Sybex A+ Chapter 17: Security Concepts
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/86
Earn XP
Description and Tags
With help from Professor Messer, covers CompTIA A+ Core 2 Exam Objectives 2.1, 2.3, 2.4, 2.6, 2.8
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
87 Terms
Access control vestibule
Small room used to check credentials before entering a secure facility. All doors unlocked, opening one causes the other to lock. May require badging. Often requires either one person at a time or a small controlled group. Professor Messer
Badge reader
Uses a magnetic swipe, Radio Frequency Identification (RFID), or Near Field Communication (NFC) typically located in a card to authenticate a person.
Can be used for time clocks, security guard patrols, or for door/building access. Professor Messer
Video surveillance
AKA CCTV (Closed circut television) is often used in place of security guards. Object detection is used to identify a persons face or license plate. NVR = network video recorder. LPR = License Plate Recognition.
2 types: fixed & Pan-tilt-zoom (PTZ). fixed is best for recording a specific area while PTZ is best for for incident response since it has full 360 degree motion.
Many cameras will send data back to a central processing facility where you would access the recordings. the storage on the camera is called Direct Access Storage (DAS).
In some cases, motion detection is useful for keeping the camera off to save power/storage unless activity is detected i.e. a less traveled area. Professor Messer Sybex 1122
Alarm systems
Circut-based, which means it’s activated when the circut is broken or created i.e. a door opening breaks a circut. Can detect changes in your environment and respond. It may be attached to a door, window or fence and is useful for securing your perimeter.
Motion detection may also be used in order to activate this security feature. Passive Infrared (PIR) is the most common motion detection used today.
Alarm systems are often separated by zones (ie perimiter = zone 1, server room = zone 2).
Finally, it could be triggered by a duress (manual emergency) which is triggered by a person, typically by pressing a big red button (think Among Us). Professor Messer
Door locks
Conventional: lock and key
Deadbolt: physical bolt
Electronic: Keyless, PIN
Token-based: RFID (Radio Frequency Identification) badge, magnetic swipe, or key fob
Biometric: Hand, fingers, or retina scanner
Multi-factor: Could use multiple of the previous options
Equipment locks
A device used to secure other devices. Often secures data center equipment on a rack. Racks can be installed together in side-to-side fashion. Although the cabinets are enclosed with locks, proper ventilation must be maintained, typically through ventilation on the front, back, top, or bottom.
A type of ____ is a cable that is used to secure a laptop and any device with a USS (Universal Security Slot)
Security guard
Ensures that physical protection is supplied at the reception area of a facility. They validate identification of existing employees and often facilitate guest access to the location. They have an Access list that is used to verify who is supposed to be there. They meet with people who aren’t wearing their required ID badges. They are also responsible for maintaing a visitor log which is a record of who came in and out of the location at any particular time.
ID badge
Contains a picture, name, and other details. Must be worn at all times. Professor Messer
Access list
A physical list of names that determines who is authorized to be at a particular location. Security guards have access to this list so that they can enforce it and prevent anyone who is not on the list from entering.
Barricade/bollard
Prevents access to a location. Sometimes this prevention is limited, i.e. cars cannot pass, but people and bikes can.
Another use is funneling people/vehicles to a specific/desired access point.
They can prevent injuries by keeping pedestrians safe from vehicles.
Some extreme versions include full blown moats filled with water. Other times it’s just made of concrete or plastic. Professor Messer
Fence
Very obvious form of security. Which may or may not be what you want.
Functions as a perimeter to a secured location.
They can be either transparent or opaque (see through or not).
It is a very robust form of security that is difficult to break through.
Some forms can be climbed over. In that case, barbed wire/razor wire is used to prevent climbers. Professor Messer
Key fob
A small RFID (Radio Frequency Identification) key that you can add to a physical keychain. Alternative to an access card or a physical key. Commonly used for door locks. Proximity operation and contractless. Professor Messer
Smart card
AKA Common Access Cards (CAC). When an identification (ID) card doubles as Certificate-based authentication. It has an Integrated Circuit Chip (ICC).
Often used for MFA (Multifactor Authentication, i.e. 2FA, 2SV) and usually requires additional factors. In the MFA world, this would be something you have.
