Prezentacja na temat: "Rozdział 9: Bezpieczeństwo"— Zapis prezentacji:
1 Rozdział 9: Bezpieczeństwo Cisco Networking Academy programIT Essentials: PC Hardware and Software v4.0Chapter 9: SecurityIT Essentials: PC Hardware and Software v4.0
2 Znaczenie bezpieczeństwa Informacje prywatne, tajemnice przedsiębiorstwa, dane finansowe, sprzęt komputerowy i elementy bezpieczeństwa narodowego były narażone na ryzyko jeśli odpowiednie procedury bezpieczeństwa niby byłyby przestrzegane.Obowiązki technika obejmują dbanie o bezpieczeństwo danych i sieciSlide 5 – The Importance of Security9.0 Introduction to Security ChapterTechnicians need to understand computer and network security. Private information, company secrets, financial data, computer equipment, and items of national security are placed at risk if proper security procedures are not followed.After completing this chapter, students will meet these objectives:Explain why security is important.Describe security threats.Identify security procedures.Identify common preventive maintenance techniques for security.Troubleshoot security.9.1 Explain why security is importantTheft, loss, network intrusion, and physical damage are some of the ways a network or computer can be harmed. Damage to, or loss of, equipment can mean a loss of productivity. Repairing and replacing equipment can cost the company time and money. Unauthorized use of a network can expose confidential information and reduce network resources.A technician’s primary responsibilities include data and network security.Student Activity: The student course content includes the worksheet, 9.1 Worksheet: Security Attacks. To complete this worksheet, students will conduct research on computer crime and security attacks. Describe the incident in writing. Explain if the incident could have been prevented and if so, list the precautions that might have been used.
3 Zagrożenia Typy ataków na zabezpieczenia: Fizyczne Dane Zagrożenia: Kradzież i uszkodzenie sprzętu komputerowegoDaneUsunięcie, uszkodzenie, nieautoryzowany dostęp do danych.Zagrożenia:WewnętrznePracownicy mogą powodować zagrożenia bezpieczeństwa (nieświadomie lub z zamierzeniem).ZewnętrzneAtaki w zorganizowany lub niezorganizowany sposób.Slide 6 – Security Threats9.2 Describe security threatsTypes of attacks to computer security:Physical attacks result in theft, damage, and/or destruction to computer equipment.Data attacks result in removal, corruption, denial of access, unauthorized access, or theft of information.Potential threats:Internal threats from employees who have access may pose a malicious threat or an accidental threat.External threats from those outside of an organization that do not have authorized access. Outside users may attempt an unstructured attack by using available resources (passwords or scripts) to gain access. They may also attempt a structured attack by using code to access to computer network or resources.After completing this section, students will meet these objectives:Define viruses, worms, and Trojan horsesExplain web securityDefine adware, spyware, and graywareExplain Denial of ServiceDescribe spam and popup windowsExplain social engineeringExplain TCP/IP attacksExplain hardware deconstruction and recycling
4 Wirusy, robaki, konie trojańskie Wirus to kod oprogramowania, który jest celowo stworzony przez atakującego. Wirusy mogą zbierać wrażliwe dane lub mogą zmienić lub zniszczyć informacjeRobak to samoreplikujący program, który korzysta z sieci do powielania swojego kodu. Robaki zużywają przepustowość sieci.Koń trojański jest to technicznie robak o nazwie i działaniu przypominającemu oprogramowanie nieszkodliwe.Oprogramowanie antywirusowe jest przeznaczone do wykrywania i usunąć wirusów, robaków i koni trojańskich, zanim zdążą zainfekować komputer.Slide 7 – Viruses, worms, and Trojan Horses9.2.1 Define viruses, worms, and Trojan horsesMalicious software (malware) is any software designed to damage or to disrupt a system. Types of malware are; viruses, worms, Trojan Horses, adware, spyware, grayware, and other unwanted software.A computer virus is software code that is deliberately created by an attacker. Viruses can be attached to computer code or software and can then infect a computer when the software is executed on that computer. Viruses may collect sensitive information or may alter or destroy information.A worm is a self-replicating program that uses the network to duplicate its code to the hosts on the network. At a minimum, worms consume bandwidth in a network.A Trojan horse is technically a worm and is named for its method of getting past computer defenses by pretending to be something useful. A keystroke logger, for instance, detects sensitive information by monitoring the user's keystrokes. The results of a Trojan horse can include data damage, production loss, and data theft.Anti-virus software is designed to detect, disable, and remove viruses, worms, and Trojan horses before they infect a computer. Anti-virus software becomes outdated quickly, however, and technicians must therefore apply the most recent updates, patches, and virus definitions as part of a regular maintenance schedule.Student Activity: The student course content includes the worksheet, Worksheet: Third-Party Anti-Virus Software. To complete this worksheet, students will conduct research on four different third-party anti-virus software programs. Record details of each. Recommend one for purchase.
6 Adware, Spyware, Grayware Zazwyczaj instalowane bez wiedzy użytkownika, programy te gromadzą informacje przechowywane na komputerze, zmieniają konfigurację komputera, lub otwierają dodatkowe okna na komputerze.Slide 9 – Adware, Spyware, and Grayware9.2.3 Define adware, spyware, and graywareTypically installed without the user’s knowledge, these programs collect information stored on the computer, change the computer configuration, or open extra windows on the computer and all without the user’s consent.Adware displays advertising, usually in a popup window.Grayware or malware is a file or program other than a virus that is potentially harmful. Many grayware attacks are phishing attacks that try to persuade the reader to unknowingly provide attackers with access to personal information.Spyware, a type of grayware, is distributed without any user intervention of knowledge. Spyware monitors computer activity then sends the information back to the organization responsible for launching the spyware.Phishing is a form of social engineering where the attacker pretends to represent a legitimate outside organization. The attacker might ask for verification of information, such as a password or username, to supposedly prevent some terrible consequence from occurring.NOTE: There is rarely a need to give out sensitive personal or financial information online. Be suspicious. Use the postal service to share sensitive information.Spyware and adware removal tools are available to remove adware, spyware, and grayware from a computer.Student Activity: The student course content includes a matching activity. To complete this activity, students will match each of the words (adware, spyware, and phishing) to the appropriate definition.
