Domain 2 Security Flashcards
Wireless Encryption
data is being sent over the air and anyone can listen
Encryption makes the signal impossible to understand without the key
WEP
Wired equivalent privacy
vulnerabilities / Do not use
often uses a hexadecimal key for authentication
WPA
short term solution for WEP
its legacy/ do not use
uses TKIP
WPA2
uses CCMP block cipher mode / Counter Mode and Cipher Block Chaining
data confidentiality with AES encryption
WPA2- Personal / pre-shared key
WPA2 - Enterprise / authentication server, no shared key
WPA3
uses GCMP block cipher mode / Galois/Counter Mode Protocol
stronger than WPA2, fixes WPA2 PSK has issue
Authentication
Radius : remote authentication dial-in user service, talk to VPNS
TACAS+ : terminal access control access control system
Connect to network equipment, usually a Cisco device
Kerberos : usually a Microsoft network, supports SSO when logging into a domain
Authentication
single-factor = password
Multifactor = password and certificate or captive portal
Malware
any software initially designed to cause disruption to computer server without the user’s knowledge or consent
Virus
code that runs on a computer without the user’s knowledge
typically attached to an executable which allows it to replicate
spread using email, websites, and/or network file sharing
Worm
similar to a virus but it will self replicates
exploits network vulnerabilities to spread and infect more hosts
spread through emails, websites, and network shares
doesn’t need human interaction
Ransomware
restricts the use of a computer until the user pays a ransom, often encrypts the data and holds the key to unlock it ransom
Trojan
appears to perform a desired function, but actually does something malicious
used to deliver other malware
Spyware
software used to spy on the user
can be difficult to detect
examples include keyloggers, rootkits, system monitors, and tracking cookies
can be used with adware
Keylogger
form of spyware
used to record keystrokes, personal info/passwords
info can be sent over network or stored locally for later pickup
Rootkit
designed to hide and give attackers access to the computer
often used to hide other types of malware or provide ongoing access
difficult to detect with traditional malware scanners
Botnet
network of infected devices
usually not easy to tell if you are infected
bot software waits for instructions from a controlling device
often used to perform DDoS attacks
Boot Sector Virus
will infect the system boot partition or the master boot record
a type of malware that runs as soon as your OS is booted, not after, therefore making it harder for anti-malware to prevent
secure boot, which is included in UEFI BIOS, should prevent unsigned software
Cryptominers
malware that unknowingly uses your computer, to complete tasks that earn the hacker cryptocurrency
mining cryptocurrency uses a lot of CPU resources, and attackers typically try to gain access to multiple CPUs
a spoke in your CPU utilization could be a warning sign
Windows Recovery ENvironment
windows recovery environment gives you complete control of your system before it even starts
be careful to know what you’re doing; the environment contains all the files related to your OS
can remove malicious software before it boots up
can repair the file system boot sector or master boot record
Removal Methods
antivirus/antimalware
software usually quarantines files before removal , make sure its updated, make sure its running in real time
Completely reinstall the OS
Restore from backup, make sure it’s a clean backup
manually install the OS, make sure you have your data backed up first
An ounce of Prevention
End user education, don’t go to sketchy websites, don’t plug in flash drives you found on the street, identify spam/ malicious messages, anti-phishing training
Software firewalls
Windows firewall is built into the Windows OS and enabled by default
macOS/Linux may have packages installed but not enabled
Social Engineering
tricking users into giving out confidential information or performing other actions such as downloading malware
Phishing
used to try to hook users often through links in email or websites
Spear Phishing (phishing)
targets a specific individual or institution
Whaling (phishing)
targets someone at a high level such as a CEO
Vishing Attack
like phishing but it is done over the phone or voicemail
trusted companies will not ask for sensitive information in email or phone calls
Shoulder surfing
attacker looks over the shoulder of a user to obtain information
Can be done with phone cameras as well, use a privacy screen, never leave password/PIN info visible, lock or log off computers when not using them
Tailgating
attacker follows closely behind an authorized user into a secure area
turnstiles and access control vestibules are effective measures to prevent this
Impersonation
attacker pretends to be an authorized employee
convince user to give up info or perform a task
Dumpster diving
Attacker looks through the trash/recycling for sensitive information
Evil Twin
wireless form of a phishing attack
attacker will create a wireless access point with the same or similar SSID of an existing network
always use HTTPS and a VPN to protect yourself
Denial of Service (DoS) attacks
attacker overloads target with information causing it to fail
Distributed DoS (DDoS) uses an army of devices to perform DoS attack
devices in a botnet may be
referred to as zombies
Zero-Day Exploits
many applications have vulnerabilities that jsut haven’t been found yet
ethical hackers find exploits and report them to companies
an attack using a previously unknown exploit is called a zero-day attack
Spoofing
pretending you are something/someone you aren’t
Email address, MAC address, DNS servers
On-Path Attack
traffic is redirected through a middleman device
