Please enable JavaScript.
Coggle requires JavaScript to display documents.
SECURITY BASICS AND IT PROFESSIONALS - Coggle Diagram
SECURITY BASICS AND IT PROFESSIONALS
CHAPTER 1
INTRODUCTION TO SECURITY
1.3: Demonstrates Methods of Security Attacks
Various Types Of Security Attacks
Reconnaissance Attack
(enemy) tries to learn information about your network
precedes (come first) an actual access or DOS attack
Access Attack
Password attack
using a packet sniffer to yield user accounts and passwords
Trust Exploitation
compromise a trusted host, using it to stage attacks on other hosts in a network
Port Redirection
attacker taking network traffic coming into a host on one port and directing it out from another host.
Man-in-the middle attack
intruder uses a program that appears to be the server to the client and appears to be the client to the server
Denial of Service attack (DOS)
Distributed Denial of Service (DDOS)
utilises many computers and many connections.
Disables the network by flooding useless network traffic
tries to prevent a service from being used by valid user and making that service unavailable to legitimate users
Ping of death
Packet greater in size than the maximum allowed ,cause the system to crash
Malicious code attack
program that inserted onto a host to damage a system
auto-executable application,
which cannot be blocked by anti-virus software alone
Differences between Worm, Virus & Trojan Horse
Virus
Self-replicating program that produces its own code by attaching copies of itself into other executable codes.
Require human action.
Spreading of computer virus, mostly by sharing infecting files
passing the infection from one infected system to another
Worms
Spread from computer to computer without any human action
Do not need to infect other file in order to reproduce
Trojan Horse
Appear to be useful software but will actually do damage once installed or run
Designed to be annoying and malicious
Social Engineering
Pretexting,
attackers create a fake identity and use it to manipulate the receipt of information
Phishing
masquerades as someone else, perhaps another entity.
done by electronic communication, not in person.
, little information about the target is necessary
Vishing
voice phishing
social engineering over a telephone system to gain access to private personal and financial information from the public for the purpose of financial reward
act of manipulating users into revealing confidential information or performing other actions
1.1: APPLY SECURITY
Information Security
Goals of security
Differentiate between Attackers and Hackers
Types of hacker
Types of attacks to computer security
Passive Attack
only looks and watches the transmission and does not try to modify or change the data packets.
Active Attack
active attack modification data stream or creation of false stream is also involved along with watching of transmission.
White hats
Black hats
Gray hats
Blue hats
Elite
(ATTACKER)
Any software or person that deliberately attempts to evade security services and violate the security policy of the networked system
Physical attack
Walk-in
(with no security)walk into the building and find a system to access or attempt to penetrate
Sneak-in
(with security)may try to find ways around the protection, such as a rear door/ pintu belakang or loading dock
Break-in
breaking through cheap locks, door hinges or windows, picking locks, disabling security devices
Damage equipment
disable some key piece of equipment
Data Attack
Hacker attempts to make changes to data on the target or data in route to the target.
(HACKER)
individual who uses computer, networking or other skills to overcome a technical problem.
a) Confidentiality
b) Integrity
c) Availability
a)Confidentiality is defined as the level of protection of transmitted data from passive attacks.
b)Information integrity means the information being transferred in free from modifications.
C)Availability is defined as the state of the network where the resources are always available to authorized users upon demand.
The authorization of access to data in a network, which is controlled by the network administrator.
1.4: Apply Various tools in information security
NETWORK MAPPER
Basic nmap functions
Host Discovery
Ping scans
Port Scanning
Allows a guess of software and services a machine is running
OS Detection
TCP/IP fingerprinting
NETSCAN
powerful, flexible network monitoring system that extracts information directly from the control and user plane and makes it accessible in real-time.
offers continuous monitoring of 100% of transactions in real-time
NETSTAT
command-line utility to view of active ports on your machine and their status
This helps user to understand which ports are open, closed, or listening for incoming connections
determine the topology of the network and to find out what devices and computers reside on that network
1.2: Demonstrate Security Threats
Types of security threats
Sources Of Security Threats
a. External
from individuals or organizations working outside of a company
do not have authorized access to the computer systems or network
work their way into a network mainly from the Internet or dialup access servers.
b. Internal
someone has authorized access to the network
c. Unstructured
inexperienced individuals using easily available hacking tools such as shell scripts and password crackers.
d. Structured
from hackers who are more highly motivated and technically competent
They understand, develop, and use sophisticated hacking techniques
know system vulnerabilities and can understand and develop exploit code and scripts
Malicious code
Hacking
Natural disaster
Theft
1.5: Show access to Data Equipment
Access to Data and Equipment
Data Wiping
software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media.
render all data on a hard drive unreadable
Hard Drive Destruction
destroys physical computer and electronic equipment.
result of physical access to the computer hardware
Hard Drive Recycling
Hard drive reuse
Uses high-capacity shredders to destroy all data-bearing media.
