SSIT

What is Raid 3

Bytes striped, dedicated parity disc

What is RAID 2

Bits striped, Hamming code for error detection

What is the difference between block cipher encryption and stream encruption

Block ciphers encrypt a whole block with a cipher then repeat, Stream encryption use the Xor operation and uses a dynamic stream of bits that does not repeat throughout the encryption process.

What is RAID 1

Blocks Mirrored no stripe no parity

What is RAID 0

Blocks Striped, No mirror, No parity

What is RAID 10

Blocks mirrored, and blocks striped

What is RAID 5

Blocks striped, Distributed parity

What is RAID 4

Blocks striped, dedicated parity disc

What is RAID 6

Blocks striped, two distributed parity blocks

What is BYOD, what problems does it cause

Bring Your Own Device, it causes problems because you have no uniformity in your architecture, devices may be unpatched, and running different software

What are the 2 types of full virtualization systems?

Native virtualisation and hosted virtualisation

What are the 2 types of full virtualization systems?

Native virtualization and hosted virtualisation

What additional steps are used to secure key applications?

Install and patch each application, to perform application specific configuration, enable encryption and generate keys and certificates if required

What properties mush a hash function have to be useful for message authentication

A hash function should always return the same result with the same data, so that If two people both hash the same file and return the same hash they can be confident that you both have the same message. If a single bit of data is changed, the hash should be dramatically changed.

Should we have software redundancy

??ASK JAMES

Define a DDoS attack

A Distributed denial of service attack uses multiple attacking systems, often using compromised user workstations or PC's. Large collections of such systems under the control of one attacker can be created, forming a botnet, but using multiple systems the attacker can significantly scale up the volume of traffic that can be generated. also by directing the attack through intermediaries, the attacker is further distanced from the target and significantly harder to locate and identify

What are the typical phases of operation of a virus or worm

A Dormant Phase, A propagation phase, a triggering phase, an execution phase

Define a buffer overflow

A buffer overflow is when you put more data into a buffer then it is anticipating which overwrites other parts of the stack

what is a public key certificate

A certificate created by a third party to verify that a user owns a public key they say they do. It consists of a public key and the user id.

What is a "drive-by-download" and how does it differ from a worm

A drive by download exploits browser vulnerabilities so that when the user views a webpage controlled by the attacker, it contains code that exploits some browser but to download and install malware on the system without the user's knowledge or consent. It differs from a worm since it does not actively propagate as a worm does but rather waits for unsuspecting users to visit the malicious web page in order to spread their systems.

3.8. Define the terms false match rate and false non match rate, and explain the use of a threshold in relationship to these two rates.

A false match is when an imposer's biometric data is declared by the system to be matched with the stored biometric data for a user. A false mismatch occurs when the system declares that the biometric data of a genuine user does not match the stored biometric data for that user, the rate refers to the probability of a false match or false mismatch

Define Defensive programming

A form of defensive design intended to ensure the continuing function of a piece of software in spite of unforeseeable usage of said software.

What is a one-way hash function

A function that takes an input and creates a hash of that input, this hash should be the same every time it gets this input and this hash cannot be reversed back to the original input.

Define race condition. State how it can occur when multiple processes access shared memory

A race condition occur when several processes, or threads within a process, simultaneously access the same shared memory without suitable synchronization. This result can be that the shared memory gets corrupted, or loses changes.

What is the difference between a private key and a secret key

A secret key is the key shared by both parties for symmetric encryption. A private key is the key used to decrypt a message encrypted via the paired public key.

4.4. In the context of access control, what is the difference between a subject and an object?

A subject is an entiry capable of accessing objects. An object is anything to which access is controlled.