7 Denial of Service (DoS) Uniemożliwia użytkownikom dostęp do usługWysyła tyle żądań usług ze doprowadza do przeciążenia serwera lub nawet zatrzymanie jego działaniaPing of Death seria powtórzonych wiadomości ICMP o rozmiarze większym niż obsługiwany przez system. IBomb wielka ilość wiadomości mająca za zadanie przeciążyć serwer.Distributed DoS atak odpalany z wielu komputerów (zombies, botnet)Slide 10 – Denial of Service (DoS)9.2.4 Explain Denial of ServiceDenial of Service (DoS) is a form of attack that prevents users from accessing normal services, such as or a web server, because the system is busy responding to abnormally large amounts of requests. DoS works by sending enough requests for a system resource that the requested service is overloaded and ceases to operate.Ping of Death – A series of repeated, larger than normal pings that are intended to crash the receiving computerBomb - A large quantity of bulk that overwhelms the server preventing users from accessingDistributed DoS (DDoS) uses many infected computers, called zombies, to launch an attack. With DDoS, the intent is to obstruct or overwhelm access to the targeted server. Zombie computers located at different geographical locations make it difficult to trace the origin of the attack.
8 Spam i wyskakujące okienka Spam jest niechcianą korespondencją , która może być wykorzystywana do wysyłania linków szkodliwych lub wprowadzających w błąd treści.Popup to automatycznie otwierane nowe okna, najczęściej reklamowe.Slide 11 – Spam and Popup Windows9.2.5 Describe spam and popup windowsSpam, also known as junk mail, is unsolicited . In most cases, spam is used as a method of advertising. However, spam can be used to send harmful links or deceptive content.When used as an attack method, spam may include links to an infected website or an attachment that could infect a computer. These links or attachments may result in lots of windows designed to capture your attention and lead you to advertising sites. These windows are called popups. Uncontrolled popup windows can quickly cover the user's screen and prevent any work from getting done.To combat spam and phishing, use anti-virus software and setting options in . Some spam still may get through, so look for these common indications of spam; no subject line, incomplete return address, computer generated s, and return s not sent by the user.Należy używać oprogramowania antywirusowego i blokady wyskakujących okienek.
9 Inżynieria społeczna Nigdy nie zdradzaj swojego hasła Zawsze weryfikuj tożsamość nieznanej osobyOgraniczaj dostęp osób nieznanychPilnuj osoby odwiedzające miejsce pracySlide 12 – Social Engineering9.2.6 Explain social engineeringA social engineer is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information. A social engineer may gain the confidence of an employee to convince them to divulge username and password information or may pose as a technician to attempt to gain entry into a facility. A social engineer would be likely to speak using computer terminology and/or to dress similar to the type of worker they are pretending to be, including carrying equipment.To protect against social engineering:Never give out a passwordAlways ask for the ID of the unknown personRestrict access of unexpected visitorsEscort all visitors through the facilityHow many people know someone who writes a password on a note and sticks it to the monitor or under the keyboard?
10 Ataki TCP/IP TCP/IP kontroluje całą transmisję w internecie. Slide 13 – TCP/IP Attacks9.2.7 Explain TCP/IP attacksTCP/IP is the protocol suite used to control all communications on the Internet. The most common TCP/IP attacks are:SYN Flood randomly opens TCP ports, tying up the network equipment or computer with a large amount of false requests, causing sessions to be denied to othersDoS sends abnormally large amounts of requests to a system, preventing access to the servicesDDoS DoS attack using “zombies” to make tracing the origin of the attack difficult to locateSpoofing gains access to resources on devices by pretending to be a trusted computerMan-in-the-Middle intercepts or inserts false information in traffic between two hostsReplay uses network sniffers to extract usernames and passwords to be used at a later date to gain accessDNS Poisoning changes the DNS records on a system to point to false servers where the data is recorded
11 Likwidacja i utylizacja komputerów Wyczyść wszystkie dyski twarde, a następnie użyj narzędzia, aby w pełni usunąć wszystkie dane.Jedyną skuteczną metodą skasowania zawartości dysku twardego jest jego zniszczenie.Podobnie postępujemy z dyskietkami i dyskami optycznymi.Slide 14 – Computer Disposal and Recycling9.2.8 Explain hardware deconstruction and recyclingTeaching Strategy: When migrating from an old pc to a new pc be sure to properly dispose of old data. Many computer parts can be reused so data must be properly erased.Before disposing of or recycling hardware, be sure to eliminate the possibility that someone else may have access to software and data left on the equipment.Erase all hard drives, then use a third-party tool to fully erase all data.The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces.To destroy software media (floppy disks and CDs), use a shredding machine designed for shredding these materials.
