Worktext in ITC 126

INFORMATION
ASSURANCE AND SECURITY
by:
DARWIN G. RARALIO
INSTRUCTOR
Week 1- 8

INFORMATION TECHNOLOGY DEPARTMENT

0
 I. Introduction to Information Assurance Security
OBJECTIVES

At the end of this lesson, the students would be able to:

1. Able to define Information Assurance and Security.
2. Know different key models to identify the scope of the course.
3. Identify the facets that make up the subject information.

What is Information Assurance Security?

Information assurance and security is the management and protection of
knowledge, information, and data.

It combines two fields:

Information assurance, which focuses on ensuring the availability,
integrity, authentication, confidentiality, and non-repudiation of information
and systems. These measures may include providing for restoration of
information systems by incorporating protection, detection, and reaction
capabilities.
Information security, which centers on the protection of information and
information systems from unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide confidentiality, integrity, and
availability.

The CIA TRIAD

Confidentiality, Integrity, and Availability (CIA Triad)

1
 A model designed to guide policies for information security within an
organization. The model is also sometimes referred to as the AIC Triad(Availability,
Integrity and confidentiality) to avoid confusion with the Central Intelligence
Agency. The Elements of the triad are considered the 3 most crucial
components of security.

Confidentiality
Is roughly equivalent to privacy. Measures undertaken to ensure
confidentiality are designed to prevent sensitive information from reaching the
wrong people while making sure that authorized people can access it. It is
common for data to be categorized according to the amount and type of
damage that could be done should it fall into unintended hands. More or less
stringent measure can then be implemented according to those categories.
Eg. Account number or routing number, Data Encryption

• Data should be handled based on their required privacy

• Data should be encrypted, with a form of two-factor authentication to
reach it.
• Keep access controls lists and other file permissions up to date.

Integrity
Involves maintaining the consistency, accuracy, and trustworthiness of
data over its entire life cycle. Data must not be changed in transit, and steps
must be taken to ensure that data cannot be altered by unauthorized people.
• Ensure employees are knowledgeable about compliance and regulatory
requirements.
• Use a backup and recovery software.
• Make use of version control, access control, data logs and checksums.

2
Availability
Is best ensured by rigorously maintaining all hardware, performing
hardware repairs immediately when needed and maintaining a correctly
functioning operating system environment that is free of software conflicts.
• Use preventative measures such as redundancy, failover and RAID. Ensure
systems and applications stay updated.
• Use network or server monitoring systems.
• In case of data loss, ensure a Data Recovery and Business Continuity plan
is in place.

RMIAS
Reference Model of Information Assurance and Security
A Reference Model (RM) is an abstract framework for understanding
significant relationships among the entities of some environment. It enables the
development of specific reference or concrete architectures using consistent
standards or specifications supporting that environment. A reference model
consists of a minimal set of unifying concepts, axioms and relationships within a
particular problem domain, and is independent of specific standards,
technologies, implementations, or other concrete details.

Role of a Reference model

Many security issues are caused by wrong security decisions being taken on the
basis of incomplete knowledge or misunderstanding of the security domain. An
RM helps to overcome this problem by bringing together, in a clear all-
encompassing picture, the main entities of the knowledge area and the
relationships between them as well as the fruitful methods of research and
practice.

RMIAS Dimensions
1. Information System Security Life Cycle Dimension illustrates the progression
of IS security along the IS Development Life Cycle (ISDL);

3
 2. Information Taxonomy Dimension describes the nature of information
being protected;
3. Security Goals Dimension outlines a broadly applicable list of security goals.
A Security Goal is a desirable ability of an IS to resist a specific category of
threats.
4. Security Countermeasures Dimension categorizes countermeasures
available for information protection. A Security Countermeasure is a
technique or a process which helps to achieve one or more security goals
and helps to mitigate risks to information and vulnerabilities in an IS.

These 4 dimensions are

deemed compulsory and
sufficient for an understanding
of the IAS domain at the
chosen high level of
abstraction. They do not
overlap and do not duplicate
each other.