State the difference between a SYN flooding attack and a SYN spoofing attack

A syn flooding attack involves sending lots of TCP SYN packets to overload a system, SYN spoofing attack involve sending TCP SYN packets to interfere with the way the system should be running, leading to packets being sent to the wrong places and/or intercepted by an attacker

What is a Trojan horse

A trojan is an apparently useful program or utility containing hidden code that, when invoked, performs some unwanted or harmful function

For the purpose of message authenticity verification, through the Internet by anybody

A trusted CA has to exist

What means can a worm use to access remote systems to propagate

A worm may access remote systems to propagate using: an electronic mail or instant messenger facility, file sharing, remote execution capability, remote file access or transfer capability, or a remote login capability

Define a poison packet attack

ARP Packet poisoning is a technique where an attacker sends spoofed ARP messages though a lan to associate the attackers mac address with the address of another host, such as the default gateway, causing redirection of traffic

One of the features listed below is not for server computer hardware.

Ability to connect to a variety of peripheral hardware

_____ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

Access control

List three design goals for a firewall

All traffic from inside to outside and vice versa must pass through the firewall. Only authorized traffic as defined by the local security policy is allowed to pass. The firewall itself is immune to penetration

What are the principal elements of an identity management app

Allocation of unique party identifiers, User profile and preferences, Users device management, Public key management

What are the principal elements of an identity management system?

Allocation of unique party identifiers, User profile and preferences, Users device management, Public key management

What are SSL a session and a SSL connection?

An ssl session is an association between a client and server, an ssl connection is a transport that provides a suitable type of service

What types of additional security controls may be used to secure the base operating system?

Anti-Virus software, host-based firewalls, IDS or IPS software, and to white-list applications

What types of packets are commonly used for flooding attacks

Any network packet can be used in a flooding attack, the most common being ICMP, UDP, TCP SYN

What are the principal ingredients of a public-key cryptosystem

Anyone should be able to encrypt data with your public key, only the authorised user should be able to decrypt the data, using the private key

What are included in the process of operating system security

Assess risks and plan the system deployment, Secure the underlying operating system and then the key applications, Ensure any critical content is secured, Ensure apprioriate network protection mechanisms are used, Ensure appropriate processes are used to mainain security

What are included in the process of operating system security?

Assess risks and plan the system deployment, Secure the underlying operating system and then the key applications, Ensure any critical content is secured, Ensure apprioriate network protection mechanisms are used, Ensure appropriate processes are used to mainain security

What encryption uses a pair of keys to encrypt and decrypt information/data

Asymmetric encryption

What are the 2 main functions of IPsec?

Authenicity through authentication header, and confidentiality through encryption

What are the main components of a Kerberos system?

Authentication Server,Ticket Granting Server

22.11. What are the two ways of providing authentication in IPsec?

Authentication only function, Authentication header, or a combined authentication/encryption function called Encapsulating security payload

What are the types of kerberos servers

Authentication servers, and ticket granting servers

Automation in installing operations and applications desktop computers has the following benefits, except for.

Automatically configuring user settings

DOS/DDOS undermines what security goal

Availability

_____ control controls how particular services are used.

Behavior

Define Shellcode

Code that you can pass as an argument in a function to take over a machine

What are the two broad categories for defenses against buffer overflows

Compile time defences and runtime defences

What are the 2 services provided by SSL Record Protocol?

Confidentiality and integrity

22.7. What services are provided by SSL Record Protocol?

Confidentiality via the shared secret key for encryption ssl payloads, message integrity via the handshake protocol that defines a shared secret key that is used to form a MAC

What is the CIA triad

Confidentiality, Integrity, Availability

What are the 3 key objectives of IT security

Confidentiality, Integrity, and Availability

12.10. Where is application and service configuration information stored on Unix and Linux systems

Configuration of applications and services on Unix and Linux systems is most commonly implemented using separate text files for each application and service. System wide configuration details are generally located in either the /etc directory, or in the installation tree for a specific application. Where appropriate, individual user configuration that can override the system defaults, are located in hidden "dot" files in each user's home directory.

Caesar Encryption uses

Confusion

What are the two goals of encryption

Confusion and Diffusion

What are the possible consequences of a buffer overflow occurring

Corruption of data, unexpected transfer of control, memory access violations, termination of program, denial of service, executing arbitrary code with the privileges of the attacked proces

What are the four broad categories of payloads that malware may carry

Corruption of system or data files Theft of a service in order to make the system a zombie agent of attack as part of a botnet Stealthing where the malware hides its presence on the system from attempts to detect to block it Attack agents.

