Midterm Exam - CSI-4480 - Salehian W23
Which two statements are correct? 1
Confidentiality ensures that only authorized parties can view the information. Authentication ensures that the individual is who she claims to be and not an imposter.
Which two statements are correct? 2
Hacktivists are strongly motivated by ideology. Brokers sell their knowledge of a weakness to other attackers or a government.
Which of the following is a Windows command-line utility for seeing NetBIOS shares on a network?
Net view The net view command is a simple command-line utility that allows an attacker to view remote NetBIOS shares on a network.
what is netbios
NetBIOS (which stands for Network Basic Input/Output System) is a protocol used by Windows systems for communication over a local area network (LAN). NetBIOS provides a set of APIs for applications to send and receive data over the network, as well as a naming service for identifying network resources such as computers, printers, and file shares. NetBIOS runs over the Session Layer of the OSI model and typically uses ports 137, 138, and 139.
What is Information security!?
Protecting Confidentiality, integrity and availability of information in transmission, processing and storage through the application of policy, education, training and awareness and technology
Windows OSs are vulnerable to the Conficker worm because of which of the following?
RPC vulnerability Remote Procedure Call (RPC) is an interprocess communication mechanism that allows a program running on one host to run code on a remote host. Windows OSs are vulnerable as the Conficker worm takes advantage of a vulnerability in RPC to run arbitrary code on susceptible hosts.
A FIN packet sent to a closed port responds with which of the following packets?
RST When a port is closed in a FIN scan, it sends back an RST packet.
fping commands
fping 192.168.2.19 If you run the command "fping 192.168.2.19" in a terminal or command prompt, it will send ICMP echo request packets to the IP address 192.168.2.19 to check if it is reachable or not. fping www.yahoo.com This output indicates that the IP address associated with the hostname "www.yahoo.com" is reachable and responding to ICMP echo requests.
9. What command-line tool can be used to harvest DNS information?
dig The dig command-line tool can be used to harvest information.
The ISN is set at which step of the TCP three-way handshake?
1 and 2 Steps 1 and 2 of the TCP three-way handshake send an ISN.
What is subnetting?
Allows a network administrator to divide large networks into smaller segments (subnets) Subnetting concepts are important For performance and security purposes
To check permission for a file!?
ls -l
hping3 commands
sudo hping3 1 192.169.2.19 The "hping3 1 192.169.2.19" command sends one ICMP packet to a specified IP address and waits for an ICMP echo reply. It is used to test network connectivity and displays information such as round-trip time, packet loss, and TTL if the target host responds. sudo hping3 1 scanme.nmap.org The command "hping3 1 scanme.nmap.org" sends a single ICMP echo request packet to the IP address of scanme.nmap.org using the hping3 tool. It checks for a response and displays the round-trip time, packet loss, and TTL of the packet if the target host responds, allowing for testing of network connectivity to scanme.nmap.org. Sudo hping3 S scanme.nmap.org The command "hping3 S scanme.nmap.org" sends a SYN packet to the specified IP address of scanme.nmap.org using the hping3 tool. This is a TCP packet that is used to initiate a TCP connection, and it is commonly used in port scanning to check for open ports on a target host. By sending a SYN packet, hping3 is attempting to initiate a connection with scanme.nmap.org and receive a response, which can be used to determine if certain ports are open or closed on the target system.
t/f - Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, often referred to as the bottom-up approach. _______
true
How many hosts can a CIDR /24 network have?
254 Explanation: A CIDR prefix of /24 can have around 254 usable hosts, and it belongs to the 1 Class C equivalent.
How many hosts can a CIDR /27 network have?
30 Explanation: A CIDR prefix of /27 can have around 30 usable hosts, and it belongs to the 1 Class C equivalent.
The U.S. Department of Justice defines a hacker as which of the following?
A person who accesses a computer or network without the owner's permission The U.S. Department of Justice labels all illegal access to computer or network systems as "hacking."
Active vs Passive?
