IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter 9: Fundamental

advertisement
IT Essentials PC Hardware
and Software 4.1
Instructional Resource
Chapter 9: Fundamental
Security
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Chapter 9: Objectives
 Explain why security is important.
 Describe security threats.
 Identify security procedures.
 Identify common preventive maintenance techniques for security.
 Troubleshoot security.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Chapter 9: Critical Concepts
 What is this chapter about and why is it important?
 This chapter details security concepts including security threats, security policy
components, security implementation, preventive procedures, and common security
problems.
 Security is a vital part of computing and networking. IP version 4 was not meant as a
secure protocol. It was developed to share information across a network
environment. Because of maliciousness and business involvement, pop-ups,
viruses, invasion of privacy, and spyware have evolved. According to a business
advisory council, security must be taught in all classes in all aspects of computing.
Every person involved with a computer must be made aware of security threats and
measures that can be used to protect data and computerized equipment.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
Chapter 9: Activities
 What activities are associated with this chapter?
9.1 Worksheet: Security Attacks
9.2.1 Worksheet: Third-Party Anti-Virus Software
9.3.4 Packet Tracer Activity: Connecting Wireless PCs to a Linksys WRT300N
9.4.2 Worksheet: Operating System Updates
9.5.2 Worksheet: Gather Information from the Customer
Chapter 9 Quiz
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
Chapter 9: New Terms
 What terms are introduced in this chapter?
Presentation_ID
ActiveX
9.2.2
adware
9.2.3
biometric device
9.3.3
card key
9.3.2
Denial of Service (DoS)
9.2.4
Distributed Denial of Service (DDoS)
9.2.7
DNS poisoning
9.2.7
encryption
9.3.3
grayware
9.2.3
Java
9.2.2
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
Chapter 9: New Terms (continued)
 What terms are introduced in this chapter?
Presentation_ID
JavaScript
9.2.2
Lightweight Extensible Authentication Protocol (LEAP)
9.3.4
malware
9.2.3
man-in-the-middle
9.2.7
phishing
9.2.3
replay attack
9.2.7
Service Set Identifier (SSID)
9.3.4
social engineering
9.2.6
spam
9.2.5
spoof
9.2.7
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
Chapter 9: New Terms (continued)
 What terms are introduced in this chapter?
Presentation_ID
SYN flood
9.2.7
Trojan threat
9.2.1
virus
9.2.1
Wi-Fi Protected Access (WPA)
9.3.4
Wi-Fi Protected Access 2 (WPA2)
9.3.4
Wired Equivalent Privacy (WEP)
9.3.4
wireless network
9.3.4
Wireless Transport Layer Security (WTLS)
9.3.4
worm
9.2.1
zombie
9.2.4
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
Chapter 9: Changes
 What has changed from the previous version (4.0) of ITEPC?
Page 9.2.8 Explain data wiping, hard drive destruction, and recycling
• Data wiping
Page 9.3.1 Explain what is required in a basic local security policy
• Compliance
• Classification
Page 9.3.2 Explain the tasks required to protect physical equipment
• Intrusion detection
• Trusted Platform Module (TPM)
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
Chapter 9: Changes (continued)
 What has changed from the previous version (4.0) of ITEPC?
Page 9.3.3 Describe ways to protect data
• Data Encryption
• Software Firewall
• Data Backups
• Smart Card Security
• Biometric Security
• File System Security
Page 9.3.4 Describe wireless security techniques
• SSID
• MAC Filtering
• WEP
• WPA
• WPA2
• LEAP
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
Chapter 9: Changes (continued)
 What has changed from the previous version (4.0) of ITEPC?
Page 9.5.1 Review the troubleshooting process
• Identify the Problem
• Establish a Theory of Probable Causes
• Determine an Exact Cause
• Implement a Solution
• Verify Solution and Full System Functionality
• Document Findings
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
Chapter 9: Classroom Management
 Wireless is a great way to teach security. Authentication and encryption can be
applied one at a time, and then have students access the wireless network by
applying the appropriate credentials.
 Search the Internet for current virus and malware attacks and any trends in attacks.
 Access Microsoft TechNet Security bulletins to see specific problems and
vulnerabilities in any particular operating system.
 Students can wipe old hard drives with lower capacities to prepare them for
donation. Some hard drive companies have data wiping software that can be
demonstrated during this section.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
Chapter 9: Teaching Analogies
 A computer is like a bank that has gold stored in it. When this bank was built, it did
not have a vault or locks on the windows and doors. The bank is very susceptible to
theft in this condition. Over time, the bank builders have learned how to lock the
doors, build a vault, and guard the bank. The operating system patches and design
changes that have been made to safeguard the computer are like the lockable
doors on the bank. The anti-virus and other software that scans for spyware and
malware are like the vault that protects the gold. The firewall that protects the
computer is like the professionals who guard the bank.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Chapter 9: Suggested Class Discussion






Presentation_ID
What is an application vendor’s responsibility when security holes are found in the
vendor’s product?
What are the penalties for software piracy?
• Access the Business Software Alliance web site to see how to report piracy
anonymously.
What free anti-virus, anti-spam, and anti-spyware tools are available?
How can firewalls help to block viruses, spam, and spyware?
How do music and video piracy relate to computer security issues?
What is war driving? Is it legal?
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Chapter 9: Best Practices

Have the students determine how many wireless networks are present in their
neighborhood.

Use the Internet to research legislation and fines that are related to computer
hacking with the words: lawsuits fines computer hacking.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Chapter 9: Outside Reading

National Security Agency
http://www.nsa.gov/

Verisign
http://www.verisign.com/
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Download