Chapter 3.

0
Countermeasure
in Cybersecurity
DFC20313 Cybersecurity Fundamentals
Prepared By: Fatimah Zahra

Part 1
CLO & PLO
Upon completion of this course, students should be able
to:

CLO1
Explain cybersecurity threats and hazard using
appropriate tools and techniques for secured
environment in organizations

Apply design and architecture to

PLO2 Information Technology solutions using

appropriate tools and techniques.
Topic 3.3 3.3 Discover protection against
malicious code (malware).
3.3.1 Identify Malicious
software protections programs

Content
3.4
3.4 Determine protection physical equipment.
3.4.1 Identify physical computer and
network equipmentprotection methods
a.Access control (physical
barriers, biometrics)
b.Environment (wireless
cells, location shielding,
fire suppression)
3.3 Discover
protection against
malicious code
(malware)
Malicious software protections
programs
These programs are designed to protect your devices from various types of malware, including viruses,
ransomware, spyware, and more.

Top malicious software

protection programs
Bitdefender Antivirus Plus
Bitdefender offers multi-layered ransomware protection and excellent
defense against fraudulent and malicious sites.

Norton 360 Deluxe

Norton provides comprehensive security features, including a VPN, identity
protection, and intelligent firewall protection.

Malwarebytes Premium
Malwarebytes is known for its speedy scans and effective removal of
persistent malware2.
Malicious software protections
programs
Top malicious software
protection programs

McAfee Total Protection

McAfee offers robust protection for multiple devices, including antivirus,
identity theft protection, and secure browsing.

Avast One
Avast provides comprehensive free security with features like malware
protection, a VPN, and system cleanup tools.

Webroot AntiVirus
Webroot is known for its small footprint and fast scans, making it a good
choice for users looking for lightweight protection.
3.4 Determine
protection
physical
equipment
 Malicious physical computer and network equipment
protection methods

a. Access control (physical

barriers)
Physical barriers are tangible security measures designed to prevent unauthorized access to a
facility or specific areas within it. These include:

Fences and Gates

These are commonly used to secure the perimeter of a property. Fences can be
made of various materials like metal, wood, or concrete, and gates can be equipped
with locks or electronic access control systems to regulate entry

Turnstiles
These are mechanical gates that allow one person to pass at a time. Turnstiles are often
used in places like subways, stadiums, and office buildings. They can be integrated with
card readers or biometric systems to ensure that only authorized individuals can enter

Security Doors and Windows

These are reinforced doors and windows designed to withstand forced entry
attempts. They are often used in high-security areas such as data centers,
banks, and government buildings. These barriers can be equipped with
additional security features like electronic locks, alarms, and surveillance
cameras.
 Malicious physical computer and network equipment
protection methods

a. Access control (biometrics)

Biometric access control uses unique physical characteristics to verify identity. Common
biometric methods include:

Fingerprint Recognition
Scans and matches fingerprints against stored templates. Widely used due to its
accuracy and ease of use.

Facial Recognition
Uses facial features to identify individuals. It’s contactless and can be integrated with
surveillance systems

Iris and Retinal Scans

Highly accurate methods that scan the unique patterns in the iris or retina of
the eye

Vein Recognition
Uses patterns of veins in the hand or finger for identification

Biometric systems offer high security because physical traits are difficult to replicate or steal. They
also provide a seamless and convenient user experience.
 Malicious physical computer and network equipment
protection methods

b. Environment
Wireless Cells
Wireless cells refer to the areas covered by wireless networks, such as Wi-Fi.
Protecting these involves:
Signal Encryption: Ensuring that wireless signals are encrypted to prevent
unauthorized access.
Access Control: Using strong passwords and authentication methods to control who
can access the network.
Signal Isolation: Limiting the range of wireless signals to prevent them from
extending beyond the intended area

Location Shielding
Location shielding involves protecting sensitive equipment from external
interference and unauthorized access:
Faraday Cages: Enclosures made of conductive materials that block
electromagnetic fields, preventing electronic eavesdropping and
interference2.
Physical Barriers: Using walls, barriers, and secure rooms to physically
isolate sensitive equipment.
EMI Shielding: Using materials that block electromagnetic interference to
protect sensitive electronic equipment.
 Malicious physical computer and network equipment
protection methods

b. Environment

Fire Suppression
Fire suppression systems are crucial for protecting computer and network
equipment from fire damage:

Fire Alarms and Detectors: Installing smoke detectors and fire alarms to provide
early warning of a fire.
Automatic Fire Suppression Systems: Using systems like sprinklers, gas-based
suppression (e.g., FM-200), or foam systems to automatically extinguish fires.
Regular Maintenance: Ensuring that all fire suppression equipment is regularly
inspected and maintained to function correctly when needed.

