21. Using Best Practices Flashcards
3 types of viruses?
- Program viruses
- Macro viruses
- Worms
What are program viruses?
Code snippets that integrate into other programs or scripts
When the application is executed, the virus code becomes active.
What are macro viruses?
Viruses exploiting Microsoft Office macros
Microsoft macros are small programs or scripts written in the Visual Basic for Applications (VBA) language.
What are worms?
Network-exploiting viruses residing in memory
like email,
What is a drive-by download?
Malware installed on a user’s device without consent or knowledge
often simply by visiting a compromised website or clicking on a malicious link.
What is a virus vector?
The route by which malware infects a computer
i.e. opening links in unsolicited email, infection from another compromised machine on the same network, etc.
What is cross-site scripting (XSS)?
Malicious scripts injected into webpages to harm user’s browsers or steal data
i.e. 1 technique is to spawn a pop-up window when a user visits a genuine banking site to try to trick them into entering their credentials through the pop-up.
What is pharming?
Attempts to redirect web traffic to a counterfeit page
This is usually done by corrupting the way the computer resolves the website name used in the web address to the IP address of a particular server.
What is a service pack?
Collection of updates, fixes, & patches for a software product
Typically on an OS or app suite
Microsoft products like Windows have a lifecycle policy: 5 years of mainstream support, 5 years of extended support for security updates. You need the latest Service Pack for support, and non-updated versions get 24 months after its release.
How do antiviruses identify infected files?
Using definitions/signatures of known virus code
What is an Access Control System?
Technical controls that govern how subjects may interact with objects
What is a Subject in an access control systems?
Anything that can request & be granted access to a resource
i.e. Users or software processes
What are Objects in access control systems?
Resources
i.e. networks, servers, databases, files, etc.
What is an Access Control List (ACL)?
List of subjects & the permissions they have on the object
4 main processes on an access control system?
- Identification
- Authentication
- Authorization
- Accounting
4 comon ways ACLs are implemented?
The different ways they’re implemented determine how users receive rights
- Discretionary Access Control (DAC)
- Role-based Access Control (RBAC)
- Mandatory Access Control (MAC)
- Rule-based
How does DAC operate?
By giving authority to the owner
Ownership can be transferred. Owner has full control over the resource, allowing them to modify its ACL to grant rights to others
How does RBAC control access?
By assigning roles with specific permissions to users
You can see a simple version of RBAC working in the division of Windows user account types into Administrators and Standard Users.
How does MAC (Mandatory Acces Control) control access?
By assigning security clearance levels to objects & users
Users can access objects at or below their clerance level in hierarchial or within the same domain in compartmentalized setups, adhering to the “Need to Know” principle.
what does rule-based access control refer to?
Access control models based on system-enforced rules
Users do not determine the rules
RBAC, MAC, and continuous authentication exemplify rule-based access control. For instance, Windows User Account Control (UAC) prompts user confirmation for privileged actions, safeguarding against hijacking attempts.
What is non-repudiation?
Principle that a user can’t deny having performed some action
Accounting is an important part of ensuring non-repudiation
3 types of user accounts in Windows?
- Administrator
- Guest
- User
Which Windows version doesnt allow creating group accounts?
“home” editions
How does symmetric encryption work?
Using a single secret key to encrypt & decrypt data
If the key is lost or stolen, the security is breached
Main problem with symmetric encryption?
Securely distributing & storing the key
It escalates exponentially with its wider distribution
Main advantage of symmetric encryption?
Speed
symmetric key encryption is less processor and system memory intensive than asymmetric encryption.
What is symmetric encryption used for?
Encoding data for storage or transmission over a network
Some examples of symmetric encryption technologies or ciphers are 3DES, AES, RC (Rivest Cipher), IDEA, Blowfish/Twofish, and CAST.
What key size is commonly advised for encryption in general usage?
1024-bit keys
larger keys are used for highly sensitive data
The larger the key however, the more processing is required to perform encryption and decryption.
How does asymmetric encryption work?
aka Public Key Cryptography
A math-related public key encrypts data & a private key decrypts data
This public key can be safely shared with anyone the host wants to communicate with, as the private key cannot be derived from it. Additionally, the public key cannot decrypt a message it encrypted.
What does it mean when key pairs are “reversible” in asymmetric encryption?
If private key is used to encrypt, public key can decrypt it.
The point is that one type of key cannot rever the operation it has just performed
What is asymmetic encryption mainly used for?
Authentication technologies
i.e. digital certificates, digital signatures, & key exchange
What is key exchange?
2 hosts securely share a symmetric encryption key
Meaning no other hosts can find out what it is
Why is asymmetric encryption only used on small amounts of data?
Takes longer for a computer to process
What cipher do most asymmetric encryption technologies use?
RSA cipher
Meaning of PKI?
Public Key Infrastructure
What is PKI a solution for?
Authenticating subjects on public networks
What does the Certificate Authority (CA) issue to subjects?
Digital certificate
Under PKI, what are users/servers validated by?
A Certificate Authority (CA)
Certificate Authority (CA)
What do digital certificates contain?
Subject’s public key
If the CA signs the certificate, it’s valid. So, trusting the CA means trusting the certificate holder.
What happens after a secure connection is established via PKI?
Client encrypts data using the server’s public key
This ensures only the server can decrypt it
How do digital signatures work?
By using a private key to encrypt a message’s hash, which is verified by using the corresponding public key
Public/private key pairs enable message signing: the sender encrypts a signature with their private key, shares the public key in a digital certificate, and the recipient verifies the signature by decrypting it with the public key. This proves the sender signed it.
What is a hash?
Short representation of data
Prpose of cryptographic hashes?
Irreversible hashing & to prevent hash collisions
What does irreversible hashing mean?
Converting data to a fixed-length string that can’t be revered to obtain original data
once data is hashed, it is computationally infeasible to reconstruct the original input from the hash value.
What are hash collisions?
When pieces of data produce the same hash value
one way cryptographic hasing can be used?
Prove that a message has not been tampered with
i.e. When creating a digital signature, the sender hashes the message, encrypts the hash with their private key, and sends it. The recipient decrypts the hash, hashes the message themselves, and compares the values to verify.
Cryptographic hashes are also used for secure storage of data where the original meaning does not have to be recovered—passwords for instance.
3 most commonly used cryptographic hash algorithms?
- SHA-1
- SHA-2
- MD5
Meaning of SHA?
Secure Hash Algorithm
Meaning of MD5?
Message Digest 5
How does a VPN work?
Links private networks via a public one OR links a remote host with Internet to a local private network
VPNs use special connection protocols and encryption technology to ensure that the tunnel is secure and the user is properly authenticated.
How do dictionary password crackers work?
Compares the hash of a password to a list of pre-computed hashes of dictionary words
If a match is found, it means the password is likely a common word or phrase, making it susceptible to being cracked.
How do brute force password crackers work?
Match the hash against every possible combination
Short passwords without complexity can be cracked in minutes, while longer and more complex ones can take years to crack.