CSS 310 Midterm Study Set
How to calculate Uptime
(Time passed - Time down)/Time Passed *This is different from what the book says, but is correct for the quizzes he's been using.
Dictionary attack
A password attack that creates encrypted versions of common dictionary words (via hashing) and compares them against those in a stolen password file.
Brute force attack
A password attack where every possible character combination is tried.
Foreign Agent (FA)
A router with additional capabilities connected to another network (not the HA network), this object assigns the MN a local address. When the MN connects to another network that supports Mobile IP, it announces itself to this object.
Home Agent (HA)
A router with additional capabilities over standard routers. Keeps track of the MNs it manages. When an MN leaves a local network, this device forwards packets to the MN's current network.
Application Service Provider (ASP)
A third-party service company that delivers, manages, and remotely hosts standardized applications software via a network through an outsourcing contract based on fixed, monthly usage, or transaction-based pricing
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address Resolution Protocol (ARP) poisoning
Internet Protocol (IP) spoofing
An attacker may change a computer's network address to appear as an authorized computer in the target's network. If the administrator of the target's local router has not configured it to filter out external traffic with internal addresses, the attack may be successful.
Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?
Applying Security updates promptly
Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality?
Applying strong encryption
AAA
Authentication, Authorization, and Accounting. AAA protocols are used in remote access systems. For example, TACACS+ is an AAA protocol that uses multiple challenges and responses during a session. Authentication verifies a user's identification. Authorization determines if a user should have access. Accounting tracks a user's access with logs. Popular ones: RADIUS, TACACS+, DIAMETER, SAML
Voice pattern biometrics
Bad authentication bc voices are easily replicated by software
DIAMETER
Based on RADIUS Works with both fluid/mobile workforce AND stable/static workforce. Consists of: Base protocol - defines message format, transport, error reporting, security used by all extensions Extensions - conduct specific types of authentication, authorization or accounting transactions Uses P2P mode User Datagram Protocol (UDP)
BLP
Bell-LaPadula Model -DoD created this in the 1970's -prevents the leaking/transfer of classified info to less secure clearance levels -accomplished by blocking lower classified sub's from accessing higher classified objects -*maintains confidentiality of obj's, but not integrity or availability* -first mathematical model of a multilevel sec policy -doesn't support many modern networking features
Internet Society's Four Fundamental Principals Regarding Succesful IoT Innovation
Connect, Speak, Share, Innovate
CDAP
Content-Dependent Access Control Basically (the arbiter program) looks at content flags of the data (is this high-security? is this payroll?) and then looks at security clearances of the person accessing and then determines if they can accesss the thing Arbiter program causes a higher usage cost
Logical access controls
Control access to computer system or network (e.g. must have correct password) Limit what a user can do on a system based on who they are Limit what a user can do on a system based on actions they take
Physical access controls
Control access to physical resources (e.g. must have key to building, car etc.) Usually granted access through some kind of key or card or timing.
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
Correspondent node (CN)
CER
Crossover Error Rate Describes the point where the false reject rate (FRR) and false accept rate (FAR) are equal Used to measure accuracy of a system expressed as a percentage. Mentioned in context of biometric systems.
Remote Wiping
Device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.
Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?
Distributed denial of service (DDoS)
Which type of attack involves the creation of some deception in order to trick unsuspecting users? Fabrication Modification Interruption Interception
Fabrication
A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.
False
A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.
False
Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).
False
Cryptography is the process of transforming data from cleartext into ciphertext.
False
Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages.
False
In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
False
Passphrases are less secure than passwords.
False
Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.
False
Regarding the Internet of Things (IoT), a business involved in utilities, critical infrastructure, or environmental services can benefit from traffic-monitoring applications.
False
Temporal isolation is commonly used in combination with rule-based access control.
False
Terminal Access Controller Access Control System Plus (TACACS+) is an authentication server that uses client and user configuration files.
False
The asset protection policy defines an organization's data classification standard.
False
The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.
False
The number of failed logon attempts that trigger an account action is called an audit logon event.
False
The weakest link in the security of an IT infrastructure is the server.
False
Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).
False
FERPA
Family Educational Rights and Privacy Act Compliance regulation that applies specifically to the educational records maintained by schools about students.
Which control is not designed to combat malware? Firewalls Antivirus software Quarantine computers Awareness and education efforts
Firewalls
Which one of the following is NOT a market driver for the Internet of Things (IoT)?
Global adoption of non-IP networking
Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)? Supply chain management Health monitoring Infrastructure monitoring Virtual workplace
Health Monitoring
Cold Site (Alternative Data Center)
Holds no technical infrastructure Low cost but takes longer/more costly to get up and running in case of needing to use it
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?
