Hacker Techniques, Tools, and Incident Handling

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is the acceptance approach to risk control?

The choice to do nothing to protect and information asset and to accept the outcome of its potential exploitation. In order to validly determine this the organization must: determine the level of risk, assess the probability of attack, estimate the potential damage that could occur from an attack, perform a thorough cost-benefit analysis, evaluated controls using each appropriate type of feasibility, decided that the particular function, service, information, or as it did not justify the cost of protection

Theft

The legal taking of another property, be it physical, electronic, or intellectual

What is risk?

The likelihood of the occurrence of vulnerability, multiplied by the value of the information asset, minus the percentage of risk mitigated by current controls, plus the uncertainty of current knowledge of the vulnerability

Intellectual property

The ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another persons intellectual property may or may not involve royalty payments or permission should always include proper credit to the source

Likelihood

The probability that a specific phone ability within an organization will be successfully attacked

Risk control

The process of applying control reduce the risk of an organizations data and information systems

Risk identification

The process of examining, documenting, and assessing security posture of an organization's information technology and the risks it faces

Residual risk

The risk that remains to the information assets even after the existing control has been applied

What is a part of intellectual property?

Trade secrets, copyrights, trademarks, and patents

Software piracy

Use or duplication of software-based intellectual property

What is the termination approach to risk control?

When an organization decides to remove an asset that is not worth defending but is a security risk

Black-hat Hackers

black hat hacker is a person who attempts to find computer security vulnerabilities and exploit them for personal financial gain or other malicious reasons. Black hat hackers can inflict major damage on both individual computer users and large organizations by stealing personal financial information, compromising the security of major systems, or shutting down or altering the function of websites and networks.

Vulnerability

A flaw or weakness in the system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or violation of the systems security policy

Competitive intelligence

A legal form of information gathering that consists of doing research on publicly available information

Polymorphism

A threat the changes apparent shape over time, making it undetectable by techniques that look for preconfigured signature

White-hat Hackers

A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and asses their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them. Although the methods used are similar, if not identical, to those employed by malicious hackers, white hat hackers have permission to employ them against the organization that has hired them. Also called "Ethical Hackers" by the media

In Linux, you issue commands from a command line using which of the following? A. A terminal window B. The KDE interface C. The GNOME interface D. The kernel

A. A terminal window

Which of the following are scripting languages? (choose two) A. Active X B. Java C. CGI D. ASP.Net

A. Active X C. CGI

Which of the following can limit the impact of worms? A. Antivirus software, firewalls, patches B. Anti-spyware, firewalls, patches C. Anti-worm software, firewalls, patches D. Anti-malware

A. Antivirus software, firewalls, patches

Web application are used for? A. Enabling dynamic content B. Streaming video C. Applying scripting D. Lack of input validation

A. Enabling dynamic content

Which of the following is a desktop interface for Linux? A. KDE B. SUSE C. Ubuntu D. GPL

A. KDE

What is the core of the Linux operating system? A. Kernel B. Shell C. GUI D. VPN

A. Kernel

Covert channels work over A. Known channels B. Wireless C. Networks D. Security controls

A. Known channels

______ is used to fake a MAC address. A. Spoofing B. Flooding C. Poisoning D. Hijacking

A. Spoofing

______ record(s) a user's typing A. Spyware B. Viruses C. Adware D. Malware

A. Spyware

A DoS attack is meant to deny a service from legitimate usage. A. True B. False

A. True

Active sniffing is used when switches are present A. True B. False

A. True

Backdoors on a system can be used to bypass firewalls and other protective measures A. True B. False

A. True

Session hijacking is used to take over an authenticated session A. True B. False

A. True

Trojans are a type of malware A. True B. False

A. True

Trojans can be used to open backdoors on a system A. True B. False

A. True

Worms are designed to replicate repeatedly. A. True B. False

A. True

____ attach(es) to files. A. Viruses B. Worms C. Adware D. Spyware

A. Viruses

Human error or failure

Acts performed by an authorized user usually without malicious intent or purpose that can produce extensive damage and catastrophic results

Attack

An intentional or unintentional attempt to cause damage to or otherwise compromised information or the systems that support it

Threat

An object, person, or other entity that is of potential risk of loss to an assets

Asset

An organizational resource that can be logical, such as website, information, or data, or it can be physical, such as a person, computer system, or other tangible object

Industrial espionage

Any legal form of information gathering that consists of retrieving information by unethical and illegal means. May also include denying access to services

What does the general business community do in regards to security?

