Securing Devices and Data Flashcards
Encrypting File System (EFS)
A file system which allows encryption of individual drives and folders on any NTFS volume.
BitLocker-To-Go
A BitLocker component used to protect removable drives, such as USB flash drives.
BitLocker
An entire volume encryption feature included with Windows Vista and Windows 7 Ultimate and Enterprise editions, and Windows 8 and higher Professional and Enterprise editions.
Trusted Platform Module (TPM)
A microchip installed on the motherboard of desktop and portable computers, which stores critical encryption keys in hardware inaccessible to the operating system or most attackers.
Degausser
A device which uses powerful electromagnets to destroy all data on magnetic media like tapes and hard drives, but not optical or flash storage.
Event Viewer
A tool used to detect and diagnose unusual system behavior.
Rescue disk
A combination of antimalware and system repair tools on a bootable disc or flash drive.
Encryption tools: EFS (Encrypting File System)
Encrypting File System allows encryption of individual drives and folders on any NTFS volume. It is included with Business/Professional/Enterprise/Ultimate editions of Windows, as well as all editions of Windows Server.
Encryption tools: BitLocker
Encrypts entire NTFS volumes, including the system drive. It is available on Enterprise and Ultimate Editions of Windows Vista and 7, Pro and Enterprise versions of Windows 8 and later, and all editions of Windows Server 2008 and later.
Encryption tools: BitLocker-To-Go
A BitLocker component used to protect removable drives, such as USB flash drives. It can encrypt drives formatted as FAT16, FAT32, and ExFAT as well as NTFS. It is included in Windows 7 and later systems which include BitLocker.
What is used to encrypt files on your USB drive?
BitLocker-To-Go
Trusted Platform Module (TPM) is a microchip installed on the motherboard of desktop and portable computers, which stores critical encryption keys in hardware inaccessible to the operating system or most attackers. True or False?
True
What allows encryption of individual drives and folders on any NTFS volume?
EFS
BitLocker: It is an entire volume encryption feature included with Windows Vista and Windows 7 Ultimate and Enterprise editions. True or False?
True
BitLocker: It uses a MDM which is a microchip installed on the motherboard of desktop and portable computers. True or False?
False
BitLocker: It can encrypt the NTFS volumes including the system volume. True or False?
True
BitLocker: It requires a smaller boot volume with at least 20 MB of free space in order to perform the decryption routines. True or False?
False
BitLocker: BitLocker Drive Encryption is compatible with EFS. True or False?
True
Screen lock options: Swipe screen
Swipe a finger across the screen, or a certain part of the screen, to unlock. This doesn’t offer any security against intrusion at all: at best, it prevents accidental input.
Screen lock options: Password
A strong password provides very strong authentication, but it’s more trouble to enter on a touchscreen keyboard than a physical one, especially if it includes mixed cases and special characters.
Screen lock options: Passcode/PIN
Unlock the device with a numeric passcode. Not as strong as a password, but easier to enter, and even a four-digit PIN allows for 10,000 combinations
Screen lock options: Pattern
Unlock the device by drawing a predefined pattern over points on the screen. This can be easier than a passcode, but choosing a pattern that’s both easy to enter and hard to guess might be challenging.
Screen lock options: Fingerprint
A biometric device with a fingerprint scanner isn’t entirely foolproof—it’s not just spy movie stuff for a clever hacker make a “fake finger” from some glue and an existing fingerprint smudge on the screen. That said, it’s strong protection against most intruders.
Screen lock options: Face
Uses the device camera and face recognition software. Can potentially be fooled by using a photo, but newer versions add additional measures like requiring the user to blink. Cameras with infrared (IR) sensitivity are especially effective for facial recognition under varying light conditions.
Mobile device policies: Permitted devices
Required features, operating systems, or models for a device to be allowed under the policy.
Mobile device policies: Support
Who supports what aspects of device functions. IT may not have the time or training to support everything that can go wrong on a wide range of user devices.
Mobile device policies: App and data ownership
Policies should clearly specify what apps and data are company property, for example work email messages and corporate documents. Mobile containerization technologies can even allow part of an employee-owned device’s memory and storage to be securely set aside for corporate purposes, or vice-versa.
