A+ Guide to IT Technical Support, 9th

Edition

Chapter 18
Security Strategies
 Objectives

• Secure a Windows personal computer

• Secure a mobile device
• Implement additional security techniques to protect
a computer or SOHO network and its resources
• Recognize, remove, and protect personal computers
against malicious software

A+ Guide to IT Technical Support, 9th Edition 2

© Cengage Learning 2017
 Objectives

• Recognize, remove, and protect mobile devices

against malicious software
• Follow company policies to address issues of
software copyright infringement and violations of
prohibited content or activities

A+ Guide to IT Technical Support, 9th Edition 3

© Cengage Learning 2017
 Securing a Windows Personal
Computer
• Two goals in securing network resources:
– To protect resources
– To not interfere with the functions of the system
• Sometimes these two goals are in conflict with each
other

A+ Guide to IT Technical Support, 9th Edition 4

© Cengage Learning 2017
 Use Windows to Authenticate Users
• Controlling access to computer resources is done
by:
– Authentication
• Proves that an individual is who he says he is
– Authorization
• Determines what an individual can do in the system
after authentication
• Assign a password to each account created
– Best to give user the ability to change the password

A+ Guide to IT Technical Support, 9th Edition 5

© Cengage Learning 2017
 Use Windows to Authenticate Users

• Require Secure Sign-in

– Normally, a user clicks name and enters password
from Welcome screen
• Malware can sometimes intercept and trick users into
providing user accounts and passwords
– More secure method requires user to press
Ctrl+Alt+Del to get to logon
• The User Accounts utility (Network Places Wizard) can
be used to change the way Windows sign-in works

A+ Guide to IT Technical Support, 9th Edition 6

© Cengage Learning 2017
 Use Windows to Authenticate Users

Figure 18-3 Change the way users log onto Windows

A+ Guide to IT Technical Support, 9th Edition 7

© Cengage Learning 2017
 Use Windows to Authenticate Users

• Lock a Workstation
– Quickest way to lock a workstation is to press the Win
+L
– Another method is to press Ctrl+Alt+Delete
• User clicks Lock
• To unlock, user must enter password
• Disable the Guest account
– Disabled by default and should remain disabled
– Set up an account for visitors, create a standard
account and name it Visitor

A+ Guide to IT Technical Support, 9th Edition 8

© Cengage Learning 2017
 Use Windows to Authenticate Users

• Create strong passwords

– Not easy to guess by humans and computer programs
– Criteria
• Use eight or more characters
• Combine uppercase and lowercase letters, numbers,
symbols
• Use at least one symbol: second through sixth positions
• Do not use consecutive letters or numbers, adjacent
keyboard keys, your logon name, words in any language
• Do not use same password for more than one system

A+ Guide to IT Technical Support, 9th Edition 9

© Cengage Learning 2017
 File and Folder Encryption

• In Windows, files and folders can be encrypted

using Windows Encrypted File System (EFS)
– Works only with the NTFS file system and
business/professional editions of Windows
– If a folder is marked for encryption, every file created
in or copied to the folder will be encrypted
– An encrypted file remains encrypted if moved to an
unencrypted folder

A+ Guide to IT Technical Support, 9th Edition 10

© Cengage Learning 2017
 File and Folder Encryption

Figure 18-9 Encrypt a folder and all its contents

A+ Guide to IT Technical Support, 9th Edition 11

© Cengage Learning 2017
 Windows Firewall Settings
• A router can serve as a hardware firewall
• In addition, a large corporation might use a software
firewall (called corporate firewall) installed on a
computer between Internet and the network
• A personal firewall (also called host firewall) is
software on a computer to protect that computer
– Windows Firewall is a personal firewall that protects a
computer
• Automatically configured when you set up your security
level for a new network connection
– Can also customize the settings

