Lesson 7

The flashcards below were created by user slmckissack on FreezingBlue Flashcards.

  1. NOTE: A secure network administrator's job involves dual responsibilities: We must do everything we can to prevent security incidents from happening, and we must be ready to respond when incidents do inevitable happen.
  2. Identifies threats and vulnerabilities so you can respond appropriately.
    Threat Awareness Program
  3. What is the best thing you can do to increase your threat awareness?
    To check websites for networking security professionals regularly and stay informed of the latest reported threats. (You'll find links to a couple of these sites in the Supplementary Material for this lesson.) Your best defense is knowledge.
  4. a malicious piece of code that sneaks onto your computer without you knowing.
  5. NOTE: Knowledge is the your most powerful weapon in the fight against virus attacks. Perhaps the best information available on any new viruses is on the anti-virus software vendor's websites. You'll find links to a couple of these in the Supplementary Material.
  6. Is the term we use to describe tactics to deceive and exploit not only the user, but also the security policies of most networks.
    Social Engineering

    Social engineers attack the cognitive biases or poor judgment of users to gain access to sensitive information.
  7. What are the five most common forms of Social Engineering Attacks?
    • -Phishing
    • -Phone or voice phishing
    • -Pretexting
    • -Baiting
    • -Quid Pro Quo
  8. Is an attempt to get private information, such as usernames, passwords, credit card numbers, phone numbers, and the like, through what appears to the user to be trustworthy source, such as a website or email. A user might receive and email or instant message requesting private information for a seemingly legitimate reason. The request may contain a link to a spoofed website that looks like a bank or credit card company website, but it's actually a ploy to gather private information.
  9. This type of scam uses an automated interactive voice response (IVR) system to prompt a victim to enter a password, social security number, or credit card number multiple times before ending the call abruptly.
    Phone or voice phishing
  10. This type of attack creates a fictitious pretext that attracts the interest of the targeted victim. The goal is for the story to be so compelling that the victim will provide information or perform some act that he or she would not normally do.

    Pretexting is a common attack method on individuals and businesses
  11. In this attack, an attacker leaves a malware-infected removable media device, such as a CD-ROM or USB flash drive, where someone is sure to find it. It usually has a legitimate-looking and curiosity-invoking label. When the curious victim the device on her computer, the malware activates, giving the attacker access to that computer and possibly a network.
  12. (something for something) An attacker calls a series of telephone numbers within an organization claiming to be a customer service to technical support representative who is returning a call for the hardware or software brands the organization uses. Eventually, the attacker will find someone who really does need help, and in the spirit of fixing a problem, the victim will provide the attacker with login credentials and perhaps other information.
    Quid Pro Quo
  13. NOTE: Your only defense against phishing and other social engineering schemes is user training, security awareness, and the tightening of firewall and router defenses.
  14. takes quick advantage of vulnerability virtually as soon as the vulnerability exists. Its name comes from the fact that there are typically zero days between the vulnerability's appearance and the first attack.
    Zero-Day Exploit

    Sometimes, when a user detects a security flaw in a software program, he or she will notify the software company (and maybe the whole world), trying to do everyone a favor by letting them know about it. At this point, the race is on: Attackers begin developing exploits to take advantage of the vulnerability, and the software company begins developing the patch or fix. The worst-case scenario is when an attacker discovers the vulnerability and launches an attack before a fix is available.
  15. What are the procedures you can implement to help ensure your security system is able to detect zero-day exploit attacks?
    • -Implement VLANS and IPsec to proctect the contents of transmitted packets
    • -Install a stateful firewall or intrusion detection system (IDS)
    • -Strengthen or install network access control (NAC) to prevent intruders from gaining access to the network media.
  16. We talked about how important it is to raise user awareness of security policies and procedures. But that's not all we need to educate users about: We also need to show them how their daily actions may create vulnerabilities, which can turn into threats, on the network. Even the most aware users can create threats to your network simply by performing their usual routine of accessing the network and the Internet. We can address users' "bad habits" and encourage them to create better ones in the organization's __________________ and __________________________________?
    Password Policy and Acceptable Use Policy
  17. NOTE: Managing passwords is one of the most important tasks for anyone associated with a network, including users. Allowing users to create weak passwords and not making them change their passwords frequently are invitations for security threats. On the other hand, if the password policy requires passwords that are so complex that users have no choice but to write them down and put them in a desk drawer, then the password policy is going too far.
  18. should require passwords to contain uppercase and lowercase alphabetic letters, a number or two, and maybe a special character that is changed four or more times a year.
    A Strong Password Policy

    This should allow users to choose a password that's a common word or name they can remember. At the same time, including numbers and special characters will make passwords difficult for outsiders to guess.
  19. is a statement of the rules that users of a network, website, intranet, or extranet must follow to access its resources.
    Acceptable Use Policy
  20. Malicious Software

