaining overall
password hygiene is to use a password manager. A password manager helps you create strong
passwords based on the best practices mentioned above and securely store them.

Security patch management

❖ What is Patch Management?
✓ Patch management is the process of maintaining computer networks by performing regular patch
deployments. Patches are updates to existing software applications and packages. Each patch to a
system can varies greatly in severity of importance and difficulty of application.
✓ Patch management encompasses four critical elements:
1. Identifying which devices are missing patches
2. Automatically gathering patches from vendors
3. Deploying patches to devices
4. Providing reports to help you make informed business decisions

5|Page
 ✓ The primary goal of security patch management is to enhance the security posture of an
organization's IT infrastructure by addressing known vulnerabilities and reducing the risk of
exploitation by malicious actors.

1. Vulnerability Assessment: Regularly assess your systems and software for vulnerabilities. This can
be done through automated tools, manual testing, or a combination of both.
2. User Awareness: Educate users about the importance of system updates and patches. Encourage
them to promptly apply patches on their devices to enhance overall security
3. Automation: Utilize automation tools for patch management to streamline the process.
Automation helps ensure that patches are applied consistently and in a timely manner.
4. Compliance: Adhere to regulatory requirements and industry best practices related to patch
management. This helps in demonstrating the organization's commitment to security.
5. Documentation: Maintain detailed documentation of the patch management process, including
the timeline of patch deployment, any issues encountered, and actions taken.

Data backup

❖ What Is a Data Backup?

✓ Data backup is the practice of copying data from a primary to a secondary location, to protect it in case
of a disaster, accident or malicious action. Data is the lifeblood of modern organizations, and losing
data can cause massive damage and disrupt business operations. This is why backing up your data is
critical for all businesses, large and small.
❖ What does backup data mean?
✓ Typically, backup data means all necessary data for the workloads your server is running. This can
include documents, media files, configuration files, machine images, operating systems, and registry
files. Essentially, any data that you want to preserve can be stored as backup data.

1. Identify Critical Data: Determine what data is essential and needs regular backup. Prioritize
important documents, photos, videos, and any files crucial for your work.
2. Choose Backup Methods:
✓ Utilize a combination of methods like external hard drives, cloud storage, or network-attached
storage (NAS).
✓ Cloud services such as Google Drive, Dropbox, or OneDrive offer convenient remote backups.
3. Set Backup Schedule: Establish a regular backup schedule based on how frequently your data
changes. Automated backup tools can simplify this process, ensuring consistency.
4. External Hard Drives: Connect an external hard drive and use built-in backup features or
dedicated backup software. Disconnect the drive after backup to protect against malware or
accidental data deletion.
5. Cloud Backup: Choose a reliable cloud service and configure automatic syncing of important
folders. Ensure the service encrypts your data for added security.
6. Network-Attached Storage (NAS): If applicable, set up a NAS device on your home or office
network for centralized data storage. Schedule regular backups to the NAS for an additional layer
of redundancy
7. Verify Backups: Periodically check your backups to ensure they are complete and accessible.
Simulate a data restoration process to confirm the integrity of your backup files.

6|Page
 8. Multiple Locations: Store backups in different physical locations to guard against disasters like fire
or theft.

Downloading and management of third-party software

❖ What is third-party software?

✓ Third party software is any piece of software that is not a direct part of your DIS Business System.
Third-party software can be completely separate and easily identifiable from any DIS product, or it can
be used to perform functions related to your business system. Confused yet? You most likely use a lot
of third-party software every day. Examples include Microsoft Office products like Word and Excel,
email software like Outlook or Gmail, and antivirus software like McAfee or Norton.
❖ What is some popular third-party software?