These methods help ensure that your computer and network equipment are
protected from environmental hazards and unauthorized access.
3.5 Describe
application
security hardware
hardening
 Application security hardening
a. Service packs

b. Security patches

c. Hotfixes

d. Cold fix

e. Bug fix
 Application security hardening
a. Service packs
Service packs are collections of updates, fixes, and
enhancements delivered as a single package. They often
include security updates, bug fixes, and new features. Installing
service packs helps ensure that your applications are up-to-
date with the latest security improvements and functionality
enhancements

b. Security patches
Security patches are updates specifically designed to address
security vulnerabilities in software. They are released by
software vendors to fix known security issues and protect
against potential exploits. Regularly applying security patches is
crucial to maintaining the security of your applications
 Application security hardening
c. Hotfixes
Hotfixes are small, targeted updates designed to address
specific issues or vulnerabilities in software. Unlike regular
updates, hotfixes are often released quickly to address critical
problems that cannot wait for the next scheduled update. They
are essential for promptly fixing security flaws that could be
exploited by attackers

d. Cold fix
A cold fix is a type of update or fix that requires the system or
application to be restarted to take effect. This is often
necessary for changes that affect core components or
configurations. Cold fixes are typically applied during scheduled
maintenance windows to minimize disruption
 Application security hardening

e. Bug fix
Bug fixes are updates that address software bugs or
errors that affect the functionality or performance of an
application. While not always security-related, bug fixes
can improve the overall stability and reliability of
software, indirectly contributing to security by reducing
the risk of unexpected behavior5

These methods are all part of a comprehensive approach to

application security hardening, ensuring that your software
remains secure, stable, and up-to-date
3.6 Apply various
tools in cybersecurity
and information
security
 Tools used in mitigate the security issues

a. Network Mapper (Nmap)

b. Wireshark

c. Autopsy

d. FTK imager
 Tools used in mitigate the security issues

a. Network Mapper (Nmap)

Nmap ("Network Mapper") is a free and open source utility for

network discovery and security auditing.
It useful for tasks such as network inventory, managing service
upgrade schedules, and monitoring host or service uptime.
Nmap uses raw IP packets in novel ways to determine:
i. Hosts are available on the network
ii. Services
iii. Operating systems (and OS versions) they are running
iv. Type of packet filters/firewalls are in use etc.

It was designed to rapidly scan large networks, but works fine

against single hosts.
 Tools used in mitigate the security issues

b. Wireshark
Wireshark is a widely used, open
source network analyzer that
can capture and display real-time
details of network traffic. It is
particularly useful for troubleshooting
network issues, analyzing network
protocols and ensuring network
security. Networks must be monitored
to ensure smooth operations and
security.
 Tools used in mitigate the security issues
c. Autopsy
Autopsy is a powerful, open-source digital
forensics platform used by law enforcement,
military, and corporate examiners to investigate
what happened on a computer. It provides a
graphical interface to The Sleuth Kit and other
digital forensics tools, making it easier to
analyze
1.TimelineandAnalysis:
recover Allows
data from digital devices
investigators to view
events in a graphical timeline, making it easier to
understand the sequence of activities.
2.Keyword Search: Enables indexed keyword
searches to find files that mention specific terms.
3.Web Artifacts: Extracts history, bookmarks, and
cookies from web browsers.
4.Data Carving: Recovers deleted files from
unallocated space using tools
5.Multimedia Analysis: Extracts metadata from
pictures and allows viewing of videos.
6.Malware Scanning: Helps in identifying and
analyzing malicious software.
 Tools used in mitigate the security issues

d. FTK imager
FTK Imager is a forensic data preview and
imaging tool developed by Exterro. It is widely
used by digital forensic investigators to acquire
and analyze electronic evidence in a forensically
sound manner. Here are some key features of
FTK Imager:
1.Forensic ImagingData Preview
2.Hash Reporting
3.Custom Content Imaging
4.RAM Capture
END OF
CHAPTER
3