Network Security 1
Advanced Encryption Standard
AES
_________ laws are regulatory standards written by government agencies, like the Federal Trade Commission (FTC).
Administrative
All computers used for remote connections should be protected from unauthorized use such as enabling the ________ password and encrypting the data on laptops. BIOS
BIOS
The _____________ helps you determine how much you should spend on countermeasures to prevent or reduce your risk.
Annualized Loss Expectancy
Because Web servers tend to handle high traffic volumes, it usually makes sense to put the Web server in a ________ in front of the firewall so it doesn't add to the workload of the firewall.
DMZ
_______ programs are used to move, copy, or delete files. It's a program that is used to connect to a computer that is physically located somewhere else.
FTP
________ VPNs mean these are encrypting routers.
Hardware-based
SSL runs whenever you connect to a secure website. You know that a site is running ____ because the address changes to https from http. SSL directs the traffic to the Web server to port 443 and encrypts the data during the transmission.
SSL
Secure Socket Layer
SSL
To harden your database: put your database behind a firewall; never put a ____ on your database; use encryption when possible; harden the OS that the database runs on; and apply security patches and upgrades as soon as they are available.
Web server
The only way you can fix the problems with SSL is to obtain a patch from the vendor of the ____.
Web server software
In the _________ permissions, you can change the extended attributes of a file or folder.
Write Extended Attributes
In Apple OS X, you can change permissions using the ____ command from the command line.
chmod
Dangers to cable modems and DSL routers are similar: you are always ________, you have a static IP address, and you can remotely access the routers to configure the box.
connected
Stateful inspection also supports _________ protocols such as User Datagram Protocols (UDP), something that routers can't do.
connectionless
Hard drives should have hardware locks and these locks should be _________ by a central authority.
controlled
Part of protecting your network involves knowing where everything is but also who can access the hardware and software and who _______ the access.
controls
To determine how much you should spend on security requires a __________.
cost/benefits analysis
DES is one of the ________ algorithms used in encryption. A stronger version is known as 3DES (Triple DES).
cryptographic
The anti-virus ______ is based upon existing viruses and behaviors previously seen. This is a significant weakness of anti-virus products that vendors try to overcome with the use of heuristics - a method of anticipating and examining behaviors.
database
The anti-virus scanner consists of two parts, the scanning engine and the __________.
database
CGI is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and ____ because a database doesn't understand HTML and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.
databases
A modem stands for modulator/______ and it changes the digital data created by your computer into electronic pulses that can be carried by the phone line.
demodulator
If your company passes data between a remote connection and your network, you may want to consider setting up a VPN, which includes encryption, have a strong form of authentication such as security tokens, _____, and biometrics (because logon IDs and passwords are easily cracked).
digital certificates
To harden your database: go through all the directories and make sure they have the appropriate permissions; ____ the operating system back doors and mail capabilities; enable logging and set for failed object assess and logons; control the distribution of database query tools in your organization.
disable
Your Web server should have its operating system hardened and security patches applied. The Web server needs to be configured for security, which means ____ guest accounts, limiting access to directories, and applying necessary security patches.
disabling
MPLS is used to ________ traffic when there are failures or bottlenecks in the network.
divert
___________ is important, prepare a central log and stick with it.
documentation
A good computer security assessment team should have at a minimum a team manager, head geek, and _________.
documenter
If you're connected to the Internet via modem, chances are your vulnerability to hack attacks is quite small because you are not connected all the time and you do not have a set IP address (static IP address). Each time you connect, your ISP gives you a changing address (__________IP address).
dynamic
If your business is heavily reliant upon _______, you will probably have a high volume of email traffic and want two email servers: one for inbound traffic and one for outbound traffic.
_______ is now one of the most common avenues for viruses and malicious programs that can wreak havoc and damage data.
Precautions a company can take to safeguard network security in the event of ___________ are: recover keys and identification; do a physical search of any file boxes the employees have with them on their last day; do a physical body search for disks and small electronics; disable their network access; and perform an exit interview and keep a record of the exit interview process.
employee termination
IDS uses two methods for analysis: pattern matching and _________.
anomaly detection
All ______ scanners work with a database that contains information about viruses; this information is called the virus fingerprint or signature. The database needs to be updated frequently so that it contains the most up-to-date virus information.
anti-virus
Firewalls, intrusion detection systems, ________software, and other extensive security measures are required to protect T1, T3, and OC-3 network connections.
anti-virus
IDS pattern matching works similar to the way that _________ software does. The IDS contains a large database of known attacks and creates a signature of these attacks. When data is captured, IDS looks for patterns in that data.
anti-virus
It's recommended to upgrade your __________ software at least once a week for the dat files and once a month for the scanning engines.
anti-virus
Some content filtering programs also work in concert with __________ programs to give you another level of protection.
anti-virus
Ad-hoc are packets that allow the clients to speak to one another without having to go through the access point. These packets don't contain ________ data and are considered to be the same as data packets by the network.
beacon
Beacons continually ________ by the access point with the SSID and the MAC address. These are sent so clients can find the network to join it. This data is not encrypted when encryption is enabled on the wireless network.
broadcast
A _________ attack is when someone is trying to guess a password to gain unauthorized access and he keeps guessing until he gets in.
brute force
A Service Pack is the granddaddy of all bug fixes and security patches, because it has been extensively beta-tested for problems. You can feel fairly comfortable that installing a service pack won't cause problems. You still have to check to see whether any _____ were released after the service pack was created, and you have to apply those separately.
security patches
All applications on all platforms have the appropriate ________ applied.
security patches
To harden your database: put your database behind a firewall; never put a Web server on your database; use encryption when possible; harden the OS that the database runs on; and apply ____ and upgrades as soon as they are available.
security patches
The method of protection, the strength of your protection, and your philosophy will determine your _____.
security posture
The __________ program should be attended by new hires and have an annual refresher course where at the end, the employee signs a statement indicating that he has received the training, understands it, and will comply with the rules.
security training
Internal DNS and external DNS should be on ________ machines, so that your internal network isn't visible to the entire outside world.
separate
The anti-virus software's ____________ files are essentially the database of known viruses and their actions.
signature
Employee education and awareness is the only security mechanism that will work against ¬¬¬¬¬________.
social engineering
People are vulnerable to ___________.
social engineering
All firewalls using _________ keep all ports closed until a specific port is requested.
stateful inspection
___________security is a relatively new market generally serviced by telecoms, ISPs, and managed security services (MSS).
outsourced
Most ________ focus on firewall and intrusion detection management and sometimes VPNs.
outsourcers
Dangers to cable modems and DSL routers are similar: you are always connected, you have a ________ IP address, and you can remotely access the routers to configure the box.
static
A switch works by switching _________ between two or more machines on a network.
packets
Ad-hoc are ________ that allow the clients to speak to one another without having to go through the access point. These packets don't contain beacon data and are considered to be the same as data packets by the network.
packets
All network traffic is segmented into little pieces called ________.
packets
The Windows Operating System needs to be regularly maintained with fixes called ______, hotfixes, and service packs.
patches
Your Web server should have its operating system hardened and security patches applied. The Web server needs to be configured for security, which means disabling guest accounts, limiting access to directories, and applying necessary security ___________.
patches
An IDS is also expecting the attack to come at a certain pace, so if the attacker sends the data very slowly, for example, the IDS won't necessarily see the ________.
pattern
An IDS can look at all the traffic and draw a conclusion based on various factors - it's not just limited to certain types of traffic, but can look for ______________.
patterns and changes
The leased line was a ________ phone line laid between the two offices and the only connections allowed on it were the two ends of the networks. No one could dial in to the network and you had to have physical access to the line to be able to connect.
physical
Firewalls do a majority of their work at the _____ and service level. They examine the ports and services in three basic ways: packet filtering, stateful inspection, and application proxying.