The entire hard drive, including platters is shredded into small pieces making it impossible to reconstruct the media or data.
Hardware protection method is applicable.
CHAPTER 4: IT Proffesionalism and Ethics
4.1 Demonstrate IT Professional
4.1.1 Definition: Communication
Professionalism
Professional Ethics
Features of Professionalism
acquires a systematic knowledge and skill
are endowed with specific rights/authority.
to keep morale of the profession high
have their own cultures, developed through mutual contacts in social and professional gatherings
discipline dealing with what is good and bad or right and wrong or with moral duty
capable of making judgements, applying their skills and reaching informed decisions in situations that the general public cannot, because they have not received the relevant training
skill, good judgment, and polite behaviour
practice or application of such knowledge and skill that are acquired
with moral and ethical behaviors is professionalism
4.1.2 Communication Skills & Troubleshooting
Communication and troubleshooting
pro technicion with good comunication skill is demanded
establish a good rapport with customer
relaxed customer will able to explian the details of the problem
with several communication skill can help in gathering information
Communication and proffestionnalism
technician's professionalismand communication skill can enhcance their creditablility with customer
succesful technician control their own reaction and emotion
Professional Behaviors of IT Professional
Ability to communicate (verbal and written)
Displaying a positive attitude
Always keeping commitments
Ensuring a great appearance
Never bullying
Being accountable - Don’t point fingers at others, and don’t make lame excuses
Controlling emotions
Avoiding dirty jokes and sexual innuendo.
Un-professional behaviours of IT Engineer
Time related
Late arrival
Quality related
: Failing to monitor quality of works performed
Meeting
Talking on phone during meeting/ loud ring tones of cell phones,
Personal Integrity
Hiding conflict of interest, Accepting extra offer from client/contractor
Personal Manner
Shouting at subordinates /workers
Criminal offense
Forging document, Falsifying data, Accepting/offering bribes
Code of Conduct
Forgetting to sign on documents, Disregard for code of conduct
Negligence
: Using different coefficients from engineering handbooks, without checking their applicability in particular conditions
Communication
is
the art of transmitting
process of meaningful interaction among human beings
information
idea
attitudes from one person to another
4.2 Demonstrate Proper Attitude While Working With a Customer
4.2.1 Using Communication Skills to Determine Customer Problems
Know
call customer by name
relate
create connection with you and customer
understand
determine what the customer know
practice active listening
clarify what customer describe about problem
follow up question if needed
use all information to complete task
Hold and transfer
put a customer on hold
explain why and how long
let customer finish speaking
explain why transfer and to whom
tell new technician about the problem
4.2.2 Show Professional Behaviour with Customers
Effectively manage your time
Display leadership
Act in an ethical manner
Show tenacity and determination
Act and think creatively
Appreciate diversity
Focus on customer satisfaction
Manage conflicts effectively
Display emotional intelligence
type of difficult customer
talkative
rude
angry
inexperience
knowledgeable
4.2.3 Keeping the Customer Focused on the Problem
Listen without interruption and maintain eye contact.
Apologize promptly and accept responsibility for the problem.
Never assume anything; zero in on the customer's specific complaint.
Pride yourself in creative solutions for your troubled customer
Explain calmly the policy to the grumpy customer's (customer who constantly complains).
Always remain calm when dealing with an irate customer.
4.2.4 Using Proper Netiquette
1)Identify yourself
Begin messages with a salutation and end them with your name.
2)Include a subject line
Give a descriptive phrase in the subject line of the message header that tells the topic of the message (not just "Hi, there!").
3)Avoid sarcasm
4)Respect others' privacy
5)Acknowledge and return messages promptly
6)Copy with caution
7)No spam (a.k.a. junk mail).
