- How do I know who you really are and that you have access to my information?
- How can I use technology to help keep my information secure and available only to those who have a right to it?
- How might I know that someone is trying to obtain access to my information without permission?
IT support specialists must understand and implement a range of security strategies to keep their organization’s devices, information, software, and network safe. Security refers to making sure only the people (or systems) that should have access to something do have access. IT specialists will use a combination of physical, procedural (operational), and logical controls to keep their resources secure. They must also follow legal and regulatory guidance, especially when it comes to using licensed resources, such as software.
IT staff use some technologies, like encryption, firewalls, and anti-virus software to keep network resources secure, but technology alone will not keep resources secure. People who use the network resources have to understand the ways people may try to obtain access to private or secure information, what is often referred to as social engineering. They then need to act in approved ways so these attacks against individuals or devices comprising the network can be avoided.
Connection to Student Lives
We all own things we want to keep secure. They can include things like a bicycle or a car, your phone or a laptop, and many other things that are either important to you or that cost you or someone in your family money, time, or effort to obtain. Some of these things might be replaceable; although, it would take more time and effort and would probably come at additional cost. There are things you own that you want to keep secure but might not be replaceable, at least not easily. These can include things you’ve created. Maybe you draw or write and don’t want to share your creations with the world, yet. Or maybe you create digital objects, like digital art or even VR worlds in a program like Minecraft. You should be able to determine who has access to them.
We want to be in charge of who has access to the things we own and the things we create. We want to determine who can see them or use them, if we even want to allow that. The same is true when we use an IT infrastructure, including the devices, software, network, and especially the information it contains. IT support specialists take steps to ensure that all aspects of the infrastructure are available only to those people who should have access to them. Keeping the IT infrastructure secure may involve a variety of strategies, including using special software, enacting policies for the way people should behave, as well as physical strategies as simple as locks on devices. Taking steps to secure an IT network means that information and resources are not used without permission by anyone who should not have access to them.
How can I create a secure IT environment? What role does technology play? What do people need to know and be able to do?
Students create documentation that describe common logical and physical security concepts and how they are used. They also generate documentation that can be shared internally with the Help Desk or beyond to other students, faculty, and staff about social engineering threats and how to prevent them.
- NCCTE.2020.II22.02.02 - Explain logical security concepts.
- NCCTE.2020.II22.02.07 - Implement security best practices to secure a workstation.
- NCCTE.2020.II22.02.05 - Compare social engineering, threats, and vulnerabilities.
- NCCTE.2020.II22.02.01 - Summarize the importance of physical security measures.
- NCCTE.2020.II22.02.09 - Implement appropriate data destruction and disposal methods.
TOPIC 12A: Logical Security Concepts
TOPIC 12B: Threats and Vulnerabilities
TOPIC 12C: Physical Security Measures
- The three properties of security: confidentiality, integrity, and availability
- What hardening a system refers to
- Classes of security controls and some examples of each
- Three functions of logical security
- An explanation of the principles of implicit deny and least privilege
- How symmetric and asymmetric encryption function in terms of keys and what they are used for
- Encryption is reversible while hashing is a one-way cryptographic process
- What firewalls can and cannot do in terms of managing access between networks
- Strategies for keeping networks secure, keeping physical ports secure, MAC filtering, PNAC, and MDM
- What a VPN is and does
- The distinctions and differences between vulnerabilities, threats, and risks
- Social engineering attacks can occur over a variety of technologies, including phone, email, texts, and social media
- How social networking sites and social media can expose users to social engineering threats
- Characteristics and strategies of common social engineering threats, including impersonation, phishing and spear phishing, pharming, dumpster diving, shoulder surfing, and tailgating
- Strategies for preparing people to recognize and avoid social engineering attacks
- Information that can be obtained through a scanning attack
- Strategies to prevent footprinting a network using port scanning
- Types of eavesdropping threats and how they threaten networks
- Characteristics of spoofing and Man-in-the-Middle attacks
- Limitations and issues with weak passwords
- Why it is especially important to enforce password policies in a Windows environment
- A general description of how a DDoS attack is launched from a botnet
- Common physical security controls for buildings and devices
- Why remnant removal is important and how physical destruction can be accomplished
- Configure AutoPlay settings
- Use, or explain, the netstat tool to investigate open connections on a local computer