    Malware can come from seemingly innocent Internet use, like visiting shopping and entertainment sites. To ensure the security of your network, you need to develop and implement an AUP. Remember, though, that its not enough just to have the policy-you also need to make sure users are aware of what it contains and that they receive periodic training on it.
  21. What are some common types of malware?
    • -viruses
    • -trojans
    • -keyloggers
  22. What are four important categories should a good AUP cover?
    • -Email
    • -Personally owned devices
    • -Social Networking
    • -Peer-to-peer networking
  23. NOTE: In many ways, email has made doing business far easier and more efficient. Unfortunately, it can also be the bearer of malware, and it can hurt productivity if employees are using it for non-business purposes. In addition, any message sent by email has an uncertain audience. Sure, the message originally had only one addressee, but you can never be sure to whom the addressee may have forwarded it. What may seem like innocent fun to one recipient may be offensive to another, in which case you should inform management so that they can institute any necessary preventive measures to avoid possible litigation.
  24. In order to make their employees more productive, many organizations are allowing employees with these, such as smartphones and tablet, notebook, or netbook computers; to access corporate email and other resources.
    Personally Owned Devices

    While this may be a boon to corporate managers, IT departments and especially the secure network administrators see the threat of allowing this access.
  25. What are 6 ground rules that should be enforces before an organization allows Personally Owned Devices?
    • 1. Establish which mobile devices are accessing the network.
    • 2. Determine which back-office systems mobile users wish to access.
    • 3. Set user types and group policies.
    • 4. Filter access to the network.
    • 5. Add password and encryption policies for mobile devices.
    • 6. Separate personal data from business data.
  26. This information is likely on the logs of Exchange Server or similar email systems as well as the logs of a Microsoft Internet Security and Acceleration (ISA) Server or a similar service.
    Establish which mobile devices are accessing the network.
  27. To find this out, you'll most likely need to survey those departments and employees who will be accessing the network from a mobile device. Not ever user should automatically have access to everything they can access from their desktop.
    Determine which back-office systems mobile users wish to access.
  28. Create one or more group of mobile users based on the applications they wish to access. You may even want to assign different usernames and passwords to differentiate desktop use from mobile access.
    Set user types and group policies
  29. is software that collects data and analyzes it to provide information so you can evaluate the mobile devices connecting to the network.
  30. Access to the network by mobile devices should pass through a filtering or monitoring device. You should secure the network for mobile devices to avoid endangering network resources.
    Filter access on the network.
  31. The bare minimum to consider for securing personally owned devices is password enforcement and on-device data encryption. You'll want to set up an inventory system that tracks which devices are connected to the network at any given time. It's also critical to include the ability to wipe lost devices remotely.
    Add Password and encryption policies for mobile devices.
  32. which involves storing business data, including email and applications, in a distinct area of the device with encryption and password protection on only that data.
    sandbox approach
  33. adopt a sandbox approach.
    Separate personal data from business data.
  34. NOTE: Personally-owned mobile devices are becoming a part of how we work, but they can also introduce security risks. To ensure that you protect your network against this risk, enforce a secured connectivity policy using encrypted access that enables user to perform only their job functions.
  35. NOTE: As harmless as they may seem, online social networks such as facebook, Twitter, LinkedIn, MySpace, Hi5, Xing, and Tout can create security risks to the organization and your network. Consider that whatever social networking sites you or your network users access regularly have probably passed through every firewall on the planet. They may not be very threatening, but the question is: What else came through the firewall with it?
  36. have become tools that hackers can use to gain access into a network using a sort of piggybacking approach. Or an attacker can set up a fictitious account and begin to connect with other users, claiming to be a colleague, friend, or relative. From there, the attacker can begin phishing for information from all of his or her new "friends."
    Social Networking sites
  37. NOTE: So, what can you do to eliminate this possible vulnerability? One of the first resolutions for these threats goes back to personally owned devices we just talked about. The popularity of smartphones and mobile computing devices has spawned literally thousands of mobile applications (apps), most of which are free to download. In early 2011, Google removed more than 60 apps from the Android marketplace because they were Trojans containing malware to capture private information and transmit it to an attacker. Its important to educate users about the threats apps can present, and remind them to be vigilant.
  38. NOTE: Social engineering also presents a growing threat in that people seem to be willing to share more information on social networking sites than they should. Maybe a user's new "friend" claims he can help with a problem if only she sends her passwords to him. Hackers can also post links or shortcut URLs to attract users to a malicious website. It only takes one click to pick up malware.
  39. NOTE: The primary defense you have against social media sites is a strong social media policy that every employee--and I mean every employee--knows and understands completely. This policy must specify how social media is a threat and what employees can do to reduce the organization's and the network's risk.
  40. refers to peer-to-peer file sharing over the Internet more than it does to its past meaning. Its file sharing systems are now the single most popular class of Internet application.
    Peer-to-Peer (P2P)

