part 2

[Audio] Encryption of data on WiFi networks WiFi is inherently less secure than a wired network. It uses radio waves which means its reach often extends beyond the area where it is required (for example from inside a business into a public area). As WiFi uses radio waves it is possible for anyone with a receiver (in practise simply one of a number of WiFi network cards) to listen in and pick up the data being transmitted. For this reason it is vital to use encryption when setting up WiFi networks in order to prevent malicious actors from intercepting communications. Note that being able to listen in to traffic in this way may open up routes to other forms of attack such as M-A-C spoofing. WiFi networks are secured using one of W-P-A WEP or wep2. Techniques used to protect (I-T ) system from security threats Physical security Locational security Access control Offsite backup Disaster recovery plan Locational Security In order to provide truly secure data storage (imagine a cloud computing company) there are significant security measures that must be undertaken. Locational security relates to the security of the physical location (building) in which the data is held. A suitable location should provide restricted access without a secure form of authentication and should be under constant C-C-T-V surveillance. A secure form of authentication could be any of biometric forms (fingerprint voice recognition iris scan) or physical (smart card key numeric lock)..

[Audio] Access Control Having ensured that all personnel entering and leaving the facility have been accounted for (see Locational Security) the servers should also be held in access controlled rooms and cabinets. Many facilities are large and may host equipment belonging to multiple clients. Restricting and recording access to the physical machines makes any potential theft or sabotage easier to identify. Remember that a malicious agent could physically remove hard drives or S-S-Ds from a system if they have physical access to it and they wouldn't need to know any passwords in order to do so. Offsite backup A current complete and tested backup of any system is a basic requirement. Modern servers have great redundancy features built in (dual P-S-U-s multiple hard drives multiple C-P-Us and so on) which means they are generally extremely reliable and easily repaired without even having to switch them off. Malware can cause problems on a network – but as long as you have good anti-virus software you should be ok. But that's only should. Malware can cause irreparable damage to a system: ransomware would leave documents inaccessible even if it could be removed. Software updates can go wrong (Microsoft wiped users' data with one of their updates) and leave systems unusable or inaccessible. People can delete things that they don't think are needed any longer only to discover later that it was important and irreplaceable information. Or you could be unlucky and suffer a lightning strike and lose your server. Or a fire. Or a theft. Or a flood. For all of these reasons a backup is maintained. However if this backup is stored in the same location as the system it is vulnerable to the same risks. Backups should always be stored offsite for this reason. Increasingly this means in the cloud but if an organisation uses hard drive backup or tape backup then these drives or tapes are stored in a secure location away from the primary site. Disaster Recovery Plan As the name suggests this document describes what steps are required in order to return to normal operating conditions following a disaster (anything that results in the rebuilding of.

[Audio] Software-based protection Anti-virus software Software and hardware firewalls Intrusion detection systems Domain management User authentication Anti-virus software Antivirus Software is a data security utility which is installed in a computer system with a purpose of protection from viruses spyware malware rootkits Trojans phishing attacks spam attack and other online cyber threats. Let's know a bit about the Virus. A virus is any unwanted program that enters a user's system without their knowledge. It can self-replicate and spread. It performs unwanted and malicious actions that end up affecting the system's performance and user's data/files. A computer virus can be thought of as an illness of the computer just like human viruses that cause diseases in humans. And what about Antivirus?.

[Audio] An antivirus software as the name indicates is a program that works against a virus. It detects or recognizes the virus and then after detecting the presence of the virus it works on removing it from the computer system. Antivirus software works as a prophylactic so that it not only eliminates a virus but also prevents any potential virus from infecting your computer in the future. Why do you need antivirus software? A system without an antivirus is just like a house with an open door. An open and unprotected door will attract all the intruders and burglars into your home. Similarly an unprotected computer will end up inviting all the viruses to the system. An antivirus will act as a closed door with a security guard for your computer fending off all the malicious intruding viruses. So will you leave your door open for intruders?.