Active: Using the active reconnaissance method, you directly interact with the system. For example, you can execute an nmap command to collect information about the open ports. Active reconnaissance can include various methods such as IP or Port scanning, operating system scanning, footprinting of existing services in a system, zone transfer on an internal DNS server, spidering the public Webpages, fuzzing, and social engineering. Passive: Passive reconnaissance is a valuable information-gathering technique that does not involve direct interaction with the target system. It employs a range of methods, such as searching through the target's website, social network scraping, and browsing public forums and websites, to collect information. By searching the Whois database, passive reconnaissance can help identify the domain registrar, owner, and contact details of the target. Extracting DNS information is another passive reconnaissance method that can provide insight into the domain's servers and IP addresses. Additionally, passive reconnaissance can involve searching breach databases and DarkWeb to find information about the target, including exposed credentials or leaked sensitive data.
What is the first method a security tester should attempt to find a password for a computer on the network?
Ask the user.
What is security?
Being secure and free from danger Only this answer is complete. Fear has little to do with security; many are fearful even when secure. Security does not mean losses cannot occur, just that they are planned for and survivable. Confidentiality (secrets) is just one of the three key aspects of security.
What class is the IP address 172.16.0.1?
Class B Based on the starting decimal number of the first byte in this IP address, it is understood that it falls in the 128 to 191 range. This range corresponds to the Class B address class.
Which of the following can be used to create dynamic webpages?
ColdFusion, PHP, and ASP Dynamic webpages can be created with a variety of techniques, including CGI, ASP.NET, ASP, PHP, ColdFusion, and JavaScript.
Which of the following testing processes is the most intrusive?
Enumeration Enumeration is the most intrusive part of testing for security testers.
What is enumeration
Enumeration is the process of actively gathering information about a target network or system by querying various resources, services, or devices. The goal of enumeration is to gather as much information as possible about the target, such as available network services, open ports, user accounts, passwords, and other sensitive information, that can be used to further exploit or compromise the system.
nslookup
DNS Footprinting: techniques to gather DNS information about the attacker. This information includes" IP address, Computer names, DNS domain Names The purpose of NSLOOKUP is to query and retrieve information from Domain Name System (DNS) servers. It is a command-line tool that provides a way to diagnose and troubleshoot DNS-related issues by allowing users to query DNS servers to resolve a domain name to an IP address, retrieve information about DNS resource records, and verify the status of DNS configurations. NSLOOKUP can also be used to diagnose network connectivity issues, troubleshoot DNS server problems, and test the response time of DNS servers. Overall, NSLOOKUP is a valuable tool for network administrators and IT professionals who need to manage and troubleshoot DNS-related issues.
What is phishing attack_____
Deceiving people to reveal the sensitive information or to install a malware
dig commands
Dig google.com: The "dig www.google.com" command is used to perform DNS (Domain Name System) queries to obtain information about a specific domain name, in this case, www.google.com. The command sends a request to a DNS server to retrieve information such as the IP address associated with the domain name, the authoritative name servers for the domain, and other DNS-related information. This is commonly used for troubleshooting network issues, verifying DNS configuration, or conducting reconnaissance on a target domain.
What is the purpose of dig tool?
Dig is a network admin tool queries DNS to obtain the mapping between a domain name and IP address or other DNS records. It provides more details comparing with nslookup.
nbstat commands
Displays NetBIOS Names: The "nbtstat -n" command displays a list of NetBIOS names registered on the local system. This can be useful for verifying that NetBIOS name resolution is working correctly. Displays NetBIOS Statistics: The "nbtstat -s" command displays statistics about NetBIOS over TCP/IP connections, such as the number of datagrams sent and received, the number of sessions established, and the number of errors encountered. Displays NetBIOS Cache: The "nbtstat -c" command displays the contents of the NetBIOS name cache, which is used to speed up NetBIOS name resolution by storing recently resolved names. This can be useful for troubleshooting NetBIOS name resolution problems or identifying stale cache entries. Displays Remote NetBIOS Names: The "nbtstat -A" command displays the NetBIOS names registered on a remote system, along with their IP addresses. This can be useful for identifying the NetBIOS names used by other systems on the network. Displays NetBIOS Session Table: The "nbtstat -S" command displays the current NetBIOS session table, which lists the current sessions between the local system and other systems on the network. This can be useful for troubleshooting session-related issues or identifying active NetBIOS connections.
CGI is used in Microsoft ASP pages. True or false?
