Network Security 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Advanced Encryption Standard

AES

_________ laws are regulatory standards written by government agencies, like the Federal Trade Commission (FTC).

Administrative

All computers used for remote connections should be protected from unauthorized use such as enabling the ________ password and encrypting the data on laptops. BIOS

BIOS

The _____________ helps you determine how much you should spend on countermeasures to prevent or reduce your risk.

Annualized Loss Expectancy

Because Web servers tend to handle high traffic volumes, it usually makes sense to put the Web server in a ________ in front of the firewall so it doesn't add to the workload of the firewall.

DMZ

_______ programs are used to move, copy, or delete files. It's a program that is used to connect to a computer that is physically located somewhere else.

FTP

________ VPNs mean these are encrypting routers.

Hardware-based

SSL runs whenever you connect to a secure website. You know that a site is running ____ because the address changes to https from http. SSL directs the traffic to the Web server to port 443 and encrypts the data during the transmission.

SSL

Secure Socket Layer

SSL

To harden your database: put your database behind a firewall; never put a ____ on your database; use encryption when possible; harden the OS that the database runs on; and apply security patches and upgrades as soon as they are available.

Web server

The only way you can fix the problems with SSL is to obtain a patch from the vendor of the ____.

Web server software

In the _________ permissions, you can change the extended attributes of a file or folder.

Write Extended Attributes

In Apple OS X, you can change permissions using the ____ command from the command line.

chmod

Dangers to cable modems and DSL routers are similar: you are always ________, you have a static IP address, and you can remotely access the routers to configure the box.

connected

Stateful inspection also supports _________ protocols such as User Datagram Protocols (UDP), something that routers can't do.

connectionless

Hard drives should have hardware locks and these locks should be _________ by a central authority.

controlled

Part of protecting your network involves knowing where everything is but also who can access the hardware and software and who _______ the access.

controls

To determine how much you should spend on security requires a __________.

cost/benefits analysis

DES is one of the ________ algorithms used in encryption. A stronger version is known as 3DES (Triple DES).

cryptographic

The anti-virus ______ is based upon existing viruses and behaviors previously seen. This is a significant weakness of anti-virus products that vendors try to overcome with the use of heuristics - a method of anticipating and examining behaviors.

database

The anti-virus scanner consists of two parts, the scanning engine and the __________.

database

CGI is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and ____ because a database doesn't understand HTML and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.

databases

A modem stands for modulator/______ and it changes the digital data created by your computer into electronic pulses that can be carried by the phone line.

demodulator

If your company passes data between a remote connection and your network, you may want to consider setting up a VPN, which includes encryption, have a strong form of authentication such as security tokens, _____, and biometrics (because logon IDs and passwords are easily cracked).

digital certificates

To harden your database: go through all the directories and make sure they have the appropriate permissions; ____ the operating system back doors and mail capabilities; enable logging and set for failed object assess and logons; control the distribution of database query tools in your organization.

disable

Your Web server should have its operating system hardened and security patches applied. The Web server needs to be configured for security, which means ____ guest accounts, limiting access to directories, and applying necessary security patches.

disabling

MPLS is used to ________ traffic when there are failures or bottlenecks in the network.

divert

___________ is important, prepare a central log and stick with it.

documentation

A good computer security assessment team should have at a minimum a team manager, head geek, and _________.

documenter

If you're connected to the Internet via modem, chances are your vulnerability to hack attacks is quite small because you are not connected all the time and you do not have a set IP address (static IP address). Each time you connect, your ISP gives you a changing address (__________IP address).

dynamic

If your business is heavily reliant upon _______, you will probably have a high volume of email traffic and want two email servers: one for inbound traffic and one for outbound traffic.

email

_______ is now one of the most common avenues for viruses and malicious programs that can wreak havoc and damage data.

email

Precautions a company can take to safeguard network security in the event of ___________ are: recover keys and identification; do a physical search of any file boxes the employees have with them on their last day; do a physical body search for disks and small electronics; disable their network access; and perform an exit interview and keep a record of the exit interview process.

employee termination

IDS uses two methods for analysis: pattern matching and _________.

anomaly detection

All ______ scanners work with a database that contains information about viruses; this information is called the virus fingerprint or signature. The database needs to be updated frequently so that it contains the most up-to-date virus information.

anti-virus

Firewalls, intrusion detection systems, ________software, and other extensive security measures are required to protect T1, T3, and OC-3 network connections.

anti-virus

IDS pattern matching works similar to the way that _________ software does. The IDS contains a large database of known attacks and creates a signature of these attacks. When data is captured, IDS looks for patterns in that data.

anti-virus

It's recommended to upgrade your __________ software at least once a week for the dat files and once a month for the scanning engines.

anti-virus

Some content filtering programs also work in concert with __________ programs to give you another level of protection.

anti-virus

Ad-hoc are packets that allow the clients to speak to one another without having to go through the access point. These packets don't contain ________ data and are considered to be the same as data packets by the network.

beacon

Beacons continually ________ by the access point with the SSID and the MAC address. These are sent so clients can find the network to join it. This data is not encrypted when encryption is enabled on the wireless network.

broadcast

A _________ attack is when someone is trying to guess a password to gain unauthorized access and he keeps guessing until he gets in.

brute force

A Service Pack is the granddaddy of all bug fixes and security patches, because it has been extensively beta-tested for problems. You can feel fairly comfortable that installing a service pack won't cause problems. You still have to check to see whether any _____ were released after the service pack was created, and you have to apply those separately.

security patches

All applications on all platforms have the appropriate ________ applied.

security patches

To harden your database: put your database behind a firewall; never put a Web server on your database; use encryption when possible; harden the OS that the database runs on; and apply ____ and upgrades as soon as they are available.

security patches

The method of protection, the strength of your protection, and your philosophy will determine your _____.

security posture

The __________ program should be attended by new hires and have an annual refresher course where at the end, the employee signs a statement indicating that he has received the training, understands it, and will comply with the rules.

security training

Internal DNS and external DNS should be on ________ machines, so that your internal network isn't visible to the entire outside world.

separate

The anti-virus software's ____________ files are essentially the database of known viruses and their actions.

signature

Employee education and awareness is the only security mechanism that will work against ¬¬¬¬¬________.

social engineering

People are vulnerable to ___________.

social engineering

All firewalls using _________ keep all ports closed until a specific port is requested.

stateful inspection

___________security is a relatively new market generally serviced by telecoms, ISPs, and managed security services (MSS).

outsourced

Most ________ focus on firewall and intrusion detection management and sometimes VPNs.

outsourcers

Dangers to cable modems and DSL routers are similar: you are always connected, you have a ________ IP address, and you can remotely access the routers to configure the box.

static

A switch works by switching _________ between two or more machines on a network.

packets

Ad-hoc are ________ that allow the clients to speak to one another without having to go through the access point. These packets don't contain beacon data and are considered to be the same as data packets by the network.

packets

All network traffic is segmented into little pieces called ________.

packets

The Windows Operating System needs to be regularly maintained with fixes called ______, hotfixes, and service packs.

patches

Your Web server should have its operating system hardened and security patches applied. The Web server needs to be configured for security, which means disabling guest accounts, limiting access to directories, and applying necessary security ___________.

patches

An IDS is also expecting the attack to come at a certain pace, so if the attacker sends the data very slowly, for example, the IDS won't necessarily see the ________.

pattern

An IDS can look at all the traffic and draw a conclusion based on various factors - it's not just limited to certain types of traffic, but can look for ______________.

patterns and changes

The leased line was a ________ phone line laid between the two offices and the only connections allowed on it were the two ends of the networks. No one could dial in to the network and you had to have physical access to the line to be able to connect.

physical

Firewalls do a majority of their work at the _____ and service level. They examine the ports and services in three basic ways: packet filtering, stateful inspection, and application proxying.

port

Employees should have no expectation of _________ of anything they store or transmit on a company system.

privacy

In Apple OS X, you have to use the command line to create groups and to set their ____ using the newgrp and chgrp commands.

privileges

CGI scripts are actually small ____ that are telling the computer what to do. Because they are programs, they have the ability to do almost anything - including deleting and changing files.

programs

IKE is the ________ used for exchanging secret keys in IPSec.

protocol

In a firewall, a _________ is a transparent intermediary that works between two connections.

proxy

Data Protection means the data traveling on the ________ network (Internet) must be unreadable by unauthorized users on the network.

public

After you make changes to the registry, you have to exit the ________ and reboot for the changes to take effect.

registry editor

Telnet is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to access a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the password for telnet can be guessed or cracked, the intruder can telnet into your _____, change configurations, or install unauthorized programs.

system

The servers should be in a locked, limited access room to prevent theft of the equipment and to prevent ____________ to the configurations of the server

unauthorized changes

Your Apple OS X must be formatted with HFS partitions if you want to use ____ networking on your Macs.

wireless

The VPN exchanges a set of shared secrets to create an ________ key. The traffic traveling along the established channel is wrapped with an encrypted package that has an address on the outside of the package. But the contents are hidden from view. Once the data reaches its destination, the wrapper is safely removed.

encryption

You need to have a list of all your ______, the makes and models, and who the support vendors are.

equipment

Software-based VPNs mean a complete package is installed on a server dedicated to ________ and maintaining VPN connections.

establishing

CGI is a way for computer of different types to talk to one another. It's most often used to ____ data between Web servers and databases because a database doesn't understand HTML and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.

exchange

IKE is the protocol used for ________ secret keys in IPSec.

exchanging

All _________ using stateful inspection keep all ports closed until a specific port is requested.

firewalls

Do a __________ of your system every week.

full backup

To harden your database: put your database behind a firewall; never put a Web server on your database; use encryption when possible; ____ the OS that the database runs on; and apply security patches and upgrades as soon as they are available.

harden

The platforms are all protected by ________ their operating systems and having security patches applied.

hardening

The _______ checklist should have columns for hardware name, number of items, type and password protection.

hardware

GRE is a method for wrapping packets so that the original addresses are________.

hidden

Software companies are aware that security holes exist and are fairly responsible in releasing fixes in a timely manner, called bug fixes, _______, patches, and sometimes updates.

hot fixes

The Windows Operating System needs to be regularly maintained with fixes called patches, ______, and service packs.

hotfixes

Firewalls use a combination of scanning methods to create a hybrid of its own. Hybrids typically include hard circuits between networks that are not inspected, various levels of packet filtering, and more granularity in the stateful _________ and application of proxies.

inspection

How can you convert an _________ such as security into dollars and cents? By looking at the cost of manpower and potential lost sales.

intangible

Address Management means the VPN must be able to keep the IP addresses of the ________ network secret.

internal

One of the biggest mistakes you can make is to combine a Web server and a database on the same computer. Place a firewall between a Web server and a database server to make it harder for a malicious _____ to destroy your entire system.

intruder

Most outsourcers focus on firewall and ______________ management and sometimes VPNs.

intrusion detection

All pieces of equipment should have ___________ labels.

inventory control

The hardware checklist should have columns for hardware _____, number of items, type and password protection.

name

Firewall-based VPNs mean all VPN ________ are handled by the firewall.

negotiations

In the security infrastructure, the __________ layer consists of all the things that make the network work - network cards, routers, switches, hubs etc.

network

The ________ (internal and DMZ) are protected with security devices (router and firewall).

networks

Security policies are the _______ that everyone must follow and the procedures are how the rules will be put in place and enforced.

rules

SSL runs whenever you connect to a ____ website. You know that a site is running SSL because the address changes to https from http. SSL directs the traffic to the Web server to port 443 and encrypts the data during the transmission.

secure

It is extremely difficult to determine which sections of code will leave ___________ holes.

security

The key to firewalls are the filters and ______.

ACLs

The L2TP protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer ¬¬¬¬_____of the OSI model, the Datalink Layer. L2TP does not use packets to transmit data, it uses frames.

2

All back-up tapes should be labeled and locked away. ________ tapes should be kept off premises.

Archived

Annualized rate of occurrence

ARO

____ are actually small programs that are telling the computer what to do. Because they are programs, they have the ability to do almost anything - including deleting and changing files.

CGI scripts

Sometimes the sacrificial lamb is placed in a _____.

DMZ

_____ do a majority of their work at the port and service level. They examine the ports and services in three basic ways: packet filtering, stateful inspection, and application proxying.

Firewalls

________, intrusion detection systems, anti-virus software, and other extensive security measures are required to protect T1, T3, and OC-3 network connections.

Firewalls

_____don't protect your systems against viruses, you need anti-virus software.

Firewalls

___________ all miscellaneous disks and check them out. Be prepared to find illegal software and other materials that you may not want to be in your office. Physically destroy or have the owner take them home.

Gather up

L2TP is better suited for VPNs for dial-up connections or networks using a variety of networking technologies like Frame Relay or ATM (Asynchronous Transfer Mode). ________ is better if you have a straightforward IP-based network.

