21. Using Best Practices

Question 1

3 types of viruses?

Answer 1

• Program viruses
• Macro viruses
• Worms

Question 2

What are program viruses?

Answer 2

Code snippets that integrate into other programs or scripts

When the application is executed, the virus code becomes active.

Question 3

What are macro viruses?

Answer 3

Viruses exploiting Microsoft Office macros

Microsoft macros are small programs or scripts written in the Visual Basic for Applications (VBA) language.

Question 4

What are worms?

Answer 4

Network-exploiting viruses residing in memory

like email,

Question 5

What is a drive-by download?

Answer 5

Malware installed on a user’s device without consent or knowledge

often simply by visiting a compromised website or clicking on a malicious link.

Question 6

What is a virus vector?

Answer 6

The route by which malware infects a computer

i.e. opening links in unsolicited email, infection from another compromised machine on the same network, etc.

Question 7

What is cross-site scripting (XSS)?

Answer 7

Malicious scripts injected into webpages to harm user’s browsers or steal data

i.e. 1 technique is to spawn a pop-up window when a user visits a genuine banking site to try to trick them into entering their credentials through the pop-up.

Question 8

What is pharming?

Answer 8

Attempts to redirect web traffic to a counterfeit page

This is usually done by corrupting the way the computer resolves the website name used in the web address to the IP address of a particular server.

Question 9

What is a service pack?

Answer 9

Collection of updates, fixes, & patches for a software product

Typically on an OS or app suite

Microsoft products like Windows have a lifecycle policy: 5 years of mainstream support, 5 years of extended support for security updates. You need the latest Service Pack for support, and non-updated versions get 24 months after its release.

Question 10

How do antiviruses identify infected files?

Answer 10

Using definitions/signatures of known virus code

Question 11

What is an Access Control System?

Answer 11

Technical controls that govern how subjects may interact with objects

Question 12

What is a Subject in an access control systems?

Answer 12

Anything that can request & be granted access to a resource

i.e. Users or software processes

Question 13

What are Objects in access control systems?

Answer 13

Resources

i.e. networks, servers, databases, files, etc.

Question 14

What is an Access Control List (ACL)?

Answer 14

List of subjects & the permissions they have on the object

Question 15

4 main processes on an access control system?

Answer 15

• Identification
• Authentication
• Authorization
• Accounting

Question 16

4 comon ways ACLs are implemented?

The different ways they’re implemented determine how users receive rights

Answer 16

• Discretionary Access Control (DAC)
• Role-based Access Control (RBAC)
• Mandatory Access Control (MAC)
• Rule-based

Question 17

How does DAC operate?

Answer 17

By giving authority to the owner

Ownership can be transferred. Owner has full control over the resource, allowing them to modify its ACL to grant rights to others

Question 18

How does RBAC control access?

Answer 18

By assigning roles with specific permissions to users

You can see a simple version of RBAC working in the division of Windows user account types into Administrators and Standard Users.

Question 19

How does MAC (Mandatory Acces Control) control access?

Answer 19

By assigning security clearance levels to objects & users

Users can access objects at or below their clerance level in hierarchial or within the same domain in compartmentalized setups, adhering to the “Need to Know” principle.

Question 20

what does rule-based access control refer to?

Answer 20

Access control models based on system-enforced rules

Users do not determine the rules

RBAC, MAC, and continuous authentication exemplify rule-based access control. For instance, Windows User Account Control (UAC) prompts user confirmation for privileged actions, safeguarding against hijacking attempts.

Question 21

What is non-repudiation?

Answer 21

Principle that a user can’t deny having performed some action

Accounting is an important part of ensuring non-repudiation

Question 22

3 types of user accounts in Windows?

Answer 22

• Administrator
• Guest
• User

Question 23

Which Windows version doesnt allow creating group accounts?

Answer 23

“home” editions

Question 24

How does symmetric encryption work?

Answer 24

Using a single secret key to encrypt & decrypt data

If the key is lost or stolen, the security is breached

Question 25

Main problem with symmetric encryption?

Answer 25

Securely distributing & storing the key | It escalates exponentially with its wider distribution

Question 26

Main advantage of symmetric encryption?

Answer 26

Speed ## Footnote symmetric key encryption is less processor and system memory intensive than asymmetric encryption.

Question 27

What is symmetric encryption used for?

