Lesson Hardware Software and Operating System Security - Cybersecurity - ثالث ثانوي

50 2. Cybersecurity Protection and Response In this unit, you will learn about the threats affecting the security of hardware, software and operating system, and how to protect against them. You will then learn about how network systems are attacked and how to analyze and protect them with secure protocols and techniques. Then you will analyze how Digital Forensics and Incident Response are employed to protect large-scale systems from cyberattacks. Learning Objectives In this unit, you will leam to. > Outline the threats and vulnerabilities affecting hardware, operating and software system security. > Analyze secure system design techniques. > Protect Windows machines and data with basic security measures. > Describe how network structures and web technologies affect cybersecurity systems. > Outline network security protocols and techniques. > Analyze network traffic with Wireshark. > Utilize the Windows VPN service. > Analyze how Digital Forensics and Incident Response are used to protect digital systemis. Tools >Wireshark Zindows Sharender Firewall > D6 Browser for SQLite

Lesson 1 Hardware, Software and Operating System Security Link to digital leason www. Hardware, Software and Operating System Security In cybersecurity, it is important to understand the necessity of protecting hardware, software, and operating systems from potential threats. These three components, as well as information and networks, are the foundation of any digital system, and securing them is essential to ensure the safety and privacy of users. In this lesson, hardware software and OS security will be discussed, and network security will be presented in the next lesson. Hardware Security Hardware security involves safeguarding the physical components of a computer system, such as processors, memory, and storage devices. This includes implementing measures to prevent unauthorized access or tampering, and protecting hardware from damage due to environmental factors, power surges, or other hazards. Some common hardware security techniques include using secure boot processes, Trusted Platform Modules (TPMS) for encryption, and hardware security keys for authentication. Main threats to hardware systems: ■ Physical attacks: Unauthorized access to, modification of, or theft of hardware.components. ■ Counterfeit components: Fake or substandard hardware components Introduced into the supply chain, potentially compromising security. ■ Hardware Trojans: Malicious circuits or components hidden within hardware, capable of compromising the system or leaking sensitive data. • Side-channel attacks: Attacks that exploit information leakage from the hardware, such as power consumption, electromagnetic radiation, or timing. Security practices for protecting hardware systems: • Secure boot process: Ensuring the boot process uses a digital signature to verify the authenticity تعليم 3173-1465 Trusted Platform Modules (TPMS): Integrating TPMS to enable hardware-based encryption and secule storage of encryption keys. ST

• Hardware security keys: Using hardware tokens or biometric devices for multi-factor authentication. ⚫ Firmware security: Ensuring firmware updates are cryptographically signed and securely delivered. • Hardware-based virtualization: Utilizing hardware features to isolate and secure virtual environments. ⚫ Network Air Gaps: An air gap is a security measure that physically disconnects a hardware device from other networks to prevent hacking. Table 2.1: Examples of hardware security threats and security best practices Threat example An unauthorized person gains access to a server room and tampers with the hardware. A fake RAM chip is introduced into a computer which undermines the system's performance and security Security best practice example Implement a boot process that uses, digital signatures to verify the authenticity of the operating system. Incorporate a TPM into the system to provide hardware-based encryption and a secure storage location for encryption keys. 52 Operating System Security The operating system (OS) is the core software that manages a computer's hardware and software resources, acting as an intermediary between the user and the system components. Securing the OS is vital to maintaining overall system security. Modern operating systems have built-in security features that help protect against common threats. These features may include user authentication, file and folder permissions, encryption, and firewall protection. Regularly updating the OS with security patches and using strong, unique passwords for user accounts are essential best practices for maintaining operating system security. Main threats to operating systems: ⚫ Unauthorized access: Gaining unauthorized access to an operating system, potentially leading to data theft, system compromise, or disruption. ⚫ Privilege escalation attacks: Exploiting vulnerabilities to gain higher levels of access or control within the operating system. Rootkits: Rootkits are malicious software programs made to gain access and control of a computer's "Operating system without the owner's knowledge. ⚫Bogt sector attacks: Attacks targeting the boot sector of a system, potentially preventing the operating system from loading or functioning. 2173-1445

