Security Awareness: Applying

Practical Security in Your

World, Second Edition

Chapter 2
Desktop Security
 Objectives

• Describe the type of attacks that are launched

against a desktop computer
• List the defenses that can be set up to protect a
desktop computer
• Describe the steps for recovering from an attack

Security Awareness: Applying Practical Security in Your World, 2e 2

 Attacks on Desktop Security

• Malicious software (malware)

– Can break into and create havoc on desktop
computers
• Internet service providers (ISPs) in North America
– Spend $245 million annually to combat malware
• Virus
– Secretly attaches itself to document or program and
executes when document or program is opened

Security Awareness: Applying Practical Security in Your World, 2e 3

Security Awareness: Applying Practical Security in Your World, 2e 4
 Viruses

• Require a host to carry them from one system to

another
• Possible effects
– Cause a computer to continually crash
– Erase files from a hard drive
– Install hidden programs
– Reduce security settings
– Reformat the hard disk drive

Security Awareness: Applying Practical Security in Your World, 2e 5

 Viruses (continued)

• Symptoms that indicate virus infection

– Program suddenly disappears from computer
– New programs do not install properly
– Out-of-memory error messages appear
– Unusual dialog boxes or message boxes appear
– Computer runs slowly and takes a long time to start
– Significant amount of modem activity

Security Awareness: Applying Practical Security in Your World, 2e 6

 Worms

• Difference between worms and viruses

– Virus
• Must attach itself to a computer document
• Spreads by traveling along with the document
• Requires action by computer user to begin execution
– Worm
• Does not attach to a document to spread
• Can travel by itself
• Needs user to perform an action

Security Awareness: Applying Practical Security in Your World, 2e 7

 Logic Bombs

• Computer programs that lay dormant until

triggered by a specific logical event
• Once triggered
– Can perform various malicious activities
• Extremely difficult to detect before triggered

Security Awareness: Applying Practical Security in Your World, 2e 8

 Basic Attacks

• Social engineering
• Password guessing
• Physical theft or lost data
• Improper use of recycled computers

Security Awareness: Applying Practical Security in Your World, 2e 9

 Social Engineering

• Relies on tricking and deceiving someone to

access a system
• Dumpster diving
– Digging through trash receptacles to find
• Computer manuals
• Printouts
• Password lists

Security Awareness: Applying Practical Security in Your World, 2e 10

 Password Guessing

• Password
– Secret combination of letters and numbers that
validates or authenticates a user
• Characteristics of weak passwords
– Passwords that are short
– Common word used as a password
– Using the same password for all accounts
– Personal information in a password

Security Awareness: Applying Practical Security in Your World, 2e 11

Security Awareness: Applying Practical Security in Your World, 2e 12
 Password Guessing (continued)

• Brute force
– Attacker attempts to create every possible password
combination
• Dictionary attack
– Attacker takes each word from dictionary and
encodes it
– Attacker then compares the encoded dictionary
words against those in the encoded password file

Security Awareness: Applying Practical Security in Your World, 2e 13

Security Awareness: Applying Practical Security in Your World, 2e 14
 Physical Theft or Lost Data
• February 2005
– Bank of America lost computer backup tapes
• Containing personal information on about 1.2 million
charge card users
• May 2005
– AOL reported that information on 600,000 current
and former employees was missing
• June 2005
– Citigroup announced that personal information on
3.9 million consumer lending customers of its
CitiFinancial subsidiary was lost or stolen

Security Awareness: Applying Practical Security in Your World, 2e 15

 Improperly Recycled Computers

• Many organizations and individuals recycle older

computers by giving them to schools, charities, or
selling them online
• Deleting files does not remove the information
– Only deletes filename from hard disk table
• Even reformatting a drive, or preparing the hard
drive to store files, may not fully erase data on it

Security Awareness: Applying Practical Security in Your World, 2e 16

 Desktop Defenses

• Patch software
– Software security updates
• Microsoft Windows operating system
– Most frequently distributed patch software
• Microsoft
– Releases patches on second Tuesday of every
month
– Typically releases 5-15 software patches for
download and installation

Security Awareness: Applying Practical Security in Your World, 2e 17

 Desktop Defenses (continued)

• Microsoft classifies patches based on level of

vulnerability that patch fixes
– Critical
– Important
– Moderate
– Low

Security Awareness: Applying Practical Security in Your World, 2e 18

 Desktop Defenses (continued)

• Update configuration options

– Automatic
– Download
– Notify
– Turnoff

Security Awareness: Applying Practical Security in Your World, 2e 19

Security Awareness: Applying Practical Security in Your World, 2e 20
 Antivirus Software

• Best defense against viruses

• Generally configured to
– Constantly monitor for viruses
– Automatically check for updated signature files
• Allows for manual signature updates

Security Awareness: Applying Practical Security in Your World, 2e 21

Security Awareness: Applying Practical Security in Your World, 2e 22
Security Awareness: Applying Practical Security in Your World, 2e 23
 Strong Authentication Methods

