LO3:

1. Monitor threats to the network

There are different ways to monitor threats to the network. Some of them are: -

1. By using software Utilities

2. By using security mechanism

3. By Using encryption facilities

1.1. Identifying security threats

Explain why Computer and network security is important

Computer and network security help to keep data and equipment functioning and provide
access only to appropriate people. Everyone in an organization should give high priority to
security because everyone can be affected by a lapse in security.

Theft, loss, network intrusion, and physical damage are some of the ways a network or
computer can be harmed. Damage or loss of equipment can mean a loss of productivity.
Repairing and replacing equipment can cost the company time and money. Unauthorized
use of a network can expose confidential information and reduce network resources.

Describe security threats to computer networks

Computer networks were used by corporation’s employee to share printers and data,
accessing different resources. When millions of ordinary citizens using the network for
banking operations, purchases and tax payments, network security is a major potential
problem. Network security problems can be divided in four interconnected areas: privacy,
authentication, integrity and non-repudiation.

Confidentiality refers to keeping information away from unauthorized users. Authentication is

determining the identity of the person. Non-repudiation involving signatures and integrity
checks to ensure accuracy and data protection
Security policy of a computer networks should define the approach to be tackle when
pursuing a suspected intrusion. Procedures that deal with this type of problem must be
clearly specified. A large number of questions about security must be made before an
incident happen, so that must responses be as clear and objective. A security policy is a set
of rules and procedures that have potential impact and limiting freedoms and, of course,
individual security levels of all users. Security policies are very important in system security
plan

Prepared by Andom T. Page 1

 To successfully protect computers and the network, a technician must understand both
types of threats to computer security:

 Physical – Events or attacks that steal, damage, or destroy equipment, such as

servers, switches, and wiring
 Data – Events or attacks that remove, corrupt, deny access, allow access, or steal
information

Threats to security can come from the inside or outside of an organization, and the level of
potential damage can vary greatly:

 Internal – Employees have access to data, equipment, and the network

o Malicious threats are when an employee intends to cause damage.
o Accidental threats are when the user damages data or equipment
unintentionally.
 External – Users outside of an organization that do not have authorized access to
the network or resources
o Unstructured – Attackers use available resources, such as passwords or
scripts, to gain access and run programs designed to vandalize
o Structured – Attackers use code to access operating systems and software

Physical loss or damage to equipment can be expensive, and data loss can be detrimental
to your business and reputation. Threats against data are constantly changing as attackers
find new ways to gain entry and commit their crimes.

1.1.1. Define Program Threats and Security Threats

1.1.1.1. Program threats

Operating systems processes and do the designated task as instructed. If a user program
made these process do malicious tasks, then it is known as Program Threats. One of the
common example of program threat is a program installed in a computer which can store
and send credentials via network to some hacker. The following is the list of some well-
known program threats:

Trojan horse:

Such program traps user login credentials and stores them to send to malicious user who
can later on login to computer and can access system resources.

The Trojan does not need to be attached to other software. Instead, a Trojan threat is
hidden in software that appears to do one thing, and yet behind the scenes it does another.
Trojans are often disguised (masked) as useful software. The Trojan program can
reproduce like a virus and spread to other computers. A Trojan horse is not a virus because
it does not replicate and spread like a virus.

Prepared by Andom T. Page 2

 Trap Door:

If a program which is designed to work as required, have a security hole in its code and
perform illegal action without knowledge of user then it is called to have a trap door.

Logic Bomb:

Logic bomb is a situation when a program misbehaves only when certain conditions met
otherwise it works as a genuine program. it is harder to detect.

Viruses

A software virus is a freeloading program written intentionally to alter the way your computer
operates without your permission or knowledge.

A virus attaches copies of itself to other files such as program files or documents and is
inactive until you run an infected program or open an infected document. When activated, a
virus may damage or delete files, cause erratic system behavior, display messages or even
erase your hard disk.

A virus may spread through email and instant messenger attachments, through infected files
on floppy disks or CD-ROMs, or by exploiting a security flaw in Microsoft Windows.