[Audio] What harm can a virus do to your computer? In case your computer is attacked by a virus it can affect your computer in the following ways: Slow down the computer Damage or delete files Reformat hard disk Frequent computer crashes Data loss Inability to perform any task on the computer or the internet Antivirus software is like a ray of bright light in a world full of dark viruses. The number of advantages that they offer are countless. Some of the most prominent advantages are: Protection from viruses and their transmission An antivirus software mainly performs a prophylactic function. It detects any potential virus and then works to remove it. Keep in mind that all this is mostly done before the virus gets to harm the system. So this means that most of the viruses are countered way before they get to do any harm to your systems. An antivirus may combat many viruses in a single day without your knowledge. Avast and Norton are some of the most popular antivirus software that is available in the market these days. If a virus has attacked your system you can potentially transfer that to your friends family and networks. So if you want to protect your computer system as well as computers of your acquaintances then consider getting an antivirus..

[Audio] Block spam and ads If you do a quick survey on how viruses enter the computer systems of its victims you will be amazed by the proportion of viruses that use pop up ads and websites to make their way into your computers. Pop-up ads and spam websites are one the most used gateways by the viruses to infect your computer and then damage your files. Software such as Bullguard Internet Security works against these malicious virus-containing ads and websites by blocking their direct access to your computer network..

[Audio] Defense against hackers and data thieves Hackers usually use a malware or virus program to access their victim's computer. They install malware into the computer without the knowledge of the victim. Hackers do so by sending malicious emails to the victims. Then the hacker can easily hack into their desired files and programs. After that they can use the victim's data as per their will; they can delete or damage it and steal it to demand ransom later on. Antimalware such as Malwarebytes either put an antihacking lock or they perform regular scans to detect the presence of any hacker or hacking based programs in the computer network. So antivirus software provides full-proof protection against hackers..

[Audio] Ensures protection from removable devices Think of the times you have transferred data to and from your computer by using removable devices such as U-S-B-s-. Countless right? You might have suffered from slowing down your computer or a computer crash after connecting a friend's U-S-B--. Ever wondered why that happened? That is so because the U-S-B or removable device served as a transmission device for a virus. So should you stop using removable devices because you never know which U-S-B might contain a virus? No! Just get antivirus software that will scan all the removable devices for any potential viruses to make sure that no virus is transferred..

[Audio] Protects your data and files Antivirus software keeps an eye on all the files that enter your system. All those files are put under a scan to check for any peculiarity or maliciousness. Viruses can easily be transmitted to your network via infected files and these in turn can potentially harm your data and files. You may even suffer the complete loss of your precious data at the hands of such viruses. A solution from Avira software makes sure that your data and files are adequately protected..

[Audio] Supercharge your PC Think of two computers side by side. One is suffering from the consequences of a virus attack such as slow processing speed and frequent crashes. The other is antivirus protected. Which amongst the both will have a better speed? The one with antivirus for sure. It is so because that computer has no problems because antivirus has stopped the virus before it can cause any real harm. Some antiviruses may even delete and remove useless files from unknown sources to free up disk space increasing the speed of the PC..

[Audio] Firewall protection from spyware and phishing attacks A firewall in general monitors incoming and outgoing traffic from your computer network. When coupled with antivirus firewall protection double checks every file or piece of data that you send or transfer from your computer via the internet to another network. The same goes for the files and data that you receive from an external network. You can unintentionally open a downright malicious website or email and then fall prey to a phishing attack. A phishing attack occurs when the attackers specifically aim for your login credentials credit card information or any other personal information/data. Such an attack can result in substantial financial loss or personal leaks. Two-Way firewall protection from antivirus software such as Avast blocks and removes any such emails or files that can harm you in any such way..

[Audio] Limit the access of websites to enhance web protection Accessing unauthorized websites can expose your computer system to several cyber threats including spyware hackers ransomware et cetera These threats can potentially risk your data and files. An antivirus software limits your web access to restrict your activities on unauthorized networks. This is done to make sure that you only access the websites that are safe and harmless for your computer system..