An Introduction to Knowledge Areas in Information Assurance and Security

At the end of this unit, you'll be the position to outline the key knowledge
areas that typically make up the information or cyber security area. As well as
the surrounding knowledge that you may need to engage with as a security
professional. Today the scope of informational cyber security is still being defined.
There are a number of international efforts that are seeking to determine what
should be in the curriculum of a cyber security undergraduate or masters
degree.
The first is cyber defense, which includes aspects, such as
cryptography, computer security, network security, and information assurance.
We provide an introduction to these in this course. The next is cyber operations,
this covers cyber attack, and penetration testing. In penetration testing, we play
4
the attacker, so that we understand what can be done to a system. We also
include here reverse engineering and cryptanalysis. Next is digital forensics,
which includes hardware and software forensics on hosts and service, mobile
devices, right down to embedded systems, such as set top boxes. Here we are
looking to identify incursions into our systems by attackers.
The next is secure software developments And this includes a number
of different factors such as secure systems design,secure coding, deployments
and maintenance to the system. And importantly, the usability of a secure
system. We, of course, wish that all software was secure and usable, but that, of
course, is not the case.
Lastly, the Cyber policy, there are a range of regulations that apply
for cyber systems and operations. And, of course, cyber laws are very important
to us as individuals, as well as the organizations such as the Data Protection Act.
Cyber risk management includes cyber resiliency and assurance.

5
 Exercise1(What I know)
Student name: Course/Yr/Major:
Subject Teacher: Subject schedule:
Date submitted: Section:

Direction:
• Write a simple essay pertaining Information Assurance and Security.
How to Secure Information and how to deal with it. (500 words
minimum) (10 pts)

6
 Exercise2
Student name: Course/Yr/Major:
Subject Teacher: Subject schedule:
Date submitted: Section:

Direction: Write as many words as you can to describe the similarities and
dissimilarities of CIA Triad and RMIAS Model(Minimum of 10 words)

Venn Diagram

CIA Triad RMIAS

7
References:
✓ Information Security: Context and Introduction
University of London
✓ A Reference Model of Information Assurance and Security
Yulia cherdantseva; Jeremy Hilton
https://whatis.techtarget.com/definition/Confidentiality-integrity-and-
availability-CIA

8
 II. Introduction to Cryptography

Objectives
At the end of this lesson, the students would be able to:
• Define what is cryptography
• Know why we should learn cryptography

Everyday Cryptography

cryptography is not a new science, although some would say that it has
only recently been formally treated as such. It has been used for centuries to
protect sensitive information, especially during periods of conflict.
However, information security is now a subject with a relatively high profile.
Most people use information security mechanisms on a daily basis. The reason
for this increased profile has been the development of computer networks,
particularly the Internet. This development has not necessarily resulted in an
increase in the amount of information in the world, but data is now easier to
generate, access, exchange and store.
The rise in significance of information security has brought with it an increase
in the importance and widespread use of cryptography. As we shall see,
cryptography lies at the heart of most technical information security
mechanisms.

9
 Two very different office environments
It is worth briefly considering precisely what types of physical security
mechanisms we used to rely on prior to computer communication. Indeed, we
still rely on many of these in physical situations. The fact that these security
mechanisms cannot easily be applied to electronic environments provides the
central motivation for defining cryptographic mechanisms.

1. An Old Office
Imagine an office where there are no computers, no fax machines, no
telephones and no Internet. The business conducted in this office relies on
information coming from both external and internal sources. The employees in
this office need to be able to make decisions about the accuracy and
authenticity of information.
Some basic security mechanisms for spoken information might be:
• facial or vocal recognition of people known to staff in the office;
• personal referrals or letters of introduction for people not known to staff in
the office;
• the ability to hold a private conversation in a quiet corner of the room.
Some basic security mechanisms for written information might be:
• recognition of handwriting of people known to staff in the office;
• handwritten signatures on documents;
• sealing documents in an envelope;
• locking a document in a filing cabinet;
• posting a letter in an official post box.

