IT Security Fundamentals for Help Desk IT Technical Support

Malware, phishing attacks, and social engineering techniques are three common cybersecurity threats that pose significant risks to individuals and organizations. Malware, short for malicious software, refers to any software designed to infiltrate, damage, or compromise computer systems, networks, or devices. Phishing attacks involve fraudulent attempts to deceive individuals into disclosing sensitive information, such as usernames, passwords, or financial details, through deceptive emails, messages, or websites. Social engineering techniques exploit human psychology and trust to manipulate individuals into divulging confidential information, performing unauthorized actions, or compromising security measures. Together, these threats highlight the importance of robust cybersecurity measures, including antivirus software, security awareness training, and multi-factor authentication, to protect against cyber threats and safeguard sensitive information from unauthorized access or exploitation.

Insider threats and accidental data breaches pose significant cybersecurity risks to organizations, often resulting from employee errors, negligence, or malicious intent. Insider threats involve employees, contractors, or trusted individuals who misuse their access privileges to intentionally steal, leak, or compromise sensitive information. On the other hand, accidental data breaches occur when employees inadvertently expose or mishandle confidential data due to human error, system misconfigurations, or lapses in security practices. Both insider threats and accidental data breaches can lead to financial losses, reputational damage, regulatory fines, and legal liabilities for organizations.

Microsoft Defender SmartScreen is a security feature built into Windows operating systems and Microsoft Edge web browsers, designed to protect users from malicious websites and downloads. SmartScreen analyzes URLs and files in real-time, leveraging reputation-based analysis and machine learning algorithms to determine their safety. When a user attempts to access a suspicious website or download a potentially harmful file, SmartScreen displays a warning message, alerting them to potential security risks and advising caution

Controlled Folder Access is a security feature in Windows 11 designed to protect sensitive files and folders from unauthorized access and tampering by malicious software. When enabled, Controlled Folder Access monitors specified folders for unauthorized changes and prevents unauthorized applications from accessing or modifying protected files. This helps prevent ransomware attacks and unauthorized modifications to important documents, photos, and other files.

Network firewalls, VPNs, and IDS/IPS devices are fundamental components of a robust cybersecurity infrastructure, each serving distinct but complementary purposes in protecting networks from cyber threats. Network firewalls act as gatekeepers, filtering incoming and outgoing traffic based on predefined rules to prevent unauthorized access and block malicious activity at the network perimeter. VPNs provide secure and encrypted connections for remote users, allowing them to access the network securely and anonymously while protecting sensitive data from interception or eavesdropping. IDS/IPS devices monitor network traffic in real-time, detecting and responding to potential security breaches and malicious activities to prevent cyber attacks and safeguard network resources. Together, these technologies form a layered defense strategy, helping organizations mitigate risks, enhance security posture, and maintain the confidentiality, integrity, and availability of their network infrastructure.

Windows 11 includes a built-in VPN client that allows users to easily connect to virtual private networks (VPNs) for secure and private internet access. The VPN client supports a variety of VPN protocols, including PPTP, L2TP/IPsec, SSTP, IKEv2, and OpenVPN, offering flexibility in connecting to different VPN services. Users can configure and manage VPN connections directly from the Windows 11 settings, where they can add new VPN connections, specify connection details such as server addresses and authentication credentials, and toggle the VPN connection on or off with ease.

Windows Network and Sharing Settings provide users with the tools to manage and customize their network connections, sharing preferences, and security settings. Users can access these settings through the Control Panel or the Settings app, depending on their Windows version. Within these settings, users can configure various aspects of their network connections, such as changing network types (Public, Private, or Domain), enabling or disabling network discovery and file sharing, managing network adapters, setting up network profiles, and configuring advanced sharing options.

The Windows Local Security Policy Editor is a management tool built into Windows operating systems that allows administrators to configure security settings for individual computers or user accounts. With the Local Security Policy Editor, administrators can define policies related to user rights assignments, password policies, audit policies, security options, and more. This tool provides granular control over security settings, allowing administrators to enforce specific security configurations tailored to their organization's requirements.

If you want to use the Local Security Policy Editor in Windows Home editions, its fairly easy to configure.