port
Employees should have no expectation of _________ of anything they store or transmit on a company system.
privacy
In Apple OS X, you have to use the command line to create groups and to set their ____ using the newgrp and chgrp commands.
privileges
CGI scripts are actually small ____ that are telling the computer what to do. Because they are programs, they have the ability to do almost anything - including deleting and changing files.
programs
IKE is the ________ used for exchanging secret keys in IPSec.
protocol
In a firewall, a _________ is a transparent intermediary that works between two connections.
proxy
Data Protection means the data traveling on the ________ network (Internet) must be unreadable by unauthorized users on the network.
public
After you make changes to the registry, you have to exit the ________ and reboot for the changes to take effect.
registry editor
Telnet is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to access a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the password for telnet can be guessed or cracked, the intruder can telnet into your _____, change configurations, or install unauthorized programs.
system
The servers should be in a locked, limited access room to prevent theft of the equipment and to prevent ____________ to the configurations of the server
unauthorized changes
Your Apple OS X must be formatted with HFS partitions if you want to use ____ networking on your Macs.
wireless
The VPN exchanges a set of shared secrets to create an ________ key. The traffic traveling along the established channel is wrapped with an encrypted package that has an address on the outside of the package. But the contents are hidden from view. Once the data reaches its destination, the wrapper is safely removed.
encryption
You need to have a list of all your ______, the makes and models, and who the support vendors are.
equipment
Software-based VPNs mean a complete package is installed on a server dedicated to ________ and maintaining VPN connections.
establishing
CGI is a way for computer of different types to talk to one another. It's most often used to ____ data between Web servers and databases because a database doesn't understand HTML and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.
exchange
IKE is the protocol used for ________ secret keys in IPSec.
exchanging
All _________ using stateful inspection keep all ports closed until a specific port is requested.
firewalls
Do a __________ of your system every week.
full backup
To harden your database: put your database behind a firewall; never put a Web server on your database; use encryption when possible; ____ the OS that the database runs on; and apply security patches and upgrades as soon as they are available.
harden
The platforms are all protected by ________ their operating systems and having security patches applied.
hardening
The _______ checklist should have columns for hardware name, number of items, type and password protection.
hardware
GRE is a method for wrapping packets so that the original addresses are________.
hidden
Software companies are aware that security holes exist and are fairly responsible in releasing fixes in a timely manner, called bug fixes, _______, patches, and sometimes updates.
hot fixes
The Windows Operating System needs to be regularly maintained with fixes called patches, ______, and service packs.
hotfixes
Firewalls use a combination of scanning methods to create a hybrid of its own. Hybrids typically include hard circuits between networks that are not inspected, various levels of packet filtering, and more granularity in the stateful _________ and application of proxies.
inspection
How can you convert an _________ such as security into dollars and cents? By looking at the cost of manpower and potential lost sales.
intangible
Address Management means the VPN must be able to keep the IP addresses of the ________ network secret.
internal
One of the biggest mistakes you can make is to combine a Web server and a database on the same computer. Place a firewall between a Web server and a database server to make it harder for a malicious _____ to destroy your entire system.
intruder
Most outsourcers focus on firewall and ______________ management and sometimes VPNs.
intrusion detection
All pieces of equipment should have ___________ labels.
inventory control
The hardware checklist should have columns for hardware _____, number of items, type and password protection.
name
Firewall-based VPNs mean all VPN ________ are handled by the firewall.
negotiations
In the security infrastructure, the __________ layer consists of all the things that make the network work - network cards, routers, switches, hubs etc.
network
The ________ (internal and DMZ) are protected with security devices (router and firewall).
networks
Security policies are the _______ that everyone must follow and the procedures are how the rules will be put in place and enforced.
rules
SSL runs whenever you connect to a ____ website. You know that a site is running SSL because the address changes to https from http. SSL directs the traffic to the Web server to port 443 and encrypts the data during the transmission.
secure
It is extremely difficult to determine which sections of code will leave ___________ holes.
security
The key to firewalls are the filters and ______.
ACLs
The L2TP protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer ¬¬¬¬_____of the OSI model, the Datalink Layer. L2TP does not use packets to transmit data, it uses frames.
2
All back-up tapes should be labeled and locked away. ________ tapes should be kept off premises.
Archived
Annualized rate of occurrence
ARO
____ are actually small programs that are telling the computer what to do. Because they are programs, they have the ability to do almost anything - including deleting and changing files.
CGI scripts
Sometimes the sacrificial lamb is placed in a _____.
DMZ
_____ do a majority of their work at the port and service level. They examine the ports and services in three basic ways: packet filtering, stateful inspection, and application proxying.
Firewalls
________, intrusion detection systems, anti-virus software, and other extensive security measures are required to protect T1, T3, and OC-3 network connections.
Firewalls
_____don't protect your systems against viruses, you need anti-virus software.
Firewalls
___________ all miscellaneous disks and check them out. Be prepared to find illegal software and other materials that you may not want to be in your office. Physically destroy or have the owner take them home.
Gather up
L2TP is better suited for VPNs for dial-up connections or networks using a variety of networking technologies like Frame Relay or ATM (Asynchronous Transfer Mode). ________ is better if you have a straightforward IP-based network.
IPSec
Many users combine both ________ and L2TP on their VPNs for better security.
IPSec
Many users combine both IPSec and________ on their VPNs for better security.
L2TP
Exposure Factor
EF
________ VPNs mean all VPN negotiations are handled by the firewall.
Firewall-based
An _____ can look at all the traffic and draw a conclusion based on various factors - it's not just limited to certain types of traffic, but can look for patterns and changes.
IDS
Internet Relay Chat
IRC
¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬____________ covers copyrights, trademarks, trade secrets, offenses to the integrity of IP systems, and misuse of dissemination systems.
Intellectual property
In the Apple OS X, __________ stores all the passwords you tell it to in an encrypted file.
Keychain
In Apple OS X, to start ____, open the Systems Preferences and click on Sharing. Then click on the Application tab and check the Allow remote login checkbox.
SSH
In the _________ permissions, you can take over as the owner of a file or folder. Usually an owner has a full set of permissions.
Take Ownership
________ means the VPN must be able to verify a user's identity and restrict access to only validated users. In addition, there must be a method of logging access.
User Authentication
A _________ uses a special protocol to add information to the packets that identify which segment the computer resides on. So, computers sitting right next to each other won't necessarily be on the same segment of the network, one could be in the Finance segment and another could be in Operations.
VLAN
Virtual Local Area Network
VLAN
Virtual Private Network
VPN
Many viruses have been written using the Visual Basic Language that is controlled by Windows Scripting Host (WSH). Remove _____ and the virus can't operate. Only allow WSH to run on machines that need it.
WSH
An __________ server needs to have the operating system hardened and to have security patches applied for the different applications that you run.
application
Once a month you should store one of the full backups for _________ reasons.
archival
The first thing to do when your computer is ________ is to take the system offline and restore it from your back up.
attacked
Check that everything is being done by the rules. Check the _____ logs on the computers and ask questions of employees.
audit
RADIUS is an ________ system used to authenticate users.
authorization
When your user account was created, you were given certain ______ on the system to enable you to do your job. These authorizations are also called permissions.
authorizations
The purpose of access control is to protect your assets, and the means to this end is to: identify wo you are giving access to, authenticate - verify who they really are, and ________- let them do only what you want them to do.
authorize
Clients that want to join a ________ network will send a request for a probe packet from the access point. If the access point will allow the request, it responds with a probe packet. This data is not encrypted when encryption is enabled.
wireless
There are many ways to secure a ________ network: strong passwords, well-defined users' access lists, and various levels of encryption.
wireless
GRE is a method for ________ packets so that the original addresses are hidden.
wrapping
There are three different types of VPNs: ________ -based, hardware-based, and software-based.
firewall
A ________ is a much simpler construct than a packet and it does not have as much information in it as a packet has. Think of a frame as a burst of data rather than a package of data.
frame
A firewall software computer, dedicated to ___________ unauthorized entry into the network, needs to be kept up to date with upgrades and patches.
detecting and preventing
SSL runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to https from http. SSL directs the traffic to the Web server to port ____ and encrypts the data during the transmission.
