BOSON CEH Exam 1 Review
How many types of controls are there in OSSTMM?
10
How many bits does MD5's hash have?
128 bit hashes
Bayesian System
????
What is Nikto?
A General Public License(GPL) web vulnerability scanner that performs multiple checks. Relies on Libwhisker Supports SSL Supports HTTP Supports reporting
What is a network tap?
A method of sitting between a network session's source and destination so that traffic can be captured by a sniffer and analyzed
client/server architecture
A network design in which client computers use a centrally administered server to share data, data storage space, and devices. Example: Server that delivers web pages to a browser
What is Pcap?
A packet capture library that is used by many packet sniffers and network monitors
What is THC-Hydra?
A password cracking tool
What is cain & abel?
A password cracking tool
What is MD5?
A password-hashing algorithm Creates 128bit hash
What is Nessus?
A proprietary commercial vulnerability scanner. Patch levels Vul of known exploits Has plugins
What is NTLM?
A protocol that uses both an NT hash and an LM hash to store passwords
Service-oriented architecture (SOA)
A software design in which software components deliver information to other components over a network Example: API to give developers access to a database
False positive generation
A technique that generates a large amount of alert traffic to prevent detection of a legit attack by an IDS
What is Diffie-Hellman? (hyphen)
An asymmetric encryption protocol that is used to exchange security keys between two parties who have had no previous communication
What is session splicing?
An attack that uses fragmentation to avoid an IDS. It breaks session data up to pass it to a host. This way the IDS doesn't see all the attack data at once and may think the data is unrelated Only works on session-based protocols like HTTP
What does DES sta
Data Encryption Standard
What does DH stand for?
Diffie-Hellman an Asymmetric encryption protocol
What are the 7 categories of controls?
Directive - Company Policy Deterrent - Firing someone for failing it Preventative - Firewall blocking it Compensating - Extra policy on a policy Detective - IDS Corrective - antivirus correcting issues Recovery - antivirus
What is subjugation?
Ensure that interaction occur according to processes defined by the asset owner
What is privacy?
Ensures that only participants have access to the asset
What is confidentiality?
Ensures that only participants have knowledge of an asset
What is integrity?
Ensures that participants know when assets and processes change
What does 802.1x define to establish port-based NAC?
Extensible Authentication Protocol (EAP)
What does FISMA stand for?
Federal Information Security Management Act of 2002
What does FITARA stand for?
Federal Information Technology Acquisition Reform Act (2013)
What does HIPAA stand for?
Health Insurance Portability and Accountability Act
What does the OSSTMM framework test?
Human Physical Wireless Telecomms Network security OSSTMM also has a web-app version
What does IPSec mean?
IP Security
Who maintains OSSTMM?
ISECOM - Institute of Security and Open Methodologies
What is an example of standards-based compliance?
ITIL - Information Technology Infrastructure Library ISO - International Organization for Standardization
What does ITIL stand for?
Information Technology Infrastructure Library
What does IEEE stand for?
Institute of Electrical and Electronics Engineers
What are the two control classes in OSSTMM?
Interactive Process Controls
What controls are considered "Class A"in OSSTMM?
Interactive Controls
What does ISO stand for?
International Organization for Standardization
What does DNS stand for?
It Means Domain Name System
What doe AES do?
It is a cryptographic algorithm used in WPA2. After 802.1X is authenticated AES can encrypt communication
What is Pcap used by
It is used by the following: Kismet L0phtCrack Nmap Ngrep Snort Tcpdump Wireshark
What does the proxychains command do? What is it used for?
It is used to hide true source IP address of traffic. It is used to evade detection on an IDS
What does AES stand for?
It stands for Advanced Encryption Standard
What does NAC stand for?
It stands for Network Access Control
What does DNS do?
It translates web addresses that people use into addresses the Internet uses
Who created pcap?
It was created by the developers of Tcpdump
What does L2TP stand for?
Layer 2 Tunneling Protocol
What is continuity?
Maintains interactivity with assets if corruption of failure occurs
What does MD4 mean?
Message Digest 4
What does LM mean?
Microsoft's LAN Manager
What is an example of Contractual compliance?
PCI DSS - Payment Card Industry Data Security Standard
What does PCI DSS stand for?
Payment Card Industry Data Security Standard
What is Libwhisker?