IPSec

Many users combine both ________ and L2TP on their VPNs for better security.

IPSec

Many users combine both IPSec and________ on their VPNs for better security.

L2TP

Exposure Factor

EF

________ VPNs mean all VPN negotiations are handled by the firewall.

Firewall-based

An _____ can look at all the traffic and draw a conclusion based on various factors - it's not just limited to certain types of traffic, but can look for patterns and changes.

IDS

Internet Relay Chat

IRC

¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬____________ covers copyrights, trademarks, trade secrets, offenses to the integrity of IP systems, and misuse of dissemination systems.

Intellectual property

In the Apple OS X, __________ stores all the passwords you tell it to in an encrypted file.

Keychain

In Apple OS X, to start ____, open the Systems Preferences and click on Sharing. Then click on the Application tab and check the Allow remote login checkbox.

SSH

In the _________ permissions, you can take over as the owner of a file or folder. Usually an owner has a full set of permissions.

Take Ownership

________ means the VPN must be able to verify a user's identity and restrict access to only validated users. In addition, there must be a method of logging access.

User Authentication

A _________ uses a special protocol to add information to the packets that identify which segment the computer resides on. So, computers sitting right next to each other won't necessarily be on the same segment of the network, one could be in the Finance segment and another could be in Operations.

VLAN

Virtual Local Area Network

VLAN

Virtual Private Network

VPN

Many viruses have been written using the Visual Basic Language that is controlled by Windows Scripting Host (WSH). Remove _____ and the virus can't operate. Only allow WSH to run on machines that need it.

WSH

An __________ server needs to have the operating system hardened and to have security patches applied for the different applications that you run.

application

Once a month you should store one of the full backups for _________ reasons.

archival

The first thing to do when your computer is ________ is to take the system offline and restore it from your back up.

attacked

Check that everything is being done by the rules. Check the _____ logs on the computers and ask questions of employees.

audit

RADIUS is an ________ system used to authenticate users.

authorization

When your user account was created, you were given certain ______ on the system to enable you to do your job. These authorizations are also called permissions.

authorizations

The purpose of access control is to protect your assets, and the means to this end is to: identify wo you are giving access to, authenticate - verify who they really are, and ________- let them do only what you want them to do.

authorize

Clients that want to join a ________ network will send a request for a probe packet from the access point. If the access point will allow the request, it responds with a probe packet. This data is not encrypted when encryption is enabled.

wireless

There are many ways to secure a ________ network: strong passwords, well-defined users' access lists, and various levels of encryption.

wireless

GRE is a method for ________ packets so that the original addresses are hidden.

wrapping

There are three different types of VPNs: ________ -based, hardware-based, and software-based.

firewall

A ________ is a much simpler construct than a packet and it does not have as much information in it as a packet has. Think of a frame as a burst of data rather than a package of data.

frame

A firewall software computer, dedicated to ___________ unauthorized entry into the network, needs to be kept up to date with upgrades and patches.

detecting and preventing

SSL runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to https from http. SSL directs the traffic to the Web server to port ____ and encrypts the data during the transmission.

443

Data is sent between computers. This is the only traffic that is ________ when encryption is enabled.

encrypted

Many people update the signature files for the database but are unaware that the __________ also needs updating.

engine

In the case of ____________ attacks, the country of the origin of the attack usually takes the lead.

international

IDS _________ logs from your systems, watches network traffic, and attempts to identify patterns that look like an attack.

monitors

The database __________ should be hardened and the security patches applied.

operating system

Email servers will need to have their __________ hardened and security patches applied. You will also need anti-virus protection on the email servers because most viruses enter through this path.

operating systems

Network maps can give you a listing of all the ___________ and applications installed on the network.

operating systems

Passwords traverse networks on an almost constant basis, and all it takes is a well-placed eavesdropping program (called a ___________) to gather hundreds and thousands of passwords in a matter of hours.

password sniffer

The simple definition for risk mitigation is ____________.

prevention

Key Management means the VPN must be able to generate shared, secret keys with the ________ users.

remote

________ are packets that allow the clients to speak to one another without having to go through the access point. These packets don't contain beacon data and are considered to be the same as data packets by the network.

Ad-hoc

________ means the VPN must be able to keep the IP addresses of the internal network secret.

Address Management

Rename or disable the built-in _____ account. Be sure to use your best and strongest passwords on this account.

Administrator

The default installation of Apple OSX includes three accounts: root, ____, and regular users. The root account allows you to do everything, just like the UNIX root account. The administrator account in Macs is restricted and does not have a full set of privileges like a root account does. The root account is not enabled by default.

administrator

Configuring content filters and anti-virus software can help with preventing _________ from entering your network via email.

executables

Firewalls are not foolproof, they are also known for sending out a lot of __________, which can be troublesome if the staff gets in the habit of ignoring the alarms. The alarms can be hard to understand and if the firewall administrator hasn't been properly trained, he may miss important clues about possible attacks.

false alarms

Keep all the software licenses locked in a ___________ to keep your licenses in order in case you are ever audited.

filing cabinet

The key to firewalls are the ____ and ACLs.

filters

_________ hackers are able to write common attack programs and have an in-depth knowledge of how networks communicate.

common

VPNs were created to address two different problems; the high cost of ________ leased lines needed for branch office communications and the need to allow employees a method of securely connecting to the headquarters networks when they were on business out of town or working from home.

dedicated

An ________ estimates the number of times something will happen within a one-year timespan.

ARO

The purpose of access control is to protect your assets, and the means to this end is to: ________ who you are giving access to, authenticate - verify who they really are, and authorize - let them do only what you want them to do.

identify

Most routers have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or access control lists (ACL). Routers maintain logs of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based __________ to make configuration easier.

interfaces

Your assets include hardware, software, and _______.

invested time

There is no industry standard for anti-virus scanners. There are independent __________ that let you see whether the various anti-virus products have passed or failed the latest testing.

labs

To create a more effective security design, add security to each _____.

layer

Never keep your backup media in the same __________ as your backup computers.

location

Note the ______ and make and model of DSL and dial-up modems.

location

An effective method of disabling repeated guesses is to ________ the user ID after a certain number of failed attempts.

lock out

Hard drives should have hardware _____ and these locks should be controlled by a central authority.

locks

A ______ stands for modulator/demodulator and it changes the digital data created by your computer into electronic pulses that can be carried by the phone line.

modem

A ___________ is a program that works by querying the network, looking for computers and their addresses; it then uses this information to make a physical map of your network.

network mapper

As soon as security alerts appear you should obtain the fix and apply it to your computers. It's one of the best things you can do to ensure ______.

network security

You need permission and support from the higher-ups before starting work on __________. Set a schedule, give them updates and progress reports, ask them to give you feedback. The more they are included, the more likely they are to work with you, rather than against you.

network security

A router examines the traffic coming in from the Internet and then uses a database of routes and rules to send the traffic to the correct section of your network. Traffic can be filtered by ________ IP addresses, destination IP addresses, and/or ports.

originating

In the security infrastructure, the _________ layer is the applications and the way they move data around to different machines.

processes

Telnet is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to access a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the ________ for telnet can be guessed or cracked, the intruder can telnet into your system, change configurations, or install unauthorized programs.

password

All networks are accessed with ________ and all networks are vulnerable to virus infections to some degree.

passwords

QFE patches are usually released to fix a bad bug in the program rather than a security hole, and they are an example of "quick and dirty" programming. These _____ are not rigorously tested, and you have no guarantees that they won't affect other parts of your system.

patches

In Apple OS X, you can change ____ using the chmod command from the command line.

permissions

All applications on all ________ have the appropriate security patches applied.

platforms

The ________ are all protected by hardening their operating systems and having security patches applied.

platforms

Because a ______________ floods the network with queries, running too many queries at once can bring a healthy network to a screeching halt.

port scanner

All firewalls using stateful inspection keep all _________ closed until a specific port is requested.

ports

The networks (internal and DMZ) are ________ with security devices (router and firewall).

protected

After you make changes to the registry, you have to exit the registry editor and ________ for the changes to take effect.

reboot

Write down all _______ passwords and store them in a safe.

root

Putting a ______ in front of a firewall helps with pre-screening.

router

If your company is medium to large, you should appoint a ____________ whose main job is to oversee and manage security.

security officer

When a virus copies itself from one file to another, it leaves bits of its code in the infected file. The __________ of that code is specific to each virus and is part of what makes up the fingerprint of the virus.

sequence

Security dangers increase when services such as Web servers, data base servers, FTP servers, mail servers, firewalls, and intrusion detection systems are all combined on the same _________.

server

_____ serve the individual workstations with files that can be shared and moved around.

servers

Firewalls can examine an entire __________ and not just the packet itself. Based on the content of the stream, the firewall makes a decision as to which application is being used to transmit the data. It then starts a restrictive version, like FTP or Telnet, in which rules are set as to verify the user and the destination.

stream of data

RADIUS is an authorization ________ used to authenticate users.

system

Apple OS X has included SecureShell (SSH) in its default installation for a secure ____ program.

telnet

The ______ is a special set of permissions that allow you to move through a folder that you don't have List permission to. You can also run the application so you can open the file.

traverse folder/execute file

Get in the practice of checking for anti-virus _______ at least once a week.

updates

Change all ____ passwords if you suspect a root password has been compromised.

user

Beacons continually broadcast by the access point with the SSID and the MAC address. These are sent so clients can find the network to join it. This data is not encrypted when encryption is enabled on the ________ network.

wireless

In Apple OS X, to start SSH, open the Systems Preferences and click on Sharing. Then click on the ____ tab and check the Allow remote login checkbox.

Application

Berkeley Software Distribution

BSD

________ continually broadcast by the access point with the SSID and the MAC address. These are sent so clients can find the network to join it. This data is not encrypted when encryption is enabled on the wireless network.

Beacons

Data Encryption Standard

DES

________ is sent between computers. This is the only traffic that is encrypted when encryption is enabled.

Data

________ means the data traveling on the public network (Internet) must be unreadable by unauthorized users on the network.

Data Protection

________ are often the heart of the company's operations and can contain personnel records, financial data, and customer files.

Databases

The L2TP protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer 2 of the OSI model, the ________ Layer. L2TP does not use packets to transmit data, it uses frames.

Datalink

________ that want to join a wireless network will send a request for a probe packet from the access point. If the access point will allow the request, it responds with a probe packet. This data is not encrypted when encryption is enabled.

Clients

Don't forget the Good, _____, Cheap Triangle.

Fast

CGI is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand ____ and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.

HTML

Multiprotocol Support means the VPN must be able to handle multiple protocols so data of different types can be shared. This includes protocols like SMTP, ________, telnet, and so on.

HTTP

_________ should have hardware locks and these locks should be controlled by a central authority.

Hard drives

With ______, the machine examines traffic and compares it to a database of known attack methods and then sends alerts when these conditions are met.

IDS

_____ send alerts and reports to the administrators based on what they are finding, so the administrators don't have to rely upon deciphering log entries to see what's going on.

IDS

_________ monitors logs from your systems, watches network traffic, and attempts to identify patterns that look like an attack.

IDS

_________ uses two methods for analysis: pattern matching and anomaly detection.

IDS

Thanks to __________, there are literally hundreds of ways to defeat an IDS and they are all well documented on the Internet.

IDS hackers

Internet Key Exchange

IKE

Address Management means the VPN must be able to keep the ________ of the internal network secret.

IP addresses

Apple OS X has a built-in ____ called ipfw. You configure it from a command-line interface instead of a GUI.

IP firewall

IPSec works at Layer 3 of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with ________ that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.

IP packets

L2TP is better suited for VPNs for dial-up connections or networks using a variety of networking technologies like Frame Relay or ATM (Asynchronous Transfer Mode). IPSec is better if you have a straightforward ________ network.

IP-based

PPTP is a forerunner of ________.

L2TP

The ________ protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer 2 of the OSI model, the Datalink Layer. L2TP does not use packets to transmit data, it uses frames.

L2TP

________ is better suited for VPNs for dial-up connections or networks using a variety of networking technologies like Frame Relay or ATM (Asynchronous Transfer Mode). IPSec is better if you have a straightforward IP-based network.

L2TP

A _________ establishes a connection between two different segments on a network just long enough to send the current packet. Incoming packets are saved to a temporary memory area (buffer).

LAN switch

The ______ permission allows you to view the names of files in a folder and can read the data in a file, but you cannot make changes.

List Folder/Read Data

______are important to keep a record of what you've done and why you've done it: organization charts, hardware lists, software lists, network map, and building plans.

Lists

________ will help you decide what type of DMZ architecture is the better risk worth taking.

Risk assessment

__________ hackers are the vandals and graffiti artists of the Internet. They have little or no actual programming skill and can only hack with tools available on the Internet.

Script kiddie

Beacons continually broadcast by the access point with the SSID and the ________. These are sent so clients can find the network to join it. This data is not encrypted when encryption is enabled on the wireless network.