False Explanation: Microsoft uses ASP, which enabled developers to build dynamic, interactive webpages using scripting languages, such as JScript (Microsoft's version of JavaScript) or VBScript. It did not use CGI.
A NULL scan requires setting the FIN, ACK, and URG flags. True or false?
False Explanation: A NULL scan does not require setting the FIN, ACK, and URG flags. The FIN, PSH, and URG flags are set in an XMAS scan.
For a Windows computer to be able to access a *nix resource, CIFS must be enabled on at least one of the systems. True or false?
False. To access a *nix resource from a Windows computer, CIFS must be enabled on both systems.
What are scanning and Footprinting !?
Foot printing: Collecting information about an organization in a passive manner. Scanning: Using active reconnaissance methods, such as nmap scanning, to extract information about networks and systems.
Security testers conduct enumeration for which of the following reasons? (Choose all that apply.)
Gaining access to shares and network resources and obtaining user logon names and group memberships. Security testers conduct enumeration for gaining access to shares and network resources and obtaining user logon names and group memberships using many enumeration tools.
Why Cybersecurity is important!?
Goals of cybersecurity: Preventing data theft Thwarting identity theft Foiling cyberterrorism Avoiding legal consequences of not securing data Maintaining productivity Data theft examples: Stealing business information Stealing personal credit card number
What are Ethics and Law!?
Laws: rules that mandate or prohibit certain behavior and are enforced by the state. Ethics: regulate and define socially acceptable behavior. Laws carry the authority of a governing body; ethics do not.
You need to explain two reasons that hping3 is used in a network for)?
Network Packet Crafting: Hping3 allows users to craft and send custom packets to a target host. This can be useful for testing how a network or system responds to different types of traffic or for checking the security of a network by simulating different types of attacks. Network Scanning: Hping3 can be used for network scanning, which involves sending probes to hosts to discover information about them, such as open ports, operating system versions, and services running on them. This can be useful for network administrators to identify potential security vulnerabilities or to verify network configurations.
Scanning techniques:
Network Scanning: -Techniques to gather information regarding the devices within a network -Involves discovering all hosts on a network and list their IP addresses -The process of detecting OS Port Scanning: -Method of finding which services are offered by a host computer -Identifies vulnerabilities Vulnerability Scanning: -An automated vulnerability testing tool to detect and identify a system's weakness within a network -Define if the weakness can be exploited or threatened.
What is the challenges of securing information!?
No single simple solution exists to thwart all attacks Different types of attacks that computers face Difficulties in defending against these attacks
nslookup commands
Nslookup Scanme.Nmap.org: The "Nslookup scanme.nmap.org" command is used to query a DNS server to obtain information about a specific domain name, in this case, scanme.nmap.org. The command sends a request to the DNS server to look up the IP address associated with the domain name and returns the result, which can be used to determine the current IP address of the target system. This is commonly used for troubleshooting network issues, verifying DNS configuration, or conducting reconnaissance on a target domain. Nslookup www.google.com: The "Nslookup www.google.com" command is used to query a DNS server to obtain information about the IP address associated with the domain name "www.google.com". The command sends a request to the DNS server to look up the IP address and returns the result, which can be used to determine the current IP address of the Google website. This is commonly used for troubleshooting network issues, verifying DNS configuration, or conducting reconnaissance on a target domain.
What are other Security Best Practices?
Other practices include the following: Minimize the number of administrative users. Implement software preventing data from leaving. Use network segmentation. Restrict the number of applications allowed to execute on a computer connected to the network. Delete unused scripts and sample applications Delete default hidden shares. Use unique naming scheme and passwords. Ensure password length/complexity are sufficient. Be careful of default permissions. Use appropriate packet-filtering techniques. Use open-source or commercial tools to assess system security. Use a file-integrity checker. Disable the Guest account. Disable the local Administrator account. Disable accounts of users no longer with the company Make sure there are no accounts with blank passwords. Use Windows group policies to enforce security configurations on large networks efficiently and consistently Develop a comprehensive security awareness program Keep up with emerging threats
What is Policy!?
Policies are managerial directives that specify acceptable and unacceptable employee behavior in the workplace. Policies function as organizational laws and must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone. Difference between policy and law: Ignorance of a policy is an acceptable defense ignorance of law is not.
Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services?
