Pobieranie prezentacji. Proszę czekać

Pobieranie prezentacji. Proszę czekać

Rozdział 9: Bezpieczeństwo

Podobne prezentacje


Prezentacja na temat: "Rozdział 9: Bezpieczeństwo"— Zapis prezentacji:

1 Rozdział 9: Bezpieczeństwo
Cisco Networking Academy program IT Essentials: PC Hardware and Software v4.0 Chapter 9: Security IT Essentials: PC Hardware and Software v4.0

2 Znaczenie bezpieczeństwa
Informacje prywatne, tajemnice przedsiębiorstwa, dane finansowe, sprzęt komputerowy i elementy bezpieczeństwa narodowego były narażone na ryzyko jeśli odpowiednie procedury bezpieczeństwa niby byłyby przestrzegane. Obowiązki technika obejmują dbanie o bezpieczeństwo danych i sieci Slide 5 – The Importance of Security 9.0 Introduction to Security Chapter Technicians need to understand computer and network security. Private information, company secrets, financial data, computer equipment, and items of national security are placed at risk if proper security procedures are not followed. After completing this chapter, students will meet these objectives: Explain why security is important. Describe security threats. Identify security procedures. Identify common preventive maintenance techniques for security. Troubleshoot security. 9.1 Explain why security is important Theft, loss, network intrusion, and physical damage are some of the ways a network or computer can be harmed. Damage to, or loss of, equipment can mean a loss of productivity. Repairing and replacing equipment can cost the company time and money. Unauthorized use of a network can expose confidential information and reduce network resources. A technician’s primary responsibilities include data and network security. Student Activity: The student course content includes the worksheet, 9.1 Worksheet: Security Attacks. To complete this worksheet, students will conduct research on computer crime and security attacks. Describe the incident in writing. Explain if the incident could have been prevented and if so, list the precautions that might have been used.

3 Zagrożenia Typy ataków na zabezpieczenia: Fizyczne Dane Zagrożenia:
Kradzież i uszkodzenie sprzętu komputerowego Dane Usunięcie, uszkodzenie, nieautoryzowany dostęp do danych. Zagrożenia: Wewnętrzne Pracownicy mogą powodować zagrożenia bezpieczeństwa (nieświadomie lub z zamierzeniem). Zewnętrzne Ataki w zorganizowany lub niezorganizowany sposób. Slide 6 – Security Threats 9.2 Describe security threats Types of attacks to computer security: Physical attacks result in theft, damage, and/or destruction to computer equipment. Data attacks result in removal, corruption, denial of access, unauthorized access, or theft of information. Potential threats: Internal threats from employees who have access may pose a malicious threat or an accidental threat. External threats from those outside of an organization that do not have authorized access. Outside users may attempt an unstructured attack by using available resources (passwords or scripts) to gain access. They may also attempt a structured attack by using code to access to computer network or resources. After completing this section, students will meet these objectives: Define viruses, worms, and Trojan horses Explain web security Define adware, spyware, and grayware Explain Denial of Service Describe spam and popup windows Explain social engineering Explain TCP/IP attacks Explain hardware deconstruction and recycling

4 Wirusy, robaki, konie trojańskie
Wirus to kod oprogramowania, który jest celowo stworzony przez atakującego. Wirusy mogą zbierać wrażliwe dane lub mogą zmienić lub zniszczyć informacje Robak to samoreplikujący program, który korzysta z sieci do powielania swojego kodu. Robaki zużywają przepustowość sieci. Koń trojański jest to technicznie robak o nazwie i działaniu przypominającemu oprogramowanie nieszkodliwe. Oprogramowanie antywirusowe jest przeznaczone do wykrywania i usunąć wirusów, robaków i koni trojańskich, zanim zdążą zainfekować komputer. Slide 7 – Viruses, worms, and Trojan Horses 9.2.1 Define viruses, worms, and Trojan horses Malicious software (malware) is any software designed to damage or to disrupt a system. Types of malware are; viruses, worms, Trojan Horses, adware, spyware, grayware, and other unwanted software. A computer virus is software code that is deliberately created by an attacker. Viruses can be attached to computer code or software and can then infect a computer when the software is executed on that computer. Viruses may collect sensitive information or may alter or destroy information. A worm is a self-replicating program that uses the network to duplicate its code to the hosts on the network. At a minimum, worms consume bandwidth in a network. A Trojan horse is technically a worm and is named for its method of getting past computer defenses by pretending to be something useful. A keystroke logger, for instance, detects sensitive information by monitoring the user's keystrokes. The results of a Trojan horse can include data damage, production loss, and data theft. Anti-virus software is designed to detect, disable, and remove viruses, worms, and Trojan horses before they infect a computer. Anti-virus software becomes outdated quickly, however, and technicians must therefore apply the most recent updates, patches, and virus definitions as part of a regular maintenance schedule. Student Activity: The student course content includes the worksheet, Worksheet: Third-Party Anti-Virus Software. To complete this worksheet, students will conduct research on four different third-party anti-virus software programs. Record details of each. Recommend one for purchase.

