• Confidentiality: assurance that information can be read and interpreted only by persons and processes explicitly authorized to do so.

• Integrity: assurance that information remains intact, correct, and authentic.

• Availability: assurance that authorized users can access and work with information assets, resources, and systems when needed, with sufficient response and performance.

Assurance that authorized users can access and work with information assets, resources, and systems when needed, with sufficient response and performance. Categories include:

• Processing

• Storage

• Transmission

• Proper disposal of confidential information is very important

• Policy and Procedures: Information security policies define the organization's rules and expectations regarding access, protection, and accountability for information assets and resources.

• Technology: defend against information system vulnerabilities and threats, and facilitate quick response when information security incidents occur, appropriate technology must be securely configured, deployed, and maintained.

• Education, Training, Awareness: Make sure people who will be connected to the network have the proper training and education to be aware of and prevent threats

---

These are my notes on the assigned sections of Chapter 18 of the A+ Textbook. This chapter focuses on security and how it is implemented into systems.

• Introduction paragraphs

  • You should always have antivirus software when connecting to the internet
  • Pay attention to security Alerts from antivirus and anti malware software
  • Rogue Antivirus: pretend to be legit antivirus software, but are actually viruses
  • Windows defender is good, and is free

• Malware Removal

  • Some malware symptoms are: disappearing files, file permission changes, constant storage or network activity, corrupt or renamed system files
  • To remove Malware:
    • Identify symptoms
    • Quarantine the infected system
    • Notify people who need to know, according to the policy
    • For Windows machines, disable System Restore
    • Remediate the infected system
  • Boot into safe mode if those steps don't work and run the virus checker
  • If the steps do work, then:
    • Schedule Antivirus scans and run updates
    • Re-enable system restore on Windows
    • Educate the user

• Digital Security Certificates

  • A digital certificate authenticates and secures information
  • Certificate authority (CA) is the sender of the certificate
  • A digital certificate typically contains a public key, sender information, and the length of time the certificate is to be considered valid
  • A public key is used with a private key
  • Close the browser immediately if you visit a site you should avoid

• Firewalls

  • A computer connected to the internet should be behind a firewall
  • A firewall implements security policies to protect from outside attacks
  • A firewall can be software or hardware
  • Both can be used together

• Whitelists And Blacklists

  • Whitelist implementation is based on a list of who is allowed in
  • Blacklists detail what users or websites are not allowed

• DMZ

  • A DMZ(Demilitarized Zone) can be created through the use of a firewall, router, or wireless router
  • A DMZ can separate IoT devices from the rest of the network
  • A DMZ can also be created by using two firewalls, with one firewall connected to the router, and the DMZ connected to that firewall and to a second firewall, which connects to the internal corporate network
  • Internet --> firewall --> DMZ --> firewall --> internal corporate network

• Network Address Translation(NAT): Translates private IP addresses to public addresses that can be routed over the Internet.
• Port Mapping or Port Address Translation(PAT): Allows the combination of one public address and a specific port number to represent one internal company host

• Some remote access Protocols are:
  • RDP(Remote Desktop Protocol): Creates a peer-to-peer remote desktop connection from one computer to a remote computer
  • SSH(Secure Shell): Uses port 22 to securely log in to a remote network device
  • Telnet: Uses port 23 to access a remote device on the network, such as a router, a server, an access point, or a switch.
• SSH is the most secure out of the three methods above.
• There are also third party software that uses remote access.

• ###Introduction

  • Wireless access Points should be physically secured
  • Data over air can be easily captured if not careful

• Mobile Device Management

  • MDM Policies are used to commonly define operating systems supported as well as password and security requirements. Optional policies might include the following:
    • Password storage
    • Software/firmware installation
    • System updates
    • Backup process
    • VPN connectivity
    • How to report lost or stolen devices
    • Steps involved when a security breach occurs
    • Data storage

• Wireless Security

  • Common Wireless security options are:
    • WEP
    • WPA
    • WPA2
    • TKIP
    • AES
  • Open authentication allows a wireless network device to send a frame to the access point with the sender’s identity (MAC address).
  • Shared key authentication requires the use of a shared key
  • A key is a group of characters that the wireless network device and access point must have in common.
  • Shared key authentication doesn’t scale with larger networks well
  • An Extensible Authentication Protocol (EAP) can be used as a good solution for authentication. Consists of supplicant and authenticator, and authentication server
  • Wired Equivalency Privacy(WEP) must be enabled with shared Key authentication
  • Some wireless NIC manufacturers allow you to enter multiple WEP keys
  • WEP key is usually entered manually
  • WiFi Protected Access (WPA) uses Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES) to improve security.
  • WPA is better than WEP and AES is better than TKIP
  • WiFi Protected Access 2 (WPA2) is an improvement that includes dynamic negotiation between the AP and the client for authentication and encryption algorithms

• WPS

  • WiFi Protected Setup (WPS) configures the SSID and WPA2 wireless security key for an AP or a client’s devices
  • WPS has Four ways to configure a wireless network:
    • PIN
    • USB attaches to AP that provides configuration info
    • A button is pushed or clicked
    • RFID

1. Why would you boot into Safe Mode to run an antivirus scan?

You would run the antivirus scan in safe mode to see if the virus resides in the base files of the system, since  safe mode boots into a basic state.

2. Based on what you’ve learned about processes and how programs are managed in memory, is it a good idea or bad idea to restart a computer after a suspected infection?

It is a bad idea to restart a computer after a suspected infection, as this could remove any evidence of an infection, if it was stored in volatile memory. Restarting could also be what makes the virus begin working, which would not be good.

3. What is the native antivirus tool for Windows? How does it compare to other antivirus products?

Windows Defender is the native antivirus tool for Windows. Compared to other antivirus products, it is reliable in defending a Windows system, but it it doesn't get at detailed and dive as deep as some of the premium antivirus software available.