Security Flashcards
Types of malware
- adware
- spyware
- virus
- Trojan Horse
- worms
- Ransomware
- root kit
- keylogger
- cryptomining
- exploits
Signs and symptoms of malware
- sudden pop-ups with invasive ads
- unexpected, big charges on phone bill
- puzzling increases in data usage
- battery life decreased significantly
- phone temperature is hot
- apps appear that you didn’t download
- wifi and internet access turn itself on
- disappearing files on your laptop
How can you prevent phishing attacks?
Spam filters.
Phishing is a type of spam email. Spam filters cut down on these phishing emails and lower the risk of you clicking on anything.
worm
form of malware that has the ability to replicate without any intervention - similar to a virus
What is the first thing you should do after setting up a new router for your home office, related to the administrative interface?
Change default usernames and passwords.
This is one of the most important steps when buying a new home office router. Nearly every router of the same make and model comes with the same default username and password for accessing the administrative login (separate from the WiFi login). This login is used to gain administrative access to the device and modify things like security settings, port forwarding, device logs, and more. If you don’t change these defaults, someone could literally just “guess” the combination by trying all of the default usernames and passwords for the most common SOHO devices. This list is widely published on the internet, and you can find one example of such list here: https://proprivacy.com/guides/default-router-login-details
You just received a phone call from a client who is about to fill in a form on a website requesting bank information. The client states they received an email from their bank informing them that their card number may have been compromised in a security breach. The client was directed to an official-looking website that requested bank account numbers. What form of security threat are they facing?
phishing
Phishing scams are commonly used by criminals to obtain sensitive user information. A phishing scam usually begins with someone/something masquerading as a trustworthy entity in some form of electronic communication. Phishing is the general term for the overall scheme, and within the phishing attack a criminal may utilize other techniques, like spoofing, to make the attack seem more credible.
phishing
type of malware - Phishing scams are commonly used by criminals to obtain sensitive user information. A phishing scam usually begins with someone/something masquerading as a trustworthy entity in some form of electronic communication. Phishing is the general term for the overall scheme, and within the phishing attack a criminal may utilize other techniques, like spoofing, to make the attack seem more credible.
principle of least privilege
When someone is assigned only the rights and privileges necessary to do her job
To allow users enough flexibility to perform their job, but prevent them from accessing areas they are not allowed to access
While working on the help desk, you receive a phone call from a user who frantically tells you she can’t log in to her account because she has forgotten her password. Suppose the user is an impostor, what form of fraudulent activity is she using to obtain access to the system?
Social engineering.
Attempting to gain access to a company’s network or facility by manipulating people inside the organization is known as social engineering. One example of this is finding out information about employees by looking up their names, finding out the names of their pets, special interests, and using that information to guess at passwords.
An administrator needs more security than is available with just a login and password on her mobile devices and wants to add another layer of security. How can she accomplish this?
by adding multi factor authentication
This could be some form of biometrics (face recognition or fingerprint), the use of a token, possibly a call back phone number.
trojan horse (trojan)
One form of malware is disguised as an application that users unwittingly download and run, which leads to a virus
When the application is run, it infects the system which often opens the system for even more viruses. Unlike some viruses, a trojan does not replicate itself.
Bitlocker to go
will encrypt flash drives as well as external drives thereby providing data security on portable devices.
autorun
allows a system to automatically launch a program on a thumb drive, CD, or, DVD when mounted. This could result in a security threat by causing a virus to automatically run when inserted. Autorun has been replaced by AutoPlay and was eliminated in releases since Windows 7.
You are a system administrator for a high school and responsible for five student computer labs. You need to prevent students from accessing the system BIOS on the machines. What steps should you take to protect these settings?
Assigning a BIOS password to all systems will help. Since BIOS passwords can be easily bypassed by students who can open the system, you should also consider locking covers or case alarms for the lab systems. Expecting lab aids to monitor systems, or installing security cameras, would be prohibitively expensive and not necessarily as secure a password. Removing the BIOS battery would obviously never work.
tailgating
practice of gaining entry into an otherwise secure area by following in someone who does have access.
To prevent network access to an unauthorized device based on its media access control address, which of these schemes could you incorporate on a home router?
MAC Filtering uses the MAC address of a device to either allow or deny network access. Network address translation and port address translation rely on IP address information.
When purchasing applications from the App Store for an Apple iPhone, you know the application comes from a ____.
Trusted source.
When applications are delivered through the App Store, Apple verifies it and the user knows it comes from a trusted source. When purchasing applications for an Android, users have the option of purchasing from Google Play or from third-party providers, which may be untrusted sources.
A client calls and informs you that he is using an access point that incorporates WEP. He wants to know if he can safely use this. What should you tell him?
He needs to replace his old access point with a new one that incorporates WPA2.
The security algorithm Wired Equivalent Privacy (WEP) was part of the original 802.11 standard ratified in 1997. Currently, WPA2 is considered the most secure protocol and should be used on all systems.
What is spyware?
a type of malware that is typically installed with legitimate software and can report or log all of your actions back to a malicious user
typically comes bundled with a genuinely good application you need, and it can track user information such as account numbers and passwords and report it back to someone on the Internet
What technology can be used to establish a VPN (Virtual Private Network) over the internet?
PPTP
PPTP (Point to Point Tunneling Protocol) is used to implement a VPN (Virtual Private Network) across the public internet. Generally considered insecure by itself, this is typically used with other security mechanisms to enhance its security.
whaling
process of targeting high-level corporate users in a phishing scheme. It’s a take off of the term phishing, but at a much higher corporate level
A client calls and tells you her iPhone was stolen and she is very concerned about the data stored on the phone being accessed. When asked, she informs you that the phone is running the latest OS. What advice can you give her?
