IT Fundamentals/Security Practices
This lesson introduces the best IT security practices.
Objectives and Skills
editObjectives and skills for the security practices portion of IT Fundamentals certification include:[1]
- Explain methods to secure devices and best practices.
- Securing devices (mobile/workstation)
- Antivirus/Anti-malware
- Host firewall
- Changing default passwords
- Enabling passwords
- Safe browsing practices
- Patching/updates
- Device use best practices
- Software sources
- Validating legitimate sources
- Researching legitimate sources
- OEM websites vs. third-party websites
- Removal of unwanted software
- Removal of unnecessary software
- Removal of malicious software
- Software sources
- Securing devices (mobile/workstation)
- Explain password best practices.
- Password length
- Password complexity
- Password history
- Password expiration
- Password reuse across sites
- Password managers
- Password reset process
- Explain common uses of encryption.
- Plain text vs. cipher text
- Data at rest
- File level
- Disk level
- Mobile device
- Data in transit
- HTTPS
- VPN
- Mobile application
- Summarize behavioral security concepts.
- Expectations of privacy when using:
- The Internet
- Social networking sites
- File sharing
- Instant messaging
- Mobile applications
- Desktop software
- Business software
- Corporate network
- The Internet
- Written policies and procedures
- Handling of confidential information
- Passwords
- Personal information
- Customer information
- Company confidential information
- Expectations of privacy when using:
Readings
editMultimedia
editActivities
edit- Complete the GCF Global: Protecting your computer tutorial.
- Use anti-malware software to scan your system and test malware detection.
- All: Review Wikipedia: Comparison of antivirus software. Download a free, well-known anti-malware application and scan your system.
- All: Review Wikipedia: EICAR test file. Download and save the EICAR test file to test your anti-malware application and follow the process for removing malware.
- Configure password management.
- All: Research password managers. Consider installing and using a password manager on your system.
- Windows: Review Microsoft: How to Configure Security Policy Settings. Consider modifying Password Policy and Account Lockout Policy settings.
- macOS: Review CNet: How to set up password policies in macOS. Consider modifying password restrictions.
- Linux: Review Xmodulo: How to set password policy on Linux. Consider modifying password policy settings.
- Test your firewall using a testing service such as Gibson Research: ShieldsUP!
- Consider encrypting your system storage:
- Windows: Review Microsoft: BitLocker Drive Encryption Overview
- macOS: Review Apple: macOS: About FileVault 2
- Linux: Review ArchLinux: Disk Encryption
- Android: Review GreenBot: Why and How to Encrypt Your Android Device.
- iOS: Review Apple:Understanding Data Protection.
- Research privacy options when using social networking, instant messaging, and various installed apps and programs. Consider enhancing your privacy settings wherever possible.
Lesson Summary
editDevice Security
edit- Device hardening is the process of securing a system by reducing its surface of vulnerability. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.[2]
- Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.[3]
- A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.[4]
- Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls filter traffic between two or more networks and run on network hardware. Host-based firewalls run on host computers and control network traffic in and out of those machines.
- Securing devices includes:[5]
- Antivirus/Anti-malware
- Host firewall
- Changing default passwords
- Enabling passwords
- Safe browsing practices
- Patching/updates
- Best practices for device use include:[6]
- Software sources
- Validating legitimate sources
- Researching legitimate sources
- OEM websites vs. third-party websites
- Removal of unwanted software
- Removal of unnecessary software
- Removal of malicious software
- Software sources
Passwords
edit- A password is a memorized secret, typically a string of characters, used to confirm the identity of a user.[7]
- Password best practices include:[8]
- Password length
- Password complexity
- Password history (minimizing reuse)
- Password expiration
- Password reuse across sites (minimizing reuse)
- Password managers
- Password reset process
Encryption
edit- Encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.[9]
- Most applications of encryption protect information only at rest or in transit, leaving sensitive data in cleartext and potentially vulnerable to improper disclosure during processing.[10]
- File-level encryption is a form of disk encryption where individual files or directories are encrypted by the file system itself.[11]
- Disk-level encryption is a form of disk encryption where the entire partition or disk in which the file system resides is encrypted.[12]
- Email is encrypted using Transport Layer Security (TLS).[13]
- Web browser communication is encrypted using HTTPS.[14]
- A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.[15]
Behavioral Security
edit- Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet.[16]
- Those concerned about Internet privacy often cite a number of privacy risks — events that can compromise privacy — which may be encountered through online activities. These range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults).[17]
- A privacy policy is a statement or a legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data.[18]
- Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services.[19]
Key Terms
edit- PII (Personally Identifiable Information)
- Any information relating to an identifiable person.[20]
- PIN (Personal Identification Number)
- A numeric or alpha-numeric password used in the process of authenticating a user accessing a system.[21]
- VPN (Virtual Private Network)
- Extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.[22]
Assessments
editSee Also
editReferences
edit- ↑ CompTIA: IT Fundamentals (ITF+) Exam Objectives FC0-U61
- ↑ Wikipedia: Hardening (computing)
- ↑ Wikipedia: Antivirus software
- ↑ Wikipedia: Firewall (computing)
- ↑ CompTIA: IT Fundamentals (ITF+) Exam Objectives FC0-U61
- ↑ CompTIA: IT Fundamentals (ITF+) Exam Objectives FC0-U61
- ↑ Wikipedia: Password
- ↑ CompTIA: IT Fundamentals (ITF+) Exam Objectives FC0-U61
- ↑ Wikipedia: Encryption
- ↑ Wikipedia: Encryption
- ↑ Wikipedia: File-level encryption
- ↑ Wikipedia: File-level encryption
- ↑ Wikipedia: Email encryption
- ↑ Wikipedia: HTTPS
- ↑ Wikipedia: Virtual private network
- ↑ Wikipedia: Internet privacy
- ↑ Wikipedia: Internet privacy
- ↑ Wikipedia: Privacy policy
- ↑ Wikipedia: Privacy policy
- ↑ Wikipedia: Personal data
- ↑ Wikipedia: Personal identification number
- ↑ Wikipedia: Virtual private network