How is cryptanalysis different from a brute force attack

Cryptanalysis is about discovering patterns within the crypto, whereas brute force is about trying all the possibilities to decrypt

A _________ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

Cryptanalytic

The assurance that data received are exactly as sent by an authorized entity is _____.

Data integrity

List the two important aspects of data authentication

Data needs to be authenticated so that the recipient is sure that is has come from the correct source, and that it has not been modified in any way by any malicious parties.

What are the ingredients of symmetric encryption

Decryption algorithm, Ciphertext, Encryption algorithm, Plaintext, Secret key, Public key

A ________ attack attempts to disable a user authentication service by flooding the service with numerous authentication attempts.

Denial-of-service

What are hot swappable devices, how do these types of devices contribute to the availability of a server system

Devices that can be replaces with 0 Downtime, these devices help your server to have minimal downtime

______access control controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do.

Discretionary

4.1. Briefly define the difference between DAC and MAC.

Discretionary access control controls access based on the identity of the requester and on access rules stating what they can and cannot do. Mandatory access control controls access based on comparing security labels with security clearances.

22.4. What is DKIM?

DomainKeys Identified Mail is a specification for cryptographically signing e-mail messages, permitting a signing domain to claim responsibility for a message in the mail stream.

During the _____ the virus is idle

Dormant phase

What does DHCP Stand for

Dynamic Host Configuration Protocol

What is IPSec

Encryption of packets

23.12. List the key elements of PKIX model.

End entity, Certification authority, registration authority, crl issuer, repository

3.7. In the context of biometric user authentication, explain the terms, enrollment, verification, and identification.

Enrollment is setting up the user with a password, where it will digitize the bio metric input then save it to the system, Verification is logging in with a username and using bio metrics as your password, Identification it only takes a password and compares that to the set of stored templates

What are the 4 functions supported by S/MIME

Enveloped Data, Signed Data, Clear-Signed data, Signed and enveloped data

What are the 4 functions supported by S/MIME?

Enveloped Data, Signed Data, Clear-Signed data, Signed and enveloped data

What are the 4 phases of SSL handshake protocol action?

Establishing, server sends certificates and keys, client sends certificates and key, change cipher suite and finish handshake protocol

List and briefly describe some of the defences against buffer overflows that can be implemented when running existing vulnerable programs

Executable Address Space protections, Address Space Randomization, placing guard pages between critical regions of memory in a process address space

What is the role of a helpdesk

Face of an IT dep/org, Interface between clients(outside) and IT department (inside)

3.6. List and briefly describe the principal physical characteristics used for biometric identification.

Facial characteristics, Fingerprints, Hand geometry, Retinal pattern, iris, signature, voice

A DoS attack targeting application resources typically aims to overload or crash its network handling software. (T/F)

False

A buffer overflow problem may exist in a program regardless of the programming language used to develop it, true or false

False

A macro virus infects executable portions of code. (T/F)

False

A server computer system has to shut down to replace its CPUs, even just 1 CPU, regardless if the CPU components are hot swappable or not. (T/F)

False

Contingency planning is a functional area that primarily requires computer security technical measures. (T/F)

False

Given sufficiently privileged access to the network handling code on a computer system, it is difficult to create packets with a forged source address. (T/F)

False

Identification is the means of establishing the validity of a claimed identity provided by a user. (T/F)

False

Metamorphic code is software that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics. (T/F)

False

The advantage of a stream cipher is that you can reuse keys. (T/F)

False

The attacker needs access to a high-volume network connection for a SYN spoof attack. (T/F)

False

The countermeasure to tiny fragment attacks is to discard packets with an inside source address if the packet arrives on an external interface. (T/F)

False

Threats are attacks carried out. (T/F)

False

Traditional RBAC systems define the access rights of individual users and groups of users. (T/F)

False

The ________ is inserted between the premises network and the Internet to establish a controlled link and to erect an outer security wall or perimeter to protect the premises network from Internet-based attacks.

