Labels

Chapter 27: Securing Computers (A+ Study Notes)


A+
Study Notebook
You can find my complete study notes in Google Docs format below: https://docs.google.com/document/d/1zcKLWfsns1tqzmXtVRJbcd9NqfaEcjifgIo-oJIbEgc/edit?usp=sharing

References:
M. MEYERS, 2019.  CompTIA A+ All-in-One Exam Guide. 10th ed.

Chapter 27: Securing Computers

  • Analyzing threats: 
    • Unauthorized Access
      • Intrusion
      • Dumpster diving (searching through the trash folder) 
      • Shoulder surfing (literally observing someone screen or keyboard to gain info)  
    • Social engineering (human manipulation)
      • Infiltration (impersonating other person)
      • Telephone scams
      • Phishing (e.g. trying to get someone password while pretending to be someone else) 
    • Denial of service (DoS) (e.g. assaulting the system with so much traffic that it can’t handle anymore and it has to shut down)
    • Data destruction
    • Administrative access
    • Catastrophic hardware failure
    • Physical theft
    • Malware
      • Virus
      • Worm
      • Trojan Horse 
      • Keylogger
      • Rootkit
      • Spyware
      • Ransomware
      • Botnet
    • Environmental threat
  • MAC Address Filtering (for filtering/whitelisting/ blacklisting which MAC address can gain access to your network and which cannot)
  • Authentication (software or hardware authentication) 
  • Security Policies and User Groups
  • Data Classification 
  • License 
  • Zero-day Attack (unknown attack on freshly released software/app/service) 
  • Spoofing (pretending to be something that you are not by placing false info into your pacets. 
  • Man-in-the-middle (MITM) (attacker taps into communication between the two systems) 
    • E.g. pretend you are a wireless access point, as such you gain all info sent between two computers
  • Session Hijacking (similar to Man-in-the-Middle, only that this way attacker only tries to get authentication info) 
  • Brute Force
  • Antivirus
    • Known viruses have signatures
    • Polymorphic virus (attempts to change its signature to hide from antivirus)
    • Checksum is generated for every Unknown Polymorph 
    • If checksum is different on each scan, it means it is most likely a virus
    • Stealth (a boot sector virus, which tris to hide from Antivirus) 
  • User Education
  • Firewalls
  • IDS and IPS
    • IDS (Intrusion Detection System) (inspects packets for active intrusion on the network)
    • IPS (Intrusion Prevention System) (sits directly in the flow of traffic. It can block incoming packets based on IP, port number, app type. It can even fix packets)
      • An IPS can stop an attack while it is happening
      • Network bandwidth and latency gets affected
      • If IPS goes down, network link might go down too 
  • UTM (Unified Threat Management) (a traditional firewall together with many other security services such as: IPS, VPN, load balancing, antivirus and etc. - which as a result helps to build a robust security deep within the network)
  • Data Encryption (e.g. VPN)
  • Application Encryption 
    • TLS (Transport Layer Security) - the most often used in HTTPS (HTTP over TLS) (used to be SSL (Secure Socket Layer) for securing websites) 
    • DLP (Data Loss Prevention) - many security appliances include context-based set of rules to help avoid accidental leakage of data. 
      • DLP works by scanning packets flowing out of the network, stopping the flow when something triggers
    • Communication between Web Server and Web browser must encrypt and decrypt the data. 
      • This is achieved by the use of digital certificates. Which are signed by trusted certificate authority (CA) (e.g. Symantec) 
      • Web browser has a list of trusted root CAs
Labels:

Comments

Post a Comment

Popular Posts