A+ Guide to IT Technical Support, 9th Edition 12

© Cengage Learning 2017
 Windows Firewall Settings

Figure 18-10 Three types of firewalls used to protect a network and

individual computers on the network

A+ Guide to IT Technical Support, 9th Edition 13

© Cengage Learning 2017
 Local Security Policies Using Group
Policy
• Group Policy: controls what users can do with a
system and how the system is used
– Available with business and professional editions of
Windows
– Can set security policies to help secure a workstation
• Example: require all users to have passwords and to
rename default user accounts

A+ Guide to IT Technical Support, 9th Edition 14

© Cengage Learning 2017
 Use BitLocker Encryption
• Encrypts entire Windows volume and any other volume
on the drive
– Works in partnership with file and folder encryption
• Three ways to use BitLocker Encryption
– Computer authentication
• Computer has a chip on motherboard called TPM (Trusted
Platform Module) that holds BitLocker key
– If hard drive is stolen, BitLocker would not allow access
without BitLocker key
– User authentication – startup key stored on USB drive
– Computer and user authentication – PIN or password
required at every startup

A+ Guide to IT Technical Support, 9th Edition 15

© Cengage Learning 2017
 Use BitLocker Encryption

• Provides great security at a price

– Risk the chance of TPM failure
– Risk losing all copies of the BitLocker (startup) key
• Use BitLocker only if the risks of BitLocker giving
problems outweigh the risk of stolen data

A+ Guide to IT Technical Support, 9th Edition 16

© Cengage Learning 2017
Use UEFI/BIOS Features to Protect the
System
• UEFI/BIOS security features
– Power-on passwords
• Supervisor password – required to change BIOS setup
• User password – required to use the system or view
UEFI/BIOS setup
• Drive lock password – required to access the hard drive
– Stored on the hard drive so it will still control access to
drive in the event the drive is removed
• Some laptops contain LoJack technology on
motherboard
– If software is installed, laptop can be tracked
A+ Guide to IT Technical Support, 9th Edition 17
© Cengage Learning 2017
Use UEFI/BIOS Features to Protect the
System

Figure 18-18 Submenu shows how to set a hard drive password

that
will be written on the drive
A+ Guide to IT Technical Support, 9th Edition 18
© Cengage Learning 2017
 Securing a Mobile Device

• Need to secure the following on a smart phone or

tablet:
– Data
– Videos and photos
– Network connection settings
– Purchasing patterns and history (as well as credit
card information)

A+ Guide to IT Technical Support, 9th Edition 19

© Cengage Learning 2017
 Device Access Controls

• Consider the following lock methods:

– Android screen lock
– iOS screen lock
– Biometric authentication
– Full device encryption
– Restrict iOS failed login attempts
– Restrict Android failed login attempts
– Multifactor authentication

A+ Guide to IT Technical Support, 9th Edition 20

© Cengage Learning 2017
 Software Security

• Software methods to secure mobile data:

– OS updates and patches
– Antivirus/anti-malware
– Trusted sources
– Firewalls
– Android locator application and remote wipe
– iOS locator application and remote wipe

A+ Guide to IT Technical Support, 9th Edition 21

© Cengage Learning 2017
 Mobile Security in Corporate
Environments
• BYOD (Bring Your Own Device)
– An employee or student is allowed to connect their
own device to the corporate network
• For security purposes
– Organization configures a person’s device before
allowing it to connect to the network (a process called
on-boarding)
• Reverse process is called off-boarding

A+ Guide to IT Technical Support, 9th Edition 22

© Cengage Learning 2017
 Mobile Security in Corporate
Environments
• Facts about on-boarding/off-boarding:
– On-boarding might include installing an app on a
device
– On-boarding might install a remote backup application
• Remotely backs up data to a company’s file server
– Off-boarding might include the ability to perform a
remote wipe on a device that is lost or stolen
– Two examples of software that support on-/off-
boarding:
• Microsoft Exchange server and Google Apps Mobile
Management software
A+ Guide to IT Technical Support, 9th Edition 23
© Cengage Learning 2017
 Additional Methods to Protect
Resources
• In this part of chapter, you will learn:
– To securely authenticate users on a large network
– Physically protect computer resources
– Destroy data before you toss out a storage device
– Educate users to not compromise security measures
in place

