Chapter 9: Network Risk Management

Ace your homework & exams now with Quizwiz!

Symptoms of Malware

- Unexplained file size increases - Significant, unexplained system performance decline - Unusual error messages - System memory loss - Unexpected rebooting - Display quality loss

DRDS Attack (Distributed Reflector DoS)

A DDoS attack bounced off of uninfected computers, called reflectors, before being directed at target.

DNS Amplification

A DDoS attack in which the attacker exploits vulnerabilities in DNS servers to turn initialy small queries into larger payloads, which are then used to bring down servers. Very overwhelming to systems.

Zombie

A computer compromised by a hacker, virus, or trojan. Can be used to perform malicious tasks under remote direction.

Ping Flood

A denial of service attack in which the attacker attempts to overwhelm a targeted device with ICMP echo-request packets, causing the target to become inaccessible to normal traffic. When attack traffic comes from multiple devices, it becomes a DDoS attack.

Ransomware

A program that locks data or system until ransom is paid.

Gray Hat Hacker

Abides by a code of ethics of their own. Might engage in illegal activity, but goal is to educate and assist.

Privileged User / Access Agreement

Addresses specific concerns related to privileged access given to admins and support staff. When accessing privileged accounts: - Stay signed in as long as needed then sign off.

DNS Poisoning / Spoofing

Altering DNS records on DNS server, an attacker can redirect internet traffic from legitimate sites to phishing sites.

Password Policy

Always change system default passwords. Do not use familiar information. Do not use words in dictionaries. Make password longer than 8 chars. Do not repeat words or number sequences. Do not write down password or share. Change every 60 days, use different passwords.

Social Engineering

Asking people for passwords. Phishing, baiting, quid pro quo, and tailgating are all examples.

Unauthenticated Vulnerability Scanning

Attacker begins on perimeter of network, looking for vulnerabilities that do not require trusted user privileges.

Authenticated Vulnerability Scanning

Attacker is given same access as trusted user.

Deauth Attack (Deauthentication)

Attacker sends fakes deauthentication frames to AP, client, or both to trigger deauth process and knock clients off wireless network.

ARP Poisoning (Address Resolution Protocol)

Attackers use faked ARP replies to alter ARP tables in network.

Rogue DHCP Server

Can be used to implement MitM attacks. DHCP messages should be monitored by a security feature on switches called DHCP snooping. - ip dhcp snooping command.

MDM Software (Mobile Device Management)

Can configure devices automatically for BYOD policy. MDM Software can: - Automate enrollment - Enforce password policies - Encrypt data on device - Sync data across devices - Wipe devices - Monitor locations

Scanning Tools

Can discover: - Available hosts - Services, processes, threads, including apps and versions running on hosts. - OSs on hosts. - Ports on hosts - Config of firewalls - Software configs - Unencrypted data

Keypad / Cipher Lock

Cipher locks are physical or electronic locks requiring a code to open door.

Posture Assessment:

Complete examination assessment of each aspect of network to determine how it might be compromised. Should be performed at least annually.

PDoS Attack (Permanent DoS)

Damages firmware beyond repair

NMAP (Network Mapper)

Designed to scan large networks. Provides information about networks and hosts, is free.

Anti-Malware Software

Effective malware protection requires: - Choosing appropriate anti-malware S/W - Monitoring network - Continually updating anti-malware program Malware leaves evidence that can sometimes only anti-malware software can detect.

AUP (Acceptable Use Policy)

Explains to users what they can and cannot do while accessing network's resources. Explains penalties for violations, explains how it protects security. Restrictions: - Nothing illegal - No circumventing network security restrictions - No spam - No rights violations

Insecure Protocols and Services

FTP, HTTP, Telnet, SLIP, TFTP, SNMPv1, SNMPv2

Phishing

Fraudulent practice of sending emails purporting to be from reputable companies in order to trick people into revealing passwords or credit card numbers.

Black Hat Hacker

Groups or individuals that cause damage, steal data, or compromise privacy.

DoS Attack (Distributed Denial of Service)

Hacker issues flood of broadcast ping messages.

Quid pro Quo

Hacker offers a service or benefit in exchange for information or access.

White Hat Hacker

IT Security experts hired by organizations to identify security weaknesses. Also called ethical hackers.

Spoofing Attack

Impersonation of MAC address.

Tailgating

Involves someone who lacks the proper authentication following an employee into a restricted area.

Polymorphism

Malware characteristic, changes characteristics every time it transfers to new system.

Stealth

Malware characteristic, disguises as legit program.

Encryption

Malware characteristic, prevents detection.

Time Dependence

Malware characteristic, programmed to activate on particular dates. Can remain dormant and harmless until date arrives.

