CPTR.5772.61.Info Security Tech EXAM1

Threat:

capabilities, intentions and attack methods of adversaries, or any circumstance or event, whether originating externally or internally, that has the potential to cause harm to information or to a program or system, or to cause these to harm others.

Breach:

an incident that results in the disclosure of potential exposure of data

Complete the following substitution enciphering n 4 r o 8 w w 15 l i 16 y s 23 p t 16 ___ h 3 ___ e 9 ___ t 12 ___ i 20 ___ m 6 ___ e 25 ___

n 4 r o 8 w w 15 l i 16 y s 23 p t 16 j h 3 k e 9 n t 12 f i 20 c m 6 s e 25 d

List the 12 PCI-DSS control objectives. You will have to look this up on the Internet. [Points 2]

1: Install and maintain a firewall configuration to protect cardholder data 2: Do not use vendor-supplied defaults for system passwords and other security parameters 3: Protect stored cardholder data 4: Encrypt transmission of cardholder data across open, public networks 5: Use and regularly update anti-virus software 6: Develop and maintain secure systems and applications 7: Restrict access to cardholder data by business need-to-know 8: Assign a unique ID to each person with computer access 9: Restrict physical access to cardholder data 10: Track and monitor all access to network resources and cardholder data 11: Regularly test security systems and processes 12: Maintain a policy that addresses information security

What is a Denial-of-Service Attack?

A denial-of-service (DoS) attack attempts to make a server or network unavailable to serve legitimate users by flooding it with attack packets.

Describer symmetric key encryption?

A symmetric key encryption cipher because both parties encrypt and decrypt with the same key. In two-way communication with symmetric key encryption, the two parties use only a single key for encryption and decryption in both directions.

What are the 3 stages in the plan-protect-respond cycle? Which stage consumes the most time?

A) planning B) protection: this stage consumes the most time C) response

In developing an IT security plan, what should a company do first?

Assess the current state of the company's security

If a key is 43 bits long, how much longer will it take to crack it by exhaustive search if it is extended to 45 bits?

Because each bit doubles the time it takes to crack a key, extending the key length by 2 bits would increase the time to crack by 2^2 = 4. If a key is 43 bits long, it'll take 4.4E+12 tries, and if it is 45 bits long, the crack will take 1.76E+13 tries.

How is COSO different from CobiT?

COSO is a general control planning and assessment tool for corporations. It focuses on corporate-level governance. While CobiT provides a more specific framework for IT governance and it is a CobiT focuses on IT governance.

What is the cipher text for the following plain text that is using a transposition cipher? Plain Text is nowisthet Ciphering key is 132231 Key Part 1 Key Part 2 1 3 2 2 n o w 3 i s t 1 h e t Cipher text is=___________________________________

Cipher text = hnitwteos

Why do we care for compliance laws in security?

Compliance laws and regulations creates requirements for corporate security. In many cases, firms must substantially improve their security to be in compliance with these laws and regulations. This is especially true in the areas of documentation and identity management. Violations of regulatory compliance regulations often result in legal punishment, including federal fines.

What is comprehensive security and why is it needed?

Comprehensive security—closing all routes of attack to their systems to attackers. Comprehensive security is impossible unless corporations organize their security staffs, place them effectively in the organizational structure, and specify their relationships to other organizational units. Consequently, planning must begin with the placement of the security function in the firm. It is need because if there is any failure in this process, the firewall becomes useless. If an important filtering rule is omitted, provable attack packets will get through. Or, if the administrator fails to read log files daily, a problem may go undetected for weeks or months. In chains of activities within a single countermeasure, everything must be done well. If even one step is not implemented well, security may seem good, but there will be no real protection. If the failure of a single element of a system will ruin security, this is called a weakest link failure. In many cases, human actions are the weakest links in security protections.

An asset has a value of $1,000,000. In an attack, it is expected to lose 60 percent of its value. An attack is expected to be successful once every ten years. Countermeasure X will cut the amount lost per incident by two-thirds. Counter measure Y will cut the frequency of successful attack in half. Countermeasure X will cost $30,000 per year, while Countermeasure Y will cost $5,000 per year. Do an analysis of these countermeasures and then give your recommendation for which to select (if any).[Points:4]

Countermeasure Y should be implemented. It reduces expected damage less than Countermeasure X but costs much less than Countermeasure X. While Countermeasure X is expected to save $20,000 per year, Countermeasure Y is expected to save $25,000.