443
Data is sent between computers. This is the only traffic that is ________ when encryption is enabled.
encrypted
Many people update the signature files for the database but are unaware that the __________ also needs updating.
engine
In the case of ____________ attacks, the country of the origin of the attack usually takes the lead.
international
IDS _________ logs from your systems, watches network traffic, and attempts to identify patterns that look like an attack.
monitors
The database __________ should be hardened and the security patches applied.
operating system
Email servers will need to have their __________ hardened and security patches applied. You will also need anti-virus protection on the email servers because most viruses enter through this path.
operating systems
Network maps can give you a listing of all the ___________ and applications installed on the network.
operating systems
Passwords traverse networks on an almost constant basis, and all it takes is a well-placed eavesdropping program (called a ___________) to gather hundreds and thousands of passwords in a matter of hours.
password sniffer
The simple definition for risk mitigation is ____________.
prevention
Key Management means the VPN must be able to generate shared, secret keys with the ________ users.
remote
________ are packets that allow the clients to speak to one another without having to go through the access point. These packets don't contain beacon data and are considered to be the same as data packets by the network.
Ad-hoc
________ means the VPN must be able to keep the IP addresses of the internal network secret.
Address Management
Rename or disable the built-in _____ account. Be sure to use your best and strongest passwords on this account.
Administrator
The default installation of Apple OSX includes three accounts: root, ____, and regular users. The root account allows you to do everything, just like the UNIX root account. The administrator account in Macs is restricted and does not have a full set of privileges like a root account does. The root account is not enabled by default.
administrator
Configuring content filters and anti-virus software can help with preventing _________ from entering your network via email.
executables
Firewalls are not foolproof, they are also known for sending out a lot of __________, which can be troublesome if the staff gets in the habit of ignoring the alarms. The alarms can be hard to understand and if the firewall administrator hasn't been properly trained, he may miss important clues about possible attacks.
false alarms
Keep all the software licenses locked in a ___________ to keep your licenses in order in case you are ever audited.
filing cabinet
The key to firewalls are the ____ and ACLs.
filters
_________ hackers are able to write common attack programs and have an in-depth knowledge of how networks communicate.
common
VPNs were created to address two different problems; the high cost of ________ leased lines needed for branch office communications and the need to allow employees a method of securely connecting to the headquarters networks when they were on business out of town or working from home.
dedicated
An ________ estimates the number of times something will happen within a one-year timespan.
ARO
The purpose of access control is to protect your assets, and the means to this end is to: ________ who you are giving access to, authenticate - verify who they really are, and authorize - let them do only what you want them to do.
identify
Most routers have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or access control lists (ACL). Routers maintain logs of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based __________ to make configuration easier.
interfaces
Your assets include hardware, software, and _______.
invested time
There is no industry standard for anti-virus scanners. There are independent __________ that let you see whether the various anti-virus products have passed or failed the latest testing.
labs
To create a more effective security design, add security to each _____.
layer
Never keep your backup media in the same __________ as your backup computers.
location
Note the ______ and make and model of DSL and dial-up modems.
location
An effective method of disabling repeated guesses is to ________ the user ID after a certain number of failed attempts.
lock out
Hard drives should have hardware _____ and these locks should be controlled by a central authority.
locks
A ______ stands for modulator/demodulator and it changes the digital data created by your computer into electronic pulses that can be carried by the phone line.
modem
A ___________ is a program that works by querying the network, looking for computers and their addresses; it then uses this information to make a physical map of your network.
network mapper
As soon as security alerts appear you should obtain the fix and apply it to your computers. It's one of the best things you can do to ensure ______.
network security
You need permission and support from the higher-ups before starting work on __________. Set a schedule, give them updates and progress reports, ask them to give you feedback. The more they are included, the more likely they are to work with you, rather than against you.
network security
A router examines the traffic coming in from the Internet and then uses a database of routes and rules to send the traffic to the correct section of your network. Traffic can be filtered by ________ IP addresses, destination IP addresses, and/or ports.
originating
In the security infrastructure, the _________ layer is the applications and the way they move data around to different machines.
processes
Telnet is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to access a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the ________ for telnet can be guessed or cracked, the intruder can telnet into your system, change configurations, or install unauthorized programs.
password
All networks are accessed with ________ and all networks are vulnerable to virus infections to some degree.
passwords
QFE patches are usually released to fix a bad bug in the program rather than a security hole, and they are an example of "quick and dirty" programming. These _____ are not rigorously tested, and you have no guarantees that they won't affect other parts of your system.
patches
In Apple OS X, you can change ____ using the chmod command from the command line.
permissions
All applications on all ________ have the appropriate security patches applied.
platforms
The ________ are all protected by hardening their operating systems and having security patches applied.
platforms
Because a ______________ floods the network with queries, running too many queries at once can bring a healthy network to a screeching halt.
port scanner
All firewalls using stateful inspection keep all _________ closed until a specific port is requested.
ports
The networks (internal and DMZ) are ________ with security devices (router and firewall).
protected
After you make changes to the registry, you have to exit the registry editor and ________ for the changes to take effect.
reboot
Write down all _______ passwords and store them in a safe.
root
Putting a ______ in front of a firewall helps with pre-screening.
router
If your company is medium to large, you should appoint a ____________ whose main job is to oversee and manage security.
security officer
When a virus copies itself from one file to another, it leaves bits of its code in the infected file. The __________ of that code is specific to each virus and is part of what makes up the fingerprint of the virus.
sequence
Security dangers increase when services such as Web servers, data base servers, FTP servers, mail servers, firewalls, and intrusion detection systems are all combined on the same _________.
server
_____ serve the individual workstations with files that can be shared and moved around.
servers
Firewalls can examine an entire __________ and not just the packet itself. Based on the content of the stream, the firewall makes a decision as to which application is being used to transmit the data. It then starts a restrictive version, like FTP or Telnet, in which rules are set as to verify the user and the destination.
stream of data
RADIUS is an authorization ________ used to authenticate users.
system
Apple OS X has included SecureShell (SSH) in its default installation for a secure ____ program.
telnet
The ______ is a special set of permissions that allow you to move through a folder that you don't have List permission to. You can also run the application so you can open the file.
traverse folder/execute file
Get in the practice of checking for anti-virus _______ at least once a week.
updates
Change all ____ passwords if you suspect a root password has been compromised.
user
Beacons continually broadcast by the access point with the SSID and the MAC address. These are sent so clients can find the network to join it. This data is not encrypted when encryption is enabled on the ________ network.
wireless
In Apple OS X, to start SSH, open the Systems Preferences and click on Sharing. Then click on the ____ tab and check the Allow remote login checkbox.
Application
Berkeley Software Distribution
BSD
________ continually broadcast by the access point with the SSID and the MAC address. These are sent so clients can find the network to join it. This data is not encrypted when encryption is enabled on the wireless network.
Beacons
Data Encryption Standard
DES
________ is sent between computers. This is the only traffic that is encrypted when encryption is enabled.
Data
________ means the data traveling on the public network (Internet) must be unreadable by unauthorized users on the network.
Data Protection
________ are often the heart of the company's operations and can contain personnel records, financial data, and customer files.
Databases
The L2TP protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer 2 of the OSI model, the ________ Layer. L2TP does not use packets to transmit data, it uses frames.
