bcs itq level 1 - cia training · bcs itq level 1 it security for users using microsoft ® windows...

BCS ITQ Level 1

IT Security for Users

Using Microsoft® Windows®

Release BCS007v3

Level 1 ITQ IT Security for Users

Microsoft Windows 5 © CiA Training Ltd 2012

Contents

SKILL SET 1 THREAT AWARENESS................................................................................................ 6 1 - INTRODUCTION ........................................................................................................................... 7 2 - VIRUSES...................................................................................................................................... 8 3 - WORMS, TROJANS AND ROGUE DIALLERS .................................................................................. 9 4 - SPYWARE AND ADWARE ........................................................................................................... 10 5 - E-MAIL RISKS AND SPAM .......................................................................................................... 11 6 - HOAXES AND HACKERS ............................................................................................................ 12 7 - DEVELOP YOUR SKILLS............................................................................................................. 13

SUMMARY: THREAT AWARENESS........................................................................................................ 14

SKILL SET 2 PROTECTING YOUR COMPUTER......................................................................... 15 8 - ANTI-VIRUS SOFTWARE............................................................................................................. 16 9 - AVOIDING OTHER THREATS ...................................................................................................... 17 10 - PERFORMING SECURITY CHECKS ............................................................................................ 18 11 - DEVELOP YOUR SKILLS........................................................................................................... 20

SUMMARY: PROTECTING YOUR COMPUTER ........................................................................................ 21

SKILL SET 3 INFORMATION SECURITY .................. ................................................................... 22 12 - CONTROLLING ACCESS ........................................................................................................... 23 13 - CHANGING A PASSWORD ......................................................................................................... 25 14 - BACKING UP ........................................................................................................................... 26 15 - PHYSICAL MEASURES ............................................................................................................. 28 16 - NETWORK & WIRELESS SAFETY ............................................................................................. 29 17 - DEVELOP YOUR SKILLS........................................................................................................... 31

SUMMARY: PROTECTING YOUR COMPUTER ........................................................................................ 32

SKILL SET 4 GUIDELINES AND PROCEDURES.......................................................................... 33 18 - LEGISLATION........................................................................................................................... 34 19 - COMPANY POLICY................................................................................................................... 35 20 - STAYING SAFE ONLINE............................................................................................................ 36 21 - DEVELOP YOUR SKILLS........................................................................................................... 37

SUMMARY: GUIDELINES AND PROCEDURES......................................................................................... 37

SECURITY MEASURES SUMMARY ................................................................................................ 38

ITQ ASSESSMENT CRITERIA........................................................................................................... 39

ANSWERS .............................................................................................................................................. 40

GLOSSARY............................................................................................................................................ 45

INDEX..................................................................................................................................................... 47

OTHER PRODUCTS FROM CIA TRAINING.................................................................................. 48

IT Security for Users Level 1 ITQ

© CiA Training Ltd 2012 6 Microsoft Windows

Skill Set 1

Threat Awareness

By the end of this Skill Set you should be able to:

Identify IT Security Risks

Understand the Threat and Effects of Viruses

Recognise Other Forms of Malicious Software

Identify Hoaxes and Hackers

Recognise E-mail Threats



Exercise 1 - Introduction

Knowledge:

A world without computers is very hard to imagine today. Together with the Internet they have changed the way we live our lives, and most of the people you meet will use a computer at home and at work. They have revolutionised the way we communicate with each other and how we conduct business, and have forever changed how we think and work. However, despite making our lives so much easier, the widespread use of technology also brings with it many security concerns that IT users must be aware of. As such, this guide will try to explain some of the dangers of using IT systems and help you to avoid many of the pitfalls.

You must take steps to protect your computer, portable devices, and personal information from loss (e.g. hardware failure or theft) and any potential external threat (e.g. viruses or hackers). You must respect the confidentiality of any information that you have access to, and follow all laws and guidelines that apply. Indeed, the organisation that you work for should have a privacy policy to show you how to do this, as well as Internet and e-mail guidelines – make sure you find and follow them. Also find out who best to approach if you have any questions relating to the safe use of IT, or who to contact if you need to report a security concern.

