In this blog we feature articles and tutorials on how to keep your PC or laptop secure and running smoothly. We add new posts regularly so check back often!
In this blog we feature articles and tutorials on how to keep your PC or laptop secure and running smoothly. We add new posts regularly so check back often!
QA are leading UK training organisation, offering a range of courses on cyber security. The following courses are among their most popular:
For more information about any of these courses, visit QA or phone on 0330 037 2911
There are large numbers of computer virus and malicious code present that can infect the network. A virus can enter the computer if it interacts with other computers or programs or data from an infected computer. Whenever a computer is infected with a virus, it becomes extremely slow, generates strange error messages or even locks up the computer or affects the functioning of the computer. A virus is a program that has two functions: one is proliferate and other is activate. Proliferate means is to make more copies of itself and activate means to activate the virus at particular time and date to causing the damage. There are five typical types of viruses, they are:
a. Boot sector
Antivirus programs protect your system in two ways. It acts in active seek and destroy mode as well as in a passive sentry mode. In the active seek and destroy mode the active program scans the computers boot sector and files for viruses. If it finds any viruses it asks the user if to quarantine or remove the infected files. In the passive sentry mode the antivirus programs passively monitors the computer activity and checks for viruses when an event such as file is being downloaded or program is being executed. Antivirus programs use different techniques for fighting against viruses. It detects the boot sector viruses by comparing the drives boot sector to a standard boot sector. The technique works because most of the computer boot sectors are the same. Some antivirus programs also keep the copy of the boot sector and replace the infected boot sector by the copy if it detects a virus. To detect the executable viruses, the antivirus program uses a signature library. The signature is a code pattern of a known virus. The antivirus programs than compares the executable file with the signature library which is library of code pattern of known viruses. Antivirus programs detect macro viruses using virus signature or certain macro commands that indicate known macro virus.
1. Loss due to virus attacks can be prevented by not allowing the virus from entering the system.
2. It is better to use the antivirus shield that automatically scans copies and downloaded files.
3. It is also necessary to scan the system daily for virus attacks.
4. It is also necessary to check all the removable media that was exposed to the system and any other machine that may be affected by a virus attack.
5. It is a best practice to disable all removable media in a corporate network by implementing group policies to prevent the virus from entering the system via removable media.
6. The antivirus program installed in the computer should be updated regularly with the latest definitions.
7. Prevent unknown users from accessing your workstations.
8. Secure your workstations by assigning complex passwords.
9. It is a best practice to prevent standard users from installing any software’s on your workstation computers by settings appropriate permissions.
10. Always ensure that your system contains genuine copy of operating system and other software’s as system using pirated copies are more prone to be infected with virus.
Securing the network from external threat is a competition between the hackers and the security personnel. Hackers are individuals who usually try to find out the vulnerabilities in different hardware and software’s whereas the security personnel try to fix these vulnerabilities. Hackers can take advantage of some known vulnerabilities which have not been fixed by the network or system administrators.
It is essential to protect your server. Hence, it is essential to lock the server to prevent physical access by any unauthorized persons. The authors can also access the network by plugging into a switch. It is therefore essential to lock all the switches. The network administrator should never leave the server logged in. He should log off the server or add a password protected screensaver when the server is not in use.
Firewalls protect your network using a number of methods. It uses techniques to hide IP addresses and blocking the TCP/IP ports to prevent unauthorized access to the system.
It is a common technique of protecting a network by hiding the real IP addresses of the internal network systems from the internet. You can hide IP addresses either using NAT or proxy server.
The second most common firewall tool is port filtering, also known as port blocking. Port filtering involves preventing TCP or UDP packets to pass through any port other than those prescribed by the network administrator.
Packet filtering blocks the incoming or outgoing packet from a particular IP address or a range of IP addresses. Packet filtering can block outgoing IP addresses better because the administrator knows all the IP addresses of the internal systems and can specify it. It is also known as IP filters.
Encryption makes the packet unreadable. Encryption of data occurs at various levels, such as encrypting data while sending it over the internet. There are number of ways to encrypt network data. The choice of encryption methods depend on the methods used by communicating systems to connect to the network. Many networks consist of multiple networks linked together by some private connection like an ISDN. Microsoft uses encryption method like IP sec for these types of network. Encryption can also be used by TCP/IP applications. The most commonly used application encryption is Netscape’s Secure Socket Layer (SSL) security protocol. SSL is used to create secure website.
