2.0 - 2.10 Flashcards by Daming Huang

Some secure areas include an ____ (formerly known as a mantrap), which is an area with two locking doors. A person might get past the first door by way of tailgating but likely will have difficulty getting past the second door, especially if there is a guard between the two doors. An ____ essentially slows down the entry process, in hopes that any people sneaking in behind others will be thwarted before they gain entry to the secure area. If someone lacks the proper authentication, that person will be stranded in the ____ until authorities arrive.

access control vestibule

How well did you know this?

Not at all

Perfectly

ID badges and readers can use a variety of physical security methods, including the following:
_______ If the bearer of the card doesn’t look like the person on the
card, the bearer might be using someone else’s card and should be
detained.

Photos

How well did you know this?

Not at all

Perfectly

ID badges and readers can use a variety of physical security methods, including the following:

____: The codes embedded on these cards carry a range of information about the bearers and can limit individuals’ access to only authorized areas of buildings. These cards can be read quickly by a barcode scanner or swipe device.

Barcodes and magnetic strips

How well did you know this?

Not at all

Perfectly

ID badges and readers can use a variety of physical security methods, including the following:
____: As with barcoded badges, cards with radiofrequency identification (RFID) chips can be used to open only doors that are matched to the RFID chip. They can also track movement within a building and provide other access data required by a security officer. To prevent undetected tampering, ID badges should be coated with a tamper-evident outer layer.

RFID technology

How well did you know this?

Not at all

Perfectly

____are devices that can interpret the data on a certain type of ID.
Although photo IDs are still best assessed by humans, other types of IDs
add extra security that ____can govern.

Badge Reader

How well did you know this?

Not at all

Perfectly

Cameras are ubiquitous, thanks to the explosive growth of the Internet of Things (IoT). They are affordable and can easily store recordings for security and historical reference. ___of secure areas is essential.

Video Surveillance

How well did you know this?

Not at all

Perfectly

Alarms are common in many areas of security, from failed drive alarms in computers to hacking attempts in firewalls. Less sophisticated but just as
essential are physical alarms that alert security personnel when doors are open or cables are moved.

Alarm Systems

How well did you know this?

Not at all

Perfectly

When used with video and alarm systems, _＿ can provide good physical security. Motion detectors can activate alarms and time-stamp
events for tracking on video recordings.

Motion Sensors

How well did you know this?

Not at all

Perfectly

A determined and skillful thief can foil even the best security plans. The best way to deter a thief is to use a mix of technical barriers and human interaction. ____ can be deployed in different ways. When employees enter the work area in the presence of a guard, best practices most likely will be followed and everyone will scan in and be authenticated. Without a guard, people might hold the door open for others whom they recognize but who say they misplaced their IDs. Knowing that someone is watching carefully keeps honest people honest and deters dishonest people. Another way to deploy ____ is to have them watch several areas via security cameras that record access into and out of the buildings. Although this method is not as effective as posting a guard at each door, it allows fewer security ____ to scan different areas for traffic behaviors that warrant further attention.

Guards

How well did you know this?

Not at all

Perfectly

Of course, the easiest way to secure an area is to lock doors. This seems like an obvious statement, but it is surprisingly common for people to simply wander into unauthorized areas. Some organizations have written policies explaining how, when, and where to lock doors. Beyond the main entrances, you should also always lock server rooms, wiring closets, labs, and other technical rooms when they are not in use. Physical ____ might seem like a simple solution, but they can’t be taken over by hackers.

Door Locks

How well did you know this?

Not at all

Perfectly

Most desktops, laptops, and other mobile devices such as projectors and docking stations feature a security slot. On a laptop, the slot is typically located near a rear corner

Equipment Locks

How well did you know this?

Not at all

Perfectly

____ are short wood, metal, or concrete posts installed in sidewalks and driveways to allow pedestrian and bike traffic to pass while keeping larger vehicles away. They are often removable with key access, to allow maintenance vehicles and other necessary traffic to get close to buildings. ____ are a passive way of keeping vehicles that could be listening for signals away from sensitive data centers. People coming and going from buildings also are easier to keep track of with video cameras.

Bollards

How well did you know this?

Not at all

Perfectly

Of course, the most fundamental security device is a fence. ____ are usually subject to building codes, so effective design is important. They should be as tall as possible, sturdy, and monitored.

Fences

How well did you know this?

Not at all

Perfectly

targets the entire website if the website is using a SQL database. Attackers can potentially run SQL commands that allow them to delete website data, copy it and run other malicious commands.

SQL Injection

How well did you know this?

Not at all

Perfectly

____ can be used with a variety of security devices. ____ can contain RFID chips, and many are used as part of a two-step authentication process that works as follows:

The user carries a key fob that generates a code every 30 to 60 seconds. Every time the code changes on the fob, it is also matched in the authentication server. In some cases, the user must also log into the fob to see the access code, for an extra layer of security.

The user then logs into the system or restricted area, using the randomly generated access code displayed on the key fob’s LCD display. The authentication server matches the current code and allows access. A key fob used in this way is often referred to as a hardware token.

Key Fobs

How well did you know this?

Not at all

Perfectly

A____ is a credit card–sized card that contains stored information and possibly also a simple microprocessor or an RFID chip.____s can be used to store identification information for use in security applications and to store values for use in prepaid telephone or debit card services, hotel guest room access, and other functions.____s are available in contact and contactless form factors.

Smart Card

How well did you know this?

Not at all

Perfectly

Contactless cards are also known as ___. Readers for these cards are usually wall mounted so that users can scan their cards within 6 inches of a reader.

proximity cards

How well did you know this?

Not at all

Perfectly

A ____–based security system includes ____s, card readers that are designed to work with ____s, and a back-end system that contains a database that stores a list of approved ____s for each secured location. ____–based security systems can also secure individual personal computers.

Smart Card

How well did you know this?

Not at all

Perfectly

smart card security systems can be multifactor, requiring the user to input a __ or __and then provide the smart card at secured checkpoints, such as the entrance to a computer room.

PIN / security password

How well did you know this?

Not at all

Perfectly

Keeping track of ____ is essential. If ____ are entrusted to a careless person or, worse, a dishonest employee, the entire security plan can fail. Document who has ____ to server rooms and wiring closets, and periodically change the locks and ____. Cipher locks that use punch codes also enhance security. Using a combination of these methods provides greater protection.

keys

How well did you know this?

Not at all

Perfectly

security refers to the use of a person’s biological information, gathered from scans.

Biometric

How well did you know this?

Not at all

Perfectly

One of main type Biometeric is currently in use ,

_______________As with iris scanning, ____ is
highly accurate, but this type of biometric scan is much more
affordable to implement. The scan gathers data on fingerprints and
compares their features to data stored for matching. More than one
fingerprint can be stored for reference.

fingerprint scanning

How well did you know this?

Not at all

Perfectly

One of main type Biometeric is currently in use ,

_______________ This scan is less accurate than fingerprint scanning because the palm scanner does not analyze the structure of the fingerprints; it merely gathers data on the size of the hand.

Palmprint scanning:

How well did you know this?

Not at all

Perfectly

One of main type Biometeric is currently in use ,

_______________This highly accurate technology is nearly impossible to foil, but it requires specialized equipment and can be expensive

Retina (iris) scanning:

How well did you know this?

Not at all

Perfectly

Maintaining well-lit areas is important, for many obvious and not-so obvious reasons. With the advent of LED ____, good ____ is no longer the cost and energy concern it used to be. Well-lit areas can provide safety for workers, enhanced readability of tiny labels when working with racks of equipment, and enhanced quality for video cameras and other security measures.

Lighting

The term ____is simply another name for a metal detector, common to all airports and many public areas. Highly sensitive areas generally have restrictions on weapons; a ____can identify concealed weapons, to enforce the rules and reduce the likelihood of a violent incident.

Magnetometers

Privacy issues are important to any company that handles confidential data. When that data is being used on a workstation screen or mobile device, it needs to be protected from unintentional viewing. Data on a computer screen can be easily protected by installing a ____, which is a transparent cover for a PC monitor or laptop display. It reduces the cone of vision, usually to about 30 degrees, so that only the person directly in front of the screen can see the content. Many of these screens are also antiglare, to reduce the user’s eye strain.