A+ Guide to IT Technical Support, 9th Edition 24

© Cengage Learning 2017
Authenticate Users For Large Networks

• Security Tokens and Smart Cards

– Small device containing authentication information
– Most popular type of token is a smart card
• Keyed into a logon window by a user
• Read by a smart card reader
• Transmitted wirelessly
– Variations of smart cards
• Key fob
• Wireless token
• Memory stripe card
• Cell phone with token
A+ Guide to IT Technical Support, 9th Edition 25
© Cengage Learning 2017
Authenticate Users For Large Networks

Figure 18-23 Smart card is read by a smart card reader

A+ Guide to IT Technical Support, 9th Edition 26

© Cengage Learning 2017
Authenticate Users For Large Networks
• Biometric data
– Validates the person’s physical body
– Biometric device - input device that inputs biological
data about a person which can identify a person’s
– Forms of biometric data:
• Fingerprints
• Retinal scans (scans part of the eye)
• Handprints
• Face recognition
• Voice recognition

A+ Guide to IT Technical Support, 9th 27

Edition © Cengage Learning 2017
Physical Security Methods and Devices
• Best practices for physical security:
– Keep really private data under lock and key
– Lock down the computer case
– Use lock and chain
• To physically tie computer to a desk or other permanent
fixture
– Privacy filters
• Fits over the screen to prevent it from being read from a
wide angle

A+ Guide to IT Technical Support, 9th Edition 28

© Cengage Learning 2017
Physical Security Methods and Devices
• Best practices for physical security (cont’d):
– Use a theft-prevention plate
• Embed it into the case or engrave your ID information
into it
– Mantrap and security guard
• Consists of two doors on either end of a small entryway
• First door must close before second door can open
• Separate form of ID might be required for each door
• Security guard might maintain an entry control roster
– List of authorized people

A+ Guide to IT Technical Support, 9th Edition 29

© Cengage Learning 2017
 Digital Security Methods and
Resources
• Windows Firewall is an example of digital-based
security
• Additional software security measures:
– VPN (Virtual Private Network)
– E-mail filtering
– Trusted software sources
– Access control lists (ACLs)

A+ Guide to IT Technical Support, 9th Edition 30

© Cengage Learning 2017
 Unified Threat Management (UTM)
Appliance
• Next-generation firewall (NGFW) combines firewall
software with antivirus/anti-malware software
– Can offer comprehensive Unified Threat Management
(UTM) services
• UTM appliance stands between the Internet and a
private network and protect the network
– Also called a security appliance, network appliance,
or Internet appliance

A+ Guide to IT Technical Support, 9th Edition 31

© Cengage Learning 2017
 Unified Threat Management (UTM)
Appliance
• A UTM appliance might offer:
– Firewall
– Antivirus and anti-malware software
– Identity-based access control lists
– Intrusion detection system (IDS)
– Intrusion prevention system (IPS)
– VPN

A+ Guide to IT Technical Support, 9th Edition 32

© Cengage Learning 2017
 Unified Threat Management (UTM)
Appliance

Figure 18-28 A UTM appliance is considered a next-generation firewall that can protect a private network

A+ Guide to IT Technical Support, 9th Edition 33

© Cengage Learning 2017
 Data Destruction and Disposal

• Ways to destroy printed documents and sanitize

storage devices:
– Use a paper shredder
– Overwrite data on the drive
– Physically destroy the storage media
– For magnetic devices, use a degausser
• Exposes a storage device to a strong magnetic field to
completely erase data
– For solid-state devices, use a Secure Erase utility
– Use a secure data-destruction service

