Digital Security Basics

Questions and Answers

What is the primary function of encryption in digital security?

• To compress files for easier storage.
• To speed up data transfer rates across networks.
• To verify the authenticity of a user.
• To hide data contents from unauthorized readers. (correct)

Which of the following is the encryption standard currently used worldwide?

• MD5 (Message Digest Algorithm 5)
• RSA (Rivest-Shamir-Adleman)
• DES (Data Encryption Standard)
• AES (Advanced Encryption Standard) (correct)

In the context of digital security, what does 'user authentication' primarily aim to do?

• Verify or confirm a person's identity. (correct)
• Prevent unauthorized modifications to software.
• Filter network traffic based on predefined rules.
• Encrypt sensitive data stored on a device.

Two-factor authentication enhances security by verifying identity based on how many components?

Two (D)

What is a primary characteristic of a 'strong' password?

Difficulty to hack (A)

Which type of attack uses password-cracking software to generate every possible combination of characters?

Brute force attack (A)

Why are dictionary attacks effective against some users?

Many users choose easy-to-remember passwords. (C)

What is the core function of a password manager?

To keep track of passwords so users don't have to memorize them. (D)

Password managers often display a 'strength meter'. When is this feature most useful?

When creating a custom password. (A)

What is the meaning of the term 'malware'?

Any computer program designed to secretly enter a digital device. (A)

What is the meaning of the term 'malware exploit'?

The action carried out by malware code on a system. (D)

What is 'code injection'?

The process of modifying an executable file by adding malicious commands. (D)

How does a computer virus typically spread?

Through infected files exchanged between users. (C)

What is the purpose of a rootkit?

To hide the existence of processes and privileges on a device. (C)

Which of the following best describes a computer worm?

A self-replicating program designed to carry out unauthorized activity. (B)

What is a 'mass-mailing' worm,?

A worm that spreads by sending itself to addresses in an infected device's address book. (A)

What is the primary functionality of a 'dropper'?

To deliver malicious code into a device. (C)

What is a key characteristic of a Trojan?

It appears to perform one function but actually does something else. (C)

What is a virus signature in the context of antivirus software?

A section of program code unique to a malware exploit. (B)

What is a 'false positive' in virus detection?

When antivirus software mistakenly identifies a legitimate file as malware. (D)

What is heuristic analysis used for in antivirus software?

To analyze the characteristics and behavior of suspicious files. (D)

What does it mean when antivirus software quarantines a file?

The file is encrypted and isolated to prevent potential harm. (D)

What is a typical characteristic of a virus hoax?

It encourages users to forward the message to their contacts. (D)

What is an 'online intrusion'?

When an unauthorized person gains remote access to a digital device. (C)

What is the primary purpose of Remote Access Trojans (RATs)?

To establish a secret communication link with a hacker. (A)

What is a defining characteristic of ransomware?

It locks a device and demands payment. (B)

What is the main purpose of a DDoS attack?

To flood a legitimate website with so much traffic that it becomes unavailable. (A)

What is the key difference between an on-demand scan and an on-access scan?

An on-demand scan requires user interaction, while an on-access scan runs in the background. (A)

What is the function of a personal firewall?

To block unauthorized port access. (C)

What role does NAT play in providing a hardware firewall?

It hides internal IP addresses from the external network. (C)

What is a 'zero-day' attack?

An attack that exploits previously unknown vulnerabilities. (C)

Which type of intercept exploit often involves setting up a Wi-Fi hotspot that mimics a legitimate one?

Evil Twin (C)

Which of the following is the primary goal of address spoofing?

To redirect the natural flow of data between two parties. (A)

What is the role of TLS (Transport Layer Security) in online communication?

It checks a digital certificate to verify a server's identity (B)

What is the main function of an IMSI catcher?

To intercept mobile phone signals. (B)

What is the deceptive practice that exploits human psychology?

Social engineering (A)

Which scam promises a large sum of money in exchange for a bank account number?

Advance fee fraud (B)

What type of spam uses a false pretext to trick victims into participating?

Pretexting (D)

What is a key characteristic of phishing?

Masquerades as a message from a legitimate company. (B)

SmartScreen is used by?

Microsoft (B)

What is a rogue antivirus?

An exploit with a virus. (D)

PUA stands for?

Potentially unwanted application (D)

Flashcards

Encryption

Transforms data to hide contents from unauthorized readers.

Plaintext

Original, unencrypted message or file.

Ciphertext

Encrypted message or file.

Cryptographic algorithm

Procedure for encryption or decryption.

