Chapter 7 Security Key Terms Flashcards
mantrap
An area with two locking doors.
Radio-frequency identification (RFID) technology
a technology that consists of an RFID tag that can broadcast information about an item, as well as an RFID reader to accept the broadcast information and deliver it to a computer system for use
smart card
A credit card–sized card that contains stored information and might also contain a simple microprocessor or an RFID chip
biometric security
The use of a person’s biological information, such as fingerprints, retina scans, or facial recognition, to authenticate a potential user of a secure area.
token
A device, also known as a security token, that owners carry to authorize access.
cable lock
A lock that uses a multistranded security cable to help prevent the theft
of a computer or another technology device. Sometimes called a Kensington lock. A lock that uses a multistranded security cable to help prevent the theft of a computer or another technology device. Sometimes called a Kensington lock.
USB lock
A lock used to secure USB cables into a computer and to securely plug empty USB ports.
privacy screen
A screen placed over a monitor to limit visibility for people standing nearby
key fob
A type of security token that generates access codes for authentication
entry control roster
A list of individuals or representatives who are authorized to enter a secured area that can be used with a variety of security systems.
Active Directory Service
A Microsoft solution for managing users, computers,
and information access in a network.
login script
A script that Active Directory runs to make assigned resources available to a user who logs on to a network.
domain
A computer network or group of computer networks under the same
administration
Group Policy
A set of rules and instructions defining what a user or group of users
can or cannot do when logged into a domain.
Organizational Unit (OU)
A logical group that can be used to organize users and
computers so that Group Policy Objects (GPOs) can be assigned to them
home folder
A file in which a user’s data and files are kept locally but are accessible to the network administrator.
folder redirection
A process that allows for the work done by an Organizational Unit (OU) to be saved on a common folder in the domain, as directed by the administrator instead of the user.
software token
Software security information used for authentication; generally
stored on a device. Can be generated by an app such as Google Authenticator.
mobile device management (MDM)
A way to manage the mobile devices within
an enterprise. For example, can ensure that all mobile users on the network have
updated security files
MAC address
Sometimes known as a physical address, a unique identification address for any device that has a network adapter and that consists of six two-digit hexadecimal numbers. For example, a typical PC MAC address is
FA-15-B7-89-6C-24.
whitelisting
The practice of providing network access to only certain devices.
MAC address filtering
A method of securing networks by allowing only devices with known MAC addresses into the network.
MAC address cloning
The process of using software to change the MAC address of a network device.
certificate
A means of identifying a software publisher to ensure that it is
legitimate
antivirus/anti-malware software
Software designed to thwart virus and malware
attacks
firewall
A hardware appliance or software application that protects a computer
from unwanted intrusion
two-way firewall
A firewall that can be used to protect against both inbound and outbound unauthorized traffic and threats.
authentication
The process of verifying user identity
multifactor authentication
A security system that uses two or more authentication methods and is far more secure than single-factor authentication. An example
of this would be a person using a digital code from a fob and typing a username and password to gain access to a system.
directory permissions
A term used in macOS and Linux for the access levels a user has to a directory (folder) and individual files
file and folder permissions
A term used in Windows systems for configuring a
user’s access levels to a directory (folder) and individual files
virtual private network (VPN)
A private and secure network connection that is
carried by an insecure public network, such as the Internet.
data loss/leakage prevention (DLP)
The process of preventing confidential information from being viewed or stolen by unauthorized parties.
access control list
A list of permissions or restriction rules for access to an object such as a file or folder
email filtering
A method used to organize email into folders automatically. From
a security standpoint, the most important function is the blocking of spam and
potentially dangerous messages.
principle of least privilege
A security method whereby a user should have access
only to what is required to do his or her job and no more.
Wired Equivalent Privacy (WEP)
the oldest and weakest WiFi encryption standard. With WEP, all network devices must use the same WEP key and encryption
strength.
WiFi Protected Access (WPA)
A security standard for WiFi networks that replaced WEP.
Temporal Key Integrity Protocol (TKIP)
A security protocol used in the WPA wireless networking standard.
Advanced Encryption Standard (AES)
A protocol that is similar to TKIP but more secure and that is used with the WPA2 wireless encryption standard.
single-factor authentication
Basic username and password access to a computer or network.
multifactor authentication
A security system that uses two or more authentication methods and is far more secure than single-factor authentication. An example
of this would be a person using a digital code from a fob and typing a username and password to gain access to a system.
Remote Authentication Dial-In User Service (RADIUS)
Software and a protocol that allows remote authentication via a central server.
Terminal Access Controller Access Control System (TACACS)
An authentication protocol that allows a remote access server to verify a user by communicating
with an authentication server.
ransomware
A virus that takes over a computer or network until a ransom is paid
Trojan
A malware program disguised as a “gift” (such as a popular video or website link) in order to trick the user into downloading the virus
keylogger
A hardware device or a software program (often a virus) that can track
keystrokes and can capture usernames and passwords of unwitting users
rootkit
A set of hacking tools that finds its way deep into a computer’s operating
system or applications and sets up shop to take over the computer
virus
A generic term for any malicious software that can spread to other computers and cause trouble
botnet
A network of computers infected by a hacker virus that uses the infected
machines to work together to cause trouble, such as sending denial of service attacks or spreading spam
worm
A type of virus that is able to self-replicate on computers and push itself out
to other computers.
spyware
Software that spies on system activities and transmits details of web
searches or other activities to remote computers.
