CNET 1105 - Chapter 3

Questions and Answers

What is the recommended way to protect yourself from compromised IoT devices?

Have IoT devices using an isolated network

What is the primary function of a firewall?

To prevent hackers from accessing personal or company data

What is the recommended practice to avoid security issues with Bluetooth?

Turn Bluetooth off when not in use

What is the primary function of a VPN service?

To provide secure access to the internet with an encrypted connection

What is the benefit of using a password manager?

You only need to remember your master password to access the password manager

What is the result of not using strong and unique passwords?

You and your data will be vulnerable to cyber criminals

What is an advantage of storing backup data locally?

You have total control of the data

What is a benefit of storing a backup at an alternate location?

It is safer in the event of fire, theft, or other catastrophes

What is the primary purpose of two-factor authentication?

To add an additional layer of security to the traditional username and password combination

What is a benefit of using two-factor authentication?

It makes it more difficult for attackers to gain unauthorized access using stolen credentials

What is the purpose of security questions on online accounts?

To provide an additional layer of security to prevent intruders

What can be archived on mail servers even after deleting email messages?

The email message itself

What is the primary benefit of enabling private browsing mode on a web browser?

It keeps your internet browsing history private

What is a way companies can still track user behavior despite private browsing mode?

Through router information

What is ultimately your responsibility when using the internet and email?

To safeguard your data, identity, and computing devices

Study Notes

Protecting Computing Devices from Intrusion

• Keeping the firewall on is crucial to prevent hackers from accessing personal or company data, and it should be updated regularly.
• Firewalls can be software-based (e.g., Windows) or hardware-based (e.g., router), and guides are available to turn on the firewall for Windows and Mac OS X devices.

Antivirus and Antispyware

• Malicious software (viruses, Trojan horses, worms, ransomware, spyware) can install on computing devices without permission, gaining access to computers and data.
• Viruses can destroy data, slow down computers, or take over computers, allowing spammers to broadcast emails using the user's account.
• Spyware can monitor online activities, collect personal information, or produce unwanted pop-up ads.
• Downloading software from trusted websites can prevent getting spyware.
• Antivirus software scans computers and incoming email for viruses and deletes them, and sometimes includes antispyware.
• Keeping software up to date is essential to protect against new malicious software.

Managing Operating System and Browser

• Hackers exploit vulnerabilities in operating systems and web browsers, so security settings should be set at medium or higher.
• Regularly updating operating systems, web browsers, and downloading the latest software patches and security updates from vendors can protect computers and data.

Protecting All Devices

• All computing devices (PCs, laptops, tablets, smartphones) should have password protection to prevent unauthorized access.
• Stored information should be encrypted, especially for sensitive or confidential data.
• Mobile devices should only store necessary information, and data should be encrypted to prevent access in case of theft or loss.
• IoT devices pose a greater risk due to infrequent software updates, and vulnerabilities can be exploited if not updated.
• IoT devices should use an isolated network, sharing it only with other IoT devices, to protect against compromise and access to local networks and data.

Wireless Network Security

• Wireless networks allow devices to connect using the Service Set Identifier (SSID)
• Default SSID and password should be changed to prevent intruders
• Hackers are aware of default access information
• SSID can be configured to not broadcast, but this is not adequate security

Encryption and WPA2

• Wireless communication should be encrypted using WPA2 encryption
• WPA2 encryption can still be vulnerable, as shown by the 2017 discovery of a security flaw
• The flaw allows intruders to break encryption and access network traffic
• This vulnerability can be exploited using Key Reinstallation Attacks (KRACK)

Mitigating KRACK

• Update all affected products (wireless routers, devices) with security updates as soon as possible
• Use a wired connection to mitigate the vulnerability
• Use a trusted VPN service to prevent unauthorized access to data

Public Wi-Fi Networks

• Public Wi-Fi hotspots allow access to online information, but sensitive personal information should not be accessed or sent
• Verify computer configuration for file and media sharing and user authentication with encryption
• Use encrypted VPN tunnels and services to prevent eavesdropping

VPN Services

• VPN services provide secure access to the Internet with an encrypted connection
• Encrypted VPN tunnels prevent data transmission interception

Bluetooth Security

• Bluetooth allows devices to connect and share information, but can be exploited by hackers
• Turn off Bluetooth when not in use to avoid eavesdropping, remote access, malware, and battery drain

Password Security

• Using the same password for all online accounts makes you vulnerable to cyber attacks, as criminals can access all your accounts if they obtain your password.
• Reusing passwords is like using the same key for all locked doors, allowing attackers to access all your data if they obtain the key.
• Cyber criminals can obtain passwords through phishing and use them to access other online accounts.
• Using weak passwords or reusing passwords can lead to data theft, erasure, or impersonation.

Password Management

• A password manager can help avoid reusing passwords or using weak passwords by storing and encrypting all passwords.
• A password manager can automatically log into online accounts with the stored passwords.
• You only need to remember one master password to access the password manager and manage all accounts.