5 Bezpieczeństwo sieci Web
Włamywacze mogą korzystać z wymienionych narzędzi, aby zainstalować program na komputerze. ActiveX Kontroluje interaktywne strony WWW Java Pozwala na wykonywanie apletów JavaScript Współdziała z kodem HTML i tworzy interaktywne strony WWW. Slide 8 – Web Security 9.2.2 Explain web security Tools that are used to make web pages more powerful and versatile can also make computers more vulnerable to attacks. ActiveX was created by Microsoft to control interactivity on web pages. If ActiveX is on a page, an applet or small program has to be downloaded to gain access to the full functionality. Java is a programming language that allows applets to run within a web browser. Examples of applets include a calculator or a counter. JavaScript is a programming language developed to interact with HTML source code to allow interactive web sites. Examples include a rotating banner or a popup window. Attackers may use any of these tools to install a program on a computer. To prevent against these attacks, most browsers have settings that force the computer user to authorize the downloading or use of ActiveX, Java, or JavaScript

6 Adware, Spyware, Grayware
Zazwyczaj instalowane bez wiedzy użytkownika, programy te gromadzą informacje przechowywane na komputerze, zmieniają konfigurację komputera, lub otwierają dodatkowe okna na komputerze. Slide 9 – Adware, Spyware, and Grayware 9.2.3 Define adware, spyware, and grayware Typically installed without the user’s knowledge, these programs collect information stored on the computer, change the computer configuration, or open extra windows on the computer and all without the user’s consent. Adware displays advertising, usually in a popup window. Grayware or malware is a file or program other than a virus that is potentially harmful. Many grayware attacks are phishing attacks that try to persuade the reader to unknowingly provide attackers with access to personal information. Spyware, a type of grayware, is distributed without any user intervention of knowledge. Spyware monitors computer activity then sends the information back to the organization responsible for launching the spyware. Phishing is a form of social engineering where the attacker pretends to represent a legitimate outside organization. The attacker might ask for verification of information, such as a password or username, to supposedly prevent some terrible consequence from occurring. NOTE: There is rarely a need to give out sensitive personal or financial information online. Be suspicious. Use the postal service to share sensitive information. Spyware and adware removal tools are available to remove adware, spyware, and grayware from a computer. Student Activity: The student course content includes a matching activity. To complete this activity, students will match each of the words (adware, spyware, and phishing) to the appropriate definition.

7 Denial of Service (DoS)
Uniemożliwia użytkownikom dostęp do usług Wysyła tyle żądań usług ze doprowadza do przeciążenia serwera lub nawet zatrzymanie jego działania Ping of Death seria powtórzonych wiadomości ICMP o rozmiarze większym niż obsługiwany przez system. I Bomb wielka ilość wiadomości mająca za zadanie przeciążyć serwer. Distributed DoS atak odpalany z wielu komputerów (zombies, botnet) Slide 10 – Denial of Service (DoS) 9.2.4 Explain Denial of Service Denial of Service (DoS) is a form of attack that prevents users from accessing normal services, such as or a web server, because the system is busy responding to abnormally large amounts of requests. DoS works by sending enough requests for a system resource that the requested service is overloaded and ceases to operate. Ping of Death – A series of repeated, larger than normal pings that are intended to crash the receiving computer Bomb - A large quantity of bulk that overwhelms the server preventing users from accessing Distributed DoS (DDoS) uses many infected computers, called zombies, to launch an attack. With DDoS, the intent is to obstruct or overwhelm access to the targeted server. Zombie computers located at different geographical locations make it difficult to trace the origin of the attack.

8 Spam i wyskakujące okienka
Spam jest niechcianą korespondencją , która może być wykorzystywana do wysyłania linków szkodliwych lub wprowadzających w błąd treści. Popup to automatycznie otwierane nowe okna, najczęściej reklamowe. Slide 11 – Spam and Popup Windows 9.2.5 Describe spam and popup windows Spam, also known as junk mail, is unsolicited . In most cases, spam is used as a method of advertising. However, spam can be used to send harmful links or deceptive content. When used as an attack method, spam may include links to an infected website or an attachment that could infect a computer. These links or attachments may result in lots of windows designed to capture your attention and lead you to advertising sites. These windows are called popups. Uncontrolled popup windows can quickly cover the user's screen and prevent any work from getting done. To combat spam and phishing, use anti-virus software and setting options in . Some spam still may get through, so look for these common indications of spam; no subject line, incomplete return address, computer generated s, and return s not sent by the user. Należy używać oprogramowania antywirusowego i blokady wyskakujących okienek.

9 Inżynieria społeczna Nigdy nie zdradzaj swojego hasła
Zawsze weryfikuj tożsamość nieznanej osoby Ograniczaj dostęp osób nieznanych Pilnuj osoby odwiedzające miejsce pracy Slide 12 – Social Engineering 9.2.6 Explain social engineering A social engineer is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information. A social engineer may gain the confidence of an employee to convince them to divulge username and password information or may pose as a technician to attempt to gain entry into a facility. A social engineer would be likely to speak using computer terminology and/or to dress similar to the type of worker they are pretending to be, including carrying equipment. To protect against social engineering: Never give out a password Always ask for the ID of the unknown person Restrict access of unexpected visitors Escort all visitors through the facility How many people know someone who writes a password on a note and sticks it to the monitor or under the keyboard?

10 Ataki TCP/IP TCP/IP kontroluje całą transmisję w internecie.
Slide 13 – TCP/IP Attacks 9.2.7 Explain TCP/IP attacks TCP/IP is the protocol suite used to control all communications on the Internet. The most common TCP/IP attacks are: SYN Flood randomly opens TCP ports, tying up the network equipment or computer with a large amount of false requests, causing sessions to be denied to others DoS sends abnormally large amounts of requests to a system, preventing access to the services DDoS DoS attack using “zombies” to make tracing the origin of the attack difficult to locate Spoofing gains access to resources on devices by pretending to be a trusted computer Man-in-the-Middle intercepts or inserts false information in traffic between two hosts Replay uses network sniffers to extract usernames and passwords to be used at a later date to gain access DNS Poisoning changes the DNS records on a system to point to false servers where the data is recorded

11 Likwidacja i utylizacja komputerów
Wyczyść wszystkie dyski twarde, a następnie użyj narzędzia, aby w pełni usunąć wszystkie dane. Jedyną skuteczną metodą skasowania zawartości dysku twardego jest jego zniszczenie. Podobnie postępujemy z dyskietkami i dyskami optycznymi. Slide 14 – Computer Disposal and Recycling 9.2.8 Explain hardware deconstruction and recycling Teaching Strategy: When migrating from an old pc to a new pc be sure to properly dispose of old data. Many computer parts can be reused so data must be properly erased. Before disposing of or recycling hardware, be sure to eliminate the possibility that someone else may have access to software and data left on the equipment. Erase all hard drives, then use a third-party tool to fully erase all data. The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces. To destroy software media (floppy disks and CDs), use a shredding machine designed for shredding these materials.