Home Agent (HA)
Four-Part Access Control (Hint: IAAA)
Identification, Authentication, Authorization, Accountability Two phases: Policy definition phase (authorization) Policy enforcement phase (identification, authentication, authorization execution, accountability)
Address Resolution Protocol (ARP) poisoning
In this attack, the attacker spoofs the MAC address of a targeted device, such as a server, by sending false ARP resolution responses with a different MAC address. This causes duplicate network traffic to be sent from the server.
Brewer and Nash
Integrity Model. Also called Chinese Wall. Used to apply dynamically changing access permissions. Used to protect against integrity threats arising from conflict of interests (e.g. competitors can't access each other's information). Basically makes it so users with access to X don't have access to Y.
Clark-Wilson
Integrity model. Addresses two components missing by Biba. Looks at A) What happens when users allowed in system do things they're not permitted to do B) Internal integrity threats C) Whether software does what it's designed to do Three parts: Stops unauthorized users from making changes. Stops authorized users from making improper changes. (not in Biba) Keeps internal and external consistency. (not in Biba) Access triple: subject, program, object Integrity enforced by binding (subject-to-program or program-to-object), which creates separation of duties.
Biba
Integrity model. Created to address failure of Bell-LaPadula (BLP) to protect data integrity Consists of three parts: -(Integrity axiom) Subject cannot read objects that have a lower level of integrity than the subject does. A subject at a given integrity level can read only objects of the same integrity level or higher. -Subject cannot change objects that have a higher level. -Subject may not ask for service from subjects that have a higher integrity level. A subject at a given integrity level can only call up a subject at the same integrity level or lower.
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
Kerberos
LDAP
Lightweight Directory Access Protocol SSO Process. Handles access control credentials. Makes managing devices access/logon creditions over network easy. Defines and uses distributed directory services. Not a complete solution, but often used as part of solution. Often secured via SSL. Open-source.
Risk: Unauthorized access to data centers, computer rooms, and wiring closets
Mitigation: Apply policies, standards, procedures, and guidelines for staff and visitors to secure facilities.
Risk: Susceptibility of client/server and web applications
Mitigation: Conduct rigorous software and web application testing and penetration testing prior to launch
Risk: Loss of backed-up data as backup media are reused
Mitigation: Convert all data into digital data for long-term storage. Retain backups from offsite data vaults based on defined Recovery Time Objectives (RTOs).
Risk: Downtime of servers to perform maintenance
Mitigation: Create a system that brings together servers, storage, and networking.
Risk: Server operating systems software vulnerability
Mitigation: Define vulnerability window for server operating system environments. Maintain hardened production server operating systems
Risk: Recovery of critical business functions potentially too time-consuming to be useful
Mitigation: Develop a business continuity plan for mission-critical applications providing tactical steps for maintaining availability of operations.
Risk: Downtime of IT systems for an extended period after a disaster
Mitigation: Develop a disaster recovery plan specific to the recovery of mission-critical applications and data to maintain operations.
Risk: Unauthorized access to systems
Mitigation: Follow data classification standards regarding stringent use of second-level authentication.
Risk: Loss or corruption of data
Mitigation: Implement daily data backups and offsite data storage for monthly data archiving. Define data recovery procedures based on defined recovery time objectives (RTOs).
Risk: Insecure cloud computing virtual environments by default
Mitigation: Implement virtual firewalls and server segmentation on separate VLANs. A virtual firewall is a software-based firewall used in virtual environments.
Risk: Data breach where private data of individuals are compromised
Mitigation: Separate private data elements into different databases. For archiving purposes, encrypt sensitive data at rest within databases and storage devices.
What is NOT a commonly used endpoint security technique?
Network Firewall
Beth must purchase firewalls for several network circuits used by her organization. Which one circuit will have the highest possible network throughput?
OC-12
Which type of authentication includes smart cards?
Ownership
Which element of the security policy framework requires approval from upper management and applies to the entire organization?
Policy
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?
Procedure
cloud computing pros and cons
Pros: -No need to maintain data center -No need to maintain disaster recovery site -Outsourced responsibility for performance and connectivity responsibility -On-demand provisioning Cons: -Greater difficulty in keeping private data secure -Greater danger of private data leakage -Greater demand (on users) for constant network access -Greater need for clients to trust/rely outside vendors
Hashing
Putting a value (e.g. a password) through some function to produce a scrambled representation of itself. Unlike encryption, hashing is not often easily reversable.
Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?
Redundant Array of Independent Disks (RAID)
RADIUS
Remote Authentication Dial-in User Service Most popular AAA service. Authentication server that uses: -Client configuration file (contains client address & shared secret for transaction authentication) -User configuration file (contains user identification and authentication data and connection and authorization info) Steps: 1. Network Access Server (NAS) decrypts user's UDP access request 2. NAS authenticates source. 3. NAS validates request against user file. 4. NAS rejects or allows access or requests more info
George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?
