Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Survey of Operating Systems Ch 02


Published on

Published in: Education, Technology
  • Be the first to comment

Survey of Operating Systems Ch 02

  1. 1. Chapter 2 Computer Security Basics McGraw-Hill
  2. 2. Learning Objectives <ul><li>Describe security threats and vulnerabilities to desktop PCs and users </li></ul><ul><li>Identify methods for protecting against security threats. </li></ul><ul><li>Troubleshoot common security problems </li></ul>
  3. 3. Threats to Computers and Users <ul><li>Malware </li></ul><ul><ul><li>Vectors: the mode of malware infection. </li></ul></ul><ul><ul><ul><li>E-mail </li></ul></ul></ul><ul><ul><ul><li>Code on Web sites </li></ul></ul></ul><ul><ul><ul><li>Trojan horse </li></ul></ul></ul><ul><ul><ul><li>Searching for unprotected computers </li></ul></ul></ul><ul><ul><ul><li>Sneakernet–the oldest vector </li></ul></ul></ul>
  4. 4. Trojan horse image <ul><li>Image: Carol and Mike Werner/Alamy </li></ul>
  5. 5. Threats to Computers and Users <ul><li>Malware (cont.) </li></ul><ul><ul><li>Vectors: the mode of malware infection (cont.) </li></ul></ul><ul><ul><ul><li>Back doors </li></ul></ul></ul><ul><ul><ul><li>Rootkits </li></ul></ul></ul><ul><ul><ul><li>Pop-up downloads </li></ul></ul></ul><ul><ul><ul><li>Drive-by downloads </li></ul></ul></ul><ul><ul><ul><li>War driving </li></ul></ul></ul><ul><ul><ul><li>Bluesnarfing </li></ul></ul></ul>
  6. 6. Online videos show examples of war driving
  7. 7. Threats to Computers and Users <ul><li>Malware (cont.) </li></ul><ul><ul><li>Stealing Passwords </li></ul></ul><ul><ul><ul><li>Through Web sites </li></ul></ul></ul><ul><ul><ul><li>Using password crackers </li></ul></ul></ul><ul><ul><ul><li>Using keystroke loggers </li></ul></ul></ul>Hardware keystroke logger Product photo courtesy of
  8. 8. Threats to Computers and Users <ul><li>Malware (cont.) </li></ul><ul><ul><li>Virus </li></ul></ul><ul><ul><ul><li>A program installed and activated without the knowledge or permission of the user </li></ul></ul></ul><ul><ul><ul><li>Mischief or damaging results </li></ul></ul></ul>
  9. 9. Threats to Computers and Users <ul><li>Malware (cont.) </li></ul><ul><ul><li>Worm </li></ul></ul><ul><ul><ul><li>A virus that self-replicates </li></ul></ul></ul><ul><ul><ul><li>Travels between computer via many vectors </li></ul></ul></ul><ul><ul><ul><li>Netsky and MyDoom worms generated disabling amounts of network traffic </li></ul></ul></ul>
  10. 10. Threats to Computers and Users <ul><li>Malware (cont.) </li></ul><ul><ul><li>Botnets and Zombies </li></ul></ul><ul><ul><ul><li>A botnet is a group of networked computers </li></ul></ul></ul><ul><ul><ul><li>Infected with programs that forward information to other computers </li></ul></ul></ul><ul><ul><ul><li>Bot (short for robot) program acts as an agent </li></ul></ul></ul><ul><ul><ul><li>Can be used for good or evil </li></ul></ul></ul><ul><ul><ul><li>A zombie is a computer working mindlessly as part of the botnet </li></ul></ul></ul>
  11. 11. Threats to Computers and Users <ul><li>Malware (cont.) </li></ul><ul><ul><li>Spyware </li></ul></ul><ul><ul><ul><li>Gathers information and sends to the people who requested it. </li></ul></ul></ul><ul><ul><ul><li>Used to track surfing or buying patterns </li></ul></ul></ul><ul><ul><ul><li>Used for industrial espionage </li></ul></ul></ul><ul><ul><ul><li>Law enforcement uses spyware to track criminals </li></ul></ul></ul><ul><ul><ul><li>Governments use it to investigate terrorism </li></ul></ul></ul>
