ITS Network Security Study Guide
This software supports threat detection, compliance and security incident management through the collection and analysis of security events. Some examples of defenses that are considered a ______ solution include: IDS, Anti-virus/anti-malware solutions, data loss prevention, VPN connections web filters, honeypots, and firewalls
SIEM (Security Information and Event Manager)
An attacker issues a SQL command to a web server as part of the URL or as input (in a password or username field). The web server might pass the command onto the database which then allows attackers to have access to information
SQL injection
The name of the WiFi network that you connect to
SSID (Service set identifiers)
Pre-configured settings on your computer that can be changed as desired. They usually provide the most basic security settings and should be changed if you want to have better system security
Security baseline
It's good to implement ___________ ___ _________ onto different servers, so if one service stops working correctly or is infected with a virus, it won't affect the rest of the services.
Seperation of services
Allow you to control who accesses folders over the network. You cannot control access to individual subfolders or objects on a share.
Share permissions
This can include having lights, fences or cameras on a building
Site security
This type of firewall is installed on a computer or server, and tasked with network security. It works with a wide variety of other technology security solutions to provide more robust and cohesive security for enterprises of all sizes. It's also the main choice of firewall for companies to use.
Software firewall
A type of software that collects information about you without your knowledge
Spyware
This type of firewall inspection method watches over the network connection and inspect packets that go through your network, only allowing known matching packets to pass through
Stateful firewall inspection
This type of firewall inspection method is designed to allow/deny certain IP addresses based on its source/destination IP address and/or port number. Hardware firewalls usually have this type of inspection
Stateless firewall inspection
This type of routing is when the router is manually configured. A network administrator configures the routes into the routing table to be used by the router to send packets to a destination network. There are four different types of this routing: Standard, default, summary and floating
Static routing
With this type of encryption, you use one shared private key in order to encrypt and decrypt data
Symmetric key encryption
This includes disabling unnecessary services, restricting administrative access and enabling auditing controls
System hardening
The opportunity for an attacker to attack your system (It's possible that someone could break into your house through a window)
Threat
A program disguised to perform a certain tasks when really it can take control over your computer
Trojan horses
True or false: When a new subfolder is created, all permissions from the parent folder are applied to the subfolder.
True
Provides full disk encryption and carries out hardware based security functions. It can generate and store (Bit Locker) keys used for encryption, decryption and authentication
Trusted Platform Module. TPM
Windows feature that enables standard accounts to do common tasks and provides a permissions dialog box when standard and administrator accounts do certain things that could potentially harm the computer (such as attempt to install a program).
UAC - User access control
Can cause certain applications to stop working or function differently, and they require a host to replicate
Viruses
An unsecured area in your system that can be exploited (Leaving the window open)
Vulnerability
What are the four wireless security types?
WEP, WPA, WPA2, WPA3
A list of people who you manually add to allow them the privilege to contact/confront you, disallowing anyone who isn't on this list access to do so. Can also be called passlist or allowlist
Whitelist(ing)
What is a good minimum password age?
Windows security baselines recommend 1 day, but typically it's 7 days for companies
Typically traveling through networks, they cause your computer to act slower and don't require a host to replicate themselves
Worms
Which folder permission allows you to perform the following: Create folders. Add new files. Delete files.
Write
Attack methods that are new, so there are no defense measures available to prevent the attack
Zero day attacks
A computer that has been taken over by a hacker, used primarily for botnets
Zombies
Lists out group policies that are enforced on the computer (for the user you're logged in as)
gpresult
Updates group policy settings
gpupdate
What is a good minimum password length?
8 characters
What is a good maximum password age?
90 days
Procedures implemented to define the roles, responsibilities, and administrative functions. This can include creating policies and user training
Administrative controls
What are the following advantages of?: It provides easy routing table maintenance in networks. Consumes less bandwidth when compared to dynamic routing as no CPU cycles are-used in route calculation and communication. Do not advertise their route over the network, resulting in better network security.
Advantages of static routing
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user
Adware
With this type of encryption, you use a public key to encrypt data and a private key to decrypt it. Also known as public-key cryptography or public-key encryption
Asymmetric encryption (or public key encryption)
Information or applications being readily available for use
Availability
A way into a computer system without having to use a password
Backdoors
A service included with Microsoft Windows, meant to protect your information from unauthorized access by encrypting it. It's used in the absence of a TPM (Trusted Platform Module)
Bit Locker
A list of people who you manually add to disallow them the privilege to contact/confront you, allowing anyone who isn't on this list access to do so. Can also be called a denylist or disallowlist
Blacklist(ing)
A group of compromised computers or mobile devices connected to a network, which are typically used to make a DDOS attack
Botnet
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of the fixed-length
Buffer overflow
The protection of a computer system (and it's network) and its confidentiality, integrity and availability. This can include physically protecting your computer from removable devices or digitally protecting your computer from different attacks
Computer Security
Assuring that messages and information are available only to those who are authorized to view them
Confidentiality
Process that manages or screens access to specific emails or web pages, in order to block content that could be harmful. Applying this setting in your firewall can help better protect your computer from dangerous sites.
Content filtering
A web application vulnerability. Attackers embed malicious HTML or JavaScript code into a web site's code, which executes when a user visits the site
Cross-site scripting (XSS)
This attack causes users to be unable to gain access to a system
Denial of Service (DOS)
Backup that copies all changed data since the last full backup
Differential backup
This path determination is chosen when the destination IP address in the IP header belongs to a network connected to one of the router interfaces
Directly connected route
An attack that uses multiple zombie computers in a botnet to flood a device with requests.
