Chapter 4 : Security

4.1 Understanding the fundamental principles of security.

a. Hardware deconstruction / recycling
b. Smart card / biometrics
c. Authentication technologies
d. Software firewalls
e. File system security (e.g. FAT32 and NTFS)

4.1.1 Define the names, purposes and characteristics of hardware and

software security for example :
a. Hardware deconstruction / recycling
□ Hard drive contain organization's data and can be a security threat.
□ When a hard drive which contain confidential information is removed from a
computer, it needs to be recycled or disposed in a proper manner.
Clearing: removal of data by
overwriting patterns of ones and zeros to
the entire drive.
Purging: removal of data by degaussing
the drive using electromagnetic to
render the drive unreadable.
Destruction: destroy storage media
physically by pulverizing (pound, crush,
grind to powder), drilling holes and
disposed.
 b. Smart card / biometrics
□ A SMART CARD is a credit card sized plastic
card with an embedded computer chip.
□ The chip can either be a microprocessor with
internal memory or a memory chip with
non-programmable logic.
□ They can be programmed to accept, store and
send data.

b. Smart card / biometrics

How does it work?
□ All smart cards usually have a smart card reader.
□ A user simply inserts his/her smart card into the reader where it remains for
the duration of a session or transaction.
□ The user provides a PIN or password as they would at an ATM machine
providing the added protection of two-factor authentication. (in case of
smartcard + biometric combined authentication)
□ The card then interacts with the security software on the reader + network
(as needed).
□ Operations such as encryption OR private data is provided internally and is
therefore very secure.
□ The user finally removes the card once the session or workday is over, thus
unauthorized individuals can’t hack into protected resources. (computers,
area, doorway etc…)
b. Smart card / biometrics
□ BIOMETRICS measures and analyzes the human bodily
characteristics as a form of authentication for access control.
Ex. Fingerprints, retinal patterns, iris patterns, bone
structure.
□ Biometrics are becoming more common in door access
systems and on laptops/smartphones.
□ The characteristics is converted to digital format called
“minutia data” and stored in a memory.
□ At the start of each session, the user’s biometrics is scanned
and its minutia data is compared with the one in memory for
authentication.
□ Biometric information can also combined with smart card
technology.
 b. Biometrics
technologies

c. Software firewalls
□ Anti-Malware software : This is software that looks for
and (often) eliminates Malware like trojans, root kits and
worms.
□ Anti-Virus Software : This is software that particularly
concentrates upon protection from and elimination of
viruses
□ Firewalls : Software that protects data entering and
leaving the system. It only allows data through particular
(allowed) ports and blocks all communication that tries
to enter through other ports.
c. Software firewalls
Registered Ports:1024 - 49151

firewall : a hardware or software that prevents unauthorized access to private data

(LAN or intranet) or the Internet.

c. What is a Firewall?
• A firewall is a kind of filter or barrier that affects the
message traffic passed between two networks
• Often used as a perimeter defense
– Allows an organization to choose which protocols it will exchange
with the outside world.
• Can also be used to block access to certain Internet sites
– To prevent employees from downloading from blacklisted servers
– To prevent employees from accessing porn sites, etc.
• Usually, blocks outsiders from accessing the internal
network.
• Sometimes, protects against internal users connecting with
the Internet.
10
What Firewalls Cannot Do*

□ Protect against attacks that bypass the

firewall.
■ Dial-out / dial-in systems for employees and
telecommuters.
□ Protect against internal threats
■ A disgruntled employee.
■ An unwitting employee cooperating with
attacker.
□ Protect against the transfer of
virus-infected programs or files. 11
*Cryptography and Network Security, by William Stallings, published by Prentice-Hall.

Types of Firewalls
□ Hardware-based
■ Typical vendors Rohde and Schwarz , Cisco, et. al.
□ Local software
■ Typically a personal firewall
■ Vendors: Symantec, Zone Labs, etc.

