SPSCC_CNA113_Chpt_28_Securing_Computers

Acceptable Use Policy (AUP)
Defines what actions employees may or may not perform on company equipment, including computers, phones, printers, and even the network itself. This policy defines the handling of passwords, e-mail, and many other issues.
access control
Security concept using physical security, authentication, users and groups, and security policies.
activation
Process of confirming that an installed copy of a Microsoft product, most commonly Windows or a Microsoft Office application, is legitimate. Usually done at the end of software installation.
anti-malware program
Software designed to identify and block or remove malware. Typically powered by frequently updated definition files containing the signatures of known malware.
antivirus program
Software designed to combat viruses by either seeking out and destroying them or passively guarding against them.
attack vector
The route or methods used by a given attack, including malware.
authentication
Any method a computer uses to determine who can access it.
biometric device
Hardware device used to support authentication; works by scanning and remembering a unique aspect of a user’s various body parts, e.g., retina, iris, face, or fingerprint, by using some form of sensing device such as a retinal scanner.
botnet
Network of computers infected with malware that can be controlled to do the bidding of the malware developers, or anyone who pays them. A common use is carrying out Distributed Denial of Service (DDoS) attacks.
brute force
Simple attack that attempts to guess credentials or identify vulnerabilities by trying many possibilities.
cable lock
Simple anti-theft device for securing a laptop to a nearby object.
certificate authority (CA)
Trusted entities that sign digital certificates to guarantee that the certificate was signed by the site in question and not forged.
chain of custody
A documented history of who has been in possession of a system.
checksum
Value generated from some data, like a file, and saved for comparing to others later. Can be used to identify identical data, such as files on a user’s system that match known viruses. They can also be used to monitor whether a program is changing itself over time, which is a strong warning sign that it may be malware that evolves to avoid detection.
closed source software
Software for which the source code is kept secret.
compliance
Concept that members of an organization must abide by the rules of that organization. For a technician, this often revolves around what software can or cannot be installed on an organization’s computers.
data classification
System of organizing data according to its sensitivity. Common classifications include public, highly confidential, and top secret.
default user accounts/groups
Users or groups that are enabled by default. Some, such as the guest account, represent a security risk.
definition files
List of virus signatures that an antivirus program can recognize.
destination port
In port triggering, after the router sends outbound traffic on the trigger port it will open this port to receive the response.
dictionary attack
Type of brute-force attack using a dictionary to guess things like usernames and passwords. Don’t think Webster’s, these dictionaries may be full of usernames and passwords that have leaked or been used as defaults over the years.
digital certificate
Form in which a public key is sent from a Web server to a Web browser so that the browser can decrypt the data sent by the server.
digital rights management (DRM)
Code schemes for enforcing what users can and can’t do with commercial software or digital media files.
drive-by-download
Undesired file downloads generated by turpid Web sites and ads.
dumpster diving
To go through someone’s trash in search of information.
effective permissions
User’s combined permissions granted by multiple groups.
encryption
Making data unreadable by those who do not possess a key or password.
End User License Agreement (EULA)
Agreement that accompanies a piece of software, to which the user must agree before using the software. Outlines the
terms of use for the software and also lists any actions
on the part of the user that violate the agreement.
entry control roster
Document for recording who enters and leaves a building.
environmental controls
Practice of protecting computing equipment from environmental damage by taking measures such as air conditioning, proper ventilation, air filtration, temperature monitoring, and humidity monitoring.
event auditing
Feature of Event Viewer’s Security section that creates an entry in the Security Log when certain events happen, such as a user logging on.
Event Viewer
Utility made available in Windows as an MMC snap-in that enables users to monitor various system events, including network bandwidth usage and CPU utilization.
firewall
Device that restricts traffic between a local network and the Internet.
Group Policy
Means of easily controlling the settings of multiple network clients with policies such as setting minimum password length or preventing Registry edits.
hardware firewall
Firewall implemented within networking hardware such as a router.
HTTPS
Secure form of HTTP used commonly for Internet business transactions or any time when a secure connection is required. Uses port 443.