  12. 12. Threats to Computers and Users <ul><li>Malware (cont.) </li></ul><ul><ul><li>Adware </li></ul></ul><ul><ul><ul><li>Collects information about a user to display targeted advertisements </li></ul></ul></ul><ul><ul><ul><li>Display ads in pop-ups or banners </li></ul></ul></ul><ul><ul><ul><li>Clicking inside a banner or pop-up may trigger a pop-up download that installs a virus or worm </li></ul></ul></ul>
  13. 13. Threats to Computers and Users <ul><li>Malware (cont.) </li></ul><ul><ul><li>Web Browser Hijacking </li></ul></ul><ul><ul><ul><li>Home page points to a site the user did not select </li></ul></ul></ul><ul><ul><ul><li>Remedy by changing the default page in browser settings </li></ul></ul></ul>
  14. 14. Threats to Computers and Users <ul><li>Malware (cont.) </li></ul><ul><ul><li>Spam and Spim </li></ul></ul><ul><ul><ul><li>Spam: unsolicited e-mail </li></ul></ul></ul><ul><ul><ul><ul><li>May be from legitimate or illegitimate source </li></ul></ul></ul></ul><ul><ul><ul><ul><li>May involve a scam </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Perpetrators are called spammers </li></ul></ul></ul></ul><ul><ul><ul><li>Spim: S pam over In stant M essaging </li></ul></ul></ul><ul><ul><ul><ul><li>Bots (spimbots) collect instant messaging screen names </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Spim message may contain links to product Web sites </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Perpetrators are called spimmers </li></ul></ul></ul></ul>
  15. 15. Threats to Computers and Users <ul><li>Social Engineering </li></ul><ul><ul><li>Phishing </li></ul></ul><ul><ul><ul><li>Fraudulent method of obtaining personal financial information through the use of messages that appear to be from legitimate organizations </li></ul></ul></ul><ul><ul><li>Hoaxes </li></ul></ul><ul><ul><ul><li>Take many forms </li></ul></ul></ul><ul><ul><ul><li>Example: E-mail seemingly from friend in trouble </li></ul></ul></ul><ul><ul><ul><li>Example: E-mail seemingly from Microsoft with a link to a fix </li></ul></ul></ul>
  16. 16. Hoaxes take many forms <ul><li>Image: Henrik Kettunen/Alamy </li></ul>
  17. 17. Threats to Computers and Users <ul><li>Social Engineering (cont.) </li></ul><ul><ul><li>Enticements to open attachments </li></ul></ul><ul><ul><li>Fraud: The use of deceit and trickery to obtain money or other valuables </li></ul></ul>
  18. 18. Threats to Computers and Users <ul><li>Identify Theft </li></ul><ul><ul><li>Personal information stolen to commit fraud </li></ul></ul><ul><ul><li>A social security number and other key personal information is enough to steal someone’s identity </li></ul></ul><ul><li>Exposure to Inappropriate or Distasteful Content </li></ul><ul><li>Invasion of Privacy </li></ul>
  19. 19. FTC ID theft Web page
  20. 20. Invasion of privacy <ul><li>Image: Troy Aossey/Digital Vision/Getting Images </li></ul>
  21. 21. Threats to Computers and Users <ul><li>Misuse of Cookies </li></ul><ul><ul><li>Cookies may contain </li></ul></ul><ul><ul><ul><li>User preferences from visiting a site </li></ul></ul></ul><ul><ul><ul><li>Information entered into a form at a Web site </li></ul></ul></ul><ul><ul><ul><li>Browsing activity </li></ul></ul></ul><ul><ul><ul><li>Shopping selections on a Web site </li></ul></ul></ul><ul><ul><li>Cookies can be a convenience </li></ul></ul><ul><ul><li>Look for privacy statement </li></ul></ul><ul><ul><li>Banner ad creators use cookies to track surfing habits </li></ul></ul>
  22. 22. Threats to Computers and Users <ul><li>Computer Hardware Theft </li></ul><ul><li>Keeping Track of New Threats </li></ul><ul><ul><li>Federal Trade Commission (FTC) Bureau of Consumer Protection ( </li></ul></ul><ul><li>The People Behind the Threats </li></ul><ul><ul><li>Hackers </li></ul></ul><ul><ul><li>Crackers </li></ul></ul><ul><ul><li>Script Kiddies </li></ul></ul><ul><ul><li>Click Kiddies </li></ul></ul><ul><ul><li>Packet Monkeys </li></ul></ul>
