FBLA COMP CPU SCI: Cyber Security and Impact :1:@2
unsolicited emails sent to many addresses
Spam Email
an update to a computer program in order to fix or update the program
Software Patch
a flaw or weakness that hackers or malware can exploit
Vulnerability
A record showing who has accessed a computer system and what operations he or she has performed during a given period of time. Useful both for maintaining security and for recovering lost transactions.
Audit Trail
A computer network attack that seeks to maximize the severity of damage and speed of contagion by combining methods, for example using characteristics of both viruses and worms, while also taking advantage of vulnerabilities in computers, networks, or other physical systems. An attack using a blended approach might send a virus via an e-mail attachment, along with a Trojan horse embedded in an HTML file that will cause damage to the recipient computer. The Nimda, CodeRed, and Bugbear exploits were all examples of blended threats.
Blended Threat
Form of cryptography in which the plaintext is made unintelligible to anyone, who intercepts it by a transformation of the information itself, based on some key.
Ciphertext
The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.
Encryption
the process of converting encrypted data back into its original form, so it can be understood.
Decryption
What should you do if you receive an email from someone you don't know with an attachment?
Mark it as spam, ignore it, or delete it.
You have a Mac so you don't have to worry about viruses.
(True/False)
False
an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database
Directory Harvest Attack
IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonate another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value.
IP Spoofing
IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPsec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well.
IPSec
Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself.
L2TP
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
SSL
Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN.
WEP
Wi-Fi Protected Access (WPA) is a security standard for users of computing devices equipped with wireless internet connections, or Wi-Fi. It improved upon and replaced the original Wi-Fi security standard, Wired Equivalent Privacy (WEP). WPA provides more sophisticated data encryption than WEP, and it also provides user authentication -- WEP's user authentication was considered insufficient.
WPA
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.
802.1x
A virtual private network (VPN) is a network that is constructed using public wires — usually the Internet — to connect to a private network, such as a company's internal network. There are a number of systems that enable you to create networks using the Internet as the medium for transporting data.
VPN
IEEE 802.11 - Wireless LAN (WLAN) & Mesh (Wi-Fi certification)
IEEE 802.3 - Ethernet
IEEE 802.1 - Higher Layer LAN Protocols (Bridging)
IEEE 802.15 - Wireless PAN
IEEE 802.**
What you monitor on the network. Establishing audit policy is an important facet of security. Monitoring the creation or modification of objects gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach.
There are nine different kinds of events you can audit. If you audit any of these kinds of events, Windows® records the events in the Security log, which you can find in Event Viewer.
Audit Policy
You can choose these to monitor in windows:
•Account logon events.
•Account management
•Directory service access
•Logon events
•Object access
•Policy change
•Privilege use
•Process tracking
•System events
Audit Policy Options
Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Incident Response
According to SANS institute:
1. Preparation: Preparing users and IT staff to handle potential incidents should they should arise
2. Identification: Determining whether an event is indeed a security incident
3. Containment: Limiting the damage of the incident and isolating affected systems to prevent further damage
4. Eradication: Finding the root cause of the incident, removing affected systems from the production environment
5. Recovery: Permitting affected systems back into the production environment, ensuring no threat remains
6. Lessons learned: Completing incident documentation, performing analysis to ultimately learn from incident and potentially improve future response efforts
Incident Response Procedure
A dual-homed host is a term used to reference a type of firewall that uses two (or more) network interfaces. One connection is an internal network and the second connection is to the Internet. A dual-homed host works as a simple firewall provided there is no direct IP traffic between the Internet and the internal network.
Dual-homed host/firewall
A screened subnet (also known as a "triple-homed firewall") is a network architecture that uses a single firewall with three network interfaces.
Interface 1 is the public interface and connects to the Internet.
Interface 2 connects to a DMZ (demilitarized zone) to which hosted public services are attached.
Interface 3 connects to an intranet for access to and from internal networks.
Even if the firewall itself is compromised, access to the intranet should not be available, as long as the firewall has been properly configured.
Triple-homed firewall (Aka screened subnet)
In computer networks, a DMZ (demilitarized zone) is a physical or logical sub-network that separates an internal local area network (LAN) from other untrusted networks, usually the Internet. External-facing servers, resources and services are located in the DMZ so they are accessible from the Internet but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts the ability of hackers to directly access internal servers and data via the Internet.
DMZ
Ports on switches can be assigned to one or more VLANs, allowing systems to be divided into logical groups -- e.g., based on which department they are associated with -- and rules to be established about how systems in the separate groups are allowed to communicate with each other. These can range from the simple and practical (computers in one VLAN can see the printer on that VLAN, but computers outside that VLAN cannot), to the complex and legal (e.g., computers in the trading departments cannot interact with computers in the retail banking departments).
VLan
An intranet is a private network that is contained within an enterprise. It may consist of many interlinked local area networks and also use leased lines in the wide area network. Typically, an intranet includes connections through one or more gateway computers to the outside Internet.
Intranet