CompTIA® Security+ Exam Notes : Viruses, Worms, And Trojan Horses, Log Files, Phsing, And Social Engineering

84. Defense against social engineering may be built by:

1. Including instructions in your security policy for handling it, and
2. Training the employees what social engineering is and how to deal with it.

85. The security policy should clearly state that no one is ever allowed to share his/her password with anyone else. Secondly, the security policy should state that the help desk can only change or assign a new password after positive identification of the individual requesting the information.

86. Some of the features of Kerberos authentication system:

1. Uses client-server based architecture.
2. Kerberos server, referred to as KDC (Key Distribution Center) implements the Authentication Service (AS), Ticket Granting Ticket and the Ticket Granting Service (TGS).
3. Uses symmetric encryption
4. Unlike other authentication protocols ( FTP, PAP, etc. which transmits passwords over the network) passwords are not transmitted over the network.

87. Viruses, worms, and Trojan horses are all harmful pieces of software. The way they differ is how they infect the computers, and spread.

Virus: A computer virus attaches itself to a program or file so it can spread from one computer to another. Almost all viruses are attached to an executable file, and it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going.

Worm: Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. The danger with a worm is its capability to replicate itself. Unlike Virus, which sends out a single infection at a time, a Worm could send out hundreds or thousands of copies of itself, creating a huge devastating effect.

Trojan Horse: The Trojan Horse, at first glance appears to be a useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening it because it appears to be receiving legitimate software or file from a legitimate source.

Rootkit: It is a collection of tools that enable administrator-level access to a computer. Typically, a hacker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to gain root access to the computer and, possibly, other machines on the network.

88. Computer log files can be tampered with by a hacker to erase any intrusions. Computer logs can be protected using the following methods:

1. Setting minimal permissions
2. Using separate logging server
3. Encrypting log files
4. Setting log files to append only
5. Storing them on write-once media

Implementing all the above precautions ensures that the log files are safe from being tampered.

89. Phishing is the act of sending an e-mail to a user claiming to be a reputed organization (such as a bank) in an attempt to scam the user into providing information over the Internet. The e-mail directs the user to a Web site where they are prompted to provide private information, such as credit card, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information.
Piggybacking is another type of social engineering. Here the intruder poses as a new recruit, or a guest to your boss. The intruder typically uses his social engineering skills to enter a protected premises on someone else's identity, just piggybacking on the victim.

90. Social engineering, and Trojan attack are two well-known problems associated with Discretionary Access Control (DAC).

91. NBTSTAT This utility displays current NetBIOS over TCP/IP connections, and display NetBIOS name cache.

92. NETSTAT Displays current TCP/IP connections since the server was last booted.

93. TRACERT Used to determine which route a packet takes to reach its destination from source.

94. IPCONFIG Used to display Windows IP configuration information.

95. NSLOOKUP This utility enables users to interact with a DNS server and display resource records.

96. ROUTE Used to display and edit static routing tables.

97. RAID (short for Redundant Array of Inexpensive Disks) can be used to provide fault tolerance on a computer. There are several RAID levels such as RAID 1, RAID 5, etc. RAID 1 provides disk mirroring, where as RAID 5 provides striping with parity and minimum 3 disks are required for RAID 5.
Clustering is a technique where two or more computers are clustered and share the load. If one computer fails, the other computer's) take the load off the failed computer. Clustering is more expensive and requires two or more computers.

98. Acceptable use policy specifies what employees can do with their systems, and network access. The policy may put limits on personal use of resources, and resource access time.

99. It is recommended to store the backup tapes in a secure, physically distant location. This would take care of unforeseen disasters like natural disasters, fire, or theft. It is also important that the backup tapes are regularly verified for proper recovery in a test server, even though recovery is not really required at that time. Otherwise, it may so happen that you find a backup tape corrupt when it is really required.

100. A host based IDS should be place on a host computer such as a server. Network based IDS is typically placed on a network device such as a router.

101. Using Discretionary Access Control (DAC), the access rights for resources are controlled by the owner of a given resource.

102. For detecting spamware and virus, one need to install anti spamware, and anti virus programs. Installing the latest updates to Operating Systems will protect your system from exploits (like gaining back-door entry), but not necessarily from downloaded virus or spamware.

103. PGP uses public-key encryption for sending and receiving email messages. Diffie-Hellman and RSA algorithms are used for encryption/ decryption of PGP messages.

104. NAT (short for Network Address Translation) device changes the source IP address of a packet passing through it. Because of this, the destination host would not be able to receive the packets. The NAT devices at either side need to be configured so that it allows VPN packets through it.

105. A few techniques used by IDS (Intrusion Detection Systems) include the following:

a. Anomaly detection
b. Signature detection
c. Target monitoring, and
d. Stealth probes

106. SNMP is based on the manager/agent model. The manager runs on the server, and the agent runs on the client computers. Three important constituents of SNMP are a manager, an agent, and a database of management information. The manager provides the interface between the human network manager and the management system. The agent provides the interface between the manager and the physical device(s) being managed. The manager and agent use a Management Information Base (MIB) and a set of commands to exchange information.

107. In Public Key Infrastructure parlance, the term Principal means an entity whose identity can be verified.
1.AES (Advanced Encryption Standard) is more secure than DES or 3DES.
2. AES is a symmetric block cipher that can encrypt (encipher) or decrypt (decipher) information
3. AES is based on Rijndael algorithm
4. PGP (Pretty Good Privacy) can use Diffie-Hellman or RSA algorithms, but not AES or DES.

108. All web applications such as Web servers, News servers, email servers etc. need to be configured as secure as possible. This can be achieved by 

1. Removing all unnecessary services. These are the services that are installed but not used. For example, you might have installed TFTP, but not using it. It is better to remove the application or service that is not used as it may provide an opportunity to a hacker to abuse the resource.
2. Remove all unnecessary protocols: These are the protocols that are installed but not used. For example, you might have installed Novell Netware protocol but not necessary. It is preferable to remove that protocol.
3. Enable server and application logs: The logs provide an opportunity to look into the activity on the server over the past few hours or days. Check for any unusual activity such as failed login attempts etc.

Previous  1 2 3 4 5 6 7   Next