10
 2. A Modern Office
Now consider a modern office, full of computers that are networked to the
outside world via the Internet. Although some information will undoubtedly be
processed using some of the previous mechanisms, for reasons of convenience
and efficiency there will be a vast amount of information handled by electronic
communication and storage systems. Imagine that in this office nobody has
considered the new information security issues.
Here is a list of just some of the security issues that staff in this office should be
considering:
• How can we tell whether an email from a potential client is a genuine
inquiry
from the person that it claims to have come from?
• How can we be sure that the contents of an electronic file have not
been
altered?

Fundamentals of cryptosystems
Having set the scene, it is now time to look at the concept of a
cryptosystem. We examine the basic model of a cryptosystem and explain
fundamental terminology that will be used throughout the rest of the book. We
also explain the crucial difference between two important types of
cryptosystem.
Cryptography is a generic term used to describe the design and analysis of
mechanisms based on mathematical techniques that provide fundamental
security services. We will use cryptography in a generic sense, but a more
formally accurate term is cryptology, which is the scientific study of cryptography
(the design of such mechanisms) and cryptanalysis (the analysis of such
mechanisms). It is appropriate to think of cryptography as the establishment of a
large toolkit of different techniques, the contents of which can either be used on
their own, or combined, in security applications.
A cryptographic primitive is a cryptographic process that provides a
number of specified security services. If cryptography is a toolkit,

11
 Cryptographic Toolkit
So in this lesson, we're going to focus on one of these, confidentiality. And
particularly, the security mechanism encryption. And we're going to look at a
critical difference between the notion of a cryptographic algorithm and a
cryptographic key. So at the end of lesson, you should be able to explain the
difference between a cryptographic algorithm and a cryptographic key.

Simulation:
It might be helpful throughout our discussion to imagine the physical
security analogy of encryption. Which could be, we're actually taking some
written information on a piece of paper, placing it in a box, and locking that box
with a key. And that's actually quite a helpful analogy for what we're about to
describe. So let's consider some basic terminology now. So plaintext is going to
represent the information we're trying to protect.
We're going to convert that, to make it confidential, into something
called ciphertext, which is going to be unreadable and it's not going to make
any sense. We're going to allow an attacker to observe ciphertext as it's sent
across a communication channel, and hopefully, they will learn nothing about
the plaintext as a result. The person we're sending the data to, hopefully, will be
able to somehow get the plaintext back from the ciphertext. So that's the
challenge. Now the means by which plaintext is converted into ciphertext will be
by means of an encryption algorithm. And an algorithm is really just a recipe. So
it's a bunch of instructions that say scramble up the plaintext in the following way.
And it's converted into ciphertext. And then the decryption algorithm, something
known to the recipient, allows them to deconstruct that ciphertext, and recover
the plaintext from it. And this is something called the Atbash cipher. So the
Atbash cipher is represented by a table, there are blue letters on top, red letters
underneath. And we just look up this table to convert our plaintext message
consisting of blue letters, into a ciphertext message consisting of red letters. And
the encryption algorithm, in this case, is very straightforward. It just says look up
the table, and replace the blue letter by the red letter, and the decryption
algorithm is the reverse. Let's look at an example. So the plaintext, top secret,
would just be converted into a ciphertext, G L K H V X I V G, by looking at that
table. And hopefully, an attacker who observes G L K H V X I V G sent across a
communication channel will be able to make no sense of it at all. However, the
12
recipient, knowing we're using the Atbash cipher, can deconstruct the message
from the same table and recover the plaintext, top secret. So the question is, do
we really get confidentiality from use of this Atbash cipher? Well, in fact, there
are many reasons why the answer is no, the Atbash cipher is not a very good
way of scrambling data.
So again, we're going to use an encryption algorithm that's a lookup table,
we're going to place letters in the top by letters underneath. But instead of
having only one way of doing this, we're going to make it the case that the letters
underneath can be represented in any number of different ways. What's going
to have to happen is the sender and receiver are going to have to agree how
the encoding is done. The algorithm will still be a table, take the letter on top,
replace it by the letter underneath. But the particular letter that's chosen will be
the key, and that will be unknown by an attacker who observes this ciphertext.
So, for example, if we take the following table, where a is replaced by D, b by I,
c by Q, etc. In that case, the message, top secret, is now replaced by the
ciphertext P R J W T Q U T P.
What is important to realize is that modern encryption algorithms, like the
Advanced Encryption Standard, which is in many of the technologies we use
every day, doesn't have these kinds of flaws. It, in itself, is a recipe, a way of
scrambling data. Rather like just replace the plaintext letter by the ciphertext
underneath. It's much more complicated, but it scrambles data in a particular
way, according to a particular recipe.