A+ Guide to IT Technical Support, 9th Edition 34

© Cengage Learning 2017
 Data Destruction and Disposal

Figure 18-30 Use a degausser to sanitize a magnetic hard drive or tape

A+ Guide to IT Technical Support, 9th Edition 35

© Cengage Learning 2017
 Educate Users
• Important security measures for users
– Never give out passwords to anyone
– Do not store passwords on a computer
– Do not use same password on more than one system
– Be aware of shoulder surfing
• Other people peek at your monitor screen
– Lock down your workstation each time you step away
– Be on the alert for tailgating
• When someone who is unauthorized follows the employee
through a secured entrance
• Also when someone continues to use a Windows session

A+ Guide to IT Technical Support, 9th Edition 36

© Cengage Learning 2017
 Educate Users

• Social engineering techniques

– Don’t forward an email hoax
• Site to help you debunk a virus or email hoax:
– snopes.com
– securelist.com
– virusbtn.com
– Phishing: a type of identity theft where the sender of
an email scams you into responding with personal
data
– An email message might contain a link that leads to a
malicious script
A+ Guide to IT Technical Support, 9th Edition 37
© Cengage Learning 2017
 Educate Users

Figure 18-31 This phishing technique using an email message with an attached file
is an example of social engineering

A+ Guide to IT Technical Support, 9th Edition 38

© Cengage Learning 2017
 Educate Users

• Commonsense rules to protect a laptop:

– Always know where your laptop is
• Never check in your laptop as baggage
• Never leave in overhead bins, keep at feet
– Never leave a laptop in an unlocked car or hotel room
• Use a laptop cable lock to secure to table if you must
leave it in a hotel room
– When at work, lock your laptop in a secure place

A+ Guide to IT Technical Support, 9th Edition 39

© Cengage Learning 2017
 Dealing With Malicious Software on
Personal Computers
• Malicious software (malware, computer infestation)
– Any unwanted program that means harm
– Transmitted to a computer without user’s knowledge
• Grayware
– Any annoying and unwanted program
• Might or might not mean harm

A+ Guide to IT Technical Support, 9th Edition 40

© Cengage Learning 2017
 What Are We Up Against?

• Viruses
– Replicates by attaching itself to other programs
• Program might be an application, macro, Windows
system file, or a boot loader program
• Spyware software
– Spies on user and collects personal information
– An example: Keylogger
• Tracks all keystrokes

A+ Guide to IT Technical Support, 9th Edition 41

© Cengage Learning 2017
 What Are We Up Against?
• Worms
– Copies itself throughout a network or the Internet
without a host program
– Overloads the network
• Trojans
– Does not need a host program to work
• Substitutes itself for a legitimate program
– Often downloaded from a web site or a user is tricked
into opening an email attachment

A+ Guide to IT Technical Support, 9th Edition 42

© Cengage Learning 2017
 What Are We Up Against?

• Rootkit
– Virus that loads itself before the OS boot is complete
– Can hide folders that contain software it has installed
– Can hijack internal Windows components so it masks
information Windows provides to user mode utilities
• Ransomware
– Holds your computer system hostage until you pay
money
• Zero-day attack
– Can happen when a hacker discovers a security hole
A+ Guide to IT Technical Support, 9th Edition 43
© Cengage Learning 2017
 What Are We Up Against?

• Man-in-the-middle attack
– Attacker presents a program or himself as someone
else to obtain private information
• Zombies and botnets
– Zombie is a computer that has been hacked
• Hacker uses the computer to run repetitive software in
the background
– Botnet is an entire network of zombies
• Dictionary attack
– Used to crack a long password by trying words in a
dictionary
A+ Guide to IT Technical Support, 9th Edition 44
© Cengage Learning 2017
 What Are We Up Against?

