Bootcamp

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Network Segmentation

"Network segmentation" refers to the physical and logical separation of IT assets and resources - such as data, applications, servers and users. Isolating a network into segments reduces the size of the attack surface by limiting the IT assets that are accessible from each segment. The resources connected to a segment, regardless of their nature - physical, virtual, or human - wholesale NBA jerseys are prevented from interacting with (or even being "seen" by) resources on other network segments. At its most fundamental level, network segmentation creates and maintains logically grouped subsets of resources that are isolated from all other, implicitly untrusted, groups - even when those other groups are part of the same business organization. Emerging information about recent security breaches illustrates the critical role network segmentation has in protecting any organization's IT assets. Network segmentation allows you to isolate and apply segment-specific policies to, for example, your Cardholder Data Environment (CDE). It enables organizations to apply more granular controls (in this example, PCI DSS-based policies) to limit potential exposure and reduce risk. The ultimate goal of network segmentation is to protect your most sensitive data from unauthorized access wholesale mlb jerseys or disclosure.

17.) A security specialist has implemented antivirus software and whitelisting controls to prevent malware and unauthorized application installation on the company systems. The combination of these two technologies is an example of which of the following?

*A. Defense in depth B. Vulnerability scanning C. Application hardening D. Anti-malware

Encryption Methods Ranked lowest to highest level of protection?

1. None - open network 2. WEP 3.WPA + TKIP 4. WPA + TKIP/AES (TKIP is there as a fallback method) 5. WPA + AES 6. WPA2 + AES

802.11n Network

802.11n is a specification for wireless LAN (WLAN) communications. 802.11n, an addition to the 802.11 family of standards, will increase wireless local area network(WLAN) speed, improve reliability and extend the range of wireless transmissions. 802.11n uses multiple input / multiple output (MIMO) technology and a wider radio frequency channel. It also provides a mechanism called frame aggregation to decrease time between transmissions. Current WLAN technologies require that the sending station request the channel, send one packet, release the channel, and then request again in order to send the next packet. With frame aggregation, once a station requests the channel and has the authority to transmit, it can transmit a series of frames without having to release the channel and regain authority for each frame. With 802.11n, raw data throughput is expected to reach as much as 600 Mbps -- that's more than 10 times the throughput of 802.11g.

CRL (Certificate Revocation List)

A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted. CRLs are a type of blacklist and are used by various endpoints, including Web browsers, to verify whether a certificate is valid and trustworthy. Digital certificates are used in the encryption process to secure communications, most often by using the TLS/SSL protocol. The certificate, which is signed by the issuing Certificate Authority, also provides proof of the identity of the certificate owner. When a Web browser makes a connection to a site using TLS, the Web server's digital certificate is checked for anomalies or problems; part of this process involves checking that the certificate is not listed in a Certificate Revocation List. These checks are crucial steps in any certificate-based transaction because they allow a user to verify the identity of the owner of the site and discover whether the Certificate Authority still considers the digital certificate trustworthy. The X.509 standard defines the format and semantics of a CRL for a public key infrastructure. Each entry in a Certificate Revocation List includes the serial number of the revoked certificate and the revocation date. The CRL file is signed by the Certificate Authority to prevent tampering. Optional information includes a time limit if the revocation applies for only a period of time and a reason for the revocation. CRLs contain certificates that have either been irreversibly revoked (revoked) or that have been marked as temporarily invalid (hold). Digital certificates are revoked for many reasons. If a CA discovers that it has improperly issued a certificate, for example, it may revoke the original certificate and reissue a new one. Or if a certificate is discovered to be counterfeit, the CA will revoke it and add it to the CRL. The most common reason for revocation occurs when a certificate's private key has been compromised. Other reasons for revoking a certificate include the compromise of the issuing CA, the owner of the certificate no longer owning the domain for which it was issued, the owner of the certificate ceasing operations entirely or the original certificate being replaced with a different certificate from a different issuer. The problem with Certificate Revocation Lists, as with all blacklists, is that they are difficult to maintain and are an inefficient method of distributing critical information in real time. When a certificate authority receives a CRL request from a browser, it returns a complete list of all the revoked certificates that the CA manages. The browser must then parse the list to determine if the certificate of the requested site has been revoked. Although the CRL may be updated as often as hourly, this time gap could allow a revoked certificate to be accepted, particularly because CRLs are cached to avoid incurring the overhead involved with repeatedly downloading them. Also, if the CRL is unavailable, then any operations depending upon certificate acceptance will be prevented and that may create a denial of service.

Xmas Attack

A Christmas tree attack sends a large number of Christmas tree packets to an end device. A Christmas tree packet has all the options set so that any protocol can be used. The name is derived from the idea that all the settings are turned to "on" within the packet so it is lit up like a Christmas tree. Christmas tree packets require much more processing by routers and end devices than other packets. Large numbers of these packets can use up so much processing power that it ties up these devices effectively making any other task nearly impossible thus denying service to legitimate traffic. Receiving these types of packets is not usual and therefore should be regarded as suspicious. Intrusion detection systems can detect these packets as do some firewalls.

