Domain 2.0 - Security Flashcards
What are some built-in security groups for AD?
Users, guests, remote management users, event log readers
WPA2 and CCMP
Released in 2004
CCMP block cipher mode (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol or Counter/CMC-MAC Protocol)
What are some CCMP data securities?
Data confidentiality with AES encryption.
Message Integrity Check with CBC-MAN.
what are some WPA2 PSK issues?
Hash can be captured and then taken offline to be brute forced. Some methods can listen to the four-way handshake and others don’t need the handshake.
How does WPA3 change the PSK authentication process?
Includes mutual authentication, creates a shared session without sending it across the network, no more four-way handshakes or hashes or brute force attacks.
What is TACAS+?
Most recent version of TACAS; created to control access to dial-up lines to ARPANET, TACAS+ has more authentication requests and codes, TACAS stands for Terminal Access Controller Access-Control System
What’s Kerberos?
Network authentication protocol originally released in the 80’s, mutual authentication with client and server, Microsoft started using Kerberos in Windows 2000 based on Kerberos 5.0 Open Standard.
What are some ways to communicate with an authentication server?
Often determined by what is at hand.
VPN concentrator can talk to a RADIUS server.
TACAS+ is familiar with Cisco devices.
Kerberos is used in Microsoft heavy networks.
Trojan horse is…
Malware that pretends to be other software. Doesn’t tend to care to replicate itself, attempts to circumvent security, good ones are built to avoid and disable AV. Once inside it has free reign.
Rootkits are…
Originally a Unix technique, modifies core system files (even the core), can be invisible to both OS and traditional AV. Specific removers are required for specific rootkits. Secure boot with UEFI helps circumvent rootkits.
A virus is…
malware that can and looks to reproduce itself, needs to be executed as a program, may or may not cause problems.
A boot sector virus is…
A virus that modifies the boot loader to run malware before the OS loads. UEFI BIOS/ Secure Boot prevents unsigned software from running during the boot process.
Spyware is…
Malware that spies on you for the purposes of advertising, identity theft, affiliate fraud. Can trick you into installing similar to a trojan horse. Monitors browsing and performs keylogging.
Ransomware is…
malware that encrypts entire PC until you pay the ransomers.
What is the Windows Recovery Environment?
You have (almost) complete control over the Windows OS, requires a certain level of expertise to use, and is to be used as a last resort. Fix your problems before Windows starts.
