Download IT ESSENTIALS V. 4.1 Module 9 Fundamental Security 9.1 Explain

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts

Deep packet inspection wikipedia , lookup

Information security wikipedia , lookup

Computer virus wikipedia , lookup

Distributed firewall wikipedia , lookup

Access control wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Data remanence wikipedia , lookup

Trusted Computing wikipedia , lookup

Hacker wikipedia , lookup

Malware wikipedia , lookup

Security-focused operating system wikipedia , lookup

Cyberattack wikipedia , lookup

Wireless security wikipedia , lookup

Unix security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Mobile security wikipedia , lookup

Social engineering (security) wikipedia , lookup

Computer security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
IT ESSENTIALS V. 4.1
Module 9
Fundamental Security
9.1 Explain why security is important
Who is affected by a lapse in security?
How can a network or computer be harmed?
What are the primary responsibilities of a technician
9.2 Describe Security Attacks
What is a physical threat?
What is data threat?
What is an internal threat?
What is a malicious threat?
What is an external threat?
What is an unstructured threat?
What is an structured threat?
9.2.1 Define viruses, worms and Trojans
What is a virus?
How are viruses transferred?
What is the most damaging type of virus?
What is a stealth virus?
What is a worm?
Why is a worm harmful?
What is a Trojan?
What is anti-virus software?
How can the technician keep the anti-virus software
up to date?
Why is web security important?
What is ActiveX?
What is Java?
What are examples of JavaScript?
9.2.3 Define adware, spyware and grayware
What is adware?
What is grayware?
What is phishing?
Everyone
Theft, loss, network intrusion, physical damage
Data and network security
Events or attacks that steal, damage or destroy
equipment
Events or attacks that remove, corrupt, deny access,
allow access or steal information
An employee
When an employee intends to do damage
Users outside an organization that do not have
authorized access to the network or resources
Attackers use available resources to give access and run
programs designed to vandalize
Attackers use code to access operating systems and
software
A program written with malicious intent and sent out by
attackers
Through email, file transfers and instant messaging
One used to record keystrokes
One the lays dormant until summoned by the attacker
Self-replicating program that duplicates its code to the
hosts on a network
It consumes bandwidth
A worm hidden in software that appears to do one thing
yet behind the scenes does another
Software designed specifically to detect, disable, and
remove viruses, worms, and Trojans before they infect a
computer
Apply most recent updates, patches, and virus definitions
as part of a regular maintenance schedule
Because so many people visit the World Wide Web
everyday
Technology created by Microsoft to control interactivity
on web pages
Programming language that allows applets to run within a
web browser
Rotating banner or a pop-up window
Software program that displays advertising on your
computer
A file or program other than a virus that is potentially
harmful
Social engineering where attackers try to persuade the
reader to unknowingly provide attackers with access to
What is spyware?
9.2.4 Explain Denial of Service
What is denial of service?
What are two common DoS attacks?
What is a zombie?
9.2.5 Describe spam and popup windows
What is spam?
What are common indicators of spam?
9.2.6 Explain social engineering
What is a social engineer?
How can you protect again social engineers?
9.2.7 Explain TXP/IP attacks
What is a SYN flood?
What is spoofing?
What is a man-in-the-middle attack?
What is DNS poisoning?
What is hardware destruction?
What are the three methods commonly used to
destroy or recycle data and hard drives?
What is data wiping?
How can you fully ensure that data cannot be
recovered from a hard drive?
How often should security plans be reviewed?
What questions should be covered in a basic security
policy?
Who is responsible for security
What are the recommended password guidelines?
What is the Trusted Platform Module (TPM)?
personal information
Monitors activity on the computer and sends this
information to the organization responsible for launching
the spyware
A form of attack that prevents users from accessing
normal services because the system is busy responding to
abnormally large amounts of requests
Ping of death; email bomb
