CSS 310 Midterm Study Set

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

How to calculate Uptime

(Time passed - Time down)/Time Passed *This is different from what the book says, but is correct for the quizzes he's been using.

Dictionary attack

A password attack that creates encrypted versions of common dictionary words (via hashing) and compares them against those in a stolen password file.

Brute force attack

A password attack where every possible character combination is tried.

Foreign Agent (FA)

A router with additional capabilities connected to another network (not the HA network), this object assigns the MN a local address. When the MN connects to another network that supports Mobile IP, it announces itself to this object.

Home Agent (HA)

A router with additional capabilities over standard routers. Keeps track of the MNs it manages. When an MN leaves a local network, this device forwards packets to the MN's current network.

Application Service Provider (ASP)

A third-party service company that delivers, manages, and remotely hosts standardized applications software via a network through an outsourcing contract based on fixed, monthly usage, or transaction-based pricing

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?

Address Resolution Protocol (ARP) poisoning

Internet Protocol (IP) spoofing

An attacker may change a computer's network address to appear as an authorized computer in the target's network. If the administrator of the target's local router has not configured it to filter out external traffic with internal addresses, the attack may be successful.

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?

Applying Security updates promptly

Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality?

Applying strong encryption

AAA

Authentication, Authorization, and Accounting. AAA protocols are used in remote access systems. For example, TACACS+ is an AAA protocol that uses multiple challenges and responses during a session. Authentication verifies a user's identification. Authorization determines if a user should have access. Accounting tracks a user's access with logs. Popular ones: RADIUS, TACACS+, DIAMETER, SAML

Voice pattern biometrics

Bad authentication bc voices are easily replicated by software

DIAMETER

Based on RADIUS Works with both fluid/mobile workforce AND stable/static workforce. Consists of: Base protocol - defines message format, transport, error reporting, security used by all extensions Extensions - conduct specific types of authentication, authorization or accounting transactions Uses P2P mode User Datagram Protocol (UDP)

BLP

Bell-LaPadula Model -DoD created this in the 1970's -prevents the leaking/transfer of classified info to less secure clearance levels -accomplished by blocking lower classified sub's from accessing higher classified objects -*maintains confidentiality of obj's, but not integrity or availability* -first mathematical model of a multilevel sec policy -doesn't support many modern networking features

Internet Society's Four Fundamental Principals Regarding Succesful IoT Innovation

Connect, Speak, Share, Innovate

CDAP

Content-Dependent Access Control Basically (the arbiter program) looks at content flags of the data (is this high-security? is this payroll?) and then looks at security clearances of the person accessing and then determines if they can accesss the thing Arbiter program causes a higher usage cost

Logical access controls

Control access to computer system or network (e.g. must have correct password) Limit what a user can do on a system based on who they are Limit what a user can do on a system based on actions they take

Physical access controls

Control access to physical resources (e.g. must have key to building, car etc.) Usually granted access through some kind of key or card or timing.

In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?

Correspondent node (CN)

CER

Crossover Error Rate Describes the point where the false reject rate (FRR) and false accept rate (FAR) are equal Used to measure accuracy of a system expressed as a percentage. Mentioned in context of biometric systems.

Remote Wiping

Device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.

Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?

Distributed denial of service (DDoS)

Which type of attack involves the creation of some deception in order to trick unsuspecting users? Fabrication Modification Interruption Interception

Fabrication

A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.

False

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

False

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).

False

Cryptography is the process of transforming data from cleartext into ciphertext.

False

Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages.

False

In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.

False

Passphrases are less secure than passwords.

False

Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.

False

Regarding the Internet of Things (IoT), a business involved in utilities, critical infrastructure, or environmental services can benefit from traffic-monitoring applications.

False

Temporal isolation is commonly used in combination with rule-based access control.

False

Terminal Access Controller Access Control System Plus (TACACS+) is an authentication server that uses client and user configuration files.

False

The asset protection policy defines an organization's data classification standard.

False

The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.

False

The number of failed logon attempts that trigger an account action is called an audit logon event.

False

The weakest link in the security of an IT infrastructure is the server.

False

Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).

False

FERPA

Family Educational Rights and Privacy Act Compliance regulation that applies specifically to the educational records maintained by schools about students.

Which control is not designed to combat malware? Firewalls Antivirus software Quarantine computers Awareness and education efforts

Firewalls

Which one of the following is NOT a market driver for the Internet of Things (IoT)?

Global adoption of non-IP networking

Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)? Supply chain management Health monitoring Infrastructure monitoring Virtual workplace

Health Monitoring

Cold Site (Alternative Data Center)

Holds no technical infrastructure Low cost but takes longer/more costly to get up and running in case of needing to use it

With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?

Home Agent (HA)

Four-Part Access Control (Hint: IAAA)

Identification, Authentication, Authorization, Accountability Two phases: Policy definition phase (authorization) Policy enforcement phase (identification, authentication, authorization execution, accountability)

Address Resolution Protocol (ARP) poisoning

In this attack, the attacker spoofs the MAC address of a targeted device, such as a server, by sending false ARP resolution responses with a different MAC address. This causes duplicate network traffic to be sent from the server.

