SlideShare uma empresa Scribd logo

Ite pc v40_chapter9

Transferir como PPT, PDF
P
paulinagonzapyl
Tecnologia
1 de 37
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public ITE PC v4.0 Chapter 9 1 Chapter 9: Security IT Essentials: PC Hardware and Software v4.0
ITE PC v4.0 Chapter 9 2© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Purpose of this Presentation  List of chapter objectives  Overview of the chapter contents, including student worksheets student activities some potential student misconceptions  Reflection/Activities for instructors to complete to prepare to teach  Additional resources To provide to instructors an overview of Chapter 9:
ITE PC v4.0 Chapter 9 3© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Chapter 9 Objectives  9.1 Explain why security is important  9.2 Describe security threats  9.3 Identify security procedures  9.4 Identify common preventive maintenance techniques for security  9.5 Troubleshoot security
ITE PC v4.0 Chapter 9 4© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Chapter 9 Worksheets and Activity  9.1 Worksheet: Security Attacks  9.2.1 Worksheet: Third-Party Anti-Virus Software  9.2.3 Activity: Adware, Spyware, and Grayware  9.4.2 Worksheet: Operating System Updates  9.5.6 Worksheet: Gather Information from the Customer
ITE PC v4.0 Chapter 9 5© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public The Importance of Security  Private information, company secrets, financial data, computer equipment, and items of national security are placed at risk if proper security procedures are not followed.  A technician’s primary responsibilities include data and network security.
ITE PC v4.0 Chapter 9 6© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Security Threats Types of attacks to computer security:  Physical Theft, damage, or destruction to computer equipment.  Data Removal, corruption, denial of access, unauthorized access, or theft of information. Potential threats to computer security:  Internal threats Employees can cause a malicious threat or an accidental threat.  External threats Outside users can attack in an unstructured or structured way.
ITE PC v4.0 Chapter 9 7© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Viruses, Worms, and Trojan Horses  A computer virus is software code that is deliberately created by an attacker. Viruses may collect sensitive information or may alter or destroy information.  A worm is a self-replicating program that uses the network to duplicate its code to the hosts on the network. At a minimum, worms consume bandwidth in a network.  A Trojan horse is technically a worm and is named for its method of getting past computer defenses by pretending to be something useful.  Anti-virus software is designed to detect, disable, and remove viruses, worms, and Trojan horses before they infect a computer.
ITE PC v4.0 Chapter 9 8© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Web Security Attackers may use any of these tools to install a program on a computer.  ActiveX Controls interactivity on web pages  Java Allows applets to run within a browser Example: a calculator or a counter  JavaScript Interacts with HTML source code to allow interactive web sites Example: a rotating banner or a popup window
ITE PC v4.0 Chapter 9 9© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Adware, Spyware, and Grayware  Typically installed without the user’s knowledge, these programs collect information stored on the computer, change the computer configuration, or open extra windows on the computer and all without the user’s consent.
ITE PC v4.0 Chapter 9 10© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Denial of Service (DoS)  Prevents users from accessing normal services  Sends enough requests to overload a resource or even stopping its operation  Ping of Death is a series of repeated, larger than normal pings intended to crash the receiving computer  E-mail Bomb is a large quantity of bulk e-mail that overwhelms the e-mail server preventing users from accessing e-mail  Distributed DoS is an attack launched from many computers, called zombies
ITE PC v4.0 Chapter 9 11© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Spam and Popup Windows Use anti-virus software, options in e-mail software, popup blockers, and common indications of spam to combat these.  Spam is unsolicited email that can be used to send harmful links or deceptive content.  Popups are windows that automatically open and are designed to capture your attention and lead you to advertising sites.
ITE PC v4.0 Chapter 9 12© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Social Engineering  Never give out a password  Always ask for the ID of the unknown person  Restrict access of unexpected visitors  Escort all visitors through the facility
ITE PC v4.0 Chapter 9 13© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public TCP/IP Attacks TCP/IP is used to control all Internet communications.
ITE PC v4.0 Chapter 9 14© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Computer Disposal and Recycling  Erase all hard drives, then use a third-party tool to fully erase all data.  The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces.  To destroy software media (floppy disks and CDs), use a shredding machine designed for shredding these materials.
ITE PC v4.0 Chapter 9 15© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Security is Strengthened in Layers
ITE PC v4.0 Chapter 9 16© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Security Policy Questions to answer in writing a local security policy:  What assets require protection?  What are the possible threats?  What should be done in the event of a security breach?
ITE PC v4.0 Chapter 9 17© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Protecting Equipment Since stealing the whole PC is the easiest way to steal data, physical computer equipment must be secured.  Control access to facilities  Use cable locks  Lock telecommunication rooms  Use security screws  Use security cages around equipment  Label and install sensors on equipment
ITE PC v4.0 Chapter 9 18© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Protecting Data Methods of securing data:  Password protection  Data encryption  Port protection  Data backups  File system security
ITE PC v4.0 Chapter 9 19© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Levels of Wireless Security
ITE PC v4.0 Chapter 9 20© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Installing Updates and Patches A technician recognizes when new updates and patches are available and knows how to install them.
ITE PC v4.0 Chapter 9 21© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Updating Protection Programs Launch protection program Run a scan Click update button Manually treat or delete Schedule future automatic updates and scans Need to manuall y treat or delete? Review scan report Create a restore point Yes No
ITE PC v4.0 Chapter 9 22© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Operating System Updates and Patches Check for updates Install update Download updates Restart computer Test all aspects to ensure the update has not caused issues Prompte d to restart? Create a restore point Yes No
ITE PC v4.0 Chapter 9 23© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Step 1 Gather data from the customer Step 2 Verify the obvious issues Step 3 Try quick solutions first Step 4 Gather data from the computer Step 5 Evaluate the problem and implement the solution Step 6 Close with the customer Troubleshooting Process
ITE PC v4.0 Chapter 9 24© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1. Gather Data from the Customer  Customer information Company name, contact name, address, phone number  Computer configuration Protection software, OS, network environment, connection type  Description of problem Open-ended questions What changes were made to the security settings? Closed-ended questions Are the protection software signature files up-to-date?
ITE PC v4.0 Chapter 9 25© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2. Verify the Obvious Issues Examine the most obvious causes of a problem.  A visual inspection can resolve some issues. Broken locks, signs of tampering, missing equipment  Has an attacker accessed the equipment? Unfamiliar login address in login windows, unexplained entries in system security logs, missing or additional patch cords  Wireless network issues Changes in access point configuration, unexplained connections in the access point status display
ITE PC v4.0 Chapter 9 26© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3. Try Quick Solutions First  Check that all cables are connected to the proper locations  Unseat and then reconnect cables and connectors  Reboot the computer or network device  Login as a different user  Check that the anti-virus and spyware signature files are up- to-date  Scan computer with protection software  Check computer for the latest OS patches and updates  Disconnect from the network  Change your password
ITE PC v4.0 Chapter 9 27© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 4. Gather Data from the Computer  Third-party software, such as anti-virus and anti- spyware applications, can report on the files that have been infected.  There are several tools available in the operating system that a technician can use: Verify that the signature file is current. Check the security software log file for entries. Task Manager is used to check for unknown applications that are running.
ITE PC v4.0 Chapter 9 28© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 5. Evaluate Problem & Implement Solution 1. Evaluate the information gathered from the customer and from the laptop 2. Determine possible solutions 3. Implement the best solution 4. If a proposed solution doesn’t correct the problem, reset the computer back to the original state and try another proposed solution. NOTE: Never ask a customer to reveal a password.
ITE PC v4.0 Chapter 9 29© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 6. Close with the Customer  Discuss with customer the solution implemented.  Have customer verify problem is solved.  Provide all paperwork to customer.  Document steps of solution in work order and in technician’s journal.  Document components used in repair.  Document time spent to resolve the problem.
ITE PC v4.0 Chapter 9 30© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Common Problems and Solutions Problem Symptom Possible Solution A computer runs updates and requires rebooting at inconvenient times. Set Windows Automatic Update to run daily at a convenient time, such as lunchtime. A wireless network is compromised even though 64-bit WEP encryption is in use. Upgrade to 128-bit WEP security, WAP, or EAP-Cisco security. A stolen laptop is returned by the police. It is no longer needed by the user. After recovering any sensitive data, destroy the hard drive and recycle the computer. A user complains that his system is receiving hundreds or thousands of junk e-mails daily. This may be a denial of service attack. At the e-mail server, filter out e-mail from the sender. A printer repair person no one remembers seeing before is observed looking under keyboards and on desktops. Contact security or police. Advise users never to hide passwords near their work area.
ITE PC v4.0 Chapter 9 31© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Chapter 9 Summary Following proper security procedures will protect computers and network equipment, and the data they contain, from physical danger such as fire and theft, as well as from loss and damage by employees and attackers.  Security threats can come from inside or outside of an organization.  Viruses and worms are common threats that attack data.  Develop and maintain a security plan to protect both data and physical equipment from loss.  Keep operating systems and applications up to date and secure with patches and service packs.
ITE PC v4.0 Chapter 9 32© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Instructor Training Activities
ITE PC v4.0 Chapter 9 33© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Activities for Instructor Training 1. Take the Quiz provided in Chapter 9 course content. 2. Conduct Internet research to pre-screen online resources for students to use in completing the following student worksheets: 9.1 Worksheet: Security Attacks 9.2.1 Worksheet: Third-Party Anti-Virus Software 9.4.2 Worksheet: Operating System Updates 3. Brainstorm a list of at least 4 additional troubleshooting scenarios to provide students more opportunities to practice this skill. For an example, refer to the student worksheet, 9.5.2 Gather Information from the Customer.
ITE PC v4.0 Chapter 9 34© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Instructor Training Discussion  Share with the other instructors the list of online resources found that students might use in completing the research activity worksheets.  Share with the other instructors the list of additional troubleshooting scenarios.  Participate in a role-playing activity of one of the troubleshooting scenarios.  Following the role-playing activity, discuss the different ways you might incorporate role-playing activities into your classroom. Share ideas of how to make the student successful in these activities.
ITE PC v4.0 Chapter 9 35© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Additional Resources  Whatis?com: IT Encyclopedia and Learning Center http://whatis.com  TechTarget: The Most Targeted IT Media http://techtarget.com  ZDNet: Tech News, Blogs and White Papers for IT Professionals http://www.zdnet.com  HowStuffWorks: It's Good to Know http://computer.howstuffworks.com  CNET.com http://www.cnet.com  PC World http://www.pcworld.com  ComputerWorld http://www.computerworld.com  WIRED NEWS http://www.wired.com  eWEEK.com http://www.eweek.com
ITE PC v4.0 Chapter 9 36© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Q and A
ITE PC v4.0 Chapter 9 37© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public

