Digital Security Basics Module 7

Questions and Answers

Are hackers able to exploit communication ports?

True (A)

How do hackers exploit communication ports?

Hackers use a technique called port scanning to discover which ports are open on a device.

What is a port scan?

A port scan pings a packet of data to the port. If a reply is received, the port is open.

What is a firewall?

A firewall is a device or software that is designed to block unauthorized access while allowing authorized communications.

What is a personal firewall?

A personal firewall is a software-based deterrent against unauthorized port access.

Only one software-based firewall should be active, because firewalls have a tendency to conflict with each other.

True (A)

A router acts as a firewall to block connections that are not initiated inside a local network.

True (A)

Do I need NAT in addition to a personal firewall?

Yes, NAT is the best line of defense against attacks that originate from the Internet.

What types of interception exploits are threats?

Spyware, Adware, Keyloggers, and Man-in-the-Middle.

What is spyware?

Any software that secretly gathers personal information without the victim's knowledge is classified as spyware.

What is adware?

Adware monitors web browsing activity to supply ad-serving sites with data for targeted ads.

What are keyloggers?

Keyloggers record keystrokes and send them to a hacker.

What is Man-in-the-Middle?

An eavesdropping exploit where a third party intercepts communications.

How do man-in-the-middle attacks work?

A third party intercepts communications between two entities without their knowledge.

What is an Evil Twin?

An Evil Twin is a LAN server designed to look like a legitimate Wi-Fi hotspot.

How does the Evil Twin exploit work?

Hackers set up a Wi-Fi hotspot to capture unsecured data from users.

What is address spoofing?

Address spoofing changes an originating or destination address to redirect data flow.

What is an email address spoof?

It changes the sender's address to mask the source of spam.

What is IP address spoof?

It modifies the source address of data packets used in a denial-of-service attack.

What is a DNS address spoof?

It changes the IP address that corresponds to a URL to redirect traffic.

The DNS address spoof changes the ARP (Address Resolution Protocol) routing table on a local area network.

True (A)

How does address spoofing affect browsing?

By spoofing Google's IP address, users can be sent to a fake Google site.

Why is encryption vulnerable?

The method of encrypting communication relies on a protocol called TLS that can be susceptible to attacks.

What is the problem with TLS?

Digital certificates can be faked, compromising their trustworthiness.

How does a digital certificate hack work?

By using DNS address spoofing, data can be tunneled through a malicious server.

Basic digital security depends on which two techniques?

Encryption (C), Authentication (D)

How does encryption work?

Encryption transforms a message or data file so that its contents are hidden from unauthorized readers.

An original message or file that has not yet been encrypted is referred to as plaintext or cleartext.

True (A)

An encrypted message or file is referred to as ciphertext.

True (A)

What is encryption?

The process of converting plaintext into ciphertext.

What is decryption?

The process of converting ciphertext into plaintext.

How is data encrypted?

Data is encrypted by using a cryptographic algorithm and a key.

What is a cryptographic algorithm?

A procedure for encryption or decryption.

What is a cryptographic key?

A word, number, or phrase that must be known to encrypt or decrypt data.

A password is typically used as the key to encrypt and decrypt data.

True (A)

What can be encrypted?

Data packets sent over networks, bank card numbers, email messages, storage volumes, and sensitive files can be encrypted.

How well does encryption protect files?

There are various encryption methods, and some are more secure than others.

What is the encryption standard currently used worldwide?

AES (Advanced Encryption Standard)

It is possible to crack AES, but the process is difficult and requires lots of computer power.

True (A)

What is user authentication?

Any technique used to verify or confirm a person's identity.

Authentication techniques such as passwords, PINs, fingerprint scans, and facial recognition can prevent unauthorized access to the data.

True (A)

How does two-factor authentication increase security?

It verifies identity based on two components, such as a password and a verification code.

What does a brute force attack use?

Password-cracking software to generate every possible combination of letters, numerals, and symbols.

What does a dictionary attack help hackers to do?

Guess your password by stepping through a dictionary containing common words and mutations.

What makes a password susceptible to a dictionary attack?

Weak passwords such as passpass or computercomputer.

What makes a password susceptible to a brute force attack?

Passwords are easier to crack if chosen from a smaller range of possibilities.

The number of possible passwords depends on factors that include the size of the character set and the length of the password.

True (A)

What is password entropy?

A measure in bits of a password's unpredictability.

