chapter 8 pc operating class

Questions and Answers

What is a privacy screen used for?

To secure a server in a rack

To prevent screen reading from wide angles (correct)

To control access to network ports

To lock a laptop to a table

Which type of lock could use biometric data for security?

Biometric lock (correct)

Keyed lock

Kensington lock

Combination lock

What is the primary function of port locks?

To secure laptops to tables

To restrict access to exposed ports (correct)

To prevent unauthorized access to server data

To keep private data under lock and key

For securing a laptop to a table, which lock would be most appropriate?

Kensington lock

In a corporate environment, what purpose would a server lock serve?

To hold corporate data securely

Which method should be used to prevent unauthorized access to the internal components of a desktop computer?

Using a computer case lock and key

Which security measure is most suitable for preventing laptop theft?

Using a cable lock system

What is a primary function of using a computer case lock and key for a desktop?

To prevent unauthorized physical intrusion

In terms of physical security, which device is specifically designed to secure a laptop to a fixed object?

Cable lock system

How can you prevent unauthorized access to the internal components of a desktop computer?

Using a computer case lock and key

Which type of security device in the image is noted as tamper-evident?

Wire loop seal

What is indicated by the serial number 200000 in the image?

An identifier for the wire loop seal

Which device in the image can only be used once?

Wire loop seal

Which of the following devices in the image is NOT specifically labeled?

PAD

What is the primary material characteristic of the wire loop seal mentioned in the image?

Tamper-evident

What is an important feature of a mantrap?

First door must close before second door can open

What might a security guard maintain to control entry?

An entry control roster

Which of the following is NOT a characteristic of a mantrap?

Both doors can remain open simultaneously

Why might engraving ID information into a theft-prevention plate be effective?

It deters unauthorized access by making ownership identifiable

What might be required when using a mantrap?

Multiple forms of separate ID

What is the main function of antivirus/anti-malware software?

To monitor a device for harmful activity

What is the purpose of email filtering?

To filter out suspicious messages based on known databases

What is one function of Data Loss Prevention (DLP) software?

To help protect against leaking corporate data

Why should you only download software from trusted sources?

To avoid harmful or malicious software

What do Access Control Lists (ACL) do?

Control access to particular resources

What is the purpose of port security on a switch?

To limit the number of devices that can connect to a switch

How does MAC address filtering enhance network security?

By providing a whitelist of allowed MAC addresses

What type of security measure could you use to control data transmission over a remote connection?

VPN

Which security measure involves specifying the number of MAC addresses acceptable on a switch port?

MAC address filtering

Which feature safeguards communication between a user's device and a private network?

VPN

Which of the following tools does Mobile Device Management (MDM) software provide?

Tracking mobile devices

Which of the following is included as an MDM policy?

Security policy enforcement

What capability does MDM software offer for data security on mobile devices?

Data erasure upon device theft

What is one of the data protection measures required by MDM policies?

Data encryption requirements

Which of these is NOT typically an MDM policy?

Administering web hosting services

Which of the following is a part of enforcing a password policy?

Ensuring password reset frequency

Which factor in multifactor authentication refers to something the user knows?

A password

What does two-factor authentication (2FA) usually combine?

What the user knows and what the user possesses

Which method increases authentication security by using biometric data?

Using two-factor authentication

What is an example of something the user possesses in multifactor authentication?

A smart card

Which of the following is a characteristic of a smart card used as a hardware security token?

Contains an embedded microprocessor

What is the primary function of a digital certificate in software security tokens?

To act as a digital signature verifying identity

Who assigns digital certificates?

Certificate Authority

Which of the following is NOT a type of hardware security token?

Software token app

Which device typically stores a software token?

Smartphone

What does AAA stand for in the context of network security?

Authentication, Authorization, and Accounting

Which protocol is specifically designed for the centralized management of network authentication services?

RADIUS

Which of the following is not a function typically associated with TACACS+?

Data Encryption

What is the primary purpose of the accounting function in AAA?

To track users' access and services used

Which solution among the following is considered a popular choice for providing AAA services in large networks?

RADIUS

Which of the following encryption methods is used by RADIUS?

Encrypts user passwords only

What is the primary use of TACACS+?

Cisco network device administrative access

Which characteristic differentiates RADIUS and TACACS+ in terms of protocol?

RADIUS uses UDP, TACACS+ uses TCP

Which network types are supported by both RADIUS and TACACS+?

Wired and VPN

What protocol does RADIUS rely on for transmission across corporate networks?

UDP

Which of the following describes the encryption used by TACACS+?

Encrypts every message

What does an Acceptable Use Policy (AUP) document explain?

What users can and cannot do on the corporate network

Which action should users take to prevent shoulder surfing?

Be aware of their surroundings and shield their monitor screen

What should a user do every time they step away from their workstation?

Lock down their workstation

What does tailgating refer to in a security context?

Following an employee through a secured entrance without authorization

Which of the following is a key security measure for password management?

Never give out passwords to anyone

Which type of phishing appears to come from companies you already do business with?

Spear phishing

What does spoofing involve?

Making both the email and the website look like the real thing

What does phishing typically aim to achieve?

Getting users to give away personal data

How might a hacker use dumpster diving?

By searching through trash for valuable information

Which manipulation technique involves sending a general scam email asking for personal data?

Phishing

Which of the following websites can help debunk a virus hoax?

all of the above

What should you do to protect your laptop when traveling?

Always know where your laptop is

Which measure should you take to secure your laptop at work?

Lock it in a secure place or use a laptop cable lock

Which rule is crucial for safeguarding your laptop in an unlocked car?

