Network Security Policies and Email Security

Questions and Answers

What type of database is used to authenticate administrative users in network devices?

Access database

Security database

User database

Authentication database (correct)

What is the primary function of the Email Security Appliance (ESA)?

To store email messages

To filter spam and suspicious emails (correct)

To manage user access

To secure email servers

Which of the following is NOT a function of the Email Security Appliance (ESA)?

Filtering spam

Blocking suspicious attachments

Identifying phishing attempts

Sending promotional emails (correct)

Which network function is primarily concerned with user authentication?

User authentication

What type of threats does the Email Security Appliance (ESA) primarily address?

Phishing and spam

What feature can IT staff use to implement recommendations on a Windows host?

Local Security Policy

Which of the following is NOT a function associated with the Local Security Policy?

Managing software updates

In which category can IT staff learn more about security policy?

Security Policy Categories

What is a key component that a good security policy should specify?

Minimum requirements for passwords

Which of the following roles is responsible for using Local Security Policy on a Windows host?

IT Staff

Which aspect is NOT typically included in a good security policy?

The budget for network upgrades

What can be customized using the Local Security Policy feature?

User account control settings

How should remote users access the network according to a good security policy?

By following specified guidelines

Who should be authorized to access network resources as per a good security policy?

Specified individuals as defined in the policy

What should a security policy include regarding incidents?

Guidelines on how incidents will be handled

What is the primary role of Certificate Authorities (CAs) in relation to domains?

To issue certificates that contain a public key.

Why do Certificate Authorities sign the certificates they issue?

To ensure the authenticity and integrity of the certificate.

Which component is contained within the certificates issued by Certificate Authorities?

A public key for secure communications.

What does the presence of a signed certificate from a CA indicate?

The CA has verified the owner's identity.

What happens if a CA issues a certificate without proper validation?

It may lead to security breaches due to unverified identity.

What is a common practice among many home users regarding their wireless routers?

Keeping the default passwords

Why do some devices come with permissive settings?

To facilitate ease of use for consumers

What risk is associated with leaving wireless routers at default settings?

Vulnerability to unauthorized access

What is often sacrificed by home users for the sake of ease regarding wireless network security?

Data privacy

Which security practice is often overlooked by users for convenience?

Changing default passwords

What does AutoPlay provide in relation to new media?

It offers additional controls and prompts user actions.

Where can you configure the actions associated with specific media?

In the AutoPlay window from Control Panel.

Which of the following statements about AutoPlay is untrue?

AutoPlay only works with audio files.

What is NOT a function of the AutoPlay feature?

Automatically updating software applications.

Which component is used to access the AutoPlay configuration options?

Control Panel

Study Notes

Module 13: Introduction

• This chapter reviews attacks that threaten the security of computers and data.
• An IT technician is responsible for data and computer security.
• Understanding threats to physical equipment (servers, switches, wiring) and data threats (authorized access, theft, loss) is crucial for successful computer security.

Security Threats

• Malware is the greatest and most common threat.
• Types of malware include viruses, Trojan horses, adware, ransomware, rootkits, spyware, and worms.
• Techniques to protect against malware include proper antivirus software, avoiding suspicious websites, and downloading software from trusted sources.
• TCP/IP attacks also threaten networks.
• Social engineering exploits human weaknesses.
• Types include phishing, pretexting, baiting, and dumpster diving.
• A security policy defines security objectives for an organization, including authorized access and network use. A good policy specifies acceptable network usage, password requirements, remote access procedures, and how security incidents are handled.
• Host-based firewalls (e.g., Windows Defender) can be configured to control access to programs and ports.
• Wireless security configurations are crucial to protect networked devices.

Malware

• Malware is malicious software.
• It's typically installed without user knowledge.
• Malware actions include altering computer configuration, deleting files, corrupting drives, collecting information, or opening extra windows.
• Cybercriminals use various methods, such as infected websites, outdated antivirus, or unsolicited emails, to install malware.
• Different types of malware exist for various purposes (e.g., non-compliant/legacy systems are particularly vulnerable).

Viruses and Trojan Horses

• Viruses are the first and most common type of malware. Propagation requires human action (e.g., opening an email attachment or USB drive).
• Viruses alter, corrupt, or delete files. They can also capture information and spread by exploiting email accounts.
• A Trojan horse appears useful, but hides malicious code. Often contained in free programs.
• Various types of Trojan horses exist (remote-access, destructive, proxy, FTP, etc.).

Other Malware Types

• Adware: Displays unwanted advertisements (pop-ups, toolbars, redirects).
• Ransomware: Encrypts files and demands payment for decryption.
• Rootkits: Gain administrator-level access to computers via concealed methods.
• Spyware: Gathers user information without consent, ranging from low to high threat. May steal passwords, email addresses, or financial details.
• Worms: Self-replicating programs that spread via networks and exploit vulnerabilities.

