Security Basics And IT Professional

Security Basics And
IT Professional

NORSULLIATIE BINTI MUHAMMAD
SUHAILA BINTI SARIF

NOR ZALINA BINTI SALLEH

Security Basics And
IT Professional

NORSULLIATIE BINTI MUHAMMAD
SUHAILA BINTI SARIF

NOR ZALINA BINTI SALLEH

Security Basics And IT Professional

First Edition 2021

Copyright © 2021 All rights reserved

No part of this publication may not be reproduced, distributed or
transmitted in any form or any means, including photocopying,
recording, or electronic and mechanical methods without the prior
written permission of the publisher, except in the case of brief
quotations embodied in reviews and certain other non-commercial uses
permitted by copyright laws.

Published by

DEPARTMENT OF INFORMATION TECHNOLOGY AND COMMUNICATION
Politeknik METrO Tasek Gelugor,
No 25, Jalan Komersial 2,
Pusat Komersial Tasek Gelugor,
13300 Tasek Gelugor,
PULAU PINANG.

Content & Design by

Norsulliatie binti Muhammad,
Suhaila binti Sarif,
Nor Zalina binti Salleh

Perpustakaan Negara Malaysia

Synopsis

SECURITY BASICS AND IT PROFESSIONAL course
introduces students the common threats and attacks
faced today. This course provides student with
foundational theory behind information security, the
basic principles and techniques when designing a secure
system. Students are exposed to the principles and good
practices in environmentally sustainable secured
computing and the use of appropriate tools and
technology in managing information system
environment.

Table of Contents

01 Chapter 1 6-26

Introduction to Security

02 Chapter 2 28-42

Security Policies and Procedures

03 Chapter 3 44-63

Security Troubleshooting and Solutions

04 Chapter 4 65-89

IT Professionalism and Ethics

05 References 91

01

Chapter 1

Introduction to Security

1.1 SECURITY 1.1.1 Information Security

What Is Security?

Security is about the protection of assets.

What Is Information Security?

Information security may be defined as “that which protects the integrity,
confidentiality, and availability of information on the devices that store, manipulate,
and transmit the information through products, people, and procedures. “

(CompTIA® Security+ Guide to Network Security Fundamentals, Mark Ciampa, Ph.D)

HARDWARE COMPUTING PEOPLE
SYSTEM

SOFTWARE DATA

STORAGE
MEDIA

6

1.1 SECURITY 1.1.2 Goal of Security

Goals Of Security

Information security is intended to protect information that provides value to people and
organizations.

There are three protections that must be extended over information: Confidentiality,
Integrity, and Availability or CIA.

CONFIDENTIALITY

The confidentiality aspect refers to limiting the
disclosure and access of information to only the
people who are authorized and preventing those

not authorized from accessing it.

INTEGRITY

Integrity is another security concept that entails
maintaining data in a consistent, accurate and
trustworthy manner over the period in which it will
be existent. In this case, one has to ensure that
data is not changed in the course of a certain

period.

AVAILABILITY

The concept of availability refers to the up time
maintenance of all resources and hardware. This
means that all the hardware and resources one
have are functional all the time. It can also involve

carrying out of regular hardware repairs.

7

1.1 SECURITY 1.1.3 Differentiate Between
Attackers and Hackers

Hackers And Attackers

Hackers and attackers are technical personas or organizations intentionally targeting
technology to create incident and hopefully a breach.

Hackers

Someone who proactively explores, identifies and
alerts organizations to vulnerabilities that an attacker
could use for malicious purposes.

They seek to disclose in good faith by alerting
organizations that may or may not have vulnerability
disclosure policies.

Attackers

Someone who gains unauthorized access to someone
else’s network and computers for malicious purposes.

An attacker probes for vulnerabilities. The attacker
exploits them without permission or without warning
the organization.

8

1.2 SECURITY THREATS 1.2.1 Types of security threats

Definition

A threat, in the context of computer security, refers to anything that has the potential to
cause serious harm to a computer system.
A threat is something that may or may not happen, but has the potential to cause serious
damage. Threats can lead to attacks on computer systems, networks and more.

Types Of Security Threats
❑ Malicious Code
❑ Hacking
❑ Theft
❑ Natural Disaster

Sources Of Security Threats
❑ Unstructured Threats
❑ Structured Threats
❑ External Threats
❑ Internal Threats

9

1.2 SECURITY THREATS 1.2.2 Sources of security threats

Sources Of Security Threats

Unstructured Threats

One created by an inexperienced person who is trying to
gain access to your network, a wannabe hacker.

