Security+ 2 Flashcards
Preventing / TroubleShooting Spam :
Use spam firewall/filter, close open mail relays that are configured like in SMTP server, either close them or configure them so only authenticated users can use them. Remove email addresses of company and replace them with online contact forms. Train users, and use whitelist/blacklist.
On a final and sad note, sometimes computers become so infected with malware that they cannot be saved. In this case, the data should be backed up (if necessary by removing the hard drive and slaving it to another system), and the operating system and applications reinstalled. The UEFI/BIOS of the computer should also be flashed. After the reinstall, the system should be thoroughly checked to make sure that there were no residual effects and that the system’s hard drive performs properly.
Like McAfee Because they are software, and because of the ever-increasing level of Internet attacks, personal firewalls should be updated often, and in many cases it is preferable to have them auto-update, although this depends on your organization’s policies.
One way to do this is with a pop-up blocker. These can be either enabled on or added to most web browsers.
Preventing/Troubleshooting Spam Etc …
Endpoint DLP systems: These systems run on an individual computer and are usually software-based. They monitor data in use, such as e-mail communications, and can control what information flows between various users. These systems can also be used to inspect the content of USB-based mass-storage devices or block those devices from being accessed altogether by creating rules within the software.
Network DLP systems: These can be software- or hardware-based solutions and are often installed on the perimeter of the network. They inspect data that is in motion.
Storage DLP systems: These are typically installed in data centers or server rooms as software that inspects data at rest.
DLP’s
Secure the BIOS : flash the BIOS (update) can protect against EMI and EMP, use BIOS password, configure BIOS boot order to look for HDD 1st and not removable media, disable external ports and devices like optical drives eSATA ports and USB ports if company requires it, enable secure boot option : this can prevent improperly signed device drivers and OS loaders.
Secure the Bios
Today’s UEFI-based systems use a root of trust, which is code—usually embedded in hardware in the form of a trusted platform module (TPM)—that incorporates encryption in the form of a public key. For a system with secure boot enabled to start up properly, kernel-based operating system drivers must present private keys that match the root of trust’s public key. This process can prevent a system from being booted by undesirable OS’s that can reside on flash drives or elsewhere, and prevent OS’s that have been tampered with from booting. This tampering might occur in-house, or previously while in transit through the manufacturing supply chain.
More importantly, we want to be sure that secure boot is working properly. Enter the measured boot option. Measured boot takes measurements of each step of the secure boot process. It signs them, stores them, and sends those measurements to an external source, such as a remote attestation service. A trusted, external, third-party system is required for attestation—meaning verification of the integrity of the computer in question has been corroborated. Basically, the remote attestation service compares the measurements with known good values. From this information, the remote service can attest to the fact that the boot process is indeed secure—or has failed to meet the requirements.
UEFI Boot Etc …
Hardware security modules (HSMs) are physical devices that act as secure cryptoprocessors. This means that they are used for encryption during secure login/authentication processes, during digital signings of data, and for payment security systems. The beauty of a hardware-based encryption device such as an HSM (or a TPM) is that it is faster than software encryption. HSMs can be found in devices that plug into PC via USB and they are generally tamper-proof, giving a high level of physical security.
SIM cloning (also known as phone cloning), which allows two phones to utilize the same service and allows an attacker to gain access to all phone data.
HSMs etc …
Bluejacking is the sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones. Bluejacking can be stopped by setting the affected Bluetooth device to “undiscoverable” or by turning off Bluetooth altogether.
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection. Generally, bluesnarfing is the theft of data (calendar information, phonebook contacts, and so on). Ways of discouraging bluesnarfing include using a pairing key that is not easy to guess; for example, stay away from 0000 or similar default Bluetooth pairing keys! Otherwise, Bluetooth devices should be set to “undiscoverable” (only after legitimate Bluetooth devices have been set up, of course), or Bluetooth can be turned off altogether.
Bluetooth Attacks Etc …
transitive trust is based on the transitive property in mathematics, which states that if A is equal to B, and B is equal to C, then A is automatically equal to C. Put into computer terms: if the New York network trusts the California network, and the California network trusts the Hong Kong network, then the New York network automatically trusts the Hong Kong network.
Transitive Trust
SMS/MMS are vulnerable to malware, and trojans and phishing by SMS texts. For Mobile devices using mobile payment method : As the security administrator, you should consider using an external reader for payment transactions on mobile devices and teaching users to keep the reader separate from the mobile device when not in use.
Geotagging is the adding of data to the content in question, helping users to gather location-specific information.
sideloading—the art of loading third-party apps from a location outside of the official application store for that device.
Info …
IM programs can have backdoors for attackers so should be disabled and removed. Remote control programs also should be avoided if possible, Windows uses port 3389 which is well known to attackers so use a different port if necessary or disable or turn off programs associated service and check any related services need to be disabled as well then verify their inbound ports are no longer functional and that they are closed and secured and confirm any shares created by app are also disabled or if not possible reimage the PC.
IM programs
Some apps might try to communicate w/Internet to download updates if a security issue remove these apps. Microsoft’s SCCM and MDM allow a security admin to manage lots of computer software, configs, and policies all from local workstation. Disable all unnecessary services. Start/Stop services with net stop “service name”/net start “service name”, and with sc command : sc stop “service name”/sc start “service name” … to disable service not to run again at system startup : sc config mpssvc start= disabled
To be considered a TOS, the manufacturer of the system must have strong policies concerning updates and patching.
info …
