Computer Security

Ace your homework & exams now with Quizwiz!

How can we carry out intrusion detection in terms of physical security

- Electromechanical (broken circuit) - Photoelectric (broken lightbeam) - Passive infrared (increased heat) - Acoustic (increased sound) - Proximity (perturbed magnetic field)

How would you use attack reaction to stop DoS attacks. Why is this normally ineffective

- Eliminate or curtail the effects of the attack after the attack - Blacklist all of thew ips that were involved in the attack - This is unreliable because bot nets always change computers - Also a computer may be removed from a bot net and then the legitimate user of this IP would be unable to access your network

How can media be disposed of. List in order of strength, worst to best

- Erased: media file system deleted - Cleared: media file is overwritten - Purged: media is repeatedly overwritten - Degaussed: media is magnetically scrambled - Destroyed: media is physically wrecked

What is the design principle of complete mediation

- Every access to a resource must be checked by the access control mechanism - Systems should not rely on access decisions retrieved from the cache - This reduces the chance of any back-channels into files being found and abused

What are 3 elements of external security

- Fences - Lighting - Patrols

What is the principle of open design

- The design of security systems should be open rather than secret - So everyone can see and spot vulnerabilities, leading to a more secure system overall

What is the design principle of modularity

- The goal is to provide common security mechanisms for all security services and functions as modules. - This makes security services easy to update and iterate on without requiring a whole systems redesign

What is the difference between low and high interaction honeypots

A low interaction honeypot provides an instrumented simulation of an operating system and applications A high interaction honeypot provides an instrumented fully functional operating system and applications

What should you consider when designing a application

- Practise defence in depth - Fail securely - Principle of least privilege - Compartmentalise - Keep it simple - Promote privacy - Hiding secrets is hard - Be reluctant to trust - Use community resources

What is meant by Confidentiality in the CIA triad

- Preserving authorised restrictions on information access and disclosure, including protecting personal privacy and proprietary information

What parts of the CIA triad does the internet adhere to

Integrity, Availability but not confidentiality

How do we model legitimate behaviour using knowledge-based classification

Introducing a set of rules that model legitimate behaviour. Usually developed during the training phase of the intrustion detection system. These are manually programmed

How does a worm prevent being detected by anti-virus software during reconnaissance

It can scan more slowly at random intervals It can also scan ports in a random order

What is Spyware

It collects and steals data then silently sends it home via the network

How does a metamorphic conceal itself

It compresses and mutates the entire virus whilst changing its functionality

What is discretionary access control (DAC)

It controls access based on the identity of the subject and on rules stating what subjects are allowed to access what objects. One subject can be given permission to control the access of another

What is Role-Based Access Control (RBAC)

It controls access based on the roles that sujects have and rules governing what roles can access what objects

What is access control

It controls the access of subjects to objects

What is the purpose of a fence

It delays the intruder, a well maintained fence indicates the attitude to security

What is virtual memory paging

It divides process memory maps into same-sized pages, and loads some of them into same-sized frames

What is a patent

It gives an inventor exclusive rights to use an invention for a period of 20 years A patent isn't supposed to be obvious to someone skilled in the area

What is a rootkit

It hides a component that performs malicious act. Subverting operating system components that might be used to find it by hiding in the OS or other software

What is the record layer in TLS

It takes blocks from an upper layer protocl such as the handshake or application layer. Then fragments these blocks into records, and then encrypts these according to the current cryptographic parameters

Should a hardened OS by open source do ensure it is well understood

Open source is not favoured over closed source as even if you can see the source code this often doesn't aid in understanding the OS.

How is a computer system normally found out of the box

It will have a default collection of software installed and services running. The system will be designed normally to maximise ease of use and functionality rather than security

What are the downsides of a low interaction honeypot

It will only catch hackers during the early stages of their attacks. As they will soon realise that the system is a decoy. So you won't detain them as long or collect as much information about their full intentions

Give examples of hashing algorithms

Messsage Digest 5 (MD5) (insecure and should no longer be used) Secure Hash Function (SHA) (This has many different versions with greater sized hashes for greater and greater security)

How should an organisation handle back-ups

Programs and data should be backed-up, the integrity of these backups should be regularly checked You should try to restore your system from a back-up to check your backups are being successfully taken

What are the pros and cons of ABAC

Pros - Changing the status of an object or subject immediately changes permissions and can be done quickly and easily - This is the only system that allows environmental conditions to be taken into account Cons - It can be hard to understand and manage. - The system is likely to become very large and cumbersome

What are the pros and cons of MAC

Pros - Easily understood and managed Cons - It is rigid and inflexible

What are the Pros and Cons of DAC

Pros - It can be done very efficiently as many subjects mange the access of their own files Disadvantages - Subjects may not correctly define the access control for their files leading to security breaches

What are the pros and cons of RBAC

Pros - Readily supports the separation of subject duties Cons - Role explosion is needed to capture the changing complexities of an organisation. So if 1 role splits into 2 sub-roles this can be very arduous to manage

How would you use attack prevention and pre-emption to stop a DoS attack

Provide backup resources that are available on demand before the attack so that your network will have more bandwidth than the attacker can take up with their attack

How does the internet design adhere to availability

Provided by routers routing around issues on the network and always making information available

What is a detailed Risk analysis approach

Provides a formal qualitative/quantitative risk assessment carried out by internal experts or external consultants

What is a combined approach, why is this used

Provides a steadily improving risk assessment. Carrying out a baseline approach assessment, an informal approach and finally a detailed risk analysis. This results in a reasonable level of protection being achieved as quickly as possible

What is the Informal approach

Provides an informal and pragmatic risk assessment that doesn't have a structured process and it exploits the knowledge of internal or external testers

What a risk assessment be qualitative or quantitative

Quantitative as this will tell the full story of any issues and can't be spun by the IT department if they are carrying out the assessment

What is the Check stage in risk assessment

The effectiveness of the risk treatment plan is monitored

How could a Circuit-Level gateway be used nefariously

The firewall could not connect you to the IP you requested. It could direct you to an insecure website intended to deal data or infect your computer

What are Circuit-Level Gateways

The gateway sets up two TCP connections. From from the internal network to the firewall, and one from the firewall to the outside. This requires any traffic to connect to the firewall rather than other designs that watch network traffic as it comes through the firewall

Why should logs be audited

To see if users are: - Accessing resources illegally - Behaving unusually - Making mistakes

What is the idea of "Use Community resources" when designing applications What's the opposing view to this

Use pre-built code and libraries were possibke as these have been pre-tested and generally can be trusted more than components that you've invented yourself. However sometimes wide-spread some components can be there can be big security breaches (e.g. heartbleed) that will affect you

Why would you place a honeypot outside of your firewall

Useful for tracking attempts to connect to unused IP addresses within your network. Reducing some of the traffic to your firewall

