SecAware – MidTerm

T/F: There is a straightforward and easy solution to securing computers

FALSE

T/F: Today, many attack tools are freely available and do not require any technical knowledge to use

TRUE

T/F: Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems

TRUE

T/F: Script kiddies typically have advanced knowledge of computers and networks

FALSE

T/F: In a well-run information security program, attacks will never get through security perimeters and local defenses

FALSE

NOT a factor that contributes to difficulties faced in defending against attacks?

Enhanced encryption algorithms

Security

the goal to be free from danger as well as the process that achieves that freedom

Where are you most likely to find a PKES system?

An automobile

From January 2005 through July 2015 approximately how many electronic data records in the United States were breached, exposing to a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers?

853 million

How do attackers today make it difficult to distinguish an attack from legitimate traffic?

by using common Internet protocols

Security is _____________ convenience.

inversely proportional to

Securing information that is in a digital format

information security

Ensures that information is correct and no unauthorized person or malicious software has altered it

Integrity

Ensures that data is accessible when needed to authorized users?

Availability

Information contained on devices is protected by three layers

products, policies, and application

type of action that has the potential to cause ham

threat

Past term used to refer to a person who uses advanced computer skills to attach computers

hacker

Law that requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information

Gramm-Leach-Bliley Act (GLBA)

FBI defines this as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?"

cyberterrorism

Involves stealing another person’s personal information such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain

Identity theft

Law requiring healthcare enterprises to guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format

Health Insurance Portability and Accountability Act (HIPAA)

Person or element that has the power to carry out a threat

threat agent

Flaw or weakness that allows a threat agent to bypass security

vulnerability

Attacker category might have the objective of retaliation against an employer

insider

Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens

cyberterrorists

steps that ensure that the individual is who he or she claims to be

authentication

the process of providing proof of genuineness

Authentication

the act of providing permission or approval to technology resources

confidentiality

targeted attacks against financial networks, unauthorized access to information, and the theft of personal information

cybercrime

automated attack package that can be used without an advanced knowledge of computers

exploit kit

stealing another person’s personal information, such as SSN, and then using the information to impersonate the victim – generally for financial gain

Identity theft

employees, contractors, and business partners who can be responsible for an attack

insiders

security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data

Integrity

the means by which an attack could occur

threat vector

T/F: A worm is designed to enter a computer through the network and then take advantage of a vulnerability in an application or an operating system on the host computer

TRUE

T/F: Almost all viruses infect a system by inserting themselves into a computer file

TRUE

T/F: Malware usually enters a computer system with the user’s knowledge

FALSE

T/F: It is recommended that a copy of a data backup be stored at an off-site location

TRUE

T/F: Data backups only protect data against computer attacks

FALSE

What type of backup is performed continually without any intervention by the user?

Continuous backup

What can an attacker use that gives them access to a computer program or service that circumvents normal security protections?

backdoor

Which type of malware exploits a vulnerability on one system and then immediately searches for another computer on the network that has the same vulnerability?

worm

Botnets can flood a Web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests What is this called?

denying services

Which Windows feature provides information to users and obtains their approval before a program can make a change to the computer’s settings?

User Account Control

What are the three types of malware that have the primary traits of circulation and/or infection?

viruses, Trojans, and worms

An infected robot computer is known as a

zombie

Which type of malware self-replicates between computers (from one computer to another)?

worm

Which term can be described as a publicly released software security update intended to repair a vulnerability?

patch

What type of software update is a cumulative package of all patches and feature updates?

service pack

Which type of malware will hide or remove all traces of evidence that may reveal the malware, such as log entries?

Rootkit

What type of spyware silently captures and stores each keystroke that a user types on the computer’s keyboard?

keylogger

What type of device is inserted between the computer keyboard connection and USB port for the purposes of stealing information?

keylogger

AV software on a computer must have its ________________ files regularly updated by downloads from the internet.

signature

Which of the following is a program advertised as performing one activity but actually does something else?

Trojan

Which type of malware is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?

rootkit

Which virus detection method creates a virtual environment that simulates the central processing unit (CPU) and memory of the computer?

code emulation

What type of malware is typically added to a legitimate program but lies dormant until it is triggered by a specific event?

logic bomb

Which of the following is NOT a technology typically used by spyware?

Disk drive formatting software

Which of the following is a general term that refers to a wide variety of damaging or annoying software programs?