• Non-compliant systems and violations of security

best practices
– Microsoft System Center is used to remotely
configure computers and monitor their configurations
– Administrators can view reports to look for non-
compliant systems that violate security best practices
• Such as out-of-date anti-malware software

A+ Guide to IT Technical Support, 9th Edition 45

© Cengage Learning 2017
 Step-By-Step Attack Plan

• Step 1: Identify Malware Symptoms

– Pop-up ads and browser redirection
– Rogue antivirus software
– Slow performance or lock ups
– Internet connectivity issues, application crashes, and
OS updates fail
– Problems with files
– Email problems
– Can’t update anti-malware software
– Invalid digital certificates
A+ Guide to IT Technical Support, 9th Edition 46
© Cengage Learning 2017
 Step-By-Step Attack Plan

• Step 2: Quarantine an Infected System

– Prevent spreading of malware
• Immediately disconnect from network or turn off the
wireless adapter
• Download antivirus software
– Disconnect other computers while infected computer
connected
– Connect infected computer directly to the ISP
– Boot into Safe Mode with Networking
• Before cleaning up infected system back up data to
another media

A+ Guide to IT Technical Support, 9th Edition 47

© Cengage Learning 2017
 Step-By-Step Attack Plan

• Step 3: Disable System Restore

– Some malware hides its program files in restore
points in the System Volume Information folder
maintained by System Protection
– If System Protection is on, anti-malware software
can’t clean this protected folder
– To get rid of malware, turn off System Protection

A+ Guide to IT Technical Support, 9th Edition 48

© Cengage Learning 2017
 Step-By-Step Attack Plan
• Step 4: Remediate the Infected System
– Before selecting AV software, read reviews and check
out reliable web sites that rate AV software

Table 18-1 Antivirus software and websites

A+ Guide to IT Technical Support, 9th Edition 49

© Cengage Learning 2017
 Step-By-Step Attack Plan

• Step 4: Remediate the Infected System (cont’d)

– Run anti-malware software already installed
• Update software and perform a full scan
– Run anti-malware software from a networked
computer
– Install and run anti-malware software on the infected
computer
– Install and run anti-malware software in Safe Mode
– Run anti-malware software from a bootable rescue
CD or flash drive

A+ Guide to IT Technical Support, 9th Edition 50

© Cengage Learning 2017
 Step-By-Step Attack Plan

• Step 4: Remediate the Infected System (cont’d)

– Clean Up What’s Left Over
• Respond to any startup errors
• Research malware types and program files
• Delete files
• Clean the registry
• Clean up Internet Explorer and uninstall unwanted
programs

A+ Guide to IT Technical Support, 9th Edition 51

© Cengage Learning 2017
 Step-By-Step Attack Plan

• Step 5: Protect the System with Scheduled Scans

and Updates
– Use anti-malware software
– Always use a software firewall
– Keep Windows updates current
• Step 6: Enable System Protection and Create a
Restore Point
– Once system is clean

A+ Guide to IT Technical Support, 9th Edition 52

© Cengage Learning 2017
 Step-By-Step Attack Plan

• Step 7: Educate the User

– Go over with the user some tips presented earlier in
this chapter to keep the system free from malware

A+ Guide to IT Technical Support, 9th Edition 53

© Cengage Learning 2017
 Dealing with Malicious Software on
Mobile Devices
• This section covers how to deal with malicious
software on mobile devices
• Begin by learning how to recognize an infected
device

A+ Guide to IT Technical Support, 9th Edition 54

© Cengage Learning 2017
 Common Mobile Device Malware
Symptoms
• Symptoms that malware might be at work on an
Android, iOS, or Windows Phone device:
– Battery drain, slow speeds, leaked data, strange text
messages, and data transmission over limits
– Dropped phone calls or weak signal
– Unintended Wi-Fi and Bluetooth connections
– Unauthorized account access
– Unauthorized location tracking
– Unauthorized use of camera or microphone

A+ Guide to IT Technical Support, 9th Edition 55

© Cengage Learning 2017
 Common Mobile Device Malware
Symptoms
• Symptoms that malware might be at work on an
Android, iOS, or Windows Phone device (cont’d):
– Unauthorized root access
• Jailbroken iOS device
• Rotted Android device
• Rooted Windows Phone

