Security Concerns and Solutions

Questions and Answers

What is a primary concern related to unauthorized access in computer security?

Data encryption for secure transactions

Malicious code from outdated antivirus software

Unauthorized users accessing sensitive corporate data (correct)

Online transactions being unregulated

Which of the following is a recommended user security solution to prevent interception of network traffic?

Using a firewall only on the server

Local policies restricting user access

Data encryption to avoid packet interception (correct)

Regularly updating personal passwords

Which of these strategies can significantly reduce the risk of property or data loss?

Implementing antivirus software that is updated regularly (correct)

Utilizing stringent permissions to all users

Limiting system capabilities with local policies

Constant monitoring of user behavior

What is one way to mitigate the threat of malicious attacks on network servers?

Utilizing a firewall (hardware or software) (B)

Which of the following does not contribute to user security in protecting corporate data?

Frequent online transactions without monitoring (D)

What is the primary purpose of chain of custody in legal contexts?

To maintain the integrity and admissibility of evidence (A)

What security feature is specifically designed to prevent unauthorized access by tailgating?

Mantrap (C)

Which practice is considered a security risk related to password management?

Reusing passwords across multiple accounts (A)

What approach should clients take to improve password security?

Create longer passwords with a mix of characters (C)

What was a significant finding regarding password disclosure among office workers according to the studies mentioned?

A majority would trade their passwords for minimal rewards (B)

What is the purpose of implementing the Principle of Least Privilege?

To restrict users’ access to only necessary resources for their job (D)

Which method is NOT recommended for secure deletion of data from devices?

Flushing the data cache regularly (B)

Which type of backup saves files that have been accessed since the last backup of any kind?

Incremental backup (B)

What is two-factor authentication typically composed of?

Two out of three options: something you are, something you have, or something you know (A)

Why is renaming the Administrator account considered a security measure?

It disguises the account from being a primary target for attackers (B)

What type of backup only saves files that have changed since the last full backup?

Differential backup (A)

What aspect of security policies is crucial for corporate environments?

All employees must be familiar with them (A)

What role does determination and vigilance play in data security?

They are vital for keeping data/assets secure against threats (D)

Which physical security measure can help avoid data loss due to theft?

Industrial system anchors and locks (D)

What technique is commonly used in social engineering to gain unauthorized access?

Phishing (A)

What is one of the key recommendations for disaster prevention?

Maintain constant temperature in the server room (B)

What should you do to prepare for different types of disasters?

Have a plan well in advance (C)

Which strategy can be used to limit downtime after a server failure?

Keep spare hardware on hand (A)

Why is it important to educate users about inherent dangers?

To enhance overall security awareness (A)

What legal aspect must be understood in the event of a disaster?

Personal legal and financial liabilities (D)

What should be done if data needs to be transported offsite?

Encrypt the data before transport (A)

Study Notes

Security Concerns

• Unauthorized users accessing sensitive corporate data (e.g., disgruntled ex-employees, hackers).
• Intercepting/listening to network traffic (especially wireless).
• Malicious outside attacks on network servers.
• Property/data loss due to theft.
• Property/data loss due to fire.
• Online transactions.
• Viral infections.

User Security Solutions

• Firewalls (hardware or software).
• Strict user permissions limiting access to necessary data.
• Authentication methods.
• Data encryption to prevent interception.
• Regularly updated antivirus software.
• Local policies restricting system capabilities.
• Limiting system access (e.g., no removable drives).

Physical Security Solutions

• Theft prevention (e.g., tamper-resistant screws, alarms).
• Closed circuit monitoring.
• Regular hardware inventory.
• Secure system anchors and locks.
• Physical authentication (e.g., proximity cards, fingerprint readers).
• Limited server access.

Social Engineering

• Social engineering is a type of "hacking" that manipulates people to gain unauthorized access.
• Phishing.
• Impersonation.
• Shoulder surfing.
• Baiting (leaving a decoy to lure users).
• Identity theft.

Plan for Disaster

• Make daily server backups and mirrors (one on-site, one off-site).
• Maintain extra hardware for quick replacements to minimize downtime.
• Prepare a plan for various disasters (e.g., server crash, drive failure, network attack, theft).
• Begin damage control.

Disaster Prevention

• Disasters are inevitable.
• Maintain optimal server/equipment room conditions (temperature, location).
• Avoid basements to reduce flood damage.
• Use high-quality surge protection and backup power systems.
• Implementing deterrents to reduce theft.

Disaster Prevention (User Focus)

• Educate users about security risks.
• Implement backup/restore system images.
• Avoid concealing file extensions.
• Implement software undoing unauthorized changes.

Disaster Prevention (Technical)

• Use the correct tools (e.g., do not substitute network intrusion software for firewalls).
• Understand personal legal/financial liabilities relating to data breaches.
• If transporting off-site data, be mindful of potential consequences for data falling into the wrong hands.

More Points About Security

• Act as a security advocate to protect data and assets.
• Methods used to compromise security evolve, so constant vigilance is required.

A Few More Security Tips

• Security policies exist (all employees must be familiar).
• Rename administrator accounts and create false accounts (hackers often target Administrator accounts).
• Limit login attempts to protect accounts.

Backups

• Backup strategies typically involve a full backup at the beginning of the week.
• Subsequent backups can be differential (changes since last full) or incremental (changes since last backup).
• Backup frequency depends on department access patterns.

Authentication

• Authentication validates user identity accessing a resource.
• Two-factor authentication is common (something you are, have, or know).
• Periodic authentication is often required within a system.

Secure Deletion of Data

• Hard drives: software overwrites data repeatedly (e.g., DBAN), degaussing or physical destruction.
• Optical disks: many shredders have slots for disks; employing industrial shredding services is advised for discarded EOL devices.

Security (Policy & Procedures)

• Principle of Least Privilege: users only have access to the information necessary for their jobs.
• Chain of Custody: detailed documentation trails the handling of evidence.

Security (Methods)

• Mantrap: secure area allowing only one person at a time to pass (mitigates tailgating).
• Honeypot: decoy server to lure attackers and gather threat intelligence.

Passwords

• Encourage/force regular password changes.
• Longer, more complex passwords (upper/lowercase, numbers, symbols) are better.
• Avoid reusing passwords for multiple accounts.

Password Confidentiality

• Studies show significant percentages of workers share passwords for small incentives.
• Password security is crucial, and companies need to implement safeguards and policies to prevent breaches.

Description

Explore the critical aspects of security concerns faced by organizations, including unauthorized access, data interception, and protection against various threats. This quiz will also delve into user and physical security solutions to safeguard sensitive data and assets. Test your knowledge on how to effectively secure corporate environments.