1.1.1.2. System Threats:

System threats refers to misuse of system services and network connections to put user in
trouble. System threats can be used to launch program threats on a complete network
called as program attack. System threats creates such an environment that operating
system resources or user files are misused. The following is the list of some well-known
system threats:

Worm

A worm is a self-replicating program that is harmful to networks. A worm uses the network to
duplicate its code to the hosts on a network, often without any user intervention. It is
different from a virus because a worm does not need to attach to a program to infect a host.
Even if the worm does not damage data or applications on the hosts it infects, it is harmful to
networks because it consumes bandwidth.

Port Scanning:

Port scanning is a mechanism or means by which a hacker can detects system

vulnerabilities to make an attack on the system.

Prepared by Andom T. Page 3

 Denial of Service:

Denial of service attacks normally prevents user to make legitimate use of the system. For
example, a user may not be able to use internet if denial of service attacks browsers content
setting.

1.1.2. Define adware, spyware, and grayware

Adware is a software program that displays advertising on your computer. Adware is usually
distributed with downloaded software. Most often, adware is displayed in a popup window.
Adware popup windows are sometimes difficult to control and will open new windows faster
than users can close them.

Grayware or malware is a file or program other than a virus that is potentially harmful. Many
grayware attacks are phishing attacks that try to persuade the reader to unknowingly
provide attackers with access to personal information. As you fill out an online form, the data
is sent to the attacker. Grayware can be removed using spyware and adware removal tools.

Spyware, a type of grayware, is similar to adware. It is distributed without any user

intervention or knowledge. Once installed, the spyware monitors activity on the computer.
The spyware then sends this information to the organization responsible for launching the
spyware.

1.2. Identify security procedures

A security plan should be used to determine what will be done in a critical situation. Security
plan policies should be constantly updated to reflect the latest threats to a network. A
security plan with clear security procedures is the basis for a technician to follow. Security
plans should be reviewed on a yearly basis.

There are different security strategies

 Privacy
 Authentication
 Authorization and integrity

Privacy is the ability of an individual or group to seclude themselves or information about

themselves and thereby reveal themselves selectively. The boundaries and content of what
is considered private differ among cultures and individuals, but share basic common
themes.

Prepared by Andom T. Page 4

 Authentication is the act of confirming the truth of an attribute of a datum or entity.
Verification of identify as a security measure. Passwords and digital signatures are forms of
Authentication

Authorization is the process of giving someone permission to do or have something. In

multi-user computer systems, a system administrator defines for the system which users are
allowed access to the system and what privileges of use (such as access to which file
directories, hours of access, amount of allocated storage space, and so forth).

Integrity is a concept of consistency of actions, values, methods, measures, principles,

expectations, and outcomes. In ethics, integrity is regarded as the honesty and truthfulness
or accuracy of one's actions.

There are multiple layers of security in a network, including physical, wireless, and data.
Each layer is subject to security attacks. The technician needs to understand how to
implement security procedures to protect equipment and data.

1.2.1. Explain what is required in a basic local security policy

Though local security policies may vary between organizations, there are questions all
organizations should ask:

 What assets require protection?

 What are the possible threats?
 What to do in the event of a security breach?

A security policy should describe how a company addresses security issues:

 Define a process for handling network security incidents

 Define a process to audit existing network security
 Define a general security framework for implementing network security
 Define behaviors that are allowed
 Define behaviors that are prohibited
 Describe what to log and how to store the logs: Event Viewer, system log files, or
security log files
 Define network access to resources through account permissions
 Define authentication technologies to access data: usernames, passwords,
biometrics, smart cards

1.2.2. Tasks required to protect physical equipment

Physical security is as important as data security. When a computer is taken, the data is
also stolen.