Wireless (Wi-Fi) security is crucial for protecting sensitive data and maintaining the integrity of networks in today's interconnected world. With the widespread use of wireless networks in homes, businesses, and public spaces, ensuring the security of Wi-Fi connections is essential to prevent unauthorized access, data breaches, and cyberattacks. Without adequate security measures in place, wireless networks are vulnerable to various threats, including eavesdropping, data interception, and network intrusion

Blocking a program from accessing the internet using the command line in Windows is a powerful way to control network activity without relying on graphical tools. This approach uses built-in Windows Firewall commands to create outbound rules that restrict specific applications from connecting to the internet. It's especially useful for IT professionals or advanced users who want to automate network restrictions or manage systems remotely.

Here are the commands from the video:

Add rule

netsh advfirewall firewall add rule name="Block Filezilla" dir=out action=block program="C:\Program Files\FileZilla FTP Client\filezilla.exe" enable=yes

Disable rule

netsh advfirewall firewall set rule name="Block Filezilla" new enable=no

Remove rule

netsh advfirewall firewall delete rule name="Block Filezilla"

Since wireless networks are broadcast though the airwaves, it makes it easier for people or devices that you might not want on your network to gain access. Being able to see what types of devices are on your Wi-Fi network can help you keep things more secure.

Endpoint security is essential for combating common threats targeting computers and other devices connected to networks. As computers are often the primary targets of cyberattacks, protecting them with robust endpoint security measures is paramount. Endpoint security solutions, such as antivirus software, firewalls, intrusion detection systems, and endpoint detection and response (EDR) tools, help prevent malware infections, ransomware attacks, and other malicious activities that can compromise system integrity and data confidentiality.

Antivirus software comes in various types, each offering distinct features and functionalities to protect against malware and cyber threats. These programs typically include signature-based detection, behavior monitoring, heuristic analysis, and cloud-based protection to identify and block malicious activities. Users can configure antivirus software to customize scan settings, exclusion lists, and threat remediation options based on their preferences and security needs. Additionally, automatic updates ensure that antivirus databases and program components remain up-to-date to defend against new and emerging threats effectively. Overall, antivirus software plays a crucial role in safeguarding devices and networks by providing real-time protection, regular scans, and proactive threat prevention measures.

Windows Defender's Real-Time Protection and Cloud-Delivered Protection work together to provide comprehensive and proactive defense against malware threats. Real-Time Protection continuously monitors system activity in real-time, using behavior monitoring, signature-based detection, and heuristic analysis to identify and block malware threats as they attempt to execute on the device. Meanwhile, Cloud-Delivered Protection leverages cloud-based resources to enhance threat detection capabilities, analyzing telemetry data and suspicious files in the cloud to identify new and emerging threats. It delivers updated threat intelligence and protection signatures to all Windows Defender-protected devices, ensuring they are equipped to defend against the latest malware threats. By combining real-time monitoring with cloud-powered analysis and protection, Windows Defender offers robust and effective malware protection for Windows devices.

Microsoft Defender for Endpoint is an advanced endpoint security platform designed to protect enterprise devices from a wide range of cyber threats. Formerly known as Microsoft Defender Advanced Threat Protection (ATP), it offers features such as threat detection and response, endpoint protection, and security posture management. Defender for Endpoint utilizes artificial intelligence and machine learning algorithms to detect and respond to sophisticated attacks, including malware, ransomware, and advanced persistent threats. It provides real-time alerts, proactive threat hunting capabilities, and automated response actions to help security teams quickly identify and remediate security incidents. With its integration with Microsoft 365 security services, Defender for Endpoint offers seamless protection across endpoints, email, identities, and cloud applications, enabling organizations to strengthen their security posture and defend against evolving cyber threats

Using strong and unique computer passwords is paramount in safeguarding your digital assets and personal information from cyber threats. Strong passwords, typically composed of a mix of letters, numbers, and special characters, bolster the security of your accounts by making them harder to crack through brute-force attacks or guesswork. Additionally, employing unique passwords for each account reduces the risk of widespread compromise in the event of a breach. With cyber attacks on the rise, practicing good password hygiene is critical in mitigating the potential consequences of unauthorized access, identity theft, financial fraud, and privacy breaches.

Password manager apps are digital tools designed to securely store and manage passwords for various online accounts and services. These apps offer features such as password generation, encryption, and synchronization across multiple devices, providing users with a convenient and secure way to manage their credentials. By using a password manager, users can create complex and unique passwords for each account without the need to remember them all. Additionally, password manager apps often include features such as automatic form filling, two-factor authentication support, and secure password sharing, further enhancing security and usability. Overall, password manager apps help users improve their online security by reducing the risk of password-related vulnerabilities, such as weak or reused passwords, and simplify the process of managing and accessing their digital identities across different platforms and devices.