Privacy Screen

A computer is a combination of physical and logical systems, and security practices must address both of these sides of computing. Addressing software (logical) security practices is essential as well.

Logical Security Concepts

The ____ appears to be basic common sense, but it should not be taken lightly. When user accounts are created locally on a computer—especially on a domain—great care should be taken in assigning users to groups. Additionally, many programs ask during installation who can use and make modifications to the program; often the default is “all users.” Some technicians just accept the defaults when hastily installing programs, without realizing that they are giving users full control of the program. It is an important practice to give clients all they need, but to limit their access to only what they need.

Principle of Least Privilege

Applying the ____ means giving users access to only what they require to do their jobs. Most users in a business environment do not need administrative access to computers and should be restricted from functions that can compromise security.

Principle of Least Privilege

are lists of permissions or restriction rules for access to an object, such as a file or folder. ____which users or groups can perform specific operations on specified files or folders.

Access control lists (ACLs)

. For example, consider a person gaining access to a system by using a digital code from a fob and then typing a username and password. The combination of the password and the digital token makes it very difficult for imposters to gain access to a system. ____ is more secure than earlier versions of software tokens, which could be stolen.

multifactor authentication (MFA)

A ____ system uses two or more authentication methods and is far more secure than single-factor authentication

multifactor authentication (MFA)

____ uses Advanced Encryption Standard (AES) encryption.

Wi-Fi Protected Access 2 (WPA2)

____ uses 128-bit blocks and supports variable key lengths of 128, 192, and 256 bits. It allows up to 63 alphanumeric characters (including punctuation marks and other characters) or 64 hexadecimal characters. ____ also supports the use of a RADIUS authentication server in corporate environments

Wi-Fi Protected Access 2 (WPA2)

____, which was released in 2018, uses 128-bit encryption (192-bit in an enterprise version) and has a different method for sharing security keys than the other types of encryption. ____is designed to add better privacy and protection against attacks on public Wi-Fi networks.

Wi-Fi Protected Access 3 (WPA3)

____is somewhat like WEP in design so that it can operate on legacy hardware that lacks computing power. ____is no longer considered sufficiently secure.

Temporal Key Integrity Protocol (TKIP),

____ is much more secure and has been adopted by the U.S. government as the encryption standard. Some important points to remember are that two versions of WPA2 exist: WPA2-Personal and WPA2-Enterprise.

Advanced Encryption Standard (AES)

___ protects unauthorized network access via a password. ___uses pre-shared keys

WPA2-Personal

___verifies network users through a server.

WPA2-Enterprise

____maintains equivalent cryptographic strength through the required use of 192-bit AES for the Enterprise version and optional 192-bit AES for the Personal version. ____helps prevent offline password attacks by using Simultaneous Authentication of Equals (SAE). This still allows users to choose easier-to-remember passwords and, through forward secrecy, does not compromise traffic that has already been transmitted, even if the password becomes compromised.

Wi-Fi Protected Access 3 (WPA3)

Four different ____methods are used for access to a wireless network: single-factor, multifactor, RADIUS, and TACACS+. These methods also apply to wired networks.

Authentication

____ authentication is basic username and password access to a computer or network. For years, this was sufficient—and it is still used in many environments. But the rise of online banking and shopping drew more advanced hacking methods, and ____authentication is now rare in online commerce

Single-factor

A ___authentication system uses two or more authentication methods and is far more secure than single-factor authentication.

multifactor

dates back to the days of dial-up modem access to networks in the early 1990s. It has been widely distributed and is still in use, although it has been updated over the years. A user who wants to access a network or an online service can contact a ___ server and enter username and password information when requested. The server authenticates (or declines) the user and advises the network or service to allow the client in (or not).

Remote Authentication Dial-In User Service (RADIUS)

is an open standard authentication protocol that is used between two clients (or a client and a server) and a third-party ___Key Distribution Center server. The clients acquire a ___key and can mutually authenticate across an unsecure network or the Internet. Microsoft’s version of ___is the default method for Windows authentication for joining domains. Versions are also available on macOS, Linux, and other operating systems

Kerberos

solved a problem that occurred as network use expanded in the 1980s. The name and acronym seem convoluted, but they describe the function and process pretty well. In early network computing, when a user logged into a network, each time he or she accessed a different resource or host on that network, the user had to reauthenticate. Dial-up was slow, and logging in was a time consuming process. With ___, a user who was already authenticated into the network was automatically logged into other resources in the system as well. The network’s access control system took care of the user’s terminal access. In its original form, TACACS is quite insecure, but Cisco has updated and re-released it in proprietary form as ___.

Terminal Access Controller Access Control System (TACACS+)

Malicious software, or___, is software designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent.___ is a broad term used by computer professionals to include viruses, worms, Trojan horses, spyware, rootkits, keyloggers, adware, and other types of undesirable software.

Malware

___malware, also known as a ___horse, is a malware program disguised as a “gift”—usually popular videos or website links—that trick the user into downloading a virus that might be used to trap keystrokes or transmit sensitive information. Trojans are aptly named for the famous story of the wooden ___horse, an apparent gift that hid invading soldiers and allowed them to sneak inside the city gates of Troy.

Trojan

does not need a host program to work; rather, it substitutes itself for a legitimate program. A malware that disguises itself as one thing, but does something else.

Trojan

attaches itself to some executable code like a program. When the program is running, it touches many files, each of which is now susceptible to being infected with the ___. It replicates itself on these files, does the malicious work it's intended to do and repeats this over and over until it spreads as far as it can.

virus

Just as biological ____es can infect humans and cause all sorts of different illnesses, computer ____es can infect and damage computers. ____ is a generic term for any malicious software that can spread to other computers and cause trouble. Some ____es are more malicious than others, but all need to be guarded against with anti____ updates. Most ____ attacks are spread with human assistance when users fall prey to phishing and carelessly open attachments.

virus

A __ is a set of hacking tools that makes its way deep into the computer’s operating system or applications and sets up shop to take over the computer. Some ____ do keylogging, some listen for banking information, and more complex ones completely take over a computer. A ____ is a complex type of malware that is difficult to detect and remove with standard malware antivirus software. Sometimes wiping the drive and reinstalling the operating system is the only certain solution.

rootkit

spies on you to collect personal information that it transmits over the Internet to web-hosting sites.

Spyware

____is software that spies on system activities and transmits details of web searches or other activities to remote computers. Getting multiple unwanted pop-up windows when browsing the Internet is a good indicator of ____. Some pop-up windows show fake security alerts , in the hopes that a user will click on something and then either purchase rogue or fake antivirus software or just download more malware. ____can cause slow system performance.

Spyware

holds your data or system hostage until you pay some money

Ransomware

uses malware to encrypt the targeted computer’s files. The ransom demand might be presented after you call a bogus technical support number displayed by a fake error message from the ____, or the ransom demand might be displayed onscreen. The ransom must be paid within a specified amount of time, or the files will not be decrypted.

Ransomware

An even larger attack is technically known as UNC2452 but more commonly known by how it was spread: through huge networks piggybacking on Solar Winds networking software. This virus is so exceptionally complicated that is thought to be the work of an unknown government.

Ransomware

A famous recent example of ____ is the WannaCry virus, which spread throughout the world in 2017. It impacted Windows machines that had not been updated with security patches that would have prevented the spread of the attack.

Ransomware

viruses are especially dangerous because they track keystrokes and can capture usernames and passwords of unwitting users. A ____ can be delivered via a Trojan horse, phishing, or a fake email attachment that the user opens. One way to foil these attacks is to require multifactor authentication because the second authentication factor changes, rendering the stolen password invalid.

