Chapter 11: IT Security Threat Mitigation

What’s a hacker?

talented experts driven to expand, extend, improve, overcome, and repurpose existing hardware, software, and systems.

What’s a local security threat?

threat originates from your local environment.

What are authorized users?

users that have been granted permissions.

What’s unauthorized access?

occurs when a person accesses resources (such as data, applications, and hardware) without permission.

What’s password cracking?

Cracking is more than just random guessing—it’s a disciplined technique for obtaining a password through rapid-fire trial and error, often by employing password-cracking software.

True or False: Password crackers who know something about the owner of the password can further target their guessing by including names and words that would be meaningful, like the name of a spouse or family pet, or a birthday or an anniversary date.

True

What’s dumpster diving?

an attacker goes through your garbage, looking for information.

What’s the best defense against unauthorized Wi-Fi use?

implement wireless encryption methods such as WPA2.

What’s device hardening?

to make the device as difficult as possible to compromise by changing hardware and software settings.

What are ways you can harden a device?

• Disable unused wireless features

• Set up lockout times

• Enable security features

• Use encryption.

Windows has Windows Defender for ______.

malware

Windows has Windows Firewall for ______.

network attacks

True or False: Applying firmware and software updates not only introduces new features in some cases but also sometimes fixes security problems.

True

What’s BitLocker?

You can also encrypt your entire hard drive, which makes a hard drive unreadable if removed from the original PC in which it is installed.

What’s encryption?

feeds plaintext into an encryption algorithm along with a key, which results in encrypted data, otherwise called ciphertext

Should you encrypt network transmissions (data in transit)?

Yes

Most web sites use an _______ certificate to encrypt and digitally sign all transmissions.

SSL (or TLS)

True or False: Every desktop/laptop OS enables you to create user accounts and grant different permissions to different kinds of accounts.

True

What account has full permission to do anything?

Administrator account

What account can only make changes affecting that one account?

Standard account

What account can run only a few applications, such as a web browser, and can’t change any settings.

A guest account

What’s user authentication?

verifying a user’s identity to permit or block certain actions on a system.

______________ schemes add a possession factor (such as a key or card that you have) or an inherence factor (things you are, such as fingerprints, retinal scans, facial recognition).

multifactor authentication (MFA)

A strong password has::

mix of letters, numbers, and special characters.

What’s UAC?

User Access Control, prevent malware or rogue web sites from making system changes without your knowledge and consent.

True or False: While a lot of malicious software comes from the Internet or some type of storage device, it can also come from a local area network.

True

What’s adware?

is software that displays unsolicited advertisements on your computer. It may come to you in the form of a program that seems helpful, such as a toolbar for your browser, but instead of (or in addition to) whatever it purports to do, it causes ads to display. These ads are usually in the form of pop-ups, although the ads can also show up in other ways.

What are the three main symptoms of adware?

home page redirection, search engine redirection, and constant pop-ups.

What do you do when you see any adware symptoms?

the first place to look is for some sneaky adware installed as a Windows program, such as a browser toolbar or unknown utility. Open the Control Panel, go to Programs and Features, and scan through the list of programs to find something with toolbar in the name, or some utility program that you don’t recognize. It’s probably an adware program that you have inadvertently installed or that installed itself when you downloaded some software. Try removing it as you would uninstall any application.

What’s spyware?

monitors your computer usage habits and reports the information to the program’s owner.

What’s a keylogger?

records every keystroke you make, including when you type usernames and passwords.

What should you use to remove spyware?

anti-malware software

What’s spam?

unsolicited e-mail

True or False: The Unsubscribe link in some spam doesn’t actually unsubscribe you from anything; instead, it just confirms that your e-mail address is valid, and you get more spam.

True

What are several options to cope with the flood of spam?

• Never post your e-mail address on the Internet.

• Filters and filtering software can block spam at your mail server, at your service, or at your computer. You can set most e-mail programs to block e-mail from specific people—good to use if someone is harassing you. You can block by subject or keywords.

What’s social engineering?

is the process of using or manipulating people to gain access to that network from the outside—which covers the many ways humans can use other humans to gain unauthorized information.

What’s infiltration?

Attackers can physically enter your building under the guise of someone who might have a legitimate reason for being there. They then snoop around desks, looking for whatever they can find.

What’s tailgating?

Following someone through a door as if you belong, it’s a common way to infiltrate.

What are telephone scams?

the attacker makes a phone call to gain information.

What’s phising?

is the act of trying to get people to give their usernames, passwords, or other security information by pretending to be someone else electronically.

Another way social engineering scammers try to trick users is by popping up fake security alerts. When you view a web site, for example, a pop-up might appear saying that your computer has been infected by malware, prompting you to click a link to download a malware removal utility. It’s fake, though—you don’t have malware yet. If you click that link, one of two things will happen: you will actually get malware of some sort or someone will try to sell you software that will “fix” a problem that doesn’t exist. It can be difficult to distinguish such messages from legitimate security software alerts. If in doubt, shut down all browser windows by right-clicking their icons on the taskbar and choosing Close. If the alert persists, it was not generated by a pop-up. Next, verify the warning is from a security application you actually have installed. Look in the Control Panel in the Programs section to see whether the program names match. It’s important to act on legitimate security software alerts instead of ignoring them, so close the alert window, open the full version of the security software, and run a full system scan. If the error reappears, it’s probably legitimate. Illegitimate alerts are a good hint your device has malware.

What’s a computer virus?

a piece of malicious software that gets passed from computer to computer. Designed to attach itself to a program on your computer and execute when the program executes.

What’s a trojan horse?

are freestanding programs that do something other than what the person who runs the program thinks they will.

What’s a worm?

a complete program that travels from machine to machine, usually through computer networks.

What’s ransomware?

locks down your computer and holds it for ransom, displaying some threatening warning that if you don’t pay up (usually by sending money via wire transfer), your files will be deleted.

True or False: Ransomware is usually spread via infected .zip files sent as e-mail attachments.

True

There are three basic types of ransomware:

scareware, lock-screen, and encryption.

What’s scareware?

This is ransomware that just scares you. It tries to sell you bogus antivirus or cleanup tools to fix a problem that doesn’t exist. You can still use your PC but you might be bombarded with pop-ups, or you might be prevented from running programs. These are the easiest to remove.

What’s locksreen?

doesn’t allow you to use your PC in any way. It shows a full-size window warning you that you have violated the law and must pay a fine.

What’s Encrypting?

it encrypts and locks your personal files until you pay. Even if you manage to remove the malware, your files are useless without the decryption key, which you can’t get without paying.

What are things you can do to protect yourself and your data against online threats?

• First, keep the OS patched.

• Second, make sure your computer runs up-to-date anti-malware software, especially if you connect to the Internet via an always-on broadband connection. You should also be protected by a firewall, either as part of your network hardware or by means of a software program.

Because malware can infect systems through security flaws in operating systems, the next defense against them is to make sure you have _________.

the latest security patches installed on your version of Windows.

What’s a security patch?

is an addition to the operating system to patch a hole in the operating system code.

An anti-malware program, such as a classic antivirus program, protects your PC in two ways:

It can be both sword and shield, working in an active seek-and-destroy mode and in a passive sentry mode.

What’s seek and destory?

the program scans the computer’s files for viruses and, if it finds any, presents you with the available options for removing or disabling them.

What are virus shields?

that passively monitor your computer’s activity, checking for viruses only when certain events occur, such as a program executing or a file being downloaded.

Page 298