Recomendados

Ite pc v40_chapter10
Ite pc v40_chapter10Ite pc v40_chapter10
Ite pc v40_chapter10paulinagonzapyl
 
Ite pc v40_chapter7
Ite pc v40_chapter7Ite pc v40_chapter7
Ite pc v40_chapter7paulinagonzapyl
 
Ite pc v40_chapter4
Ite pc v40_chapter4Ite pc v40_chapter4
Ite pc v40_chapter4paulinagonzapyl
 
Ite pc v40_chapter1
Ite pc v40_chapter1Ite pc v40_chapter1
Ite pc v40_chapter1paulinagonzapyl
 
Ite pc v40_chapter5
Ite pc v40_chapter5Ite pc v40_chapter5
Ite pc v40_chapter5paulinagonzapyl
 
Ite pc v40_chapter8
Ite pc v40_chapter8Ite pc v40_chapter8
Ite pc v40_chapter8paulinagonzapyl
 
Ite pc v40_chapter3
Ite pc v40_chapter3Ite pc v40_chapter3
Ite pc v40_chapter3paulinagonzapyl
 
Ite pc v40_chapter2
Ite pc v40_chapter2Ite pc v40_chapter2
Ite pc v40_chapter2paulinagonzapyl
 

Recomendados

Ite pc v40_chapter10
Ite pc v40_chapter10Ite pc v40_chapter10
Ite pc v40_chapter10paulinagonzapyl
 
Ite pc v40_chapter7
Ite pc v40_chapter7Ite pc v40_chapter7
Ite pc v40_chapter7paulinagonzapyl
 
Ite pc v40_chapter4
Ite pc v40_chapter4Ite pc v40_chapter4
Ite pc v40_chapter4paulinagonzapyl
 
Ite pc v40_chapter1
Ite pc v40_chapter1Ite pc v40_chapter1
Ite pc v40_chapter1paulinagonzapyl
 
Ite pc v40_chapter5
Ite pc v40_chapter5Ite pc v40_chapter5
Ite pc v40_chapter5paulinagonzapyl
 
Ite pc v40_chapter8
Ite pc v40_chapter8Ite pc v40_chapter8
Ite pc v40_chapter8paulinagonzapyl
 
Ite pc v40_chapter3
Ite pc v40_chapter3Ite pc v40_chapter3
Ite pc v40_chapter3paulinagonzapyl
 
Ite pc v40_chapter2
Ite pc v40_chapter2Ite pc v40_chapter2
Ite pc v40_chapter2paulinagonzapyl
 
It essentials pc hardware and software overview
It essentials pc hardware and software overviewIt essentials pc hardware and software overview
It essentials pc hardware and software overviewAhmed Sultan
 
Ite pc v40_chapter6
Ite pc v40_chapter6Ite pc v40_chapter6
Ite pc v40_chapter6paulinagonzapyl
 
ITE v5.0 - Chapter 12
ITE v5.0 - Chapter 12ITE v5.0 - Chapter 12
ITE v5.0 - Chapter 12Irsandi Hasan
 
ITE - Chapter 13
ITE - Chapter 13ITE - Chapter 13
ITE - Chapter 13Irsandi Hasan
 
ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2Irsandi Hasan
 
ITE v5.0 - Chapter 4
ITE v5.0 - Chapter 4ITE v5.0 - Chapter 4
ITE v5.0 - Chapter 4Irsandi Hasan
 
Ite v5.0 chapter4
Ite v5.0 chapter4Ite v5.0 chapter4
Ite v5.0 chapter4Kazi Rafsun Shaanto
 
ITE - Chapter 4
ITE - Chapter 4ITE - Chapter 4
ITE - Chapter 4Irsandi Hasan
 
ITE v5.0 - Chapter 11
ITE v5.0 - Chapter 11ITE v5.0 - Chapter 11
ITE v5.0 - Chapter 11Irsandi Hasan
 
Chapter 12.0
Chapter 12.0Chapter 12.0
Chapter 12.0Adebisi Tolulope
 
IT Essential - Course Overview
IT Essential - Course OverviewIT Essential - Course Overview
IT Essential - Course OverviewIrsandi Hasan
 
Ite v5.0 chapter2
Ite v5.0 chapter2Ite v5.0 chapter2
Ite v5.0 chapter2Kazi Rafsun Shaanto
 
TLE ICT CSS 10 Weekly budget of lesson
TLE ICT CSS 10 Weekly budget of lessonTLE ICT CSS 10 Weekly budget of lesson
TLE ICT CSS 10 Weekly budget of lessonLeonel Rivas
 
CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1Irsandi Hasan
 
NIST WiFi Security SP 800-97
NIST WiFi Security SP 800-97NIST WiFi Security SP 800-97
NIST WiFi Security SP 800-97David Sweigert
 
I Tservices Group Consultancy
I Tservices Group ConsultancyI Tservices Group Consultancy
I Tservices Group ConsultancyDBALLIANCE Ltd UK
 
It essentials chapter 4
It essentials chapter 4It essentials chapter 4
It essentials chapter 4ahmed mohamed
 
CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2Irsandi Hasan
 
CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3Irsandi Hasan
 
CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4Irsandi Hasan
 
Ite pc v40_chapter13
Ite pc v40_chapter13Ite pc v40_chapter13
Ite pc v40_chapter13Nada Ariff
 