Never leave a laptop in an unlocked car

Which site is known for investigating urban legends including virus hoaxes?

snopes.com

What is the primary characteristic of malicious software?

It means harm and is transmitted without the user's knowledge

Which of the following best describes grayware?

A program that is annoying and unwanted but might not intend harm

Which of the following is NOT true about malicious software?

It can be classified as grayware

How does grayware typically differ from malware?

Grayware may or may not intend harm, whereas malware always intends harm

What is a common characteristic shared by both malicious software and grayware?

Both are annoying and unwanted

Which program can replicate itself by attaching to other programs?

Virus

What is the primary function of spyware?

Spies on a user and collects personal information

Which of the following is an example of spyware?

Keylogger

Which type of malware is characterized by its ability to overload networks?

Worm

What makes a worm different from a virus?

Worms spread without needing a host program

Which malware substitutes itself for a legitimate program?

Trojans

Which type of malware can hide in the boot manager?

Rootkits

What does ransomware do to a computer system?

Holds the system hostage until a ransom is paid

Which of the following can hijack internal Windows components to mask information?

Rootkits

What distinctive feature do trojans have compared to other types of malware?

Does not need a host program to work

In which mode can a rootkit intercept data from Task Manager and Explorer?

User-mode

Which component is resistant to user-mode rootkit interception?

Kernel-mode processes

What can a kernel-mode rootkit intercept?

Data from kernel-mode processes

Which of the following is NOT a target of rootkit data interception?

Hardware components

What does Figure 8-13 illustrate about rootkits?

Rootkits can run in both user mode and kernel mode.

What is the primary characteristic of a zero-day attack?

It exploits a security hole unknown to the developer.

Which attack involves intercepting and potentially altering communications between two parties?

Man-in-the-middle attack

What does a DoS attack primarily aim to do?

Prevent new connections by overwhelming a system with traffic

When does a hacker typically take advantage of a recently reported software security gap?

In a Zero-day attack

Which attack involves multiple computers to achieve its purpose?

Distributed denial-of-service attack

What is the primary purpose of a zombie computer in a cyber attack?

To run repetitive software in the background

What distinguishes a botnet from a single zombie computer?

A botnet refers to an entire network of zombie computers

What technique relies on trying words from a dictionary to crack a password?

Dictionary attack

What do rainbow tables contain that aids in password cracking?

Encrypted password lists and corresponding plaintext passwords

Which of the following best describes a rainbow table attack?

It matches precomputed hash values with their plaintext passwords

Which product is designed to scan devices for noncompliance?

System Center Configuration Manager by Microsoft

What is a common reason for scanning BYOD and corporate-owned devices?

To identify noncompliant systems

Which of the following violates security best practices?

Noncompliant systems

Who needs techniques in place to routinely scan devices for noncompliance?

System Administrators

What does System Center Configuration Manager primarily address?

Device noncompliance

Which of the following is a common symptom of malware affecting system performance?

Slow performance or lock ups

What might suggest the presence of rogue antivirus software on a computer?

Rogue antivirus software

Which of these issues can indicate problems with digital certificates due to malware?

Invalid digital certificates

Which symptom is likely associated with problems updating anti-malware software?

Problems updating anti-malware software

What does browser redirection typically signal about a computer's security status?

Malware is likely present

What does the Action Center indicate about the status of Windows Defender?

Windows Defender has been disabled.

What is the first step to take if an infected computer is connected to a wired or wireless network?

Disconnect the cable or turn off the wireless adapter

What must be done before cleaning up an infected system?

Back up data to another media

When downloading anti-malware software for an infected computer, what should you do with the other computers?

Disconnect them from the network

Which network state is necessary for a quarantined computer?

Completely disconnected from the regular network

Why is it necessary to boot into Safe Mode with Networking after connecting to the ISP to download anti-malware software?

It allows the system to operate with minimal resources and services

Why is it necessary to turn off System Protection when removing malware?

Because it allows anti-malware software to access the System Volume Information folder

What is a significant consequence of turning off System Protection?

Loss of all current system restore points

Where do some types of malware hide their program files which renders anti-malware software ineffective if System Protection is on?

In the System Volume Information folder

What steps should be followed to turn off System Protection?

Open Control Panel -> System -> System protection

What could happen if you don’t turn off System Protection while running anti-malware software?

Anti-malware software won't be able to clean the System Volume Information folder

What should you check before selecting anti-malware software?

Reviews and ratings from reliable websites

Which condition may prevent a computer from booting if infected?

Infected or damaged boot manager, boot loader, or kernel mode drivers

What environment should you launch into if an infected computer will not boot?

Windows Recovery Environment (Windows RE)

Which process should be used in Windows Recovery Environment to repair a system that will not boot?

Startup Repair

Which of the following might be a reason an infected computer will not boot?

Infected boot manager, boot loader, or kernel mode drivers

What should you do after updating anti-malware software?

Run a full scan

Which method can be used to run anti-malware software if the computer system is severely infected and unstable?

Install and run anti-malware software in safe mode

What is one method to perform an anti-malware scan before the operating system boots?

Run an anti-malware scan from a bootable media

Why would you run more than one anti-malware scan with different software?

To ensure all types of malware are detected

Which method allows you to run anti-malware software from a clean environment and avoid further infection?

Run anti-malware software from a networked computer

Which task should be performed to address issues that appear when a system starts?

Respond to any startup errors

Why is it necessary to research malware types and program files after an infection?

To understand how the malware operates and eliminate it

Which of the following actions would help in removing remnants of malware from the Windows registry?