Security practices for protecting operating systems: • User authentication: Requiring unique username and strong, complex password for each user account. • File and folder permissions: Setting appropriate access controls to restrict access to sensitive files and folders. ⚫ Encryption: Using built-in OS encryption tools to protect sensitive data on storage devices. • Firewall protection: Configuring the 05 firewall to monitor and control incoming and outgoing network traffic coming from or to the OS. ⚫ Regular OS updates: Installing the latest OS patches and security updates to address vulnerabilities. ■ Security baselines and hardening: Applying security best practices and configurations to minimize attack surfaces. Table 2.2: Examples of operating system security threats and security best practices Threat example Malware is installed on a system that hides its existence and gives an attacker unrestricted access to the operating system. An attacker uses malware to alter the boot Security best practice example Use the built-in encryption tools of the OS to protect sensitive data on storage devices. sector of a system, preventing it from starting Configure the 05 firewall to monitor and control incoming and outgoing network traffic. up comectly Software Security Software security involves protecting the programs and applications running on a computer system from vulnerabilities, bugs, and potential exploits. This includes developing secure coding practices, regularly updating software with security patches, and using antivirus programs to detect and remove malicious software. Additionally, software security ensures that only trusted and verified applications are installed on a system and that proper access controls are in place to prevent unauthorized use or modification. Main threats to software systems: Exploitation of vulnerabilities: Attackers taking advantage of software vulnerabilities to compromise pp or gain unauthorized access. 2173-1445 53

⚫ Malware: Malicious software, such as viruses, worms, ransomware, or spyware, that can cause harm or steal sensitive data. ⚫ Injection Attacks: Attacks where malicious code or command is inserted into a software system, leading to unauthorized access or control. ⚫ Backdoor: A backdoor is a security flaw in software that establishes a path of access to a system or device that bypasses normal authentication procedures. ⚫ Buffer Overflows: An overly large input that is not correctly handled by the software's code can cause a program to crash or execute unintended code, potentially allowing malicious code to run. Security practices for protecting software systems: Secure coding practices: Adopting practices such as input validation and proper error handling In software development. • Regular software updates: Applying security patches and updates as soon as they are released by vendors. ⚫ Antivirus programs: Installing and updating antivirus software to detect and remove malware. ⚫ Application sandboxing: Isolating applications in a restricted environment to minimize potential damage. • Intrusion detection/prevention: Intruders use network gateways to infect the software of a system. An IDS is a system that monitors networks for any potentially harmful activity and takes appropriate action in response. Table 2.3: Examples of software security threats and security best practices Threat example An attacker uses a known vulnerability in a web application to gain unauthorized access to user data. A software developer unknowingly includes code that allows remote access without authentication in a software update. Security best practice example Use input validation and proper error handling during software development to minimize the potential for exploitation. Run potentially unsafe applications in a restricted environment to minimize the potential for harm. وزارة التعليم 2173-1945 54

The threats and the best practices described above for hardware, software and operating system security are related to several challenges that need to be confronted when protecting IT systems. Table 2.4 illustrates the main challenges of protecting hardware, software and operating systems. Table 2.4: Main challenges of protecting hardware, software and operating systems Challenge Hardware system security Physical tampering Supply chain security Firmware vulnerabilities Hardware obsolescence Description Protecting hardware from unauthorized physical access, modification, or theft Ensuring the security and integrity of hardware components throughout the supply chain. from manufacturing to deployment. Identifying and mitigating vulnerabilities in firmware, which can be exploited by attackers to compromise hardware Addressing the security risks associated with outdated or unsupported hardware components. Software systems security Zero-day vulnerabilities Software complexity Software supply chain attacks Identifying and mitigating previously unknown software vulnerabilities before they can be exploited by attackers. Managing the Increasing compleaty of software systems, which can introduce new vulnerabilities and make security harder to achieve Securing the software supply chain against compromises, which can lead to the Introduction of malicious code or vulnerabilities. Operating system security OS vulnerabilities Privilege escalation OS hardening Compatibility assuesرارة التعليم Identifying and addressing vulnerabilities in the operating system that can be exploited by attackers. Preventing attackers from gaining higher levels of access or control within the operating system. Implementing and maintaining the necessary security configurations and best practices to protect the operating system. Ensuring that security measures do not negatively impact the performance or compatibility of applications running on the OS. 173-1845 55

