This chapter discusses fundamental computer security. It defines security threats like viruses, worms, Trojan horses, adware, spyware and outlines security procedures. The key threats are physical damage or theft of equipment and data corruption, access or theft. Attacks can come from internal employees or external hackers. The chapter recommends antivirus software, web security, and outlines best practices for social engineering protection.

1. CHAPTER 9
Fundamental
Security
IT Essentials: PC Hardware and Software v4.0
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1

2. Objectives
■ Why is security important?
■ What are security threats?
■ What are some security procedures?
■ What are the preventive maintenance techniques
for security?
■ What can be done to troubleshoot security?
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2

3. ■ Define viruses, worms, and Trojan horses.
■ Explain web security.
■ Define adware, spyware, and grayware.
■ Explain denial of service.
■ Describe spam and popups.
■ Explain social engineering.
■ Explain TCP/IP attacks.
■ Explain hardware deconstruction and recycling.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3

4. Security Threats
To successfully protect computers and the network,
a technician must understand both of the following
types of threats to computer security:
■ Physical: Events or attacks that steal, damage, or
destroy such equipment as servers, switches, and
wiring.
■ Data: Events or attacks that remove, corrupt, deny
access to, allow access to, or steal information.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 4

5. ■ Internal: Employees who have access to data,
equipment, and the network. Internal attacks can be
characterized as follows:
■ Malicious threats are when an employee
intends to cause damage.
■ Accidental threats are when the user
damages data or equipment unintentionally.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 5

6. ■ External: Users outside an organization
who do not have authorized access to the
network or resources. External attacks can be
characterized as follows:
■ Unstructured attacks, which use available
resources, such as passwords or scripts, to
gain access to and run programs designed to
vandalize.
■ Structured attacks, which use code to
access operating systems and software.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 6

7. Viruses, Worms, and Trojan Horses
Virus is attached to small pieces of computer code,
software, or documents. It executes when the
software is run on a computer.
A virus is transferred to another computer through
e-mail, file transfers, and instant messaging.
The virus hides by attaching itself to a file on the
computer. When the file is accessed, the virus
executes and infects the computer. A virus has the
potential to corrupt or even delete files on your
computer, use your e-mail to spread itself to other
computers, or even erase your hard drive.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 7

8.  A worm is a self-replicating program that is harmful to
networks. A worm uses the network to duplicate its
code to the hosts on a network, often without any user
intervention.
 A Trojan horse technically is a worm. It does not need
to be attached to other software. Instead, a Trojan
threat is hidden in software that appears to do one thing,
and yet behind the scenes it does another. Trojans often
are disguised as useful software. The Trojan program can
reproduce like a virus and spread to other computers.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 8

9.  Virus protection software, known as
antivirus software, is software designed to
detect, disable, and remove viruses, worms,
and Trojans before they infect a computer.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 9

10. Web Security
 Web security is important because so many
people visit the World Wide Web every day.
Some of the features that make the web useful
and entertaining can also make it harmful to a
computer.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 10

11. Adware, Spyware, and Grayware
 Adware is a software program that displays
advertising on your computer. Most often,
adware is displayed in a popup window.
Adware popup windows are sometimes difficult
to control; they open new windows faster than
users can close them.
 Grayware or malware is a file or program
other than a virus that is potentially harmful.
Many grayware attacks are phishing attacks,
which try to persuade the user to unknowingly
give attackers access to personal information.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 11

12.  Spyware, a type of grayware, is similar to
adware. It is distributed without any user
intervention or knowledge.
 Phishing is a form of social engineering, in
which the attacker pretends to represent a
legitimate outside organization, such as a
bank.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 12

13. Denial of Service
 Denial of service (DoS) is a form of attack that
prevents users from accessing normal services,
such as e-mail or a web server.
DoS attacks can affect servers and computers in the
following ways:
■ Ping of death is a series of repeated, larger-than-
normal pings that are intended to crash the receiving
computer.
■ An e-mail bomb is a large quantity of bulk e-mail
sent to individuals, lists, or domains, intending to
prevent users from accessing e-mail.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 13

14.  Distributed DoS (DDoS) is another form of attack
that uses many infected computers, called zombies,
to launch an attack.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 14

15. Spam and Popup Windows
 Spam, also known as junk mail, is unsolicited e-
mail. In most cases, spam is used for advertising.
However, spam can be used to send harmful links or
deceptive content.
 (popups) designed to capture your attention and
lead you to advertising sites. Uncontrolled popup
windows can quickly cover your screen and prevent
you from getting any work done.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 15

16. Social Engineering
 A social engineer is a person who gains access
to equipment or a network by tricking people
into providing the necessary information.
 Often, the social engineer gains the confidence
of an employee and convinces that person to
divulge username and password information.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 16

17. The following are some basic precautions to help
protect against social engineering:
■ Never give out your password.
■ Always ask for the ID of unknown persons.
■ Restrict the access of unexpected visitors.
■ Escort all visitors.
■ Never post your password in your work area.
■ Log off or lock your computer when you leave your
desk.
■ Do not let anyone follow you through a door that
requires an access card.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 17

18. Security Procedures
 You should use a security plan to determine what will
be done in a critical situation.
 Security plan policies should be constantly updated to
reflect the latest threats to a network.
 A security plan with clear security procedures is the
basis for a technician to follow.
 Security plans should be reviewed each year.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 18

19. Security Pyramid
Wireless
security
Data
protection
Physical Equipment
ITE PC v4.0
Local security policy
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 19

20. What Is Required in a Basic Local Security
Policy?
Although local security policies may vary
between organizations, all organizations should
ask the following questions:
■ What assets require protection?
■ What are the possible threats?
■ What should be done in the event of a security
breach?
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 20

21. What Is Required in a Basic Local Security
Policy?
A security policy should describe how a company defines security issues:
■ A process for handling network security incidents
■ A process for auditing existing network security
■ A general security framework for implementing network security
■ Behaviors that are allowed
■ Behaviors that are prohibited
■ What to log and how to store the logs: Event Viewer, system log files, or
security log files
■ Network access to resources through account permissions
■ Authentication technologies (such as usernames, passwords, biometrics, and
smart cards) to access data
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 21

22. Tasks Required to Protect Physical
Equipment
Physical security is as important as data security. When a computer is
stolen, the data is also stolen.
There are several ways to physically protect computer equipment:
■ Control access to facilities.
■ Use cable locks with equipment
■ Keep telecommunication rooms locked.
■ Fit equipment with security screws
■ Use security cages around equipment
■ Label and install sensors, such as Radio Frequency Identification
(RFID) tags, on equipment.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 22

23. Locking Devices
For access to facilities, there are several means of
protection:
■ Card keys that store user data, including level of
access
■ Biometric sensors that identify the user’s physical
characteristics, such as fingerprints
or retinas
■ Posted security guard
■ Sensors, such as RFID tags, to monitor equipment
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 23

24. Ways to Protect Data
Password protection can prevent unauthorized
access to content. To keep attackers from gaining
access to data, all computers should be password-
protected.
Two levels of password protection are recommended:
■ BIOS prevents BIOS settings from being changed
without the appropriate password.
■ Login prevents unauthorized access to the
network.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 24

25. Data Backups
■ Frequency of backups: Backups can take a long
time. Sometimes it is easier to make full backup
monthly or weekly and then do frequent partial backups
of any data that has changed since the last full backup
■ Storing backups: Backups should be transported
to an approved offsite storage location for extra
security.
■ Security of backups: Backups can be protected
with passwords. These passwords have to be
entered before the data on the backup media can be
restored.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 25