✓ Some third-party software is so closely integrated into your daily functions that you might not even
think of it as separate software. Some examples include internet browsers (Internet Explorer,
Firefox and Google Chrome), PDF readers like Adobe Reader, and Java, a programming language and
computing platform software that is used to interact with most websites. Many third-party software
applications are already installed when you purchase a new PC, because they are necessary for
normal computing.
✓ This practice is crucial for individuals, businesses, and organizations to ensure the availability and
integrity of important information
1. Source Reliability: Download software only from reputable sources, such as official
websites or trusted app stores. Avoid downloading from unfamiliar websites to minimize
the risk of malware.
2. Read Reviews: Check user reviews and ratings before downloading to gauge the
software's reputation and reliability. Look for feedback on security, performance, and user
experience.
3. Official Websites: Prefer downloading software directly from the official website or
authorized distribution channels. Be cautious with third-party download sites, as they may
bundle software with unwanted extras.
4. Check System Requirements: Verify that the software is compatible with your operating
system and hardware. Review system requirements on the official website before
downloading.
5. Use Trusted Antivirus Software: Keep your antivirus software up-to-date to scan and
detect any potential threats in downloaded files. Regularly perform full system scans for
added security.
6. Keep Software Updated: Enable automatic updates for third-party software whenever
possible. Updates often include security patches and improvements, reducing
vulnerabilities.
7. Uninstall Unused Software: Regularly review installed software and uninstall any
programs you no longer need. This reduces the potential attack surface and keeps your
system cleaner.
8. License Agreements: Read and understand the terms of use and license agreements
before installing any software. Be aware of any bundled software or additional tools
included in the installation.
9. Stay Informed: Stay informed about security vulnerabilities associated with the software
you use. Subscribe to notifications or newsletters from developers to receive timely

7|Page
 updates.
10. Backup Before Installation: Create a backup of important data before installing new
software, especially major updates or system utilities. This precaution provides a safety
net in case of unexpected issues during installation.
❖ Downloading Third-Party Software:
1. Official Sources:
✓ Download software only from official and reputable sources. Avoid third-party websites, as they may
host modified or malicious versions of the software.
2. Vendor's Website:
✓ Whenever possible, download software directly from the vendor's official website. This ensures that
you get the latest and legitimate version of the software.
3. Check Reviews and Ratings:
✓ Before downloading, check reviews and ratings from reliable sources or user communities to gauge
the software's reputation and reliability.
4. Avoid "Cracked" Software:
✓ Refrain from downloading cracked or pirated versions of software, as they often contain malware or
other security risks. Use legitimate channels to obtain software licenses.
5. Verify URLs:
✓ Double-check the URL to ensure that it matches the official website of the software vendor. Be cautious
of phishing attempts that mimic legitimate sites.
❖ Installing and Managing Third-Party Software:
1. Read Terms and Conditions:
✓ Take the time to read the terms and conditions of the software installation. Be aware of any bundled
software or additional tools that may come with the installation.
2. Custom Installations:
✓ During the installation process, opt for custom installations rather than "quick" or "default"
installations. This allows you to control which components are installed.
3. Uncheck Unnecessary Options:
✓ Uncheck any pre-selected options for additional software or toolbars that are not necessary for the
functionality of the main application.
4. Update Settings:
✓ Configure the software to update automatically or be notified of updates. Keeping software up to date
is crucial for security, as updates often include patches for known vulnerabilities.
5. Check for Digital Signatures:
✓ Verify that the downloaded software has a valid digital signature from the vendor. Digital signatures
ensure that the software has not been tampered with or altered.
6. Use a Standard User Account:
✓ Avoid installing software using an administrator account unless necessary. Use a standard user account
for everyday tasks to minimize the impact of potential security vulnerabilities.
7. Regularly Review Installed Software:
✓ Periodically review the list of installed software on your system and uninstall any
applications that are no longer needed. This helps reduce potential security risks.
8. Security Software:
✓ Maintain up-to-date antivirus and anti-malware software on your system to provide
an additional layer of protection against potential threats.
9. Backup Before Installation:
✓ Before installing significant software updates or new applications, consider backing up your system.
This can help recover your data in case of any issues during or after installation.
10. Secure Configuration:
✓ Configure the software securely, following best practices provided by the vendor. This may include
setting up firewalls, adjusting security settings, and implementing strong passwords.