Cryptography in real life

There are two different types of encryption out there. There was symmetric
cryptography and public-key cryptography. And remember the difference. In
symmetric cryptography, you need the same key, the same secret key to
encrypt and decrypt. And in public-key cryptography, anyone can encrypt and
only the recipient can decrypt. Now in fact if you think about it, one of the big
problems we got is how are people going to get the keys that they actually need
to use in a particular application. Now for symmetric cryptography, the sender
and receiver of any data.

13
Example:
Mobile phone. So on your mobile phone there's a chip card. And on that
chip card is a key. On the other hand, the only person who needs to know this is
the mobile operator you have dealings with.

14
Exercise 3
Student name: Course/Yr/Major:
Subject Teacher: Subject schedule:
Date submitted: Section:

Direction: Provide an example of at least one "real world" use of cryptography

where:

1. data -integrity is more important than data confidentiality;

2. entity -authentication is more important than data origin authentication;
3. data -origin authentication is necessary but non-repudiation is not
necessarily required;
4. entity -authentication is provided using more than one mechanism.

15
Reference:
✓ EVERYDAY CRYPTOGRAPHY: FUNDAMENTAL PRINCIPLES AND APPLICATIONS by Keith M. Martin
(2012) approx.. 3,500 words."By permission of Oxford University Press"/"By permission of Oxford
University Press, USA"
✓ https://global.oup.com/academic/product/everyday-cryptography-
9780198788010

16
 III. NETWORK AND COMPUTER SECURITY

Objectives
At the end of this lesson the students should be able to:
1. Identify what kind of Information are being sent
2. Provides method on how to avoid and detect formation threats.

Computer Networks and Information

Most of the information we exchange today is not saved nor transmitted

using analog supports. Information is stored in data supports like drives inside of
computers or smartphones, portable USB drives that we carry around, or even
servers in the cloud. In information security and other computer science related
fields, we consider three different states for data information or data. Data at
rest, data in use, and data in motion.
Data at rest refers to all information that is being stored but not used in a
data support.
Data in motion refers to the information that is been transmitted between
devices over a network, this includes or credentials when we authenticate to
access a remote service, a web page request from a web server, a live
streaming video, or a message you just sent using the Send button on your instant
messaging application.
Finally, data in use refers to information that is being actively used by an
information system or computer. Data in use is generated at run time, read from
persistent storage, or received from the network.
During our everyday lives, we use many different kinds of networks to
access many different kinds of services. Our smartphone, our personal computers
and other devices access the internet in very different ways.
We are going to review some of these network connections and what kind
of information can be sent over them. Imagine you're accessing a service that
requires you to provide a combination of username and password.
Imagine yourself sitting on your desk, type in your username and password
and press the login button. This will send your credentials through the wired
17
connections to the server, which will obviously verify them. During this process,
sensitive information, your username and password travels through Ethernet
cable.
The root of circuitry and all the infrastructure between your home and the
final destination server. In each of these segments, your data can be subject to
many threats. For instance, someone with physical access to the wired
connection could look into the data that is being sent through your home
computer and the router. Additionally, information can be read or modified any
time in any of the infrastructure elements between your home router and the
final destination server.
Both smartphones use different cell towers to access their internet service
providers. Using this internet connection, both smartphones connect messages
using a specific message and app server. When one of these users presses the
send message button, the app encapsulates the message and the phone sends
it through the cellular network on the internet to the app servers. The server looks
for the recipient and forwards that message to its final destination, the other
smartphone. In this scenario, with access to wireless equipment could potentially
read or modify the messages being sent or received until the communication
ends. Additionally, any infrastructure element which in both devices could
potentially read or alter the exchanged messages. This includes also the app
server which should only act as a message forwarder.
Remember, everyday, we exchange many different kinds of sensitive
information. This includes login credentials, financial information and personal
data among other things. This information is being sent from networks with very
different characteristics. These can be wired networks, local wireless networks or
even cellular networks to name a few.

