Lesson 4. Detection and Prevention

---

---

Lesson Notes

Detecting Vulnerabilities

Organizations may have vulnerabilities in the following areas

1. Procedures: These include policies and codes of conduct.
2. Operating System or Network Setup This pertains to how the operating system facilitates interactions with other parts of the network.
3. Software Configurations It involves aspects like passwords and the accessibility of tools.
4. Employee Behavior This refers to an employee's actions with their granted access and whether they can be trusted.

---

Method 1: Anti-Malware

Software that is used to detect and remove malware.

---

Method 2: Password Systems

Passwords are the most common form of authenticating a user. Authentication is checking that the user is allowed to access content. Some applications use a pin pattern instead of a username and password

To set a secure password you must

• Use a minimum of eight characters.
• Use a mixture of numbers, lowercase and uppercase characters.
• Include symbols such as &, !, #, %
• Do not include your name, DOB or personal details.

Example of strong password: Brdu8#Jw4g

---

Method 3: Biometric Authentication

Biometric security is a powerful mechanism that leverages unique biological measurements or physical characteristics to verify an individual's identity and grant access to a facility or system. Unlike traditional passwords, which can be vulnerable, biometrics link proof of identity to our bodies and behavior patterns. Examples of biometric technology include fingerprint mapping, facial recognition, and retina scans.

---

Method 4: Encryption

Encryption is the encoding of data so that it can no longer be easily understood. Only authorised users, or users with the key can decrypt it.

---

---

Method 6: Email Confirmation

Email confirmation serves as a security measure in several ways:

1. Account Verification: When you sign up for an online service or create an account, the platform typically sends a confirmation email to the address you provided. By clicking on the confirmation link in the email, you verify that you have access to that email account. This prevents unauthorized users from creating accounts using your email address.
2. Preventing Fake Accounts: Confirmation emails ensure that only legitimate users can complete the account creation process. Without confirming their email, potential scammers or bots cannot fully activate their accounts.
3. Two-Factor Authentication (2FA): Some services use email confirmation as part of a two-step verification process. After entering your password, you receive a code via email that you must enter to access your account. This adds an extra layer of security beyond just a password.
4. Password Recovery: When you forget your password, many platforms allow you to reset it by sending a link to your registered email address. Confirming your email ensures that only authorized users can reset their passwords.
5. Communication Channel: Email is a common communication channel for account-related notifications, security alerts, and password changes. Confirming your email ensures that you receive these critical messages.

---

Method 7: Automatic Software Updates/Patches

Large companies like Microsoft often automatically update your software whenever they make changes to it. During software installation, you can set the default option to install automatic updates. Free applications typically do not have automatic update capabilities, so manual updates may be necessary. Software patches are updates designed to improve or fix a program. It may also provide additional protection against malware.

---

Method 8: Penetration Testing

Finding flaws in a system, creating a report and explain how to fix them.

• In black box testing, testers are given no more information than any potential hacker may have.
• In white box testing, testers are given as much information as an 'insider' may have, in order to determine how much damage a rogue employee could do to a system.

Different types testers or hackers can have different motivations and they are categorized into the groups identified below:

• A white hat hacker is someone who has permission and is authorised to act as a penetration tester.
• A grey hat hacker is an individual who may not have explicit permission but conducts penetration testing and informs organizations about any vulnerabilities they discover-often in exchange for a fee. While grey hat hackers occasionally operate in a legal gray area, they are not inherently malicious.
• A black hat hacker is someone without permission and who has malicious intent. These are the people that penetration testers are trying to stop.

---

Method 9: Removable Media Ban

Cybercriminals occasionally employ a clever tactic! They strategically "lose" malware-infected USB sticks in places like company parking lots. Their goal is to trick unsuspecting employees into picking up these USB drives and plugging them into their computers. Thankfully, in some cases, vigilant employees have thwarted these attempts by reporting the suspicious devices to their IT departments. It's a reminder to stay cautious when encountering stray USB drives!

---

Method 10: Access Rights

Access rights in network security refer to the permissions and privileges granted to users, devices, or processes within a networked environment. These rights determine what actions an entity can perform and what resources it can access.

---

Method 11: Acceptable Use Policy (AUP)

Set of rules to follow in an organisation. If the rules are broken the organisation has legal grounds to remove you.

---

Method 12: Physical Security

Physical security is used to prevent physical access to devices, and to prevent theft. Steps may include:

• door locks
• window locks or bars
• intruder alarm systems
• CCTV systems
• laptop locks (e.g. Kensington locks)
• security guards.

---