ID badge
Small card or document for confirming the identity of its holder and what access they should be granted. May use built-in authentication tools such as RFID or smart card to function as a “something you have” authentication factor.
incident reporting
Process of reporting gathered data about a system or problem to supervisors. Creates a record of work accomplished, and may help identify patterns. Often documented on an incident report form.
incident response leader
In some organizations, a person other than a supervisor responsible for receiving and responding to all incident reports.
intrusion detection system (IDS)
Application that inspects packets, looking for active intrusions. Functions inside the network, looking for threats a firewall might miss, such as viruses, illegal logon attempts, and other well-known attacks. May also discover threats
from inside the network, such as a vulnerability scanner run by a rogue employee.
intrusion prevention system (IPS)
Application similar to an intrusion detection system (IDS), except that it sits directly in the flow of network traffic. This enables it to stop ongoing attacks itself, but may also slow
down the network and be a single point of failure.
IPsec or Internet Protocol security
Microsoft’s encryption method of choice for networks consisting of multiple networks linked by a private connection, providing transparent encryption between the server and the client.
Kerberos
Authentication encryption developed by MIT to enable multiple brands of servers to authenticate multiple brands of clients.
Local Security Policy
Windows tool used to set local security policies on an individual system.
malware
Broadly, software designed to use your computer or device against your wishes. Includes adware, spyware, viruses, ransomware, etc. May be part of seemingly legitimate software or installed by exploiting a vulnerability in the device.
man-in-the-middle (MITM)
Attacker serves as an intermediary between two systems, enabling the attacker to observe, redirect, or even alter messages passing in either direction.
mantrap
Small room with a set of doors; one to the unsecured area and one to a secured area. Only one door can open at a time, and individuals must authenticate to continue. Combats tailgating.
object access auditing
Feature of Event Viewer’s Security section that creates an entry in the Security Log when certain objects are accessed, such as a file or folder.
open source software
Software for which the source code is published instead of kept secret. Typically released under an open source license that specifies terms for those who wish to use the software or modify its source.
patch management
Process of keeping software updated in a safe, timely fashion.
personally identifiable information (PII)
Any data that can lead back to a specific individual.
phishing
The act of trying to get people to give their usernames, passwords, or other security information by pretending to be someone else electronically.
policies
Control permission to perform a given action, such as accessing a command prompt, installing software, or logging on at a certain time of day. Contrast with true permissions, which control access to specific resources.
polymorph virus
Virus that attempts to change its signature to prevent detection by antivirus programs, usually by continually scrambling a bit of useless code.
pop-up
Irritating browser window that appears automatically when you visit a Web site.
port forwarding
Preventing the passage of any IP packets through any ports other than the ones prescribed by the system administrator.
port triggering
Router function that enables a computer to open an incoming connection to one computer automatically based on a specific outgoing connection.
principle of least privilege
Security idea that accounts should have permission to access only the resources they need and no more.
radio frequency identification (RFID)
Wireless technology that uses small tags containing small amounts of digital information, and readers capable of accessing it. The passive type of these tags operate by harvesting some of the power a scanner or reader emits, enabling a vast array of applications. Common uses such as tracking library books, identifying lost pets, contactless payments, and wireless door locks are just scratching the surface.
ransomware
A nasty form of malware that encrypts data or drives on the infected system and demands payment, often within a limited timeframe, in exchange for the keys to decrypt the data.
remediation
Repairing damage caused by a virus.
replication
When a virus makes copies of itself, often by injecting itself into other executables. See malware and virus.
retinal scanner
Biometric security device that authenticates an individual by comparing retinal scans. Rarer in the real world than in media such as movies or video games.
rogue anti-malware
Free applications that claim to be anti-malware, but which are actually themselves malware.
rootkit
Program that takes advantage of very lowlevel functionality to gain privileged system access and hide itself from all but the most aggressive anti-malware tools. Can strike operating systems, hypervisors, and even device firmware.
RSA token
Random-number generators used along with a user name and password to enhance security.