The Windows biometric fingerprint login process provides users with a convenient and secure way to access their devices and accounts using fingerprint authentication. Users can enroll their fingerprints through the Windows settings, after which their fingerprint data is securely stored on the device and encrypted to protect against unauthorized access. When logging in, users simply place their registered finger on the fingerprint reader, and Windows verifies their identity based on the stored fingerprint data. This process enhances security by replacing traditional passwords with biometric authentication, making it more difficult for unauthorized users to access the device or accounts.

Enabling two-factor authentication (2FA) on your Microsoft account is crucial for enhancing security and safeguarding sensitive personal information. With 2FA, accessing your account requires not only a password but also a second form of verification, such as a unique code sent to your phone or generated by an authenticator app. This extra layer of protection significantly reduces the risk of unauthorized access, even if your password is compromised. It adds an additional barrier for potential attackers, making it much harder for them to breach your account and steal your data. By enabling 2FA, you bolster the security of your Microsoft account and help ensure the privacy and integrity of your online identity and digital assets.

Windows Dynamic Lock is a security feature available in Windows 10 and later versions that automatically locks your computer when you're away, using a paired Bluetooth device, such as a smartphone or a wearable device, as a proximity sensor. When enabled, Dynamic Lock detects when your paired Bluetooth device moves out of range and locks your computer to help protect your privacy and sensitive information from unauthorized access.

If you are concerned about computer security and want to ensure that your users are not being compromised by malware or other malicious software when logging into their computer, you can easily enable the Ctrl Alt Del login requirements for your Windows computers. This is used to ensure that your users are typing in their password or PIN in the actual Windows login box and not a malicious application.

Windows Security Identifiers (SIDs) are unique alphanumeric strings assigned to every user, group, and computer in a Windows environment to manage access and permissions. SIDs are used internally by the operating system to identify and authenticate entities, ensuring that security settings and access controls are consistently applied. Each SID is unique within a given security context, allowing Windows to accurately distinguish between different users and groups when managing file permissions, group policies, and other security-related functions.

Email security best practices are crucial for protecting against various cyber threats, including phishing attempts. Users should always exercise caution when opening emails and scrutinize sender information, email content, and attachments for signs of suspicious activity. Avoid clicking on links or downloading attachments from unknown or untrusted sources, as they may contain malware or lead to phishing websites designed to steal sensitive information. Enabling multi-factor authentication (MFA) and using strong, unique passwords for email accounts can enhance security by adding an extra layer of protection against unauthorized access. Regular security awareness training and implementing email filtering and anti-phishing technologies are also essential components of a comprehensive email security strategy, helping to mitigate the risk of falling victim to email-based attacks and ensuring a safer online environment.

Verifying the email address of message senders is crucial for maintaining cybersecurity and preventing phishing attacks. By confirming the authenticity of the sender's email address, you can avoid falling victim to scams, malware, and fraudulent activities designed to steal personal information or disrupt operations. This verification process helps ensure that communications are legitimate, safeguarding sensitive data and maintaining trust within digital interactions.

Microsoft Defender for Office 365 is a comprehensive cloud-based security solution designed to protect organizations against advanced email-based threats and secure their collaboration and productivity tools within the Microsoft 365 ecosystem. Leveraging advanced threat intelligence, machine learning algorithms, and behavioral analytics, Defender for Office 365 detects and blocks a wide range of threats, including phishing attacks, malware, ransomware, and business email compromise (BEC). It seamlessly integrates with Microsoft 365 applications such as Exchange Online, SharePoint Online, OneDrive for Business, and Teams, providing real-time protection and automated remediation capabilities. With continuous updates and proactive threat detection, Defender for Office 365 helps organizations safeguard their data, users, and assets from evolving cyber threats.

The Outlook for Windows Mail app empowers users to combat phishing attempts, mark suspicious emails as junk, and block unwanted senders efficiently. Through sophisticated algorithms and user feedback mechanisms, the app can detect potential phishing emails and prompt users to report them, thereby contributing to the collective defense against phishing threats. Additionally, users can mark emails as junk directly within the app, teaching it to recognize and filter out similar messages in the future. Furthermore, the app provides options to block specific email addresses or domains, preventing them from reaching the inbox altogether. These built-in features offer users a layered approach to email security, helping them stay protected against phishing scams and unwanted solicitations.

