CST Job Crops Chapter 27

Unauthorized access

When a person accesses resources without permission

Dumpster diving

Generic term for searching garbage for information

Shoulder surfing

Technique for gaining unauthorized access by observing someone’s screen or keyboard to get info

Social engineering

The process of using or manipulating people inside the organization to gain access to its network or facilities

Impersonation

Someone pretending to be someone else to trick you into giving up information, access, or money

Tailgating

Following someone

Mantrap

Small room with a set of two doors used to control access to secure areas. One door must close before the other one opens

Entry control roster

Record of all comings and goings from the building

Telephone scams

Phone call to gain information

According to the book, what is probably the most common form of social engineering?

Telephone scams

Phishing

Act of trying to get people to give their info by pretending to be someone else electronically

Spear phishing

Targeted attacks

DoS

Denial of Service- Attack uses various methods to overwhelm a system, to make it nonfunctional

DDoS

Distributed Denial of Service- Attacks that use many machines simultaneously to assault a system

Data Destruction

Intentionally or accidentally erasing or corrupting data

Why is it important to have less Admin accounts and have them log in as little as possible?

Can do vastly more damage when compromised, amplifying the danger of several other threats

Cable lock

Security device used to physically secure laptops, desktops, or other equipment to a fixed object

What are some ways to protect against blackout, brownouts, and power surges?

UPSs and surge protecters

Environmental controls

Practice of protecting computing equipment from environmental damage by taking measures (air conditioning, ventilation, air filtration, temperature monitoring, and humidity monitoring)

What is the ideal working environment for a computer?

Air is clean, dry, and room temp.

What is the best way to clean dirty electronic devices?

Compressed air or a Non static vacuum

Opinions vary, but according to the book, what is the ideal temperature and relative humidity for computer operation?

22°C/ 72°F and 30-40% humidity

What should you watch for to help with ventilation in a room?

• Ducts are clear of obstructions

• Ducts are adjusted

• Don’t let equipment get closed off from proper ventilation

MSDS

Material Safety Data Sheet- A document that lists the risks, precautions, and clean-up/disposal procedures for any substances you work with regularly

Acess control

Composed of interlinked areas: physical security, authentication, user and groups, and security policies

What are the 5 types of locks that make it harder for an attacker to physically access systems?

• Lock the doors

• Cable locks

• USB locks

• RJ-45 locks

• Server locks

RFID

Radio frequency Identification (or smart cards)

Privacy screen

A framed sheet or film that you apply to the front of the screen to reduce viewing angle, making it only to be seen when directly in front of it

Blacklist

Block specific computers, adding their MAC addresses to the ranks of undesired (in MAC filtering or port security)

Whitelist

Pre-specify the only MAC addresses allowed access

Authentication

The process of identifying and granting access to some user trying to access a system

Give an example of two-factor authentication

Something a user knows (password) and something the user has (key fob, code, etc.)

What are the ways CMOS setup utilities can help secure a computer?

Drive lock, intrusion detection, and system access BIOS/UEFI password

Smart cards

Credit-card sized cards with circuitry that can identify the bearer of the card

Security tokens

Devices that store some unique information that the user carries on their person

RSA tokens

Random # generators that are used with usernames and passwords and ensure extra security

Software token

Programming that enables the device to serve as an authentication factor when logging into a secure resource

Biometric Device/locks

Physical, flesh and blood authentication

Retinal scanner

Eye scanner

Principle of least privelege

Accounts should have permission to access only the resources they need and no more

Effective permissions

User’s combined permissions granted by multiple groups

ACL

Access Control List- Form of user and group permissions

Guest account and everyone account

Guest account- meant for temporary or limited access

Everyone account- Security group

Policies

Control permission to perform a given action

How do you protect data “at rest”?