QA Environment

A QA environment is where you test your upgrade procedure against data, hardware, and software that closely simulate the Production environment and where you allow intended users to test the resulting Waveset application.

Smurf Attack

A Smurf attack is a form of a distributed denial of service (DDoS) attack that renders computer networks inoperable. The Smurf program accomplishes this by exploiting vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP). The steps in a Smurf attack are as follows: •First, the malware creates a network packet attached to a false IP address — a technique known as "spoofing." •Inside the packet is an ICMP ping message, asking network nodes that receive the packet to send back a reply •These replies, or "echoes," are then sent back to network IP addresses again, setting up an infinite loop.

Loop Protection

A Switching loop or bridge loop occurs in computer networks when there is more than one Layer 2 (OSI model) path between two endpoints (e.g. multiple connections between two network switches or two ports on the same switch connected to each other). Looping can be taken advantage of by attackers to initiate DoS attacks because of its repetitive nature. When transmissions loop, they needlessly consume bandwidth and disrupt network services. Loop protection consists of enabling STP (spanning tree protocol) on the network switches. Protection on the Layer 2.

Testing Environment

A Test environment is where you test your upgrade procedure against controlled data and perform controlled testing of the resulting Waveset application.

What are Hashed Passwords?

A branch of cryptography; random data looking strings of characters into which the passwords have been mathematically algorithms hashed/transformed to prevent them from being misused; one-way function; difficult to reverse; not designed to be decrypted; no private key. Simple hashing is SHA1 easy to crack. More secure hashing is bycrypt (you have time to change all your passwords).

DOS Attack

A denial-of-service attack is a security event that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources. Denial-of-service (DoS) attacks typically flood servers, systems or networks with traffic in order to overwhelm the victim resources and make it difficult or impossible for legitimate users to use them. While an attack that crashes a server can often be dealt with successfully by simply rebooting the system, flooding attacks can be more difficult to recover from.

Firewall

A firewall is a network security system, either hardware- or software-based, that uses rules to control incoming and outgoing network traffic. A firewall acts as a barrier between a trusted network and and an untrusted network. A firewall controls access to the resources of a network through a positive control model. This means that the only traffic allowed onto the network is defined in the firewall policy; all other traffic is denied.

HSM (Hardware Security Module)

A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module (HSM) is a dedicated crypto processor that is specifically designed for the protection of the crypto key lifecycle. Hardware security modules act as trust anchors that protect the cryptographic infrastructure of some of the most security-conscious organizations in the world by securely managing, processing, and storing cryptographic keys inside a hardened, tamper-resistant device.

Penetration Tester

A penetration test, or sometimes pentest, is a software attack on a computer system that looks for security weaknesses, potentially gaining access to the computer's features and data. The process typically identifies the target systems and a particular goal—then reviews available information and undertakes various means to attain the goal.

Private Key

A private key is a tiny bit of code that is paired with a public key to set off algorithms for text encryption and decryption. It is created as part of public key cryptography during asymmetric-key encryption and used to decrypt and transform a message to a readable format. Public and private keys are paired for secure communication, such as email. A private key is also known as a secret key.

Replay Attack

A replay attack is an attack where an authentication session is replayed by an attacker to fool a computer into granting access. It may be any form or retransmission of a network data transmission but is usually used to gain authentication in a fraudulent manner. A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.

Hardening

A series of actions to be taken in order to make it hard for an attacker to successfully attack computers in a network environment. Hardening refers to providing various means of protection in a computer system. Protection is provided in various layers and is often referred to as defense in depth. Protecting in layers means to protect at the host level, the application level, the operating system level, the user level, the physical level and all the sublevels in between. Each level requires a unique method of security. A hardened computer system is a more secure computer system. Hardening is also known as system hardening. Hardening's goal is to eliminate as many risks and threats to a computer system as necessary. Hardening activities for a computer system can include: •Keeping security patches and hot fixes updated •Monitoring security bulletins that are applicable to a system's operating system and applications •Installing a firewall •Closing certain ports such as server ports •Not allowing file sharing among programs •Installing virus and spyware protection, including an anti-adware tool so that malicious software cannot gain access to the computer on which it is installed •Keeping a backup, such as a hard drive, of the computer system •Disabling cookies •Creating strong passwords •Never opening emails or attachments from unknown senders •Removing unnecessary programs and user accounts from the computer •Using encryption where possible •Hardening security policies, such as local policies relating to how often a password should be changed and how long and in what format a password must be in

SAML 2.0 (Security Assertion Markup Language 2.0)

A version of the SAML standard for exchanging authentication and authorization data between security domains. The Security Assertion Markup Language (SAML) version 2.0 is a standard for the communication of assertions about principals, typically users. The assertion can include the means by which a subject was authenticated, attributes associated with the subject, and an authorization decision for a given resource.

