chapter 17/ Security Flashcards
common prevention methods
779
physical security, digital security, users education, and the principle of the last privilege.
your system should have the minimum of how many barriers?
800
Three
What are some of the physical security/
800
lock doors, Tailgating, Securing physical documents/ password/ shredding, biometrics, badges, Key fobs, FRID Badges, RSA Tokens, privacy filters, Retinal.
Biometrics systems include what?
801
fingerprint, palm, hands canners, retinal scanners
Digital security
802
it focuses on keeping harmful data and malware out.
Antivirus software?
802
An antivirus program is a software utility designed to protect your computer or network against computer viruses. If and when a virus is detected, the computer displays a warning asking what action should be done, often giving the options to remove, ignore, or move the file to the vault.
what can a virus do to a computer with out an Antivirus?
802
If a virus infected a computer without an antivirus program, it may delete files, prevent access to files, send spam, spy on you, or perform other malicious actions.
what is a firewall
803
A firewall is a software utility or hardware device that limits outside network access to a computer or local network by blocking or restricting network ports. Firewalls are a great step for helping prevent un-authorized access to a company or home network.
packet filter firewall
804
packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols.
proxy firewall
804
the proxy firewall provide better security then the packet filter firewall because of the increased intelligence that the proxy firewall offers.
stateful inspection firewall
it keep track of how information is routed or used, using a state table that tracks every communication channel.
Denial of Service DoS and distributed Denial of Service DDoS
806
Denial of Service, a DoS attack is a method of attacking a networked computer by sending it an abnormally high number of requests, causing its network to slow down or fail. Since a single individual cannot generate enough traffic for a DoS attack, these attacks are usually run from multiple computers infected by worms or zombie computers for a DDoS.
antispyware
806
anti-spyware programs help to block and prevent spyware and other malware infections on computers. Anti-spyware programs monitor incoming data from email, websites, and downloads of files and stop spyware programs from getting a foothold in the computer operating system.
what is a computer virus.
812
A computer virus is a program, script, or macro designed to cause damage, steal personal information, modify data, send e-mail, display messages, and infect other computers.
some of viruses symptoms are.
812
system start to loud slowly.
some of the files disappears from the system.
lose access to the disk, and more.
virus tries to accomplish one of two things ?
813
Render the system inoperable and spread to other systems.
many viruses today are spread using what ?
813
armored virus
814
it make itself difficult to detect or analyze, it cover itself with protective code that stops debuggers or disassemblers from examining it.
companion virus
815
it attaches it self to legitimate programs and creates a program with a different file name
macro Virus
815
Macro virus is a computer virus that spreads to other computers through software programs that utilize macros. For example, Microsoft Word and Microsoft Excel are two popular and widely used programs that are capable of executing macros. Macro viruses written for these programs can spread by infecting other related documents each time the document is open. Because these files are commonly used and sent through e-mail, a computer network can be quickly infected by these viruses.
multipartite virus
815
it attacks the system in multiple ways, it may infect the boot sector, all the files and destroy application files.
phage virus
815
it alters other programs and databases, the virus infects all of these files, the only way to remove this virus is to reinstall the program that are infected.
polymorphic virus
816
A virus that changes its virus form (signature) every time it replicates and infects a new file in order to keep from being detected by an antivirus program.
retrovirus
816
a computer retrovirus is one that actively seeks out an antivirus program on a computer system and attacks it. A retrovirus will attempt to disable and infect the antivirus software in order to avoid detection in the computer system. Also called anti-antivirus virus.
Stealth virus
816
it avoid detection by masking itself from application, it may attached to a boot sector of the hard drive
worms
817
a worm is a destructive self replicating program containing code capable of gaining access to computers or networks. Once within the computer or network, the worm causes harm by deleting, modifying, distributing, or otherwise manipulating data.
Trojans
818
A trojan horse is a program that appears to be something safe, but in is performing tasks such as giving access to your computer or sending personal information to other computers. Trojan horses are one of the most common methods a criminal uses to infect your computer and collect personal information from your computer.
Workstation security best practices
818
set strong passwords required password restrict user permissions change default username disable the guest account make the screensaver require a password disable auto run functionality
Destruction and disposal methods
821
we should never tossed away a hard drive. we need to be careful with all the data that is in it and for that we need to do Formatting, Sanitation and distraction.
Low level format / standard format
821
Low level format is an initial formatting of a hard drive that initializes the physical tracks on the surface or the internal disks. The drive manufacturer performs a low-level format on the hard drive before it is released and is not something an end-user needs to do to their hard drive.
hard drive sanitation and sanitation methods
822
some hard drive come with AES advanced encryption standard.
erase the hard drive
if it is a SATA we run HDDERASE
the surefire one the eradicated of the hard drive.
overwrite
822
overwrite is a term used to describe when new information replaces old information or data.
drive wipe
822
the hard drive does not contain any data that it is clean.
Securing a SOHO wireless network
824
changing the default SSID (Service Set Identifier)
disable SSID
Disable the DHCP (Dynamic Host Configuration Protocol)
use MAC filter
Use IP filter
use the strongest security
antenna and access point placement
826
we avoid placing access points near metal or near the ground. they should be placed in the center of the area to be served and high enough to get around most obstacles.