Cleaning the registry

What might you do to ensure browsers are free from malicious extensions and software?

Clean up browsers and uninstall unwanted programs

Which step involves actively removing unwanted and malicious software components left on a system?

Delete files

What is essential for keeping a system clean from malware?

Using anti-malware software

Which practice ensures your system is safeguarded from unauthorized access?

Keeping Windows updates current

Why is it important to use a software firewall?

It provides protection against malware

What should you do to maintain a clean system after removing malware?

Schedule regular system scans

Which action is a best practice to protect a system against malware?

Using anti-malware software

When should you turn System Protection back on?

After the system is clean

What is the purpose of creating a restore point?

To restore system settings to a specific point in time

Which of the following is essential before creating a restore point?

Cleaning the system from malware or viruses

What could happen if System Protection is not turned on after cleaning the system?

You will not be able to create new restore points

How often should a restore point ideally be created?

Before installing new software

What should you educate the user about to keep the system free from malware?

Tips on how to avoid downloading Trojans

Despite all security measures, what risk still remains that users should be aware of?

Downloading and executing a Trojan

Why is user education essential in malware prevention?

To teach them how to recognize and avoid malware, such as Trojans

What is a Trojan and why is it dangerous?

Malware that disguises itself as legitimate software

What is one crucial aspect of maintaining a secure system environment?

Regularly educating users on malware prevention

Why do IT departments rely on good documentation and security policies?

To set expectations and standards for security in the entire organization

Which of the following is not mentioned as part of the chapter covering best practices for documentation and security policies?

Methods for data encryption

What is one of the key areas covered in the chapter about best practices for documentation and security policies?

Types of documentation

For what purpose do IT departments use good security policies?

To set expectations and standards for security in the entire organization

Which of the following is a fundamental aspect of good documentation for IT departments?

Setting expectations and standards for security

What might a knowledge base include?

Articles containing text, images, or video

What is the primary purpose of inventory management in network documentation?

To track end-user devices, IP addresses, and software licenses

Which feature might be used in inventory management to help with asset tracking?

Asset tags and theft-prevention plates with barcodes

Which type of documentation would include a map of a network topology?

Network topology diagrams

What might be included in a knowledge base for a product?

A collection of informational articles and videos

What is a key responsibility of a change manager?

Defining how new software will affect people

How is change management integrated with project management?

It is closely integrated and often involves the same teams

What ensures that people affected by a project can transition smoothly to the end result?

Well-managed change processes

Which of the following is NOT a task likely to be managed by a change manager?

Developing new product features

Which statement about change management is accurate?

It involves managing communication, scheduling, training, and support

What is the initial step in the general flow of change management?

Purpose of change

Which component is NOT included in the documented change plans?

End-user acceptance

At what stage is the Request for Comments (RFC) sought?

After documented change plans

What does the CAB stand for in change management?

Change Advisory Board

What criteria is used to determine if a change was successful?

Purpose fulfilled, end-user acceptance, completed on time and within budget

What is one of the primary goals of documented business processes?

Achieving an efficient and cost-effective service

Which of the following best describes the purpose of a change request process?

To propose and formally submit necessary changes

When are complex changes often submitted to a change advisory board (CAB)?

When they require high-level management approval

Which of the following is NOT a typical desired business goal of documented business processes?

High employee turnover

What does a change request process typically specify?

What needs to be changed

Which of the following is NOT typically included in the scope of a change plan?

Amount of budget allocated for the change

In change management, what is the primary purpose of risk analysis?

To identify potential problems and prevent surprises or crises

Which of the following aspects is included in the change plan to measure its success?

How success is measured and the completion criteria

Which characteristic best defines the scope of change in a change plan?

Key components of the change and their addressing methods

What does the process of risk analysis primarily seek to achieve in change management?

Identifying potential problems

Which of the following statements accurately describes change documentation in smaller organizations?

They may manually document changes using tools like MS Word or Excel

What is a common practice in documenting change plans?

Updating change plans throughout the entire change management process

Why might large organizations prefer software like Alloy Software for change management?

It automates and streamlines the documentation process

Which of the following is NOT a characteristic of change documentation mentioned?

Documentation is done only at project completion

What is a distinguishing factor between how large and small organizations document changes?

Large organizations often use specialized software, while small organizations may use basic tools like MS Word or Excel

Which type of regulated data specifically deals with health information?

PHI

What does GDPR stand for and which region does it apply to?

General Data Protection Regulation; European Union

Which of the following best describes regulatory and compliance policies?

A collection of regulations, policies, and laws specific to each industry

What type of information is protected under PCI standards?

Credit card data

What is considered PII in the context of data regulation?

Personal identity information

Which type of regulated data focuses on protecting personal identity?

PII (personally identifiable information)

What is the main purpose of GDPR?

Ensuring data protection and privacy for individuals within the EU

Which of the following is considered regulated data under Payment Card Industry standards?

Credit card numbers

Which type of information is protected under PHI?

Medical records

Regulatory and compliance policies are applicable to which of the following?

All industries

Who holds the right to copy a piece of work, as mentioned in the content?

The creator of the work

What document states your rights to use or copy software when you install it?

End User License Agreement (EULA)

What is the consequence of making unauthorized copies of original software?

It is considered software piracy

What does a commercial license grant the user?

The right to use the software

Who can transfer the right to copy a work to others?

The creator of the work

What is considered an incident in a corporate environment?

Negative impact on safety or corporate resources

Which activity is part of the first response duties for prohibited content and activities?

Identify and go through proper channels

What is NOT included in the first response duties following an incident?

Immediate media briefing

Which of the following steps helps in preserving evidence during an incident response?

