Computer Networking Semester 2 Unit 9

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Common Elements of Security Policies

-antivirus and other malware protection for servers and desktops -Backup procedures -physical security of servers and network devices

Open security policies

-these policies consist of simple or no passwords, unrestricted access to resources, and probably no monitoring and auditing -this type of policy might make sense for a small company with the main goal of making access to network resources easy -sensitive data might be kept on workstations that are backed up regularly and physically inaccessible to their employees

rogue DHCP server

A DHCP service running on a client device that could be used to implement a MitM attack by configuring the attacker's IP address as the victim computers' default gateway or DNS server.

DRDoS (distributed reflection DoS) attack

A DoS attack bounced off of uninfected computers, called reflectors, before being directed at the target.

Asset tracking tags

A barcode or wireless-enabled transmitter used to track the movement or condition of equipment, inventory, or people.

asset tracking tag

A barcode or wireless-enabled transmitter used to track the movement or condition of equipment, inventory, or people.

more likely to attract customers, partners, and investors

A company that can demonstrate its information systems are secure is...

honeypot

A decoy system isolated from legitimate systems and designed to be vulnerable to security exploits for the purposes of learning more about hacking techniques or nabbing a hacker in the act.

key fob

A device or app that provides remote control over locks and security systems.

security policy

A document or plan that identifies an organization's security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. In addition, it specifies how to address security breaches.

PUA (privileged user agreement)

A document that addresses the specific concerns related to privileged access given to administrators and certain support staff.

badge

A form of identification that includes the person's name and perhaps a photo, title, or other information.

SHA (Secure Hash Algorithm)

A hash algorithm originally designed by the NSA to eliminate the inherent weaknesses of the older MD5 hash. The most recent iteration is SHA-3, developed by private designers for a public competition in 2012.

logic bomb

A malicious program designed to start when certain conditions are met.

logic bombs

A malicious program designed to start when certain conditions are met.

honeynet

A network of honeypots.

cipher lock

A physical or electronic lock requiring a code to open the door.

cipher locks

A physical or electronic lock requiring a code to open the door.

phishing

A practice in which a person attempts to glean access or authentication information by posing as someone who needs that information.

penetration testing

A process of scanning a network for vulnerabilities and investigating potential security flaws.

Malware

A program or piece of code designed to intrude upon or harm a system or its resources.

malware

A program or piece of code designed to intrude upon or harm a system or its resources.

ransomware

A program that locks a user's data or computer system until a ransom is paid.

virus

A program that replicates itself to infect more computers, either through network connections when it piggybacks on other files or through exchange of external storage devices, such as USB drives, passed among users. Viruses might damage files or systems or simply annoy users.

DHCP snooping

A security feature on switches whereby DHCP messages on the network are checked and filtered.

Principle of least privilege

A security measure that ensures employees and contractors are only given enough access and privileges to do their jobs, and these privileges are terminated as soon as the person no longer needs them.

principle of least privilege

A security measure that ensures employees and contractors are only given enough access and privileges to do their jobs, and these privileges are terminated as soon as the person no longer needs them.

-be easy for ordinary users to understand and reasonably comply with -Be enforceable -clearly state the objective of each. policy so that everyone understands its purpose

A security policy should be...

insider threat

A security risk associated with someone who is or was trusted by an organization, such as an employee, former employee, contractor, or other associate.

DLP (data loss prevention)

A security technique that uses software to monitor confidential data, track data access and ownership, and prevent it from being copied or transmitted off the network.

back door

A software security flaw that can allow unauthorized users to gain access to a system.

back doors

A software security flaw that can allow unauthorized users to gain access to a system.

dictionary attack

A technique in which attackers run a program that tries a combination of a known user ID and, for a password, every word in a dictionary to attempt to gain access to a network.

vulnerability scanning

A technique to identify vulnerabilities in a network, with or without malicious intent.

CCTV (closed-circuit TV)

A video surveillance system that monitors activity in secured areas.

vulnerability

A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access to a network.

privileged user account

An administrative account on a device or network that gives high-level permissions to change configurations or access data.

security audit

An assessment of an organization's security vulnerabilities performed by an accredited network security firm.

posture assessment

An assessment of an organization's security vulnerabilities.

DoS (denial-of-service) attack

An attack in which a legitimate user is unable to access normal network resources because of an attacker's intervention. Most often, this type of attack is achieved by flooding a system with so many requests for services that it can't respond to any of them.

FTP bounce

An attack in which an FTP client specifies a different host's IP address and port for the requested data's destination. By commanding the FTP server to connect to a different computer, a hacker can scan the ports on other hosts and transmit malicious code.

ARP poisoning

An attack in which attackers use fake ARP replies to alter ARP tables in a network

DDoS (distributed DoS) attack

An attack in which multiple hosts simultaneously flood a target host with traffic, rendering the target unable to function.

amplified DRDoS attack

An attack instigated using small, simple requests that trigger very large responses from the target. DNS, NTP, ICMP, LDAP, and SNMP lend themselves to being used in these kinds of attacks.