What is the purpose and types of lighting in regard to external security

reduces accidents and crime The two types are continuous (always on) and responsive (triggered)

What is an attack tree

represents a set of potential techniques for exploiting security vulnerabilities

When should an informal approach be adopted

small-medium businesses where IT systems aren't necessary for meeting their business objectives and additional expenditure cannot be justified

What are the 3 approaches for modelling legitimate behaviour

statistical classification knowledge-based classification Machine-learning classification

What is a Trade secret, give an example

Something that a company must keep secret to ensure its survival Such as the source code of a product. Disclosing this would be a trade secret violation

What is a DOS attack

A Denial of Service attack. It prevents legitimate users from accessing a network resource

What is a distributed attack

A flooding attack using a network of bots

What are the 2 isssues with passwords

They are poorly chosen and poorly stored

How does a honeypot detain hackers

By making their attack seem successful, so they want to stay in the system for longer to finish their attack

What are all the design principles of Computer Security

- Economy of Mechanism - Fail-Safe Defaults - Complete Mediation - Open Design - Separation of Privilege - Least Privilege - Least Common Mechanism - Psychological Acceptability - Isolation - Encapsulation - Modularity - Layering - Least Astonishment

What are the internal security issues

- Electricity - Noise - Ventilation - Fire - Water

What is shoulder surfing

the practice of spying on a user of an electronic device (e.g. ATM) to obtain their PIN or password

What does the ClientHello message in the Handshake layer contain

- A 28-bit ClientRandom (a number) - An ordered list of suggested encryption algorithms

What does the ServerHello message in the Handshake layer contain

- A 28-bit ServerRandom (a number) - A chosen encryption algorithm - A certificate

Example the premise of a buffer overflow attack

- A buffer holds a reasonable amount of input data, but cannot hold an unreasonable amount of input data which will cause it to overflow - We use stacks for temporary data as this makes the space easy to reclaim simply by incrementing the stack pointer - If you place too much data in the buffer it will start overwriting other data in the stack that wasn't originally in the buffer

What does the ClientKeyExchange message in the HandShake layer contain

- A shared secret key computed from a made-up secret (think of it as a password), ServerRandom and ClientRandom. - It is transmitted to the server using its verified public key and then decrypted by the servers private key - This message is therefore encrypted and cannot be seen by anyone

What is the design principle of fail-safe defaults

- Access decisions should be based on permission rather than exclusion - this means that if there is an error then the default access is not at all. Minimising the impact of a systems failure

What is the Risk of "Malicious outsiders" in cloud computing and how to we counter it

- An account or service being hijacked using stolen credentials - Counter using 2FA and employ proactive monitoring to detecting any intrusions on unusual behaviour

How should you implement "least privilege" with personnel

- An employee should have just enough privilege to do their job - Seniority shouldn't dictate access permissions. Managers/Directors don't need access to everything

What is the Tunnel Mode of IPSec

- An encapsulating security payload header contains the index of the shared key used to encrypt the old IP header and IP payload - A hashed message authentication code is computed over the shared key, ESP header, old IP header and IP payload - This completely hides the original IP packet so that it no longer appears to any servers or routers as it originally did.

What is "privilege escalation" in terms of intruder behaviour

- An intruder escalates their privileges on the system - Often an application weakness is exploited

What is "system exploit" in terms of intruder behaviour

- An intruder exploits there access - Usually modifying or stealing data

What does GDPR set out

- Applies to all data processors - Applies to all identifying data - Requires positive proof of consent - Requires a Data Protection Officer - Introduces privacy impact assessments - Introduces a breach notification requirement (The government must be notified if you have a data breach) - Introduces the right to be forgotten - Extends liability beyond data controllers (if a controller gives data away he is still responsible for any breaches of this data) - Mandates software privacy by design - Allows complaints about the above to be lodged in any country within the EU

What are the classifications of hackers

- Apprentice hackers - Journeyman hackers - Master Hackers

What are the ways you could stop a DoS attack

- Attack prevention and Pre-emption - Attack detection and filtering - Attack source traceback - Attack reaction

What are the 4 approaches to identifying and mitigating risks

- Baseline approach - Informal approach - Detailed Risk analysis approach - A combined approach

Give some uses of Hashes

- Checking whether files have been tampered with. As you can recalculate the hash after a file has been received to ensure it is identical to before - Hashing passwords, and storing the hashes instead of the passwords

What is meant by Metadata Retention in the Investigatory powers act

- Communication service providers must retain metadata about the communications made through their services (who, what, when and where) for twelve months

What is the design principle of Separation of privilege

- Components of any information system are only given specific privileges that they require to perform a task. - This reduces the damage that would be caused by a computer security attack. As the impact of compromising a single component is now less likely to be able to impact other parts of the system, if it's privileges have been correctly restricted

What is the design principle of Isolation

- Components should be isolated from each other except were necessary. There are 3 key examples of isolation - Public access systems should be isolated from critical resources - The processes and files of individual users should be isolated from one another unless explicity required - Security mechanisms should be isolated in the sense of preventing access to these mechanisms to avoid tampering e.g. key theft from encryption algorithms

What are 3 characteristics of a vulnerable information system

- Corrupt - Leaky - Unavailable

What are 4 ways we can achieve database security

- DAC - RBAC - Views - Encryption

What are the business benefits of storing all data in 1 shared database

- Data might be replicated if it isn't unified into 1 shared repository - Data will often be inconsistent if it is stored in mulitple places, and when 1 is updated the other place may not. Leading to consistency issues

What is a honeypot designed to do

- Divert the attacker away from critical systems - Detain an attacker for some time to allow administrators to respond - Collect information about the hackers activity

What are the 2 ways of dealing with inference attacks

- During database design you alter the database structure to remove the possibility for inference e.g. removing data dependency by splitting a table into multiple tables or using more fine-grained access controls in an RBAC scheme - At Query time. If an inference channel is detected, the query is denied or altered. A simple version of this is to only allow queries to return a limited number of results as this reduces the possibility of an inference being able to be made

What is the Risk of "Unknown Risk Profile" in cloud computing and how to we counter it

- Handing over control of security to the cloud service. This can be risking whether or not the cloud provider is unreliable or has nefarious intentions - Counter this by insisting that the provider discloses their security measures and applicable security logs

Why is database security hard

- Hard to configure as DBMS systems are large and complex. Their complexity also gives them a large attack surface - Database interaction through SQL is hard to control and more complicated that other languages - Database staff are scarce, busy or unskilled and many organisations don't have dedicated staff - Most environments consists of a large range of database, enterprise and OS platforms which adds a big complexity hurdle for security staff

What are the stages of a detailed Risk analysis approach

- Identification of assets - Identification of threats and vulnerabilities to the assets - Determination of the likelihood of the threat occurring - Consequences if the threat occurs - What the overall risk to the organisation is

