Cybersecurity Essentials Module 2
8 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following is an example of an effective password policy?

  • Passwords may be reused or recycled after 6 months.
  • Password strength combined with multifactor authentication are essential tools for maintaining security. (correct)
  • A password could be shared with a trusted co-worker such as someone from the IT Department or Help Desk.
  • Set the minimum password to 6 characters or more.

    • What is the benefit of the principle of least privilege?

  • It reduces the number of employees who can log into the corporate network.
  • It improves data security and prevents the spread of malware on your network. (correct)
  • It lets system administrators monitor all user activity on the company's network, including logins and system changes.
  • It reduces the number of hours that an employee can log into the company's network.

    • Which of the following is the correct term used for making a device, operating system, or software application as secure as possible?

  • Fortifying
  • Hardening (correct)
  • Toughening
  • Strengthening

    • Which method would prevent an attacker from connecting to your computer remotely from an Internet connection over an open port?

    <p>Use a host-based firewall, like Windows Firewall. (C)</p> Signup and view all the answers

    Which of the following terms best refers to fixing a known software problem?

    <p>Patch (A)</p> Signup and view all the answers

    You are investigating fraudulent activities committed by two employees at your company. You're asked to provide non-refutable evidence to confirm it. What type of evidence will you provide?

    <p>Non-repudiation (A)</p> Signup and view all the answers

    Why would you use a VPN?

    <p>To encrypt data on a public network (C)</p> Signup and view all the answers

    Which of the following authentication methods require more than one authentication process for a logon? (Select two.)

    <p>2FA (A), Multifactor authentication (B)</p> Signup and view all the answers

    Study Notes

    Cybersecurity Essentials Module 2

    • Cybersecurity module 2 covers password management best practices.
    • Students will learn how to identify strong and weak passwords.
    • A basic set of password policies for improved security will be outlined.

    Password Cracking

    • Password cracking is the unauthorized acquisition of a password.
    • Brute force attacks try many possible passwords.
    • Dictionary attacks use words from dictionaries or newspapers.
    • Rainbow attacks use words from an original password hash.

    Hashing

    • Hashing is transforming an input string into a smaller, fixed-length string (hash).
    • Passwords are hashed with a scrambling algorithm.
    • If a password hash is determined, attackers can use it to unscramble similar passwords.

    Managing Passwords

    • Strong passwords are essential to online security, according to 80% of data breaches originating from weak or stolen passwords.
    • Each online account should have a unique password.
    • Employee training on password management and data security is crucial.

    Password Policies

    • A password policy is a set of rules providing guidance on using strong passwords.
    • A minimum length of 12 characters is usually required.
    • Mixing upper/lower-case letters, numbers, and special characters is essential.
    • A unique password for each account is critical.
    • Mandatory password changes every 6-12 months should be in place.
    • Employee training on cyberattacks is an important element.
    • Employees must not reuse or recycle passwords or share them, not even with the CEO.
    • Don't write passwords down or store them digitally.

    Creating Better Passwords

    • Hackers can guess one trillion passwords per second.
    • Stronger security involves using 12 or more characters, avoiding common words or PII, and mixing upper, lower-case letters, numbers and special characters.
    • Avoid "leet" speaking and use random characters and passphrases instead.
    • Passwords often incorporate quotes from movies, songs, or books, which are a common tactic for hackers.

    Password Confidentiality

    • Organizations must never ask customers or employees for their passwords.
    • When employees know companies do not ask for passwords, they are less likely to fall for impersonation and phishing attempts.
    • Do not share your passwords with anyone, even your boss or IT department.
    • IT staff should have admin rights but only use their own logins.

    Password Reuse

    • Companies must teach employees about the risks of password reuse.
    • Avoid using the same username and password for multiple accounts.
    • Do not reuse common phrases such as '12345' or 'password'.
    • Avoid using the same password with different usernames.
    • Hackers link previous passwords to people and use "spraying" techniques to try common passwords for online accounts.

    Password Expiration

    • Password expiration requires passwords to expire after a specific amount of time.
    • In the past, passwords usually expired every 90 days and longer intervals can lead to less risky behaviour.
    • However, continuous password expiration can negatively affect security.

    Authentication Methods - SFA, 2FA, MFA

    • Single-factor authentication (SFA) requires only one credential.
    • SFA is vulnerable to keystroke loggers, phishing, and data breaches.
    • Two-factor authentication (2FA) requires two credentials (e.g., a password and a security key).
    • Multi-factor authentication (MFA) requires multiple authentication methods.
    • MFA increases security by reducing breach risk, helping to prevent attacks by keystroke loggers, and providing control over which authentication factors are used.

    Identification Factors

    • Identification factors are pieces of information known only to the user and the authentication service.
    • Something you know (e.g., password, PIN, security questions).
    • Something you have (e.g., phone/email, OTP codes).
    • Something about you (e.g., fingerprints, face, retina).

    Single Sign On (SSO)

    • SSO verifies users for connected accounts or apps, so they only have to log in once.
    • Businesses use SSO to simplify and speed up access to resources.