A+ Guide to IT Technical Support, 9th Edition 56

© Cengage Learning 2017
 Mobile Device Tools and Malware
Removal
• General steps for removing malware:
– Uninstall the offending app
– Update the OS
– Remove root access to the device
• Unroot with the app that was used to root the device
• Download a root removal app
– Factory reset

A+ Guide to IT Technical Support, 9th Edition 57

© Cengage Learning 2017
 Mobile Device Tools and Malware
Removal
• After removing malware:
– Don’t jailbreak or root a device and keep OS updates
current
– Educate users about importance of privacy settings
and of not opening email attachments
– Consider installing an anti-malware app
• Wi-Fi Analyzers
– Can be used to detect devices not authorized to use
the network, identify attempts made by connected
devices to hack transmissions, and identify their
physical location
A+ Guide to IT Technical Support, 9th Edition 58
© Cengage Learning 2017
 Mobile Device Tools and Malware
Removal
• Cellular Network Analyzers
– Used to monitor cellular networks for signal strength
of cell towers, WAPs, and repeaters
– Can also monitor for interference, performance, and
voice and data transmissions

A+ Guide to IT Technical Support, 9th Edition 59

© Cengage Learning 2017
 Software Licensing and Prohibited
Content or Activity
• Many organizations have a code of conduct that
applies to employees and/or customers
• Part of a technician’s job might include keeping
track of software licensing to ensure that a company
is not using pirated software
– Must ensure that unauthorized copies of original
software are not being produced (software piracy)
• When you start a new job, find out how to deal with
prohibited content or activity

A+ Guide to IT Technical Support, 9th Edition 60

© Cengage Learning 2017
 Software Licensing and Prohibited
Content or Activity
• Things you need to know:
– Go through the proper channels when you suspect an
infringement of the law
– What data or device should you preserve as evidence
for what you believe has happened?
– What documentation are you expected to submit and
to whom is it submitted?
• Proper documentation surrounding the evidence of a
crime is crucial to a criminal investigation

A+ Guide to IT Technical Support, 9th Edition 61

© Cengage Learning 2017
 Summary
• The netplwiz command can be used to require user
to press Ctrl+Alt+Del to logon to Windows
• Windows power settings can be used to lock down a
workstation after inactivity and require a password
to unlock the workstation
• Encrypted File System (EFS) is used with NTFS
volume in Windows business and professional
versions
• Windows Firewall, Group Policy, BitLocker
Encryption, and UEFI/BIOS security features can all
be used to help secure a computer and its data
A+ Guide to IT Technical Support, 9th Edition 62
© Cengage Learning 2017
 Summary

• Large networks might use smart cards and biometric

data to authenticate a user
• Physical security can include a locked door, lock
and chain, or privacy filter
• Data can be destroyed using a paper shredder, low-
level format, drill, degausser, or Secure Erase utility
• Educate users against social engineering and how
to best protect a laptop when traveling

A+ Guide to IT Technical Support, 9th Edition 63

© Cengage Learning 2017
 Summary

• Malware includes a virus, spyware, keylogger,

worm, Trojan, rootkit, ransomware, zero-day attack,
man-in-the-middle attack, zombies, botnets, and
dictionary attacks
• Malware symptoms include pop-up ads, slow
performance, error messages, file errors, spam, and
strange processes running
• When you suspect a computer is infected,
immediately quarantine it

A+ Guide to IT Technical Support, 9th Edition 64

© Cengage Learning 2017
 Summary

• Symptoms of malware on mobile devices include

battery drain, slow speeds, leaked data, dropped
calls, and unintended Wi-Fi and Bluetooth
connections, location tracking, unauthorized use of
camera or microphone, and root access
• Commercial licensing of software can be a personal
license or enterprise license
• A chain-of-custody document provides a paper trail
of evidence in a criminal case

A+ Guide to IT Technical Support, 9th Edition 65

© Cengage Learning 2017