Secure System Design Techniques Secure system design is a fundamental approach in cybersecurity that emphasizes building security into systems from the ground up. It involves considering potential threats and vulnerabilities during the development process and implementing measures to mitigate risks proactively. The following are some of the most common techniques for secure system design. Security by Design Security by Design is a principle that advocates for integrating security measures and considerations from the initial stages of system or software development. Instead of being an afterthought or an addition, security protocols and safeguards are built into the product from the outset. This proactive approach emphasizes the creation of systems and applications in such a way that they are inherently secure. This includes defining policies, roles, and responsibilities; ensuring data integrity and privacy; and implementing user access controls, encryption, and secure coding practices. Security by Design aims to minimize security vulnerabilities and limit the impact of potential security breaches. Defense in Depth Defense in depth is a comprehensive approach to cybersecurity where multiple layers of security controls and measures are placed throughout an information technology system. It is based on the military principle that it's more difficult for an enemy to penetrate a complex and multi-layered defense system than to breach a single barrier. This strategy aims to protect information integrity, availability, and confidentiality by implementing a series of defensive mechanisms, including firewalls, intrusion detection systems, data encryption, anti-virus software, and physical security measures. The concept relies on the notion that if one layer of defense is ineffective or breached, the next layer should be able to prevent the attack, giving an organization multiple opportunities to mitigate potential threats. Security by design and defense in depth seem similar, but there are differences in their application. The following examples show their differences in various scenarios. Website development with security by design In the development of a new e-commerce website, security by design would entail the use of secure coding practices, input validation to prevent SQL injection or cross-site scripting attacks, and implementing strong user authentication and access controls from the outset. Network infrastructure setup with defense in-depth Deploying firewalls at the network perimeter, implementing intrusion detection/prevention systems (IDS/ IPS), using strong endpoint protection software, and having a strong incident response plan in place. Regular audits and penetration testing would also be part of the strategy. Cloud-based service development with security by design When developing cloud-based services, best practices would include the use of secure APIs, robust authentication and access control mechanisms, and built-in data encryption techniques. Physical data center security with defense in-depth To protect the physical security of a data center, defense-in-depth will use segmentation to divide the network into smaller, isolated subsections. The network is segmented on multiple levels, typically by Ful firewalls public-facing networks, and virtual LANS (VLANS). Each segment should have its security controls, " such as authentication, traffic inspection, and monitoring protocols, to reduce the risk of attacks. 2173-1445 56

Secure Programming Secure programming involves writing software code resistant to vulnerabilities and exploits. It involves using secure coding techniques, best practices, and development methodologies to minimize the risk of introducing security flaws into the software. Table 2.5 shows scenarios in which the secure programming technique is applied. Table 2.5: Applications of security by secure programming technique Scenario Web Application Development Mobile Application Development Application Developers are creating a new web application for a banking system. Secure programming in this context would involve input validation, using secure and encrypted connections (HTTPS), and implementing proper session management. Developers are working on a new mobile app for a healthcare provider. Here, secure programming might involve ensuring that the app does not store sensitive date Insecurely on the device, Implementing strong access controls, and encrypting all data transmitted between the app and the server. Passkeys and Device Security There are multiple tools and techniques used to protect hardware devices and their data. Even the simplest protection measures can be effective against security vulnerabilities. One modern example are passkeys. A passkey is a digital credential that replaces traditional passwords and allows users to sign in to apps and websites using biometric sensors, PINS, or patterns. Passkeys provide robust protection against phishing attacks and are standardized across browsers and operating systems. When users want to sign in to a passkey service, their browser or operating system will help them select and use the right passkey. The system will ask users to unlock their devices using a biometric sensor, PIN, or pattern. This ensures that only the rightful owner can use the passkey. Passkeys use public key cryptography, reducing potential data breach threats. When a user creates a passkey with a site or application, this generates a public-private key pair on the user's device. Only the site stores the public key, but this alone is useless to an attacker. An attacker can't derive the user's private key from the data stored on the server, which is required to complete authentication. Because passkeys are bound to a website or app's identity, they're safe from phishing attacks. The browser and operating system ensure that a passkey can only be used with the website or app that created them. This frees users from the worry of signing in to a fake website or app designed to fool them. One example is FIDO2 (Fast Identity Online), an open authentication standard that supports passwordless authentication using biometrics and external security keys. The use of a passkey is illustrated in figure 2.1. وزارة التعليم 2173-1445 1. Passkey Syneelings Figure 2.Authentication al mobile devices with the use of a passkey

