CYU 07317

Security Methods
Learning Objectives

 Secure a Workstation
 Disposal Methods
 Wireless Security
 Wired Security

2
WORKSTATION SECURITY

3
 Security Policy

1. A formal document defining network, computer, and user

security protocols for a system or organization:
1. For systems:
1. Limitations on functions
2. Limitations on access by external systems and users
2. For an organization:
1. Limitations on behavior of its members
2. Limitations on physical security
1. Questions to answer in writing a local security policy:
1. What assets require protection?
2. What are the possible threats?
3. What should be done in the event of a security breach?
4. What are the user responsibilities?
5. Crime and punishment

4
 Protecting Physical Equipment
Since stealing the whole PC is the
easiest way to steal data, physical
computer equipment must be secured:
•Control access to facilities
•Use cable locks
•Lock telecommunication rooms
•Use security screws
•Use security cages around equipment
•Label and install sensors on equipment
Physical Security Devices

5
 Protecting Digital Data

1. Methods of securing data:

A. Password protection
B. Restrict user permissions
C. Disable guest accounts
D. Screensaver passwords
E. Data encryption
F. Port protection
G.Data backups
H. File system security
Folder Security Properties
I. Disable autorun

6
 Personal Firewall

1. Firewall restricts what can come in and go out of your computer

across the network:
1. Stops bad stuff from coming in
2. Stops a compromised computer from infecting other computers
on network
1. Two-way personal software firewall – Inspects network traffic
passing through it and denies/permits passage based on rules
2. Application-aware firewall – allows user to specify which desktop
applications can connect to the network
1. A Stateful Packet Inspection (SPI):
1. Tracks of the state of network connections
2. Programmed to distinguish legitimate packets
3. Only packets matching a known active connection will be
allowed and all others will be rejected

7
Check Firewall Settings

8
 Update and Patch Management

Different types of Microsoft updates/patches:

1.Important updates – offer significant benefits, such as
improved security, privacy, and reliability. They should be
installed as they become available, and can be installed
automatically with Windows Update.
2.Recommended updates – address non-critical
problems or help enhance your computing experience.
They should be installed as they become available, and
can be installed automatically with Windows Update.
3.Optional updates – can include program updates,
drivers, or new software from Microsoft to enhance your
computing experience. You can only install these
manually.

9
 Patch Management
1. Depending on the type of update, Windows Update can deliver the
following:
1. Security updates – A broadly released fix for a product-specific
security-related vulnerability. Security vulnerabilities are rated
based on their severity, which is indicated in the Microsoft
security bulletin as critical, important, moderate, or low
2. Critical updates – A broadly released fix for a specific
problem addressing a critical, non-security related bug
3. Service Packs – A tested, cumulative set
of hotfixes, security updates, critical updates,
and important updates, as well as
additional fixes for problems found internally since the release of the
product. Service Packs might also contain customer requested
design changes or features
1. How to install patch

3. Auto-update feature Automatic Updates Window

10
 Know Your Antivirus/Antimalware

1. Know how to update

2. Know how to scan device
3. Know how to test antivirus
4. Know how to disinfect

Note: You should not install more than one antivirus

program on a computer or they will conflict with each
other. Then none of them will catch vulnerabilities.

11
 Windows Action Center

1. Displays system security and

maintenance features
2. Constantly monitors & displays the
status of Windows Firewall,
Automatic Updates, anti-virus, anti-
spyware, Internet Explorer security
settings, and User Account Control
3. First in Windows XP SP2
4. Vista name it Windows Security
Center (WSC)
5. Windows 7 renamed to “Action Action Center Window
Center”
How about Windows 10 ? Windows 11?

12
 User Account Control (UAC)

1. Alerts users of attempts to perform tasks that

require administrative access then prompts for
approval or an administrator password (if
standard user)
2. Displays authentication dialog box that must be
answered before continuing
A.Administrators - Click Continue
or Cancel User Account Control

B.Standard users - Enter admin password

13
User Account Control (UAC)

14
DISPOSAL METHODS

15
 Computer Disposal and Recycling

1. Data saved to a hard drive is persistent

2. Deleting data does not erase the data just the index
3. Remains on the drive until it is overwritten
4. To permanently get rid of data you can:
1. Overwrite – Uses a special third-party software tools
to repeatedly overwrite the data on a computer's hard
drive with random 1s and 0s
2. Secure erase – is a set of commands embedded on
some hard drive that writes over every track on the
drive but is disable by most BIOSs.
3. Beginning in Windows Vista, a basic hard drive wipe
is performed during a standard (non-quick) format

16
 Computer Disposal and Recycling

5. Physical Destruction Methods:

A.To destroy software media (floppy disks and
CDs), use a shredding machine designed for
shredding these materials
B.Use an electromagnetic device or degaussing
tool on the disk to scramble the bits
C.The only way to fully ensure that data cannot be
recovered from a drive is to shatter the platters

17
INTERNET SECURITY

18
 Internet Attacks

1. Attackers may use any of these tools to

install a program on a computer:
1. ActiveX
• Controls interactivity on
web pages
1. Java
1.Allows applets to run within a browser
2.Example: a calculator or a
calendar
C. JavaScript
Spying Through Webcam
• Interacts with HTML source code to allow interactive web
sites
• Example: a rotating banner or a popup window