PDoS (permanent DoS) attack

An attack on a device that attempts to alter the device's management interface to the point where the device is irreparable.

deauth (deauthentication) attack

An attack on a wireless network in which the attacker sends faked deauthentication frames to the AP, the client, or both (or as a broadcast to the whole wireless network) to trigger the deauthentication process and knock one or more clients off the wireless network.

DNS poisoning

An attack that alters DNS records on a DNS server, thereby redirecting Internet traffic from a legitimate web server to a phishing website.

MitM (man-in-the-middle) attack

An attack that relies on intercepted transmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic while in transit.

zero-day exploit

An attack that takes advantage of a software vulnerability that hasn't yet or has only very recently become public.

smart cards

An electronic access badge.

-ensure that rooms are available to house servers and equipment-rooms should have locks, adequate power receptacles, adequate cooling measures, and an EMI free environment -If a suitable room is not available, locking cabinets can be purchased to house servers and equipment in public areas -wiring from workstations to wiring cabinets should be inaccessible to eavesdropping equipment -your physical security plan sshould include procedures for recovery from natural disasters such as fire or floods

Best practices to secure your network from physical assault

an organization to go about its business confidently and efficiently

Having a secure network enables...

exploit

In the context of network security, the act of taking advantage of a vulnerability.

If a person has physical access to a device, access to data isn't far behind

NO matter how strong our logon name and password schemes are...

as unobtrusive as possbile-it should allow network users to concentrate on the tasks they want to accomplish rather than how to get to the data they need to perform those tasks

Network Security should be...

-banks and investment firms -hospitals and schools -research and development companies -government entities -any organization that deals with large amounts of client personal data

Organizations that are likely to require highly restrictive security policies include what?

device hardening

Preventive measures that can be taken to secure a device from network- or software-supported attacks.

data encryption, complex password requirements, detailed auditing and monitoring of computer and network access, intricate authentication methods, and policies governing use of the internet and email

Restrictive security policies include what?

network-based anti-malware

Securing the network's gateways, where the Internet connects with the interior network, can provide a formidable layer of defense against the primary source of intrusion—the Internet. However, this does nothing to prevent users from putting the network at risk with infected files on flash drives, laptops, or smartphones.

-router and switches contain critical configuration information-a user with physical access to these devices needs only a laptop or handheld computer to get into the router or switch -configuration changes made to routers and switches can have disastrous results -a room with a lock is the best place for internetworking devices -a wall mounted enclosure with a lock is the next best thing

Security of Internetworking Devices

Tamper detection

Sensors that can detect physical penetration, temperature extremes, input voltage variations, input frequency variations, or certain kinds of radiation.

MDM (mobile device management)

Software that automatically handles the process of configuring wireless clients for network access.

port scanner

Software that searches a server, switch, router, or other device for open ports, which can be vulnerable to attack.

-Every computer in an organization should be equipped with malware detection and cleaning software that regularly scans for malware. This software should be centrally distributed and updated to stay current with newly released malware. -Users should not be allowed to alter or disable the anti-malware software. -Users should know what to do in case their anti-malware program detects malware. For example, you might recommend that the user stop working on his computer, and instead call the help desk to receive assistance in disinfecting the system. -An anti-malware team should be appointed to focus on maintaining the anti-malware measures. This team would be responsible for choosing anti-malware software, keeping the software updated, educating users, and responding in case of a significant malware outbreak. -Users should be prohibited from installing any unauthorized software on their systems. This edict might seem ext

Suggestions for anti-malware policy guidelines include the following:

Motion detection

Technology that triggers an alarm when it detects movement within its field of view.

motion detection

Technology that triggers an alarm when it detects movement within its field of view.

social engineering

The act of manipulating social relationships to circumvent network security measures and gain access to a system.

NDA (non-disclosure agreement)

The part of a security policy that defines what confidential and private means to the organization.

AUP (acceptable use policy)

The portion of a security policy that explains to users what they can and cannot do while accessing a network's resources, and penalties for violations. It might also describe how these measures protect the network's security.

BYOD (bring your own device)

The practice of allowing people to bring their smartphones, laptops, or other technology into a facility for the purpose of performing work or school responsibilities.

-discovery -standardization -layered security -vulnerability reporting -implementation -assessment -risk mitigation

The process of properly managing and applying security patches includes ...

Hashing

The transformation of data through an algorithm that generally reduces the amount of space needed for the data. Hashing is mostly used to ensure data integrity—that is, to verify the data has not been altered.

hashing

The transformation of data through an algorithm that generally reduces the amount of space needed for the data. Hashing is mostly used to ensure data integrity—that is, to verify the data has not been altered.

white hat hacker

These IT security experts are hired by organizations to assess their security and risks. They're sometimes called ethical hackers.

black hat hackers

These groups or individuals use their skills to bypass security systems to cause damage, steal data, or compromise privacy. They're not concerned with legal restrictions, and are intent on achieving personal gain or executing a personal agenda against an individual or an organization.

gray hat hackers

These hackers abide by a code of ethics all their own. Although they might engage in illegal activity, their intent is to educate and assist.

hacker

Traditionally, a person who masters the inner workings of computer hardware and software in an effort to better understand them. More generally, an individual who gains unauthorized access to systems or networks with or without malicious intent.Traditionally, a person who masters the inner workings of computer hardware and software in an effort to better understand them. More generally, an individual who gains unauthorized access to systems or networks with or without malicious intent.

data breach

Unauthorized access or use of sensitive data.

biometrics

Unique physical characteristics of an individual, such as the color patterns in his iris or the geometry of his hand.

