Module 10. Risk Management
C&C (command-and-control) server
A central server commanding infected devices that have been recruited into a botnet.
MDM (mobile device management)
Software that automatically handles the process of configuring wireless clients for network access.
What are the four phases in the social engineering attack cycle?
1) Research. 2) Building trust. 3) Exploit. 4) Exit.
The following ports were listed as open during a recent port scan. Which one is no longer used except by legacy software and should be closed?
139
asset tag
A barcode or wireless-enabled transmitter used to track the movement or condition of equipment, inventory, or people.
Botnet
A collection of infected systems used in coordinated attacks against targets.
access control vestibule
A confined space between two locking doors where one door must lock closed before the other can open. Formerly called a mantrap.
locking rack
A data center rack secured by a locked panel or door.
Honeypot
A decoy system isolated from legitimate systems and designed to be vulnerable to security exploits for the purposes of learning more about hacking techniques or nabbing a hacker in the act.
Badge reader
A device that detects information embedded on a smart card.
CVE (Common Vulnerabilities and Exposures)
A dictionary project funded by the U.S. Department of Homeland Security and managed by The MITRE Corporation to index cybersecurity vulnerabilities.
security policy
A document or plan that identifies an organization's security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. In addition, it specifies how to address security breaches.
PUA (privileged user agreement)
A document that addresses the specific concerns related to privileged access given to administrators and certain support staff.
SHA (Secure Hash Algorithm)
A hash algorithm originally designed by the NSA to eliminate the inherent weaknesses of the older MD5 hash. The most recent iteration is SHA-3, developed by private designers for a public competition in 2012.
Honeynet
A network of honeypots.
Phishing
A practice in which a person attempts to glean access or authentication information by posing as someone who needs that information.
pen (penetration) testing
A process of scanning a network for vulnerabilities and investigating potential security flaws.
Malware (Malicious Software)
A program or piece of code designed to intrude upon or harm a system or its resources.
Ransomware
A program that locks a user's data or computer system until a ransom is paid.
access badge
A security card that identifies a person by name and perhaps includes a photo, title, and other information.
Principle of Least Privilege
A security measure that ensures employees and contractors are only given enough access and privileges to do their jobs, and these privileges are terminated as soon as the person no longer needs them.
Insider Threat
A security risk associated with someone who is or was trusted by an organization, such as an employee, former employee, contractor, or other associate.
DLP (Data Loss Prevention)
A security technique that uses software to monitor confidential data, track data access and ownership, and prevent it from being copied or transmitted off the network.
Business Process
A series of steps that accomplish a defined goal in a business context.
locking cabinet
A storage container secured by a locked panel or door that might be used to store documents or hardware not in use.
dictionary attack
A technique in which attackers run a program that tries a combination of a known user ID and, for a password, every word in a dictionary to attempt to gain access to a network.
CCTV (closed-circuit TV)
A video surveillance system that monitors activity in secured areas.
What is the difference between a vulnerability and an exploit?
A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access is known as a vulnerability. The act of taking advantage of a vulnerability is known as an exploit.
vulnerability
A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access to a network.
smart locker
An access-controlled locker that requires authentication, such as by providing a bar code from an email or a PIN.
Privileged Access
An administrative account on a device or network that gives high-level permissions to change configurations or access data.
security audit
An assessment of an organization's security vulnerabilities performed by an accredited network security firm. Also called an IT audit.
DoS (denial-of-service) attack
An attack in which a legitimate user is unable to access normal network resources because of an attacker's intervention. Most often, this type of attack is achieved by flooding a system with so many requests for services that it can't respond to any of them.
FTP bounce
An attack in which an FTP client specifies a different host's IP address and port for the requested data's destination. By commanding the FTP server to connect to a different computer, a hacker can scan the ports on other hosts and transmit malicious code.
DDoS (distributed DoS) attack
An attack in which multiple hosts simultaneously flood a target host with traffic, rendering the target unable to function.
deauth (deauthentication) attack
An attack on a wireless network in which the attacker sends faked deauthentication frames to the AP, the client, or both (or as a broadcast to the whole wireless network) to trigger the deauthentication process and knock one or more clients off the wireless network.
red team-blue team exercise
An attack simulation in which the red team conducts an attack and the blue team attempts to defend the network.
DNS poisoning
An attack that alters DNS records on a DNS server, thereby redirecting traffic from a legitimate server to a malicious server, such as a phishing website.
On-path attack
An attack that relies on intercepted transmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic while in transit. Formerly called MitM (man-in-the-middle) attack.
zero-day exploit
An attack that takes advantage of a software vulnerability that hasn't yet or has only very recently become public.
shoulder surfing
An attack type in which a person secretly observes an authorized person entering their credentials to access a secure area and then uses that information later.
Piggybacking
An attack type in which a person uses deception to follow an authorized employee into a restricted area.
Tailgating
An attack type in which an unauthorized person follows an authorized person into a secure area without the authorized person's knowledge or cooperation.
smart card
An electronic access badge.
posture assessment
An evaluation of an organization's security vulnerabilities.
vendor risk assessment
An evaluation of security and compliance risks related to suppliers and vendors a company does business with. Also called a third-party risk assessment.