Network Security Protocols

Most of the information we transmit today can be considered sensitive in

one way or another. Logging credentials, financial data, and personal
information are transferred constantly over networks outside our control. This
means that anyone with access to those networks could potentially inspect,
modify, or even destroy it for their own purposes. Security protocols try to
18
overcome these limitations by providing methods to avoid and detect the
formation threats.
Wired connections require the adversary to have physical access to a
network cable. This is extremely difficult to achieve for an attacker as it requires
him to physically modify the cable which increases the risk of being caught.

Two new wireless protocols by Wi-Fi Alliance

1. WIFI protected access (WPA)
2. WIFI protected access2(WPA2)
These two protocols can work in two different modes. With a pre-shared key
that is configured with both in the access point and the client or with a radio
server. In the later, each user's given a different set of credentials to access
another port. The access point forwards the credentials to the radio server before
allowing the client to access the network. Over time, wireless protocols included
in WPA has been proven insecure. This leaves WPA2 as the only local wireless
protocol that we should be using today.
The first widely spread cellular protocols, GSM and GPRS, are known to be
vulnerable and would allow a skilled and attacker to intercept and modify
messages being sent through a network. Newer protocols, such UMTS and LTE,
are considered more secured, but fail safe options can enable an attacker to
downgrade the connection to less secure versions of the protocols. Previous
security protocols secured the connection between two consecutive nodes in
the network. In our example of scenarios, one of those was their own device and
the other the device that gave us access to the Internet.

But what happens with information after that point?

Do you think these protocols are enough to ensure the security of Internet
communications? Depending on the nature of the network connection and/or
security requirements, we can use different security protocols to protect our
connection. Security protocols at the application layer, allow us to establish a
secure connection between two applications running on different devices,
independently of the network architecture between them.

19
 The Transport Layer Security protocol, or TLS, protects the connection between
the client, in this case a web browser, and the web server.

Threats
When connecting information systems to a network. Every time we connect a
laptop, smartphone, server, or any other device to a network, we are exposing
that device to a range of different threats that comes through the network. A
denial of service attack, or DOS overloads the computer system that it stops
working properly. These attacks are generally executed by saturating the victim
system with millions of fraudulent requests per second. At a certain point, the
system will reach its limit capacity and will stop working properly. These will act
like legitimate fraudulent requests from being processed.
DOS attacks from single sources are easy to mitigate. You just need to
configure the network systems to drop all the connections coming from the same
source. However, more denial of service attacks are launched from thousands
of machines at the same time. These are called distributed denial of service
attacks, or DDOS.
Bots inside a botnet can also be used to send spam to other computers. Cyber
criminals benefit from spam thanks to advertisement fees and e-commerce sites,
and malware infections used to grow the size of the botnet.
Intrusion
- These happen when an attacker takes advantage of a vulnerability on a
system to gain access to it. Full vulnerabilities include system
misconfigurations, software, and design errors.
- The attacker can steal sensitive information from the affected system. This
generally includes passwords and other personal information stored in
databases, that can be used for further attacks.
Lateral Movement
- intruder can also misuse the vulnerable system to attack another system
within the same network.
- used by attackers to reach systems that are not reachable for public
networks.
Phishing
20
- When a hacker gains access to a publicly reachable web server, he will
install a replica of a legitimate web server, such as a bank, email provider,
or social network. Then he will craft an email using a false pretext to ask the
user to resend his or her credentials, through a link that sends to the
replicated page.

