Protecting the Server and Client

 

• Because a client computer is connected to an organization’s network, which may have direct and indirect access to servers and network resources, it is important to protect the client computer. 
• A computer virus is a program that can copy itself and infect a computer without the user’s consent or knowledge. 
• A backdoor is a program that gives some remote, unauthorized control of a system or initiates an unauthorized task. 
• Some viruses, worms, rootkits, spyware, and adware are made possible because they exploit some security holes within Windows, Internet Explorer, or Microsoft Office. 
• The first step that should be taken to protect yourself against malware is to keep your system up-to-date with the latest service packs, security patches, and other critical fixes for Windows (as well as other Microsoft products, such as Internet Explorer and Microsoft Office). 
• A virus hoax is a message warning the recipient of a non-existent computer virus threat, usually sent as a chain email that tells the recipient to forward it to everyone they know. It is a form of social engineering that plays on people’s ignorance and fear and may include emotive language and encouragement to forward the message to other people. 
• User Account Control (UAC) is a feature that was introduced in Windows Vista and is included with Windows 10 that helps guard against malware. 
• Microsoft recommends always using the Windows Firewall. 
• Offline files are copies of network files that are stored on your computer so that they can be accessed when not connected to the network or when the network folder with the files is not connected. 
• Offline files are not encrypted unless you choose to encrypt them. Consider encrypting your offline files if they contain sensitive or confidential information, and you want to make them more secure by restricting access to them. 
• By restricting users to standard user accounts, you can limit what software those users can install. 
• Use group policies to restrict what software can be executed on a client's computer. 
• Most of the emails will be unsolicited emails called spam or junk email. 
• The best place to establish an anti-spam filtering system is on your email relay, on a dedicated server or appliance, or as part of a firewall device or service. 
• Many anti-spam solutions will also use Real-time Blackhole Lists (RBLs) or a DNS-based Blackhole List (DNSBL), which can be accessed freely. RBLs and DNSBL are lists of known spammers that are updated frequently. 
• Sometimes, spammers will try to spoof a legitimate email address or IP address when the message actually comes from one with an email address or IP address that would likely be identified as spam. 
• Simple Mail Transfer Protocol (SMTP) is used to transfer email from one server to another and it is also responsible for outgoing mail transport. 
• Spammers look for unprotected SMTP servers through which they can relay their email. 
• A cookie is a piece of text stored by a user’s web browser. It can be used for a wide range of items, including user identification, authentication, storing site preferences, and shopping cart contents. 
• While some pop-up windows are useful website controls, most are simply annoying advertisements, with some attempting to load spyware or other malicious programs. 
• To help manage Internet Explorer security when visiting sites, Internet Explorer divides a network connection into four content zones or types. For each of these zones, a security level is assigned. 
• Phishing and pharming are forms of attacks to get users to a bogus website in an attempt to spread malware or collect personal information. 
• When surfing the internet, there are times when it is necessary to transmit private data such as credit card numbers, Social Security numbers, and so on. During these times, it is important to use http over SSL (https) to encrypt the data sent over the internet. 
• The server should be kept in a secure location. In addition, the servers should be in their own subnet to reduce the amount of traffic to the servers, especially broadcasts.
• To secure a server is to harden the server by reducing its surface of attack and thereby reducing the server’s vulnerabilities. To harden a server, look for security guides and best practices for Windows servers and for the specific network services that you are installing. 
• Windows servers provide support for the dynamic update functionality. Dynamic DNS lets client computers dynamically update their resource records in DNS. 
• To keep your DNS server secure, secure DNS makes it so that only members of an Active Directory domain can create records on the DNS server.

Multiple Choice 

Select the correct answer(s) for each of the following questions. 

1. Which type of malware copies itself onto other computers without the owner’s consent and will often delete or corrupt files? 