In order to use this authentication method, you need a card reader which is sometimes built into a laptop. Other times, you need to connect one via USB. Professor Messer
keys
used on doors, standalone locks, safes, storage bins, and cabinets without an electronic lock. less common nowadays. They should be stored in a well defined location such as a cabinet where you can perform a formal check in/check out of the item. This allows for auditing and timestamps to be performed. you may have to leave your phone, ID card, or some other valuable to insure that you return the item. messer
biometrics
Factors include:
Retina scanner: unique capillary structure in the back of the eye
Fingerprint scanner: phones, laptops, door access
Palmprint scanner: Shape of hand and fingers
This form of authentication does not store your phisical fingerprint, face, handprint, retina, etc. instead, it stores a mathematical representation of your biological features on your device to authenticate. When you scan your finger for instance, it will convert it into the mathematical representation and compare with what is already stored on the device.
Since it relies on your physical attributes, it is very difficult to change this form of authentiation. used in very specific situations and is not foolproof, hence it is often relegated to one of multiple factors of authentication, not the sole authenticator. messer
lighting
a security feature designed to increase visibility. It’s easier to see attackers when you have ____. Non-infrared (IR) cameras can see better. Consider overall ____ levels. ____ angles are important so you can see the whole area and for facial recognition. it can also help to reduce shadows and glare, which can obscure vision. messer
Magnetometer
Often used at airports and other high security jobs. By walking through the device it can detect metal through the use of passive scanning. this is useful because it means it can detect weapons.
It is not useful for non metal objects such as ceramic or plastic. messer
Mobile Device Management (MDM)
Manage company-owned and user-owned mobile devices.
BYOD allows you to Bring Your Own Device. by connecting to the BYOD network, it will automatically block unwanted traffic i.e. reddit and discord being blocked using the school wifi.
can also be used for centralized management of various thing such as apps, policy, data, camera, etc. ___ can control the entire device or just a specific “work” related partition of the device.
It can also be used to enforce certain security practices such as forcing screen locks on phones with pins. messer
least privelege
rights and permissions should be set to the bare minimum. you only need access to what you need to get the job done, nothing extra.
User accounts must be limited. Applications should run with minimal privileges. Don’t allow users to run with administrative privileges. that way you don’t have to worry about accidentally running malware, it at least limits the scope. messer
Access Control Lists (ACLs)
Consists of multiple access control entries (ACE) that are condition actions.
Used to allow or deny traffic. used for Network Address Translation (NAT), Quality of Service (QoS) etc.
Can sort traffic based on criteria like: Source IP, Dest. IP, TCP/UDP port numbers, ICMP (Internet Control Message Protocol)
Also used in operating systems to determine what access you have to the file system or apps. messer
Authentication Factors
Something you are: biometrics
Something you have: keys, cards, fobs, hardware token, phone (software token)
Something you know: passwords
Somewhere you are: location
Something you do: signing your name, typing your username
More than one of these factors combined is Multi-Factor Authentication (MFA). 2FA (2 Factor Authentication) is a type of MFA where your require 2 authentication factors to log in. messer
Software token (aka soft token)
Authenticatior application that generates pseudo random numbers based on a long key that you gave it when setting it up. you cannot guess this Timed One Time Password (TOTP) and it changes constantly, normally every 30 seconds. It can save you money from having to buy a separate, expensive, hardware token.
sms authentication
a website sends you a text message to authenticate. One of the least secure ways to MFA because it could be intercepted via sim swapping which is where an attacker steals your phone number. attackers can also spoof the source of the sms message.
A voice call is a similar authentication method that works through a phone call instead of sms, although it has the same problems that sms has. messer
email filtering
stop unsolicited email at the gateway before it reaches the user. it could be on-site or cloud based. It can also scan and block malicious malware located within emails such as executables, phishing attempts and other unwanted content. messer
active directory
a database of everything on the network. Includes things such as: computers, user accounts, file shares, printers, groups, etc.
Uses LDAP (Lightweight Directory Access Protocol, insecure Port 389, secure port 636) to quickly look up objects.
Manage authentication you log in with your account that’s located in ___.
allows for centralized access control where you can determine which users can access which resources.
commonly used by helpdesk to reset passwords and add or remove accounts.