12
 Chapter 4 : Security

4.1.3 Identify names, purposes and characteristics of data

and physical security for:
There are various methods of protecting the integrity
of files and data on a file system.
a) Local Security Policy
b) Encryption
c) Data Migration
d) Data Remnant Removal
e) Password Management
f) Locking Workstation

a. Data access (basic local security policy)

• A Group Policy object contains an extensive profile of security

permissions that apply primarily to the security settings of a
domain or a computer (rather than to users)
• Group policies for local computers that do not use the Active
Directory are set using Local Security Policies
• Because a computer can have more than one policy setting
applied to it, security policy settings can conflict with each other.
• The order of precedence from highest to lowest is:
Organizational Unit (OU) => domain => local computer

Nassau Community College ITE153 –

Fall 2011 Operating Systems 14
a. Data access (basic local security policy)

There are four categories of local security policies:

• Account Policies Only these are
• Local Policies covered
• Public Key Policies
• IP Security Policies

Nassau Community College ITE153 –

Fall 2011 Operating Systems 15

a. Data access (basic local security policy)

Two ways to get to it:

• Control Panel => Systems and Security =>Administrative Tools
=> Local Security Policy
• mmc secpol.msc

Nassau Community College ITE153 –

Fall 2011 Operating Systems 16
 Account Policies

• Password and account lockout policies

• Set number of invalid logon attempts
• Lock account indefinitely

Nassau Community College ITE153 –

Fall 2011 Operating Systems 17

a. Data access (basic local security policy)

Local Policies apply to a computer and contain these subsets:

• Audit policy. Determines whether security events are written to
the security log in Event Viewer on the computer. Also
determines whether to log successful attempts, failed attempts, or
both
• User rights assignment. Determines which users or groups have
logon rights or privileges on the computer
• Security options. Enables or disables security policy settings for
the computer, such as digital signing of data, Administrator and
Guest account names, floppy disk drive and CD drive access,
driver installation, and logon prompts

Nassau Community College ITE153 –

Fall 2011 Operating Systems 18
 Local Policies

• Prevents last user name logged on from appearing

• Shutdown without being logged on
• Lock account indefinitely
• Force logoffs

Nassau Community College ITE153 –

Fall 2011 Operating Systems 19

b. Encryption technologies

• Encryption is also a method used by file systems to

secure data, NTFS for example offers file encryption
using DESX.(Data Encryption Standard X)
• Two method of disk encryption
– Full Disk Encryption (for eg. Bitlocker)
– File System Encryption
(eg. file, folder, wireless network, embedded devices)
• File system encryption has a few advantages over full
disk encryption for example
1. File based key management.
2. Individual management of encrypted files.
3. Access control can be further strengthened through the use
of public key cryptography.
4. Keys are only held in memory while the file is being used.
 Encrypting File System (EFS)

• All Windows OS after Win7 uses the EFS

system.
• Provides security beyond user authentication
and access control lists. For example when
the attacker has physical access to the
computer.
• EFS uses public key cryptography, however it
is susceptible to brute-force attacks against
the user account passwords.

Encryption File System (EFS) Encryption

1
EFS works by a user who
uses a File Encryption Key or
FEK for encrypting a file
with a bulk symmetric key.

The FEK itself is again

encrypted with a public
key by the SAME user that
encrypted the file in the
first place.

2
 EFS Decryption
The EFS uses the private key that
matches the EFS digital certificate
(that was used to encrypt the file) to
decrypt the bulk symmetric key.

The resulting
symmetric key is then
used to decrypt the file.

c. Data Migration

• Data migration is a set of activities that moves

data from one or more legacy systems to a new
application
• Data migration can be in level of :
– Data : eg.restructuring data in an application.
– Application :
eg. updating the user-interface, or application
function
– Migrating to a totally new machine.
 Steps

• System migration should not interfere with the

operation of the system.
• Steps should be done is…
1. Migration Planning (pikir dulu)
2. Migrating (buat kmndian)
3. Migration Documentation
4. Acceptance with User

Migration Planning
• Phased or “Major Migration”?
Migrating all at once or moving data over one piece at a time
Factors to be considered :
Amount of data ? ; Effort to be expended ?

• Expectation
When and how long will the migration process take?
How many internal resources must one commit in terms of cost ; human
resources ; infrastructures …?

• Scalability
Is the system adaptable? Flexible for growth? Portable in case of other
company data acquisition ?

• Rollback
In case of migration failure , what’s the backup plan ?
Backup drives ? Restore points ?

• Replication
In case when disaster strikes and the migration fails or a backup is
intended…
d. Data / remnant removal
• Companies, agencies, or individuals may want
to ensure their data cannot be recovered once
their storage media is disposed.
• Simple deletion like formatting your hard drive
is not good enough since the process involves
erasing only the first name of the files.
• Faced with techniques such as MFM (Magnetic
Force Microscopy), truly deleting data from
magnetic media is very difficult.