Ite pc v40_chapter11
Ite pc v40_chapter11Ite pc v40_chapter11
Ite pc v40_chapter11Nada Ariff
 

Mais conteúdo relacionado

Mais procurados

It essentials pc hardware and software overview
It essentials pc hardware and software overviewIt essentials pc hardware and software overview
It essentials pc hardware and software overviewAhmed Sultan
 
ITE v5.0 - Chapter 12
ITE v5.0 - Chapter 12ITE v5.0 - Chapter 12
ITE v5.0 - Chapter 12Irsandi Hasan
 
ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2Irsandi Hasan
 
ITE v5.0 - Chapter 4
ITE v5.0 - Chapter 4ITE v5.0 - Chapter 4
ITE v5.0 - Chapter 4Irsandi Hasan
 
ITE v5.0 - Chapter 11
ITE v5.0 - Chapter 11ITE v5.0 - Chapter 11
ITE v5.0 - Chapter 11Irsandi Hasan
 
IT Essential - Course Overview
IT Essential - Course OverviewIT Essential - Course Overview
IT Essential - Course OverviewIrsandi Hasan
 
TLE ICT CSS 10 Weekly budget of lesson
TLE ICT CSS 10 Weekly budget of lessonTLE ICT CSS 10 Weekly budget of lesson
TLE ICT CSS 10 Weekly budget of lessonLeonel Rivas
 
CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1Irsandi Hasan
 
NIST WiFi Security SP 800-97
NIST WiFi Security SP 800-97NIST WiFi Security SP 800-97
NIST WiFi Security SP 800-97David Sweigert
 
I Tservices Group Consultancy
I Tservices Group ConsultancyI Tservices Group Consultancy
I Tservices Group ConsultancyDBALLIANCE Ltd UK
 
It essentials chapter 4
It essentials chapter 4It essentials chapter 4
It essentials chapter 4ahmed mohamed
 
CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2Irsandi Hasan
 
CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3Irsandi Hasan
 
CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4Irsandi Hasan
 

Mais procurados (20)

It essentials pc hardware and software overview
It essentials pc hardware and software overviewIt essentials pc hardware and software overview
It essentials pc hardware and software overview
 
Ite pc v40_chapter6
Ite pc v40_chapter6Ite pc v40_chapter6
Ite pc v40_chapter6
 
ITE v5.0 - Chapter 12
ITE v5.0 - Chapter 12ITE v5.0 - Chapter 12
ITE v5.0 - Chapter 12
 
ITE - Chapter 13
ITE - Chapter 13ITE - Chapter 13
ITE - Chapter 13
 
ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2
 
ITE v5.0 - Chapter 4
ITE v5.0 - Chapter 4ITE v5.0 - Chapter 4
ITE v5.0 - Chapter 4
 
Ite v5.0 chapter4
Ite v5.0 chapter4Ite v5.0 chapter4
Ite v5.0 chapter4
 
ITE - Chapter 4
ITE - Chapter 4ITE - Chapter 4
ITE - Chapter 4
 
ITE v5.0 - Chapter 11
ITE v5.0 - Chapter 11ITE v5.0 - Chapter 11
ITE v5.0 - Chapter 11
 
Chapter 12.0
Chapter 12.0Chapter 12.0
Chapter 12.0
 
IT Essential - Course Overview
IT Essential - Course OverviewIT Essential - Course Overview
IT Essential - Course Overview
 
Ite v5.0 chapter2
Ite v5.0 chapter2Ite v5.0 chapter2
Ite v5.0 chapter2
 
TLE ICT CSS 10 Weekly budget of lesson
TLE ICT CSS 10 Weekly budget of lessonTLE ICT CSS 10 Weekly budget of lesson
TLE ICT CSS 10 Weekly budget of lesson
 
CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1
 
NIST WiFi Security SP 800-97
NIST WiFi Security SP 800-97NIST WiFi Security SP 800-97
NIST WiFi Security SP 800-97
 
I Tservices Group Consultancy
I Tservices Group ConsultancyI Tservices Group Consultancy
I Tservices Group Consultancy
 
It essentials chapter 4
It essentials chapter 4It essentials chapter 4
It essentials chapter 4
 
CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2
 
CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3
 
CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4
 

Destaque

Ite pc v40_chapter13
Ite pc v40_chapter13Ite pc v40_chapter13
Ite pc v40_chapter13Nada Ariff
 
Ite pc v40_chapter11
Ite pc v40_chapter11Ite pc v40_chapter11
Ite pc v40_chapter11Nada Ariff
 
Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Hamza Malik
 
Ccna v5-S1-Chapter 8
Ccna v5-S1-Chapter 8Ccna v5-S1-Chapter 8
Ccna v5-S1-Chapter 8Hamza Malik
 
Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6Hamza Malik
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Hamza Malik
 
Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11Hamza Malik
 
CCNA RS_NB - Chapter 9
CCNA RS_NB - Chapter 9CCNA RS_NB - Chapter 9
CCNA RS_NB - Chapter 9Irsandi Hasan
 
Ccna v5-S1-Chapter 9
Ccna v5-S1-Chapter 9Ccna v5-S1-Chapter 9
Ccna v5-S1-Chapter 9Hamza Malik
 
CCNA RS_ITN - Chapter 9
CCNA RS_ITN - Chapter 9CCNA RS_ITN - Chapter 9
CCNA RS_ITN - Chapter 9Irsandi Hasan
 
CCNAv5 - S4: Chapter 9 troubleshooting the network
CCNAv5 - S4: Chapter 9 troubleshooting the networkCCNAv5 - S4: Chapter 9 troubleshooting the network
CCNAv5 - S4: Chapter 9 troubleshooting the networkVuz Dở Hơi
 
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9Nil Menon
 
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6Nil Menon
 
CCNA 1 Routing and Switching v5.0 Chapter 9
CCNA 1 Routing and Switching v5.0 Chapter 9CCNA 1 Routing and Switching v5.0 Chapter 9
CCNA 1 Routing and Switching v5.0 Chapter 9Nil Menon
 
Types of Software Testing
Types of Software TestingTypes of Software Testing
Types of Software TestingNishant Worah
 
Computer repair and maintenance
Computer repair and maintenanceComputer repair and maintenance
Computer repair and maintenanceCornelius Micah
 

Destaque (16)

Ite pc v40_chapter13
Ite pc v40_chapter13Ite pc v40_chapter13
Ite pc v40_chapter13
 
Ite pc v40_chapter11
Ite pc v40_chapter11Ite pc v40_chapter11
Ite pc v40_chapter11
 
Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10
 
Ccna v5-S1-Chapter 8
Ccna v5-S1-Chapter 8Ccna v5-S1-Chapter 8
Ccna v5-S1-Chapter 8
 
Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7
 
Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11
 
CCNA RS_NB - Chapter 9
CCNA RS_NB - Chapter 9CCNA RS_NB - Chapter 9
CCNA RS_NB - Chapter 9
 
Ccna v5-S1-Chapter 9
Ccna v5-S1-Chapter 9Ccna v5-S1-Chapter 9
Ccna v5-S1-Chapter 9
 
CCNA RS_ITN - Chapter 9
CCNA RS_ITN - Chapter 9CCNA RS_ITN - Chapter 9
CCNA RS_ITN - Chapter 9
 
CCNAv5 - S4: Chapter 9 troubleshooting the network
CCNAv5 - S4: Chapter 9 troubleshooting the networkCCNAv5 - S4: Chapter 9 troubleshooting the network
CCNAv5 - S4: Chapter 9 troubleshooting the network
 
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9
 
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6
 
CCNA 1 Routing and Switching v5.0 Chapter 9
CCNA 1 Routing and Switching v5.0 Chapter 9CCNA 1 Routing and Switching v5.0 Chapter 9
CCNA 1 Routing and Switching v5.0 Chapter 9
 
Types of Software Testing
Types of Software TestingTypes of Software Testing
Types of Software Testing
 
Computer repair and maintenance
Computer repair and maintenanceComputer repair and maintenance
Computer repair and maintenance
 

Semelhante a Ite pc v40_chapter9

Ite pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_hIte pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_hDave Arvin
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10Irsandi Hasan
 
