Chapter 18 Notes and Guiding Questions - SeanSeymour/SYS140-Tech-Journal GitHub Wiki

CIA Triad Document:

Information Security Properties: Confidentiality, Integrity, Availability. Confidentiality refers to assurance that information can be read only by people authorized to do so. Integrity is assurance that the information stays intact, correct, and authentic. Availability: Assurance that authorized users can access the information, assets and systems when needed with sufficient response and performance. It is important that everything is thrown away and deleted properly for proper disposal of important information which is confidential

Security Measures:

Policy and procedures, technology, education, training, and awareness. Policy and procedures define rules on accessing confidential information. Technology helps enforce information security policies and protect against vulnerabilities.

Administrators must understand the responsibility for information security and execute appropriate procedures to sustain and improve the security of information, assets, and resources.

Introduction Paragraphs:

AntiVirus is a must when accessing the internet, its the first step wall of virtual security. Be weary of fake antivirus software.

Malware Removal:

Signs of malware consist of a computer running slowly, crashing, or locking. Applications could behave abnormally or not at all, missing or disappearing files, or file permission changes.

Steps for Malware Removal include identifying malware symptoms, quarantine the infected system, notify appropriate personnel, disable system restore, remediate infected system. You can boot into safe mode to run a virus scanner. Make it a normality to scan for viruses by scheduling scans and updates. Re-enable system restore.

Digital Security Certificate:

Authenticates and secures information. There are public and private keys used to unencrypt messages and files.

Firewalls:

You should always be protected by a firewall and is used to implement security measures. Firewalls can be either hardware or software. A firewall keeps hackers from hackers accessing your computer. A hardware firewall is good for home and business networks. Both a hardware and software firewall can be used at the same time

White list and Black List:

A white list implementation is a list of who is allowed in, and Black list is a list of people and sites not allowed access to the computer.

DMZ:

Stands for Demilitarized Zone. Servers such as web servers or application servers can reside in the DMZ. Internet>Firewall>DMZ>Firewall>Internal Corporate Network.

NAT/PAT:

A network device such as a router or firewall performs Network Address Translation (NAT) Which means it translates private IP addresses into public IP Addresses that can be used to access the internet. One public IP address can be used for multiple devices on a singular network because of port mapping.

Remote Access to Network Devices:

RDP (Remote Desktop Protocol), SSH (Secure Shell), Telnet. RDP creates a P2P connection, SSH uses port 22 to log into a network device. Telnet uses port 23.

Wireless Network Security Overview:

LANS are much more secure than before.

Mobile Device Management is used by technicians used for mobile device security purposes.

Wireless security always has been a concern when it comes to security, but many new software and hardware can be used to make it much more secure.

WEP can be hacked. AES is used to improve security.

WPS configures the SSID and WPA2 security keys.

Four ways to configure wireless networks: PIN, USB, PBC, NFC

Why use safe mode for an antivirus software?

You would boot into safe mode for an antivirus program so that way the other infected files cant be opened that would get in the way of running the antivirus program.

Bad or Good Idea to restart after suspected infection?

It is a bad idea to Restart after a suspected infection because when you turn it back on, the virus can jump past certain security measures while the computer is being booted up.

What is the native antivirus tool for windows and how does it compare to other antivirus programs?

For windows 10, the native antivirus program is called Windows Defender. The problem with windows defender is that its not updated nearly enough to keep up with the current security problems, it doesn’t catch all malicious files in real time (some slip through the cracks), and it doesn’t support a VPN as well as the others.