It is necessary to authenticate the user along with encrypting the data. Modern network operating systems such as windows NT/2000/2003/XP and Netware use authentication encryption like Kerberos for authentication. Kerberos supports multiple brands of servers to authenticate clients having different operating systems. The common protocols used for authentication are Password Authentication Protocol (PAP), Channel Handshake Authentication Protocol (CHAP) and MS-CHAP. PAP is the oldest authentication protocol and least safe as it sends passwords in clear text. CHAP is the most common remote access protocol. MS-CHAP is the Microsoft’s version of CHAP.
Most strong encryption uses an asymmetric key methodology which uses two keys: a public key and a private key. The way of encryption is using digital certificates which are public keys signed with the digital signatures from a trusted third party know as Certificate Authority (CA). One of the popular CA for secure websites is VeriSign.
Virtual LAN is a broadcast domain created using one or more switches. The switch creates a VLAN by adding some systems in one VLAN and some in other. The switch separates the ports into multiple broadcast domains instead of single broadcast domain depending on the configuration. VLAN not only provides security but also provides solution for reducing network traffic and helps in network administration.
Securing networks against external attack is a complex subject and we have only just scratched the surface in this short article. There are plenty of other online resources for further information, or alternatively you might want to consider a training course. Some training providers run local courses ranging from 1 day up to a week in duration, depending upon your requirements. One Company in the UK which we’ve used on several occasions for our own staff is Paul Brown Training Ltd, offering 1 day courses from as little as £55 / person. Primarily Microsoft Office trainers, they also provide a range of network skills courses through their partners at QA at discounted prices.
The methods of protecting internal threats are largely dependent on policies set by the network administrator for different users rather than the technology. There are large number of user accounts and groups having different levels of rights/permissions spread around a network. Each time a user is granted access to a resource you create potential loopholes leaving your network vulnerable to unauthorized access, data destruction and other administrative threats. To protect the computer network from internal threats, the administrator needs to implement passwords, permissions and policies on user accounts.
Implementing passwords is the best practice to protect your network. An us account with a valid password would provide entry into a system even if the user has limited permissions. It is also essential to keep the password safe. If a user forgets his password, the network administrator should set a new password using different combination of letters and numbers and the user should be allowed to change it the next time he logs in. Also, the users should be made to change the passwords at regular intervals of time. Smart devices such as credit cards, smart cards and USB keys can be used in place of entering a password. Biometric devices like finger prints and retina scan can also be used as a replacement for passwords.
All the user accounts should be given the right permission to access the resources they need and nothing more. Access to the user accounts should be restricted and the accounts should have permissions to access the necessary resources. The best method of user account control is creating groups. Assigning permissions/rights to groups rather than individual user accounts make it easy to track the permissions given to a specific group of the user. Operating systems such as Netware and Windows store the entire structure including computers, groups, and users and shared resources in a single large directory.
It is essential to implement various policies so as to restrict access to the resources or to prohibit them from doing certain tasks. For e.g. the administrator does not want the users to install any software on their computer. These policies are generally applied to the user account, a computer or a group and depend upon the type of the network operating system used. The different policies that can be enabled on a windows system include prevent registry edits, log on locally, shutdown system and disable windows installer.
Fault tolerance is used in recovering data if data is lost due to disk crash. RAID technology is used for fault tolerance. In RAID, if one of the hard disk crashes, the data can be recovered from other hard disk.
It is always a good practice to install antivirus software on your computer which has latest antivirus definitions. The antivirus software should be configured according to the requirements of an organization. It is very essential to update the antivirus software regularly so that the latest virus definitions are updated and the computer gets the higher level of security from viruses. Organization should try and prevent use of any external storage medium like DVD ROM’s and USB drives. Most of the virus comes through these external storage device plugged in by the companies most trusted user. We can configure a group policy to disable the USB storage devices and DVD ROM’s. We can also disable these external storage devices through BIOS.
These are few methods of protecting your computer network from internal threats. It is always advisable to prevent a threat rather than working on it after the damage is caused.
An important aspect in computer networks is security. Network security is an art of transferring messages to make them secure and less prone to attacks. Computer security on other hand is the art of preventing unauthorized access blocking virus programs that attempt to destroy the data. In this article we have tried to address both the aspects.
Anything that prevents users from accessing the required resources for performing their task is known as threat. Threats not only include hacking of the server but it also includes bad configuration, viruses and unintentional corruption of data by the users. Thus, threats can be broadly classified into two groups, Internal and External threats.
Internal threats are wrong practices done by the users in the network resulting in inefficient working of the network. Most of the time the security violation does not happen from an outside source but it originates with an organization intentionally and unintentionally. The common internal threats are:
Unauthorized access: When a user accesses the network resources where he is not granted access, it is known as unauthorized access. It may not cause any harm to the data, but the user should not access those data. For e.g. the user is reading the employees personal files. Once the user gets access to a particular file then he may edit or delete that file which is to be protected.
