Module 3: Computer Systems & Networks

Operating System Security

Master operating system security fundamentals and learn how to secure different operating systems with practical examples and hands-on exercises.

Content by: Vatsal Vadariya

Cybersecurity Specialist

Connect

Understanding OS Security Architecture

Operating systems are the foundation of computer security. They manage hardware resources, provide security services, and control access to system resources. Think of an OS as a building's security system - it controls who can enter, what they can access, and monitors all activities.

Core OS Security Features

•User authentication and authorization: Who you are and what you can do
•File system permissions and access control: What files you can access
•Process isolation and memory protection: Keeping programs separate
•Network stack security: Securing network communications
•System call filtering and sandboxing: Controlling what programs can do
•Audit logging: Recording security events for analysis

Windows Security Deep Dive

•Windows Defender: Built-in antivirus and threat protection
•User Account Control (UAC): Prevents unauthorized system changes
•BitLocker: Full disk encryption for data protection
•Windows Firewall: Network traffic filtering and monitoring
•Group Policy: Centralized security configuration management
•Windows Security Center: Unified security dashboard

Linux Security Fundamentals

•User and group management: Granular access control
•File permissions (chmod, chown): Detailed access control
•SELinux and AppArmor: Mandatory access control systems
•iptables firewall: Network security configuration
•Package management: Secure software installation and updates
•System hardening: Reducing attack surface

macOS Security Features

•Gatekeeper and code signing: Verifying software authenticity
•FileVault: Full disk encryption for data protection
•System Integrity Protection (SIP): Protecting system files
•XProtect: Built-in malware protection
•Privacy controls: Managing app permissions and data access
•Sandboxing: Isolating applications for security

OS Security Configuration Example

Code Example

# Example: Comprehensive Linux Security Hardening
#!/bin/bash
# Advanced Linux security configuration script

echo "Starting comprehensive Linux security hardening..."

# 1. System Updates and Package Management
echo "Step 1: Updating system packages..."
sudo apt update && sudo apt upgrade -y
sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

# 2. Firewall Configuration
echo "Step 2: Configuring firewall..."
sudo ufw --force reset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp comment 'HTTP'
sudo ufw allow 443/tcp comment 'HTTPS'
sudo ufw enable

# 3. Disable Unnecessary Services
echo "Step 3: Disabling unnecessary services..."
sudo systemctl disable telnet
sudo systemctl disable ftp
sudo systemctl disable rsh
sudo systemctl disable rlogin
sudo systemctl disable nfs-server
sudo systemctl disable rpcbind

# 4. File System Security
echo "Step 4: Configuring file system security..."
sudo chmod 600 /etc/shadow
sudo chmod 644 /etc/passwd
sudo chmod 755 /home
sudo chmod 700 /root
sudo chown root:root /etc/shadow
sudo chown root:root /etc/passwd

# 5. SSH Security Hardening
echo "Step 5: Hardening SSH configuration..."
sudo sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config
sudo sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sudo systemctl restart ssh

# 6. Install and Configure Security Tools
echo "Step 6: Installing security tools..."
sudo apt install -y fail2ban ufw rkhunter chkrootkit

# Configure fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

# 7. System Monitoring
echo "Step 7: Setting up system monitoring..."
sudo apt install -y htop iotop nethogs
sudo chmod +s /usr/bin/ping

# 8. Log Configuration
echo "Step 8: Configuring logging..."
sudo mkdir -p /var/log/security
sudo chmod 750 /var/log/security
sudo chown root:adm /var/log/security

# 9. Kernel Security Parameters
echo "Step 9: Setting kernel security parameters..."
cat << EOF | sudo tee -a /etc/sysctl.conf
# Network security
net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.tcp_syncookies = 1

# Memory protection
kernel.exec-shield = 1
kernel.randomize_va_space = 2
EOF

sudo sysctl -p

echo "Linux security hardening completed successfully!"
echo "System is now more secure with:"
echo "- Updated packages and automatic security updates"
echo "- Configured firewall with restrictive rules"
echo "- Disabled unnecessary services"
echo "- Hardened file permissions"
echo "- Secured SSH configuration"
echo "- Installed security monitoring tools"
echo "- Configured kernel security parameters"

Swipe to see more code

# Example: Comprehensive Linux Security Hardening
#!/bin/bash
# Advanced Linux security configuration script

echo "Starting comprehensive Linux security hardening..."