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDevku45
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityIntel IT Center
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
OWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsOWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsIRJET Journal
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET Journal
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxMohammad512578
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11Irsandi Hasan
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solutionmatthew.maisel
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11Irsandi Hasan
 
A day that will be remembered
A day that will be rememberedA day that will be remembered
A day that will be rememberedwolverine0614
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)mike parks
 
Cybersafety basics
Cybersafety basicsCybersafety basics
Cybersafety basicsjeeva9948
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)Cyber Security Infotech
 

Semelhante a Ite pc v40_chapter9 (20)

IT Essentials Chapter 9
IT Essentials Chapter 9IT Essentials Chapter 9
IT Essentials Chapter 9
 
Ite pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_hIte pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_h
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
 
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
OWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsOWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention Methods
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
 
Cyber security
Cyber securityCyber security
Cyber security
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
 
PROJECT REPORT.docx
PROJECT REPORT.docxPROJECT REPORT.docx
PROJECT REPORT.docx
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11
 
A day that will be remembered
A day that will be rememberedA day that will be remembered
A day that will be remembered
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
 
Cybersafety basics
Cybersafety basicsCybersafety basics
Cybersafety basics
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)
 

Último

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Ite pc v40_chapter9

  • 1. © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public ITE PC v4.0 Chapter 9 1 Chapter 9: Security IT Essentials: PC Hardware and Software v4.0
  • 2. ITE PC v4.0 Chapter 9 2© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Purpose of this Presentation  List of chapter objectives  Overview of the chapter contents, including student worksheets student activities some potential student misconceptions  Reflection/Activities for instructors to complete to prepare to teach  Additional resources To provide to instructors an overview of Chapter 9:
  • 3. ITE PC v4.0 Chapter 9 3© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Chapter 9 Objectives  9.1 Explain why security is important  9.2 Describe security threats  9.3 Identify security procedures  9.4 Identify common preventive maintenance techniques for security  9.5 Troubleshoot security
  • 4. ITE PC v4.0 Chapter 9 4© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Chapter 9 Worksheets and Activity  9.1 Worksheet: Security Attacks  9.2.1 Worksheet: Third-Party Anti-Virus Software  9.2.3 Activity: Adware, Spyware, and Grayware  9.4.2 Worksheet: Operating System Updates  9.5.6 Worksheet: Gather Information from the Customer
  • 5. ITE PC v4.0 Chapter 9 5© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public The Importance of Security  Private information, company secrets, financial data, computer equipment, and items of national security are placed at risk if proper security procedures are not followed.  A technician’s primary responsibilities include data and network security.
  • 6. ITE PC v4.0 Chapter 9 6© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Security Threats Types of attacks to computer security:  Physical Theft, damage, or destruction to computer equipment.  Data Removal, corruption, denial of access, unauthorized access, or theft of information. Potential threats to computer security:  Internal threats Employees can cause a malicious threat or an accidental threat.  External threats Outside users can attack in an unstructured or structured way.
  • 7. ITE PC v4.0 Chapter 9 7© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Viruses, Worms, and Trojan Horses  A computer virus is software code that is deliberately created by an attacker. Viruses may collect sensitive information or may alter or destroy information.  A worm is a self-replicating program that uses the network to duplicate its code to the hosts on the network. At a minimum, worms consume bandwidth in a network.  A Trojan horse is technically a worm and is named for its method of getting past computer defenses by pretending to be something useful.  Anti-virus software is designed to detect, disable, and remove viruses, worms, and Trojan horses before they infect a computer.
  • 8. ITE PC v4.0 Chapter 9 8© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Web Security Attackers may use any of these tools to install a program on a computer.  ActiveX Controls interactivity on web pages  Java Allows applets to run within a browser Example: a calculator or a counter  JavaScript Interacts with HTML source code to allow interactive web sites Example: a rotating banner or a popup window
  • 9. ITE PC v4.0 Chapter 9 9© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Adware, Spyware, and Grayware  Typically installed without the user’s knowledge, these programs collect information stored on the computer, change the computer configuration, or open extra windows on the computer and all without the user’s consent.
  • 10. ITE PC v4.0 Chapter 9 10© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Denial of Service (DoS)  Prevents users from accessing normal services  Sends enough requests to overload a resource or even stopping its operation  Ping of Death is a series of repeated, larger than normal pings intended to crash the receiving computer  E-mail Bomb is a large quantity of bulk e-mail that overwhelms the e-mail server preventing users from accessing e-mail  Distributed DoS is an attack launched from many computers, called zombies
  • 11. ITE PC v4.0 Chapter 9 11© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Spam and Popup Windows Use anti-virus software, options in e-mail software, popup blockers, and common indications of spam to combat these.  Spam is unsolicited email that can be used to send harmful links or deceptive content.  Popups are windows that automatically open and are designed to capture your attention and lead you to advertising sites.
  • 12. ITE PC v4.0 Chapter 9 12© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Social Engineering  Never give out a password  Always ask for the ID of the unknown person  Restrict access of unexpected visitors  Escort all visitors through the facility
  • 13. ITE PC v4.0 Chapter 9 13© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public TCP/IP Attacks TCP/IP is used to control all Internet communications.
  • 14. ITE PC v4.0 Chapter 9 14© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Computer Disposal and Recycling  Erase all hard drives, then use a third-party tool to fully erase all data.  The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces.  To destroy software media (floppy disks and CDs), use a shredding machine designed for shredding these materials.
  • 15. ITE PC v4.0 Chapter 9 15© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Security is Strengthened in Layers
  • 16. ITE PC v4.0 Chapter 9 16© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Security Policy Questions to answer in writing a local security policy:  What assets require protection?  What are the possible threats?  What should be done in the event of a security breach?
  • 17. ITE PC v4.0 Chapter 9 17© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Protecting Equipment Since stealing the whole PC is the easiest way to steal data, physical computer equipment must be secured.  Control access to facilities  Use cable locks  Lock telecommunication rooms  Use security screws  Use security cages around equipment  Label and install sensors on equipment