How would you use attack source traceback to stop DoS attacks. And why is this normally ineffective

- Identify the source of the attack (if possible) and block it during and after the attack - This is unreliable because most routers won't allow you to track back where packet came from because governments won't allow this

What are the disadvantages of placing the honeypot on the internal network

- If compromised it can attack internal systems. - If the honeypot is compromised then it can still receive network traffic through the firewall meaning the attacker can continue to access the network - We have to open up the firewall in order to allow potential attackers to access the honeypot

How does Asymmetric or public key encryption work

- If someone wants to send you data they find your public key (which cannot decrypt the data) and use this to encrypt the data. - The receiver is then able to decrypt the data using their private key which is known only to them

Why might a TLS connection not be established

- If the client and server can't agree on an encryption algorithm - if the certificate is invalid, the communication will be termianted

What is the Risk of "Insecure Interfaces and APIs" in cloud computing and how to we counter it

- If the interfaces and APIs that people use to interact with the services aren't secure then this can make it very easy for hackers to gain access to your data - Counter by employing a string authentication/access control system and using penetration testing

What are the advantages of an informal approach

- Individuals don't require any additional skills so it can be carried out quickly and cheaply - The organisations systems specifically are being examined so the assessment is specific and might spot issues overlooked in a baseline approach

What are the key elements of intruder behaviour

- Information gathering - Initial access - Privilege escalation - System exploit - Maintaining access - Covering tracks

What are the 3 service models for providing cloud computing services

- Infrastructure as a Service - Platform as a Service - Software as a Service

What are the disadvantages to an informal approach

- Issues might be overlooked as there is no formal guideline to mandate that some issues are looked at - Results may be skewed by the views and prejudices of the individuals - There may be insufficient justification for any suggested changes leading to questions over whether they are necessary - As employees change over time the level of expertise in carrying out the assessment may vary, making them inconsistent over time - Often these tests can be overlooked in favour of completing other IT tasks. They are often not carried out regularly enough.

What are the advantages of placing a honeypot on the internal network

- It can catch internal attacks - It can detect a misconfigured firewall that forwards traffic from the internet to the internal network that is shouldn't be.

What is a keylogger

- It collects and steals data - it records and logs specific key presses, most often those pressed after prompts for sensitve information such as log-in details - Then silently sends the information home via the network

What are the pros and cons of a baseline approach

- It does not require a formal risk assessment to be carried out which could be expensive - The same measures can be replicated over many systems - No consideration is given to variations in your system compared to the industry standard - The baseline could be too high leading to expensive and restrictive measures that aren't warranted - The baseline could be too low leaving your organisation vulnerable due to insufficient security

How does an encrypted virus conceal itself. What is the issue with them

- It encrypts the payload with a random key. - The virus decrypts itself before it runs. - Each time the virs propagates a new key is chosen to make it harder to detect

Why do we target high capacity network services with reflection and amplification services

- It makes the attack more effective as more packets can be sent - It makes it easier to hide, because your attack most likely won't register as unusually high traffic if the network is used to massive amounts of traffic

What are the issues with a high interaction honeypot

- It requires a larger amount of resources - It is a fully functioning system which could be compromised and used by an attacker to launch attacks that appear to have come from within your organisation

What does the Investigatory Powers Act allow for

- Legalised Hacking - An Investigatory Powers Commissioner - Metadata retention - Real-time surveillance

What are the two ways we can carry out intrusion detection

- Looking for signatures - Looking for anomalies

What is the state of the art in worm technology

- Multi-platform - Multi-exploit (gains access in many ways) - Ultrafast spreading (seeks targets quickly) - Polymorphic (varies its code) - Metamorphic (varies its behaviours) - Zero-day (gains access in a previously unknown way)

What must be considered when placing a honeypot in the DMZ

- Must ensure that all of the servers in the DMZ are secure from any activity that the honeypot could generate - The DMZ is not fully accessible from external networks. So in order for attackers to access it you need to open up the firewall by adding rules to let traffic into the honeypot

How should any media that is stored by an organisation be labelled

- Name and version - Date created - Classification level - Retention period - Date to be destroyed

What are the main types of password attacks

- Offline dictionary - Specific account - General password - Workstation hijacking - User Mistake - Password Reuse - Electronic Monitoring

What is the Risk of "Malicious Insiders" in cloud computing and how to we counter it

- One of the cloud service staff compromising the confidentiality, integrity or availability of data - Counter by specifying human resource and installation management requirements in contracts to make sure nobody unnecessary has access

What are the characteristics of a strong hash function

- One way: given M, it is easy to find H(M), but given H(M) it is hard to infeasible to find M - Leakage free: It is hard to deduce any information about M from H(M) i.e. being able to discern the file type from the hash value - Collision free: It is computationally infeasible to find a W and M, such that H(W) = H(M).

What are the 4 stages in the risk assessment process

- Plan - Do - Check - Act

What are the benefits of salts

- Prevents duplicate passwords being visible because if 2 users pick the same password they will be giving different salts making their hashes unique - It becomes nearly impossible to find out whether a person with passwords on two or more systems has used the same password on all of them - It increases the difficulty of offline dictionary attacks. Instead of the user being able to compare a rainbow table to your password file. For each password the user wants to check against your file they need to calculate the hash of this password + every possible salt. This adds a huge performance overhead

What are the advantages of a detailed risk analysis approach

- Provides the most detailed examination of the security risks of an organisations IT system - Produces strong justification for any expenditure on changes - Provides the best information for continuing to manage the security of the systems as they evolve and change

What are the models for cloud deployment

- Public cloud (available to the public) - Private clouds (available to a single organisation) - Community Clouds (available to a closed set of partners) - Hybrid Clouds (any composition of the above)

What are the phases of worm operation

- Reconnaissance - access - execution - propagation

What is the process for carrying out any configuration change in an organisation

- Request - Approve - Document - Test - Implement - Report

What is separation of duties in regards to operations security

- Requires important operations to be divided between different tasks and given to different employees - This is because 1 person is far easier to corrupt than multiple

What is job rotation and why is it practiced

- Requires that over time more than one employee fulfills each role - Prevents someone spending a long time in a role and slowly becoming looser with the rules. Putting a new person into the role will allow this to come to light and will resolve the issues. - Can also bring improvement to roles by bring in a fresh set of eyes and new approach

What is the design principle of psychological acceptability

- Security should not interfere unduly with the work of users, while still meeting the needs of those who authorise access. - Security should blend with the workflow of users - Security measures should reflect the users mental model of protection, making them more likely to understand the measures and use them correctly

What are the disadvantages of a detailed risk analysis approach

- Significant cost - Time taken - During this time an informal approach may have been able to identify and fix some simple threats. Which instead are still present whilst the analysis is ongoing, leaving the organisation vulnerable.

