This chapter is about computer security. Objectives important to this chapter are:
Students should be aware that this chapter does not contain all the knowledge they will ever need to protect PCs or networks, but it is a good start.
The text offers suggestions right away that will be of benefit to most technicians:
Authentication is any process used to prove identity to network security programs. Some texts say it is a method of proving a user's true identity, but we all know of instances of users who share IDs and passwords. Authentication systems only work as intended when users keep their authentication information private.
Authorization is the process of granting rights and permissions to users.
An authorized user will not be able to get to resources if they do not authenticate (prove identity) to the system. An authenticated user will not be able to get to resources if they have not been authorized to do so.
Passwords can exist at many levels for a computer user:
Windows domains typically use a concept called password complexity, which illustrates some good ideas about secure passwords. If turned on, complexity requires several conditions be met by a password. It can't contain a portion of the user's logon name. It must contain three of these characteristics: upper case letters, lower case letters, numbers, and characters that are neither letters nor numbers (symbols and punctuation marks other than wildcards). It is a bad idea to actually use a real word for a password, since there are programs that will attack a system by trying to log in to a known account, using every word in a dictionary file as the password,one after another.
In general, users should be given accounts on a network, and the accounts should have required passwords. The user accounts should be assigned permissions to the resources the users need, and only to those resources. When you grant permission to a resource, e.g. a folder, you are modifying the Access Control List property of the resource. The text tells us that an administrator can run the command cacls to configure access control lists of files and folders.
The text repeats some material already covered in other chapters:
The text moves on to firewalls, another repeated topic. A firewall is most important when a system is attached to the Internet every time it is turned on. It is important even without Internet access, if we remember that most system attacks in corporate environments originate inside your environment.
Firewalls can be implemented with software, hardware, or both. A Windows version of a firewall is included with XP Service Pack 2.
The text repeats its advice about using anti-virus software. Update it frequently, configure it to use its firewall (if it has one), configure it to scan files when they are opened, and scan email as well. The text recommends using Ad-Aware, a fine product for removing adware and spyware. Note, however, something that most users seem to never notice: Ad-Aware is not free for anything but home use. Users in corporate, business, government, educational, and other environments must pay for this software.
We are again reminded to keep our Windows operating systems and Microsoft applications up to date on security patches. As already discussed, you can configure your workstations to automatically check for updates, automatically download updates, or automatically install updates. Personally, I like the first option best, because I really hate the system slowing down (while downloading or installing) or rebooting automatically (due to an installation) when I am trying to work. A system that does not tell the user it is about to become very busy or unavailable is not a user friendly system.
The text discusses security related options available in Internet Explorer. More detail is given this time. Options include:
Lest we think that the text is promoting only Microsoft products, we are reminded that there are some good reasons to use alternative software. Hackers and virus writers tend to write specifically for Internet Explorer and Outlook because they are so widespread. There have been times that my work environment has avoided email viruses because we were on a different platform.
The text moves on to recommend using the Microsoft Shared Computer Toolkit for Windows XP, to prevent any changes to a hard drive that Windows is loaded on. This product has been replaced by Windows SteadyState, which does the same thing.
The text describes Windows 2000/XP Encrypted File System (EFS) which lets you encrypt the contents of files and folders. This kind of feature is recommended for laptops, since they are lost or stolen more often than desktop. It is also a good idea if a desktop user frequently deals with sensitive information.
The text moves on to discuss general physical security ideas:
The text turns to the interesting topic of social engineering. The link I placed on that term goes to a good article about using social skills to gain access to things you shouldn't have access to. People who use these techniques are always thinking up new ones, but the old ones keep popping up, too. So the text offers basic advice to avoid this sort of con artist:
The text repeats its thoughts about making backups and refers us to chapter 4. (The notes for chapter 4 were revised as this page was being written to include more detail about backups in one place on this site.)
At sites where secure and sensitive data are kept, users should be encouraged, if not required, to submit incident reports when they think a security breach may have taken place. Such a report should be taken and investigated by a computer security officer of that entity.
Trash is a common avenue for the loss of important data. In general:
Administrators should regularly check their environments for trouble. This includes everything we have said about PCs, and means we should apply the ideas to servers and our network as well.
The text finally moves on to protecting networks and wireless installations. As explained in a previous chapter, installing a router to make a LAN at a home office (or small regular office) can give you some security advantages:
The text discusses some authentication methods that are frequently used by remote users who connect to your network through a public network like the Internet. This makes their connection a virtual private network (VPN):
Malicious software is a general name for viruses, worms, and any other software that is damaging to your computer or network. It is often shortened to malware.
The list of malware symptoms offered by the text is too long and varied to memorize. Unfortunately, some of the symptoms can be caused by other factors. It may be better to consider malware as a possible cause whenever any unexplained behaviors are noticed in computers.
As a caution to users and technicians alike, the text offers a list of kinds of malware. Note, the list is not exhaustive:
The chapter ends with advice to invest in reliable, reputable anti-virus programs. If you have a suspected infestation, run the anti-virus product and clean the environment. If you find and infection: