Botnets

What they are:

 A collection of software robots, or 'bots', that creates an army of
infected computers (known as ‘zombies') that are remotely
controlled by the originator. Yours may be one of them and you
may not even know it.

 A botnet is a group of computers connected to the Internet that

have been compromised by a hacker using a computer virus or
Trojan horse. An individual computer in the group is known as a
“zombie“ computer.

What they can do:

 Send spam emails with viruses attached.
 Spread all types of malware.
 Can use your computer as part of a denial of service attack
against other systems.
 Zombie

 In computing, a zombie is a computer connected to the Internet that has

been compromised by a hacker, computer virus or Trojan horse program and
can be used to perform malicious tasks of one sort or another under remote
direction.

 Botnets of zombie computers are often used to spread e-mail spam and
launch denial-of-service attacks (DOS attacks).

 Most owners of "zombie" computers are unaware that their system is being
used in this way. Because the owner tends to be unaware.
 Hacking

 Hacking is a term used to describe actions taken by someone to gain

unauthorized access to a computer. The availability of information online
on the tools, techniques, and malware makes it easier for even non-
technical people to undertake malicious activities.

What it is:
 The process by which cyber criminals gain access to your computer.

What it can do:

 Find weaknesses (or pre-existing bugs) in your security settings and
exploit them in order to access your information.

 Install a Trojan horse, providing a back door for hackers to enter and
search for your information.
 How will you know if your computer is infected?
Here are a few things to check for:
 It takes longer than usual for your computer to start up, it restarts on its own
or doesn't start up at all.
 It takes a long time to launch a program.

 Files and data have disappeared.

 Your system and programs crash constantly.

 The homepage you set on your web browser is different (note that this could
be caused by Adware that has been installed on your computer).
 Web pages are slow to load.
 Your computer screen looks distorted.
 Programs are running without your control.

 If you suspect a problem, make sure your security software is up to date and
run it to check for infection. If nothing is found, or if you are unsure of what
to do, seek technical help.
 IPsec

Internet Protocol Security (IPsec) is a secure network protocol suite

that authenticates and encrypts the packets of data to provide
secure encrypted communication between two computers over an
Internet Protocol network.

IPsec helps
 Protect networks from active and passive attacks by securing IP
packets through the use of packet filtering, cryptographic security
services, and the enforcement of trusted communications.
 IPsec

IPsec supports
 network-level data integrity,
 data confidentiality,
 data origin authentication, and replay protection.
 IPsec is integrated at the Internet layer (layer 3),
 it provides security for all IPv4-based traffic.
 IPsec helps provide defense-in-depth against: Network-based
attacks from untrusted computers, attacks that can result in
the denial-of-service of applications, services, or the network.
 to prevent Data theft.
 to prevent User-credential theft.
 Administrative control of servers, other computers, and the
network.
 IPsec
IPsec and Windows Firewall are not mutually exclusive security
technologies.

The use of IPsec in conjunction with Windows Firewall increases

the security of the communication on your internal network and
reduces the attack surface on each of your clients and servers.

For example, on a secured Web server, you can use Windows

Firewall to block all unsolicited incoming traffic except Web traffic
and you can use IPsec to secure all Web traffic as it travels across
the network.
 If I have a firewall do I need an antivirus?

Yes. A firewall will not protect you from viruses and other
malware.

A firewall limits outside network access to a computer or local

network by blocking or restricting ports.

 Firewalls help prevent your computer from communicating with

other computers on the network and Internet.

If you want to truly protect your computer from potential threats,
we suggesting having both a firewall and antivirus program installed
on your computer. Or, at a minimum, we recommend that firewall
functionality be enabled on your router.
BACK UP AND RESTORE
 Backup and Restore

Backup and Restore (formerly Windows Backup and Restore

Center) is a component of Microsoft Windows introduced
in Windows Vista and included in later versions that allow users to
create backups and restore from backups created earlier.

It became a deprecated feature in Windows 8 before being

completely removed in Windows 8.1 in favour of File History.
However, in Windows 10, it was re-incorporated into the operating
system.
 Backup and Restore
Backup and Restore supports two different types of backup: file
backup and system image. File backups are saved to ZIP files.

Two methods of file backup are supported.

The first, normal backup, stores everything selected for backup.

The second, incremental backup stores only files that are changed
after a previous backup.

The other method of backup, system image, is a disk image of the

backed up system saved block by block in a VHD file.

Block-based backup is more efficient at performing

subsequent differential backups, as only the blocks that have changed
need to be backed up
 Backup and Restore
Backups have two distinct purposes.
 The primary purpose is to recover data after its loss, be it
by data deletion or corruption.