VPN (Virtual Private Network)

A virtual private network (VPN) is a technology that creates an encrypted connection over a less secure network. The benefit of using a secure VPN is it ensures the appropriate level of security to the connected systems when the underlying network infrastructure alone cannot provide it. The justification for using VPN access instead of a private network usually boils down to cost and feasibility: It is either not feasible to have a private network -- e.g., for a traveling sales rep -- or it is too costly to do so. The most common types of VPNs are remote-access VPNs and site-to-site VPNs. A remote-access VPN uses a public telecommunication infrastructure like the internet to provide remote users secure access to their organization's network. This is especially important when employees are using a public Wi-Fi hotspot or other avenues to use the internet and connect into their corporate network. A VPN client on the remote user's computer or mobile device connects to a VPN gateway on the organization's network. The gateway typically requires the device to authenticate its identity. Then, it creates a network link back to the device that allows it to reach internal network resources -- e.g., file servers, printers and intranets -- as though it was on that network locally. A remote-access VPN usually relies on either IPsec or Secure Sockets Layer (SSL) to secure the connection, although SSL VPNs are often focused on supplying secure access to a single application, rather than to the entire internal network. Some VPNs provide Layer 2 access to the target network; these require a tunneling protocol like PPTP or L2TP running across the base IPsec connection. Parsing VPN gateways. A site-to-site VPN uses a gateway device to connect the entire network in one location to the network in another -- usually a small branch connecting to a data center. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common to use carrier MPLS clouds, rather than the public internet, as the transport for site-to-site VPNs. Here, too, it is possible to have either Layer 3 connectivity (MPLS IP VPN) or Layer 2 (Virtual Private LAN Service, or VPLS) running across the base transport. VPNs can also be defined between specific computers, typically servers in separate data centers, when security requirements for their exchanges exceed what the enterprise network can deliver. Increasingly, enterprises also use VPN connections in either remote-access mode or site-to-site mode to connect -- or connect to -- resources in a public infrastructure-as-a-service environment. Newer hybrid-access scenarios put the VPN gateway itself in the cloud, with a secure link from the cloud service provider into the internal network.

Vulnerability Assessment

A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems.

14.) You want to create several different environments for application development, testing, and quality control. Controls are being put into place to manage how software is moved into the production environment. Which of the following should the software development manager request to be put into place to implement the three new environments?

A. Application firewalls *B. Network segmentation C. Trusted computing D. NAT

8.) Joe just installed a new (ECS) environmental control system for a room that is critical to the company's operation and needs the ability to manage and monitor the system from any part of the network. Which of the following should the security administrator utilize to minimize the attack surface and still allow the needed access?

A. Create an encrypted connection between the ECS and the engineer's computer *B. Configure the ECS host-based firewall to block non-ECS application traffic C. Implement an ACL that permits the necessary management and monitoring traffic D. Install a firewall that only allows traffic to the ECS from a single management and monitoring network

9.) Numerous users within an organization are unable to log into the web based financial application. The network team places a sniffer on the segment where the application resides and sees the following log entries. Time 05:31:14.312254 10.10.10.25.3389 192.168.2.100.80: SYN 05:31:14:312255 10.10.10.25.3389 192.168.2.100.80: SYN 05:31:14:312256 10.10.10.25.3389 192.168.2.100.80:SYN Which of the following is MOST likely occurring?

A. DOS attack B. Ping flood attack C. Smurf attack *D. Replay attack E. Xmas attack

11.) Which of the following should you implement if you want to preserve your internal authentication and authorization process and credentials if you are going to a cloud service provider?

A. Dual factor authentication B. Federation *C. Single sign on D. TOTP

16.) What technology would you use to ensure that the systems that your organization is using is going to deployed as securely as possible and prevent files and services from operation outside of a strict rule set?

A. Host based intrusion detection *B. Host based firewall C. Trusted OS D. Antivirus

2.) A network has been impacted by downtime resulting from unauthorized devices connecting directly to the wired network. The network administrator has been tasked to research and evaluate technical controls that would effectively mitigate risks associated with such devices. Which of the following capabilities would be MOST suitable for implementation in this scenario?

A. Host hardening B. NIDS C. HIDS D. Loop protection E. Port Security*

7.) An application service provider has notified customers of a breach resulting from improper configuration changes. In the incident, a server intended for internal access only was made accessible to external parties. Which of the following configurations were likely to have been improperly modified resulting in the breach?

A. IDS B. CRL C. VPN D. NAT*

13.) During a recent vulnerability assessment, the pen testers were able to successfully crack a large number of employee passwords. The company technology use agreement clearly states that passwords used on the company network must be at least eight characters long and contain at least one uppercase letter and special character. What can they do to standardize and enforce these rules across the entire organization to resolve this issue?

A. LDAP *B. Group Policy C. User policy D. Kerberos

4.) Forensics analyst is asked to identify identical files on a hard drive. Due to the large number of files to be compared, the analyst must use an algorithm that is known to have the lowest collision rate. Which of the following should be selected?

A. MD4 B. MD5 C. SHA-128* D. AES-256

10.) You want to communicate securely with a third party via email using PGP. Which of the following should you send to the third party to enable the third party to securely encrypt email replies?

A. Private key B. Key escrow *C. Public key D. Recovery key

12.) A university police department is housed on the first floor of a student dormitory. Which of the following would prevent students from using ARP spoofing attacks against computers at the police department?