Answer 27

Encoding data for storage or transmission over a network ## Footnote Some examples of symmetric encryption technologies or ciphers are 3DES, AES, RC (Rivest Cipher), IDEA, Blowfish/Twofish, and CAST.

Question 28

What key size is commonly advised for encryption in general usage?

Answer 28

1024-bit keys | larger keys are used for highly sensitive data ## Footnote The larger the key however, the more processing is required to perform encryption and decryption.

Question 29

How does asymmetric encryption work? | aka Public Key Cryptography

Answer 29

A math-related public key encrypts data & a private key decrypts data ## Footnote This public key can be safely shared with anyone the host wants to communicate with, as the private key cannot be derived from it. Additionally, the public key cannot decrypt a message it encrypted.

Question 30

What does it mean when key pairs are "reversible" in asymmetric encryption?

Answer 30

If private key is used to encrypt, public key can decrypt it. ## Footnote The point is that one type of key cannot rever the operation it has just performed

Question 31

What is asymmetic encryption mainly used for?

Answer 31

Authentication technologies | i.e. digital certificates, digital signatures, & key exchange

Question 32

What is key exchange?

Answer 32

2 hosts securely share a symmetric encryption key | Meaning no other hosts can find out what it is

Question 33

Why is asymmetric encryption only used on small amounts of data?

Answer 33

Takes longer for a computer to process

Question 34

What cipher do most asymmetric encryption technologies use?

Answer 34

RSA cipher

Question 35

Meaning of PKI?

Answer 35

Public Key Infrastructure

Question 36

What is PKI a solution for?

Answer 36

Authenticating subjects on public networks

Question 37

What does the Certificate Authority (CA) issue to subjects?

Answer 37

Digital certificate

Question 38

Under PKI, what are users/servers validated by?

Answer 38

A Certificate Authority (CA)

Question 39

# Certificate Authority (CA) What do digital certificates contain?

Answer 39

Subject's public key ## Footnote If the CA signs the certificate, it's valid. So, trusting the CA means trusting the certificate holder.

Question 40

What happens after a secure connection is established via PKI?

Answer 40

Client encrypts data using the server's public key | This ensures only the server can decrypt it

Question 41

How do digital signatures work?

Answer 41

By using a private key to encrypt a message's hash, which is verified by using the corresponding public key ## Footnote Public/private key pairs enable message signing: the sender encrypts a signature with their private key, shares the public key in a digital certificate, and the recipient verifies the signature by decrypting it with the public key. This proves the sender signed it.

Question 42

What is a hash?

Answer 42

Short representation of data

Question 43

Prpose of cryptographic hashes?

Answer 43

Irreversible hashing & to prevent hash collisions

Question 44

What does irreversible hashing mean?

Answer 44

Converting data to a fixed-length string that can't be revered to obtain original data ## Footnote once data is hashed, it is computationally infeasible to reconstruct the original input from the hash value.

Question 45

What are hash collisions?

Answer 45

When pieces of data produce the same hash value

Question 46

one way cryptographic hasing can be used?

Answer 46

Prove that a message has not been tampered with ## Footnote i.e. When creating a digital signature, the sender hashes the message, encrypts the hash with their private key, and sends it. The recipient decrypts the hash, hashes the message themselves, and compares the values to verify. Cryptographic hashes are also used for secure storage of data where the original meaning does not have to be recovered—passwords for instance.

Question 47

3 most commonly used cryptographic hash algorithms?

Answer 47

- SHA-1 - SHA-2 - MD5

Question 48

Meaning of SHA?

Answer 48

Secure Hash Algorithm

Question 49

Meaning of MD5?

Answer 49

Message Digest 5

Question 50

How does a VPN work?

Answer 50

Links private networks via a public one **OR** links a remote host with Internet to a local private network ## Footnote VPNs use special connection protocols and encryption technology to ensure that the tunnel is secure and the user is properly authenticated.

Question 51

How do dictionary password crackers work?

Answer 51

Compares the hash of a password to a list of pre-computed hashes of dictionary words ## Footnote If a match is found, it means the password is likely a common word or phrase, making it susceptible to being cracked.

Question 52

How do brute force password crackers work?

Answer 52

Match the hash against every possible combination ## Footnote Short passwords without complexity can be cracked in minutes, while longer and more complex ones can take years to crack.