Brewer and Nash

Integrity Model. Also called Chinese Wall. Used to apply dynamically changing access permissions. Used to protect against integrity threats arising from conflict of interests (e.g. competitors can't access each other's information). Basically makes it so users with access to X don't have access to Y.

Clark-Wilson

Integrity model. Addresses two components missing by Biba. Looks at A) What happens when users allowed in system do things they're not permitted to do B) Internal integrity threats C) Whether software does what it's designed to do Three parts: Stops unauthorized users from making changes. Stops authorized users from making improper changes. (not in Biba) Keeps internal and external consistency. (not in Biba) Access triple: subject, program, object Integrity enforced by binding (subject-to-program or program-to-object), which creates separation of duties.

Biba

Integrity model. Created to address failure of Bell-LaPadula (BLP) to protect data integrity Consists of three parts: -(Integrity axiom) Subject cannot read objects that have a lower level of integrity than the subject does. A subject at a given integrity level can read only objects of the same integrity level or higher. -Subject cannot change objects that have a higher level. -Subject may not ask for service from subjects that have a higher integrity level. A subject at a given integrity level can only call up a subject at the same integrity level or lower.

What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?

Kerberos

LDAP

Lightweight Directory Access Protocol SSO Process. Handles access control credentials. Makes managing devices access/logon creditions over network easy. Defines and uses distributed directory services. Not a complete solution, but often used as part of solution. Often secured via SSL. Open-source.

Risk: Unauthorized access to data centers, computer rooms, and wiring closets

Mitigation: Apply policies, standards, procedures, and guidelines for staff and visitors to secure facilities.

Risk: Susceptibility of client/server and web applications

Mitigation: Conduct rigorous software and web application testing and penetration testing prior to launch

Risk: Loss of backed-up data as backup media are reused

Mitigation: Convert all data into digital data for long-term storage. Retain backups from offsite data vaults based on defined Recovery Time Objectives (RTOs).

Risk: Downtime of servers to perform maintenance

Mitigation: Create a system that brings together servers, storage, and networking.

Risk: Server operating systems software vulnerability

Mitigation: Define vulnerability window for server operating system environments. Maintain hardened production server operating systems

Risk: Recovery of critical business functions potentially too time-consuming to be useful

Mitigation: Develop a business continuity plan for mission-critical applications providing tactical steps for maintaining availability of operations.

Risk: Downtime of IT systems for an extended period after a disaster

Mitigation: Develop a disaster recovery plan specific to the recovery of mission-critical applications and data to maintain operations.

Risk: Unauthorized access to systems

Mitigation: Follow data classification standards regarding stringent use of second-level authentication.

Risk: Loss or corruption of data

Mitigation: Implement daily data backups and offsite data storage for monthly data archiving. Define data recovery procedures based on defined recovery time objectives (RTOs).

Risk: Insecure cloud computing virtual environments by default

Mitigation: Implement virtual firewalls and server segmentation on separate VLANs. A virtual firewall is a software-based firewall used in virtual environments.

Risk: Data breach where private data of individuals are compromised

Mitigation: Separate private data elements into different databases. For archiving purposes, encrypt sensitive data at rest within databases and storage devices.

What is NOT a commonly used endpoint security technique?

Network Firewall

Beth must purchase firewalls for several network circuits used by her organization. Which one circuit will have the highest possible network throughput?

OC-12

Which type of authentication includes smart cards?

Ownership

Which element of the security policy framework requires approval from upper management and applies to the entire organization?

Policy

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?

Procedure

cloud computing pros and cons

Pros: -No need to maintain data center -No need to maintain disaster recovery site -Outsourced responsibility for performance and connectivity responsibility -On-demand provisioning Cons: -Greater difficulty in keeping private data secure -Greater danger of private data leakage -Greater demand (on users) for constant network access -Greater need for clients to trust/rely outside vendors

Hashing

Putting a value (e.g. a password) through some function to produce a scrambled representation of itself. Unlike encryption, hashing is not often easily reversable.

Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?

Redundant Array of Independent Disks (RAID)

RADIUS

Remote Authentication Dial-in User Service Most popular AAA service. Authentication server that uses: -Client configuration file (contains client address & shared secret for transaction authentication) -User configuration file (contains user identification and authentication data and connection and authorization info) Steps: 1. Network Access Server (NAS) decrypts user's UDP access request 2. NAS authenticates source. 3. NAS validates request against user file. 4. NAS rejects or allows access or requests more info

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?