Mobile device policies: Privacy
Employees should expect some privacy with personal activities and data on their own devices, but at the same time it might be limited during work hours or on company networks. The policy should spell out employee privacy expectations.
Mobile device policies: Network access
Some workplaces may choose to limit personal devices to limited access or guest networks. This can limit their usefulness, but makes it easier to secure them.
Mobile device policies: Onboarding and offboarding
There should be a set process for how an employee needs to prepare a device to join the program, and another for what happens when an employee leaves or just stops using a particular device for work. Offboarding should also address what happens with devices subsidized by the company.
Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage, and secure employees’ mobile devices. True or False?
True
What kind of policy governs a user-owned device on the corporate network?
BYOD (Bring-your-own-device)
Common malware symptoms: File alteration
Any unexpected alteration to files can be indicative of malware. They might be renamed or deleted suddenly, or vanish gradually over time.
Common malware symptoms: Unfamiliar programs
Programs that shouldn’t be installed can indicate malware, either because they were installed by existing malware or because a user carelessly installed a compromised application.
Common malware symptoms: Security alerts
If your antivirus scanner occasionally detects and quarantines threats you should review the log to see what they were. Frequent alerts could represent network vulnerabilities, or some other, undetected malware that’s opened a backdoor into the system.
Common malware symptoms: Browser oddities
Malware frequently attacks or affects web browsers. This might manifest as something as simple as excessive or unusual pop-up ads, or new toolbars and add-ons in the browser.
Common malware symptoms: Email issues
Receiving excessive spam isn’t necessarily a sign of malware, but it can increase the risk of contracting it: consider client protection and spam filtering if it’s a problem.
Common malware symptoms: Stability and performance
Malware can cause all sorts of problems with overall system performance: application crashes, operating system lockups or reboots, network connectivity problems, or just performance slowdown.
Common malware symptoms: Failed updates
To prevent detection or removal, malware will frequently disable tools that can fight it. Operating system updates can fail, or refuse to launch.
Malware removal tools: Antivirus scanner
Real-time, scheduled, and manual anti-virus scans are the first line of defense against malware. If one product can’t find the infection you can always try another.
Malware removal tools: Antimalware software
Apart from traditional antivirus scanners, some products specialize in detecting a broader range of threats, such as changes made by spyware, adware, or rootkits. Other tools are designed to remove specific threats.
Malware removal tools: Event Viewer
Used to detect and diagnose unusual system behavior. System logging software won’t remove malware, but it might show you how it was contracted or what changes were made.
Malware removal tools: System Restore
Saves and restores system files and settings, allowing you to recover from some harmful changes—even those you might accidentally cause in the cleanup process.
Malware removal tools: System backups
Restoring from data backups can recover data lost to malware, and restoring from a complete system image is even a valid form of malware removal.
Malware removal tools: Terminal
As useful as GUI tools, some troubleshooting is easier when you’re familiar with command-line tools. Sometimes you might even have to boot to a command prompt to salvage a damaged system.
Malware removal tools: MSCONFIG
Allows you to change boot options. Malware frequently changes boot settings, or adds malicious programs or services to the startup process. MSCONFIG also is one way to enter safe mode or other controlled startup environments.
Malware removal tools: Installation media
If system files are missing or damaged, you might be able to restore them from an operating system installation disc or flash drive.
Malware removal tools: Recovery environment
If the computer won’t boot or if malware has compromised the operating system enough to prevent repair, you’ll need an alternate boot environment.
Malware removal tools: Rescue disk
A combination of antimalware and system repair tools on a bootable disc or flash drive. There are many free preconfigured products, some from antivirus vendors: they include PC Tools’ Alternate Operating System Scanner, Kaspersky Rescue Disk, and Microsoft’s Windows Defender Offline.
Mobile security symptoms: Device and network performance
Heavy resource utilization, slow network speeds, and rapid battery drain can suggest either malware or just a misbehaving application.