Secure Sockets Layer (SSL)
Security protocol used by a browser to connect to secure Web sites.
security token
Devices that store some unique information that a user carries with them. May contain digital certificates, passwords, biometric data, or RSA tokens.
session hijacking
Intercepting a valid computer session to get authentication information from it, enabling the attacker to use whatever resources the authentication grants access for as long as the authentication information or session are valid.
shoulder surfing
Looking for credentials or other sensitive information by watching someone use a computer or device, often over their shoulder.
signature
Code pattern of a known virus; used by antivirus software to detect viruses.
smart card
Hardware authentication involving a credit card-sized card with circuitry that can be used to identify the bearer of that card.
social engineering
Using or manipulating people inside the networking environment to gain access to that network from the outside.
software firewall
Firewall implemented in software running on servers or workstations.
spam
Unsolicited e-mails from both legitimate businesses and scammers that account for a huge percentage of traffic on the Internet.
spear phishing
Dangerous targeted phishing attack on a group or individual that carefully uses details from the target’s life to increase the odds they’ll take the bait.
spoofing
Pretending to be someone or something else by placing false information into packets. Commonly this type of data includes a source MAC address or IP address, e-mail address, Web address, or user name. Generally a useful tool for enhancing or advancing other attacks, such as social engineering or spear fishing..
spyware
Software that runs in the background of a user’s PC, sending information about browsing habits back to the company that installed it onto the system.
Stateful Packet Inspection (SPI)
Used by hardware firewalls to inspect each incoming packet individually for purposes such as blocking traffic that isn’t in
response to outgoing requests.
stealth virus
Virus that uses various methods to hide from antivirus software
tailgating
Form of infiltration and social engineering that involves following someone else through a door as if you belong in the building.
telephone scam
Social engineering attack in which the attacker makes a phone call to someone in an organization to gain information.
Transport Layer Security (TLS)
Encryption protocol used to securely connect between servers and clients, such as when your Web browser securely connects to Amazon’s servers to make a purchase.
trigger port
In port triggering, outbound traffic on this port will cause the router to open the destination port and wait for a response.
Trojan horse
Program that does something other than what the user who runs the program thinks it will do. Used to disguise malicious code.
trusted root CA
A highly respected certificate authority (CA) that has been placed on the lists of trusted authorities built into Web browsers.
unauthorized access
Anytime a person accesses resources in an unauthorized way. This access may or may not be malicious.
unified threat management (UTM)
Providing robust network security by integrating traditional firewalls with many other security services such as IPS, VPN,
load balancing, antimalware, and more.
virus
Program that can make a copy of itself without your necessarily being aware of it. Some viruses can destroy or damage files. The best protection is to back up files regularly.
virus shield
Passive monitoring of a computer’s activity, checking for viruses only when certain events occur.
worm
Very special form of virus. Unlike other viruses, this does not infect other files on the computer. Instead, it replicates by making copies of itself on other systems on a network by taking advantage of security weaknesses in networking protocols.
zero-day attack
Attack targeting a previously unknown bug or vulnerability that software or hardware developers have had zero days to fix.
zombie
Computer infected with malware that has turned it into a botnet member.
data classification
Mary’s company routinely labels data according to its sensitivity or potential danger to the company if someone outside accesses the data. This is an example of __________________.
Trojan horse
A(n) __________________ masquerades as a legitimate program, yet does something different than what is expected when executed.
definition files.
signature.
Antivirus software uses updatable __________________ to identify a virus by its __________________.
object access auditing
Enable __________________ to create Event Viewer entries when a specific file is accessed.
unauthorized access
Although not all __________________ is malicious, it can lead to data destruction.
social engineering
Most attacks on computer data are accomplished through __________________.
firewall
A(n) __________________ protects against unauthorized access from the Internet.
smart card
Many companies authenticate access to secure rooms using an ownership factor such as a(n) __________________.
Transport Layer Security (TLS).
HTTPS.
Before making a credit card purchase on the Internet, be sure the Web site uses the __________________ protocol (that replaced the older SSL protocol), which you can verify by
checking for the __________________ protocol in the address bar.
polymorph virus
A virus that changes its signature to prevent detection is called a(n) __________________.