  23. 23. Guard against computer theft <ul><li>Image: Image Source/Getty Images </li></ul>
  24. 24. Computer accidents <ul><li>Image: R and R Images/Photographer’s Choice/Getty Images </li></ul>
  25. 25. Figure 2-1 The FTC Bureau of Consumer Protection Web site
  26. 26. Organized crime <ul><li>Image: Digital Vision/Getty Images </li></ul>
  27. 27. Hacker <ul><li>Image: Comstock/Getty Images </li></ul>
  28. 28. Defense Against Threats <ul><li>Education </li></ul><ul><ul><li>Some signs to look for are: </li></ul></ul><ul><ul><ul><li>Strange screen messages </li></ul></ul></ul><ul><ul><ul><li>Sudden computer slowdown </li></ul></ul></ul><ul><ul><ul><li>Missing data </li></ul></ul></ul><ul><ul><ul><li>Inability to access the hard drive </li></ul></ul></ul>Image:
  29. 29. Defense Against Threats <ul><li>Education (cont.) </li></ul><ul><ul><li>Non-computer activity of concern </li></ul></ul><ul><ul><ul><li>Unexplained charges on credit accounts </li></ul></ul></ul><ul><ul><ul><li>Calls from creditors about overdue payments on accounts you never opened </li></ul></ul></ul><ul><ul><ul><li>A turndown when applying for new credit for reasons you know are not true </li></ul></ul></ul><ul><ul><ul><li>A credit bureau report of existing credit accounts you never opened </li></ul></ul></ul>
  30. 30. Defense Against Threats <ul><li>Security Policies </li></ul><ul><ul><li>Define data sensitivity and data security practices </li></ul></ul><ul><ul><li>Exist in both document form and software form </li></ul></ul><ul><ul><ul><li>Administrators configure computer security to enforce written policy </li></ul></ul></ul><ul><ul><ul><li>Password policy should require strong passwords and state complexity requirement that are enforced on computers </li></ul></ul></ul>
  31. 31. Defense Against Threats <ul><li>Install Comprehensive Security Software </li></ul><ul><ul><li>Firewalls </li></ul></ul><ul><ul><ul><li>Network-based Firewalls </li></ul></ul></ul><ul><ul><ul><ul><li>Technology used in firewalls </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>IP packet filter </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Proxy service </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Encrypted authentication </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Virtual private network (VPN) </li></ul></ul></ul></ul></ul><ul><ul><ul><li>Personal Firewalls </li></ul></ul></ul><ul><ul><ul><ul><li>Come with most OSs </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Come with third-party security software </li></ul></ul></ul></ul>
  32. 32. Figure 2-2 Security software with many bundled components
  33. 33. Table 2-1 Firewall Technologies
  34. 34. Figure 2-3 Security page from a Cisco Wireless-N Router
  35. 35. Figure 2-4 A private network protected by a firewall
  36. 36. Figure 2-5 This message can simply mean that you are using a third-party firewall, and Windows Firewall is disabled
  37. 37. Defense Against Threats <ul><li>Install Comprehensive Security Software (cont.) </li></ul><ul><ul><li>Anti-Spam </li></ul></ul><ul><ul><li>Antivirus </li></ul></ul><ul><ul><li>Pop-Up Blockers </li></ul></ul><ul><ul><li>Privacy Protection/Controlling Cookies </li></ul></ul><ul><ul><li>Parental Controls </li></ul></ul>
  38. 38. Figure 2-6 Most spam filters have extensive configuration options
  39. 39. Figure 2-7 The Internet Explorer Pop-up Blocker Settings page
  40. 40. Figure 2-8 Use the top part of the privacy page in Internet Options to control the use of cookies