Risk Management Guide for Information Technology Systems (NIST SP800-30)

Kerberos

SSO Process. Computer network authentication protocol that allows nodes communicating over nonsecure network to prove their identity to one another in a secure manner. Provides mutual authentication. Protects against eavesdropping and replay attacks. Steps: 1. User sends ID and access request through Kerberos client software on workstation to key distribution center (KDC). 2. KDC authentication server verifies user and requested service are in KDC database and sends ticket (unique key for user, timestamped for requested servce) (Ticket Granting Service = TGS) 3. User cannot use ticket after it expires. KDC must be physically secured bc KDC is potential single point failure. Developed by MIT.

Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation? Connect Secure Speak Share

Secure

SESAME

Secure European System for Applications in a Multi-vendor Environment An SSO process. Addresses Kerberos weaknesses. Improves key management using symmetric and assymetric keys to protect interchanged data. Offers public key cryptography and role-based access control abilities. A research and development project funded by the European Commission.

SAML

Security Assertion Markup Language. An AAA server. Open standard used for exchanging both authentication and authorization data. Data format specification based on XML, designed to support distributed system access control needs. Often used in web app access control. Not for centralized systems.

Christmas attack

Sends advanced TCP packets with flags set to confuse IP routers and network border routers with TCP header bits set to 1, thus lighting up the IP router like a Christmas tree.

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

Simulation test

SSO Process

Single Sign On Process Popular ones include LDAP, Kerberos, & SESAME

Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?

Standard

Which one of the following principles is NOT a component of the Biba integrity model?

Subjects cannot change objects that have a lower integrity level.

TACACS+

Terminal Access Controller Access Control System Plus AAA Server. Internet Engineering Task Force (IETF) standard. Uses configuration file to: -Control server operations -Define users and attribute/value pairs -Control authentication and authorization procedures Authentication steps: 1. Client sends service request via TCP w header in cleartext and an encrypted body containing user ID, pass, & shared key. 2. Reply contains permit/deny and attribute/value pairs for connection configuration Originated from Cisco Systems

Care of Address (COA)

The local address for the MN when it connects to another network, the FA assigns the COA to the MN and sends it to the HA when the MN connects. In many cases, the COA is actually the FA address. The HA forwards any packets for the MN to the COA. The FA receives the packets and forwards them to the MN.

Mobile Node (MN)

The mobile device that moves from one network to another. It has a fixed IP address regardless of the current network.

Unified Messaging

The storage of fax, email, and voice communications in a single location. This allows you to download both voice and email messages to a smartphone or tablet.

False

The term risk methodology refers to a list of identified risks that results from the risk-identification process.

Authentication Types

Thing you have - e.g. a phone Thing you know - e.g. a password Thing you are - e.g. fingerprints Thing you do - e.g. typing pattern Thing you're located at - e.g. not in alaska when you're usually in cali, or just literally being in the building where records are stored

System/Application Domain

This holds all the mission-critical systems, applications, and data.

Correspondent Node (CN)

This is the node that wants to communicate with the MN.

Password protection

This mitigation plan is most appropriate to limit the risk of unauthorized access to workstations.

What type of malicious software masquerades as legitimate software to entice the user to run it?

Trojan horse

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.

True

A trusted operating system (TOS) provides features that satisfy specific government requirements for security.

True

Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.

True

Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.

True

Each 4G device has a unique Internet Protocol (IP) address and appears just like any other wired device on a network.

True

IoT devices cannot share and communicate your IoT device data to other systems and applications without your authorization or knowledge.

True

Organizations should start defining their IT security policy framework by defining an asset classification policy.

True

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.

True

Using a secure logon and authentication process is one of the six steps used to prevent malware.

True

When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.

True

2FA

Two factor authentification, uses two different types of authentication (usually thing you have and thing you know sometimes thing you are)

Fabrication

Type of attack involving the creation of some deception in order to trick unsuspecting users.

Session hijacking

Type of attack where the attacker attempt to take over an existing connection between two systems.

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?

Typosquatting

Clear Text

Unencrypted text that can be read with any editor.

Common methods used to identify a user to a system

Username, smart card, and biometrics (and more)

Virus vs. Worm

Viruses require a host, worms don't.

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?

Warm Site

Crossover error rate (CER)

Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?

Salting

adding entropy or randomness in order to make sequences or patterns more difficult to detect. Typically placed in front of password.

Rainbow Table Attack

attempts to discover the password from the hash using databases of precomputed hashes; countermeasure is salting

HTTP

the communications protocol between web browsers and websites with data in cleartext.

URL hijacking

the user is directed to a different website than what he or she requested, usually to a fake page that the attacker has created (based on misspelling of URL). This gives the user the impression that the attacker has compromised the website when in fact the attacker simply diverted the user's browser from the actual site. This type of attack is also known as typo squatting. Attackers can use this attack with phishing to trick a user into providing private information such as a password.


Ensembles d'études connexes

chapter 22 mylab & quiz questions

View Set

Gel Electrophoresis, Gel Electrophoresis

View Set

Nutrition Chapter 11: The Fat-Soluble Vitamins: A, D, E, and K

View Set

Simple Subject and Simple Predicate

View Set

Math Formulas for Shapes and Circles & Volume and Surface Area

View Set