Port scanning Port scanning is a method of finding out which services a host computer offers. Port scanning tools can be used to identify vulnerabilities associated with these services.
What is privacy!?
Privacy has become one of the hottest topics in information security. It is the right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality. The number of statutes addressing an individual's right to privacy has grown dramatically.
To determine a company's primary DNS server, you can look for a DNS server containing which of the following?
S O A record To determine a company's primary DNS server, you can look for a DNS server containing a Start of Authority (S O A) record.
o determine a company's primary DNS server, you can look for a DNS server containing which of the following?
SOA record
Entering the value ' OR 1 [equal sign] 1 in a web application that has an "Enter Your PIN" field is most likely an example of which attack?
SQL injection
What does scanning do!?
Scanning is the techniques and procedures to identify hosts, ports, and various services in a network.
How can we do OS detection using nmap!?
So we use nmap because it's a tool that can help you figure out what operating system a computer is using. Therefore to be able to use Nmap for OS detection, we have to make sure that we enter a command in the terminal or command prompt that includes the IP address of the computer you want to scan. Then the nmap will scan the computer and provide information about its open ports, running services, and more. Once the scan is complete, the goal of nmap will tell you what operating system it thinks the computer is running.
What are two major facets in web server security?
Two major facets: authentication and encryption Authentication: proving who you are Not the same as authorization Authorization is granting access to a resource/object Authorization assumes authentication has occurred Common methods: Password/PIN. Smart card/key. Biometrics.
Which two statements are correct? 4
Some attacks can vary their behavior so that the same attack appears differently. The single difficulty that accounts for the greatest difficulty in preventing attacks is user confusion.
What is Web Server!? What is Application Server!?
Static webpages are created using HTML and display the same information to all users regardless of who accesses the page or the time of day. In contrast Dynamic webpages can display varying information depending on user input or information from a back-end server, requiring special components such as <form> element, AJAX, CGI, ASP.NET, JSP, PHP, CF, JS, and database connector strings. These tools are used to create dynamic webpages that can provide users with personalized content and improve the user experience.
How TCP and UDP are different!?
TCP is designed to be a connection-oriented protocol where the sender waits for the receiver to confirm that it's ready to receive data. This confirmation is obtained through a process called the TCP three-way handshake. In this process, the sender (Computer A) sends a SYN (synchronize) packet to the receiver (Computer B). Computer B then responds with a SYN-ACK packet set, indicating that it's ready to receive data. Finally, Computer A acknowledges the receipt of the SYN-ACK packet by sending an ACK (acknowledgement) packet, and the connection is established. UDP is a fast but unreliable delivery protocol that operates on the Transport layer of the OSI model. It's commonly used for its speed and efficiency in transferring data. Unlike TCP, UDP does not verify whether the receiver is listening or ready to accept packets. Instead, it depends on higher layers of the TCP/IP stack to handle any problems that arise during data transfer. UDP is referred to as a connectionless protocol because it
_____ is one of the components most vulnerable to network attacks.
TCP/IP WINS DHCP DNS DNS
Discuss the measures that you can take for protecting systems on any network.
The measures for protecting systems on any network include having user awareness training programs, running antivirus tools, disabling unneeded services, filtering out unnecessary ports, installing security updates and patches, securing configurations, application whitelisting, and reviewing logs.
nbtscan -v -s : your IP address/24
The nbtscan command is a network scanner tool used to perform NetBIOS name and IP address scanning on a network. It retrieves the NetBIOS names and IP addresses of the systems that respond to the NetBIOS Name Service (NBNS) queries sent to UDP port 137. It can also provide additional information about the target systems, such as NetBIOS group name, MAC address, and NetBIOS domain name.
netstat
The network statistics (netstat), is a tool used for Network troubleshooting and configuration On either Windows or Kali Linux open cmd, then open a website in your browser. Now, try the following commands: sudo netstat -h (help) sudo netstat -t (List only TCP port connections) sudo Netstat -au (List only UDP port connections) sudo netstat -ap | grep http (Finding the number of listening programs on a port) sudo netstat -s (To pull and view network statistics sorted by protocol use the following)
Why defending against attacks is difficult!?
