CHAPTER 32: Wireless Security, Malware, and Social Engineering

RADIUS uses ports ____ and ____ by default

1812, 1813

You have been tasked with implementing a virus prevention plan on a group of Windows client computers. Which of the following should you carry out? (Select all that apply.) ❍ A. Update AV software. ❍ B. Configure File History. ❍ C. Update Microsoft Office. ❍ D. Install a rootkit scanner. ❍ E. Verify that a firewall is installed

A, C, and E. First off, update everything. Then, verify that AV software and a firewall are installed and updated. Microsoft Office is especially susceptible to malware, so if you run it, you have to keep a close eye on it. Configuring File History or any other backup methods won't prevent malware from occurring, but it is important to perform, nonetheless. Remember, backup is not prevention. A rootkit scanner won't scan for viruses (or prevent them). It won't prevent rootkits, but it might find them.

Which of the following describes an attempt to guess a password by using a combination of letters and numbers? ❍ A. Brute-force ❍ B. Social engineering ❍ C. Dictionary ❍ D. Zero-day

A.Brute-force attacks use a combination of letters, numbers, and symbols to guess passwords, PINs, and passcodes; as opposed to dictionary attacks, which are a list of words. Social engineering is an attempt to manipulate people into providing confidential information. A zero-day attack is one that occurs that has not been seen or documented before—the most difficult to prepare against.

_________ __________ _____(___) is an encryption protocol used with WPA/WPA2. Uses 128-, 192-, and 256-bit encryption.

Advanced Encryption Standard(AES)

You have been tasked with connecting wireless clients to a server that supports SSO and 802.1X. Which of the following technologies should you implement? (Select the two best answers.) ❍ A. WPA2-PSK ❍ B. WPA2-ENT ❍ C. WEP ❍ D. TKIP ❍ E. RADIUS

B and E. To take advantage of single sign-on (SSO) and 802.1X, you would need a special authentication device (such as RADIUS) on the server side, and WPA2- Enterprise on the client side (sometimes abbreviated as WPA2-ENT). And what port does RADIUS use by default? Remember? WPA2-PSK uses a pre-shared key that is stored on the AP and doesn't support the other technologies. WEP and TKIP are outdated and should be avoided.

Which of the following types of malware self-replicates? ❍ A. Virus ❍ B. Worm ❍ C. Trojan ❍ D. Rootkit

B. A worm will self-replicate, whereas a virus will not; otherwise, the two are very much the same. Trojans perform malicious functions behind the scenes and allow remote access to systems. Rootkits are designed to gain administrator (or root)level access to the computer

A ________-_____ attack is a password attack that operates by attempting every possible combination of characters that could be in a password.

Brute Force

Which of the following types of malware is designed to gain administrative-level control of a system? ❍ A. Ransomware ❍ B. Keylogger ❍ C. Rootkit ❍ D. Spyware

C. A rootkit is designed to get administrative control of a computer system. The word "root" is synonymous with administrator in many systems (Linux, Unix, etc.). Ransomware is malware that encrypts a person's files so that they are not accessible. Keyloggers capture the keystrokes a person makes on a keyboard. They are used to steal passwords and other confidential information. Spyware is malware that is used to watch (and possibly record) what a person is doing on the system and on the Internet.

Which of the following is the strongest form of wireless encryption ❍ A. WPA ❍ B. WEP ❍ C. AES ❍ D. TKIP

C. Advanced Encryption Standard (AES) is the strongest form of wireless encryption (given the listed answers). WPA is a wireless encryption protocol that is not bad, but WPA2 is recommended. WEP and TKIP are deprecated, have been compromised, and should be avoided.

A user clicked a link in an e-mail that appeared to be from his bank. The link led him to a page that requested he change his password to access his bank account. It turns out that the webpage was fraudulent. What is this an example of? ❍ A. Impersonation ❍ B. Dumpster diving ❍ C. Phishing ❍ D. Shoulder surfing

C. This is an example of phishing. Phishers will use e-mail to trick a person into divulging confidential information. While it could be said that the website that was accessed is impersonating the actual banking website, that would be more of a spoof; true impersonation is when a person mimics another person. Dumpster diving is when a person hunts through garbage or recycling to find confidential information. Shoulder surfing is when a person attempts to get information by sight by, for example, looking over a person's shoulder as that person types in a password.