58 The Windows Firewall The built-in Windows firewall is a software application that helps protect the OS on your PC by monitoring incoming and outgoing network traffic and allowing or blocking it based on a set of rules. It acts as a barrier between your computer and the Internet or other networks, preventing unauthorized access to your system. Carry out the following steps to see how to activate the Windows firewall on your PC. The following steps might have a slight variation, depending on the Windows OS version that you use. For this example, we will use Windows 10. Activating the Windows Firewall: > Click on the Windows Start button. Windows Play Whe Windowsity Explore > Click on the Control Panel application. 2 > Change the settings view to Large icons. 4 Command van > Click on the Windows Defender Firewall option. 3 e > Check if the shield is green, which means that the firewall is enabled. > Click on the Turn Windows Defender Firewall on or off option. > Click on the radio buttons to toggle between activating and deactivating the firewall. Task M The PC Windows &dualvel > Click OK 173-176 5 1 4

Windows Defendi Ferwant All Control Panel theme Windows Defender Firewall Help protect your PC with Windows Defender Firewall Cumolnet Home Allow an appoftm Through Fe Change nificant things Tim Winters Defender 7 Recurve gen Windows Defender Firewall can help event hackers of malicious software from gaining access to your PC though the Internet or a network Private networks 6 Guest or public networks Neryone pubplaces such as airports or coffee shops Advenemings Windows Defender Firewall state Toublethoot my fretwork Incoming connections Activer publice Notification state On Not connected Connected Block actions to apps that are not on the list of allowed and Network Notify me when Windows Defender Firewallbacks new Ap Security Maintenance Network and Sharing Center درارة التعليم 27-1445 Control Panel All Control Panels Window Defender Fall Customize Seming Core settings for each type of cowork You comthe literall unge for each type af met that you P Tuon Wind ockcoming connections: mcluding Tom the lifted apps Tim off Window Defender Funwell (commanded) Tam on intus Defender Femal ming connecting sein. Que list of allowed sp Tumoff Defender Fall (tended 9 x 日 x Vigure 2.2 Activating the Windows Firewall 59

Allowing Internet Access to Applications on your PC Windows provides several security features to protect your device and your data from unauthorized access, malware, and other attacks. Although this firewall works well when managing applications and limiting network connections, sometimes a security measure may require you to allow or block applications manually. Allowing Internet access to applications: > In the Windows Defender Firewall window. click Allow an app or feature through Windows Defender Firewall. > A list of installed apps requesting Internet access will appear. > To allow an application to connect to the Internet, click Allow another application. > If there is an application to which you want to allow access to the Internet, select it. > Click Add. Windows Defender Fire Windows Defender Firewall All Control Panel Items Windows D Help protect your Control Panel Home Allow an app or feature through Windows Defender Firewall through the internet o 1 Private ne Guest or p Advanced settings Troubleshoot my network Networks in public pla Windows Defender Fire Incoming connections: Change notification settings Tum Windows Defender Firewall on or off Restore default Who comic Windows f Telep 2 This option allows a specific application to connect to the Internet and is usually used for public networks. وزارة التعليم 2003-1445 60 Add all See them tond one that t then did 4 3. allow impor This option blocks access to the Internet Figure 2.3: Allowing internet access to applications S Ax Cano