21
Exersise 4
Student name: Course/Yr/Major:
Subject Teacher: Subject schedule:
Date submitted: Section:

Direction: Write True if the statement is correct and false if the statement is
wrong.

1. Most of the information we exchange today is saved through analog.

2. The meaning of USB is Universal Storage Bus
3. WIFI means Wireless Fidelity
4. WPA and WPA2 is similar
5. Phishing can be legal if use in correct way
6. Facebook application is an example of platforms that uses
crypthography.
7. Data in motion refers to the information that is being actively used by
an Information system.
8. DOS attacks from single sources are easy to mitigate.
9. Hacking is accessing other information without permission from the
owner.
10. Using wired connections require the adversary to have physical
access to a network cable.

22
Exersise 5
Student name: Course/Yr/Major:
Subject Teacher: Subject schedule:
Date submitted: Section:

Direction: In our previous Discussion we left out a topics about some network
security protocols. Now, think about any other security protocol not covered in
the lesson, do some research to find its main characteristics and share it with
your fellow students. In order to facilitate the discussion, you can try to answer
these questions as a framework. (Peer Research; 20 points)

1. What is the protocol used for?

2. What kind of networks can make use of the protocol?
3. Does it protect the confidentiality and integrity of information being sent?
4. Are there any known attacks?

Note: 5 students each groups

23
Reference:

✓ Information Security: Context and Introduction

University of London

24
 IV. Network Security Systems

Objectives
At the end of this lesson the students should be able to:
1. Identify security systems that are used to detect and mitigate these
threats.
2. Identify different types of viruses
3. Secure network by using firewalls.

Network Security Systems

In this Lesson, we introduce some of the security systems that are used to
detect and mitigate these threats. Security vendors and software companies
develop these products to protect their customers' networks. Some of the most
random categories of these are firewalls, intrusion detection systems, and
honeypots.
Firewall
- A system that is installed on a network to filter incoming and outgoing
connections. Firewalls can be sold as software products or hardware
appliances that are installed in the organization networks. When enabled
they can accept or drop any packet going through a network depending
on a set of rules defined by the network administrators.
- As you see, a network firewall acts as a real physical firewall, it tries to stop
a fire. Or in our case, unwanted connections.
Intrusion Detection Systems
- Network intrusion detection systems can identify malicious behaviors by
matching the network traffic to a set of known signatures.
- Anomaly-based intrusion detection systems detect malicious behaviors by
identifying abnormal behavior

System Vulnerabilities
Vulnerabilities are weaknesses in a system that can negatively affect the
security properties of the system. Vulnerabilities appear because developing
25
computer systems is a very complex task. That most of the time is dangerously
speed it up, because of market pressure.
Vulnerabilities can be introduced in a system through many phases of
development life cycle independently of the model adopted. Vulnerabilities
appear during the analysis phase when we fail to identify a requirement that
makes the system secure. The lack of a proper security requirement will introduce
a vulnerability that will be transferred through the rest of the development
phases.
Vulnerabilities appear during the design phase when we introduce
functionalities with unintended consequences that compromise the system
security. New designs have to be carefully designed to ensure that they cannot
be abused to compromise the system security.
Example: the auto play feature in many old operating systems.
- This functionality allow the operating systems to automatically execute a
piece of code that's stored in a removable drive whenever it was plugged into
a computer. At first, this can be seen as a very handy feature that helps you
search when installing and running your software. However, this functionality has
been widely used and abused by malicious programs to spread infections
between different computers.
Vulnerabilities introduced through an implementation phase can be removed
with security updates that fix that specific portion of code without affecting the
other functionality of the system. A vulnerability can appear during deployment
if this process is not carried out correctly. Most of the times this vulnerabilities are
related to parameters that make the system insecure.