Note: Keep in mind that the following exercises are not designed to scare you, but to make you aware of the many potential dangers that exist when using IT systems and the Internet. With a little knowledge and common sense, you’ll soon be using your computer confidently and safely.

Activity:

Food for thought…

1. Do you use a computer where you work or study?

2. Do you think you are fully aware of the many security issues related to protecting data and using IT systems?

3. Do you consider your computer adequately protected? Do you know how to check whether your computer is secure?

4. Do you feel that you have any responsibility for the security of the data on your computer or network?



Exercise 2 - Viruses

Knowledge:

The most well known and feared threat to computers is the computer virus – a small piece of malicious software (introduced to a computer system from an external source such as an e-mail or Internet download) with the ability to spread itself to other computers.

A virus is created by computer programmers to exploit security “holes” in popular programs. Once active, viruses can cause many levels of harm to your computer system – and even other computers connected to your network. Some simply cause a nuisance by altering the default behaviour of your software; others can cause significant problems by deleting files or damaging the Windows operating system itself, causing your computer to “slow down” or stop working altogether.

Fortunately, viruses can only affect your computer if they are introduced to it from outside (e.g. from memory sticks, CDs or DVDs, or from the Internet or E-mail). Furthermore, in most cases, viruses will remain inactive until you open or run an “infected” file or program, which then allows the virus contained within to run. However, if you are careful and follow some simple guidelines, it is very unlikely your computer will become infected.

Most importantly, always ensure you have anti-virus software installed and running (more on this in a later exercise). Also, be very wary of files downloaded from the Internet; if only genuine software and files from reputable sources are downloaded to your computer, in theory there should be no danger. If, however, programs or files are obtained from dubious or illegal sources, the chance of them containing a virus is much greater.

Also, as you will see in a later exercise, you must be especially careful of e-mail messages and their attachments – from unknown sources and from friends – as they can both contain potential threats to your computer. Even documents or spreadsheets used in applications such as Microsoft Word or Excel can contain harmful viruses! This is why you are sometimes given the option of opening files and templates in safe mode or with features disabled – if a virus can’t run, it can’t cause any problems!

Activity:

1. What is a computer virus?

2. Name some common ways for a virus to get onto your computer?

3. What can you do to avoid viruses?

Note: Answers are listed in the Answers section at the end of the guide.



Exercise 3 - Worms, Trojans and Rogue Diallers

Knowledge:

In addition to computer viruses, there are many other types of “malicious software” (commonly known as malware) that can threaten IT systems and data. Most gain access to your computer without your knowledge (often via Internet downloads or e-mail attachments). Many are simply annoying and slow down your computer or Internet connection, but others are far more serious and can give others remote access to your programs and data.

Worms and Trojans

A worm is very similar to a virus in that it can create and send copies of itself to other computers. It exploits security holes in your software and can significantly slow your computer down, as well as damage important files and programs. It can also open a “back door” to your computer, allowing other people to access the programs and information stored on it.

A Trojan is a file or program that, on the surface at least, appears safe and legitimate, but when opened does something unexpected and unwanted (including infecting your computer with viruses and other forms of malware).

Both worms and Trojans are often distributed in the form of programs or image files that you are encouraged to open (e.g. as an e-mail attachment or a website download).

Note: The term Trojan comes from the Greek story of the Trojan horse, where a gift that appeared entirely innocent turned out to contain a serious threat hidden within.

Rogue Diallers

A rogue dialler can only affect dial-up Internet connections. It is a piece of software which deletes your Internet Service Provider (ISP) phone number and replaces it with that of a premium rate ISP. Each time you connect to the Internet, you inadvertently incur large telephone costs. Fortunately, if you have broadband Internet access, you cannot be affected by this type of virus.

Note: Good anti-virus software and safe downloading practices can prevent all the threats described here from gaining access to your computer.

Activity:

1. What is a computer worm and how can it damage your computer?

2. What is a Trojan and why is it dangerous?

3. What is a rogue dialler and how can it affect you?

4. What can you do to avoid worms, Trojans and rogue diallers?



Exercise 4 - Spyware and Adware

Knowledge:

Spyware and adware are specific forms of malware that can significantly reduce your computer’s performance levels and open your programs and data to unwanted change and exploitation. Some threats will simply display annoying advertisements as you use your computer, but others can monitor your online activities (or steal sensitive information such as e-mail addresses, passwords, and stored credit card numbers) and then send that information to another person via the Internet.