Domain
the name associated with this related group of users, computers, and resources. each ____ has a name. ___ controllers store this in a central database which can be accessed through Active Directory.
often referenced when troubleshooting:
Is this computer on the ___?
Can you reset the ___ password?
Organizational Units (OU)
A feature in active directory that helps you keep very large databases organized. You can separate things by Object Class(such as a group for computers and one for users), Geographic Location(LA, NYC), Function(Sales, Marketing, HR), and Hybrid (any combination of the previous ones).
Once you have your ___ you can apply policies to it such as password requirements or remove the desktop wallpaper functionality.
Sometimes it looks like folders within Active Directory.
login script
automate a series of tasks that takes place during login. You can assign a ____ to a specific user, group, or OU (organizational unit). Used by Active Directory during login to map drives and printers.
Associate the __ with a group policy: User Configuration > Policies > Windows Settings > Scripts
group policy
Manage the computers or users with ____. you can add login scripts, modify the way Windows operates or the way Windows looks.
Local: applies to a single computer or user account regardless of domain membership. (gpedit.msc)
Domain: Applies to computers within a specific domain or organizational unit (OU) (Group Policy Management Console aka GPMC)
GPO = Group Policy Object
Update a client with the gpupdate utility: > gpupdate /force
network home folder
A space created in active directory that allows a user to store stuff that will be stored in active directory. instead of storing files on your local computer at C://users/<username>, you will store them in a designated folder stored in active directory.
folder redirection
a tool that allows you to redirect folders to a different location like an active directory share. This is often paired with an Offline Files feature which means you can still access your files when you are away from the directory.
security groups
A way to set up a group with predefined permissions and security settings so that all you need to do is add the user to the group and they gain privileges/permissions without having to manually add them to each user. This allows you to save time while avoiding confusion and mistakes.
Some built in groups include: Users, guests, Remote management users, and Event Log Readers.
Hardware token (aka hard token)
A device such as a smart card, key fob, or a TOTP device such as a Yubikey or Google Titan that is used as an authentication method.
Malware
Means “Malicious Software”. some gather information such as keystrokes. Some participate in a group like a botnet. others show you advertising. even more are viruses and worms which can encrypt your data and spread from machine to machine. They exist by taking advantage of a vulnerability existing in a software that you’re using. That’s why you are supposed to update your system. They can enter your system from links you click on, downloads you perform, a worm you encounter, among many things. messer
trojan horse
software that appears to be one thing, but is secretly malware. an example is Bonzi Buddy
rootkit
originally a unix technique, this type of malware embeds itself deep in your operating system. because of this, it can be invisible to your operating system. You will have to use a remover specific to the ___ in order to remove it. This type of software will usually be built after the ___ is discovered. Fortunately, Secure Boot with UEFI helps prevent this type of malware.
virus
a type of malware that can reproduce itself. it needs you to execute a program. once that is done, it can reproduce throughout your filesystems and run rampant through the network. Anti-virus/antimalware can help prevent this type of attack.
boot sector virus
Most viruses run after the OS is loaded, but this type of virus modifies your boot loader so that every time you start your computer, the virus is loaded. Modern UEFI Secure Boot helps prevent unsigned software like viruses from running during the boot process.
spyware
Malware that spies on you. it could be attempting to advertise to you better, could be trying to steal your identity. could monitor your browsing habits and even use a keylogger to see everything you type
keylogger
your keystrokes are logged and sent to the attacker so then they can spy on everything you type. this circumvents encryption.
Ransomware
a type of malware that encrypts your data until you provide a cash bounty (could request various forms of cryptocurrency). Sometimes they’ll send a decryption key, other times they won’t.
cryptominers
a type of malware that uses your computer to mine cryptocurrencies in the background. Proof of work is a very difficult math problem and that is what a ___ attempts to solve on the infected computer. It involves intensive CPU processing, which can bog down your computer.