What are the 4 categories of authentication information (give examples)

- Something you know (password, PIN, Security questions) - Something you have (badge or ID card) - Something you are (fingerprint, retinal scan) - Something you do (voice, "gait" walking pattern, hand writing characteristics)

Explain what happens in 1 round of AES encryption

- Subsititue bytes: perform byte-by-byte substitution of the block using a substitution table which maps every possible byte to another byte - Shift rows: Perform row-by-row circular left rotations. Some rows will be rotated once or twice, others not at all - Mix columns: Each byte of a column is mapped to a new one that is a function of all four bytes in the column. Each possible column is mapped to another column by a function - Add round key: Perform an XOR with a portion of the expanded key. this takes 2 inputs (the bit in the block and bit in the key) and gives you 1 set output This occurs 10 times

What is the design principle of Economy of Mechanism

- The design of security mechanisms should be as simple as possible - Smaller systems are easier to design and test thoroughly - More complex designs lead to more opportunities for a hacker to discover weaknesses to exploit that are hard to spot ahead of time - Updating or replacing a simple system is far easier so your security system is less likely to be out of date

What is a TCP SYN flooding attack

- The server responds to a SYN packet with a SYN-ACK packet, tying up the server while it waits for an RST packet from the client to start a TCP connection. However the usually spoofed client won't respond with a RST packet - You start the 3-way handshake process of setting up a TCP connection, then don't respond, tying up the server

How does an ICMP flooding attack work. How would you guard against it. Is there a way hackers could get around this guard?

- The server responds to an echo request made by a usually spoofed client (by using different IP addresses) - Handled by blocking ICMP at the firewall - However hackers can get around this by using other types of ICMP packets that can't be blocked at the firewall. Because these packets have a function within TCP/IP communication so the firewall must allow them through

How would you ensure the frivolous software and services are not installed on your hardened OS

- The system should be setup with only the absolute required services installed - Favour not installing software in the first place rather than uninstalling it later. This is because most uninstallers don't remove 100% of the program files. Also if a service is installed but disabled, a hacker would be able to re-enable it, so it is safer to not have it installed at all

What is the access phase of a worm

- The worm gains access to a system - This is done by sending unexpected inputs to a weak applications so that it falls over and gives the malware access

How should configuration restarts be handled within an organisation

- They should be controlled - Carried out only be authorised individuals when absolutely required - They should be logged with a reason for them given

Why is risk assessment always ongoing

- Threats are always changing and new ones are arising (changing threat landscape) - The business is changing so new threats might affect a business or some might no longer affect them - The business might gain new assets that need protecting

How do you prevent a buffer overflow

- Tight coding - Bounds checking - Stack canaries - Nonexecutable stack

Why should a hardened OS have users/groups configured, and how should they be configured

- To ensure that only necessary users/groups will be able to access certain files - Ensure that users are given the lowest privilege necessary for their role - Ideally even high privilege users should spend most of their time with only low level privileges - They can then access higher privileges only when required

What are the Cloud-specific security risks

- Unknown Risk Profile - Malicious insiders - Malicious outsiderss - Insecure Interfaces and APIs - Shared Infrastructure - Data loss or leakage - Abuse and Nefarious use

What are the different types of surveillance cameras

- Visible/hidden - Fixed/movable - Recording/monitored

What attributes must a security guard have

- Well instructed with clear duties - Well-equipped with a two way radio - Well supported with a central control - Trustworthy with a clean record

What attributes does a hardened OS have

- Well understood - Frivolous services disabled - Monitoring services enabled -Logging services enabled -Development tools removed - Users/groups configured - Regular patches/audits - Regular testing

What questions does a risk assessment answer

- What assets do we need to protect - How are those assets threatened - What can we do to counter those threats

What are the main Entry/Exit security measures that should be implemented

- Zoning - locks - Surveillance Cameras - Intrusion detection

How are passwords poorly chosen

- less than 8 characters long - Does not inlcude an upper-case letter - Does not include a lower-case letter - does not contain a special character

What are ways of increasing internal security outside of handling the main risks

- name badges - Fire drills - Locking anchor chains to prevent theft - Open plan

What might a packet firewall look for

- particular source/destination IP addresses - Particular source of destination TCP ports - Particular payload content containing the signatures of malware - Particular payload content containing specific file types

How should a hardened OS be setup with regard to patches

- patches should be automatic - The OS should have utilities that do the patches automatically to reduce the timeframe for which the OS is vulnerable

What are examples of suspicious behaviour during a DoS attack

- unknown sources - ramp-up sources (meaning 1 IP is suddenly increasing the amount of packets its sending) - bad hop count (if the packet claims to have come from further than is possible in the number of hops its made. e.g. coming from China should take 9 but the packet claims to have done it in 2 hops. Meaning the IP is spoofed)

What is the double bastion inline firewall organisation, what are the benefits

A DMZ is placed between an external and internal firewall The DMZ network can be accessed externally but is still protected by a firewall The internal network can't be accessed externally at all, the firewall blocks all incoming traffic. However computers on the internal network can send traffic out of the internal firewall and access the DMZ and the wider network

What is a network of bots called and who controls them

A botnet is controlled by "shepherds" or "herders"

What is a cold boot attack

A cold boot attack may make it possible to recover encryption keys even if the power is lost. RAM is "frozen" and accessed at a later date

What is a hash function

A hash function takes a string M, and returns a number H(M). Small changes in the string result in large changes in the hash value

What is a non-executable stack and what are the drawbacks

A processor may ensure the stack is nonexecutable so that arbitrary code execution can't occur However this isn't useful for legitimate users for example java uses JIT (just in time) compilation which is where the machine compiles the code just in time to use it. This uses the stack and requires it to be executable

What is pipelining

A processor predicts branches that a program will take based on past history It preloads instructions in a program into a pipeline, and squashes instructions if it guesses incorrectly

What is the Plan stage in Risk Assessment

A security policy is established, processes and procedures and put in place, and a risk treatment plan is established

What is the Single Bastion inline firewall organisation, what is the issue with it

A single firewall is placed between and external and internal router. The issue is that if someone gains access to the network through the firewall they now have access to the entire local network

How does Anti-virus software function

A virus can be identified by a short signature in its binary code. The software looks for these signatures in files and quarantines those files (it does not delete them) for the user to check

What is the execution phase of a virus

A virus does something malicious. For example deleting files on the computer or more commonly stealing information and sending it to the virus creator

What is a macro virus

A virus infects files with macro or scripting code that is interpreted by an application