Vulnerability Assessment
An evaluation of security weaknesses in a network.
threat assessment
An evaluation of specific security threats to a network and related risk factors.
Business Risk Assessment
An evaluation of the potential impact of various security threats on business processes.
Security Risk Assessment
An evaluation of threats to and vulnerabilities of a network.
Why might organizations be willing to take on the risk of BYOD?
BYOD practices can be cheaper for organizations to implement and tend to improve efficiency and morale for employees and students.
Which physical security device works through wireless transmission?
Badge reader
An attacker guesses an executive's password ("M@nd@lori@n") to a sensitive database after chatting for a while at a club. What kind of password attack did the hacker use?
Brute-force attack
logic bomb
Code or a bug in code that will start when certain conditions are met.
Which type of DoS attack orchestrates an attack bounced off uninfected computers?
DRDoS attack
What type of attack relies on spoofing?
Deauth attack
You're playing a game on your Xbox when you suddenly get bumped off your Wi-Fi network. You reconnect and start playing, then get bumped off again. What type of attack is most likely the cause?
Deauth attack
List five subtypes of DoS attacks.
Distributed DoS, distributed reflection DoS, amplified DRDoS, permanent DoS, and friendly DoS
CEED (Certificate of Electronic Equipment Destruction)
Documentation provided by disposal services that serves as legal protection should data later be recovered from destroyed devices.
You sent a coworker a .exe file to install an app on their computer. What information should you send your coworker so they can ensure the file has not been tampered with in transit?
Hash of the file
What steps should your company take to protect data on discarded devices?
IT assets of all kinds must be carefully tracked both during and after their service time. Many companies hire professional disposal services that adequately sanitize or destroy devices so no data can be recovered. Businesses must ensure any sensitive data on disposed devices is completely unusable.
What is the first step in improving network security?
Identify risks
exploit
In the context of network security, the act of taking advantage of a vulnerability.
A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company. What kind of attack is this?
Insider threat
Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this?
Logic bomb
What kind of software can be used to secure employee-owned devices?
MDM (mobile device management)
A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use?
NDA
A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers to collect information from people who make the same typo. What kind of attack is this?
Phishing
Which of the following social engineering attack types most likely requires that the attacker have existing knowledge about the victim?
Phishing
What type of scan process might identify that Telnet is running on a server?
Port scanning
Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct to develop your recommendations for the upgrade priorities?
Posture assessment
device hardening
Preventive measures that can be taken to secure a device from network- or software-supported attacks.
Which assessment type would most likely discover a security risk related to employee on-boarding?
Process assessment
Which of the following attack simulations detect vulnerabilities and attempt to exploit them? Choose two.
Red team-blue team exercise, Pen testing
Which form of SHA was developed by private designers?
SHA-3
Which of the following is considered a secure protocol?
SSH
Tamper Detection
Sensors that can detect physical penetration, temperature extremes, input voltage variations, input frequency variations, or certain kinds of radiation.
You need to securely store handheld radios for your network technicians to take with them when they're troubleshooting problems around your campus network. What's the best way to store these radios so all your techs can get to them and so you can track who has the radios?
Smart locker
port scanner
Software that searches a server, switch, router, or other device for open ports that might be vulnerable to attack.
motion detection
Technology that triggers an alarm when it detects movement within its field of view.
Social Engineering
The act of manipulating social relationships to circumvent network security measures and gain access to a system.
A neighbor hacks into your secured wireless network on a regular basis, but you didn't give her the password. What loophole was most likely left open?
The default password was not changed.
NDA (Non-Disclosure Agreement)
The part of a security policy that defines what confidential and private mean to the organization and, therefore, identifies what should not be shared outside a defined team or the organization itself.
AUP (Acceptable Use Policy)
The portion of a security policy that explains to users what they can and cannot do while accessing a network's resources and the penalties for violations. It might also describe how these measures protect the network's security.
Hashing
The transformation of data through an algorithm that is mathematically irreversible and generally reduces the amount of space needed for the data. Hashing is mostly used to ensure data integrity—that is, to verify the data has not been altered.
What unique characteristic of zero-day exploits makes them so dangerous?
The vulnerability is exploited before the software developer has the opportunity to provide a solution for it or before the user applies the published solution.
hacker
Traditionally, a person who masters the inner workings of computer hardware and software in an effort to better understand them. More generally, an individual who gains unauthorized access to systems or networks with or without malicious intent.
data breach
Unauthorized access or use of sensitive data.
Biometrics
Unique physical characteristics of an individual, such as the color patterns in their iris or the geometry of their hand.
Give an example of biometric detection.
iris color patterns, hand geometry, facial recognition, or fingerprints
Which team might ask a user for a password?
red team
The ability to insert code into a database field labeled "Name" is an example of a(n) _________.
vulnerability
Which of the following is the most secure password?
yellowMonthMagneficant