Windows recovery environment
a very powerful command line that gives you access to all the files on your operating system without having to start your entire operating system. you can use this to remove malware on your computer, but you have to know what commands to type. you can also enable or disable startup apps/services or repair the file system boot sector or the master boot record (MBR). you can access this by holding the shift key while clicking restart. Alternatively, you could boot this from installation media (usb stick) messer
antivirus/antimalware
works in real time to detect and stop malware and/or viruses. Sometimes it works off of signatures from the specific malware, other times it just looks for malicious behavior and disables the app from there.
software firewall
Monitor the local computer and alert any unknown or unauthorized network communication. This can calso prevent malware communication such as the botnet phoning home or a malware attempting to download more files to your PC. Use Microsoft Defender at a minimum.
anti-phishing training
training given to users to prevent them from clicking on suspicious links. testing is often used throughout this process to see if the users have gotten better or still need more training. this is often in the form of sending out fake malicious emails to see if users will click on them.
OS reinstallation
the only way to guarantee that any malware has been removed from a system. restore from a backup is a fast way to go, as long as the backup is not also infected. The manual installation is a slower way to go about this process, you’ll have to back up important files before going this route. Imaging the system is the absolute fastest way to go when the users data files are on a network share, you can recover from a prebuilt image (PXE boot).
social enginnering
an attack that relies on communication. can involve one person or multiple people all trying to do the same malicious thing. messer
phishing
a social enginnering attack where the attacker tries to get you to click a link. it can be delivered through email, text, and other ways such as social media bots. always check the url to make sure it’s legit. read the message carefully too, there are often typos or weird fonts and graphics that give it away.
vishing
voice phishing done over the phone or voicemail. the attacker often spoofs the caller ID to make it seem like someone else is calling. they may try to get you to do stuff in order to steal your credentials.
shoulder surfing
a social engineering attack where someone steals information by looking at your screen. can be done in public areas such as airports, coffee shops, etc. they can also use binoculars to see your screen from afar. other times, webcams are used maliciously for this purpose finally, some malware is able to capture your screen and send recordings away remotely. be aware of your surroundings and consider installing a privacy screen protector to protect yourself from ____.
whaling
at the more generic level, this is known as spear fishing. it is a targeted attack against an individual with insider information. when you have a spear fishing attack against a CEO or CFO (chief financial officer) that is called ____ specifically. a social engineering attack
tailgating
social enginnering attack that uses an authorized person to gain unauthorized access to a secure building or location. Piggybacking also follows this same process, but the authorized person is giving consent. Access Control Vestibules / Airlocks are good to prevent this attack. also one scan one person. also ask who they are.
impersonation
a social engineering attack where you pretend to be someone you are not.
dumpster diving
a social engineering attack where you look through the garbage for top secret information. make sure you properly dispose of all your garbage! (shredders)
wireless evil twin
the wireless version of phishing. the wifi looks legit but it’s actually a fake designed to steal information. when the malicious wifi uses the same or similar SSID (server set identification, the wifi name) as the correct wifi, it’s easy to get them mixed up. Use HTTPS and a VPN to protect yourself from this attack.
DoS (Denial of Service)
a type of attack that can force a service to fail, cause a system to be unavailable. it doesn’t have to be an attack, sometimes you can self inflict a ___.
DDoS (Distributed Denial of Service)
a special type of DoS that uses an army of computers to bring down a service. these computers are often part of a botnet. ISP’s may be able to mitigate an attack like this.
a smurf attack is a type of ____.
Zero-day attack
a vulnerability that has been known by the software developers for ZERO DAYS before it is being used to attack computers in the wild. Its being used without the developers knowledge to attack. Check https://cve.mitre.org/ to see vulnerabilities. ex. log4J
spoofing
Faking being something/someone.
on-path attack
formerly known as man-in-the-middle, this attack redirects your traffic maliciously then passes it to your destination. ARP poisoning is when the attacker pretends to be your router and sends a spoofed ARP response to your computer. your computer will think the router’s mac address has changed and start using the fake router as a router. an ____ browser attack is when the middleman is on the saame computer as the victim. the malware acts as a proxy on your computer and reads all of your data.
brute-force attack
A way to randomly guess passwords by trying every password combination until you get the password correct.
dictionary attack
Use a dictionary to find common words in order to guess a password.
insider threat
someone inside your organization who knows lots of information and has the potential to use it for malicious activity.
structured query language (SQL) injection
Injecting your own code into an application. SQL is a database management system language. therefore it is possible to inject code into poorly written SQL databases to steal all of the information stored inside.
