Securing Computers Flashcards
Occurs when a person accesses resources without permission
Unauthorized Access
One way to gain unauthorized access
Intrusion
Generic term for searching refuse for information. A form of intrusion
Dumpster Diving
Technique for gaining unauthorized access. Observing someone’s screen or keyboard to get information, often passwords
Shoulder Surfing
The process of using or manipulating people inside the organization to gain access to its network or facilities
Social Engineering
Following someone through the door as if you belong. Form of infiltration
Tailgating
A small room with a set of two doors, one to the outside, unsecured area and one to the inner, secure area. When walking through one, the outer door must be closed before the inner door can be opened
Mantrap
The act of trying to get people to give their usernames, passwords, or other security information by pretending to be someone else electronically
Phishing
Term used for targeted attacks, like when a bad guy goes after a specific celebrity
Spear Phishing
Uses various methods to overwhelm a system, such as a Web server, to make it essentially nonfunctional
Denial of Service (DoS)
Uses many machines simultaneously to assault a system
Distributed DoS (DDoS) attack
Composed of interlinked areas that a good security-minded tech should think about: physical security, authentication, users and groups, and security policies
Access Control
Can keep someone from quickly walking off with the hardware
Cable Locks
Make it harder to plug in a USB drive to load malware for stealing data
USB Locks
Limit access to a server’s port and drives. There are also locking rack doors to limit access to the front or back of an entire server rack
Server Locks
Block specific computers, adding their MAC addresses to the ranks of the undesired
Blacklist
Pre-specify the only MAC addresses allowed access. Not bulletproof since a savvy attacker can spoof an address (they’ll have a much easier time sniffing a valid Wi-Fi MAC address than a wired one, though) from another device accessing the network
Whitelist
How the computer determines who can or should access it and, once accessed, what that user can do
Authentication
Credit card-sized cards with circuitry that can identify the bearer of the card. Relatively common for tasks such as authenticating users for mass transit systems but are fairly uncommon in computers
Smart Card
Devices that store some unique information that the user carries on their person. May be digital certificates, passwords, or biometric data. May also store an RSA token. Most hardware tokens come in the form of key fobs
Security Token
Random-number generators that are used with user names and passwords to ensure extra security
RSA Token
Devices that require some sort of physical, flesh-and-blood authentication
Biometric Devices/Locks
Type of biometric lock where you place your eye up to a scanning device
Retinal Scanner
Permissions for activities, as opposed to true permissions, which control access to resources
Policies
Organizing data according to its sensitivity. Common scheme classifies documents as public, internal use only, highly confidential, top secret, and so on
Data Classification
Members of an organization or company must abide by or comply with all of the rules that apply to the organization or company
Compliance
Any data that can lead back to a specific individual. Kind of regulated data
Personally Identifiable Information (PII)
Basically any PII that involves a person’s health status, medical records, and healthcare services they have received. Kind of regulated data
Protected Health Information (PHI)
A rigorous set of rules for systems that accept, transmit, process, or store credit/debit card payments
Payment Card Industry (PCI)
Fairly new law that defines a broad set of rights and protections for the personal information of citizens living in countries in the European Union
General Data Protection Regulation (GDPR)
Various forms of this enforce how you use commercial software. Many programs require activation over the Internet or a special account with the copyright holder
Digital Rights Management (DRM)
Allow you to take original code and modify it
Open Source Software Licenses
Stipulate that you can’t modify the source code or make it part of some other software suite
Closed Source Software Licenses
In the security sense means to tell Windows to create an entry in the Security Log when certain events happen, such as when a user logs on or tries to access a certain file or folder
Auditing
Defines what actions employees may or may not perform on company equipment
Acceptable Use Policy (AUP)
Defines any program or code that’s designed to do something on a system or network that you don’t want done. Comes in a variety of guises: viruses, worms, randomware, spyware, Trojan Horses, keyloggers, and rootkits
Malware
A program that has two jobs: to replicate and to activate. Needs human action to spread
Virus
Functions similarly to a virus, except it does not need to attach itself to other programs to replicate. Can replicate on its own through networks, or even hardware like Thunderbolt accessories
Worm
A piece of malware that appears or pretends to do one thing while, at the same time, it does something evil. May be a game or a fake security program. Doesn’t replicate.