12 Warstwy zabezpieczeń Slide 15 – Security is Strengthened in Layers
9.3 Identify security procedures Technicians should use a security plan with clear procedures to determine what to do in a critical situation. Security plan policies should be updated regularly as new threats are released daily. Overall security plans should be reviewed on a yearly basis. Conduct regular tests to determine areas where security is weak. There are multiple layers of security in a network that are vulnerable to attack, including physical, wireless, and data layers. Teaching Strategy: A computer technician will need to know how to implement security procedures in order to protect a computer and information from data loss, corruption, and theft (hardware or data). Security plans are maintained and updated on a regular basis. An appropriate implementation of computer security will implement several layers of security. Security is strengthened in layers. After completing this section, students will meet these objectives: Explain what is required in a basic local security policy Explain the tasks required to protect physical equipment Describe ways to protect data Describe wireless security techniques

13 Polityka bezpieczeństwa
Kolekcja zasad, zaleceń i procedur Określa możliwe wykorzystanie komputerów. Określa osoby uprawnione do korzystania ze sprzętu. Określa urządzenia, które mogą być instalowane w sieci i zasady ich używania. Określa wymagania ochrony danych w sieci. Określa proces uzyskiwania dostępu do sprzętu i danych przez pracownika. Slide 6 – Outline a Security Policy Outline a local security policy A security policy is a collection of rules, guidelines, and checklists. Network technicians and managers of an organization work together to develop the rules and guidelines for the security needs of computer equipment. A security policy includes the following elements: Define an acceptable computer usage statement for an organization. Identify the people permitted to use the computer equipment in an organization. Identify devices that are permitted to be installed on a network, as well as the conditions of the installation. Modems and wireless access points are examples of hardware that could expose the network to attacks. Define the requirements necessary for data to remain confidential on a network. Determine a process for employees to acquire access to equipment and data. This process may require the employee to sign an agreement regarding the company rules. It will also list the consequences for failure to comply. The security policy should also provide detailed information about the following issues in case of an emergency: Steps to take after a breach in security Who to contact in an emergency Information to share with customers, vendors, and the media Secondary locations to use in an evacuation Steps to take after an emergency is over, including the priority of services to be restored CAUTION: A security policy must be enforced and followed by all employees to be effective. Teaching Strategy: A security policy is a written document that details the rules and courses of action that relate to all the computers and network equipment in an organization, both during day-to-day operations and in case of emergencies. A local security policy may specify what can and cannot be done with the computers on a network. The policy defines who can use computers and for what purposes. The policy protects the company in case the network is used to perform illegal activities. The value of the security policy is that it can be created calmly before an emergency or security incident happens. This prevents making poor decisions in times of stress or crisis. Student Activity: The student course content includes the worksheet, Worksheet: Security Policy. To complete this worksheet, students will answer security questions regarding the security of the equipment, access privileges, Internet access of their IT Essentials classroom.

14 Polityka bezpieczeństwa
Odpowiedzi na pytania w polityce bezpieczeństwa: Jakie zasoby chronić? Jakie są zagrożenia? Co zrobić w przypadku zagrożenia lub ataku? Slide 16 – Security Policy 9.3.1 Explain what is required in a basic local security policy Questions to answer in writing a security policy: What assets require protection? What are the possible threats? What should be done in the event of a security breach? Elements to include in a security policy: A process for handling network security incidents A process for auditing existing network security A general security framework for implementing network security Behaviors that are allowed Behaviors that are prohibited What to log and how to store the logs: Event Viewer, system log files, or security log files Network access to resources through account permissions Authentication technologies to access data: usernames, passwords, biometrics, smart cards Teaching Strategy: Security policies describe what to do when faced with many emergencies. It is important to develop and distribute the security policy BEFORE the emergency happens. Local security policies may vary from company to company. They may also vary depending on the device to secure.

15 Ochrona sprzętu Kradzież całego komputera lub jego elementu jest najprostszym sposobem kradzieży danych. Kontroluj dostęp do pomieszczeń Stosuj blokady Zamykaj serwerownie Oznaczaj urządzenia Slide 17 – Protecting Equipment 9.3.2 Explain the tasks required to protect physical equipment When a computer is stolen, the data is also stolen. There are several methods of physically protecting computer equipment: Control access to facilities Use cable locks with equipment Keep telecommunication rooms locked Fit equipment with security screws Use security cages around equipment Label and install sensors, such as Radio Frequency Identification (RFID) tags, on equipment There are several means of protecting access to facilities: Card keys are identity cards with a chip that stores user data, including the level of access Berg connectors for connecting to a floppy drive Biometric sensors that identify physical characteristics of the user, such as a fingerprint or retina Posted security guard Sensors, such as RFID tags, to monitor equipment Teaching Strategy: Since stealing the whole PC is the easiest way to steal data; physical computer equipment must be secured.

