Protecting Computing Devices with Firewalls

Questions and Answers

What is the primary purpose of a firewall?

• To monitor your online activities.
• To prevent unauthorized access to your device. (correct)
• To speed up internet connection.
• To manage network updates.

Turning off Microsoft Defender Firewall poses no risk if you have another firewall active.

False (B)

What type of network should IoT devices be configured on to best protect your local network and data?

isolated network

Wireless networks use a preset network identifier known as the ______.

SSID

What is the main risk associated with using public Wi-Fi networks?

Interception of your data by others. (D)

It is a good security practice to use the same password for all of your online accounts.

False (B)

According to NIST, what is the minimum recommended length for a password?

8

A ______ takes the form of a sentence, making it easier to remember and less vulnerable to attacks.

passphrase

What does encrypting data primarily prevent?

Viewing of data by unauthorized parties. (A)

Deleting a file by dragging it to the recycle bin and emptying the recycle bin ensures the file is permanently deleted.

False (B)

What is the name of the Windows feature that can encrypt data?

EFS

A ______ outlines how the service provider will collect, use, and share your data.

data use policy

Which of the following is an example of two-factor authentication?

Entering a verification code sent to your mobile phone. (C)

Using private browsing mode guarantees complete anonymity online.

False (B)

What does 'KRACK' stand for?

Key Reinstallation Attacks

The process of converting information into a form that unauthorized parties cannot read is called ______.

encryption

Which of the following is NOT a tip for creating a strong password?

Using personal information like your birthdate. (D)

A firewall protects against all types of threats and vulnerabilities.

False (B)

Besides username and password, what does two-factor authentication require to verify your identity?

a second token

Open authorization (OAuth) allows you to use your credentials for third-party applications without exposing your ______.

password

What should you typically change on a wireless router to enhance security?

Preset SSID and default password. (A)

It is acceptable to send personal information over public Wi-Fi if the website has 'https' in the address.

False (B)

What type of software should you always use to provide another layer of protection for your computer?

antivirus and antispyware

Hackers are always trying to take advantage of ______ that may exist in your operating system.

vulnerabilities

Match the type of storage location with their primary attribute:

Home network = Total control of your data Cloud storage = Data safety in case of a disaster Secondary location = Complete cost and mainentance responsibility

Which of the following should you consider before you sign up to an online service?

Whether you can request a copy of your data. (C)

Having a backup will prevent the loss of irreplaceable data.

True (A)

What can antivirus software scan your computer and incoming email for?

viruses

The bluetooth wireless protocal can also be exploited by hackers to establish remote access controls, distribute malware and ______.

drain bateries

Match the following browsers with their 'private browsing' names:

Google Chrome = Incognito Safari = Private browsing Microsoft Internet Explorer = InPrivate Mozilla Firefox = Private tab or private window

What can you do if you get errors when turning Microsoft Defender Firewall on or off?

Use the troubleshooter and try again. (B)

A wireless router not broadcasting the SSID is considered adequate security.

False (B)

What do you do if the Options button is disabled, when setting fire wall access for services and apps?

First turn on Firewall

You should verify that your device isn't configured with ______ and media sharing and that it requires authentication with encryption.

file

A data use policy outlines how the service provider will do what?

Collect, use and share your data (C)

Using strong passwords and multi factor authentication will guarantee the hackers are not able to gain access to your online accounts

False (B)

What is the best solution for the amount of time you should keep your password?

no password expiration period

All printing ______ and spaces should be allowed in your password.

characters

Match the definition with the term:

Antispyware = Software that monitors your online activities Antivirus: = Software that is designed to scan your computer and incoming email for viruses and delete them Firewall = A security barrier on your router, to provide security from unwanted access

What is the best practice when away from home and using public wifi?

all of the above (D)

Enabling WPA2 encryption on your wireless router guarantees complete security for your network.

False (B)

The process of converting information into a form in which unauthorized parties cannot read it is called ______.

encryption

Match the following web browsers with their respective names for private browsing mode:

Google Chrome = Incognito Mozilla Firefox = Private tab or private window Safari = Private browsing Microsoft Internet Explorer = InPrivate

Flashcards

What is a firewall?

A barrier protecting your device from unauthorized access, it should be on and updated.

How do you access Windows Defender Firewall settings?

Go to Start > Settings > Update & Security > Windows Security > Firewall & network protection.

What does a Mac firewall do?

Protects your Mac by blocking unwanted contact initiated by other computers on the internet or a network.

How do you enable firewall protection on a Mac?

Choose Apple menu > System Settings, click Firewall in the sidebar, then turn Firewall on.

What are viruses and spyware?

Software designed to prevent unauthorized access to your computer, destroy data, or broadcast spam.

What is antivirus software?

Software that scans your computer and email for viruses and deletes them; includes antispyware.

How to manage your operating system and browser?

Ensure that you set the security settings on your computer and browser to medium level or higher and regularly install updates.

How can you set up password protection?

All computing devices should use password protection and encrypt sensitive or confidential data.

What is SSID?

Wi-Fi networks connect devices via a network identifier, known as the Service Set Identifier.

How to secure a home wireless network?

