Chapter 2 - Malware Flashcards
What is UAC
User Access Control is a feature that helps prevent unauthorized changes to your computer.
Multi Layer Based Firewall
Filters based on IP addresses and applications
Stateless Firewall Filtering
Looks at each packet and matches specific criteria you define to block AKA Access Control List (ACL)
Stateful Firewall Filtering
Looks at streams of packets to identify signatures or patterns. Can also monitor the network connection.
Content Filtering
Looks at the content of packets to identify whether or not traffic should be allowed through I.e keywords
What is a Smart Screen Filter?
Examines traffic for evidence of hosing activity and displays a warning to the user if it finds any.
What is Pharming?
an attack aimed at redirecting a websites traffic to a bogus website.
What is SSL
Secure Socket Layer is used to encrypt dats sent over the one internet. Starts with httpS
What is Dynamic DNS
Lets client computers dynamically update their resource records in DNS.
What is secure DNS
Secure DNS makes it so only members of an Active Directory domain can create records on the DNS server.
A record
IPv4 name to IP address DNS record
AAAA record
IPv6 name to IP address DNS record
PTR (Pointer) record
Reverse IPv4 or IPv6 IP to name DNS record
CNAME (Canonical Name) record
Alias name to a domain name
PPTP
Point to Point Tunneling Protocol
Simple you configure
Lease secure if options of Clients
Acceptable for many types of VPNs
L2TP/IPSec
Layer 2 Tunneling Protocol
IPSec used in conjunction with L2TP to provide encryption
Most popular VPN protocol today (Cisco certified)
Very secure when configured properly. May be difficult to configure
What is NAT
Network Address Translation
Used to hide the internal IP addresses that are being used.
What is NAP
Network Access Protection
Special set of protocols that allow for monitoring of computers on the network and permission granting based on behavioral (health) metrics.
Used to enforce health requirements and policy compliance.
Only ensures computer health but cannot always prevent attacks.
NAP Implementstikn Methods
IPSec Enforcement: only computers allowed into the network are the ones with correct configuration
802.1x enforcement: using RADIUS servers
VPN enforcement: VPN services must be set up on client in order to communicate
DHCP enforcement: uses a configuration that can be overwritten by users that have admin access. Last resort.
What are Network Protocols?
Used to communicate using standard methods in the network.
Some are transport oriented I.e TCP and UDP and others are security oriented I.e IPSec and SSL
DNS
Resolves domain names to an IPS address.
SMTP
Simples Mail Transfer Protocol
Otherwise nail can be taken over to spam
SMB
Server Message Block Protocol
Communications with network file serves running Windows. Should be secured using secure file permissions
Why do admins scan the network?
Ensure only permitted devices are present
Ensure decides are only running on permitted services
Port Scanning
Once IP addresses are obtained try to connect to those computers on commonly opened ports like 80 for HTTP or 20 for FTP
What are sniffers
Application that capture network traffic pulling traffic off of the network for analysis
AKA protocol analyzers
MAC Filtering
Wifi Security option. Weak security. MAC spoofing is possible and easy to do
SSID hiding
Weak solution. Wireless can be analyzed & then located with a wireless protocol analyzer
WEP
Wired Equivalent Privacy
Weakest encryption. Intended to prevent casual eavesdropping only. Can be hacked easily in about 5-6 minutes on a busy network
WPA/WPA2
Strongest to use in a corporate environment. WPA isn’t as strong as WPA2 and was I ole fed as a temporary fix to WEP. WPA is the standard.
Personal: uses a preheated key for authentication
Enterprise: uses a RADIUS server for authentication
IEEE 802.1
Defines port based authentication. Each connection to the network must be authenticated before network communication can occur.
Supplicant: user of client device
Authenticator: point of access to the network
Authentication Server: access user account databases & validates authentication method (RADIUS server)