IT Fundamentals Module 5 Unit 1

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

Image by racorn © 123rf.com

Objectives

• Distinguish threats to the

confidentiality, integrity, and availability
of information processing systems

• Identify social engineering techniques

• Describe the importance of business

continuity and how to make systems
fault tolerant

• Explain the importance of disaster

recovery plans

2

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Controlling access to resources

• Balance security with accessibility

• Properties of secure information—“CIA Triad”

o
Confidentiality

o
Integrity

o
Availability

• Security threats

3

Computer Security Basics

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Snooping

• Eavesdropping/wiretapping/sniffing

• Social engineering/dumpster diving

4

Confidentiality Concerns

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Man-in-the-Middle (MitM)

• Replay

• Impersonation

5

Integrity Concerns

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Denial of Service (DoS)

• Power outage

• Hardware failure

• Destruction

• Serviceoutage

6

Availability Concerns

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Access control system

• Authentication

o
Prove that a user is who they say they are

o
Associate that person with a unique computer or network user account

• Authorization

o
Create barriers around the resource such that only authenticated users can gain access

o
Resource permissions lists

• Accounting

o
Recording when and by whom a resource was accessed

7

Authorization, Authentication, and Auditing

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Getting people to reveal confidential information

• Attackers often build access with piecemeal steps

• Any information about a company can be helpful in making social engineering

attacks more likely to succeed

8

Social Engineering

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

Impersonation, Trust, and Dumpster Diving

• Gain access by pretending to be

someone else

o
Intimidate through false rank or spurious
technical jargon

o
Exploit trust - coax and persuade

• Building trust is easier if you have

information that will convince your target
(or put them off-guard)

o
Department employee lists, job titles,
phone numbers, diary, invoices, or
purchase orders

• “Dumpster diving” for discarded company

information

9

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Identity fraud

o
Masquerade as someone else

o
Control accounts that are supposed to be operated by someone else

o
Exploit stolen Personally Identifiable Information (PII)

• “Shoulder surfing” to observe credentials

10

Identity Fraud and Shoulder Surfing

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

Defeating Social Engineering Attacks

• Training and education

• Security policies

o
Proper support procedures

o
Account and device protection—e.g.
using screen locks to prevent “lunchtime
attacks”

o
Identity badges, escorted visitors, and
secure doors

11

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Outages cost—financially and reputational damage

• Business continuity plans minimize outages or the effect of outages

• Fault tolerance

o
Design systems without single points of failure

o
Develop contingency plans to cope with failures

o
Provision redundant components and systems to allow failover

12

Business Continuity and Fault Tolerance

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Redundant Array of Independent Disks (RAID)

• Configurations to allow the storage system to tolerate individual disk unit failures

o
RAID 1—disk mirroring

o
RAID 5—striping with parity

• RAID cannot replace the need for backups

13

Data Redundancy

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Multiple adapter cards/ports for individual host

o
Also allows load balancing

• Multiple network paths between nodes

• Routers can detect failed links and choose alternative paths

14

Network Redundancy

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Dual power supplies

• Redundant circuits

• Uninterruptible Power Supply (UPS)

• Backup power generator

15

Power Redundancy

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Providing redundancy at the site level

• Replication can be used to synchronize data between multiple sites

16

Site Redundancy and Replication

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

• Plans for specific scenarios rather than overall business continuity

o
Workflows and resources

o
Wide range of possible major and minor scenarios

• Prioritization

• Data restoration

• Restoring access

17

Disaster Recovery

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

Review

Image by Wavebreak Media © 123rf.com

Review

• Distinguish threats to the

confidentiality, integrity, and
availability of information processing
systems

• Identify social engineering

techniques

• Describe the importance of business

continuity and how to make systems
fault tolerant

• Explain the importance of disaster

recovery plans

18

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

Image by racorn © 123rf.com

Examples of Common Threats

19