  • 18. ITE PC v4.0 Chapter 9 18© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Protecting Data Methods of securing data:  Password protection  Data encryption  Port protection  Data backups  File system security
  • 19. ITE PC v4.0 Chapter 9 19© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Levels of Wireless Security
  • 20. ITE PC v4.0 Chapter 9 20© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Installing Updates and Patches A technician recognizes when new updates and patches are available and knows how to install them.
  • 21. ITE PC v4.0 Chapter 9 21© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Updating Protection Programs Launch protection program Run a scan Click update button Manually treat or delete Schedule future automatic updates and scans Need to manuall y treat or delete? Review scan report Create a restore point Yes No
  • 22. ITE PC v4.0 Chapter 9 22© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Operating System Updates and Patches Check for updates Install update Download updates Restart computer Test all aspects to ensure the update has not caused issues Prompte d to restart? Create a restore point Yes No
  • 23. ITE PC v4.0 Chapter 9 23© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Step 1 Gather data from the customer Step 2 Verify the obvious issues Step 3 Try quick solutions first Step 4 Gather data from the computer Step 5 Evaluate the problem and implement the solution Step 6 Close with the customer Troubleshooting Process
  • 24. ITE PC v4.0 Chapter 9 24© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1. Gather Data from the Customer  Customer information Company name, contact name, address, phone number  Computer configuration Protection software, OS, network environment, connection type  Description of problem Open-ended questions What changes were made to the security settings? Closed-ended questions Are the protection software signature files up-to-date?
  • 25. ITE PC v4.0 Chapter 9 25© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2. Verify the Obvious Issues Examine the most obvious causes of a problem.  A visual inspection can resolve some issues. Broken locks, signs of tampering, missing equipment  Has an attacker accessed the equipment? Unfamiliar login address in login windows, unexplained entries in system security logs, missing or additional patch cords  Wireless network issues Changes in access point configuration, unexplained connections in the access point status display
  • 26. ITE PC v4.0 Chapter 9 26© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3. Try Quick Solutions First  Check that all cables are connected to the proper locations  Unseat and then reconnect cables and connectors  Reboot the computer or network device  Login as a different user  Check that the anti-virus and spyware signature files are up- to-date  Scan computer with protection software  Check computer for the latest OS patches and updates  Disconnect from the network  Change your password
  • 27. ITE PC v4.0 Chapter 9 27© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 4. Gather Data from the Computer  Third-party software, such as anti-virus and anti- spyware applications, can report on the files that have been infected.  There are several tools available in the operating system that a technician can use: Verify that the signature file is current. Check the security software log file for entries. Task Manager is used to check for unknown applications that are running.
  • 28. ITE PC v4.0 Chapter 9 28© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 5. Evaluate Problem & Implement Solution 1. Evaluate the information gathered from the customer and from the laptop 2. Determine possible solutions 3. Implement the best solution 4. If a proposed solution doesn’t correct the problem, reset the computer back to the original state and try another proposed solution. NOTE: Never ask a customer to reveal a password.
  • 29. ITE PC v4.0 Chapter 9 29© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 6. Close with the Customer  Discuss with customer the solution implemented.  Have customer verify problem is solved.  Provide all paperwork to customer.  Document steps of solution in work order and in technician’s journal.  Document components used in repair.  Document time spent to resolve the problem.
  • 30. ITE PC v4.0 Chapter 9 30© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Common Problems and Solutions Problem Symptom Possible Solution A computer runs updates and requires rebooting at inconvenient times. Set Windows Automatic Update to run daily at a convenient time, such as lunchtime. A wireless network is compromised even though 64-bit WEP encryption is in use. Upgrade to 128-bit WEP security, WAP, or EAP-Cisco security. A stolen laptop is returned by the police. It is no longer needed by the user. After recovering any sensitive data, destroy the hard drive and recycle the computer. A user complains that his system is receiving hundreds or thousands of junk e-mails daily. This may be a denial of service attack. At the e-mail server, filter out e-mail from the sender. A printer repair person no one remembers seeing before is observed looking under keyboards and on desktops. Contact security or police. Advise users never to hide passwords near their work area.
  • 31. ITE PC v4.0 Chapter 9 31© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Chapter 9 Summary Following proper security procedures will protect computers and network equipment, and the data they contain, from physical danger such as fire and theft, as well as from loss and damage by employees and attackers.  Security threats can come from inside or outside of an organization.  Viruses and worms are common threats that attack data.  Develop and maintain a security plan to protect both data and physical equipment from loss.  Keep operating systems and applications up to date and secure with patches and service packs.
  • 32. ITE PC v4.0 Chapter 9 32© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Instructor Training Activities
  • 33. ITE PC v4.0 Chapter 9 33© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Activities for Instructor Training 1. Take the Quiz provided in Chapter 9 course content. 2. Conduct Internet research to pre-screen online resources for students to use in completing the following student worksheets: 9.1 Worksheet: Security Attacks 9.2.1 Worksheet: Third-Party Anti-Virus Software 9.4.2 Worksheet: Operating System Updates 3. Brainstorm a list of at least 4 additional troubleshooting scenarios to provide students more opportunities to practice this skill. For an example, refer to the student worksheet, 9.5.2 Gather Information from the Customer.
  • 34. ITE PC v4.0 Chapter 9 34© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Instructor Training Discussion  Share with the other instructors the list of online resources found that students might use in completing the research activity worksheets.  Share with the other instructors the list of additional troubleshooting scenarios.  Participate in a role-playing activity of one of the troubleshooting scenarios.  Following the role-playing activity, discuss the different ways you might incorporate role-playing activities into your classroom. Share ideas of how to make the student successful in these activities.
  • 35. ITE PC v4.0 Chapter 9 35© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Additional Resources  Whatis?com: IT Encyclopedia and Learning Center http://whatis.com  TechTarget: The Most Targeted IT Media http://techtarget.com  ZDNet: Tech News, Blogs and White Papers for IT Professionals http://www.zdnet.com  HowStuffWorks: It's Good to Know http://computer.howstuffworks.com  CNET.com http://www.cnet.com  PC World http://www.pcworld.com  ComputerWorld http://www.computerworld.com  WIRED NEWS http://www.wired.com  eWEEK.com http://www.eweek.com
  • 36. ITE PC v4.0 Chapter 9 36© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Q and A
  • 37. ITE PC v4.0 Chapter 9 37© 2007 Cisco Systems, Inc. All rights reserved. Cisco Public