Cryptographic key

Word, number, or phrase to encrypt/decrypt data.

AES

Encryption standard currently used worldwide.

User authentication

Technique to verify a person's identity.

Two-factor authentication

Verifies identity based on two components.

Strong password

Difficult-to-hack password.

Brute force attack

Uses software to generate every possible password combination.

Dictionary attack

Steps through dictionary to guess your password.

Password entropy

Measure of a password's unpredictability.

Password manager

Keeps track of passwords so users don't have to memorize them.

Malware

Program designed to secretly enter a digital device.

Malware exploit

Action carried out by malware code.

Computer virus

A set of self-replicating program instructions. Attaches to a legitimate file on a host device

Code injection

Modifying an executable file by adding commands.

Side-loading

App installed from unofficial sources.

Rootkit

Code designed to hide processes and privileges.

Computer worm

Self-replicating, self-distributing program.

Mass-mailing worm

Worm spreading by sending copies to every address in the infected device.

Internet worm

Looks for vulnerabilities in operating systems. communication ports and web pages.

File-sharing worm

Copies itself into a shared folder under an innocuous name.

Trojan

Computer program that seems to perform one function while actually doing something else

Dropper

Designed to deliver malicious code into a device

Antivirus software

Utility software that eliminates malware.

Virus signature

Code uniquely part of a malware exploit.

Heuristic analysis

Techniques to detect malware by analyzing suspicious behavior.

False positives

Mistakenly identifying a legitimate file as malware.

Quarantined file

Contains code suspected of being a virus.

Online intrusion

Online intrusion takes place when an unauthorized person gains access to a digital device by exploitation.

RAT

Malware that arrives disguised as legitimate software. Sets up a secret communication link.

Ransomware

Locks a device and then requests payment

Botnet

Client-server network created by hackers, they gain control over several computers

DDoS

Designed to flood a Legitimate website with traffic

Zero-day attack

Exploits previously unknown vulnerabilities.

On-access scan

Takes place in the background.

On-demand scan

Launched manually to examine a storage volume.

Firewall

Device or software to block unauthorized access.

Phishing

Email scam from a legitimate company to get private information.

Study Notes

Module 7: Digital Security

• This Module is about Digital Security
• It includes: Basic Security, Malware, Online Intrusions, Interception, and Social Engineering

Module Objectives

• At the end of this module, readers will be able to:
  • Encrypt a file or storage volume
  • Adjust the login options on devices
  • Use two-factor authentication
  • Create strong passwords and maintain them
  • Select, install, and configure antivirus software
  • Verify that antivirus software is actively scanning, and deal with virus alerts
  • Identify virus hoaxes
  • Close remote access features that might pose security risks
  • Take steps to be prepared if your device is infected with ransomware
  • Use an on-demand virus scanner as necessary to find and remove zero-day attacks
  • Discover which ports are open on digital devices
  • Install, activate, and configure a personal firewall
  • Avoid Evil Twin exploits
  • Watch for the signs of digital certificate hacks
  • Take steps to reduce spam
  • Use spam filters
  • Identify and avoid phishing, pharming, rogue antivirus, and PUA exploits

Section A: Basic Security

• Basic security includes Encryption, Authentication, Passwords, and Password Managers

Section A: Objectives

• By the end of this section, readers should be able to:
  • List examples in which digital data is encrypted for security purposes
  • Compare PINs, passcodes, and passwords
  • Describe how two-factor authentication functions
  • Explain how encryption is linked to passcodes in a digital devices
  • Describe the advantages of encrypting an entire storage volume
  • Recite the basic rules for creating a strong password
  • List characteristics of weak passwords
  • Recite the formula for calculating the number of possible passwords that can be generated using a four-digit PIN
  • Explain the concept of password entropy
  • Describe the advantages and disadvantages of local, cloud-based, and USB password managers

Encryption

• Encryption transforms a message or data file to hide its contents from unauthorized users

• Original messages or files are unencrypted and referred to as "plaintext" or "cleartext"

• Encrypted messages or files are known as "ciphertext"

• Encryption is the process of converting plaintext into ciphertext

• Decryption is the reverse process of converting ciphertext into plaintext

• Data is encrypted using a cryptographic algorithm and a key

• A cryptographic algorithm is a procedure for encryption and decryption

• A cryptographic key is a word, number, or phrase needed to encrypt or decrypt data

• AES (Advanced Encryption Standard) is an encryption standard currently in use worldwide

Authentication

• User authentication confirms identity
• Authentication techniques can prevent unauthorized access to data on Web sites or stolen devices
• Two-factor authentication increases security by verifying identity based on multiple components