Keylogger

tracks all your keystrokes and can be used to steal your identity, credit card numbers, Social Security number, bank information, passwords, email addresses, and so forth

Keylogger

A ___is similar to a rootkit virus, in that it is embedded deep into the computer. In this case, the virus embeds itself into the initial code of the boot sector on a hard drive. Once there, it can be loaded into system memory on startup and initialize the hidden virus in other drives on the network. Current versions of BIOS and UEFI have built-in protection against boot sector viruses, and these viruses are less common than in decades past.

boot sector virus

____ are viruses that take over the resources of an infected computer to mine cryptocurrency, usually bitcoin. This practice is also known as cryptojacking. Bitcoin mining is largely legal in most countries, but it is expensive in terms of power use and computer resources. Thus, miners sometimes try to force someone else to pay the costs of mining while they reap the benefit of earning cryptocurrency. Viruses can be delivered in Trojan horses, during phishing, and in browser-based attacks in which malicious code is put into a web page and runs when the browser visits the page. Slow performance, high CPU usage, and higher network traffic are symptoms that a crypto virus might be onboard.

Cryptominers

Protection against viruses and malware is necessary for every type of computing device, from mobile devices to servers. Computer protection suites that include antivirus, anti-malware, anti-adware, and anti-phishing protection are available from many vendors, but some users prefer a “best of breed” approach and choose the best available product in each category

Antivirus/Anti-malware

programs can use some or all of the following techniques to protect users and systems: Real-time protection to block infection Periodic scans for known and suspected threats Automatic updating on a frequent (usually daily) basis Renewable subscriptions to obtain updated threat signatures Links to virus and threat encyclopedias Inoculation of system files Permissions-based access to the Internet Scanning of downloaded files and sent/received emails

Antivirus/Anti-malware

When attempting to protect against viruses and malware, the most important consideration is to keep your __application up-to-date. The second most important consideration is to watch out for unknown data, whether it comes via email, USB flash drive, a mobile device, or some other mechanism.

anti-malware

____enables you to reset your PC or boot from a recovery disk. If resetting the PC is not sufficient, you can boot from a recovery disk to remove infected files and restore your original files. Access the recovery tools in Windows 10 by going to Settings > Update & Security > Recovery.

Recovery Mode

Regardless of the sophistication of physical or digital security measures, a lack of ___ can lead to security issues. Users should be educated in how to do the following: Ask for an ID when approached in person by someone claiming to be from the help desk, the phone company, or a service company. Ask for a name and a supervisor name when contacted by phone by someone claiming to be from the help desk, the phone company, or a service company. Use only official contact information for the help desk, phone company, and authorized service companies, and call the authorized contact person to verify that a service call or phone request for information is legitimate. Log into systems first and then give the technician the computer (instead of giving the technician all the login information). Change passwords immediately after service calls. Report any potential social engineering calls or in-person contacts, even if no information was exchanged. Social engineering experts can gather innocuous-sounding information from several users and create a convincing story to gain access to restricted systems. Keep antivirus, antispyware, and anti-malware programs updated. Scan systems for viruses, spyware, and malware. Understand the major malware types and techniques. Scan removable media drives (such as optical discs and USB drives) for viruses and malware. Disable Autorun and AutoPlay. Configure scanning programs for scheduled operation. Respond to notifications that viruses, spyware, or malware have been detected. Quarantine suspect files. Report suspect files to the help desk. Remove malware. Disable antivirus software when needed (such as during software installations) and know when to reenable antivirus software. Avoid opening attachments from unknown senders. Use anti-phishing features in web browsers and email clients.

user education

Phishing is a well-known problem that continues to confound network security educators. Phishing requires naive or vulnerable users who are unfamiliar with how easily they can provide a home for malware or a virus. This is usually done by opening email that users do not carefully look at before opening, or giving away information that can help hackers access the network. Training can involve weekly reports of phishing examples. Some IT departments even internally release “fake” phishing attempts to see if anyone responds and needs more training.

Anti-Phishing Training

is often a good solution for an infected computer. It is an involved process, but many viruses are so well hidden that it can be the best solution.

OS reinstallation

During and after the __: Keep the computer off the network during the process. Ask for all updates available. Enable the firewall and install any other security software used on the network. Scan the external drive that contains the backed-up files, to make sure the virus is not reimported in one of them. Enable automatic updates for the OS and antivirus software.

reinstallation

Before performing the ___: Isolate the computer from any network connections. Change all passwords that were used during the suspected time of infection, especially banking and work passwords. (There is no point in changing the computer’s passwords because they will need to be reset during the installation.) Back up data files on an external hard drive. Don’t back up the apps; the virus might reside in one of them.

reinstallation

Eight common___ techniques that all employees in an organization should know about are phishing, vishing, shoulder surfing, whaling, tailgating, impersonation, dumpster diving, and evil twin.

social engineering

____ involves creating bogus websites or sending fraudulent emails that trick users into providing personal, bank, or credit card information. A variation, phone ____, uses an interactive voice response (IVR) system that the user is tricked into calling, to dupe the user into revealing information. ____ is a constant threat that administrators can address with awareness warnings that give examples of the latest threats and educate employees on identifying suspicious message

Phishing

____ involves leaving deceptive voice messages that appear to come from an internal source or other authority. These messages request confidential information, such as payroll or tax information. The attacks typically target a specific person, organization, or business. The best protection against ____ is to implement security practices that educate users on how to handle sensitive information within the organization.s.

Vishing

____ is a specific type of phishing attack that goes after high-level employees (the big fish, or whale) in an organization, especially the CEO. The attacks tend to be more sophisticated and customized, appearing to come from a high-level executive at another company. Links inside the mail or website infect the computer belonging to leadership, granting access to more sensitive information and possible authorization for fund transfers.

Whaling

____ is a type of social engineering similar to phishing, in which a hacker sends an email pretending to be someone the victim trusts. It can take time and research for the impersonator to figure out how to gain the target’s trust. ____, also known as business email compromise (BEC), is not restricted to email, but can happen on the phone or in person. Common sense and strict policies on how to communicate sensitive information can help prevent ____ attacks.

Impersonation

Going through the trash seeking information about a network—or a person with access to the network—is called ____. This type of activity does not have to involve an actual dumpster, of course—just someone searching for any information that will help him or her socially engineer a way into a network. To limit the prospects of a dumpster diver, paper shredders or shredding services should be employed to keep data out of reach.

Dumpster Diving

____ is the attempt to view physical documents on a user’s desk or electronic documents displayed on a monitor by looking over the user’s shoulder. Shoulder surfers sometimes watch the keyboard to see passwords being entered. They act covertly, looking around corners and using mirrors or binoculars. They might also introduce themselves to users and make conversation, in the hopes that the users will let down their guard. A common protection against ____ is using a special privacy screen that limits the viewing range of a display. Employees should be trained to be aware of others who are able to see their screens and to leave screens locked when they are away from their workstations.

Shoulder surfing

____ occurs when an unauthorized person attempts to accompany an authorized person into a secure area by following that person closely and grabbing the door before it shuts. This is usually done without the authorized person’s consent; sometimes the authorized person is tricked into believing that the thief is authorized. If the authorized person is knowingly involved, the act is known as piggybacking. Mantraps, mentioned earlier, are designed to thwart ____.

Tailgating

An____ attack involves setting up a fraudulent wireless access point on a network that imitates the legitimate AP for local users. The____ AP sometimes attacks the legitimate AP, so users are fooled into logging onto the____. The twin can then sniff usernames and passwords and listen for other valuable information. Sometimes an____ can set up a fake portal that mimics the company site, to collect even more data on anyone who logs on.

evil twin

Any viable plan to protect a network and data must be based on a clear understanding of the __ that all IT networks face.

Threats

A ____ attack involves one computer attacking a specific target with an overwhelming number of service requests. This is very similar to a DDoS attack, but without the bots. The messages coming from one source can still take down a network, at great cost to a business.

denial of service (_DOS___)

When legitimate software is sold and distributed, it might have unknown security vulnerabilities. When the flaws are discovered, the users put out alerts and the software company creates a patch. Sometimes hackers watch for those alerts and exploit the vulnerabilities before the patch is installed, hence the term ____.

zero-day attack.

is a general term for malware attacks that purport to come from a trustworthy source.

