CSCI 290 FINAL REVIEW

What items should be implemented in all secure code?

- All code checked for backdoors or Trojans - All buffers have error handling to prevent buffer overruns. - All communication adheres to organizational guidelines - All communication activity thoroughly documented

What would be most important to block end users from doing on their own machine?

- Installing software or changing system settings

How could a hacker use information about you found through Internet searches?

- It could be used to guess passwords if your passwords are linked to personal infor- mation such as your birth date, address, or phone number. - It could be used to guess passwords if your passwords are linked to your interests or hobbies. - It could be used in social engineering to ascertain more information about you or your computer system.

Needs for a server room.

- It should be in the most fire-resistant room in the building. - It should have a strong lock with a strong door. - It should be accessible only to those who have a need for access.

An audit should check what areas?

- Perform system patches - Probe for flaws - Check logs - Review policies

Six Ps of security

- Ports - Patch - Protect - Probe - Policies -Physical

If you are hiring a new employee, which of the following should you do?

- Verify degrees and certifications. - Call references. - Perform an Internet search to verify contact information and to check for a criminal record.

what size key does a DES system use?

56 bit.

Which of the following would be least important to know about a potential business partner?

A 15-year-old marijuana possession arrest

DES

A symmetric key system using 64-bit blocks?

Radio Free Europe during the Cold War

An example of information warfare.

Why do we need policies?

Antivirus software cannot prevent a user from downloading infected files. The most secure password is not at all secure if it's posted on a note by the computer. Technological security measures are dependent upon the employees' implementation.

The command Openfiles shows what?

Any shared files that are opened

What is password age?

How long a user has had a password

What should you be most careful of when looking for an encryption method to use?

How long the algorithm has been around

What differentiates cyber terrorism from other computer crimes?

It is politically or ideologically motivated.

What is the main problem with simple substitution?

It maintains letter and word frequency.

Why do you not want too much personal data about you on the Internet?

It might be used by an identity thief to impersonate you.

What is a disadvantage to using an application gateway firewall?

It uses a great deal of resources.

What is true of an encryption method that is advertised as unbreakable?

It's Probably exaggerated.

What advantage does a symmetric key system using 64-bit blocks have?

Its fast.

what is a major weakness with a network host-based firewall?

Its security is dependent on the underlying operating system.

What is one way of checking emails for virus infections?

Look for emails from known virus sources.

What military/government systems would most likely be the target of a successful computer hack?

Low-security logistical system

After dealing, on a technical level, with any security breach, what is the last thing to be done for a security breach?

Notify management.

How should we store backups?

Offsite in a secure location

Minimum frequency for system probing and audits?

Once per year.

What is the rule on downloading from the Internet?

Only download from well-known, reputable sites.

Rule of thumb on data access?

Only those with a need for the specific data should have access.

What helpful data you might get from Usenet on a person you are investigating?

Postings by the individual you are investigating

When cataloging digital evidence, the primary goal is to do what?

Preserve evidence integrity.

What is a common way to establish security between a web server and a network?

Put a firewall between the web server and the network.

What are the Basic types of firewalls?

Screening Firewall Application Gateway Circuit levle gateway.

Flash Animations.

Should not be recommended as acceptable email attachments?

What is information warfare?

Spreading disinformation or gathering information

What is SPI?

Stateful Packet Inspection (SPI) inspects incoming packets and blocks incoming traffic that isn't in response to outgoing traffic.

Which of the following set of credentials would be best for a security consultant?

Ten years of experience as a hacker and cracker, MCSE/CIW and Security +, Ph.D. in computer science

Where would you go to find various state sex offender registries?

The FBI website

Where would you begin a search for information on a United States court case?

The National Center for State Courts Website

Intrusion deterrence:

The following is the correct term for simply making your system less attractive to intruders?

What is the main rule for access control?

The least access job requirements allow

Anomaly detection:

The method most IDS software implementations use?

Infobel

The most useful website in obtaining the address and phone number of someone who does not live in the United States.

Hueristic scanning

The name for scanning that depends on complex rules to define what is and is not a virus?

What is most important to learn about a person listed in a sex offender registry?

The nature of their specific crime

Honey pot

The term for a fake system designed to lure intruders?

Screened host

The term for a firewall that is simply software installed on an existing server?

Preemptive blocking:

The term for blocking an IP address that has been the source of suspicious activity?

What is true regarding certified encryption methods?

