Week 2: Identifying Security Threats
Essential Questions
- How can you ensure devices, networks, and data can be kept secure?
- What roles can people play in keeping technology resources and data safe?
- What do you do if resources have been compromised?
Big Ideas
Technology alone cannot keep a network and data from the people who use it safe. Threats to devices, networks, and data require a multi-faceted approach that includes informed users. A security breach can occur from something as simple as sharing a password, or watching someone type their password in. People, not technology, often pose security threats. You and every user on your network should understand how they can defend themselves against these types of security breaches, often called social engineering attacks.
Sometimes these threats are annoying, like all the spam phone calls you might get in a day or when a network becomes overloaded and you can't get to the information you want. Other times, it can become costly, like when a device–or sometimes multiple devices on the same network–are corrupted by a virus or even taken over by ransomware. The latter essentially shuts down an entire school network and all the devices on it. Some organizations, including school districts, have had to pay many thousands of dollars in "ransom" to regain access to their network and the data it houses.
There are also technology supports for defending devices and data from malicious software (malware). You should understand common technology defenses and how to use them on your own school or district devices and how to help others implement them as a member of the Help Desk. You may also help users take steps to back up their information securely and have a plan for when they may have to restore data. Hopefully, it is only a temporary loss.
Note: This Unit may not need a full three weeks as some of the security threats and solutions overlap, especially behavioral solutions. If there were previous topics that need additional review, such as exploring databases in Unit 2, this unit might be shortened to allow for additional topics.
Connection to Student Lives
Have you ever played a game where you pretended to be someone else? What if it wasn't a game, and someone was pretending to be you? That could be serious. Whether you want to think about it or not, there are a lot of people who are engaging in behaviors that cause threats to you and others when using a network, including your school or district network. What would it mean to you if you couldn't use computers provided by your school or district or could not access the network? What steps are you taking to secure your own personal devices and information?
Framing Problem
What strategies can be used to keep devices, networks, and the data they house safe and secure from security threats? How can you and others defend yourself against social engineering attacks that threaten to obtain your personally identifiable information (PII)?
Cornerstone Assessment
Students create documentation to support Help Desk representatives understand how to configure and monitor security on devices and the network and how to be better prepared to combat social engineering attacks.
DPI Standards
- 6.00 Understand computer security
- 6.01 Identify the types of computer security threats
CompTIA Standards
- 6.1 Summarize confidentiality
- 6.2 Explain methods to secure devices and best practices
- 6.7 Explain business continuity concepts
- integrity and availability concerns
Knowledge
- Three properties of secure information: Confidentiality, Integrity, and Availability
- Methods by which confidentiality can be compromised (snooping, eavesdropping/wiretapping, dumpster diving)
- Integrity concerns (man-in-the-middle, replay, and impersonation)
- Ways that availability can be threatened through accidents, oversights, and active attacks (Dos, power outage, hardware failure, destruction, service outage)
- Different types of access controls (authentication, authorization, accounting)
- Social engineering methods and strategies for defeating social engineering attacks
- Methods and purposes for fault tolerance through redundancy of data, network resources, power, and site redundancy and replication
- Disaster recovery strategies
- Device hardening policies to make devices and networks more secure
- An attack surface and how it can be reduced
- Common types of malware attacks, how they are different, and methods for preventing malware infections, such as anti-virus software, scanning, and other means.
- How to recognize spam and phishing techniques
- Reputable sources to download and install software
- Secure methods for updating software and drivers
Skills
- Distinguish threats to the confidentiality, integrity, and availability of information processing systems.
- Identify social engineering techniques.
- Describe the importance of business continuity and how to make systems fault tolerant.
- Explain the importance of disaster recovery plans.
- Describe basic principles for hardening computer systems against attack.
- Distinguish types of malware and use anti-malware software.
- Identify spam and phishing threats.
- Install software patches and updates from secure sources.