Modifying File and Folder Permissions on your PC Controlling access to files and folders is one of the fundamental measures for securing information systems. Windows provides an interface for setting permissions and access to different folders and files on a system. This will prevent malicious users from accessing sensitive data. Windows systems use the NTFS permissions system. NTFS (New Technology File System) permissions are a set of access controls used to restrict or grant permissions to users and groups accessing files and folders. NTFS permissions enable administrators to set granular permissions for users and groups at the file and folder level, allowing for fine-grained control over who can access, modify, or delete specific files and folders. The most common NTFS permissions are the following: Project Properties Ceny Sting Secury Pi Vip Cate Oth GOLD OF VENTI EVITEM To change m Mod Fede E Deny For ons ons Avan Full Control: Provides the user or group with complete control over the file or folder, including the ability to modify permissions, delete, and take ownership. Modify: Allows users to modify files or folders, including creating new files and subfolders. -Read & Execute: Allows users to view and execute files and folders. List Folder Contents: Allows users to view the contents of a folder but not to read, modify or execute the files within the folder. Read: Allows users to view files and folders. Write: Allows users to create new files and folders. The following instructions show how to modify the permissions and access to a folder for a specific user or group. Modifying file and folder permissions for a specific user: > Right-click on the file or folder that you want and click Properties. > Click on the Security tab. > You can view a list of all the users that have permissions. > Click on the Edit button to edit the permissions of a user or group. > Click on the Add button to add a new user or group. > If you need to change the permissions of a user or a group type the name. > Click on the Check Names button to check that your inputted text is correct. Click OK >You can view the new user or group in the updated list. Fuse the checkboxes to assign the permissions that you want. 175-1663 61

Орет Putt to Quici acces Browse Adele Bridge C Scan with Windows Defende Project Propert SISTEM 3 Pin to Start Send to CL CUPY Patte Chri Dunte Rename Propertial 1 Fl Modly Find 4 Permissions are also inherited in Windows. where each file or folder gets permissions from the parent folder, and this blerarchy continues to the root of the hard drive. When the Allow column Is inactive, it cannot be edited because permissions are inherited from the root directory. Select Users or p From the cation SI-ACAD-EN-PC12 E the d Buy Modly Rand& Fail SYSTEM 5 Fendine To be able to edit any permissions, you must have ownership of the fle or folder, so if the owner is another user account or a system account such as a local system, you will not thle co modify the permissions. وزارة التعليم 1123-1465 62 6 C 8 SYSTE You can remove the user you just added, but if you try to remove any of the 160 items already there, you'll 9 gel an error message. 10 R Heume 24: Modifying ifle and folder permissions for a specific user

Exercises Read the sentences and tick ✓ True or False. 1. Hardware security involves safeguarding the physical components of a computer system. True False 2. Malware is malicious code that is triggered by a specific condition or event. 3. Sandboxing is a technique for isolating applications from the main operating system. 4. Software security includes Installing antivirus programs to detect and remove malicious software, 5. Secure boot processes are used to verify the authenticity of the operating system before it boots up. 6. Passkeys do not use biometric data for user authentication. 7. Firmware security involves ensuring that firmware updates are cryptographically signed and securely delivered. 8. Encryption is used to protect sensitive data on storage devices. 9. Regular operating system updates should be installed to address any vulnerabilities. 10. Security by design is a proactive approach to developing secure systems and applications by integrating security measures and considerations after the development process. حرارة التعليم

2 Evaluate the risks associated with outdated or unsupported hardware components. 3 Compare the challenges faced in ensuring the security of hardware and software systems. Analyze the main best practices for protecting operating systems. وزارة التعليم

5 Evaluate the effectiveness of secure system design techniques for protecting digital systems. 6 List examples of the applications of security by design. 7 Describe how passkeys are used as a modern authentication method. وزارة التعليم -145