Network Security Policies and Email Security

Questions and Answers

What type of database is used to authenticate administrative users in network devices?

• Access database
• Security database
• User database
• Authentication database (correct)

What is the primary function of the Email Security Appliance (ESA)?

• To store email messages
• To filter spam and suspicious emails (correct)
• To manage user access
• To secure email servers

Which of the following is NOT a function of the Email Security Appliance (ESA)?

• Filtering spam
• Blocking suspicious attachments
• Identifying phishing attempts
• Sending promotional emails (correct)

Which network function is primarily concerned with user authentication?

User authentication (B)

What type of threats does the Email Security Appliance (ESA) primarily address?

Phishing and spam (A)

What feature can IT staff use to implement recommendations on a Windows host?

Local Security Policy (B)

Which of the following is NOT a function associated with the Local Security Policy?

Managing software updates (D)

In which category can IT staff learn more about security policy?

Security Policy Categories (A)

What is a key component that a good security policy should specify?

Minimum requirements for passwords (B)

Which of the following roles is responsible for using Local Security Policy on a Windows host?

IT Staff (A)

Which aspect is NOT typically included in a good security policy?

The budget for network upgrades (D)

What can be customized using the Local Security Policy feature?

User account control settings (D)

How should remote users access the network according to a good security policy?

By following specified guidelines (B)

Who should be authorized to access network resources as per a good security policy?

Specified individuals as defined in the policy (C)

What should a security policy include regarding incidents?

Guidelines on how incidents will be handled (A)

What is the primary role of Certificate Authorities (CAs) in relation to domains?

To issue certificates that contain a public key. (C)

Why do Certificate Authorities sign the certificates they issue?

To ensure the authenticity and integrity of the certificate. (D)

Which component is contained within the certificates issued by Certificate Authorities?

A public key for secure communications. (A)

What does the presence of a signed certificate from a CA indicate?

The CA has verified the owner's identity. (A)

What happens if a CA issues a certificate without proper validation?

It may lead to security breaches due to unverified identity. (D)

What is a common practice among many home users regarding their wireless routers?

Keeping the default passwords (A)

Why do some devices come with permissive settings?

To facilitate ease of use for consumers (A)

What risk is associated with leaving wireless routers at default settings?

Vulnerability to unauthorized access (C)

What is often sacrificed by home users for the sake of ease regarding wireless network security?

Data privacy (C)

Which security practice is often overlooked by users for convenience?

Changing default passwords (A)

What does AutoPlay provide in relation to new media?

It offers additional controls and prompts user actions. (B)

Where can you configure the actions associated with specific media?

In the AutoPlay window from Control Panel. (D)

Which of the following statements about AutoPlay is untrue?

AutoPlay only works with audio files. (A)

What is NOT a function of the AutoPlay feature?

Automatically updating software applications. (C)

Which component is used to access the AutoPlay configuration options?

Control Panel (C)

Flashcards

Network Authentication Database

A database used by network devices for authenticating administrative users.

Email Security Appliance (ESA)

An appliance (device) that filters spam and suspicious emails from incoming mail.

Security Policy

A document outlining rules for accessing network resources.

Authorized Users

Identifies people allowed to use network resources.

Password Policy

A set of requirements for creating strong passwords.

Acceptable Use Policy

Details appropriate ways to use network resources.

Incident Response Plan

Describes how security incidents are handled.

Local Security Policy

This feature allows IT staff to manage security settings on Windows computers.

Security Policy Categories

Groups of security settings related to a specific area, like user accounts or network access.

Implementing Recommendations

The process of implementing changes to a system's security based on your security policies.

Local Security Policy (on Windows)

A specific type of security policy that applies to a single Windows computer.

Default Network Settings

Default passwords and open wireless authentication settings are often used by home users for simplicity, but pose a serious security risk.

Permissive Device Settings

Some devices come preconfigured with weak security settings, increasing vulnerability to attacks.

Certificate Authorities (CAs)

Organizations that issue digital certificates to websites, verifying their identity and trustworthiness.