Data encryption plays a vital role in safeguarding sensitive information from unauthorized access, interception, and theft. By encrypting data, it becomes unreadable to anyone without the proper decryption key, thus protecting its confidentiality and integrity. Various types of data require encryption to ensure privacy and security, including personally identifiable information (PII) such as social security numbers, financial data like credit card numbers and banking details, health records, confidential business documents, intellectual property, and communication channels such as emails and instant messages. Encryption helps mitigate the risk of data breaches, identity theft, and unauthorized disclosure, providing a crucial layer of defense for sensitive information in both personal and business contexts.

Windows BitLocker is a built-in disk encryption feature in Windows operating systems designed to enhance data security by encrypting entire drives. When enabled, BitLocker encrypts the contents of the drive using advanced encryption algorithms, such as AES, and requires authentication to unlock and access the encrypted data. Users can employ various authentication methods, such as passwords, PINs, or USB keys, to provide access. BitLocker seamlessly integrates with Windows, allowing users to enable encryption for both the operating system and data drives, protecting sensitive information from unauthorized access, theft, or data breaches.

File and disk encryption methods, along with secure data transfer protocols and practices, are critical components of modern cybersecurity strategies aimed at protecting sensitive information from unauthorized access and interception. File and disk encryption involve encoding data using cryptographic algorithms to render it unreadable without the appropriate decryption key. This ensures that even if attackers gain access to the encrypted data, they cannot decipher its contents without the encryption key. Secure data transfer protocols, such as HTTPS, SFTP, and TLS/SSL, encrypt data during transmission over networks, preventing interception and eavesdropping by malicious actors. Additionally, implementing secure data transfer practices, such as using strong encryption algorithms, enforcing access controls, and regularly updating security protocols, further enhances data protection. By employing robust encryption methods and secure transfer protocols and practices, organizations can safeguard sensitive data from unauthorized access and mitigate the risk of data breaches and cyberattacks.

Monitoring disk space in Windows and utilizing features like Storage Sense are crucial for maintaining system performance and ensuring efficient storage management. As disk space becomes increasingly limited, it can lead to system slowdowns, application errors, and even system crashes. By regularly monitoring disk space usage, users can identify and address potential issues before they escalate. Storage Sense, a built-in feature in Windows, helps automate the process by regularly scanning for and removing unnecessary files, temporary files, and old installations, freeing up valuable disk space. This proactive approach not only optimizes system performance but also prolongs the lifespan of storage devices by reducing unnecessary wear and tear. Overall, effective disk space monitoring and management are essential practices for maintaining a healthy and responsive Windows environment.

Microsoft OneDrive Personal Vault offers users an added layer of protection for their most sensitive files and documents. It acts as a secure and private area within OneDrive, requiring an extra layer of authentication, such as a PIN, fingerprint, or facial recognition, to access its contents. Personal Vault employs encryption and other advanced security measures to safeguard files, ensuring they remain protected even if someone gains unauthorized access to the user's account. With features like automatic locking after a period of inactivity and secure file sharing options, Personal Vault provides peace of mind for users seeking to safeguard their most confidential information stored in the cloud.

Developing an Incident Response Plan (IRP) with clearly defined roles and responsibilities is essential for organizations to effectively respond to cybersecurity incidents and mitigate their impact. The IRP outlines a structured approach for detecting, analyzing, and responding to security breaches, ensuring a coordinated and timely response across all levels of the organization. Roles and responsibilities are assigned to specific individuals or teams, such as incident responders, IT administrators, legal counsel, and communication specialists, outlining their respective duties and actions during each phase of the incident response process. By clearly defining roles and responsibilities in the IRP, organizations can streamline communication, minimize confusion, and facilitate swift and effective incident resolution, ultimately enhancing their overall cybersecurity posture and resilience against cyber threats.

Identifying, containing, documenting, and reporting IT security incidents are critical steps in maintaining robust cybersecurity. Identifying incidents quickly allows organizations to recognize and address threats before they can cause significant damage. Containing these incidents limits their impact, preventing the spread of malicious activities within the network. Documenting every detail of the incident is essential for understanding the breach, learning from it, and improving future security measures.