Preserve data and devices

What does incident documentation involve?

Documenting the sequence of events

What is the primary purpose of using a degausser?

To expose a storage device to a strong electromagnetic field

Which method is specifically recommended for sanitizing solid-state devices?

Using a Secure Erase utility

Which of the following methods is used to destroy printed documents?

Use a shredder

What does physically destroying the storage media achieve?

It completely erases data by making the media unusable

Which method should NOT be used for sanitizing magnetic storage devices?

Using a Secure Erase utility

Which security method is used to prevent unauthorized physical access to a server?

A locked door

Which of the following is a logical security control to restrict network access?

VPN connection

What additional user authentication method can be used in large networks other than a Windows password?

Multifactor authentication

Which AAA service is used for centralized management of network authentication?

RADIUS

Which security measure helps in protecting a laptop when traveling?

Engraving ID information on a theft-prevention plate

Which of the following is a symptom of malware?

You see pop-up ads frequently

What should be done first when cleaning up an infected system?

Quarantine the infected system

Which type of malware involves using a large number of compromised devices to overwhelm a target?

DDoS attacks

What is an example of security documentation?

Acceptable use policy

What should be done after remediating the system in the malware clean-up process?

Enable System Protection

Which of the following is NOT considered a type of malware?

Adware

What is the purpose of a chain-of-custody document?

To provide a paper trail of evidence in a criminal case

Which tool is NOT mentioned for data destruction?

Flash drive

What type of data may be protected by regulatory and compliance policies?

PII, PHI, PCI, and GDPR

What type of certificate might a professional data destruction service provide?

Certificate of destruction

Which of the following is NOT a method for destroying data?

Encryption

Study Notes

Best Practices for Physical Security

• Privileged data should be stored in a locked environment to maintain confidentiality.
• Door and safe locking options include:
• Keyed locks
• Combination locks
• Biometric locks
• Server locks or cable locks can be used to secure devices holding sensitive corporate data to prevent theft or tampering.
• Cable locks, also known as Kensington locks, can be used to physically secure laptops or computers to tables or immovable objects.

Securing Devices and Ports

• Server locks are commonly used on computers that store corporate data to restrict unauthorized access.
• Port locks can be used to restrict physical access to exposed ports on devices, preventing unauthorized connections.

Protecting Displayed Data

• Privacy screens can be fitted over displays to prevent sensitive information from being read from a wide angle, maintaining confidentiality.

Physical Security Best Practices

• Private data should be stored in locked areas or containers, such as safes or locked rooms
• Door locks and safes can be secured using keyed locks, combination locks, or biometric locks

Securing Devices

• Server locks are used to secure computers that hold corporate data
• Cable locks or Kensington locks can be used to secure laptops or computers to tables, preventing theft or tampering
• Computer cases can be locked with a computer case lock and key to prevent intrusion

Port Security

• Port locks can be used to restrict physical access to exposed ports

Display Security

• Privacy screens can be used to prevent screens from being read from a wide angle

Physical Security Devices

• Reusable port locks are available for securing computer ports
• Wire loop seals are tamper-evident and can only be used once
• Types of security devices for computer ports include:
  • RJ-45 locks
  • PAD locks
  • USB locks
  • Wire loop seals
• A wire loop seal may have a unique serial number, such as 200000, for identification purposes

Physical Security Best Practices

• Install a theft-prevention plate to deter theft and identify stolen equipment
  • Embed the plate into the case or engrave ID information into it for maximum security

Access Control Measures

• Implement a mantrap with a security guard for enhanced access control
  • A mantrap consists of two doors on either end of a small entryway
  • The first door must close before the second door can open to prevent unauthorized access
  • Separate forms of ID might be required for each door to add an extra layer of security
  • A security guard may maintain an entry control roster, which is a list of authorized personnel

Logical Security Measures

• Antivirus/anti-malware software monitors devices for harmful activity to data or resources.
• Email filtering blocks suspicious messages based on databases of known scams, spammers, and malware.
• Data loss prevention (DLP) software protects against corporate data leakage.

Access Control

• Access control lists (ACL) regulate access to resources for users, devices, or programs.
• Trusted software sources ensure software downloads come from reputable publishers and providers.

Software-Based Security Measures

• Port Security: controls which devices can use any port or a specific port on the switch
• MAC Address Filtering: specifies the number of MAC addresses a port can accept or provides a whitelist of MAC addresses the switch will accept

Virtual Private Network (VPN)

• Data Protection: encrypts data over a remote connection to a private network

Software-Based Security Measures

• Mobile device management (MDM) software provides tools for:
  • Tracking mobile devices
  • Managing data on mobile devices
• MDM policies include:
  • Enforcement of security policies
  • Requirements for data encryption
  • Capabilities for remote wipe

User Authentication

• Increasing authentication security can be done using methods beyond a Windows password.
• Enforcing a password policy involves setting rules that define:
  • Minimum password length
  • Complexity requirements
  • Frequency of password resets

Multifactor Authentication

• Enforcing multifactor authentication enhances security by requiring two or more factors.
• In two-factor authentication (2FA), the two factors typically involve:
  • Something the user knows (e.g., Windows password)
  • Something the user possesses (e.g., a smart card or token)
  • Something the user does (e.g., typing a certain way)
  • Something the user is (e.g., biometric data, such as a fingerprint)

Hardware Security Tokens

• Two types of hardware security tokens exist: smart cards and key fobs.
• Smart cards have an embedded microprocessor installed on the card, typically under a small gold plate.
• Key fobs are another type of hardware security token.