Full-disk data encryption

gpupdate/force

Command-line to update group policy for a specific computer immediately

Local security policy

Set policies on an individual system

OU

Organization units- organize users and devices logically into a folder

Group policy

Controls the settings of multiple network clients with policies

Data classification

System of organizing data according to its sensitivity

Compliance

Members of an organization or company must comply with all of the rules that apply to the organization or company

PII (Personally Identifiable Information)

Any data that can lead back to a specific individual

PHI (Protected Health Information)

Any PII that involves a person’s health status, medical records, and healthcare services they have received

PCI (Payment Card Industry)

Rigorous set of rules for systems that accept, transmit, process, or store credit/debit card payments

GPRD

Fairly new law that defines a broad set of rights and protections of citizens living in countries in the European union

EULA

End User License Agreement- you agree to abide by when you open or install new software obligates you to abide by the use and sharing guidelines stipulated by the software copywrite holder

DRM (Digital Rights Management)

Enforce how you use commercial software

Open source software

Allow you to take the original code and modify it

Closed source software

Can’t modify the source code or make it part of some other software suite

Event Viewer

Read logs created by auditing

Event auditing

When a user logs on

Object Access Auditing

When a user tries to access a certain file or folder

How do you turn on auditing at a local level?

Go to Local Security Policy in Administrative Tools. Select Local policies and click Audit Policy

Incident Reporting

Process of reporting gathered data about a system or problem to supervisors

Where does Event Viewer store its log files?

%SystemRoot%\System32\Config

Acceptable Use Policy (AUP)

Defines what actions employees may or may not perform on company equipment

Incident Response Leader

Who you’ll report any prohibited actions or content directly to your supervisor

Chain of custody

A documented history of who has been in possession on the system

What are the three common rules of the Chain of Custody?

• Isolate the system

• Document when you took control and the actions you took

• Document transfer of custody

Malware

Defines any program or code that’s designed to do something on a system or network that you don’t want done

Virus

A program that replicates and activates

Replication

Make copies of itself or by hiding out in a drives boot sector

Activation

When a virus does something like corrupting data or stealing private information

Worm

Functions like a virus but does not need to attach itself to other programs to replicate

Trojan Horse

Piece of malware that appears or pretends to do one thing while at the same time, does something evil

Keylogger

Records the user’s keystrokes and making that info available to the programmer

Rootkit

Program that takes advantage of very low-level operating system functions to hide itself from antimalware tools

Spyware

Malicious software that can use your computer’s resources to run distributed computing application, keylogger, or worse

Ransomware

Encrypts all the data it can gain access to on a system. Message asking for money to decrypt data

Botnet

Network infected computers under the control of a single person or group

Zombies

Network infected computers

Attack vector

The route the malware takes to get into and infect the system

Zero-day attack

Attack on a vulnerability that wasn’t known to the software developers

Spoofing

Process of pretending to be someone or something you ware not by placing false information into your packets

Man-in-the-middle (MITM)

An attacker taps into communications between 2 systems, covertly interrupting traffic thought to be only between those systems

Session hijacking

Tries to intercept a valid computer session to get authentication information

Brute force

An attempt to crack a password

Dictionary attack

Form of brute force, guesses every word in a dictionary

Hash

Short, fixed length code (mix of numbers and letters) that is created from data

Hash tables

Large lookup tables of passwords and the corresponding hash

Rainbow Tables

Use complicated math to condense dictionary tables with hashed entries dramatically

Pop-ups

Surprise browser windows that appear automatically when you visit a website

Drive-by downloads

Unwanted, unknown, or unplanned file download

What are some ways to forcibly close a window when the x button of the window doesn’t respond?

Pressing ALT-F⁴ or right clicking the browser windows icon on the taskbar and selecting close

Spam

Unsolicited emails from both legitimate businesses and scammers that account for a huge percentage of traffic on the internet

Rouge anti-malware

Free applications that claim to be anti-malware, but which are actually malware themselves

Patch management

Putting out bug fixes and patches as soon as problems occur

Antivirus program

Protects the PC by working in an active seek and destroy mode and in a passive sentry mode

Virus shields

Passive monitoring of a computer’s activity, checking for viruses only when certain events occur

Signature

Is the code pattern of a known virus