Windows System Restore is a feature built into the Windows operating system that allows users to revert their computer's system files, programs, and settings to a previous state, effectively undoing recent changes that may have caused issues or instability. System Restore creates restore points at regular intervals or before significant system changes, such as installing new software or drivers, allowing users to restore their computer to a known good state if problems arise.

Common security regulations play a critical role in shaping the cybersecurity landscape by establishing standards, guidelines, and requirements for organizations to protect sensitive information and mitigate security risks. These regulations often vary by industry and jurisdiction but share common objectives, such as safeguarding data privacy, ensuring data integrity, and promoting transparency and accountability in handling sensitive information. Compliance with these regulations is mandatory for organizations operating within their scope and jurisdiction, and non-compliance may result in severe penalties, fines, or legal consequences. Therefore, organizations must understand the scope and applicability of these regulations to their operations and implement appropriate security measures to ensure compliance and protect sensitive data from potential breaches or unauthorized access.

User education plays a crucial role in cybersecurity as end-users are often the first line of defense against cyber threats. Educating users about cybersecurity best practices, such as creating strong passwords, identifying phishing emails, and recognizing suspicious websites, helps empower them to make informed decisions and mitigate risks effectively. By understanding common cyber threats and practicing good cyber hygiene, users can protect themselves and their organizations from potential security breaches, data leaks, and financial losses. Additionally, user education fosters a culture of security awareness and responsibility within organizations, encouraging employees to actively participate in maintaining a secure and resilient cyber environment. Ultimately, investing in user education not only strengthens an organization's cybersecurity posture but also helps create a more resilient and cyber-aware workforce.

Ensuring that your computer has updated security patches is crucial for maintaining the security and integrity of your system. Security patches are software updates released by vendors to address known vulnerabilities and security flaws that could be exploited by cybercriminals to compromise your system. By installing these patches promptly, you protect your computer from potential security threats such as malware infections, data breaches, and unauthorized access. Failure to apply security patches leaves your system vulnerable to attacks and increases the risk of exploitation by cybercriminals

If you have a process or application that you need to run using the TrustedInstaller, System or Admin rights, you can easily run that process using the free RunX software. It has a GUI (graphical user interface) version as well as a command line version that you can use for scripting etc. You can also add command line arguments in the GUI. You can also run programs as a standard user (de-elevated) to see how or if they will run without admin rights.

In Windows 11, the Windows Security app serves as a centralized hub for managing various security features and settings. It provides users with easy access to essential security tools, such as antivirus, firewall, device security, and account protection. From the Windows Security app, users can perform tasks like running virus scans, checking for security updates, managing firewall rules, and reviewing device health and performance. Additionally, Windows 11 introduces several new security enhancements, including improved protection against ransomware and advanced threat detection capabilities.

The Windows Local Security Policy Editor is a management tool that allows administrators to configure and enforce security settings on a local computer. Through this editor, users can set policies that govern various security aspects such as user rights assignments, account policies, and audit policies. It provides control over password policies, user permissions, and security options to help maintain system integrity and protect against unauthorized access. The Local Security Policy Editor is essential for managing security on standalone computers or in environments where centralized group policies are not in use.

If you need to hide specific Windows settings from your users or even have only specific settings be shown, you can do so via the Local Group Policy Editor or the Windows Registry Editor.

Here are the notes and examples from the video.

ShowOnly:

Hide:

Hide:personalization-background

Hide:signinoptions

ShowOnly:appsfeatures

ShowOnly:Network-Proxy;Network-Ethernet

Registry method:

Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

Create a new string value named SettingsPageVisibility

Double click SettingsPageVisibility and add the desired hide or show setting

Discover the differences between Windows’ new Sudo command and the traditional Run as Administrator feature. This video provides a clear explanation of each method, practical use cases, and guidance on when to choose one over the other. Enhance your workflow and security by understanding these essential Windows tools.

Pre‑installed Windows 11 SSDs may look like a convenient shortcut, but there are important security questions that often go unasked. In this video, we explore what it really means to run an operating system that was installed by an unknown third party before it ever reaches your PC. We’ll discuss potential security concerns such as hidden software, modified system files, and the risks of using an installation you didn’t create yourself. You’ll also learn how Windows activation and licensing tie into security, why updates and system integrity can be affected, and what problems can arise if something goes wrong later. If protecting your data, privacy, and system stability matters to you, this video will help you understand whether a pre‑installed SSD is a safe choice or a gamble best avoided