16 Ochrona danych Metody ochrony: Hasła Szyfrowanie Zabezpieczanie portów
Kopie zapasowe Zabezpieczenia systemu plików Slide 18 – Protecting Data 9.3.3 Describe ways to protect data The value of physical equipment is often far less than the value of the data it contains. To protect data, there are several methods of security protection that can be implemented. Password protection can prevent unauthorized access to content. Password policies should include: Expire after a set period of time Contain a mixture of letters and numbers Prevent users from leaving written passwords in view Lockout rules to limit the number of unsuccessful attempts Data encryption uses codes and ciphers. Virtual Private Network (VPN) uses encryption to protect data. A VPN connection allows a remote user to safely access resources as if their computer is physically attached to the local network. Port protection - Every communication using TCP/IP is associated with a port number. HTTPS, for instance, uses port 443 by default. A firewall is a way of protecting a computer from intrusion through the ports. The user can control the type of data sent to a computer by selecting which ports will be open and which will be secured. Data backups are one of the most effective ways of protecting against data loss. Establish data backup procedures which account for frequency of backups, storage for data backups, and securing data backups using passwords. File system security - All file systems keep track of resources, but only file systems with journals can log access by user, date, and time. The FAT 32 file system lacks both journaling and encryption capabilities. As a result, situations that require good security are usually deployed using a file system such as NTFS, which is part of Windows 2000 and Windows XP. If increased security is needed, it is possible to run certain utilities, such as CONVERT, to upgrade a FAT 32 file system to NTFS. The conversion process is not reversible. It is important to clearly define your goals before making the transition. Teaching Strategy: Keeping control of data is as important as not losing it.

17 Ochrona danych Aplikacje wspomagające ochronę danych i system operacyjny.. Zapory programowe Systemy Intrusion Detection Systems (IDS) Aktualizacje systemu operacyjnego i aplikacji Oprogramowanie antywirusowe i przeciw złośliwemu oprogramowaniu Slide 8 – Security Applications Explain when and how to use security application software Security applications protect the operating system and software application data. Software firewall filters incoming data and is built into Windows XP Intrusion Detection Systems (IDS) monitors changes in the program codes for unusual activity, and sends reports if code is modified Application and OS patches update applications and the operating system to repair security weaknesses that are discovered There are several software applications available to protect computers from unauthorized access by malicious computer code: Virus protection Spyware protection Adware protection Grayware protection In developing a policy, management should calculate the cost of data loss versus the expense of security protection and determine what tradeoffs are acceptable. Należy porównać kosz wdrożenia rozwiązań ochrony do kosztu utraty informacji.

18 Wybór elementów ochrony
Podczas wyboru elementów ochrony należy brać pod uwagę: Zalety i wady danego rozwiązania Dublujące się funkcje Wymagania sprzętowe Założenia budżetowe Zagrożenia realne lub przewidywane Slide 9 – Selecting Security Components 16.2 Select security components based on customer needs The security policy helps customers to select the security components necessary to keep equipment and data safe. If there is no security policy, you should discuss security issues with the customer. Use your past experience as a technician and research the current security products on the market when selecting security components for the customer. The goal is to provide the security system that best matches the customer's needs. Consider the following factors when deciding on security components: Advantages and disadvantages of a security component Overlapping features and functions Component setup and maintenance requirements Budget restrictions Real and perceived threats After completing this section, students will be able to perform the following tasks: Describe and compare security techniques Describe and compare access control devices Describe and compare firewall types Teaching Strategy: When considering the factor of component setup and maintenance requirements, research whether updates are automatically performed or manually performed. After installation, what testing and inspection should occur to confirm that the component is functioning properly? When considering the cost of the security to implement, consider the value of the data or equipment that is being protected. Consider the cost of losing that data or equipment. The correct amount of security is determined when the cost of putting a system in place meets the value of the data to be protected.

19 Techniki zabezpieczeń
Zależnie od sytuacji może być konieczne stosowanie więcej jak jednej metody szyfrowania. Stosuj zaszyfrowane hasła do logowania do sieci Monitoruj aktywność sieciową poprzez logi oraz inspekcję Włącz szyfrowanie połączenia WiFi Metody kryptograficzne: Hashowanie algorytm śledzenia modyfikacji danych Szyfrowanie symetryczne używa jednego klucza do szyfrowania i deszyfrowania Szyfrowanie asymetryczne używa jednego klucza do szyfrowania a drugiego do deszyfrowania. VPN tworzy bezpieczny kanał poprzez niebezpieczna sieć Slide 10 – Security Techniques Describe and compare security techniques A technician should determine the appropriate techniques to secure equipment and data for the customer. Depending on the situation, more than one technique may be required. Passwords - Using secure, encrypted login information for computers with network access should be a minimum requirement in any organization. Malicious software can monitor the network to record plain-text passwords. If passwords are encrypted, attackers would have to decode the encryption to learn the passwords. Logging and Auditing - Event logging and auditing should be enabled to monitor activity on the network. The network administrator audits the log file of events to investigate network access by unauthorized users. Wireless Configurations - Wireless connections are especially vulnerable to access by attackers. Wireless clients should be configured to encrypt data. Encryption - Encryption technologies are used to encode data being transmitted on a network. Each technology is used for a specific purpose. Encryption methods include: Hash encoding is used to identify when a message has been tampered with during transmission. Hash encoding uses an algorithm (SHA, MD5). Symmetric encryption requires that the sender and the receiver use the same key to encode and decode data. Asymmetric encryption requires that a private key is used to encode a message and a public key is used to decode a message. Virtual Private Network (VPN) uses encryption to secure data in a “secure tunnel” as it travels through an unsecured network. Teaching Strategy: There are many techniques for security. You job is to choose which is most appropriate for your client. To make informed recommendations to your client, you should be knowledgeable of the advantages and disadvantages of each security technique.

