ITS Network Security Study Guide

This software supports threat detection, compliance and security incident management through the collection and analysis of security events. Some examples of defenses that are considered a ______ solution include: IDS, Anti-virus/anti-malware solutions, data loss prevention, VPN connections web filters, honeypots, and firewalls

SIEM (Security Information and Event Manager)

An attacker issues a SQL command to a web server as part of the URL or as input (in a password or username field). The web server might pass the command onto the database which then allows attackers to have access to information

SQL injection

The name of the WiFi network that you connect to

SSID (Service set identifiers)

Pre-configured settings on your computer that can be changed as desired. They usually provide the most basic security settings and should be changed if you want to have better system security

Security baseline

It's good to implement ___________ ___ _________ onto different servers, so if one service stops working correctly or is infected with a virus, it won't affect the rest of the services.

Seperation of services

Allow you to control who accesses folders over the network. You cannot control access to individual subfolders or objects on a share.

Share permissions

This can include having lights, fences or cameras on a building

Site security

This type of firewall is installed on a computer or server, and tasked with network security. It works with a wide variety of other technology security solutions to provide more robust and cohesive security for enterprises of all sizes. It's also the main choice of firewall for companies to use.

Software firewall

A type of software that collects information about you without your knowledge

Spyware

This type of firewall inspection method watches over the network connection and inspect packets that go through your network, only allowing known matching packets to pass through

Stateful firewall inspection

This type of firewall inspection method is designed to allow/deny certain IP addresses based on its source/destination IP address and/or port number. Hardware firewalls usually have this type of inspection

Stateless firewall inspection

This type of routing is when the router is manually configured. A network administrator configures the routes into the routing table to be used by the router to send packets to a destination network. There are four different types of this routing: Standard, default, summary and floating

Static routing

With this type of encryption, you use one shared private key in order to encrypt and decrypt data

Symmetric key encryption

This includes disabling unnecessary services, restricting administrative access and enabling auditing controls

System hardening

The opportunity for an attacker to attack your system (It's possible that someone could break into your house through a window)

Threat

A program disguised to perform a certain tasks when really it can take control over your computer

Trojan horses

True or false: When a new subfolder is created, all permissions from the parent folder are applied to the subfolder.

True

Provides full disk encryption and carries out hardware based security functions. It can generate and store (Bit Locker) keys used for encryption, decryption and authentication

Trusted Platform Module. TPM

Windows feature that enables standard accounts to do common tasks and provides a permissions dialog box when standard and administrator accounts do certain things that could potentially harm the computer (such as attempt to install a program).

UAC - User access control

Can cause certain applications to stop working or function differently, and they require a host to replicate

Viruses

An unsecured area in your system that can be exploited (Leaving the window open)

Vulnerability

What are the four wireless security types?

WEP, WPA, WPA2, WPA3

A list of people who you manually add to allow them the privilege to contact/confront you, disallowing anyone who isn't on this list access to do so. Can also be called passlist or allowlist

Whitelist(ing)

What is a good minimum password age?

Windows security baselines recommend 1 day, but typically it's 7 days for companies

Typically traveling through networks, they cause your computer to act slower and don't require a host to replicate themselves

Worms

Which folder permission allows you to perform the following: Create folders. Add new files. Delete files.

Write

Attack methods that are new, so there are no defense measures available to prevent the attack

Zero day attacks

A computer that has been taken over by a hacker, used primarily for botnets

Zombies

Lists out group policies that are enforced on the computer (for the user you're logged in as)

gpresult

Updates group policy settings

gpupdate

What is a good minimum password length?

8 characters

What is a good maximum password age?

90 days

Procedures implemented to define the roles, responsibilities, and administrative functions. This can include creating policies and user training

Administrative controls

What are the following advantages of?: It provides easy routing table maintenance in networks. Consumes less bandwidth when compared to dynamic routing as no CPU cycles are-used in route calculation and communication. Do not advertise their route over the network, resulting in better network security.

Advantages of static routing

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user

Adware

With this type of encryption, you use a public key to encrypt data and a private key to decrypt it. Also known as public-key cryptography or public-key encryption

Asymmetric encryption (or public key encryption)

Information or applications being readily available for use

Availability

A way into a computer system without having to use a password

Backdoors

A service included with Microsoft Windows, meant to protect your information from unauthorized access by encrypting it. It's used in the absence of a TPM (Trusted Platform Module)

Bit Locker

A list of people who you manually add to disallow them the privilege to contact/confront you, allowing anyone who isn't on this list access to do so. Can also be called a denylist or disallowlist

Blacklist(ing)

A group of compromised computers or mobile devices connected to a network, which are typically used to make a DDOS attack

Botnet

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of the fixed-length

Buffer overflow

The protection of a computer system (and it's network) and its confidentiality, integrity and availability. This can include physically protecting your computer from removable devices or digitally protecting your computer from different attacks

Computer Security

Assuring that messages and information are available only to those who are authorized to view them

Confidentiality

Process that manages or screens access to specific emails or web pages, in order to block content that could be harmful. Applying this setting in your firewall can help better protect your computer from dangerous sites.

Content filtering

A web application vulnerability. Attackers embed malicious HTML or JavaScript code into a web site's code, which executes when a user visits the site

Cross-site scripting (XSS)

This attack causes users to be unable to gain access to a system

Denial of Service (DOS)

Backup that copies all changed data since the last full backup

Differential backup

This path determination is chosen when the destination IP address in the IP header belongs to a network connected to one of the router interfaces

Directly connected route

An attack that uses multiple zombie computers in a botnet to flood a device with requests.