# 1. System Updates and Package Management
echo "Step 1: Updating system packages..."
sudo apt update && sudo apt upgrade -y
sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

# 2. Firewall Configuration
echo "Step 2: Configuring firewall..."
sudo ufw --force reset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp comment 'HTTP'
sudo ufw allow 443/tcp comment 'HTTPS'
sudo ufw enable

# 3. Disable Unnecessary Services
echo "Step 3: Disabling unnecessary services..."
sudo systemctl disable telnet
sudo systemctl disable ftp
sudo systemctl disable rsh
sudo systemctl disable rlogin
sudo systemctl disable nfs-server
sudo systemctl disable rpcbind

# 4. File System Security
echo "Step 4: Configuring file system security..."
sudo chmod 600 /etc/shadow
sudo chmod 644 /etc/passwd
sudo chmod 755 /home
sudo chmod 700 /root
sudo chown root:root /etc/shadow
sudo chown root:root /etc/passwd

# 5. SSH Security Hardening
echo "Step 5: Hardening SSH configuration..."
sudo sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config
sudo sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sudo systemctl restart ssh

# 6. Install and Configure Security Tools
echo "Step 6: Installing security tools..."
sudo apt install -y fail2ban ufw rkhunter chkrootkit

# Configure fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

# 7. System Monitoring
echo "Step 7: Setting up system monitoring..."
sudo apt install -y htop iotop nethogs
sudo chmod +s /usr/bin/ping

# 8. Log Configuration
echo "Step 8: Configuring logging..."
sudo mkdir -p /var/log/security
sudo chmod 750 /var/log/security
sudo chown root:adm /var/log/security

# 9. Kernel Security Parameters
echo "Step 9: Setting kernel security parameters..."
cat << EOF | sudo tee -a /etc/sysctl.conf
# Network security
net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.tcp_syncookies = 1

# Memory protection
kernel.exec-shield = 1
kernel.randomize_va_space = 2
EOF

sudo sysctl -p

echo "Linux security hardening completed successfully!"
echo "System is now more secure with:"
echo "- Updated packages and automatic security updates"
echo "- Configured firewall with restrictive rules"
echo "- Disabled unnecessary services"
echo "- Hardened file permissions"
echo "- Secured SSH configuration"
echo "- Installed security monitoring tools"
echo "- Configured kernel security parameters"

Scroll

OS Security Best Practices

•Keep your operating system updated with latest security patches
•Use strong passwords and enable two-factor authentication
•Enable full disk encryption to protect data at rest
•Configure firewall to block unnecessary network traffic
•Disable unnecessary services and features
•Use antivirus and anti-malware software
•Regularly backup important data
•Monitor system logs for suspicious activity

Interactive Exercise: OS Security Assessment

Code Example

# Mini-Project: OS Security Assessment Tool
// Assess the security posture of your operating system

const osSecurityAssessment = {
    windows: {
        features: {
            windowsDefender: "Is Windows Defender enabled and updated?",
            uac: "Is User Account Control enabled?",
            bitlocker: "Is BitLocker encryption enabled?",
            firewall: "Is Windows Firewall enabled?",
            updates: "Are automatic updates enabled?",
            antivirus: "Is additional antivirus software installed?"
        },
        score: 0
    },
    linux: {
        features: {
            firewall: "Is a firewall configured and enabled?",
            updates: "Are system packages regularly updated?",
            ssh: "Is SSH properly configured with key authentication?",
            permissions: "Are file permissions properly set?",
            services: "Are unnecessary services disabled?",
            logging: "Is system logging properly configured?"
        },
        score: 0
    },
    macos: {
        features: {
            gatekeeper: "Is Gatekeeper enabled?",
            filevault: "Is FileVault encryption enabled?",
            sip: "Is System Integrity Protection enabled?",
            firewall: "Is the built-in firewall enabled?",
            updates: "Are automatic updates enabled?",
            privacy: "Are privacy settings properly configured?"
        },
        score: 0
    }
};

