IT Fundamentals/2014/Security

Learners should already be familiar with IC³ - Computer Use and Safety.

Objectives and skills for the security portion of IT Fundamentals certification include:^[2]

1. Wikipedia: Internet security
2. Wikipedia: Password manager
3. Wikipedia: Hardening (computing)
4. Wikipedia: Multi-factor authentication

1. YouTube: IT Fundamentals - Risk Analysis and Security Policy
2. YouTube: IT Fundamentals - Threats
3. YouTube: IT Fundamentals - Wireless and Mobile Network Security
4. YouTube: Protecting Your Computer from Malware
5. YouTube: Using Safe Practices
6. YouTube: Antivirus Software

1. Use anti-malware software to scan your system and test malware detection.
   • All: Review Wikipedia: Comparison of antivirus software. Download a free, well-known anti-malware application and scan your system.
   • All: Review Wikipedia: EICAR test file. Download and save the EICAR test file to test your anti-malware application and follow the process for removing malware.
2. Configure password management.
   • All: Research password managers. Consider installing and using a password manager on your system.
   • Windows: Review Microsoft: How to Configure Security Policy Settings. Consider modifying Password Policy and Account Lockout Policy settings.
   • OS X: Review CNet: How to set up password policies in OS X. Consider modifying password restrictions.
   • Linux: Review Xmodulo: How to set password policy on Linux. Consider modifying password policy settings.
3. Research multi-factor authentication. Consider setting up multi-factor authentication on your Apple, Facebook, Google, and/or Microsoft accounts, as well as your password manager and your financial institutions.
4. Test your firewall using a testing service such as Gibson Research: ShieldsUP!
5. Consider encrypting your system storage:
   • Windows: Review Microsoft: BitLocker Drive Encryption Overview
   • OS X: Review Apple: OS X: About FileVault 2
   • Linux: Review ArchLinux: Disk Encryption
   • Android: Review GreenBot: Why and How to Encrypt Your Android Device.
   • iOS: Review Apple:Understanding Data Protection.

• Security threats include malware, phishing, social engineering, spam, password cracking, and physical security risks.^[3]
• Malware is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. This includes viruses, Trojans, spyware, and ransomware.^[4]
• Physical security threats include hardware theft, software/license theft, shoulder surfing, and dumpster diving.^[5]
• Effective password management includes password complexity, password confidentiality, password expiration, limited password reuse, changing default passwords, understanding single sign-on, and using multi-factor authentication.^[6]
• Device hardening includes disabling unused features such as Bluetooth and Near Field Communication, using screen timeout and lock options, enabling security software features, using a software firewall, using anti-malware software, and encrypting data storage.^[7]
• Security best practices include being alert for suspicious emails, attachments, and hyperlinks, responding to security software alerts, renaming administrator accounts, and disabling guest accounts.^[8][9]

authentication

The process of confirming identity.^[10]

authorization

The function of specifying access rights to resources.^[11]

BitLocker

A full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and later Windows operating systems.^[12]

brute-force attack

A cryptanalytic attack that consists of systematically checking all possible keys or passwords until the correct one is found.^[13]

device hardening

The process of securing a system by reducing its surface of vulnerability through the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.^[14]

dictionary attack

A technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities from a list.^[15]

dumpster diving

The practice of sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to the collector.^[16]

ethical hacker

A computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.^[17]

impersonation

The act of assuming the identity of another, in order to commit fraud, such as accessing confidential information, or to gain property not belonging to them.^[18]

malware

Any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.^[19]

multi-factor authentication

A method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories of knowledge, possession, and inherence.^[20]

packet sniffer

A computer program that can intercept and log traffic passing over a digital network.^[21]

password complexity

The length and character set combinations used to create a password, such as upper case and lower case letters, numbers, and punctuation.^[22]

password confidentiality

A set of rules or a promise that limits access or places restrictions on password sharing.^[23]

password cracking

The process of recovering passwords from data that have been stored in or transmitted by a computer system, most often through brute-force or dictionary attacks.^[24]

password expiration

A policy that requires users to change passwords periodically.^[25]

password reuse

A policy that prevents users from repeating recently used passwords.^[26]

permissions

Access rights assigned to specific users and groups of users to control the ability of the users to view or make changes to system objects.^[27]

phishing

The attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.^[28]

physical security

Measures designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm.^[29]

ransomware

A type of malware which restricts access to the computer system that it infects, and demands a fee be paid to the operators of the malware in order for the restriction to be removed.^[30]

shoulder surfing

Using direct observation techniques to obtain information such as passwords, PINs, security codes, and similar data.^[31]

single sign-on

A property of access control systems that allows a user to log in once and gain access to all interrelated systems without being prompted to log in again.^[32]

social engineering

Psychological manipulation of people to cause them to perform actions or divulge confidential information.^[33]

spam

Unsolicited electronic messages, especially advertising.^[34]

spim

Unsolicited electronic messages targeting users of instant messaging (IM) services.^[35]

spoofing

Concealing the identity of the sender by impersonating another computing system.^[36]

spyware

Software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.^[37]

trojan

A non-self-replicating type of malware program containing malicious code that, when executed typically causes loss or theft of data, and possible system harm.^[38]

virus

A malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or firmware.^[39]

1. Security threats include _____, _____, _____, _____, _____, and _____.

   Security threats include malware, phishing, social engineering, spam, password cracking, and physical security risks.
2. Malware is _____. This includes _____, _____, _____, and _____.

   Malware is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. This includes viruses, Trojans, spyware, and ransomware.
3. Physical security threats include _____, _____, _____, and _____.

   Physical security threats include hardware theft, software/license theft, shoulder surfing, and dumpster diving.
4. Effective password management includes _____, _____, _____, _____, _____, _____, and _____.

   Effective password management includes password complexity, password confidentiality, password expiration, limited password reuse, changing default passwords, understanding single sign-on, and using multi-factor authentication.
5. Device hardening includes disabling _____, using _____, enabling _____, using _____, using _____, and encrypting _____.

   Device hardening includes disabling unused features such as Bluetooth and Near Field Communication, using screen timeout and lock options, enabling security software features, using a software firewall, using anti-malware software, and encrypting data storage.
6. Security best practices include being alert for _____, responding to _____, renaming _____, and disabling _____.

   Security best practices include being alert for suspicious emails, attachments, and hyperlinks, responding to security software alerts, renaming administrator accounts, and disabling guest accounts.

• Flashcards: Quizlet: IT Fundamentals - Security
• Quiz: Quizlet: IT Fundamentals - Security

• IC³ - Computer Use and Safety