Risk Management Guide for Information Technology Systems (NIST SP800-30)
Kerberos
SSO Process. Computer network authentication protocol that allows nodes communicating over nonsecure network to prove their identity to one another in a secure manner. Provides mutual authentication. Protects against eavesdropping and replay attacks. Steps: 1. User sends ID and access request through Kerberos client software on workstation to key distribution center (KDC). 2. KDC authentication server verifies user and requested service are in KDC database and sends ticket (unique key for user, timestamped for requested servce) (Ticket Granting Service = TGS) 3. User cannot use ticket after it expires. KDC must be physically secured bc KDC is potential single point failure. Developed by MIT.
Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation? Connect Secure Speak Share
Secure
SESAME
Secure European System for Applications in a Multi-vendor Environment An SSO process. Addresses Kerberos weaknesses. Improves key management using symmetric and assymetric keys to protect interchanged data. Offers public key cryptography and role-based access control abilities. A research and development project funded by the European Commission.
SAML
Security Assertion Markup Language. An AAA server. Open standard used for exchanging both authentication and authorization data. Data format specification based on XML, designed to support distributed system access control needs. Often used in web app access control. Not for centralized systems.
Christmas attack
Sends advanced TCP packets with flags set to confuse IP routers and network border routers with TCP header bits set to 1, thus lighting up the IP router like a Christmas tree.
As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?
Simulation test
SSO Process
Single Sign On Process Popular ones include LDAP, Kerberos, & SESAME
Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?
Standard
Which one of the following principles is NOT a component of the Biba integrity model?
Subjects cannot change objects that have a lower integrity level.
TACACS+
Terminal Access Controller Access Control System Plus AAA Server. Internet Engineering Task Force (IETF) standard. Uses configuration file to: -Control server operations -Define users and attribute/value pairs -Control authentication and authorization procedures Authentication steps: 1. Client sends service request via TCP w header in cleartext and an encrypted body containing user ID, pass, & shared key. 2. Reply contains permit/deny and attribute/value pairs for connection configuration Originated from Cisco Systems
Care of Address (COA)
The local address for the MN when it connects to another network, the FA assigns the COA to the MN and sends it to the HA when the MN connects. In many cases, the COA is actually the FA address. The HA forwards any packets for the MN to the COA. The FA receives the packets and forwards them to the MN.
Mobile Node (MN)
The mobile device that moves from one network to another. It has a fixed IP address regardless of the current network.
Unified Messaging
The storage of fax, email, and voice communications in a single location. This allows you to download both voice and email messages to a smartphone or tablet.
False
The term risk methodology refers to a list of identified risks that results from the risk-identification process.
Authentication Types
Thing you have - e.g. a phone Thing you know - e.g. a password Thing you are - e.g. fingerprints Thing you do - e.g. typing pattern Thing you're located at - e.g. not in alaska when you're usually in cali, or just literally being in the building where records are stored
System/Application Domain
This holds all the mission-critical systems, applications, and data.
Correspondent Node (CN)
This is the node that wants to communicate with the MN.
Password protection
This mitigation plan is most appropriate to limit the risk of unauthorized access to workstations.
What type of malicious software masquerades as legitimate software to entice the user to run it?
Trojan horse
A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.
True
A trusted operating system (TOS) provides features that satisfy specific government requirements for security.
True
Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.
True
Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.
True
Each 4G device has a unique Internet Protocol (IP) address and appears just like any other wired device on a network.
True
IoT devices cannot share and communicate your IoT device data to other systems and applications without your authorization or knowledge.
True
Organizations should start defining their IT security policy framework by defining an asset classification policy.
True
The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.
True
The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.
True
Using a secure logon and authentication process is one of the six steps used to prevent malware.
True
When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.
True
2FA
Two factor authentification, uses two different types of authentication (usually thing you have and thing you know sometimes thing you are)
Fabrication
Type of attack involving the creation of some deception in order to trick unsuspecting users.
Session hijacking
Type of attack where the attacker attempt to take over an existing connection between two systems.
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?
Typosquatting
Clear Text
Unencrypted text that can be read with any editor.
Common methods used to identify a user to a system
Username, smart card, and biometrics (and more)
Virus vs. Worm
Viruses require a host, worms don't.
Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?
Warm Site
Crossover error rate (CER)
Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?
Salting
adding entropy or randomness in order to make sequences or patterns more difficult to detect. Typically placed in front of password.
Rainbow Table Attack
attempts to discover the password from the hash using databases of precomputed hashes; countermeasure is salting
HTTP
the communications protocol between web browsers and websites with data in cleartext.
URL hijacking
the user is directed to a different website than what he or she requested, usually to a fake page that the attacker has created (based on misspelling of URL). This gives the user the impression that the attacker has compromised the website when in fact the attacker simply diverted the user's browser from the actual site. This type of attack is also known as typo squatting. Attackers can use this attack with phishing to trick a user into providing private information such as a password.