Importantly, most types of spyware and adware are not strictly classed as viruses, and so most anti-virus software will not always detect or remove them. To do that, you will need to install and use a dedicated anti-spyware program (more on protecting your computer from threats in later exercises).

Spyware

The name spyware is given to software that gains access to your computer without your knowledge, usually when you install “free” programs downloaded from the Internet. Spyware can change computer settings, interfere with Internet browsing, and can even slow an Internet connection to the point where it becomes unusable. Far more seriously, it can also run silently “in the background” as you use your computer, gathering various types of personal information (e.g. your Internet browsing habits or the keys you type on your keyboard) and then sending that data to other people.

Adware

Adware, unlike other forms of malware, is far more intrusive. It automatically downloads and displays advertisements on your computer (often in “pop-up” windows as you browse the Internet). Adware is often installed on your computer without your knowledge, and is usually itself a form of spyware.

Note: As with most malware, spyware and adware usually gains access to your computer via Internet downloads or e-mail attachments. However, it can also be installed alongside legitimate software (many software companies use “sponsored” adverts in free software to cover their development costs). Be sure to read any license agreement or privacy statement before installing software to make sure you know what you’re getting.

Activity:

1. What is spyware and why is it dangerous?

2. What is adware?

3. Will anti-virus software always detect and remove spyware and adware? If not, why not?

4. What can you use to avoid both spyware and adware?



Exercise 5 - E-mail Risks and Spam

Knowledge:

Today, e-mail is an extremely important and efficient communication tool and many businesses would come to a standstill without it. However, there are also many risks associated with the use of e-mail, and in particular with files attached to them.

E-mail attachments

Always be very careful of e-mail messages containing attachments (enclosed files), from unknown sources and from friends, as they can potentially contain viruses and other forms of malware. If you do open a message attachment that contains a virus, the results can be catastrophic for your own computer and possibly all the other computers on your network!

Note: It is highly unlikely that your friends will intentionally send you a virus by e-mail. However, if your friends do not have good anti-virus and anti-spyware software installed, they may not even be aware that a file is infected. Also, some viruses affect e-mail programs and automatically send copies of themselves to the e-mail addresses of listed contacts.

As a rule, always save important attachments to your computer first, and then scan the files using your anti-virus software before opening them (you will learn more about anti-virus software in later exercises).

Unwanted messages

Be prepared to receive a lot of unwanted e-mail (known as spam). Certain companies and individuals send out lots of junk mail, often in an attempt to sell you something (usually of an adult nature). For some people, junk e-mail can severely impact upon their productivity, forcing them to spend large amounts of their working day deleting messages. Indeed, the sheer volume of junk mail can affect the performance of their computer systems and the network they are connected to.

Of course, you can simply delete junk e-mail as you would throw away real unwanted mail (your e-mail program can even be set up to do this automatically for you). Many of these types of messages also have a means to allow you to unsubscribe from their mailing list, so no further messages will be sent to you. It is always worth scanning the message for this.

Activity:

1. Why should you be wary of e-mail messages with attachments?

2. Are e-mail messages from friends and work colleagues safe?

3. What is unwanted e-mail better known as, and why can it become a problem?



Exercise 6 - Hoaxes and Hackers

Knowledge:

Hoax E-mail

Identity theft is as much a risk online as it is in real life! Hoax e-mails, such as chain messages or bogus petitions, are at best a nuisance, but they can also be considerably more dangerous if you act upon their instructions. Scam e-mails usually take a particular format, such as fake virus warnings, offers of cash, appeals to help people transfer savings, and even chain e-mails which you must forward to a specified number of other people. Simply delete them!

More subtle tricks also include official-looking e-mails allegedly from banks asking you to confirm account details or credit card numbers. Delete them immediately as this is a form of identity theft known as phishing. Remember: banks will never ask for personal or sensitive information to be put in an e-mail.

Unfortunately, the Internet makes it very easy to send hoax and scam e-mail, but there are some clues that can help you spot them. These include requests to forward a message to lots of people (sometimes to everyone you know); unsupported claims that you have won prizes or cash; language used in a way to create a sense of urgency (e.g. “act now to protect your computer from this devastating virus”), and requests for money - especially up front “fees”.