A. Private network addresses B. Disable SSID broadcast *C. Separate Layer 2 vlans D. Enable proxy arp on router

1.) Which of the following is the FASTEST method to disclose one way hashed passwords?

A. Rainbow tables* B. Private key disclosure C. Dictionary attack D. Brute Force

18. What can be implemented to address the findings that revealed a company is lacking deterrent security controls?

A. Rogue machine detection B. Continuous security monitoring *C. Security cameras D. IDS

15.) A research user needs to transfer multiple terabytes of data across a network. The data is not confidential, so for performance reasons, does not need to be encrypted. However, the authentication process must be confidential. Which of the following is the BEST solution to satisfy these requirements?

A. Secured LDAP *B. Kerberized FTP C. SCP D. SAML 2.0

6.) Which of the following is the MOST influential concern that contributes to an organization's ability to extend enterprise policies to mobile devices?

A. Support of mobile OS* B. Availability of mobile browsers C. Support of mobile apps D. Public key management

3.) A company is providing mobile devices to all employees. The system administrator has been tasked with providing input for the company's mobile device policy. Which of the following are valid security concepts that the system administrator should include when offering feedback to management? (Select Two)

A. Transitive trust B. Asset tracking* C. Remote wiping* D. HSM E. Key management

5.) John wants to secure an 802.11n network. Which of the following encryption methods would provide the highest level of protection?

A. WPA B. WEP C. WPA2 with AES* D. WPA2 with TKIP

ACL (Access Control List)

An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable file, or program).

Algorithm

An algorithm is a well-defined procedure that allows a computer to solve a problem. Another way to describe an algorithm is a sequence of unambiguous instructions.

Application Firewalls

An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer. Conventional firewalls merely control the flow of data to and from the central processing unit (CPU), examining each packet and determining whether or not to forward it toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data by specific applications. For best performance, a conventional firewall must be configured by the user. The user must know which ports unwanted data is likely to enter or leave through. An application firewall prevents the execution of programs or DLL (dynamic link library) files which have been tampered with. Thus, even though an intruder might get past a conventional firewall and gain entry to a computer, server, or network, destructive activity can be forestalled because the application firewall does not allow any suspected malicious code to execute.

User Policy

An end user policy is a set of directives that describes what actions employees must take -- or avoid -- in order to protect corporate assets. An end user policy can be an informal set of guidelines handed out to employees or hung in a public place or it can be a more formal signed contract, whose violation is terms for dismissal.

IDS (Intrusion Detection System)

An intrusion detection system (IDS) monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network. IDS come in a variety of "flavors" and approach the goal of detecting suspicious traffic in different ways. Advertisement There are network based (NIDS) and host based (HIDS) intrusion detection systems. There are IDS that detect based on looking for specific signatures of known threats- similar to the way antivirus software typically detects and protects against malware- and there are IDS that detect based on comparing traffic patterns against a baseline and looking for anomalies. There are IDS that simply monitor and alert and there are IDS that perform an action or actions in response to a detected threat. We'll cover each of these briefly.

Anti-Malware

Antimalware (anti-malware) is a type of software program designed to prevent, detect and remediate malicious programming on individual computing devices and IT systems. Antimalware software protects against infections caused by many types of malware, including viruses, worms, Trojan horses, rootkits, spyware, keyloggers, ransomware and adware. Antimalware software can be installed on an individual computing device, gateway server or dedicated network appliance. It can also be purchased as a cloud service or be embedded in a computing device's firmware. The terms antivirus software and antimalware software are often used as synonyms. Some antimalware vendors, however, like to differentiate the two terms in order to promote the capabilities of their own products and downplay the capabilities of products that carry the more traditional label, antivirus.

Antivirus

Antivirus (or anti-virus) software is used to safeguard a computer from malware, including viruses, computer worms, and Trojan horses. Antivirus software may also remove or prevent spyware and adware, along with other forms of malicious programs. Free antivirus software generally only searches your computer using signature-based detection which involves looking for patterns of data that are known to be related to already-identified malware. Paid antivirus software will usually also include heuristics to catch new, or zero-day threats, by either using genetic signatures to identify new variants of existing virus code or by running the file in a virtual environment (also called a sandbox), and watching what it does to see if it has malicious intent.

Host

Anything with an IP address (Servers, Clients, Routers, Firewalls)

Whitelisting

Application whitelisting is the practice of specifying an index of approved software applications that are permitted to be present and active on a computer system. The goal of whitelisting is to protect computers and networks from potentially harmful applications. In general, a whitelist is an index of approved entities. In infosec, whitelisting works best in centrally managed environments, where systems are subject to a consistent workload. The National Institute of Standards and Technology suggests using application whitelisting in high-risk environments, where it is vitally important that individual systems be secure and less important that software be useable without restrictions. To provide more flexibility, a whitelist may also index approved application components, such as software libraries, plug-ins, extensions and configuration files.

Asset Tracking

Asset tracking refers to the method of tracking physical assets, either by scanning barcode labels attached to the assets or by using tags using GPS or RFID which broadcast their location. Mobile asset management is managing availability and serviceability of assets used to move, store, secure, protect and control inventory within the enterprise and along the supply chain or in conjunction with service providing.