Passwords with higher entropy are more secure than passwords with low entropy.

True (A)

How does a password manager work?

It keeps track of passwords so users don't have to memorize them.

What does a password strength meter indicate?

The strength of a password and its resistance to attacks.

The encrypted file that stores user IDs and passwords is protected by a master password.

True (A)

Passwords stored locally are tied to the device on which they are created.

True (A)

Malware is also a component of cyberwarfare attacks that pose a threat to national security.

True (A)

What are malware threats?

Any computer program designed to surreptitiously enter a digital device.

What is a payload or malware exploit?

The action carried out by malware code.

What can malware be used for?

Deleting files, recording keystrokes, allowing remote control of a device, and more.

When was the first computer virus designed to affect personal computers appear?

In 1982.

What is a virus?

A set of self-replicating program instructions that attaches itself to a legitimate executable file.

What are logic bombs?

Viruses that deliver their payloads in response to some other system event.

What are time bombs?

Viruses that deliver their payloads on a specific date.

What is code injection?

The process of modifying an executable file or data stream by adding additional commands.

How does a virus spread?

By exchanging infected files, email attachments, and through social networking sites.

What is side-loading?

A process where an app from a source other than an official app store is installed.

What is a rootkit?

Any code that hides the existence of processes and privileges.

Modern rootkits are used to hide malicious code by replacing parts of the operating system with modified code.

True (A)

What is a worm?

A small self-replicating program designed to carry out unauthorized activities.

How can worms enter a device?

Through security holes in browsers, email attachments, and infected links.

A mass-mailing worm spreads by sending itself to every address in the worm's contact list.

True (A)

What does an Internet worm look for?

Vulnerabilities in operating systems, open communications ports, and JavaScripts.

What does a file-sharing worm do?

Copies itself into a shared folder under an innocuous name.

Today, more than 80% of malware infections are trojans.

True (A)

How do trojans differ from viruses and worms?

Trojans do not spread themselves; they rely on users to install them.

What are trojans?

Programs that masquerade as useful utilities but perform harmful actions.

What can trojans contain?

Viruses, code to take control of a device, or routines called droppers.

What is a dropper?

A tool designed to deliver or 'drop' malicious code into a device.

What is the difference between a dropper and code injection?

A dropper installs a malicious program, while code injection adds malicious code to an existing program.

Antivirus software is a type of utility software that looks for and eliminates malware.

True (A)

What is a virus signature?

A section of code that uniquely identifies a malware exploit.

How well does heuristic analysis work?

It requires time and system resources to examine files.

Heuristics may produce false positives that mistakenly identify a legitimate file as malware.

True (A)

What happens when malware is detected?

Antivirus software can try to remove, quarantine, or delete the malware.

How dependable is antivirus software?

Today's antivirus software is quite dependable but not infallible.

What is the purpose of a manual scan?

To scan specific files initiated by a user.

What's a virus hoax?

An email warning about a supposed new virus, often leading to unwanted downloads.

What is the risk of online intrusions?

When an unauthorized person gains access to a digital device via the Internet.

What are the characteristics of online intrusions?

Most begin with malware setting up a backdoor for future access.

What are the steps of an online intrusion?

Malware enters a device, creates a backdoor, opens communication with a hacker, and executes commands.

Are there different types of intrusions?

True (A)

What is a RAT?

Malware that disguises itself as legitimate software to establish a secret link to a hacker.

What is a backdoor?

An undocumented method of accessing a digital device.

What is ransomware?

A virus that encrypts user storage until payment is made to unlock it.

What is a botnet?

A network of compromised devices controlled by hackers.

Botnets have been used to carry out massive DDoS attacks.

True (A)

What is DDoS?

A distributed denial of service attack.

A botmaster controls a network of victims' computers using IRC channels for communication.

True (A)

Commands from botmaster include:

Click fraud, DDoS, spam, mine bitcoins, and crack encryption.

Does antivirus software protect devices from intrusions?

It can prevent some, but not all, intrusions.

What is a zero-day attack?

An attack that exploits previously unknown vulnerabilities.

On-access scans are also called:

Real-time protection, background scanning, and autoprotect.

Flashcards are hidden until you start studying

Study Notes

Digital Security Fundamentals

• Basic digital security relies on encryption and authentication for protection.
• Encryption hides information from unauthorized readers by transforming messages or files.
• The original unencrypted content is known as plaintext or cleartext, while the encrypted content is termed ciphertext.