[Audio] Keeping an eye on kids The biggest headache for parents in these advance times is that their children can openly access anything using the internet whether it be good or bad. A parent can't always keep an eye on what their children are doing on the computer. And they can't school their kids about the good and bad web all the time because kids get annoyed easily. Antivirus software can be the solution for such worrisome parents. It can provide a monitoring tool via which you can keep tabs on the activities of your children in a safe yet efficient manner. Antivirus software provides you with proper logs of your kid's activities. E-S-E-T is one of the most prominent antiviruses that offers parental control..

[Audio] Protects your password You protect your valuable data and accounts with a password and then you think that your data and accounts are protected. But what if someone steals your passwords using a virus? The password thief can later on blackmail you for ransom or use your password to access sensitive information. On top of using antivirus you can also think of using a password manager for better security..

[Audio] Cost-effective Most of the antivirus software is quite cost-effective. The monthly or yearly packages that antivirus manufacturing companies offer are inexpensive. If you consider the variety of services that come with the premium package of the antivirus you will surely think that the cost they are offering is quite less. In addition to that if you are low on budget and don't want to spend money on buying the premium version of antiviruses then you can get free antivirus. Is your computer better off without antivirus software? A virus attack can inflict as much damage as forcing you to buy a new computer because your old computer has been damaged beyond repair. Not having a protective mechanism for your computer system is like inviting viruses to your computer by providing them with a clear and accessible entrance. Will you ever want to damage your computer with your own hands on your own will? If no then get an antivirus software as soon as possible so you can use your computer without the constant fear of falling prey to a virus attack..

[Audio] Software and hardware firewalls The difference between hardware and software firewall is this: A hardware firewall protects you from the outside world and a software firewall protects a specific device from other internal systems. For example if someone tries to access your systems from the outside your physical firewall will block them. Firewalls are configured by setting inbound and outbound rules. Intrusion Detection Systems Intrusion detection systems are software or hardware systems that monitor the network and look for any signs that unauthorised access has occurred. Intrusion detection systems (I-D-S--) monitor networks for any suspicious activity that may result in data breaches or similar lapses in cybersecurity. Each I-D-S works by establishing what is 'normal' for a particular environment so that it can accurately detect and alert (I-T ) personnel to any deviations. This baseline is based on normal communication activity for protocols sources endpoints user accounts access times and data volumes. Intrusion detection systems can be either host-based (software installed on client machines) or network-based (a device which monitors the network as a whole). Just as anti-malware products scan for known malware and for tell-tale signatures in code so do intrusion detection systems. Different types of intrusion detection systems IDSes come in different flavors and detect suspicious activities using different methods including the following: A network intrusion detection system (N-I-D-S-) is deployed at a strategic point or points within the network where it can monitor inbound and outbound traffic to and from all the devices on the network. A host intrusion detection system (H-I-D-S-) runs on all computers or devices in the network with direct access to both the internet and the enterprise's internal network. A HIDS has an advantage over a nids in that it may be able to detect anomalous network packets that originate from inside the organization or malicious traffic that a nids has failed to detect. A HIDS may also be able to identify malicious traffic that originates from the host itself such as when the host has been infected with malware and is attempting to spread to other systems. A signature-based intrusion detection system (S-I-D-S-) monitors all the packets traversing the network and compares them against a database of attack signatures or attributes of known malicious threats much like antivirus software. An anomaly-based intrusion detection system (A-I-D-S-) monitors network traffic and compares it against an established baseline to determine what is considered normal for the network with respect to bandwidth protocols ports and other devices. This type often uses machine learning to establish a baseline and accompanying security policy. It then alerts (I-T ) teams to suspicious activity and policy violations. By detecting threats using a broad model instead of specific signatures and attributes the anomaly-based detection method improves upon the limitations of signature-based methods especially in the detection of novel threats..