  41. 41. Defense Against Threats <ul><li>Install Comprehensive Security Software (cont.) </li></ul><ul><ul><li>Content Filtering </li></ul></ul><ul><ul><ul><li>Block or allow certain sites </li></ul></ul></ul><ul><ul><ul><li>May be part of multifunction package </li></ul></ul></ul><ul><ul><ul><li>May be included in browser </li></ul></ul></ul><ul><ul><ul><li>Services on Internet give ratings to Web sites </li></ul></ul></ul><ul><ul><ul><li>Configure filter to allow or disallow unrated sites </li></ul></ul></ul><ul><ul><ul><li>Content Advisor in Internet Explorer </li></ul></ul></ul><ul><li>Keep Up-to-Date with security patches </li></ul>
  42. 42. Step-by-Step 2.01 Check Out the Content Advisor in Internet Explorer Defense Against Threats
  43. 43. Figure 2-9 The Content tab in Internet Options
  44. 44. Figure 2-10 Content Advisor page displays when you click the Enable button in Internet Options
  45. 45. Defense Against Threats <ul><li>Authentication and Authorization </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><ul><li>Verification of who you are </li></ul></ul></ul><ul><ul><ul><li>One-factor: Something you know (user name and password) </li></ul></ul></ul><ul><ul><ul><li>Two-factor: Something you know and something you have (token) </li></ul></ul></ul><ul><ul><ul><li>Three-factor authentication: Two-factor plus biometric data (retinal scan, voice print, or fingerprint) </li></ul></ul></ul>
  46. 46. Defense Against Threats <ul><li>Authentication and Authorization (cont.) </li></ul><ul><ul><li>Authorization </li></ul></ul><ul><ul><ul><li>Determines level of access </li></ul></ul></ul><ul><ul><ul><li>Includes both authentication and verification of access level </li></ul></ul></ul><ul><ul><ul><li>Permission is an action that a security account can perform on an object </li></ul></ul></ul><ul><ul><ul><li>User right is a systemwide action a security account can perform on a computer </li></ul></ul></ul><ul><ul><ul><ul><li>Logging on </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Installing device drivers </li></ul></ul></ul></ul>
  47. 47. Defense Against Threats <ul><li>Passwords </li></ul><ul><ul><li>Password: a string of characters entered for authentication </li></ul></ul><ul><ul><li>Don’t take for granted </li></ul></ul><ul><ul><li>Do not use same password everywhere </li></ul></ul><ul><ul><li>Defense against threats </li></ul></ul><ul><ul><li>Use long and complex passwords </li></ul></ul><ul><ul><li>Do not use common words </li></ul></ul>
  48. 48. Defense Against Threats <ul><li>Security Account Basics </li></ul><ul><ul><li>Security account assigned permissions and rights </li></ul></ul><ul><ul><li>User Accounts </li></ul></ul><ul><ul><ul><li>Assigned to single person </li></ul></ul></ul><ul><ul><ul><li>Contains user name, password, and often more </li></ul></ul></ul><ul><ul><ul><li>Built-in user accounts </li></ul></ul></ul><ul><ul><ul><ul><li>Administrator (Windows) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Root (Mac OS X and Linux </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Guest (disabled by default </li></ul></ul></ul></ul><ul><ul><li>Account Types </li></ul></ul><ul><ul><ul><li>Standard user </li></ul></ul></ul><ul><ul><ul><li>Administrator </li></ul></ul></ul>
  49. 49. Figure 2-11 An administrator account may create accounts of either type
  50. 50. Defense Against Threats <ul><li>Security Account Basics (cont.) </li></ul><ul><ul><li>Group Accounts </li></ul></ul><ul><ul><ul><li>Contain one or more individual accounts </li></ul></ul></ul><ul><ul><ul><li>May contain other groups </li></ul></ul></ul><ul><ul><ul><li>Some built-in (Administrators, Users, Guests) </li></ul></ul></ul><ul><ul><ul><li>Some created when software is installed </li></ul></ul></ul><ul><ul><ul><li>Some created by Administrator </li></ul></ul></ul>
  51. 51. Defense Against Threats <ul><li>Security Account Basics (cont.) </li></ul><ul><ul><li>Computer Accounts </li></ul></ul><ul><ul><ul><li>Computer may have security accounts </li></ul></ul></ul><ul><ul><ul><li>In a Windows Active Directory domain Windows computers log on to the domain with computer accounts </li></ul></ul></ul>
  52. 52. Defense Against Threats <ul><li>Security Account Basics (continued) </li></ul><ul><ul><li>Windows Vista/7 User Account Control (UAC) </li></ul></ul><ul><ul><ul><li>When administrator type account attempts to do something privileged </li></ul></ul></ul><ul><ul><ul><ul><li>Desktop dims (it is unavailable) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>UAC displays Consent Prompt </li></ul></ul></ul></ul><ul><ul><ul><ul><li>User must click Yes to continue the action </li></ul></ul></ul></ul><ul><ul><ul><li>When a standard type account attempts the same </li></ul></ul></ul><ul><ul><ul><ul><li>Desktop dims (it is unavailable) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>UAC displays Credentials Prompt </li></ul></ul></ul></ul><ul><ul><ul><ul><li>User must provide an administrator user name and password </li></ul></ul></ul></ul>
  53. 53. Defense Against Threats <ul><li>Security Account Basics (cont.) </li></ul><ul><ul><li>Mac OS X has function similar to UAC </li></ul></ul><ul><ul><ul><li>Certain dialog boxes have a lock symbol </li></ul></ul></ul><ul><ul><ul><ul><li>If lock is turned on in a dialog box, only “safe” actions can be completed </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Unlocking dialog box with credentials to reveal advanced settings </li></ul></ul></ul></ul>
  54. 54. Figure 2-13 Unlock a dialog box in Mac OS X to access advanced settings
  55. 55. Defense Against Threats <ul><li>Best Practices When Assigning Permissions </li></ul><ul><ul><li>Principle of least privilege </li></ul></ul><ul><ul><ul><li>Assign permissions that allow each user only the level of access required to complete assigned tasks </li></ul></ul></ul><ul><ul><ul><li>Do not give users more permissions than required </li></ul></ul></ul>
  56. 56. Defense Against Threats <ul><li>Best Practices with User Names and Passwords </li></ul><ul><ul><li>You are at risk if you answer “yes” to: </li></ul></ul><ul><ul><ul><li>Do you have too many passwords to remember? </li></ul></ul></ul><ul><ul><ul><li>Do you use the same password everywhere? </li></ul></ul></ul><ul><ul><ul><li>Do you have your password written on a sticky note or your calendar? </li></ul></ul></ul><ul><ul><ul><li>Have you used the same password for more than a few months? </li></ul></ul></ul><ul><ul><li>Reusing the same user name also puts you at risk </li></ul></ul>
  57. 57. Defense Against Threats <ul><li>Best Practices with User Names and Passwords (continued) </li></ul><ul><ul><li>Don’t give away your user name and password </li></ul></ul><ul><ul><ul><li>Using the same credentials for online banking and for a “fun” Web site is risky </li></ul></ul></ul><ul><ul><ul><li>Web sites are created just to collect such information </li></ul></ul></ul>
  58. 58. Defense Against Threats <ul><li>Best Practices with User Names and Passwords (continued) </li></ul><ul><ul><li>Create strong passwords </li></ul></ul><ul><ul><ul><li>One that meets certain criteria </li></ul></ul></ul><ul><ul><ul><li>Example: </li></ul></ul></ul><ul><ul><ul><ul><li>At least 8 characters consisting of letters, numbers, and other symbols </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Easy to remember </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Difficult for others to guess </li></ul></ul></ul></ul>
