how cyber security works.

*this is a study guide that was created from lecture videos and is used to help you gain an understanding of how cyber security works.

Physical security
Lock doors, identification badges can prevent tailgating, lojack is location tracking software, dumpster divers will find information outside, use a shredder.

Passwords and authentication
Create strong passwords.
Local security policy- control panel -> administrative tools > local security policy -> account policies -> password policy -> complexity requirements and other settings to create security and password policies
Multi factor authentication- combines username and password. Something you know, something you have or somethinga bout you. Biometrics can be used for multi factor authentication, same with retinal scanners, they use some aspect of your physical body. RSA keys use encryption for authentication.

Protecting against snoops
Shoulder surfing, use privacy filter to reduce viewing angle of shoulder surfing. You can put passwords on your screensavers as well.
Phishing- emails designed to look like an important email. Provide user education to prevent phishing.

Malware
Virus is piece of executable code that resides in boot sector or executable files. It either propagates or activate. A worm is a virus that activates and propagates but doesn’t use optical media like normal viruses, instead it uses the internet itself. Most Malware started as a worm.
Trojan is a bad program that pretends to be something that isn’t. It does not propagate besides people making copies from it.
Adware has pop ups with ads but isn’t harmful and led to spyware, which spies on a systems information.

Anti-malware applications
Microsoft Security Essentials monitors your memory and executables. It will stop harmful programs in it’s tracks. A manual scan goes through your hard drive. It provides real time protection.

Anti-malware practices
If you believe a computer is infected with a virus, then ensure you remove it and isolate it from the network and everybody else. Easy problems can be caught by your anti-malware applications. A bootable thumb drive or cd means you have an OS that runs off a drive or disk. Boot into a recovery environment. You can install anti-malware on a bootable drive or a CD. Turn off restore points before you reboot or attempt to rid the malware. Rebuild the system with backups.

Hardware firewalls
Sits between you and the internet. A router can have a firewall, or you can get a separate box. There are stateful, which allows a firewall to determine what to do based on the action and stateless firewalls, which configures via access control list/parental control/access policy. There are many filters you can use for a stateless firewall. A stateful firewall changes with the times and is more flexible, SPI is stateful packet inspection and should be turned on. Use both a stateful and a stateless firewall.

Software firewalls
Sits on your individual host and monitor network traffic coming in and out. Software firewalls are on each host. Windows 10 Firewall- control panel -> windows firewall. Exceptions are openings in the firewall. Advanced settings allow you to set inbound and outbound rules. Inbound rules are programs trying to get stuff in from the Internet. Default exceptions are generally sufficient. Outbound is programs that is trying to get into your host. IDS is designed to detect something that is bad and to tell you about it. IPS detects and is active towards stopping it.

Data destruction
Can erase, can run through magnetic fields to destroy, which is degaussing or you can physically destroy with a drive shredder or crusher. Low level format and drive wiping tools can erase data off the drive.

Incident response
There will be an incident response leader. Document the scene or follow the chain of custody. Fill out the incident response form.