Structured Threats

Implemented by a technically skilled person who is trying
to gain access to your network. This hacker creates or uses
some very sophisticated tools to break into your network
or to disrupt the services running in your network.

External Threats

Occurs when someone outside your network creates a
security threat to your network.

Internal Threats

Occurs When someone from inside your network creates
a security threat to your network.

10

1.3 METHODS OF SECURITY 1.3.1 Various types of Security
THREATS Attacks

Various Types Of Security Attacks
❑ Reconnaissance Attack ( Sniffing, Spoofing)
❑ Access Attack ( Hacking, Brute Force)
❑ Denial of Service Attack (DOS)
❑ Distributed Denial of Service Attack (DDOS)
❑ Access ttack (Worms, Viruses, Trojan)

11

1.3 METHODS OF SECURITY 1.3.1 Various types of Security
THREATS Attacks

Reconnaissance Attack

✔ Reconnaissance is a type of computer attack in which an intruder engages with the
targeted system to gather information about vulnerabilities.

✔ Also known as information gathering is the unauthorized discovery and mapping
of systems, services or vulnerabilities.

✔ Examples of reconnaissance attacks include packet sniffing, ping sweeping, port
scanning, phishing, social engineering and internet information queries.

12

1.3 METHODS OF SECURITY 1.3.1 Various types of Security
THREATS Attacks

Access Attack

✔ Exploit known vulnerabilities in authentication services, FTP services, and web
services to gain entry to web accounts, confidential databases, and other sensitive
Information.

✔ Reasons: Retrieve data, Gain access, Escalate their access privileges.

✔ Can be performed in Password attacks, Trust exploitation, Port redirection, Man in
the middle attacks and Buffer overflow.

13

1.3 METHODS OF SECURITY 1.3.1 Various types of Security
THREATS Attacks

Denial of Service Attack (DOS)

✔ Denial of Service (DoS) Attacks - Sends extremely large numbers of requests over a
network or the Internet.

✔ These excessive requests cause the target device to run sub-optimally.
Consequently, the attacked device becomes unavailable for legitimate access and
use.

✔ A DoS attack is a network attack that results in some sort of interruption of service
to users, devices, or applications. There are two major reasons a DoS attack
occurs:

• A host or application fails to handle an unexpected condition, such as maliciously
formatted input data, an unexpected interaction of system components, or simple
resource exhaustion.

• A network, host, or application is unable to handle an enormous quantity of data,
causing the system to crash or become extremely slow.

14

1.3 METHODS OF SECURITY 1.3.1 Various types of Security
THREATS Attacks

Distributed Denial of Service Attack
(DDOS)

✔ A distributed denial-of-service (DDoS) attack occurs when multiple systems flood
the bandwidth or resources of a targeted system, usually one or more web
servers. Such an attack is often the result of multiple compromised systems (for
example, a botnet) flooding the targeted system with traffic.

✔ DDoS is similar in intent to a DoS attack, except that a DDoS attack originates from
multiple coordinated sources.

15

1.3 METHODS OF SECURITY 1.3.1 Various types of Security
THREATS Attacks

Malicious Code
Attack

✔ A virus is malicious software that is attached to another program to execute a
particular unwanted function on a user’s workstation.

✔ A worm executes arbitrary code and installs copies of itself in the infected
computer’s memory, which infects other hosts.

✔ A Trojan horse is different only in that the entire application was written to look
like something else, when, in fact, it is an attack tool.

16

1.3 METHODS OF SECURITY 1.3.2 Common types of Social
THREATS Engineering

Social Engineering
o Social engineering is the art of manipulating people so they give up

confidential information.
o The types of information these criminals are seeking can vary, but when

individuals are targeted the criminals are usually trying to trick you into
giving them your passwords or bank information, or access your
computer to secretly install malicious software that will give them
access to your passwords and bank information as well as giving them
control over your computer.

Types Of Social Engineering
❑ Pretexting
❑ Phishing
❑ Vishing
❑ Baiting

17

1.3 METHODS OF SECURITY 1.3.2 Common types of Social
THREATS Engineering

Pretexting

✔ An early stage of more complex social engineering attacks, in which the con artist
gains a victim’s trust, typically by creating a backstory that makes them sound
trustworthy.

✔ Pretexting is another form of social engineering where attackers focus on creating
a good pretext, or a fabricated scenario, that they can use to try stealing their
victims’ personal information.

✔ These attacks commonly take the form of a scammer pretending to need certain
information from their target in order to confirm their identity.