What is the triggering phase of a virus

A virus is activated by some event e.g. opening the infected word document

What is the execution phase of a worm

A work does something malicious. Most commonly stealing data from the machine

What is the propagation phase of a worm

A worm seeks access to further systems Often done by searching through log files to find other systems that the infected system has recently communicated. This is successful because these systems will trust communication coming from the infected system making it easy to send the worm into the systems

What are the advantages and disadvantages of statistical classification

Advantages - Relative simplicity - efficiency - lack of assumptions required Disadvantages - the difficulty in selecting suitable metrics, to find a good balance between false negatives and false positives

What are the advantages and disadvantages of knowledge-based classification

Advantages: robust and flexible Disadvantages: difficult and time consuming to develop a good set of rules. It will require experts in the field

What is the purpose of patrols

All physical and environment protection measures ultimately require human intervention

What is an SQL injection attack

An SQL injection attack involves passing SQL code from a Web client to a Web server, and onto a database with malicious intent

How can an RBAC be represented

An access matrix which shows the roles on 1 access and permissions on the other

What is the idea of "Promote Privacy" when designing applications Give examples

An application should be diligent in processing and storing personal information. Increasingly important because of GDPR E.g. ensuring data is deleted when a user stops doing business with the company/application. Making sure that databases are secure and up to date

What is the idea of "Be reluctant to trust" when designing applications

An application should be reluctant to trust other applications and processes it should also be reluctant to trust any inputs it receives e.g. SQL injection

What are Application-Level Gateways

An application-level gateway operates at the application level, working on application headers and content This allows you to ban specific applications, websites and application commands from your network

What is the idea of "secure the weakest link" when designing applications

An applications weakest link should be strengthened until an acceptable level or risk is achieved. For example storing keys for encryption

What is a general password attack and how do we counter it

An attacker tries common passwords against a range of system identifiers Counter by preventing common password use. Scan IP addresses of authentication request and check for submission patterns

What is an asset, give examples

An element within an organisation that must be protected and ideally can be valued e.g. Computers, Software, Databases, People, Reputation

What is the Transport mode of IPSec

An encapsulating security payload contains the index of the shared key used to encrypt the TCP payload A hashed message authentication code (HMAC) is computed over the shared key plus ESP header plus IP payload

What was the heartbleed exploit

An error in the OpenSSL implementation meant that an attacker could send a 16 byte message claiming it was 65536 bytes, and receive a response from the server containing 65536 bytes of the server uninitialised memory. Eventually this memory was likely to include names, passwords and private keys

What is the current issue with completely protecting against inference attacks

An inference detection algorithm is required to effectively state whether an inference is possible. However a good algorithm hasn't yet been developed

What is "covering tracks" in terms of intruder behaviour

An intruder removes any sign of their presence For example editing logs, fixing timestamps

What is "maintaining access" in terms of intruder behaviour

An intruder works to maintain access to a system, often by creating dummy accounts

How might a buffer overflow lead to arbitrary code execution

An overflow may fill the buffer with shell code and make the function return link point to it. This code when executed may give you control of the system. This is very dangerous as it means the hacker can run their own code on their system.

How might a buffer overflow lead to a denial of service

An overflow might make the function return link point to a random address, leading to a crash and a denial of service as the functions no longer return to the correct points making the code no longer function as intended

What do we assume about any communication into a honeypot. And why?

Any incoming communication is assumed to be a probe, scan or attack This is because the honeypot has no production value, so there is no reason for a legitimate user to communicate with it

If there is communication coming out of a honeypot, would would this mean?

Any outgoing communication indicates that the honeypot has been compromised

What is the idea of "security as an afterthought"

Applications should be designed with security in mind, it shouldn't be an afterthought It is very hard to make an application secure after it has already been designed as core design decisions are likely to have to be reversed/changed

Why is content not retained in the Investigatory powers act

As this is seen as too much of an invasion of privacy Also the amount of data that would have to be retained is far too large making this infeasible

What are stack canaries

At the head of the return address you insert a number. Then you check this umber regularly to ensure the a buffer overflow hasn't overwritten the address

What should you do to every employee before they take a position

Background checks

Why are logging systems necessary

Because humans cannot effectively monitor logs due to the quantity of information they contain

Why can it be hard to know if your violating a patent?

Because searching for patents is very hard to you often don't know you were infringing one till your accused of it by the patent holder

Why are polymorphic viruses often still detected

Because the signature can still be detected regardless of its location within the virus

Why should a hardened OS have development tools removed

Because tools such as compilers and scripting languages are easily abused by hackers

What does availability mean in the CIA triad

Ensuring timely and reliable access to the information as well as the use of information

What is piggybacking

Entering a door by following something through a door that would otherwise be locked

How are passwords poorly stored

If the password file is stored in plain text and can easily be found by a hacker if the system is infiltrated

What is a baseline approach

Carried out with reference to baseline documents, codes of practice and industry best practice

What is bound checking and what are the drawbacks

Checking is done by the compiler rather than the programmer. The compiler will check the array access and prevent overflows The issue with this is that it can be inefficient as implementing the checks yourself can be far faster

What is a Spectre attack

Commands that should only be executed if a specific check is met will be speculatively executed but then discarded if the check isn't met. This means that variables exist that aren't supposed to for the period of time before they are either confirmed or rolled back by the pipeline. These variables will be stored in the cache. What you can do is time access variables to reveal which are stored in the cache (they will be accessed far faster) and therefore which have been speculatively accessed. These variables were stored in a private section of the main memory and are meant to be invisible to both the user and even the process itself until required. From the knowledge of where the data is stored and it's address we can often deduce what the data is

What is meant by Real-Time surveillance in the Investigatory powers act

Communication data will have to be provided by communication service providers to the government "in near real time", removing encryption were possible

What is the design principle of encapsulation

Component functionality should be isolated into separate modules where necessary and only externally visible where required. (Think OOP)

What is a stealth virus

Compressing or mutating the entire virus and maintaining its functionality

What is the CIA triad

Confidentiality, Integrity, Availability

What is Attribute-Based Access Control (ABAC)

Controls access based on the attributes of the subject, object and environmental conditions environmental conditions may include location, time/date etc. This is the most general system that has the most flexibility

How do current processors deal with meltdown and spectre attacks

Current processors all use speculative execution and will continue to for many years. Therefore they are all vulnerable to these styles of attacks

What is the design principle of least privilege

Every component of an information system should have the least level of privilege necessary to perform the task

What is a DMZ

Demilitarised Zone It is a network for systems that must be externally accessible, but still need to be protected e.g. email servers

How do we model legitimate behaviour using machine-learning classification. Why are the draw backs

Developing a model using labelled training data given to a machine learning algorithm This can build models for all your users and notify any deviations from their standard behaviour Not used due to the high resource cost and high false positive rate

How do we model legitimate behaviour using statistical classification

Developing a statistical profile of observed metrics that we can use to classify behaviour as legitimate or nefarious