Secure Deletion Techniques

Technique 1: Multiple Overwrites

• Use an overwrite scheme
– Flip each magnetic domain on the disk back and
forth as much as possible
– Overwrite in alternating patterns to expose it to an
oscillating magnetic field.
– Overwrite with “junk” data several times.
• Use the lowest frequency possible for
overwrites
– Penetrates deeper into the recording medium
 Secure Deletion Techniques

• Technique 2: Degaussing
– Process in which the media is returned to its initial
state
– Coercivity – Amount of magnetic field necessary to
reduce the magnetic induction to zero. (measured
in Oersteds)
– Effectively erasing a medium to the extent that data
recovery is uneconomical requires a magnetic
force ~5x the coercivity.

Commercial Degaussers

Type II/III
Type I
 e. Password management

• Username/password combination is the most common

authentication for gaining access to computers.
• Strong password is important for protecting a user
account. At least 8 characters, including at least 1
uppercase letter, 1 number and 1 special character.
Ex. This1sV#ryS3cure
• Using Microsoft Password Checker
• Changing password at regular intervals is important as
well.
• Many organizations have policies concerning password.

f. Locking workstation (e.g. hardware, operating

system)
4.1.3 Recognize appropriately to social engineering
situations.

• Social Engineering: an act of manipulating users

into revealing confidential information.

• Ex. Phishing: an e-mail fraud that usually take the

form of fake notification from banks, e-pay
systems or organizations to theft for password,
credit cards numbers, bank account details and
other confidential information.

4.1.3 Recognize appropriately to social engineering

situations.
4.1.4 Describe importance of incidence reporting.
• Incident management / reporting is a program which
defines and implements a process that an organization
may adopt to promote its own welfare and the security
of its clients.
• Computer security incident management is an
administrative function of managing and protecting
computer assets, networks and information systems in
the event of a network breach.
• Since these systems are critical to the organization and
its clients, both party must understand their
responsibilities having a management program for
“what to do, when things go wrong.”

4.1.4 Describe process of incidence reporting.

A typical incident response policy would be like as
below:
• Agencies either within or outside the organization
will be contacted of the incident.
• Resources identified to deal with the issue.
• Procedure for evidence gathering and securing is
determined.
• List of information about the incident collected.
• Experts engaged to address the issue.
• Policies and guidelines constructed to handle the
incident as well as future security breach.
4.1.4 Describe process of incidence reporting.

Changed according to needs

4.2 Understand basic concept of security system

4.2.1 Explain basic concept of component for security

including hardware, software and data security
issues such as :

a. BIOS / UEFI security

b. Authentication Technologies and Backup
c. Malicious software
d. File System (e.g. FAT32, NTFS)
 a. BIOS / UEFI security

Unified Extensible Firmware Interface (UEFI) more commonly used with:

◾ GUID (Globally Unique Identifier) Partition Table (GPT) disk drive
partition formats
◾ 64-bit versions of Windows, such as Vista SP1 and later
◾ Drives with a size of 2TB or larger
◾ Some newer tablets and smartbooks
UEFI is a very forward-positioned tech that's made to embrace the larger
and faster processing needs consumers and businesses will continue to
have over time.

a. BIOS / UEFI security

Advantages of UEFI over BIOS

◾ Boot mode
Able to run 32-bit or 64-bit UEFI, but recommended that the OS bit mode and the
firmware bit mode should be the same to avoid issues.
◾ Drives
UEFI supports boot drives of 2.2 TB and higher capacities ( UEFI Forum) ,
including drives with theoretical capacity of 9.4 zettabytes. This helps in design of
future drive capacities.
◾ Drivers
UEFI supports discrete drivers, whereas BIOS drive support is stored in
read-only memory, which necessitates tuning it for compatibility when drives are
swapped out or changes are made.

◾ Graphical user interface (GUI)

UEFI enables new modules to be added to the GUI more easily, including device
drivers for motherboard hardware and attached peripheral devices.
 a. BIOS / UEFI security
Advantages of UEFI over BIOS

◾ Multiple OS support:
Whereas BIOS allows a single boot loader, UEFI lets users install loaders for
Debian-based Ubuntu and other Linux variants, along with Windows OS loaders, in
the same EFI system partition.
◾ Programming:
UEFI firmware is written in C language, which makes adding or removing firmware
functions easier than BIOS, which is written in an assembler language, sometimes
in combination with C.
◾ Secure Boot Security:
UEFI protocol uses Secure Boot where the firmware is trusted to verify device and
system integrity. This prevents hackers from installing rootkits in the time between
bootup and handoff to the OS.
Secure Boot also enables an authorized user to configure networks and troubleshoot
issues remotely, unlike BIOS where you must physically troubleshoot.

b. Authentication technologies and backup

□ Authentication is the verification of a person's

identity. It is used to prevent a security breach
incident such as an unauthorized access to either
premises, computer and resources.
□ This might include approaching the system,
trespassing, communicating, storing and retrieving
data, intercepting data, or any other methods that
would interfere computer's operations.
b. Authentication technologies and backup

□ Authentication can be carried out by using

password (PIN), smart card, biometric,
signature or voice recognition.

