Basic System Security Windows User Security (Lec 7)

Flashcards for reviewing system security concepts in Windows.

Windows Login Restrictions

Methods to control user access, including time, concurrent logins, and station restrictions.

Time Restrictions

Limiting network access to certain times of the day for user accounts.

Concurrent Logins

Restricting a user to be logged into only one station at a time.

Station Restrictions

Allowing or disallowing specific users from using certain workstations.

Lockout

Freezing an account after a specified number of failed login attempts.

Authentication

Verifying the identity of a user or device.

Authorization

Granting permissions or access rights to authenticated users or devices.

Non-Repudiation

Ensuring there is a trail of where data came from, preventing denial of sending data.

Digital Signatures

A method used to implement non-repudiation, ensuring data integrity and sender authentication.

Man-in-the-middle Attack

An attack where someone intercepts and potentially alters communication between two parties but is prevented by non-repudiation.

Encryption

Scrambling data so that it is not natively readable, protecting it from unauthorized access.

SID (Security Identifier)

A unique identifier for a user account used in encryption keys.

EFS (Encrypting File System)

File encryption available in Windows operating systems.

FileVault

File encryption available in Mac OS X.

TrueCrypt

A third-party encryption software.

Bitlocker

A third-party encryption software.

PGP (Pretty Good Privacy)

A third-party encryption software.

SSL (Secure Sockets Layer)

A protocol used for secure web transactions.

SSH (Secure Shell)

A secure alternative to telnet for remote access.

IPSec (Internet Protocol Security)

A protocol used for secured tunnel (VPN) connections.

Malware

Any malevolent software with a sinister purpose.

Worms

Infectious malware that self-replicates and spreads across networks.

Viruses

Infectious malware that requires user interaction to spread.

Trojans

Malware disguised as something innocuous or desirable.

Backdoors

Malware that bypasses authentication mechanisms for unauthorized access.

Rootkits

Software designed to hide its presence and provide privileged access to a computer.

Spyware

Malware that covertly spies on a user's activities.

Botnets

Networks of compromised systems used to accomplish a common goal.

Adware

Software that collects data to drive targeted advertising.

Spam

Unsolicited bulk messages sent via electronic message systems.

Phishing

Attacks against a person using social engineering to steal credentials.

payload

The malicious action performed by a virus or worm.

Spear Phishing

Targeted phishing attacks, usually specific to an organization.

Pharming

Hacking DNS records to redirect users to a fake website.

DNS

Stands for Domain Name System

Zombie/Drone

A computer controlled by a hacker in a botnet.

Trojan Horse

A malicious program disguised as something safe.

EULA

End User License Agreement.

Firewall

A security device that controls network traffic based on defined rules.

Packet Filtering

Analyzing network packets based on source/destination IP, protocol, and port.

Stateful Packet Inspection (SPI)

Firewall that keeps track of the state of connections.

Application Filtering

Firewall filtering at the application layer, controlling how applications communicate.

Rule Order

The order in which firewall rules are analyzed, from top to bottom.

Allow/Permit

Firewall rule action to allow traffic.

Deny/Drop/Reject

Firewall rule action to block traffic.

Windows Firewall

Software firewall built into the Windows operating system.

Automatic Updates (Anti-Virus)

Regular updates of virus detection signatures.

Scheduled Scans (Anti-Virus)

Regularly planned full system scans for malware.

On-Demand Scans (Anti-Virus)

Scanning specific files for viruses as they are opened.

Heuristic Scanning

Using common sense to detect infections, as opposed to specific known virus signatures.

Email Scanning

Scanning incoming and outgoing emails for viruses.

CERT

Computer Emergency Response Team.

ShieldsUP!

A service used to check open ports on a system.

Netstat

A command-line tool used to display active network connections.

Infectious Software

Software with the goal of replicating itself, examples: viruses and worms

Open Port

A network service that listens for connections, worms focus on these

Payload

Can cause different levels of destruction, often installed by worms

Botnet

Can be bought and sold on black markets

Covertly Spy

Main function of spyware

Targeted Advertising

Main function of Adware

Unsolicited Bulk Messages

Commonly called spam

Social engineering

Phishing example for hacking into a system

Sophistication of malware

Trend that has been increasing over time

Financial Gain

Main motivator for malware

Packet Filtering

Every packet is analyzed and a decision is made, used by a firewall

Packet Filtering

Decisions based on a combination of source, destination and port number.

Generic Packet Filter

Makes forwarding decisions based only on statically configured parameters

Application Firewalls

Talk on behalf of a back-end server

First match algorithm

Applies during rule construction on a firewall

Spyware

Often uses keyloggers

spyware/adware protection

Run anti-spyware software

Antivirus Software

Do not run two or more at the same time

Black Markets

Botnets can be bought and sold here

DDOS

Distributed denial of service

constant vigilance

Required because bad guys are getting better

Network Services

Attacks are focused on these that listen for connections on an open port by worms

Spam Filtering

Due to the amount of spam email systems have this problem

Infectious Worms/Viruses

One of different forms malware can take

Concealment Trojans/backdoors/rootkits

One of different forms malware can take

For Profit Spyware, botnets

One of different forms malware can take

Advertising Spam, Adware

One of different forms malware can take

Propagate Themselves

The main goal of infectious software such as viruses and worms

Browser Settings Too Low

An error that occurs that can trigger a virus in some cases

Application Updates

Important to pay attention to when trying to protect from viruses

Network Traffic

Even without a payload worms can cripple this

Anti-Virus Software

To protect from trojans it is important to install this

Compromised system

Becomes a drone, it can then become part of a botnet

Application Firewall

A special type of firewall that is designed to control how applications communicate

Software Firewalls

Secure different parts of the network and they target different attack vectors

System Security

A never ending effort

Exploits are constantly changing

System security is a never ending effect because of this

tradeoff

There is this between security and usability

Windows User Security

Covers concepts such as windows login restrictions

Basic Security Model

Covers concepts such as Authentication, Authorization, and Non-Repudiation

Data Integrity

A concept related to Non-Repudiation

Authentication Mechanisms

Backdoors are used to bypass

Privileged Access To a Computer

Rootkits provide

Traditional Hacking

What a rootkit can be installed through

Anti-virus software

Install this to protect from viruses, trojans, and rootkits

Compromised

Once a system is this it becomes a drone