12 Warstwy zabezpieczeń Slide 15 – Security is Strengthened in Layers 9.3 Identify security proceduresTechnicians should use a security plan with clear procedures to determine what to do in a critical situation.Security plan policies should be updated regularly as new threats are released daily. Overall security plans should be reviewed on a yearly basis.Conduct regular tests to determine areas where security is weak.There are multiple layers of security in a network that are vulnerable to attack, including physical, wireless, and data layers.Teaching Strategy: A computer technician will need to know how to implement security procedures in order to protect a computer and information from data loss, corruption, and theft (hardware or data). Security plans are maintained and updated on a regular basis. An appropriate implementation of computer security will implement several layers of security. Security is strengthened in layers.After completing this section, students will meet these objectives:Explain what is required in a basic local security policyExplain the tasks required to protect physical equipmentDescribe ways to protect dataDescribe wireless security techniques
13 Polityka bezpieczeństwa Kolekcja zasad, zaleceń i procedurOkreśla możliwe wykorzystanie komputerów.Określa osoby uprawnione do korzystania ze sprzętu.Określa urządzenia, które mogą być instalowane w sieci i zasady ich używania.Określa wymagania ochrony danych w sieci.Określa proces uzyskiwania dostępu do sprzętu i danych przez pracownika.Slide 6 – Outline a Security PolicyOutline a local security policyA security policy is a collection of rules, guidelines, and checklists. Network technicians and managers of an organization work together to develop the rules and guidelines for the security needs of computer equipment. A security policy includes the following elements:Define an acceptable computer usage statement for an organization.Identify the people permitted to use the computer equipment in an organization.Identify devices that are permitted to be installed on a network, as well as the conditions of the installation. Modems and wireless access points are examples of hardware that could expose the network to attacks.Define the requirements necessary for data to remain confidential on a network.Determine a process for employees to acquire access to equipment and data. This process may require the employee to sign an agreement regarding the company rules. It will also list the consequences for failure to comply.The security policy should also provide detailed information about the following issues in case of an emergency:Steps to take after a breach in securityWho to contact in an emergencyInformation to share with customers, vendors, and the mediaSecondary locations to use in an evacuationSteps to take after an emergency is over, including the priority of services to be restoredCAUTION: A security policy must be enforced and followed by all employees to be effective.Teaching Strategy: A security policy is a written document that details the rules and courses of action that relate to all the computers and network equipment in an organization, both during day-to-day operations and in case of emergencies. A local security policy may specify what can and cannot be done with the computers on a network. The policy defines who can use computers and for what purposes. The policy protects the company in case the network is used to perform illegal activities. The value of the security policy is that it can be created calmly before an emergency or security incident happens. This prevents making poor decisions in times of stress or crisis.Student Activity: The student course content includes the worksheet, Worksheet: Security Policy. To complete this worksheet, students will answer security questions regarding the security of the equipment, access privileges, Internet access of their IT Essentials classroom.
14 Polityka bezpieczeństwa Odpowiedzi na pytania w polityce bezpieczeństwa:Jakie zasoby chronić?Jakie są zagrożenia?Co zrobić w przypadku zagrożenia lub ataku?Slide 16 – Security Policy9.3.1 Explain what is required in a basic local security policyQuestions to answer in writing a security policy:What assets require protection?What are the possible threats?What should be done in the event of a security breach?Elements to include in a security policy:A process for handling network security incidentsA process for auditing existing network securityA general security framework for implementing network securityBehaviors that are allowedBehaviors that are prohibitedWhat to log and how to store the logs: Event Viewer, system log files, or security log filesNetwork access to resources through account permissionsAuthentication technologies to access data: usernames, passwords, biometrics, smart cardsTeaching Strategy: Security policies describe what to do when faced with many emergencies. It is important to develop and distribute the security policy BEFORE the emergency happens. Local security policies may vary from company to company. They may also vary depending on the device to secure.
15 Ochrona sprzętuKradzież całego komputera lub jego elementu jest najprostszym sposobem kradzieży danych.Kontroluj dostęp do pomieszczeńStosuj blokadyZamykaj serwerownieOznaczaj urządzeniaSlide 17 – Protecting Equipment9.3.2 Explain the tasks required to protect physical equipmentWhen a computer is stolen, the data is also stolen. There are several methods of physically protecting computer equipment:Control access to facilitiesUse cable locks with equipmentKeep telecommunication rooms lockedFit equipment with security screwsUse security cages around equipmentLabel and install sensors, such as Radio Frequency Identification (RFID) tags, on equipmentThere are several means of protecting access to facilities:Card keys are identity cards with a chip that stores user data, including the level of accessBerg connectors for connecting to a floppy driveBiometric sensors that identify physical characteristics of the user, such as a fingerprint or retinaPosted security guardSensors, such as RFID tags, to monitor equipmentTeaching Strategy: Since stealing the whole PC is the easiest way to steal data; physical computer equipment must be secured.
16 Ochrona danych Metody ochrony: Hasła Szyfrowanie Zabezpieczanie portów Kopie zapasoweZabezpieczenia systemu plikówSlide 18 – Protecting Data9.3.3 Describe ways to protect dataThe value of physical equipment is often far less than the value of the data it contains. To protect data, there are several methods of security protection that can be implemented.Password protection can prevent unauthorized access to content. Password policies should include:Expire after a set period of timeContain a mixture of letters and numbersPrevent users from leaving written passwords in viewLockout rules to limit the number of unsuccessful attemptsData encryption uses codes and ciphers. Virtual Private Network (VPN) uses encryption to protect data. A VPN connection allows a remote user to safely access resources as if their computer is physically attached to the local network.Port protection - Every communication using TCP/IP is associated with a port number. HTTPS, for instance, uses port 443 by default. A firewall is a way of protecting a computer from intrusion through the ports. The user can control the type of data sent to a computer by selecting which ports will be open and which will be secured.Data backups are one of the most effective ways of protecting against data loss. Establish data backup procedures which account for frequency of backups, storage for data backups, and securing data backups using passwords.File system security - All file systems keep track of resources, but only file systems with journals can log access by user, date, and time. The FAT 32 file system lacks both journaling and encryption capabilities. As a result, situations that require good security are usually deployed using a file system such as NTFS, which is part of Windows 2000 and Windows XP. If increased security is needed, it is possible to run certain utilities, such as CONVERT, to upgrade a FAT 32 file system to NTFS. The conversion process is not reversible. It is important to clearly define your goals before making the transition.Teaching Strategy: Keeping control of data is as important as not losing it.