1. Virus 
2. Worm 
3. Trojan horse 
4. Spyware 

(a)

A computer virus is a program that can copy itself and infect a computer without the user’s consent or knowledge. Early viruses were usually some form of executable code that was hidden in the boot sector of a disk or as an executable file (a file name with an .exe or .com extension).

2. Which type of malware collects personal information or browsing history, often without the user’s knowledge? 

1. Virus 
2. Worm 
3. Trojan horse 
4. Spyware 

(d)

Spyware is a type of malware that is installed on computers and collects personal information and browsing habits, often without the user’s knowledge. Spyware can also install additional software, which can redirect your web browser to other sites or change your home page.

One type of spyware is the keylogger, which records every key a user presses. Therefore, when typing credit card numbers, Social Security numbers, and passwords, that information gets recorded and is eventually sent to and read by someone without the user’s knowledge. It should be noted that not all keyloggers are bad, because some corporations use them to monitor their corporate users.

Adware is any software package that automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. While adware may not necessarily be bad, it is often used with ill intent.

3. Which of the following is most likely the problem when a computer seems to be slow and a different default web page displays? 

1. The ISP has slowed the network connection. 
2. The computer has been infected with malware. 
3. The computer has not been updated. 
4. The user accidentally clicked the turbo button. 

(b)

Malicious software, sometimes called malware, is software designed to infiltrate and adversely affect a computer system without the owner’s informed consent. It is usually associated with viruses, worms, Trojan horses, spyware, rootkits, and dishonest adware. As a network administrator or computer technician, it is important to know how to identify malware, how to remove malware, and how to protect a computer from malware

4. Which of the following is the best thing to do to protect a computer against malware, besides installing an antivirus software package? (Choose the best answer.)

1. Keep the computer up-to-date with the latest security patches. 
2. Reboot the computer on a regular basis. 
3. Change the password on a regular basis. 
4. Spoof the IP address. 

(a)

To avoid malware, be sure to use common sense by following these suggestions: 

• Don’t install unknown software or software from an unknown source. 
• Don’t open strange email attachments. 
• Don’t click hyperlinks from strangers or if it’s unclear what the link is supposed to do. This also applies to sources like Yahoo!, AOL, and MSN. 
• If your email client supports auto launch, turn it off. Otherwise, you might automatically activate a computer virus just by opening the email. 
• Don’t visit questionable websites, especially sites that allow downloading software from music and video piracy sites and pornography sites. 
• If your web browser alerts you that a site is known for hosting malware, pay attention to these warnings. 
• If you surf the internet and browser pop-ups indicate that you need to download the newest driver or check your system for viruses, use caution. 
• Don’t forget to perform regular backups. So, if a computer does get a virus and data is lost, you can restore from a backup.

5. Which of the following refers to a thoroughly tested, cumulative set of hotfixes and other patches? 

1. Recommended update 
2. Hotfix pack 
3. Service pack 
4. Critical update

(c)

The first step that should be taken to protect yourself against malware is to keep your system up-to-date with the latest service packs, security patches, and other critical fixes for Windows (as well as other Microsoft products, such as Internet Explorer and Microsoft Office).

6. Which technology is used by Windows to prevent unauthorized changes to your system? 

1. UAC 
2. Protected mode 
3. Windows Defender 
4. ProtectGuard 

(a)

User Account Control (UAC) is a feature that was introduced in Windows Vista and is included with Windows 10 that helps guard against malware.

7. When using UAC, which of the following tasks requires administrative permissions or rights? 

1. Install updates from Windows Update. 
2. Change the date and time. 
3. Reset the network adapter. 
4. Install drivers from Windows Update. 

(b)

UAC can be enabled or disabled for any individual user account. Of course, if UAC is disabled for a user account, the computer will be at higher risk. However, if you perform a lot of administrative tasks on a computer, the UAC prompts can be annoying and can stop you from doing certain activities, including saving to the root directory of a drive, or using an application that is not compatible with UAC.