Active Maintenance

b. Authentication technologies and backup

Backup
An organisation will have policies that relate to:
□ the frequency of backups (daily, weekly, monthly)
□ the time of day backups are done
□ how long backups are kept

□ where backups should be stored.

□ what will be backed up
 Active Maintenance

b. Authentication technologies and backup

What to Backup
□ backup of selected directories.
□ backup of entire drives
□ Full system backups
□ Imaging
Types of Backup
□ Full Backup. Backup everything.
□ Differential backup – backup of files that have been created
or changed beginning from the date of the last full backup.
□ Incremental backup – backup of only files that have been
created or changed since the last full or differential backup.

c. Malicious software protection (e.g. viruses, Trojan, worms, spam, spyware,

adware, gray ware )

□ Trojans, which appear to be harmless programs, are actually designed to either do damage or
carry out a range of malicious activities
□ Dialers, programs that change the number you use for a dial-up modem, causing increases in
charges.
□ Worms, generally spread as email attachments.
□ Spyware, adware and browser hijackers collect information from your computer or change
the Internet options in the browser.
□ Root Kits, “Root” refers to administrator access to a system. A root kit gives intruders
administrator access to your system – usually over the internet. Once an intruder has root
access, they can effectively take over your system and do anything. Often this includes DOS
(Denial of Service) attacks on other systems. Intruders collect many, many systems (zombies)
and instruct them all to send messages to one system (for example a bank) and flood the
system with requests. This effectively removes the system from the internet.
□ Viruses are small programs that piggy-back on other legitimate programs to infect computers.
Once inside a computer they replicate quickly, slowing the system down, and try to find ways
to infect other systems with copies of themselves.
c. Malicious software protection (e.g. Viruses, Trojan, worms, spam, spyware,
adware, gray ware )

□ Viruses are small programs that piggy-back on other

legitimate programs to infect computers. Once inside a
computer they replicate quickly, slowing the system down,
and try to find ways to infect other systems with copies of
themselves.

c. Types of Viruses
□ Boot Sector Virus
■ Infects the boot or MBR of pen drives and hard drives through the
sharing of infected disks and pirated software applications
■ Once your hard drive is infected all diskettes that you use in your
computer will be infected
□ Program Virus
■ Becomes active when the program file (usually with extensions .BIN,
.COM, .EXE, .OVL, .DRV) carrying the virus is opened
■ It then makes copies of itself and will infect other programs on the
computer
□ Multipartite Virus
■ Hybrid of a Boot Sector and Program viruses
■ It infects program files and when the infected program is active it will
affect the boot record
c. Types of Viruses

□ Stealth Virus
■ Disguises itself to prevent from being detected by antivirus software
■ It alters its file size or conceals itself in memory
□ Polymorphic Virus
■ Act like a chameleon, changing its virus signature (binary pattern)
every time it multiples and infects a new file
□ Macro Virus
■ Programmed as a macro embedded in a document, usually found in
Microsoft Word and Excel
■ Once it gets in to your computer, every document you produce will
become infected
■ Relatively new type of virus and may slip by your antivirus software
if you don't have the most recent version installed

Infected Computer Symptoms

□ Functions slower than
normal
□ Responds slowly and
freezes often
□ Restarts itself often
□ See uncommon error
messages, distorted menus,
and dialog boxes
□ Notice applications fail to
work correctly
□ Fail to print correctly
Computer Virus Effects
 Prevention
□ Upload and use antivirus
software
□ Be aware of the e-mails
and attachments you open
□ Check for updates on
antivirus software regularly
□ Make sure antivirus
software is installed
correctly

Sources
http:// d-
d. File system security (e.g. FAT32 and NTFS)