20 Urządzenia kontroli dostępu
Kontrola fizyczna: Zamki i blokady Karta kodowa Monitoring Ochrona Dwuczynnikowa metoda ochrony: Slide 11 – Access Control Devices Describe and compare access control devices Physical access control devices are used to secure access to data and equipment by physical means. A lock is the most common device for securing physical areas. If a key is lost, all identically keyed locks must be changed. A conduit is a casing that protects the infrastructure media from damage and unauthorized access. All cabling should be enclosed in conduits or routed inside walls to prevent unauthorized access or tampering. Network outlets that are not in use should be disabled. A card key is a tool used to secure physical areas. If a card key is lost or stolen, only the card must be deactivated. The card key is more expensive than security locks. Video surveillance equipment records images and sound for monitoring activity. The recorded data must be monitored for problems. Security guards control access to the entrance of a facility and monitor the activity inside the facility. Data security devices are used to authenticate employees and authorized personnel to access to data on a computer and on a network. Two-factor identification is a method to increase security. Employees must use both a password and a data security device similar to those listed here to access data: Smart card is a device that has the ability to store data safely. The internal memory is an embedded integrated circuit chip (ICC) that connects to a reader either directly or through a wireless connection. Smart cards are used in many applications worldwide, like secure ID badges, online authentication devices, and secure credit card payments. Security key fob is a small device that resembles the ornament on a key ring. It has a small radio system that communicates with the computer over a short range. The fob is small enough so that many people attach them to their key rings. The computer must sense the signal from the key fob before it will accept a username and password. A biometric device measures a physical characteristic of the user, such as their fingerprints or the patterns of the iris in the eye. The user will be granted access if these characteristics match its database and the correct login information is supplied. Student Activity: The student course content includes a matching activity. To complete this activity, students will match the data security device to its correct definition. Karty inteligentne Tokeny Urządzenia biometryczne

21 Typy zapór Zapora programowa Zapora sprzętowa Osobne urządzenie
Wysoki koszt wstępny sprzętu i oprogramowania Mały wpływ na wydajność maszyn klientów Wiele rozwiązań o zróżnicowanych kosztach Jest częścią systemu operacyjnego Zwykle chroni tylko komputer na którym pracuje Wykorzystuje zasoby sprzętowe komputera Slide 12 – Firewall Types Describe and compare firewall types Hardware and software firewalls protect data and equipment on a network from unauthorized access. Hardware and software firewalls have several modes for filtering network data traffic: Packet filtering is a set of rules that allows or denies traffic based on an IP address, a protocol, and/or a port used. Proxy firewall inspects all traffic and allows or denies packets based on configured rules, and protects internal IP addressing. A proxy acts as a gateway that protects computers inside the network. Stateful packet inspection keeps track of all channels of communication and provides the best degree of security at all levels. A hardware firewall is a physical filtering component that inspects data packets from the network before they reach computers and other devices on a network. Hardware firewalls are often installed on routers. A hardware firewall is a free-standing unit that does not use the resources of the computers it is protecting, so there is no impact on processing performance. A software firewall is an application on a computer that inspects and filters data packets. A software firewall uses the resources of the computer, resulting in reduced performance for the user. NOTE: On a secure network, if computer performance is not an issue, you should enable the internal operating system firewall for additional security. Some applications may not operate properly unless the firewall is configured correctly for them. Student Activity: The student course content includes the worksheet, Worksheet: Firewalls. To complete this worksheet, students will conduct research for two different hardware firewalls and two different software firewalls. Record the details of each and then recommend one hardware firewall and recommend one software firewall.

22 Konfiguracja ustawień zabezpieczeń
Two primary security settings include: Ustaw odpowiednie poziomy praw folderów i plików Skonfiguruj prawa udostępnienia dla folderów. Skonfiguruj prawa NTFS dla plików i folderów. Zabezpieczenia połączenia WiFi Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Filtrowanie MAC Wyłączanie nieużywanych AP Rozgłaszanie SSID Zmiana SSID Slide 13 – Configure Security Settings 16.3 Implement customer's security policy Adding layers of security on a network can make the network more secure, but additional layers of security protection can be expensive. You must weigh the value of the data and equipment to be protected with the cost of protection when implementing the customer's security policy. After completing this section, students will be able to perform the following tasks: Configure security settings Describe configuring firewall types Describe protection against malicious software Teaching Strategy: The more security protection applied to a network, the more secure that network is. Budget affects the amount of security equipment that be affordably implemented. The value of the data (customer identity, research data for new products) is usually considered in determining the security budget for securing that data. Access to any network, especially the Internet puts a computer at risk. Even computers with low value data must be secured so that others won’t take control of the computer and use it for malicious purposes. Configure security settings Two common security errors are incorrect permissions on folders and files and incorrect configuration of wireless security. Configure permission levels to limit individual or group user access to specific data by file and/or by folder. The network administrator can use FAT or NTFS to configure folder sharing or folder-level permissions for users with network access. The network administrator can use file-level permissions with NTFS to configure access to files. Use the following tools to configure wireless security: Wired Equivalent Privacy (WEP) encrypts the broadcast data between the wireless access point (WAP) and the client using a 64-bit or 128-bit encryption key. Wi-Fi Protected Access (WPA) provides better encryption and authentication than WEP. MAC address filtering restricts computer access to a wireless access point to prevent the casual user from accessing the network. MAC address filtering is vulnerable when used alone and should be combined with other security filtering. The wireless Service Set Identifier (SSID) Broadcasting broadcasts the identity of the network. Turning off the SSID makes the network seem to disappear, but this is an unreliable form of wireless network security. The gain and signal pattern of the wireless antenna connected to a wireless access point can influence where the signal can be received. Avoid transmitting signals outside of the network area by installing an antenna with a pattern that serves your network users. Teaching Strategy: Full control is an option for a folder permission like it is for a file permission. Be aware of any default permissions used by the operating system. For example, older versions of Windows would give everyone full control of all files. Permissions for sharing a folder on a network can be different from folder or file level permissions.