Spoofing

Phishing, spear phishing, and rogue antivirus programs are three examples of __.

spoofing

An ____involves an attacker intercepting a connection while fooling the endpoints into thinking that they are communicating directly with each other. Essentially, the attacker becomes an unauthorized and undetected proxy or relay point; the attacker uses this position to capture confidential data or transmit altered information to one or both ends of the original connection.

on-path attack / man-in-the-middle

A_- involves cracking passwords by calculating and using every possible combination of characters until the correct password is discovered. The longer the password used, and the greater the number of possible characters in a password, the longer ____ takes. One way an administrator can block ____ is to set authentication systems to lock after a specified number of incorrect passwords. Longer passwords also aid in the fight against ___.

brute-force attack

___ involve attempting to crack passwords by trying all the words in a list, such as a dictionary. A simple list might include commonly used passwords such as 12345678 and password. ____ can be blocked by locking systems after a specified number of incorrect passwords. Requiring more sophisticated passwords that do not include identifiable information such as birthdays or family names is also a strategy.

Dictionary attacks

Many security procedures are designed to prevent people outside an organization from penetrating a network and making off with valuable data. However, a very real threat comes from ____, in the form of dishonest or unhappy employees or a trusted vendor or contractor who has access to the network or the network infrastructure. Many incidents of corporate or government espionage and intellectual property theft have been performed by insiders with high levels of access. In fact, an insider can do much more harm than an outsider. Preventing ____ is difficult, but many of the monitoring and antiphishing practices also protect against insider fraud. It is a common corporate practice that when employees with access to the network are terminated or quit, their credentials are immediately rescinded and they have no further access to the buildings or the network.

insider threat

____ is a standard language for communication among databases. This language can be used to attack a database to steal important information such as credit card numbers, social security numbers, and other private data. It can also be used to simply attack a company or government and destroy or heavily damage databases so that they become useless. Database administrators must carefully design their databases to mitigate the threat of dangerous queries. In a ____ injection attack, malicious code is inserted into strings that are later passed to a database server.

Structured Query Language (SQL) Injection

____ is a code-injection technique that uses client-side scripts. It involves tricking a user, often with a link in an email or through some other ruse. When an unsuspecting user clicks on the link, the attacker can inject malicious code into a web-based app. This code is then “trusted” in the user environment, but it can steal information stored in cookies or other valuable information. The best defense against ____ is to have specific firewall settings on data types entering the systems and encrypting data leaving the system. This way, if information is stolen, the thief cannot read it.

Cross-Site Scripting (XSS)

are systems that are tagged by a configuration manager application (for example, Microsoft’s Endpoint Configuration Manager) as not having the most up-to-date security patches installed. Systems that do not have the most updated security patches are especially vulnerable to attacks.

Noncompliant systems

An example of this is a user attempting to log onto a corporate network with a personal computer that has not been updated to network standards that comply with the corporation’s specifications.

Noncompliant systems

A ___ is a weakness in an organization’s security plan that can allow threats to become real problems.

Vulnerabilities

Similar to noncompliant systems, an ____ will not protect against recently discovered and newly fixed zero-day vulnerabilities. When hackers know about these vulnerabilities, the attacks increase. ____ will be vulnerable to the attacks. Systems should be patched within one week of the release of a patch.

Unpatched System

Similar to an unpatched system, an ___that is missing firewalls and antivirus software (or outdated security software) is vulnerable to the latest known virus information.

Unprotected Systems

operating systems (OS) are dangerous to keep on a network. When software or hardware reaches ___ status, updates and patches are usually no longer available. Keeping equipment and operating systems up-to-date is part of a strong security plan.

End-of-life (EOL)

use on a restricted network can have some great productivity and cost benefits, but with them come serious risks. Any malware or vulnerabilities on personal devices can become a serious vulnerability when the device is granted access to the corporate network. Network administrators need to be sure that any device allowed on the network is both updated and compliant with security practices. Many networks that allow ____ activity require an online security check before they are granted access to the network. Personal device use should be restricted on a secure network.

Bring your own device (BYOD)

A ____ is a physical device or software program that examines data packets on a network to determine whether to either forward them to their destination or block them. A ____ can be a one-way ____, which protects against inbound threats only, or a two-way ____, which protects against both unauthorized inbound and outbound traffic. Most third-party ____ programs, such as ZoneAlarm, are two-way ____. A software firewall can be configured to permit traffic between specified IP addresses and to block traffic to and from the Internet except when permitted on a perprogram basis.

firewall

A firewall is a physical device or software program that examines data packets on a network to determine whether to either forward them to their destination or block them. A firewall can be a one-way firewall, which protects against inbound threats only, or a two-way firewall, which protects against both unauthorized inbound and outbound traffic. Most third-party firewall programs, such as ZoneAlarm, are two-way firewalls. A ___l can be configured to permit traffic between specified IP addresses and to block traffic to and from the Internet except when permitted on a perprogram basis.

software firewal

# [](http://) A corporate network can use a proxy server with a ____ as the sole direct connection between the Internet and the corporate network and then use a ____ in the proxy server to protect the corporate network against threats. Physical ____ are specialized computers whose software is designed to quickly analyze network traffic and make forwarding decisions based on rules set by the administrator. Over time, that task has been incorporated more into software on the computers and into the OS design.

firewall

Step 1. Select Start > Settings > Update & Security > Windows Security > Firewall & Network Protection. Open Windows Security settings. Step 2. Select a network profile: Domain network, Private network, or Public network. Step 3. Under Microsoft Defender Firewall, switch the setting to On. Step 4. To turn off Windows Defender Firewall, switch the setting to Off. Turning off Microsoft Defender Firewall could make your device (and your network, if you have one) more vulnerable to unauthorized access. If you need to use an app that is being blocked, you can allow it through the firewall instead of turning off the firewall.

Turn Firewall ON/OFF

Many applications are designed to update and communicate with other computers. Authorization for external communication can be managed in Windows Defender Firewall.

Application Security

Managing ____refers to using a firewall appliance or a software firewall to prevent specified UDP or TCP ports from being used by a service, an application, a specific device, or all devices. Turning off unused ports makes it harder for hackers to find stealthy access into a machine.

Port Security

Using a ____establishes an online relationship with Microsoft and allows for easier access to common Microsoft products such as Skype, Outlook, and even gaming features on Xbox. The username and password are not local preference, but rather the account email and associated password. A ____provides simplified setup and synchronization of additional devices, as well as easy access to the Windows Store. All_____ can be combined and centrally managed.

Microsoft account

Users with an __ account can perform any and all tasks.

administrator

# ``` have permission to perform routine tasks. However, these accounts are blocked from performing tasks that involve systemwide changes, such as installing hardware or software, unless they can provide an administrator password when prompted by User Account Control (UAC).

Standard accounts

# ``` The ____ level is the most limited. A ____ cannot install software or hardware or run existing applications; likewise, a ____ cannot access files in shared document folders or the Guest profile. The ____ is disabled by default. If it is enabled for a user to gain access to the computer, that access should be temporary, and the account should be disabled again when the user no longer requires access.

Guest account

When a user is created using the Users applet in Windows, the user must be assigned a __ or __ account.

standard/administrator

___ accounts are used for visitors

Guest

the ____ account is a specific account type that has more permissions than standard users but fewer than administrators. In those versions, ____ have the same rights and permissions as standard users; however, a custom security template can be created if the ____ group needs specific permissions, such as for the operation of legacy programs. In Windows 10 and Windows 11, the ____ group has been discontinued; however, it is available to assign for backward compatibility.

power user

Microsoft introduced the New Technology File System (NTFS) as an improved way to store files on disks over the FAT system of Windows 95. The changes in storage systems facilitated implementing file-level security in the form of permissions. Permissions control both local and network access to files and can be set for individual users or groups.

NTFS vs. Share Permissions

Each permission has two settings: ___/ Generally, if you want a user to have access to a folder, you add that user to the list and select Allow for the appropriate permission. If you don’t want to allow a user access, normally you simply do not add the user to a list. In some cases, an administrator must issue an explicit denial if the user is part of a larger group that already has access to a parent folder but needs to be kept out of a particular subfolder.

