IT 230 Midterm
An example of a Windows firewall is iptables.
False
Know the difference between a honeypot and honeynet and their purposes in a network
Honeypot: A monitored host specifically designed to detect unauthorized access attempts and divert attacker's attention from the actual corporate network Honeynet: A type of network consisting of multiple honeypots
When you are developing a security plan which one of the following is an example of a physical control?
ID Card
Why is input validation important: sql injection, buffer overflow, privilege escalation
Input validation is a process that ensures the correct usage of data.
What does the "I" stand for in CIA?
Integrity
Recognize the difference between NAT and NAC
NAT: Translates the private local IP address to the public global IP address. NAC:
Recall what NIDS, HIDS, IPS and HIPS do
NIDS: HIDS: Host-Based Intrusion Detection System IPS: HIPS:
Which of the following is an inline device that checks all packets?
Network intrusion detection systemTrue
When can you declare that a system is completely secure?
Never
Avi sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Avi did indeed send the e-mails?
Non-Repudiation
Don't forget the different protocols such as SNMP, Telnet, SFTP and IPsec
SMNP: Telenet: SFTP: IPsec:
Realize how important SSH is
SSH or Secure Shell is used for secure network connections. Predecessor of Telnet. SSH runs on TCP 22.
Which of the following individuals uses code with little knowledge of how it works?
Script Kiddie
Bluejacking
Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices.
SSID (Service Set Identifier)
Service Set Identifier, the advertised name of a wireless network
Bluetooth
Short range, low bandwidth wireless technology often used for mobile phone headsets or earphones.
Flashing is a term that describes he updating of the BIOS
True
Full device encryption is one way of protecting a mobile device's data if the device is stolen.
True
In the case of theft, the two best ways to protect against the loss of confidential or sensitive information are encryption and a remote wipe program
True
Personal firewalls are applications that protect an individual computer from unwanted Internet traffic.
True
Port 88 is used by Kerberos.
True
Storage DLP systems are typically installed in data centers or server rooms as software that inspects data at rest.
True
When a group of compromised systems attack a single target, causing a DoS to occur at that host
True
ARP (Address Resolution Protocol)
Used to find the MAC (physical) address of a device with a known IP
What two locations can be a target for DNS poisoning?
local host table, external DNS server
Which type of attack below is similar to a passive man-in-the-middle attack?
replay attack
Know the types of attacks at the client level (session hijacking, smurf, ddos, malicious software)
session hijacking: smurf: ddos: malicious: software:
Wireless configurations
should be configured to encrypt data
Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer?
smurf attack
Why DNS is a Security Risk
-it is always-on and allows all communications to get through resulting in DNS traffic being whitelisted in the firewall rules by system administrators -DNS can become a channel for cyber attacks designed to spread malware, hold the institution ransom, steal data, or even cause service outages
Two types of Privilege Escalation
-when a lower privilege user accesses functions restricted to higher privilege users(sometimes called vertical privilege escalation) -user with restricted privilege accesses different restricted functions of a similar user(horizontal privilege escalation)
Review what transitive trust is
All domains trust all other domains
ARP poisoning
An attack that exploits Ethernet networks, and it may enable an attacker to sniff frames of information, modify that information, or stop it from getting to its intended destination.
Privilege Escalation
An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing.
SDLC (Systems Development Life Cycle)
An organized process of developing a secure application throughout the life of the project. Phases:Planning and analysis, software/systems design, implementation, testing, integration, deployment, maintenance Security principles associated with the SDLC: •Principle of least privilege •Principle of defense in depth •Applications should never trust user input •Minimize the attack surface area •Establish secure defaults •Provide for authenticity and integrity •Fail securely •Fix security issues correctly
Which of the following does the A in CIA stand for when it comes to IT security?
Availability
In information security, what are the three main goals? (Select the three best answers.)
Availability, Integrity, Confidentiality
Understand the benefits of full drive encryption and individual file encryption
BitLocker • Trusted platform module (TPM)
Know the difference between HIDS and NIDS
Both detect the intrusions HIDS: is set up on a particular host/device, monitors the traffic of a particular device NIDS: is set up on a network. It monitors traffic of all device of the network.
Domain Name System
Converts IP addresses into domains, the system by which Internet domain names and addresses are tracked and regulated.
Recognize the difference between a TPM and HSM and what platform they are on
A TPM or Trusted Platform Module is a hardware chip that deals with security key management while a HSM or Hardware Security Module is a device (usually installed into a firewall) that performs cryptographic functions.
Replay attack
A network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.
Where are MAC addresses stored for future reference?
ARP cache
What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks?
ARP poisoning
Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for?
Confidentiality of data
Which one of the following posses the greatest risk when it comes to removable storage?
Confidentiality of data
Review the difference between a DMZ, Extranet and Intranet.
DMZ: Extranet: Intranet:
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:
DNS
Bluejacking is the unauthorized access of information from a wireless device through a Bluetooth connection.
False
Botnets do not affect mobile devices.
False
Which of the following occurs when an IDS identifies legitimate activity as something malicious?
False positive
Bluesnarfing
Gaining unauthorized access to a Bluetooth device
Review the functions and benefits of GPS
Global Positioning System
To protect against malicious attacks, what should you think like?
Hacker
Understand the requirements to protecting a smartphone
Protect mobile devices and the data they contain by using screen locks, encryption, remote wipe utilities, and good BYOD policies.
Which of the following is not a denial-of-service attack?
Replay Attack
DNS (Domain Name System)
Resolves Internet names to IP addresses. Application layer protocol TCP/UDP port 53
DNS poisoning
The modification of name resolution information that should be in a DNS server's cache
Differences between a Virus, Worm and Malware
Virus: It's an unwanted, unsolicited, malicious program. Viruses are not transferred without the help of human or system intervention. Worm: a self replicating virus or malware which copies itself from one system to another without requiring human intervention and typically consumes as much disk space or system resources as possible prior to moving to the next victim Malware: Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. Malware is software designed to infiltrate a computer system and possibly damage it without the user's knowledge or consent.
Spoofing
When an attacker masquerades as another person by falsifying information.
Recall the steps associated with the deployment of patches
ch2
Review the different types of network attacks
ch2
Learn the different cloud configurations
ch5. look