  59. 59. Defense Against Threats <ul><li>Best Practices with User Names and Passwords (cont.) </li></ul><ul><ul><li>Always use strong passwords for these accounts: </li></ul></ul><ul><ul><ul><li>Banks, investments, credit cards, online payment providers </li></ul></ul></ul><ul><ul><ul><li>E-mail </li></ul></ul></ul><ul><ul><ul><li>Work-related accounts </li></ul></ul></ul><ul><ul><ul><li>Online auction sites and retailers </li></ul></ul></ul><ul><ul><ul><li>Sites holding your personal information </li></ul></ul></ul>
  60. 60. Defense Against Threats <ul><li>Encryption </li></ul><ul><ul><li>Transformation of data into code </li></ul></ul><ul><ul><li>Decrypted with a secret key or password </li></ul></ul><ul><ul><ul><li>Most online methods use digital certificate </li></ul></ul></ul><ul><ul><ul><li>A secret key in the form of a file </li></ul></ul></ul><ul><ul><li>Encrypt data before sending over network </li></ul></ul><ul><ul><li>Encrypt stored data files </li></ul></ul><ul><ul><li>Secure HTTP (HTTPS) uses Secure Sockets Layer (SSL) security protocol </li></ul></ul>
  61. 61. Defense Against Threats <ul><li>Encryption (cont.) </li></ul><ul><ul><li>NTFS Encrypting File System (EFS) </li></ul></ul><ul><ul><li>Windows BitLocker Drive Encryption </li></ul></ul><ul><ul><ul><li>In Ultimate Editions of Windows Vista and Windows 7 </li></ul></ul></ul><ul><ul><ul><li>Encrypts an entire drive </li></ul></ul></ul><ul><ul><li>Mac OS X FileVault encrypts the Home Folder </li></ul></ul>
  62. 62. Figure 2-14 Turn NTFS encryption on or off using the Properties of a folder
  63. 63. Figure 2-15 Configuring FileVault in Mac OS X
  64. 64. Defense Against Threats <ul><li>Data Wiping </li></ul><ul><ul><li>Remove data from old computers before disposing of them </li></ul></ul><ul><ul><li>Permanently remove data from storage </li></ul></ul><ul><ul><ul><li>Reformat does not really remove data </li></ul></ul></ul><ul><ul><ul><li>Data wiping software writes over data </li></ul></ul></ul><ul><ul><ul><li>Data wiping available for any rewritable storage device </li></ul></ul></ul><ul><ul><ul><li>You cannot recover data after data wiping </li></ul></ul></ul>
  65. 65. Defense Against Threats <ul><li>Physical Security </li></ul><ul><ul><li>Limit access to building or room </li></ul></ul><ul><ul><li>Laptops are more vulnerable to theft </li></ul></ul><ul><ul><li>Security for mobile computing </li></ul></ul><ul><ul><ul><li>Be extra wary of the danger of theft </li></ul></ul></ul><ul><ul><ul><li>Encrypt sensitive and confidential data </li></ul></ul></ul>
  66. 66. Troubleshooting Common Security Problems <ul><li>Troubleshooting Log-on Problems </li></ul><ul><ul><li>Caps lock key turned on </li></ul></ul>Figure 2-16 Log-on error message
  67. 67. Troubleshooting Common Security Problems <ul><li>Troubleshooting Log-on Problems (continued) </li></ul><ul><ul><li>Too many log-on attempts </li></ul></ul>Figure 2-17 Log-on lockout message Insert Figure 2-18 here Figure 2-18 The Account Lockout Policy with values set for lockout duration, threshold, and a period of time after which the counter resets
  68. 68. Figure 2-18 The Account Lockout Policy with values set for lockout duration, threshold, and a period of time after which the counter resets
  69. 69. Troubleshooting Common Security Problems <ul><li>Troubleshooting Log-on Problems </li></ul><ul><ul><li>Caps lock key turned on </li></ul></ul><ul><ul><li>Too many log-on attempts </li></ul></ul><ul><li>Troubleshooting Suspected Malware Attack </li></ul><ul><ul><li>Run a scan of all drives and memory </li></ul></ul><ul><ul><li>Try a reputable online scanner </li></ul></ul><ul><li>Using the Administrator Account in Troubleshooting </li></ul><ul><ul><li>Logon in Safe Mode to built-in local Administrator </li></ul></ul>