Social engineering
What is the process of using or manipulating people to gain access to network resources?
A. Cracking
B. Hacking
C. Network engineering
D. Social engineering
Smart card
Which of the following might offer good hardware authentication?
A. Strong password
B. Encrypted password
C. NTFS
D. Smart card
Local Security Policy
Which of the following tools would enable you to stop a user from logging on to a local machine but still enable him to log on to the domain?
A. AD Policy Filter
B. Group Policy Auditing
C. Local Security Policy
D. User Settings
Port forwarding
Which hardware firewall feature enables incoming traffic on a specific port to reach an IP address on the LAN?
A. Port forwarding
B. NAT
C. DMZ
D. Multifactor authentication
He installed a Trojan horse.
Zander downloaded a game off the Internet and installed it, but as soon as he started to play he got a Blue Screen of Death. Upon rebooting, he discovered that his Documents folder had been erased. What happened?
A. He installed spyware.
B. He installed a Trojan horse.
C. He broke the Group Policy.
D. He broke the Local Security Policy
WPA2
Which of the following should Mary set up on her Wi-Fi router to make it the most secure?
A. NTFS
B. WEP
C. WPA
D. WPA2
Effective permissions
A user account is a member of several groups, and the groups have conflicting rights and permissions to several network resources. The culminating permissions that
ultimately affect the user’s access are referred to as what?
A. Effective permissions
B. Culminating rights
C. Last rights
D. Persistent permissions
They automatically scan e-mails, downloads, and running programs.
What is true about virus shields?
A. They automatically scan e-mails, downloads, and running programs.
B. They protect against spyware and adware.
C. They are effective in stopping pop-ups.
D. They can reduce the amount of spam by 97 percent.
Kerberos
What does Windows use to encrypt the user authentication process over a LAN?
A. PAP
B. TPM
C. HTTPS
D. Kerberos
Telephone scams and Phishing
Which threats are categorized as social engineering? Select all that apply.
A. Telephone scams
B. Phishing
C. Trojan horses
D. Spyware
Quarantine the computer so the suspected malware does not spread.
A user calls to complain that his computer seems awfully sluggish. All he’s done so far is open his e-mail. What should the tech do first?
A. Educate the user about the dangers of opening e-mail.
B. Quarantine the computer so the suspected malware does not spread.
C. Run anti-malware software on the computer.
D. Remediate the infected system.
Boot to Safe Mode and run System Restore or Boot to the Windows Recovery Environment and run System Restore.
Which of the following are good examples of
remediation? Select two.
A. Boot to Safe Mode and run System Restore.
B. Boot to the Windows Recovery Environment and run System Restore.
C. Boot to a safe environment and run antivirus software.
D. Remove a computer suspected of having malware from the network, effectively quarantining the computer.
Applaud the technician for proper compliance.
A user calls and complains that the technician who fixed his computer removed some software he used to download movies and music on the Internet. A check of approved software does not include the uTorrent application, so what should the supervisor do?
A. Applaud the technician for proper compliance.
B. Educate the user about the legal issues involved with movie and music downloads.
C. Add the uTorrent application to the approved software list and make the technician apologize and reinstall the software.
D. Check with the user’s supervisor about adding uTorrent to the approved software list.
Chain of custody
Mike hands the hard drive containing suspicious content to the head of IT security at Bayland Widgets Co. The security guy requests a record of everyone who has been in possession of the hard drive. Given such a scenario, what document should Mike give the IT security chief?
A. Chain of custody
B. Definition file
C. Entry control roster
D. Trusted root CA
Install anti-malware software on every computer. Set the software up to update the definitions and engine automatically. Set the software up to scan regularly.
Educate the users about what sites and downloads to avoid.
Cindy wants to put a policy in place at her company with regard to malware prevention or at least limitation. What policies would offer the best solution?
A. Install anti-malware software on every computer. Instruct users on how to run it.
B. Install anti-malware software on every computer. Set the software up to scan regularly.
C. Install anti-malware software on every computer. Set the software up to update the definitions and engine automatically. Set the software up to scan regularly.