BYOA (bring your own application)—Employees or students supply their choice of software on a computer or mobile device. BYOC (bring your own cloud)—Employees or students supply their choice of cloud application or storage. BYOT (bring your own technology)—A generic reference that includes the other BYO options. CYOD (choose your own device)—Employees or students are allowed to choose a device from a limited number of options, usually supplied by the company or school.

Variations on bring your own device include:

-privacy policy-describes what staff, customers, and business partners can expect for monitoring and reporting -acceptable use policy-explains for what purposes network resources can be used -Authentication policy-describes how usesrs identify themselves to gain access to network resources -Internet use policy-explains. what constitutes proper orr improper use of internet resources -auditing policy-explains the manner inn which security compliance or violations can be verified and the consequences for violations -Data protection-outlines the policies for backup procedures, virus protection, and disaster recovery

What are some basic items needed in order to start writing your security policy?

-white hat hacker -black hat hacker -gray hat hacker

What are the categories of hackers?

-encryption -stealth -polymorphism -time dependence

What are the characteristics that can make malware harder to detect and eliminate?

-Phishing -baiting -quid pro qou -tailgating

What are the common types of social engineering?-

-vulnerability scanning -authenticated -unauthenticated -penetrations testing -red team-blue team exercise

What are three types of attack simulations?

If there's physical access to the equipment, there's no security

What is a common guideline regarding network security?

-What must be protected? -From whom should data be protected? -What costs are associated with security being breached and data being lost or stolen? -How likely is it that a threat will actually occur? -What's the likely of a natural disaster? -Are the costs to implement security and train personnel to use a secure network outweighed by the need to create an efficient, user-friendly environment?

What questions should be answered before determining the level of security you network needs?

-spoofing attack -DoS (denial of service) attack -DDoS (distributed DoS) attack -DRDoS (distributed reflection DoS) attack -amplified DRDoS attack -PDoS (permanent DoS) attack -friendly DoS attack -DNS poisoning, or DNS sppofing -ARP poisoning -MitM (man in tthe mddle) attack -rouge DHCP server Deauth (deauthentication) attack -insecuree protocols and services -back doors

What risks are inherent in network hardware and design?

network security policy

a document that describes the rules governing access to a company's information resources, enforcement of these rules, and steps taken if rules are breached.

-virus -Trojan horse -worm -bot (short for robot) -ransomeware

different types of outbreaks of malware

-keypad or cipher lock -key fob -access badge -proximity card -biometrics -

door access controls are...

server-based anti-malware

if this resides on the server and checks every file and transaction, you will protect important files, but slow your network performance considerably.

-motion detection -video surveillance -tamper detection -asset tracking

methods of detecting physical intrusions and other kinds of events

-servers often require more tightly controlled environmental conditions than patch panels and switches do-servers can generate a substantial amount of heat and need adequate cooling-lack of cooling caan cause damage to hardware components -power to the server should be on a separate circuit from other electircal devices -verify power requirements for UPSs-some UPSs require special twist lock outlet plugs rated for high currents -If you're forced to place servers in a public access area, locking caabinets are a must

physical Security of servers

host based anti-malware

provides insufficient coverage when a significant portion of the network is virtualized.

cloud-based anti-malware

provides the same kinds of benefits as other cloud-based solutions, such as scalability, cost efficiency, and shared resources. These cloud vendors are still working out bugs, and it can be a challenge to ensure that coverage soaks the entire network with no blind spots. Cloud solutions also increase the amount of Internet traffic in order to perform their duties.

-limited use -limited location -limited duration -limited access -limited privacy

security precautions for privileged user accounts

-host-based -server based -network-based -cloud-based

some options for implementing anti-malware software

-Nmap -Nessus -Metasploit

three popular scanning tools

-Unexplained increases in file sizes -Significant, unexplained decline in system or network performance (for example, a program takes much longer than usual to start or to save a file) -Unusual error messages with no apparent cause -Significant, unexpected loss of system memory -Periodic, unexpected rebooting -Fluctuations in display quality

you might suspect a virus on your system if any of the following symptoms arise:


संबंधित स्टडी सेट्स

Psychology Chapter 6 Quiz Questions

View Set

MGT 355 Managing Diversity: Exam Review 1 + 2

View Set

Med/Surg 3 Exam 2 NCLEX Style Questions Chapters 44, 45, 46, and 47

View Set

Chapter 7: Social Stratification and Social Inequality

View Set

Business Law For Accountants: Agency

View Set

Genesis 1-2:4 First Story of Creation worksheet

View Set