How should you implement zoning

Divide your facility into zones and give the relevant zones appropriate access rights

What would a corrupt information system do

Does the wrong things, or gives the wrong answers

Give an example of information gathering

Doing a port scan on a network

Explain how the UNIX operating system implements discretionary access control

Each file associates permission bits for the user, group and others. Some UNIX operating systems store a list of permission bits for different users as part of the file

How should companies carry out regular testing on an OS

Employ "pen" testers who will try to infiltrate the system to ensure it is secure These testers are employed on short contracts and then new testers are hired to ensure that systems are exposed to many different infiltration attempts by different testers

What is tight coding and what are the drawbacks

Employ programmers who will properly design code to make it impossible to give inputs that will exceed the size of the buffer. However this is unreliable as whoever good your programmers mistakes can still happen

What are the 4 classifications of virus (by ways in which they conceal themselves)

Encrypted Stealth Polymorphic Metamorphic

How do counter the risk of shared infrastructure in cloud computing

Enforce the SLA (service level agreement) that states what you expect from the provider in terms of downtime and speed However this rarely works because the cost of changing cloud provider is often far too large to make it worthwhile switching. Providers are aware of this so even if you accuse them of not meeting the SLA they are unlikely to care given the chance of you leaving is so slim.

What is deep packet inspection

Examing the packet headers and payload

What is shallow packet inspection

Examining only packet headers

What are the 3 categories of roles that exist within an RBAC for a database

Fixed server roles - Operate on the entire database server, roles within this have different permissions within the server (admin accounts) Fixed database roles - Roles that operate on an individual database and have different permissions within the database (owner of an application that uses a database on the server) User defined roles - Roles that are created y users and normally have access to just a collection of tables necessary for their jobs (end-users)

How does a stateful packet inspection firewall work

For every outgoing TCP connection the firewall adds the source IP and port as well as the destination IP and port to a table. When the firewall receives an incoming packet it checks whether it is part of a connection that has been added to the table. If so then it allows the packet through. If not the packet is discarded unless another firewall rule specifies otherwise.

What is meant by Integrity in the CIA triad

Guarding against imporper modification or destruction of information, and ensuring authenticity and non-repudiation (the fact that the validity of something cannot be denied)

What is a journeyman hacker

Has sufficient skills to modify an attach toolkit, or to construct something smaller Responsible for a smaller volume of attacks, but harder to defend against

What is the idea of "defense in depth" when designing applications

Have overlapping security mechanisms. Doing multiple virus scans (at both a server level and at a host level)

What are the 3 types of flooding attack

ICMP, UDP, TCP SYN

What 2 stages make up authentication

Identification step: - Presenting a unique identifier to the security system Verification step: - Presenting/generating authentication information that the security system can use to corroborate and validate the binding between the user and the claimed identifier

What is the benefit of auditing logs to see if people are making mistakes

If possible you can re-engineer your system to stop people from making these mistakes

How can cloud computing compare to the start of mainstream computing back in the 1960s

In 1960 it was common for a computer bureaux to divide up and sell the services of a single mainframe computer running a time-share operation Today cloud computing providers divide up and sell the services of large computer clusters, essentially running a time-sharing operation

What are the 3 parts of a virus

Infection mechanism: The means by which a virus spreads and propagates, enabling it to replicate Trigger: The event or condition that determines when the payload is activated Payload: What the virus does, besides spreading

What would a loss of integrity mean

Information has been modified or destroyed without authorisation

How does a good password system store passwords

It stores the hash of the salted password It stores the salt for each user in plain text

What is a packet-filtering firewall

It is a firewall that filters individual packets on the basis of packet headers and packet payloads

What is a salt

It is a fixed length value that is random (at least pseudo random). It is added onto a password and then the given as input to the hashing function

What is a man-trap. What is their purpose

It is a physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must close before the second set of doors. Only 1 person is allowed inside the mantrap. It seeks to eliminate piggybacking

What is a virus

It is a piece of malware that is attached to some host software, and when it is run it performs some malicious act before propagating by attaching itself to other host software

What is a database view and how does it help with database security

It is a virtual table that provides restricted access to only certain rows or columns Meaning that users are only given access to the required information

What is a public-key certificate

It is an association of a user and a public key vouched for by a certifying authority such as the government The purpose of this is to verify that this public key does belong to the user, and it isn't someone posing as the user in an attempt to get you to send them your data

What is a threat

It is an exploit for a vulnerability

What is Mandatory Access Control (MAC)

It is based on subject security clearances and object security labels One subject cannot control the access of another A central authorities allocates the clearances and labels

What is caching

It is when a processor fetches instructions and data from a faster cache memory if possible. Cache memory is very fast and expensive

How might a herder send an encrypted message to the botnet control machines

It might hide a message on a public webpage

What is backdoor

It offers a secret entry to a system without going through the usual security procedures This could be as simply as creating an account on the system to log-in to in the future

What is a worm and how is it unlike a virus

It probes network ports, exploits flawed applications and performs some malicious act before propagating and seeking out other host machines Unlike viruses worms are autonomous so don't require the user or host machine to open a file or make a mistake in order to function. They have no "idle phase"

What is Copyright

It protects an author from unauthorised duplication of their work.

What is IPSec and what are the benefits of it

It provides a secure, best-effort delivery Because it is built into the internet layer all servers have to use it so this is unskippable unlike TLS

What is the TLS protocol and what is it made up of

It provides a secure, reliable end-to-end secure server. It is made up of the Handshake and Record Layer

How should a hash algorithm be designed for use in a password

It should be slow to execute. In order to thwart attacks and make it unfeasible to do a brute-force attack on a password file

How should an organisation store physical media

It should be stored in a safe and secure environment e.g. a fire and waterproof safe Media should be geographically isolated from the computer systems so both aren't lost. As often this media is backups or old customer records

What characteristics should an identifier have

It should be unique and never re-used even if a certain identifier is no longer in use

What are the issues with encryption when applied to a database

Key management - With many users needing access to specific parts of the database. Creating and keys that only give the desired access and then distributing them securely is a complex task Querying - it becomes more difficult to search records if they are all encrypted

When is detailed risk analysis used

Large organisations whose IT systems are critical to their business objectives, and the additional expenditure can be justified Government or critical service providers who are mandated to carry out this analysis

How should you setup your hardened OS to have a logging system enabled

Log files should be automatically inspected to find security breaches quickly and effectively

How should you implement logging with regard to operations security of a company

Logs should associate events with users

How would you use attack detection and filtering to stop a DoS attack

Look for suspicious patterns of behaviour during the attack and filter out the offending hosts

How would we carry out intrusion detection by looking for signatures

Looking for network content that is typical of malware, characteristic byte sequences This only works for attacks that the system is aware of so has the patterns and rules for