Firewall

Breifly describe the four generations of anti-virus-software

First generation scan a signature to identify the malware Second generations use heuristic scanners to search for probable malware instances, or uses integrity checking to identify changed files. Third generation activity traps that identify malware by its actions rather than its structure in an infected program Fourth generation uses full-featured protection uses packages of a variety of anti-virus techniques used in conjunction, including scanning and activity trap components

________ attacks flood the network link to the server with a torrent of malicious packets competing with valid traffic flowing to the server.

Flooding

4.6. What is the difference between an access control list and a capability ticket?

For each object, an access control list lists users and their permitted access rights. A capability ticket specifies authorized objects and operations for a user

Since filtering needs to be done as close to the source as possible by routers or gateways knowing the valid address ranges of incoming packets, an _______ is best placed to ensure that valid source addresses are used in all packets from its customers.

ISP

What is the goals of the helpdesk from the outside

Friendly Face, Expectation management

A _______ flood refers to an attack that bombards Web servers with HTTP requests.

HTTP

what are the advantages to hardware RAID

Hardware raid puts less strain on the CPU

What is the issue with hot backups with busy servers

Hot backups require processing which takes usage away from the server and ups the load upon the server

From an attackers's perspective, what are the drawbacks of a classic ping flood attack

ICMP packets are often blocked by firewall rules, they can only be used for flooding and not spoofing, and it is easier to detect

List four characteriscs used by firewalls to control access and enforce a security policy

IP address and protocol values, Application protocol, user identity, network activity

Define a reflection attack

In a reflection attack, the attacker sends a network packet with a spoofed source address to a service running on some network server, that responds to the spoofed source address that belongs to the actual attack target. If the attacker sends a number of such spoofed requests to a number of servers, the resulting flood of responses can overwhelm the target's network link

What are the three broad mechanisms that malware can use to propagate

Infection of existing executable or interpreted content by viruses that is subsequently spread to other systems Exploit of software vulnerabilities either locally or over a network by worms or drive by downloads to allow the malware to replicate Social engineering attacks that convince users to bypass security mechanisms to install trojans, or to respond to phishing attacks

What are the steps taken in the process of operating system hardening?

Install and patch the operating system. Harden and configure the operating system to adequately address the identified security needs of the system by: Removing unnecessary services, applications, and protocols. Configuring users, groups, and permissions. Configuring resource controls. Install and configure additional security controls, such as anti-virus, hostbased firewalls, and intrusion detection systems (IDS), if needed. Test the security of the basic operating system to ensure that the steps taken adequately address its security needs

What does DHCP do

It is a client/server protocol to provide IP hosts with its IP address dynamically. It works by storing and finding

23.4. What is X.509 and what is the role of a CA in X.509?

It is a format for public-key certificates, it is used in IPSEC, SSL, SET, and S/MIME. Each certificate links a public key with the identity of the key's owner, with the whole block signed by a trusted third party certification authority

What are the 3 benifits of automation in loading system software and application software

It minimises chance for human error, it is a lot faster, it makes evert stem the same

22.3. Why is radix-64 conversion useful for an email application?

It provides security to email, can be used to encrypt where only ascii can be sent

What are included in security maintenance?

Monitoring and analyzing logging information Performing regular backups Recovering from security compromises Regularly testing system security Using appropriate software maintenance processes to patch and update all critical software, and to monitor and revise configuration as needed

What is the main drawback of symmetric cryptography

Key distribution is difficult

What are included in security maintenance

Monitoring and analyzing logging information, Performing regular backups, Recovering from security compromises, Regularly testing system security, Using appropriate software maintenance processes to patch and update all critical software, and to monitor and revise configuration as needed

What are the uses of asymmetric encryption

Key management and digital certificates

12.15. What is the main host firewall program used on Linux systems?

Linux systems primarily now use the iptables program to configure the netfilter kernel module. This provides comprehensive, though complex, stateful packet filtering, monitoring and modification capabilities.