Datalink
________ that want to join a wireless network will send a request for a probe packet from the access point. If the access point will allow the request, it responds with a probe packet. This data is not encrypted when encryption is enabled.
Clients
Don't forget the Good, _____, Cheap Triangle.
Fast
CGI is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand ____ and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.
HTML
Multiprotocol Support means the VPN must be able to handle multiple protocols so data of different types can be shared. This includes protocols like SMTP, ________, telnet, and so on.
HTTP
_________ should have hardware locks and these locks should be controlled by a central authority.
Hard drives
With ______, the machine examines traffic and compares it to a database of known attack methods and then sends alerts when these conditions are met.
IDS
_____ send alerts and reports to the administrators based on what they are finding, so the administrators don't have to rely upon deciphering log entries to see what's going on.
IDS
_________ monitors logs from your systems, watches network traffic, and attempts to identify patterns that look like an attack.
IDS
_________ uses two methods for analysis: pattern matching and anomaly detection.
IDS
Thanks to __________, there are literally hundreds of ways to defeat an IDS and they are all well documented on the Internet.
IDS hackers
Internet Key Exchange
IKE
Address Management means the VPN must be able to keep the ________ of the internal network secret.
IP addresses
Apple OS X has a built-in ____ called ipfw. You configure it from a command-line interface instead of a GUI.
IP firewall
IPSec works at Layer 3 of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with ________ that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.
IP packets
L2TP is better suited for VPNs for dial-up connections or networks using a variety of networking technologies like Frame Relay or ATM (Asynchronous Transfer Mode). IPSec is better if you have a straightforward ________ network.
IP-based
PPTP is a forerunner of ________.
L2TP
The ________ protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer 2 of the OSI model, the Datalink Layer. L2TP does not use packets to transmit data, it uses frames.
L2TP
________ is better suited for VPNs for dial-up connections or networks using a variety of networking technologies like Frame Relay or ATM (Asynchronous Transfer Mode). IPSec is better if you have a straightforward IP-based network.
L2TP
A _________ establishes a connection between two different segments on a network just long enough to send the current packet. Incoming packets are saved to a temporary memory area (buffer).
LAN switch
The ______ permission allows you to view the names of files in a folder and can read the data in a file, but you cannot make changes.
List Folder/Read Data
______are important to keep a record of what you've done and why you've done it: organization charts, hardware lists, software lists, network map, and building plans.
Lists
________ will help you decide what type of DMZ architecture is the better risk worth taking.
Risk assessment
__________ hackers are the vandals and graffiti artists of the Internet. They have little or no actual programming skill and can only hack with tools available on the Internet.
Script kiddie
Beacons continually broadcast by the access point with the SSID and the ________. These are sent so clients can find the network to join it. This data is not encrypted when encryption is enabled on the wireless network.
MAC address
The ________ file is a temporary swap file that Windows uses to manage memory and enhance the performance of Windows. This file should be set to clear at Shutdown.
Page
Annualized Loss Expectancy
ALE
In Registry, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: ________, Binary, and DWORD.
String
Generic Routing Encapsulation
GRE
Emergency Repair Disk
ERD
The _____________ is the percentage of loss that would occur if you experience an attack.
Exposure Factor
In the _________ permissions, you can change the permissions on a file or folder.
Change Permissions
___________ laws are to protect the general public and violators usually face a jail sentence.
Criminal
Digital Subscriber Line
DSL
VPN has two main protocols ________ and IPSec.
L2TP
Lightweight Directory Access Protocol
LDAP
MultiProtocol Label Switching
MPLS
________ means the VPN must be able to handle multiple protocols so data of different types can be shared. This includes protocols like SMTP, HTTP, telnet, and so on.
Multiprotocol Support
Network Interface Card
NIC
________ IDS can be set to listen only for traffic destined for the particular segment of the network on which it resides, or they can be set to promiscuous mode, so they listen to all traffic sent to all segments.
Network-based
_________________ can be set up to examine the traffic on a single machine or on the entire network.
Intrusion Detection Systems
Hackers are known to engage in an activity known as __________, where they physically rummage through trash dumpsters looking for personnel files, network files, and anything else they can get their hands on.
dumpster diving
CGI scripts are actually small programs that are telling the computer what to do. Because they are programs, they have the ability to do almost anything - including deleting and changing ____.
files
A _________ sandwich is two firewalls with a machine operating as a load balancer between them. Both firewalls work all the time, but if one fails, the other takes all the load.
firewall
Because Web servers tend to handle high traffic volumes, it usually makes sense to put the Web server in a DMZ in front of the ________ so it doesn't add to the workload of the firewall.
firewall
Firewall-based VPNs mean all VPN negotiations are handled by the ________.
firewall
Firewalls can examine an entire stream of data and not just the packet itself. Based on the content of the stream, the ______ makes a decision as to which application is being used to transmit the data. It then starts a restrictive version, like FTP or Telnet, in which rules are set as to verify the user and the destination.
firewall
Most outsourcers focus on __________ and intrusion detection management and sometimes VPNs.
firewall
One of the biggest mistakes you can make is to combine a Web server and a database on the same computer. Place a _____ between a Web server and a database server to make it harder for a malicious intruder to destroy your entire system.
firewall
The networks (internal and DMZ) are protected with security devices (router and ________).
firewall
To harden your database: put your database behind a ____; never put a Web server on your database; use encryption when possible; harden the OS that the database runs on; and apply security patches and upgrades as soon as they are available.
firewall
Firewalls are not foolproof, they are also known for sending out a lot of false alarms, which can be troublesome if the staff gets in the habit of ignoring the alarms. The alarms can be hard to understand and if the ___________ hasn't been properly trained, he may miss important clues about possible attacks.
firewall administrator
Personal ________ are a great way to protect small systems from intrusions if you are using DSL connections.
firewalls
___________ are very good at examining your Internet traffic and keeping unwanted traffic out.
firewalls
Firewalls use to basic methods of selection: _________ and best available. In first available, it means that when a packet comes in, the firewall goes through the list of rules, and the first rule that looks like a match is used. In best available, when a packet reaches the firewall, the firewall looks at all the rules that may be a match and then chooses the one it considers to be the best.
first available
Firewalls use to basic methods of selection: first available and best available. In first available, it means that when a packet comes in, the firewall goes through the list of rules, and the _________ that looks like a match is used. In best available, when a packet reaches the firewall, the firewall looks at all the rules that may be a match and then chooses the one it considers to be the best.
first rule
Software companies are aware that security holes exist and are fairly responsible in releasing _______ in a timely manner, called bug fixes, hot fixes, patches, and sometimes updates.
fixes
A vulnerability assessment tool tests applications, computers, and network devices, such as routers and firewalls, for known ___________ that can leave your systems susceptible to malicious attacks.
flaws and weaknesses
Firewalls are not _______, they are also known for sending out a lot of false alarms, which can be troublesome if the staff gets in the habit of ignoring the alarms. The alarms can be hard to understand and if the firewall administrator hasn't been properly trained, he may miss important clues about possible attacks.
foolproof
SSL runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to https from http. ____ directs the traffic to the Web server to port 443 and encrypts the data during the transmission.
SSL
____ runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to https from http. SSL directs the traffic to the Web server to port 443 and encrypts the data during the transmission.
