Security+ Study

  1. Confidentiality
    Preventing the disclosure of information to unauthorized persons
  2. Integrity
    Means that data has not been tampered with or modified
  3. Availability
    Means that data is obtainable regardless of how it is stored/accessed/protected
  4. AAA of Computer Security
    • Authentication
    • Authorization
    • Accounting
  5. Authentication
    Person's identity is established with proof and confirmed by a system
  6. Authorization
    • When a user is given access to certain data or areas
    • Happens after authentication
  7. Accounting
    Tracking of data, computer usage, and network resources
  8. 5 Categories of Authentication
    • Something the user knows
    • Something the user has
    • Something the user is
    • Something the user does
    • Somewhere the user is
  9. Gray Hats
    Have no affiliation with a company, break into it, and then notify the administrator
  10. Blue Hats
    Asked by an organization to hack into a system, but are not employed by the organization
  11. Virus
    • Runs on a computer without the user's knowledge
    • Infects the computer when code is accessed and executed
    • Cannot reproduce by itself without being opened
  12. Malware
    Software designed to infiltrate a computer system and possibly damage it without the user's knowledge or consent
  13. Worm
    Like a virus, but can self-replicate
  14. Trojan Horse
    Appears to perform wanted functions but actually performs malicious functions behind the scenes
  15. Type of malware that restricts access to a system and demands a ransom be paid
  16. Spyware
    Collects information about about the user without their consent
  17. Adware
    Pops up ads based on what it has learned from spying on the user
  18. Rootkit
    Designed to gain admin-level control of a computer without being detected
  19. The method that a threat uses to access a target
    Threat Vector
  20. The means by which an attacker gains access to a computer in order to deliver malware
    Attack Vector
  21. Active Interception
    • A computer placed between the sender and the receiver.
    • Examples include: session theft, man in the middle
  22. Tools to detect a rootkit
    • Use removable media to boot the computer
    • GMER, TDSSKiller, chkrootkit
    • Or re-image the computer
  23. Virus Prevention Techniques
    • Run/update AV software
    • Scan entire system periodically
    • Update OS
    • Use a firewall
  24. Worm Prevention Techniques
    • Run/update AV software
    • Scan entire system periodically
  25. Trojan Horse Prevention Techniques
    • Run/update AV software
    • Scan entire system periodically
    • Run trojan scan periodically
  26. Spyware Prevention Techniques
    • Run/update anti-spyware software
    • Scan entire system periodically
    • Adjust web browser settings
    • Consider technologies that discourage spyware (i.e. virtualization)
  27. Rootkit Prevention Techniques
    • Run/update antivirus software
    • Use rootkit detector programs
  28. Spam Prevention Techniques
    • Use a spam filter
    • Configure white/blacklists
    • Close open mail relays
    • Train your users
  29. Personal Firewall
    • Applications that protect individual computers from unwanted traffic
    • Uses rules and policies
    • examples: Windows Firewall, ipfirewall, iptables (linux)
  30. Loaded on an individual computer, analyzes and monitors what happens inside that computer
  31. Checks all packets passing through network interfaces, enabling it to "see" more than one computer
    • NIDS
    • Can be loaded onto a computer or as a standalone appliance
  32. 2 Types of Monitoring IDS can carry out
    • Statistical Anomaly
    • Signature Based
  33. Statistical Anomaly
    IDS establishes a performance baseline based on normal network traffic, compares current traffic to baseline
  34. Signature-Based Detection
    IDS analyzes network traffic for pre-determined attack patterns (signatures)
  35. Examples of HIDS
    • OSSEC (free)
    • Verisys, Tripwire
  36. DLP Systems
    perform content inspection to prevent unauthorized use/leakage of data
  37. 3 Types of DLP Systems
    • Endpoint
    • Network
    • Storage
  38. Endpoint DLP Systems
    • Run on a computer
    • Monitor data in use (i.e. e-mail)
    • Can be used to inspect USB devices
  39. Network DLP Systems
    • Often installed on perimeter of the network
    • Inspects data in motion
  40. Storage DLP Systems
    • Installed in data centers or server rooms
    • Inspects data at rest
  41. Methods of securing the BIOS
    • Use a BIOS password
    • Flash the BIOS to latest version
    • Configure BIOS (disable removable media, change boot order, etc)
  42. Drawbacks to using a HIDS instead of a NIDS?
    • HIDS tend to use a lot of resources, can cause latency
    • HIDS cannot detect network attacks
Card Set
Security+ Study
man vs exam