What is the main difference between a worm and a zombie

Machine executable viruses infect executable program files to carry out their work in a manner that is specific to a particular operating system, and in some cases, specific to a particular hardware platform. Macro viruses infect files with macro or scripting code that is used to support active content in a variety of user document types, and is interpreted by an application

What are the parts to security management

Management, Operation, Technology

What is the aim of system security planning?

Maximizing security whilst minimizing costs. It needs to determine the security requirements for the system, its applications and data, and of its users.

3.5. Explain the difference between a simple memory card and a smart card.

Memory cards can store but not process data, smart cards have a microprocessor

What is the point of removing unnecessary services, applications, and protocols?

Minimising the amount of software that can run, since if less software is available to run, then the risk that it may contain vulnerabilities is reduced.

________ code refers to programs that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.

Mobile

_____ relates to the capacity of the network links connecting a server to the wider Internet.

Network bandwidth

Upon receiving a service ticket, will a client be able to read, modify, and understand the content of a ticket

No, the ticket is encrypted via DES with a secret key shared by the AS and the server. Thus no one can tamper with the ticket

Upon receiving a service ticket, will a client be able to read, understand, or modify the content of the ticket?

No, the ticket is encrypted via DES with a secret key shared by the AS and the server. Thus no one can tamper with the ticket

3.2. List and briefly describe the principal threats to the secrecy of passwords.

Offline dictionary attack, Specific account attack, popular password attack, password guessing against a single user, workstation hijacking, exploiting user mistakes, exploiting multiple password use, electronic monitoring

What is the problem with virtualisation

One more layer to secure, trusted platform module, the application of encryption to files and data

How can a public-key encryption be used to distribute a secret key

One person can generate the secret key, then encrypt it with the other person's public key, then that person can decrypt it with their private key.

What are the two principal requirements for the secure use of symmetric encryption

Only authorised parties should have access to the keys, and without the keys the ciphertext should take an unfeasible amount of processing to bruteforce.

What is the difference between active and passive attacks

Passive attacks have to do with eavesdropping on, or monitoring transmissions. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems

What are the desirable characteristics of a server computer system

Performance, Reliability, Availability

What defences are possible against a DNS amplification attack

Prevent the use of spoofed source addresses

Describe some malware countermeasure elements

Prevention Detection Identification Removal

_____________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Privacy

_____ is based on the roles the users assume in a system rather than the user's identity.

RBAC

12.14. What effect do set user and set group permissions have when executing files on Unix and Linux systems?

Programs that set user (setuid) to some user (even root, the superuser), or set group (setgid) to some group on Unix and Linux systems execute with the specified user's rights, or with access to resources belonging to the group, no matter which user executes them.

What are the pros and cons of automated patching?

Pros: minimizes window of opportunity for attackers when new vulnerabilities are found; is convenient, especially if automated Cons: patches sometimes introduce instability, especially on change controlled systems

What is nonrepuditation

Provides protection against denial by one of the entities involve in a communication having participated in all or part of the communication

What defenses are possible against nonspoofed flooding attacks? Can such attacks be entirely prevented?

Provision of significant excess network bandwidth and replicated distributed servers, particularly when the overload is anticipated

List and briefly define three uses of a public-key cryptosystem

Public key cryptosystems allow you to send data and be sure no one other than the holder of the private key paired with the public key you encrypted with has access to your data. You can securely exchange secret keys via public key crypto, and use it to create a digital signature.

What is the lifecycle of systems

Purchasing, Initial loading of software(OS + apps), Configuring, Maintaining, Updating(one, some, many), retiring

What information is used by a typical packet filtering firewall

Source IP address, Destination IP address, Source and destination transport-level address, IP protocol field, Interface

_____ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n.

RSA

What raid system fully utilizes all 3 hard disks

Raid 5

State the main technique used by a defensive programmer to validate assumptions about program input

Regular Expressions

What is the key objective of server computers

Reliability and Performance provided with the help of redundancy

_______ access control controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles

Role-Based

4.2. How does RBAC relate to DAC and MAC?

Role-Based access control controls access based on the rols that users have within the system and on rules stating what accesses are allowed to users in given roles. RBAD may have a discretionary or mandatory mechanism

What are the differences between S/MIME and DKIM?