There are several methods of physically protecting computer equipment,

Prepared by Andom T. Page 5

  Control access to facilities
 Use cable locks with equipment
 Keep telecommunication rooms locked
 Fit equipment with security screws
 Use security cages around equipment
 Label and install sensors, such as Radio Frequency Identification (RFID) tags, on
equipment

For access to facilities, there are several means of protection:

Card keys that store user data, including level of access

Berg connecters for connecting to a floppy drive
Biometric sensors that identify physical characteristics of the user, such as
fingerprints or retinas
 Posted security guard
 Sensors, such as RFID tags, to monitor equipment
Here are some basic precautions to help protect equipment against to access necessary
information

 Never give out your password

 Always ask for the ID of unknown persons
 Restrict access of unexpected visitors
 Escort all visitors
 Never post your password in your work area
 Lock your computer when you leave your desk
 Do not let anyone follow you through a door that requires an access card

1.3. Ways to protect equipment and data

Models and methods of protecting computer networks and data

An important issue in control and secure information system and computer network is the
security model that the system or network will be based. Security model implements security
policy, which was chosen and implemented by designers of system and computer network
[18]. To protect against unauthorized access to computers in a network there are several
solutions: using firewalls and secure the network area, authentication and authorization
access, creating of secure communication channels, etc... The main methods of securing a
computer network are: firewalls, authentication and authorization external access, NIS
service, SSL protocol, S-HTTP protocol, PCT protocol, IP-level security, Secure Shell (SSH).
A firewall is a system placed between the internal network (intranet) and external network
(internet). The main role is to protect the intranet in accordance with certain rules and criteria
that can be set by configuration. The simplest form of protection wall is shown in Figure
below.

Prepared by Andom T. Page 6

 Computer networks security under MS Windows operating systems
An operating system (OS) is a set of system software programs in a computer that regulate
the ways application software programs use the computer hardware and the ways that users
control the computer. A computer being secure depends on a number of technologies
working properly. A modern operating system provides access to a number of resources,
which are available to software running on the system, and to external devices like networks
At the front line of security are hardware devices known as firewalls or intrusion
detection/prevention systems. At the operating system level, there are a number of software
firewalls available, as well as intrusion detection/prevention systems. Most modern operating
systems include a software firewall, which is enabled by default. A software firewall can be
configured to allow or deny network traffic to or from a service or application running on the
operating system. Therefore, one can install and be running an insecure service, such as
Telnet or FTP, and not have to be threatened by a security breach because the firewall would
deny all traffic trying to connect to the service on that port.
MS Windows
MS Windows operating systems have been criticized many times because of the two major
weaknesses: the security and reliability. Reliability of an operating system is usually
quantified by the time of working without having problems. Unfortunately, MS Windows tends
to become unstable after a period of time, unlike other operating systems. Of all desktop
operating systems, Windows has a reputation as the most vulnerable to viruses, worms,
Trojans and other attacks of this kind. Some parts of the MS Windows vulnerability is
because its database of users is very large. MS Windows has many security holes that are
found and exploited by malicious people.
While Microsoft is vigilant in its efforts to fix these security holes, its developers are always
one step behind hackers, and while users waits for security patches their computers are
vulnerable.
Microsoft Windows 7 security

MS Windows 7 is the latest desktop operating system from Microsoft, which was built on the
strengths and weaknesses of its predecessor, MS Windows XP and Windows Vista. In
addition to basic system enhancements and new services, MS Windows 7 provides more
security functionality, enhanced auditing, monitoring capacity and the ability to encrypt
personal data and remote connections. MS Windows 7 also has recently developed internal
improvements to protect the internal system such as Service Hardening, Data Execution
Prevention, Address Space Layout Randomization, and required levels of integrity. MS
Windows 7 is designed to be used safely.