Software Security Tokens

• Software security tokens can be stored as an app or digital certificate on a computing device.
• Software token apps are installed on smartphones or other computing devices.
• A digital certificate is like a digital signature that verifies a person or entity's identity.
• Digital certificates are assigned by a Certificate Authority (CA) that has confirmed the individual's or entity's identity.

User Authentication

• AAA (Authentication, Authorization, and Accounting) are three fundamental security measures used to secure network access.

AAA Services

• RADIUS (Remote Access Dial-In User Service) is a popular solution for providing AAA services in large networks.
• TACACS+ (Terminal Access Controller Access Control System Plus) is another widely used solution for providing AAA services in large networks.

User Authentication Characteristics

• RADIUS is primarily used for end-user network access, whereas TACACS+ is intended for Cisco network device administrative access.
• RADIUS encrypts only user passwords, whereas TACACS+ encrypts every message.
• RADIUS uses UDP, a protocol that does not guarantee transmission over the corporate network, whereas TACACS+ uses TCP, which guarantees transmissions.
• Both RADIUS and TACACS+ support various network connections, including wireless, wired, and VPN.

User Education

• Acceptable Use Policy (AUP) is a document outlining permitted and prohibited actions on a corporate network.

Security Measures for Users

• Password Security:
  • Never share passwords with anyone
  • Avoid storing passwords on computers
  • Use unique passwords for each system
• Physical Security:
  • Prevent shoulder surfing by being aware of onlookers trying to peek at your monitor screen
  • Lock down your workstation every time you leave it unattended
• Access Control:
  • Be cautious of tailgating, where an unauthorized person follows an employee through a secured entrance
  • Avoid letting others continue to use your Windows session after you've finished

Hacker Techniques

• Hackers may engage in dumpster diving, which involves searching for sensitive information in someone's trash.
• Phishing is a type of identity theft where an email scammer tricks victims into responding with personal data.
• Spear phishing is a targeted hoax email that appears to come from a company the victim already does business with.
• Spoofing involves creating a fake email and website that mimic the real thing, making it difficult to distinguish from legitimate sources.
• Malicious emails may contain links that lead to malicious scripts, which can compromise security.

Debunking Email Hoaxes and Virus Hoaxes

• Use reputable websites to verify the authenticity of emails and viruses, such as snopes.com, securelist.com, and virusbtn.com, to avoid falling prey to hoaxes.

Laptop Security When Traveling

• Always be aware of your laptop's location to prevent theft or loss.
• Avoid leaving your laptop in an unlocked car, as it can be an easy target for thieves.
• When at work, ensure your laptop is secure by locking it in a safe place or using a laptop cable lock to secure it to your desk.

Malicious Software

• Malicious software, also known as malware, refers to any unwanted program that has the intention to cause harm.
• Malware is transmitted to a computer without the user's knowledge or consent.

Grayware

• Grayware is a type of unwanted program that is annoying and unwanted.
• Grayware may or may not intend to cause harm, but it is still unwanted on a computer.

Malware Types

• Viruses: malicious programs that replicate by attaching themselves to other programs, including applications, macros, Windows system files, or boot loader programs.

Spyware Characteristics

• Spyware monitors user activity and collects personal information without consent.
• Keyloggers are a type of spyware that tracks every keystroke, allowing hackers to steal sensitive data like identities and credit card numbers.

Worms

• Worms are self-replicating malware that spread throughout networks or the internet without requiring a host program.
• Worms can cause network overloads by creating excessive traffic.

Types of Malware

• Trojans are standalone malware that don't require a host program to function.
• Trojans disguise themselves as legitimate programs, often spread through web downloads or phishing email attachments.

Rootkits

• Rootkits load before the Operating System (OS) boots up, making them difficult to detect.
• Rootkits can conceal themselves in boot managers, boot loader programs, or kernel mode device drivers.
• They can hide folders containing software they've installed, as well as hijack internal Windows components to manipulate information displayed to users.

Ransomware

• Ransomware is a type of malware that holds a computer system hostage until a ransom is paid.

Rootkit Locations

• User-mode processes, such as Task Manager and Explorer, are vulnerable to user-mode rootkit interception.
• Kernel-mode processes are susceptible to kernel-mode rootkit interception.
• Rootkits can also target files stored on the hard drive.

Rootkit Modes

• Rootkits can operate in user mode or kernel mode.
• The mode of operation determines the level of access and control the rootkit has over the system.

Types of Cyber Attacks

• A zero-day attack occurs when a hacker exploits a previously unknown security vulnerability in software, before the developer becomes aware of it and can release a patch.
• In a zero-day attack, the hacker takes advantage of a newly discovered gap in software security before users can apply patches, leaving them vulnerable to attack.

Man-in-the-Middle Attacks

• A man-in-the-middle attack involves an attacker intercepting communication between two parties, allowing them to read and/or alter the content of messages.

Denial of Service (DoS) Attacks

• A denial of service (DoS) attack involves overwhelming a computer or network with requests or traffic, preventing it from accepting new connections.
• A distributed denial-of-service (DDoS) attack is a type of DoS attack that involves multiple computers working together to overwhelm a system.

Types of Cyber Threats

• A zombie is a compromised computer that is remotely controlled by a hacker to perform malicious tasks, often running repetitive software in the background without the owner's knowledge.
• A botnet is a network of zombie computers that can be controlled remotely by an attacker to launch large-scale cyber attacks.

Password Cracking Techniques

• Dictionary Attack: a method used to crack passwords by systematically trying words found in a dictionary, often used to crack weak or commonly used passwords.
• Rainbow Tables: a precomputed table of plaintext passwords and their corresponding password hashes, used to reverse-engineer passwords from their hashed values, making it easier to crack passwords.