// Calculate security score for each OS
function calculateOSScore(osFeatures) {
    let score = 0;
    let totalFeatures = Object.keys(osFeatures).length;
    
    Object.values(osFeatures).forEach(feature => {
        // In real implementation, you'd check actual system status
        // For demo purposes, we'll simulate some features being enabled
        if (Math.random() > 0.3) { // 70% chance each feature is enabled
            score++;
        }
    });
    
    const percentage = (score / totalFeatures) * 100;
    return {
        score,
        totalFeatures,
        percentage,
        level: percentage >= 80 ? 'Excellent' : 
               percentage >= 60 ? 'Good' : 
               percentage >= 40 ? 'Fair' : 'Needs Improvement'
    };
}

// Assess each operating system
Object.keys(osSecurityAssessment).forEach(os => {
    if (os !== 'score') {
        const assessment = calculateOSScore(osSecurityAssessment[os].features);
        osSecurityAssessment[os].score = assessment;
        
        console.log(`${os.toUpperCase()} Security Assessment:`);
        console.log(`  Features enabled: ${assessment.score}/${assessment.totalFeatures}`);
        console.log(`  Security score: ${assessment.percentage}% - ${assessment.level}`);
        console.log('---');
    }
});

// Generate security recommendations
function generateRecommendations(os, score) {
    const recommendations = {
        windows: [
            "Enable Windows Defender and keep it updated",
            "Turn on User Account Control (UAC)",
            "Enable BitLocker for full disk encryption",
            "Configure Windows Firewall with appropriate rules",
            "Enable automatic updates for security patches",
            "Consider additional antivirus software for extra protection"
        ],
        linux: [
            "Configure and enable a firewall (ufw or iptables)",
            "Set up automatic security updates",
            "Secure SSH with key-based authentication",
            "Review and set proper file permissions",
            "Disable unnecessary services and daemons",
            "Configure comprehensive system logging"
        ],
        macos: [
            "Enable Gatekeeper to verify software authenticity",
            "Turn on FileVault for full disk encryption",
            "Keep System Integrity Protection (SIP) enabled",
            "Configure the built-in firewall",
            "Enable automatic security updates",
            "Review and configure privacy settings"
        ]
    };
    
    return recommendations[os] || ["General security recommendations apply"];
}

// Example usage
const myOS = 'windows'; // Change this to your actual OS
const myScore = osSecurityAssessment[myOS].score;
const myRecommendations = generateRecommendations(myOS, myScore);

console.log(`${myOS.toUpperCase()} Security Recommendations:`);
myRecommendations.forEach((rec, index) => {
    console.log(`${index + 1}. ${rec}`);
});

Swipe to see more code

# Mini-Project: OS Security Assessment Tool
// Assess the security posture of your operating system

const osSecurityAssessment = {
    windows: {
        features: {
            windowsDefender: "Is Windows Defender enabled and updated?",
            uac: "Is User Account Control enabled?",
            bitlocker: "Is BitLocker encryption enabled?",
            firewall: "Is Windows Firewall enabled?",
            updates: "Are automatic updates enabled?",
            antivirus: "Is additional antivirus software installed?"
        },
        score: 0
    },
    linux: {
        features: {
            firewall: "Is a firewall configured and enabled?",
            updates: "Are system packages regularly updated?",
            ssh: "Is SSH properly configured with key authentication?",
            permissions: "Are file permissions properly set?",
            services: "Are unnecessary services disabled?",
            logging: "Is system logging properly configured?"
        },
        score: 0
    },
    macos: {
        features: {
            gatekeeper: "Is Gatekeeper enabled?",
            filevault: "Is FileVault encryption enabled?",
            sip: "Is System Integrity Protection enabled?",
            firewall: "Is the built-in firewall enabled?",
            updates: "Are automatic updates enabled?",
            privacy: "Are privacy settings properly configured?"
        },
        score: 0
    }
};

// Calculate security score for each OS
function calculateOSScore(osFeatures) {
    let score = 0;
    let totalFeatures = Object.keys(osFeatures).length;
    
