Securing data on a device is of the utmost importance. Both physical and digital security should be considered. A plan including risk mitigation is always a good idea when dealing with data. Several methods to protect data are described in this lesson. These measures extend to the disposal of hardware as well as data. When a computer reaches the end of its life, the data on that computer should be destroyed in a secure manner. Wireless, as well as wired network security, is also discussed in this lesson.
By the end of this lesson, you will be able to:
- Identify and secure a workstation.
- Compare disposal methods.
- Describe wireless and wired security methods.
Workstation security involves several components and should include considerations regarding both physical and digital security. Carefully review each of the security options outlined as they work to safeguard data.
A security policy is a formal document defining the network, computer, and user security protocols for a system or organization. A computer security policy addresses constraints on functions and access from external systems. An organization security policy addresses the constraints on the behavior of its members and physical and digital security policies.
When writing a security policy, the following questions should be considered:
- What assets require protection?
- What are the possible threats?
- What should be done when a security breach occurs?
- What are the user responsibilities?
- What should be the punishment for the crime?
Protecting Physical Equipment
Equipment must be physically secured since the easiest way to steal data is by taking the entire computer. This can be done by:
- Controlling access to facilities
- Using a cable lock
- Locking telecommunication rooms
- Using security screws
- Using security cages around equipment
- Labeling and installing sensors on equipment
Figure 1: Physical Security Device – lock attached to a laptop
Protecting Digital Data
Digital security should be just as important as physical security. Some methods of protecting and securing data are:
- Password protection
- Restricting user permissions and access
- Disabling guest accounts
- Screensaver passwords
- Data encryption
- Port protection
- System security
- Disabling autorun
Figure 2: Screen displaying how to set NTFS access permissions
Firewalls restrict what comes in and what goes out of a computer. It stops malware from infecting the computer and possibly other computers on a network. Personal firewalls should be used to inspect network traffic passing into and out of a system:
- Two-way personal software firewall – This type of firewall inspects incoming traffic and either permits or denies that traffic based on a set of rules.
- Application-aware firewall – These firewalls determine what applications can pass through them, thus helping to control what can cross a network and when.
- A Stateful Packet Inspection (SPI) tracks the state of network connections. It can be programmed to distinguish legitimate packets from harmful ones. Only packets matching a known active connection will be allowed and all others will be rejected.
To access the Windows firewall, go through the control panel and click on the Windows firewall or access it through the network icon in the lower right corner of the Taskbar. From the general tab, the firewall can be turned on or off. From the Exceptions tab, a user can add, delete, and modify programs, and add specific TCP and UDP ports that are allowed through the firewall.
Figure 3: Screen displaying Windows Firewall Settings
Update and Patch Management
Keeping Microsoft updates and patches current enhances the performance of the computer and its security. There are three types of patches available:
- Important updates are ones that offer improved privacy, security, and reliability. They should be installed as soon as they become available. They can be installed automatically with Windows updates.
- Recommended updates are ones that address non-critical problems and will help enhance the computing experience. These updates do not help the security or reliability provided by the Important updates, but they provide other benefits. They can also be installed automatically through Windows updates.
- Optional updates are ones that include updates to drivers and some Microsoft software such as Office that provide more functionality to those applications and devices. This type must be installed manually.
Microsoft generally publishes updates on the third Tuesday of the month, unless a critical need arises. There are three types of updates that can be applied using the Windows Update tool:
- Security updates – These updates focus on eliminating vulnerabilities found in an operating system or in certain applications. They are categorized according to their severity as critical, important, moderate, or low. These should always be applied as soon as they are available.
- Critical updates – Critical updates that are not security related fall into this type of update. They too should be applied expeditiously.
- Service packs – These are a set of tested hotfixes, critical updates, important updates, and security updates, in addition to fixes for problems found in the original version of the product. They also contain customer-requested design changes or features.
To install a patch, select the Start menu > All Programs, and look for Windows Update located at the bottom of the programs list – just before the folders list. There are options to check for updates, to modify the settings, such as which updates to install and to set when to run and install automatic updates.
Figure 4: Screen showing options available for Windows Updates
Know the Antivirus/Antimalware
It is important to be familiar with the antivirus or anti-malware program installed on a computer. Never install more than one antivirus program on a computer or they will conflict with each other, often resulting in neither of them finding vulnerabilities.
