CINS 448 - Midterm + Final

According to Ralph Langner, in the lab Stuxnet behaved like

"a lab rat that didn't like the cheese"

Mirai: -

-Was successful in bringing down dyn dns. -Was made up of an army of iot devices. -Was a DDOS attack.

How many TCP ports are there?

65,535

What is a DDOS attack? -

A distributed denial of service attack is typically carried out by a botnet consisting of thousands of infected (zombie) computers which simultaneously send traffic to the targeted site.

If a message is encrypted using a public key, what is used to decrypt it? -

A private key

Driftnet: -

A tool that decodes and presents pictures that are in the TCP traffic that your computer is intercepting. Works with HTTP, not HTTPS.

The basic idea of _____ is to make every computer on the network believe that you are the Router.

ARP Poisoning

Bob needs to send Alice a message and doesn't want anyone but Alice to be able to read the contents. 1) Bob writes the message 2) Bob encrypts the message with __________ key 3) Bob sends the encrypted message to Alice 4) Using _________ key Alice decrypts the message options: Bob's public, Bob's private, Alice's public, Alice's private -

Alice's Public, Alice's Private

Ettercap: -

An ARP poisoner, used for MITM attacks.

DOS attack: -

An attack in which a few servers launch an overwhelming amount of traffic to a server.

DDOS attack: -

An attack in which thousands of infected zombie computers send an overwhelming amount of traffic to their victim.

Which networking technology was the first mainstream method for connecting to the Internet?

Analog dial-up

Hashcat: -

Another password cracker.

Banner Grabbing: -

Attempting to contact a computer through a specific port to see what software/services are running on it.

"The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it." What part of the security triad does this quote violate? -

Availability

When monitoring a system for anomalies, the system is measured against __________.

Baseline

________ are helpful when configuring new computers or devices as well as for comparing with existing systems to see if they still meet the minimums.

Baselines

Why are IOT devices such a big target for hackers even when they have such a small amount of processing power? -

Because they are very insecure due to built in passwords, and they are very numerous.

Bob needs to send Alice a message and wants Alice to know it is from him. 1) Bob writes the message 2) Bob encrypts the message with ___________ key 3) Bob sends the encrypted message to Alice 4) Using _________ key Alice decrypts the message options: Bob's public, Bob's private, Alice's public, Alice's private -

Bob's Private, Bob's Public

According to the lecture BCP stands for: -

Business continuity plan

Armitage: -

Can import Nmap results to get a list of vulnerabilities, then can use a GUI interface for the metasploit framework to attack a specified network.

What is a CVE and what purpose does it serve? -

Common Vulnerabilities and Exposures (CVE) Provides a reference-method for publicly known security vulnerabilities and exposures.

What is "wardriving"?

Driving around looking for unencrypted wireless access points.

What is "wardriving"? The name of a virus that infects printer drivers.

Driving around looking for unencrypted wireless access points.

Which of the following is an example of a store-and-forward communication?

E-mail

What is the act of an unauthorized person intercepting and reading packets that flow across a network?

Eavesdropping/sniffing

Which of the following is the most effective countermeasure to social engineering?

Employee education

If you encrypt a message using your public key, you should give the person you are sending the message to your private key so that they can decrypt the message. True or False -

False

A network mapper (nMap) uses __________ packets to ping a computer in order to see if it is operational. -

ICMP

What type of system detects but does not stop an intrusion?

IDS

Match the term to the example: involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle

Integrity

Digital invisible ink toolkit: -

Java program that can use several different algorithms to embed/extract messages in pictures, given a key.

According to the video what is the syntax for a SQL injection attack that will return all of the users from the table? -

Jerry' or '1' = '1

Splunk: -

Log analysis tool.

Which of the following is a SIEM?

LogRythm

The three creators of RSA worked at which University?

MIT

Select all of the following that are true about Mirai:

Mirai was a botnet that consisted of IoT devices. Mirai was successful in bringing down DYN DNS.

The following tools were used in the labs to perform reconnaissance: -

Netcat Nmap Metasploit

Nmap: -

Network scanner. Utilizes ICMP packets to ping computers to see if they are "alive". Can scan entire networks with ping scans, regular scans, intense scans, UDP/TCP scans, and can see what operating systems/software is running on the network.

Zenmap: -

Nmap but with a GUI. Can make graphs.

The tools that were used for recon: -

Nmap, Zenmap, Metasploit, Netcat.

What tool have we used that use CVEs? -

OpenVas

According to the video what is the top defense against SQL injection? -

Passing through argument. Parameterization

John the ripper: -

Password cracker. Utilizes hashes on your computer and wordlists such as rockyou.txt.

Steghide: -

Program to embed/extract data files in pictures.