Allow and Deny

For example, when you copy a folder or file to a different volume, the folder or file inherits the permissions of the parent folder it was copied to (the target directory). When you move a folder or file to a different location on the same volume, the folder or file retains its original permissions.

Inheritance

The acts of moving and copying folders and files have different results, depending on permissions.

Inheritance

____ are used in Windows to indicate how files can be treated. They can be used to specify which files should be backed up, which files should be hidden from the normal GUI or command-line file listings, whether a file is compressed or encrypted, and so on, depending on the operating system. To view ____ in Windows, right-click a file in File Explorer or Windows Explorer and select Properties. To view ____ from the Windows command line, use the Attrib command.

File attributes

If you create a folder, the default action is for the folder to inherit permissions from the parent folder—that is, any permissions that you set in the parent are inherited by any subfolder of the parent. To view an example of this, locate any folder within an NTFS volume (besides the root folder), right-click it, and select Properties; then access the Security tab and click the Advanced button. In Windows 10 or 11, the Advanced Security Settings dialog offers these buttons: Add, Remove, View, and Disable Inheritance.

Permission Inheritance and Propagation

You can also propagate permission changes to subfolders that are not inheriting from the current folder. To do so, select Replace All Child Object Permissions with Inheritable Permissions from This Object. Remember that folders automatically inherit from the parent unless you turn off inheritance, and you can propagate permission entries to subfolders at any time by selecting the Replace option.

Permission Inheritance and Propagation

____ allows the end user to select a level of notifications concerning changes being made to the computer. The purpose of this tool is to prevent unauthorized changes to the computer; the varying levels are designed to allow end users to tailor notifications to their comfort level. ____ can be disabled, but it is better to define some level of notification than to have none at all. To access the settings for ____, simply type ____ in the Search area on the taskbar.

User Account Control (UAC)

To encrypt an entire drive, you need some kind of full disk encryption software. Several options are currently available on the market; one option developed for business-oriented versions of Windows by Microsoft is called BitLocker. This software can encrypt the entire disk, which, after completed, is transparent to the user.

BitLocker

software is based on the Advanced Encryption Standard (AES) and uses a 128-bit encryption key.

BitLocker

can be used to protect sensitive data files and temporary files, and can be applied to individual files or folders. (When ____ is applied to folders, all files in an encrypted folder are also encrypted.)

EFS

is a different security measure. It focuses on protecting the data stored on your computer or server. It's like locking up the information when it's not actively being used.

Data-at-Rest Encryption

Because a company’s most valuable asset is usually its data—whether in the form of customer information, trade secrets, or production information—it only makes sense to do whatever is possible to protect it. When data sits on a workstation, it can be compromised by gaining network access or can be physically stolen. One way to protect against these attacks is to have the data fully encrypted while it sits “at rest” on the workstation hard drive, on a server, or in the cloud. Having data robustly encrypted with RSA or AES methods ensures that, if the drives are compromised, the data will still be inaccessible

Data-at-Rest Encryption

should be used on laptops and other systems that might be used outside the more secure corporate network environment. Laptops that contain unencrypted sensitive data have led to many data breaches.

Data-at-Rest Encryption

No matter how strong a password is, it becomes less secure over time. The longer a password is in use, the more susceptible it is to social engineering, brute-forcing, or other attacks. The risk of password discovery by unauthorized users is minimized through a password expiration policy under which passwords expire after a particular length of time and must be reset.

Password Expiration

To help protect computers from unauthorized use, users can be required to enter their password to return to the desktop after the ____ appears. Users should also be required to lock their workstations so that a logon is required to return to the desktop. In Windows, the ____ required password setting (On Resume, Display Logon Screen check box) is located in the ____ Settings window, which can be accessed from Settings > Personalization in Windows 10. In macOS, use the Desktop & ____ menu to choose a ____; use Security & Privacy to require a password to unlock the system.

Screen Saver

passwords prevent unauthorized users from changing settings. Note that they can be removed by resetting the CMOS. Some motherboards feature a jumper block or a push button to reset the CMOS. If this feature is not present, the CMOS can be reset by removing the CMOS battery for several minutes.

BIOS/UEFI

Leaving a computer logged in and unattended is an open invitation to trouble. End users are accountable for activity on their computer when they are away, and logging off is a simple way to protect both the user and the company.

Log Off When Not in Use

End users should never leave their devices unattended, even for a minute; that time is all it takes for disaster to strike. If end users must part with devices, they must be sure that the devices are securely locked in a trusted area before they leave.

Secure/Protect Critical Hardware

Loss of an access code, a social security number, or any other ____ can be as disastrous as losing a device. Identity theft can ruin a person financially and be nearly impossible to completely recover from. Storing ____ in encrypted folders is a wise move.

personally identifiable information -pii

User permissions for standard users prevent systemwide changes, but additional restrictions can be set with Group Policy or Local Security Policy.

Restricting User Permissions

To prevent a user account from being used after hours or before the start of business, use login time restrictions to specify when an account can be used.

The guest account in Windows is a potential security risk, so it should be disabled. If visitors need Internet access, a guest wireless network that does not connect to the business network is a good replacement.

Disabling Guest Account

Password policy should specify that a user will be locked out after a specified number of failed attempts to log into an account. A lockout policy can also incorporate a timeout policy that specifies how long the user must wait after an unsuccessful login before attempting to log in again.

Failed Attempts Lockout

Default administrator usernames and passwords for SOHO routers or other devices or services that have default passwords should be changed. Default usernames and passwords are available in documentation for these devices, so it is easy for an attacker to find the defaults and use them to take over routers or other devices that are still set to the default passwords.

Changing Default Usernames and Passwords

____ is a feature that enables programs to start automatically when a CD or USB drive or flashcard is connected to a computer. AutoPlay is a similar feature that offers enhanced options in a Windows environment. Both ____ and AutoPlay allow the user to select what kinds of programs, updates, and syncs can take place. When you disable ____, an optical disc or USB drive will not automatically start its ____ application (if it has one), and any embedded malware thus will not have a chance to infect the system before you scan the media. AutoPlay is a similar feature that pops up a menu of apps to use for the media on an optical drive or USB flash drive.

Auto Run

The first step in securing a mobile device is to set a numeric passcode or another type of ____. Such a passcode locks the device, making it inaccessible to everyone except those who know the passcode—and experienced hackers. A ____ can be a pattern that is drawn on the display, a PIN (passcode lock), or a password. A very strong password is usually the strongest form of ____. The ____ setting can be accessed on an Android device by going to Settings > Security. On iPhone 12, go to Settings > FaceID & Passcode > (enter the current passcode). The navigation varies between Android and iPhone versions, but the settings here apply to both types of phones, unless otherwise noted.

Screen lock

A __ lock app immediately locks a device when the user swipes the display to one side.

swipe

Some devices support other types of screen locking, including a ____ lock (in which the user’s ____ is matched against a list of authorized user ____s) and a face lock (in which the user’s face is matched against a list of authorized user faces).

fingerprint

Some devices support other types of screen locking, including a fingerprint lock (in which the user’s fingerprint is matched against a list of authorized user fingerprints) and a____(in which the user’s face is matched against a list of authorized user faces).

Face lock

A lost or missing mobile device is a serious security threat. A hacker can get past passcodes and other screen locks, which means it’s just a matter of time before the hacker has access to the data. An organization with confidential information should consider enabling a ____ of a device. As long as the mobile device still has access to the Internet, the ____ program can be initiated from a desktop computer to delete all the contents of the remote mobile device.

Remote wipe

By installing or enabling a locator application or service such as Android Device Manager, Lookout for iOS or Android, or Find My iPhone (or Find My App and AirTag), a user can track down a lost device. These apps can be operated from any other phone that has a similar app installed, as long as the power is on and geolocation is working.