□ A file system is a method for storing and organizing computer

files and the data they contain to make it easy to find and
access them.
□ File systems exist on hard drives, pen drives, cd’s, dvd’s and
any other form of data storage medium.
□ When a disk is formatted, a filesystem is placed on the disk
after reserving some space for the FAT.
□ Most data storage devices have array of fixed-size blocks,
sometimes called sectors, and file system is in charge of
organizing these sectors into files and directories. It is also in
charge of indexing the media so it knows where and what each
file is.

d. Types of File Systems

□ FAT - File Allocation Table (e.g. FAT16, FAT32), and

NTFS (New Technology File System) are primarily
used on Windows operating systems. FAT used to be
the standard file system for floppy drives and is now
obsolete. But still used in current all in one printer /
scanners.
□ ext2, ext3, Journal File System (jfs) are used on various
LINUX operating systems.
□ HFS (Hierarchical File System) is used by Mac OS.
□ ISO9660 and UDF are used on optical media.
d. How does the file system handle security ?

□ The file system is crucial to data integrity.

□ Main method of protection is through access control.
□ Accessing file system operations (ex. modifying or
deleting a file) are controlled through NTFS Basic
Permission settings.
□ Operating systems with NTFS or ext3 are more secure .
□ Secondary method of protection is through the use of
backup and recovery systems.

NTFS Basic Permission

□ Access control plays a huge part in file system security.

□ The system should only allow access to files that the user is
permitted to access.
□ Almost all major file systems support this capability in order to
prevent malicious activity on the file system.
□ Depending on the users rights they can be allowed to read, write
and/or execute an object. In some file systems schemes only
certain users are allowed to alter the permissions on a file or see
if a file even exists.
□ Ultimately the less the user has access to… the less that they can
go wrong and the integrity of the disk can be more guaranteed.
Differences between the FAT32 and NTFS filesystem

Feature FAT32 NTFS

Maximum Partition Size 2TB 2TB
Maximum File Name 8.3 Characters 256 Characters
Maximum File Size 4GB 16GB
File / Folder Encryption No Yes
Security Only Local Local and Network
Compression No Yes
Conversion Possible Not Allowed
Compatibility Win95/98/2K/2Ksp3/XP Win NT/2K/XP/Vista/7

References

• www.ntfs.com

• https://en.wikipedia.org/wiki/Firewall_(computing)
4.3 Evaluate installation, configuration and preventive maintenance
of the security.

4.3.1 Evaluate and troubleshoot for hardware, software and data

security issues such as:
a. BIOS/UEFI
b. Smart Card/biometrics
c. Authentication technologies
d. Malicious software

a. BIOS / UEFI security

There are several methods available to enhance the security of your BIOS,
including:

1. BIOS Passwords
Setting up a strong BIOS password is an effective way to prevent
unauthorized access to your system's BIOS settings.
2. Full-disk Encryption (FDE)
By encrypting the entire disk, including the BIOS and operating system,
FDE helps protect sensitive information from being accessed or tampered
with during system boot-up or in case of physical theft.
3. TPM Security in BIOS
TPM (Trusted Platform Module) is a hardware-based security feature that
provides a secure environment for storing cryptographic keys, certificates,
and other sensitive information. It offers a range of security capabilities,
including secure boot, remote attestation, and data encryption. It can be
enabled through BIOS.
 a. BIOS / UEFI security

Locking access to CMOS settings

prevents non-techs from changing
key settings

To clear the CMOS settings, place the

shunt on the CMOS jumper. This
resets to factory settings and password

b. Smart Card / Biometrics Attack Technologies

□ Attacks on smart cards are as follows

■ Invasive attacks : Microprobing techniques are usually used to hack the chip
surface directly.
■ Non-invasive attacks : Card is not physically harmed and tools are used
usually disguised as smart card readers.
■ Physical attacks : Physical attacks attempt to reverse engineering the card and
determine the secret keys.
■ Logical attacks : Sensitive information is gained by examining the bytes
going to and from the smart card.
■ Trojan Horse attacks : A rogue application is planted on an unsuspecting
user’s workstation. Once triggered, the user never knows that their private
key was just used against their will.
■ Social Engineering attacks : Relies on human beings faults where a hacker
impersonates as a technician and requests a staff’s password and PIN for
troubleshooting purposes. However most people would be deceived by this
method.
c. Authentication technologies security issues

Best practices to prevent authentication-based vulnerabilities :