19
 Internet Attacks

1. Privacy attacks
A.Cookies
B.Adware
2. Attacks while surfing
A.Redirected Web traffic
B.Drive-by downloads
3. E-mail attacks
A.Spam
B.Malicious attachments
C.Embedded hyperlinks

20
 Internet Defenses

1. Defenses through browser settings

A.Advanced security settings
B.Security zones
C.Restricting cookies
D.Popup blockers
Popup Blocker
2. Defenses through email applications
A.Spam filters
B.E-mail security settings
3. E-mail defenses through good
practices
Email Spam Filter

21
 E-Mail Security Settings

1. Read messages using a reading pane

2. Preview attachments
3. Block external content

Email Security Settings

22
 Embedded Hyperlink

1. . . . you can <a href="

http://www.capitalone.com"
>log in to Online Account
Services (OAS) </a> from this e-
mail

2. . . . you can <a

href="http://www.steal-your-
number.net">log in to Online
Account Services (OAS) </a>
from this e-mail Fake Email

23
WIRELESS SECURITY

24
 Does Wireless Security Matter?

1. Get into any folder set with file sharing enabled

2. See wireless transmissions
3. Access network behind firewall can inject
malware
1. Download harmful content linked to
unsuspecting owner

Typical Network Behind Firewall

25
 1. Lock Down AP

1. Change the default password and create a

strong Password
2. Disable Wireless Web Access (cannot access
AP settings via wireless device, must be
connected with cable)
3. Disable Remote Management (cannot access
AP settings via Internet)
1. Access server via HTTPS
2. Disable UPnP

26
 2. Access

1. Change the default IP address

2. Limit DHCP addresses
3. Change the default SSID
4. Disable SSID broadcast

Wireless Access Point

27
 Levels of Wireless Security

1. Wired Equivalent Privacy (WEP) is an

outdated wireless security that uses either 64- or
128-bit encryption
2. Wi-Fi Protected Access (WPA or WPA2) uses
128- or 256-bit encryption
A.Personal is managed by the router
and uses the Shared Key
Wireless Security
B.Enterprise is intended for businesses
using a Radius server to authenticate users

28
 3. Turn on WPA2

1. On AP Security Mode set as WPA2 Personal

2. WPA Algorithms set as TKIP+AES (AES is best)
3. WPA Shared Key set minimum 8 characters
4. Group Key Renewal should not be set to less
than
300 seconds (5 minutes)

Wireless Security

29
 4. Limit Users By MAC

1. Edit MAC Filter List by entering MAC addresses

of approved PCs
2. Permit only PCs listed to access the wireless
network
3. Enable Wireless MAC Filter
4. Be sure to “Edit”, “Permit” then
“Enable” or else cannot let
yourself in MAC Filtering

5. Apply after all devices have connected so they

will appear in the list

30
 Summary

In this module we discussed:

•Security Policies
•Physical and Digital Security
•Firewalls
•Updates and Patches
•Windows Action Center
•User Account Controls
•Disposal Methods
•Types on Internet attacks
•Wireless Security

31
 Technical Terms
1. Security Policy - A formal document defining network, computer,
and user security protocols for a system or organization.
1. Two-way personal software firewall – Inspects network traffic
passing through it and denies/permits passage based on rules
2. Application-aware firewall – Allows user to specify which desktop
applications can connect to the network.
1. SPI – Stateful Packet Inspection. Tracks of the state of network
connections and only packets matching a known active connection
to enter and all others will be rejected
2. Service Packs – A tested, cumulative set of hotfixes, security
updates, critical updates, and updates, as well as additional fixes for
problems found internally since the release of the product. Service
Packs might also contain customer requested design changes or
features.

32
 Technical Terms

6. Windows Action Center – Displays system security and

maintenance features in Windows 7. Constantly monitors & displays
the status of Windows Firewall, Automatic Updates, anti-virus, anti-
spyware, Internet Explorer security settings, and User Account
Control
7. UAC – User Account Control. Alerts users of attempts to perform
tasks that require administrative access then prompts for approval or
an administrator password (if standard user).
8. ActiveX – Microsoft application that controls interactivity on web
pages.
9. Java – A program by Sun Microsystems that allows applets to run
within a browser like a calculator or a
calendar.

33
 Technical Terms

10.JavaScript – Interacts with HTML source code to allow interactive

web sites like a rotating banner or a popup window.
11.Cookies – A small piece of data sent to a website that contains
information about the user. It is stored in the user's computer.
12.Hyperlink – Text that automatically points to a document or web
page.
13.HTTP – HyperText Transfer Procotol
14.HTTPS – HyperText Transfer Procotol with Security
15.UPnP – Universal Plug-and-Play
16.DHCP – Dynamic Host Control Protocol

34
 Technical Terms

16.SSID – Service Set Identifier

17.WEP – Wired Equivalent Privacy is an outdated wireless security
that uses either 64- or 128-bit encryption.
18.WPA – Wi-Fi Protected Access is the current wireless security
protocol that uses 128- or 256-bit encryption.
16.TKIP – Temporal Key Integrity Protocol
20.AES – Advanced Encryption Standard
21.MAC – Media Access Control

35
END