17 Ochrona danychAplikacje wspomagające ochronę danych i system operacyjny..Zapory programoweSystemy Intrusion Detection Systems (IDS)Aktualizacje systemu operacyjnego i aplikacjiOprogramowanie antywirusowe i przeciw złośliwemu oprogramowaniuSlide 8 – Security ApplicationsExplain when and how to use security application softwareSecurity applications protect the operating system and software application data.Software firewall filters incoming data and is built into Windows XPIntrusion Detection Systems (IDS) monitors changes in the program codes for unusual activity, and sends reports if code is modifiedApplication and OS patches update applications and the operating system to repair security weaknesses that are discoveredThere are several software applications available to protect computers from unauthorized access by malicious computer code:Virus protectionSpyware protectionAdware protectionGrayware protectionIn developing a policy, management should calculate the cost of data loss versus the expense of security protection and determine what tradeoffs are acceptable.Należy porównać kosz wdrożenia rozwiązań ochrony do kosztu utraty informacji.
18 Wybór elementów ochrony Podczas wyboru elementów ochrony należy brać pod uwagę:Zalety i wady danego rozwiązaniaDublujące się funkcjeWymagania sprzętoweZałożenia budżetoweZagrożenia realne lub przewidywaneSlide 9 – Selecting Security Components16.2 Select security components based on customer needsThe security policy helps customers to select the security components necessary to keep equipment and data safe. If there is no security policy, you should discuss security issues with the customer. Use your past experience as a technician and research the current security products on the market when selecting security components for the customer. The goal is to provide the security system that best matches the customer's needs. Consider the following factors when deciding on security components:Advantages and disadvantages of a security componentOverlapping features and functionsComponent setup and maintenance requirementsBudget restrictionsReal and perceived threatsAfter completing this section, students will be able to perform the following tasks:Describe and compare security techniquesDescribe and compare access control devicesDescribe and compare firewall typesTeaching Strategy: When considering the factor of component setup and maintenance requirements, research whether updates are automatically performed or manually performed. After installation, what testing and inspection should occur to confirm that the component is functioning properly? When considering the cost of the security to implement, consider the value of the data or equipment that is being protected. Consider the cost of losing that data or equipment. The correct amount of security is determined when the cost of putting a system in place meets the value of the data to be protected.
19 Techniki zabezpieczeń Zależnie od sytuacji może być konieczne stosowanie więcej jak jednej metody szyfrowania.Stosuj zaszyfrowane hasła do logowania do sieciMonitoruj aktywność sieciową poprzez logi oraz inspekcjęWłącz szyfrowanie połączenia WiFiMetody kryptograficzne:Hashowanie algorytm śledzenia modyfikacji danychSzyfrowanie symetryczne używa jednego klucza do szyfrowania i deszyfrowaniaSzyfrowanie asymetryczne używa jednego klucza do szyfrowania a drugiego do deszyfrowania.VPN tworzy bezpieczny kanał poprzez niebezpieczna siećSlide 10 – Security TechniquesDescribe and compare security techniquesA technician should determine the appropriate techniques to secure equipment and data for the customer. Depending on the situation, more than one technique may be required.Passwords - Using secure, encrypted login information for computers with network access should be a minimum requirement in any organization. Malicious software can monitor the network to record plain-text passwords. If passwords are encrypted, attackers would have to decode the encryption to learn the passwords.Logging and Auditing - Event logging and auditing should be enabled to monitor activity on the network. The network administrator audits the log file of events to investigate network access by unauthorized users.Wireless Configurations - Wireless connections are especially vulnerable to access by attackers. Wireless clients should be configured to encrypt data.Encryption - Encryption technologies are used to encode data being transmitted on a network. Each technology is used for a specific purpose. Encryption methods include:Hash encoding is used to identify when a message has been tampered with during transmission. Hash encoding uses an algorithm (SHA, MD5).Symmetric encryption requires that the sender and the receiver use the same key to encode and decode data.Asymmetric encryption requires that a private key is used to encode a message and a public key is used to decode a message.Virtual Private Network (VPN) uses encryption to secure data in a “secure tunnel” as it travels through an unsecured network.Teaching Strategy: There are many techniques for security. You job is to choose which is most appropriate for your client. To make informed recommendations to your client, you should be knowledgeable of the advantages and disadvantages of each security technique.