    To "beat the system" P2P networks operate outside of a web browser in their own clients. They use search and data transfer protocols on layers above the OSI model's Networking layer, most commonly on the Application layer. The more popular P2P applications are eDonkey, BitTorrent, and Gnutella.
  41. NOTE: The threat of P2P is that almost anything can be "wrapped" in a compressed file format and offered up under an enticing yet fictitious name for download. After the download and decompression, whatever is in the bundle is free to roam, infect, destroy, and exploit its new host computer or the host's network. Once again, the primary preventive measures are users awareness training and security policies that address this specific area. You should also consider blocking these applications at the firewall.
  42. NOTE: Outside of the password and acceptable use policies, there are a few other security risks we need to inform users about: data handling, tailgating and piggybacking.
  43. Users are sometimes careless with sensitive and private information. Every employee handles or has information that other employees shouldn't know or share. This sensitive information may just be an opinion best kept to oneself, such as an opinion about another employee. If employee A sends her opinion about employee B to employee C by email, it could eventually get back to employee B on a forwarded email chain.
    Data Handling

    Users should know that if you want to keep something private, don't put it on the network in a public forum. This practice is appropriate for sensitive corporate data as well. Inform network users of the information security policies, and enforce these policies for the handling of sensitive and confidential information.
  44. One weakness with a physical access control system, such as a door that opens with a proximity or smart card, is that the system generally has no way to ensure that only one person enters at a time. While the system does control which cards will open the door, it has no way of knowing if two people enter or exit, a practice known as _________________ or _________________
    Tailgating or piggybacking
  45. An unintentional way of entering a restricted area by entering right after someone else.
  46. Is an intentional act on the part of the authorized employee. An intruder can wait outside the door until another person opens it and then tailgate into the secured space along with the authorized employee. Or when an authorized employee purposely opens a secure door for an intruder.
  47. What are the ways to block tailgating and piggybacking?
    First, recognize that these are vulnerabilities in your security system. Second, educate your employees on how they should be vigilant in preventing their occurrence. There are also anti-tailgating devices you can install, such as optical turnstiles, security revolving doors, and specially made anti-tailgating doorway devices.
  48. Requires employees to leave their desk or workspace free of documents and work in progress. In addition, employees must lock or shut down their desktop computers any time they leave their workspace or office, even if just for a short while. In order to gain compliance with information security regulations such as ISO 27001 and the data Protection Act, more organizations are implementing CDPs.
    Clean Desk Policies (CDP)
  49. The first priority for any business is essentially to continue operating. From an IT standpoint, this means we must take every precaution and have the systems and plans in place that will allow the business to continue to function in any even. This doesn't just mean we need plans to respond to disasters...__________________ includes the activities that allow a business to function normally every day.
    Business Continuity
  50. What are the 6 areas any business continuity program must address?
    • -Business impact analysis
    • -Single points of failure
    • -Business continuity planning
    • -Disaster Recovery
    • -IT contingency planning
    • -Succession planning
  51. Identifies all the business functions in an organization and assigns a level of operating importance to each. it also identifies the impact on business continuity and on other business functions if a particular function should fail. It also sets objectives for the recovery of the function and a target for the time it should take to recover.
    Business Impact Analysis (BIA)

    For example: consider what the loss of the IT function could mean to the continuity of your company and how it would affect the other functions of the company. This should give you an idea of the importance of conducting a BIA for any business.
  52. is any part of a system or entity that, should it fail, would cause everything else to fail (or at least quit functioning) as well.
    Single point of failure (SPOF)
  53. NOTE: In the context of networking and the Security+ exam, a server or router could be an SPOF. However, failure can mean many things. A system that runs too slowly to facilitate order processing could be an SPOF that affects the customer services and online order processing functions. A network switch that could fail and take down a series of VLANs with it is definitely an SPOF. The electrical system in a data center is most assuredly an SPOF. Essentially, every function in a business that involves serial systems or a bottleneck is an SPOF.
  54. NOTE: For the most part, continuity in spite of an SPOF means redundancy, in the form of fail-over, hot-swap, replication, or other high-availability systems. A very robust system is one that has redundancy in place to address every identified SPOF.
  55. Identifies the internal and external threats to a business and the preventive and recovery assets and resources to continue the operations of the business.
    Business Continuity Planning
  56. provides a game plan for how the business will react to any operational failures or disruptions, inside the company or from external forces. This should address the loss of key individuals, required systems, essential equipment, and external events like extreme weather, epidemic illnesses, and perhaps just the loss of electricity.
    Business Continuity Plan (BCP)