Vocabulary
- Availability concerns (Denial of service, Power outage, Hardware failure, Destruction, Service outage) -
- Confidentiality concerns (Snooping, Eavesdropping, Wiretapping, Social engineering, Dumpster diving) -
- Device use best practices (Software sources, Validating legitimate sources, Researching legitimate sources, OEM websites vs. third-party websites, Removal of unwanted software, Removal of unnecessary software, Removal of malicious software) -
- Disaster recovery (Data restoration, Prioritization, Restoring access) -
- Fault tolerance (Replication, Redundancy [Data, Network, Power], Contingency plan) -
- Integrity concerns (Man-in-the-Middle, Replay attack, Impersonation, Unauthorized information alteration) -
- Securing devices (mobile/workstation) (Anti-virus/Anti-malware, Changing default passwords, Enabling passwords, Patching/updates) -
Supporting Vocabulary
- Anti-virus software (definitions, signatures, patterns, heuristic identification)
- Application Updates (Windows Update)
- Attack surface
- Bloatware
- Device hardening
- Escalating a problem
- Malware (program viruses, macro viruses, worms, application exploits, Trojans, spyware, ransomware)
- On-access scanning (removing or cleaning, quarantining, or erasing a file)
- Patch management
- Phishing
- Service Pack (SP)
- Social engineering (Impersonation, Establishing Trust, Dumpster Diving, Identity Fraud, Shoulder Surfing)
- Spam and anti-spam filters
- Vector (of malware)
Weekly Map
Monday
Introduction to problem: Protection against social engineering and malware attacks
Online Pre-assessment (available for student practice, as well)
Team meetings to develop project plan and goals
Tuesday
Review content resources with whole group
Small group and independent exploration of resources
Contribute to team project
Wednesday
Hands-on exploration with IT professionals: school/district policies and resources use to protect devices, the network, and data
Team progress check with supervisor (using project plan)
Thursday
Hands-on exploration with IT professionals: school/district policies and resources use to protect devices, the network, and data
Small group and independent exploration of resources
Contribute to team project
Friday
Team sharing of progress with whole group
Online post-assessment
Monitor progress and adjust project plan as necessary
Lesson Ideas
Students work in teams to review Units 5.1 and 5.2 in their textbook. The students collaborate on adding to their Frayer-type digital presentation or other documentation that records and illustrates key vocabulary and concepts in the Units. Students contribute to these files throughout the semester to prepare for the CompTIA certification exam and to contribute to the Help Desk knowledge base.
Student teams work together to create documentation that helps the Help Desk representatives and the users on the school or district network better understand both social engineering attacks and common malware threats and strategies they can use to defend themselves from these attacks when using school or district hardware or network resources.
Technicians demonstrate or model standard technology solutions encouraged or required by the school or district to help secure devices and data. They should share acceptable resources, such as accepted file sharing services, as well as those that should not be used on the network. They may want to share how they handle violations by users when to do use less secure resources.
Potential Resources
The Official CompTIA ITF+ Instructor's Manual and Student Guide: Units 5.1 and 5.2
Frayer Diagram Template (slide deck, document, or other)
CyberWise offers a range of supports for parents and teachers on a full range of topics related to digital citizenship
Infographic on identifying and avoiding phishing attacks from TechRepublic
10 Easy Ways to Prevent Malware Infection by Wendy Zamora for Malwarebytes Labs
ITProTV: (Note: Could be distributed across three weeks)
- Basic Security Principles | CompTIA IT Fundamentals+ (FC0-U61) (28:19)
- Basic Security Principles Pt. 2 | CompTIA IT Fundamentals+ (FC0-U61) (30:28)
- Security Best Practices | CompTIA IT Fundamentals+ (FC0-U61) (27:19)
- Security Best Practices Pt. 2 | CompTIA IT Fundamentals+ (FC0-U61) (30:24)
- Security Best Practices Pt. 3 | CompTIA IT Fundamentals+ (FC0-U61) (28:20)
Khan Academy
- Cybersecurity and Crime is a portion of the What is the Internet? course
- The Online Data Security Unit contains information about Cyber Attacks
Technology Gee