Chapter 28: Essential Security Practices

Question 1

Host-based security

Answer 1

protecting individual devices found within a network.

Question 2

Network-Based Security

Answer 2

Protecting all devices connected to the network.

Question 3

Physical security

Answer 3

Locks on doors, security officers, all about defending the physical machines on the network.

Question 4

Man-in-the-Middle (on-path) Attack

Answer 4

Someone between you the sender and your intended receiver. Emails, wireless etc.

Question 5

Prevent - Man-in-the-Middle (on-path) Attack

Answer 5

Encrypt data being sent outside the network. That way even if the man-in-the-middle captures your sent data it can’t be read due to encyrption.

Question 6

Spoofing

Answer 6

To take on the look and feel of some other legitimate entity. Fakes emails, websites, etc.

Question 7

Prevent - Spoofing

Answer 7

Creating connections that verify that who you are talking to is who they say they are. Certificates.

Question 8

Denial of Service (DoS)

Answer 8

bad person creates bad requests, malformed http requests, that cause ta server to stop and look at their bad request. This causes the server to be unable to take the legitimate request and website will error out. Biggest problem on internet today

Question 9

Distributed Denial of Service (DDoS)

Answer 9

Bad person installs some kind of malware on 10, 100, 1,000, or 10,000s computers. These infected PCs are called zombies. Then bad guys server sends command to zombies to send malformed requests to something to take it down.

Question 10

Zero day

Answer 10

When a new type of threat that no one has seen before starts breaking things.

Question 11

Signs you have been hacked

Answer 11

Renamed system files, Normal functions such as clicking on desktop doesn’t work, Files randomly disappearing, and file permissions changing.

Question 12

Evil Twin Attack

Answer 12

a hacker makes a clone of your WAP using your legitimate information. After they make their own WAP they kick all users off of your WAP. User reconnect to the hackers WAP and they can connect to the internet and everything seems fine, but data is now flowing through the hackers WAP and is being capture by the hacker.

Question 13

Insider Threat

Answer 13

employee, contractor, or other person who has access to company resources starts stealing, modifying, or removing data.

Question 14

SQL Injection Attacker

Answer 14

Attacker inserts malicious SQL statements into a webpages input fields. such as a text box on a form. The goal, to access website database and steal PPI (Protected Personal Information)

Question 15

SQL Injection Attacker - In-Band

Answer 15

injecting SQL code right through input box

Question 16

SQL Injection Attacker - Error based

Answer 16

Create intentional errors to learn about the website’s database

Question 17

SQL Injection Attacker - Blind

Answer 17

Using yes/no boolean test to figure out details on website’s database

Question 18

SQL Injection Attacker - out-of-band

Answer 18

force databse to send data out via DNS or HTTP

Question 19

SQL Injection Attacker - Time-Based Blind

Answer 19

Adding SQL that creates a delay to test the servers responses.

Question 20

Cross-Site Scripting (XXS) attack

Answer 20

inserts malicious script into webpages code that changes what users see in the browser.

Question 21

XXS attack - Stored or Persistent

Answer 21

Attacker saves malicious script so that anyone who views the page sees an altered version

Question 22

XXS attack - Reflected or non-persistent

Answer 22

most common. The user unknowingly sends malicious script input. Often through phising email, link, or social media.

Question 23

XXS attack - DoM Based

Answer 23

Document Object Module (DoM) - Manipulates users DOM. Attackers code runs in browser and changes a websites functionality directly.

Question 24

BEC

Answer 24

Business Email Compromise - Phishing email scam. attacker pretends to be someone the victim knows or trusts. Asks for confidential information.

Question 25

Supply Chain Attacker

Answer 25

Attacker might modify software at the manufacturer. Inject malicious code into application updates.

Question 26

How to avoid threats

Answer 26

Reduce systems inherent vulnerabilities through patching, anti-malware, etc.

Question 27

Patching

Answer 27

Very important. Patches fix vulnerability issues, day zero attacks. Patch applications, OS, server, everything.

Question 28

Anti-Malware

Answer 28

Should be running on all systems.

Question 29

Host-Based Firewall

Answer 29

Can prevent you from making mistakes. Click on a bad email firewall might bail you out.

Question 30

IDS

Answer 30

Intrusion Detection System (IDS) - box or application running on a system in your network. Their job is to monitor the network and if it sees something out of place send a notification. Doesn't remove intruder just notifies someone something is amiss.

Question 31

IPS

Answer 31

Intrustiuon Prevention System (IPS) - More common than IDS. Small appliances or boxes that monitor the network. can also install "agents" on individual devices. All these things watch network and report to a central server to make you aware, but also tells firewall to make adjustments to try and remove intruder.

Question 32

Endpoint Management

Answer 32

Central system in internal network watching for intrusions and making sure anti-malware and patches are updated. expensive. However, bad intrusion on enterprise network is also expensive.

Question 33

UTM

Answer 33

Unified threat management (UTM) - Combines firewall, intrusion protection, and anti-malware in one convenient package.

Question 34

Network TAP

Answer 34

Network Test Access Point (Network TAP) - inserted between two network nodes. It captures data and passes it along so it can be analyzed. very little latency added and network flow is uninterrupted.

Question 35

Passive TAP

Answer 35

No moving parts. Doesn't need power. Doesn't interact with other network nodes only listens. uses optical splitter to make copy of network signal. can be used on copper and fiber optic networks.

Question 36

Active TAP

Answer 36

Need electricity. Retransmits signal it receives. Can become a failure point during a power outage.

Question 37

Compliance

Answer 37

Following laws, rules, guidelines, or procedures currently in place. prevents vulnerabilities when best practices are followed.

Question 38

Perimeter security

Answer 38

Prevents people from entering property. Security guards, mantrap, locking doors, fence.

Question 39

Rooms

Answer 39

Locks, badges, biometric locks. protecting rooms within an office area.

Question 40

Individual Devices

Answer 40

Cable locks, server locks, USB lock, Privacy screen. Protect the physical devices.

Question 41

Security Guard

Answer 41

Can verify credentials and physically prevent individuals from entering the building.

Question 42

Mantrap

Answer 42

Access controlled vestibule. two door scenario. someone walks into vestibule. both doors lock until person is verified. Then they are let into the secure space.

Question 43

Badge Reader

Answer 43

RFID card that carries your credentials. Entry control roster, lists who went where when.

Question 44

Smart Card

Answer 44

something swiped or inserted. works like badge.

Question 45

Biometric scanner/lock

Answer 45

iris scanner, fingerprint reader, etc.

Question 46

Cable Locks

Answer 46

Physically holds computer down so that it cannot be taken

Question 47

Server Lock

Answer 47

locks server into a rack cannot be removed without key.

Question 48

USB lock

Answer 48

prevent someone putting something into usb port. Can also send warning when removed. USB hacks are dangerous, easy, and fast.

Question 49

Privacy Screens

Answer 49

Polarized screen on monitor that limits field of view.

Question 50

Keyfobs

Answer 50

Tap to enter, built into doors, garages.

Question 51

Hardware token/HSM

Answer 51

Hardware security module (HSM) - Provides additional info for log-in credentials. such as a OTP (One time password) for entering a website.

Question 52

Bollards

Answer 52

Sturdy metal poles which prevent vehicles from going somewhere.

Question 53

Video Survelliance

Answer 53

Record activity in an area. their presence can also prevent threats.

Question 54

motion detection

Answer 54

triggers a camera to record when something moves past. indoor or outdoor.

Question 55

Fence

Answer 55

Creates barrier visibly and physically.

Question 56

Hash

Answer 56

One way value. Fixed length. Hides password. Password isn't saved. it is converted to a hash and the hash is saved on the PC. When you type in password again PC converts it to hash and compares it to the stored hash. This is what hackers steal in order to crack passwords.

Question 57

Brute Force

Answer 57

After hacker deciphers hash code they can test any hash combo until they get in. Can take a long time. not done often.

Question 58

Dictionary Attack

Answer 58

List of known types of passwords people use. Hacker will compare your hash to the dictionary to see if they can find your Password.

Question 59

Rainbow Tables

Answer 59

Lots of tables of common words or phrases that work together to guess password hash.

Question 60

Password best practices

Answer 60

Set strong passwords, Set expiration dates, require screen savers, require lock screen on smart devices, change BIOS & UEFI passwords, require passwords on all applications and devices, and MFA (Multi-Factor Authentication).

Question 61

Strong Passwords

Answer 61

upper and lowercase letters, numbers, symbols, and longer the password the more secure.

Question 62

Password Expiration

Answer 62

Comptia A+ says every 30-90 days. Remember that range for test. In reality, every 30 days will cause lots of trouble administratively and employees may forget passwords or make weaker passwords if they have to change too often.

Question 63

Data at rest

Answer 63

Data stroed on secondary storage such as SSD/Flashdrive. Databases, backups, cloud storage, etc. Best way to protect data at rest is to encrypt it.

Question 64

Password Considerations

Answer 64

Unique for every application, device, website. Longer than 8 characters, use upper and lower case, numbers, symbols, and avoid common words/phrases.

Question 65

Password Manager

Answer 65

Should be used in every org. personal use is a good idea too. software or application that securely stores your passwords along with its associated url or data storage location. can also generate new passwords and autofill on sites.

Question 66

Authentication

Answer 66

process of verifying identity before granting access. Something you know (Password), have (token), are (fingerprint), can do (signature)

Question 67

Which is not a layer of physical security? perimeter room locks log files individual devices

Answer 67

Log files don't prevent attacks; they help us identify the attack after it occurred.

Question 68

Which is not a core component of computer security? Peripheral-based security Host-based security Network-based security Physical security

Answer 68

There is not a specific category of security protection that focuses on peripherals.

Question 69

Which is not a password cracking technique? Brute force Dictionary attack Reverse hashing rainbow tables

Answer 69

Reverse hashing is not a password hacking method.

Question 70

Which is not a vulnerability-avoidance technique? apply patches download e-mail attachments Run anti-malware software run a host-based firewall

Answer 70

Downloading e-mail attachments does not avoid vulnerabilities (and may expose your system to them).