Change default settings, enable wireless security (WPA2), and keep devices updated.

What are KRACKs attacks?

Exploits in WPA2 that break encryption between a router and device.

How can you mitigate KRACK attacks?

Update devices, use wired connections, and VPNs.

How to stay safe on public Wi-Fi?

Avoid sending personal information, verify security settings, and use a VPN.

What is a Passphrase?

A sentence that is easy to remember and harder to crack.

What is NIST?

Aim to place responsibility for user verification on service providers and ensure a better experience for users overall.

What is encryption?

The process of converting information into an unreadable form, which protects confidentiality.

How to encrypt your data?

Software programs that are used to encrypt files, folders and drives.

What is EFS?

A Windows tool for data encryption linked to your user account.

How can you backup your data?

An extra storage location: Home network, external drive, or cloud service.

How to permanently delete data?

Overwrite data multiple times with specialized tools, or physically destroy the device.

What are data use rights?

Non-exclusive right to use published content.

What's a data use policy?

The data use policy outlines how the service provider will collect, use and share your data.

What's a privacy settings?

The privacy settings allow you to control who sees information about you and who can access your profile or account data.

What's a security policy?

The security policy outlines what the company is doing to secure the data it obtains from you.

Two factor authentication

Besides your username and password or personal identification number (PIN), requires a second token to prove your identity.

What is OAuth?

An open standard protocol that allows you to use your credentials to access third-party applications without exposing your password.

Email and Web Browser Privacy

In-private browsing mode.

Study Notes

Protecting Computing Devices

• Computing devices store personal data and act as a portal to online life, therefore protecting them is paramount

Firewalls

• At least one type of firewall (software or hardware) should be used to protect devices from unauthorized access
• Firewalls need to be on and regularly updated to prevent hackers from accessing data from personal devices or organization networks
• Microsoft Defender Firewall should be on regardless of other firewalls to enhance protection from unauthorized access

Turning Microsoft Defender Firewall on or off on Windows 10:

• Open Windows Security settings by navigating to: Start > Settings > Update & Security > Windows Security > Firewall & network protection
• Select "Domain network", "Private network", or "Public network" for the network profile
• Switch Microsoft Defender Firewall to "On"
• If connected to a network, contact the administrator if network policy settings block these steps
• To turn it off, switch the setting to "Off" in the same location
• Disabling the firewall can increase vulnerability to unauthorized access; alternatively, allow specific apps through the firewall instead of turning it off

Mac Firewall

• A firewall will shield a Mac from unwanted contact initiated by other machines when on a network
• macOS opens a specific port if a sharing service like file sharing is enabled
• Access may be granted to an app or service on another system through the firewall or due to a trusted certificate

Turning on Mac Firewall Protection:

• Choose: Apple menu > System Settings, click Network in the sidebar, then click Firewall
• turn Firewall on
• Click options to specify additional security settings, turn settings on or off, then click OK
• The way to change Firewall settings is mentioned

Setting Firewall Access for Services and Apps on Mac:

• Choose: Apple menu > System Settings, click Network in the sidebar, then click Firewall
• Click "Options" in Firewall
• If the Options button is disabled, enable Firewall first
• Click the "Add" button, select apps or services to add, then click the up and down arrows, and choose whether to allow or block connections through the firewall
• Blocking an app's firewall access can affect the performance of the app or other software that depend on it
• Some system apps, services, processes, and digitally signed apps that automatically open may have access through the firewall, and to block access for these add them to the list
• When a Mac detects an attempt to connect to an app that hasn't been added, it will ask to allow or deny the connection, and any attempts to connect will be denied until action is taken

Antivirus and Antispyware Software

• Antivirus software, often including antispyware, scans computers and email for viruses and deletes them
• Software updates protect computers from new malicious software

OS and Browser Management

• Hackers exploit OS vulnerabilities (Microsoft Windows, macOS) or browsers (Google Chrome, Apple Safari)
• Computer and browser security settings should be set to medium or higher for protection
• Regularly update the operating system (OS) and browser, along with downloading and installing the latest software patches and security updates from vendors

Password Protection

• A password is required on all computers, including PCs, laptops, tablets and smartphones, in order to prevent unauthorized access
• Stored data, especially sensitive or confidential, must be encrypted
• Only store necessary information on a mobile device in case it is lost or stolen
• Criminals may be able to access cloud storage service data, through services such as iCloud or Google Drive if one device is compromised

Wireless Network Security:

• Though routers can be configured to omit SSID broadcast this is not ideal security for a wireless network
• The SSID and default password are known to hackers
• Change the SSID and default password to prevent intrusion
• Encrypt wireless communication and enable the WPA2 encryption feature
• Even with WPA2 encryption, a wireless network can still be vulnerable

Public Wi-Fi Risks

• There are risks when accessing online info via public wireless networks or Wi-Fi hotspots
• Sending personal information via public Wi-Fi should be avoided
• Verify the device isn't configured with file and media sharing
• User authentication with encryption should be enabled
• Encrypted VPN service use can prevent eavesdropping on public wireless networks by encrypting device connections with the VPN server
• With a VPN hackers do not have the ability to decipher data even if they intercept in an encrypted VPN tunnel

