ITN 266 Final Exam Study Guide
Port number of SSH
22
Port number of telnet
23
Port number of RDP
3389
Port number of https
443
Port number of DNS
53
RAID 1
Disk mirroring, also known as RAID 1, is the replication of data to two or more disks. Disk mirroring is a good choice for applications that require high performance and high availability, such as transactional applications, email and operating systems. A popular disk or solid state drive (SSD) subsystem that increases safety by writing the same data on two drives. Called "mirroring," RAID 1 does not increase performance. However, if one drive fails, the second drive is used, and the failed drive is manually replaced.
Ingress/egress
Egress in the world of networking implies traffic that exits an entity or a network boundary, while Ingress is traffic that enters the boundary of a network.
PII
Personal Identifiable Information (PII) is defined as: Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Example, Personal identification numbers: social security number (SSN), passport number, driver's license number, taxpayer identification number, patient identification number, financial account number, or credit card number. Personal address information: street address, or email address.
Port number of http
Port 80
Firewalls
A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. Firewalls provide protection against outside cyber attackers by shielding your computer or network from malicious or unnecessarterm-9y network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet.
Security baselines
A security baseline is a group of Microsoft-recommended configuration settings that explains their security implication. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. A security configuration checklist (sometimes called a lockdown or hardening guide or benchmark) is in its simplest form a series of instructions for configuring a product to a particular security level (or baseline). It could also include templates or automated scripts and other procedures The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.
Socket
A socket is one endpoint of a two-way communication link between two programs running on the network. A socket is bound to a port number so that the TCP layer can identify the application that data is destined to be sent to. Sockets are commonly used for client and server interaction. Typical system configuration places the server on one machine, with the clients on other machines. The clients connect to the server, exchange information, and then disconnect. A socket has a typical flow of events.
Zero-day vulnerability
A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit that attacks a zero-day vulnerability is called a zero-day exploit. Zero-day exploits tend to be very difficult to detect. Antimalware software and some intrusion detection systems (IDSes) and intrusion prevention systems (IPSes) are often ineffective because no attack signature yet exists. This is why the best way to detect a zero-day attack is user behavior analytics.
What is the difference between UTM and firewall?
With built in "real time" malware and Virus scanning, Next Gen firewalls can prevent suspect network packets from entering your network in the first instance, infecting your PCs and Servers. A UTM Firewall is a hardware device installed on your site that sits on the door of your internet connection into your network.
IDS
An Intrusion Detection System (IDS) is a monitoring system that detects suspicious activities and generates alerts when they are detected. Based upon these alerts, a security operations center (SOC) analyst or incident responder can investigate the issue and take the appropriate actions to remediate the threat. An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. It is a software application that scans a network or a system for the harmful activity or policy breaching.
ACL
An access control list (ACL) contains rules that grant or deny access to certain digital environments. There are two types of ACLs: Filesystem ACLs━filter access to files and/or directories. Filesystem ACLs tell operating systems which users can access the system, and what privileges the users are allowed. Access control lists are used for controlling permissions to a computer system or computer network. They are used to filter traffic in and out of a specific device. Those devices can be network devices that act as network gateways or endpoint devices that users access directly.
DLP
Data Loss Prevention (DLP) A comprehensive DLP solution provides the information security team with complete visibility into all data on the network, including: Data in use: Securing data being used by an application or endpoint through user authentication and access control.
Host hardening
It has several meanings in the field of computer security, such as limiting network access to a system by the traditional method of turning off unnecessary network services, by firewalling, or by enforcing authentication to use a service. In system hardening we try to protect it in various layers like physical level, user level, OS level, application level, host level and other sublayers.
NAT
Network address translation (NAT), a feature found in many firewalls, translates between external and internal IP addresses. With NAT, a private network can use internal, non-routable IP addresses that map to one or more external IP addresses. NAT) is the process of mapping an internet protocol (IP) address to another by changing the header of IP packets while in transit via a router. This helps to improve security and decrease the number of IP addresses an organization needs.
What are the 3 types of firewalls?
Packet Filtering Firewalls. Packet filtering firewalls are the oldest, most basic type of firewalls. ... Circuit-Level Gateways. ... Stateful Inspection Firewalls. ... Application-Level Gateways (Proxy Firewalls)
Vulnerabilities and patches
Patches are software and operating system (OS) updates that address security vulnerabilities within a program or product. Software vendors may choose to release updates to fix performance bugs, as well as to provide enhanced security features. Patches are often used to address security vulnerabilities. If a software vendor discovers a security risk associated with one of its products, it will typically issue a patch intended to address that risk.
How might a corporation be hurt by acknowledging a large-scale data loss?
Perhaps the biggest long-term consequence of a cybersecurity data breach is the loss of customer trust. Your customers share their sensitive information with businesses like yours assuming you have the proper security measures in place to protect their data. Concerns are usually about how many users' data hackers accessed and how much the response will cost. But underneath the monetary cost of a security breach is a bigger issue: wrecked reputation. Security breaches shock consumer confidence, resulting in an invisible tsunami of lost revenue
RAID 0
RAID 0 (disk striping) is the process of dividing a body of data into blocks and spreading the data blocks across multiple storage devices, such as hard disks or solid-state drives (SSDs), in a redundant array of independent disks (RAID) group. Distributing tape files allows two or more hard drives to work simultaneously and significantly reduces latency by sharing the cache. The performance increases dramatically with the number of disks that make up a cluster. If you're a hardcore gamer, you might use RAID 0 to decrease load times and maximize performance. A videographer that deals with multiple gigabytes of video would use RAID 0 to improve processing speed. Companies with massive data archives could employ RAID 0 for faster read/write times.
RAID 5
RAID 5 is a redundant array of independent disks configuration that uses disk striping with parity. A popular disk or solid state drive (SSD) subsystem that increases safety by computing parity data and increasing speed by interleaving data across three or more drives (striping). Because data and parity are striped evenly across all of the disks, no single disk is a bottleneck. Striping also allows users to reconstruct data in case of a disk failure. RAID 5 is ideal for file and application servers that have a limited number of data drives. Parity disk? Parity information is distributed among all physical disks in the RAID. If one of the disks fails, parity info is used to recover data that was stored on that drive.
Social engineering
Social engineering is the tactic of manipulating, influencing, or deceiving a victim in order to gain control over a computer system, or to steal personal and financial information. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. cybercrime wherein the attacker fools the target through impersonation. They might pretend to be your boss, your supplier, someone from our IT team, or your delivery company. Regardless of who they're impersonating, their motivation is always the same — extracting money or data.
Spam
Spam refers to unsolicited bulk messages being sent through email, instant messaging, text messaging or other digital communication tools. Spam is any unsolicited communication sent in bulk. Usually sent via email, spam is also distributed through text messages (SMS), social media, or phone calls. Spam messages often come in the form of harmless (though annoying) promotional emails. But sometimes spam is a fraudulent or malicious scam
Explain the necessity of backup
The purpose of the backup is to create a copy of data that can be recovered in the event of a primary data failure. Primary data failures can be the result of hardware or software failure, data corruption, or a human-caused event, such as a malicious attack (virus or malware), or accidental deletion of data.
When should a Windows systems administrator use the Administrator account?
This ensures that there is always at least one user with administrative rights. Ideally, the computer administrator account should only be used to: Install, upgrade, repair, or back up the operating system and components. These Administrator accounts should be regularly audited - this should include a password change, and confirmation of who has access to these accounts.
UTM
Unified threat management (UTM) describes an information security (infosec) system that provides a single point of protection against threats, including viruses, worms, spyware and other malware, and network attacks.