MAC address

The ________ file is a temporary swap file that Windows uses to manage memory and enhance the performance of Windows. This file should be set to clear at Shutdown.

Page

Annualized Loss Expectancy

ALE

In Registry, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: ________, Binary, and DWORD.

String

Generic Routing Encapsulation

GRE

Emergency Repair Disk

ERD

The _____________ is the percentage of loss that would occur if you experience an attack.

Exposure Factor

In the _________ permissions, you can change the permissions on a file or folder.

Change Permissions

___________ laws are to protect the general public and violators usually face a jail sentence.

Criminal

Digital Subscriber Line

DSL

VPN has two main protocols ________ and IPSec.

L2TP

Lightweight Directory Access Protocol

LDAP

MultiProtocol Label Switching

MPLS

________ means the VPN must be able to handle multiple protocols so data of different types can be shared. This includes protocols like SMTP, HTTP, telnet, and so on.

Multiprotocol Support

Network Interface Card

NIC

________ IDS can be set to listen only for traffic destined for the particular segment of the network on which it resides, or they can be set to promiscuous mode, so they listen to all traffic sent to all segments.

Network-based

_________________ can be set up to examine the traffic on a single machine or on the entire network.

Intrusion Detection Systems

Hackers are known to engage in an activity known as __________, where they physically rummage through trash dumpsters looking for personnel files, network files, and anything else they can get their hands on.

dumpster diving

CGI scripts are actually small programs that are telling the computer what to do. Because they are programs, they have the ability to do almost anything - including deleting and changing ____.

files

A _________ sandwich is two firewalls with a machine operating as a load balancer between them. Both firewalls work all the time, but if one fails, the other takes all the load.

firewall

Because Web servers tend to handle high traffic volumes, it usually makes sense to put the Web server in a DMZ in front of the ________ so it doesn't add to the workload of the firewall.

firewall

Firewall-based VPNs mean all VPN negotiations are handled by the ________.

firewall

Firewalls can examine an entire stream of data and not just the packet itself. Based on the content of the stream, the ______ makes a decision as to which application is being used to transmit the data. It then starts a restrictive version, like FTP or Telnet, in which rules are set as to verify the user and the destination.

firewall

Most outsourcers focus on __________ and intrusion detection management and sometimes VPNs.

firewall

One of the biggest mistakes you can make is to combine a Web server and a database on the same computer. Place a _____ between a Web server and a database server to make it harder for a malicious intruder to destroy your entire system.

firewall

The networks (internal and DMZ) are protected with security devices (router and ________).

firewall

To harden your database: put your database behind a ____; never put a Web server on your database; use encryption when possible; harden the OS that the database runs on; and apply security patches and upgrades as soon as they are available.

firewall

Firewalls are not foolproof, they are also known for sending out a lot of false alarms, which can be troublesome if the staff gets in the habit of ignoring the alarms. The alarms can be hard to understand and if the ___________ hasn't been properly trained, he may miss important clues about possible attacks.

firewall administrator

Personal ________ are a great way to protect small systems from intrusions if you are using DSL connections.

firewalls

___________ are very good at examining your Internet traffic and keeping unwanted traffic out.

firewalls

Firewalls use to basic methods of selection: _________ and best available. In first available, it means that when a packet comes in, the firewall goes through the list of rules, and the first rule that looks like a match is used. In best available, when a packet reaches the firewall, the firewall looks at all the rules that may be a match and then chooses the one it considers to be the best.

first available

Firewalls use to basic methods of selection: first available and best available. In first available, it means that when a packet comes in, the firewall goes through the list of rules, and the _________ that looks like a match is used. In best available, when a packet reaches the firewall, the firewall looks at all the rules that may be a match and then chooses the one it considers to be the best.

first rule

Software companies are aware that security holes exist and are fairly responsible in releasing _______ in a timely manner, called bug fixes, hot fixes, patches, and sometimes updates.

fixes

A vulnerability assessment tool tests applications, computers, and network devices, such as routers and firewalls, for known ___________ that can leave your systems susceptible to malicious attacks.

flaws and weaknesses

Firewalls are not _______, they are also known for sending out a lot of false alarms, which can be troublesome if the staff gets in the habit of ignoring the alarms. The alarms can be hard to understand and if the firewall administrator hasn't been properly trained, he may miss important clues about possible attacks.

foolproof

SSL runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to https from http. ____ directs the traffic to the Web server to port 443 and encrypts the data during the transmission.

SSL

____ runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to https from http. SSL directs the traffic to the Web server to port 443 and encrypts the data during the transmission.

SSL

A host-based IDS system is more concerned with who has permission to do what and how often. Because of this, these systems are normally used to monitor the conditions on the ________ rather than traffic coming through the firewall.

internal network

CGI is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand ____ HTML and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an ____.

interpreter

Apple OS X has a built-in IP firewall called ____. You configure it from a command-line interface instead of a GUI.

ipfw

Your Apple OS X must be ____ with HFS partitions if you want to use wireless networking on your Macs.

formatted

The L2TP protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer 2 of the OSI model, the Datalink Layer. L2TP does not use packets to transmit data, it uses ________.

frames

Hackers employ a device or software program called a demon dialer or war dialer that dials phone numbers within a range in rapid succession. If any phone number that is dialed responds with a modem's __________, then the dialing stops and the hacker can try to connect to the computer that answered.

handshake signal

The goal in patching your computer is to ______ your computer's software.

harden

To ____ your database: install only what is needed; change the passwords on every account installed by default and use really strong passwords; and go through all the accounts on the database and manually lock out, expire, or disable accounts you don't need.

harden

Keep all ________ paperwork in one central location in case the person who sold it to you is no longer at the company.

hardware

There are three different types of VPNs: firewall-based, ________ -based, and software-based.

hardware

Your assets include _______, software, and invested time.

hardware

A good computer security assessment team should have at a minimum a team manager, ________, and documenter.

head geek

Each packet has a _________ full of information. Firewalls use this information as the first level of defense.

header

In Registry, each folder icon is called a ________ and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: String, Binary, and DWORD.

hive

A ________ IDS system is more concerned with who has permission to do what and how often. Because of this, these systems are normally used to monitor the conditions on the internal network rather than traffic coming through the firewall.

host-based

The team will work together to identify the assets that need to be protected and will research and prepare the initial security plan that will describe what needs to be protected, ___________, and the security roles and responsibilities of everyone in the company.

how they should be protected

SSL runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to https from ____. SSL directs the traffic to the Web server to port 443 and encrypts the data during the transmission.

http

SSL runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to ____ from http. SSL directs the traffic to the Web server to port 443 and encrypts the data during the transmission.

https

The team will work together to _________ the assets that need to be protected and will research and prepare the initial security plan that will describe what needs to be protected, how they should be protected, and the security roles and responsibilities of everyone in the company.

identify

In the computer world, your login name is your ______, your password is the authentication and when you are logged on, you are authorized to do only certain things on the network.

identity

Once the policies and plans are developed, _______ them.

implement

Make an ____________ backup on files that have changed since the last full backup.

incremental

There is no __________ for anti-virus scanners. There are independent labs that let you see whether the various anti-virus products have passed or failed the latest testing.

industry standard

When a virus __________ a program, it generally changes the size of that program. To track those changes, the known size of each executable program is computed and stored in the database when the anti-virus product is first installed. These sizes are called checksums.

infects

In Registry, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual ________ stored in the registry. The registry includes three types of values: String, Binary, and DWORD.

information

___________ campaigns look to disable a country's infrastructure via data networks, telecommunications, energy, transportation, banking and finance, emergency services, and government operations.

information warfare

Software-based VPNs mean a complete package is ________ on a server dedicated to establishing and maintaining VPN connections.

installed

Apple OS X has a small program called Software Update which is included in ____.

System Preferences

LDAP is a set of protocols for computers to obtain information from one another, based on the ________ standard. In VPNs, LDAP is used for secret key information.

X500

Don't allow your email programs to "auto open" _____ .

attachments

Firewalls are not foolproof, they are also known for sending out a lot of false alarms, which can be troublesome if the staff gets in the habit of ignoring the alarms. The alarms can be hard to understand and if the firewall administrator hasn't been properly trained, he may miss important clues about possible _____.

attacks

Keep all the software licenses locked in a filing cabinet to keep your licenses in order in case you are ever ________.

audited

RADIUS is an authorization system used to ________ users.

authenticate

The purpose of access control is to protect your assets, and the means to this end is to: identify wo you are giving access to, ________- verify who they really are, and authorize - let them do only what you want them to do.

authenticate

If your company passes data between a remote connection and your network, you may want to consider setting up a VPN, which includes encryption, have a strong form of _____ such as security tokens, digital certificates, and biometrics (because logon IDs and passwords are easily cracked).

authentication

In the computer world, your login name is your identity, your password is the ______ and when you are logged on, you are authorized to do only certain things on the network.

authentication

Have your system log the unsuccessful attempts at logging on because this can tell you if someone is trying to guess a password and is probably not _____ to use your system.

authorized

In the computer world, your login name is your identity, your password is the authentication and when you are logged on, you are ______ to do only certain things on the network.

authorized

Before securing your network, form an assessment team, where each member of the team has a good working knowledge of ____________ and understands the value of a good computer security program.

computing and networks

The computer security assessment team's documenter is responsible for all reports and documentation; must be detail-oriented; and must have a working knowledge of ___________.

computing and networks

The computer security assessment team's head geek is responsible for all hands-on work with the computers; must understand basic vulnerability assessment; must have an in-depth knowledge of ________; and must be able to communicate well with other team members.

computing and networks

The leased line was a physical phone line laid between the two offices and the only ________ allowed on it were the two ends of the networks. No one could dial in to the network and you had to have physical access to the line to be able to connect.

connections

Firewalls use to basic methods of selection: first available and _________. In first available, it means that when a packet comes in, the firewall goes through the list of rules, and the first rule that looks like a match is used. In best available, when a packet reaches the firewall, the firewall looks at all the rules that may be a match and then chooses the one it considers to be the best.

best available

If your company passes data between a remote connection and your network, you may want to consider setting up a VPN, which includes encryption, have a strong form of authentication such as security tokens, digital certificates, and _____ (because logon IDs and passwords are easily cracked).

biometrics

Apple OS X allows you to use a ____ password on the root account. Never allow this to happen on your systems. A blank password equals no password, which means everyone can hack your machine.

blank

SSL has been a standard for a while now and is generally accepted as safe. However, some vulnerabilities have been discovered in the way that different Web server applications validate the SSL session, and some ____ overflows have been discovered.

buffer

Software companies are aware that security holes exist and are fairly responsible in releasing fixes in a timely manner, called _______, hot fixes, patches, and sometimes updates.

bug fixes

A Service Pack is the granddaddy of all __________, because it has been extensively beta-tested for problems. You can feel fairly comfortable that installing a service pack won't cause problems. You still have to check to see whether any security patches were released after the service pack was created, and you have to apply those separately.

bug fixes and security patches

You need a ______ plan to indicate where your computers are located and any special purpose areas such as server rooms. The fire escapes, sprinkler systems, doors, stairways, windows, and all physical features should be included in the plans. This will give you an indication of what physical security measures need to be implemented to protect your supplies.

building

A frame is a much simpler construct than a packet and it does not have as much information in it as a packet has. Think of a frame as a ________ of data rather than a package of data.

burst

In Apple OS X, you can ____ permissions using the chmod command from the command line.

change

Telnet is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to access a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the password for telnet can be guessed or cracked, the intruder can telnet into your system, _____configurations, or install unauthorized programs.

change

CGI scripts are actually small programs that are telling the computer what to do. Because they are programs, they have the ability to do almost anything - including deleting and ____ files.

changing

A VPN uses a special protocol to establish a virtual channel between two machines or two networks. The ________ is actually a temporary direct session, this is what is commonly referred to as tunneling.

channel

When a virus infects a program, it generally changes the size of that program. To track those changes, the known size of each executable program is computed and stored in the database when the anti-virus product is first installed. These sizes are called __________.

checksums

In Apple OS X, you have to use the command line to create groups and to set their privileges using the newgrp and ____ commands.

chgrp

The Page file is a temporary swap file that Windows uses to manage memory and enhance the performance of Windows. This file should be set to ________ at Shutdown.

clear

When a virus copies itself from one file to another, it leaves bits of its __________ in the infected file. The sequence of that code is specific to each virus and is part of what makes up the fingerprint of the virus.

code

Every once in a while, Microsoft assembles a _____ of security updates into one patch, called a Security Roll-up Patch or roll-up. A roll-up includes all the patches released before a certain date, but it does not include any changes that still have to be made manually.

collection

In offices with ten or more people, ID tags should be worn and _______, to indicate which areas they are allowed to enter. Visitors and repair personnel should have visitor tags and should not be allowed to roam around unescorted.