If there is a passcode enabled then its data is automatically encrypted.
iOS 8 and up automatically encrypts data using the login assigned to the phone. As long as the person with the phone does not have the password for it, the phone should be secure.
mantrap (access control vestibule)
trap used to prevent infiltration methods such as tailgating and piggybacking.
A mantrap is a small area with a set of two locked doors and it separates the outside world from a secured area. When entering, an individual will enter through the first door, but that door must then be closed behind them before the second door may be opened.
Jenny is nervous that a website she is accessing is not a trusted website. What can Jenny look for on the site to ensure that it’s a trusted website?
A digital certificate
Digital certificates help users know when they are accessing a trusted website. Digital certificates are signed by a trusted certificate authority (CA). The CA can ensure that the public key you are getting from a website is actually from the web server and not an attacker.
data loss prevention (DLP)
practice of preventing unauthorized data from leaving an organization. Sensitive data can be leaked either intentionally or unintentionally. Regardless of the cause, the ramifications can be severe. DLP methods can’t prevent data loss entirely, but they are used to reduce the chances of data leakage wherever possible.
Remote Authentication Dial-In User Service (RADIUS)
authentication method used to allow for centralized authentication and accounting. Although it gets its name from the days of dial-up Internet, RADIUS is now the common method used to authenticate over VPNs and wireless networks.
biometric authentication would include checking a users:
fingerprint, face, retina
What are physical security measures?
- access control vestibule (mantrap)
- badge reading
- video surveillance (fixed and PTZ cameras)
- alarm systems (with sensors for surveillance, motion detection, and magnetic contact)
- motion sensors
- door locks
- equipment locks (cable lock, server lock, USB port lock)
- guards (preventative, deterrent, detective)
- bollards (sturdy steel/concrete perimeter measure to keep cars out)
- fences (first line of defense)
What are the different kinds of equipment locks?
- cable lock (immovable object with a cable wrapped around it to a laptop)
- server locks (becoming obsolete since rack enclosures help more)
- USB port locks (to close the port, with a specialized tool to remove lock)
What includes physical security for staff?
- key fobs
- smart cards
- keys
- biometrics (retina, fingerprint, palm reading)
What allows video surveillance to see in the dark in low light areas?
IR (infrared) capabilities
magnetometer (metal detector)
can be used to detect metal objects. The metal detector can also be used as a security choke point. Metal detectors can also be used upon exiting if the enterprise is concerned about insider threats, but this is controversial as it can be considered to be infringing upon employee rights to privacy.
What are means of logical security?
- Principal of Least Privilege (permissions only if they absolutely need them)
- ACLs (Access Control Lists) - specify traffic allowed through a firewall and which is blocked
- MFA (Multi-Factor Authentication) - two or more different authentication types (something you know, something you have, something you are)
- email (least secure method of MFA, helpful for notifying breaches or suspicious activity)
- hard token (hardware token)
- soft token (software token)
- short message service (SMS) - sends a time sensitive code (5-8 digits) to SMS number of user
- voice call - verifies people by calling them and gives a verification code
- authenticator application (soft tokens that act like hardware tokens - Google Authenticator)
multi-factor authentication (MFA)
requires two or more different authentication types.
Authentication types are typically broken down into categories, such as something you know (password, PIN, security question), something you have (authenticator, token), and something you are (biometrics).
Because MFA requires two or more different types of authentication, a user would not be able to use just a personal identification number (PIN) and a password, since they both fall into the category of something you know. Rather, the user would need a combination of the authentication types, such as a password and a token.
A common implementation of multi-factor relating to wireless authentication is the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), which requires the user to not only have a password but also a certificate installed on the computer.
ACLs (Access Control Lists)
ACLs are used to specify which traffic should be allowed through a firewall and which traffic should be blocked. Using an ACL, traffic can be blocked or allowed based upon a number of items including source or destination port as well as source or destination IP address.
What’s the least secure method of MFA (multifactor authentication)?
email.
Email can be helpful as a notification tool for unauthorized access by notifying the individual if suspicious activity has been detected.
What’s the drawback of having a hard (hardware) token?
There’s the chance of losing the token, which could then be used by an unauthorized user to authenticate to a system.
soft (software) token
A soft token or software token is similar to a hardware token, except they come in the form of either a piece of software on your laptop or an app on your mobile device. A software token is more commonly used for MFA with applications such as Google Authenticator, where it acts as a hard token but is software based.
Mobile Device Management (MDM)
MDM policies are used to enforce security measures on mobile devices, such as cell phones and tablets. Many organizations require that their users access email or other business-related apps on their phone, but this can present security risks to the organization. MDM policies can help offset some of the risk.
An example of an MDM policy would be an organization requiring anyone accessing business email or business apps to have a lock screen on their phone with a PIN.
How does Active Directory play into security measures?
AD can be used to help implement security measures across an organization.
AD is not an authentication protocol but acts as storage for the authentication data and works closely with Kerberos, which is the actual authentication protocol
- Login Scripts (series of instructions for login process)
- Domains (computers in a domain have proper security policies)
- Group Policies and Updates (useful in securing an organization, passwords, unwanted/wanted apps, block access to internet, push security updates)
- Organizational Units (subdivisons of the domain can have other security policies in place)
- Home Folders (used by personnel to store files on the server rather than local computers for security)
- Folder Redirection (moves path of folder to new location, like documents from local place to the network server)
- Security Groups (assigning privileges and permissions, auditing permissions)
