Introduction to Security Plus

Question 1

AAA

Answer 1

authentication, authorization, and accounting

Question 2

Authentication

Answer 2

When a person’s identity is established with proof and confirmed by a system.
Typically, this requires a digital identity of some sort, username/password, or other authentication scheme

Question 3

Authorization:

Answer 3

When a user is given access to certain data or areas of a building.
Authorization happens after authentication and can be determined in several ways, including permissions, access control lists, time-of-day restrictions, and other login and physical restrictions

Question 4

Accounting

Answer 4

The tracking of data, computer usage, and network resources.
Often it means logging, auditing, and monitoring of the data and resources.
Accountability is quickly becoming more important in today’s secure networks.
Part of this concept is the burden of proof. You as the security person must provide proof if you believe that someone committed an unauthorized action.
When you have indisputable proof of something users have done and they cannot deny it, it is known as non-repudiation

Question 5

Malicious software

Answer 5

Known as malware, this includes computer viruses, worms, Trojan horses, spyware, rootkits, adware, and other types of unwanted software.
Everyone has heard of a scenario in which a user’s computer was compromised to some extent due to malicious software

Question 6

Unauthorized access

Answer 6

Access to computer resources and data without consent of the owner. It might include approaching the system, trespassing, communicating, storing and retrieving data, intercepting data, or any other methods that would interfere with a computer’s normal work.
Access to data must be controlled to ensure privacy. Improper administrative access falls into this category as well.

Question 7

System failure

Answer 7

Computer crashes or individual application failure.

This can happen due to several reasons, including user error, malicious activity, or hardware failure.

Question 8

Social engineering

Answer 8

The act of manipulating users into revealing confidential information or performing other actions detrimental to the user. Almost everyone gets e-mails nowadays from unknown entities making false claims or asking for personal information (or money!); this is one example of social engineering.

Question 9

When creating the security plan, some IT professionals divide the plan int three categories of controls as follows:

Answer 9

Physical: Things such as alarm systems, surveillance cameras, locks, ID cards,
security guards, and so on.
Technical: Items such as smart cards, access control lists (ACLs), encryption, and network authentication.
Administrative: Various policies and procedures, security awareness training, contingency planning, and disaster recovery plans (DRPs). Administrative controls can also be broken down into two subsections: procedural controls and legal/regulatory controls.

Question 10

Anti-malware software

Answer 10

Anti-malware protects a computer from the various forms of malware and, if necessary, detects and removes them.
Types include antivirus and anti-spyware software.
Well-known examples include programs from Symantec and McAfee, as well as Microsoft’s Windows Defender. Nowadays, a lot of the software named “antivirus” can protect against spyware and other types of malware as well

Question 11

Data backups

Answer 11

: Backups won’t stop damage to data, but they can enable you to recover data after an attack or other compromise, or system failure. From programs such as Windows Backup and Restore and programs such as IBM’s Tivoli and Symantec’s Backup Exec, data backup is an important part of security. Note that fault-tolerant methods such as RAID 1, 5, and 6 are good preventative measures against hardware failure but might not offer protection from data corruption or erasure (We will cover RAID in future classes)

Question 12

Encryption

Answer 12

The act of changing information using an algorithm (known as a cipher) to make that information unreadable to anyone except users who possess the proper “key”. Examples of this include wireless sessions encrypted with Advanced Encryption Standard (AES), web pages encrypted with HTTP Secure (HTTPS), and e-mails encrypted with Secure/Multipurpose Internet Mail Extensions (S/MIME) or Pretty Good Privacy (PGP).

Question 13

Data removal

Answer 13

Proper data removal goes far beyond file deletion or the formatting of digital media. The problem with file deletion/formatting is data remanence , or the residue, left behind, from which re-creation of files can be accomplished by some less-than-reputable people with smart tools. Companies typically employ one of three options when met with the prospect of data removal: clearing, purging (also known as sanitizing), and destruction

Question 14

White hats

Answer 14

: These people are non-malicious; for example, an IT person who attempts to “hack” into a computer system before it goes live to test the system.
Generally, the person attempting the hack has a contractual agreement with the owner of the resource to be hacked.
White hats often are involved in something known as ethical hacking.

Question 15

ethical hacker

Answer 15

is an expert at breaking into systems and can attack systems on behalf of the system’s owner and with the owner’s consent. The ethical hacker uses penetration testing and intrusion testing to attempt to gain access to a target network or system.

Question 16

Black hats

Answer 16

: These are malicious individuals who attempt to break into computers and computer networks without authorization.
Black hats are the ones who attempt identity theft, piracy, credit card fraud, and so on. Penalties for this type of activity are severe, and black hats know it; keep this in mind if and when you come into contact with one of these seedy individuals—they can be brutal, especially when cornered. Of course, many vendors try to make the term “black hat” into something cuter and less dangerous.
But for the purposes of this book and your job security, we need to speak plainly, so here we will consider a black hat to be a malicious individual.

Question 17

Gray hats

Answer 17

These are possibly the most inexplicable people on the planet.
They are individuals who do not have any affiliation with a company but risk breaking the law by attempting to hack a system and then notify the administrator of the system that they were successful in doing so—just to let them know! Not to do anything malicious (other than breaking in…).
Some gray hats offer to fix security vulnerabilities at a price, but these types are also known as green hats or mercenaries

Question 18

Blue hats

Answer 18

These are individuals who are asked to attempt to hack into a system by an organization, but the organization does not employ them.
The organization relies on the fact that the person simply enjoys hacking into systems. Usually, this type of scenario occurs when testing systems

Question 19

Elite

Answer 19

Elite hackers are the ones who first find out about vulnerabilities.
Only 1 out of an estimated 10,000 hackers wears the Elite hat—and I say that figuratively.
The credit for their discoveries is usually appropriated by someone else more interested in fame. Many of these types of individuals don’t usually care about “credit due” and are more interested in anonymity—perhaps a wise choice.
You do not want to get on an Elite hacker’s bad side; they could crumple most networks and programs within hours if they so desired