Week 12 Journal

Security Policy - Policy which gives rules and guides for a computer and network of an organization or corporation.

Physical access - who has access to to different rooms of different buildings of an organization, typically through card access.

Noncompliant systems - systems that fail to meet security policies and guidelines.

Acceptable use - defines level, usage for computers and software.

Email use - who owns the email and the defined usage.

Emergency procedures - details for missing people and line of security succession.

Remote access - the using of a computer remotely.

Spyware - takes personal data and information from users without their knowing.

Virus - malicious software that allows unauthorized access to a computer and it's data.

Worm - spreads through a network or multiple computers.

Rootkit - gains admin or system access of a computer.

Trojan - Malicious software disguised as a normal program.

Ransomware - locks or encrypts data until a victim pays the ransom.

Social engineering - manipulating and tricking people into exposing access or sensitive data that can be leveraged.

Phishing - a website or email that that tricks users into entering credentials thinking it is a legitimate log in.

Botnet - a network of bots that are programmed to do a certain action at mass scale.

Man in the middle - a device with monitor mode capabilities to listen to the communication between two computers on the internet.

Replay - valid network or certificate is resent to get logon procedure.

Zero day attack - vulnerability in software used by hackers before it is discovered by owners.

Back up data to another hard drive or the cloud or server.

Restore - Using backed up data to restore a previous version of the operating system.

Which form of multifactor authentication could be implemented on Skiff 100 computers to prevent someone from being able to login if they stole credentials? (Refer back to Table 18.1) Why did you choose those options?

Every log in should also need the user to verify through their Champlain email to log on to the machines in Skiff 100.

In your own words, define social engineering. Locate an online resource that discusses a social engineering attack. Provide a brief explanation on what happened and what was the impact. (NOTE: You could add the terms "case study" in your search to limit results)

Social engineering is when you manipulate an individual to giving you access to sensitive data or information that you can leverage in a cyber attack. One famous attack was 2011 RSA SecurID Phishing Attack. A well-crafted e-mail with the subject line "2011 Recruitment Plan" tricked an RSA employee to retrieve from a junk-mail folder and open a message containing a virus that led to a sophisticated attack on the company's information systems.