1. Use brute-force protection system: Enforce account lockouts, rate
limiting, IP-based monitoring, application firewalls, and CAPTCHAs.
2. Enforce a secure password policy: Do this by creating a password
checker that tells users how strong their passwords are in real-time.
3. Apply HTTP strict transport security (HSTS): This forces web sessions to
use TLS encryption, preventing sensitive information from being accessed
in transit.
4. Use parameterized statements: You can prevent SQL Injection attacks
through input validation and parameterized queries. They are safer to avoid
directly putting user-provided input directly into SQL statements.
5. Implement proper multi-factor authentication: Using multi-factor
authentication is more secure than password-based mechanisms.

d. Malicious softwares
Common Software Security Issues.
□ SQL Injection : Attackers exploit weaknesses in SQL queries to gain
unauthorized access to a database. SQL injection attacks involve inserting
malicious code into a website or application’s SQL statement, allowing
attackers to access, modify, or delete critical data stored within the
database.
□ Exposure to Sensitive Data : Occurs when data is stored or transmitted
insecurely or when unauthorized users gain access to the data. It’s a
serious software security issue that can have significant consequences for
businesses and individuals.
□ Cross-site Scripting (XSS) : Cross-site scripting (XSS) is a security flaw
that allows attackers to inject malicious code into a website, which then
executes in the user’s browser. This can lead to sensitive information theft
or unauthorized access to a user’s account.
4.3 Evaluate installation, configuration and preventive maintenance
of the security.

Active
4.3.2 Service packs, patches and operating system updates Maintenance

When a new OS is released, because they are so complex, even after a period
of rigorous testing, security flaws are often discovered after distribution.
□ For critical security holes, as soon as the flaw is discovered, the software
manufacturer quickly develops and releases a patch, which is a small
software update to eliminate the hole.
□ A group of patches is sometimes released as a major update, or service
pack.
□ When the amount of service pack reaches a pre-determined quantity, it is
repackaged as an OS system update.

Active
4.3.2 Service packs, patches and operating system updates
Maintenance
Justify the need to implement the various patches, service packs and operating
system updates
□ Security: Updates often address vulnerabilities that could be exploited by
malware or hackers. Keeping your system up to-date helps protect against
potential breaches.
□ Stability: Patches and service packs can fix bugs and glitches that affect
system performance, leading to a more stable computing experience.
□ New Features: Updates can introduce new functionalities or
enhancements, improving usability and overall performance.
□ Compatibility: Software and hardware can change over time. Updates
ensure that your system remains compatible with new applications and
devices.
□ Compliance: Many industries have regulations that require organizations
to keep their systems updated to protect sensitive data.
□ Support: Running outdated software can lead to a lack of support from
vendors, making it difficult to resolve issues when they arise.
4.3.2 Essential Components of Malware Prevention
Training

□ Recognizing Phishing and Social Engineering Attacks

■ Providing examples of phishing emails, text messages, and social media posts, and
explain how to identify warning signs such as suspicious links or attachments. It's also
important to emphasize the consequences of falling victim to a phishing or social
engineering attack. Malware infections can result in data loss, financial loss, and even
reputational damage to the company. By educating employees on the risks associated with
these types of attacks, they will be more likely to take the necessary precautions to prevent
them.

□ Safe Browsing Habits and Best Practices

■ Another key component of malware prevention training is teaching employees safe
browsing habits and best practices. For example, encourage employees to only visit
reputable websites, avoid downloading software from untrusted sources, and use ad
blockers to block potentially malicious ads. It's also important to educate employees on the
risks associated with public Wi-Fi networks. These networks are often unsecured, making
them a prime target for cybercriminals looking to intercept sensitive information.
Encourage employees to avoid using public Wi-Fi networks whenever possible, and to use
a virtual private network (VPN) if they must connect to one.

4.3.2 Essential Components of Malware Prevention

Training

□ Password Management and Two-Factor Authentication

■ Strong password management practices are essential for preventing malware attacks.
Teach employees to use strong passwords, avoid reusing passwords across multiple
accounts, and use two-factor authentication whenever possible to add an extra layer of
security. It's also important to educate employees on the risks associated with password
sharing. Employees should be encouraged to keep their passwords confidential and not
share them with anyone, including co-workers or family members.

□ Proper Use of Antivirus Software and Firewalls

■ Antivirus software and firewalls are critical tools for preventing malware infections. Ensure
that your employees understand how to use these tools properly and regularly update
them to keep their systems protected. It's also important to educate employees on the risks
associated with disabling antivirus software or firewalls. While it may seem like an
inconvenience, these tools are essential for preventing malware infections and disabling
them can leave a system vulnerable to attack.