Locator Applications

A mobile device is backed up in two ways: using a USB connection to a desktop or laptop computer, or to the cloud by using a remote backup application. The Apple iCloud offers a free cloud backup service for a limited amount of data (currently, 5GB), with more space available by subscription. iTunes, which can be used for USB-based backup, backs up the entire device to a hard drive at no additional cost. Android users have free backup for email, contacts, and other information via Google Cloud. However, backing up photos, music, and other content and documents must be performed either manually via USB or with a file sync to the cloud, using a service such as Dropbox or another third-party app. Both iOS and Android users can use popular third-party, cloud-based backups that are also supported for macOS and Windows, such as Carbonite (carbonite.com) and iDrive (idrive.com).

Remote Backup Applications

Most mobile devices include ____. If a person fails to enter the correct passcode after a certain number of attempts, the device locks temporarily and the person must wait a certain amount of time before attempting the passcode again. If the person fails to enter the correct passcode again, on most devices, the timeout increases. As mentioned earlier, multiple failed logins can result in a remote wipe of the hard drive.

failed login attempt restrictions

Just as there is antivirus software for PCs, antivirus/anti-malware software exists for ————. These are third-party applications that need to be paid for, downloaded, and installed to the____

mobile devices

help protect mobile devices from the latest vulnerabilities and threats. By default, you are notified automatically about available updates on Android and iOS-based devices.

Patches and OS updates

Large organizations that have many ____ devices should use a ____ device management (____) suite. McAfee and many other companies have ____ software suites that can take push updates and configure many ____ devices from a central location. Decent-quality ____ software secures, monitors, manages, and supports multiple different ____ devices across the enterprise

MDM mobile device management

Both current and older Android and iOS devices can use ____ through the use of add-on fingerprint readers or iris readers. Recent and current iOS devices have built-in support for fingerprint reading with all Touch ID feature–enabled phones and iPad versions. Face locks, such as Microsoft Windows Hello and Apple Face ID, are also considered a type of ____

biometric authentication.

With ____, your data is not accessible to would-be thieves unless they know the passcode. Apple iOS devices feature ____ that is activated when a passcode is assigned to the device.

full-device encryption

. Android 12 supports both full-disk encryption and ____. ____ is encryption on individual files, meaning that each file has a separate encryption key so that all the phone resources do not have to be tied up in the encryption process.

file-based encryption

Android does not include a ____, so third-party apps must be used to provide protection against unwanted Internet traffic. Google Play offers many free ____ apps for Android.

FIREWALL

Apple does not include a FIREWALL because the design of iOS uses a feature called that runs apps in a separate protected space.

sandboxing

Many individually owned mobile devices are now being used on corporate networks. Because these devices were not configured by the corporation, they can potentially present security threats. To prevent threats, organizations need to address these issues in their ____.

Policies and Procedures

**The following are benefits of policies: ** -No hardware cost to the organization -Higher usage because employees are satisfied with their selected device - Greater productivity **Potential drawbacks include the following:** -Hidden costs of management and security -Possibility that some employees will not want to buy their own devices

bring your own device (BYOD)

personally enabled (COPE) is a model in which the company owns the device and sometimes allows the employee to use it for personal use. This model is of great benefit to the organization because the devices are preapproved and are typically similar in model. They are thus easier to manage and control with mobile device management (MDM) or mobile application management (MAM) policies.

Corporate-owned device

Whether an organization uses corporate-owned mobile devices, BYOD, or a mixture, setting and following ____ is important for achieving increased productivity without incurring significant risks. Issues involved include specifying approved devices and operating system versions, requiring passwords and lock screens, requiring device encryption, addressing support issues, and determining when and how to remove company information when an employee leaves the organization.

Profile Security Requirements

___: Some office-grade ___ can destroy optical media. Electronics recyclers use heavy-duty ___ made for hard disks and mass storage devices, to reduce storage devices, tape, or other types of media into small bits.

Shredder

Remove the hard disks and destroy their platters with a ___, __, or other device; then recycle the scrap.

Drill/Hammer

Tools such as ____and permanent magnet degaussers can permanently purge information from a disk. The drive is physically intact, but all data, formatting, and control track data is missing. Use this type of physical destruction if you want to use a drive for display purposes.

electromagnetic degaussers

___of tape and other types of magnetic and optical media is allowed in some areas and available from various companies.

IncineratioN

The standard format used in operating systems is a ____. This type of format clears only the root folder. The rest of the data on the disk can be recovered until it is overwritten. A long format rewrites the disk surface.

quick format

A ___ that creates the physical infrastructure where data will be stored on a disk is performed by the drive manufacturer before the drive is shipped and cannot be performed in the field.

low-level format

___is typically performed at the factory during the manufacturing process of storage devices such as hard disk drives (HDDs) and solid-state drives (SSDs). It is part of the initial preparation of the storage medium before the device is shipped to consumers or businesses.

Low-level formatting

A _____ that creates the physical infrastructure where data will be stored on a disk is performed by the drive manufacturer before the drive is shipped and cannot be performed in the field.

Low-level formatting

Some disk maintenance programs from mass storage vendors include options to ___a hard disk’s or SSD’s data area with zeros. Data recovery programs can often recover data that has been overwritten in this fashion.

overwrite

To ensure the complete destruction of retrievable data on a storage device, the data must be overwritten with a program that meets or exceeds recognized data-destruction standards

Erasing/wiping

:Another advantage of outsourcing to a qualified company is that the company can certify that the destruction is complete and was done correctly and then issue an official___to confirm the destruction of the material. This shows business partners and government regulators that care was taken to comply with safety practices and local laws.

certificate of destruction/recycling

Companies should have data destruction policies in place, including paper shredding and hard drives. It is usually economically beneficial to outsource this destruction task to a ____ who has invested in the proper equipment and training of staff. Outsourcing to a qualified company ensures that the methods used are secure and safe and that the data disposal is legal. Most companies do not dispose of enough equipment or data to warrant investing in destruction equipment or specialized staff.

third-party vendor

The documentation for almost all WAPs and wireless routers lists the default administrator password. This documentation can be readily downloaded in PDF or HTML form from vendor websites. Because an attacker can use this information to take over the device, it is essential to change the ___to a private password. Most routers use the Administration or Management dialog for the password and other security settings.

default

To further secure a router or WAP, configure the device so that it can be managed only with a wired ___

Ethernet connection.

Settings that control access to the network by analyzing IP traffic are known as Access Control Lists (ACLs). Basic settings on a SOHO are fairly easy to implement by simply knowing what types of IP protocols and traffic will be allowed. For example, many large networks deny ping traffic by filtering out ICMP protocol traffic on the networks. Traffic can be filtered by traffic type or by IP address. In general terms, ___lets you control what Internet Protocol (IP) traffic is allowed into and out of your network.

IP filtering

Most SOHO router vendors issue at least one ___ during the lifespan of each model of WAP and wireless router. Updates can solve operational problems and add features that enhance Wi-Fi interoperability, security, and ease of use.

firmware update

The IT department is responsible for compliance to the acceptable use policy of IT infrastructure, as well as making sure that inbound and outbound content is in line with expectations. Shielding the network from errant users who would exploit inappropriate content on the Web or in email is necessary. ___ on routers help control access to inappropriate websites and can filter by address or other keywords of concern. These filters can be applied to both inbound or outbound traffic and, depending on the router, permit different levels of control for individual users.

Content filters

In a SOHO network environment, physical security refers to preventing unauthorized use of the network. Secure the network equipment in a locked wiring closet or room. Disable any unused wall Ethernet jacks by either disabling their switch ports or unplugging the patch panels in the wiring closet. Route network cables out of sight, in the walls and above the ceiling. Having them out of sight cuts down on the chances that someone will tap into the network. Lock doors when leaving. If possible, dedicate a lockable room as a workspace in a home office, to protect company devices and other resources from the hazards of daily family life, such as children and pets.

Physical placement/secure

The DHCP server built into almost all home routers is responsible for giving out IP addresses to all computers on the network that request one. Restricting DHCP is one way to control access to the network. Most DHCP servers can reserve IP addresses for specific computers and other devices, such as printers, by mapping the device’s physical MAC address and matching it to a constant IP address. ___ allow the network administrator to manage devices and control IP leases for outside users. These reservations can also be used on IP phones and IoT devices. Static IP addresses, configured by the network administrator and not DHCP, are still important for network stability. Devices such as switches, printers, and servers should have static addresses so that they are available when a DHCP server is down.