Threats to Security

• Noncompliant systems and security best practice violations pose a significant threat
• These threats can be found in both Bring Your Own Device (BYOD) and corporate-owned devices

Identifying Noncompliant Systems

• System administrators need techniques to regularly scan devices for noncompliance
• The goal is to identify systems that violate security best practices

Tools for Identifying Noncompliant Systems

• System Center Configuration Manager is a product designed to scan devices for noncompliance
• This product is offered by Microsoft

Malware Symptoms

• Malware presence is suspected if a system displays pop-up ads and browser redirection
• Rogue antivirus software may be installed, posing as legitimate security software
• System performance issues, such as slow performance or lockups, can indicate malware activity
• Connectivity problems, including internet connection failures, application crashes, and failed OS updates, may be caused by malware
• System and application log errors can be a sign of malware infection
• File management issues, including problems accessing or modifying files, can be a symptom of malware
• Email problems, such as undelivered or disappeared emails, may be caused by malware
• Failure to update anti-malware software can be a sign of malware blocking security updates
• Invalid digital certificates can be a sign of malware tampering with system security

Identifying Malware Symptoms through Action Center

• Action Center monitors Security, Network firewall, Windows Updates, and Virus protection to help identify malware symptoms.

Action Center Warnings

• Security warning: Windows detects the absence of antispyware software, prompting the user to install one online to protect the PC.
• Note: Avoid running multiple antivirus apps simultaneously to prevent conflicts; disable Windows Defender if using another antivirus software.
• Optional: Turn off notifications about spyware and unwanted software.

Current System Status

• Network firewall: Windows Firewall is actively protecting the PC.
• Windows Updates: Automatic installation of updates is enabled.
• Virus protection: POKeeper Antivirus is currently running, but may be a rogue software.

Quarantining an Infected System

• Immediately disconnect an infected computer from the network by removing the wired cable or turning off the wireless adapter
• A quarantined computer is isolated from the regular network to prevent the spread of malware

Downloading Anti-Malware Software

• When downloading anti-malware software, disconnect all other computers from the network
• Connect the infected computer directly to the Internet Service Provider (ISP)
• Boot the infected computer into Safe Mode with Networking to download the software

Backing Up Data

• Before cleaning the infected system, back up important data to an external media to prevent data loss

Disabling System Restore to Remove Malware

• Malware can hide in restore points in the System Volume Information folder, which is protected by System Protection.
• System Protection prevents anti-malware software from cleaning the protected folder.
• Turning off System Protection allows anti-malware software to clean the System Volume Information folder and remove malware.
• However, turning off System Protection results in the loss of all existing restore points.
• To disable System Protection, go to Control Panel, open the System window, and click on System protection.

Remediating the Infected System

• Research anti-malware software by reading reviews and checking reliable websites that rate them

When an Infected Computer Won't Boot

• Possible causes of the infection include the boot manager, boot loader, or kernel mode drivers being infected or damaged
• Solution: Launch the computer into Windows Recovery Environment (Windows RE) to repair the system
• In Windows RE, use the Startup Repair process to fix the system

Remediating the Infected System

• Update and run anti-malware software already installed on the infected system to perform a full scan
• Alternatively, run anti-malware software from a networked computer to scan the infected system
• Install and run anti-malware software directly on the infected computer to detect and remove malware
• Install and run anti-malware software in safe mode to prevent malware from interfering with the scan
• Run an anti-malware scan before Windows boot to detect and remove malware before the operating system loads
• Run multiple scans of anti-malware software to increase the chances of detecting and removing all malware

Remediating the Infected System

• Respond to startup errors after malware removal to ensure system stability
• Research malware types and associated program files to identify malicious components
• Delete infected files to prevent further damage
• Clean the registry to remove malware-defined entries and values
• Clean up browsers by removing malicious extensions and add-ons
• Uninstall unwanted programs that may be malicious or vulnerable to infection

Protecting the System

• To maintain a clean system, three essential best practices must be followed:

System Protection Measures

• Use anti-malware software to detect and remove malware
• Enable a software firewall to block unauthorized access
• Keep Windows updates current to ensure the system remains protected with latest security patches

Physical Security and Access Controls

• Best practices for physical security:
  • Keep sensitive data under lock and key
  • Use door locks, safe options (keyed locks, combination locks, biometric locks), server locks, cable locks, and port locks
  • Secure laptops and computers to tables
  • Use privacy screens to prevent screen reading from wide angles
• Use computer case locks and key for desktops to prevent intrusion
• Use cable lock systems for laptops to prevent theft
• Install theft-prevention plates and engrave ID information into the case
• Implement mantraps and security guards to control access

User Education

• Acceptable Use Policy (AUP): explains what users can and cannot do on the corporate network
• Important security measures for users:
  • Never give out passwords or store them on computers
  • Avoid using the same password on multiple systems
  • Be aware of shoulder surfing and tailgating
  • Lock down workstations when stepping away

Logical Security and Access Controls

• Software-based security measures:
  • Antivirus/anti-malware: monitors devices for harmful activity
  • Email filtering: filters out suspicious messages
  • Data Loss Prevention (DLP) software: protects against corporate data leaks
  • Trusted software sources: only download software from trusted publishers
  • Access Control Lists (ACL): control access to resources
  • Port security and MAC address filtering: control device access to ports
  • Virtual Private Networks (VPN): encrypt data over remote connections

