Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Transcription

1 Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard drive destruction and recycling. Identify security procedures. Explain what is required in a basic security policy and describe ways to protect data. Describe wireless security techniques Explain the tasks required to protect physical equipment. Identify common preventive maintenance techniques for security. Explain measures to maintain operating systems, backup data, configure firewalls, and maintain accounts. Apply the six steps of the troubleshooting process to security Security 1. Where can threats to security come from? 2. What are the two types of general threats to computer security? Give examples of each Security Threats 3. What is malware and what does it do? 4. How is malware typically installed? Chapter 10: Security Page 1 of 14

2 5. Differentiate the following types of Malware: a. Adware b. Spyware c. Grayware d. Phishing 6. Explain what is Phishing and give an example: 7. How is a virus transferred to another computer? 8. Explain how does a virus typically work? 9. What is considers the most potentially damaging type of virus and why? 10. What is a worm and explain how is a worm different from a virus? 11. Explain how even if the worm does not damage data or applications on the hosts it infects, it is harmful to networks because it: 12. What is a Trojan threat and where are they found? Chapter 10: Security Page 2 of 14

3 13. Trojans are often disguised as what? 14. How much do computer viruses cost business annually? (search this) 15. Explain what is Virus protection software and what does it do? 16. What makes a Rootkit especially difficult to deal with? 17. What are five examples of web tools (just list) and explain how can attackers use them? 18. What is InPrivate browsing and what are two ways to activate it in Internet Explorer? 19. What is SPAM? 20. How can Spam be used with a virus? 21. What are six common SPAM indications? Chapter 10: Security Page 3 of 14

4 22. Explain these common attacks: SYN Flood DoS DDoS Spoofing Man-in-the-Middle Replay DNS Poisoning Worksheet - Security Attacks 23. A is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information. Chapter 10: Security Page 4 of 14

5 24. Seven basic precautions to help protect against social engineering: 25. is the process of removing sensitive data from hardware and software before recycling or discarding. 26. The only way to fully ensure that data cannot be recovered from a hard drive is to: 10.2 Security Procedures 27. Explain what is a security policy and why is it needed? 28. What elements should be included in a security policy? Worksheet - Answer Security Policy Questions 29. What questions should you ask to determine security factors? 30. What are at least 4 key areas a security policy should address? Chapter 10: Security Page 5 of 14

6 31. What are at least emergency procedures a security policy should address? 32. Explain what is the difference computer between data classified public versus top secret from a business perspective? 33. What security problem is created when people use each other s password to log-in? 34. Explain the three levels of password protection that are recommended: 35. List and explain four good password rules/ requirements: A B Chapter 10: Security Page 6 of 14

7 C D 36. What is the key difference in file and folders sharing privileges when comparing NTFS and FAT32? 37. What is meant Principle of Least Privilege? Lab - Securing Accounts, Data, and the Computer in Windows Lab - Securing Accounts, Data, and the Computer in Windows Vista Lab - Securing Accounts, Data, and the Computer in Windows XP 38. What is a software firewall and how does it work? 39. What do biometric devices use to give access to people? Give one example 40. What make a smart card operate? 41. Where are data backups kept and why? 42. What are some considerations for data backups? Chapter 10: Security Page 7 of 14

8 43. How does data encryption work on a drive? 44. How can the Bit-Locker application be used? 45. When facing a suspect warning window, what key combination may help safely close it? 46. When a machine reports an infection, what should be the first action taken and why? Worksheet - Third-Party Antivirus Software 47. Why must software manufacturers regularly create and dispense new patches to fix flaws and vulnerabilities? 48. How are signature files used in keeping computers free from malicious software? 49. Explain what is hash encoding and where is it used? Chapter 10: Security Page 8 of 14

9 50. What are the most popular hashing algorithms? 51. What is symmetric encryption?( Give an example in your answer) 52. What is asymmetric encryption? (Give an example in your answer.) 53. When is the private key used? 54. What does the SSID do and how could it be an exploit? 55. How can MAC address filtering be used as a technique to deploy device-level security on a wireless LAN? 56. Define the following: Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Lightweight Extensible Authentication Protocol (LEAP), also called EAP-Cisco- Chapter 10: Security Page 9 of 14

10 Packet Tracer Activity: Wireless Security Techniques Instructor Check: 57. What are two ways in which changing the power level in wireless devices can be beneficial? 58. Explain why is it important to change to password (and username if possible) on a wireless device from the default? 59. Before WPS (Wi-Fi Protected Setup) what did people do for network security and how does WPS help now? 60. Explain the types of hardware firewall configurations: Packet filter Stateful packet inspection Application layer Proxy Chapter 10: Security Page 10 of 14

11 61. What is a network DMZ and what things are usually place there? Worksheet - Research Firewalls 62. What is port forwarding and when might you use it at home? Lab - Configure Wireless Security 63. What are the four interrelated aspects of physical security? 64. What are at least five methods of physically protecting computer equipment? 65. To limit access to a facility, what are some methods that can be used? 10.3 Common Preventive Maintenance Techniques for Security 66. What is a patch and how is it different from a service pack? Worksheet - Operating System Updates in Windows 67. What is a full back-up? 68. What is an incremental backup? Chapter 10: Security Page 11 of 14

12 69. What is the difference between an incremental backup and a differential backup? Use a diagram to support your answer: 70. When should backups be run? Lab - Data Backup and Recovery in Windows Lab - Data Backup and Recovery in Windows Vista Lab - Data Backup and Recovery in Windows XP 71. What is the difference between a restrictive verses permissive security policy when dealing with firewalls? Lab - Configure a Windows 7 Firewall Lab - Configure a Windows Vista Firewall Lab - Configure a Windows XP Firewall 72. What can help limit areas of vulnerability that allow a virus of malicious software to enter the network? 73. When should an employee s access be terminated and why? 74. When should guest accounts be used? 10.4 Basic Troubleshooting Process for Security 75. List 3 open ended questions to help identify the problem. A B C Chapter 10: Security Page 12 of 14

13 76. List 3 closed ended questions to help identify the problem A B C 77. What are some common probable causes for security problems? (at least 4) 78. That are three quick procedures that can be done to help test your previous theory(s)? A B C 79. If a quick procedure does not correct the problem, what needs to happen? 80. What are some additional resources that can be used to establish a plan of action? (list at least 4) 81. After you have determined the exact cause of the problem what needs to occur? Chapter 10: Security Page 13 of 14

14 82. What is the final step(s) in troubleshooting and what are at least three actions you may do in that final step(s)? Worksheet - Gather Information from the Customer Chapter 10: Security Page 14 of 14