INFORMATION SECURITY CHAPTERS 6 - 10 (FINALS)

¡Supera tus tareas y exámenes ahora con Quizwiz!

Honeypots

__________ are decoy systems designed to lure potential attackers away from critical systems.

indentifiers

- Can be composite identifiers, concatenating elements department codes, random numbers, or special characters to make them unique.

accountability

- Ensures that all actions on a system, whether authorized or not, can be attributed to an authenticated identity.

indentification

- Mechanism by whereby an unverified entity that seeks access to a resource proposes a label that they are known to the system.

access control

- Method by which systems determine whether and how to admit a user into a trusted area of organization.

Circuit Gateway Firewall

-Operates at transport layer. Prevent direct connection between networks. -Creates tunnel to each side of firewall to allow only authorized traffic through.

MAC

A __________ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.

passive

A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.

network-based

A(n) __________ IDPS is focused on protecting network information assets.

clustering

Alarm ________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm

Operating System

The ability to detect a target computer's __________ is very valuable to an attacker.

D

To use a packet sniffer legally, the administrator must __________. A) be on a network that the organization owns B) be under direct authorization of the network's owners C) have knowledge and consent of the content's creators D) all of the above

virtual private networks

- Securely extends organization's internal network connection to remote locations beyond trusted network.

Second Generation Firewall

Application-level firewalls or proxy servers

Diameter

- Emerging alternative derived from RADIUS.

Hybrid Firewall

A combination of 2 or more types of firewalls. May consist of 2 separate devices working in tandem

screen host firewall

Combines packet filtering router with separate, dedicated firewall such as an application proxy server. Often referred to as bastion host

1980s

IDPS researchers have used padded cell and honeypot systems since the late ____.

0

In TCP/IP networking, port ____ is not used.

Polyalphabetic

More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions

inline

Network Behavior Analysis system __________ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.

noise

The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called _____.

back hack

Under the guise of justice, some less scrupulous administrators may be tempted to ________ or hack into a hacker's system to find out as much as possible about the hack

Decentralized

Which of the following is NOT a described IDPS control strategy?

80

Which of the following ports is commonly used for the HTTP protocol?

centralized

With a(n) ________IDPS control strategy all IDPS control functions are implemented and managed in a central location.

Trap and trace

____ applications use a combination of techniques to detect an intrusion and then trace it back to its source.

SPAN

____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.

Biometric access control

____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.

Alarm filtering

____ is the process of classifying IDPS alerts so that they can be more effectively managed.

NIDPSs

__________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.

IPSec

__________ is a protocol that can be used to secure communications across any IP-based network such as LANs, WANs, and the Internet.

Entrapment

__________ is the action of luring an individual into committing a crime to get a conviction.

Work factor

__________ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown

radius

centralized management of user authentication system in central server.

Fourth Generation Firewall

dynamic packet filtering firewalls that only allow packets with certain source, destination and port addresses to enter

smart card, synchronous/asynchronous tokens

something a supplicant has -

password

- A private word or combination of characters that only the user should know.

passphrase

- A series of characters, typically longer than a password, from which a virtual password is derived.

dynamic filtering

- Allows firewall to react to emergent events and update or create rules to deal with the event.

dual-homed host firewall

- Bastion host that contains 2 NICs. 1 connected to external network and 1 connected to internal network

supplicant

- Entity that seeks a resource.

packet filtering firewall

- Examine header information of data packets.

Application Gateway

- Frequently installed on a dedicated computer, also known as proxy server.

discretionary access controls

- Implemented at the discretion or option of the data user.

firewalls

- Prevent specific types of information from moving between the not trusted network and the trusted network.

static filtering

- Requires that filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and installed.

content filter

- Software filter-NOT a firewall- that allows admins to restrict content access from within a network.

nondiscretionary controls

- Strictly-enforced version of MACs that are managed by a central authority.

authentication

- The process of validating a supplicant's purported identity.

war dialer

- Used by attackers to locate connection points.

mandatory access controls

- Uses data classification schemes.

tacacs

- Validates user's credentials at centralized server (like RADIUS) based on client/server configuration.

stateful inspection

- firewalls that keep track of each network connection between internal/external sys using a state table.

packet sniffer

A(n) ____ is a network tool that collects copies of packets from the network and analyzes them.

supplicant

A(n) ____ is a proposed systems user.

IDS

A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.

smart

A(n) ______ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.

padded cell

A(n) _________ is a honey pot that has been protected so that it cannot be easily compromised.

packet sniffer

A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic.

False attack stimulus

A(n) __________ is an event that triggers an alarm when no actual attack is in progress.

IDPS

A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.

Intrusion

A(n) ___________ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm.

fingerprinting

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____

D

Among all possible biometrics, ____ is(are) considered truly unique. a. retina of the eye b. fingerprints c. iris of the eye d. All of the above

MAC Layer Firewall

Designed to operate at the media access control layer of OSI model. Specific hosts' MAC addresses linked to access control list (ACL) that identify the type of packets allowed.

application

In _____________ protocol verification, the higher-order protocols are examined for unexpected packet behavior, or improper use.

correction

Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.

56

SHA-1 produces a(n) ___________-bit message digest, which can then be used as an input to a digital signature algorithm

Destructive

Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment.

First Generation Firewall

Static Packet Filtering Firewalls

CRL

The CA periodically distributes a(n) _________ to all users that identifies all revoked certificates

CER

The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate.

RSA

The __________ algorithm, developed in 1977, was the first public key encryption algorithm published for commercial use.

SSL Record Protocol

The __________ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.

packet filtering router

These routers can be configured to reject packets that the organization does not allow in to network

signature

Three methods dominate the IDPSs detection methods: _________based approach, statistical anomaly-based approach or the stateful packet inspection approach.

signatures

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.

LFM

Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.

rainbow table

Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version

honeynet

When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) __________

clipping

When the measured activity is outside the baseline parameters, it is said to exceed the_________level.

Fuzz

__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.

Enticement

____________ is the process of attracting attention to a system by placing tantalizing bits of information in key locations.

Fifth Generation Firewall

kernel proxies working under kernel of Windows NT

Relies upon individual characteristics such as fingerprint, bio metrics etc.

something a supplicant is

passwords or passphrase

something a supplicant knows

Third Generation Firewall

stateful inspection firewalls


Conjuntos de estudio relacionados

Review UTS (2) Bahasa Indonesia (8)

View Set

Management 300 Chapter 12 Part 2

View Set