Notas do Editor

  1. Cisco Networking Academy program IT Essentials: PC Hardware and Software v4.0 Chapter 9: Security
  2. Slide 2 – Purpose of this Presentation The purpose of this presentation is to provide to instructors an overview of ITE I v4.0 Chapter 9, including the following: List of chapter objectives Overview of the chapter contents, including student worksheets and student activities included in the course content and some potential student misconceptions Reflection/Activities for instructors to complete to prepare to teach Additional resources
  3. Slide 3 – Chapter 9 Objectives Upon completion of this chapter, students will be able to perform tasks related to: 9.1 Explain why security is important 9.2 Describe security threats 9.3 Identify security procedures 9.4 Identify common preventive maintenance techniques for security 9.5 Troubleshoot security
  4. Slide 4 – Chapter 9 Worksheets and Activity There are four worksheets and one activity included in Chapter 9. These worksheets are available at the bottom of associated pages of course content and by clicking on the “Labs” link in the Index window of Chapter 9. 9.1 Worksheet: Security Attacks (Research computer crime and security attacks. Describe the incident. Explain if the incident could have been prevented and if so, list the precautions that might have been used.) 9.2.1 Worksheet: Third-Party Anti-Virus Software (Research four different third-party anti-virus software programs. Record details of each. Recommend one for purchase.) 9.2.3 Activity: Adware, Spyware, and Phishing (Match each of the words (adware, spyware, and phishing) to the appropriate definition.) 9.4.2 Worksheet: Operating System Updates (Research updates available for a particular operating system. List the configuration options for updating the OS and select one method over the rest.) 9.5.2 Worksheet: Gather Information from the Customer (Gather information from the customer in a troubleshooting incident.)
  5. Slide 5 – The Importance of Security 9.0 Introduction to Security Chapter Technicians need to understand computer and network security. Private information, company secrets, financial data, computer equipment, and items of national security are placed at risk if proper security procedures are not followed. After completing this chapter, students will meet these objectives: Explain why security is important. Describe security threats. Identify security procedures. Identify common preventive maintenance techniques for security. Troubleshoot security. 9.1 Explain why security is important Theft, loss, network intrusion, and physical damage are some of the ways a network or computer can be harmed. Damage to, or loss of, equipment can mean a loss of productivity. Repairing and replacing equipment can cost the company time and money. Unauthorized use of a network can expose confidential information and reduce network resources. A technician’s primary responsibilities include data and network security. Student Activity: The student course content includes the worksheet, 9.1 Worksheet: Security Attacks. To complete this worksheet, students will conduct research on computer crime and security attacks. Describe the incident in writing. Explain if the incident could have been prevented and if so, list the precautions that might have been used.
  6. Slide 6 – Security Threats 9.2 Describe security threats Types of attacks to computer security: Physical attacks result in theft, damage, and/or destruction to computer equipment. Data attacks result in removal, corruption, denial of access, unauthorized access, or theft of information. Potential threats: Internal threats from employees who have access may pose a malicious threat or an accidental threat. External threats from those outside of an organization that do not have authorized access. Outside users may attempt an unstructured attack by using available resources (passwords or scripts) to gain access. They may also attempt a structured attack by using code to access to computer network or resources. After completing this section, students will meet these objectives: Define viruses, worms, and Trojan horses Explain web security Define adware, spyware, and grayware Explain Denial of Service Describe spam and popup windows Explain social engineering Explain TCP/IP attacks Explain hardware deconstruction and recycling
  7. Slide 7 – Viruses, worms, and Trojan Horses 9.2.1 Define viruses, worms, and Trojan horses Malicious software (malware) is any software designed to damage or to disrupt a system. Types of malware are; viruses, worms, Trojan Horses, adware, spyware, grayware, and other unwanted software. A computer virus is software code that is deliberately created by an attacker. Viruses can be attached to computer code or software and can then infect a computer when the software is executed on that computer. Viruses may collect sensitive information or may alter or destroy information. A worm is a self-replicating program that uses the network to duplicate its code to the hosts on the network. At a minimum, worms consume bandwidth in a network. A Trojan horse is technically a worm and is named for its method of getting past computer defenses by pretending to be something useful. A keystroke logger, for instance, detects sensitive information by monitoring the user's keystrokes. The results of a Trojan horse can include data damage, production loss, and data theft. Anti-virus software is designed to detect, disable, and remove viruses, worms, and Trojan horses before they infect a computer. Anti-virus software becomes outdated quickly, however, and technicians must therefore apply the most recent updates, patches, and virus definitions as part of a regular maintenance schedule. Student Activity: The student course content includes the worksheet, 9.2.1 Worksheet: Third-Party Anti-Virus Software . To complete this worksheet, students will conduct research on four different third-party anti-virus software programs. Record details of each. Recommend one for purchase.
  8. Slide 8 – Web Security 9.2.2 Explain web security Tools that are used to make web pages more powerful and versatile can also make computers more vulnerable to attacks. ActiveX was created by Microsoft to control interactivity on web pages. If ActiveX is on a page, an applet or small program has to be downloaded to gain access to the full functionality. Java is a programming language that allows applets to run within a web browser. Examples of applets include a calculator or a counter. JavaScript is a programming language developed to interact with HTML source code to allow interactive web sites. Examples include a rotating banner or a popup window. Attackers may use any of these tools to install a program on a computer. To prevent against these attacks, most browsers have settings that force the computer user to authorize the downloading or use of ActiveX, Java, or JavaScript
  9. Slide 9 – Adware, Spyware, and Grayware 9.2.3 Define adware, spyware, and grayware Typically installed without the user’s knowledge, these programs collect information stored on the computer, change the computer configuration, or open extra windows on the computer and all without the user’s consent. Adware displays advertising, usually in a popup window. Grayware or malware is a file or program other than a virus that is potentially harmful. Many grayware attacks are phishing attacks that try to persuade the reader to unknowingly provide attackers with access to personal information. Spyware , a type of grayware, is distributed without any user intervention of knowledge. Spyware monitors computer activity then sends the information back to the organization responsible for launching the spyware. Phishing is a form of social engineering where the attacker pretends to represent a legitimate outside organization. The attacker might ask for verification of information, such as a password or username, to supposedly prevent some terrible consequence from occurring. NOTE: There is rarely a need to give out sensitive personal or financial information online. Be suspicious. Use the postal service to share sensitive information. Spyware and adware removal tools are available to remove adware, spyware, and grayware from a computer. Student Activity: The student course content includes a matching activity. To complete this activity, students will match each of the words (adware, spyware, and phishing) to the appropriate definition.
  10. Slide 10 – Denial of Service (DoS) 9.2.4 Explain Denial of Service Denial of Service (DoS) is a form of attack that prevents users from accessing normal services, such as e-mail or a web server, because the system is busy responding to abnormally large amounts of requests. DoS works by sending enough requests for a system resource that the requested service is overloaded and ceases to operate. Ping of Death – A series of repeated, larger than normal pings that are intended to crash the receiving computer E-mail Bomb - A large quantity of bulk e-mail that overwhelms the e-mail server preventing users from accessing e-mail Distributed DoS (DDoS) uses many infected computers, called zombies , to launch an attack. With DDoS, the intent is to obstruct or overwhelm access to the targeted server. Zombie computers located at different geographical locations make it difficult to trace the origin of the attack.
  11. Slide 11 – Spam and Popup Windows 9.2.5 Describe spam and popup windows Spam , also known as junk mail, is unsolicited e-mail. In most cases, spam is used as a method of advertising. However, spam can be used to send harmful links or deceptive content. When used as an attack method, spam may include links to an infected website or an attachment that could infect a computer. These links or attachments may result in lots of windows designed to capture your attention and lead you to advertising sites. These windows are called popups . Uncontrolled popup windows can quickly cover the user's screen and prevent any work from getting done. To combat spam and phishing, use anti-virus software and setting options in e-mail. Some spam still may get through, so look for these common indications of spam; no subject line, incomplete return address, computer generated e-mails, and return e-mails not sent by the user.
  12. Slide 12 – Social Engineering 9.2.6 Explain social engineering A social engineer is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information. A social engineer may gain the confidence of an employee to convince them to divulge username and password information or may pose as a technician to attempt to gain entry into a facility. A social engineer would be likely to speak using computer terminology and/or to dress similar to the type of worker they are pretending to be, including carrying equipment. To protect against social engineering: Never give out a password Always ask for the ID of the unknown person Restrict access of unexpected visitors Escort all visitors through the facility How many people know someone who writes a password on a note and sticks it to the monitor or under the keyboard?
  13. Slide 13 – TCP/IP Attacks 9.2.7 Explain TCP/IP attacks TCP/IP is the protocol suite used to control all communications on the Internet. The most common TCP/IP attacks are: SYN Flood randomly opens TCP ports, tying up the network equipment or computer with a large amount of false requests, causing sessions to be denied to others DoS sends abnormally large amounts of requests to a system, preventing access to the services DDoS DoS attack using “zombies” to make tracing the origin of the attack difficult to locate Spoofing gains access to resources on devices by pretending to be a trusted computer Man-in-the-Middle intercepts or inserts false information in traffic between two hosts Replay uses network sniffers to extract usernames and passwords to be used at a later date to gain access DNS Poisoning changes the DNS records on a system to point to false servers where the data is recorded
  14. Slide 14 – Computer Disposal and Recycling 9.2.8 Explain hardware deconstruction and recycling Teaching Strategy: When migrating from an old pc to a new pc be sure to properly dispose of old data. Many computer parts can be reused so data must be properly erased. Before disposing of or recycling hardware, be sure to eliminate the possibility that someone else may have access to software and data left on the equipment. Erase all hard drives, then use a third-party tool to fully erase all data. The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces. To destroy software media (floppy disks and CDs), use a shredding machine designed for shredding these materials.
  15. Slide 15 – Security is Strengthened in Layers 9.3 Identify security procedures Technicians should use a security plan with clear procedures to determine what to do in a critical situation. Security plan policies should be updated regularly as new threats are released daily. Overall security plans should be reviewed on a yearly basis. Conduct regular tests to determine areas where security is weak. There are multiple layers of security in a network that are vulnerable to attack, including physical, wireless, and data layers. Teaching Strategy: A computer technician will need to know how to implement security procedures in order to protect a computer and information from data loss, corruption, and theft (hardware or data). Security plans are maintained and updated on a regular basis. An appropriate implementation of computer security will implement several layers of security. Security is strengthened in layers. After completing this section, students will meet these objectives: Explain what is required in a basic local security policy Explain the tasks required to protect physical equipment Describe ways to protect data Describe wireless security techniques
  16. Slide 16 – Security Policy 9.3.1 Explain what is required in a basic local security policy Questions to answer in writing a security policy: What assets require protection? What are the possible threats? What should be done in the event of a security breach? Elements to include in a security policy: A process for handling network security incidents A process for auditing existing network security A general security framework for implementing network security Behaviors that are allowed Behaviors that are prohibited What to log and how to store the logs: Event Viewer, system log files, or security log files Network access to resources through account permissions Authentication technologies to access data: usernames, passwords, biometrics, smart cards Teaching Strategy: Security policies describe what to do when faced with many emergencies. It is important to develop and distribute the security policy BEFORE the emergency happens. Local security policies may vary from company to company. They may also vary depending on the device to secure.
  17. Slide 17 – Protecting Equipment 9.3.2 Explain the tasks required to protect physical equipment When a computer is stolen, the data is also stolen. There are several methods of physically protecting computer equipment: Control access to facilities Use cable locks with equipment Keep telecommunication rooms locked Fit equipment with security screws Use security cages around equipment Label and install sensors, such as Radio Frequency Identification (RFID) tags, on equipment There are several means of protecting access to facilities: Card keys are identity cards with a chip that stores user data, including the level of access Berg connectors for connecting to a floppy drive Biometric sensors that identify physical characteristics of the user, such as a fingerprint or retina Posted security guard Sensors, such as RFID tags, to monitor equipment Teaching Strategy: Since stealing the whole PC is the easiest way to steal data; physical computer equipment must be secured.
  18. Slide 18 – Protecting Data 9.3.3 Describe ways to protect data The value of physical equipment is often far less than the value of the data it contains. To protect data, there are several methods of security protection that can be implemented. Password protection can prevent unauthorized access to content. Password policies should include: Expire after a set period of time Contain a mixture of letters and numbers Prevent users from leaving written passwords in view Lockout rules to limit the number of unsuccessful attempts Data encryption uses codes and ciphers. Virtual Private Network (VPN) uses encryption to protect data. A VPN connection allows a remote user to safely access resources as if their computer is physically attached to the local network. Port protection - Every communication using TCP/IP is associated with a port number. HTTPS, for instance, uses port 443 by default. A firewall is a way of protecting a computer from intrusion through the ports. The user can control the type of data sent to a computer by selecting which ports will be open and which will be secured. Data backups are one of the most effective ways of protecting against data loss. Establish data backup procedures which account for frequency of backups, storage for data backups, and securing data backups using passwords. File system security - All file systems keep track of resources, but only file systems with journals can log access by user, date, and time. The FAT 32 file system lacks both journaling and encryption capabilities. As a result, situations that require good security are usually deployed using a file system such as NTFS, which is part of Windows 2000 and Windows XP. If increased security is needed, it is possible to run certain utilities, such as CONVERT, to upgrade a FAT 32 file system to NTFS. The conversion process is not reversible. It is important to clearly define your goals before making the transition. Teaching Strategy: Keeping control of data is as important as not losing it.
  19. Slide 19 – Levels of Wireless Security 9.3.4 Describe wireless security techniques Attackers gain access to a network by being within range of an unprotected wireless network. When installing wireless services, you should apply wireless security techniques immediately in order to prevent unwanted access to the network. Use a wireless encryption system to encode data and thereby prevent unwanted capture and use of the data. Both ends of every link must use the same encryption standard. The levels of security include: Wired Equivalent Privacy (WEP) was the first-generation security standard for wireless. Attackers quickly discovered that WEP encryption was easy to break. The encryption keys used to encode the messages could be detected by monitoring programs. Wi-Fi Protected Access (WPA) was created as a temporary solution until the 802.11i (a security layer for wireless systems) was fully implemented. Now that 802.11i has been ratified, WPA2 has been released. It covers the entire 802.11i standard. Lightweight Extensible Authentication Protocol (LEAP) , also called EAP-Cisco, is a wireless security protocol created by Cisco to address the weaknesses in WEP and WPA. LEAP is a good choice when using Cisco equipment in conjunction with operating systems such as Windows and Linux. Wireless Transport Layer Security (WTLS) is a security layer used in mobile devices that employ the Wireless Applications Protocol (WAP). Mobile devices do not have a great deal of spare bandwidth to devote to security protocols. WTLS was designed to provide security for WAP devices in a bandwidth-efficient manner. Teaching Strategy: Wireless is very convenient but when you send messages over the air you make it easier for an attacker to join your network or monitor your incoming and outgoing traffic. A computer technician must know how to configure wireless NICs and access points using the appropriate level of security. The default settings on an access point are designed for fast connectivity and are not secure. Some of the changes to be made to the default settings of the access point might include; disable DHCP and use static IP addresses, change SSID from default, disable SSID broadcast, change default username and password, update firmware, and enable a firewall.
  20. Slide 20 – Installing Updates and Patches 9.4 Identify common preventive maintenance techniques for security Regular security updates are essential in order to meet the threat from attackers constantly searching for new ways of breaching security. A technician should understand how to install patches and updates. They should also be able to recognize when new updates and patches are available. Teaching Strategy: Attackers methods are constantly changing. As new exploits are discovered, manufacturers create patches and new procedures. The technician must be able to install these and the user should know how to recognize when updates are needed. After completing this section, students will meet these objectives: Explain how to update signature files for anti-virus and anti-spyware software Explain how to install operating systems service packs and security patches
  21. Slide 21 – Updating Protection Programs 9.4.1 Explain how to update signature files for virus checker and spyware Virus, spyware, and adware detection programs look for signatures (patterns in the programming code) of the software in a computer. The publishers of protection software compile the signatures into virus definition tables. Always retrieve the signature files from the manufacturer’s website or one of their mirror sites to make sure the update is authentic and not corrupted by viruses . CAUTION: When downloading the signature files from a mirror, ensure that the mirror site is a legitimate site. Always link to the mirror site from the manufacturer’s website. Steps to manually update signature files for anti-virus and anti-spyware software programs Step 1 Create a restore point in case there is a problem with the update. Step 2 Open the anti-virus or anti-spyware program. Step 3 Locate the update control button and select it. Step 4 After the program is updated, use it to scan your computer. Step 5 After the scan, check the resulting report for viruses or spyware that need to be treated or deleted manually. Step 6 Set the protection software to update automatically and to scan on a scheduled basis. Teaching Strategy: People who write viruses and worms constantly push the state of the art in computing. Virus checking software must be constantly upgraded to counteract these emerging, changing threats.
  22. Slide 22 – Operating System Updates 9.4.2 Explain how to install operating systems service packs and security patches Because some viruses and worms can be difficult to remove from a computer, some manufacturers have designed tools specifically for the purpose. Follow these steps to update an operating system for service packs or security patches: Create a restore point in case there is a problem with the update. A restore point should be set before running a repair application. If the repair process corrupts the operating system or application software, the technician is able to return to the restore point before the repair process began. Check for updates to ensure that you have the latest ones available. Download updates using Automatic Updates or from the operating system manufacturer’s website . Install the update. Restart the computer, if prompted. Test all aspects to ensure that the update has not caused any issues. Teaching Strategy: Operating system and application software must be constantly upgraded to counteract emerging, changing threats. In some cases viruses and worms are so severe the software manufacturer develops a special removal tool. You may be prompted to download and run this tool. Make sure you obtain this tool from an authorized source. Student Activity: The student course content includes the worksheet, 9.4.2 Worksheet: Operating System Updates . To complete this worksheet, students will conduct research for available updates for a particular operating system. List the configuration options for updating the OS and select one method over the rest.
  23. Slide 23 – Troubleshooting Process 9.5 Troubleshoot security Troubleshooting security is similar to troubleshooting other hardware or software problems on a computer. Promptness is vital when troubleshooting a breach in security. There is often a risk of the problem spreading to other equipment. After completing this section, students will meet these objectives: Review the troubleshooting process. Identify common problems and solutions.