Choosing a Good Password

• Avoid using dictionary words or names in any language.
• Do not use common misspellings of dictionary words.
• Avoid using computer names or account names.
• Use special characters, such as !@ # $ % ^ & * ( ), if possible.
• Use a password with ten or more characters for added security.

Importance of Encryption

• Encryption is essential to protect personal data, even if you think you have no secrets or nothing to hide.
• Without encryption, a malicious application can infect your device and steal sensitive information, leading to identity theft, fraud, or ransom.

What is Encryption?

• Encryption is the process of converting information into a secure, unreadable form.
• Only authorized persons with the secret key or password can decrypt and access the original data.

How Encryption Works

• Encryption prevents unauthorized access to data, but does not prevent interception.
• Software programs are used to encrypt files, folders, and entire drives.
• Encrypting File System (EFS) is a Windows feature that can encrypt data, linked to a specific user account.
• Only the user who encrypted the data can access it after encryption using EFS.

Encrypting Data using EFS

• To encrypt data using EFS in all Windows versions, follow specific steps (not provided in the text).
• EFS is a built-in feature in Windows, making it a convenient encryption option.

Importance of Backup

• Data loss can occur due to hard drive failure, laptop loss, smartphone theft, or accidental deletion of important documents
• Having a backup can prevent the loss of irreplaceable data, such as family photos

Backup Requirements

• An additional storage location is needed to store backed up data
• Data must be copied to the backup location regularly and automatically

Backup Storage Options

• Local storage options:
  • Network attached storage device (NAS)
  • External hard drive
  • Thumb drives
  • CDs/DVDs
  • Tapes
• Cloud storage options:
  • Amazon Web Services (AWS)
  • Other cloud storage services

Local Storage Benefits

• Total control over data
• No dependence on internet connectivity

Cloud Storage Benefits

• Access to backup data as long as account access is maintained
• Data is safe in the event of fire, theft, or other catastrophes (excluding storage device failure)

Cloud Storage Considerations

• Cost depends on storage space needed
• Selective data backup may be necessary due to storage costs and online data transfer fees

Two-Factor Authentication (2FA)

Definition

• Two-factor authentication (2FA) is a type of multifactor authentication that requires two distinct forms of verification to access a system, network, or application.

How it Works

• The first factor is typically something you know (e.g., password, PIN, answer to a security question).
• The second factor is something you have (e.g., physical token, smartphone with a unique authentication code, biometric factor).

Types of 2FA

• SMS-based 2FA: a one-time password (OTP) is sent to the user's mobile phone via SMS.
• Authenticator app-based 2FA: a time-based OTP is generated by an authenticator app (e.g., Google Authenticator, Microsoft Authenticator).
• Token-based 2FA: a physical token generates a one-time password.
• Smart card-based 2FA: a smart card stores a private key and certificate, which are used to authenticate the user.

Benefits

• 2FA adds an additional layer of security to the traditional username and password combination.
• 2FA makes it more difficult for attackers to gain unauthorized access using stolen credentials.
• 2FA is often required by regulatory bodies and industry standards (e.g., PCI DSS, HIPAA).

Limitations

• 2FA can add extra steps to the login process, potentially frustrating users.
• Implementing and maintaining 2FA systems can be costly, especially for organizations with large user bases.
• If a user loses or has their device stolen, they may be unable to access their account.

Protecting Privacy on Social Media

• Share minimal information on social media profiles to maintain privacy.
• Avoid sharing sensitive information like birth dates, email addresses, and phone numbers.
• Only provide minimum required information on profiles, don't fill them out completely.
• Adjust social media settings to restrict access to personal activities and conversations to only known individuals.

Online Security Threats

• Sharing excessive personal information online makes it easier for others to create a profile about you and exploit you offline.
• Security questions, such as mother's maiden name or birth city, can be easily found online by intruders.
• Consider using false information to answer security questions, as long as you can remember the answers.
• Use a password manager to securely store and manage false security question answers if you have trouble remembering them.

Email Security Risks

• Email messages are transmitted in plain text, making them readable by anyone with access.
• Emails can be archived on mail servers for some time, even after deletion.
• Email communication is similar to sending a message on a postcard, visible to anyone with access.

Online Privacy Risks

• Anyone with physical access to your computer or router can view your browsing history using web browser history, cache, and log files.
• Enabling in-private browsing mode on web browsers can help minimize this risk.
• Popular web browsers have their own private browsing modes:
  • Microsoft Internet Explorer: InPrivate
  • Google Chrome: Incognito
  • Mozilla Firefox: Private tab / private window
  • Safari: Private browsing

Private Browsing Mode

• Cookies are disabled in private browsing mode.
• Temporary Internet files and browsing history are removed after closing the window or program.

Limitations of Private Browsing

• Even with private browsing enabled, companies can still gather information using fingerprinting techniques.
• Intermediary devices, such as routers, can store information about a user's web surfing history.

Personal Responsibility

• It is the user's responsibility to safeguard their data, identity, and computing devices.
• Simple precautions can help prevent online problems.

Online Security Best Practices

• Avoid sending sensitive information, such as medical records, via email.
• Verify the security of online transmissions before sending sensitive data.