Dynamic Host Configuration Protocol (DHCP) Reservations

The wide area network on a SOHO is the connection to the Internet Service Provider (ISP). The ___ is provided by the ISP and is applied (usually automatically) to the “Internet” port on the router. The address is “static” because it does not change and does not expire as a leased dynamic address does. This address is on a different network from the local SOHO addresses because it belongs to the ISP’s router.

static WAN IP address

___was designed to allow devices on a home or SOHO local area network (LAN) to easily connect and cooperate with other devices on the LAN. As a similar example of Plug and Play, consider a printer being plugged into a computer: The Plug and Play capability of the OS finds a device driver and allows the device to interact. ___scaled up this idea to a LAN, to allow gaming devices, smart home IoT devices, and virtual assistants to work on a LAN. ___does not scale further up to enterprise networks.

Universal Plug and Play (UPnP)

This benefit of easy setup of devices comes with security flaws. Especially concerning is the ___use of port forwarding and its lack of authentication. If it is exploited from the outside, port forwarding grants access to devices on the LAN; this should not be universally enabled, but it comes enabled by default on many routers. The best approach is to protect the SOHO LAN by disabling port forwarding and taking on the task of manually setting up devices on the SOHO LAN.

Universal Plug and Play (UPnP)

(___), allows outside traffic through to a particular IP address on a LAN. In a SOHO router, any device assigned to the ___ receives traffic that is not specified for a particular device. Using a ___ host makes sense for gaming and other types of traffic when you cannot specify in advance the ports needed. However, the ___ host must have its own firewall because ___ hosts are not protected by the router firewall.

screened subnet / demilitarized zone

The ___ can provide a great deal of useful information to a potential hacker of a wireless network. Every wireless network must have an ___; WAPs and wireless routers typically use the manufacturer’s name or the device’s model number as the default ___. If a default ___ is broadcast by a wireless network, a hacker can look up the documentation for a specific router or the most common models of a particular brand and then determine the default IP address range, the default administrator username and password, and other information that makes it easy to attack the network.

service set identifier (SSID)

To help “hide” the details of your network and location, a replacement SSID for a secure wireless network should not include any of the following: -Your name -Your company name -Your location -Any other easily identifiable information An SSID that includes obscure information (such as the name of your first pet) is a suitable replacement.

Changing the Service Set Identifier (SSID)

___is widely believed to be an effective way to prevent a wireless network from being detected. But this approach is not always enough. Even though ___prevents casual bandwidth snoopers from finding your wireless network, Microsoft does not recommend _____as a security measure because serious hackers can use certain methods to discover networks.

Disabling SSID broadcast

The guest account in a wireless network is a potential security risk, so it should be ___. If visitors need Internet access, a separate guest wireless network that does not connect to the business network is a good replacement.

disabled

Wireless frequency channels can overlap with neighboring channels. If this happens, consider ___ to one that is farther away. You can also reduce the transmit power of the wireless channel being used, to limit access to a smaller area. This can help keep malicious outsiders or rogue employees from connecting to a SOHO router

changing the channel

to allow inbound traffic on a particular TCP or UDP port or range to go to a particular IP address rather than to all devices on a network. A basic example is an FTP server that is internal to a LAN. The FTP server might have the IP address 192.168.0.250 and might have port 21 open and ready to accept file transactions (or a different inbound port could be used). Clients on the Internet that want to connect to the FTP server would have to know the IP address of the router, so the clients might connect with an FTP client using the IP address 68.54.127.95 and port 21. If an appropriate ___ rule is in use, the router sees these packets and forwards them to 192.168.0.250:21, or whatever port is chosen. Many ISPs block this type of activity, but ___ is a common and important method in larger networks.

port forwarding / port mapping

Blocking TCP and UDP ports, also known as ___, is performed with a firewall app such as Windows Defender Firewall with Advanced Security. Hackers take advantage of unused ports sitting idle on a network, and disabling unnecessary ports makes it harder to access your domain.

Disabling Ports

A ___ is often created on a file before it is downloaded; then another ___ is created after the download. The two values are compared to make sure the contents are the same. When downloading files—particularly upgrades, patches, and updates—be sure to check and verify the ___ values. ___is also important if you store a browser installation file for a later installation because you want to ensure that the installation file has not been tampered with. You can do this by creating a Secure Hash Algorithm (SHA) hash of the executable installation file and storing it for later use. When it is time to install from the executable installation file, you can run ___to verify the signature of the file

Hash

___verifies that the contents of files are unaltered.

Hashing

Hashing is also important if you store a browser installation file for a later installation because you want to ensure that the installation file has not been tampered with. You can do this by creating a___ hash of the executable installation file and storing it for later use. When it is time to install from the executable installation file, you can run hashing to verify the signature of the file.

Secure Hash Algorithm (SHA)

Use a SHA hash to verify the integrity of a stored browser executable file. If the hash signature matches, the installation file is trusted. If the hash does not match, it is said to be ___. This is a perfect example of an ___ source. You should always download installations from trusted sources and then protect them with file hashing, to detect any malicious activity or tampering.

untrusted

___ are used to customize web browsers. They add features and functionality and allow you to customize and personalize your web browser. Extensions typically represent source code, while plug-ins are executables. Extensions add functionality to a web browser as a whole, while plug-ins add extra features to particular web pages.

Extensions and plug-ins

Although good (__) extensions and plug-ins add functionality and features, bad (___) ones can cause great harm to your system. They can use up system resources, insert ads, redirect web searches, and even collect your personal data

untrusted / trusted

A ___ is an application that stores passwords that you use for various websites or services. ___ are often local programs that run within the operating system. They can also be provided by open source third-party companies such as KeePass or commercial providers such as 1Pssword and Roboform. Commercial managers involve a nominal cost, but they are often more manageable for less experienced users.

password manager

is the password manager for Windows and Microsoft Edge

Credential Manager

Using a___ to websites that use valid certificates is critical to ensuring the health and safety of your data and your system. Several technologies help you stay as safe as possible when traversing the world through a web browser

secure Internet connection and connecting

____ prevent pop-ups from appearing when users visit a website. Most popular browsers, such as Microsoft Edge and Google Chrome, have ____ capabilities built in and block pop-ups by default. However, in some cases, you might actually want to allow pop-ups.

Pop-up Blocker

____ data involves using an extension to the browser that allows you to remove browser data such as history, cache, and cookies from a browser toolbar. From the toolbar, you have an option to clear all browser data or selectively remove various information or data types for clearing. Clearing cached files and images (described next) can help fix problems you might have with accessing web pages. Clearing cookies, for example, can help with privacy concerns. Remember that clearing browsing data removes all website-based temporary files stored on the local system, such as browsing history, cookies, passwords, and cache.

Clearing Browsing Data

When web pages are accessed, the information is stored in the ____. This process occurs so that if the data is needed again, it can rapidly be accessed from local storage. This caching process means fewer trips to the Internet to access the same information. Clearing the ____ is sometimes necessary if the latest copy of the web page is required. This is often the case during web page development or if you need to access the same website but use different credentials or logon information. Clearing the browser ____ removes images and forms, which prevents you from using old forms and ultimately protects your personal information. This is similar to the previously mentioned action of clearing browser data, but it primarily has to do with images and forms.

cache

# 1. ____ is a feature of web browsers that does not store web browsing data or information. In fact, when you close ____, all browsing data and information is removed or destroyed.