[Audio] Capabilities of intrusion detection systems Intrusion detection systems monitor network traffic in order to detect when an attack is being carried out by unauthorized entities. IDSes do this by providing some — or all — of these functions to security professionals: monitoring the operation of routers firewalls key management servers and files that are needed by other security controls aimed at detecting preventing or recovering from cyberattacks; providing administrators a way to tune organize and understand relevant OS audit trails and other logs that are otherwise difficult to track or parse; providing a user-friendly interface so nonexpert staff members can assist with managing system security; including an extensive attack signature database against which information from the system can be matched; recognizing and reporting when the I-D-S detects that data files have been altered; generating an alarm and notifying that security has been breached; and reacting to intruders by blocking them or blocking the server. Benefits of intrusion detection systems Intrusion detection systems offer organizations several benefits starting with the ability to identify security incidents. An I-D-S can be used to help analyze the quantity and types of attacks; organizations can use this information to change their security systems or implement more effective controls. An intrusion detection system can also help companies identify bugs or problems with their network device configurations. These metrics can then be used to assess future risks. Intrusion detection systems can also help the enterprise attain regulatory compliance. An I-D-S gives companies greater visibility across their networks making it easier to meet security regulations. Additionally businesses can use their I-D-S logs as part of the documentation to show they are meeting certain compliance requirements. Intrusion detection systems can also improve security responses. Since I-D-S sensors can detect network hosts and devices they can also be used to inspect data within the network packets as well as identify the OSes of services being used. Using an I-D-S to collect this information can be much more efficient than manual censuses of connected systems..

[Audio] Challenges of intrusion detection systems IDSes are prone to false alarms — or false positives. Consequently organizations need to fine-tune their I-D-S products when they first install them. This includes properly configuring their intrusion detection systems to recognize what normal traffic on their network looks like compared to potentially malicious activity. However despite the inefficiencies they cause false positives don't usually cause serious damage to the actual network and simply lead to configuration improvements. A much more serious I-D-S mistake is a false negative which is when the I-D-S misses a threat and mistakes it for legitimate traffic. In a false negative scenario (I-T ) teams have no indication that an attack is taking place and often don't discover until after the network has been affected in some way. It is better for an I-D-S to be oversensitive to abnormal behaviors and generate false positives than it is to be undersensitive generating false negatives. False negatives are becoming a bigger issue for IDSes — especially sidses — since malware is evolving and becoming more sophisticated. It's becoming harder to detect a suspected intrusion because new malware may not display the previously detected patterns of suspicious behavior that IDSes are typically designed to detect. As a result there is an increasing need for IDSes to detect new behavior and proactively identify novel threats and their evasion techniques as soon as possible. Domain management Domain management refers to the domain-wide management of the security aspects of a network. For example you may use domain management to ensure that users only have certain access rights and that only company-provided machines are able to connect to the network. A discussion of these tasks along with guidance on how to achieve them is found here: How to Configure Security Policy Settings | Microsoft Docs.

[Audio] User authentication This is the process of proving the identity of a user and determining whether or not they are allowed access to a system. This could take place in many different ways: Username and password – common authentication method. Policy should force users in to selecting strong passwords as well as regularly re-setting them. Biometric authentication – use of fingerprint iris scan or voice recognition to identify the user Two-step verification – this makes use of 'something you know and something you have' to provide double-authentication. For example a password in conjunction with a code generation device email address or similar Security tokens – for example a physical U-S-B key that must be connected to authenticate the user Certificate-based authentication – allows the authentication of incoming requests providing they are signed with a valid certificate issued by a CA Strategies to protect an (I-T ) system from security threats Group policies Tools for managing a set of (I-T ) Systems Anti-malware Installation and configuration of Firewall configuration Inbound and outbound rules Events and log entries Wireless security W-E-P W-P-A W-P-A-2.