8. When attempting to change the display settings, which of the following causes a pop-up that prompts if a user wants to continue? 

1. Windows Firewall 
2. Protected Mode 
3. Windows Update 
4. UAC 

(d)

UAC can be enabled or disabled for any individual user account. Of course, if UAC is disabled for a user account, the computer will be at higher risk. However, if you perform a lot of administrative tasks on a computer, the UAC prompts can be annoying and can stop you from doing certain activities, including saving to the root directory of a drive, or using an application that is not compatible with UAC.

9. Which host-based firewall software comes with Windows 10? 

1. Windows Firewall 
2. Windows Protected Mode 
3. UAC 
4. Windows GuardIt 

(a)

Microsoft recommends always using the Windows Firewall.

10. Which program can be used to configure IPsec on a computer running Windows Server 2016? 

1. Windows Firewall with IPsec Plugin 
2. IPsec Monitor 
3. Windows Firewall with Advanced Security 
4. IPsec Configuration console 

(c)

In addition to the Windows Firewall found in Control Panel, newer versions of Windows include Windows Firewall with Advanced Security. Windows Firewall with Advanced Security combines a host firewall and Internet Protocol security (IPsec). Windows Firewall and Windows Firewall with Advanced Security are tightly coupled together, allowing better control of a firewall. In addition, Windows Firewall with Advanced Security provides computer-to-computer connection security, because it can be used to require authentication and data protection for communications via IPsec.

11. Which of the following tasks is recommended if sensitive or confidential information is stored in offline files? 

1. Clear the cache. 
2. Encrypt the offline files. 
3. Clear the cookies. 
4. Execute ipconfig /renewip. 

(b)

Offline files are not encrypted unless you choose to encrypt them. Consider encrypting your offline files if they contain sensitive or confidential information, and you want to make them more secure by restricting access to them.

12. Which of the following tasks should be performed if legitimate emails are being blocked at a spam-blocking device? 

1. Flush out the quarantined items. 
2. Reboot the spam-blocking device. 
3. Add the email address or domain to the allow list. 
4. Add the email address or domain to the block list. 

(c)

13. SMTP uses which of the following TCP ports? 

1. 43 
2. 25 
3. 80 
4. 443 

(b)

14. When using IE, how many content zones are there? 

1. 1 
2. 2 
3. 4 
4. 8

(c)

15. Which of the following refers to a social engineering technique in which a user receives an email stating that his account has just expired and he should log on to a legitimate-looking website to fix the problem? 

1. Phishing 
2. Pharming 
3. Phaking 
4. Spoofing the IP address 

(a)

Phishing and pharming are forms of attacks to get users to access a bogus website so the phisher or pharmer can spread malware and/or collect personal information.

16. Which of the following is used to stop a program from running on a Windows 10 system? 

1. AppLocker 
2. Windows Defender 
3. Microsoft Passport 
4. Smart card 

(a)

Use AppLocker to control how users access and use programs and files, and extend the functionality originally provided by the Software Restriction policy found in earlier versions of Windows operating systems. In Windows 10, AppLocker is located in the Local Group Policy Editor.

17. Which type of account is used with outlook.com and OneDrive and can be used to synchronize a desktop across multiple computers? 

1. Domain account 
2. Microsoft account 
3. Local account 
4. Virtual account 

(b)

18. Which of the following is a collection of security settings that can be used to configure client settings? 

1. Biometrics 
2. Windows Defender 
3. Security baseline 
4. Windows Store 

(c)

A security baseline is a collection of security settings. Security baselines should include Microsoft’s recommendations for configuring those settings. To help with faster deployments, and to ease the managing of Windows, Microsoft provides customers with security baselines that can be used with Group Policy Objects (GPOs).

19. Which of the following is a free tool that allows administrators to quickly configure and manage desktops and users using Group Policy? 

1. STRIDE 
2. DREAD 
3. Trusted Platform Module 
4. Security Compliance Manager

(c)