Digital Certificate

A digital document that contains a website's public key and other information, signed by a Certificate Authority.

Domain Name

A unique string of characters that identifies a website or server.

Public Key

A unique, publicly available key used for encrypting data sent to a website.

Certificate Validation

The process of verifying the authenticity and integrity of a digital certificate.

AutoPlay

Automatic actions that can be set to respond to specific media types (like music or videos) when they're inserted or opened. This helps streamline workflows and provide context-based actions.

AutoPlay Settings

A feature that allows you to configure the actions associated with different media formats to automatically launch programs, open files, or take other actions.

AutoPlay Window

A window within the Control Panel where you can customize how your computer handles different media types when they're inserted or opened. This window allows you to set specific actions for each type of media.

Specific Media

Media types like music, videos, photos, and document files. Each media type can have a different action associated with it, like opening a program or displaying a preview.

Control Panel

A user interface element within the Control Panel that lets you manage and configure various system settings, including AutoPlay. It provides access to a wide array of options.

Study Notes

Module 13: Introduction

• This chapter reviews attacks that threaten the security of computers and data.
• An IT technician is responsible for data and computer security.
• Understanding threats to physical equipment (servers, switches, wiring) and data threats (authorized access, theft, loss) is crucial for successful computer security.

Security Threats

• Malware is the greatest and most common threat.
• Types of malware include viruses, Trojan horses, adware, ransomware, rootkits, spyware, and worms.
• Techniques to protect against malware include proper antivirus software, avoiding suspicious websites, and downloading software from trusted sources.
• TCP/IP attacks also threaten networks.
• Social engineering exploits human weaknesses.
• Types include phishing, pretexting, baiting, and dumpster diving.
• A security policy defines security objectives for an organization, including authorized access and network use. A good policy specifies acceptable network usage, password requirements, remote access procedures, and how security incidents are handled.
• Host-based firewalls (e.g., Windows Defender) can be configured to control access to programs and ports.
• Wireless security configurations are crucial to protect networked devices.

Malware

• Malware is malicious software.
• It's typically installed without user knowledge.
• Malware actions include altering computer configuration, deleting files, corrupting drives, collecting information, or opening extra windows.
• Cybercriminals use various methods, such as infected websites, outdated antivirus, or unsolicited emails, to install malware.
• Different types of malware exist for various purposes (e.g., non-compliant/legacy systems are particularly vulnerable).

Viruses and Trojan Horses

• Viruses are the first and most common type of malware. Propagation requires human action (e.g., opening an email attachment or USB drive).
• Viruses alter, corrupt, or delete files. They can also capture information and spread by exploiting email accounts.
• A Trojan horse appears useful, but hides malicious code. Often contained in free programs.
• Various types of Trojan horses exist (remote-access, destructive, proxy, FTP, etc.).

Other Malware Types

• Adware: Displays unwanted advertisements (pop-ups, toolbars, redirects).
• Ransomware: Encrypts files and demands payment for decryption.
• Rootkits: Gain administrator-level access to computers via concealed methods.
• Spyware: Gathers user information without consent, ranging from low to high threat. May steal passwords, email addresses, or financial details.
• Worms: Self-replicating programs that spread via networks and exploit vulnerabilities.

Preventing Malware

• Identifying and researching malware symptoms.
• Quarantining infected systems.
• Disabling system restore (in Windows).
• Remediating infected systems.
• Scheduling scans and running updates.
• Enabling system restore and creating restore points.
• Educating users is vital for preventative measures.

Anti-Malware

• Anti-malware programs continuously scan for known malware patterns. They can also use heuristic techniques to detect malicious behavior.
• Running a scan when the machine initializes ensures malware is detected as early as possible.
• Anti-malware checks for signs of malware, such as malicious file types, while in the background.
• Multiple anti-malware programs may negatively impact processing speed.