23 Poziomy zabezpieczeń WiFi
Slide 19 – Levels of Wireless Security 9.3.4 Describe wireless security techniques Attackers gain access to a network by being within range of an unprotected wireless network. When installing wireless services, you should apply wireless security techniques immediately in order to prevent unwanted access to the network. Use a wireless encryption system to encode data and thereby prevent unwanted capture and use of the data. Both ends of every link must use the same encryption standard. The levels of security include: Wired Equivalent Privacy (WEP) was the first-generation security standard for wireless. Attackers quickly discovered that WEP encryption was easy to break. The encryption keys used to encode the messages could be detected by monitoring programs. Wi-Fi Protected Access (WPA) was created as a temporary solution until the i (a security layer for wireless systems) was fully implemented. Now that i has been ratified, WPA2 has been released. It covers the entire i standard. Lightweight Extensible Authentication Protocol (LEAP), also called EAP-Cisco, is a wireless security protocol created by Cisco to address the weaknesses in WEP and WPA. LEAP is a good choice when using Cisco equipment in conjunction with operating systems such as Windows and Linux. Wireless Transport Layer Security (WTLS) is a security layer used in mobile devices that employ the Wireless Applications Protocol (WAP). Mobile devices do not have a great deal of spare bandwidth to devote to security protocols. WTLS was designed to provide security for WAP devices in a bandwidth-efficient manner. Teaching Strategy: Wireless is very convenient but when you send messages over the air you make it easier for an attacker to join your network or monitor your incoming and outgoing traffic. A computer technician must know how to configure wireless NICs and access points using the appropriate level of security. The default settings on an access point are designed for fast connectivity and are not secure. Some of the changes to be made to the default settings of the access point might include; disable DHCP and use static IP addresses, change SSID from default, disable SSID broadcast, change default username and password, update firmware, and enable a firewall.

24 Konfiguracja zapory Restrykcyjna polityka zapory
Łagodna polityka zapory Konfiguracja usługi zapory do uruchamiania ręcznego lub automatycznego. Konfiguracja zapory sprzętowej (numery portów, adresy źródłowe i docelowe). Slide 14 – Configure Firewalls Describe configuring firewall types By opening only the required ports on a firewall, you are implementing a restrictive security policy. Any packet not explicitly permitted is denied. In contrast, a permissive security policy permits access through all ports except those explicitly denied. Software firewalls usually exist as a software application running on the computer being protected, or as part of the operating system. There are several third-party software firewalls. There is a software firewall built into Windows XP that is enabled by default in the Windows XP Service Pack 2. The easiest way to configure Windows firewall is to simply turn it on and let it run automatically. If an application attempts to establish a connection the user has not authorized, it will prompt the user and ask whether to allow it or not. To disable the firewall, go to: Start > Control Panel > Security Center > Windows Firewall The configuration of the Windows XP firewall can be completed in two ways: Automatically: The user is prompted to "Keep Blocking", "Unblock", or "Ask Me Later" for any unsolicited requests. These requests may be from legitimate applications that have not been configured previously or may be from a virus or worm that has infected the system. Manage Security Settings: The user manually adds the program or ports that are required for the applications in use on the network. To add a program, select: Start > Control Panel > Security Center > Windows Firewall > Exceptions > Add Program To disable the firewall, select: Start > Control Panel > Security Center > Windows Firewall Many hardware firewalls can only be configured for the ports that the software or applications use. Depending on the type of firewall, the configuration is done through commands or GUI configuration screens. An example of a hardware firewall that can be configured through a web interface is the Linksys device with a firewall capability. To configure a hardware firewall you normally require the following information: Port type: TCP or UDP Port number: Source address: Originating IP address Destination address: Destination IP address Student Activity: The student course content includes the lab, Lab: Windows XP Firewall. To complete this lab, students will explore the Windows XP Firewall and configure some advanced settings.

25 Ochrona przed Malware Uruchamiaj programy skanujące komputer do wykrywania niechcianego oprogramowania. Anti-virus, anti-spyware, anti-adware, phishing Ataki phisingowe polegają na oszukaniu użytkownika i wyłudzeniu od niego informacji. Slide 15 – Protect Against Malware Describe protection against malicious software Malware is malicious software that is installed on a computer without the knowledge or permission of the user. Certain types of malware, such as spyware and phishing attacks, collect data about the user that can be used by an attacker to gain confidential information. You should run malicious software scanning programs to detect and clean the unwanted software. It may take several different anti-malware programs and multiple scans to completely remove all malicious software: Anti-virus programs typically run automatically in the background and monitor for suspected viruses. These programs can also be invoked by the user as needed. When a virus is detected, the user is warned and program attempts to quarantine or delete the virus. Anti-spyware programs scan for keystroke loggers and other malware so it can be removed from the computer. Anti-adware programs look for programs that launch advertising pop-up windows. Phishing programs block the IP addresses of known phishing websites and warn the user about suspicious websites. Phishing attacks often arrive by . An official looking form appears which asks the user to verify personal information or account information, including ID numbers or passwords. Other phishing attacks trick the user into providing the information needed to claim a prize. Once they provide their information, a user’s data is made available for sale to identity thieves, or if a credit card number is involved, to fraudulent users. NOTE: Malicious software may become embedded in the operating system. Special removal tools are available from the operating system manufacturer to clean the operating system.

26 Utrzymanie kont użytkowników
Grupuj użytkowników ze względu na wymagane prawa. Kiedy użytkownik opuszcza organizację jego konto powinno zostać wyłączone a dostęp do sieci odebrany. Goście mogą łączyć się z siecią tylko poprzez konta gościnne. Slide 17 – User Account Maintenance Maintain accounts Employees in an organization may require different levels of access to data. Employees can be grouped by job requirements and given access to files according to group permissions. When an employee leaves an organization, access to data and hardware on the network should be terminated immediately. Temporary employees and guests may need access to the network. When guests are present, they can be assigned to the Guest account. Teaching Strategy: Network users are trusted with varying amounts of information and access to resources. What they can access usually depends upon their job responsibilities. When a user changes jobs, it is important to give them access to any new resources they will require to perform their job. At the same time, resources they no longer need should be restricted.