Mobile security symptoms: Exceeded data limits
Most mobile plans have monthly limits for data use. Even when they don’t, providers and devices can monitor data usage.
Mobile security symptoms: Unexpected feature activation
Some mobile features, while very useful, can consume battery life and compromise security or privacy. It’s easy and good practice to turn some of these off when you don’t need them, such as Wi-Fi, Bluetooth, or location tracking.
Mobile security symptoms: Surveillance risks
Mobile devices make perfect surveillance devices in the hands of a malicious or unwary users. Even if features like cameras, microphones, and location tracking aren’t turned on by malware, it’s easy to leak sensitive data using these features in normal applications.
Mobile security symptoms: Changed app permissions
For security reasons mobile apps should only be given permissions they need to function. For example you shouldn’t give an app access to the camera or ability to place calls unless you trust it and it actually needs that capability.
Mobile security symptoms: Unintended Wi-Fi access
Joining an untrusted Wi-Fi network is a security risk. Unencrypted Wi-Fi networks can leave your network communications open to eavesdropping, and even a “secure” hotspot run by a malicious party might be used to steal data or perform network attacks.
Mobile security symptoms: Unintended Bluetooth pairings
Whether caused by malware or not, pairing with an unfamiliar or unintended Bluetooth device can endanger security. Review paired Bluetooth devices and investigate any unexpected entries.
Mobile security symptoms: Unauthorized root access
Not only can malware force root access, but a device jailbroken or rooted by a legitimate user can be more vulnerable to malware.
Mobile security symptoms: Suspicious apps
Apps the user doesn’t know about, or that come from third-party appstores or websites, might be a security risk. With so many available apps it can be hard to tell what’s unusual, but investigate anything that sticks out.
Mobile security symptoms: Unauthorized account access
On network-centric mobile devices, there can be many signs of unauthorized access from outside sources.
Mobile security symptoms: Leaked data
Mobile devices are easy ways to leak personal or business data. Not only can it be stolen from the device itself or a cloud backup, the device can be used to smuggle data from inside a secure enterprise network.
Mobile security Tools: Antimalware
Just like on the desktop, you can use anti-malware software to monitor the system or actively scan for signs of malware. Apple claims that iOS devices are not vulnerable to malware and does not allow malware scanners in its App Store, but a variety are available for Android and Windows Phone.
Mobile security Tools: App scanner
Other scanners don’t look specifically for malware such as for app problems or changes. They can help notice unusual activities even if they’re not strictly malware.
Mobile security Tools: Wireless analyzer
To verify signal problems, you can just try moving the device. You can also use a Wi-Fi analyzer or cell tower analyzer, either as a specialized appliance or an app on another mobile device.
Mobile security Tools: App control features
If you think an app is having a problem, you can force stop it from within the operating system, or uninstall and reinstall it. You can even uninstall apps remotely from iTunes or the Google Play Store.
Mobile security Tools: Backup and restore
Not only can you backup and restore mobile data and settings to and from your desktop, you can also store it using cloud services like Google Sync, iCloud, or OneDrive.
Mobile security Tools: Factory resets
Mobile devices are easy to reset to a freshly installed state, deleting user data, installed apps, and, hopefully, any installed malware.
What is the order for the malware removal process in windows?
- Identify Symptoms
- Quarantine the system
- Disable system restore
- Repair the system
- Update the system
- Enable system restore
- Educate the end user
The Event Viewer is used to detect and diagnose unusual system behavior. True or False?
True
What is used to monitor a system or actively scan for signs of malware?
Antimalware software
What is the function of the Event Viewer tool?
It is used to detect and diagnose unusual system behavior.
Which of the following allows encryption of individual drives and folders on any NTFS volume?
EFS
Which is a software that allows IT administrators to control, secure, and enforce policies on smartphones, tablets, and other endpoints?
MDM
Which screen lock option does not offer any security against intrusion at all?
Swipe screen
Which tool is used when system files are missing or damaged?
Installation media
Which tool is used to notice unusual activities in a device even if they’re not strictly malware?
App scanner
Which mode of BitLocker authentication allows the user to start up the computer and log into Windows as normal?
Transparent operation