Recovery Console
A Windows tool that allows a user to reset a PC or boot from a recovery disk
acceptable use policy (AUP)
A company’s policy for employees pertaining to
user safety, security procedures, and computer best practices within a company. The policy is designed to keep the network safe.
Domain Name Service (DNS)
a service that translates domain names into IP
addresses. DNS uses port 53
social engineering
A type of attack in which hackers trick users into providing passwords or other sensitive information.
phishing
The process of creating bogus websites or sending fraudulent emails in
an attempt to trick users into providing personal, bank, or credit card information
spear phishing
The process of sending spoof messages that appear to come from an internal source requesting confidential information, such as payroll or tax information
impersonation
A type of social engineering similar to phishing in which a hacker
sends an email pretending to be someone the victim trusts.
shoulder surfing
Attempting to view physical documents on a user’s desk or electronic documents displayed on a monitor by looking over the user’s shoulder
tailgating
A process in which an unauthorized person attempts to accompany an
authorized person into a secure area by following closely and grabbing the door before it shuts
dumpster diving
The process of going through the trash, seeking information about a network or a person with access to the network.
denial of service (DoS)
the perpetrator uses one or computer to disrupt the target computer’s access to the Internet
distributed denial of service (DDoS)
the perpetrator uses multiple computers to disrupt the target computer’s access to the Internet
zero day
A cyber threat described as the time between when a software vulnerability is discovered and when a patch is issued by the developers. Hackers may exploit this window
man-in-the-middle (MiTM)
An attack in which the attacker intercepts a connection while fooling the endpoints into thinking they are communicating directly
with each other.
brute force attack
A method of cracking passwords by calculating and using every possible combination of characters until the correct password is discovered
dictionary attack
An attempt to crack passwords by trying all the words in a list,
such as a dictionary. A simple list might include commonly used passwords such as 12345678 and password
rainbow table
A table that is used in an attack in much the same manner as a brute-force attack but that is more mathematically sophisticated and takes less time
spoofing
A general term for malware attacks that purport to come from a trustworthy source.
noncompliant systems
Systems that are tagged by a configuration manager application (for example, Microsoft’s System Center Configuration Manager) for not having the most up-to-date security patches installed.
zombie
A computer on the Internet that has been taken over by a hostile program
so it can be used for malware distribution or distributed denial of service (DDoS) or other attacks without notification to the normal users of the computer.
access control
The process of restricting the level of access to files or folders on an individual user basis.
New Technology File System (NTFS)
the native secure file
system of Windows 7/8/8.1/10
file attributes
Data used in Windows to indicate how files can be treated. Can be used to specify which files should be backed up, which should be hidden from the normal GUI or command line file listings, whether a file is compressed or encrypted, and for other functions, depending upon the operating system.
local shares
Files or folders shared locally in Windows.
administrative shares
Files or folders shared across networks in Windows
system files and folders
Files and folders with the system(s) attribute that are
normally not displayed in File Explorer to help protect them from deletion.
Single Sign-on (SSO)
The use of a single password to authenticate to multiple apps in an organization requiring authentication
BitLocker
Full disk encryption software by Microsoft that can encrypt the entire
disk, which, after completed, is transparent to the user
Trusted Platform Module (TPM)
A chip used by Windows editions that support the BitLocker full-disk encryption feature to protect the contents of any specified drive (Windows 7/8/8.1/10).
BitLocker To Go
BitLocker functionality extended to removable drives.
Encrypting File System (EFS)
A feature used to protect sensitive data files and
temporary files through encryption that can be applied to individual files or folders.
passcode locking
The process of setting a passcode that opens a locked screen.
remote wipe
A program that can be initiated from a desktop computer to delete
all the contents of a remote mobile device that has been lost or stolen
locator application
An application/service such as Android Device Manager,
Lookout for iOS or Android, or Find My iPhone, that a user can use track down a
lost device.
remote backup application
An application, often provided as a service, that backs up data to a remote site (often the cloud) to provide duplication away from the network servers.
patching/OS updates
Updates that protect mobile devices from the latest vulnerabilities and threats. By default, the user is notified automatically about available updates on Android and iOS-based devices.
biometric authentication
The use of physical biological identification, usually fingerprints, retina, or facial recognition, as part of the authentication process.
full device encryption
The process of encrypting an entire device, as opposed to encrypting a file on a device
authenticator application
An application used to receive or generate authentication codes for one or more apps or services.
bring your own device (BYOD)
A policy that allows users to join the local network using their personal devices.
overwrite
A disk maintenance program that includes options to overwrite a hard
disk’s or solid-state drives (SSD’s) data area with zeros.
drive wipe
The process of ensuring the complete destruction of retrievable data
on a storage device, which is overwritten with a program that meets or exceeds recognized data-destruction standards
service set identifier (SSID)
The advertised name of a local network that is
broadcast to potential users in range and enables users to find and join the local
(usually wireless) network.
Default service set identifier (SSID)
the SSID on the router when shipped to customers. Best security practices include changing the default SSID and
password
Network Address Translation (NAT)
the process of modifying IP addresses as information crosses a router.
port forwarding
A method of allowing inbound traffic on a particular TCP or
UDP port or range to go to a particular IP address rather than to all devices on a network. Used to forward external visitors through the router to a specific computer. Instead of opening up the entire LAN, port forwarding directs particular traffic where you want it to go