What is Brute Force Attack?

Brute force password attacks are a last resort to cracking a password as they are the least efficient. In the most simple terms, brute force means to systematically try all the combinations for a password. This method is quite efficient for short passwords, but would start to become infeasible to try, even on modern hardware, with a password of 7 characters or larger. Assuming only alphabetical characters, all in capitals or all in lower-case, it would take 267 (8,031,810,176) guesses. This also assumes that the cracker knows the length of the password. Other factors include number, case-sensitivity, and other symbols on the keyboard. The complexity of the password depends upon the creativity of the user and the complexity of the program that is using the password. The upside to the brute force attack is that it will ALWAYS find the password, no matter it's complexity. The downside is whether or not you will still be alive when it finally guesses it.

Defense in Depth

Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise. The strategy is based on the military principle that it is more difficult for an enemy to defeat a complex and multi-layered defense system than to penetrate a single barrier. Defense in depth minimizes the probability that the efforts of malicious hackers will succeed. A well-designed strategy of this kind can also help system administrators and security personnel identify people who attempt to compromise a computer, server, proprietary network or ISP (Internet service provider). If a hacker gains access to a system, defense in depth minimizes the adverse impact and gives administrators and engineers time to deploy new or updated countermeasures to prevent recurrence. Components of defense in depth include antivirus software, firewalls, anti-spyware programs, hierarchical passwords, intrusion detection and biometric verification. In addition to electronic countermeasures, physical protection of business sites along with comprehensive and ongoing personnel training enhances the security of vital data against compromise, theft or destruction.

Development Environment

Development - you worry about people who will use the product. On the other hand, "Dev" means "Development", its the environment which the developers work on. On the other hand, "Dev" means "Development", its the environment which the developers work on.

Group Policy

Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. Group Policy is a hierarchical infrastructure that allows a network administrator in charge of Microsoft's Active Directory to implement specific configurations for users and computers. Group Policy can also be used to define user, security and networking policies at the machine level. Group Policy allows administrators to define options for what users can do on a network - including what files, folders and applications they can access. The collections of user and computer settings are referred to as Group Policy Objects (GPOs), which are administered from a central interface called the Group Policy Management Console. Group Policy can also be managed with command-line tools such as gpresult and gpupdate. In Windows Server 2008, setting extensions known as Group Policy preferences were added to provide administrators with better targeting and flexibility.

MD4

Hashing. MD4 is an earlier version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specific individual.

MD5 (Message Digest)

Hashing. MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specific individual. The MD5 algorithm is an extension of MD4, which the critical review found to be fast, but possibly not absolutely secure. In comparison, MD5 is not quite as fast as the MD4 algorithm, but offers much more assurance of data security.

SHA-128 (Secure Hash Algorithm)

Hashing. SHA isn't encryption, it's a one-way hash function. You use SHA functions to take a large document and compute a "digest" (also called "hash") of the input. It's important to realize that this is a one-way process. You can't take a digest and recover the original document. SHA is used to generate a hash of data

What are Rainbow Tables?

Immense lots of pre-computed hashes for every possible password. Rainbow tables are a type of precomputed password attack. The previous two attacks, Dictionary and Brute-Force, enter a password into the locked program, the program then hashes the entry and compares the hash to the correct password hash. Rainbow tables compute hashes for each word in a dictionary, store all of the hashes into a hash table, retrieve the hash of the password to be cracked, and do a comparison between each password hash and the real password hash. This method assumes that you can retrieve the hash of the password to be guessed and that the hashing algorithm is the same between the rainbow table and the password. As the majority of common, low-security hashes are computed using MD5, sometimes SHA-1, this problem isn't very worrisome. Rainbow tables have only become an efficient technique recently, as the hard drive space needed to store the hashes was slightly combersome until memory became cheaper.

HIDS (Host Intrusion Detection System)

In HIDS, anti-threat applications such as firewalls, antivirus software and spyware-detection programs are installed on every network computer that has two-way access to the outside environment such as the Internet. takes place on a single host system. Currently, HIDS involves installing an agent on the local host that monitors and reports on the system configuration and application activity. Some common abilities of HIDS systems include log analysis, event correlation, integrity checking, policy enforcement, rootkit detection, and alerting1. They often also have the ability to baseline a host system to detect variations in system configuration. A host-based intrusion detection system (HIDS) is a system that monitors a computer system on which it is installed to detect an intrusion and/or misuse, and responds by logging the activity and notifying the designated authority. A HIDS can be thought of as an agent that monitors and analyzes whether anything or anyone, whether internal or external, has circumvented the system's security policy. A HIDS analyzes the traffic to and from the specific computer on which the intrusion detection software is installed. A host-based system also has the ability to monitor key system files and any attempt to overwrite these files.