18

1.3 METHODS OF SECURITY 1.3.2 Common types of Social
THREATS Engineering

Phishing

✔ Phishing attacks use email or malicious web sites to solicit personal, often
financial, information.

✔ Attackers may send email seemingly from a reputable credit card company
or financial institution that requests account information, often suggesting
that there is a problem.

✔ When users respond with the requested information, attackers can use it
to gain access to the accounts

19

1.3 METHODS OF SECURITY 1.3.2 Common types of Social
THREATS Engineering

Vishing

✔ Vishing, also commonly known as voice phishing or phone elicitation, is a
rapidly growing social engineering attack vector.

✔ Vishing is a cybercrime that uses the phone to steal personal confidential
information from victims. Referred to as voice phishing, cybercriminals use
savvy social engineering tactics to convince victims to act, giving up private
information and access to bank accounts.

✔ Vishing attempts are difficult to monitor and trace, and attackers are
increasingly leveraging this mechanism to extract information and
compromise organizations.

20

1.3 METHODS OF SECURITY 1.3.2 Common types of Social
THREATS Engineering

Baiting

✔ Enticing victims into inadvertently compromising their security, for
example by offering free giveaways or distributing infected devices.

✔ Baiting attacks use a false promise to pique a victim's greed or curiosity.

21

1.4 VARIOUS TOOLS IN INFORMATION 1.4.1 Function of the following
SECURITY tools

1. Network Mapper (Nmap)

o Nmap is a free and open-source network scanner created by Gordon Lyon.
o Nmap is used to discover hosts and services on a computer network by sending

packets and analyzing the responses.

o Nmap provides a number of features for probing computer networks, including

host discovery and service and operating system detection.

22

1.4 VARIOUS TOOLS IN INFORMATION 1.4.1 Function of the following
SECURITY tools

2. Netstat

o Netstat — derived from the words network and statistics
o A command-line network utility that displays network connections for Transmission

Control Protocol, routing tables, and a number of network interface and network
protocol statistics

o A program that's controlled via commands issued in the command line. It delivers

basic statistics on all network activities and informs users on which ports and
addresses the corresponding connections (TCP, UDP) are running and which ports are
open for tasks.

23

1.4 VARIOUS TOOLS IN INFORMATION 1.4.1 Function of the following
SECURITY tools

3. NetScan

o NetScans are processes to look for and automatically discover devices in your

network.

o NetScans streamline the process of adding devices which helps ensure your entire

environment is properly monitored.

o When a device is discovered, you can specify criteria that determines whether it will

be added to monitoring (Reverse DNS ,System name, IP address).

o NetScan can use three methods for discovering devices: ICMP (ping), Script, AWS scan

24

1.5 ACCESS TO DATA & EQUIPMENT 1.5.1 Data Wiping

What Is Data Wiping?
▪ Deleting files from a hard drive does not remove them completely from the

computer.

▪ This data is not completely removed until the hard drive stores other data in the

same location, overwriting the previous data.

▪ Hard drives should be fully erased (data wiped) to prevent the possibility of

recovery using specialized software.

▪ Data wiping, also known as secure erase is a software-based method of overwriting

the data that aims to completely destroy all electronic data residing on a hard disk

drive or other digital media.

▪ Data wiping is often performed on hard drives containing sensitive data that are

considered confidential such as financial information.

25

1.5 ACCESS TO DATA & EQUIPMENT 1.5.2 Hard Drive Destruction

What Is Hard Drive Destruction?
▪ Companies with sensitive data should always establish clear policies for hard drive

disposal.

▪ It is important to be aware that formatting and reinstalling an operating system on

a computer does not ensure that information cannot be recovered.

▪ Destroying the hard drive is the best option for companies with sensitive data.
▪ Drilling holes through a drive’s platters is not the most effective method of hard

drive destruction.

▪ Data can still be recovered using advanced data forensic software.
▪ To fully ensure that data cannot be recovered from a hard drive, carefully shatter

the platters with a hammer and safely dispose of the pieces.

▪ The only way to fully ensure that data cannot be recovered from a hard drive is to

carefully shatter the platters with a hammer and safely dispose of the pieces.

▪ To destroy software media (floppy disks and CDs), use a shredding machine

designed for shredding these materials.

▪ Hard Drive Recycling - Hard drives that do not contain sensitive data can be

reformatted and used in other computers.