SSL
A host-based IDS system is more concerned with who has permission to do what and how often. Because of this, these systems are normally used to monitor the conditions on the ________ rather than traffic coming through the firewall.
internal network
CGI is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand ____ HTML and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an ____.
interpreter
Apple OS X has a built-in IP firewall called ____. You configure it from a command-line interface instead of a GUI.
ipfw
Your Apple OS X must be ____ with HFS partitions if you want to use wireless networking on your Macs.
formatted
The L2TP protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer 2 of the OSI model, the Datalink Layer. L2TP does not use packets to transmit data, it uses ________.
frames
Hackers employ a device or software program called a demon dialer or war dialer that dials phone numbers within a range in rapid succession. If any phone number that is dialed responds with a modem's __________, then the dialing stops and the hacker can try to connect to the computer that answered.
handshake signal
The goal in patching your computer is to ______ your computer's software.
harden
To ____ your database: install only what is needed; change the passwords on every account installed by default and use really strong passwords; and go through all the accounts on the database and manually lock out, expire, or disable accounts you don't need.
harden
Keep all ________ paperwork in one central location in case the person who sold it to you is no longer at the company.
hardware
There are three different types of VPNs: firewall-based, ________ -based, and software-based.
hardware
Your assets include _______, software, and invested time.
hardware
A good computer security assessment team should have at a minimum a team manager, ________, and documenter.
head geek
Each packet has a _________ full of information. Firewalls use this information as the first level of defense.
header
In Registry, each folder icon is called a ________ and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: String, Binary, and DWORD.
hive
A ________ IDS system is more concerned with who has permission to do what and how often. Because of this, these systems are normally used to monitor the conditions on the internal network rather than traffic coming through the firewall.
host-based
The team will work together to identify the assets that need to be protected and will research and prepare the initial security plan that will describe what needs to be protected, ___________, and the security roles and responsibilities of everyone in the company.
how they should be protected
SSL runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to https from ____. SSL directs the traffic to the Web server to port 443 and encrypts the data during the transmission.
http
SSL runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to ____ from http. SSL directs the traffic to the Web server to port 443 and encrypts the data during the transmission.
https
The team will work together to _________ the assets that need to be protected and will research and prepare the initial security plan that will describe what needs to be protected, how they should be protected, and the security roles and responsibilities of everyone in the company.
identify
In the computer world, your login name is your ______, your password is the authentication and when you are logged on, you are authorized to do only certain things on the network.
identity
Once the policies and plans are developed, _______ them.
implement
Make an ____________ backup on files that have changed since the last full backup.
incremental
There is no __________ for anti-virus scanners. There are independent labs that let you see whether the various anti-virus products have passed or failed the latest testing.
industry standard
When a virus __________ a program, it generally changes the size of that program. To track those changes, the known size of each executable program is computed and stored in the database when the anti-virus product is first installed. These sizes are called checksums.
infects
In Registry, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual ________ stored in the registry. The registry includes three types of values: String, Binary, and DWORD.
information
___________ campaigns look to disable a country's infrastructure via data networks, telecommunications, energy, transportation, banking and finance, emergency services, and government operations.
information warfare
Software-based VPNs mean a complete package is ________ on a server dedicated to establishing and maintaining VPN connections.
installed
Apple OS X has a small program called Software Update which is included in ____.
System Preferences
LDAP is a set of protocols for computers to obtain information from one another, based on the ________ standard. In VPNs, LDAP is used for secret key information.
X500
Don't allow your email programs to "auto open" _____ .
attachments
Firewalls are not foolproof, they are also known for sending out a lot of false alarms, which can be troublesome if the staff gets in the habit of ignoring the alarms. The alarms can be hard to understand and if the firewall administrator hasn't been properly trained, he may miss important clues about possible _____.
attacks
Keep all the software licenses locked in a filing cabinet to keep your licenses in order in case you are ever ________.
audited
RADIUS is an authorization system used to ________ users.
authenticate
The purpose of access control is to protect your assets, and the means to this end is to: identify wo you are giving access to, ________- verify who they really are, and authorize - let them do only what you want them to do.
authenticate
If your company passes data between a remote connection and your network, you may want to consider setting up a VPN, which includes encryption, have a strong form of _____ such as security tokens, digital certificates, and biometrics (because logon IDs and passwords are easily cracked).
authentication
In the computer world, your login name is your identity, your password is the ______ and when you are logged on, you are authorized to do only certain things on the network.
authentication
Have your system log the unsuccessful attempts at logging on because this can tell you if someone is trying to guess a password and is probably not _____ to use your system.
authorized
In the computer world, your login name is your identity, your password is the authentication and when you are logged on, you are ______ to do only certain things on the network.
authorized
Before securing your network, form an assessment team, where each member of the team has a good working knowledge of ____________ and understands the value of a good computer security program.
computing and networks
The computer security assessment team's documenter is responsible for all reports and documentation; must be detail-oriented; and must have a working knowledge of ___________.
computing and networks
The computer security assessment team's head geek is responsible for all hands-on work with the computers; must understand basic vulnerability assessment; must have an in-depth knowledge of ________; and must be able to communicate well with other team members.
computing and networks
The leased line was a physical phone line laid between the two offices and the only ________ allowed on it were the two ends of the networks. No one could dial in to the network and you had to have physical access to the line to be able to connect.
connections
Firewalls use to basic methods of selection: first available and _________. In first available, it means that when a packet comes in, the firewall goes through the list of rules, and the first rule that looks like a match is used. In best available, when a packet reaches the firewall, the firewall looks at all the rules that may be a match and then chooses the one it considers to be the best.
best available
If your company passes data between a remote connection and your network, you may want to consider setting up a VPN, which includes encryption, have a strong form of authentication such as security tokens, digital certificates, and _____ (because logon IDs and passwords are easily cracked).
biometrics
Apple OS X allows you to use a ____ password on the root account. Never allow this to happen on your systems. A blank password equals no password, which means everyone can hack your machine.
blank
SSL has been a standard for a while now and is generally accepted as safe. However, some vulnerabilities have been discovered in the way that different Web server applications validate the SSL session, and some ____ overflows have been discovered.
buffer
Software companies are aware that security holes exist and are fairly responsible in releasing fixes in a timely manner, called _______, hot fixes, patches, and sometimes updates.
bug fixes
A Service Pack is the granddaddy of all __________, because it has been extensively beta-tested for problems. You can feel fairly comfortable that installing a service pack won't cause problems. You still have to check to see whether any security patches were released after the service pack was created, and you have to apply those separately.
bug fixes and security patches
You need a ______ plan to indicate where your computers are located and any special purpose areas such as server rooms. The fire escapes, sprinkler systems, doors, stairways, windows, and all physical features should be included in the plans. This will give you an indication of what physical security measures need to be implemented to protect your supplies.
building
A frame is a much simpler construct than a packet and it does not have as much information in it as a packet has. Think of a frame as a ________ of data rather than a package of data.
burst
In Apple OS X, you can ____ permissions using the chmod command from the command line.
change
Telnet is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to access a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the password for telnet can be guessed or cracked, the intruder can telnet into your system, _____configurations, or install unauthorized programs.
change
CGI scripts are actually small programs that are telling the computer what to do. Because they are programs, they have the ability to do almost anything - including deleting and ____ files.
changing
A VPN uses a special protocol to establish a virtual channel between two machines or two networks. The ________ is actually a temporary direct session, this is what is commonly referred to as tunneling.
channel
When a virus infects a program, it generally changes the size of that program. To track those changes, the known size of each executable program is computed and stored in the database when the anti-virus product is first installed. These sizes are called __________.
checksums
In Apple OS X, you have to use the command line to create groups and to set their privileges using the newgrp and ____ commands.
chgrp
The Page file is a temporary swap file that Windows uses to manage memory and enhance the performance of Windows. This file should be set to ________ at Shutdown.
clear
When a virus copies itself from one file to another, it leaves bits of its __________ in the infected file. The sequence of that code is specific to each virus and is part of what makes up the fingerprint of the virus.
code
Every once in a while, Microsoft assembles a _____ of security updates into one patch, called a Security Roll-up Patch or roll-up. A roll-up includes all the patches released before a certain date, but it does not include any changes that still have to be made manually.