NIDS (Network Intrusion Detection System)

In NIDS, anti-threat software is installed only at specific points such as servers that interface between the outside environment and the network segment to be protected. attempts to detect hacking activities, denial of service attacks or port scans on a computer network or a computer itself. The NIDS monitors network traffic and helps to detect these malicious activities by identifying suspicious patterns in the incoming packets. The NIDS can monitor incoming, outgoing, and local traffic. Inspecting outgoing or local traffic can yield valuable insight into malicious activities, just as inspecting incoming traffic can. Some attacks can originate and stay with the local network or be staged inside the network with an outside-the-network target. The NIDS also works with other systems, like a firewall, to help better protect against known attack sources (e.g. a suspected attacker IP address). A NIDS is often a standalone hardware appliance that includes network detection capabilities. It will usually consist of hardware sensors located at various points along the network. It may also consist of software that is installed on various computers connected along the network. The NIDS analyzes data packets both inbound and outbound and offer real-time detection.

Rogue Machine Detection

In general, a rogue is someone who strays from the accepted path, is mischievous, or is a cheat. In information technology, the term has several usages. 1) A rogue Internet service provider ( ISP ) is one that knowingly originates spam (unsolicited mass e-mail). 2) A rogue Web site is one that subverts a legitimate Web site by appearing to replace it. 3) In programming, rogue code is another term for code that constitutes a virus . 4) Rogue is the name of an animated computer game written in UNIX. It is a dungeons-and-dragons game that has given rise to numerous variations that are popular among young people.

Kerberized FTP

Kerberized FTP provides secure authentication of your file transfer protocol (FTP) sessions without passing your Kerberos password in the clear across the internet. Kerberized FTP programs intercept cleartext userIDs/passwords used by unauthorized intruders to log in to various machines and wreak havoc. Sending your password over the network in the clear is a grave security risk. Avoid this kind of theft by using secure FTP whenever possible.

Kerberos

Kerberos /ˈkərbərɒs/ is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. The protocol was named after the character Kerberos (or Cerberus) from Greek mythology, the ferocious three-headed guard dog of Hades (hellhound). Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. Kerberos is built in to all major operating systems, including Microsoft Windows, Apple OS X, FreeBSD and Linux. Since Windows 2000, Microsoft has incorporated the Kerberos protocol as the default authentication method in Windows, and it is an integral component of the Windows Active Directory service. Broadband service providers also use Kerberos to authenticate DOCSIS cable modems and set-top boxes accessing their networks. Kerberos was originally developed for Project Athena at the Massachusetts Institute of Technology (MIT). The name Kerberos was taken from Greek mythology; Kerberos (Cerberus) was a three-headed dog who guarded the gates of Hades. The three heads of the Kerberos protocol represent a client, a server and a Key Distribution Center (KDC), which acts as Kerberos' trusted third-party authentication service. Users, machines and services using Kerberos need only trust the KDC, which runs as a single process and provides two services: an authentication service and a ticket granting service. KDC "tickets" provide mutual authentication, allowing nodes to prove their identity to one another in a secure manner. Kerberos authentication uses conventional shared secret cryptography to prevent packets traveling across the network from being read or changed and to protect messages from eavesdropping and replay attacks.

Key Management

Key management is the management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.[1] Key management concerns keys at the user level, either between users or systems. This is in contrast to key scheduling; key scheduling typically refers to the internal handling of key material within the operation of a cipher. Successful key management is critical to the security of a cryptosystem. In practice it is arguably the most difficult aspect of cryptography because it involves system policy, user training, organizational and departmental interactions, and coordination between all of these elements.

Recovery Key

Key recovery lets you backup and restore cryptographic keys. t also lets you recover your systems in the event of a failure, like a natural disaster might cause.

Host Hardening

Limiting network access to a system by the traditional method of turning off unnecessary network services, by firewalling, or by enforcing authentication to use a service.

Malware

Malicious software (malware) is the wide range of software applications developed with a malicious intent. The methods used for malware installation is unlike any other software installation you are accustomed to because malware is installed through devious means. People often use the terms virus and malware interchangeably. However, a virus is a type of malware. Virus Trojan Horse Worms Spyware Logic Bombs Rootkits

Remote Wiping

Remote wipe is a security feature that allows a network administrator or device owner to send a command to a computing device and delete data.

NAT(Network Address Translation)

Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes. The most common form of network translation involves a large private network using addresses in a private range (10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, or 192.168.0 0 to 192.168.255.255). The private addressing scheme works well for computers that only have to access resources inside the network, like workstations needing access to file servers and printers. Routers inside the private network can route traffic between private addresses with no trouble. However, to access resources outside the network, like the Internet, these computers have to have a public address in order for responses to their requests to return to them. This is where NAT comes into play. Internet requests that require Network Address Translation (NAT) are quite complex but happen so rapidly that the end user rarely knows it has occurred. A workstation inside a network makes a request to a computer on the Internet. Routers within the network recognize that the request is not for a resource inside the network, so they send the request to the firewall. The firewall sees the request from the computer with the internal IP. It then makes the same request to the Internet using its own public address, and returns the response from the Internet resource to the computer inside the private network. From the perspective of the resource on the Internet, it is sending information to the address of the firewall. From the perspective of the workstation, it appears that communication is directly with the site on the Internet. When NAT is used in this way, all users inside the private network access the Internet have the same public IP address when they use the Internet. That means only one public addresses is needed for hundreds or even thousands of users. There are other uses for Network Address Translation (NAT) beyond simply allowing workstations with internal IP addresses to access the Internet. In large networks, some servers may act as Web servers and require access from the Internet. These servers are assigned public IP addresses on the firewall, allowing the public to access the servers only through that IP address. However, as an additional layer of security, the firewall acts as the intermediary between the outside world and the protected internal network. Additional rules can be added, including which ports can be accessed at that IP address. Using NAT in this way allows network engineers to more efficiently route internal network traffic to the same resources, and allow access to more ports, while restricting access at the firewall. It also allows detailed logging of communications between the network and the outside world. Additionally, NAT can be used to allow selective access to the outside of the network, too. Workstations or other computers requiring special access outside the network can be assigned specific external IPs using NAT, allowing them to communicate with computers and applications that require a unique public IP address. Again, the firewall acts as the intermediary, and can control the session in both directions, restricting port access and protocols. NAT is a very important aspect of firewall security. It conserves the number of public addresses used within an organization, and it allows for stricter control of access to resources on both sides of the firewall.

What is Salting?

One other element of passwords that is becoming more and more common is a technique called "salting." Salting a password means, more or less, adding bits of information (aka the "salt") to the given password before hashing it, so that the password is not merely guessable by a standard rainbow table, as the hashes are not of simple words anymore. Salting makes cracking a password much more difficult, but it should be noted that this only complicates cracking programs that use hashes rather than rapid input. Normal dictionary and brute-force attacks are not affected by the salt.

Ping Flood Attack

Ping of Death (a.k.a. PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command. While PoD attacks exploit legacy weaknesses which may have been patched in target systems. However, in an unpatched systems, the attack is still relevant and dangerous. Recently, a new type of PoD attack has become popular. This attack, commonly known as a Ping flood, the targeted system is hit with ICMP packets sent rapidly via ping without waiting for replies.

Port Security

Port security is a layer two traffic control feature on Cisco Catalyst switches. It enables an administrator configure individual switch ports to allow only a specified number of source MAC addresses ingressing the port. Port Security helps secure the network by preventing unknown devices from forwarding packets. When a link goes down, all dynamically locked addresses are freed. The port security feature offers the following benefits: •You can limit the number of MAC addresses on a given port. Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted. •You can enable port security on a per port basis.

AES-256 (Advanced Encryption Standard)

Symmetric Cryptography. AES stands for Advanced Encryption Standard, which is the norm used worldwide to encrypt data. AES (Advanced_Encryption_Standard) is a symmetric encryption standard. AES is used to encrypt data. Prevent people from viewing that data with knowing some secret. 256 refers to the key size - the larger the size, the more possible keys there are. For example if I encrypted an email using AES and I sent that email to you then you and I would both need to know the shared key used to encrypt and decrypt the email.

PGP (Pretty Good Privacy)

Pretty Good Privacy or PGP is a popular program used to encrypt and decrypt email over the Internet, as well as authenticate messages with digital signatures and encrypted stored files. Pretty Good Privacy uses a variation of the public key system. In this system, each user has an encryption key that is publicly known and a private key that is known only to that user. You encrypt a message you send to someone else using their public key. When they receive it, they decrypt it using their private key. Since encrypting an entire message can be time-consuming, PGP uses a faster encryption algorithm to encrypt the message and then uses the public key to encrypt the shorter key that was used to encrypt the entire message. Both the encrypted message and the short key are sent to the receiver who first uses the receiver's private key to decrypt the short key and then uses that key to decrypt the message.

Production Environment

Production - you worry about people who are using the product. "Prod" means "Production". It describes the environment you are providing to the customers. A Production environment is where the Waveset application is actually available for business use.

Public Key

Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. Youpublishyour public keytotheworldwhile keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met. It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information.

List the algorithms from least to greatest chance of collision rate.

SHA1 SHA128 MD4 MD5 <64 SHA224 SHA256 SHA384 SHA512

SCP (Secure Copy)

Secure copy or SCP is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. "SCP" commonly refers to the: Secure Copy Protocol. Secure Copy (remote file copy program).

Deterrent Security

Security; the act of making someone decide not to do something

LDAP (Lightweight Directory Access Protocol)

Short for Lightweight Directory Access Protocol, a set of protocols for accessing information directories. LDAP is based on the standards contained within the X.500 standard, but is significantly simpler. And unlike X.500, LDAP supports TCP/IP, which is necessary for any type of Internet access. Because it's a simpler version of X.500, LDAP is sometimes called X.500-lite. Although not yet widely implemented, LDAP should eventually make it possible for almost any application running on virtually any computer platform to obtain directory information, such as email addresses and public keys. Because LDAP is an open protocol, applications need not worry about the type of server hosting the directory.