    While a BCP is generally a whole-business plan, each essential operating department should have a current BCP of its own.
  57. NOTE: Just developing a BCP is not enough. Regular testing of the recovery plans in the BCP ensures that the conditions it addresses are still consistent with the actions recommended in the plan. If necessary, update the BCP to address any discrepancy that the testing reveals. If the BCP you test is only a department plan, you need to coordinate with other departments to determine the impact on their BCPs.
  58. NOTE: There are two general categories of disasters: Natural and Man-made. Natural disasters include floods, tornadoes, hurricanes, earthquakes, and tsunamis, among other forms of extreme weather. A natural disaster is not something you can prevent, so your best action is to minimize the damages or losses.
  59. A man-made disaster isn't necessarily something intentional, but it can be. Hazardus material spills and infrastructure failures may be incidental to a larger or isolated disaster, or they may occur on their own. Of course, terrorism can create disasters that take many forms.
  60. should include plans for resuming services. In the IT space, this means there should be plans to get applications, data, hardware, communications, and the entire IT infrastructure back online as soon as possible. In the plan, each of the required tasks to accomplish the recovery should list the person or people responsible for accomplishing it.
    Disaster Recovery Plan (DRP)
  61. NOTE: A DRP is especially important for an IT department located remotely from its user base. In these cases, users might not be affected directly by the disaster, but they depend on the availability of their IT resources to conduct business. Getting the remote infrastructure back up and running as quickly as possible is crucial to business continuity.
  62. What are the three activity levels every DRP should provide continuity for in different scenarios?
    • 1. Corrective measures
    • 2. Detective Measures
    • 3. Preventive Measures
  63. These measures seek to correct or restore a system after a disaster or event.
    Corrective Measures
  64. These measures are essentially the activities that seek to discover and mitigate events that have happened or threaten to happen.
    Detective Measures
  65. Should an event be threatening, these measures should attempt to prevent the event from occurring or to minimize any impact it may have on continuity.
    Preventive Measures
  66. includes the activities that recover and sustain IT services in the event of an emergency.
    IT Contingency planning

    Contingency planning for the IT function of an organization may overlap or be contained within a DRP.
  67. identifies the employees who will assume key positions in the organization if key leaders are unable to fulfill their duties for some reason.
    Succession Planning

    Succession planning requires that the replacement employees receive appropriate training and have knowledge and understanding of the areas over which they will assume control. Essentially, succession planning means that every key position in an organization, including the security administrator, has a trained replacement ready to step in and function effectively.
  68. NOTE: Business continuity and its components assure that an organization should be able to withstand or recover from a disruptive event and continue to operate and provide services. While we focused on the broad perspective of the entire organization, each operating department--especially IT and network security--should have its own business continuity plan.
  69. Aren't disaster planning, contingency planning, and succession planning all pretty much the same?
    Although they appear to be similar, each addresses a different action or activity in the event of a disaster or catastrophic event. A disaster plan typically applies to the entire organization and covers how the organization will re-establish its operations. An IT contingency plan addresses how the IT function will bring mission-critical systems back online. A succession plan addresses who will step in and take responsibility for which portions of the recovery plan if key personnel are not available.
  70. What is the name of the well-defined plan that details the processes we would use to recover the IT infrastructure after it was destroyed by a hurricane?
    A. Disaster Recovery Plan (DRP)
    B. Business Impact Analysis (BIA)
    C. Business Interruption plan
    D. Succession Plan
    A. Disaster Recovery Plan (DPR)
    (this multiple choice question has been scrambled)
  71. What Policy should all network users fully understand and abide by to prevent viruses and malware from getting onto the network?
    A. Acceptable use policy (AUP)
    B. Clean Desk Policy (CDP)
    C. Password Policy
    D. Social networking
    A. Acceptable Use Policy (AUP)
    (this multiple choice question has been scrambled)
  72. What term describes the inadvertent admission of an intruder through a locked door that an authorized key holder has opened?
    A. Sandbox approach
    B. Piggybacking
    C. Tailgating
    D. Social Engineering
    C. Tailgating
    (this multiple choice question has been scrambled)
  73. What term describes the act of enticing users to provide private or confidential information via email or a website?
    A. Piggybacking
    B. Phishing
    C. Shoulder surfing
    D. Tailgating
    B. Phishing
    (this multiple choice question has been scrambled)
  74. What term describes a system, function, or department that may fail and cause other systems, functions, or departments to fail?
    A. Quid Pro Quo
    B. Pretexting
    C. Peer-to-peer networking (P2P)
    D. Single point of failure (SPOF)
    D. Single point of failure (SPOF)
    (this multiple choice question has been scrambled)
Card Set:
Lesson 7
2015-01-29 15:36:31
Lesson 7
lesson 7
Show Answers: