Week 11 Chapter 18 A Notes - FlameSpyro/Tech-Journal GitHub Wiki

CIA Document

The information Security Model is made up of 3 main sections. Information States, Information Security Properties and Security Measures.

Information Security Properties

  • ISP is made up of 3 major sections:

  • Confidentiality which is assurance that information can only be seen and used by the people authorized to

  • Integrity of Information is about ensuring that the previous information is intact and correct as well as legitimate

  • Availability is assuring that authorized users are able to access and use information assets, resources, and systems when needed.

Security Measures

  • Security Measures is also made up of 3 parts:

  • Education, Training, and Awareness to demonstrate how to properly use security measures to defend information

  • Technology in order to enforce the security measures to defend

  • Policy and Procedures which define the organization’s rules and the expectations in regards to access and protection of information assets

Information Security

  • The given model of information security emphasizes resources in every place information can be found

  • Storage includes any media on which information can be recorded, including printed output.

  • Secure handling of output media containing sensitive information requires that it be completely erased or destroyed before final disposal.

Chapter 18 A+

Internet Security (All sub sections)

  • No system should connect to the Internet without antivirus and anti malware software installed.

  • Pay attention to the security alerts provided by antivirus and anti-malware software, browser applications, and the operating system

  • If you cannot afford any antivirus software than look for popular free ones, there are plenty out there

  • Later Microsoft OS came with Windows Defender, which works with Internet Explorer/Edge to warn for spyware.

Malware Removal

  • Malware can have a variety of effects from running slow, odd behavior or losing files

  • If you try all methods of antivirus removal then the system still performs strangely, boot into Safe Mode and run the virus checker from there, use the msconfig utility to isolate a startup application or service that might be causing the issue.

  • Some viruses must be removed manually along with removing software that may have had some files wiped through antivirus software

Digital Security Certificates

  • A digital certificate authenticates and secures information.

  • The certificate authority (CA) is the sender (the device or person who originated the communication).

  • A digital certificate typically contains a public key (a key used with a private key so that messages can be unencrypted), sender information, and the length of time the certificate is to be considered valid

  • If you want to trust a self-signed certificate, then in the internet explorer settings you can self sign a certificate

Firewalls

  • A firewall protects one or more computers from outside attacks and is used to implement security policies.

  • Firewalls can be either a software application or hardware

  • It can prevent hackers from accessing a computer that is able to connect to the internet

  • A hardware firewall is a good solution for home and business networks

Whitelist and Blacklist

  • A whitelist implementation is based on a list of who is allowed in (through the firewall to use a VPN, use an application, enter a secured network closet, and so on).

  • A blacklist details what users or websites are not allowed.

DMZ

  • In a corporate environment, a firewall, router, or wireless router can be used to create an area called a demilitarized zone or a DMZ A DMZ can also be created by using two firewalls, with one firewall connected to the router and the DMZ connected to that firewall and to a second firewall.

NAT and PAT

  • A company uses a private IP address on a device inside a company, but they cannot be routed on the internet, a Network Address Translation which translates a private IP to a public IP

  • Port mapping allows the combination of one public address and a specific port number to represent one internal company host

Remote Access to Network Devices

  • Remote desktop is commonly used along with other 3rd party software to access computers while away or just at home

  • Here are common protocols used to remote access devices

  • Remote Desktop Protocol creates a peer to peer remote desktop connection from one computer to another remote computer

  • Secure Shell uses port 22 to log into a remote network device and is used as an alternative to Telnet

  • Telnet Uses port 23 to access a remote device such as a router or a server

Wireless Network Security Overview

  • Wireless LANs are much more secure today than the time when WLAN was popular

  • Wireless access points are an integral part of a wireless LAN

  • Mobile device management (MDM) can help with security by enabling a technician to view and manage mobile devices

  • Security on wireless devices has always been a concern, and several options can be used such as WEP, WPA, WPA2, TKIP, AES

  • When shared key authentication is used, the Wired Equivalent Privacy (WEP) encrypts data being transmitted. WEP commonly has two versions: 64-bit and 128-bit.

  • MAC address filtering can have devices manually added to the access point to gain access. It's mostly used for a small number of wireless devices.

  • Firmware is software that is embedded into a piece of hardware which can be upgraded in network routers, switches, access points, and firewalls

Questions

1.Why would you boot into Safe Mode to run an antivirus scan?

In the event that the antivirus software finds some sort of malware, it may be unable to remove said malware in normal windows, safe mode however does not launch windows 3rd party software and hardware drivers making it effective to remove malware.

2.Based on what you’ve learned about processes and how programs are managed in memory, is it a good idea or bad idea to restart a computer after a suspected infection?

From the information from the previous question, going to safe mode will require a restart. However, if you do a normal restart back to windows that may not be the best idea as things like rootkits can take advantage of the booting up process and takeover even more. So unless you are booting to safe mode which you should, do not restart.

  1. What is the native antivirus tool for Windows? How does it compare to other antivirus products?

This software known as Windows Defender is a very good piece of software even being built into the system. Although from past experience defenders have failed to seek out malware some customers have sent in. I personally recommend using other software such as webroot and norton as defender can work along with it but defender on its own I wouldn't recommend.