Logical Security Concepts
- Principle of implicit deny
- Principle of least privilege
- Symmetric encryption
- Asymmetric encryption
- Key exchange
- RSA cipher
- Cryptographic Hashes
- Hash function
- Secure Hash Algorithm (SHA-1 and SHA-2)
- Message Digest (MD5)
Public Key Infrastructure (PKI)
- Certificate Authority (CA)
- Digital certificate
autorun.inf file and AutoPlay dialog box
- Heuristic identification
Defense in depth or endpoint security
Network Access Control (NAC)
Whitelisting and Blacklisting MAC addresses
Port-based Network Access Control (PNAC)
- Extensible Authentication Protocol over LAN (EAPoL) protocol
Mobile Device Management (MDM)
Bring Your Own Device (BYOD)
Virtual Private Network (VPN)
Internet Protocol Security (IPSec)
Threats and Vulnerabilities
- Threat agent or Threat actor
Social Engineering Threats
- Spear phishing
Network Footprinting Threats
- Network mapping
- Port scanning
Eavesdropping or sniffing
- MAC flooding
- Content Addressable Memory (CAM) table
- ARP poisoning
Spoofing (or impersonation or masquerade)
- Replay attack
MITM (Man in the Middle) attack
- Mutual authentication
Dictionary password attack
Brute force password attack
Denial of Service (DoS)
- Distributed DoS (DDoS)
- zombie device
Radio Frequence ID (RFID) badge
Entry control roster
- Disk wiping
- Low level format tools
Introduction to problem: Keeping IT infrastructure Secure
Online Pre-assessment (available for student practice, as well)
Review content resources with whole group: 12A: Logical Security Concepts
Activity 12-1: Discussing Logical Security Concepts
Team meetings to develop project plan and goals
Review content resources with whole group: 12B: Threats and Vulnerabilities
Activity 12-2: Discussing Threats and Vulnerabilities
Small group and independent exploration of resources
Contribute to team project
Hands-on exploration with IT professionals: Logical Security Concepts
Review content resources with whole group: 12C: Physical Security Measures
Activity 12-3: Discussing Physical Security Measures
Team progress check with supervisor (using project plan)
Hands-on exploration with IT professionals: Demonstrate/explore Wireshark, if possible
Small group and independent exploration of resources
Contribute to team project
Team progress check with supervisor or sharing of progress with whole group
These topics contain a lot of concepts and terminology students must become familiar with but may not introduce many skills students need to practice. Whenever there is the opportunity to explore the concepts through hands-on application, consider doing so, either through discussions with IT professionals or even creating stations that allow students to simulate some of the concepts, especially encryption and the use of hashes. If possible, consider reviewing some of the tutorials available from Wireshark either as a group or in pairs or individually.
Part of the Help Desk’s charge is to help others use devices safely and keep information, devices, and people secure. As students explore the threats and vulnerabilities to different parts of the infrastructure, consider whether they can create documentation that goes beyond the Help Desk team and helps other students, faculty, and staff better adhere to suggested security guidelines. These could be in the form of posters (digital or print), videos, social media campaigns, or public service announcements broadcast on campus or through a local-access television channel. Student teams could tackle different threats and create media with tools they feel comfortable with.
The Official CompTIA A+ Core 1 & Core 2 Instructor Guide for Exams 220-1001 and 220-1002
- Topic 12A: Logical Security Concepts (pp. 724-731)
- Activity 12-1: Discussing Logical Security Concepts (p. 732-733)
- Topic 12B: Threats and Vulnerabilities (pp. 734-743)
- Activity 12-2: Discussing Threats and Vulnerabilities (pp. 744-745)
- Topic 12C: Physical Security Measures (pp. 746-750)
- Activity 12-3: Discussing Physical Security Measures (p. 751)
Professor Messer at ProfessorMesser.com and YouTube offers numerous free videos of various lengths for many of the topics for the CompTIA 220-1001 A+ Exam. They are easy to understand, narrated videos with visuals. If you are teaching a CompTIA course, the site notes “You’re welcome to use them as much as you’d like, provided you embed the videos with the associated YouTube link or link directly to my site. Please click the “Contact Us” link at the top of our web page and let me know how you’re using them.”
- Professor Messer’s 220-1001 Core 2 CompTIA A+ Training Course videos on ProfessorMesser.com. Search or scroll to find the topics you’re interested in.
Entry Level I.T. Training from Technology Gee
- Social Engineering, Threats & Vulnerabilities (Article | Video – 11:43)
- Physical Security Measures (Article | Video – 10:29)
- Data Destruction & Disposal Methods (Article | Video – 6:57)
- Windows commands
- What is a Firewall?
- Firewall & network protection in Windows Security
- Turn Microsoft Defender Firewall on or off
Wireshark tutorials: https://www.wireshark.org/#learnWS
Other Articles and Resources:
Avoiding Social Engineering and Phishing Attacks from the Cybersecurity & Infrastructure Security Agency, a division of Homeland Security
How to Enable, Disable, and Customize AutoPlay in Windows 10 by Rahul Saigal for How-to Geek
Symmetric vs. Asymmetric Encryption: What’s the Difference? A thorough example with graphics by Brett Daniel for Trenton Systems (contains advertisements and popups)
What is Social Engineering? Examples & Prevention Tips from Webroot, which is a digital security company (minimal Webroot advertisements)
What is VPN? How it Works, Types of VPN for kaspersky. Thorough article with some advertisements for kaspersky products.