Domain 2 Security Flashcards
(118 cards)
Wireless Encryption
data is being sent over the air and anyone can listen
Encryption makes the signal impossible to understand without the key
WEP
Wired equivalent privacy
vulnerabilities / Do not use
often uses a hexadecimal key for authentication
WPA
short term solution for WEP
its legacy/ do not use
uses TKIP
WPA2
uses CCMP block cipher mode / Counter Mode and Cipher Block Chaining
data confidentiality with AES encryption
WPA2- Personal / pre-shared key
WPA2 - Enterprise / authentication server, no shared key
WPA3
uses GCMP block cipher mode / Galois/Counter Mode Protocol
stronger than WPA2, fixes WPA2 PSK has issue
Authentication
Radius : remote authentication dial-in user service, talk to VPNS
TACAS+ : terminal access control access control system
Connect to network equipment, usually a Cisco device
Kerberos : usually a Microsoft network, supports SSO when logging into a domain
Authentication
single-factor = password
Multifactor = password and certificate or captive portal
Malware
any software initially designed to cause disruption to computer server without the user’s knowledge or consent
Virus
code that runs on a computer without the user’s knowledge
typically attached to an executable which allows it to replicate
spread using email, websites, and/or network file sharing
Worm
similar to a virus but it will self replicates
exploits network vulnerabilities to spread and infect more hosts
spread through emails, websites, and network shares
doesn’t need human interaction
Ransomware
restricts the use of a computer until the user pays a ransom, often encrypts the data and holds the key to unlock it ransom
Trojan
appears to perform a desired function, but actually does something malicious
used to deliver other malware
Spyware
software used to spy on the user
can be difficult to detect
examples include keyloggers, rootkits, system monitors, and tracking cookies
can be used with adware
Keylogger
form of spyware
used to record keystrokes, personal info/passwords
info can be sent over network or stored locally for later pickup
Rootkit
designed to hide and give attackers access to the computer
often used to hide other types of malware or provide ongoing access
difficult to detect with traditional malware scanners
Botnet
network of infected devices
usually not easy to tell if you are infected
bot software waits for instructions from a controlling device
often used to perform DDoS attacks
Boot Sector Virus
will infect the system boot partition or the master boot record
a type of malware that runs as soon as your OS is booted, not after, therefore making it harder for anti-malware to prevent
secure boot, which is included in UEFI BIOS, should prevent unsigned software
Cryptominers
malware that unknowingly uses your computer, to complete tasks that earn the hacker cryptocurrency
mining cryptocurrency uses a lot of CPU resources, and attackers typically try to gain access to multiple CPUs
a spoke in your CPU utilization could be a warning sign
Windows Recovery ENvironment
windows recovery environment gives you complete control of your system before it even starts
be careful to know what you’re doing; the environment contains all the files related to your OS
can remove malicious software before it boots up
can repair the file system boot sector or master boot record
Removal Methods
antivirus/antimalware
software usually quarantines files before removal , make sure its updated, make sure its running in real time
Completely reinstall the OS
Restore from backup, make sure it’s a clean backup
manually install the OS, make sure you have your data backed up first
An ounce of Prevention
End user education, don’t go to sketchy websites, don’t plug in flash drives you found on the street, identify spam/ malicious messages, anti-phishing training
Software firewalls
Windows firewall is built into the Windows OS and enabled by default
macOS/Linux may have packages installed but not enabled
Social Engineering
tricking users into giving out confidential information or performing other actions such as downloading malware
Phishing
used to try to hook users often through links in email or websites
Spear Phishing (phishing)
targets a specific individual or institution