collection
In offices with ten or more people, ID tags should be worn and _______, to indicate which areas they are allowed to enter. Visitors and repair personnel should have visitor tags and should not be allowed to roam around unescorted.
color coded
Many users ________ both IPSec and L2TP on their VPNs for better security.
combine
In Apple OS X, you can change permissions using the chmod command from the____.
command line
In Apple OS X, you have to use the ____ to create groups and to set their privileges using the newgrp and chgrp commands.
command line
Apple OS X has a built-in IP firewall called ipfw. You configure it from a ____ instead of a GUI.
command-line interface
The computer security assessment team's head geek is responsible for all hands-on work with the computers; must understand basic vulnerability assessment; must have an in-depth knowledge of computing and networks; and must be able to ___________ with other team members.
communicate well
A _______ should have a clear, written company policy governing the monitoring of electronic communications and computer files and what it considers to be appropriate use of the system.
company
Do price _________ checks and shop around before you buy, don't forget training in addition to purchasing the product you often need to buy training for your staff. When it comes to training, don't skimp, it's usually well worth the cost.
comparison
When a virus infects a program, it generally changes the size of that program. To track those changes, the known size of each executable program is __________ and stored in the database when the anti-virus product is first installed. These sizes are called checksums.
computed
Before securing your network, form an assessment team, where each member of the team has a good working knowledge of computing and networks and understands the value of a good __________ program.
computer security
Data is sent between ________. This is the only traffic that is encrypted when encryption is enabled.
computers
Configuring _____ and anti-virus software can help with preventing executables from entering your network via email.
content filters
To harden your database: go through all the directories and make sure they have the appropriate permissions; disable the operating system back doors and mail capabilities; enable logging and set for failed object assess and logons; ____ the distribution of database query tools in your organization.
control
After-hours access should be _______ to prevent theft and eliminate people as suspects if something goes missing at night or on the weekends.
controlled
Do a risk assessment on your computer and network. List all your assets, figure out what those assets are worth and how much it would cost to replace them. Then decide how they need to be protected and how much that protection is going to cost. If you find that the protection _____more than the asset is worth, then you'll have to justify the expense of the protection or decide not to do it.
costs
Diffie-Hellman is a ________ algorithm used in VPNs.
cryptographic
A ______ is a computer program that runs as a background process.
daemon
It's recommended to upgrade your anti-virus software at least once a week for the ______ and once a month for the scanning engines.
dat files
Beacons continually broadcast by the access point with the SSID and the MAC address. These are sent so clients can find the network to join it. This ________ is not encrypted when encryption is enabled on the wireless network.
data
IPSec works at Layer 3 of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of ________ enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.
data
The VPN exchanges a set of shared secrets to create an encryption key. The traffic traveling along the established channel is wrapped with an encrypted package that has an address on the outside of the package. But the contents are hidden from view. Once the ________ reaches its destination, the wrapper is safely removed.
data
Ad-hoc are packets that allow the clients to speak to one another without having to go through the access point. These packets don't contain beacon data and are considered to be the same as ________ by the network.
data packets
To be considered a true VPN, the service must support: ________, user authentication, key management, address management, and multiprotocol support.
data protection
All anti-virus scanners work with a ______ that contains information about viruses; this information is called the virus fingerprint or signature. The database needs to be updated frequently so that it contains the most up-to-date virus information.
database
IDS compares traffic of known patterns in a database, so if your attacker is using a method not found in the ________, or an unknown pattern of attack, there's a chance the attack won't be seen.
database
If you have the correct signatures in your __________ but the wrong version of the scanning engine, there's a good chance that your anti-virus program won't catch important viruses.
database
If your Web server offers dynamic content, or if you are using it for e-commerce, you will also need at least one __________ server to hold and serve up the data to the Web server.
database
Know what operating system the ________ server is running on as well as which database application it contains.
database
One of the biggest mistakes you can make is to combine a Web server and a _____ on the same computer. Place a firewall between a Web server and a database server to make it harder for a malicious intruder to destroy your entire system.
database
The _________ server and Web server should always be on separate computers. The reason for this is Web servers are easily hacked and databases are usually full of important information.
database
The anti-virus scanning engine knows nothing about the viruses themselves and is useless without the signature database. The __________ analyzes a programs structure, its attributes, and its behavior. After completing the analysis, if the database concludes that it looks like a virus it probably is.
database
With IDS, the machine examines traffic and compares it to a ________ of known attack methods and then sends alerts when these conditions are met.
database
CGI is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand HTML and a Web server doesn't understand ____ (such as SQL). Think of CGI script as an interpreter.
database query languages
Most security designs only look at the network layer, add routers, firewalls and intrusion detection and consider the network secure. All the protection is put into surrounding the network, and there's nothing to use as a _______ if the perimeter is broken.
defense
CGI scripts are actually small programs that are telling the computer what to do. Because they are programs, they have the ability to do almost anything - including ____ and changing files.
deleting
Hackers employ a device or software program called a __________ or war dialer that dials phone numbers within a range in rapid succession. If any phone number that is dialed responds with a modem's handshake signal, then the dialing stops and the hacker can try to connect to the computer that answered.
demon dialer
A router examines the traffic coming in from the Internet and then uses a database of routes and rules to send the traffic to the correct section of your network. Traffic can be filtered by originating IP addresses, ________ IP addresses, and/or ports.
destination
Perform a network security assessment. Based on your findings, ______ your policies and plans.
develop
Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The application, user, and transportation method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used __________ from the norm, connection is refused.
deviate
L2TP is better suited for VPNs for ________ connections or networks using a variety of networking technologies like Frame Relay or ATM (Asynchronous Transfer Mode). IPSec is better if you have a straightforward IP-based network.
dial-up
Hackers employ a device or software program called a demon dialer or war dialer that __________ phone numbers within a range in rapid succession. If any phone number that is dialed responds with a modem's handshake signal, then the dialing stops and the hacker can try to connect to the computer that answered.
dials
CGI is a way for computer of ____ types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand HTML and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.
different
A VPN uses a special protocol to establish a virtual channel between two machines or two networks. The channel is actually a temporary ________, this is what is commonly referred to as tunneling.
direct session
To harden your database: go through all the ____ and make sure they have the appropriate permissions; disable the operating system back doors and mail capabilities; enable logging and set for failed object assess and logons; control the distribution of database query tools in your organization.
directories
You should always immediately _______ all accounts for terminated personnel, especially if the parting wasn't amicable, because employees who feel they have been dealt with improperly or unethically by your company may leave and harbor a grudge.
disable
Web servers run on port 80 or port 8080, so you may need to do a port scan of your network to determine if you have any unauthorized Web servers up and running. Web servers that aren't needed should be __________ because Web servers open big security holes in all networks.
disabled
Anti-virus scanners use three basic methods of operation to find, prevent, and __________ programs and files. They look for infections by known viruses using the database of signature files; they monitor changes, or attempted changes, to files and programs; and they scan for suspicious activity by using rules-based logic.
disinfect
_________ work with switches rather than routers and are used to virtually split networks into segments.
VLANs
A ________ uses a special protocol to establish a virtual channel between two machines or two networks. The channel is actually a temporary direct session, this is what is commonly referred to as tunneling.
VPN
If your company passes data between a remote connection and your network, you may want to consider setting up a ______, which includes encryption, have a strong form of authentication such as security tokens, digital certificates, and biometrics (because logon IDs and passwords are easily cracked).
VPN
The ________ exchanges a set of shared secrets to create an encryption key. The traffic traveling along the established channel is wrapped with an encrypted package that has an address on the outside of the package. But the contents are hidden from view. Once the data reaches its destination, the wrapper is safely removed.