Malware

What type of malware can, for example, locks up a user’s computer and then display a message that purports to come from a law enforcement agency that states the user must pay a fine for illegal activity?

ransomware

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user

adware

An attacker who controls a botnet

bot herder

A logical computer network of zombies under the control of an attacker

botnet

Enhancements to the software to provide new or expanded functionality, but do not address security vulnerability

feature update

Hardware or software designed to limit the spread of malware

firewall

Computer code that lies dormant until it is triggered by a specific logical event

logic bomb

A database of viruses that is used to identify an infected file

signature file

A malicious program designed to enter a computer via a network

worm

An infected computer that is under the remote control of an attacker

zombie

T/F: Virtually anyone could type in a person’s username and pretend to be that person

TRUE

T/F: Passwords are still considered a strong defense against attackers

FALSE

T/F: The weakness of passwords centers on human memory

TRUE

T/F: When creating passwords, the most important principle is that length is more important than complexity

TRUE

T/F: FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms every 12 months

TRUE

What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file?

dictionary

Which type of attacks might send an e-mail or display a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information?

Phishing

Using which Social engineering principle might an attacker impersonate a CEO of a company?

Authority

With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers?

phishing

Which type of social engineering attack depends on the user incorrectly entering a URL?

typo squatting

Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users?

spear phishing

Which document identifies individuals within the organization who are in positions of authority?

Organizational charts

technique might an attacker employ to find documents that may reveal the true level of security within an organization?

Dumpster diving

Which of the following involves using someone’s personal information, such as a Social Security number, to fraudulently establish bank or credit card accounts?

Identity theft

What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests?

social networking

What is the best approach to establishing strong security with passwords?

Use technology for managing passwords

Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information?

Pretexting

What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department?

hoaxes

What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen?

change-of-address form

Which of the following is a characteristic of a weak password?

used on multiple accounts

What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password?

password management application

What law contains rules regarding consumer privacy?

Fair and Accurate Credit Transactions Act

HOW often does FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting films?

every 12 months

In the US, if a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, how many days does the agency have to investigate and respond to the alleged inaccuracy and issue a corrected report?

30

Which of the following is a numerical measurement used by lenders to assess a consumer’s creditworthiness?

credit score

Which type of attacker is most likely to use information you have posted about yourself on a social networking site?

Identity thief

The steps that ensure that the individual is who he or she claims to be

Authentication

A password attack in which every possible combination of letters, numbers, and characters is used to match passwords in a stolen password file

Brute force attack

A password attack that compares common dictionary words against those in a stolen password file

Dictionary attack

A secret combination of letters, numbers, and/or symbols that serves to authenticate a user by what he or she knows

Password

Viewing information that is entered by another person

Shoulder surfing

Grouping individuals and organizations into clusters based on an affiliation

Social networking

Redirecting a user to a fictitious website based on a misspelling of the URL

Typo squatting

A phishing attack in which the attacker calls the victim on the telephone

Vishing

A phishing attack that targets wealthy individuals

Whaling

CIA Triad

Confidentiality Integrity Availability

Three protections that must be extended over information

CIA Confidentiality integrity Availability

AAA

Authentication Authorization Accounting

Three protections, in addition to CIA, that must be implemented to secure information

AAA Authentication Authorization Accounting

The tasks of securing information that is in a digital format. This digital information is manipulated by a microprocessor (such as on a personal computer), stored on a storage device (like a hard drive or USB flash drive), and transmitted over a network (such as a local area network or the Internet).

information security

Information security layers

Policies and procedures –> People –> Products

Forms the security around the data. May be as basic as door locks or as complicated as network security equipment.

Products

Those who implement and properly use security products to protect data.

People

Plans and policies established by an organization to ensure that people correctly use the products.

Policies and procedures

An item that has value

Asset

type of action that has the potential to cause ham

Threat

Person or element that has the power to carry out a threat

Threat agent | Could be person or event like hurricane

Flaw or weakness that allows a threat agent to bypass security

vulnerability

means by which an attack can occur

threat vector

probability of threat coming to fruition

threat likelihood

situation that involves exposure to some type of danger

risk

will not purchase scooter

risk avoidance

buy the scooter knowing there is a chance of it being stolen

risk acceptance

complain to the apartment manager about the hole in the fence to have it repaired

risk mitigation

appartment post signs that "trespassers will be punished to the full extent of the law"

risk deterrence

purchase insurance

risk transference

is an attempt to fight corporate corruption. This covers the corporate officers, auditors, and attorneys of publicly traded companies. Stringent reporting requirements and internal controls on electronic financial reporting systems are required. Corporate officers who willfully and knowingly certify a false financial report can be fined up to $5 million and serve 20 years in prison.

Sarbanes-Oxley Act of 2002 (Sarbox)

requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. All electronic and paper data containing personally identifiable financial information must be protected. The penalty for noncompliance for a class of individuals is up to $500,000

Gramm-Leach-Bliley Act (GLBA)

a set of security standards that all companies that process, store, or transmit credit card information must follow. It applies to any organization or merchant, regardless of its size or number of card transactions, that processes transactions either online or in person. The maximum penalty for not complying is $100,000 per month

Payment Card Industry Data Security Standard (PCI DSS)

laws typically require businesses to inform residents within a specific period of time (typically 48 hours) if a breach of personal information has or is believed to have occurred. In addition several states have recently strengthened their own security laws. For example, Connecticut requires any organization doing business in the state to "scramble" all sensitive personal data that is being transmitted over a public Internet connection or stored on portable devices like a USB flash drive, and companies must notify any potential victims of a data breach within 90 days of the attack and offer at least one year of identity theft prevention services. Oregon’s law includes protection of an individual’s healthcare information while New Hampshire requires the state’s education department to notify students and teachers if their personal data was possibly stolen

State notification and security laws

"premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against noncombatant targets by subnational groups or clandestine agents."

cyberterrorism

Anything that can be found and indexed by a search engine

Surface web

Content that cannot be found by a search engine but only through a search dialog box on the site

Deep web

Information that has been intentionally hidden and cannot be accessed through a standard web browser

Dark web

individuals who uncover vulnerabilities that do not report it to the software vendor but sells them to the highest bidder

Brokers

modivated by ideology and are not well defined; right a percieved wrong

Hactivists

fortune over fame

Cybercriminals

thrills, notoriety

Script Kiddies

retaliate against employer, shame government

Insiders

cause disruption and panic

Cyberterrorists

spy on citizens, disrupt foreign government

State-sponsored attackers

perimeter wall

blocking

some attacks will get through security perimeters and local defenses; taking steps to reduce impact

minimizing losses

commonly the first part of identification in the authentication process

user name

provide proof of genuineness

authentication (eg password)

software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and usually harmful action.

Malware

One method of classifying the various types of malware is by using the primary trait that the malware possesses. These traits are:

circulation, infection, concealment, and payload capabilities

Three types of malware that have the primary traits of circulation and/or infection

viruses, worms, Trojans

basic type of infection where the virus attaches or appends itself to the end of an infected file, then inserts at the beginning of the file a ‘jump’ instruction that points to the end of the file (the beginning of the virus)

appender infection

type of appender infection where the malicious code is divided into parts and randomly dispursed within legitimate code

split infection

malware whos primary purpose is to spread and uses a computer network to replicate

worm

an executable program that masquerades as performing a benign activity but also does something malicious

Trojan hors or just Trojan (capitalized)

T/F: Virus infects a files

TRUE

T/F: Worms infect files

FALSE

Do Trojans infect files?

IT CAN

Two types of Malware that depend on user action

Viruses and Trojans

a set of software tools used to hide the actions or presence of other types of software, such as Trojans, viruses, or worms

rootkit

T/F: One approach used by rootkits is to alter or replace operating system files with modified versions that are specifically designed to ignore malicious evidence.

TRUE

T/F: When payload capabilities are the primary emphasis of malware, the focus is on what nefarious action(s) the malware performs

TRUE

primary payload capabilities are to

execute commands, collect data, delete data, modify system security settings, and launch attacks

the payload that allows an attacker to execute virtually any command on the victim’s computer

arbitrary code execution

software that secretly spies on users by collecting information without their consent

Spyware

T/F: All spyware is malicious

FALSE

Payload types

execute commands, collect data (spyware/keylogger/adware/ransomware), delete data (logic bomb), modify system security settings (backdoor), and launch attacks (zombie/botnet/bot herder)

T/F: Zombie computers wait for instructions through a command and control structure (C&C or C2)

TRUE

common botnet command and control (C&C) mechanism

Hypertext Transport Protocol (HTTP), which is the standard protocol for Internet usage

common botnet attacks

Spamming, spreading malware, manipulating online polls, denying services

Windows 10 update features

Forced updates, no selective updates, continual updates, choices on when to reboot, more efficient distribution, up-to-date resets

A newer approach to AV which uses a variety of techniques to spot the characteristics of a virus instead of attempting to make matches using a signature file

dynamic heuristic detection

One dynamic heuristic detection AV identification technique used is where a "virtual" environment is created that simulates the central processing unit (CPU) and memory of the computer

code emulation

two methodologies used to identify virus infected software

static analysis and dynamic heuristic detection

T/F: A popup blocker is antispyware

TRUE

Types of Windows User Account Control (UAC) user accounts

Guest account – very few settings can be changed, Standard accounts – designed for everyday computing activities and allows some settings to be modified, administrator account – highest level which provides the most control

T/F: A scheduled backup is performed intentionally by the user

TRUE