27 Aktualizacje programów zabezpieczających
Stworzenie punktu przywracania Uruchomienie programu Aktualizacja Skanowanie Tak Przegląd raportu Kasowanie ręczne? Kasowanie ręczne Slide 21 – Updating Protection Programs 9.4.1 Explain how to update signature files for virus checker and spyware Virus, spyware, and adware detection programs look for signatures (patterns in the programming code) of the software in a computer. The publishers of protection software compile the signatures into virus definition tables. Always retrieve the signature files from the manufacturer’s website or one of their mirror sites to make sure the update is authentic and not corrupted by viruses. CAUTION: When downloading the signature files from a mirror, ensure that the mirror site is a legitimate site. Always link to the mirror site from the manufacturer’s website. Steps to manually update signature files for anti-virus and anti-spyware software programs Step 1 Create a restore point in case there is a problem with the update. Step 2 Open the anti-virus or anti-spyware program. Step 3 Locate the update control button and select it. Step 4 After the program is updated, use it to scan your computer. Step 5 After the scan, check the resulting report for viruses or spyware that need to be treated or deleted manually. Step 6 Set the protection software to update automatically and to scan on a scheduled basis. Teaching Strategy: People who write viruses and worms constantly push the state of the art in computing. Virus checking software must be constantly upgraded to counteract these emerging, changing threats. Nie Zaplanowanie automatycznego skanowania

28 Aktualizacja systemu Tak Ponownie uruchom komputer Nie
Stworzenie punktu przywracania Sprawdzenie aktualizacji Pobranie aktualizacji Instalacja aktualizacji Tak Potrzebny restart? Ponownie uruchom komputer Slide 22 – Operating System Updates 9.4.2 Explain how to install operating systems service packs and security patches Because some viruses and worms can be difficult to remove from a computer, some manufacturers have designed tools specifically for the purpose. Follow these steps to update an operating system for service packs or security patches: Create a restore point in case there is a problem with the update. A restore point should be set before running a repair application. If the repair process corrupts the operating system or application software, the technician is able to return to the restore point before the repair process began. Check for updates to ensure that you have the latest ones available. Download updates using Automatic Updates or from the operating system manufacturer’s website. Install the update. Restart the computer, if prompted. Test all aspects to ensure that the update has not caused any issues. Teaching Strategy: Operating system and application software must be constantly upgraded to counteract emerging, changing threats. In some cases viruses and worms are so severe the software manufacturer develops a special removal tool. You may be prompted to download and run this tool. Make sure you obtain this tool from an authorized source. Student Activity: The student course content includes the worksheet, Worksheet: Operating System Updates. To complete this worksheet, students will conduct research for available updates for a particular operating system. List the configuration options for updating the OS and select one method over the rest. Nie Przetestuj działanie systemu

29 Proces rozwiązywania problemów
Krok 1 Zbierz dane od klienta Krok 2 Sprawdź oczywiste kwestie Krok 3 Spróbuj najpierw najszybszych rozwiązań Krok 4 Zbierz dane z komputera Krok 5 Oceń problem i zaimplementuj rozwiązanie Krok 6 Zamknij sprawę z klientem Slide 61 - The Troubleshooting Process 5.7 Troubleshoot operating systems Most operating systems contain utilities to assist in the troubleshooting process. These utilities help a technician to determine why the computer crashes or does not boot properly. The utilities also help identify the problem and how to resolve it. Follow the steps outlined in this section to accurately identify, repair, and document the problem. After completing this section, students will meet these objectives Review the troubleshooting process. Identify common problems and solutions

30 1. Zbierz dane od klienta Dane klienta Konfiguracja komputera
Nazwa firmy, nazwa osoby, dane kontaktowe Konfiguracja komputera System operacyjny, zainstalowane aktualizacje, środowisko sieciowe Informację należy zbierać na zleceniu Opis problemów Pytania otwarte Jakie zmiany wprowadzono w zasadach zabezpieczeń? Pytania zamknięte Czy wszystkie sygnatury są aktualne? Slide 62 – 1. Gather Data from the Customer Review the troubleshooting process The first Krok in the troubleshooting process is to gather data from the customer. This Krok allows the technician to evaluate the situation. The technician must organize the information about the customer and the reported problem. Often a work order is used to collect this information. There are two types of questions you can ask: open-ended questions and close-ended questions. Open-ended questions cannot be answered with "yes" or "no" answers. The purpose of open-ended questions is to allow the customer to describe the problem. Close-ended questions can usually be answered with "yes" or "no" answers. This type of question can help a technician focus in on an error and locate the exact problem once a potential solution is being tested. Examples of open-ended questions: What problems are you experiencing with your computer or network? What software has been installed on your computer recently? What were you doing when the problem was identified? What operating system do you have installed on your computer? What updates or patches have been installed on your computer? Examples of closed-ended questions: Has anyone else used your computer recently? Does the computer boot up successfully? Have you changed your password recently? Have you received any error messages on your computer? Are you currently logged into the network? When a customer is not able to accurately describe the problem, there are other ways to evaluate the situation in subsequent steps in the troubleshooting process.

31 3. Spróbuj najpierw najszybszych rozwiązań
Sprawdź okablowanie Ponownie uruchom komputer lub sprzęt sieciowy Zaloguj się jako inny użytkownik Sprawdź sygnatury programu antywirusowego. Przeskanuj komputer Sprawdź i zainstaluj aktualizacje systemu operacyjnego Odłącz komputer od sieci Zmień hasło Slide 26 – 3. Try Quick Solutions First 9.5.1 Review the troubleshooting process Once the obvious issues of the security problem have been evaluated, the technician should try the quick solutions. This step in the troubleshooting process will usually repair a temporary fault in the system or catch problems the customer has overlooked. These tests can often be performed while the technician gathers additional data. Here are some quick solutions: Check that all cables are connected to the proper locations Unseat and then reconnect cables and connectors Reboot the computer or network device Login as a different user Check that the anti-virus and spyware signature files are up-to-date Scan computer with protection software Check computer for the latest OS patches and updates Disconnect from the network Change your password NOTE: If you suspect that the security issue you are investigating is the result of a crime, notify the appropriate authorities. Leave the crime scene intact and undisturbed and prevent access to the area. Secure the area by locking the doors. Wait for the authorities to give you permission to make repairs to the equipment or the network. Teaching Strategy: Quick solutions include restoring cables between network devices and computers to their original positions. Another quick test would be to run virus scans and spyware checkers. Be sure to reboot one device at a time. Check date of last scan, check date of last update of signature file, run new scan.