8)Be concise
9)Use appropriate language
10)Use appropriate emoticons
4.3 Show Employee Best Practices
4.3.1 Definition: Time Management
Time Management Techniques
The Impact of Stress On Performance
Dealing With Stress: Steps to Assist in Dealing With Stress
Stress Relievers
Find an outlet to release tension
Diminish (or ideally eliminate) the use of alcohol and/or drugs
Do not become emotional
Get organized
Create and maintain a support network
Make time for yourself and learn to relax
Eat a balanced diet and get plenty of sleep
Enjoy leisure time
Listen to music
Meditate and do deep breathing exercises
Use positive visualization
Surround yourself with positive people
Take time outside of work to relax
Do not bring your troubles home
Identify the stressor
Recognize why and how you are reacting to the stressor
Visualize and set goals
Practice positive stress relief
Stress will affect work performance
Stress in the workplace will carry on to your personal life
Stress-related losses cost organizations billions of dollars annually
Make a list of tasks for each day and prioritize this list
Keep a calendar handy at all times.
Organize your work area
Practice a one-touch policy
Avoid time wasters
1 more item...
Use your time efficiently
Make a plan
Set priorities and get organized
Do not wait until last minute and rush through a job; complete it correctly the first time
4.3.2 Describe Service Level Agreements (SLA)
A contract defining expectations between an organization
A legal agreement that contains the responsibilities and liabilities of all parties involved.
4.3.3 Describe business policies
Business Policies in the company:
Substance Abuse
Prohibit the use of drug, alcohol or tobacco
Performance Reviews
to identify areas for improvement and motivate workers to achieve better results.
Dress Code
Require employees to dress in a particular way
Equal Opportunity
fair treatment in the workplace
Computer Use
govern the use of computers for personal activities
Guidelines which business need to follow considering the impact of internal and external environment factors
Guideline that developed by an organization to govern its action. They define the limits (Do’s and Don'ts) within which decisions must be made
4.4 Show Ethical and Legal Issues in the IT Industry
4.4.1 Ethical and Legal Considerations
(a) Computer Forensics
collection and analysis of data from computer systems, networks wireless communications and storage devices as part of a criminal investigation.
(b) Illegal Computer or Network Usage
Identity theft
Using a computer to sell counterfeit goods
Using pirate software
Using computer or network to create or sell unauthorized of copyrighted materials
Pornography
(c) Type of data collection
Persistent Data
stored on a local drive
Volatile Data
stored in RAM and cache
4.4.2 Identify Cyber Law
Term to describe the international, regional, country and state laws that affect computer security professionals
3 Primary elements of Cyber Law
Wiretap Act
Pen/Trap and Trace Statute
Stored Electronic Communication Act
First Response
Term used to describe the official procedures employed by those people who are qualified to collect evidence.
4.4.3 Explain Legal Procedures Overview
1)Respect the customers and their property including their equipment and their data:
E-mails
Phone lists
Records or data on the computer
Hard copies of files, information or data left on desk.
2)Obtain customer’s permission before accessing their account
3)Divulging any customer information is unethical and may be illegal.
4)Do not send unsolicited messages or mass emails to customers.
Illegal action
It is not permissible to make any changes to system software or hardware configurations without customer permission.
It is not permissible to access a customer’s or co-worker’s accounts, private files or email messages without permission.
It is not permissible to install, copy or share digital content (including software, music, text, images and video) in violation of copyright and software agreements or the applicable law.
It is not permissible to use a customer’s company IT resources for commercial purposes
It is not permissible to make a customer’s IT resources available to unauthorized users.
It is not permissible to knowingly use a customer’s company resources for illegal activities.
It is not permissible to share sensitive customer information.
Documentation and Chain of Custody
Chain of Custody
4.5 Classify Call Center Technicians Tasks
4.5.1 Discover the Call Center Technicians Task
Professional and fast-paced
A help desk system
Customers call in and are placed on a callboard
Available technicians take the customer calls
Knowledgeable using help desk software. The Technicians use this software to manage many of their job functions.
4.5.2 Differentiate the technicians level
Level One Technician
Gather pertinent information from the customer
Provide support for identified Level 2 and Level 3 issues where configuration solutions have already been documented.
Level Two Technician Responsibilities
Generally handles configuration issues, troubleshooting, software installations, hardware repair (including in-house repair or coordinating depot services).