Several hundred infected computers simultaneously attacked your organization's server, rendering it useless to legitimate users. What kind of attack is this an example of? ❍ A. Botnet ❍ B. MITM ❍ C. Tailgating ❍ D. DDoS ❍ E. Rainbow table

D. A distributed denial-of-service (DDoS) attack is one where many computers(zombies) work together in an attempt to bring down a server or router. While it makes use of a botnet, not all botnets are necessarily bad, nor is the botnet the attack. A man-in-the-middle (MITM) attack is a type of spoof, where a person uses a computer to intercept and either use or change data that is captured Tailgating is a type of social engineering attack where a person attempts to enter a secure area by following another person in without that person's knowledge. A rainbow table is set of precalculated encrypted passwords located in alookup table.

A ______ ______ ____ attack is one in which the attacker's goal is to make the device unavailable to do its job. A ______ _____ _____ _______ attack is one in which the attacker recruits additional devices (called zombies ) to assist in the attack.

Dos, DDos

_______ _______ is a common physical access method. Refers to looking in dumpsters/trash for information that is highly sensitive in nature (such as passwords after a change and before the user has the new one memorized).

Dumpster diving

WPA2-_______ and 802.1X are more secure options that are designed for larger networks; ones that use an authentication server of some sort.

Enterprise

________ occurs when an individual pretends to be an IT technician, heating and air repairman, or other people (NOT DEVICE) to get in the facility or to convince someone to disclose sensitive information.

Impersonation

Captures all of the keystrokes made by a user on a computer keyboard. Software-based: Loaded into a computer knowingly or without the user's knowledge using a Trojan. Hardware-based: Connected physically to the keyboard's cable inline, storing data, and possibly transmitting it wirelessly.

Keylogger

_____ is a general term describing attempts to fraudulently obtain private information (usually by masquerading as someone else). It is usually done by electronic communication/phone.

Phishing

_______ viruses change form in order to avoid detection. The virus will attempt to hide from your antivirus software. Frequently, the virus will encrypt parts of itself to avoid detection. When the virus does this, it's referred to as mutation.

Polymorphic

Restricts access to a computer system or locks the system until a ransom is paid. Often propagated by a Trojan, and uses RSA encryption keys to "lock" the files.

Ransomware

Note: Password cracking attacks are performed offline to eliminate the disabling of the account through password policies.

Read

_________ attacks or bypasses the antivirus software installed on a computer. You can consider this to be an anti-antivirus. They can directly attack your antivirus software and potentially destroy the virus definition database fi le. Destroying this information without your knowledge would leave you with a false sense of security.

Retrovirus

Software designed to gain administrator-level control over a computer system without being detected.

Rootkit

_______ _________ involves nothing more than watching someone when they enter their sensitive data. Use a privacy screen or screen filter.

Shoulder surfing

A ____ attack is when an attacker masquerades as another person by falsifying information. The hacker may change her IP address to one that belongs to a trusted user or device to get through a firewall filtering at the IP layer. In other cases, she might _____ the MAC address of a trusted device to defeat layer 2 security applied on a switch or wireless access point (AP). It could also be the _______ of a username and password to access a resource. Finally, it might be the ________ of an email address to launch one of the email-based attacks.

Spoofing

Malicious software either downloaded unwittingly from a website or installed along with some other third-party software with the intention of spying on the user's work.

Spyware

In windows system recovery/ recovery console, the options are : ______ _______ : Fixes missing or damaged system files, which might prevent Windows from starting correctly. ______ ________ : Restores your computer's system files to an earlier point in time without affecting your files, such as e‑mail, documents, or photos. _______ _______ ________: Requires a system image, a personalized backup of the partition that contains Windows, and includes programs and user data, like documents, pictures, and music. _______ ________ ________ ______: Scans your computer's memory for errors

Startup Repair System Restore System Image Recovery Windows Memory Diagnostic Tool

_________ is the directory where the core of Microsoft Windows operating systems files are stored. In a default installation of any version of Windows, the operating system files are located in C:\Windows.