S/MIME is for user involement, DKIM is for less user involvement

What is the difference between S/MIME and DKIM

S/MIME is for user involvement, DKIM uses less user involvement

22.6. What is the difference between an SSL connection and SSL session?

SSL Connection is a transport that provides a suitable type of service. SSL Session is an association between a client and a server, sessions are created by the handshake protocol, sessions define a set of cryptographic security parameters, which can be shared among multople connections.

22.5. What protocols comprise SSL?

SSL handshake protocol; SSL change cipher spec protocol; ssl alert protocol; SSL record protocol

The _____ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections.

SYN spoofing attack

_____ control determines the types of Internet services that can be accessed, inbound or outbound. (T/F)

Service

_____ attempts to monopolize all of the available request handling threads on the Web server by sending HTTP requests that never complete.

Slowloris

What are the advantages to software RAID

Software RAID is more flexible and cheaper than hardware RAID

What is the basis of OS security

Solid foundation and minimum exposure

What mechanisms can a virus use to concel itself

Some mechanisms a virus can use to conceal itself include: encryption, stealth, polymorphism, metamorphism

What are the 4 characteristics used for authentication

Something the individual has, knows, does, is

Authentication by human faces is a type of

Something the individual is

3.1. In general terms, what are four means of authenticating a user's identity?

Something the individual knows, possess, is, does

An intruder transmitting packets from the outside with a source IP address field containing an address of an internal host is known as IP address _______

Spoofing

List the three distinct types of locations in a process address space that buffer overflow attacks typically target

Stack, Heap, Data

The four broad catagories of payloads that malware may carry are

Stealthing, System corruption, Information theft, Attack Agents

Which is faster, Symmetric or assymetric

Symmetric

_____ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

System Integrity

13.4. What is the principal difference between the BLP model and the Biba model?

The BLP model deals with confidentiality and is concerned with unauthorized disclosure of information. The biba models deals with integrity and is concerned with the unauthorized modification of data

23.2. Describe the requirements of a full-service Kerberos environment.

The Kerberos server must have the user ID and hashed password of all participating users in the database, the Kerberos server must share a secret key with each server.

Data integrity

The assurance that data received are exactly as sent by an authorized entity

What is Authentication:

The assurance that the communicating entity is who it claims to be

13.3. How is discretionary access control incorporated into the BLP models?

The ds-property

What are the two key elements that must be identified in order to implement a buffer overflow

The externally sourced data that can be used to create a buffer overflow and a space in memory that when corrupted can alter the flow of execution

A digital signature of a message is

The message's digest encrypted by the private key of the sender

Availability service

The property of a system or a system resource being accessible and usable upon demand by an authorized system entitry, according to performance specification for the system

What is Data confidentiality

The protection of data from unauthorized disclosure

23.11. What are some key problems with current public key infrastructure implementations?

The reliance on the user to make an informed decision when there is a problem verifying a certificate, the assumption that all of the CAs in the "trust store" are equally trusted, well managed, and apply equavalent policies, that different implementation in the various web browsers and operating systems use different "trust stores" and hence present different security views to users.

What is the transport mode of SSL, and what is the tunnel mode of SSL?

The transport mode is the SSL connection, the tunnel mode is the SSL session

A lack of automation in installing operating systems and applications onto desktop computers is justified if _____.

There are only a few computers

12.13. What commands are used to manipulate extended file attributes access lists in Unix and Linux systems?

These extended access rights on Unix and Linux systems are typically set and displayed using the getfacl and setfacl commands.

What is the difference between a packet filtering firewall and a stateful inspection firewall

Traditional packet filter makes filtering decisions on an individual packet basis and does not take into consideration any higher layer context. A stateful inspection packet filter tighetens up the rules for TCP traffic by creating a directory of outbound TCP coonnections, and will only allow incoming traffic to high numbered ports only for those packets that fit the profile of the entities in this directory

_____ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Traffic padding

During the _______ phase the virus is activated to perform the function for which it was intended.

