IT 230 Midterm

An example of a Windows firewall is iptables.

False

Know the difference between a honeypot and honeynet and their purposes in a network

Honeypot: A monitored host specifically designed to detect unauthorized access attempts and divert attacker's attention from the actual corporate network Honeynet: A type of network consisting of multiple honeypots

When you are developing a security plan which one of the following is an example of a physical control?

ID Card

Why is input validation important: sql injection, buffer overflow, privilege escalation

Input validation is a process that ensures the correct usage of data.

What does the "I" stand for in CIA?

Integrity

Recognize the difference between NAT and NAC

NAT: Translates the private local IP address to the public global IP address. NAC:

Recall what NIDS, HIDS, IPS and HIPS do

NIDS: HIDS: Host-Based Intrusion Detection System IPS: HIPS:

Which of the following is an inline device that checks all packets?

Network intrusion detection systemTrue

When can you declare that a system is completely secure?

Never

Avi sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Avi did indeed send the e-mails?

Non-Repudiation

Don't forget the different protocols such as SNMP, Telnet, SFTP and IPsec

SMNP: Telenet: SFTP: IPsec:

Realize how important SSH is

SSH or Secure Shell is used for secure network connections. Predecessor of Telnet. SSH runs on TCP 22.

Which of the following individuals uses code with little knowledge of how it works?

Script Kiddie

Bluejacking

Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices.

SSID (Service Set Identifier)

Service Set Identifier, the advertised name of a wireless network

Bluetooth

Short range, low bandwidth wireless technology often used for mobile phone headsets or earphones.

Flashing is a term that describes he updating of the BIOS

True

Full device encryption is one way of protecting a mobile device's data if the device is stolen.

True

In the case of theft, the two best ways to protect against the loss of confidential or sensitive information are encryption and a remote wipe program

True

Personal firewalls are applications that protect an individual computer from unwanted Internet traffic.

True

Port 88 is used by Kerberos.

True

Storage DLP systems are typically installed in data centers or server rooms as software that inspects data at rest.

True

When a group of compromised systems attack a single target, causing a DoS to occur at that host

True

ARP (Address Resolution Protocol)

Used to find the MAC (physical) address of a device with a known IP

What two locations can be a target for DNS poisoning?

local host table, external DNS server

Which type of attack below is similar to a passive man-in-the-middle attack?

replay attack

Know the types of attacks at the client level (session hijacking, smurf, ddos, malicious software)

session hijacking: smurf: ddos: malicious: software:

Wireless configurations

should be configured to encrypt data

Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer?

smurf attack

Why DNS is a Security Risk

-it is always-on and allows all communications to get through resulting in DNS traffic being whitelisted in the firewall rules by system administrators -DNS can become a channel for cyber attacks designed to spread malware, hold the institution ransom, steal data, or even cause service outages

Two types of Privilege Escalation

-when a lower privilege user accesses functions restricted to higher privilege users(sometimes called vertical privilege escalation) -user with restricted privilege accesses different restricted functions of a similar user(horizontal privilege escalation)

Review what transitive trust is

All domains trust all other domains

ARP poisoning

An attack that exploits Ethernet networks, and it may enable an attacker to sniff frames of information, modify that information, or stop it from getting to its intended destination.

Privilege Escalation

An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing.

SDLC (Systems Development Life Cycle)

An organized process of developing a secure application throughout the life of the project. Phases:Planning and analysis, software/systems design, implementation, testing, integration, deployment, maintenance Security principles associated with the SDLC: •Principle of least privilege •Principle of defense in depth •Applications should never trust user input •Minimize the attack surface area •Establish secure defaults •Provide for authenticity and integrity •Fail securely •Fix security issues correctly

Which of the following does the A in CIA stand for when it comes to IT security?

Availability

In information security, what are the three main goals? (Select the three best answers.)

Availability, Integrity, Confidentiality

Understand the benefits of full drive encryption and individual file encryption

BitLocker • Trusted platform module (TPM)

Know the difference between HIDS and NIDS

Both detect the intrusions HIDS: is set up on a particular host/device, monitors the traffic of a particular device NIDS: is set up on a network. It monitors traffic of all device of the network.

Domain Name System

Converts IP addresses into domains, the system by which Internet domain names and addresses are tracked and regulated.

Recognize the difference between a TPM and HSM and what platform they are on

A TPM or Trusted Platform Module is a hardware chip that deals with security key management while a HSM or Hardware Security Module is a device (usually installed into a firewall) that performs cryptographic functions.

Replay attack

A network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.

Where are MAC addresses stored for future reference?

ARP cache

What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks?

ARP poisoning

Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for?

Confidentiality of data

Which one of the following posses the greatest risk when it comes to removable storage?

Confidentiality of data

Review the difference between a DMZ, Extranet and Intranet.

DMZ: Extranet: Intranet:

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:

DNS

Bluejacking is the unauthorized access of information from a wireless device through a Bluetooth connection.

False

Botnets do not affect mobile devices.

False

Which of the following occurs when an IDS identifies legitimate activity as something malicious?

False positive

Bluesnarfing

Gaining unauthorized access to a Bluetooth device

Review the functions and benefits of GPS

Global Positioning System

To protect against malicious attacks, what should you think like?

Hacker

Understand the requirements to protecting a smartphone

Protect mobile devices and the data they contain by using screen locks, encryption, remote wipe utilities, and good BYOD policies.

Which of the following is not a denial-of-service attack?

Replay Attack

DNS (Domain Name System)

Resolves Internet names to IP addresses. Application layer protocol TCP/UDP port 53

DNS poisoning

The modification of name resolution information that should be in a DNS server's cache

Differences between a Virus, Worm and Malware

Virus: It's an unwanted, unsolicited, malicious program. Viruses are not transferred without the help of human or system intervention. Worm: a self replicating virus or malware which copies itself from one system to another without requiring human intervention and typically consumes as much disk space or system resources as possible prior to moving to the next victim Malware: Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. Malware is software designed to infiltrate a computer system and possibly damage it without the user's knowledge or consent.

Spoofing

When an attacker masquerades as another person by falsifying information.

Recall the steps associated with the deployment of patches

ch2

Review the different types of network attacks

ch2

Learn the different cloud configurations

ch5. look