20 Urządzenia kontroli dostępu Kontrola fizyczna:Zamki i blokadyKarta kodowaMonitoringOchronaDwuczynnikowa metoda ochrony:Slide 11 – Access Control DevicesDescribe and compare access control devicesPhysical access control devices are used to secure access to data and equipment by physical means.A lock is the most common device for securing physical areas. If a key is lost, all identically keyed locks must be changed.A conduit is a casing that protects the infrastructure media from damage and unauthorized access. All cabling should be enclosed in conduits or routed inside walls to prevent unauthorized access or tampering. Network outlets that are not in use should be disabled.A card key is a tool used to secure physical areas. If a card key is lost or stolen, only the card must be deactivated. The card key is more expensive than security locks.Video surveillance equipment records images and sound for monitoring activity. The recorded data must be monitored for problems.Security guards control access to the entrance of a facility and monitor the activity inside the facility.Data security devices are used to authenticate employees and authorized personnel to access to data on a computer and on a network. Two-factor identification is a method to increase security. Employees must use both a password and a data security device similar to those listed here to access data:Smart card is a device that has the ability to store data safely. The internal memory is an embedded integrated circuit chip (ICC) that connects to a reader either directly or through a wireless connection. Smart cards are used in many applications worldwide, like secure ID badges, online authentication devices, and secure credit card payments.Security key fob is a small device that resembles the ornament on a key ring. It has a small radio system that communicates with the computer over a short range. The fob is small enough so that many people attach them to their key rings. The computer must sense the signal from the key fob before it will accept a username and password.A biometric device measures a physical characteristic of the user, such as their fingerprints or the patterns of the iris in the eye. The user will be granted access if these characteristics match its database and the correct login information is supplied.Student Activity: The student course content includes a matching activity. To complete this activity, students will match the data security device to its correct definition.Karty inteligentneTokenyUrządzenia biometryczne
21 Typy zapór Zapora programowa Zapora sprzętowa Osobne urządzenie Wysoki koszt wstępny sprzętu i oprogramowaniaMały wpływ na wydajność maszyn klientówWiele rozwiązań o zróżnicowanych kosztachJest częścią systemu operacyjnegoZwykle chroni tylko komputer na którym pracujeWykorzystuje zasoby sprzętowe komputeraSlide 12 – Firewall TypesDescribe and compare firewall typesHardware and software firewalls protect data and equipment on a network from unauthorized access. Hardware and software firewalls have several modes for filtering network data traffic:Packet filtering is a set of rules that allows or denies traffic based on an IP address, a protocol, and/or a port used.Proxy firewall inspects all traffic and allows or denies packets based on configured rules, and protects internal IP addressing. A proxy acts as a gateway that protects computers inside the network.Stateful packet inspection keeps track of all channels of communication and provides the best degree of security at all levels.A hardware firewall is a physical filtering component that inspects data packets from the network before they reach computers and other devices on a network. Hardware firewalls are often installed on routers. A hardware firewall is a free-standing unit that does not use the resources of the computers it is protecting, so there is no impact on processing performance.A software firewall is an application on a computer that inspects and filters data packets. A software firewall uses the resources of the computer, resulting in reduced performance for the user.NOTE: On a secure network, if computer performance is not an issue, you should enable the internal operating system firewall for additional security. Some applications may not operate properly unless the firewall is configured correctly for them.Student Activity: The student course content includes the worksheet, Worksheet: Firewalls. To complete this worksheet, students will conduct research for two different hardware firewalls and two different software firewalls. Record the details of each and then recommend one hardware firewall and recommend one software firewall.
22 Konfiguracja ustawień zabezpieczeń Two primary security settings include:Ustaw odpowiednie poziomy praw folderów i plikówSkonfiguruj prawa udostępnienia dla folderów.Skonfiguruj prawa NTFS dla plików i folderów.Zabezpieczenia połączenia WiFiWired Equivalent Privacy (WEP)Wi-Fi Protected Access (WPA)Filtrowanie MACWyłączanie nieużywanych APRozgłaszanie SSIDZmiana SSIDSlide 13 – Configure Security Settings16.3 Implement customer's security policyAdding layers of security on a network can make the network more secure, but additional layers of security protection can be expensive. You must weigh the value of the data and equipment to be protected with the cost of protection when implementing the customer's security policy. After completing this section, students will be able to perform the following tasks:Configure security settingsDescribe configuring firewall typesDescribe protection against malicious softwareTeaching Strategy: The more security protection applied to a network, the more secure that network is. Budget affects the amount of security equipment that be affordably implemented. The value of the data (customer identity, research data for new products) is usually considered in determining the security budget for securing that data. Access to any network, especially the Internet puts a computer at risk. Even computers with low value data must be secured so that others won’t take control of the computer and use it for malicious purposes.Configure security settingsTwo common security errors are incorrect permissions on folders and files and incorrect configuration of wireless security.Configure permission levels to limit individual or group user access to specific data by file and/or by folder. The network administrator can use FAT or NTFS to configure folder sharing or folder-level permissions for users with network access. The network administrator can use file-level permissions with NTFS to configure access to files.Use the following tools to configure wireless security:Wired Equivalent Privacy (WEP) encrypts the broadcast data between the wireless access point (WAP) and the client using a 64-bit or 128-bit encryption key.Wi-Fi Protected Access (WPA) provides better encryption and authentication than WEP.MAC address filtering restricts computer access to a wireless access point to prevent the casual user from accessing the network. MAC address filtering is vulnerable when used alone and should be combined with other security filtering.The wireless Service Set Identifier (SSID) Broadcasting broadcasts the identity of the network. Turning off the SSID makes the network seem to disappear, but this is an unreliable form of wireless network security.The gain and signal pattern of the wireless antenna connected to a wireless access point can influence where the signal can be received. Avoid transmitting signals outside of the network area by installing an antenna with a pattern that serves your network users.Teaching Strategy: Full control is an option for a folder permission like it is for a file permission. Be aware of any default permissions used by the operating system. For example, older versions of Windows would give everyone full control of all files. Permissions for sharing a folder on a network can be different from folder or file level permissions.
