Chapter 1: Modern Network Security Threats - Part 1
What is Instant on activation?
A VM that hasnt been turned on for a while that has outdated security policies which introduce a vulnerability
What server authenticates users, authorizes what they are allowed to do, and tracks what they are doing.
AAA Server
What part of a campus are network performs stateful packet filtering to filter return traffic from the outside network into the campus network.
ASA (Adaptive Security Applaince) Firewall
What component of network security a campus area network performs stateful packet filtering to filter return traffic from the outside network into the campus network.
ASA Firewall
What kind of malware generates unwanted pop-ups based on tracking the cookies from websites?
Adware
What is a product that cisco developed to protect data centers from vulnerabilities (VM's that are prone to attacks)
Cisco Secure Data Center
What is the tool developed by Cisco to that provides alerts to network security professionals and also updates information in real time to help identify attacks?
Cisco Security Intelligence Operation (Cisco SIO)
What classification of attack is when an attacker gets access to a secret key and uses it to access secured communication without the sender being aware?
Comprimised-Key Attack
What kind of hacker are either independent or work for a giant cyber crime organization that are responsible for stealing billions of dollars from businesses and consumers?
Cyber Criminals (black hat)
What classifcation of attack is if hackers have captured enterprise traffic, they can alter the data in the packet without the knowledge of the sender or receiver.
Data modication attack
What classification of attack prevents normal use of a computer or network by valid users.
DoS Attack
What is the most common type of virus?
Email virus
What kind of hackers who a politically or socially motivated that target organizations and governments to rally or protest against political or social ideas by posting articles, videos, leaking sensitive info or performing DDoS attacks?
Hacktivists (grey hat)
What is type of knowledge and sophistacation of attack tools currently?
Highly sophisticated tools and little technical knowledge needed
What are the 3 VM-Specific threats?
Hyperjacking, instant on activation and antivirus storms
What classifcation of attack is where a hacker constructs an IP packet that appears to originate from a valid address inside the corporate intranet.
IP Address Spoofing Attack
What device in Campus are network continuously monitors incoming and outgoing network traffic for malicious activity. It logs information about the activity, and attempts to block and report it.
IPS
What attack vector is potentially more dangerous?
Internal attack
What kind of malware gathers info about a user and sends the information to another entity without the users consent?
Malware
What classification of attack occurs when hackers have positioned themselves between a source and destination? They can now actively monitor, capture, and control the communication transparently.
Man-in-the-middle attack
What is is the action of reducing the severity of the vulnerability. Network security involves multiple different kinds of these techniques?
Migitation
What is the company that purposely has honey pot servers to study how hackers attack the system?
Norse Dark Intelligence
What classifcation of attack is when a hacker discovers a valid user account, the attackers have the same rights as the real user? They could use that valid account to obtain lists of other users and network information. They could also change server and network configurations, modify, reroute, or delete data.
Password-based attack
What kind of malware convinces people to give sensitive information (like an email from the bank asking for pin number)
Phishing
What kind of malware denies access to an infected computer and demands ransom for the restriction to be removed?
Ransomware
What is the 3 major categories that classifies attacks?
Reconnnaissance Attacks, Access Attacks and Dos Attacks
What the term used to define the potential threat to exploit vulnerabilities of an asset in order to negatively impact an organization?
Risk
What kind of malware is installed on a compromised system and hides its intrusion maintains access to the hacker?
Rootkits
What kind of malware uses social engineering to scare or give anxiety by creating the perception of a threat?
Scareware
What kind of hackers refers to teenagers or inexperienced hackers running existing scripts, tools, and exploits, to cause harm, but typically not for profit.
Script Kiddies
What are the 3 components of Cisco Secure Data Center use to protect the data center?
Secure Segmentation, Visibility and threat defense
What classification of attack is where an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, it provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key.
Sniffer Attack
What kind of hacker is government funded and guided attackers (such as stuxnet) that would target foreign governments, terrorist groups and corporations to steal secrets, gain intelligence (espionage) and sabatoge?
State-sponsored (can be white or black hat)
How is the term "risk" measured?
The probability of the occurence of an event and its consequence.
What is the term used to define the potential for a vulnerability to turn into a network attack, such as malware, exploits, and more.
Threat
What kind of malware will carry out its operation under the disguise of a desired function with hidden malicious code hidden inside it?
Trojan Horse
What are some network vulnerabilities?
Unsecure network protocols, configuration errors or weak security policies
What is used on the Cisco ISR (that is located at the perimeter of a campus area network) that will protect the data flow, ensuring confidentiality and integrity?
VPN
What kind of malware is malicious code that is attached to executable files (posing as legitimate programs). This malware requires end user activation and may lay dormant for an extended period of time.
Virus
What is the term used to define a weakness or flaw in the network which can be exploited by an attacker to negatively impact a network, or to access confidential data within an organization?
Vulnerability
What kind of hackers attempt to discover exploits and report them to vendors, sometimes for prizes or rewards?
Vulnerability Brokers
What is an anti virus storm?
When all VMs attempt to download the antivirus at the same time
What is hyperjacking?
When an attacker hi-jacks (or takes over) a VM and uses it as a launch point for other attacks on the network.
What kind of malware has an enabling vulnerability (without user interaction), a way to propagate themselves and contain a payload?
Worm
What is the term for the path that an attacker can gain access to server, host or network?
attack vector
how is network security attacks organized so its easier to learn about and address them?
classification
What classifcation of attack is when a hacker captures and "listens" to network traffic. This attack is also referred to as sniffing or snooping.
eavesdropping
Where are trojan horses mostly hidden behind?
online games
What are more general classifications of network attackes?
reconnaissaince, access or DoS attacks
What are examples of examples of specific attackes?
viruses, worms and trojan horses
What is the term used for when a hacker has a program that dials every phone number in an area to find out which one was a fax or computer. When one is found they use password cracking programs for access?
war dialing