Network Attacks

• Attackers often use reconnaissance techniques to gather information about a target (e.g,. Google searches, WHOIS data).
• Examples of attacks include ping sweeps, port scans, vulnerability scans, and exploit tools.
• TCP/IP attacks like Denial of Service (DoS) can overwhelm target devices by flooding requests.
• A variant of DoS, DDoS, exploits multiple compromised hosts to overwhelm a target.
• Other attacks, such as DNS poisoning, trick computers into accessing malicious servers. Man-in- the-middle attacks intercept communications, and replay attacks reuse stolen packets.

Zero-Day Attacks

• Zero-day is the day an unknown vulnerability is found.
• Zero-hour is the moment the exploit is discovered.
• A zero-day vulnerability exists between the discovery and the development of a solution.

Protecting Against Network Attacks

• The goal is a layered approach to security (e.g., VPNs for remote access; ASA and IPS (intrusion prevention systems) to monitor and potentially block traffic; AAA servers for credential management).
• Security must also be enforced on mobile devices and the network.

Social Engineering

• Cybercriminals employ social engineering to trick individuals.

• Baiting involves enticing victims with potentially dangerous files or gifts.

• Impersonation is pretending to be an authorized entity.

• Tailgating is gaining access after an authorized user.

• Shoulder surfing is observing a user's actions to acquire login credentials.

• Dumpster diving is searching through trash for discarded sensitive information.

• Pretexting is extracting private information based on a false pretense.

• Phishing is sending an email pretending to be from a trusted entity.

Security Procedures and Policies

• A security policy helps ensure security for a network, the data, and their components.
• Policies typically address identification and authentication, acceptable use, remote access, network maintenance, and incident handling.
• Organizations may define policies based on their asset types and level of security required.
• Securing physical equipment is as important as securing digital information (e.g. employee badges, mantraps, secure server rooms, and proper locking mechanisms).

Protecting Data

• Data is a valuable organizational asset.
• It includes research, development, sales, finances, human resources, legal, employee, contractor, and customer data.
• Data loss or corruption presents risks such as legal action, financial penalties, reputational damage, and loss of competitive advantage.
• Several strategies help protect data, for example, data backups on removable media or cloud storage and encryption mechanisms.

File and Folder Permissions

• Permissions control file access for individuals and groups, limiting access.
• Understanding data location and modifications determines permission propagation.
• Least privilege: Users should have only the necessary access.
• Folder redirection allows users to access files on a network regardless of their location.

File and Folder Encryption

• Encryption protects data confidentiality.
• Windows uses the Encrypting File System (EFS) for file encryption.

Windows BitLocker and BitLocker to Go

• BitLocker encrypts entire drives.
• BitLocker to Go allows encryption of removable drives.
• A TPM chip is often used with BitLocker.

Security Maintenance

• Devices and systems may have default security settings. Restrictive settings improve security, but can be harder to administer.
• AutoPlay should be disabled to prevent malicious script execution, especially when using floppy disks, CDs, or USB drives.
• Security patches for operating systems are crucial for preventing and mitigating existing vulnerabilities.

Wireless Security

• Wireless networks are vulnerable to attack due to radio transmissions. Security measures include using robust authentication methods, securing the wireless access point (like changing the name and password), and regularly updating firmware on the device.

Firewall Configurations

• Firewalls control internet traffic, and their configurations include packet filtering, stateful inspection, and proxy.

Port Forwarding and Port Triggering

• Using port forwarding, specific network traffic for applications will be routed to a specific device.
• When traffic reaches a router, port forwarding determines the destination.
• Port triggering temporarily forwards data to inbound ports when an outbound request is made to a specific type of program or device.

Universal Plug and Play (UPnP)

• UPnP has security vulnerabilities.
• Disabling UPnP adds an additional level of security.

Windows Firewall

• Software firewalls (e.g., Windows Defender) set inbound and outbound rules.
• Firewalls use rules to control traffic (e.g., port numbers).
• Advanced Security settings allow for more precise control of incoming and outgoing traffic.

Description

Test your knowledge on network security policies and the functions of Email Security Appliances (ESA). This quiz covers user authentication, security policy components, and more related to network device security. Perfect for IT professionals looking to reinforce their understanding of these critical topics.