User Authentication

• Methods to increase authentication security:
  • Enforce password policies: set minimum length, complexity, and reset frequency
  • Enforce multifactor authentication: combine what users know, possess, do, or are
• Hardware Security Tokens:
  • Smart cards and key fobs
• Software Security Tokens:
  • Security token apps and digital certificates
• Authentication Services:
  • RADIUS and TACACS+: provide AAA services for networks

Dealing with Malicious Software

• Malicious Software (malware): programs that mean harm and are transmitted to computers without user knowledge
• Grayware: annoying and unwanted programs that might or might not intend harm

Types of Malware

• Viruses: programs that replicate by attaching themselves to other programs
• Spyware: programs that spy on users and collect personal information
• Worms: programs that copy themselves throughout networks or the internet without a host program
• Trojans: programs that substitute themselves for legitimate programs
• Rootkits: programs that load before the OS boot is complete and hide folders and software
• Ransomware: programs that hold computer systems hostage until payment is made
• Zero-day attacks: exploiting unknown software security gaps
• Man-in-the-middle attacks: intercepting communication between two parties
• Denial of Service (DoS) attacks: overwhelming computers or networks with requests or traffic

Protecting Systems

• Best practices to protect systems against malware:
  • Use anti-malware software
  • Use a software firewall
  • Keep Windows updates current
• System Protection: turn it back on after cleaning a system and create a restore point

Identifying and Researching Malware Symptoms

• Warning signs of malware:
  • Pop-up ads and browser redirection
  • Rogue antivirus software
  • Slow performance or lockups
  • Internet connectivity issues
  • System and application log errors
  • File problems
  • Email problems
  • Problems updating anti-malware software
  • Invalid digital certificates

Quarantining an Infected System

• Disconnect the infected system from the network and internet
• Quarantine the system to prevent it from using the regular network
• Download anti-malware software in Safe Mode with Networking
• Back up data to another media before cleaning up the infected system

Disabling System Restore

• Turn off System Protection to clean up malware in the System Volume Information folder
• Be aware that all restore points will be lost
• To turn off System Protection, go to Control Panel, open the System window, and click System protection

Remediation Steps

• Read reviews and check reliable websites before selecting anti-malware software
• Update and run anti-malware software already installed
• Run anti-malware software from a networked computer
• Install and run anti-malware software on the infected computer
• Install and run anti-malware software in Safe Mode
• Run an anti-malware scan before Windows boot
• Run more than one scan of anti-malware software

Educating the End User

• Educate users on tips to keep the system free from malware
• Importance of user awareness: even with security measures in place, users can still compromise system security by downloading and executing Trojans that install more malware

Importance of Documentation and Security Policies

• IT departments rely on good documentation and security policies to set expectations and standards for security in the entire organization.

Coverage of the Chapter

• This chapter covers three main areas:
  • Different types of documentation
  • Various security policies
  • Expectations from an IT technician

Types of Documentation

• A knowledge base is a collection of articles that provide information about a network, product, or service, and can include text, images, or video.
• Inventory management documentation involves tracking and recording inventory, including end-user devices, network devices, IP addresses, software licenses, and related licenses.
• Hardware inventory tracking often uses asset tags and theft-prevention plates with barcodes that can be easily read by laser scanners.

Network Topology

• Network topology refers to the pattern in which devices on a network are connected to each other.
• Network topology diagrams provide a visual map of this pattern, illustrating how devices are connected.

Change Management

• Change occurs when a project is implemented, and effective change management enables a smooth transition for those affected
• Change management is closely integrated with project management, often involving the same teams
• Key responsibilities of a change manager include:
  • Defining the impact of new software on people
  • Overseeing communication, scheduling, training, and support

Change Management Process

• The purpose of change is the first step in the change management process
• An initial change request is submitted, which triggers the change management process
• The Change Advisory Board (CAB) reviews and approves the change request

Change Planning

• Documented change plans include business needs, scope, risk analysis, and back-out plans
• Change plans consider potential risks and have a contingency plan in place

Stakeholder Feedback

• A Request for Comments (RFC) is issued to gather feedback from stakeholders
• Stakeholder input is sought to ensure that the change meets business needs

Change Implementation

• Once approved, the change is implemented
• The implementation process is monitored to ensure it meets the planned objectives

Change Evaluation

• The success of the change is evaluated based on:
  • Whether the purpose of the change has been fulfilled
  • End-user acceptance
  • Timeliness (on time)
  • Budget adherence (on budget)

Change Closure

• A close report is compiled to document the outcome of the change

Documented Business Processes

• Documented business processes are sets of related activities that lead to a specific business goal.
• Examples of business goals include:
  • Achieving an efficient and cost-effective service
  • Ensuring excellent customer satisfaction
  • Producing a superior product

Change Management

• A change request process is used to formally submit proposed changes.
• A change request should clearly state what needs to be changed.
• Complex changes are often reviewed by a change advisory board (CAB).

Change Plan and Scope

• A change plan outlines the scope of change, including key components and how they will be addressed.
• The scope of change defines the skill sets, tasks, and activities required to carry out the change.
• It identifies the individuals or departments participating in the change.
• The change plan measures the success of change and determines when it is completed.

Risk Analysis

• Change involves risk, and risk analysis aims to identify potential problems before they arise.
• Risk analysis helps prevent surprises and crisis situations during the change process.

Documenting Changes

• It is essential to document everything related to changes in the change management process
• Change plans are documented and regularly updated throughout the entire process
• Large organizations often utilize change management software to document changes
• Alloy Software is an example of change management software used by large organizations

Documenting Changes in Small Organizations

• Smaller organizations may not use change management software
• Instead, smaller organizations may manually document changes using tools such as MS Word or Excel

Regulatory and Compliance Policies

• Certain types of data are protected by special government regulations, known as regulated data.
• Industries must comply with various regulations, policies, and laws, collectively referred to as regulatory and compliance policies.