Triggering

A desktop computer does not have the required features of performance and reliability to behave as a server computer system. However, a large number of the desktop computers can be built to deliver both performance and reliability. (T/F)

True

A logic bomb is the event or condition that determines when the payload is activated or delivered. (T/F)

True

A logical means of implementing VPN is in a firewall. (T/F)

True

Computer security is protection of the integrity, availability, and confidentiality of information system resources. (T/F)

True

Data integrity assures that information and programs are changed only in a specified and authorized manner. (T/F)

True

Distributed firewalls protect against internal attacks and provide protection tailored to specific machines and applications. (T/F)

True

In a corporate environment, it is desirable to store as much user data as possible to a file server. (T/F)

True

Packet sniffers are mostly used to retrieve sensitive information like usernames and passwords. (T/F)

True

SYN-ACK and ACK packets are transported using IP, which is an unreliable network protocol. (T/F)

True

The more critical a component or service, the higher the level of availability required. (T/F)

True

The primary role of the personal firewall is to deny unauthorized remote access to the computer. (T/F)

True

The source of the attack is explicitly identified in the classic ping flood attack.(T/F)

True

X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications. (T/F)

True

What is the key objective of desktop computers

Uniformity is the key and achieved through automation

12.11. What type of access control model do Unix and Linux systems implement?

Unix and Linux systems implement discretionary access control (DAC) to all file system resources, including not only files and directories, but devices, processes, memory and indeed most system resources.

12.17. How is a chroot jail used to improve application security?

Unix and Linux systems provide a mechanism to run services in a chroot jail, which restricts the servers view of the file system to just a specified portion, and helps contain the effects of a given service being compromised or hijacked.

_____ control controls access to a service according to which user is attempting to access it.

Useer

What are the 4 layers of a computer system

User Applications and Utilities, Operating System Kernel, BIOS / SSM, Physical Hardware

What are the 4 layers of a computer system?

User Applications and Utilities, Operating system kernel, BIOS/SSM, Physical Hardware

3.4. List and briefly describe four common techniques for selecting or assigning passwords.

User education, Computer generated passwords, reactive password checking, proactive password checking

What defenses are possible against a TCP SYN spoofing attack

Using a modified version of the TCP connection handling code, which instead of saving the connection details on the server, encodes critical information in a "cookie" sent as the servers initial sequence number

A _________ uses encryption and authentication in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet.

VPN

A computer _______ is a piece of software that can "infect" other programs or any type of executable content and tries to replicate itself.

Virus

What are the questions asked in security managment

What assets do we need to protect, how are these assets threatened, what can we do to counter these threats, Who accesses which resources in what way

Define stack smashing

When the stack gets overwritten

What is native virtualisation

Where all apps are run through virtualization

What is hosted virtualisation

Where the virtualization is an application and the system can have applications not in the virtualisation

What is the goals of the helpdesk from the inside

Workflow, Workflow Management

List some compile time defences

Writing in a high level language, using safe coding conventions, using stack protections, and only using language extensions and libraries that have been whitelisted

List and briefly describe some of the defences against buffer overflows that can be used when compiling new programs

Writing programs in a modern high-level programming language that is not vulnerable to buffer overflow attacks; using safe coding techniques to validate buffer use; using language safety extensions and/or safe library implementations; or using stack protection mechanisms

Does a virus and a worm share characteristics

Yes, they can be difficult to separate the two categories of malware completely

Describe how a stack buffer overflow is implemented

You send so much data to a buffer that it overflows into the stack, at which point you overwrite a point in the stack which will be executed, and then send it instructions

A(n) _____ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.

countermeasure

In a one-way function what does the addition of salt ensure

all hashed passwords are different

22.10. What is an IPsec security association?

an IPSec security association is a one way relationship between a sender and a receiver that affords security services to the traffic carried on it. IF a peer relationship is needed, for two-way secure exchange, then two security association are required. Security services are afforded to a SA for the use of an Authentication header or Encapsulating Security Payload

What are the basic steps needed in the process of securing a system?

assess risks and plan the system deployment, secure the underlying operating system and then the key applications, ensure any critical content is secured, ensure any appropriate network protection mechanisms are used, ensure appropriate processes are used to maintain security

