Section 21 Book Ch 27 Securing Computers Flashcards
Man-in-the-middle attack
When a hacker is interceptting traffic between computer, servers etc
What is Spoofing?
To impersonate another entity via email, accounts, etc
How do you fight against spoofing?
By providing certificates that prove you are who you are and encryption
What is (DOS) Denial of service?
When you flood a server with requests to the point that the server cant keep up and just gives out 404 codes
What is (DDOS) Distributed denial of Service?
When a massive group of computers controlled by a server somewhere and are commanded to send requests to server to have it shutdown
What is a Zero Day
A new kind of attack that have never been seen before
symptoms of a hacker in your computer
Renamed system files , Disappearing files , Lack of access,
Name types of Perimeter security
Security guards, Mantrap, Locking doors,
entry control roster, badge reader, smart card
What is a hash?
A 1 way value , fixed length
How are passwords saved and then retrieved
They are saved by hash values which are retrieved when you enter a password and then compared to the hash of what you have entered as the password
What is brute forcing?
trying to figure out a passwrod by guessing with multiple types of passwords until success
What is a dictionary attack?
A list of known types of passwords used to crack password hashes
What are Rainbow tables?
Like a dictionary attack but with tables of words, numbers, and symbols that come together to figure password hashes
Name password best practices?
Set strong passwords Long passwords - phrases Password expiration Screen saver Lockscreen password Bios passwords Multi-factor authentification
What is a worm?
First gen of malware that used networks to replicate themselves
What is a trojan?
Any malware that misleads users of its true intent
What is a Rootkit?
A type of program that seats itself inside the boot program drives and hides itself
What is Ransomware?
A type of malware that threatens to publish data, lock out users unless money is given in exchange
What is Ransomware?
A type of malware that threatens to publish data, lock out users unless money is given in exchange
What is a botnet?
A bunch of zomie computers under the control of another
What is a botnet?
A bunch of zomie computers under the control of another
What is a keylogger?
Records keystrokes
What is spyware?
A piece of malware that spies on you
What are signs of malware?
pop-ups Browser redirection Security alerts App crashes OS update failure Spam Hi-jacked email Automated replies Invalid certs(Trusted ROOT CA)
What are signs of malware?
pop-ups Browser redirection Security alerts App crashes OS update failure Spam Hi-jacked email Automated replies Invalid certs(Trusted ROOT CA)
There is no such thing as anit-virus just anti-malware
True
What is a recovery console?
Anit-malware tools
When you have malware on your computer what should you do?
Boot from a backup that is a known good
To protect against malware what should you do with the dns?
Secure your dns
What can you do with DNS to protect against malware
Encrypt your DNS
What is the first step in fighting malware?
Identify and research malware symptoms
What is the second step in fighting malware?
Quarantine the infected systems
What is the third step in fighting malware?
Disable system restore - Windows
What is the fourth step in fighting malware?
Remediate the infected systems
update the anti-malware files
What is the fifth step in fighting malware?
Scan and remove techniques with anti-malware
What is the sixth step in fighting malware?
Schedule Scans
What is the Sixth part 2 step in fighting malware?
Enable system restore and make a system restore point and delete old system retore
What is the seventh step in fighting malware?
Educate your users about mal-ware
What is Phishing?
Fake emails trying to gain info from you
What is spear phishing?
Emails tailored to a certain individual for hacking
First step of incident response
Know your responsibility
Second step of incident response
Identify the problem
- Report through proper channels -Data/Device preservation
- Use of documentation
- Document changes
third step of incident response
Keep chain of custody
- Tracking evidence
- Document process
What is a End-User Licensing agreement (EULA)
Grants a person a license to use something
Who the owner is
How you can use the software
What is Digital Rights Management (DRM)?
Protects the different types of digital copyrights
What is the GNU General Personal License (GNU GPL)
Specifies that if you compile something you have to show the original code
What is a personal license?
Licenses for something that are given out on a per person basis
What is a enterprise license?
A software site license that is issued to a large company. It typically allows unlimited use of the program throughout the organization
What is Materials safety data sheet (MSDS)
How to handle enviornmetal products for disposal and stuff
For computers what are the best temp and humidity levels
Cold and dry
If vacuuming a computer what should you use?
Anti static vacuum