VPN
________ has two main protocols L2TP and IPSec.
VPN
Software-based VPNs mean a complete package is installed on a server dedicated to establishing and maintaining ________.
VPN connections
Before ________, if a company wanted to have a secure network connection to an office in another geographic location, they had one choice: a dedicated leased line.
VPNs
________ were created to address two different problems; the high cost of dedicated leased lines needed for branch office communications and the need to allow employees a method of securely connecting to the headquarters networks when they were on business out of town or working from home.
VPNs
The hardware checklist should have columns for hardware name, number of _____, type and password protection.
items
Keep all the software _________locked in a filing cabinet to keep your licenses in order in case you are ever audited.
licenses
The servers should be in a locked, ________room to prevent theft of the equipment and to prevent unauthorized changes to the configurations of the server
limited access
Most routers have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or access control lists (ACL). Routers maintain _____ of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based interfaces to make configuration easier.
logs
One of the best security measures for all types of modems is to use __________ passwords that cannot be easily guessed and include numbers and both upper- and lower-cased letters.
long
If your spreadsheet can run ________ programs, it can be vulnerable to malicious code. Security patches should be applied.
macro
When Microsoft introduced _________ language, it allowed office programs to interchange data automatically and seamlessly. A number of recent worms and viruses have taken advantage of these vulnerabilities. This product needs to be patched.
macro scripting
To harden your database: go through all the directories and make sure they have the appropriate permissions; disable the operating system back doors and ____ capabilities; enable logging and set for failed object assess and logons; control the distribution of database query tools in your organization.
If you're connected to the Internet via __________, chances are your vulnerability to hack attacks is quite small because you are not connected all the time and you do not have a set IP address (static IP address). Each time you connect, your ISP gives you a changing address (dynamic IP address).
modem
One of the best security measures for all types of __________ is to use long passwords that cannot be easily guessed and include numbers and both upper- and lower-cased letters.
modems
A modem stands for ______ /demodulator and it changes the digital data created by your computer into electronic pulses that can be carried by the phone line.
modulator
Anti-virus scanners use three basic methods of operation to find, prevent, and disinfect programs and files. They look for infections by known viruses using the database of signature files; they __________ changes, or attempted changes, to files and programs; and they scan for suspicious activity by using rules-based logic.
monitor
Email filters can be used to __________ personal messages to specific mailboxes, move spam messages to the trash, and to quarantine suspected virus bearing messages.
move
To be considered a true VPN, the service must support: data protection, user authentication, key management, address management, and ________.
multiprotocol support
L2TP is better suited for VPNs for dial-up connections or networks using a variety of networking technologies like Frame Relay or ATM (Asynchronous Transfer Mode). IPSec is better if you have a straightforward IP-based ________.
network
MPLS is used to divert traffic when there are failures or bottlenecks in the ________.
network
Your Airport wireless ____ won't work on a computer that has a UFS partition.
network card
Most security designs only look at the _________, add routers, firewalls and intrusion detection and consider the network secure. All the protection is put into surrounding the network, and there's nothing to use as a defense if the perimeter is broken.
network layer
The Eight Commandments of _____________: use strong passwords, always use anti-virus software, always change default configurations, don't run services that you don't need, immediately install security updates, back-up early and often, protect against surges and losses, and know who you trust.
network security
The ____________ takes a look at where you are, where you need to be, and helps you determine what you need to do to get to the next step.
network security assessment
Content filtering software is able to search the contents of __________ for messages or programs you don't want to come in.
network traffic
A ________ IDS looks at traffic indiscriminately on the network, a host-based IDS system has sensors placed on one or more hosts (individual computers) on the network. Instead of capturing all traffic, this IDS system gathers information from logs that are stored on specific hosts and does some analysis of traffic.
network-based
The leased line was a physical phone line laid between the two offices and the only connections allowed on it were the two ends of the ________. No one could dial in to the network and you had to have physical access to the line to be able to connect.
networks
In Apple OS X, you have to use the command line to create groups and to set their privileges using the ____ and chgrp commands.
newgrp
Although most viruses target the Windows operating system, a virus can travel across Unix and Mac systems and will __________ those systems, but when it encounters Windows-based systems, the virus will start working.
not affect
One of the best security measures for all types of modems is to use long passwords that cannot be easily guessed and include __________ and both upper- and lower-cased letters.
numbers
In the _________ permissions, you can change the attributes of a file or folder.
Write Attributes
You need permission and support from the higher-ups before starting work on network security. Set a schedule, give them ____________ reports, ask them to give you feedback. The more they are included, the more likely they are to work with you, rather than against you.
updates and progress
A __________ must also be shown to have been protected against theft or loss. If a company does not tell its employees that something is secret and makes no attempt to protect it, then the person who reveals the secret cannot be prosecuted.
trade secret
For a _________ to qualify for protection under the law, it must provide some competitive advantage or value for the company.
trade secret
An ___________ hacker hacks for the money or personal gain, not the glory.
uber-
Typical targets for ______ hackers are financial institutions, military and government sites, software companies, and universities with close ties to intelligence agencies.
uber-
The anti-virus scanning engine knows nothing about the viruses themselves and is useless without the signature database. The database analyzes a programs structure, its attributes, and its behavior. After completing the analysis, if the database concludes that it looks like a __________ it probably is.
virus
When a __________ copies itself from one file to another, it leaves bits of its code in the infected file. The sequence of that code is specific to each virus and is part of what makes up the fingerprint of the virus.
virus
Many _____ have been written using the Visual Basic Language that is controlled by Windows Scripting Host (WSH). Remove WSH and the virus can't operate. Only allow WSH to run on machines that need it.
viruses
The anti-virus scanning engine knows nothing about the __________ themselves and is useless without the signature database. The database analyzes a programs structure, its attributes, and its behavior. After completing the analysis, if the database concludes that it looks like a virus it probably is.
viruses
SSL has been a standard for a while now and is generally accepted as safe. However, some ____ have been discovered in the way that different Web server applications validate the SSL session, and some buffer overflows have been discovered.
vulnerabilities
A ________ is something that makes you more exposed to the threat.
vulnerability
The computer security assessment team's head geek is responsible for all hands-on work with the computers; must understand basic ___________; must have an in-depth knowledge of computing and networks; and must be able to communicate well with other team members.
vulnerability assessment
A ___________ tests applications, computers, and network devices, such as routers and firewalls, for known flaws and weaknesses that can leave your systems susceptible to malicious attacks.
vulnerability assessment tool
Before purchasing a ___________, be sure to confirm that it can scan for vulnerabilities in most, if not all, of the different applications and operating systems that you have running on your network.
vulnerability assessment tool
If your spreadsheet can run macro programs, it can be ______ to malicious code. Security patches should be applied.
vulnerable
Hackers employ a device or software program called a demon dialer or __________ that dials phone numbers within a range in rapid succession. If any phone number that is dialed responds with a modem's handshake signal, then the dialing stops and the hacker can try to connect to the computer that answered.
war dialer
IDS monitors logs from your systems, _________ network traffic, and attempts to identify patterns that look like an attack.
watches
When Microsoft introduced macro scripting language, it allowed office programs to interchange data automatically and seamlessly. A number of recent __________ have taken advantage of these vulnerabilities. This product needs to be patched.
worms and viruses
The anti-virus scanning engine knows nothing about the viruses themselves and is useless without the signature database. The database analyzes a programs structure, its attributes, and its behavior. After completing the __________, if the database concludes that it looks like a virus it probably is.
analysis
IDS _________ is like the heuristics used in anti-virus software. Anomaly detection uses algorithms to create a sense of "logic" of what it sees happening. Because pattern matching can be defeated by completely new and previously unrecorded attacks, anomaly detection is added in response to that problem.
anomaly detection
The __________ scanner consists of two parts, the scanning engine and the database.