[Audio] Access control Defining users and groups Password policies White-listing approved binaries Data-hiding when viewing logs Users with special privileges Testing and reviewing protection Firewall testing System scans Network testing tools Judging effectiveness and making recommendations for improvement Group policies Tools for managing a set of (I-T ) Systems Tools for managing (I-T ) systems The Active Directory Users and Computers tool is used to configure Windows Systems. This link takes you to example documentation for creating groups. You can access multiple other guides from that page. Create a Group Account in Active Directory (Windows 10) – Windows security | Microsoft Docs This page lists multiple different additional tools that can be used for managing systems: 18 Best Server Management & Monitoring Tools 2021 (Paid & Free) (comparitech.com) Of course the big advantage of these tools is that you can update multiple accounts and policies remotely. You can trouble-shoot and install software remotely and enforce policies such as software update policies without have to visit individual machines..

[Audio] Anti-malware Installation and configuration of Installation and configuration of anti-virus software All anti-virus software vendors have support pages which detail how to install and configure their products. Some of the generic configurations could include: Frequency of updates (AV software needs data that define what viruses it is looking for) Whether to exclude folders or files (performance issues could result from scanning files unnecessarily) Whether to scan on opening or saving (or both) files Firewall configuration Inbound and outbound rules Events and log entries Inbound and outbound rules A firewall is software which monitors and allows or restrict inbound and outbound network traffic based on a set of rules. Firewalls are typically either software running on the computer or software running on specialised hardware that works at the network level rather than individual computer level. The purpose of a firewall is to ensure that only desirable network traffic is allowed to enter or leave your network. For instance you may set a firewall rule that blocks all incoming traffic on a certain port number; this can be used to ensure certain applications are blocked – for example social media applications could be blocked or malware that utilises a specific port (think how worms spread and why this would be useful). All network packets are sent using TCP/IP or U-D-P--. These include not only an IP address for the target machine but also a port number. Port numbers range from 1-65535. IP addresses in IPv4 format consist of four 8-bit values separated with periods. Where an IP address specifies a specific machine a port number specifies an application. This ensures that only relevant data gets delivered to each application on the computer (great for efficiency and privacy). If data is addressed to a specific destination and application or originates from a specific IP address and port number it should make sense that it is easy to block data packets that match certain rules – like protocol IP source/destination and port number. This allows a firewall to restrict access to applications or machines as required. Some firewalls can also inspect the data packets' contents – that is the payload data. Even if the source or destination machine is not blocked data can be blocked on the grounds of its contents – perhaps inappropriate content or sensitive information. Many firewalls also work by monitoring for D-O-S attacks; if a given IP address generates too many requests in a given time period that IP address can be blocked. Blocking repeated requests means that the server doesn't get overloaded and a D-O-S attack can be avoided..

[Audio] Events and log entries Firewalls are able to maintain a log of activity. This could include the source and destination of data packets the date and time and the protocol used. Logs are invaluable in the event of attack as a tool to verify that firewall rules are operating as intended to identify malicious activity originating on your network and for identification of potential D-O-S attacks. This page discusses firewall event and log entries in detail: The Significance and Role of Firewall logs (exabeam.com) Wireless security W-E-P W-P-A Wpa2 Wep WPA and W-P-A-2 WiFi security algorithms have been through many changes and upgrades since the 1990 seconds to become more secure and effective. Different types of wireless security protocols were developed for home wireless networks protection. The wireless security protocols are W-E-P W-P-A and W-P-A-2 serving the same purpose but being different at the same time. W-E-P was developed for wireless networks and approved as a Wi-Fi security standard in September 1999. W-E-P was supposed to offer the same security level as wired networks however there are a lot of well-known security issues in W-E-P which is also easy to break and hard to configure. Not considered secure..