Distributed Denial of Service (DDOS)

This form of routing is a process where a router learns about routing information without an administrator's help, and adds the best route to its routing table. A router running this type of routing protocol adds the best route to its routing table and can also determine another path if the primary route goes down. Also known as adaptive routing

Dynamic routing

Doing this helps prevent the loss of confidentiality if a device is lost or stolen

Encrypting offline folders

Which folder permission allows you to perform the following: View file names and subfolder names. Navigate to subfolders. View data in the folder's files. Run applications.

Execute

True or False: MAC addresses are best suited for bigger networks

False, MAC addresses are only able to be useful over a LAN (local area network) and cannot be routed across a larger network

True or false: When editing file permissions for a subfolder, a grey box present next to a group/user means that they're not allowed to have permissions for that folder

False, the grey box signifies that the group has inheritance from the parent folder. It's permissions cannot be changed in the subfolder

Implementing these in your network help keep unwanted data from entering your network, and can be considered the first line of defense for your computer network

Firewall

Which folder permission allows you to perform the following: View file name and subfolders. Navigate to subfolders. View data in the folder's files. Add files and subfolders to the folder. Change the folder's files. Delete the folder and its files. Change permissions. Take ownership of the folder and its files.

Full Control

Backup that copies all data from a system

Full backup

A Microsoft Windows feature that provides centralized management and configuration of computers and remote users

Group policy

A list of settings that administrators use to configure user and computer operating environments remotely through the Active Directory

Group policy object

This type of firewall is a physical device that's used to create a network boundary

Hardware firewall

This type of firewall is installed directly onto your computer and allows you to set specific rules to protect you (even from other devices on your own network)

Host firewall

A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress. It notifies you when it senses that there is an attack on your system, but doesn't do anything about it.

IDS (Intrusion Detection System)

A software and/or hardware system running on a workstation, server, or switch, that stands between the attacker and the network or host, meant to prevent traffic from reaching the protected network or host. It takes action against the possible attack that the IDS is sensing.

IPS (Intrustion Prevention System)

Backup that copies only the changed data since the last backup (full or incremental)

Incremental backup

Ensuring that the data being sent/received hasn't been tampered with

Integrity

Located on port 88, An authentication system used to verify the identity of networked users.

Kerberos

Software that records the keystrokes on a computer

Keyloggers

Providing only the minimum amount of privileges necessary to perform a job or function

Least Privilege

Which folder permission allows you to perform the following: View the file names and subfolder names. Navigate to subfolders. View folders. Does not permit access to the folder's files.

List folder contents

Increases the network's effectiveness and performance for both static and dynamic routes

Load balancing

Software that is set to perform a task at a specific time or once a certain action takes place

Logic bombs

These allow your devices to communicate with each other over the same LAN (local area network). They're a low level component of an Ethernet port, making them unable to be routed across the internet.

MAC address

This filtering method blocks out traffic from certain MAC addresses, only allowing specific ones access

MAC address filtering

An attack that infects vulnerable web browsers. It can allow the attacker to capture browser session data, including keystrokes.

Man in the Browser

A security attack in which network communication is intercepted in an attempt to obtain information

Man in the Middle

Two doors on either side of a room, a person may gain access to one but not the next. Meant to physically trap an attacker and prevent them from leaving/entering the building

Mantraps

A computer program incorrectly manages memory allocations; data gets created, but never deleted.

Memory leak

Which folder permission allows you to perform the following: View the file names and subfolders. Navigate to subfolders. View data in the folder's files. Add files and subfolders to the folder. Change the folder's files. Delete the folder and its files. Open and change files.

Modify

Authenticating yourself through two different methods, such as entering a PIN then using a retina scanner to login

Multi factor authentication

This type of firewall is meant to specifically protect your network from unauthorized access when you're connected to the internet

Network firewall

This path determination is chosen when the destination address is not in the routing table

No route determined

(Digital) proof that an action took place between, so you can not deny that it happened. Proof could include audit logs

Non-repudiation

The process you go through when you're setting up your new device. You'll usually set up the cloud and privacy settings here as well.

OOBE (Out of the Box Experience)

Password policies can be configured in Local Security Policy, and include setting password length, age, history, and complexity

Password policies

Regularly applying patches and updates to software

Patch management

This is when the router analyzes the packets destination IP address and determines the fastest way to reach that destination. The paths can be any of the following: a directly connected route, a remote network, or no route determined

Path determination

Key used to decrypt data in asymmetric encryption (Public or private?)

Private key

Key used to encrypt data in asymmetric encryption (Public or private?)

Public key

An attack designed to lock you out of your computer system until a sum of money is paid

Ransomware

Which folder permission allows you to perform the following: View the file names and subfolder names. Navigate to subfolders. Open files. Copy and view data in the folder's files.

Read

What are the standard folder permission types? (There's 6)

Read, write, modify, execute, full control, list folder contents

Accessing a computer from a remote location

Remote access

This path determination is chosen when the destination IP address of the packet belongs to another network

Remote network

This can include CD's or USB's, which can pose a threat when someone sticks a malicious USB into their computer

Removable devices

What are good complexity standards for a password?

Requiring at least one uppercase and lowercase character, one number and one special character

The potential damage that an attack can have on your system (If someone breaks through your window, you may need to replace it)

Risk

Malicious software that allow attackers to gain access to your computer and take control of it without your knowledge. They avoid normal login procedures by creating a backdoor

Rootkits

This devices purpose is to receive, analyze, and forward IP packets between computers in a network. It goes through three main phases: path determination, routing decision and load balancing. There are two main types: dynamic and static

Router/Routing

After the router decides on its path, it encapsulates the IP packet with the appropriate data link frame type of the egress port (exiting port)

Routing decision