    Object.values(osFeatures).forEach(feature => {
        // In real implementation, you'd check actual system status
        // For demo purposes, we'll simulate some features being enabled
        if (Math.random() > 0.3) { // 70% chance each feature is enabled
            score++;
        }
    });
    
    const percentage = (score / totalFeatures) * 100;
    return {
        score,
        totalFeatures,
        percentage,
        level: percentage >= 80 ? 'Excellent' : 
               percentage >= 60 ? 'Good' : 
               percentage >= 40 ? 'Fair' : 'Needs Improvement'
    };
}

// Assess each operating system
Object.keys(osSecurityAssessment).forEach(os => {
    if (os !== 'score') {
        const assessment = calculateOSScore(osSecurityAssessment[os].features);
        osSecurityAssessment[os].score = assessment;
        
        console.log(`${os.toUpperCase()} Security Assessment:`);
        console.log(`  Features enabled: ${assessment.score}/${assessment.totalFeatures}`);
        console.log(`  Security score: ${assessment.percentage}% - ${assessment.level}`);
        console.log('---');
    }
});

// Generate security recommendations
function generateRecommendations(os, score) {
    const recommendations = {
        windows: [
            "Enable Windows Defender and keep it updated",
            "Turn on User Account Control (UAC)",
            "Enable BitLocker for full disk encryption",
            "Configure Windows Firewall with appropriate rules",
            "Enable automatic updates for security patches",
            "Consider additional antivirus software for extra protection"
        ],
        linux: [
            "Configure and enable a firewall (ufw or iptables)",
            "Set up automatic security updates",
            "Secure SSH with key-based authentication",
            "Review and set proper file permissions",
            "Disable unnecessary services and daemons",
            "Configure comprehensive system logging"
        ],
        macos: [
            "Enable Gatekeeper to verify software authenticity",
            "Turn on FileVault for full disk encryption",
            "Keep System Integrity Protection (SIP) enabled",
            "Configure the built-in firewall",
            "Enable automatic security updates",
            "Review and configure privacy settings"
        ]
    };
    
    return recommendations[os] || ["General security recommendations apply"];
}

// Example usage
const myOS = 'windows'; // Change this to your actual OS
const myScore = osSecurityAssessment[myOS].score;
const myRecommendations = generateRecommendations(myOS, myScore);

console.log(`${myOS.toUpperCase()} Security Recommendations:`);
myRecommendations.forEach((rec, index) => {
    console.log(`${index + 1}. ${rec}`);
});

Scroll

🎯 Practice Exercise

Test your understanding of this topic:

I understand the basic concepts covered in this topicI can apply the concepts in practical scenariosI'm ready to move to the next topic

Network Basics

Understand fundamental networking concepts and how they relate to security.

Content by: Vatsal Vadariya

Cybersecurity Specialist

Connect

Network Protocols

•TCP/IP: Transmission Control Protocol/Internet Protocol
•HTTP/HTTPS: Web communication protocols
•DNS: Domain Name System for address resolution
•SMTP/POP3/IMAP: Email protocols
•FTP/SFTP: File transfer protocols

Network Layers

•Physical Layer: Cables, wireless signals
•Data Link Layer: MAC addresses, switches
•Network Layer: IP addresses, routers
•Transport Layer: TCP/UDP, ports
•Application Layer: HTTP, FTP, SMTP

IP Addresses and Subnets

•IPv4: 32-bit addresses (192.168.1.1)
•IPv6: 128-bit addresses (2001:db8::1)
•Private IP ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
•Subnet masks and CIDR notation
•NAT: Network Address Translation

Network Security Concepts

•Firewalls: Filter network traffic
•VPNs: Secure remote connections
•Intrusion Detection Systems (IDS)
•Network segmentation
•Port scanning and vulnerability assessment

Network Security Example

Code Example

# Example: Basic Network Security Configuration
# Firewall rules using iptables
#!/bin/bash

# Clear existing rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

# Set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH (port 22)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP and HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow DNS
iptables -A INPUT -p udp --dport 53 -j ACCEPT

# Log dropped packets
iptables -A INPUT -j LOG --log-prefix "DROPPED: " --log-level 4

# Save rules
iptables-save > /etc/iptables/rules.v4

echo "Firewall rules configured successfully"

Swipe to see more code

# Example: Basic Network Security Configuration
# Firewall rules using iptables
#!/bin/bash

# Clear existing rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

# Set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH (port 22)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP and HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow DNS
iptables -A INPUT -p udp --dport 53 -j ACCEPT

# Log dropped packets
iptables -A INPUT -j LOG --log-prefix "DROPPED: " --log-level 4

# Save rules
iptables-save > /etc/iptables/rules.v4

echo "Firewall rules configured successfully"

Scroll

🎯 Practice Exercise

Test your understanding of this topic:

I understand the basic concepts covered in this topicI can apply the concepts in practical scenariosI'm ready to move to the next topic

Internet & Web Security

Learn about internet security threats and how to protect yourself while browsing the web.

