Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
27 Cards in this Set
- Front
- Back
|
Malicious software
|
sometimes called malware, is software that is designed to infiltrateor affect a computer system without the owner’s informed consent.
|
|
|
virus
|
a program that can copy itself and infect a computer without the user’sconsent or knowledge
|
|
|
worm
|
a self-replicating program that copies itself to other computers on a network withoutany user intervention
|
|
|
Trojan horse
|
an executable program that appears as a desirable or useful program
|
|
|
Spyware
|
a type of malware that is installed on a computer to collect a user’s personalinformation or details about his or her browsing habits, often without the user’s knowledge.
|
|
|
Adware
|
any software package that automatically plays, displays, or downloads advertisementsto a computer after the software is installed or while the application is being used.
|
|
|
rootkit
|
a software or hardware device designed to gain administrator-level control overa computer system without being detected
|
|
|
backdoor
|
a program that gives someone remote, unauthorized control of a system orinitiates an unauthorized task.
|
|
|
Windows Defender
|
a software product from Microsoft that is intended to prevent, remove,and quarantine spyware in Microsoft Windows.
|
|
|
virus hoax
|
a message warning the recipient of a nonexistent computer virus threat, usuallysent as a chain email that tells the recipient to forward it to everyone he or she knows.
|
|
|
1Important updates: 2Recommended updates 3 Optional updates 4 Security updates 5 Critical updates 6 Service packs |
1 These updates offer significant benefits, such as improved security,privacy, and reliability. 2 These updates address noncritical problems or help enhanceyour computing experience. 3 These include updates, drivers, or new software from Microsoft to enhance your computing experience. 4 A security update is a broadly released fix for a product-specific securityrelatedvulnerability. 5 A critical update is a broadly released fix for a specific problemaddressing a critical, nonsecurity related bug.6 A service pack is a tested, cumulative set of hotfixes, security updates,critical updates, and updates, as well as additional fixes for problems found internallysince the release of the product
|
|
|
User Account Control (UAC)
|
a feature that started with Windows Vista and is includedwith Windows 7. UAC helps prevent unauthorized changes to your computer—and indoing so, it helps protect your system from malware.
|
|
|
Windows Firewall
|
However, because somesecurity packages and antivirus packages include their own firewall, you may choose to runan alternate firewall—but you should use only one firewall.
|
|
|
Offline files
|
copies of network files that are stored on your computer so you canaccess them when you aren’t connected to the network or when the network folder thatcontains the files is not connected.
|
|
|
Allowing users to install software may
|
• Introduce malware to a system.• Bypass safeguards already put in place to protect against malicious viruses and Trojanhorse programs.• Cause conflicts with software already on a baseline computer within an organization.If you do not allow your computer users to log on as administrators, you limit what softwarethey can install. You can also use group policies to restrict what software can be executed on aclient computer.Windows 7 supports two mechanisms for restricting applications both of which are based ongroup policies. They are:• Software restriction policies• AppLockerS
|
|
|
spam
|
the email received by a company’s employees consists of unsolicited messages called spamor junk email, some of which can carry malware and may lead to fraud or scams.
|
|
|
Sender Policy Framework (SPF)
|
an email validation system designed to prevent email spamthat uses source address spoofing
|
|
|
Bayesian filters,
|
antispam packages use special algorithms, such as Bayesian filters, to determine whetheremail is considered spam.
|
|
|
Simple Mail Transfer Protocol (SMTP)
|
one of the primary email protocols. SMTP isused to transfer email from one server to another, and it is responsible for outgoing mailtransport. SMTP uses TCP port 25.