Articulates and communicates organizational policy and objectives and allocates resources to other groups

Availability (CIA triangle) and means of achieving

Authorized users or systems are able to access information in the specified format without interference or obstruction as necessary. Means: backup data, redundancy, load-balancing, disaster recovery plan, remove bottlenecks, firewalls and proxy to protect against DDoS attacks

____ runs completely from removable media. A. Linux B. A Live CD C. The kernel D. A Shell

B. A Live CD

Prevention of viruses and malware includes ______ A. Pop-up blockers B. Antivirus C. Buffer overflows D. All of the abolve

B. Antivirus

Sniffers can be used to A. Decrypt information B. Capture information C. Hijack communications D. Enforce Security

B. Capture information

Which of the following is a characteristic of adware? A. Gathering information B. Displaying pop-ups C. Intimidating users D. Replicating

B. Displaying pop-ups

Backdoors are an example of covert channels A. True B. False

B. False

Multipartite viruses come in encrypted form A. True B. False

B. False

Scareware is harmless A. True B. False

B. False

Session hijacking is used to capture traffic A. True B. False

B. False

The command mv is used to remove empty directories. A. True B. False

B. False

The stability of a Web server does not depend on the operating system. A. True B. False

B. False

The target of source code exploits is most often databases. A. True B. False

B. False

Viruses do not require a host program A. True B. False

B. False

Browsers do not display which of the following? A. ActiveX B. Hidden fields C. Java D. JavaScript

B. Hidden fields

What technique is used when traffic is captured on a network with hubs A. Active sniffing B. Passive sniffing C. MAC flooding D. Ether flooding

B. Passive Sniffing

Which of the following challenges can a firewall solve? A. Protection against buffer overflows B. Protection against scanning C. Inadequate input validation D. Ability of a Web application to use nonstandard ports

B. Protection against scanning

Which of the following is designed to exploit applications that solicit the client to supply data that is processed in the form of SQL statements? A. Buffer overflows B. SQL injection C. Buffer injection D. Input validaton

B. SQL injection

What type of device can have its memory filled up when MAC flooding is used A. Hub B. Switch C. Router D. Gateway

B. Switch

Which of the following is used to audit databases? A. Ping B. IPConfig C. NGSSquirrel D. XSS

C. NGSSquirrel

____ is designed to intimidate users A. Adware B. Viruses C. Scareware D. Worms

C. Scareware

Which is used to intercept user infromation? A. Adware B. Scareware C. Spyware D. A virus

C. Spyware

____ is known to disable protective mechanisms on a system such as antivirus software, anti-spyware software, and firewalls, and to report on a user's activities. A. Adware B. Scareware C. Spyware D. A virus

C. Spyware

The CIA triangle (three goals of security)

Confidentiality, integrity, accessibility

______ are methods for transferring data in an unmonitored manner

Covert channels

Trojans are designed to be small and stealthy in order to: A. Bypass covert channels B. Bypass firewalls C. Bypass permissions D. Bypass detection

D. Bypass detection

Which of the following is one of the goals of Trojans? A. Sending data B. Changing system settings C. Opening covert channels D. Giving remote access

D. Giving remote access

What are the five risk control strategies?

Defense, transferral, mitigation, acceptance, termination

_____ is a combination malware and Trojan Horse RAT based on Stuxnet designed to spy on industrial control systems

Duqu

_____ Is a powerful preventive measure for stopping viruses.

Education and Anti-virus software

Trespass

Electronic and human activities that breached confidentiality of information by unauthorized individuals attempting to gain access to information

Malware hoaxes

Emails and pop up containing illegitimate warnings of dangerous malware in order to scare the user to perform a desired action

Suicide Hackers

Hackers with little regard for the law or staying undetected. They seek to accomplish their goal at all costs and do not worry if they are caught. Their goals include political, terrorist, social, or other aims.

______ is used to overwhelm a service

Hijacking (or DDoSing)

Script Kiddies

In programming culture a script kiddie or skiddie (also known as skid, script bunny, script kitty) is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks, and deface websites.