Data destruction can be erasing or corrupting data intentionally or accidentally. Consider the case where users are authorized to access certain data but they are not authorized to make any changes to the data. For e.g. an employee may have access to the product database where he can make changes to the product description. But he discovers that he can make changes to the product prices as well. These types of threats are mostly dangerous as users are not informed about the extent to which they can modify the data.
The Network Operating System comes equipped with various administrative tools and functionality. It helps to perform the various functions of the network. But giving administrative/supervisory or root access to a user can lead to problems. For e.g. giving rights to a user to delete and add files in an important folder. Hence, it is necessary to protect administrative functions and programs from access and misuse by the users.
Like any other technology, even computers can fail. The main causes of computer failure can be hard drive crash, server lockup and power failure.
The most efficient and fastest method of transferring computer viruses among systems is through the network. Though most of the users focus on the virus attacks from internet, large number of viruses enter the system through USB drives, CD’s and DVD’s.
External threats can exist in two forms. First, the attacker can manipulate your users to gain access to the network, a process called social engineering. In the second case, the hacker at a remote location can use technical drawbacks of your network to gain access. The common external threats are:
Social Engineering: Majority of attacks come under social engineering where the person manipulates the people within the organization to gain access to the network from outside. The hackers use organizational people to gain unauthorized information. The information can be network login, credit card number or any other useful information that an organization may not want that an outsider to know. Some of the social engineering attacks are infiltration, telephone scams and physical thefts.
Hackers: In Hacking, the hacker gains access to the network or computer with the help of internet worms and other hacking tools. The main objective behind hacking is to try and get into public and private networks where they have no business. The Hackers can be classified into four categories inspectors, interceptors, controllers and flooders depending upon their intentions.
Bit locker is a new security feature introduced by Microsoft since the release of Windows Vista. It works in integration with TPM (Trusted Platform Module). Bit locker works in integration with TPM to protect the operating system and data even if the computer is lost or stolen.
TPM is a chip that is built into the computer. This chip stores the information like encryption keys and other cryptographic info. You can also use bit locker without TPM by configuring a group policy to store the required encryption keys on a USB flash drive or other media. The USB flash drive or the media can then be used to unlock the drive.
When the computer boots up a POST (Power On Self Test) is carried out to check the functionality of the computer components. After POST, the startup process begins and the TPM shows the encrypted partition only after comparing the encrypted values with a previously taken snapshot. This process verifies the integrity of the startup process and finds out if the installation process is tampered in any way. The key is not shown if the hard disk is attached with another computer or the installation of windows is tampered.
Requirements for configuring Bit locker drive Encryption in Windows 10:
1. A TPM chip built on the computer that is compatible with the version of windows 10 (Version 1.2 or higher).
2. TPM compatible BIOS.
3. NTFS drive partitions.
4. BIOS must be set up to boot from hard drive and not from removable drives.
1. To set up bit locker drive encryption, click on ‘Start Menu’. Type ‘Bit locker’ in the search box. Click on ‘Manage Bit locker’.
2. Right click on the drive that you want to encrypt, and click ‘Turn ON Bit locker’.
3. You can select how you want to encrypt your drive. Either by password or by smart card.
4. Select the location where you want to save the recovery key in case you forget your password.
5. You can also select if you want to encrypt the whole drive or just the utilized space. Click on ‘Start Encryption’.
The encryption will take some time depending on the options you selected. Once it is complete a message will be displayed that says, “Encryption of C: is complete.” Click on ‘Close’.
You can now remove the Hard disk from this particular computer and attach it to another computer. Start the computer and check the message displayed. It will ask you to type the encryption key to unlock the Operating system. If you do not have the encryption key than you will not be able to boot the computer.
Bit locker is an important feature that helps in blocking hackers from accessing the important files, passwords or any confidential data from your storage device. When you save any new file on an encrypted device with bit locker, it will encrypt them automatically. You must also know that the files will remain encrypted as long as they remain on the same drive. If the files are copied to another drive then they won’t remain encrypted. If the files are shared with other Windows 10 users on the network they still remain encrypted on the same drive on Windows 10 operating system. The other authorized users on the Windows 10 network will still be able to access them normally. In windows 10 you can also decrypt the hard disk in the same way you encrypted it. To decrypt a windows 10 hard drive follow the below steps:
BitLocker is one of many new features in Windows 10. Paul Brown Training and QA offer a range of Microsoft courses at venues in London and right across the UK, aimed at gaining practical skills quickly. There are various courses available, including both public classroom based and onsite IT training.