 The secondary purpose of backups is to recover data from an

earlier time, according to a user-defined data retention policy,
typically configured within a backup application for how long
copies of data are required.

 Though backups represent a simple form of disaster recovery,

and should be part of any disaster recovery plan, backups by
themselves should not be considered a complete disaster
recovery plan. One reason for this is that not all backup
systems are able to reconstitute a computer system or other
complex configuration such as a computer cluster, active
directory server, or database server by simply restoring data
from a backup.
 What is a backup?

In information technology, a backup, or the process of

backing up, refers to the copying and archiving of
computer data so it may be used to restore the original after
a data loss event.
 What is a restore?

Data restore is the process of copying backup data

from secondary storage and restoring it to its original location
or a new location.

A restore is performed to return data that has been lost,

stolen or damaged to its original condition or to move data to a
new location.
 Set up your backup

Select the Start​ button, select Settings > Update & security > Backup > Add a drive,
and then choose an external drive or network location for your backups.
 File backup
The first is a ‘file backup’, which allows you to make copies of
individual, as well as groups of, files that you have stored on
your PC.

These might be important documents that you need for work,

or your personal collection of photos, music and videos.
 System backup
The other type of backup is known as ‘system backup’ or a 'system
image'.

This is a bit more complicated as it involves making a backup copy

of the entire Windows operating system that is running on your PC,
as well as all your programs, files and settings.

You can then use this backup to fix your PC if it is behaving

erratically, or if it stops working altogether.

This type can run into hundreds of gigabytes, but some backup
software can perform something called an 'incremental' backup.
These only include the data that has changed since the last backup,
which saves both time and storage space.
 Create a restore point
You can use a restore point to restore your computer's system
files to an earlier point in time. Restore points are automatically
created each week by System Restore and when your PC detects
change, like when you install an app or driver.

Here's how to create a restore point.

Right-click the Start button, then select Control Panel > System
and Maintenance > System.
In the left pane, select System protection.
Select the System Protection tab, and then select Create.
In the System Protection dialog box, type a description, and
then select Create.
 Restore
Right-click the Start button, then select Control Panel > System
and Maintenance > Backup and Restore.

Do one of the following:

 To restore your files, choose Restore my files.

 To restore the files of all users, choose Restore all users' files.

Do one of the following:

 To look through the contents of the backup, select Browse for

files or Browse for folders. When you're browsing for folders,
you won't be able to see the individual files in a folder. To
view individual files, use the Browse for files option.

 To search the contents of the backup, select Search, type all

or part of a file name, and then select Search.
 What is a firewall?
A firewall is a software or hardware that checks information
coming from the Internet or a network, and then either blocks it
or allows it to pass through to your computer, depending on your
firewall settings.

A firewall can help prevent hackers or malicious software from

gaining access to your computer through a network or the
Internet. A firewall can also help stop your computer from sending
malicious software to other computers.

A firewall is a system designed to prevent unauthorized access

to or from a private network.

You can implement a firewall in either hardware or software

form, or a combination of both.
In protecting private information, a firewall is considered a first
line of defense.
 Windows Firewall
In Windows, firewalls are built into the operating system.

When it is enabled in its default configuration, Windows

Firewall blocks all unsolicited incoming network traffic on all
network connections.

Although blocking unsolicited incoming traffic reduces your

attack surface and increases your level of security, it can cause
programs and system services that are acting as servers,
listeners, or peers to stop working properly.

Windows Firewall runs on each of your servers and clients,

providing protection from network attacks that pass through your
perimeter network or originate inside your organization, such as
Trojan horse attacks, worms, or any other type of malicious
program spread through unsolicited incoming traffic.
 Limitation of Firewall

Cannot protect inside attack.

 It cannot stop social engineering attacks or an unauthorized

user intentionally using their access for unwanted purposes.

 It cannot stop attacks if the traffic does not pass through them.

The firewall can not protect against the transfer of virus infected
program files.

Network performance slow.

 Difference Between Firewall and Antivirus

Firewall Antivirus
Firewall acts as a barrier for Antivirus protects against the
the incoming traffic to the internal attacks like malicious
system files etc.
Firewall emphasizes on Antivirus emphasizes on the
inspection of the data flowing malicious program inspection
from the internet to computer steps such as Detection,
Identification and Removal.
Both hardware and software Software only
Monitoring and Filtering Scanning of infected files and
(Specifically IP filtering) software.
Inspection of attack is based Malicious software residing on
on Incoming packets a computer