SystemRoot

________ is the term used for someone being so close to you when you enter a building that they are able to come in right behind you without needing to use a key, a card, or any other security device.

Tailgating (piggybacking)

______ _____ ______ ______ (____) is a deprecated protocol used with WEP or WPA. 128 bit.

Temporal Key Integrity Protocol (TKIP)

Appears to perform desired functions but is actually performing malicious functions behind the scenes

Trojan horse

Code that runs on a computer without the user's knowledge; it infects the computer when the code is accessed and executed.

Virus

___ _____ ______ (___) uses 128-bit encryption while ____ uses 256-bit encryption

Wi-Fi Protected Access (WPA), WPA2

______ ____ ______ (____) is deprecated and vulnerable to IV attack, 64-bit encryption

Wired Equivalent Privacy (WEP)

Similar to viruses except that it self-replicates, whereas a virus does not.

Worm

An organization's _______ ____ ______(___) is a document stipulating constraints and practices that a user must agree to before being granted access to a corporate network or the Internet.

acceptable use policy(AUP)

An ________ virus is designed to make itself difficult to detect or analyze. They cover themselves with protective code that stops debuggers or disassemblers from examining critical elements of the virus.

armored

RADIUS and Terminal Access Controller Access-Control System Plus (TACACS+) are examples of ________ servers and can be used as SSO (single sign-on) servers as well.

authentication

A _____ is a group of compromised computers that are controlled by a master computer which directs them to attack particular servers and routers on the Internet.

botnet

A ________ virus attaches itself to legitimate programs and then creates a program with a different filename extension. This file may reside in your system's temporary directory. When a user types the name of the legitimate program, the companion virus executes instead of the real program. The infected program may perform its dirty deed and then start the real program.

companion

A _________ (precomputation) attack uses a considerable set of precalculated encrypted passwords located in a lookup table called ______ tables. This attack can be defeated by implementing ______, which is the randomization of the hashing process. It usually incorporates key stretching, which is adding bits of information to the password to make it stronger

cryptanalysis, rainbow, salting

A _______ attack uses a prearranged list term-38of likely words to crack passwords, passphrases, and keys. Works best with weak passwords and when targeting multiple systems. The power of the dictionary attack depends on the strength of the dictionary used by the password-cracking program.

dictionary

A ______ virus exploits the enhancements made to many application programs. Programmers can expand the capability of applications such as Microsoft Word and Excel. Word, for example, supports a mini-BASIC programming language that allows files to be manipulated automatically. These programs in the document are called ______s. For example, a _____ can tell your word processor to spell-check your document automatically when it opens. _____ viruses can infect all the documents on your system and spread to other systems via email or other methods.

macro

A ____-___-____-____ (____) attack is one in which the hacker uses one of several techniques to position himself in the middle of a current communication session between two devices. One way he might do this is by polluting the ARP cache (mappings of IP addresses to MAC addresses) such that the users on either end of the session think they are sending data to one another when in reality they are sending it to the hacker. This allows the hacker to monitor the entire conversation.

man-in-the-middle (MITM). Note: Dion seemed to call this "on-path attack", an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.

A _________ virus attacks your system in multiple ways. It may attempt to infect your boot sector, infect all your executable files, and destroy your application files. The hope here is that you won't be able to correct all the problems and will allow the infestation to continue.

multipartite

A ______ virus alters other programs and databases. The virus infects all these files. The only way to remove this virus is to reinstall the programs that are infected. If you miss even a single instance of this virus on the victim system, the process will start again and infect the system once more.

phage

Read

read

A targeted phishing campaign towards specific groups or individuals is known as ____ phishing. This is common when targeting senior executives of corporations, a concept known as ______.

spear, whaling

A ______ virus attempts to avoid detection by masking itself from applications. It may attach itself to the boot sector of the hard drive. When a system utility or program runs, the stealth virus redirects commands around itself to avoid detection.

stealth

A _____-____ attack is one that occurs when a security vulnerability in an application is discovered on the same day the application is released.

zero-day