color coded

Many users ________ both IPSec and L2TP on their VPNs for better security.

combine

In Apple OS X, you can change permissions using the chmod command from the____.

command line

In Apple OS X, you have to use the ____ to create groups and to set their privileges using the newgrp and chgrp commands.

command line

Apple OS X has a built-in IP firewall called ipfw. You configure it from a ____ instead of a GUI.

command-line interface

The computer security assessment team's head geek is responsible for all hands-on work with the computers; must understand basic vulnerability assessment; must have an in-depth knowledge of computing and networks; and must be able to ___________ with other team members.

communicate well

A _______ should have a clear, written company policy governing the monitoring of electronic communications and computer files and what it considers to be appropriate use of the system.

company

Do price _________ checks and shop around before you buy, don't forget training in addition to purchasing the product you often need to buy training for your staff. When it comes to training, don't skimp, it's usually well worth the cost.

comparison

When a virus infects a program, it generally changes the size of that program. To track those changes, the known size of each executable program is __________ and stored in the database when the anti-virus product is first installed. These sizes are called checksums.

computed

Before securing your network, form an assessment team, where each member of the team has a good working knowledge of computing and networks and understands the value of a good __________ program.

computer security

Data is sent between ________. This is the only traffic that is encrypted when encryption is enabled.

computers

Configuring _____ and anti-virus software can help with preventing executables from entering your network via email.

content filters

To harden your database: go through all the directories and make sure they have the appropriate permissions; disable the operating system back doors and mail capabilities; enable logging and set for failed object assess and logons; ____ the distribution of database query tools in your organization.

control

After-hours access should be _______ to prevent theft and eliminate people as suspects if something goes missing at night or on the weekends.

controlled

Do a risk assessment on your computer and network. List all your assets, figure out what those assets are worth and how much it would cost to replace them. Then decide how they need to be protected and how much that protection is going to cost. If you find that the protection _____more than the asset is worth, then you'll have to justify the expense of the protection or decide not to do it.

costs

Diffie-Hellman is a ________ algorithm used in VPNs.

cryptographic

A ______ is a computer program that runs as a background process.

daemon

It's recommended to upgrade your anti-virus software at least once a week for the ______ and once a month for the scanning engines.

dat files

Beacons continually broadcast by the access point with the SSID and the MAC address. These are sent so clients can find the network to join it. This ________ is not encrypted when encryption is enabled on the wireless network.

data

IPSec works at Layer 3 of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of ________ enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.

data

The VPN exchanges a set of shared secrets to create an encryption key. The traffic traveling along the established channel is wrapped with an encrypted package that has an address on the outside of the package. But the contents are hidden from view. Once the ________ reaches its destination, the wrapper is safely removed.

data

Ad-hoc are packets that allow the clients to speak to one another without having to go through the access point. These packets don't contain beacon data and are considered to be the same as ________ by the network.

data packets

To be considered a true VPN, the service must support: ________, user authentication, key management, address management, and multiprotocol support.

data protection

All anti-virus scanners work with a ______ that contains information about viruses; this information is called the virus fingerprint or signature. The database needs to be updated frequently so that it contains the most up-to-date virus information.

database

IDS compares traffic of known patterns in a database, so if your attacker is using a method not found in the ________, or an unknown pattern of attack, there's a chance the attack won't be seen.

database

If you have the correct signatures in your __________ but the wrong version of the scanning engine, there's a good chance that your anti-virus program won't catch important viruses.

database

If your Web server offers dynamic content, or if you are using it for e-commerce, you will also need at least one __________ server to hold and serve up the data to the Web server.

database

Know what operating system the ________ server is running on as well as which database application it contains.

database

One of the biggest mistakes you can make is to combine a Web server and a _____ on the same computer. Place a firewall between a Web server and a database server to make it harder for a malicious intruder to destroy your entire system.

database

The _________ server and Web server should always be on separate computers. The reason for this is Web servers are easily hacked and databases are usually full of important information.

database

The anti-virus scanning engine knows nothing about the viruses themselves and is useless without the signature database. The __________ analyzes a programs structure, its attributes, and its behavior. After completing the analysis, if the database concludes that it looks like a virus it probably is.

database

With IDS, the machine examines traffic and compares it to a ________ of known attack methods and then sends alerts when these conditions are met.

database

CGI is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand HTML and a Web server doesn't understand ____ (such as SQL). Think of CGI script as an interpreter.

database query languages

Most security designs only look at the network layer, add routers, firewalls and intrusion detection and consider the network secure. All the protection is put into surrounding the network, and there's nothing to use as a _______ if the perimeter is broken.

defense

CGI scripts are actually small programs that are telling the computer what to do. Because they are programs, they have the ability to do almost anything - including ____ and changing files.

deleting

Hackers employ a device or software program called a __________ or war dialer that dials phone numbers within a range in rapid succession. If any phone number that is dialed responds with a modem's handshake signal, then the dialing stops and the hacker can try to connect to the computer that answered.

demon dialer

A router examines the traffic coming in from the Internet and then uses a database of routes and rules to send the traffic to the correct section of your network. Traffic can be filtered by originating IP addresses, ________ IP addresses, and/or ports.

destination

Perform a network security assessment. Based on your findings, ______ your policies and plans.

develop

Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The application, user, and transportation method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used __________ from the norm, connection is refused.

deviate

L2TP is better suited for VPNs for ________ connections or networks using a variety of networking technologies like Frame Relay or ATM (Asynchronous Transfer Mode). IPSec is better if you have a straightforward IP-based network.

dial-up

Hackers employ a device or software program called a demon dialer or war dialer that __________ phone numbers within a range in rapid succession. If any phone number that is dialed responds with a modem's handshake signal, then the dialing stops and the hacker can try to connect to the computer that answered.

dials

CGI is a way for computer of ____ types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand HTML and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.

different

A VPN uses a special protocol to establish a virtual channel between two machines or two networks. The channel is actually a temporary ________, this is what is commonly referred to as tunneling.

direct session

To harden your database: go through all the ____ and make sure they have the appropriate permissions; disable the operating system back doors and mail capabilities; enable logging and set for failed object assess and logons; control the distribution of database query tools in your organization.

directories

You should always immediately _______ all accounts for terminated personnel, especially if the parting wasn't amicable, because employees who feel they have been dealt with improperly or unethically by your company may leave and harbor a grudge.

disable

Web servers run on port 80 or port 8080, so you may need to do a port scan of your network to determine if you have any unauthorized Web servers up and running. Web servers that aren't needed should be __________ because Web servers open big security holes in all networks.

disabled

Anti-virus scanners use three basic methods of operation to find, prevent, and __________ programs and files. They look for infections by known viruses using the database of signature files; they monitor changes, or attempted changes, to files and programs; and they scan for suspicious activity by using rules-based logic.

disinfect

_________ work with switches rather than routers and are used to virtually split networks into segments.

VLANs

A ________ uses a special protocol to establish a virtual channel between two machines or two networks. The channel is actually a temporary direct session, this is what is commonly referred to as tunneling.

VPN

If your company passes data between a remote connection and your network, you may want to consider setting up a ______, which includes encryption, have a strong form of authentication such as security tokens, digital certificates, and biometrics (because logon IDs and passwords are easily cracked).

VPN

The ________ exchanges a set of shared secrets to create an encryption key. The traffic traveling along the established channel is wrapped with an encrypted package that has an address on the outside of the package. But the contents are hidden from view. Once the data reaches its destination, the wrapper is safely removed.

VPN

________ has two main protocols L2TP and IPSec.

VPN

Software-based VPNs mean a complete package is installed on a server dedicated to establishing and maintaining ________.

VPN connections

Before ________, if a company wanted to have a secure network connection to an office in another geographic location, they had one choice: a dedicated leased line.

VPNs

________ were created to address two different problems; the high cost of dedicated leased lines needed for branch office communications and the need to allow employees a method of securely connecting to the headquarters networks when they were on business out of town or working from home.

VPNs

The hardware checklist should have columns for hardware name, number of _____, type and password protection.

items

Keep all the software _________locked in a filing cabinet to keep your licenses in order in case you are ever audited.

licenses

The servers should be in a locked, ________room to prevent theft of the equipment and to prevent unauthorized changes to the configurations of the server

limited access

Most routers have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or access control lists (ACL). Routers maintain _____ of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based interfaces to make configuration easier.

logs

One of the best security measures for all types of modems is to use __________ passwords that cannot be easily guessed and include numbers and both upper- and lower-cased letters.

long

If your spreadsheet can run ________ programs, it can be vulnerable to malicious code. Security patches should be applied.

macro

When Microsoft introduced _________ language, it allowed office programs to interchange data automatically and seamlessly. A number of recent worms and viruses have taken advantage of these vulnerabilities. This product needs to be patched.

macro scripting

To harden your database: go through all the directories and make sure they have the appropriate permissions; disable the operating system back doors and ____ capabilities; enable logging and set for failed object assess and logons; control the distribution of database query tools in your organization.

mail

If you're connected to the Internet via __________, chances are your vulnerability to hack attacks is quite small because you are not connected all the time and you do not have a set IP address (static IP address). Each time you connect, your ISP gives you a changing address (dynamic IP address).

modem

One of the best security measures for all types of __________ is to use long passwords that cannot be easily guessed and include numbers and both upper- and lower-cased letters.

modems

A modem stands for ______ /demodulator and it changes the digital data created by your computer into electronic pulses that can be carried by the phone line.

modulator

Anti-virus scanners use three basic methods of operation to find, prevent, and disinfect programs and files. They look for infections by known viruses using the database of signature files; they __________ changes, or attempted changes, to files and programs; and they scan for suspicious activity by using rules-based logic.

monitor

Email filters can be used to __________ personal messages to specific mailboxes, move spam messages to the trash, and to quarantine suspected virus bearing messages.

move

To be considered a true VPN, the service must support: data protection, user authentication, key management, address management, and ________.

multiprotocol support

L2TP is better suited for VPNs for dial-up connections or networks using a variety of networking technologies like Frame Relay or ATM (Asynchronous Transfer Mode). IPSec is better if you have a straightforward IP-based ________.

network

MPLS is used to divert traffic when there are failures or bottlenecks in the ________.

network

Your Airport wireless ____ won't work on a computer that has a UFS partition.

network card

Most security designs only look at the _________, add routers, firewalls and intrusion detection and consider the network secure. All the protection is put into surrounding the network, and there's nothing to use as a defense if the perimeter is broken.

network layer

The Eight Commandments of _____________: use strong passwords, always use anti-virus software, always change default configurations, don't run services that you don't need, immediately install security updates, back-up early and often, protect against surges and losses, and know who you trust.

network security

The ____________ takes a look at where you are, where you need to be, and helps you determine what you need to do to get to the next step.

network security assessment

Content filtering software is able to search the contents of __________ for messages or programs you don't want to come in.

network traffic

A ________ IDS looks at traffic indiscriminately on the network, a host-based IDS system has sensors placed on one or more hosts (individual computers) on the network. Instead of capturing all traffic, this IDS system gathers information from logs that are stored on specific hosts and does some analysis of traffic.

network-based

The leased line was a physical phone line laid between the two offices and the only connections allowed on it were the two ends of the ________. No one could dial in to the network and you had to have physical access to the line to be able to connect.

networks

In Apple OS X, you have to use the command line to create groups and to set their privileges using the ____ and chgrp commands.

newgrp

Although most viruses target the Windows operating system, a virus can travel across Unix and Mac systems and will __________ those systems, but when it encounters Windows-based systems, the virus will start working.

not affect

One of the best security measures for all types of modems is to use long passwords that cannot be easily guessed and include __________ and both upper- and lower-cased letters.

numbers

In the _________ permissions, you can change the attributes of a file or folder.