Distinguish between Cyberterror and Cyberwar

Cyberwar consists of computer-based attacks made by national governments, while cyberterror, in which the attacker is a terrorist or group of terrorists. Of course, cyberterrorists can attack information technology resources directly. They can damage a country's financial, communication, and utilities infrastructure. Attacks by terrorists or terrorist groups. May attack IT resources directly. Use the Internet for recruitment and coordination. Use the Internet to augment physical attacks. Disrupt communication among first responders. Use cyberattacks to increase terror in physical attacks. Turn to computer crime to fund their attacks.

Describe 3 design principles of technical security architecture

Defense in depth • Resource is guarded by several countermeasures in series • Attacker must breach them all, in series, to succeed • If one countermeasure fails, the resource remains safe Defense in depth versus weakest links • Defense in depth: multiple independent countermeasures that must be defeated in series • Weakest link: a single countermeasure with multiple interdependent components that must • all succeed for the countermeasure to succeed Avoiding single points of vulnerability • Failure at a single point can have drastic consequences • DNS servers, central security management servers, etc

What is a digital signature? Besides authentication, what security benefit does a digital signature provide?

Digital signature authenticates a single message with public key encryption. To create the digital signature: 1. Hash the plaintext to create a brief message digest; this is NOT the digital signature 2. Sign (encrypt) the message digest with the sender's private key to create the digital signature. This step creates the digital signature. Also note that the message digest is not the digital signature; it is only used to produce the digital signature. Digital signatures also provide message integrity. If the message is changed in transit, the receiver has the ability to reject the altered message.

How do you briefly describe IPSec ?

Firms that require the strongest VPN security use a family of IETF cryptographic security standards collectively called IPsec (IP security). IP is the Internet Protocol, and "sec" is short for security. These standards, in other words, secure the IP (including everything within an IP packet's data field).

In Public Key Encryption for Confidentiality what key does the originator/sender use to encrypt the message?

Receiver's public key.

What two protections do electronic signatures usually provide?

Electronic signatures provide both message-by-message authentication and message integrity.

Why are Employee and Ex-Employee big security threats?

Employees and ex-employees are very dangerous because they have extensive knowledge of systems, have the credentials needed to access sensitive parts of systems, often know how to avoid detection, and can benefit from the trust that usually is accorded to "our people."

What is the benefit of HMACs over digital signatures? What is the disadvantage of HMAC?

HMACs are much faster and less expensive than using PKE and digital signatures, which is important during the exchange of a large number of messages during a session. HMACs are used much more than digital signatures for message-by-message authentication and integrity in cryptographic systems. Disadvantage: HMACs fail to give nonrepudiation because the sender and receiver both know the secret key. Consequently, the alleged sender could argue in court that the receiver could have forged the HMAC on the message; so the HMAC did not prove that the sender in fact sent it.

What is hashing? What is the hash? Give 3 examples of hashing algorithm?

Hashing is irreversible. Hashing is repeatable. A simplistic way to think about hashing is to treat the message's bits as a very large binary number and divide it by a smaller number. The remainder can be the hash which is also when hashing is applied to a binary message, the result (called the hash) is far shorter than the original message, typically only 128 to 512 bits long.. MD5 (128-bit hashes), SHA-1 (160-bit hashes), SHA-224, SHA-256, SHA-384, and SHA-512 (name gives hash length in bits) Note: MD5 and SHA-1 should not be used because they have been shown to be unsecure.

Distinguish between IP address scanning and port scanning.

IP Address Scanning: The first round of probe packets is designed to find hosts that are active. While Port Scanning Once the attacker knows the IP addresses of live hosts, he needs to know what programs the identified hosts are running because most attacks rely on vulnerabilities in specific programs. On server hosts, applications correspond to port numbers.

What is IP address spoofing and why is it done?

IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of hiding the identity of the sender or impersonating another computing system. However, the attacker cannot receive replies sent by the victims to the false IP address

What are IPSec Security Associations?

IPSec Security Associations is an agreement about what IPsec security methods and options two hosts or two IPsec gateways will use.

Describe the SQL Injection attach and provide 2 examples of SQL statements.