Integrity (CIA triangle) and means of achieving

Information assets are not exposed to corruption, damage, destruction, or other disruption of their authentic states. Means: backups, checksum, physical and logical access control

What questions should be as in an information asset valuation

Is this asset the most critical to the organization's success? Does it generate the most revenue? Does it generate the most profit? Would it be the most expensive to replace? Will be the most expensive to protect? If revealed, would it cost the most embarrassment or greatest damage? Does the law or other regulation require us to protect this?

What is the goal of network security?

It is impossible to create an impenetrable system. The goal of network security and is to leave assets accessible to authorized users, but not make it worth the time or effort needed to illegitimately access the assets by hackers. Having better security than a similar company is sometimes sufficient to discurage attacks

_____ are configured to go off at a certain date, time, or when a specific event occurs

Logic bombs

______ is used to flood a switch with bogus MAC addresses

MAC flooding

Worms

Malicious programs that replicate themselves constantly without requiring another program provide a safe environment for their replication

Ransomeware

Malware that encrypts files in prompts the user for payments in order to decrypt the files. Commonly targets hospitals, medical centers, and governmental agencies

Exploit (as a noun/verb)

Noun: a means to target a specific vulnerability usually found in soft word to formulate an attack Verb: to attack system or information asset by using it illegally for their personal gains

Confidentiality (CIA triangle) and means of achieving it

Only those persons or computer systems with the rights and privileges to access and are able to do so. Means: user IDs, passwords, file and group permissions, authentication, encryption, training to prevent social engineering, local access only

Physical Security

Protecting people, physical assets, and the workplace from various threats, including fire, unauthorized access, and natural disasters.

Operations Security

Protecting the organization's ability to carry out its operational activities without interruption or compromise

Communications security

Protecting the organization's communications media, technology, and content, and its ability to use the tools to achieve the organization's objectives

Network security

Protecting the organization's data network devices, connections, and contents as well as protecting the ability to use the network to accomplish the organizations data communication functions tab tab tab

Information security (InfoSec)

Protection of information and its critical characteristics (CIA triangle), including the systems and hardware that use, store, and transmit that information, through the application of policy, training and awareness programs, and technology

What does the information security community do in regards to security?

Protects the organizations information assets from the many threats they face

Petya and SamSam are examples of _____

Ransomware

Grey-hat Hackers

Rehabilitated Hackers that were once Black-hot hackers but have since changed their ways. For obvious reasons, not all people will trust a gray-hat hacker

______ perform active and passive scans of network to identify all SQL Server installations that may be hidden

SQLPing 3.0 and SQLRecon

What is the priority in the process of Disaster Recover?

Safety of Human Life

Control (or safeguard or countermeasure) and examples

Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and generally improve the security within an organization Examples: access control list, firewall, user and file permissions, authentication, encryption, updates, anti-malware, password policies

Computer virus

Segments of code that perform malicious action. The code attaches itself to an existing program and takes control that programs access to the targeted computer.

_____ is a malware spread via infected USB drive or across a network as a worm. Designed to interfere with Siemens programmable logic microcontroller in order to make centrifuges operate at unsafe speeds while displaying proper speed .

Stuxnet

What does the information technology community do in regards to security?

Supports the business objectives of the organization by supplying and supporting IT that is appropriate to the organization's needs

What is the GPL?

The General Public License (GPL) is the software licence that governs the Linux kernel and other open source software

What is the defense (avoidance) approach to risk control?

The attempting to prevent the exploitation of the vulnerability by means of countering threats, removing vulnerabilities and assets, limiting access to assets, and adding protective safeguards

What is the mitigation approach to risk control?

The attempting to reduce the impact caused by the exploitation of vulnerability through planning and preparation, including contingency planning and its four functional components: the business impact analysis, the incident response plan, the disaster recovery plan, and the business continuing to you

What is the transferral approach to risk control?

The attempting to shift risk to other assets, other processes, or other organizations by rethinking how services are offered, revising deployments models, outsourcing to other organizations, purchasing insurance, or implementing service contracts with providers


Kaugnay na mga set ng pag-aaral

Chapter 19 US History Study Guide

View Set

Chapter Two: Identifying Competitive Advantages Review Questions

View Set

GS ECO 302 CH 3 Describing Data: Numerical Measures

View Set

Rheum & HIV & Allergies Quiz Questions

View Set