• Basic rules for creating strong passwords

– Passwords must have at least eight characters
– Passwords must contain a combination of letters,
numbers, and special characters
– Passwords should be replaced every 30 days
– Passwords should not be reused for 12 months
– Same password should not be used on two or more
systems or accounts

Security Awareness: Applying Practical Security in Your World, 2e 24

Security Awareness: Applying Practical Security in Your World, 2e 25
 Strong Authentication Methods
(continued)
• Biometrics
– Uses unique human characteristics for
authentication
– Most common biometric device
• Fingerprint scanner
– High-end scanners
• Relatively expensive
• Can be difficult to use
• Can reject authorized users while accepting
unauthorized users

Security Awareness: Applying Practical Security in Your World, 2e 26

Security Awareness: Applying Practical Security in Your World, 2e 27
 Protecting Laptop Computers

• Device lock
– Consists of a steel cable and a lock
– Economical, simple and quick to install
– Very portable
• Stealth signal transmitter
– Software installed on laptop that cannot be detected

Security Awareness: Applying Practical Security in Your World, 2e 28

Security Awareness: Applying Practical Security in Your World, 2e 29
 Cryptography

• Science of transforming information

– So that it is secure while being transmitted or stored
• Does not attempt to hide the existence of data
• Scrambles data so that it cannot be viewed by
unauthorized users

Security Awareness: Applying Practical Security in Your World, 2e 30

 Cryptography (continued)

• Encryption
– Changing original text to secret message using
cryptography
• Decryption
– Changing secret message back to its original form

Security Awareness: Applying Practical Security in Your World, 2e 31

 Public and Private Keys

• Private key system

– Same key is used to encrypt and decrypt message
• Public key system
– Two mathematically related keys are used
• Public key and a private key

Security Awareness: Applying Practical Security in Your World, 2e 32

Security Awareness: Applying Practical Security in Your World, 2e 33
Security Awareness: Applying Practical Security in Your World, 2e 34
 Digital Signatures

• Digital signature
– Code attached to an electronic message that helps
to prove that
• Person sending message with public key is not an
imposter
• Message was not altered
• Message was sent
– Encrypted hash of a message that is transmitted
along with message

Security Awareness: Applying Practical Security in Your World, 2e 35

 Digital Signatures (continued)

• Hash
– Creates encrypted text that is never intended to be
decrypted
– Used in a comparison for authentication purposes

Security Awareness: Applying Practical Security in Your World, 2e 36

Security Awareness: Applying Practical Security in Your World, 2e 37
Security Awareness: Applying Practical Security in Your World, 2e 38
 Digital Certificates

• Link or bind a specific person to a public key

• Provided by a certification authority (CA)
• Public key that has been digitally signed by a
recognized authority (the CA)
– Attesting that owner of the key is not an imposter

Security Awareness: Applying Practical Security in Your World, 2e 39

 Properly Retiring Old Computers

• Files that should be removed when selling or

donating an old computer
– E-mail contacts
– E-mail messages
– All personal documents
– All files in the recycle bin or trash folder
– Internet files
– All nontransferable software

Security Awareness: Applying Practical Security in Your World, 2e 40

 Recovering from Attacks

• Major steps to take when preparing for an attack

– Back up your data
– Back up system information
• Creating a data backup involves
– Copying data onto digital media
– Storing it in a secure location

Security Awareness: Applying Practical Security in Your World, 2e 41

 Recovering from Attacks
(continued)
• Questions when creating a data backup
– What information should be backed up?
– How often should it be backed up?
– What media should be used?
– Where should the backup be stored?
– How should the backup be performed?

Security Awareness: Applying Practical Security in Your World, 2e 42

 Saving Automated System
Recovery (ASR) Data
• Windows XP Automated System Recovery (ASR)
– Includes an ASR backup and ASR restore
• ASR backup records
– System state
– System services
– All disks associated with operating system
components

Security Awareness: Applying Practical Security in Your World, 2e 43

 Restoring the Computer

• To recover from an attack using ASR

– Insert original operating system installation CD into
the CD drive
– Restart computer
– Press the F2 key when prompted
– Insert the ASR floppy disk when prompted
– Follow remaining directions on the screen

Security Awareness: Applying Practical Security in Your World, 2e 44

 Clean up the Attack

• Microsoft Windows Malicious Software Removal

Tool
– Helps remove infections by specific malware
– When done, displays a report describing outcome

Security Awareness: Applying Practical Security in Your World, 2e 45

 Restore Data from Backups

• Most vendors
– Provide an automated wizard that guides user
through process of restoring files
• After any successful attack
– Analyze why attack got through defenses

Security Awareness: Applying Practical Security in Your World, 2e 46

 Summary

• Malicious software
– Programs designed to break into or create havoc on
desktop computers
• Social engineering
– Relies on trickery and deceit
– Is considered a basic attack
• Patch software
– Describes software security updates

Security Awareness: Applying Practical Security in Your World, 2e 47

 Summary (continued)

• Strong passwords
– Important defense mechanism against attackers
• Important to perform regular data backups
• If a computer becomes infected with malware
– Remove computer from network
– Try to reboot computer

Security Awareness: Applying Practical Security in Your World, 2e 48