Question | Answer |
Authentication | The process of identifying an individual, usually based on a username and password. |
Backdoor | Also called a trapdoor. An undocumented way of gaining access to a program, online service or an entire computer system. |
Digital certificate | An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. |
Encryption | The translation of data into a secret code |
Public Key Infrastructure (PKI) | a system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction. |
Public Key Encryption | A cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. |
Rootkit | a type of malicious software that is activated each time your system boots up. |
Social Engineering | In the realm of computers, the act of obtaining or attempting to obtain otherwise secure data by conning an individual into revealing secure information. |
Zero-fill Utility | To place leading zeros in the portion of a field to the left of a numeric value. |
Security Policies | •External and internal policies are typically applied •Policies are developed, enacted, observed and maintained •Driven by various standards/laws: HIPPA, FERPA, ISO 17799 & 27002, NIST, etc. |
Security policies Two goals | protect assets and allows access (often a balance due to the inherent conflict) |
Access Control | oPerformed by a combination of authentication and authorization oApplied at multiple levels oRequires the use of strong credentials and good resource-access design |
Which Access Control method requires a user to prove their identity? | Authentication |
Where are power-on passwords assigned? | Assigned in Bios setup and kept in CMOS Ram |
Authentication Technologies | oUsed in larger network environments oUsername/password, PIN, Biometrics, Smart card, or combination |
Vista’s default authentication protocol is: | Kerberos |
Administrator Account | oDefault use of was the downfall of Windows Operating Systems through XP oVista brought significant change in philosophy oUse of the administrator account should be limited to administrative duties |
Standard Account | oAccount type recommended for day-to-day use |
File/Folder Protection | oMultiple methods of securing files and folders oSharing, visible/hidden, encrypted, password protection |
What location on a Vista PC is intended as the location for folders and files that all uses share? | c:users\public |
Equipment | oPhysical protection levels should match data value levels oHardware and software techniques |
Encryption (NTFS) | oMethod to protect information by forcing translation oVarious methods available depending on OS version oVarious techniques applied at different levels oEncrypted files may be shared, encrypted folders may not |
How are encrypted files displayed in Windows Explorer? | Displayed in Green |
The quickest way to lock a Windows workstation is: | Windows Key and L |
Infection occurs | when malware has penetrated the defenses |
Malware is often categorized by | intent, action, spreading techniques |
Virus | various types, replicates, often needs a host file |
Adware | often not malicious but annoying, comes with free programs |
Spyware | various types, collect data to report, benign to severely malicious |
Worm | similar to a virus, replicates, does not require a host file |
Browser Hijacker | alters browser settings |
Spam | unwanted/junk email, often the result of distant malware on another’s PC |
Virus Hoax | often “nice” email or false virus information |
Phishing | act of Social Engineering, baiting a user to give out personal information |
Logic Bomb | time or action dependent routine that runs to perform malicious act |
Trojan | malware masquerading as legitimate program |
Rootkit | old UNIX term, now used to describe malware with advanced hiding ability |
Identify the best way to protect against a worm: | Firewall |
The most common viruses spread by email are: | Macro viruses |
How does (using) Firefox enhance security on a Windows PC? | Its an alternate client sorfware |
Social Engineering | oPractice of manipulating people with malicious intent oIncludes phishing, email scams, virus hoaxes and others oMay involve script use taking advantage of normally hidden filename extensions |
Routine Security Maintenance | •Effective password policy •OS and security/antimalware software: enabled, updated, routinely run •Monitor events (Event Viewer) •Monitor fault tolerance activities, test the recovery plan •Schedule and perform system maintenance |
What is the best way to erase everything on a hard drive? | use hard drive manufactuer zero-fill utility |