Types of Regulated Data

• Personal Identity: protected by PII (Personally Identifiable Information) regulations.
• Health Information: protected by PHI (Protected Health Information) regulations.
• Credit Card Data: regulated by PCI (Payment Card Industry) standards.
• EU Citizens' Data: protected by GDPR (General Data Protection Regulation), implemented in the European Union (EU) in 2018.

Regulatory and Compliance Policies

• Certain types of data are protected by special government regulations, known as regulated data.
• Industries must comply with various regulations, policies, and laws, collectively referred to as regulatory and compliance policies.

Types of Regulated Data

• Personal Identity: protected by PII (Personally Identifiable Information) regulations.
• Health Information: protected by PHI (Protected Health Information) regulations.
• Credit Card Data: regulated by PCI (Payment Card Industry) standards.
• EU Citizens' Data: protected by GDPR (General Data Protection Regulation), implemented in the European Union (EU) in 2018.

Software Licensing

• A commercial license grants the right to use software, but the buyer does not legally own it
• Copyright, the right to copy the work, belongs to the creator or those to whom the creator transfers this right

End User License Agreement (EULA)

• EULA outlines the rights to use or copy software, agreed to during software installation

Software Piracy

• Making unauthorized copies of original software violates the Federal Copyright Act of 1976

Incident Response for Prohibited Content and Activities

• An incident occurs when an employee or individual negatively impacts safety, corporate resources, violates the code of conduct, or commits a crime.
• First response duties after an incident include:
  • Identifying the incident and following proper channels
  • Preserving relevant data and devices
  • Documenting the incident thoroughly

Data Destruction and Disposal

• Destroying printed documents and sanitizing storage devices is crucial for data security

Methods for Destroying Storage Media

• Overwriting data on a drive makes data recovery impossible
• Using a Secure Erase utility is effective for solid-state devices
• Physically destroying storage media ensures complete data elimination
• Degausser exposes magnetic hard drives and tape drives to a strong electromagnetic field, erasing data completely
• Shredding is a physical destruction method for storage media
• Secure data-destruction services provide professional data destruction solutions

Physical Security Measures

• Locked doors and server locks prevent unauthorized physical access to equipment
• Cable locks secure devices to a fixed object, reducing the risk of theft
• Port locks restrict access to specific ports on a device
• Privacy filters limit the viewing angle of a screen to prevent shoulder surfing
• Theft-prevention plates make it difficult to remove devices from a fixed location
• Mantraps control access to a secure area by trapping individuals in a small room until their identity is verified
• Security guards provide an additional layer of physical security

Logical Security Measures

• Anti-malware software detects and removes malicious code
• VPN connections encrypt data transmitted over the internet
• Email filtering blocks unwanted or malicious emails
• Qualifying software distributors ensure software is legitimate and trustworthy
• Access control lists (ACLs) restrict access to resources based on user identity
• MAC address filtering controls access to a network based on device MAC addresses
• Mobile device management (MDM) manages and secures mobile devices

User Authentication and Authorization

• Additional user authentication methods include password policies and multifactor authentication
• Multifactor authentication uses hardware or software tokens to provide an additional layer of security
• AAA (authenticating, authorizing, and accounting) services manage access to network resources
• RADIUS (Remote Authentication Dial-In User Service) and TACACS+ are AAA protocols

General Security Best Practices

• Educating users about social engineering prevents phishing and other attacks
• Protecting laptops when traveling includes using privacy filters, cable locks, and keeping devices close

Malware

• Malware types include viruses, spyware, keyloggers, worms, trojans, rootkits, ransomware, zero-day attacks, man-in-the-middle attacks, DoS attacks, DDoS attacks, zombies, botnets, and dictionary attacks.

Malware Symptoms

• Malware symptoms include:
  • Unwanted pop-up ads
  • Slow system performance
  • Error messages and logs
  • File errors
  • Email problems
  • Invalid digital certificates

Cleaning Up an Infected System

• Identify common malware symptoms
• Quarantine the infected system to prevent further infection
• Disable System Restore to prevent malware from hiding
• Remediate the system by removing malware
• Protect the system with scheduled scans and updates
• Enable System Protection and create a restore point
• Educate the end user on malware prevention and response

Security Documentation

• Types of security documentation include:
  • Ticketing software for documenting customer service
  • Knowledge base for recording solutions
  • Acceptable use policies for outlining user responsibilities
  • Password policies for secure authentication
  • Inventory management for tracking system components
  • Network topology diagrams for visualizing system architecture
  • Documentation for change management to track system modifications

Data Protection

• Regulatory and compliance policies safeguard regulated data, including:
  • PII (Personally Identifiable Information)
  • PHI (Protected Health Information)
  • PCI (Payment Card Industry) data
  • GDPR (General Data Protection Regulation) data
• These data types are regulated by governmental agencies

Software Licensing

• Commercial software can be licensed in two ways:
  • Personal license
  • Enterprise license

Data Destruction and Evidence Management

• A chain-of-custody document provides a paper trail of evidence in criminal cases
• Data destruction methods include:
  • Physical destruction using a paper shredder, drill, or hammer
  • Digital destruction using low-level format, zero-fill utility, or degausser
  • Incineration
• Professional data destruction services may provide a certificate of destruction for legal purposes

Description

Learn about the best practices for physical security, including locking options and secure devices to prevent theft and tampering.