|
|
|
cookie
|
is a piece of text stored by a user’s web browser. This file can be used for a widerange of purposes, including user identification, authentication, and storing site preferencesand shopping cart contents
|
|
|
Pop-up windows
|
very common on the Internet. Although some pop-up windows areuseful website controls, most are simply annoying advertisements, and a few may attempt toload spyware or other malicious programs. To protect your computer, Internet Explorer hasthe capability to suppress some or all pop-ups
|
|
|
content zones
|
For each of these zones, a security level isassigned.• Internet zone: This zone is used for anything that is not assigned to another zone andanything that is not on your computer or your organization’s network (intranet). Thedefault security level of the Internet zone is Medium.• Local intranet zone: This zone is used for sites that are part of an organization’s network(intranet) and do not require a proxy server, as defined by the system administrator. Theseinclude sites specified on the Connections tab, network, paths such as \\computername\foldername, and local intranet sites such as http://internal. You can add sites to this zone.The default security level for the Local intranet zone is Medium-Low, which means InternetExplorer will allow all cookies from websites in this zone to be saved on your computer andread by the website that created them. Finally, if the website requires NTLM or integratedauthentication, it will automatically use your username and password.• Trusted sites zone: This zone contains sites from which you believe you can downloador run files without damaging your system. You can assign sites to this zone. The defaultsecurity level for the Trusted sites zone is Low, which means Internet Explorer will allowall cookies from websites in this zone to be saved on your computer and read by thewebsite that created them.• Restricted sites zone: This zone contains sites that you do not trust and from whichdownloading or running files may damage your computer or data. These sites areconsidered a security risk. You can assign sites to this zone. The default security level forthe Restricted sites zone is High, which means Internet Explorer will block all cookiesfrom websites in this zone.
|
|
|
• High • Medium: • Low: • Custom: |
Excludes any content that can damage your computer Warns you before running potentially damaging content Does not warn you before running potentially damaging content A security setting of your own design |
|
|
Phishing
|
a technique based on social engineering. With phishing, users are asked (usuallythrough email or websites) to supply personal information in one of two ways:• By replying to an email asking for their username, password, and other personal information,such as account numbers, PINs, and Social Security number• By navigating to a convincing-looking website that urges them to supply their personalinformation,
|
|
|
Pharming
|
an attack aimed at redirecting a website’s traffic to a bogus website. This is usuallyaccomplished by changing the hosts file (a text that provides name resolution for host or domainnames to IP address) on a computer or by exploiting a vulnerability on a DNS server.
|
|
|
Microsoft Baseline Security Analyzer (MBSA
|
a software tool released by Microsoft to determinethe security state of a system by assessing missing security updates and less-secure securitysettings within Microsoft Windows components such as Internet Explorer, IIS web server, andproducts such as Microsoft SQL Server and Microsoft Office macro settings
|
|
|
Dynamic DNS
|
• Because client computers are connected to an organization’s network and may have directand indirect access to servers and network resources, it is important that these computersare protected.• A virus is a program that can copy itself and infect a computer without the user’s consentor knowledge.• A backdoor in a program gives remote, unauthorized control of a system or initiates anunauthorized task.• Some viruses, worms, rootkits, spyware, and adware work by exploiting security holes inWindows, Internet Explorer, or Microsoft Office.• The first step to protecting yourself against malware is keeping your Windows system (aswell as other Microsoft products, such as Internet Explorer and Microsoft Office) up to datewith the latest service packs, security patches, and other critical fixes.• A virus hoax is a message warning the recipient of a nonexistent computer virus threat,usually sent as a chain email that tells the recipient to forward it to everyone he or sheknows. This is a form of social engineering that plays on people’s ignorance and fear.• User Account Control (UAC) is a feature that helps prevent malware. UAC was first introducedwith Windows Vista and is included with Windows 7.• Microsoft recommends that you always use Windows Firewall.• Offline files are not encrypted unless you choose for them to be. You might opt to encryptyour offline files if they contain sensitive or confidential information and you want to makethem more secure by restricting access to them.• If you do not allow users to log on as administrators, you can limit what software theseusers install and you can better protect the system from malware.• You can also use Group Policies to restrict what software can be executed on a client computer.• Most email is unsolicited; such messages are called spam or junk email.• The best place to establish a spam filtering system is on your email relay on a dedicatedserver or appliance, or as part of a firewall device or service• To make a spam message look like a legitimate message, sometimes spammers try to spoofan email address or IP address where a message comes from.• Spammers look for unprotected SMTP servers to relay their emails through.• Although some pop-up windows are useful web site controls, most are simply annoyingadvertisements, and a few attempt to load spyware or other malicious programs.• To help manage security when visiting websites, Internet Explorer divides your networkconnection into four content zones or types. Each of these zones is assigned a security level.• Phishing and pharming are two forms of attack used to lure individuals to bogus websitesin an attempt to spread malware or collect personal information.• All servers should be kept in a secure location. In addition, servers should be on their ownsubnet and VLAN to reduce the traffic reaching them, including broadcasts.• You should also secure a server by hardening it to reduce the attack surface. Whenhardening a server, look for security guides and best practices for Windows servers, aswell as for the specific network services you are installing.• To secure your DNS server, make it so that only members of an Active Directory domain cancreate records on the DNS server.
|