  70. 70. Chapter 2 Summary <ul><li>LO 2.1Threats to Computers and Users </li></ul><ul><ul><li>Threats include malware, phishing, social engineering, identity theft and fraud, exposure to inappropriate or distasteful content, invasion of privacy, misuse of cookies, hoaxes, and computer hardware theft. Other threats include accidents, mistakes, and natural and unnatural disasters. </li></ul></ul><ul><ul><li>A vector is a mode of malware infection, such as e-mail, code on Web sites, Trojan horses, search-ing out unprotected computers, sneakernet, back doors, rootkits, pop-up downloads, drive-by downloads, war driving, and bluesnarfing. </li></ul></ul>
  71. 71. Chapter 2 Summary <ul><ul><li>The people behind computer security threats come from all over the world, and increasingly they are part of organized crime. Certain terms, describing their techniques, define the individuals. These terms include hackers, crackers, script kiddies, click kiddies, and packet monkeys. </li></ul></ul><ul><ul><li>Many methods are used to steal passwords, including capturing them from unsecured Web sites, using password crackers, and keystroke loggers. </li></ul></ul>
  72. 72. Chapter 2 Summary <ul><li>LO 2.2 Defense Against Threats </li></ul><ul><ul><li>Education is an important defense against threats. It includes knowing what the threats are and learning to recognize the signs of a threat or an infection. </li></ul></ul><ul><ul><li>Security policies describe how an organization protects and manages sensitive information. You should follow and enforce security policies. </li></ul></ul><ul><ul><li>You should install comprehensive security software, including (at minimum) personal firewalls, anti-spam software, antivirus software, and pop-up and privacy protection. </li></ul></ul>
  73. 73. Chapter 2 Summary <ul><ul><li>You will improve your security if you under- stand authentication and authorization and its implementation on your computer and in your organization. </li></ul></ul><ul><ul><li>You can combat threats by following the rule of least privilege when assigning permissions and using best practices with user names and passwords. </li></ul></ul><ul><ul><li>Encryption technologies protect your data. </li></ul></ul>
  74. 74. Chapter 2 Summary <ul><ul><li>Data wiping practices can remove even deleted data from computers. </li></ul></ul><ul><ul><li>Physical security of computers and networks is also important, especially for mobile computing. </li></ul></ul>
  75. 75. Chapter 2 Summary <ul><li>LO 2.3 Troubleshooting Common Security Problems </li></ul><ul><ul><li>Log-on failure may be the result of something as simple as having the Caps Lock key turned on. The OS can lock you out from logging on to your computer if you exceed the number of failed log-on attempts configured in the Account Lockout Policy for a network or an individual computer. An administrator may need to modify the policy. </li></ul></ul>
  76. 76. Chapter 2 Summary <ul><ul><li>If you suspect a computer is infected by a virus and have an antivirus program installed, run a scan of all drives and memory. If this does not discover a virus, and you are still suspicious, connect to one of many Web sites that offer free online scans, such as . </li></ul></ul>
  77. 77. Chapter 2 Summary <ul><ul><li>Windows has an administrator account, “Adminis-trator.” Disabled by default, this account has no password in Windows Vista and Windows 7. The Administrator account is enabled if your computer is not a member of a Windows Active Directory domain (the norm for a home computer) and it starts in Safe Mode. In that case, you can log on with this account and attempt to troubleshoot the reason for the computer going into Safe Mode. </li></ul></ul>