26
 Computer Viruses
What is a Computer Virus?
A computer virus is a piece of code embedded in a legitimate program and
is created with the ability to self-replicate infecting other programs on a
computer. Just like how humans catch a cold or flu, it can remain dormant inside
the system and gets activated when you least expect it.
A computer virus is developed to spread from one host to another and there
are numerous ways on how your computer catches it. It can be through email
attachments, file downloads, software installations, or unsecured links.
These viruses can steal your data such as passwords, hacked into your social
media accounts or online banking accounts, and even wiped out all your data.
Common Types of Viruses
1. File-infecting Virus. A virus that attached itself to an executable
program. It is also called a parasitic virus which typically infects files with
.exe or .com extensions. Some file infectors can overwrite host files and
others can damage your hard drive’s formatting.
2. Macro Virus. This type of virus is commonly found in programs such as
Microsoft Word or Excel. These viruses are usually stored as part of a document
and can spread when the files are transmitted to other computers, often through
email attachments.
3. Browser Hijacker. This virus targets and alters your browser setting. It is often
called a browser redirect virus because it redirects your browser to other
malicious websites that you don’t have any intention of visiting. This virus can
pose other threats such as changing the default home page of your browser.
4. Web Scripting Virus. A very sneaky virus that targets popular websites. What
this virus does is overwrite code on a website and insert links that can install
malicious software on your device. Web scripting viruses can steal your cookies
and use the information to post on your behalf on the infected website.
5. Boot Sector Virus. These viruses are once common back when computers
are booted from floppy disks. Today, these viruses are found distributed in forms
of physical media such as external hard drives or USB. If the computer is infected
with a boot sector virus, it automatically loads into the memory enabling control
of your computer.
27
 6. Polymorphic Virus. This virus has the capability to evade anti-virus programs
since it can change codes every time an infected file is performed.
7. Resident Virus. A resident virus stores itself on your computer’s memory which
allows it to infect files on your computer. This virus can interfere with your
operating system leading to file and program corruption.
8. Multipartite Virus. A type of virus that is very infectious and can easily spread
on your computer system. It can infect multiple parts of a system including
memory, files, and boot sector which makes it difficult to contain.

Protection Against These Types Computer Viruses

A virus left untreated can wreak havoc on your device but if detected early,
and appropriate measures are done, then the recovery would be quick. Just like
how we protect ourselves from catching a virus, here are a few notes to
remember to help keep your devices safe.
- Avoid clicking on suspicious links.
- Scan email attachments before opening it.
- Avoid clicking on pop-up advertisements and get a pop-up blocker for
your web browser.
- When routed to another website, don’t do anything, and immediately
leave the site.
- Install a reliable anti-virus program and always keep it up to date.

28
 Firewall

What is a firewall and do you need one?

A firewall is a security device — computer hardware or software — that can
help protect your network by filtering traffic and blocking outsiders from gaining
unauthorized access to the private data on your computer.
Not only does a firewall block unwanted traffic, it can also help block
malicious software from infecting your computer.

Firewalls can provide different levels of protection. They key is determining

how much protection you need.
This article can help you learn what firewalls do and determine the level of
protection that will help keep your computer and the data on it safe and secure.

Firewalls are part of your network security

Firewalls represent a first line of defense in home network security.
Your home network is only as secure as its least protected device. That’s
where a network security system comes in.
A firewall shouldn’t be your only consideration for securing your home
network. It’s important to make sure all of your internet-enabled devices —
including mobile devices — have the latest operating system, web browsers, and
security software.
Another consideration? Securing your wireless router. This might include
changing the name of your router from the default ID and password it came with
from the manufacturer, reviewing your security options, and setting up a guest
network for visitors to your home.
What does a firewall do?
A firewall acts as a gatekeeper. It monitors attempts to gain access to your
operating system and blocks unwanted traffic or unrecognized sources.

29
 A firewall acts as a barrier or filter between your computer and another
network such as the internet. You could think of a firewall as a traffic controller. It
helps to protect your network and information by managing your network traffic,
blocking unsolicited incoming network traffic, and validating access by assessing
network traffic for anything malicious like hackers and malware.