What type of classical cipher do you think was used to create the following ciphertext: HWEOLRLLOD -

Railfence

In this class you followed the steps typically taken by a penetration tester. What were all of the steps that you followed and the tools that used for the simulated pen test? Make sure to describe what you used each tool for and the information gained from using the tool. -

Reconnaissance - Zenmap Identify Vulnerabilities- OpenVAS Gain Access- Metasploit

What is the last name of the professor representing the "R" in RSA? -

Rivest

What does RSA stand for? -

Rivest, Shamir, & Adleman

According to the video what is the injection attack that "you are most likely to see"?

SQL

According to the video what is the injection attack that "you are most likely to see"? -

SQL Injection

Which technology allows users to sign on to a computer or network once, and have their identification and authorization credentials allow them into all computers and systems where they are authorized?

Single sign-on (SSO)

A username and password combination is which type of authentication? -

Single-factor

Which of the following is an IDS? (intrusion detection system)

Snort

Which of the following are true about a DDOS attack:

Software is not installed on the site being attacked. The attacker is not after data stored on the site (credit card numbers, SSNs, etc) Involves a botnet which sends a lot of traffic to the victim site.

In one of the labs you used one of the servers to pivot. Select all that are true about pivoting:

The server that allowed you to pivot had two network adapters enabled, which connected into two different networks. It allowed us to discover a different network than the one we were on. It allowed us to discover a server that was on a different subnet than our Kali instance.

What is a characteristic of analog communications?

They are slow.

According to the lecture TCO stands for:

Total cost of ownership

All popular programming web technologies are susceptible to xss. True or False -

True

VoIP and data travel over the same network. True or False -

True

VoIP and data travel over the same network. True or False? -

True

What type of error is false reject rate?

Type I error

What type of error is false accept rate?

Type II error

OpenVas: -

Using the CVE database, is a network vulnerability scanner.

Which of the following are NOT true about a DDOS attack:

Usually involves a few, very powerful servers that send a lot of traffic to the victim site.

Which of the following is any weakness in a system that makes it possible for a threat to cause it harm?

Vulnerability

Wireless encryption standard that is easily cracked? -

WEP

Which System Development Life Cylce is more like an assembly line in that it is not very flexible because it doesn't allow you to cycle back through previous steps.

Waterfall

Which System Development Life Cylce is more like an assembly line in that it is not very flexible because it doesn't allow you to cyle back through previous steps.

Waterfall

Burp Suite: -

Web app attacker. Can perform SQL injection attacks.

Goal of Stuxnet was to find:

a computer used to program a programmable logic computer

What is the most common way to fix the problems that OpenVAS discovered? -

apply a patch

Quantitative

attempts to assign independently objective numeric value to all elements of the risk analysis

What does a POS smash-and-grab attack involve?

brute force and malware combination

What are the three parts to the Information Security Triad? -

confidentiality integrity availability

What type of error is: false acceptance + false rejection

crossover error

Qualitative

does not attempt to assign numeric value, but is scenario oriented

Approximately 70% of breaches were discovered by:

external parties

If you give someone a message encrypted with your public key, you should give that person your private key so that they can decrypt the message. True or false -

false

An information security policy does NOT include:

guidelines for how to implement policy

Policy does NOT include:

list of technologies to use

From the labs, what tool uses CVEs? -

openvas

The targets of xss are:

other users

According to the video what is the top defense against SQL injection?

parameterized queries

If a message is encrypted using a public key, what is used to decrypt the message? -

private

"All users of Norton anti-viral software will have anti-viral signature files updated weekly. the following procedure is to be followed when updating your anti-virus files every week: ... " is an example of a:

procedure

The name of the linux file that contained password hashes -

shadow

What is the name of the Linux file that contains password hashes? -

shadow

According to Johnny Long, how do you "suck data off machines with your mind?"

shoulder surf

What is the network configuration called when the network is configured so that you can only see traffic addressed to your computer (and not all of the other traffic on the network)? -

switched

Metasploit: -

the most utilized penetration testing tool in the world. Can perform several different types of scans, such as ARP.

In the No Tech Hacking video how did they defeat physical security with junk and stuff (related to the touch bar on the door)?

they used a hanger and wet towel to unlock a secured door

Encrypt the following message using the Railfence cipher using two rails (rows). Do NOT add spaces. takemetoyourleader -

toaukrelmeeatdoeyr

The key to protecting assets from the risk of attack is to eliminate or address as many ______ as possible.

vulnerabilities

What "high tech" instrument did people use to break into phone systems? -

whistle

What is the name of the tool that you used to analyze network traffic? -

wireshark

Three methods of authentication are presenting something:

you know, you have, you are