An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) _____.

attack

The four lines of defense against DDoS attacks are: attack prevention and preemption, attack detection and filtering, attack source traceback and identification and ________

attack reaction

RAID increases

availability

A ________ processes the plaintext input in fixed-size blocks and produces a block of ciphertext of equal size for each plaintext block.

block cipher

A loss of _____ is the unauthorized disclosure of information.

confidentiality

Masquerade, falsification, and repudiation are threat actions that cause _____ threat consequences

deception

The _____ prevents or inhibits the normal use or management of communications facilities.

denial of service

A __________ attack is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units, memory, bandwidth, and disk space.

denial-of-service

When can a buffer overflow attack be carried out against a system

during execution

Voice pattern, handwriting characteristics, and typing rhythm are examples of ________ biometrics

dynamic

A threat action in which sensitive data are directly released to an unauthorized entity is _____.

exposure

A zombie is a worm true or false

false

A server appliance is a purposely built server computer system _____.

for a particular task (service) only

Randomizing the allocation of memory on the heap makes the possibility of predicting the address of targeted buffers extremely difficult, thus thwarting the successful execution of some _____ attacks.

heap overflow

A _____ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

high

State similarities and differences between command injection and SQL injection attacks

in command injection the unchecked input is used in the construction of a command that is executed by the system. In an SQL injection attack the user supplied input is used to construct a SQL request to retrieve information from a database

The principle of _______ strongly suggests that programs should execute with the least amount of privileges needed to complete their function.

least privelige

An example of _____ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.

masquerade

Is a password sent over the network for authentication purpose in a Kerberos system?

no it encrypts a ticket using the users password as a key instead so only the user can decrypt the ticket

Is a password sent over the network for authentication purpose in a kerberos system

no it encrypts a ticket using the users password as a key instead so only the user can decrypt the ticket

13.2. What are the three rules specified by the BLP model?

no read up: a subject can only read an object of less or equal security level no write down: a subject can only write into an object of greater or equal security level. ds-property: an individual may grant to another individual access to aa document based on the owner's discretion, constrained by the MAC rules.

A ___________firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.

packet filtering

A(n) _____ is an attempt to learn or make use of information from the system that does not affect system resources

passive attack

A _____ consists of a set of computers that interconnect by means of a relatively unsecure network and makes use of encryption and special protocols to provide security.

proxy

3.3. What are two common techniques used to protect a password file?

restrict access to the password file using access control measures, forcing users to select passwords that are difficult to guess

A _____ is any action that compromises the security of information owned by an organization.

security attack

The ________ IP address is the IP address of the system that originated the IP packet

source

In reflection attacks, the _________ source address directs all the packets at the desired target and any responses to the intermediar

spoofed

A helpdesk is where end users get help with their IT related issues, and therefore,

the help desk is the interface between end users and the IT department

The boot disk of a server computer system should be mirrored so that _____.

the performance and reliability of the computer system can be improved

What is Access control

the prevention of unauthorized use of a resource, under what conditions can occur and what those accessing the resource are allowed to do

The size of the enciphered text of a good encryption should be _____ the size of the original text.

the same as

TCP uses the _____ to establish a connection.

three-way handshake

RBAC may have DAC and/or MAC mechanisms true or false

true

What is not a desirable characteristic of a server computer system

uniformity

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) _____.

vulnerability

What is defined in a Heldesk coverage scope

what, who, where, when, how long

What are the basic steps needed to secure the base operating system?

•install and patch the operating system •harden and configure the operating system to adequately address the identified security needs of the system by: removing unnecessary services, applications, and protocols configuring users, groups and permissions configuring resource controls •install and configure additional security controls, such as anti-virus, •host-based firewalls and IDS, if needed •test the security of the basic operating system to ensure that the •steps taken adequately address its security needs

12.9. What steps are used to maintain system security?

•monitoring and analyzing logging information •performing regular backups •recovering from security compromises •regularly testing system security •using appropriate software maintenance processes to patch and •update all critical software, and to monitor and revise configuration as needed