How does a firewall work?

To start, a firewalled system analyzes network traffic based on rules. A
firewall only welcomes those incoming connections that it has been configured
to accept. It does this by allowing or blocking specific data packets — units of
communication you send over digital networks — based on pre-established
security rules.

Types of firewalls
There are software and hardware firewalls. Each format serves a different
but important purpose. A hardware firewall is physical, like a broadband router
— stored between your network and gateway. A software firewall is internal — a
program on your computer that works through port numbers and applications.

Types of firewalls

Packet-filtering firewalls. A packet-filtering firewall is a management

program that can block network traffic IP protocol, an IP address, and a port
number. This type of firewall is the most basic form of protection and is meant
for smaller networks.
Stateful multi-layer inspection (SMLI) firewalls.The stateful multi-layer
inspection firewall has standard firewall capabilities and keeps track of
established connections. It filters traffic based on state, port, and protocol,
along with administrator-defined rules and context.

30
 Next-generation firewalls (NGFW). Next-generation firewalls are more
sophisticated than packet-filtering and stateful inspection firewalls. Why? They
have more levels of security, going beyond standard packet-filtering to inspect
a packet in its entirety. That means not just the packet header, but also a
packet’s contents and source. NGFW are able to block more sophisticated and
evolving security threats like advanced malware.
Network address translation (NAT) firewalls. A NAT firewall is able to assess
internet traffic and block unsolicited communications. In other words, it only
accepts inbound web traffic if a device on your private network solicited it.

What are some of the main risks of not having a firewall?

- You might already engage in certain safe computer and internet use
practices, including these:
- You don’t click on unknown links or attachments.
- You only log on to trustworthy, known websites.
- You never give out any personal information unless it is absolutely
necessary.
- You have strong, unique, complex passwords for each online account
that you update often.
- Does that make you safe enough? The answer may be “no.” If you
use the internet, it’s smart to have a firewall in place. Cyberthreats are
widespread and evolving. It’s important to use available defenses to
help protect your network, and the personal information stored on
your computer, against cybercrimes.

31
 Here are the three main risks of not having a firewall:

Open access. Without a firewall, you’re accepting every connection into

your network from anyone. You wouldn’t have any way to detect incoming
threats. That could leave your devices vulnerable to malicious users.
Lost or compromised data. Not having a firewall could leave your devices
exposed, which could allow someone to gain control over your computer or
network. Cybercriminals could delete your data. Or they could use it to commit
identity theft or financial fraud.
Network crashes. Without a firewall, attackers could shut down your
network. Getting it running again, and attempting to recover your stored data,
could involve your time and money.

32
Exercise 6:
Student name: Course/Yr/Major:
Subject Teacher: Subject schedule:
Date submitted: Section:

Direction:
• List at least 5 types of viruses and explain it base on your own
understanding (3 points each)
• Essay
o How can you prevent your computer from Viruses?
o Explain what is the use of firewall in our computer.

33
Exercise 7:
Student name: Course/Yr/Major:
Subject Teacher: Subject schedule:
Date submitted: Section:

Direction: (Essay) Write your answer in the space provided

1. How does a firewall work?

2. Risk of not having a firewall?

3. How can you explain firewall base in a real world situation.

34
Exercise 8: (What I Learned)
Student name: Course/Yr/Major:
Subject Teacher: Subject schedule:
Date submitted: Section:

Direction: Write the correct answer for each questions

1. What is information assurance

2. What is information security
3. Give at least one approach in Information assurance and security
4. What can you tell about cryptography? Why do we need it?
5. Explain Data integrity vs Data Confidentiality.
6. Give at least one way how hacker gets access to information.
7-10To secure credentials it is best way to install an anti virus/malware. List at
least 4 anti-virus

35
Reference:
✓ Information Security: Context and Introduction
University of London

✓ https://us.norton.com/internetsecurity-emerging-threats-what-is-
firewall.html
✓ https://uniserveit.com/blog/what-are-the-different-types-of-computer-
viruses

36
37