CIS540 - Chapter 12
What is the most effective biometric authorization technology? Why?
The most effective technology is retinal scanning. It is very accurate and highly repeatable. However, most users find it very obtrusive.
What is a VPN? Why are VPNs widely used?
A VPN is a private, secure network operated over a public and insecure network. A VPN keeps the contents of messages hidden from the public through a process called tunneling. Using a VPN solution, a user has outside access to a network via a public network, but is still using a secure connection.
What is a DMZ? Is this actually a good name for the function this type of subnet performs?
A demilitarized zone (DMZ) is an intermediate area between a trusted network and an untrusted network. It is a fitting name because traffic coming into the area cannot directly access its destination. The DMZ is a security feature because it limits access and potential flaws.
How does a network-based IDPS differ from a host-based IDPS?
A network-based IDPS monitors network traffic in order to provide early warning of potential network threats (such as DoS attacks). A host-based IDPS monitors the access or altering of files on multiple systems. A host-based IDPS is much easier to set up and administer than a network-based IDPS because of the more specific rules and restrictions it can be set to enforce.
What kind of data and information can be found using a packet sniffer?
A packet sniffer can be used to collect and view all packets on a network or a certain set of addresses. It shows encrypted and clear text transmissions and allows an administrator or hacker to view these packets. If the packets are in clear text, all the text can be easily viewed. Many common services still transmit packets in clear text, including FTP, E-Mail, and Instant messengers. There are upgrades for each of these services to allow for SSL encryption.
How is an application layer firewall different from a packet filtering firewall? Why is an application layer firewall sometimes called a proxy server?
An application layer firewall is a dedicated computer distinct from the first filtering router; it is commonly used in conjunction with a second or internal filtering router. Such firewalls are sometimes called proxy servers because they serve as proxies for external service requests for internal services. A packet filtering firewall is a simple network device that filters packets by examining every packet header, accepting or rejecting packets as needed.
Define asymmetric encryption. Why would it be of interest to information security professionals?
Asymmetric encryption uses a pair of related keys—one to encrypt and the other to decrypt. The relationship between the keys allows one key to be public and the other to be private. This technique allows the process to be used for public key encryption and nonrepudiation.
Explain the key differences between symmetric and asymmetric encryption. Which can the computer process faster? Which lowers the costs associated with key management?
Asymmetric encryption uses a public key system with a private key, whereas symmetric encryption uses a private key only. Symmetric encryption systems are almost always more efficient when viewed only in terms of computing efficiency; however, asymmetric systems offer a lower total cost of ownership because key management is easier. Advanced PKI systems can make such hybrid systems vastly easier to use.
What is the difference between authentication and authorization? Can a system permit authorization without authentication? Why or why not?
Authentication is confirming the identity of the person who is accessing a logical or physical area, whereas authorization is determining what actions the person can perform in a particular physical or logical area. A system cannot permit authorization without authentication because it needs to know the person's identity in order to know what authorization level the person possesses.
Which of the following terms best describe a firewall type that can react to network traffic and create or modify configuration rules to adapt? A) application layer firewall B) dynamic packet filtering firewall C) proxy firewall D) content
B) dynamic packet filtering firewall
What is the name for a network segment that exists as an intermediate area between a trusted network and an untrusted network? A) Proxied network zone (PNZ) B) Sanitization zone (SZ) C) Demilitarized zone (DMZ) D) Internal-External zone
C) Demilitarized zone (DMZ)
Which of the following statements is true? -Hashing is reversible, but encryption is not -Encryption is reversible, but hashing is not -Both hashing and encryption are reversible -Neither hashing nor encryption are reversible
Encryption is reversible, but hashing is not
True or False: A password is typically longer than a passphrase
False
Which of the following is true about firewalls and their ability to adapt in a network? -Firewalls can interpret human actions and make decisions outside their programming. -Because firewalls are not programmed like a computer, they are less error prone. -Firewalls are flexible and can adapt to new threats. -Firewalls deal strictly with defined patterns of measured observation.
Firewalls deal strictly with defined patterns of measured observation.
One tenet of cryptography is that increasing the work factor to break a code increases the security of that code. Why is that true?
Increasing the work factor can make your encrypted content very secure because it will force any potential attacker to take much more effort and a longer time (perhaps centuries) to crack the content.
Which of the following is true about symmetric encryption? -It uses a secret key to encrypt and decrypt. -It uses a private and public key. -It is also known as public key encryption. -It requires four keys to hold a conversation.
It uses a secret key to encrypt and decrypt.
Explain the relationship between plaintext and ciphertext.
Plaintext and ciphertext have the same semantic content, but plaintext is plainly visible and ciphertext conceals content from unauthorized usage by being encrypted.
Which component of the time-based model of security does multi-factor authentication affect most? -Detection -Correction -Prevention -Response
Prevention
What is the Internet of Things and what special problems does it pose for securing an organization's network?
The Internet of Things is the highly complex network infrastructure in which IT systems, sensors, actuators, and business appliances interconnect. This combination of protocols and functions is complex and often difficult to control while still allowing functionality.
What is the most widely accepted biometric authorization technology? Why?
The most widely used biometric authorization technology is photo identification cards read by human guards or gatekeepers. It is inexpensive and highly reliable.
What is the typical relationship between the untrusted network, the firewall, and the trusted network?
The untrusted network is "the outside world"—for example, the Internet. The trusted network is "the inside world"—for example, the organization's internal network. The firewall is any device that prevents a specific type of information from moving between the untrusted network and the trusted network.
To protect privacy a Credit Card company's IT department uses a program that replaces actual customer & credit card information with test data in databases during software development . This data replacement process is called __________. -Encryption -Hashing -Tokenization -Steganography
Tokenization
Which of the following access control processes confirms the identity of the entity seeking access to a logical or physical area? -detection -authentication -authorization -accountability
authentication
The intermediate area between trusted and untrusted networks is referred to as which of the following? -unfiltered area -semi-trusted area -demilitarized zone -proxy zone
demilitarized zone
What is most commonly used for the goal of nonrepudiation in cryptography? -block cipher -PKI -digital signature -digital certificate
digital signature