26

02

Chapter 2

Security Policies and Procedures

2.1 SECURITY POLICY 2.1.1 Security Policy

“A security policy is a written document that states how an
organization plans to protect the company’s information

technology assets.”

Mark Chiampa - CompTIA Security Guide to Network Security Fundamentals.

“A security policy is a collection of rules, guidelines, and
checklists.”

Cisco Networking Academy – IT Essentials, Chapter 10

o A security policy, along with the accompanying procedures, standards, and guidelines,

is key to implementing information security in an organization

o Having a written security policy empowers an organization to take appropriate action

to safeguard its data.

o A security policy should describe how a company addresses security issues.
o A security policy includes the following elements:

• An acceptable computer usage statement for the organization.
• The people permitted to use the computer equipment.
• Devices that are permitted to be installed on a network and the conditions
of the installation.
• Requirements necessary for data to remain confidential on a network.
• Process for employees to acquire access to equipment and data.

28

2.1 SECURITY POLICY 2.1.2 Security Policy requirement

Security Policy Requirements

o Focus on the why, who, where, and what during the policy development process.
o Network technicians and the organization’s management must work together to

develop a security policy that ensures that data and equipment are protected against
all security threats.

Process for handling Behaviours that are
network security incidents prohibited

Process to audit existing Key Areas to Event Viewer, system log
network security Address in files, or security log files
Creating
General security framework Security Policy Network access to resources
for implementing network through account permission

security Usernames, passwords,
biometrics, and smart cards

Behaviors that are
allowed

29

2.1 SECURITY POLICY 2.1.3 Usernames and password

Usernames and Passwords
A username and password are two pieces of information that a user needs to log on to a
computer.

USERNAMES AND
PASSWORDS

BIOS Login Network

Prevents the operating system Prevents unauthorized Prevents access to
from booting and the BIOS access to the local network resources by
settings from being changed computer. unauthorized personnel.
without the appropriate
password.

30

2.1 SECURITY POLICY 2.1.4 Password Requirements

Password Requirements
To require users to change their passwords on a regular basis and monitor the number of
password attempts before an account is temporarily locked out.

Use at least eight Use a different password
characters. for each site or computer

that you use.

LENGHT VARIETY

PASSWORD
REQUIREMENTS

COMPLEXITY VARIATION

Include letters, numbers, Change passwords often. Set a
symbols, and punctuation. Use reminder to change the passwords
you have for email, banking, and
a variety of keys on the credit card websites on the average
keyboard, not just common
of every three to four months.
letters and characters.
31

2.1 SECURITY POLICY 2.1.5 File And Folder Permission

File and Folder Permissions
Permission levels are configured to limit individual or group user access to specific data.

32

2.1 SECURITY POLICY 2.1.5 File And Folder Permission

File and Folder Permissions
The additional security of file-level permissions is provided only with NTFS.

33

2.1 SECURITY POLICY 2.1.5 File And Folder Permission

34

2.2 SECURITY PROCEDURES 2.2.1 Security Procedures

Security Procedures

Procedures are detailed step-by- Procedures spell out how the
step tasks that should be policy, standards,
performed to achieve a certain and guidelines will actually be
goal. implemented in an
operating environment.
01

02

If a policy states that all individuals who access
confidential information must be properly
authenticated, the supporting procedures will explain
the steps for this to happen by defining the access
criteria for authorization, how access control
mechanisms are implemented and configured, and how
access activities are audited.

03

35

2.2 SECURITY PROCEDURES 2.2.2 Protecting Data

Data Protection

o There are number of approach that we can take to protect our data.
o Software firewalls, biometrics and smart cards, data backups and data encryption are

some of the approaches that we can take to protect our data.

36

2.2 SECURITY PROCEDURES 2.2.2 Protecting Data

Biometric security compares physical A software firewall is a program that

characteristics against stored profiles to runs on a computer to allow or deny

authenticate people. A smart card is a traffic between the computer and other

small plastic card, about the size of a computers to which it is connected.

credit card, with a small chip embedded Software firewalls
in it. Software firewalls

Biometrics and Software
smart cards firewalls

Data
protection

Data backups Data encryption

A data backup stores a copy of the Encryption is often used to protect
information on a computer to data. Encryption is where data is
removable backup media that can be transformed using a complicated
kept in a safe place. algorithm to make it unreadable.

37

2.3 ENCRYPTION TECHNOLOGY 2.3.1 Cryptographic Terminologies

DEFINITION TYPES IMPORTANCE

• Encryption is the • SYMMETRIC • CONFIDENTIALITY
method by which ENCRYPTION - Encodes the
information is A form of computerized message's content.
converted into secret cryptography using a
code that hides the singular encryption key • AUTHENTICATION
information's true to guise an electronic Verifies the origin of a
meaning. message message.