How would we carry out intrusion detection by looking for anomalies

Looking for patterns of behaviour typical of malware - modification of system resources, privilege escalation We achieve this by monitoring the behaviour of legitimate users to get an idea of what this looks like and checking that the currently observed behaviour matches our model of legitimate behaviour

What would a loss of availability mean

Means that the access to or use of information has been disrupted

What is the design principle of least common mechanism

Mechanisms used to access a resource should not be shared between users e.g. Giving everyone the same link on a website to access some sensitive information increases the change of a DDOS attack or a data breach

What is ransomware

Modifies data and demands a ransom to undo the modifications

What is a meltdown attack

Much like a spectre attack but we use virtual memory. We time access pages and reveal which locations have been accessed speculatively. From the knowledge of where the data is stored and it's address we can often deduce what the data is

What is the design principle of layering

Multiple, overlapping protection approaches should be used so that failure of one does not mean total failure

Give an example were logging user activity was useful

NHS staff selling medical records to newspapers. You can see who accessed said records to find out who sold them

Give examples of trademark violation and how it can be relevant to computer security

Passing off a fake product or service as a genuine one. These fake products may install malware

What is an inference attack

Performing authorised queries and deducing unauthorised information from legitimate response received

What are the characteristics of a macro virus

Platform independent: The virus can spread to many different platforms and still function Easily Spread: Making them found in data that can be sent easily such as through email attachments

What is the Act stage in risk assessment

Policy, process and procedures are modified in the response to security incidents or compromises

What is catfishing

Pretending to be someone you are not online, in order to lure someone you haven't met into a relationship A catfish may steal someone else's photos, videos or personal information to create a fake profile or website when they are forming their bogus identity

How can DAC be applied to databases

Privileges can be granted and revoked through SQl much like file permissions in Linux

What is the problem and solution for fire issues

Problem: - Fire can destroy computer systems Solution: - Prevention by construction and usage (storing flammable materials away from computers) - Detection using smoke/heat detectors - Supression using automatic/portable fire extinguishers

What is the problem and solution for Ventilation issues

Problem: - Most computer equipment needs a controlled atmosphere Solution: A closed loop air-conditioning system avoids: - high/low temperatures - high/low humidity - particle contamination - static electricity

What is the problem and solution for electricity issues

Problems: - Electrical excess (spike -> surge) - Electrical loss (fault -> blackout) - Electrical degradation (sage -> brownout) Solution: - Surge protection - UPS (Uninterruptible Power Supply)

What is the problem and solution for Noise issues

Problems: - Electromagnetic interference (EMI) when cables are side by side - Radio frequency interference (RFI) often from fluorescent lighting Solution - Plan cable routs - Use shielded cables - Avoid microwave ovens

What is the problem and solution for water issues

Problems: - Water can destroy computer systems Solutions: - Prevention by construction/usage - Detection using water detectors

What would a leaky information system do

Reveals information that it should not. For example someone who shouldn't have access to some or all of the information via the network access

Give an example of a monitoring service that might be run on a hardened OS

SNORT for intrusion detection

How do you prevent an SQL injection attack

Sanctify any user input

What happens during the reconnaissance phase of a worm

Scans the system to find weak applications that are listening at certain ports that a worm can gain access to

What is the idea of "Hiding Secrets is Hard" when designing applications

Secrets such as passwords, encryption keys and results are often hard to hide. Therefore we try to store as few of these as possible and destroy them as quickly as possible

What is meant by legalised hacking in the Investigatory powers act

Security services will be legally allowed to hack computers, networks, mobile devices and services by exploiting vulnerabilities to gain control of them

Why can encryption most likely not be removed during Real-Time surveillance by the government (as mandated by the Investigatory Powers Act)

Strong end-to-end encryption makes this nearly impossible if encryption is to be removed it would have to be weakened to the point where it can be easily cracked and removed. Which is obviously something most companies would be unwilling to do.

What is a master hacker

Sufficient skills to create entirely new attack toolkits Responsible for a small volume of attacks which are very difficult to defend against (so-called "zero day" vulnerabilities)

What are the 2 ways in which security can be implemented into the network stack

TLS (Transport layer security) IPsec (Internet Layer Security)

What does a firewall program consist of

Tables, which are arrays of chains Chains, which are lists of rules Rules, which are lists of patterns, with actions depending on whether the packet meets those patterns

What is spear phising

Targetted phishing attacks. They often exploits the credibility of a victim by getting them to respond to a cry for help from friends e.g. impersonating the victims friend by researching them and crafting a believable story to get money or personal information

What is the overarching issue in database security

That the database is the single shared repository of data

How does the internet design adhere to Integrity

The CRC (cyclic redundancy check). This is a number calculated for each packet, much like a hash. This ensures the packet arrives int he same state as it was sent in

What is AES

The advanced encryption standard. The current standard for symettric encryption It works on 128-bit blocks. It splits up the file into these blocks and encrypts them one at a time. It does 10 rounds of encryption

What is social engineering

The art of manipulating people to give/hand over things of value, or the means to access such things

What is pretexting. Give an example

The attacker exploits the credibility of the victim to get them to perform an action e.g. impersonating an external IT contractor to get the security staff to let them into the building

What is phishing

The attacker exploits the fear or helpfulness of the victim to get them to follow a link to a landing site where they enter their username and password e.g. an email claiming to be from a bank, asking for customers to update their security information

What is baiting Give an example

The attacker exploits the greed, kindness or curiosity of a victim to get them to install software e.g. leaving a USB drive in a carpark in the hope that the victim will be curious and plug it into a company PC. e.g. a free film download with some imbedded malware

What is tailgating. Give an example

The attacker exploits the politeness of the victim to assist them through a security check. e.g. claiming to have forgotten your ID card to get through a door, or relying on someone to hold the door open by walking just behind them

What is an electronic monitoring attack

The attacker observes password hashes on the network

What is an offline dictionary attack and how do you counter it

The attacker obtains a copy of the password file and compare its password hashes with those of common passwords Counter by: - Preventing unauthorised access to the password file using intrusion prevention - Ensure passwords and hashed and salted - Use intrusion detection to detect if the password file is compromised. If so re-issue passwords to all users immediately

What is a Workstation Hijacking attack and how do we counter it

The attacker seizes an unattended workstation Counter by automatically logging the workstation out after a period of inactivity. Or use intrusion detection to detect a change in user activity

What is an amplification attack

The attacker sends packets with a spoofed source address of the target to the broadcast address of high capacity network services. So it goes to all machines on the network, making all machines send a response to the "victim" machine

What is a reflection attack

The attacker sends packets with the spoofed source address of the target to high capacity network services. So that the response from the server actually goes to the desired target

What is a User Mistake Attack and how do we counter it

The attacker takes advantage of lazy password disclosure such as writing the password on a post-it note, passwords being shared with colleagues or using social engineering tactics to trick a user into disclosing their password Counter by training users, using simpler passwords in addition to another authentication method. Intrusion detection can also be applied to

What is a password reuse attack and how do we counter it

The attacker takes advantage of password reuuse Counter by forbidding the same or similar passwords on devices within your network

What is a specific account attack and how do we counter it

The attacker tries likely passwords against specific system identifiers Counter by adding a lockout counter to lock access to an account after a certain number of attempts

How do polymorphic viruses conceal themselves

The code is rearranged whilst maintaining functionality.