Content by: Vatsal Vadariya

Cybersecurity Specialist

Connect

Web Security Threats

•Malicious websites and drive-by downloads
•Phishing attacks and fake websites
•Man-in-the-middle attacks
•Cross-site scripting (XSS)
•Cross-site request forgery (CSRF)

HTTPS and SSL/TLS

•Encryption of data in transit
•Certificate validation
•Mixed content issues
•Certificate pinning
•Perfect Forward Secrecy (PFS)

Browser Security

•Keep browsers updated
•Use secure browser settings
•Disable unnecessary plugins
•Clear cookies and cache regularly
•Use private/incognito mode when needed

Web Security Best Practices

•Verify website authenticity
•Look for HTTPS and padlock icon
•Be cautious with downloads
•Use ad blockers and script blockers
•Regularly clear browsing data

Web Security Implementation

Code Example

# Example: Web Security Headers
// Express.js security headers configuration
const express = require('express');
const helmet = require('helmet');
const app = express();

// Use helmet for security headers
app.use(helmet({
    contentSecurityPolicy: {
        directives: {
            defaultSrc: ["'self'"],
            styleSrc: ["'self'", "'unsafe-inline'"],
            scriptSrc: ["'self'"],
            imgSrc: ["'self'", "data:", "https:"],
            connectSrc: ["'self'"],
            fontSrc: ["'self'"],
            objectSrc: ["'none'"],
            mediaSrc: ["'self'"],
            frameSrc: ["'none'"],
        },
    },
    hsts: {
        maxAge: 31536000,
        includeSubDomains: true,
        preload: true
    },
    noSniff: true,
    xssFilter: true,
    referrerPolicy: { policy: "same-origin" }
}));

// Additional security middleware
app.use((req, res, next) => {
    // Prevent clickjacking
    res.setHeader('X-Frame-Options', 'DENY');
    
    // Prevent MIME type sniffing
    res.setHeader('X-Content-Type-Options', 'nosniff');
    
    // XSS protection
    res.setHeader('X-XSS-Protection', '1; mode=block');
    
    next();
});

// Rate limiting
const rateLimit = require('express-rate-limit');
const limiter = rateLimit({
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 100 // limit each IP to 100 requests per windowMs
});
app.use(limiter);

console.log('Web security headers configured');

Swipe to see more code

# Example: Web Security Headers
// Express.js security headers configuration
const express = require('express');
const helmet = require('helmet');
const app = express();

// Use helmet for security headers
app.use(helmet({
    contentSecurityPolicy: {
        directives: {
            defaultSrc: ["'self'"],
            styleSrc: ["'self'", "'unsafe-inline'"],
            scriptSrc: ["'self'"],
            imgSrc: ["'self'", "data:", "https:"],
            connectSrc: ["'self'"],
            fontSrc: ["'self'"],
            objectSrc: ["'none'"],
            mediaSrc: ["'self'"],
            frameSrc: ["'none'"],
        },
    },
    hsts: {
        maxAge: 31536000,
        includeSubDomains: true,
        preload: true
    },
    noSniff: true,
    xssFilter: true,
    referrerPolicy: { policy: "same-origin" }
}));

// Additional security middleware
app.use((req, res, next) => {
    // Prevent clickjacking
    res.setHeader('X-Frame-Options', 'DENY');
    
    // Prevent MIME type sniffing
    res.setHeader('X-Content-Type-Options', 'nosniff');
    
    // XSS protection
    res.setHeader('X-XSS-Protection', '1; mode=block');
    
    next();
});

// Rate limiting
const rateLimit = require('express-rate-limit');
const limiter = rateLimit({
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 100 // limit each IP to 100 requests per windowMs
});
app.use(limiter);

console.log('Web security headers configured');

Scroll

🎯 Practice Exercise

Test your understanding of this topic:

I understand the basic concepts covered in this topicI can apply the concepts in practical scenariosI'm ready to move to the next topic

Mobile Device Security

Learn how to secure mobile devices and protect against mobile-specific threats.