  24. Slide 24 – 1. Gather Data from the Customer 9.5.1 Review the troubleshooting process The first step in the troubleshooting process is to gather data from the customer. All of this information is recorded in work order. Open-ended questions cannot be answered with “yes” or “no” answers. The purpose of open-ended questions is to allow the customer to explain the history of the problem and the details of when the problem happened in their own words. Utilizing open-ended questions may take a long period of time and may not give the technician the specific details needed to troubleshoot the problem. Examples of open-ended questions: When did the problem start? What problems are you experiencing? Is there anything else you can tell me about the problem? What websites have you visited recently? What security software is installed on your computer? What were you doing when the problem was identified? Have any unexpected visitors been in your work area? What changes were made to the security settings on your computer? Closed-ended questions can usually be answered with “yes” or “no” answers. Closed-ended questions guide the customer to the specific details about the computer and the error messages. This type of question can help a technician focus in on an error and locate the exact problem once a potential solution is being tested. However the technician may not ask the exact question needed to obtain the details of the problem. Examples of open-ended questions: Has anyone else used your computer recently? Is your security software current? Have you scanned for viruses? Did you open any attachments from a suspicious e-mail? Have you changed your password recently? Have you received error messages on your computer? Have you shared your password? When a customer is not able to accurately describe the problem, there are other ways to evaluate the situation in the next steps of the troubleshooting process.
  25. Slide 25 – 2. Verify the Obvious Issues 9.5.1 Review the troubleshooting process Examine the most obvious causes of a problem. If there is a physical problem, a visual inspection can resolve the issue. (Broken locks, signs of tampering, missing equipment) Sometimes attackers are able to access the equipment. (Unfamiliar login address in login windows, unexplained entries in system security logs, missing or additional patch cords) If the system is connected to a wireless network, look for signs that an attacker has tried to force entry over the wireless connection (Changes in access point configuration, unexplained connections in the access point status display, signal strength of access point set higher than required) Other questions to ask the customer to verify the obvious issues: Have people asked you to stop sending them strange e-mails even though you have not sent them anything? Have any items on your desktop been moved? Does your computer run slower than normal or is it unresponsive? Do you see any unfamiliar login addresses in the login window? Are there any unexplained entries in security protection software logs? Is your Internet connection unusually slow? Teaching Strategy: Some errors can be detected by visually inspecting the hardware and cables for signs of tampering, such as broken locks, stolen equipment, missing patch cords, and added patch cords. Signs that someone else has used the PC may include strange login address or items on desk out of place. Other security errors are due to wireless. Check the wireless signal strength by looking at the condition of the access point. Also, check to see who is connected.
  26. Slide 26 – 3. Try Quick Solutions First 9.5.1 Review the troubleshooting process Once the obvious issues of the security problem have been evaluated, the technician should try the quick solutions. This step in the troubleshooting process will usually repair a temporary fault in the system or catch problems the customer has overlooked. These tests can often be performed while the technician gathers additional data. Here are some quick solutions: Check that all cables are connected to the proper locations Unseat and then reconnect cables and connectors Reboot the computer or network device Login as a different user Check that the anti-virus and spyware signature files are up-to-date Scan computer with protection software Check computer for the latest OS patches and updates Disconnect from the network Change your password NOTE: If you suspect that the security issue you are investigating is the result of a crime, notify the appropriate authorities. Leave the crime scene intact and undisturbed and prevent access to the area. Secure the area by locking the doors. Wait for the authorities to give you permission to make repairs to the equipment or the network. Teaching Strategy: Quick solutions include restoring cables between network devices and computers to their original positions. Another quick test would be to run virus scans and spyware checkers. Be sure to reboot one device at a time. Check date of last scan, check date of last update of signature file, run new scan.
  27. Slide 27 – 4. Gather Data from the Computer 9.5.1 Review the troubleshooting process After a technician has gathered information from the customer, performed a visual inspection, and tried quick solutions, it is time to inspect the computer. Third-party software, such as anti-virus and anti-spyware applications, can report on the files that have been infected. There are several tools available in the operating system that a technician can use: Verify that the signature file is current. Check the security software log file for entries. Task Manager is used to check for unknown applications that are running.
  28. Slide 28 – 5. Evaluate Problem & Implement Solution 9.5.1 Review the troubleshooting process If the technician has used troubleshooting tools without finding the cause of the problem, the problem must be researched further. Consider talking to other people that work with technology. Always consult the available documentation, search the web for white papers, and review technical information After several possible solutions have been identified, each should be evaluated and implemented one at a time. If a proposed solution doesn’t correct the problem, reset the computer back to the original state and try another proposed solution. NOTE: Never ask a customer to reveal a password. If you need to access a computer and the customer cannot stay nearby, have the customer create a temporary password. Advise the customer to reset the password when the repair is complete.
  29. Slide 29 – 6. Close with the Customer 9.5.1 Review the troubleshooting process Explain to the customer how the problem was solved because the customer needs to understand what caused the problem in order to avoid similar kinds of problems in the future. Have the customer verify that the problem has been solved. Finally, have the customer reboot the system and check for any additional problems. Give the customer the following; invoice, manuals or documentation, and/or broken parts. Answer questions the customer may have. The technician should document the following: Customer name and contact information Time spent on solving the problem Travel time and distance Hardware and software configuration changes Any components, such as cables or connectors, that you used in the repair that belong to you Also the technician should maintain a repair journal that details the process you used to solve each problem. This can be helpful as a future reference. NOTE: A repair is final when you have thoroughly tested the computer and completed all paperwork.
  30. Slide 30 – Common Problems and Solutions 9.5.2 Identify common problems and solutions Computer problems can be attributed to hardware, software, connectivity issues, or some combination of the three. You will resolve some types of computer problems more often than others . The worksheet is designed to reinforce your communication skills to verify information from the customer. Other common printer problems and possible causes to consider: Problem: A computer runs updates and requires rebooting at inconvenient times. Possible solutions might be to s et Windows Automatic Update to run daily at a convenient time, such as lunchtime. Problem: A wireless network is compromised even though 64-bit WEP encryption is in use. Possible solutions might be to u pgrade to 128-bit WEP security, WAP, or EAP-Cisco security. Problem: A stolen laptop is returned by the police. It is no longer needed by the user. After recovering any sensitive data, destroy the hard drive and recycle the computer. Problem: A user complains that his system is receiving hundreds or thousands of junk e-mails daily. This may be a denial of service attack. At the e-mail server, filter out e-mail from the sender. Problem: A printer repair person no one remembers seeing before is observed looking under keyboards and on desktops. Contact security or police. Advise users never to hide passwords near their work area. Student Activity: The student course content includes the worksheet, 9.5.2 Gather Information From The Customer. To complete this worksheet, students will document information gathered from the customer in a troubleshooting incident. This activity is designed to help the student understand how to condense information and document issues. The instructor can create additional scenarios to provide students more opportunities to practice this skill. ( Note : This worksheet is designed as a role-playing activity. Students work in pairs. One student plays the role of the customer and uses the information on page 2, “Student Customer Sheet”, to report the problem to the other student. The other student plays the role of the level-one technician and will complete the work order, which is page 1.)
  31. Slide 31 – Chapter 9 Summary Following proper security procedures will protect computers and network equipment, and the data they contain, from physical danger such as fire and theft, as well as from loss and damage by employees and attackers. Some of the important concepts to remember from this module:  Security threats can come from inside or outside of an organization. Viruses and worms are common threats that attack data. Develop and maintain a security plan to protect both data and physical equipment from loss. Keep operating systems and applications up to date and secure with patches and service packs.
  32. Slide 32 – Instructor Training Activities
  33. Slide 33 – Activities for Instructor Training These activities are suggested for use in instructor training. Take the Quiz provided in Chapter 9 course content. Conduct Internet research to pre-screen online resources for students to use in completing the following student worksheets: 9.1 Worksheet: Security Attacks 9.2.1 Worksheet: Third-Party Anti-Virus Software 9.4.2 Worksheet: Operating System Updates Consider the student worksheet, 9.5.2 Gather Information from the Customer. This activity is designed to help the student understand how to condense information gathered from the customer’s report of a problem and to document the issues. Brainstorm a list of at least 4 additional troubleshooting scenarios to provide students more opportunities to practice this skill. Each scenario must include the details of the contact information, the problem description, and the computer configuration information. For an example of this information, see page 2 of the worksheet, 9.5.2 Gather Information from the Customer.
  34. Slide 34 – Instructor Training Discussion Share with the other instructors the list of online resources found that students might use in completing the research activity worksheets. Share with the other instructors the list of additional troubleshooting scenarios. Participate in a role-playing activity of one of the troubleshooting scenarios. Following the role-playing activity, discuss the different ways you might incorporate role-playing activities into your classroom. Share ideas of how to make the student successful in these activities.
  35. Slide 35 – Additional Resources Whatis?com: IT Encyclopedia and Learning Center http://whatis.com TechTarget: The Most Targeted IT Media http://techtarget.com ZDNet: Tech News, Blogs and White Papers for IT Professionals http://www.zdnet.com HowStuffWorks: It's Good to Know http://computer.howstuffworks.com CNET.com http://www.cnet.com PC World http://www.pcworld.com ComputerWorld http://www.computerworld.com WIRED NEWS http://www.wired.com eWEEK.com http://www.eweek.com
  36. Slide 36 – Q and A