An infected computer located at difference geographical
locations used to launch denial of service attacks
Junk mail, unsolicited email
No subject line, incomplete return address, return email
not sent by user, computer generated email
A person who is able to gain access by tricking people
into providing the necessary information
Never give out your password
Always ask for ID
Restrict access of unexpected visitors
Escort all visitors
Lock your computer when you leave your desk
Do not let anyone follow you through a door that
requires an access card
Randomly opens TCP ports, typing up network equipment
with large amount of false requests, causing sessions to
be denied to others
Gains access to resources on devices by pretending to be
a trusted computer
Intercepts or inserts false information in traffic between
two hosts
Changes DNS records on a system to point to false servers
where data is recorded
The process of removing sensitive data from hardware
and software before recycling or discarding
Data wiping, hard drive destruction, and hard drive
recycling
Secure erase; a procedure to permanently delete data
from a hard drive
Shatter the platters with a hammer and safely dispose of
the pieces
Yearly
1. What assets require protection
2. What are the possible threats
3. What do we do in the event of a security breach
everyone
Minimum length
Includes uppercase and lowercase letters combined with
numbers and symbols
A specialized chip installed on the motherboard of a
How can you protect the access to your facility?
What are the two levels of password protection that
are recommended?
What password will prevent the operating system
from booting?
What is a lockout rule?
What is a VPN connection?
How does a VPN protect data?
What is traffic?
What is a software firewall?
Where should backups be stored?
What is a smart card?
What is biometric security?
What is a profile?
Which file system offers journaling and encryption
capabilities?
What utility do you run to convert from Fat32 to
NTFS?
What are the basic security settings that should be
configured on a wireless router or access point?
What is the SSID (service set identifier)?
What is the first generation security for wireless?
Which wireless encryption supports robust encryption
provides government grade security?
Which wireless security protocol was created by
Cisco?
What do virus, spyware, and adware detection
programs look for?
What are the code patterns called?
computer to be used for hardware and software
authentication
Card keys, biometric sensors, posted security guard,
sensors (RFID) to monitor equipment
BIOS, login
BIOS
When unsuccessful attempts have been made to access
the system; user can no longer access the system
Allows remote users to safely access resources as if their
computer is physically attached to the local network
encryption
Data being transported on a network
A program that runs on a computer to allow or deny
traffic between the computer and network to which it is
connected
Approved offsite storage location
A small plastic card with a small chip embedded in it
Compares physical characteristics against stored profiles
to authenticate people
A data file containing known characteristics of an
individual
NTFS
Convert
SSID; MAC address filtering
The name of the wireless network
WEP (Wired Equivalent Privacy)
WPA2
LEAP (Lightweight Extensible Authentication Protocol)
Patterns in programming code
Signatures
Related documents
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
Basic Marketing, 16e
Basic Marketing, 16e
chapter 5 – basic security
chapter 5 – basic security
Systems Security
Systems Security
brehlik , kapás , váczi - ITIS Cannizzaro Colleferro
brehlik , kapás , váczi - ITIS Cannizzaro Colleferro
NITC yearly Work Plan FY2065/66
NITC yearly Work Plan FY2065/66
SE 4C03 Winter 2004
SE 4C03 Winter 2004
Cool SCIENCE! - University of California, Irvine
Cool SCIENCE! - University of California, Irvine
Name______________________________________Hour 1-2 3
Name______________________________________Hour 1-2 3
A. Explain the nature of marketing plans. B. Explain the role
A. Explain the nature of marketing plans. B. Explain the role
vet_virology_symposium
vet_virology_symposium
01 Computer security overview
01 Computer security overview
Spyware: Who is Spying
Spyware: Who is Spying
Computer Security: Principles and Practice, 1/e
Computer Security: Principles and Practice, 1/e
Security - UTRGV Faculty Web
Security - UTRGV Faculty Web
Introduction - GMU Computer Science
Introduction - GMU Computer Science
Adware Report
Adware Report