Preventing Malware

• Identifying and researching malware symptoms.
• Quarantining infected systems.
• Disabling system restore (in Windows).
• Remediating infected systems.
• Scheduling scans and running updates.
• Enabling system restore and creating restore points.
• Educating users is vital for preventative measures.

Anti-Malware

• Anti-malware programs continuously scan for known malware patterns. They can also use heuristic techniques to detect malicious behavior.
• Running a scan when the machine initializes ensures malware is detected as early as possible.
• Anti-malware checks for signs of malware, such as malicious file types, while in the background.
• Multiple anti-malware programs may negatively impact processing speed.

Network Attacks

• Attackers often use reconnaissance techniques to gather information about a target (e.g,. Google searches, WHOIS data).
• Examples of attacks include ping sweeps, port scans, vulnerability scans, and exploit tools.
• TCP/IP attacks like Denial of Service (DoS) can overwhelm target devices by flooding requests.
• A variant of DoS, DDoS, exploits multiple compromised hosts to overwhelm a target.
• Other attacks, such as DNS poisoning, trick computers into accessing malicious servers. Man-in- the-middle attacks intercept communications, and replay attacks reuse stolen packets.

Zero-Day Attacks

• Zero-day is the day an unknown vulnerability is found.
• Zero-hour is the moment the exploit is discovered.
• A zero-day vulnerability exists between the discovery and the development of a solution.

Protecting Against Network Attacks

• The goal is a layered approach to security (e.g., VPNs for remote access; ASA and IPS (intrusion prevention systems) to monitor and potentially block traffic; AAA servers for credential management).
• Security must also be enforced on mobile devices and the network.

Social Engineering

• Cybercriminals employ social engineering to trick individuals.

• Baiting involves enticing victims with potentially dangerous files or gifts.

• Impersonation is pretending to be an authorized entity.

• Tailgating is gaining access after an authorized user.

• Shoulder surfing is observing a user's actions to acquire login credentials.

• Dumpster diving is searching through trash for discarded sensitive information.

• Pretexting is extracting private information based on a false pretense.

• Phishing is sending an email pretending to be from a trusted entity.

Security Procedures and Policies

• A security policy helps ensure security for a network, the data, and their components.
• Policies typically address identification and authentication, acceptable use, remote access, network maintenance, and incident handling.
• Organizations may define policies based on their asset types and level of security required.
• Securing physical equipment is as important as securing digital information (e.g. employee badges, mantraps, secure server rooms, and proper locking mechanisms).

Protecting Data

• Data is a valuable organizational asset.
• It includes research, development, sales, finances, human resources, legal, employee, contractor, and customer data.
• Data loss or corruption presents risks such as legal action, financial penalties, reputational damage, and loss of competitive advantage.
• Several strategies help protect data, for example, data backups on removable media or cloud storage and encryption mechanisms.

File and Folder Permissions

• Permissions control file access for individuals and groups, limiting access.
• Understanding data location and modifications determines permission propagation.
• Least privilege: Users should have only the necessary access.
• Folder redirection allows users to access files on a network regardless of their location.

File and Folder Encryption

• Encryption protects data confidentiality.
• Windows uses the Encrypting File System (EFS) for file encryption.

Windows BitLocker and BitLocker to Go

• BitLocker encrypts entire drives.
• BitLocker to Go allows encryption of removable drives.
• A TPM chip is often used with BitLocker.

Security Maintenance

• Devices and systems may have default security settings. Restrictive settings improve security, but can be harder to administer.
• AutoPlay should be disabled to prevent malicious script execution, especially when using floppy disks, CDs, or USB drives.
• Security patches for operating systems are crucial for preventing and mitigating existing vulnerabilities.

Wireless Security

• Wireless networks are vulnerable to attack due to radio transmissions. Security measures include using robust authentication methods, securing the wireless access point (like changing the name and password), and regularly updating firmware on the device.

Firewall Configurations

• Firewalls control internet traffic, and their configurations include packet filtering, stateful inspection, and proxy.

Port Forwarding and Port Triggering

• Using port forwarding, specific network traffic for applications will be routed to a specific device.
• When traffic reaches a router, port forwarding determines the destination.
• Port triggering temporarily forwards data to inbound ports when an outbound request is made to a specific type of program or device.

Universal Plug and Play (UPnP)

• UPnP has security vulnerabilities.
• Disabling UPnP adds an additional level of security.

Windows Firewall

• Software firewalls (e.g., Windows Defender) set inbound and outbound rules.
• Firewalls use rules to control traffic (e.g., port numbers).
• Advanced Security settings allow for more precise control of incoming and outgoing traffic.

Description

Test your knowledge on network security policies and the functions of Email Security Appliances (ESA). This quiz covers user authentication, security policy components, and more related to network device security. Perfect for IT professionals looking to reinforce their understanding of these critical topics.