What is meant by An Investigatory Powers Commissioner in the Investigatory powers act

The commissioner and judicial commissioners approve warrants for legalised hacking and handle and issues that arise from implementation of the act

What is the structure of the linux firewall

The hocks (blue dots) represent places that we can apply rules

What is most often the weakest link in a security system

The human element

Why does the internet not provide confidentiality

The internet provides no encryption. Communications can be intercepted and observed

What is the key distribution problem

The issue with encryption algorithms is how do we distribute the shared key securely. This is the weakness as most algorithms have been proven to be impossible to break

What is the benefit of longer salts

The longer the salt the more possible combinations so the hacker will have to calculate even more possible hashes for each password they want to check against your file.

What is the idea behind the cloud computing wheel of reincarnation

The potential idea that cloud computing could come out of fashion if a big provider has an issue and there is a rush to remove data from the cloud and bring it back on-prem

What is the design principle of least astonishment

The program should always respond in away that is least likely to astonish the user Security mechanisms should intuitively map to security goals in a way that is obvious to the user

Define Computer Secuirty

The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity of availability and confidentiality of information system resources

What is an attack surface

The reachable and exploitable vulnerabilities in a system

What is a return link

The return address for a function will be stored in a register. Then a return instruction will jump to the location pointed to by that register

What is the Risk of "Data loss or leakage" in cloud computing and how to we counter it

The risk that data could be lost or leaked from the cloud Counter this by using access control for data in your storingand encryption for any data in transit

What is the Risk of "Abuse and nefarious" in cloud computing and how to we counter it

The risk that the cloud service could be used for spamming, DoS, password cracking etc. Counter by having more checks on registation and monitoring the usage of your services

What is the Do stage in risk assessment

The risk treatment plan is implemented

What is a UDP flooding attack

The server responds to a UDP packet from a usually spoofed client

What would an unavailable information system do

The system is essentially unusable. Either by being impossible to use or impractically slow

What is the Risk of "Shared Infrastructure" in cloud computing

The threat of every virtual machine not being fully isolated on multi-tenanted hardware. So if 1 virtual machine crashes this will have an effect on the physical machine that is running many tenants virtual machines. Either slowing down or crashing these machines

What is the propagation phase of a virus

The virus copies itself elsewhere e.g. searching a computer for all word documents and attaching itself to all of them

What is the purpose of a lock and what are the different types

Their purpose is to delay in intruder. The types are: - Mechanical (key) - Combination (code) - Cipher locks (code/card) - Biometric locks

How are botnets controlled

There is a botnet hierarchy which allows herders to control their botnet by sending or hiding encrypted messages to give commands to botnet control machines that then pass on the commands to the botnet

What is a Rainbow table

This is where you calculate the hashes of a large dictionary of passwords. Then compare the hashes of the dictionary to those found in a password file

What are heartbeats

They are a way for a client and server to make sure that the other is still alive The client sends a message out and the server should echo back the same message

Why are external consults preferred over internal consultants for risk assessments

They have no conflict of interest

What are trademarks

They protect the words, logos and slogans used to identify a company and its products or services

How should audits be done on an OS

They should be taken against a baseline

What is the ChangeCiperSpec message in the handshake protcol

This causes a switch to the chosen symmetric encryption algorithm using the shared secret key as the symmetric key. This is secure because the key was transmmitted via public key encryption so nobody other than the client or server has access to the key.

What is platform as a service

This is when your purchasing time on a PC with specific software installed such as web servers or database

What is software is a service. What is the advantage of this for the company providing the software

This provides entire applications. You rent access to specific applications that are held and run on computers in the cloud. The advantage of this is that the company can update the software and everyone will have the update. It also removes the possibility for piracy as the produce is online only

What is Infrastructure as a Service

This provides virtual computing infrastructure. Known as "bare" systems so nothing is installed on them You will most likely even have to install an operating system

How can we improve on the design of polymorphic viruses

We encrypt the virus and use a "mutation engine" to do the encryption which alters itself after every propagation

Why is spear phishing so uncommon

it has a high time investment, uncertain results and stakes that often aren't very high generally only a small amount of money

Why should you implement Mandatory vacations for staff

When someone takes a holiday somebody else has to fill in for them. This will expose any illicit activity that the employee might be engaging in

What is the dormant phase of a virus

When the virus is attached to the host software but it is idle, waiting for some event to occur

How are modern networks designs

With a single point of entry/exit. Where both inbound and outbound traffic is monitored by a firewall

What is the fine for breaching GDPR

a fine of 4% of annual turnover

What is an apprentice hacker

a hacker with minimal technical skills that relies on attack toolkits a "script kiddie" These hackers are responsible for the highest volume of attacks, but their attacks are easiest to defend against

What is an attack kit

aka crimeware, these allow for construction of sophisticated worms right out of the box and come with full support

Give examples of copyright voilations

bypassing license restrictions or Digital Rights Management Systems (DRM)

What is Symmetric encryption

encryption and decryption are done with the same shared key

What is an attack

it is a threat carried out

What would a loss of confidentiality mean

that information has been disclosed without authorisation

Why are encrypted viruses often detected

the encryption key has to be visible (unencrypted) to decrypt the virus making it easily detectable by anti-virus software

What is "initial access" in terms of intruder behaviour

the intruder probes for vulnerabilities For example an open port were a weak server is listening

How do honeypots collect information

they have sensitive monitors and event loggers that detect accesses and collect information

Give examples of patent violations.

unauthorised or unlicensed use of algorithms or procedures


Related study sets

Chronic Kidney Disease HESI Case Study

View Set

Fundamentals Nursing Prep U Chapter 3 Heath, Illness, and Disparities

View Set

Unit 3 Molecular Geometry, Bonding, and Polarity

View Set

MED SURG EXAM 2 JEOPARDY GAME - JUNE 6, 2022

View Set

IASD AP Physics II, ELECTRIC POTENTIAL

View Set

KIN 245: The Wrist and Hand Joints

View Set

Comm 151 Final Exam: Suggested Questions

View Set

OCI Architect 2021 Associate [1Z0-1072-21] - Practice Exam

View Set

Mega International Econ (Part 1): Chapter 26: The XR and BOP

View Set