23 Poziomy zabezpieczeń WiFi Slide 19 – Levels of Wireless Security9.3.4 Describe wireless security techniquesAttackers gain access to a network by being within range of an unprotected wireless network. When installing wireless services, you should apply wireless security techniques immediately in order to prevent unwanted access to the network.Use a wireless encryption system to encode data and thereby prevent unwanted capture and use of the data. Both ends of every link must use the same encryption standard.The levels of security include:Wired Equivalent Privacy (WEP) was the first-generation security standard for wireless. Attackers quickly discovered that WEP encryption was easy to break. The encryption keys used to encode the messages could be detected by monitoring programs.Wi-Fi Protected Access (WPA) was created as a temporary solution until the i (a security layer for wireless systems) was fully implemented. Now that i has been ratified, WPA2 has been released. It covers the entire i standard.Lightweight Extensible Authentication Protocol (LEAP), also called EAP-Cisco, is a wireless security protocol created by Cisco to address the weaknesses in WEP and WPA. LEAP is a good choice when using Cisco equipment in conjunction with operating systems such as Windows and Linux.Wireless Transport Layer Security (WTLS) is a security layer used in mobile devices that employ the Wireless Applications Protocol (WAP). Mobile devices do not have a great deal of spare bandwidth to devote to security protocols. WTLS was designed to provide security for WAP devices in a bandwidth-efficient manner.Teaching Strategy: Wireless is very convenient but when you send messages over the air you make it easier for an attacker to join your network or monitor your incoming and outgoing traffic. A computer technician must know how to configure wireless NICs and access points using the appropriate level of security. The default settings on an access point are designed for fast connectivity and are not secure. Some of the changes to be made to the default settings of the access point might include; disable DHCP and use static IP addresses, change SSID from default, disable SSID broadcast, change default username and password, update firmware, and enable a firewall.
24 Konfiguracja zapory Restrykcyjna polityka zapory Łagodna polityka zaporyKonfiguracja usługi zapory do uruchamiania ręcznego lub automatycznego.Konfiguracja zapory sprzętowej (numery portów, adresy źródłowe i docelowe).Slide 14 – Configure FirewallsDescribe configuring firewall typesBy opening only the required ports on a firewall, you are implementing a restrictive security policy. Any packet not explicitly permitted is denied. In contrast, a permissive security policy permits access through all ports except those explicitly denied.Software firewalls usually exist as a software application running on the computer being protected, or as part of the operating system. There are several third-party software firewalls. There is a software firewall built into Windows XP that is enabled by default in the Windows XP Service Pack 2.The easiest way to configure Windows firewall is to simply turn it on and let it run automatically. If an application attempts to establish a connection the user has not authorized, it will prompt the user and ask whether to allow it or not. To disable the firewall, go to: Start > Control Panel > Security Center > Windows FirewallThe configuration of the Windows XP firewall can be completed in two ways:Automatically: The user is prompted to "Keep Blocking", "Unblock", or "Ask Me Later" for any unsolicited requests. These requests may be from legitimate applications that have not been configured previously or may be from a virus or worm that has infected the system.Manage Security Settings: The user manually adds the program or ports that are required for the applications in use on the network.To add a program, select: Start > Control Panel > Security Center > Windows Firewall > Exceptions > Add ProgramTo disable the firewall, select: Start > Control Panel > Security Center > Windows FirewallMany hardware firewalls can only be configured for the ports that the software or applications use. Depending on the type of firewall, the configuration is done through commands or GUI configuration screens. An example of a hardware firewall that can be configured through a web interface is the Linksys device with a firewall capability.To configure a hardware firewall you normally require the following information:Port type: TCP or UDPPort number:Source address: Originating IP addressDestination address: Destination IP addressStudent Activity: The student course content includes the lab, Lab: Windows XP Firewall. To complete this lab, students will explore the Windows XP Firewall and configure some advanced settings.
25 Ochrona przed MalwareUruchamiaj programy skanujące komputer do wykrywania niechcianego oprogramowania.Anti-virus, anti-spyware, anti-adware, phishingAtaki phisingowe polegają na oszukaniu użytkownika i wyłudzeniu od niego informacji.Slide 15 – Protect Against MalwareDescribe protection against malicious softwareMalware is malicious software that is installed on a computer without the knowledge or permission of the user. Certain types of malware, such as spyware and phishing attacks, collect data about the user that can be used by an attacker to gain confidential information. You should run malicious software scanning programs to detect and clean the unwanted software. It may take several different anti-malware programs and multiple scans to completely remove all malicious software:Anti-virus programs typically run automatically in the background and monitor for suspected viruses. These programs can also be invoked by the user as needed. When a virus is detected, the user is warned and program attempts to quarantine or delete the virus.Anti-spyware programs scan for keystroke loggers and other malware so it can be removed from the computer.Anti-adware programs look for programs that launch advertising pop-up windows.Phishing programs block the IP addresses of known phishing websites and warn the user about suspicious websites.Phishing attacks often arrive by . An official looking form appears which asks the user to verify personal information or account information, including ID numbers or passwords. Other phishing attacks trick the user into providing the information needed to claim a prize. Once they provide their information, a user’s data is made available for sale to identity thieves, or if a credit card number is involved, to fraudulent users.NOTE: Malicious software may become embedded in the operating system. Special removal tools are available from the operating system manufacturer to clean the operating system.
26 Utrzymanie kont użytkowników Grupuj użytkowników ze względu na wymagane prawa.Kiedy użytkownik opuszcza organizację jego konto powinno zostać wyłączone a dostęp do sieci odebrany.Goście mogą łączyć się z siecią tylko poprzez konta gościnne.Slide 17 – User Account MaintenanceMaintain accountsEmployees in an organization may require different levels of access to data. Employees can be grouped by job requirements and given access to files according to group permissions.When an employee leaves an organization, access to data and hardware on the network should be terminated immediately.Temporary employees and guests may need access to the network. When guests are present, they can be assigned to the Guest account.Teaching Strategy: Network users are trusted with varying amounts of information and access to resources. What they can access usually depends upon their job responsibilities. When a user changes jobs, it is important to give them access to any new resources they will require to perform their job. At the same time, resources they no longer need should be restricted.