• The science of • ASYMMETRIC • INTEGRITY
encrypting and ENCRYPTION - Proves the contents
decrypting information A form of Encryption of a message have
is called cryptography. where keys come in not been changed
pairs. What one key since it was sent.
• Encryption is the encrypts, only the other
process of encoding can decrypt. • NONREPUDIATION
messages or Prevents senders
information in such a • HASH ENCODING - from denying they
way that only Transformation of a sent the encrypted
authorized parties can string of characters into message.
access it. a usually shorter fixed
length value or key that
represents the original
string.

38

2.3 ENCRYPTION TECHNOLOGY 2.3.1 Cryptographic Terminologies

Cryptographic Terminologies 02
Ciphertext - coded
01
Plaintext - original message

message

03 04
Cipher - algorithm for Key - info used in cipher
transforming plaintext to
known only to
ciphertext sender/receiver

05 06
Encipher (encrypt) - Decipher (decrypt) -
converting plaintext to recovering ciphertext from

ciphertext plaintext

07 08
Cryptography - study of Cryptology - field of both

encryption cryptography and
principles/methods cryptanalysis

09
Cryptanalysis (codebreaking) - study of principles/
methods of deciphering ciphertext without knowing key

39

2.3 ENCRYPTION TECHNOLOGY 2.3.2 Common Communication
Encryption Types
01

02

40

2.3 ENCRYPTION TECHNOLOGY 2.3.2 Common Communication
Encryption Types
03

41

2.3 ENCRYPTION TECHNOLOGY 2.3.3 How Encryption Can Protect
Data From Being Altered

• Encryption: The process of coding text

• Decryption: The process of decoding text

• Decryption is the opposite of encryption

• A security method used to protect data

i. Files on computers
ii. Data being passed through the Internet
iii. ATM machines
iv. E-Commerce
v. Facebook password

• Without encryption, there is no reliable
security

42

03

Chapter 3

Security Troubleshooting and Solutions

3.1 BASIC TROUBLESHOOTING 3.1.1 The Security
PROCESS Troubleshooting Process

Troubleshooting Process

o The troubleshooting process is used to help resolve security issues.
o Use the troubleshooting steps as a guideline to help you diagnose and repair problems :

STEP Identify the problem
01

Establish a theory of probable causes

STEP Test the Theory to Determine cause
02
Establish a Plan of Action to Resolve the Problem
STEP and Implement the Solution
03

STEP Verify Full System Functionality and Implement
04 Preventative Measures

STEP Document Findings, Actions and Outcomes
05

STEP
06

o Computer technicians must be able to analyze a security threat and determine the
appropriate method to protect assets and repair damage.

44

3.1 BASIC TROUBLESHOOTING 3.1.1 The Security
PROCESS Troubleshooting Process

Troubleshooting Process

STEP Identify the problem
01

45

3.1 BASIC TROUBLESHOOTING 3.1.1 The Security
PROCESS Troubleshooting Process

Troubleshooting Process

Establish a theory of probable causes

STEP
02

o After you have talked to the customer, you can establish a theory of probable

causes

o Create a list of the most common causes of security problems:

46

3.1 BASIC TROUBLESHOOTING 3.1.1 The Security
PROCESS Troubleshooting Process

Troubleshooting Process

Test the Theory to Determine cause

STEP
03

o Test theories of probable cause one at a time, starting with the quickest and

easiest.

o If the exact cause of the problem has not been determined after all theories have

been tested, establish a new theory of probable cause and test it.

47

3.1 BASIC TROUBLESHOOTING 3.1.1 The Security
PROCESS Troubleshooting Process

Troubleshooting Process

Establish a Plan of Action to Resolve the Problem
and Implement the Solution

STEP
04

o After determining the exact cause of the problem, establish a plan of action to resolve

the problem and implement a solution.

o Sometimes quick procedures can determine the exact cause of the problem or even

correct the problem.

o If a quick procedure does not correct the problem, you might need to research the

problem further to establish the exact cause.

48

3.1 BASIC TROUBLESHOOTING 3.1.1 The Security
PROCESS Troubleshooting Process

Troubleshooting Process

Verify Full System Functionality and Implement
Preventative Measures

STEP
05

o Verify full system functionality and implement any preventive measures if needed.
o Have the customer verify the solution and system functionality.

49