Trojan Horse
Malware that records the user’s keystrokes and makes that information available to the programmer. A lot of parental control tools use these
Keylogger
A program that takes advantage of very low-level OS functions to hide itself from all but the most aggressive of anti-malware tools. Gains privileged access to the computer. Can strike OSes, hypervisors, and even firmware
Rootkit
Malicious software, generally installed without your knowledge, that can use your computer’s resources to run distributed computing apps, capture keystrokes to steal passwords, or worse. Classic ones often sneak onto systems by being bundled with legitimate software
Spyware
Malicious software that encrypts all the data it can gain access to on a system
Ransomware
A network in infected computers (zombies) under the control of a single person or group, with sizes easily growing into the millions of zombies for the largest networks. One of the most common uses: sending spam
Botnet
The route the malware takes to get into and infect the system
Attack Vector
An attack on a vulnerability that wasn’t already known to the software developers
Zero-Day Attack
The process of pretending to be someone or something you are not by placing false information into your packets
Spoofing
An attacker taps into communications between two systems, covertly intercepting traffic thought to be only between those systems, reading or in some cases even changing the data and then sending the data on
Man-in-the-middle (MITM) Attack
Tries to intercept a valid computer session to get authentication information. Only tries to grab authentication information
Session Hijacking
A special value, saved by the authentication system, computed from the password; each time the user logs in, the system re-computes this special value and compares it with the saved copy. Computation that creates them is irreversible; the only way to figure out what password produced a given one is to guess a password, perform the same computation, and see if they match
Hash
Use complicated math to co dense dictionary tables with hashed entries dramatically. Binary files, not text files, and can store amazing amounts of information in a relatively small size
Rainbow Tables
Unwanted, unknown, or unplanned file downloads like from a pop-up
Drive-By Downloads
Protects your PC in two ways: working in an active seek-and-destroy mode and in a passive sentry mode
Anti-Malware Program
The program scans the computer’s boot sector and files for viruses and, if it finds any, present you with the available options for removing or disabling them
Seek-and-Destroy Mode
Passively monitors a computer’s activity, checking for viruses only when certain events occur, such as a program execution or file download
Virus Shield
The code pattern of a known virus
Signature
Attempts to change its signature to prevent detection by antivirus programs, usually by continually scrambling a bit of useless code. Fortunately, the scrambling code itself can be identified and used as the signature - once the antivirus makers become aware of the virus
Polymorphic Virus/Polymorph
Number generated by the software based on the contents of the file rather than the name, date, or size of that files. Every time a program is run, the antivirus program calculates a new one and compares it with the earlier calculation. If they are different, it is a sure sign of a virus
checksum
Boot sector viruses that use various methods to hide from antivirus software
Stealth Virus programs
Describes software or a remote DNS provider that implements some additional filtering to block your devices from visiting all kinds of malicious Web sites
SecureDNS
The list of virus signatures your antivirus program can recognize. Must be kept up to date so your antivirus software has the latest signatures
Definition File
Core anti-malware programming
Engine
Fixing things the virus or other malware harmed. Can mean replacing corrupted Windows Registry files or even startup files
Remediation
Devices or software that protect an internal network from unauthorized access to and from the Internet at large. Use a number of methods to protect networks, such as hiding IP addresses and blocking TCP/IP ports
Firewalls
Used by hardware firewalls to inspect each incoming packet individually. Also blocks any incoming traffic that isn’t in response to your outgoing traffic
Stateful Packet Inspection (SPI)
Enables you to open a port in the firewall and direct incoming traffic on that port to a specific IP address on your LAN
Port Forwarding
Enables you to open an incoming connection to one computer automatically based on a specific outgoing connection
Port Triggering
The outgoing connection
Trigger Port
The incoming connection
Destination Port
An Internet application that inspects packets, looking for active intrusions. Functions inside the network, watching for threats that a firewall might miss, such as viruses, illegal logon attempts, and other well-known attacks. Inspects traffic inside the network so it can discover internal threats. Always has some way to let the network administrators know if an attack is taking place: at the very least the attack is logged, but some offer a pop-up message
Intrusion Detection System (IDS)
Similar to an IDS but this sits directly in the flow of the network traffic. Can stop an attack while it is happening. The network bandwidth and latency can take a hit. If it goes down, the network link may go down too. Some can block incoming packets on-the-fly based on IP address, port number, or app type
Intrusion Protection System (IPS)
Takes the traditional firewall and packages it with many other security services such as IPS, VPN, load balancing, antivirus, and many other features depending on the make and model
Unified Threat Management (UTM)
Derived from IP security, is Microsoft’s encryption method of choice for networks consisting of multiple networks linked together by some sort of private connection. Provides transparent encryption between the server and the client
IPsec
Signed by a trusted certificate authority (CA) that guarantees that the public key you are about to get is actually from the Web server and not from some evil person trying to pretend to be the Web server
Digital Certificate
