Chapter 2 - Malware Flashcards

1
Q

What is UAC

A

User Access Control is a feature that helps prevent unauthorized changes to your computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Multi Layer Based Firewall

A

Filters based on IP addresses and applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Stateless Firewall Filtering

A

Looks at each packet and matches specific criteria you define to block AKA Access Control List (ACL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Stateful Firewall Filtering

A

Looks at streams of packets to identify signatures or patterns. Can also monitor the network connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Content Filtering

A

Looks at the content of packets to identify whether or not traffic should be allowed through I.e keywords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a Smart Screen Filter?

A

Examines traffic for evidence of hosing activity and displays a warning to the user if it finds any.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Pharming?

A

an attack aimed at redirecting a websites traffic to a bogus website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is SSL

A

Secure Socket Layer is used to encrypt dats sent over the one internet. Starts with httpS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Dynamic DNS

A

Lets client computers dynamically update their resource records in DNS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is secure DNS

A

Secure DNS makes it so only members of an Active Directory domain can create records on the DNS server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A record

A

IPv4 name to IP address DNS record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AAAA record

A

IPv6 name to IP address DNS record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

PTR (Pointer) record

A

Reverse IPv4 or IPv6 IP to name DNS record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CNAME (Canonical Name) record

A

Alias name to a domain name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

PPTP

A

Point to Point Tunneling Protocol

Simple you configure
Lease secure if options of Clients
Acceptable for many types of VPNs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

L2TP/IPSec

A

Layer 2 Tunneling Protocol

IPSec used in conjunction with L2TP to provide encryption
Most popular VPN protocol today (Cisco certified)
Very secure when configured properly. May be difficult to configure

17
Q

What is NAT

A

Network Address Translation

Used to hide the internal IP addresses that are being used.

18
Q

What is NAP

A

Network Access Protection

Special set of protocols that allow for monitoring of computers on the network and permission granting based on behavioral (health) metrics.

Used to enforce health requirements and policy compliance.

Only ensures computer health but cannot always prevent attacks.

19
Q

NAP Implementstikn Methods

A

IPSec Enforcement: only computers allowed into the network are the ones with correct configuration

802.1x enforcement: using RADIUS servers

VPN enforcement: VPN services must be set up on client in order to communicate

DHCP enforcement: uses a configuration that can be overwritten by users that have admin access. Last resort.

20
Q

What are Network Protocols?

A

Used to communicate using standard methods in the network.

Some are transport oriented I.e TCP and UDP and others are security oriented I.e IPSec and SSL

21
Q

DNS

A

Resolves domain names to an IPS address.

22
Q

SMTP

A

Simples Mail Transfer Protocol

Otherwise nail can be taken over to spam

23
Q

SMB

A

Server Message Block Protocol

Communications with network file serves running Windows. Should be secured using secure file permissions

24
Q

Why do admins scan the network?

A

Ensure only permitted devices are present

Ensure decides are only running on permitted services

25
Q

Port Scanning

A

Once IP addresses are obtained try to connect to those computers on commonly opened ports like 80 for HTTP or 20 for FTP

26
Q

What are sniffers

A

Application that capture network traffic pulling traffic off of the network for analysis

AKA protocol analyzers

27
Q

MAC Filtering

A

Wifi Security option. Weak security. MAC spoofing is possible and easy to do

28
Q

SSID hiding

A

Weak solution. Wireless can be analyzed & then located with a wireless protocol analyzer

29
Q

WEP

A

Wired Equivalent Privacy

Weakest encryption. Intended to prevent casual eavesdropping only. Can be hacked easily in about 5-6 minutes on a busy network

30
Q

WPA/WPA2

A

Strongest to use in a corporate environment. WPA isn’t as strong as WPA2 and was I ole fed as a temporary fix to WEP. WPA is the standard.

Personal: uses a preheated key for authentication
Enterprise: uses a RADIUS server for authentication

31
Q

IEEE 802.1

A

Defines port based authentication. Each connection to the network must be authenticated before network communication can occur.

Supplicant: user of client device
Authenticator: point of access to the network
Authentication Server: access user account databases & validates authentication method (RADIUS server)