Password advice

• Use strong passwords to protect devices
• A colleague's password security should be rated on a scale of 1-5
• A strong password:
  • Does not contain dictionary words or common names in any language
  • Does not contain common misspellings of dictionary words
  • Includes special characters, such as ! @ # $ % ^ & * ()
  • Excludes computer names or account names
  • Exceeds ten characters

Passphrases

• Passphrases (a sentence like "Acatth@tlov3sd0gs.") are more secure than passwords because they are harder to remember
• Passphrases are also less risky for use than typical passwords because they are longer and thus more difficult to attack, for example through brute force

Creating quality password

• Choose a statement that is meaningful
• Include special characters such as ! @ # $ % ^ & * () in the password
• Make the password length longer
• Avoid common or famous statements, for example, lyrics from a popular song

NIST Password Guidelines

• The United States National Institute of Standards and Technology (NIST) has improved standards; made for government applications but for other sectors too
• Passwords should have 8-64 characters
• Common and easily guessed passwords, such as ‘password’ or ‘abc123’ cannot be used
• There should be no composition rules, such as having to include lower and uppercase letters and numbers
• Users should be able to see the password as they type
• All printing characters should be allowed
• There should be no password hints or expiration
• Knowledge-based authentication is not allowed, this could include answers to questions or verify transaction history

Password check

• Reviewing password options helps to improve privacy settings

Considerations for Data Maintenance

• Data must be encrypted to keep it from strangers

Encryption

• Encryption converts information into an unreadable form; a trusted person would use the secret key or password to decrypt and access it
• Encryption cannot restrict data interception, but restricts how unauthorized people can intercept the data, and encrypt it until a ransom is paid

Encrypting data

• Software programs are used to encrypt files, folders and even entire drives
• Encrypting File System (EFS) is a Windows feature tied to a user account, giving access after EFS encryption only to that user

Backing up data

• Backups prevent the loss of irreplaceable data
• Backups require an additional storage location and data must be copied there regularly

Backup pins for locations

• Home network: you have total control
• Secondary location: a NAS (network attached storage device, an external hard drive), could be used
• The cloud: using AWS, Amazon Web Services, depends on storage needs

Cloud benefits

• The cloud offers data safety in the event of a storage device failure or theft
• Mobile Phone Data loss.

File deletion tips

• Deleting file photos from a recycle bin does not remove them completely from the laptop
• Data must be overwritten multiple times with zeroes and ones by special services such as SDelete from Microsoft, Shed for Linux, and Secure Empty Trash for Mac OS X to eliminate recoverability
• The hard drive can be physically destroyed or damaged in order to ensure certain deletion
• Online file data in the cloud will need deletion

Terms of Service

• Set up an online photo storage and sharing account for the design department and other teams at @Apollo
• The Terms of Service should be read when prompted at registration
• Understand the Terms because they could be

Options to describe a terms of service agreement

• A contract outlining what you expect from a service provider and how you use their service
• An informal agreement setting rules on the relationship between service provider, you and users
• A legally binding contract that governs the relationship between you, the service provider and others who use the service

Terms of Service items to understand

• User-rights
• responsibilities
• disclaimers
• account modification terms of service
• Data use policy
• Privacy setting -Security Policy

Data Use Policy

• The data use policy outlines how the service provider will collect, use and share your data
• The privacy settings allow you to control who sees information about you and who can access your user data
• The security policy outlines what the company is doing to secure the data

Data Use Example

• You have set up an Apollo account and agreed to the Terms of Service without reading
• Terms state "you grant us a non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content (consistent with your privacy and application settings)"
• You no longer own your content
• The photo sharing company can reuse and re-use content for any purpose

Privacy Setting options

• As you did not set the privacy settings the default settings were applied
• No one will be able to see information about you and access your profile until you change the settings
• Anyone will be able to see information about you and access your profile until you change the privacy settings

Considerations before signing for a terms of service

• Read the Terms of Service
• Know your rights
• If you can request your data
• What the provider can do with your data
• What happens to your data after account closure

Data Safeguarding

• Take action to protect data and safeguard your account
• Reflecting on the Terms of Services when entering an agreement with an online provider can allow you to plan to protect your account

Ways to safeguard your online privacy

• Google, Facebook, Twitter, LinkedIn, Apple and Microsoft, use two factor authentication which adds a layer of security for account logins
• Use a physical object (credit card, mobile phone, or fob), biometric scan (fingerprint, facial or voice recognition), verification code via SMS or email
• Phishing attacks, social engineering or malware can give hackers access to two-factor authentication accounts

Open authorization

• Open authorization (OAuth) allow you to use credentials with third party apps without exposing

Browser privacy

• Enable private browsing to minimize tracking
• Microsoft Edge: InPrivate
• Google Chrome: Incognito
• Mozilla Firefox: Private tab/window
• Apple Safari: Private browsing
• Private mode disables cookies, deletes temporary internet files, and removes browsing history upon closing

Tracking

• Even with private browsing and disabled cookies, companies consistently employ new ways of fingerprinting users

Risky online behavior

• Identify and eliminate risky online behavior