Administrative Credentials

Many devices are managed through remote access connections. - SSH keys are more secure than passwords, are more difficult to crack.

Access Badges

Many organizations provide electronic access badges called smart cards. Smart cards can be programmed to allow owner access to some but not all.

Security Audit

Many types, based on risk exposure, expected annual lose, quantitative / qualitative assessments. Performed by company that has been acredited by agency that sets network standards.

Exploit

Means of taking advantage of a vulnerability.

Honeypot

Mechanism set to detect, deflect, or counteract attempts at unauthorized use of systems. Consists of data that appears to be legit, but is actually isolated and monitored. Attackers are then blocked. Honeynet: Network of honeypots.

SHA (Secure Hash Algorithm)

Most commonly used hashing algorithm. Advantage: Resistance to collisions.

Employee Training

Most important defense against social engineering.

Friendly DoS Attack

Not done with malicious intent. Usually due to a flash sale

DDoS Attack ( Distributed DoS)

Orchestrated through several sources, called zombies.

Hacker

Originally someone who masters the inner workings of computer hardware and software in an effort to better understand them. Now, an individual who gains unauthorized access to systems.

Nessus Vulnerability Scanner

Performs more sophisticated scans than NMAP.

PAM (Privileged Account Management Tool)

Privileged accounts may be monitored through this.

Updates and Security Patches

Process includes: - Discovery - Standardization - Layered Security - Vulnerability Reporting - Implementation - Assessment - Risk Mitigation

Malicious Software

Program designed to intrude or harm systems and resources. Viruses, trojans, worms, bots, ransomware.

Trojan Horse

Program that disguises itself as something useful, harms system.

Bots

Program that runs automatically without requiring person to start/stop it. Can: - Damage data or system files. - Issue objectionable content. - Launch DoS attacks. - Open back doors.

Logic Bomb

Programs designed to start when conditions are met.

Worms

Programs that run independently and travel between computers and across networks.

Key FOB

Provides remote control over locks and security systems

Red Team Blue Team Exercise

Red team attacks, blue team defends network.

MitM Attack (Man in the Middle)

Relies on intercepted transmission, can take several forms.

Virus

Replicating program intent to infect more computers. Replicates through network connections or exchange of external storage devices.

Metasploit

Represents framework for pen testing, not an app. Combines known scanning and exploit techniques to explore new attack routes.

Physical Security

Restrict physical access to critical components-- only trusted networking staff should have access. Locked doors help, good detection measures to secure perimeter.

Versions of SHA

SHA-0 SHA-1: Takes input and produces a 160-bit (20-byte) hash value known as a message digest, often rendered as hexadecimal # 40 digits long. -SHA-2 -SHA-3 -SHA-2 and SHA-3 are often implemented together for increased security.

Back doors

Security flaws, allows unauthorized users to gain access to system.

NDA (Non-Disclosure Agreement)

Security policy should also define what confidential and private means to organization. If you work in secure environments, know where most data is confidential. Security policy should also classify information in degrees of sensitivity.

Baiting

Similar to phising. The promise of an item or good that hackers use to entice victims.

DLP (Data Loss Prevention)

Solution that identifies sensitive data and prevents it from being copied or transmitted off network.

Insider Threat

Someone trusted by an organization, may have or develop malicious intent. Reduce insider threats by: - Background checking new hires. - Principle of least privilege, which is giving minimal access to do job. - Checks and balances on employee behavior.

Device Hardening

Steps to secure device from network or software supported attacks. Many layers of defense.

Zero-Day Exploit

Taking advantage of undiscovered software vulnerability before developers are aware. One technique may lead to a second and third and so on.

BYOD (Bring Your Own Device)

The practice of allowing people to bring their devices into a facility for performing work responsibility. Variations: - BYOA (app) - BYCO (cloud) - BYOT (tech) - CYOD (choose, device)

Hashing

To transform data through an algorithm that reduces the amount of space needed for the data.

Anti-Malware Policy

Users should know what to do in case of malware. Users should be prohibited from installing unauthorized software on systems.

Penetration Testing

Uses variable tools to find network vulnerabilities, attempts to exploit them.

Amplified DR DoS Attack (Distributed Reflection Denial of Service)

Using small, simple requests triggers very large responses from target.

Vulnerability

Weakness of a system, process, or architecture


Related study sets

Types of Financial Intermediaries

View Set

Week 1, week 2, If A and B are mutual exclusive events, the probability one of them occur, P(A or B) is

View Set

Honors English 1 Vocabulary (week 4)

View Set

Test #3 Pharmacology Flash Cards

View Set

Statistics 6.1: Normal Distribution

View Set

Quiz 2 Scientific method earth science grade 9 (LUOA)

View Set

Science Chapter 11A Section Review

View Set