D. Install anti-malware software on every computer. Set the software up to update the definitions and engine automatically. Set the software up to scan regularly.
Educate the users about what sites and downloads to avoid.
Often via email & disguised as from trusted company. Requests a username, password, or account number. Tricks unsuspecting users.
Describe how a phishing attack works.
A package of security services providing robust
network security by integrating traditional firewalls
with many other security services such as IPS, VPN,
load balancing, antimalware, and more.
What is Unified Threat Management (UTM)?
Social engineering
Some hackers try to deceive people to get others to tell them confidential information. What is this called?
Smart cards & biometric devices such as fingerprint/retinal scanners.
What are some hardware-based authentication mechanisms?
Via HTTPS, or HTTP over the Secure Sockets Layer (SSL)
How is the Hypertext Transfer Protocol (HTTP) protected when secure data needs to be sent?
Searching through trash for valuable data
What is dumpster diving?
Authorization validates credentials. Encryption makes data unreadable.
What’s the difference between authorization & encryption?
Malicious software. Prog/code: does something undesirable. Viruses, Trojan horses, worms, rootkits, spyware, botnets, ransomware, spam, etc.
What is malware?
Defines what employees may or may not do on company equipment.
What is an Acceptable Use Policy (AUP)?
Event Viewer
User states that he received an error message in a Windows dialog box. Doesn’t remember exact error message. How can a technician view it?
Similar to tailgating, but instead of following an authorized person into the building, you’re allowed in by an insider.
What is piggybacking?
It’s phishing but targeting a high value target such as a CEO of a company.
What is whaling?
Phishing scams that are done via SMS messaging or texting.
What is SMSishing?
Knowledge factors – something the user knows, like a password or PIN.
Ownership factors – something the user has, such as a key, smart card, or security token.
Inherence factors – something about the user, such as a fingerprint or iris scan
Location factor – somewhere you are. This can be used if the individual’s location can be pinpointed via GPS or some other method. The individual may be required to be at a certain location in order to log in to the system, for example.
Temporal factor – may require logon at a certain time of day, or even within so
many seconds or minutes of another event.
Ability factor – Something you can do such as typing pattern or voice cadence pattern.
What are the authentication factors?
Knowledge factor
Authorization factor where the factor is something the user knows, like a password or PIN.
Ownership factor
Authorization factor where the factor is something the user has, such as a key, smart card, or security token.
Inherence factors
Authorization factor where the factor is something about the user, such as a fingerprint, facescan, or iris scan
Location factor
Authorization factor where the factor is somewhere you are. This can be used if the individual’s location can be pinpointed via GPS or some other method. The individual may be required to be at a certain location in order to log in to the system, for example.
Temporal factor
Authorization factor where the factor may require logon at a certain time of day, or even within so many seconds or minutes of another event.
Ability factor
Authorization factor where the factor is something you can do such as typing pattern or voice cadence pattern.
Uninterruptible Power Supplies (UPSs)
What is the best way to protect network devices from a loss of power?
Clean equipment with compressed air or a nonstatic vacuum. Maintain proper airflow to keep things cool and to control dusty air. Make sure that the room is ventilated and air-conditioned and that the air filters are changed regularly. If things are really bad, you can enclose a system in a dust shield which comes complete with its own filter.
What are some methods of protecting equipment from “dirty air?”
22° Celsius or 72° Fahrenheit
What temperature are most computers designed to operate at?
A privacy filter which is little more than a framed sheet or film that you apply to the front of your monitor. Privacy filters reduce the viewing angle, making it impossible to see the contents on the screen for anyone except those directly in front of the screen
What’s an excellent way to prevent “shoulder surfing?”
The bot hearder
What is the person in charge of the botnet called?
1. Identify malware symptoms
2. Quarantine infected system
3. Disable system restore in Windows
4. Remediate infected systems
* Update anti-malware software
* Use scan and removal techniques
– Windows Safe Mode or Preinstallation Environment
5. Schedule scans and run updates
6. Enable system restore & create restore point
7. Educate end user
What’s the best way to remove malware?