32 4. Zbierz dane z komputera
Oprogramowanie antywirusowe tworzy często raporty o infekcjach Jest wiele przydatnych narzędzi do walki z zagrożeniami: Sprawdź ich aktualność. Sprawdź ich logi. Manager zadań pozwala na wykrycie nieznanych procesów i programów. Slide 27 – 4. Gather Data from the Computer 9.5.1 Review the troubleshooting process After a technician has gathered information from the customer, performed a visual inspection, and tried quick solutions, it is time to inspect the computer. Third-party software, such as anti-virus and anti-spyware applications, can report on the files that have been infected. There are several tools available in the operating system that a technician can use: Verify that the signature file is current. Check the security software log file for entries. Task Manager is used to check for unknown applications that are running.

33 5. Oceń problem i zaimplementuj rozwiązanie
Oceń problem i dane zebrane w poprzednich krokach Określ rozwiązania Zaimplementuj najlepsze rozwiązanie Jeśli sposób nie przyniesie efektu, cofnij dokonane zmiany. UWAGA: Nie nakłaniaj użytkownika do zdradzenia jego hasła. Slide 28 – 5. Evaluate Problem & Implement Solution 9.5.1 Review the troubleshooting process If the technician has used troubleshooting tools without finding the cause of the problem, the problem must be researched further. Consider talking to other people that work with technology. Always consult the available documentation, search the web for white papers, and review technical information After several possible solutions have been identified, each should be evaluated and implemented one at a time. If a proposed solution doesn’t correct the problem, reset the computer back to the original state and try another proposed solution. NOTE: Never ask a customer to reveal a password. If you need to access a computer and the customer cannot stay nearby, have the customer create a temporary password. Advise the customer to reset the password when the repair is complete.

34 6. Zamknij sprawę z klientem
Kiedy masz pewność, że problem jest już rozwiązany: Udokumentuj sprawę i wszystkie podjęte kroki na zleceniu. Wyjaśnij klientowi rozwiązanie problemu. Pozwól klientowi sprawdzić rozwiązanie. Wypełnij całość zlecenia. Uaktualnij dziennik napraw. Stwórz dokumentację potrzebną w przypadku przyszłych podobnych problemów. Slide 67 – 6. Close with the Customer Review the troubleshooting process When you are confident that the problem has been resolved, the next Krok is to close with the customer. The technician must completely document the customer contact information, problem description, and steps to resolve the issue in the work order. Explain to the customer each Krok that you took to solve the problem. The customer needs to understand what caused the problem in order to avoid similar kinds of problems in the future. Turn on the computer and let the customer verify that the problem has been solved. Finally, have the customer reboot the system and check for any problems. Complete all documentation. Make sure you fill out all internal documentation, such as sales orders, time logs, and receipts. A work order should be completed and the repair journal should be updated. You can use the notes from the journal for future reference and to build a knowledge database.

35 Typowe problemy i ich rozwiązania
Symptom Rozwiązanie Komputer instaluje aktualizacje w niedogodnych porach. Zmień ustawienia Aktualizacji automatycznych na dogodną porę dnia lub nocy. Sieć bezprzewodowa została zaatakowana. Zmień szyfrowanie na 128-bit WEP, WAP, lub EAP-Cisco. Skradziony laptop został odzyskany przez policję. Nie jest już jednak potrzebny. Po odzyskaniu danych zniszcz dysk twardy i przekaż do utylizacji. Użytkownik skarży się, że otrzymuje dużo niechcianej poczty. Może to być atak na serwer poczty. Dodaj adresata wiadomości do filtra. Nieznana osoba podająca się za serwisanta przebywa obok komputerów pracowników. Skontaktuj się z policją lub ochroną. Poucz użytkowników żeby nie trzymali swoich haseł zapisanych przy komputerach. Slide 30 – Common Problems and Solutions 9.5.2 Identify common problems and solutions Computer problems can be attributed to hardware, software, connectivity issues, or some combination of the three. You will resolve some types of computer problems more often than others. The worksheet is designed to reinforce your communication skills to verify information from the customer. Other common printer problems and possible causes to consider: Problem: A computer runs updates and requires rebooting at inconvenient times. Possible solutions might be to set Windows Automatic Update to run daily at a convenient time, such as lunchtime. Problem: A wireless network is compromised even though 64-bit WEP encryption is in use. Possible solutions might be to upgrade to 128-bit WEP security, WAP, or EAP-Cisco security. Problem: A stolen laptop is returned by the police. It is no longer needed by the user. After recovering any sensitive data, destroy the hard drive and recycle the computer. Problem: A user complains that his system is receiving hundreds or thousands of junk s daily. This may be a denial of service attack. At the server, filter out from the sender. Problem: A printer repair person no one remembers seeing before is observed looking under keyboards and on desktops. Contact security or police. Advise users never to hide passwords near their work area. Student Activity: The student course content includes the worksheet, Gather Information From The Customer. To complete this worksheet, students will document information gathered from the customer in a troubleshooting incident. This activity is designed to help the student understand how to condense information and document issues. The instructor can create additional scenarios to provide students more opportunities to practice this skill. (Note: This worksheet is designed as a role-playing activity. Students work in pairs. One student plays the role of the customer and uses the information on page 2, “Student Customer Sheet”, to report the problem to the other student. The other student plays the role of the level-one technician and will complete the work order, which is page 1.)

36


Pobierz ppt "Rozdział 9: Bezpieczeństwo"

Podobne prezentacje


Reklamy Google