Authentication on devices

• iPhones and iPads can be locked to require a periodic authentication
• Authentication options for iOS include passcodes, alphanumeric passwords, facial recognition, and fingerprint scans
• Android devices have many security settings
• Android devices do not automatically encrypt data when a user activates the login password; configuring a password and activating encryption are 2 separate steps

Passwords

• A difficult password is hard to hack
• Strong passwords should be at least eight characters in length with uppercase letters, numbers, and symbols
• Brute force attacks use password-cracking software to generate password combinations. This can take days to crack
• Dictionary attacks help hackers guess a password using word lists in English, Spanish, French, and German
• Password entropy is a measure in bits of password unpredictability

Password Managers

• Keep track of passwords so they don't have to be memorized
• Password managers may display a strength meter
• Passwords can be stored locally, in the cloud or USB drive

Section B: Malware

• Malware is the central topic in this section
• It covers malware threats, computer viruses, computer worms, trojans, and antivirus software

Section B: Objectives

• By the end of Section B, readers should be able to:
  • List five examples of malware payloads
  • Describe the characteristics differentiating computer viruses from other malware
  • Explain the purpose of a rootkit
  • Describe the characteristics of computer worms and list three common infection vectors
  • Explain the purpose of malware trojans and how they relate to droppers
  • List the two ways that antivirus software is able to detect viruses
  • Explain the three possible actions that antivirus software can take when a virus is detected
  • Explain the significance of false positives in the context of virus detection
  • Describe how to determine if an email warning about a virus is real or a hoax

Malware Threats

• Malware refers to any computer program designed to secretly enter a digital device
• Malware exploits or "payloads" have types including:
  • Displaying irritating messages and pop-up ads
  • Deleting or modifying your data
  • Encryption for ransom
  • Upload or download files
  • Recording keystrokes for stealing passwords and credit card numbers
  • Sending malware and spam messages to contacts
  • Disabling antivirus and firewall software
  • Blocking access to specific Web sites and redirecting a browser
  • Causing response time slowdowns
  • Allowing remote access of data on device
  • Allowing remote control of a device
  • Linking device to a botnet
  • Causing network traffic jams

Computer Viruses

• A computer virus has self-replicating program instructions that attaches to a legitimate executable file on a host device
• Code injection adds additional commands while modifying executable file or data stream
• Viruses spread when files are exchanged on disks and CDs, as email attachments, and social media
• Side-loading is when an app from a source other than an official app store is installed
• Any code that hides the existence of processes and privileges is called a rootkit
• Rootkits were originally designed to allow access to computer systems

Computer Worms

• Computer worms are self-replicating programs designed to carry out unauthorized activity Types of computer worms:
  • A mass-mailing worm spreads by sending itself to every address of an infected device
  • An Internet worm looks for vulnerabilities in OS's
  • A file-sharing worm copies into a shared folder under innocuous name

Trojans

• Trojans perform a legitimate function while doing something else
• Trojans aren't designed to spread themselves
• Droppers drop code into a device
• Droppers are the first phase of a sophisticated malware attack

Antivirus Software

• Antivirus software eliminates viruses, trojans, worms, and other malware
• A virus signature is code that contains a series of instructions known to be part of a malware exploit
• Virus signatures are discovered by security experts who examine the bit sequences contained in malware program code
• Heuristic analysis detects malware analyzing behaviors of files. The heuristic system can give false positives
• Quarantined files can contain parts of a virus. The antivirus encrypts contents in a folder so it cannot run or accessed

Using Antivirus

• To enable the features of antivirus software, you can:
  • Start scanning when the device boots
  • Scan all programs as they launch
  • Scan document files when they are opened
  • Scan other file types
  • Scan incoming and outgoing emails (checking for mass mailings)
  • Scan zipped files
  • Scan for spyware and PUAs (potentially unwanted applications)
  • Scan all files on the device's storage volume at least once a week
  • Virus hoaxes may contain links or instructions to delete files

Section C: Online Intrusions

• The main topics in this section are: Intrusion Threats, Zero-Day Attacks, Netstat, and Firewalls

Section C: Objectives

• By the end of this section, readers should be able to:
  • Provide an overview that describes how an online intrusion takes place
  • Describe how RATs use backdoors to access remote devices
  • Describe the security vulnerabilities associated with legitimate remote access utilities
  • Summarize the types of threats posed by ransomware
  • Explain how a DDoS attack takes place
  • Describe the difference between an on-demand scan and on-access scanning
  • summarize the significance of communications ports in online intrusions
  • Describe how a personal firewall works
  • Explain how NAT works in conjunction with a router to provide a hardware firewall
  • Explain why security experts recommend using both NAT and a personal firewall