8|Page
 Device security policy

❖ What is device security?

✓ Device security is the defense of IT assets against harm and unauthorized use. Although the term
“device security” is not as widely used as “cybersecurity,” it is a relevant concept that denotes the full
range of practices for securing desktop PCs, laptops, smartphones, tablets, or Internet of Things (IoT)
devices.
✓ To reliably fend off modern security threats, a device security strategy must be multilayered, with
multiple security solutions working in tandem with one another and oriented around a consistent set
of processes. Moreover, both security personnel and end-users must be aligned on best practices such
as keeping software up to date and using the right access points or gateways when accessing
applications remotely.
❖ What does device security include?
Device security has three fundamental components.
1) People: Security experts, whether in-house or at a cloud service provider, are the core of device
security. They decide what tools and controls are implemented and monitor environments for
anomalies and threats. Security leaders are also important in educating users about how to prevent
sensitive data leakage and avoid risky behaviours, especially when working remotely.
2) Processes: Effective device security requires a systematic approach to dealing with each threat, with
security policies and plans that follow best practices. For example, the National Institute of Standards
and Technology offers a framework with a continuous cycle of Identify > Protect > Detect > Respond >
Recover that can be followed when confronted with malware or ransomware.
3) Technologies: Many technical solutions are available for securing environments against threats. Web
application firewalls (WAFs), analytics, bot identification and management platforms, antimalware
programs, email security, and more are among the most commonly deployed for this purpose. The
exact mix of tools changes over time. For instance, secure internet access may replace a traditional
virtual private network (VPN).

✓ For device security, keep software updated, use strong passwords, enable two-factor
authentication, install reputable antivirus software, and avoid suspicious links or apps.
1. Software Updates: Regularly update your device's operating system and applications to
patch vulnerabilities and ensure the latest security features.
2. Strong Passwords: Use complex passwords with a mix of uppercase and lowercase
letters, numbers, and symbols. Avoid easily guessable information like birthdays or
names.
3. Two-Factor Authentication (2FA): Enable 2FA whenever possible to add an extra layer
of security. This typically involves receiving a code on a secondary device or via SMS.
4. Antivirus Software: Install reputable antivirus and anti-malware software to detect and
remove malicious programs that could compromise your device's security.
5. Secure Wi-Fi Connection: Use a strong, encrypted Wi-Fi password. Avoid public Wi-Fi
for sensitive transactions unless using a virtual private network (VPN).
6. App Permissions: Review and limit the permissions granted to each app. Only give
necessary access to features like camera, location, and contacts.
7. App Updates: Keep all installed apps updated to ensure they have the latest security
patches and bug fixes.
8. Biometric Security: If available, use biometric features like fingerprint or facial
recognition for added security

9|Page
 9. Backup Regularly: Back up your important data regularly to an external source or a
secure cloud service. This ensures you can recover your information in case of data loss.
10. Secure Browsing: Use secure, encrypted connections (https://) when browsing the
internet. Be cautious of phishing websites and only download files from trusted sources.
11. Remote Tracking and Wiping: Enable remote tracking and wiping features in case your
device is lost or stolen. This allows you to locate your device and erase data if necessary.
12. Awareness and Education: Stay informed about the latest security threats and best
practices. Educate yourself on common scams and phishing techniques to avoid falling
victim.
13. Physical Security: Keep your device physically secure. Avoid leaving it unattended in
public places, and consider using lock screens or passwords to prevent unauthorized
access.
14. Regular Audits: Periodically review your device security settings and update them as
needed. Remove unused apps and accounts to minimize potential vulnerabilities.

cyber security best practices

1. Keep software up-to-date
✓ Software companies typically provide software updates for 3 reasons: to add new features, fix known
bugs, and upgrade security. Always update to the latest version of your software to protect yourself
from new or existing security vulnerabilities.
2. Avoid opening suspicious emails
✓ If an email looks suspicious, don’t open it because it might be a scam. Someone might be
impersonating another individual or company to gain access to your personal information. Sometimes
the emails may also include attachments or links that can infect your devices.
3. Keep hardware up-to-date
✓ Outdated computer hardware may not support the most recent software security upgrades.
Additionally, old hardware makes it slower to respond to cyber-attacks if they happen. Make sure to
use computer hardware that’s more up-to-date.
4. Use a secure file-sharing solution to encrypt data
✓ If you regularly share confidential information, you absolutely need to start using a secure file-sharing
solution. Regular email is not meant for exchanging sensitive documents, because if the emails are
intercepted, unauthorized users will have access to your precious data.
✓ On the other hand, using a secure file-sharing solution like Titan File will automatically encrypt
sensitive files so that you don’t have to worry about a data breach. Remember, your files are only as
secure as the tools you chose to share them with.
5. Use anti-virus and anti-malware
✓ As long as you’re connected to the web, it’s impossible to have complete and total protection
from malware. However, you can significantly reduce your vulnerability by ensuring you have an
anti-virus and at least one anti-malware installed on your computers.
6. Use a VPN to privatize your connections
✓ For a more secure and privatized network, use a virtual private network (VPN). It’ll encrypt your
connection and protect your private information, even from your internet service provider.
7. Check links before you click
✓ Links can easily be disguised as something they’re not so it’s best to double check before you click
on a hyperlink. On most browsers, you can see the target URL by hovering over the link. Do this to
check links before you click on them.

10 | P a g e
8. Don’t be lazy with your passwords!
✓ Put more effort into creating your passwords. You can use a tool
like howsecureismypassword.net to find out how secure your passwords are.
9. Disable Bluetooth when you don’t need it
✓ Devices can be hacked via Bluetooth and subsequently your private information can be stolen.
If there’s no reason to have your Bluetooth on, turn it off!
10. Enable 2-Factor Authentication
✓ Many platforms now allow you to enable 2-factor authentication to keep your accounts more
secure. It’s another layer of protection that helps verify that it’s actually you who is accessing your
account and not someone who’s unauthorized. Enable this security feature when you can.

Wi-fi security
❖ What Is Wi-Fi Security?

✓ Wi-Fi security is the protection of devices and networks connected in a wireless environment.
Without Wi-Fi security, a networking device such as a wireless access point or a router can be
accessed by anyone using a computer or mobile device within range of the router's wireless signal.
1. Encryption Protocols: Use WPA3 (Wi-Fi Protected Access 3) for the highest level of security. WPA2
is still secure but consider upgrading, if possible, as it's vulnerable to some attacks.
2. Password Strength: Choose a strong, unique password for your Wi-Fi network. Avoid using easily
guessable information like names, birthdays, or common words.
3. Router Security: Regularly update your router firmware to patch vulnerabilities. Disable remote
administration to prevent unauthorized access.
4. MAC Address Filtering: Enable MAC address filtering to specify which devices can connect to your
network.
5. Firewall Settings: Configure your router's firewall to block unauthorized access. Consider using a
hardware firewall for an additional layer of protection
6. Regular Monitoring: Keep an eye on connected devices and be aware of any unfamiliar ones.
Monitor router logs for suspicious activity.
7. Public Wi-Fi Caution: Avoid accessing sensitive information on public Wi-Fi networks. Use a VPN
(Virtual Private Network) for added security when on public networks.
8. Two-Factor Authentication: If your router supports it, enable two-factor authentication for an
extra layer of protection.
9. Physical Security: Place your router in a secure location to prevent physical tampering.

configuration of basic security policy and permissions.