Prepared by Andom T. Page 7

 MS Windows 7 was built on the foundation of MS Windows Vista security, although
improvements have occurred several places such as Group Policies, User Account Control
(UAC), and Windows Firewall. In addition they have opened several new features.
 Firewall Windows Firewall was introduced in MS Windows Vista a step forward from MS
Windows XP. Thus, with this major change it became a serious competitor in the market for
firewall software. Overall of MS Windows 7’s firewall is only slightly better than the one from
MS Windows Vista. It has support for filtering outgoing traffic and it also can analyze traffic
for all applications in a bidirectional way.
 User Account Control - aims to improve the security of Microsoft Windows by limiting
application software to standard user privileges until an administrator authorizes an increase
or elevation. In this way, only applications trusted by the user may receive administrative
privileges, and malware should be kept from compromising the operating system. In other
words, a user account may have administrator privileges assigned to it, but applications that
the user runs do not inherit those privileges unless they are approved beforehand or the
user explicitly authorizes it.
 Action Center - In MS Windows 7 security-related options were collected in Action Center,
an application that replaces the center of security (Security Center) which is found in MS
Windows XP and MS Windows Vista. Action Center is designed to work with third-party
firewall, antivirus and antispyware programs, and programs implemented in MS Windows 7
(Windows Firewall and Windows Defender), but also with those available, such as Microsoft
Security Essentials. The first line of defense in computer security is to protect from attacks
from outside. After the computer is connected to the Internet, it becomes just another node
on a wide global network. A firewall provides a barrier between your computer and network
that is connected by preventing the entry of unwanted traffic while allowing clear passage for
authorized connections. The firewall in MS Windows 7 is enabled by default for all
connections, and provide protection even from starting the computer.
Using Windows Firewall in different computer network locations
Firewall for MS Windows 7 maintains a separate profile (that is, a complete collection of
settings, including rules for different programs, services and ports) for each of the three
network location types: area, private and public. Windows Firewall is Control Panel
application that provides a simple interface for monitoring the status of firewall and routine
tasks such as allowing access to a program or firewall blocking all incoming connections [18].
Like Windows Defender, Windows Firewall can be found in Control Panel. To open the
Windows Firewall such as in Figure 3 go to Start Menu > Control Panel > System and
Security> Windows Firewall.
Microsoft Security Essentials
Microsoft Windows 7 does not provide an antivirus program. If a user installs an antivirus
program that is recognized and accepted by the Action Center. Microsoft, however, provides
MSE (Microsoft Security Essentials), a free security program. It protects against viruses,
spyware, trojans and malicious software. It can be free downloaded from
www.microsoft.com/security_essentials and its installation makes Windows Defender
automatically disable [5].

Prepared by Andom T. Page 8

 Managing access to resources in a computer network
In any computer network, there are resources to which users should have access to them.
Sharing is a process that allows users access from a computer network a certain resource
located on a computer. A share network provides a single location to manage data shared by
several users. Sharing also provides, that an administrator can install an application once
and manage it from one location. You can control user access by assigning permissions to
share folders.
The value of physical equipment is often far less than the value of the data it contains. The
loss of sensitive data to a company's competitors or to criminals may be costly. Such losses
may result in a lack of confidence in the company and the dismissal of computer technicians
in charge of computer security. To protect data, there are several methods of security
protection that can be implemented.

Password Protection

Password protection can prevent unauthorized access to content, as shown in Figure 1.

Attackers are able to gain access to unprotected computer data. All computers should be
password protected. Two levels of password protection are recommended:

 BIOS – Prevents BIOS settings from being changed without the appropriate
password
 Login – Prevents unauthorized access to the network

Network logins provide a means of logging activity on the network and either preventing or
allowing access to resources. This makes it possible to determine what resources are being
accessed. Usually, the system administrator defines a naming convention for the usernames
when creating network logins. A common example of a username is the first initial of the
person's first name and then the entire last name. You should keep the username naming
convention simple so that people do not have a hard time remembering it. When assigning
passwords, the level of password control should match the level of protection required. A
good security policy should be strictly enforced and include, but not be limited to, the
following rules:

 Passwords should expire after a specific period of time.

 Passwords should contain a mixture of letters and numbers so that they cannot
easily be broken.
 Password standards should prevent users from writing down passwords and leaving
them unprotected from public view.
 Rules about password expiration and lockout should be defined. Lockout rules apply
when an unsuccessful attempt has been made to access the system or when a
specific change has been detected in the system configuration.

To simplify the process of administrating security, it is common to assign users to groups,

and then to assign groups to resources. This allows the access capability of users on a
network to be changed easily by assigning or removing the user from various groups. This is

Prepared by Andom T. Page 9

 useful when setting up temporary accounts for visiting workers or consultants, giving you the
ability to limit access to resources.