Note: If you receive an e-mail from an unknown person that appears too good to be true, it probably is. At best it may waste your time, but at worst it can cause embarrassment and cost you a great deal of money.

Hacking

A term often used by the media, hacking has come to mean changing computer software (or hardware) to do something other than what it was intended to do. More commonly, individuals known as hackers try to gain unauthorised access to computer systems in order to steal the data on them. Precautions such as installing a Firewall (described later) will help protect your computer from hackers.

Note: Many expert programmers or network security specialists consider themselves to be hackers. These are professional people who are in no way interested in gaining access to your computer!

Activity:

1. What is phishing and why is a problem?

2. If you suspect an e-mail of being a hoax, what should you do with it?

3. What is a hacker and what does it do?



Skill Set 2

Protecting Your Computer

By the end of this Skill Set you should be able to:

Protect Your Computer

Understand how Anti-virus Software Works

Avoid Other Forms of Malware and Spam

Check Security Settings

Report Security Threats



Exercise 8 - Anti-virus Software

Knowledge:

Every computer system in use is vulnerable to viruses. Fortunately, you can defend your computer against them by installing and using an anti-virus program. This is a small piece of software that scans files, including e-mail and Internet downloads, for viruses. There are many types of anti-virus software available to download and install – some free for home use – which will run continuously on your computer (in the background) to shield your system from viruses.

Note: Anti-virus software can also be used to scan files “on-demand”, including your entire computer, which is useful for checking downloaded files and e-mail attachments before you open them.

At the time of writing, some common anti-virus programs include Norton Internet Security, McAfee VirusScan, NOD32, Trend Micro Internet Security, and AVG. Once installed, if one of these programs finds a virus, it will delete it before any changes are made to your computer, and can even help reverse any changes already made (a process known as disinfecting).

Note: New threats to your computer appear daily, and therefore anti-virus software must be continually updated to include details of new viruses (known as a definitions update). This will usually happen automatically, but there is sometimes a short delay between a virus appearing and your anti-virus software being able to recognise it.

Of course, the best way to protect your computer from viruses is to make sure you don't expose it to any in the first place. Even when you are using anti-virus software, there is still a short period of time between a virus appearing and your definitions being updated where your computer will be vulnerable, so it is always a good idea to apply some sensible precautions. Only open e-mail attachments or documents from people you know, and only download and run programs from sources you trust. When browsing the Internet, be wary of any prompts to download or install software, no matter how genuine or useful it might seem.

As a rule, always save attached files to disk and scan them with your anti-virus software before opening – even if from friends. If you do open a message attachment or download a file that contains a virus, the results can be catastrophic for both your own computer and possibly all the other computers on your network!

Note: Malware such as viruses and spyware should not be confused with the term bug, which describes an error or fault in a piece of software.

Activity:

1. What should you do before opening files from a removable disk or device?

2. New viruses appear daily. How can you make sure you are protected?



Exercise 9 - Avoiding Other Threats

Knowledge:

Anti-Spyware/Adware Software

Anti-virus software will usually detect and remove viruses, worms, Trojans and other threats. However, spyware and adware are often ignored as they are not strictly viruses, and so special anti-spyware programs are needed. The free Microsoft program Windows Defender is one good example.

Anti-spyware programs work in a similar way to anti-virus programs, and can either run in the background as an active shield against threats, or can be used to scan your computer “on demand”. It is recommended that you install anti-spyware software and routinely run full scans of your computer for problems.

Note: Many anti-virus software packages now also come with anti-spyware included. As with anti-virus software, you also need to keep anti-spyware software up-to-date by regularly downloading updates.

Anti-Spam Software

Anti-spam software filters out unwanted junk messages from your e-mail before it reaches you. As junk e-mail is such a problem these days, most e-mail providers offer anti-spam filters as standard. E-mail programs such as Microsoft Outlook also come with junk mail filters built-in.

Firewalls

Every computer should have an operational firewall. A firewall is simply a barrier between your computer and the Internet, and determines what type of traffic is allowed to pass out of the system to the Internet, and into the system from the Internet. It helps to protect the computer from the risk of infiltration by hackers. Windows has a built-in firewall that starts automatically, protecting you from the second you log-in.

Note: If you believe malware or another person may have gained access to your computer system, you must consult someone who can help immediately (especially for computers on a network). Look out for programs behaving oddly, your Internet browser taking you to pages you did not request, advertisements appearing automatically, or very slow computer and program performance.

Activity:

1. How often should you update anti-spyware and anti-spam software?

2. What is the best way to prevent “hackers” from gaining access to your computer?



Exercise 10 - Performing Security Checks

Knowledge:

Any computer that is connected to the Internet is vulnerable to a number of dangers, including viruses, spyware, adware, and hackers. It is therefore very important that you routinely check your computer to make sure it is secure. Fortunately, Windows makes it easy to check your security status quickly.

Also, most Windows programs that allow you to browse the Internet allow you to adjust settings to increase or decrease security levels. Typically, on a private business or home network, it is acceptable to use slightly more relaxed security settings in order to share files and access shared resources such as printers. On an unsecured public network, however, it is advisable to be much more cautious.

Activity:

1. Click once on the Start button, (found at the bottom left of the screen on the Taskbar), to show the list of start options available.

2. Click once on Control Panel. When the Control Panel appears, click System and Security (Security on earlier versions of Windows). The options that appear allow you to check the security status of your computer.

3. Select Windows Firewall by clicking the title-link once.

Note: Depending on your version of Windows, the Control Panel options you see may be presented slightly differently to those shown here.

4. Regardless of the type of network you are connected to (e.g. home or work), the firewall status should be on and using recommended settings. Turn it on now if it is not.

Note: Fortunately, Windows constantly scans for security problems in the background as you work, including incorrect firewall settings or outdated anti-virus software, and automatically alerts you.

5. Notice that you can have different firewall settings for different types of network (e.g. home, work or public place).



Exercise 10 - Continued

6. Return to the security options on the previous screen and select Windows Update.

7. Make sure Windows Update is turned on and that any current available updates are installed.

Note: As security bugs are found in Windows, Microsoft releases updates to fix them. It is therefore recommended that you allow Windows to automatically download these updates, helping protect you and your computer from any new threats. Again, if Microsoft Update is not setup correctly, or if any updates are awaiting install, Windows will automatically alert you.

8. Return to the security options screen, and explore some of the other security settings and tools available.

Note: You can change your default Internet Explorer security levels by selecting Internet Options from within Network and Internet, and then clicking the Security tab. The controls shown allow you to increase or decrease your Internet security settings by dragging a slider up (more secure) or down (less secure). These settings only affect Internet Explorer, but similar settings will be available within all Internet browsing programs.

Note: Generally speaking, the more secure you make your system, the less useful it becomes – you will need to find a reasonable balance between the two that most suits you.

9. When you are finished, close the Control Panel.



Exercise 11 - Develop Your Skills

You will find a Develop Your Skills exercise at the end of each Skill Set. Work through it to ensure you’ve understood the previous exercises.

1. What is a firewall?

2. What protection should every computer have?

3. True or false: you only have to update anti-virus software immediately after installation

4. For what should you regularly use the anti-virus software?

5. What can be used to deal with unwanted spam e-mail?

6. What action should you take if a computer system does become infected?

7. Find out what anti-virus software is running on your computer system (if none are found, you must seek advice on installing one).

8. Find out what anti-spyware software, if any, is installed on your computer system.

9. Use your Windows Control Panel to confirm that your firewall is running. If it is not, enable it now.

10. Check that Windows Update is configured to run automatically.

Note: Answers are listed in the Answers section at the end of the guide.



Summary: Protecting Your Computer

In this Skill Set you have seen how to take appropriate security precautions to protect your computer from threats, including viruses and other forms of malware. You have also seen how a firewall can help protect you from the threat of hackers, and learned how to perform simple security checks to ensure that your computer and data remain safe and secure.

You should be able to demonstrate your ability to:

• Take appropriate security precautions to protect IT systems and data:

� Anti-virus software

� Avoid other threats (e.g. spyware and spam)

� Check firewall settings

� Carry out security checks

� Identify and report security threats or breaches

bcs itq level 1 - cia training · bcs itq level 1 it security for users using microsoft ® windows...

Documents