Distributed Denial of Service (DDOS)
This form of routing is a process where a router learns about routing information without an administrator's help, and adds the best route to its routing table. A router running this type of routing protocol adds the best route to its routing table and can also determine another path if the primary route goes down. Also known as adaptive routing
Dynamic routing
Doing this helps prevent the loss of confidentiality if a device is lost or stolen
Encrypting offline folders
Which folder permission allows you to perform the following: View file names and subfolder names. Navigate to subfolders. View data in the folder's files. Run applications.
Execute
True or False: MAC addresses are best suited for bigger networks
False, MAC addresses are only able to be useful over a LAN (local area network) and cannot be routed across a larger network
True or false: When editing file permissions for a subfolder, a grey box present next to a group/user means that they're not allowed to have permissions for that folder
False, the grey box signifies that the group has inheritance from the parent folder. It's permissions cannot be changed in the subfolder
Implementing these in your network help keep unwanted data from entering your network, and can be considered the first line of defense for your computer network
Firewall
Which folder permission allows you to perform the following: View file name and subfolders. Navigate to subfolders. View data in the folder's files. Add files and subfolders to the folder. Change the folder's files. Delete the folder and its files. Change permissions. Take ownership of the folder and its files.
Full Control
Backup that copies all data from a system
Full backup
A Microsoft Windows feature that provides centralized management and configuration of computers and remote users
Group policy
A list of settings that administrators use to configure user and computer operating environments remotely through the Active Directory
Group policy object
This type of firewall is a physical device that's used to create a network boundary
Hardware firewall
This type of firewall is installed directly onto your computer and allows you to set specific rules to protect you (even from other devices on your own network)
Host firewall
A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress. It notifies you when it senses that there is an attack on your system, but doesn't do anything about it.
IDS (Intrusion Detection System)
A software and/or hardware system running on a workstation, server, or switch, that stands between the attacker and the network or host, meant to prevent traffic from reaching the protected network or host. It takes action against the possible attack that the IDS is sensing.
IPS (Intrustion Prevention System)
Backup that copies only the changed data since the last backup (full or incremental)
Incremental backup
Ensuring that the data being sent/received hasn't been tampered with
Integrity
Located on port 88, An authentication system used to verify the identity of networked users.
Kerberos
Software that records the keystrokes on a computer
Keyloggers
Providing only the minimum amount of privileges necessary to perform a job or function
Least Privilege
Which folder permission allows you to perform the following: View the file names and subfolder names. Navigate to subfolders. View folders. Does not permit access to the folder's files.
List folder contents
Increases the network's effectiveness and performance for both static and dynamic routes
Load balancing
Software that is set to perform a task at a specific time or once a certain action takes place
Logic bombs
These allow your devices to communicate with each other over the same LAN (local area network). They're a low level component of an Ethernet port, making them unable to be routed across the internet.
MAC address
This filtering method blocks out traffic from certain MAC addresses, only allowing specific ones access
MAC address filtering
An attack that infects vulnerable web browsers. It can allow the attacker to capture browser session data, including keystrokes.
Man in the Browser
A security attack in which network communication is intercepted in an attempt to obtain information
Man in the Middle
Two doors on either side of a room, a person may gain access to one but not the next. Meant to physically trap an attacker and prevent them from leaving/entering the building
Mantraps
A computer program incorrectly manages memory allocations; data gets created, but never deleted.
Memory leak
Which folder permission allows you to perform the following: View the file names and subfolders. Navigate to subfolders. View data in the folder's files. Add files and subfolders to the folder. Change the folder's files. Delete the folder and its files. Open and change files.
Modify
Authenticating yourself through two different methods, such as entering a PIN then using a retina scanner to login
Multi factor authentication
This type of firewall is meant to specifically protect your network from unauthorized access when you're connected to the internet
Network firewall
This path determination is chosen when the destination address is not in the routing table
No route determined
(Digital) proof that an action took place between, so you can not deny that it happened. Proof could include audit logs
Non-repudiation
The process you go through when you're setting up your new device. You'll usually set up the cloud and privacy settings here as well.
OOBE (Out of the Box Experience)
Password policies can be configured in Local Security Policy, and include setting password length, age, history, and complexity
Password policies
Regularly applying patches and updates to software
Patch management
This is when the router analyzes the packets destination IP address and determines the fastest way to reach that destination. The paths can be any of the following: a directly connected route, a remote network, or no route determined
Path determination
Key used to decrypt data in asymmetric encryption (Public or private?)
Private key
Key used to encrypt data in asymmetric encryption (Public or private?)
Public key
An attack designed to lock you out of your computer system until a sum of money is paid
Ransomware
Which folder permission allows you to perform the following: View the file names and subfolder names. Navigate to subfolders. Open files. Copy and view data in the folder's files.
Read
What are the standard folder permission types? (There's 6)
Read, write, modify, execute, full control, list folder contents
Accessing a computer from a remote location
Remote access
This path determination is chosen when the destination IP address of the packet belongs to another network
Remote network
This can include CD's or USB's, which can pose a threat when someone sticks a malicious USB into their computer
Removable devices
What are good complexity standards for a password?
Requiring at least one uppercase and lowercase character, one number and one special character
The potential damage that an attack can have on your system (If someone breaks through your window, you may need to replace it)
Risk
Malicious software that allow attackers to gain access to your computer and take control of it without your knowledge. They avoid normal login procedures by creating a backdoor
Rootkits
This devices purpose is to receive, analyze, and forward IP packets between computers in a network. It goes through three main phases: path determination, routing decision and load balancing. There are two main types: dynamic and static
Router/Routing
After the router decides on its path, it encapsulates the IP packet with the appropriate data link frame type of the egress port (exiting port)
Routing decision