[Audio] WPA. Wi-Fi Protected Access was used as a temporary enhancement for W-E-P--. Easy to break. Configuration: moderate For the time the 802.11i wireless security standard was in development WPA was used as a temporary security enhancement for W-E-P--. One year before W-E-P was officially abandoned WPA was formally adopted. Most modern W-P-A applications use a pre-shared key (P-S-K--) most often referred to as W-P-A Personal and the Temporal Key Integrity Protocol or T-K-I-P for encryption. W-P-A Enterprise uses an authentication server for keys and certificates generation. W-P-A was a significant enhancement over W-E-P but as the core components were made so they could be rolled out through firmware upgrades on wepenabled devices they still relied onto exploited elements. W-P-A just like W-E-P after being put through proof-of-concept and applied public demonstrations turned out to be pretty vulnerable to intrusion. The attacks that posed the most threat to the protocol were however not the direct ones but those that were made on Wi-Fi Protected Setup (W-P-S--) – auxiliary system developed to simplify the linking of devices to modern access points. W-P-A-2 The 802.11i wireless security standard based protocol was introduced in 2004. The most important improvement of W-P-A-2 over W-P-A was the usage of the Advanced Encryption Standard (A-E-S--). A-E-S is approved by the U S government for encrypting the information classified as top secret so it must be good enough to protect home networks.ADVANCED ENCRYPTION STANDARD IS APPROVED BY THE U S GOVERNMENTAt this time the main vulnerability to a W-P-A-2 system is when the attacker already has access to a secured WiFi network and can gain access to certain keys to perform an attack on other devices on the network. This being said the security suggestions for the known W-P-A-2 vulnerabilities are mostly significant to the networks of enterprise levels and not really relevant for small home networks. Unfortunately the possibility of attacks via the Wi-Fi Protected Setup (W-P-S--) is still high in the current WPA2-capable access points which is the issue with W-P-A too. And even though breaking into a WPA/WPA2 secured network through this hole will take anywhere around 2 to 14 hours it is still a real security issue and W-P-S should be disabled and it would be good if the access point firmware could be reset to a distribution not supporting W-P-S to entirely exclude this attack vector..

[Audio] Access control Defining users and groups Password policies White-listing approved binaries Data-hiding when viewing logs Users with special privileges Access control users and groups Networked operating systems provide tools for user management. In the case of Windows this is through the use of user and group objects. They serve the following purposes. Types of Active Directory Groups Active Directory groups can be used: To simplify the administration by assigning share (resource) permissions to a group rather than individual users. When you assign permissions to a group all of its members have the same access to the resource; To delegate the control by assigning user rights to a group using Group Policies. In the future you can add new members to the group who need the permissions granted by this group; To create email distribution lists. There are two types of AD groups: Active Directory Security Groups. This type of group is used to provide access to resources (security principal). For example you want to grant a specific group access to files on a network shared folder. To do this you need to create a security group; Active Directory Distribution Groups. This type of group is used to create email distribution lists (usually used in Microsoft Exchange Server). An email sent to such a group will reach all users (recipients) in the group. This type of group cannot be used to provide access to domain resources because they are not security enabled. For a full list of groups and users see this article. And for Microsoft's guidance see here..

[Audio] Password policies Your password policy should balance the need for security with the need for usability. The following are good recommendations: The primary goal of a more secure password system is password diversity. You want your password policy to contain lots of different and hard to guess passwords. Here are a few recommendations for keeping your organization as secure as possible. Maintain an 8-character minimum length requirement Don't require character composition requirements. For example *&(^%$ Don't require mandatory periodic password resets for user accounts Ban common passwords to keep the most vulnerable passwords out of your system Educate your users to not re-use their organization passwords for non-work related purposes Enforce registration for multi-factor authentication Enable risk-based multi-factor authentication challenges For a full document please read this link. Whitelisting approved binaries Hopefully you have anti-malware software installed on your servers. Generally this will ensure that any file read from disk is checked for viruses and any data is checked before being written back. For most cases this works just fine. However there are circumstances where this isn't ideal. One use of servers is to provide virtualisation – this means having multiple virtual machines run within a single physical server. Each virtual machine is stored as a huge file which is constantly being read from and written to. For this purpose we may choose to exclude the emulation software and the VM files by whitelisting them. Of course this means that any malicious alterations to the files would be missed but in this example it is a necessary action. Without it the hosts C-P-U will be placed under a huge load purely from scanning the application and its data before even beginning to process the VMs commands..