✓ The configuration of basic security policies and permissions is a fundamental aspect of securing
an IT environment. Below is a guide on how to set up basic security policies and permissions for
various components of your infrastructure:
1. User Authentication and Authorization:
a. Password Policies:
✓ Set up a strong password policy, including requirements for length, complexity, and expiration.
Enforce regular password changes.
b. Multi-Factor Authentication (MFA):
✓ Implement MFA to add an extra layer of security beyond just passwords. Require users to
authenticate using a second factor, such as a mobile app or SMS code.
c. User Roles and Permissions:
✓ Define user roles based on job responsibilities. Assign minimum necessary permissions to each
role to follow the principle of least privilege.

11 | P a g e
2. Operating System Security:
a. Updates and Patch Management:
✓ Regularly update and patch operating systems to address vulnerabilities. Implement a
patch management system to ensure timely updates.
b. Firewall Configuration:
✓ Enable and configure the host firewall on servers and workstations. Define rules to allow
only necessary inbound and outbound traffic.
c. User Account Management:
✓ Set up policies for creating, modifying, and deleting user accounts. Disable or remove inactive
accounts promptly.
d. Account Lockout Policy:
✓ Implement an account lockout policy to prevent brute-force attacks. Lock user accounts after a
specified number of unsuccessful login attempts.

3. Network Security:
a. Network Segmentation:
✓ Segment the network to limit the scope of potential security breaches. Use VLANs and
subnets to isolate different types of traffic.
b. VPN Configuration:
✓ If remote access is necessary, configure and secure VPN connections. Ensure that data
transmitted over VPNs is encrypted.
c. Intrusion Detection/Prevention Systems (IDS/IPS):
✓ Implement IDS/IPS systems to monitor and respond to suspicious network activities. Configure
rules to detect and block known attack patterns.

4. Application Security:
a. Access Controls within Applications:
✓ Implement access controls within applications to restrict user access to specific features or data.
Apply the principle of least privilege.
b. Data Encryption:
✓ Encrypt sensitive data within applications, especially when storing or transmitting information.
Follow best practices for securing sensitive data.

5. Email Security:
a. Spam Filtering:
✓ Enable spam filtering on email servers to reduce the likelihood of phishing attacks and
malicious attachments.
b. Email Encryption:
✓ Implement email encryption, especially for sensitive communications. Use technologies like
Transport Layer Security (TLS) for secure email transmission.

6. Physical Security:
a. Access Controls to Physical Spaces:
✓ Control physical access to data centers, server rooms, and other critical areas. Use access
cards, biometric authentication, or other secure methods.
b. Device Encryption:
✓ Enable device encryption on laptops and mobile devices to protect data in case of device
loss or theft.

12 | P a g e
7. Security Auditing and Monitoring:
a. Security Information and Event Management (SIEM):
✓ Implement a SIEM system to collect, analyze, and respond to security events. Set up alerts
for suspicious activities.
b. Log Management:
✓ Configure systems to generate and retain logs. Regularly review logs for security events,
and establish processes for responding to anomalies.

8. Incident Response:
a. Incident Response Plan:
✓ Develop and document an incident response plan. Define roles and responsibilities, and
establish procedures for identifying, containing, eradicating, recovering from, and analyzing security
incidents.
b. Communication Plan:
✓ Establish a communication plan to notify stakeholders and users in the event of a security
incident. Clearly define the chain of command for incident response.

9. Security Training and Awareness:

a. Employee Training:
✓ Conduct regular security training for employees. Educate them on security policies, social
engineering threats, and best practices for maintaining security.
b. Phishing Awareness:
✓ Run simulated phishing exercises to train employees to recognize and report phishing
attempts.

9. Regular Security Assessments:

a. Vulnerability Assessments and Penetration Testing:
✓ Conduct regular vulnerability assessments and penetration testing to identify and remediate
security weaknesses. Regularly update and adapt security policies based on assessment findings.
✓ Remember that security policies and permissions should be regularly reviewed and updated to
adapt to changes in technology, threats, and organizational requirements. Additionally, involve key
stakeholders and departments in the development and enforcement of security policies to ensure
a comprehensive and collaborative approach to security

13 | P a g e