Pearl module that supports IDS evasion Nikto uses libwhisker
What is nonrepudiation?
Prevents a participant from denying its actions
What controls are considered "Class B" in OSSTMM?
Process Controls
What is resilience?
Protects assets from corruption or failure
What does FITARA do?
Provides a framework for US Govt purchases. Was aimed to reduce spending on old systems This act failed
What is authentication?
Provides for identification and authorization based on credentials
What does OSSTMM do?
Provides protection for operations and can influence the impact of threats
What is IPsec used for?
Provides security for VPNs
What does FISMA do?
Requires all federal agencies to have an Info Sec program It also assigns responsibilities to Office of Management and Budget and NIST
Which type of malware often needs kernel-level privileges to function?
Rootkit
What are examples of legislative compliance?
SOX - Sarbanes-Oxley HIPAA - Healthcare Information Portability Accountability
What is Source Routing?
Sender defines some or all hops a packet must travel through. Enable by enabling loose source routing or strict source routing and providing all IPs to use
What is a data owner?
The individual or entity accountable for data
What is a data custodian?
The individual or entity that is responsible for granting access to data
What happens to packets with L2TP?
They are encapsulated in UDP packets
What is L2TP used for?
Used to establish VPN Connections
What is a hash collision?
When a hashing algorithm creates the same hash from different plain text values.
What is data collision?
When two devices transmit at the same time
What is Winpcap?
Windows based version of libpcap
What is an NT hash?
a 16 byte MD4 hash of a UTF-16 Unicode password?
What is Libpcap?
a C/C++ version of fpcap used in UNIX systems
Blackboard architecture
a design in which a database or knowledgebase is established to solve a particular problem, it is typically updated by various sources
What is LM?
a hashing technique that converts a users password into uppercase and then adds blank spaces until the size is 14 bytes. The 14 bytes are split into 2x 7byte chunks then each is ran through DES then the two are put back together Used prior to Windows NT
What is Kerbcrack?
a password cracking tool
What is john the ripper?
a password cracking tool
What does OSSTMM provide?
a repeatable framework for operational security testing and analysis
What is Burp Suite?
a suite of tools for attacking web applications. Has free and professional versions
What are linux IP filtering commands?
ipfwadmin ipchains iptables
What commands can be used for IP masquerading on a linux-based firewall?
ipfwadmin ipchains iptables
What is Indemnification?
provides contractual protection against loss or damages
What are the common DH Groups?
1, 2, 5, 14, 15,16, 17,18
What are the common DH Groups' Modulus sizes?
1 - 768 bit - smallest 2 - 1024 bit - 2 GB 5 - 1536 bit - only with 5 in it 14 - 2048 bit 15 - 3073 bit - 15x2 = 30 16 - 4096 bit 17 - 6144 bit - Matt 17-44 18 - 8192 - Dylan #81 92
Monolithic Architecture
A design in which a single application is developed to handle components that have functional differences Example: A single application that has both the UI and code to access data.
What parts of the triad does IPSec provide?
Confidentiality - Encrypts before sending Integrity - encryption says if it was tampered with
What is L0phtCrack?
As password cracking tool
How does OSSTMM define legislative, contractual and standards-based?
As types of compliance
What are the Class A controls in OSSTMM? (RACISm)
Authentication Indemnification Resilience Subjugation Continuity
What does NIST 800-53 do?
Catalogs security and privace controls for federal information systems except those related to Directive Deterrent Preventative Compensating Detective Corrective Recovery NATIONAL SECURITY
What is IP Address Spoofing?
Changing or disguising the source IP address of an IP packet. Useful to mask the source of a DDoS attack
What is a back door?
Code or credentials that are built into software that give complete access to the workstation it is running on
What is MD4 susceptible to?
Collision attacks because the hash is so small
What does NTLM stand for?
NT LAN Manager
What does NIST stand for?
National Institute of Standards and Technology
What are the Class B controls in OSSTMM? (CAtNIP)
Nonrepudiation Confidentiality Privacy Integrity Alarm
What is alarm?
Notifies participants when interactions occur
What does OSSTMM stand for?
Open Source Security Testing Methodology Manual
What port does SMTP use?
TCP PORT 25
What port does telnet use?
TCP Port 23
What port does DNS use? (DNR)
TCP/UDP Port 53
What is Tcpdump?
the premier network analysis tool for information security professionals. Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP.