Encryption and Decryption

• Encryption: The process of converting plaintext into ciphertext.
• Decryption: Reverses encryption, converting ciphertext back to plaintext.
• Data encryption utilizes a cryptographic algorithm paired with a cryptographic key for secure communication.

Cryptographic Key and Algorithms

• A cryptographic key is typically a word or number necessary for encryption/decryption.
• Cryptographic algorithms define the methods used for encryption and decryption.

Passwords and Security

• Passwords function as keys, playing a crucial role in data protection.
• Various data types can be encrypted, including personal data, email communications, and entire storage volumes.
• Password strength hinges on complexity; weak passwords (e.g., "passpass") are easily crackable.

Attack Methods

• Brute Force Attack: Attempts every possible password combination, often requiring substantial time and resources.
• Dictionary Attack: Uses common words and phrases to guess passwords, leveraging known weaknesses.

Security Measures

• Employing two-factor authentication enhances security by requiring two verification components.
• Password strength meters evaluate password security against brute force and dictionary attacks.

Malware and Cyber Threats

• Malware encompasses harmful programs designed to infiltrate devices, including viruses, worms, and trojans.
• A virus replicates by attaching itself to legitimate files; worms are standalone programs that spread autonomously.
• Trojan horses masquerade as legitimate software but lead to malicious activities upon installation.

Specific Types of Malware

• Ransomware encrypts user data until a ransom is paid for access.
• Rootkits hide malicious processes from detection, often modifying operating system components.
• Backdoors allow unauthorized remote access to victim systems, often utilized by RAT (Remote Access Trojans).

Intrusions and Defense Strategies

• Online intrusions often initiate through malware, which opens backdoors for hackers.
• Botnets consist of networks of compromised devices controlled by a hacker, often utilized for DDoS attacks.
• Firewalls block unauthorized access and can be software-based (personal firewalls) or hardware-based (network routers).

Protection and Reliability

• Antivirus software detects and eliminates malware but may not catch sophisticated threats like zero-day exploits.
• Manual scans help users check for infections if there are suspicions of malware incidents.

Exploiting Vulnerabilities

• Hackers conduct port scanning to identify open communication ports on devices.
• Spyware collects user data without consent, while adware monitors web activity to serve targeted ads.

Threat Prevention

• Systems utilizing Network Address Translation (NAT) enhance security against outside attacks, complementing personal firewalls by addressing internal threats.

Keyloggers

• Keyloggers are a type of spyware that record keystrokes and transmit the information to hackers.
• They are commonly used by identity thieves and industrial spies to obtain user passwords and access accounts.

Man-in-the-Middle Attacks

• A Man-in-the-Middle (MITM) attack involves a third party intercepting communication between two entities without their knowledge.
• Types of MITM attacks include Evil Twins, address spoofing, digital certificate hacks, and IMSI catchers.
• A third party can either passively monitor communications or actively modify data during transfer.

Evil Twin Exploit

• An Evil Twin is a fraudulent Wi-Fi hotspot that mimics a legitimate network to deceive users.
• Hackers set up unsecured Wi-Fi hotspots to capture data from users, including online banking details and social media passwords.

Address Spoofing

• Address spoofing involves altering the originating or destination address of data to redirect communication.
• Various types include email address spoofing, IP address spoofing, and DNS address spoofing.

Spoof Types

• Email address spoofing disguises the sender's address, often used in spam.
• IP address spoofing modifies source IP addresses in denial-of-service (DoS) attacks.
• DNS address spoofing changes the IP address associated with a URL, redirecting victims to fraudulent websites.

ARP Address Spoofing

• ARP spoofing alters the routing table on a local area network, redirecting traffic through a malicious device.

Address Spoofing Impact on Browsing

• Spoofing of Google’s IP address by authorities can redirect users to fake sites, which may block access to controversial content.

Vulnerability of Encryption

• Encryption of client-server communication relies on TLS (Transport Layer Security) and digital certificates to verify server identity.
• Public keys are used by clients to encrypt messages sent to servers.

Issues with TLS

• Digital certificates, which validate server identities, can be faked, creating security vulnerabilities.
• A valid certificate is signed by an official certificate authority, while a fake may appear legitimate but lacks a valid signature.

Digital Certificate Hacking

• Digital certificate hacks can involve DNS address spoofing, which routes all data from users through malicious servers, potentially enabling surveillance or censorship.