Level Three Technician
Troubleshooting, configuration, database administration, and repair for server, network, infrastructure, Data Center, email, file shares, and other infrastructure issues.
4.5.3 Identify details and procedures as Call Center technicians
Handles incoming customer's service phone calls, provides appropriate information to callers
Completes call guides; gathers, enters, and verifies required information
Transfer the call to concerned technician
Updating and using relevant knowledge
Adheres to established customer service and documentation standards within required time frames
Adheres to contact center scheduling, ensures telephone coverage during contact center hours of operation
Performs clerical or administrative duties as assigned
2.0 SECURITY POLICIES AND PROCEDURES
2.1 Show Security Policy
2.1.1 Security Policy
a document or series of documents that clearly defines the defence mechanisms an organization will employ in order to keep information secure.
defines the technical requirements for security on computer systems and network equipment.
defines how a system or network administrator should configure a system
2.1.2 Security Policy Requirements
1)Identification and Authentication
define how users will be identified
define the primary authentication mechanism for system users and administrators
Access Control
the mechanism that is required and the default requirement for new files
3.Audit
define the types of events to be audited on all systems
Logins (successful and failed)
Logouts
Failed access to files or system objects
Remote access (successful and failed)
Privileged actions (those performed by administrators, both successes and failures)
System events (such as shutdowns and reboots)
Network Connectivity
specify the rules for connection and the protection mechanisms to be employed
Dial-in Connections
specify the technical authentication requirements for such connections
Permanent Connections
come into the organization over some type of permanent communication line
Remote Access of Internal Systems
organizations allow employees to access internal systems from external locations
specify the mechanisms to use when this type of access is to be granted
Malicious Code
specify where security programs that look for malicious code (such as viruses and Trojan horse programs) are to be placed.
locations include on file servers, on desktop systems, and on electronic mail servers
Encryption
define acceptable encryption algorithms for use within the organization and point back to the Information Policy to show the appropriate algorithms to protect sensitive information
Appendices
Detailed security configurations for various operating systems should be placed in appendices or in separate configuration procedures
allows these detailed documents to be modified as necessary without changing the organization’s security policy
Waivers
times when systems be put into production that do not meet the security requirements defined in the security policy
When happens,security policy should provide a mechanism to assess the risk to the organization and to develop a contingency plan
2.1.3 Usernames and Password
A username and password are two pieces of information that user need to log on to a computer.
2.1.4 Password Requirements
There 8 password requirements
Minimum length – 8 Characters
Maximum length – 14 Characters
Minimum complexity – no dictionary words included
Password are case sensitive but username is NOT case sensitive
Unique password – should not less than 24
Maximum password age – 60 days
Minimum password age – 2 days
Store password using reversible encryption
2.1.5 How to apply file & folder permissions
2.2 Show Security Procedures
2.2.1 Identify Security Procedures
User Management Procedures
New Employee Procedure
to provide new employees with the proper access to computer resources.
Transferred Employee Procedure
a procedure for reviewing employees’ computer access when they transfer within the organization.
Employee Termination Procedure
the appropriate system administrator should be notified a head of time so that the employee’s accounts can be disabled on the last day of employment.
System Administration Procedure
procedure defines how Security and System Administration will work together to secure the organization’s systems. It comprises of
Software Upgrades
Vulnerability Scans
Policy Reviews
Log Reviews
Regular Monitoring
Incident Response Procedure
defines how the organization will react when a computer security incident occurs
IRP should define who has the authority and what needs to be done but not necessarily how things should be done.
Configuration Management Procedure
procedure defines the steps that will be taken to modify the state of the organization’s computer systems
to identify appropriate changes so that appropriate changes will not be misidentified as security incidents
so the new configuration can be examined from a security perspective.
2.2.2 Apply protecting data
2.3.1 Define The Following Cryptographic Terminologies CRYPTOGRAPHIC TERMINOLOGIES
d.Cryptanalysis
art of science of breaking cipher text
seeing through the disguise and use by them
person who break cryptographic code.also named attacker /intruder
a. Encryption
process of encoding messages or information in such a way that only authorized parties can access it.
does not of itself prevent interference, but denies the intelligible content to a would-be interceptor.
the process of changing information using an algorithm (or cipher) into another form that is unreadable by others—unless they possess the key to that data
used to secure communications and to protect data as it is transferred from one place to another
b. Cipher Text
the encrypted data
algorithm that can perform encryption or decryption
the result of encryption performed on plaintext using an algorithm, called a cipher.
contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher to decrypt it
c. Decryption
inverse of encryption, is the process of turning cipher text into readable plaintext
2.3.2 Describe common communication
Types of ENCRYPTION:
a) Hash Encoding
transformation of a string of characters into a usually shorter fixed-length value
to index and retrieve items in a database because it is faster to find the item using the shorter hashed key
b) Symmetric Encryption
a form of computerized cryptography using a singular encryption key to guise an electronic message
uses a mathematical algorithm along with a secret key
two-way algorithm because the mathematical algorithm is reversed when decrypting the message along with using the same secret key
1 more item...
c) Asymmetric Encryption
form of Encryption where keys come in pairs. What one key encrypts, only the other can decrypt.
the keys are interchangeable
also known as Public Key Cryptography, since users typically create a matching key pair, and make one public while keeping the other secret.
Chapter 3.0: SECURITY TROUBLESHOOTING & SOLUTIONS
3.1 Demonstrate Basic Troubleshooting Process
Basic Troubleshooting Process for Security Applying the Troubleshooting Process to Security
Identify the Problem
A list of open and closed-ended questions is useful
Establish a Theory of Probable Cause
Based on the answers received, establish a theory probable cause.
A list of common problems can be useful.
Test the Theory to Determine Cause
Test your theories to determine the cause of the problem.
A list of quick procedures to common problems can help.
Establish a Plan of Action to Resolve the Problem and Implement the Solution
A plan of action is needed to solve the problem and implement a permanent solution
Verify Full System Functionality and, If Applicable,Implement Preventive Measures
perform a full re-scan of the computer
If applicable, implement preventive measures to avoid future problem recurrences, such as enabling automatic updates.
Document Findings, Actions and Outcomes
Findings, actions, and notes should be documented.
This log can be helpful for future reference.
Basic Troubleshooting Process for Security Common Problems and Solutions for Security
Security problems can be attributed to hardware, software, or connectivity issues
A user receiving thousands of junk emails daily
A rogue wireless access point is discovered on the network.
User flash drives are infecting computers.
Windows update fails.
System files have been renamed.
3.1.2 Identify common problems and solutions for security
Troubleshooting Process for Security Problems and Solutions for Malware
Advanced Problems and Solutions for User Permissions
Trusted Platform Module TPM in Device Manager
Advanced Problems and Solutions for Firewall or Proxy Settings
Network Connection Problem
DNS ( Domain Name System):
DHCP ( Dynamic Host Configuration Protocol)
ICMP ( Internet Control Message Protocol)
Problems and Solutions for Network Connection Problems
Problems and Solutions When Using Network Troubleshooting Tools
1 more item...
Problems and Solutions for Email Failures
Problems and Solutions for FTP and Secure Internet Connections
3.1.3: APPLY DATA BACKUP IN WINDOWS
3.2 Prepare Protection Against Malicious Software
3.2.1 Identity Malicious Software Protection Program
Definition - Malicious software
Potential attack techniques used by malware
Malicious Software Protection Program
Features of Best Malware Removal Software of 2021
5 Best Malware Removal + Protection Software [2021]: Top Anti-Malware Tools
3.2.2 Identify Signature Files Updates
SIGNATURES FILE UPDATES
Example: Signature File Updates
3.3 Prepare Protection Physical Equipment
3.3.1 Identify physical computer and network equipment protection methods
Protecting Physical Equipment
6 Physical Security Activities
Don't use unnecessary interest in your critical facilities.
A secure room should have "low" visibility
Maximize structural protection
A secure room should have full height walls and fireproof ceilings
Be particularly careful with non-essential materials in a secure computer room.
Protect cabling, plugs, and other wires from foot traffic
Tripping over loose wires is dangerous to both personnel and equipment.
Keep a record of your equipment.
Maintain up-to-date logs of equipment manufacturers, models, and serial numbers in a secure location. Be sure to include a list of all attached peripheral equipment.
Limit and monitor access to equipment areas
Keep an up-to-date list of personnel authorized to access sensitive areas.
Never allow equipment to be moved or serviced
1 more item...
Physical Security
Service packs and patches
a service pack is rigorously regression tested against all other patches and known applications