Universally connected devices Increased speed of attacks Greater sophistication of attacks Availability and simplicity of attack tools Faster detection of weaknesses Delays in security updating Weak security updates distribution Distributed attacks User confusion
Which two statements are correct? 3
Using layers can be a discouragement to the attackers to convince them to give up and find an easier target. Updating defenses typically involves applying the latest updates sent from vendors to protect software and hardware.
What is Vulnerability and how we can find out about Vulnerability!?
Vulnerability: Weakness in design, implementation and configuration that can be exploited to gain an unauthorized access to a computer system. Human error Having insecure network
What is the drawbacks for classful addressing!?
Wasteful use of IP addresses: In classful addressing, IP addresses were assigned in fixed blocks (classes) of different sizes, regardless of the actual number of hosts needed. This led to the wasteful use of IP addresses, as many IP addresses in each block were left unused. Limited flexibility: Classful addressing provided limited flexibility in allocating IP addresses, as the size of each block (class) was fixed. This made it difficult to allocate IP addresses efficiently to networks of different sizes. Difficulty in routing: Classful addressing created problems in routing IP packets between networks of different sizes, as the default subnet masks assigned to each class did not always match the actual network size. This required complex routing protocols and tables to ensure that packets were delivered to the correct destination. Inefficient use of routing table: In classful addressing, routers needed to store separate entries in their routing tables for each class of IP address. This resulted in a large and inefficient use of routing table space, which made it difficult to scale the Internet as it grew. Address exhaustion: The wasteful use of IP addresses in classful addressing contributed to the exhaustion of available IP address space in the early days of the Internet, which led to the development of classless addressing and the adoption of CIDR (Classless Inter-Domain Routing).
What are two major areas in web server security?
Web Server Security encompasses two major areas: -The security of the data on the web server -The security of the services provided by the web server
Which of the following enables you to view all host computers on a network? 1
Zone transfers Zone transfers enable an individual to view all host computers on a network. It basically gives an organization's network diagram.
Port scanning provides the state for all but which of the following ports?
a. Closed b. Open c. Filtered d. Buffered Buffered
Which of the following is a fast and easy way to gather information about a company? (Choose all that apply.)
a. Conduct port scanning. b. Perform a zone transfer of the company's DNS server. c. View the company's website. d. Look for company ads in publications. View the company's website. and Look for company ads in publications.
What is the best method of preventing NetBIOS attacks?
a. Filtering certain ports at the firewall b. Telling users to create difficult-to-guess passwords c. Pausing the Workstation service d. Stopping the Workstation service Filtering certain ports at the firewall
Most NetBIOS enumeration tools connect to the target system by using which of the following?
a. ICMP packets b. Default logons and blank passwords c. Null sessions d. Admin accounts Null Sessions
To bypass some ICMP-filtering devices on a network, an attacker might send which type of packets to scan the network for vulnerable services? (Choose all that apply.)
a. PING packets b. SYN packets c. ACK packets d. Echo Request packets SYN and ACK packets
Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer?
a. Tracert b. Traceroute c. Hping3 d. Nmapping hping3
Which of the following is a fast and easy way to gather information about a company? (Choose all that apply.)
c. View the company's website. d. Look for company ads in publications.
Using nbtstat find out what this command is doing!?
nbtstat is a command-line tool used to diagnose and troubleshoot NetBIOS name resolution problems in Windows networks. Overall, nbtstat is a useful tool for diagnosing and troubleshooting NetBIOS-related issues in Windows networks. It can provide valuable information about NetBIOS names, sessions, and cache entries, and help identify problems with NetBIOS name resolution or network connectivity.
On a Windows computer, what command can you enter to show all open ports being used?
netstat. To view all open ports being used on your computer, open the Command Prompt window, type netstat, and press Enter.
What is the most widely used port-scanning tool?
nmap Nmap is currently the standard port-scanning tool for security professionals. Regardless of the other port-scanning tools available, any security tester with a modicum of experience has worked with Nmap. It is one of the most popular port scanners and adds new features constantly.
Business policies function as _____ laws and must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone.
organizational Explanation. Business polices are not directly aligned with criminal or civil laws although they must be aligned with them. Policies are the rules inside the business.
An ethical hacker is also known as a/an _____.
penetration tester Explain: An ethical hacker is also called a "security tester" or a "penetration tester."