Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 3 SECURITY TROUBLESHOOTING AND SOLUTIONS, 3.2.1 Malicious Software…
Chapter 3 SECURITY TROUBLESHOOTING AND SOLUTIONS
3.1.1 Troubleshooting Process
used to help resolve security issues.
Troubleshooting steps:
STEP 1: Identify the problem
Open-ended question
Closed-ended question
STEP 2: Establish a theory of probable cause
After you have talked to the customer, you can establish a
theory of probable causes
Create a list of the most common causes of security
problems
STEP 3: Test the theory to determine cuase
Test theories of probable cause one at a time, starting with
the quickest and easiest.
STEP 4: Establish a plan of action to resolve the problem and implement the solution
After determining the exact cause of the problem, establish a plan of action to resolve the problem and implement a solution.
STEP 5: Verify the full system functionality and implement preventive measures
Verify full system functionality and implement any preventive
measures if needed.
STEP 6: Document findings, actions and outcomes
List of the tasks required to document the problem and the
solution
3.1.2 Identify Common Problem and Solutions for Security
Security problems:
software
Hardware
Connectivity issues
Some combination of the three.
3.3 PROTECTION PHYSICAL EQUIPMENT
Physical security is as important
as data security
Network infrastructure can be protected by:
Secured telecommunications rooms
Equipment cabinets
Cages
Cable locks and security screws for
hardware devices
Wireless detection for unauthorized access
points
Hardware firewalls
Network management system that detects
changes in wiring and patch panels
Another method of hardware security:
disable the AutoRun feature of
the operating system.
AutoRun
Automatically follows the instructions in a special file called autorun.inf when it is found on new media.
Windows
AutoRun is executed first, unless it
is disabled.
If AutoRun is not disabled, it follows
the instructions in the autorun.inf file.
Windows Vista and Windows 7
AutoRun is
not allowed to bypass AutoPlay
Windows XP
AutoRun bypasses
AutoPlay
launch an application without
prompting the user.
To disable AutoRun in Windows XP
Step 1 : Select Start > Run.
Step 2 :Type regedit and click OK
Step 4: Double-click AutoRun. In the Value Data text box, type 0 and
click OK
Step 5 • Close the Registry Editor
Step 6
• You might have to log out and then log back in for this change to take effect
Step 3: Navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom.
• Two- factor Authentication
Secured using overlapping protection techniques to prevent unauthorized access to sensitive data.
example of two-factor authentication
password and a smart card to protect an asset
soft token program.
Methods of
physically protecting computer
equipment:
Use cable locks with equipment.
Keep telecommunication rooms locked.
Fit equipment with security screws.
Use security cages around equipment.
Label and install sensors, such as Radio
Frequency Identification (RFID)tags, on
equipment
Install physical alarms triggered by motion-detection sensors.
Use webcams with motion-detectionand
surveillance software
Several
means of protection:
Card keys that store user data, including level
of access
Biometric sensors that identify physical characteristics of the user, such as fingerprints
or retinas
Posted security guard
Sensors, such as RFID tags, to monitor
equipment
Factors that determine the most effective
security equipment
How the equipment is used
Where the computer equipment is located
What type of user access to data is
required
3.1.3 Data Backup in Windows
Stores a copy of the information on a computer to removable backup media that can be kept in safe place
Data backups should be performed on a regular
basis and included in a security plan.
Some considerations for data backups
Frequency
Storage
Security
Validation
Types of backup:
Full or normal
Incremental
Differential
Daily
Copy
3.2 PROTECTION AGAINST MALICIOUS SOFTWARE
Malware is malicious software that is installed on a computer without the knowledge or permission of the user
Anti-malware available for these purpose are:
Anti-virus
Anti-spyware
Anti-adware
Phishing
Run only one malware protection program at a time.
Virus
protection
An antivirus program typically runs automatically in the
background and monitors for problems.
Spyware
protection
Scan for keyloggers, which capture your keystrokes, and other malware so that it can be removed from the computer.
Adware
protection
Look for programs that display
advertising on your computer.
Phishing
protection
Block the IP addresses of known phishing websites and warn the user about suspicious websites.
New viruses are always being developed, therefore
security software must be continually updated.
Virus signature:
a set of unique data, or bits of code,
that allow it to be identified.
• Anti-virus software uses a virus signature to find a virus in
a computer file system allowing to detect, quarantine and
remove the virus.
In the anti-virus software, the virus signature is referred to
as a definition file or DAT file.
3.3.2 Security Hardware
Regular security updates are essential to combat
new viruses or worms.
Service Packs
code updates that manufacturers
provide to prevent a newly discovered virus or worm from making a successful attack.
Security Patches
a combination of patches and
updates
Windows automatically downloads and installs updates to operating systems by default
the updates might conflict
with an organization’s security policy
or other settings on a computer.
Windows options:
Automatic
Only download updates
Notify me
Turn off automatic updates
3.2.1 Malicious Software Protection
Programs
3.2.2 Signature File Updates
3.3.1 Physical Computer & Network
Equipment Protection Methods
NUR SUHAILA WIDANI BINTI ELLY (05DDT20F1051) DDT2A