Write Attributes

You need permission and support from the higher-ups before starting work on network security. Set a schedule, give them ____________ reports, ask them to give you feedback. The more they are included, the more likely they are to work with you, rather than against you.

updates and progress

A __________ must also be shown to have been protected against theft or loss. If a company does not tell its employees that something is secret and makes no attempt to protect it, then the person who reveals the secret cannot be prosecuted.

trade secret

For a _________ to qualify for protection under the law, it must provide some competitive advantage or value for the company.

trade secret

An ___________ hacker hacks for the money or personal gain, not the glory.

uber-

Typical targets for ______ hackers are financial institutions, military and government sites, software companies, and universities with close ties to intelligence agencies.

uber-

The anti-virus scanning engine knows nothing about the viruses themselves and is useless without the signature database. The database analyzes a programs structure, its attributes, and its behavior. After completing the analysis, if the database concludes that it looks like a __________ it probably is.

virus

When a __________ copies itself from one file to another, it leaves bits of its code in the infected file. The sequence of that code is specific to each virus and is part of what makes up the fingerprint of the virus.

virus

Many _____ have been written using the Visual Basic Language that is controlled by Windows Scripting Host (WSH). Remove WSH and the virus can't operate. Only allow WSH to run on machines that need it.

viruses

The anti-virus scanning engine knows nothing about the __________ themselves and is useless without the signature database. The database analyzes a programs structure, its attributes, and its behavior. After completing the analysis, if the database concludes that it looks like a virus it probably is.

viruses

SSL has been a standard for a while now and is generally accepted as safe. However, some ____ have been discovered in the way that different Web server applications validate the SSL session, and some buffer overflows have been discovered.

vulnerabilities

A ________ is something that makes you more exposed to the threat.

vulnerability

The computer security assessment team's head geek is responsible for all hands-on work with the computers; must understand basic ___________; must have an in-depth knowledge of computing and networks; and must be able to communicate well with other team members.

vulnerability assessment

A ___________ tests applications, computers, and network devices, such as routers and firewalls, for known flaws and weaknesses that can leave your systems susceptible to malicious attacks.

vulnerability assessment tool

Before purchasing a ___________, be sure to confirm that it can scan for vulnerabilities in most, if not all, of the different applications and operating systems that you have running on your network.

vulnerability assessment tool

If your spreadsheet can run macro programs, it can be ______ to malicious code. Security patches should be applied.

vulnerable

Hackers employ a device or software program called a demon dialer or __________ that dials phone numbers within a range in rapid succession. If any phone number that is dialed responds with a modem's handshake signal, then the dialing stops and the hacker can try to connect to the computer that answered.

war dialer

IDS monitors logs from your systems, _________ network traffic, and attempts to identify patterns that look like an attack.

watches

When Microsoft introduced macro scripting language, it allowed office programs to interchange data automatically and seamlessly. A number of recent __________ have taken advantage of these vulnerabilities. This product needs to be patched.

worms and viruses

The anti-virus scanning engine knows nothing about the viruses themselves and is useless without the signature database. The database analyzes a programs structure, its attributes, and its behavior. After completing the __________, if the database concludes that it looks like a virus it probably is.

analysis

IDS _________ is like the heuristics used in anti-virus software. Anomaly detection uses algorithms to create a sense of "logic" of what it sees happening. Because pattern matching can be defeated by completely new and previously unrecorded attacks, anomaly detection is added in response to that problem.

anomaly detection

The __________ scanner consists of two parts, the scanning engine and the database.

anti-virus

__________ programs are the best protection against email viruses.

anti-virus

A VPN uses a special protocol to establish a virtual channel ________ two machines or two networks. The channel is actually a temporary direct session, this is what is commonly referred to as tunneling.

between

Firewalls use to basic methods of selection: first available and best available. In first available, it means that when a packet comes in, the firewall goes through the list of rules, and the first rule that looks like a match is used. In best available, when a packet reaches the firewall, the firewall looks at all the rules that may be a match and then _________.

chooses the one it considers to be the best

Programs contain millions of lines of text, called ________.

code

The _________ hacker - who is usually a system administration level of expertise and knows a lot about operating systems and applications - is holding a grudge or has something to prove.

common

Many companies are finding that __________ can help protect against the leakage of company secrets and proprietary information.

content filtering

Some __________ programs also work in concert with anti-virus programs to give you another level of protection.

content filtering

The _________ and protections you put in place are the way you mitigate and manage your risk.

countermeasures

In Registry, each folder icon is called a hive and hives contain ________. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: String, Binary, and DWORD.

keys

Anti-virus scanners use three basic methods of operation to find, prevent, and disinfect programs and files. They look for infections by __________ viruses using the database of signature files; they monitor changes, or attempted changes, to files and programs; and they scan for suspicious activity by using rules-based logic.

known

IDS compares traffic of __________ patterns in a database, so if your attacker is using a method not found in the database, or an unknown pattern of attack, there's a chance the attack won't be seen.

known

Many companies are finding that content filtering can help protect against the __________ of company secrets and proprietary information.

leakage

All keys need to be labeled and their distribution should be kept in a log. Keys that aren't needed every day should be kept in a key ______ or other safe environment.

locker

Have your system _____ the unsuccessful attempts at logging on because this can tell you if someone is trying to guess a password and is probably not authorized to use your system.

log

IDS send alerts and reports to the administrators based on what they are finding, so the administrators don't have to rely upon deciphering ___________ to see what's going on.

log entries

To harden your database: go through all the directories and make sure they have the appropriate permissions; disable the operating system back doors and mail capabilities; enable ____ and set for failed object assess and logons; control the distribution of database query tools in your organization.

logging

User Authentication means the VPN must be able to verify a user's identity and restrict access to only validated users. In addition, there must be a method of ________ access.

logging

Firewalls can send out alerts, and the _____ are helpful in trying to locate attacks. They are also good at controlling how your staff uses the Internet.

logs

Different ________ operate on different operating systems.

mail servers

Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The application, user, and transportation method are also queried and verified. The information is __________ so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.

maintained

Software-based VPNs mean a complete package is installed on a server dedicated to establishing and ________ VPN connections.

maintaining

After you ________ to the registry, you have to exit the registry editor and reboot for the changes to take effect.

make changes

A vulnerability assessment tool tests applications, computers, and network devices, such as routers and firewalls, for known flaws and weaknesses that can leave your systems susceptible to ___________.

malicious attacks

If your spreadsheet can run macro programs, it can be vulnerable to malicious code. Security ________ should be applied.

patches

To harden your database: go through all the directories and make sure they have the appropriate ____; disable the operating system back doors and mail capabilities; enable logging and set for failed object assess and logons; control the distribution of database query tools in your organization.

permissions

The leased line was a physical phone line laid between the two offices and the only connections allowed on it were the two ends of the networks. No one could dial in to the network and you had to have ________ to the line to be able to connect.

physical access

_________ should be "living" documents - meaning that they adapt to changes.

policies

The security training program should be attended by new hires and have an annual refresher course where at the end, the employee signs a statement indicating that he has _____ the training, understands it, and will comply with the rules.

received

A firewall is simply a pass/no-pass gateway. It either lets traffic through or turns it away. An IDS is better able to _________ attacks or misuse because they further examine the traffic that has been allowed through and is moving around your network.

recognize

The administrative account in UNIX is called _________.

root

The default installation of Apple OSX includes three accounts: root, administrator, and regular users. The root account allows you to do everything, just like the UNIX root account. The administrator account in Macs is restricted and does not have a full set of privileges like a root account does. The ____ account is not enabled by default.

root

Root and administrative level passwords are the keys to the kingdom for an intruder. System administrators with __________ have no access restrictions and the ability to make any sort of changes; should have the hardest passwords and the most stringent rules about changing and reusing them.

root privileges

A _______ examines the traffic coming in from the Internet and then uses a database of routes and rules to send the traffic to the correct section of your network. Traffic can be filtered by originating IP addresses, destination IP addresses, and/or ports.

router

Hardware-based VPNs mean these are encrypting ________.

routers

VPNs were created to address two different problems; the high cost of dedicated leased lines needed for branch office communications and the need to allow employees a method of ________ connecting to the headquarters networks when they were on business out of town or working from home.

securely

A good __________________ looks at your network as three separate layers: network, platforms, and processes.

security infrastructure

Firewalls do a majority of their work at the port and _____ level. They examine the ports and services in three basic ways: packet filtering, stateful inspection, and application proxying.

service

The Windows Operating System needs to be regularly maintained with fixes called patches, hotfixes, and ______.

service packs

Don't run __________ you don't need.

services

Anti-virus software consists of two parts: the scanning engine and the __________.

signature files

Many people update the __________ for the database but are unaware that the engine also needs updating.

signature files

IDS can't tell you what the _________ is of everything that is happening.

significance

Ad-hoc are packets that allow the clients to ________ to one another without having to go through the access point. These packets don't contain beacon data and are considered to be the same as data packets by the network.

speak

You need an ______ chart to know who everyone is and what their level of authority is in order to define their roles for access and control.

organization

An IDS is also expecting the attack to come at a certain _____, so if the attacker sends the data very slowly, for example, the IDS won't necessarily see the pattern.

pace

A frame is a much simpler construct than a packet and it does not have as much information in it as a packet has. Think of a frame as a burst of data rather than a ________ of data.

package

A frame is a much simpler construct than a ________ and it does not have as much information in it as a packet has. Think of a frame as a burst of data rather than a package of data.

packet

IPSec works at Layer 3 of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A ________ has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.

packet

Ad-hoc are packets that allow the clients to speak to one another without having to go through the access point. These ________ don't contain beacon data and are considered to be the same as data packets by the network.

packets

Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (__________). The application, user, and transportation method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.

packets

GRE is a method for wrapping ________ so that the original addresses are hidden.

packets

The L2TP protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer 2 of the OSI model, the Datalink Layer. L2TP does not use________ to transmit data, it uses frames.

packets

Have your system log the unsuccessful attempts at logging on because this can tell you if someone is trying to guess a _____ and is probably not authorized to use your system.

password

___________ are programs that use a combination of logic and dictionary words to crack encrypted password files.

password crackers

The hardware checklist should have columns for hardware name, number of items, type and _________.

password protection

The only way you can fix the problems with SSL is to obtain a ____ from the vendor of the Web server software.

patch

When Microsoft introduced macro scripting language, it allowed office programs to interchange data automatically and seamlessly. A number of recent worms and viruses have taken advantage of these vulnerabilities. This product needs to be ______.

patched

Software companies are aware that security holes exist and are fairly responsible in releasing fixes in a timely manner, called bug fixes, hot fixes, _______, and sometimes updates.

patches

IDS _________ works similar to the way that anti-virus software does. The IDS contains a large database of known attacks and creates a signature of these attacks. When data is captured, IDS looks for patterns in that data.

pattern matching

IDS uses two methods for analysis: _________ and anomaly detection.

pattern matching

A _____________ is an effective method of determining your vulnerability level to attacks. It is usually done by a professional tester who uses software, including hacking tools to attempt to penetrate your network from the outside.

penetration test

A host-based IDS system is more concerned with who has ________ to do what and how often. Because of this, these systems are normally used to monitor the conditions on the internal network rather than traffic coming through the firewall.

permission

You need ___________ from the higher-ups before starting work on network security. Set a schedule, give them updates and progress reports, ask them to give you feedback. The more they are included, the more likely they are to work with you, rather than against you.

permission and support

In Apple OS X, when a user runs a program, the program uses the user's ____ to accomplish whatever task it's being asked to perform. Sometimes a program needs to have more permissions that the user has. A method has been set up to temporarily give the program the permission it needs: you give the program a SUID (System User ID) or a SGID (System Group ID). The operating system automatically sets these permissions.

permissions

When your user account was created, you were given certain authorizations on the system to enable you to do your job. These authorizations are also called ______.

permissions

In the security infrastructure, the __________ layer involves the different operating systems that your servers and desktop machines use to run.

platforms

Keep all __________ simple, organized, and in one place.

policies and procedures

When a virus infects a program, it generally changes the size of that program. To track those changes, the known size of each executable program is computed and stored in the __________ when the anti-virus product is first installed. These sizes are called checksums.

database

Web servers run on port 80 or port 8080, so you may need to do a ________ of your network to determine if you have any unauthorized Web servers up and running. Web servers that aren't needed should be disabled because Web servers open big security holes in all networks.

port scan

__________ send queries across the network, enabling you to see what protocols and ports are open on all the connected computers.

port scanners

A router examines the traffic coming in from the Internet and then uses a database of routes and rules to send the traffic to the correct section of your network. Traffic can be filtered by originating IP addresses, destination IP addresses, and/or _______.

ports

Anti-virus scanners use three basic methods of operation to find, __________, and disinfect programs and files. They look for infections by known viruses using the database of signature files; they monitor changes, or attempted changes, to files and programs; and they scan for suspicious activity by using rules-based logic.

prevent

Clients that want to join a wireless network will send a request for a ________ packet from the access point. If the access point will allow the request, it responds with a probe packet. This data is not encrypted when encryption is enabled.

probe

Clients that want to join a wireless network will send a request for a probe packet from the access point. If the access point will allow the request, it responds with a ________ packet. This data is not encrypted when encryption is enabled.

probe

Security policies are the rules that everyone must follow and the __________ are how the rules will be put in place and enforced.

procedures

To manually _____ a machine, you may have to change registry settings or reinstall a portion, if not all, of the operating system,

disinfect

In Apple OS X, when a user runs a program, the program uses the user's permissions to accomplish whatever task it's being asked to perform. Sometimes a ____ needs to have more permissions that the user has. A method has been set up to temporarily give the program the permission it needs: you give the program a SUID (System User ID) or a SGID (System Group ID). The operating system automatically sets these permissions.

program

Network-based IDS can be set to listen only for traffic destined for the particular segment of the network on which it resides, or they can be set to ________, so they listen to all traffic sent to all segments.

promiscuous mode

Most routers have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as ______ or access control lists (ACL). Routers maintain logs of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based interfaces to make configuration easier.

filters

Anti-virus scanners use three basic methods of operation to __________ , prevent, and disinfect programs and files. They look for infections by known viruses using the database of signature files; they monitor changes, or attempted changes, to files and programs; and they scan for suspicious activity by using rules-based logic.

find

All anti-virus scanners work with a database that contains information about viruses; this information is called the virus ______. The database needs to be updated frequently so that it contains the most up-to-date virus information.

fingerprint or signature

A ________ software computer, dedicated to detecting and preventing unauthorized entry into the network, needs to be kept up to date with upgrades and patches.

firewall

A _________ is simply a pass/no-pass gateway. It either lets traffic through or turns it away. An IDS is better able to recognize attacks or misuse because they further examine the traffic that has been allowed through and is moving around your network.

firewall

In a _________, a proxy is a transparent intermediary that works between two connections.

firewall

IDS anomaly detection is like the _________ used in anti-virus software. Anomaly detection uses algorithms to create a sense of "logic" of what it sees happening. Because pattern matching can be defeated by completely new and previously unrecorded attacks, anomaly detection is added in response to that problem.

heuristics

The anti-virus database is based upon existing viruses and behaviors previously seen. This is a significant weakness of anti-virus products that vendors try to overcome with the use of ______- a method of anticipating and examining behaviors.

heuristics

A network-based IDS looks at traffic indiscriminately on the network, a ________ IDS system has sensors placed on one or more hosts (individual computers) on the network. Instead of capturing all traffic, this IDS system gathers information from logs that are stored on specific hosts and does some analysis of traffic.

host-based

A _____ is a little bit more substantial than a QFE Patch because some testing has been involved. A hotfix is not tested to see whether it is backwardly compatible, and also a hotfix can cause problems with the operating system or other applications. You can remove a hotfix if it is found to cause problems.

hotfix

IDS monitors logs from your systems, watches network traffic, and attempts to _________ patterns that look like an attack.

identify

Most routers have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or access control lists (ACL). Routers maintain logs of successful and failed connections so you can check for ________. Many routers have Web-based interfaces to make configuration easier.

intrusion attempts

Firewalls, ________ systems, anti-virus software, and other extensive security measures are required to protect T1, T3, and OC-3 network connections.

intrusion detection

The platforms are all ________ by hardening their operating systems and having security patches applied.

protected

Part of ______ your network involves knowing where everything is but also who can access the hardware and software and who controls the access.

protecting

A VPN uses a special ________ to establish a virtual channel between two machines or two networks. The channel is actually a temporary direct session, this is what is commonly referred to as tunneling.

protocol

Oakley is a ________ used for exchanging secret keys.

protocol

LDAP is a set of ________ for computers to obtain information from one another, based on the X500 standard. In VPNs, LDAP is used for secret key information.

protocols

Multiprotocol Support means the VPN must be able to handle multiple protocols so data of different types can be shared. This includes ________ like SMTP, HTTP, telnet, and so on.

protocols

To harden your database: install only what is needed; change the ____ passwords on every account installed by default and use ____ passwords; and go through all the accounts on the database and manually lock out, expire, or disable accounts you don't need.

really strong

Clients that want to join a wireless network will send a ________ for a probe packet from the access point. If the access point will allow the request, it responds with a probe packet. This data is not encrypted when encryption is enabled.

request

User Authentication means the VPN must be able to verify a user's identity and ________ to only validated users. In addition, there must be a method of logging access.

restrict access

Your Web server should have its operating system hardened and security patches applied. The Web server needs to be configured for ______, which means disabling guest accounts, limiting access to directories, and applying necessary security patches.

security

If you have a budget for it, _______ are good at deterring theft and they keep a record of the comings and goings of staff.

security cameras

QFE patches are usually released to fix a bad bug in the program rather than a _____, and they are an example of "quick and dirty" programming. These patches are not rigorously tested, and you have no guarantees that they won't affect other parts of your system.

security hole

Some things to consider when defining your __________: viruses, web server security, server security, equipment theft, server room protection.

security requirements

If your company passes data between a remote connection and your network, you may want to consider setting up a VPN, which includes encryption, have a strong form of authentication such as _____, digital certificates, and biometrics (because logon IDs and passwords are easily cracked).

security tokens

The database server and Web server should always be on _________ computers. The reason for this is Web servers are easily hacked and databases are usually full of important information.

separate

Software-based VPNs mean a complete package is installed on a ________ dedicated to establishing and maintaining VPN connections.

server

The ______ should be in a locked, limited access room to prevent theft of the equipment and to prevent unauthorized changes to the configurations of the server

servers

____________ an unfinished folder of policies that sits on the shelf and never gets used because you tried to get everything written at once before releasing the document.

shelfware

A good computer security assessment team should have at a minimum a ________, head geek, and documenter.

team manager

Multiprotocol Support means the VPN must be able to handle multiple protocols so data of different types can be shared. This includes protocols like SMTP, HTTP, ________, and so on.

telnet

SSH is a secure form of ________ that encrypts the traffic.

telnet

In Apple OS X, when a user runs a program, the program uses the user's permissions to accomplish whatever task it's being asked to perform. Sometimes a program needs to have more permissions that the user has. A method has been set up to ____ give the program the permission it needs: you give the program a SUID (System User ID) or a SGID (System Group ID). The operating system automatically sets these permissions.

temporarily

Information warfare is a type of ____.

terrorism

(Result of ARO) x (EF) = ALE

the formula for the Annualized Loss Expectancy

An example of __________ infringement, any person who registers a domain name that consists of the name of another living person, or a name substantially and confusingly similar thereto, without that person's consent, with the specific intent to profit from such name by selling the domain name for financial gain to that person or any third party, shall be liable in a civil action by such person.

trademark

An IDS can look at all the ________ and draw a conclusion based on various factors - it's not just limited to certain types of traffic, but can look for patterns and changes.

traffic

Intrusion Detection Systems can be set up to examine the ________ on a single machine or on the entire network.

traffic

With IDS, the machine examines __________ and compares it to a database of known attack methods and then sends alerts when these conditions are met.

traffic

Do price comparison checks and shop around before you buy, don't forget ______ in addition to purchasing the product you often need to buy training for your staff. When it comes to training, don't skimp, it's usually well worth the cost.

training

___________ is important to get the people to go along with you. If they understand how and why they are more likely to follow the plans.

training

Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The application, user, and _______ method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.

transportation

A VPN uses a special protocol to establish a virtual channel between two machines or two networks. The channel is actually a temporary direct session, this is what is commonly referred to as ________.

tunneling

All anti-virus scanners work with a database that contains information about viruses; this information is called the virus fingerprint or signature. The database needs to be ______ frequently so that it contains the most up-to-date virus information.

updated

Software companies are aware that security holes exist and are fairly responsible in releasing fixes in a timely manner, called bug fixes, hot fixes, patches, and sometimes _______.

updates

Dangers to cable modems and ________ are similar: you are always connected, you have a static IP address, and you can remotely access the routers to configure the box.

DSL routers

In Registry, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: String, Binary, and ________.

DWORD

VPN has two main protocols L2TP and ________.

IPSec

Internet Security Association and Key Management Protocol

ISAKMP

________ VPNs mean a complete package is installed on a server dedicated to establishing and maintaining VPN connections.

Software-based

During the ______ section, you will notice that some things need to be changed and that brings you back to the first step, assessment.

audit

The computer security assessment team's documenter is responsible for all reports and documentation; must be ________; and must have a working knowledge of computing and networks.

detail-oriented

Telnet is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to access a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the password for telnet can be guessed or cracked, the intruder can telnet into your system, change configurations, or _____ unauthorized programs.

install

A Service Pack is the granddaddy of all bug fixes and security patches, because it has been extensively beta-tested for problems. You can feel fairly comfortable that _____ a service pack won't cause problems. You still have to check to see whether any security patches were released after the service pack was created, and you have to apply those separately.

installing

Firewalls don't protect your systems against _____, you need anti-virus software.

viruses

The anti-virus database is based upon existing viruses and behaviors previously seen. This is a significant ______ of anti-virus products that vendors try to overcome with the use of heuristics - a method of anticipating and examining behaviors.

weakness

The team will work together to identify the assets that need to be protected and will research and prepare the initial security plan that will describe ____________, how they should be protected, and the security roles and responsibilities of everyone in the company.

what needs to be protected

Firewalls use a combination of scanning methods to create a hybrid of its own. Hybrids typically include hard circuits between _________ that are not inspected, various levels of packet filtering, and more granularity in the stateful inspection and application of proxies.

networks

Apple OS X allows you to use a blank password on the root account. Never allow this to happen on your systems. A blank password equals ____ password, which means everyone can hack your machine.

no

There are many ways to secure a wireless network: strong ________, well-defined users' access lists, and various levels of encryption.

passwords

Using strong, hard-to-crack _________ is an easy line of defense against a breach of security.

passwords

The general term for a security hole fix is a _______.

patch

Most security designs only look at the network layer, add routers, firewalls and intrusion detection and consider the network secure. All the _____ is put into surrounding the network, and there's nothing to use as a defense if the perimeter is broken.

protection

Email filters can be used to move personal messages to specific mailboxes, move spam messages to the trash, and to __________ suspected virus bearing messages.

quarantine

Data is sent between computers. This is the only ________ that is encrypted when encryption is enabled.

traffic

Your ____ network card won't work on a computer that has a UFS partition.

Airport wireless

ISAKMP is the forerunner of ________.

IKE

SecureShell

SSH

UNIX File System

UFS

Enable _____ Virus Protection in all Microsoft Office programs.

Macro

Point to Point Tunneling Protocol

PPTP

Your Airport wireless network card won't work on a computer that has a ____ partition.

UFS

A ________ is a danger or something that can go wrong.

threat

Common Gateway Interface

CGI

VPN has two main ________ L2TP and IPSec.

protocols

A common threat to networks is ________.

virus infections

IPSec works at Layer _____of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.

3

In Apple OS X, to start SSH, open the Systems Preferences and click on Sharing. Then click on the Application tab and check the ____ remote login checkbox.

Allow

In Registry, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: String, ________, and DWORD.

Binary

____ is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand HTML and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.

CGI

_____ are small programs created to allow disparate programs, like Web servers and databases, to communicate and share information.

CGI

Children's Online Privacy Protection Act

COPPA

__________ is a rule from the FTC on the collection and distribution of information gathered from children under the age of 13. It states that there must be a means of verifying a child's age and that parental consent must be given to collect the data.

COPPA

Don't forget the Good, Fast, _____ Triangle.

Cheap

_____ laws protect the individual or companies from damages or loss and usually result in fines and restitution instead of jail time.

Civil

__________ software is able to search the contents of network traffic for messages or programs you don't want to come in.

Content filtering

With the ______ permission, you can create new files inside a folder and you can make changes to existing files.

Create Files/Write Data

In the ______ permissions, you can create new subfolders and you can add data to the end of an existing file. You cannot delete or change what is already in the file.

Create Folders/Append Data

In the _________ permissions, you can delete a file.

Delete

In the _________ permissions, you can delete a subfolder and its files, but not a main folder. You can use this even if you haven't been given Delete Permission on the main folder and each of the files within that folder.

Delete Subfolders and Files

In a ________, someone floods the computer with so many requests that the system can't respond to anything anymore.

DoS attack

_____________, means that if your network security is breached and your network is then used to attack another, you may be held liable for damages. Similar to someone stealing your gun and committing a crime with it.

Downstream liability

__________ filters can be used to move personal messages to specific mailboxes, move spam messages to the trash, and to quarantine suspected virus bearing messages.

Email

__________ is a security measure to protect the information in the database.

Encryption

You should never make changes to the Registry without saving a back-up of the current registry set. You can back-up the registry by choosing the ________ command.

Export Registry File

________ use a combination of scanning methods to create a hybrid of its own. Hybrids typically include hard circuits between networks that are not inspected, various levels of packet filtering, and more granularity in the stateful inspection and application of proxies.

Firewalls

_________ work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The application, user, and transportation method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.

Firewalls

An _______is also expecting the attack to come at a certain pace, so if the attacker sends the data very slowly, for example, the IDS won't necessarily see the pattern.

IDS

Don't forget the _____, Fast, Cheap Triangle.

Good

Rename or disable the built-in _____ account.

Guest

Hierarchical File System

HFS

In Apple OS X, the ____ file system has little to no local security.

HFS

Your Apple OS X must be formatted with ____ partitions if you want to use wireless networking on your Macs.

HFS

One of the most commonly overlooked method of attacking your network is the _________.

Human Element

In offices with ten or more people, ______ should be worn and color coded, to indicate which areas they are allowed to enter. Visitors and repair personnel should have visitor tags and should not be allowed to roam around unescorted.

ID tags

A firewall is simply a pass/no-pass gateway. It either lets traffic through or turns it away. An _________ is better able to recognize attacks or misuse because they further examine the traffic that has been allowed through and is moving around your network.

IDS

IKE is the protocol used for exchanging secret keys in ________.

IPSec

________ works at Layer 3 of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.

IPSec

________ means the VPN must be able to generate shared, secret keys with the remote users.

Key Management

The ________ program was set up to share information and incident reports between organizations and government agencies.

InfraGard

Do not enable _____ for email. It's only a matter of time before JavaScript viruses being to appear.

JavaScript

________ had two major disadvantages - they were very expensive and could be very slow.

Leased lines

A ____ is on the inside of the computer, but can be seen from the outside by the RJ-45 plug.

NIC

The L2TP protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and ________. L2TP works at Layer 2 of the OSI model, the Datalink Layer. L2TP does not use packets to transmit data, it uses frames.

NetBEUI

____ is an account management program in Apple OS X, that does a horrible job of protecting the passwords.

NetInfo

IPSec works at Layer 3 of the OSI model, the ________ Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.

Network

______ allow you to do certain things and prevent you from doing others. You use permissions in an operating system to set the levels of access. When you were hired, your level was access was given based on the type of transactions you needed to do on a daily basis.

Permissions

Rivest-Shamir-Adleman

RSA

Quick Fix Engineering

QFE

_____ patches are usually released to fix a bad bug in the program rather than a security hole, and they are an example of "quick and dirty" programming. These patches are not rigorously tested, and you have no guarantees that they won't affect other parts of your system.

QFE

A hotfix is a little bit more substantial than a _____ because some testing has been involved. A hotfix is not tested to see whether it is backwardly compatible, and also a hotfix can cause problems with the operating system or other applications. You can remove a hotfix if it is found to cause problems.

QFE Patch

Quality of Service

QoS

Remote Authentication Dial In User Service

RADIUS

The ______ permissions allows you to view the Hidden, Read-Only, and System attributes of a file.

Read Attributes

Some files have more attributes that are added by the application. The ______ permission allows you to see those too.

Read Extended Attributes

In the _________ permissions, you can see what permissions are set on a file or folder. Even if you don't have permission to do anything, you can see who does have permission.

Read Permission

In ________, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: String, Binary, and DWORD.

Registry

The ________ is a database used to store settings and options on Windows systems.

Registry

In Apple OS X, when a user runs a program, the program uses the user's permissions to accomplish whatever task it's being asked to perform. Sometimes a program needs to have more permissions that the user has. A method has been set up to temporarily give the program the permission it needs: you give the program a SUID (System User ID) or a ____. The operating system automatically sets these permissions.

SGID (System Group ID)

Multiprotocol Support means the VPN must be able to handle multiple protocols so data of different types can be shared. This includes protocols like ________, HTTP, telnet, and so on.

SMTP

Beacons continually broadcast by the access point with the ________ and the MAC address. These are sent so clients can find the network to join it. This data is not encrypted when encryption is enabled on the wireless network.

SSID

In Apple OS X, when a user runs a program, the program uses the user's permissions to accomplish whatever task it's being asked to perform. Sometimes a program needs to have more permissions that the user has. A method has been set up to temporarily give the program the permission it needs: you give the program a ____ or a SGID (System Group ID). The operating system automatically sets these permissions.

SUID (System User ID)

Apple OS X has included ____ in its default installation for a secure telnet program.

SecureShell (SSH)

Every once in a while, Microsoft assembles a collection of security updates into one patch, called a _____ or roll-up. A roll-up includes all the patches released before a certain date, but it does not include any changes that still have to be made manually.

Security Roll-up Patch

A _____ is considered by Microsoft to be pretty important, and therefore, the associated patch is fully tested prior to its release.

Security Update/ Security Bulletin

A _____ is the granddaddy of all bug fixes and security patches, because it has been extensively beta-tested for problems. You can feel fairly comfortable that installing a service pack won't cause problems. You still have to check to see whether any security patches were released after the service pack was created, and you have to apply those separately.

Service Pack

In Apple OS X, to start SSH, open the Systems Preferences and click on ____. Then click on the Application tab and check the Allow remote login checkbox.

Sharing

______ lists are important to know what you have and to ensure you possess all the legal licenses for software. You should list the maker, program, and version of the software as well as the number of copies you are using.

Software

Apple OS X has a small program called ____ which is included in System Preferences.

Software Update

_________ also supports connectionless protocols such as User Datagram Protocols (UDP), something that routers can't do.

Stateful inspection

In Apple OS X, to start SSH, open the ____ and click on Sharing. Then click on the Application tab and check the Allow remote login checkbox.

Systems Preferences

IPSec works at Layer 3 of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting ________ traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.

TCP/IP

The L2TP protocol allows the transmission of non-________ protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer 2 of the OSI model, the Datalink Layer. L2TP does not use packets to transmit data, it uses frames.

TCP/IP

The ________ stack is particularly vulnerable to a DoS attack.

TCP/IP

________is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to access a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the password for telnet can be guessed or cracked, the intruder can telnet into your system, change configurations, or install unauthorized programs.

Telnet

________ anti-virus software to see if it causes any conflicts with your email program. If it does, you will either have to change the email program you use, or not enable that particular feature of the anti-virus software.

Test

__________ is defined as information, including a formula, pattern, compilation, program, device, method, technique, or process.

Trade secret

___________ seem to focus on Microsoft systems and applications because of their widespread use, the ease of interoperability between programs, and the numerous security flaws.

Virus writers

The database server and _________ server should always be on separate computers. The reason for this is Web servers are easily hacked and databases are usually full of important information.

Web

CGI is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand HTML and a ____ doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.

Web server

If your __________ offers dynamic content, or if you are using it for e-commerce, you will also need at least one database server to hold and serve up the data to the Web server.

Web server

If your company has a need for a Web site, then you need at least one __________, depending on the amount of traffic you support.

Web server

One of the biggest mistakes you can make is to combine a _____ and a database on the same computer. Place a firewall between a Web server and a database server to make it harder for a malicious intruder to destroy your entire system.

Web server

Because ________ tend to handle high traffic volumes, it usually makes sense to put the Web server in a DMZ in front of the firewall so it doesn't add to the workload of the firewall.

Web servers

________ run on port 80 or port 8080, so you may need to do a port scan of your network to determine if you have any unauthorized Web servers up and running. Web servers that aren't needed should be disabled because Web servers open big security holes in all networks.

Web servers

Before securing your network, form an ________, where each member of the team has a good working knowledge of computing and networks and understands the value of a good computer security program.

assessment team

Do a risk assessment on your computer and network. List all your ______, figure out what those assets are worth and how much it would cost to replace them. Then decide how they need to be protected and how much that protection is going to cost. If you find that the protection costs more than the asset is worth, then you'll have to justify the expense of the protection or decide not to do it.

assets

After-hours ________ should be controlled to prevent theft and eliminate people as suspects if something goes missing at night or on the weekends.

access

Clients that want to join a wireless network will send a request for a probe packet from the ________ point. If the access point will allow the request, it responds with a probe packet. This data is not encrypted when encryption is enabled.

access

Part of protecting your network involves knowing where everything is but also who can _____ the hardware and software and who controls the access.

access

Telnet is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to ________ a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the password for telnet can be guessed or cracked, the intruder can telnet into your system, change configurations, or install unauthorized programs.

access

Most routers have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or ____________. Routers maintain logs of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based interfaces to make configuration easier.

access control lists (ACL)

There are many ways to secure a wireless network: strong passwords, well-defined users'________, and various levels of encryption.

access lists

Ad-hoc are packets that allow the clients to speak to one another without having to go through the ________. These packets don't contain beacon data and are considered to be the same as data packets by the network.

access point

To harden your database: install only what is needed; change the passwords on every account installed by default and use really strong passwords; and go through all the ____ on the database and manually lock out, expire, or disable accounts you don't need.

accounts

To be considered a true VPN, the service must support: data protection, user authentication, key management, ________, and multiprotocol support.

address management

Make a list of all ______accounts.

administrative

The default installation of Apple OSX includes three accounts: root, administrator, and regular users. The root account allows you to do everything, just like the UNIX root account. The ____ account in Macs is restricted and does not have a full set of privileges like a root account does. The root account is not enabled by default.

administrator

Not everyone in a corporate environment should have permission to install programs on their workstations. That responsibility is best left to system _________.

administrators

IDS send __________ to the administrators based on what they are finding, so the administrators don't have to rely upon deciphering log entries to see what's going on.

alerts and reports

AES is the encryption ________ used by the US Government.

algorithm

Diffie-Hellman is a cryptographic ________ used in VPNs.

algorithm

DES is one of the cryptographic ________ used in encryption. A stronger version is known as 3DES (Triple DES).

algorithms

The anti-virus scanning engine provides the user interface and a library of commonly used functions which consist of dozens of complex searching __________, CPU emulators, and various forms of programming logic. The engine determines which files to scan, which functions to run, and how to react when a suspected virus is found.

algorithms

Configure the anti-virus program to scan _____ files, not just executable programs. Viruses come in all sorts of files and just scanning executables isn't enough.

all

An __________ server usually stores a program to be used by numerous users.

application

Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The _________, user, and transportation method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.

application

The database __________ will also need to have its own security patches applied.

application

All ________ on all platforms have the appropriate security patches applied.

applications

A good computer security _______team should have at a minimum a team manager, head geek, and documenter.

assessment

Employee education and ¬¬¬¬¬________ is the only security mechanism that will work against social engineering.

awareness

All ______ tapes should be labeled and locked away. Archived tapes should be kept off premises.

back-up

________ don't prevent hacks or intrusions into your network, but they can help you recover in the case of such events.

backups

When an IDS is first installed, the anomaly detection portion starts to gather data to establish a ________ of behavior.

baseline

Many homes and some businesses now connect to the Internet with a _______ modem.

cable

Dangers to ________ and DSL routers are similar: you are always connected, you have a static IP address, and you can remotely access the routers to configure the box.

cable modems

Make a note of the make and model of ________ as this makes a difference in securing them.

cable modems

If you have the correct signatures in your database but the wrong version of the scanning engine, there's a good chance that your anti-virus program won't __________ important viruses.

catch

Employee ¬¬¬¬¬________ and awareness is the only security mechanism that will work against social engineering.

education

Do not base your security training on _______ messages. Most users are so inundated with junk that they don't even read the whole message.

email

The VPN exchanges a set of shared secrets to create an encryption key. The traffic traveling along the established channel is wrapped with an ________ package that has an address on the outside of the package. But the contents are hidden from view. Once the data reaches its destination, the wrapper is safely removed.

encrypted

All computers used for remote connections should be protected from unauthorized use such as enabling the BIOS password and ________ the data on laptops.

encrypting

Hardware-based VPNs mean these are ________ routers.

encrypting

AES is the ________ algorithm used by the US Government.

encryption

Beacons continually broadcast by the access point with the SSID and the MAC address. These are sent so clients can find the network to join it. This data is not encrypted when ________ is enabled on the wireless network.

encryption

DES is one of the cryptographic algorithms used in ________. A stronger version is known as 3DES (Triple DES).

encryption

If your company passes data between a remote connection and your network, you may want to consider setting up a VPN, which includes ______, have a strong form of authentication such as security tokens, digital certificates, and biometrics (because logon IDs and passwords are easily cracked).

encryption

There are many ways to secure a wireless network: strong passwords, well-defined users' access lists, and various levels of ________.

encryption

To harden your database: put your database behind a firewall; never put a Web server on your database; use ____ when possible; harden the OS that the database runs on; and apply security patches and upgrades as soon as they are available.

encryption

SSH is a secure form of telnet that ________ the traffic.

encrypts

____ SSL runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to https from http. SSL directs the traffic to the Web server to port 443 and ____ the data during the transmission.

encrypts

The VPN ________ a set of shared secrets to create an encryption key. The traffic traveling along the established channel is wrapped with an encrypted package that has an address on the outside of the package. But the contents are hidden from view. Once the data reaches its destination, the wrapper is safely removed.

exchanges

MPLS is used to divert traffic when there are ________ or bottlenecks in the network.

failures

If you install anti-virus software on your Internet ____________, the software can catch viruses coming in from outside connections.

gateway servers

A network-based IDS looks at traffic indiscriminately on the network, a host-based IDS system has sensors placed on one or more hosts (individual computers) on the network. Instead of capturing all traffic, this IDS system ________ from logs that are stored on specific hosts and does some analysis of traffic.

gathers information

Key Management means the VPN must be able to ________ shared, secret keys with the remote users.

generate

Before VPNs, if a company wanted to have a secure network connection to an office in another ________ location, they had one choice: a dedicated leased line.

geographic

The set of access criteria for your level of access is based on one of three models: the role, the ______, and the types of transactions.

group

In Apple OS X, you have to use the command line to create ____ and to set their privileges using the newgrp and chgrp commands.

groups

Apple OS X allows you to use a blank password on the root account. Never allow this to happen on your systems. A blank password equals no password, which means everyone can ____ your machine.

hack

The database server and Web server should always be on separate computers. The reason for this is Web servers are easily_________ and databases are usually full of important information.

hacked

___________ are computer terrorists. They keep you on edge because you don't know when or where they are going to strike.

hackers

The common hacker is also often involved in _________, which related to geopolitical conflicts and issues.

hactivism

Multiprotocol Support means the VPN must be able to ________ multiple protocols so data of different types can be shared. This includes protocols like SMTP, HTTP, telnet, and so on.

handle

The computer security assessment team's head geek is responsible for all _________with the computers; must understand basic vulnerability assessment; must have an in-depth knowledge of computing and networks; and must be able to communicate well with other team members.

hands-on work

The modem __________ signal is that somewhat annoying series of beeps, boops, and buzzing sounds that you hear when a modem is trying to complete a connection.

handshake

LDAP is a set of protocols for computers to obtain information from one another, based on the X500 standard. In VPNs, LDAP is used for secret ________ information.

key

To be considered a true VPN, the service must support: data protection, user authentication, ________, address management, and multiprotocol support.

key management

All _____ need to be labeled and their distribution should be kept in a log. Keys that aren't needed every day should be kept in a key locker or other safe environment.

keys

IKE is the protocol used for exchanging secret ________ in IPSec.

keys

Before VPNs, if a company wanted to have a secure network connection to an office in another geographic location, they had one choice: a dedicated ________.

leased line

The ________ was a physical phone line laid between the two offices and the only connections allowed on it were the two ends of the networks. No one could dial in to the network and you had to have physical access to the line to be able to connect.

leased line

One of the best security measures for all types of modems is to use long passwords that cannot be easily guessed and include numbers and both upper- and lower-cased __________.

letters

Permissions allow you to do certain things and prevent you from doing others. You use permissions in an operating system to set the ______ of access. When you were hired, your level was access was given based on the type of transactions you needed to do on a daily basis.

levels

The computer security assessment team's manager is responsible for determining the scope and direction of the security effort; acts as the _______between other members of the team and upper management; and must understand basic risk assessment.

liaison

The anti-virus scanning engine provides the user interface and a __________ of commonly used functions which consist of dozens of complex searching algorithms, CPU emulators, and various forms of programming logic. The engine determines which files to scan, which functions to run, and how to react when a suspected virus is found.

library

How can you convert an intangible such as security into dollars and cents? By looking at the cost of ________ and potential lost sales.

manpower

To harden your database: install only what is needed; change the passwords on every account installed by default and use really strong passwords; and go through all the accounts on the database and ____ lock out, expire, or disable accounts you don't need.

manually

The countermeasures and protections you put in place are the way you ______ and manage your risk.

mitigate

The computer security assessment team's documenter is responsible for all ___________; must be detail-oriented; and must have a working knowledge of computing and networks.

reports and documentation

LDAP is a set of protocols for computers to ________ information from one another, based on the X500 standard. In VPNs, LDAP is used for secret key information.

obtain

Before putting a computer _______, you should change the default account names and passwords and apply all security patches.

online

Each computer's _________ should be noted on the software checklist.

operating system

Many companies have a Web-hosting company to host their Web site or a co-location provider to house their computers for them at an external site. Make note of the ___________ and the application software and anything else that is running on this computer.

operating system

Your Web server should have its ______ hardened and security patches applied. The Web server needs to be configured for security, which means disabling guest accounts, limiting access to directories, and applying necessary security patches.

operating system

A hotfix is a little bit more substantial than a QFE Patch because some testing has been involved. A hotfix is not tested to see whether it is backwardly compatible, and also a hotfix can cause problems with the operating system or other applications. You can _____ a hotfix if it is found to cause problems.

remove

Lists are important to keep a ______ of what you've done and why you've done it: organization charts, hardware lists, software lists, network map, and building plans.

record

The security training program should be attended by new hires and have an annual _______ course where at the end, the employee signs a statement indicating that he has received the training, understands it, and will comply with the rules.

refresher

In order to make changes to the registry, you have to use a program called ____________.

regedit32.exe

The default installation of Apple OSX includes three accounts: root, administrator, and ____. The root account allows you to do everything, just like the UNIX root account. The administrator account in Macs is restricted and does not have a full set of privileges like a root account does. The root account is not enabled by default.

regular users

All computers used for ________ connections should be protected from unauthorized use such as enabling the BIOS password and encrypting the data on laptops.

remote

If your company passes data between a ______ connection and your network, you may want to consider setting up a VPN, which includes encryption, have a strong form of authentication such as security tokens, digital certificates, and biometrics (because logon IDs and passwords are easily cracked).

remote

Dangers to cable modems and DSL routers are similar: you are always connected, you have a static IP address, and you can ________ the routers to configure the box.

remotely access

The countermeasures and protections you put in place are the way you mitigate and manage your ______.

risk

Threat + vulnerability = _____

risk

Do a _________ on your computer and network. List all your assets, figure out what those assets are worth and how much it would cost to replace them. Then decide how they need to be protected and how much that protection is going to cost. If you find that the protection costs more than the asset is worth, then you'll have to justify the expense of the protection or decide not to do it.

risk assessment

The __________ should also take into account the dollar amount, replacement cost, loss of productivity, man-hours required for repair, and any data that is lost or corrupted.

risk assessment

The computer security assessment team's manager is responsible for determining the scope and direction of the security effort; acts as the liaison between other members of the team and upper management; and must understand basic __________.

risk assessment

If risk mitigation is like establishing a fortress against the enemy, __________ is like deciding not to go into battle at all.

risk avoidance

The key to good network security is to either eliminate your vulnerability or employ protection mechanisms to reduce your vulnerabilities. Also called ________________.

risk management

___________ considerations: weather, electrical damage, theft, vandalism, human error.

risk management

If __________is like establishing a fortress against the enemy, risk avoidance is like deciding not to go into battle at all.

risk mitigation

The set of access criteria for your level of access is based on one of three models: the ______, the group, and the types of transactions.

role

The team will work together to identify the assets that need to be protected and will research and prepare the initial security plan that will describe what needs to be protected, how they should be protected, and the security __________ of everyone in the company.

roles and responsibilities

Every once in a while, Microsoft assembles a collection of security updates into one patch, called a Security Roll-up Patch or roll-up. A _____ includes all the patches released before a certain date, but it does not include any changes that still have to be made manually.

roll-up

Apple OS X allows you to use a blank password on the ____ account. Never allow this to happen on your systems. A blank password equals no password, which means everyone can hack your machine.

root

The default installation of Apple OSX includes three accounts: ____, administrator, and regular users. The root account allows you to do everything, just like the UNIX root account. The administrator account in Macs is restricted and does not have a full set of privileges like a root account does. The root account is not enabled by default.

root

The default installation of Apple OSX includes three accounts: root, administrator, and regular users. The ____ account allows you to do everything, just like the UNIX root account. The administrator account in Macs is restricted and does not have a full set of privileges like a root account does. The root account is not enabled by default.

root

The cable modem itself is a simple ________.

router

The networks (internal and DMZ) are protected with security devices (________ and firewall).

router

Most _________ have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or access control lists (ACL). Routers maintain logs of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based interfaces to make configuration easier.

routers

Stateful inspection also supports connectionless protocols such as User Datagram Protocols (UDP), something that _________ can't do.

routers

Firewalls can examine an entire stream of data and not just the packet itself. Based on the content of the stream, the firewall makes a decision as to which application is being used to transmit the data. It then starts a restrictive version, like FTP or Telnet, in which ________ are set as to verify the user and the destination.

rules

Most routers have _____ that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or access control lists (ACL). Routers maintain logs of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based interfaces to make configuration easier.

rules

A machine that can be placed on its own network segment with protection measures between it and the internal network, but little or no protections between it and the outside is called a ___________.

sacrificial lamb

Anti-virus scanners use three basic methods of operation to find, prevent, and disinfect programs and files. They look for infections by known viruses using the database of signature files; they monitor changes, or attempted changes, to files and programs; and they __________ for suspicious activity by using rules-based logic.

scan

The anti-virus software's ___________ engine tells the software how and where to scan.

scanning

Anti-virus software consists of two parts: the ___________ and the signature files.

scanning engine

The anti-virus __________ provides the user interface and a library of commonly used functions which consist of dozens of complex searching algorithms, CPU emulators, and various forms of programming logic. The engine determines which files to scan, which functions to run, and how to react when a suspected virus is found.

scanning engine

The anti-virus scanner consists of two parts, the __________ and the database.

scanning engine

It's recommended to upgrade your anti-virus software at least once a week for the dat files and once a month for the ___________.

scanning engines

The computer security assessment team's manager is responsible for determining the _______ of the security effort; acts as the liaison between other members of the team and upper management; and must understand basic risk assessment.

scope and direction

Password protect ___________.

screen saver

In order for databases and Web servers to exchange data, you need to run small programs called ______.

scripts

Address Management means the VPN must be able to keep the IP addresses of the internal network ________.

secret

Key Management means the VPN must be able to generate shared, ________ keys with the remote users.

secret

Oakley is a protocol used for exchanging ________ keys.

secret

Apple OS X has included SecureShell (SSH) in its default installation for a ____ telnet program.

secure

Before VPNs, if a company wanted to have a ________ network connection to an office in another geographic location, they had one choice: a dedicated leased line.

secure

If personnel write programs for your company, it's important that they know how to write _________ code.

secure

SSH is a ________ form of telnet that encrypts the traffic.

secure

The security training program should be attended by new hires and have an annual refresher course where at the end, the employee ______ a statement indicating that he has received the training, understands it, and will comply with the rules.

signs

On the ________checklist there is a column for software license. If you do not have the correct number of licenses for the number of applications, you are in violation of software copyright laws.

software

There are three different types of VPNs: firewall-based, hardware-based, and ________ -based.

software

Your assets include hardware, ___________, and invested time.

software

If you're connected to the Internet via modem, chances are your vulnerability to hack attacks is quite small because you are not connected all the time and you do not have a set IP address (__________ IP address). Each time you connect, your ISP gives you a changing address (dynamic IP address).

static

Create ___________: use a nonsensical combination of letters, include a mix of upper-and lower-case letters, longer passwords are better, change your passwords regularly, set new passwords instead of reusing the same ones over and over, don't use a set of characters straight off the keyboard, and treat your passwords as top-secret information.

strong passwords

VLANs work with _________ rather than routers and are used to virtually split networks into segments.

switches

Data Protection means the data traveling on the public network (Internet) must be ________ by unauthorized users on the network.

unreadable

Multiprotocol Support means the VPN must be able to handle multiple ________ protocols so data of different ________ can be shared. This includes protocols like SMTP, HTTP, telnet, and so on.

types

The set of access criteria for your level of access is based on one of three models: the role, the group, and the ______.

types of transactions

Data Protection means the data traveling on the public network (Internet) must be unreadable by ________ users on the network.

unauthorized

In offices with ten or more people, ID tags should be worn and color coded, to indicate which areas they are allowed to enter. Visitors and repair personnel should have visitor tags and should not be allowed to roam around _________.

unescorted

Everyone on your network should have a _____ logon ID and a strong password.

unique

IDS compares traffic of known patterns in a database, so if your attacker is using a method not found in the database, or an ________ pattern of attack, there's a chance the attack won't be seen.

unknown

Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The application, ______, and transportation method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.

user

To be considered a true VPN, the service must support: data protection, ________, key management, address management, and multiprotocol support.

user authentication

The anti-virus scanning engine provides the __________ and a library of commonly used functions which consist of dozens of complex searching algorithms, CPU emulators, and various forms of programming logic. The engine determines which files to scan, which functions to run, and how to react when a suspected virus is found.

user interface

SSL has been a standard for a while now and is generally accepted as safe. However, some vulnerabilities have been discovered in the way that different Web server applications ____ the SSL session, and some buffer overflows have been discovered.

validate

In Registry, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as ________. The values contain the actual information stored in the registry. The registry includes three types of values: String, Binary, and DWORD.

values

User Authentication means the VPN must be able to ________ a user's identity and restrict access to only validated users. In addition, there must be a method of logging access.

verify

If you have the correct signatures in your database but the wrong _________ of the scanning engine, there's a good chance that your anti-virus program won't catch important viruses.

version

A VPN uses a special protocol to establish a ________ channel between two machines or two networks. The channel is actually a temporary direct session, this is what is commonly referred to as tunneling.

virtual


Ensembles d'études connexes

CH 4: The International Flow of Funds and Exchange Rates

View Set

Biology 101 midterm 1 study guide

View Set

G7 World Geography Ch14.1~Ch14.2 Northern Europe_Physical Geography, The British Isles

View Set

Federal Government Chapter 4 Exam

View Set

Channels of Distribution Match Up

View Set