* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download IT ESSENTIALS V. 4.1 Module 9 Fundamental Security 9.1 Explain
Deep packet inspection wikipedia , lookup
Information security wikipedia , lookup
Computer virus wikipedia , lookup
Distributed firewall wikipedia , lookup
Access control wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Data remanence wikipedia , lookup
Trusted Computing wikipedia , lookup
Security-focused operating system wikipedia , lookup
Cyberattack wikipedia , lookup
Wireless security wikipedia , lookup
Unix security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Mobile security wikipedia , lookup
Social engineering (security) wikipedia , lookup
Computer security wikipedia , lookup
IT ESSENTIALS V. 4.1 Module 9 Fundamental Security 9.1 Explain why security is important Who is affected by a lapse in security? How can a network or computer be harmed? What are the primary responsibilities of a technician 9.2 Describe Security Attacks What is a physical threat? What is data threat? What is an internal threat? What is a malicious threat? What is an external threat? What is an unstructured threat? What is an structured threat? 9.2.1 Define viruses, worms and Trojans What is a virus? How are viruses transferred? What is the most damaging type of virus? What is a stealth virus? What is a worm? Why is a worm harmful? What is a Trojan? What is anti-virus software? How can the technician keep the anti-virus software up to date? Why is web security important? What is ActiveX? What is Java? What are examples of JavaScript? 9.2.3 Define adware, spyware and grayware What is adware? What is grayware? What is phishing? Everyone Theft, loss, network intrusion, physical damage Data and network security Events or attacks that steal, damage or destroy equipment Events or attacks that remove, corrupt, deny access, allow access or steal information An employee When an employee intends to do damage Users outside an organization that do not have authorized access to the network or resources Attackers use available resources to give access and run programs designed to vandalize Attackers use code to access operating systems and software A program written with malicious intent and sent out by attackers Through email, file transfers and instant messaging One used to record keystrokes One the lays dormant until summoned by the attacker Self-replicating program that duplicates its code to the hosts on a network It consumes bandwidth A worm hidden in software that appears to do one thing yet behind the scenes does another Software designed specifically to detect, disable, and remove viruses, worms, and Trojans before they infect a computer Apply most recent updates, patches, and virus definitions as part of a regular maintenance schedule Because so many people visit the World Wide Web everyday Technology created by Microsoft to control interactivity on web pages Programming language that allows applets to run within a web browser Rotating banner or a pop-up window Software program that displays advertising on your computer A file or program other than a virus that is potentially harmful Social engineering where attackers try to persuade the reader to unknowingly provide attackers with access to What is spyware? 9.2.4 Explain Denial of Service What is denial of service? What are two common DoS attacks? What is a zombie? 9.2.5 Describe spam and popup windows What is spam? What are common indicators of spam? 9.2.6 Explain social engineering What is a social engineer? How can you protect again social engineers? 9.2.7 Explain TXP/IP attacks What is a SYN flood? What is spoofing? What is a man-in-the-middle attack? What is DNS poisoning? What is hardware destruction? What are the three methods commonly used to destroy or recycle data and hard drives? What is data wiping? How can you fully ensure that data cannot be recovered from a hard drive? How often should security plans be reviewed? What questions should be covered in a basic security policy? Who is responsible for security What are the recommended password guidelines? What is the Trusted Platform Module (TPM)? personal information Monitors activity on the computer and sends this information to the organization responsible for launching the spyware A form of attack that prevents users from accessing normal services because the system is busy responding to abnormally large amounts of requests Ping of death; email bomb An infected computer located at difference geographical locations used to launch denial of service attacks Junk mail, unsolicited email No subject line, incomplete return address, return email not sent by user, computer generated email A person who is able to gain access by tricking people into providing the necessary information Never give out your password Always ask for ID Restrict access of unexpected visitors Escort all visitors Lock your computer when you leave your desk Do not let anyone follow you through a door that requires an access card Randomly opens TCP ports, typing up network equipment with large amount of false requests, causing sessions to be denied to others Gains access to resources on devices by pretending to be a trusted computer Intercepts or inserts false information in traffic between two hosts Changes DNS records on a system to point to false servers where data is recorded The process of removing sensitive data from hardware and software before recycling or discarding Data wiping, hard drive destruction, and hard drive recycling Secure erase; a procedure to permanently delete data from a hard drive Shatter the platters with a hammer and safely dispose of the pieces Yearly 1. What assets require protection 2. What are the possible threats 3. What do we do in the event of a security breach everyone Minimum length Includes uppercase and lowercase letters combined with numbers and symbols A specialized chip installed on the motherboard of a How can you protect the access to your facility? What are the two levels of password protection that are recommended? What password will prevent the operating system from booting? What is a lockout rule? What is a VPN connection? How does a VPN protect data? What is traffic? What is a software firewall? Where should backups be stored? What is a smart card? What is biometric security? What is a profile? Which file system offers journaling and encryption capabilities? What utility do you run to convert from Fat32 to NTFS? What are the basic security settings that should be configured on a wireless router or access point? What is the SSID (service set identifier)? What is the first generation security for wireless? Which wireless encryption supports robust encryption provides government grade security? Which wireless security protocol was created by Cisco? What do virus, spyware, and adware detection programs look for? What are the code patterns called? computer to be used for hardware and software authentication Card keys, biometric sensors, posted security guard, sensors (RFID) to monitor equipment BIOS, login BIOS When unsuccessful attempts have been made to access the system; user can no longer access the system Allows remote users to safely access resources as if their computer is physically attached to the local network encryption Data being transported on a network A program that runs on a computer to allow or deny traffic between the computer and network to which it is connected Approved offsite storage location A small plastic card with a small chip embedded in it Compares physical characteristics against stored profiles to authenticate people A data file containing known characteristics of an individual NTFS Convert SSID; MAC address filtering The name of the wireless network WEP (Wired Equivalent Privacy) WPA2 LEAP (Lightweight Extensible Authentication Protocol) Patterns in programming code Signatures