27 Aktualizacje programów zabezpieczających Stworzenie punktu przywracaniaUruchomienie programuAktualizacjaSkanowanieTakPrzegląd raportuKasowanie ręczne?Kasowanie ręczneSlide 21 – Updating Protection Programs9.4.1 Explain how to update signature files for virus checker and spywareVirus, spyware, and adware detection programs look for signatures (patterns in the programming code) of the software in a computer. The publishers of protection software compile the signatures into virus definition tables. Always retrieve the signature files from the manufacturer’s website or one of their mirror sites to make sure the update is authentic and not corrupted by viruses.CAUTION: When downloading the signature files from a mirror, ensure that the mirror site is a legitimate site. Always link to the mirror site from the manufacturer’s website.Steps to manually update signature files for anti-virus and anti-spyware software programsStep 1 Create a restore point in case there is a problem with the update.Step 2 Open the anti-virus or anti-spyware program.Step 3 Locate the update control button and select it.Step 4 After the program is updated, use it to scan your computer.Step 5 After the scan, check the resulting report for viruses or spyware that need to be treated or deleted manually.Step 6 Set the protection software to update automatically and to scan on a scheduled basis.Teaching Strategy: People who write viruses and worms constantly push the state of the art in computing. Virus checking software must be constantly upgraded to counteract these emerging, changing threats.NieZaplanowanie automatycznego skanowania
28 Aktualizacja systemu Tak Ponownie uruchom komputer Nie Stworzenie punktu przywracaniaSprawdzenie aktualizacjiPobranie aktualizacjiInstalacja aktualizacjiTakPotrzebny restart?Ponownie uruchom komputerSlide 22 – Operating System Updates9.4.2 Explain how to install operating systems service packs and security patchesBecause some viruses and worms can be difficult to remove from a computer, some manufacturers have designed tools specifically for the purpose. Follow these steps to update an operating system for service packs or security patches:Create a restore point in case there is a problem with the update. A restore point should be set before running a repair application. If the repair process corrupts the operating system or application software, the technician is able to return to the restore point before the repair process began.Check for updates to ensure that you have the latest ones available.Download updates using Automatic Updates or from the operating system manufacturer’s website.Install the update.Restart the computer, if prompted.Test all aspects to ensure that the update has not caused any issues.Teaching Strategy: Operating system and application software must be constantly upgraded to counteract emerging, changing threats. In some cases viruses and worms are so severe the software manufacturer develops a special removal tool. You may be prompted to download and run this tool. Make sure you obtain this tool from an authorized source.Student Activity: The student course content includes the worksheet, Worksheet: Operating System Updates. To complete this worksheet, students will conduct research for available updates for a particular operating system. List the configuration options for updating the OS and select one method over the rest.NiePrzetestuj działanie systemu
29 Proces rozwiązywania problemów Krok 1 Zbierz dane od klientaKrok 2 Sprawdź oczywiste kwestieKrok 3 Spróbuj najpierw najszybszych rozwiązańKrok 4 Zbierz dane z komputeraKrok 5 Oceń problem i zaimplementuj rozwiązanieKrok 6 Zamknij sprawę z klientemSlide 61 - The Troubleshooting Process5.7 Troubleshoot operating systemsMost operating systems contain utilities to assist in the troubleshooting process. These utilities help a technician to determine why the computer crashes or does not boot properly. The utilities also help identify the problem and how to resolve it.Follow the steps outlined in this section to accurately identify, repair, and document the problem.After completing this section, students will meet these objectivesReview the troubleshooting process.Identify common problems and solutions
30 1. Zbierz dane od klienta Dane klienta Konfiguracja komputera Nazwa firmy, nazwa osoby, dane kontaktoweKonfiguracja komputeraSystem operacyjny, zainstalowane aktualizacje, środowisko siecioweInformację należy zbierać na zleceniuOpis problemówPytania otwarteJakie zmiany wprowadzono w zasadach zabezpieczeń?Pytania zamknięteCzy wszystkie sygnatury są aktualne?Slide 62 – 1. Gather Data from the CustomerReview the troubleshooting processThe first Krok in the troubleshooting process is to gather data from the customer. This Krok allows the technician to evaluate the situation. The technician must organize the information about the customer and the reported problem. Often a work order is used to collect this information.There are two types of questions you can ask: open-ended questions and close-ended questions.Open-ended questions cannot be answered with "yes" or "no" answers. The purpose of open-ended questions is to allow the customer to describe the problem.Close-ended questions can usually be answered with "yes" or "no" answers. This type of question can help a technician focus in on an error and locate the exact problem once a potential solution is being tested.Examples of open-ended questions:What problems are you experiencing with your computer or network?What software has been installed on your computer recently?What were you doing when the problem was identified?What operating system do you have installed on your computer?What updates or patches have been installed on your computer?Examples of closed-ended questions:Has anyone else used your computer recently?Does the computer boot up successfully?Have you changed your password recently?Have you received any error messages on your computer?Are you currently logged into the network?When a customer is not able to accurately describe the problem, there are other ways to evaluate the situation in subsequent steps in the troubleshooting process.
31 3. Spróbuj najpierw najszybszych rozwiązań Sprawdź okablowaniePonownie uruchom komputer lub sprzęt sieciowyZaloguj się jako inny użytkownikSprawdź sygnatury programu antywirusowego.Przeskanuj komputerSprawdź i zainstaluj aktualizacje systemu operacyjnegoOdłącz komputer od sieciZmień hasłoSlide 26 – 3. Try Quick Solutions First9.5.1 Review the troubleshooting processOnce the obvious issues of the security problem have been evaluated, the technician should try the quick solutions. This step in the troubleshooting process will usually repair a temporary fault in the system or catch problems the customer has overlooked. These tests can often be performed while the technician gathers additional data. Here are some quick solutions:Check that all cables are connected to the proper locationsUnseat and then reconnect cables and connectorsReboot the computer or network deviceLogin as a different userCheck that the anti-virus and spyware signature files are up-to-dateScan computer with protection softwareCheck computer for the latest OS patches and updatesDisconnect from the networkChange your passwordNOTE: If you suspect that the security issue you are investigating is the result of a crime, notify the appropriate authorities. Leave the crime scene intact and undisturbed and prevent access to the area. Secure the area by locking the doors. Wait for the authorities to give you permission to make repairs to the equipment or the network.Teaching Strategy: Quick solutions include restoring cables between network devices and computers to their original positions. Another quick test would be to run virus scans and spyware checkers. Be sure to reboot one device at a time. Check date of last scan, check date of last update of signature file, run new scan.