A user should know how to:
- Install updates and configure automatic update options.
- Manually and automatically scan devices for vulnerabilities.
- Test the antivirus to verify it is working properly and if real-time protection is turned on.
- Disinfect the computer if vulnerabilities are detected.
Windows Action Center
The Windows Action Center is a relatively new feature that displays system security features. It was released in Windows XP service pack 2 to monitor and display the status of Windows firewall, automatic updates, and anti-virus.
Windows Vista named it Windows Security Center and expanded coverage by adding User Account Control, security settings for Internet Explorer, and the status of anti-spyware software. It also monitors multiple vendors’ security solutions that are running on the computer and indicates which are enabled and up-to-date.
Windows 7 renamed it Action Center.
Figure 5: Screen displaying the status of various security tools in the Windows Action Center
User Account Control
The User Account Control (UAC) alerts users attempting to perform tasks that require administrative access and then prompts for approval or an administrator password to continue. It displays an authentication dialog box that must be addressed before continuing. Administrators have the option of clicking continue or cancel. Standard users must enter an administrator password.
Figure 6: Warning message displayed when the OS needs permissions to take an action
The UAC helps prevent potentially harmful programs from making changes to the computer. There is a slider control that adjusts when a user should be notified about changes. It can be accessed through user accounts in the control panel.
Figure 7: Screen showing how to change the frequency of messages from User Account Control
Disposal Methods: Computer Disposal and Recycling
What can be done with a hard drive when it is no longer needed? Just deleting information or erasing the drive is not enough. Once data is saved to a hard drive, it is surprisingly persistent. The only way to remove it is to override the data. Here are a few ways to permanently delete the data:
- Overwrite – Use a special third-party software tool to repeatedly overwrite the data on a computer’s hard drive.
- Secure erase – A set of commands embedded on some hard drives that work by overriding every track on the disk. This includes bad sectors and data left over from partially overwritten blocks.
Beginning with Windows Vista, a single 0 pass is applied to the standard, non-quick, format performing a very basic wipe.
Physically destroying a disk is the only way to be sure the data cannot be recovered. Special shredding machines can be used to destroy floppy disks and CDs. An electromagnetic device, or degaussing tool, can be used to scramble the bits on a hard drive or floppy disks. A hammer can shatter the platters or a drill can punch holes in them.
Internet Security: Internet Attacks
Hackers may use elaborate and sophisticated tools to try to gain access to information. They will try to exploit vulnerabilities built into the computer or through add-ons. Some common Internet attacks include:
- ActiveX, which controls interactivity on web pages
- Java, which allows applets to run within a browser like a calculator or counter
Internet attacks can also happen through privacy attacks via cookies or adware. A cookie is a small piece of data sent to a website that contains information about the user and is stored in the user’s computer. Attacks while surfing includes redirecting web traffic and drive-by downloads, which downloads software to a computer just by visiting a webpage. E-mail attacks through spam, malicious attachments, or embedded hyperlinks are always a concern.
There are built-in tools that can help defend from these types of attacks. By going to Internet options in the Control Panel, a user can adjust browser settings (e.g., advanced security settings, security zones, restricting cookies and pop-up blockers). Access to e-mail applications can be restricted by applying spam filters and adjusting email security settings.
The best defense is learning good online habits and educating users. The best e-mail defense practices include the following:
- Do not open e-mail that appears strange or out of the ordinary
- Use spam filters
- Create rules to delete the suspicious e-mail
- Don’t automatically download pictures
- Don’t open attachments unless the e-mail is from a trusted sender and the content is known
Figure 8: Screens that display how to work with the Popup Blocker and the E-Mail Spam Filter
E-Mail Security Settings
Other good e-mail security practices include:
- Read messages using a reading pane. Most e-mail clients contain a reading pane that allows the user to read an e-mail message without actually opening it.
- Preview attachments before opening. Some e-mail clients will permit the user to view the contents of the attachment without saving and then opening it.
- Block external content like hyperlinks, pictures, and sounds. E-mail clients can be configured to block external content, such as hyperlinks, pictures or sounds in HTML e-mail messages.