There is NO such thing as certified Encryption.

Which of the following is most true regarding binary operations and encryption?

They can form a part of viable encryption methods.

What advantages are there to commercial web search services?

They can get the information faster than you can.

why should users should be prohibited from installing software?

They may install software that circumvents security.

what must all user policies have in order to be effective?

They must have consequences.

What is the most common way for a virus scanner to recognize a virus?

To compare a file to known virus attributes

What is a good reason to check dependencies before shutting down a service?

To determine whether shutting down this service will affect other services

Public Key.

Type of encryption that uses different keys to encrypt and decrypt the message?

What step you would definitely take with any server that might not be required for a workstation?

Uninstall all unneeded programs/software.

How might you ensure that system patches are kept up to date?

Use an automated patching system.

What are some password policies?

Users may not keep copies of passwords in their office. Passwords must be eight characters long. Passwords may not be shared with any employee.

Caesar Cipher

Was the oldest method of encryption discussed.

dd

What is the name of the Standard Linux command that is also available as a Windows application that can be used to create bitstream images and make a forensic copy?

/var/log/mail.*

Where Linux stores email server logs.

Describe Usenet?

A global collection of bulletin boards

Internet Black Tigers

A political group that has already used the Internet for political intimidation?

Which of the following agencies has allegedly had one of its cyber spies actually caught?

CIA

How would you describe Encryption?

Changing a message so it can only be easily read by the intended recipient.

Which web search approach is best when checking criminal backgrounds?

Check the current and previous state of residence.

Name an example of financial loss due to cyber terrorism.

Damage to facilities including computers

What cyber attack that would likely cause imminent loss of life?

Disruption of chemical plant control systems

What is the most likely damage from an act of cyber terrorism?

Economic Loss

what risks are associated with IM?

Employees might send out confidential information. A virus or worm might infect the workstation via instant messaging. An instant messaging program could actually be a Trojan horse.

Chain of custody

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

Why should you note all cable connections for a computer you want to seize as evidence?

In case other devices were connected

Why is binary mathematical encryption not secure?

It does not change letter or word frequency.

Most basic rule of computer security?

Keep systems patched.

What things should policies cover?

Min length of Passwords, What websites are allowed. What to do If your password is compromised.

Name an example of domestic cyber terrorism?

MyDoom virus

What is true regarding new encryption methods?

Never use them until they have been proven.

What is PGP?

Pretty Good Privacy, a public key encryption method available as an add-in for most email clients?

What is the first step when discovering a machine(s) has been infected with a virus?

Quarantine infected machine(s).

According to the October 2002 InfoWorld magazine article, which of the following systems may be vulnerable to attack?

Satellites

What step you might take for large networks but not for smaller networks?

Segment the network with firewalls between the segments.

Disinformation

Sending a false message with weak encryption, intending it to be intercepted and deciphered, is an example of what?

What are TSR programs?

Terminate and Stay Resident programs that actually stay in memory after you shut them down

Describe the communication goal of any intelligence agency.

To send clear communications to allies and noise only to the enemy

How would you use of Internet newsgroups in information warfare?

To spread propaganda

CISP

Which of the following certifications is the most prestigious?

Screening firewall.

Which of the following is the most basic type of firewall?

Which binary mathematical operation can be used for a simple encryption method?

XOR

Did the 1990 Kosovo crisis have a cyber warfare component?

Yes

What is an encryption method that uses tow or more different shifts?

multi-alphabet encryption.

If your machine is not used as a server and is not on a local network, what packet-filtering strategy should you use?

Block all ports except 80.

What is the rule about ports?

Block all unused ports.

Blowfish

Blowfish is a keyed, symmetric block cipher that was intended to be free of the problems associated with other algorithms and replace DES. - Uses 64-bit blocks and key lengths anywhere from 32 bits to 448 bits. - Has no effective known cryptanalysis currently. - A variable-length symmetric key.

How do most antispyware packages work?

By looking for known spyware.

Which of the following does NOT demonstrate the need for policies?

End users are generally not particularly bright and must be told everything.

Essential devices for protecting your network?

Firewall Virus scanners on all machines IDS system

What information would provide the most accurate results for locating a person?

First name, last name, and state

What is in the Index.dat file?

General Internet history, file browsing history, and so on for a Windows machine

How might an identity thief use the Internet to exploit his victim?

He might find even more information about the target and use this information to conduct his crime.