Improper Neutralization of Special Elements used SQL Command ("SQL Injection"). SQL Injection is a code injection technique that is used to attack data-driven applications, in which malicious or manipulative SQL statements ae inserted into an entry field for execution Example1: SELECT * FROM Cars WHERE color='red' ORDER BY price; Example2: SELECT FROM Users WHERE username='boyle02' AND password='12345678';

What is an MSSP?

It is a managed security service provider. It is an outsourced alternative for delegating controls.

What is the difference between a cipher and a code?

In codes, code symbols represent complete words or phrases. The advantage of codes is that people can do encoding and decoding manually, without a computer. The disadvantage of codes is that code books must be distributed ahead of time, and if one code book is intercepted, all confidentiality is lost. However, a cipher is a general way to encrypt information, while codes are limited. In a cipher, an individual letter is replaced by another letter, or a string of bits of fixed length is replaced by a different string of bits of fixed length. The two sides only need to know the key. If they do, they can transmit anything they wish. The trade-off is that the encryption may be subject to cryptanalysis. Whereas ciphers work on individual characters, codes use code symbols that represent complete words or phrases.

Give examples of Intellectual Property (IP)

Intellectual property (IP) is information that is owned by the company and protected by law. Trade secrets are pieces of sensitive information that a firm acts to keep secret.

What is AES? What is the big advantage of AES over 3DES?

It offers 3 alternative key lengths instead of two. AES is efficient enough in terms of processing power and RAM requirements to be used on a wide variety of devices—even cellular telephones and personal digital assistants (PDAs).17 AES offers three alternative key lengths: 128 bits, 192 bits, and 256 bits. Even the 128-bit key length is strong. A brute-force code-breaking system that could defeat 56-bit DES in a second would take over 100 trillion years to crack 128-bit AES.

What are VPNs? Distinguish between the 3 types of VPNs?

It's a cryptographic system that provides secure communication over an untrusted network. A host-to-host VPN connects a single client over an untrusted network to a single server. A remote access VPN connects a single remote PC over an untrusted network to a site network. Site-to-site VPNs protect all traffic flowing over an untrusted network between a pair of sites.

What is a Malware?

Malware is a generic term for evil software. Malware also includes worms, Trojan horses, RATs (remote access Trojans), spam

What is the most popular public key encryption algorithm in use? Describe it.

One of the most popular public key cryptosystems is a proprietary model named Rivest-Shamir-Adleman (RSA) after the surnames of its developers. It is the first public key encryption algorithm developed for commercial use. RSA is very popular and has been integrated into both Microsoft Internet Explorer and Netscape Navigator. While session keys of 100 bits are strong in symmetric key encryption, public keys need to be far longer. For RSA public key encryption, a recommended minimum key length for a strong key is 1,024 bits.

Distinguish between policies and implementations.

Policies are statements of what should be done. Implementation describes the actions that are taken to place the policy guidance into operation.

What are the 3 types of countermeasures?

Preventative, Detective and Corrective

Describe 3 oversight methods?

Promulgation • Communicate vision • Training • Stinging employees? Electronic Monitoring • Electronically collected information on behavior • Widely done in firms and used to terminate employees • Warn subjects and explain the reasons for monitoring Security Metrics • Indicators of compliance that are measured periodically • Percentage of passwords on a server that are crackable, etc. • Periodic measurement indicates progress in implementing a policy

What is the difference between a transposition and substitution cipher?

Substitution ciphers leaves letters in their original positions. In substitution ciphers, one character is substituted for another, but the order of characters is not changed. Each letter is substituted for another letter in the alphabet. However, the position of each letter is the same. So n-o-w becomes r-w-l. Transposition leaves letters unchanged. In transposition ciphers, in turn, the letters are moved around within a message, based on their initial positions in the message. The letters themselves are not changed, as they are in substitution ciphers, but their position in the message does.

Compromise:

Successful attacks. Also called incidents and breaches

What are the major categories of driving forces that a company must consider for the future?

The threat environment Compliance laws and regulations Corporate structure changes, such as mergers

Describe DES and 3DES? Which one is stronger when it comes to cryptoanalysis?