32 4. Zbierz dane z komputera Oprogramowanie antywirusowe tworzy często raporty o infekcjachJest wiele przydatnych narzędzi do walki z zagrożeniami:Sprawdź ich aktualność.Sprawdź ich logi.Manager zadań pozwala na wykrycie nieznanych procesów i programów.Slide 27 – 4. Gather Data from the Computer9.5.1 Review the troubleshooting processAfter a technician has gathered information from the customer, performed a visual inspection, and tried quick solutions, it is time to inspect the computer. Third-party software, such as anti-virus and anti-spyware applications, can report on the files that have been infected. There are several tools available in the operating system that a technician can use:Verify that the signature file is current.Check the security software log file for entries.Task Manager is used to check for unknown applications that are running.
33 5. Oceń problem i zaimplementuj rozwiązanie Oceń problem i dane zebrane w poprzednich krokachOkreśl rozwiązaniaZaimplementuj najlepsze rozwiązanieJeśli sposób nie przyniesie efektu, cofnij dokonane zmiany.UWAGA: Nie nakłaniaj użytkownika do zdradzenia jego hasła.Slide 28 – 5. Evaluate Problem & Implement Solution9.5.1 Review the troubleshooting processIf the technician has used troubleshooting tools without finding the cause of the problem, the problem must be researched further.Consider talking to other people that work with technology.Always consult the available documentation, search the web for white papers, and review technical informationAfter several possible solutions have been identified, each should be evaluated and implemented one at a time. If a proposed solution doesn’t correct the problem, reset the computer back to the original state and try another proposed solution.NOTE: Never ask a customer to reveal a password. If you need to access a computer and the customer cannot stay nearby, have the customer create a temporary password. Advise the customer to reset the password when the repair is complete.
34 6. Zamknij sprawę z klientem Kiedy masz pewność, że problem jest już rozwiązany:Udokumentuj sprawę i wszystkie podjęte kroki na zleceniu.Wyjaśnij klientowi rozwiązanie problemu.Pozwól klientowi sprawdzić rozwiązanie.Wypełnij całość zlecenia.Uaktualnij dziennik napraw. Stwórz dokumentację potrzebną w przypadku przyszłych podobnych problemów.Slide 67 – 6. Close with the CustomerReview the troubleshooting processWhen you are confident that the problem has been resolved, the next Krok is to close with the customer. The technician must completely document the customer contact information, problem description, and steps to resolve the issue in the work order.Explain to the customer each Krok that you took to solve the problem. The customer needs to understand what caused the problem in order to avoid similar kinds of problems in the future. Turn on the computer and let the customer verify that the problem has been solved. Finally, have the customer reboot the system and check for any problems.Complete all documentation. Make sure you fill out all internal documentation, such as sales orders, time logs, and receipts. A work order should be completed and the repair journal should be updated. You can use the notes from the journal for future reference and to build a knowledge database.
35 Typowe problemy i ich rozwiązania SymptomRozwiązanieKomputer instaluje aktualizacje w niedogodnych porach.Zmień ustawienia Aktualizacji automatycznych na dogodną porę dnia lub nocy.Sieć bezprzewodowa została zaatakowana.Zmień szyfrowanie na 128-bit WEP, WAP, lub EAP-Cisco.Skradziony laptop został odzyskany przez policję. Nie jest już jednak potrzebny.Po odzyskaniu danych zniszcz dysk twardy i przekaż do utylizacji.Użytkownik skarży się, że otrzymuje dużo niechcianej poczty.Może to być atak na serwer poczty. Dodaj adresata wiadomości do filtra.Nieznana osoba podająca się za serwisanta przebywa obok komputerów pracowników.Skontaktuj się z policją lub ochroną. Poucz użytkowników żeby nie trzymali swoich haseł zapisanych przy komputerach.Slide 30 – Common Problems and Solutions9.5.2 Identify common problems and solutionsComputer problems can be attributed to hardware, software, connectivity issues, or some combination of the three. You will resolve some types of computer problems more often than others. The worksheet is designed to reinforce your communication skills to verify information from the customer.Other common printer problems and possible causes to consider:Problem: A computer runs updates and requires rebooting at inconvenient times.Possible solutions might be to set Windows Automatic Update to run daily at a convenient time, such as lunchtime.Problem: A wireless network is compromised even though 64-bit WEP encryption is in use.Possible solutions might be to upgrade to 128-bit WEP security, WAP, or EAP-Cisco security.Problem: A stolen laptop is returned by the police. It is no longer needed by the user.After recovering any sensitive data, destroy the hard drive and recycle the computer.Problem: A user complains that his system is receiving hundreds or thousands of junk s daily.This may be a denial of service attack. At the server, filter out from the sender.Problem: A printer repair person no one remembers seeing before is observed looking under keyboards and on desktops.Contact security or police. Advise users never to hide passwords near their work area.Student Activity: The student course content includes the worksheet, Gather Information From The Customer. To complete this worksheet, students will document information gathered from the customer in a troubleshooting incident. This activity is designed to help the student understand how to condense information and document issues. The instructor can create additional scenarios to provide students more opportunities to practice this skill. (Note: This worksheet is designed as a role-playing activity. Students work in pairs. One student plays the role of the customer and uses the information on page 2, “Student Customer Sheet”, to report the problem to the other student. The other student plays the role of the level-one technician and will complete the work order, which is page 1.)