    The Three A's (Access Control, Authorization, Authentication)

    • Access control restricts access to different areas based on user status.
    • Authorization grants permission to access a computer, network, app, or account.
    • Authentication proves a user's identity (e.g., with a password).
    • RBAC (Role-based Access Control) follows a company's org chart by categorizing customer and employee roles in groups.
    • New users are assigned to the group that fits their role.

    Digital Accounting

    • Digital accounting is used in troubleshooting, security analysis, forensics, and hacking.
    • It analyzes login logs, browsing history, cookies, and OS/browser information.

    Non-repudiation

    • Non-repudiation verifies the authenticity of a message between two parties.
    • It guarantees a message sent cannot be denied by the sender.
    • Authentication methods to prove identity such as video evidence, biometrics, signatures, and receipt.

    Device Hardening

    • Hardening maximizes a device's security by minimizing vulnerabilities.
    • Disable unneeded features, update firmware, update operating systems (OS).
    • Implement software solutions such as using firewalls, VPNs (Virtual Private Networks), and anti-malware applications.

    Apps and OSes

    • Automatic updates are crucial to protect applications and OSes.
    • Outdated systems are vulnerabilities for hackers.
    • Use trusted sources and ensure checks of digital signatures.
    • Perform regular updates of applications and OSes.

    Patching

    • Patches are updates that fix security weaknesses.
    • Examples include using MFA, VPNs (Virtual Private Networks), and strong passwords for unknown threats.

    Firmware Updates

    • Firmware updates inform hardware on how to function.
    • BIOS (Basic Input Output System) passwords/firmware passwords are used to boot up.
    • Secure boot confirms the OS manufacturer's digital signature. This ensures malware cannot take control during the boot process.
    • TPM (Trusted Platform Module) stores and manages encryption keys.

    Encryption

    • Encryption scrambles plain text to ciphertext.
    • It's used on the network to encrypt and decrypt data with algorithms. Examples of encryption usages are in hard drives, phones and thumb drives.

    Disabling Features and Ports

    • Hackers use features and ports to steal data.
    • Disable autorun features, Bluetooth, and NFC to limit data interception.
    • Use secure ports like Port 443 (for HTTPS) and Port 22 (for SSH).

    Zero-Day Attacks

    • Zero-day attacks are new attacks with no fix/update.
    • To mitigate them, use tools like VPNs (Virtual Private Networks), IDS/IPS (Intrusion Detection/Prevention Systems) and only visit trusted networks.
    • Also, follow general security hygiene standards.

    Apps that Harden

    • Antivirus programs, anti-malware programs, anti-spyware, firewalls and VPNs provide helpful configurations and suggestions.

    Firewalls and VPNs

    • Firewalls monitor connections and prevent harmful traffic.
    • VPNs encrypt traffic so it's unreadable.
    • VPNs and firewalls can range in cost, some are free.

    Open WiFi vs Secure WiFi

    • Open WiFi is dangerous due to the lack of encryption.
    • Hackers can intercept identity, drain accounts, and scam by using open WiFi networks.
    • Use VPNs for public WiFi.
    • Only visit trusted HTTPS sites on public WiFi.
    • Do not access personal or financial information on public WiFi.

    Default Passwords

    • Default usernames and passwords used for configuration purposes are easy to exploit.
    • Hackers use default credentials for apps, devices, OSes, databases and BIOS to gain access.
    • Disable, change default passwords and use strong passwords.

    Spam

    • Spam is unsolicited digital communication sent in bulk to many recipients.
    • Spam can come as Email, text messages, instant messages, robocalls, or social media posts.
    • Some links and attachments in spam can infect systems with malware, steal sensitive data, and join systems to a botnet.
    • Use throwaway accounts and configure settings that block spam.
    • Consider using a full-featured mail app.

    Phishing

    • Phishing attacks are common techniques used by hackers to commit fraud.
    • They steal information about users by sending suspicious emails.
    • Be cautious by not clicking any links or open attachments in emails.
    • Inspecting email text, logos, and link URLs for any errors can help to reduce phishing scams.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Cybersecurity Module 2 PDF

    Description

    This quiz focuses on best practices for password management, including identifying strong and weak passwords. It also covers techniques of password cracking and the importance of hashing in securing passwords. Learn how to create a secure password policy to safeguard your online accounts.

    More Like This

    Cybersecurity Best Practices
    6 questions

    Cybersecurity Best Practices

    StellarChupacabra avatar
    StellarChupacabra
    Password Security Best Practices
    5 questions

    Password Security Best Practices

    SplendidPythagoras avatar
    SplendidPythagoras
    Proactive Cybersecurity Measures
    38 questions

    Proactive Cybersecurity Measures

    FancierHolmium avatar
    FancierHolmium
    Cybersecurity Essentials Quiz
    37 questions

    Cybersecurity Essentials Quiz

    EndorsedUnicorn9244 avatar
    EndorsedUnicorn9244
    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser