PERSONAL COMPUTER SECURITY It is inevitable that, at some point, all students will experience either an attack or system failure resulting in loss of data and access. For example, most hard drives carry only a two-year warranty. Other vulnerabilities include fire, theft, loss, and accidents. As one student who lost everything commented, "this can really happen to anyone." Thus, a system catastrophe is not a question of "if," but "when." Risk control strategies can help students stay operational, while protecting privacy and data. From this point forward, no crisis email to any faculty that an assignment was lost due to a computer crash!
LEARNING OBJECTIVES Upon completing this exercise, students should be able to:
1. Analyze system components, including system hardware, operating system, applications, and data 2. Formulate a disaster recovery plan for a complete hard drive failure 3. Formulate a business continuity strategy to continuously archive critical data files 4. Put into action an online security plan
Windows System Windows 10: https://youtu.be/HcEUp1d1Zpg Windows 8: https://youtu.be/qIT0QqFRiBI Windows 7: https://youtu.be/SVp9wbn_E-4
Windows 7 Example Use above video links if help needed with first five steps.
1. Navigate to the Start/Windows button 2. Go to “All Programs” 3. Go to “Accessories” 4. Go to “System Tools” 5. Go to “System Information” 6. From the main screen (Figure 2), you should be able to determine:
Operating System (OS Name) Manufacturer Model Processor RAM
9. Go to Components -> Network -> Adapter. You will be looking for the word “Ethernet” under the “Adapter Type” line. This may be in the list multiple times, however the ones that you are looking for will have either the name of an adapter (for hard-lined internet), or for the wireless adapter it will have the words wireless in product type. (Figure 5)
ALTERNATE: BELARC ADVISOR Belarc Advisor will audit your computing system and display it for you through your Internet browser. It is compatible with Windows 10,8, 7, Vista, and XP. You can download the program at http://www.belarc.com/free_download.html. All of the information created by Belarc Advisor is kept private and is not relayed over the Internet to any third party services.
Follow these steps to find your hardware information:
1. Follow the link above to download and install Belarc Advisor 2. Follow the steps and allow Belarc Advisor to create a profile of your system 3. Your Operating System, System Model, and Processor will be the first line under their respective
sections. 4. The Display section will be your Graphics Card. 5. The Multimedia section will be your Audio Card. 6. RAM information will be found under Memory Modules. 7. Under the Communications section (Figure 6) you can find both your hard line network card and
wireless network card (if your computer is capable of wireless). Your hard line network card should have “Ethernet Controller” in the name. Your wireless card will have “Wireless” in its name.
MAC SYSTEM https://youtu.be/W-XOR_v_nq8 1. Click on the “Apple Icon” 2. Go to “About this MAC” (Figure 7). In bold letters, under the Apple logo will be the Operating System.
Figure 7 - "About this MAC" Screen with MAC Operation System
3. Now click “More info…” and you will be taken to a screen with the title of “Hardware Overview” (Figure 8) This will give you:
4. Go to Hardware -> Audio in order to find your Audio Interface (Sound Card), which will be in bold letters at the top (Figure 9).
Figure 9 - Audio Card
5. Go to Hardware ->Graphics/Display in order to find your Video Interface (Graphics Card), which will be in bold letters at the top (Figure 10).
Figure 10 - Graphics Card
6. Go to Network -> ------ Card (In this example there is an AirPort Card, however your system may differ). The information for your card will be under “Card Type” (Figure 11)
Figure 11 - Network Card
OPTIONAL: MAC SYSTEM INFORMATION USING APPLE TECH SPECS Enter your Mac’s serial number in the “Search Tech Specs” field at http://support.apple.com/specs and press Enter to display detailed technical specifications for your machine.
PUBLIC INTERNET PROTOCOL (IP) ADDRESS Similar to a unique address for mailing letters, every device connected to the Internet must have a unique IP address to send email and download content from servers. For the Internet to function, packets can only be exchanged with the specific device making the request. Attackers can also take advantage of your unique IP address to probe vulnerable Internet ports on your computer. Thus, many computers hide the true IP address by having a firewall or proxy server use network address translation (NAT) to mask the “true” IP address with a “public” IP address. For our exercise, identify your “public” IP Address by simply typing “IP ADDRESS” into Google. You may also use web tools (Figure 12), such as What is my IP at http://whatismyip.com .
Figure 12 – Public IP Address
As a separate exercise, you may also evaluate your system to discover its true IP address in the operating system’s Control Panel. In addition, you may test your system for open vulnerable Internet ports (File Sharing, Common Ports, All Service Ports, Messenger Spam, and Browser Headings), such as ShieldsUP! at http://grc.com . To read more about port probing see PC Magazine’s Probe My Ports! at http://bit.ly/V7upbL.
OPERATING SYSTEM BITS Users often need to know if the operating system is 32 or 64-bit for software compliance. See tips to Determine 64-bit Compliance: http://www.stata.com/support/faqs/windows/64-bit-compliance/
Process of developing advanced arrangements and procedures that enable an organization to respond to an event such that mission critical services continue with acceptable levels of interruption or essential change
Commercial Software
Copyrighted application licensed to users at a price (i.e. “Payware”), e.g., MS Office
Data Personal files a user creates using an application, or uses with an application (i.e. Word documents, MP3 files, photos, etc.)
Disaster-Recovery (DR)
Unplanned interruption of normal business processes (hardware, software, data, networks and people); subset of Business Continuity
Fault Tolerance System or process design allowing an operation to continue, possibly at a reduced level, when part of the system fails.
Freeware Software
Copyrighted application licensed to users at no cost or optional donation, e.g., Macrium Reflect Free, Spybot - Search & Destroy, Apple iTunes, Google Picasa, Google Chrome
Hardware Physical equipment directly involved in the performance of data-processing or communications functions. Includes memory (RAM), CPU, hard drives, CD/ DVD drives, etc.
IP Address A unique numeric network identifier for each computing device connected to a network.
Open Source Software
Software application licensed to users at no cost with source code available, e.g., Apache OpenOffice, Google Chromium, Mozilla Firefox, Linux
Operating System
Hardware-specific software layer (i.e. Windows 7, Mac OS 10.6.3, etc.) that runs between computer applications and computer hardware. Allows a user to easily access hardware from an application, such as a printer when using MS Word.
RAM Stands for random access memory, one of the fastest primary storage devices and best known hardware forms of computer memory
Risk Management
Process of identifying vulnerabilities in an information system and taking carefully reasoned steps to ensure Confidentiality, Integrity, and Availability (i.e. CIA) of all system components.
InfoSec SDLC Information Security System Development Life Cycle is a progressive methodology addressing the security of information assets in a system.
Shareware Software
Copyrighted application licensed to users at a modest price, often including either a free trial period, or try-before-you-buy version with reduced features, e.g., Carbon Copy Cloner for Mac
Software Programs designed to perform specific tasks. Major software categories include 1) Applications (i.e. web browsing, word processing, etc.), and 2) Operating Systems.