Content by: Vatsal Vadariya

Cybersecurity Specialist

Connect

Mobile Security Threats

•Malicious apps and app store security
•Jailbreaking and rooting risks
•Public Wi-Fi vulnerabilities
•Lost or stolen devices
•SMS and call interception

iOS Security

•App Store review process
•Code signing and sandboxing
•Touch ID and Face ID
•Find My iPhone
•Automatic updates and security patches

Android Security

•Google Play Protect
•App permissions system
•Google Play Services security
•Android security updates
•Device encryption options

Mobile Security Best Practices

•Use strong passcodes or biometrics
•Keep devices updated
•Install apps only from official stores
•Review app permissions carefully
•Use VPN on public Wi-Fi
•Enable remote wipe capabilities

Mobile Security Configuration

Code Example

# Example: Android Security Configuration
// AndroidManifest.xml security settings
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.example.secureapp">

    <!-- Network Security Configuration -->
    <application
        android:networkSecurityConfig="@xml/network_security_config"
        android:usesCleartextTraffic="false"
        android:allowBackup="false"
        android:dataExtractionRules="@xml/data_extraction_rules">
        
        <!-- Security permissions -->
        <uses-permission android:name="android.permission.INTERNET" />
        <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
        
        <!-- Prevent screenshot in sensitive activities -->
        <activity
            android:name=".SecureActivity"
            android:excludeFromRecents="true"
            android:screenOrientation="portrait" />
            
    </application>
</manifest>

<!-- network_security_config.xml -->
<network-security-config>
    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">api.example.com</domain>
        <pin-set>
            <pin digest="SHA-256">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</pin>
        </pin-set>
    </domain-config>
</network-security-config>

Swipe to see more code

# Example: Android Security Configuration
// AndroidManifest.xml security settings
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.example.secureapp">

    <!-- Network Security Configuration -->
    <application
        android:networkSecurityConfig="@xml/network_security_config"
        android:usesCleartextTraffic="false"
        android:allowBackup="false"
        android:dataExtractionRules="@xml/data_extraction_rules">
        
        <!-- Security permissions -->
        <uses-permission android:name="android.permission.INTERNET" />
        <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
        
        <!-- Prevent screenshot in sensitive activities -->
        <activity
            android:name=".SecureActivity"
            android:excludeFromRecents="true"
            android:screenOrientation="portrait" />
            
    </application>
</manifest>

<!-- network_security_config.xml -->
<network-security-config>
    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">api.example.com</domain>
        <pin-set>
            <pin digest="SHA-256">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</pin>
        </pin-set>
    </domain-config>
</network-security-config>

Scroll

🎯 Practice Exercise

Test your understanding of this topic:

I understand the basic concepts covered in this topicI can apply the concepts in practical scenariosI'm ready to move to the next topic

Computer Systems & Networks

Select Topics Overview

Operating System Security

Network Basics

Internet & Web Security

Mobile Device Security

Operating System Security

Network Basics

Internet & Web Security

Mobile Device Security

Operating System Security

Understanding OS Security Architecture

Core OS Security Features

Windows Security Deep Dive

Linux Security Fundamentals

macOS Security Features

OS Security Configuration Example

OS Security Best Practices

Interactive Exercise: OS Security Assessment

🎯 Practice Exercise

Network Basics

Network Protocols

Network Layers

IP Addresses and Subnets

Network Security Concepts

Network Security Example

🎯 Practice Exercise

Internet & Web Security

Web Security Threats

HTTPS and SSL/TLS

Browser Security

Web Security Best Practices

Web Security Implementation

🎯 Practice Exercise

Mobile Device Security

Mobile Security Threats

iOS Security

Android Security

Mobile Security Best Practices

Mobile Security Configuration

🎯 Practice Exercise

Module 2: Security Fundamentals

Module 4: Basic Security Tools

Ready for the Next Module?