Cross-site scripting (XSS)
A type of injection attack where malicious scripts are injected in trusted websites and executed by the visitors browser. This can happen if a field, such as a username field, is not properly set up to protect against ___. If this is the case, a malicious entity could put a <script> tag into the field and have the website execute any javascript they put there.
non-compliant systems
Standard operating environments (SOE) is a set of teested and approved hardware/software systems. If your device isn’t up to SOE, then it’s ____.
unpatched systems
Systems that are out of date and may have security vulnerabilities that have not been patched yet. Microsoft Patch Tuesday is the second tuesday of every month at 10:00 AM PST. Update your system to prevent _____.
unprotected systems
any systems that disable necessary security measures for the sake of usability/compatibility with an app. Permanently disabling security isn’t the answer. Troubleshoot the application instead of leaving _____ for compatibility’s sake.
EOL (End of Life)
When your operating system goes out of date and is not longer receiving feature patches or security patches. The original developers of the software completely abandon it. this can leave you vulnerable to malware and viruses that use known vulnerabilities that will not be patched. EOSL = End of Service Life; is more extreme then ___.
Bring your own device (BYOD)
Allows users to use the devices that they already have and use, but they can still be secured through MDM. sometimes referred to as Bring Your Own Technology.
Data-at-rest encryption
also known as Full-disk encryption. makes data completely inaccessable without a password. keep backups to avoid losing access to data. this may be integrated into active directory.
Password best practices
password complexity: use various characters, 8 characters or longer, all passwords should expire 30-90 days.
Recovery process should be very formal to avoid social engineering attempts that would get around this.
Always change default usernames/passwords, add a BIOS/UEFI password to prevent BIOS changes, and always require passwords with no blank passwords and no automated logins.
end-user best practices
have a screensaver that locks your screen with a password after an amount of inactive time. Secure critical hardware such as laptops with locks. keep PII (personally identifiable information) and passwords secret and secure. Don’t write your social security number or password on a sticky note.
account management
user permissions mean that everyone isn’t an administrator. assign rights based on groups. allow login only during certain times, restrict after-hours activities. disabling unnecessary accounts (root account on linux should be disabled).
change default administrator’s user account/password
when you get a new device it comes with defaults. what are the most important things to change when receiving a device where you can log in? if you don’t change this, you have a high chance of being attacked and added to a botnet.
Disable AutoRun
_____ because it is used to automatically run applications/executables when a device such as a CD or USB is inserted into your computer. this poses a security risk, what if someone plugs a malicious usb into your computer? the older version of AutoPlay, removed in windows 7.
Disable AutoPlay
the newer version of AutoRun. you’ll still want to disable it in high security areas because you could accidentally run a malicious USB.
drilling
using a drill/hammer to destroy a hard drive so that the data on the hard drive becomes inaccessible forever. you will have to drill all the platters all the way through.
shredding
taking a hard drive and putting it into a shredder to rip it into tiny pieces so that the data on the hard drive becomes inaccessible forever.
degaussing
an electromagnetic way to destroy a hard drive or SSD so that the data on the hard drive becomes inaccessible forever. It does this by removing the magnetic field.
incinerating
using fire to destroy a storage device completely so that the data on the hard drive becomes inaccessible forever. this is the most complete way to destroy a hard drive.
erasing/wiping
has 2 parts: file level and whole disk/drive ___.
File level ____, zeros out a specific file, but keeps everything else in tact. Sdelete on windows can be used for this task.
Whole drive ____ removes all data on the drive so that you can use the drive again.
low-level formatting
provided at the factory, this level of formatting is not recommended for the user. (hopefully CompTIA doesn’t confuse this with standard formatting > regular format.)
standard formatting
____ has 2 parts: Quick format and Regular format.
Quick format sets up the file system, installs a boot sector, and clears the master file table but not the data. it’s like removing a map of the hard drive and since you don’t know where to go, you can’t access that information anymore. However, data can be recovered with special software.
Regular format overwrites every sector on the storage medium with zeros. this ensures that you cannot recover the data no matter what.
Third-party vendor
A _____ is often tasked with destroying hard drives. they will need to provide a certification of destruction to ensure that they truly did the job. these people usually have the tools such as degaussers and drills needed to get the job of destroying a storage device done.
certification of destruction/recycling
a certificate that ensures that a third-party vendor has fully and completely destroyed and made all data on a storage device inaccessible.
Note 
Flashcards (104)