Intrusion Threats

• An unauthorized person gaining access to a digital device using an Internet connection and exploiting vulnerabilities in software is an online intrusion
• Types of online intrusions include:
  • RAT (Remote Access Trojan)- disguises itself as a legitimate software, sets up a secret communication
  • Backdoor- undocumented method of accessing a digital device
  • Ransomware- locks device and requests payment
  • Botnet- client-server network created by hackers
  • DDoS (distributed denial-of-service) attacks- floods a website with too much traffic

Zero-Day Attacks

• Zero-day events exploit vulnerabilities in software applications, hardware, and operating system program code previously unknown
• Scanning can be on access (real time) or on demand (manually)

Netstat

• Digital devices use communication ports
• Port scans reply if a port is open, and the utilities produce lists

Firewalls

• Firewalls block unauthorized access while allowing authorized communications
• Personal firewalls use software to stop port access
• Most block unless the app and corresponding communications port are on a list of allowed exceptions

Section D: Interception

• This section covers: Interception Basics, Evil Twins, Address Spoofing, Digital Certificate Hacks, and IMSI Catchers

Section D: Objectives

• After completing this section, readers should be able to:
  • List types of intercept exploits
  • Draw a diagram illustrating a basic man-in-the-middle exploit
  • Describe the Evil Twin exploit and how to avoid it
  • List types of address spoofs
  • List of security components of a digital certificate
  • Describe how a digital certificate encrypts the connection between a client and a server
  • Explain how a fake digital certificate can defeat encryption
  • Describe how an IMSI catcher works

Interception Basics

• Exploits include:
  • Spyware gathers data without permission
  • Adware monitors web browsing to serve data to ads
  • Keyloggers record keystrokes
  • MITM (Man-In-The-Middle) include Evil Twins, Address Spoofing, Digital Certificate Hacks, and IMSI Catchers

Evil Twins

• Evil Twin: a LAN server designed to look like a Wi-Fi hotspot
• To avoid, refrain from entering data on networks that are questionable, avoid unsecured networks

Address Spoofing

• Address spoofing changes an originating or destination address to reroute the flow of data
• Address spoofing can happen at various levels
• Types of address spoofing: Emails, IP, DNS, and ARP

Digital Certificate Hacks

• TLS (Transport Layer Security protocol)
• TLS depends on a digital certificate to verify a server's identity and pass a public ke
• The client uses the public key to encrypt data sent to the server

IMSI Catchers

• IMSI (International Mobile Subscriber Identity)
• A 64 bit number to identify a cellular device
• Catchers eavesdrop used for intercepting mobile phone signal and tracking device location

Section E: Social Engineering

• In this final section, the following will be covered: Social Engineering Basics, Spam, Phishing, Pharming, Rogue Antivirus, and PUAs

Section E: Objectives

• By the end of the module, you should be able to:
  • Create a diagram that illustrates the six elements of a social engineering attack
  • Describe advance fee fraud and the stranded traveler scam.
  • List the three limitations placed on spam by the CAN-SPAM Act of 2003
  • List at least six best practices for avoiding spam
  • Describe the four types of spam filters
  • Explain the difference between phishing and pharming attacks
  • Explain the purpose of Safe Browsing
  • Describe how a rogue antivirus exploit works
  • Give two examples of PUAs

Social Engineering Basics

• It exploits human psychology
• Social engineer term of person who makes a scam to accomplish a goal
• Some exploit of the individual/org gets tricked to participate in the scam

Spam

• Unsolicited messages sent via email systems
• Mass mailing and databases gather email addresses at a low costs
• In 2003, the U.S. Congress passed an anti-spam law- CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003)
• Pretexting describes spam that uses a false pretext to trick victims

Tips to reduce spam

• To decrease the amount of spam you receive include:
  • Share primary address to those trustworthy
  • Never reply to spam
  • Don't click links
  • Don't open an attachment if you don't trust the email
  • Disguise real email, on a webpage post it as graphic
  • Opt out of email if it originates in a reputable way

Spam Filters

• A Spam Filter are the rules to examine emails to determine which is Spam
• The Spam Filter types include: -Content -Header -Blacklist -Permission

Phishing

• Masquerades itself as an email or the IRS to get to Bank card information and passwords

Pharming

• Pharming redirects Web site traffic to sites that distribute malware, collect data, and scam
• Safe Browsing checks URLs in a good way