However, there are a few broad areas that can be considered which require protection of
equipment’s. These include:

 Protection of equipment due to changes in electrical supply: Surges and ‘brownouts’

cause major damage to computer devices. Un-interruptible power supplies (UPS), power
conditioners and surge protection devices are all valuable preventative maintenance tools
for any computerised device.
 Protection from environmental conditions: Humidity, temperature variation and dust are
major causes of computer device failures. Actions taken to limit these factors in the
workplace are valuable preventative maintenance tasks.
 Protection of data using backups: It is vital that backups of both user data and system
configurations are done regularly.
 Protection of data from threats: Data needs to be protected from viruses, malware,
hackers and so on, through the use of both hardware and software security measures.
 Keeping software updated through service packs, patches and driver upgrades
 Checking integrity and performance by using diagnostic tools: Routine running of any
in-built diagnostics and/or checking for display of maintenance messages generated by the
device.

Protecting critical hardware

Facility protection

Strategies must be in place to protect IT equipment from water damage, fire, contamination,
power failure and theft. Some of these strategies include:

o The implementation of early warning systems to detect water leaks, fire and air-borne
contaminants
o Devices to continue power supply should there be a power failure such as a UPS
(uninterruptible power supply) as well as on-site power generation
o Security access to computer facilities such as swipe cards or entry of a security
number
o Recording serial numbers, asset numbers, location and allocation details of
workstations.

Protection from environmental conditions

Temperature

The tolerance of computer components for extremes in temperature is limited — subjecting

them to temperatures outside this range is likely to reduce their life. The room environment as
well as cooling and ventilation systems are, therefore, important in maintaining computer
equipment in optimum operational condition.
Humidity

Prepared by Andom T. Page 10

 Computers are also sensitive to humidity and should be kept dry. Protective measures would
include keeping them away from windows, and avoiding food and drinks spills. Ventilation
systems also help prevent problems with humidity.
Dirt and dust
Computers should be kept in a clean environment. Dust build-up around fans and on electrical
components becomes a problem because it tends to prevent heat dissipation, and interferes
with the fan’s cooling function. Regular cleaning is, therefore, important. If the equipment is
kept in an industrial environment, additional measures must be put in place to protect it — use
of air cleaners is one useful strategy.

Electromagnetic interference
All electronic devices are capable of producing electromagnetic interference that can cause
data to be lost, problems with picture quality on monitors, and other problems.
Protection of data — backup
All organisations need strategies in place to:
Backup critical data, and Ensure that data backup is being undertaken according to
organisational policies.
This will involve both server backup and workstation backup
Server backup

Backup option Benefits Limitations

Backup to tape using Simple; software readily Additional risks in transportation and
backup/restore software such as available in Windows storage; time to restore in the event of
Windows: the tape backups from loss of data, i.e. time to data, can be
the server can be sent to an off- too long and very costly
site backup storage facility for
restoration if backup files on-site
are destroyed.
Backup server data to a remote Time to data much shorter; Can be expensive
tape unit via a WAN risks reduced due to less
manual handling
Backup data to a remote Time to data instantaneous; Costs are high
mirrored disk via a WAN risks lowered further

Workstation backup
Workstations in an organisation are often standardised with respect to operating system and
common applications. An ‘image’ or ‘build’ is created, making it much easier to restore the
workstation to a re-usable state. There is usually an IT policy that specifies a ‘Standard
Operating Environment’ for workplace PCs. Uncommon, or specific, applications are usually
installed separately after the standard image is loaded.

Prepared by Andom T. Page 11

 However, users tend to customise their PCs with shortcuts, background images and
screensavers, taskbar options, mouse speed and a variety of other options. Also, though it
may be against company policy, there may be company data lurking on a user’s PC.
Therefore, before any changes are made to a workstation PC, the hard disk should be
backed up.
As mentioned, staff in a client/server organisation are generally encouraged not to store
data on their own hard drives. However, where an organisation’s data is stored on a
workstation hard drive, there must be some procedure in place for regularly backing it up.
Types of backup
An organisation will have policies that relate to:
 The frequency of backups (daily, weekly, monthly)
 The time of day backups are done
 How long backups are kept
 Where backups should be stored.
Also, there are different types of backup. You may not need to back up all files every time
you back up. Different options include:
 backup of selected directories
 credential backup – backup of only files that have been created or changed since the
last full or
incremental backup
 Differential backup – backup of files that have been created or changed since the last full
backup.
Backup scheduling is an important part of any preventative maintenance plan. Windows
provides a backup and restore tool, and this type of software is also provided by third parties

Prepared by Andom T. Page 12