you may have no idea information is being siphoned
use encrypted protocols to protect against this
Password Attacks
most password attacks don’t happen at the login page
attackers gain access to the password file or database
contains passwords in a hashed format-not clear text
attackers then created hased versions of password guesses, then compare them to the database
Brute force attack ( password attack)
attackers attempt every combination of viable characters, takes a long time, often not viable
Dictionary attack ( password attack)
attackers use a list of common words
Rainbow table attack ( password attacks)
attackers use an optimized list of pre-hashed values
significantly faster compared to other attacks
not viable if has is salted random values are added
Insider Threat
Former and current employees have institutional knowledge that is valuable to attackers
- attacks can get a better idea of
when, where, and how to attack - this can earn the insider a lof
money
some attackers try to get hired by the company they intend to attack, thus giving them even more access
SQL Injection
Websites typically have a database to store information related to the site
- SQL (Structured Query Language)
is a programming language used
to talk to the database
AN improperly formatted website could allow an attacker to manipulate the SQL code and find information they shouldn’t have access to e.g. personal employee data
Cross-site Scripting (XSS)
an attack where information from one site is shared with the attackers
there is a common web application development error that allows malware to take advantage of JavaScript
keep your browser up to date and don’t click on any untrusted links
Input validations - make it so that users can’t put scripts into an input field
Non-Compliant Systems
systems who don’t comply with the Standard Operating Environment (SOE), are a major security concern for your network
Make sure devices are installing new OS updates, security patches, and anti-virus signatures
- non-compliant systes will warm
the users, and potentially lose
access to the network
Unpatched Systems
windows release patches on the second Tuesday of every month
any device that is not patched is the weakest link on your network and that’s the device that attackers will target
Unprotected Systems
sometimes during troubleshooting, it might be necessary to disable some of your security features
- disabling the firewall
- disabling the antivirus
be sure to tur these on once you are done. never permanently disable security features
EOL OSs
End of Life (EOL)
Manufacturer stops selling an OS, they might continue supporting the OS and release important security patches and updates
End of Service Life ( EOSL)
Manufacture stops selling and stops supporting the OS
No more security patches and updates
At this point, you need to find an alternative solution
BYOD ( Bring Your Own Device)
Employees bring their own devices to use for company purposes, you must make sure that these devices meet your company’s security requirements
The MDM will help keep the data on the device separated, protected, and make sure that the device’s security is up-do-date
Screen Locks
always use a screen lock
most secure is finger print
swipe lock is the worst one
Locator/Remote Wipe
find my iPhone
Google Find My device
Features: make sound, lockout, remote wipe, or see location on map
Useful when the device is stolen/lost
Mobile OS Patching/Updates
ensure your mobile device is patched and updated
Full Device Encryption
data encryption is an option for Android and iphone data is encrypted by default
Remove Backup Applications
backup/restore device to/from cloud
iCloud for apple
Google or manufacturer for Android
Antinvirus/Antimalware
Malware and viruses are less of a problem on mobile devices
Antivirus/malware apps can be installed via App Store or Play Store
Failed Login Attempts Restrictions
set via settings
can lockout user for a certain amount of time
can be set to initiate factory reset with enough failure
Biometric Authentication
unlock screen lock
login to apps
use instead of passwords
Firewall
3rd party apps are available from app stores
mobile phones normally don’t have firewalls
Policies and Procedures
BYOD - Bring Your Own Device
may require the installation of management software
Corporate Owned
- typically managed through the installation of management software
Profile security requirements
-require all users to use screen locks, strong passwords, and mobile device wipe capabilites
Low-level format
creates physical sectors-done at the factory
not recommended for users
can also mean an overwrite
Internet of Things (IoT)
devices that are connected to your home or work network
Physical Destrucstion
Industrial shedders
- ripe apart the drives
Drill
- drill holes into the drive
Hammer
-
Degaussing
- destroys the ability for magnetic
plate to hold information via
electromagnetic field
Incineration
-
ER2 will do this
Standard Format - Regular
Sometimes it’s important to make sure that sensitive data is unable to be recovered
Overwrite
- Overwrite data with all 0’s
- Repeat 7 times for DoD
standards
Drive wipe
Data Destruction and Disposal
responsibility to dispose of storage devices safely: data security and legal liability
performed on-site or by external company: external company will provide a certificate of destruction
Standard Format - Quick Format
organizations may want to recycle/repurpose drives instead of destroying them
Quick Format (Windows)
- deletes partition table so OS
doesn’t understand contents
- savvy users could recover data
from platters
Which wireless encryption uses TKIP
WPA
Why do we need wireless encryption
to keep our data signal private
WEP is safe to use, True or False
False
Which authentication provides centralized triple A (AAA), particularly for remote access scenarios?
