IT 223 Chapters 1-4
What is a threat agent? Give an example.
Someone or something that creates a threat action. An example of this could be a person who deliberately hacks into a system, a user mistake, or a natural event.
What is an information security service?
A security benefit provided to members of a community.
What is a trojan horse?
A software that appears beneficial but designed to violate security.
What is a threat action? Give an example.
A specific instance of a potential threat being realized. An example is a hacker guessing a user's weak password and accessing data they were not authorized too.
What is governance framework? Give an example.
A structure used as the basis of policy for an organization. An example is COBIT.
What does legacy mean in security architecture context?
A system or component that is out of date but still in use.
What do we mean by "threat" in an information security context?
A threat can be an action by a person or a condition or even. A threat represents the potential for security to be compromised.
What is a time bomb?
A time bomb is a logic bomb where one of the conditions is a particular date or time.
What is a countermeasure?
A tool or process intended to counter a specific threat.
What is a zero-day attack?
A zero day attack is a breach that exploits a vulnerability in the system that was not known at the time of attack. They are given "zero days" notice to act.
what are some important ethical principles promoted by the ACM? by the IEE?
ACM- honor property rights including copyrights and patent, give proper credit for intellectual property, know and respect existing laws, acknowledge and support and authorized uses. future of the computing profession depends on both technical and ethical excellence IEE- protect the intellectual property of others by relying on his own innovation and efforts , never knowingly use software or process that is obtained or retained with illegally or unethicallyunethincally
Why is ARP vulnerable to poisoning attacks?
ARP request and replies do not require authorization or verification
What is technical security architecture?
Describes all the technical countermeasures and how they are arranged into an integrated system.
What is a software worm?
Designed to wriggle from one system to the next over network links.
What are the three types of countermeasures?
Detective, antivirus, system monitoring, IDS. Preventative - keep something from happening in the first place. Corrective - occurs after an event has occurred. An attempt to minimize damage and fix the issue.
What is risk analysis?
Evaluates risks and controls to help make reasonable decisions.
What is classic risk analysis? What is the problem with it?
Evaluates the costs of risks so they can be compared to the costs of benefits of potential controls. The problem with it is that nothing is known, it is all estimated, the cost of incident not proportional to asset value.
How should exceptions to policy be handled?
Every request and the resulting decision should be documented. Management should be informed. Should be audited periodically and a request/authorization control should be used.
What are some driving forces behind compliance?
External forces such as laws and regulations. Internal forces such as management.
What are other names for a successful attack?
Incident, compromise, or breach.
What is the difference between information and information assurance?
Information security focuses on the protection of information assets while information assurance focuses on the correctness of the information, also known as providing the right information to the right people at the right time.
Why is security management more than just implementing security technologies?
It is a process. One needs a policy, plan, goal, and action.
What is authorization integrity?
It provides assurance that integrity has been maintained and not compromised.
What is access control?
Limiting access to the system to only authorized users.
What is malware?
Malicious software deliberately designed to violate security.
What is adware?
Malware designed to show ads to a user without his/her permission.
What is spyware?
Malware designed to spy on a user without his/her knowledge.
What is malware's threat agent?
The company behind the malicious software.
Why does WPA "leak" much less than WEP?
WPA extends the security of RC4 by increasing the IV to 48 bits so it vastly reduces leakage
What is outsourcing?
When another company provides Infosec functions for the organization.
What is defense in depth? Give an example.
When multiple independent countermeasures are placed in series, so when one fails there are others. An example of this is in the game World of Warcraft, if a hacker gets through the password screen, there is an authentication key you need after that, that only the owner of the account can generate.
What is request/authorization control? Give an example.
When the person who authorizes a request must never be the person who makes the request. An example is a manager at a company can approve other employees time off requests, but can not approve their own.
What is authentication of origin?
Where the message comes from. Can refer to "is it really you?" Also known as authentication of identity or authentication of integrity.
Why is defense harder than offense in defending against attacks?
With defense one needs to prepare for a large variety of possible attacks while offense only needs to find one angle.
Why is electronic data harder to protect than tangible works?
it is easily transmitted across networks
who/what should you consult when deciding how to act?
layer, Hyman resources, conscience "following orders" is not an excuse for inappropriate behavior
Why is turning off SSID broadcasting only of limited use against attacks?
limited broadcasting, hacker needs to know SSID
What is the structure of a TCP segment?
physical, data link, ip, tcp, application
TCP/IP model
please do not throw sausage pizza away physical, data link, network, transport, session, presentation, application
What is ARP
(address resolution protocol) can provide the MAC address of the system currently associated with an IP address
What is DNS
(domain name system) distributed application that can provide the IP address associated with a domain name
What is a poisoning attack? Can you give examples?
- the attacker attempts to corrupt an address database or a query/ response interaction
What is a DoS attack? What information security service does it target?
-an attempt to make a server or network unavailable to legitimate users by flooding it with attack packets
What is a botnet? How does it work? What can it be used for?
-collection of internet connected devices that are infected and controlled by a common type of malware -device infected by malware which then becomes part of a network or net of infected device controlled by a single attacker - runs in the background to send a barely noticeable amount of traffic from the infected device to the target ads. - used for DoS attack
What is a VPN? What services can a VPN provide?
-network using private facilities - can provide end to end protection with a pre shared secret the evil twin cannot intercept
What is a reflection attack?
-responses from legitimate services flood a victim -attacker sends spoofed request to existing legitimate servers -servers then send all responses to the victim
What is a "Smurf flood"?
-the attackers sends a spoofed ICMP echo request to an incorrectly configured network device -broadcasting enabled to all internal hosts -network device forwards the echo request to all internal hosts
What is an open network? a private network? a secured network?
-used by anyone who wants to use it (libraries, coffee shop) -network to be used only by authorized entities - uses cryptographic functions to provide certain service
how many bytes are in an IP address
4
What is implementation guidance in this context?
A bridge between policy and plan.
What is segregation or separation of duties? Give an example.
A duty that requires two or more people to complete. Makes probability of harmful conduct less likely. An example is in a movie theater when one person sells tickets while another takes tickets.
What is a software virus?
A fragment of code designed to infect an existing application and modify its operation.
What is a rootkit? Why is it used?
A malicious payload or data designed to take control of root account on the system. It is used to gain control of the root or admin account to access all privileges and do whatever they want with the system.
What is a trapdoor or backdoor?
A malware component designed to bypass a security mechanism in a system. It bypasses audit mechanisms. Hackers install backdoors so they can get in after initial vulnerability is closed.
What is a logic bomb?
A malware component that only activates when certain conditioners are met.
Can you explain and give examples of malware payloads?
A malware payload is a malicious code that does something undesirable. An example of this is a software virus that infects an existing application and modifies its operation.
Can you explain and give examples of malware transport mechanisms?
A malware transport mechanism gets the software to where it does damage. An example of this is a Trojan horse. It is designed to look beneficial so the user doesn't think before running it on their account, after this the software runs malware.
What is MSSP?
A managed security service provider or a company that provides certain InfoSec functions for other orgnizations.
What makes an attack different from human error?
An attack has intent to harm and violate security, while human error does not.
What is an insider? Why are they a threat?
An employee or another trusted person inside an organization. They are a threat because they are trusted, they have a detailed knowledge of the system including how to get into it, how defensive measures work or do not work, and how to avoid getting caught.
What is compliance? Why is it important?
An external factor motivating firms to formalize their security processes. It is important because it insures minimum security standards to protect the users.
What could an insider do?
An insider could steal assets, harm other people, violate the law at work, or allow outsiders to have access to the system.
What is an oversight? What are some common oversight functions?
An oversight is the process of checking compliance with a policy. Some functions are enforcing policy provisions and taking corrective actions to improve the outcome.
How might outsourcing affect security?
Causes a possible security breach because the organization loses control over their security.
What is confidentiality?
Concerned with ensuring limited disclosure of the meaning of data to only the authorized people or entities.
What is the difference between information and data?
Data is the information without context. Raw information.
Can you name, explain, and give examples of categories of outsiders who could be a threat?
Foreign powers - government agencies, citizens. Business competitors. Hackers, highly skilled hackers, competent technicians, and script kiddies. Criminals - amateurs, professionals, organized crime syndicates.
What are some risks when performing offensive security operations?
Have to be absolute sure you identified the right hacker and some offensive measures could be illegal.
Why is it important to identify and eliminate single points of vulnerability?
Having a single point at which an attacker can do a great deal of damage could make the whole system collapse if just one point is compromised.
Can you give an example of policies related to information security?
Hiring and termination policies - when a company has background checks or policies for different types of terminations (voluntary, layoffs, terminations for cause)
Why is a formal process needed?
If one does not know why security is needed and what needs to be protected, focusing on technology may be useless or even counterproductive.
Can you name, explain, and give examples of the three types of threats?
Natural events, not caused by people but caused by animals. An example is a rat chewing through computer network wires. Human Error, caused by people unintentionally. An example of this would be accidentally emailing private student information such as SSNs to the entire student body instead of just one person. Attacks, caused by people who want to violate security. An example is a person hacking a website and changing the home page to malware.
Can you name, explain, and give examples of the three types of policy guidance?
No guidance - gives implementers free reign to develop what they see as the best policy implementation. Standards guidance - standards must be followed. Mandatory standards. Discretionary guidance - expected to follow guidelines, unless there is a good justification. Standards not mandatory.
Do you need to be an expert attacker to successfully defend against attacks?
No, you only need to learn countermeasures and defenses. There is also lots of software to aid with this.
Does a threat require an action?
Not an explicit action, although it may include one.
About 2/3 of security incidents occur by __ or ____.
People internal to the organization or insider threats.
What is availability?
Providing access to the authorized user when they need it.
What is a RAT?
Remote access trojan. Gives control of the system to an attacker over a network.
What is software bacterium?
Replicates itself making one or more copies, which each does the same, endlessly until the copies consume all of a needed resource.
What is the definition of security?
Security is the state of being free from danger, fear, or anxiety. It can also be something that secures protection.
Can you name, explain, and give examples of the four risk control strategies?
Risk avoidance - attempts to eliminate risks by making the risk event impossible to occur. For an example, if it is too risky to use an outsourcer to store private customer or employee data. Risk Transference - eliminate impact of a risk event by transferring the impact. An example is insurance. When an insurance company charges money annually in return for paying when damages occur. Risk Reduction - attempt to reduce the effect of a risk event by reducing the probability of it occurring or the impact should it occur. An example is installing firewalls. Risk acceptance - does not attempt to alter the situation by accepting the way it is. An example of this is when the cost of a countermeasure would be higher than the cost or impact of a breach.
What is SOX?
The Sarbanes Oxley Act - An act to protect investors by improving the reliability of corporate disclosures made in accordance with security laws.
Why does the compliance work grow every year?
The amount of rules and regulations and the number of security issues grow every year.
What is FISMA?
The federal information security management act. It requires federal agencies to evaluate their InfoSec controls.
How should an organization handle someone who quits or is fired?
The manager should allow them to leave immediately with pay so no further intimate information is gathered. They should not be allowed to attend any further business meetings.
What is InfoSec?
The security of information and security of information systems.
Why is it important that information security is not seen as "cops" looking to "bust" offenders?
They are there to protect people, not get them in trouble for not complying. Protection and security is their number one goal.
Why is an ex-employee a threat?
They may harbor malice against the organization and have intimate knowledge of the system and may tell unauthorized people.
What is nonrepudiation?
This is what deters the sender of a message from claiming they did not send it. Refers to the ability to ensure that a party to a contract or communication can not deny the authenticity of their signature on a document or message.
Where in an organization should the information security function be placed?
Throughout the organization such as HR, Legal, Auditing, IT, Finances, or even outsourced.
What is the goal of information security?
To manage security risks.
What is a function of policy? Why is it important?
To specify what must be done under specific circumstances. These are important because it determines what InfoSec options are put in place.
What is a code of conduct? How is it used?
a formal published document designed for use in making decisions about how to behave consistent with the principles of an acm. used to deal with ethical dilemmas prejudices and gray areas of everyday work
What is an "evil twin" attack?
any device which receives a stronger signal form the attackers spoofed access pint will connect to it
What is a redirection attack?
attack where it redirects you too another page freely out of the original website
How might an attacker create a DoS against a wireless network?
attacker sends all internal host a continuous stream of unsolicited spoofed ARP replies saying the gateway
Why is "blackholing" an attacker's IP address a bad long-term solution?
attackers can quickly change source IP addresses
What are the 4 goals of a secure network?
availability-access to information confidentiality- prevent unauthorized users from gaining information functionality- prevents attackers from altering the capabilities access control- keep attackers or unauthorized employees from accessing internal resources
What are some legal protections for intellectual property?
copyright
When is unauthorized access to an information system allowed?
in many jurisdictions it is a crime but some think its ok if access doesn't affect the system
Why is rekeying a challenge with WEP?
reeking is expensive and next to impossible if Manu or all stations use the same shared key if employee is fired the necessary rekeying may be impossible or close to it
Who is responsible when an employee commits a crime?
the company
What is copyright? When does it come into effect? Can it be transferred?
the right to make copies of original creative work. the law assigns copyright to the creator of such work at the time of creation. the creator may assign it to another person
how are laws created in the US? why is compromise often part of the process
they are produced bt the political process of a community. the are passed by elected representatives of the people often as the result of a process of negotiation and compromise.
Why is copyright important in the digital world?
to protect intellectual property
what is an expectation of privacy? when does it exist.?when not?
user can reasonably expect his information to be private. does not exists with work computers, companies have the right to monitor and inspect any data stored on company equipment
what are the differences between values morals and ethics ? How is law related to ethics?
values are individual principles for determining appropriate behavior morals are used by individuals but are derived from some external source ethics are determined collectively and enforced by a group or community