Private browsing mode

Be sure to keep work data and personal data separate. In some instances, a browser data sync might be against company policy (for example, if you sync your personal device to a work system). Always check your company policy before you comingle personal settings and data with company settings and data.

browser data synchronization

Because most people access data on various devices, including desktops, laptops, and smart devices, it is extremely important for data to be synced across all devices so that the same information is available. In the old technology days, this involved copying a file to media and then copying that file to each device to have an up-to-date copy. These days, ____ is a cloud service that almost all browser vendors offer for sharing settings and information across all devices. As long as you sign in with a valid user account, your data is synced across all your devices.

browser data synchronization

An ____ is a tool that integrates with a web browser and uses filtering to block specific advertisements. ____s assist with online privacy and help to avoid spyware-infected ads. Implementing ____s is considered good security practice. In fact, the NSA and Cybersecurity and Infrastructure Security Agency recently released important guidance recommending the use of ____s as an important security measure.

ad blocker

If there are a collection of one or more bots, we call that network of devices a ___. ___ is(are) designed to utilize the power of the internet connected machines to perform some distributed function.

Botnet

For example, mining Bitcoin requires a machine to perform some computation that takes up your machine's resources. At the end, you may be rewarded with some amount of Bitcoin. A popular attack has been creating botnets to do stuff like mine Bitcoins. So instead of having one computer run computations, attackers can now have a 1,000 computers running computations and raking in more and more Bitcoin.

Botnet

It allows admin level modification to an operating system. A ___can be hard to detect because they can hide itself from the system using the system itself. Sneaky little sucker. The ___can be running lots of malicious processes. But at the same time, those processes wouldn't show up in Task Manager because it can hide its own presence.

Rootkit

A ___ is a security feature that helps prevent unwanted access by creating an action you have to do to gain entry. If you choose not to add a ___ to your phone, the risks that you take is that someone could easily gain access to your phone and steal your data. Even adding something as simple as a passcode or a ___ can help you protect your personal or company data from getting into the wrong hands.

screen lock

the possibility of suffering a loss and the event of an attack on the system.

Risk

___, a flaw in the system that could be exploited to compromise the system. _____can be holes that you may or may not be aware of.

vulnerability

when you're writing a web app and enable a debug account for testing during development, but forget to disable it before launching the app. You now have a vulnerability in your app then an attacker can potentially discover. There's a special type of vulnerability called a ___vulnerability which is a vulnerability that is not known to the software developer or vendor but is known to an attacker.

zero-day /zero days

The name refers to the amount of time the software vendor has had to react to and to fix the vulnerability ____

zero days / zero days attack

___are similar to viruses, except that instead of having to attach themselves onto something to spread, ___can live on their own and spread through channels like the network.

worm

One case of a famous computer ___ was the ILoveYou or Love Bug, which spread to millions of Windows machines. The ___ was spread via email. Someone would email a message with the subject line of I love you and an attachment that was actually the ___ disguised as a love letter text file. The text file was actually an executable file that when opened, would execute many attacks like copying itself to several files and folders, launching other malicious software, replacing files, and then hiding itself after it was done. The ___ spread by stealing email addresses that were in the victim's computer and chat clients. It then proceeded to send that email out to everyone in the address book. The Love Bug spread across the world and caused billions of dollars in damage. Not so lovely. This was just one of the many reasons why you should never open email attachments that you do not recognize.

worm

___is one of the most visible forms of malware that you'll encounter. Most of us see it every day. ___is just software that displays advertisements and collects data. Sometimes we legitimately download ___. That happens when you agree to the terms of service that allows you to use free software in exchange for showing you advertisements. Other times, it may get installed without your consent and may do other malicious things than just display advertisements

Adware

is a type of malware that's meant to spy on you, which could mean monitoring your computer screens, key presses, webcams, and then reporting or streaming all of this information to another party.

Spyware

is a common type of spyware that's used to record every keystroke you make. It can capture all of the messages you type, your confidential information, your passwords, and even more.

key logger

A network attack that is simple in concept but can cause a lot of damage is a ___.

DNS cache poisoning attack

___ works by tricking a DNS server into accepting a fake DNS record that will point you to a compromised DNS server. It then feeds you fake DNS addresses when you try to access legitimate websites. Not only that, ____ can spread to other networks too. If other DNS servers are getting their DNS information from a compromised server, they'll serve those bad DNS entries to other hosts.

DNS cache poisoning attack

Not in OBJECTIVES A ___ is an access point that is installed on the network without the network administrators knowledge. Sometimes in corporate environments, someone may plug a router into their corporate network to create a simple wireless network.This can actually be pretty dangerous and could grant unauthorized access to an authorized secure network. Instead of an attacker having to gain access to a network by plugging directly into a network code. They can just stand outside the building and hop onto this wireless network.

rogue AP

It's similar to the rogue AP example but has a small but important difference. The premise of an ___attack is for you to connect to a network that is identical to yours. This identical network is our networks ___and is controlled by our attacker. Once we connect to it, they will be able to monitor our traffic.

Evil Twin

Not in Objective : A person at a coffee shop leaves a laptop logged in with a token and walks away for a short time. An attacker goes to the laptop and starts impersonating the laptop’s user on the website the user is logged into. What kind of attack is this?

Session HighJacking Attack

The attack traffic comes from lots of different hosts.

Distributed Denial of Service (DDoS) attack

A denial-of-service from one system is a ___ attack.

Denial of Service ( DOS )

A ____attack is distributed through many hosts.

Distributed Denial of Service (DDoS) attack

is meant to prevent legitimate traffic from reaching a service. This is usually done by flooding the victim with attack traffic, which renders services unreachable.

Denial of Service ( DOS )

attacks are a type of injection attack where the attacker can insert malicious code and target the user of the service. ___ attacks are a common method to achieve a session hijacking. It would be as simple as embedding a malicious script in a website and the user unknowingly executes the scripts in their browser. The script could then do malicious things like steal a victim's cookies and have access to a log into a website cookies.

Cross-site scripting / XSS

# [](http://)[](http://)[](http://)[](http://)

are sturdy, short, vertical posts placed to restrict access of vehicles to a controlled area.

Bollards

are physical barriers, with many different designs, that enclose controlled areas to establish a perimeter and keep out external threats.

Fences

are devices that read information encoded into a plastic card. They identify each user by the badge they present to the device.___can be used to control electrically operated door locks and can be built into computer terminals to control access to information.

Badge readers

create a space between two sets of interlocking doors or gateways to prevent unauthorized individuals from following authorized individuals into controlled facilities.

Access control vestibules

devices that detect movement within a controlled area.___ can trigger alarm systems or video surveillance.

Motion sensors

notify security by sounding an alarm or sending a message when a controlled area is accessed.

Alarm systems

Video cameras allow continuous observation and recorded activity playback within controlled areas. __can document who accesses a controlled area, how they access it, and what they do there.

Video surveillance

monitor controlled access points throughout a facility to prevent unauthorized access.

Guards

These provide an efficient way to assign user rights and permissions to approved users who are accessing resources on the network. Group Policy (earlier in the list) can be used to assign rights to ____. Permissions can be assigned to a ____ for shared resources at specific levels of access.

security group

For example, a policy might dictate that all work be kept in a common folder so that all members of a team can see the latest work and updates.

Folder redirection

This allows for the work done by an OU to be saved on a common folder in the domain, as directed by the administrator instead of the user.

Folder redirection

This folder, which is accessible to the network administrator, is where the user’s data and files are kept locally.

Home folder:

____ are logical groups that help organize users and computers so that GPOs can be assigned to them. For example, a team of accountants might be assigned to an ____, and their GPO might give them special access to financial records.

Organizational Unit (OU)

This is a set of rules and instructions defining what a user or group of users can or cannot do when logged into the domain. A___ is a set of instructions assigned to a group of users or to certain machines on the network.

Group Policy / Group Policy Object (GPO)

____ is a computer network or group of computer networks under one administration. Users log into the Active Directory ____ to access network resources within the ____.

domain

____ is a network protocol that allows devices to discover and automatically configure themselves within a network. It's commonly used in scenarios like online gaming or VoIP to facilitate the required network configurations without manual intervention. However, it's important to use ____ with caution, as it can potentially introduce security risks if not properly configured and monitored.

UPnP (Universal Plug and Play)

octal representation of file permissions value of Read (r) =

octal representation of file permissions value of Write (w) =

octal representation of file permissions value of Execute (x) =

2.0 - 2.10 Flashcards

(249 cards)