Figure 9: Screen displaying options available for E-Mail Security
A user should never trust a link embedded in an e-mail or even a webpage unless they are absolutely sure it goes to the correct website. Just because it says it is legitimate, does not mean it is. When in doubt, type the URL. Figure 10 shows how easily this trick can be implemented.
Figure 10: Screen that shows a deceptive hyperlink in an e-mail
Does wireless security really matter? The answer is, yes! Without security, anyone can gain access to files and folders, see all wireless transmissions, introduce their own malware, or download harmful content. There are four easy steps to secure an access point.
- Lock down the router or access point
- Change all the IP addresses, Service Set Identifier (SSID), and disable SSID broadcasts
- Configure wireless security
- Limit user by Media Access Control (MAC) address
Figure 11: Diagram showing connections between internal and external users and how they access the network
Lock Down Access Point
Lock down the access point or router by changing the default password to a strong one. Disable wireless web access so only a directly connected computer can manage the device. Disable remote management so the device cannot be accessed over the Internet. Only allow access through the more secure Hypertext Transfer Protocol with Security (HTTPS). Finally, disable universal plug-and-play.
Change the network access by changing the default IP address for the network. Limit the number of addresses available through the Dynamic Host Configuration Protocol (DHCP). Change the default SSID, and disable its broadcast so users must know what it is before connecting to it.
Figure 12: Screens showing options available for a generic router setup
Turn on Encryption and Authentication
There are several types of wireless security technologies available on wireless devices:
- Wired equivalent privacy (WEP) is an outdated security method that uses either 64-bit or 128-bit encryption. Even though it had been cracked, it may be the only option available on older devices.
- Wi-Fi protected access (WPA) uses 128-bit or 256-bit encryption. It is available as personal type, which is managed by the router and uses a shared key. It is intended for the home user and small business. It is also available as an enterprise, which is intended for businesses using a radius server to authenticate.
The latest and most secure wireless encryption is WPA2, which is also available in the personal and enterprise versions.
Turn on WPA2 by setting the access point’s security mode to WPA2 personal. The authentication can be sent to Temporal Key Integrity Protocol (TKIP), Advanced Encryption Standard (AES), or both. AES is the best. Then set the shared key to a minimum of eight characters that use uppercase and lowercase letters, numbers, and symbols to make a strong password.
Figure 13: Screen showing wireless security settings
Limit Users by MAC
Limit users by MAC address by entering the MAC addresses of approved PCs into the MAC filter lists. Permit only PCs listed to access the wireless network, then enable the MAC filter.
Note: A user should edit, permit, and then enable in that order so they do not lock themselves out of the access point. It is best to let all devices connect to the access point first so their MAC addresses will appear automatically in the list, and they don’t have to be entered manually.
Figure 14: Screen displaying MAC filtering on a wireless router
In this lesson, you learned important concepts about relating to Security Methods. Keep the following in mind:
- Before you can begin to properly secure any data, a security policy should be written by a group of users who understand the environment and the value of the data that is to be protected. This policy should be put in writing and shared with anyone connected to the environment.
- Physical security is often overlooked; however, it can be just as important as securing the data. Steps should be taken to place hardware in locations that are protected by access authentication requirements. In some cases, video surveillance is required.
- Most users today are aware of the need for digital security. This lesson reviewed a few ways of securing data such as setting login and screensaver passwords, restricting access, encryption and more.
- Installing and configuring firewalls on computers as well as networks is a great way to block unwanted traffic and to stop incoming malicious traffic.
- Applying updates and patches to all applications and the operating system is extremely important. Microsoft has included a tool that allows the user to determine what updates and patches should be applied and when. Antivirus and anti-malware should be kept up-to-date, and each computer should be scanned for problems regularly. Windows Action Center was created by Microsoft to help collect the status of various security applications so the user has a visual reminder when something needs to be addressed. The User Account Controls application notifies the user when changes are about to be made to the computer.
- When disposing of a computer, whether it is being passed on to another user or it is being recycled, proper disposal methods are very important. Special applications should be used to erase data, or the device storing data should be physically destroyed if the data is confidential in nature.
- Last, but not least, are security precautions that should be taken if a computer is connected to a network wirelessly. Remember that data is then traveling through the air where it can be intercepted by anyone. How a user gains access to a wireless network (authentication) and how their data is protected (encryption) are extremely important and often overlooked – especially by an inexperienced user.