Module 13

Essential Question:  What are the many types of threats to computers and networks? What are the greatest and most types of malware?

Mastery Objectives:

• SWBAT describe the many types of threats to computers and networks. 

• SWBAT describe, compare, and contrast common types of computer malware such as viruses, trojan horses, adware, ransomware, rootkits, spyware, and worms and the techniques to protect against them. 

• SWBAT troubleshoot TCP/IP attacks like denial of service, spoofing, syn flood, and man-in-the-middle. 

• SWBAT recognize social engineering techniques to deceive and trick unsuspecting individuals to reveal confidential information or account login credentials such as phishing, pretexting, baiting, and dumpster diving and how to protect against these attacks. 

• SWBAT learn about the importance of having a security policy that specify the persons authorized to access network resources, the minimum requirements for passwords, acceptable uses for network resources, how remote users can access the network, and how security incidents will be handled. 

• SWBAT host-based firewalls like Windows Defender how to configure it to allow or deny access to specific programs or ports. 

Vocabulary:

Malware                            Adware                   Trojan Horse               Ransomware                Rootkit                            Spyware                         Virus                    Worm                         Boot Sector Virus

Macro Virus              Program Viruses                     Script Viruses                  Remote Access Trojan Horse                        Data-Sending Trojan Horse                   Destructive Trojan Horse

Proxy Trojan Horse                FTP Trojan Horse                     Security Software Disabler Trojan Horse                    Denial of Service Trojan Horse                    Keylogger Trojan Horse

Boot Sector Virus                             Firmware Virus                          Macro Virus                         Program Virus                                      Script Virus                    Phishing                      Scareware

Keyloggers                                        Quarantine                   UAC User Account Control                           Alt + F4                        cryptographic private key                      biometric Lock           multi-factor lock

walled garden model                              anti-malware software signatures                 Reconnaissance               Information Query: Google Search          whois            man trap

Ping Sweep                      Zero-Day                 Zero-Hour              Conventional Lock                   Deadbolt Lock               Electronic Lock               Token-based Lock

Port Scan: nMap, SuperScan                         Vulnerability Scanners: Nipper, Secuna, PSI                          Exploitation Tools: Metasploit, Core impact

TCP/IP Attacks:   DoS  (Denial of Service)            Distributed DoS             DNS Poisoning/Spoofing            Man-in-the-Middle       Replay Attack            Spoofing             Syn Flood                                

VPN                   ASA Firewall                              IPS                           AAA Server                                  ESA/WSA                 Encryption File System (EFS)    

Social Engineering Attacks:            Baiting                 Dumpster Diving                    Impersonation                         Phishing                        Pretexting              Shoulder Surfing              

Something for Something                         Spear Phishing                             Tailgating                            Spam                     

Security Dongle                           Security Fob                             USB Lock                          switch management software                        Enterprise Mobility Management (EMM)

Mobile Device Management (MDM)                        Bring Your Own Device (BYOD)                        Mobile Application Management (MAM)                permission propagation 

Permissions - full control, modify, read and execute, read, write                                 Electromagnetic Degaussing Device

Windows BitLocker                            BitLocker-to-go                           Trusted Platform Module (TPM)                         Data Wiping Software              Degaussing Wand

Low Level Format                       Standard Format                         BIOS/UEFI Password              Windows Hello                          PIN                         Picture Password                Dynamic Lock

User Account Control (UAC)                                        Local Users and Group Management                              DMZ Server                   Host-based Firewall               Small Office Home Office (SOHO)

Cisco Adaptive Security Appliance (ASA)                                    Cisco Integrated Services Router (ISR)                               access control lists (ACLs) 

InPrivate Browsing                                  Pop-up Blocker                                     SmartScreen Filter                                     ActiveX Filtering                            Multifactor authentication 

Plug-ins                     Extensions                            Themes                        Apps                     Default Search Provider              Ad Blocker             Private Browsing

Clearing Cache                 inPrivate Browsing Mode

Resources:

Blooket for Module 13 - https://dashboard.blooket.com/set/696283c10c7bf597e17d0a79 

https://youtu.be/ilhGh9CEIwM?si=pEPtuMXRmEAyRxOt - DDoS explained

https://youtube.com/shorts/ldA1TLBzxFE?si=3dWHwL6_VgKZcDAz- DNS Poisoning/Spoofing attack

https://youtu.be/83LOa-dYi_A?si=YostarldALBEgttM - Man-in-the-Middle Attack

https://youtu.be/ZeuWpL-7EwY?si=IloQzPSnJB6GaM4s - Replay Attack 

https://youtu.be/NNdCaNiqqTo?si=n4zZZqgezZR4mQYs - Spoofing Attack vs Hacking

https://youtu.be/tClcCMrXzek?si=xNsiPPzamJP0-nnv - Syn Attack

Activity 1:

Learn about Reconnaissance. Plan an attack with a partner.

• Perform an information query of a target

• Initiate a ping sweep of a target area

• Initiate a port scan of active IP addresses

• Run vulnerability scanners

• Run exploitation tools

Activity 2:

Role Play the types of attacks using crumbled paper and moving around the room.

Activity 3:

Roleplay an attack and choose a layer of protection:  

• VPN - A router is used to provide secure VPN services with corporate sites and remote access support for remote users using secure encrypted tunnels.

• ASA Firewall - This dedicated device provides stateful firewall services. It ensures that internal traffic can go out and come back, but external traffic cannot initiate connections to inside hosts.

• IPS - An Intrusion Prevention System (IPS) monitors incoming and outgoing traffic looking for malware, network attack signatures, and more. If it recognizes a threat, it can immediately stop it

• AAA Server - This server contains a secure database of who is authorized to access and manage network devices. Network devices authenticate administrative users using this database.

• ESA/WSA - The email security appliance (ESA) filters spam and suspicious emails. The web security appliance (WSA) filters known and suspicious Internet malware sites.

Activity 4:

Create a security policy for an organization.  Select from the types of organizations:

• Government organization

• Non-profit organization where you have different volunteers everyday

• K-12 School

• College campus

• For-Profit organization

• Large Company

• Mid-Size Company

• Small Company

• Company with a large sales staff that travel

Your security policy should answer the following questions:

• Which assets require protection

• What are the possible threats?

• What to do in the event of a security breach?

• What training will be in place to educate the end users?

You should have the following policies:

• Password Policies

• Acceptable Use Policies

• Remote Access Policies

• Network Maintenance Policies

• Incident Handling Policies

An organization’s assets include their data, employees, and physical devices such as computers and network equipment. 

This is the seven-step best practice procedure for malware-removal:

1. Identify and research malware symptoms

2. Quarantine the infected systems

3. Disable System Restore (in Windows)

4. Remediate infected systems

5. Schedule scans and run updates

6. Enable System Restore and create restore points (in Windows)

7. Educate the end user