Radius, Remote authentication dial-in user service
centralized authentication, Radius servers talk to VPNs
TACACS+
terminal access controller access
cisco device, equipment is connecting to quipment
Kerberos
supports SSO when logging into a domain
Not an area of centralized management in network environments
Administration
Makes up an area of centralized management in network environments
Authorization
Accounting
Authentication
You suspect someone is recording everything you type into the computer. What kind of malware are you dealing with?
Keylogger
After downloading a game, you start getting random popups and your computer runs slowly. What type of malware is this?
Trojan
You notice symptoms of a malware infection, but a malware scan does not find anything. What kind of malware is this?
Rootkit, will be scanned for but will change itself to look like the same thing
A user’s pc has become inoperable and only shows a message asking for payment to unlock the computer. What is this?
Ransomware
Cryptominer
is malware used to perform calculations in an effort to accumulate a cryptocurrency. Often uses extensive CPU cycles and causes performance issues on the system
Botnet
a group of computers that are under the control of a third-party. Botnets can be used to provide large-scale distributed attacks
An attacker is using every combination of letters, numbers, and special characters in an attempt to discover a user’s password. What would describe this attack type?
Brute Force
An internal audit has found that asever in the DMZ appears to be infected with malware. The malware does not appear to be part of a file in the OS and the malware is started each time the system is started. What type of malware would be MOST likely found on this server?
Boot sector virus, a virus in the boot sector.
To stop this you would need to get into a preboot environment,
You want to ensure that company data is secure in the event of a lost device. What method is best?
Bitlocker
What does a strong password?
A strong password includes capital letters, lower case letters, symbols, and numbers
You want to ensure users can’t edit BIOS configurations. What should you set?
Supervisor password
Which of the following security precautions is most important?
Changing Default Credentials
Disabling Guest Account
Setting screen locks
Setting login attempts restictions
Changing default credentials
An employee is leaving your organization. What should you do with their Active Directory acount?
Disable it
A system administrator is troubleshooting an older application on a Windows 10 computer and needs to modify the UAC (User Account Control)process. What options would provide access to these settings?
User accounts, settings are contained in the COntril Panel’s user accounts applet
System Information
provide information about a system’s hardware, components, and software environment
A Windows 10 user is installing a new application that also installs a service. What permission will be required for this installation?
Administrator
A business partner in a different country needs to access an internal company server during the very early morning hours. The internal firewall will limit the partner’s access to this single server. What would be the MOST important security task to perform on this server?
Install the latest OS patches, which will ensure that any known vulnerabilities are always removed before they could possibly be exploited
An employee has modified the NTFS permissions on a local file share to provide read access to Everyone. However, users connecting from a different computer do not have access to the file. What is the reason for this issue?
Share permissions restrict access from remote devices
Full device encryption
ensures that all of the information on the tablet cannot be viewed by anyone outside of the company, so if something was stolen or lost, all of the data on the device would remain private
Firewall app
keep unauthorized users from accessing the tablet over the network
Locator Application
provides the location of the device