The DES key is 56 bits long. It comes in a block of 64 bits, of which 56 bits represent the key. The other 8 bits are redundant in the sense that you can compute them if you know the other 56 bits. This redundancy allows parties to detect incorrect keys. DES encrypts messages 64 bits at a time. The inputs for the encryption are the key and the 64-bit block of plaintext. The output is a 64-bit block of cipher text. DES is only 56 bits, therefore, it is not strong. (It needs to be 100 or more.) 3DES applies DES 3 times, with two or three different keys. 112 bit and 168 bit are the two common effective key lengths in 3DES. 3DES is strong enough for communication in corporations. DES is slow and having to apply DES three times is extremely slow, therefore, extremely expensive in terms of processing cost. 3DES is prohibitively slow for use on personal computers.

What are the advantage and disadvantage of placing security within IT?

The advantage of placing security within IT is that IT security would report to the firm's chief information officer. If security is under the CIO, then the CIO will be accountable for security breaches. The CIO is likely to back the security department's efforts to create a safe IT infrastructure. This would also make it easier to get the IT department to implement security changes. CIO has influence with Top Management CIO understands information systems technological issues. Involves only one manager between CISO and CEO Convenience. Information Security Department staff must daily spend time with Information Technology Department staff The disadvantage of placing security within IT is that security has no independence from IT and it is hard to blow the whistle on security issues occurring within the IT department or by the CIO. Having security reside in the IT department creates a situation where no one is watching the watchers (who are also the implementers.) Resource allocation: Conflict of interest between CISO and CIO. Implied conclusion that information security is strictly a technological issue, which is not the case

Exploit:

The specific attack method that the attacker uses to break into the computer is called the attacker's exploit. The act of implementing the exploit is called exploiting the host.

In Public Key Encryption for Authentication what key does the originator/sender use to encrypt the message?

The supplicant uses his/her own private key to encrypt the message.

What is a Spyware?

The term spyware refers to a broad spectrum of Trojan horse programs that gather information about you and make it available to an attacker.

What are the two modes of operation for IPSec?

These are the transport mode and the tunnel mode.

How do you defend against Replay Attacks?

Three ways to thwart replay attacks include 1) including a time stamp on each message so they cannot be recycled, 2) using sequence numbers in each encrypted message so the receiver knows to delete a message with the same sequence number of an earlier message, and 3) including a nonce (randomly generate number) in each client request. The nonce is never reused, thus if it receives a message with a repeat nonce, it is a bad message.

Countermeasure:

Tools used to thwart attacks. Also called safeguards, protections, and controls

What is a Trojan horse?

Trojan horse, we mean a program that hides itself by deleting a system file and taking on the system file's name. Trojan horses are difficult to detect because they look like legitimate system files.

Give 3 examples of well-known Certificate Authorities (CA)?

VeriSign (47.5% market share), Go Daddy (23.4%), Comodo (15.4%),

What is the difference between a Virus and Worm?

Viruses are programs that attach themselves to legitimate programs. While worms are standalone software and do not require a host program or human help to propagate

What are the standard port numbers for FTP, DNS and HTTP applications?

Well-known port number for FTP is 20&21 Well-known port number for DNS is 53 Well-known port number for HTTP is 80

Incident:

When a threat succeeds in causing harm to a business, this is called an incident

What is mutual authentication?

When both parties authenticate themselves to the other

How do you briefly describe SSL/TLS?

When you make a purchase over the Internet, your sensitive traffic is almost always protected by a cryptographic system standard that was originally called Secure Sockets Layer (SSL) when the Netscape Corporation created it. Netscape passed the standardization effort to the Internet Engineering Task Force (IETF), which renamed the standard Transport Layer Security (TLS) to emphasize that it works at the transport layer

Phishing:

a fraudulent process of attempting to acquire private or confidential information by masquerading as a trustworthy entity in an electronic communication.

What are the goals of security? Describe each goal in detail.

• Confidentiality: Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network. • Integrity: Integrity means that attackers cannot change or destroy information, either while it is on a computer or while it is traveling across a network. Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore destroyed data. • Availability: Availability means that people who are authorized to use information are not prevented from doing so.

What is a cypher, cypher text and key?

•Cipher is a specific mathematical process used in encryption and decryption •Cipher text are stream of bits that was encrypted from plaintext. •Key is a random string of 40 to 4,000 bits (ones and zeros)