1. 1.3 PROTECTION AGAINST MALICIOUS SOFTWARE
1.1. 1.3.1 Malicious Software Protection Programs
1.1.1. Malware is malicious software that is installed on a computer without the knowledge or permission of the user. It may take several different anti-malware programs and multiple scans to completely remove all malicious software. Anti-malware available for these purpose are: Anti-virus, anti-spyware, anti-adware, and phishing programs.
1.2. 1.3.2 Signature File Updates
1.2.1. New viruses are always being developed, therefore security software must be continually updated. A virus signature is a set of unique data, or bits of code, that allow it to be identified. Anti-virus software uses a virus signature to find a virus in a computer file system, allowing to detect, quarantine and remove the virus. In the anti-virus software, the virus signature is referred to as a definition file or DAT file.v
2. 1.4 PROTECTION PHYSICAL EQUIPMENT
2.1. 1.4.1 Malicious Computer & Network Equipment Protection Methods
2.1.1. Physical security is as important as data security. Network infrastructure can be protected by: Secured telecommunications rooms, equipment cabinets, and cages Cable locks and security screws for hardware devices Wireless detection for unauthorized access points Hardware firewalls Network management system that detects changes in wiring and patch panels
2.2. 1.4.2 Security Hardware
2.3. There are several methods of physically protecting computer equipment: Use cable locks with equipment. Keep telecommunication rooms locked. Fit equipment with security screws. Use security cages around equipment. Label and install sensors, such as Radio Frequency Identification (RFID) tags, on equipment. Install physical alarms triggered by motion-detection sensors. Use webcams with motion-detection and surveillance software.
2.4. 1.4.3 Physical Security Activity
2.4.1. Physical security refers to the protection of building sites and equipment(and all information and software contained therein) from theft, vandalism, natural disaster, manmade catastrophes, and accidental damage (e.g., from electrical surges, extreme temperatures, and spilled coffee).
3. 1.1 - Understanding Security
3.1. 1.1.1 Information Security
3.2. The term information security is frequently used to describe the tasks of securing information that is in a digital format. This digital information is manipulated by a microprocessor (such as on a personal computer), stored on a storage device (like a hard drive or USB flash drive), and transmitted over a network (such as a local area network or the Internet).
3.3. 1.1.2 Goals of Security: Confidentiality; Integrity; Availability
3.3.1. Information security is intended to protect information that provides value to people and organizations. There are three protections that must be extended over information: confidentiality, integrity, and availability or CIA:
3.3.1.1. Confidentiality. Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information.
3.3.1.2. Integrity. Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.
3.3.1.3. Availability. Ensuring timely and reliable access to and use of information.
3.4. 1.1.3 Types of Security Threats
3.4.1. A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage.
3.4.1.1. Unstructured threats Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers.
3.4.1.1.1. Virus A program capable of replicating with little or no user intervention, and the replicated programs also replicate. Worm A form of virus that spreads by creating duplicates of itself on other drives, systems, or networks. A worm working with an e-mail system can mail copies of itself to every address in the e-mail system address book. Code Red and Nimda are examples of high-profile worms that have caused significant damage in recent years. Trojan horse An apparently useful or amusing program, possibly a game or screensaver, but in the background it could be performing other tasks, such as deleting or changing data, or capturing passwords or keystrokes. A true Trojan horse isn’t technically a virus because it doesn’t replicate itself.
3.4.1.2. Structured threats Structured threats come from hackers that are more highly motivated and technically competent . These people know system vulnerabilities, and can understand and develop exploit-code and scripts.
3.4.1.3. External threats External threats can arise from individuals or organizations working outside of a company. They do not have authorized access to the computer systems or network. They work their way into a network mainly from the Internet or dialup access servers.
3.4.1.4. Internal threats Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network. This could be a disgruntled employee, an opportunistic employee, or an unhappy past employee whose access is still active. In the case of a past network employee, even if their account is gone, they could be using a compromised account or one they set up before leaving for just this purpose.
3.5. 1.1.4 Type of attacks to computer security
3.5.1. Physical – Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring Data – Events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information
4. 1.2 ACCESS TO DATA AND EQUIPMENT
4.1. 1.2.1 Social Engineering
4.1.1. A social engineer is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information
4.1.1.1. To protect against social engineering: Never give out a password. Always ask for the ID of the unknown person. Restrict access of visitors. Escort all visitors. Never post your password. Lock your computer when you leave your desk. Do not let anyone follow you through a door that requires an access card.
4.2. 1.2.2 Data Wiping
4.2.1. Deleting files from a hard drive does not remove them completely from the computer. This data is not completely removed until the hard drive stores other data in the same location, overwriting the previous data. Hard drives should be fully erased (data wiped) to prevent the possibility of recovery using specialized software.
4.3. 1.2.3 Hard Drive Destruction
4.3.1. Companies with sensitive data should always establish clear policies for hard drive disposal. It is important to be aware that formatting and reinstalling an operating system on a computer does not ensure that information cannot be recovered. Destroying the hard drive is the best option for companies with sensitive data.
4.4. 1.2.4 Hard Drive Recycling
4.4.1. The drive can be reformatted, and a new operating system can be installed. Two types of formatting can be performed: Standard format - Also called high-level formatting, a boot sector is created and a file system is set up on the disk. A standard format can only be performed after a low-level format has been completed. Low-level format - The surface of the disk is marked with sector markers to indicate where data will be stored physically on the disk, and tracks are created. Low-level formatting is most often performed at the factory after the hard drive is built.