WPA2 with AES

This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol. You should be using this option. On devices with less confusing interfaces, the option marked "WPA2" or "WPA2-PSK" will probably just use AES, as that's a common-sense choice. WPA has, as of 2006, been officially superseded by WPA2. One of the most significant changes between WPA and WPA2 was the mandatory use of AES algorithms and the introduction of CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) as a replacement for TKIP (still preserved in WPA2 as a fallback system and for interoperability with WPA). Currently, the primary security vulnerability to the actual WPA2 system is an obscure one (and requires the attacker to already have access to the secured Wi-Fi network in order to gain access to certain keys and then perpetuate an attack against other devices on the network). As such, the security implications of the known WPA2 vulnerabilities are limited almost entirely to enterprise level networks and deserve little to no practical consideration in regard to home network security.

WPA2 with TKIP

This uses the modern WPA2 standard with older TKIP encryption. This isn't secure, and is only a good idea if you have older devices that can't connect to a WPA2-PSK (AES) network.

Transitive Trust

Transitive trust is a two-way relationship automatically created between parent and child domains in a Microsoft Active Directory forest. When a new domain is created, it shares resources with its parent domain by default, enabling an authenticated user to access resources in both the child and parent.

Trusted Computing

Trusted computing is a broad term that refers to technologies and proposals for resolving computer security problems through hardware enhancements and associated software modifications. Several major hardware manufacturers and software vendors, collectively known as the Trusted Computing Group (TCG), are cooperating in this venture and have come up with specific plans. The TCG develops and promotes specifications for the protection of computer resources from threats posed by malicious entities without infringing on the rights of end users. Microsoft defines trusted computing by breaking it down into four technologies, all of which require the use of new or improved hardware at the personal computer (PC) level: •Memory curtaining -- prevents programs from inappropriately reading from or writing to each other's memory. •Secure input/output (I/O) -- addresses threats from spyware such as keyloggers and programs that capture the contents of a display. •Sealed storage -- allows computers to securely store encryption keys and other critical data. •Remote attestation -- detects unauthorized changes to software by generating encrypted certificates for all applications on a PC. In order to be effective, these measures must be supported by advances and refinements in the software and operating systems (OSs) that PCs use. Within the larger realm of trusted computing, the trusted computing base (TCB) encompasses everything in a computing system that provides a secure environment. This includes the OS and its standard security mechanisms, computer hardware, physical locations, network resources and prescribed procedures. The term trusted PC refers to the industry ideal of a PC with built-in security mechanisms that place minimal reliance on the end user to keep the machine and its peripheral devices secure. The intent is that, once effective mechanisms are built into hardware, computer security will be less dependent on the vigilance of individual users and network administrators than it has historically been. Concerns have arisen, however, about possible loss of user privacy and autonomy as a result of such changes.

Vulnerability Scanning

Vulnerability scanning is a security technique used to identify security weaknesses in a computer system. Vulnerability scanning can be used by individuals or network administrators for security purposes, or it can be used by hackers attempting to gain unauthorized access to computer systems.

Encryption Standards Methods

WEP, WPA + TKIP, WPA + TKIP/AES (TKIP is there as a fallback method), WPA + AES, WPA2 + AES

WPA (Wi-Fi Protected Access )

Wi-Fi Protected Access was the Wi-Fi Alliance's direct response and replacement to the increasingly apparent vulnerabilities of the WEP standard. It was formally adopted in 2003, a year before WEP was officially retired. The most common WPA configuration is WPA-PSK (Pre-Shared Key). Some of the significant changes implemented with WPA included message integrity checks (to determine if an attacker had captured or altered packets passed between the access point and client) and the Temporal Key Integrity Protocol (TKIP). TKIP employs a per-packet key system that was radically more secure than fixed key used in the WEP system. TKIP was later superseded by Advanced Encryption Standard (AES). WPA, like its predecessor WEP, has been shown via both proof-of-concept and applied public demonstrations to be vulnerable to intrusion.

WEP (Wired Equivalent Privacy)

Wired Equivalent Privacy (WEP) is the most widely used Wi-Fi security algorithm in the world. This is a function of age, backwards compatibility, and the fact that it appears first in the encryption type selection menus in many router control panels. Despite various improvements, work-arounds, and other attempts to shore up the WEP system, it remains highly vulnerable and systems that rely on WEP should be upgraded or, if security upgrades are not an option, replaced. The Wi-Fi Alliance officially retired WEP in 2004.

Key Escrow

With key escrow, on the other hand, a third-party gets copies of a cryptographic key. The US government led the push for key escrow back in the pre-dot-com era. The idea was for law enforcement agencies to have the ability to decrypt encrypted messages if they had the necessary court order. There was even talk of laws requiring all encryption to have this feature. It turned out that people weren't comfortable with the government having this ability and that technical problems plagued the proposed escrow schemes. In the end, the idea failed terribly. It's definitely not a feature that enterprise encryption products need.


Ensembles d'études connexes

Chapter 14: Assessing Skin, Hair, and Nails

View Set

Combo with "SPM_Chapter1" and 11 others

View Set

HESI/Saunders Review, HESI/Saunders Online Review- Module 10-Physiological Health Problems

View Set

Week 1 - Tour of the Cell (Test)

View Set

Communications Exam #1 (Quiz 15)

View Set

Sill's 7th edition Self-Study Questions (Chapter 10 Airway Clearance Therapy)

View Set