anti-virus
__________ programs are the best protection against email viruses.
anti-virus
A VPN uses a special protocol to establish a virtual channel ________ two machines or two networks. The channel is actually a temporary direct session, this is what is commonly referred to as tunneling.
between
Firewalls use to basic methods of selection: first available and best available. In first available, it means that when a packet comes in, the firewall goes through the list of rules, and the first rule that looks like a match is used. In best available, when a packet reaches the firewall, the firewall looks at all the rules that may be a match and then _________.
chooses the one it considers to be the best
Programs contain millions of lines of text, called ________.
code
The _________ hacker - who is usually a system administration level of expertise and knows a lot about operating systems and applications - is holding a grudge or has something to prove.
common
Many companies are finding that __________ can help protect against the leakage of company secrets and proprietary information.
content filtering
Some __________ programs also work in concert with anti-virus programs to give you another level of protection.
content filtering
The _________ and protections you put in place are the way you mitigate and manage your risk.
countermeasures
In Registry, each folder icon is called a hive and hives contain ________. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: String, Binary, and DWORD.
keys
Anti-virus scanners use three basic methods of operation to find, prevent, and disinfect programs and files. They look for infections by __________ viruses using the database of signature files; they monitor changes, or attempted changes, to files and programs; and they scan for suspicious activity by using rules-based logic.
known
IDS compares traffic of __________ patterns in a database, so if your attacker is using a method not found in the database, or an unknown pattern of attack, there's a chance the attack won't be seen.
known
Many companies are finding that content filtering can help protect against the __________ of company secrets and proprietary information.
leakage
All keys need to be labeled and their distribution should be kept in a log. Keys that aren't needed every day should be kept in a key ______ or other safe environment.
locker
Have your system _____ the unsuccessful attempts at logging on because this can tell you if someone is trying to guess a password and is probably not authorized to use your system.
log
IDS send alerts and reports to the administrators based on what they are finding, so the administrators don't have to rely upon deciphering ___________ to see what's going on.
log entries
To harden your database: go through all the directories and make sure they have the appropriate permissions; disable the operating system back doors and mail capabilities; enable ____ and set for failed object assess and logons; control the distribution of database query tools in your organization.
logging
User Authentication means the VPN must be able to verify a user's identity and restrict access to only validated users. In addition, there must be a method of ________ access.
logging
Firewalls can send out alerts, and the _____ are helpful in trying to locate attacks. They are also good at controlling how your staff uses the Internet.
logs
Different ________ operate on different operating systems.
mail servers
Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The application, user, and transportation method are also queried and verified. The information is __________ so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.
maintained
Software-based VPNs mean a complete package is installed on a server dedicated to establishing and ________ VPN connections.
maintaining
After you ________ to the registry, you have to exit the registry editor and reboot for the changes to take effect.
make changes
A vulnerability assessment tool tests applications, computers, and network devices, such as routers and firewalls, for known flaws and weaknesses that can leave your systems susceptible to ___________.
malicious attacks
If your spreadsheet can run macro programs, it can be vulnerable to malicious code. Security ________ should be applied.
patches
To harden your database: go through all the directories and make sure they have the appropriate ____; disable the operating system back doors and mail capabilities; enable logging and set for failed object assess and logons; control the distribution of database query tools in your organization.
permissions
The leased line was a physical phone line laid between the two offices and the only connections allowed on it were the two ends of the networks. No one could dial in to the network and you had to have ________ to the line to be able to connect.
physical access
_________ should be "living" documents - meaning that they adapt to changes.
policies
The security training program should be attended by new hires and have an annual refresher course where at the end, the employee signs a statement indicating that he has _____ the training, understands it, and will comply with the rules.
received
A firewall is simply a pass/no-pass gateway. It either lets traffic through or turns it away. An IDS is better able to _________ attacks or misuse because they further examine the traffic that has been allowed through and is moving around your network.
recognize
The administrative account in UNIX is called _________.
root
The default installation of Apple OSX includes three accounts: root, administrator, and regular users. The root account allows you to do everything, just like the UNIX root account. The administrator account in Macs is restricted and does not have a full set of privileges like a root account does. The ____ account is not enabled by default.
root
Root and administrative level passwords are the keys to the kingdom for an intruder. System administrators with __________ have no access restrictions and the ability to make any sort of changes; should have the hardest passwords and the most stringent rules about changing and reusing them.
root privileges
A _______ examines the traffic coming in from the Internet and then uses a database of routes and rules to send the traffic to the correct section of your network. Traffic can be filtered by originating IP addresses, destination IP addresses, and/or ports.
router
Hardware-based VPNs mean these are encrypting ________.
routers
VPNs were created to address two different problems; the high cost of dedicated leased lines needed for branch office communications and the need to allow employees a method of ________ connecting to the headquarters networks when they were on business out of town or working from home.
securely
A good __________________ looks at your network as three separate layers: network, platforms, and processes.
security infrastructure
Firewalls do a majority of their work at the port and _____ level. They examine the ports and services in three basic ways: packet filtering, stateful inspection, and application proxying.
service
The Windows Operating System needs to be regularly maintained with fixes called patches, hotfixes, and ______.
service packs
Don't run __________ you don't need.
services
Anti-virus software consists of two parts: the scanning engine and the __________.
signature files
Many people update the __________ for the database but are unaware that the engine also needs updating.
signature files
IDS can't tell you what the _________ is of everything that is happening.
significance
Ad-hoc are packets that allow the clients to ________ to one another without having to go through the access point. These packets don't contain beacon data and are considered to be the same as data packets by the network.
speak
You need an ______ chart to know who everyone is and what their level of authority is in order to define their roles for access and control.
organization
An IDS is also expecting the attack to come at a certain _____, so if the attacker sends the data very slowly, for example, the IDS won't necessarily see the pattern.
pace
A frame is a much simpler construct than a packet and it does not have as much information in it as a packet has. Think of a frame as a burst of data rather than a ________ of data.
package
A frame is a much simpler construct than a ________ and it does not have as much information in it as a packet has. Think of a frame as a burst of data rather than a package of data.
packet
IPSec works at Layer 3 of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A ________ has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.
packet
Ad-hoc are packets that allow the clients to speak to one another without having to go through the access point. These ________ don't contain beacon data and are considered to be the same as data packets by the network.
packets
Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (__________). The application, user, and transportation method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.
packets
GRE is a method for wrapping ________ so that the original addresses are hidden.
packets
The L2TP protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer 2 of the OSI model, the Datalink Layer. L2TP does not use________ to transmit data, it uses frames.
packets
Have your system log the unsuccessful attempts at logging on because this can tell you if someone is trying to guess a _____ and is probably not authorized to use your system.
password
___________ are programs that use a combination of logic and dictionary words to crack encrypted password files.
password crackers
The hardware checklist should have columns for hardware name, number of items, type and _________.
password protection
The only way you can fix the problems with SSL is to obtain a ____ from the vendor of the Web server software.
patch
When Microsoft introduced macro scripting language, it allowed office programs to interchange data automatically and seamlessly. A number of recent worms and viruses have taken advantage of these vulnerabilities. This product needs to be ______.
patched
Software companies are aware that security holes exist and are fairly responsible in releasing fixes in a timely manner, called bug fixes, hot fixes, _______, and sometimes updates.
patches
IDS _________ works similar to the way that anti-virus software does. The IDS contains a large database of known attacks and creates a signature of these attacks. When data is captured, IDS looks for patterns in that data.
pattern matching
IDS uses two methods for analysis: _________ and anomaly detection.
pattern matching
A _____________ is an effective method of determining your vulnerability level to attacks. It is usually done by a professional tester who uses software, including hacking tools to attempt to penetrate your network from the outside.
penetration test
A host-based IDS system is more concerned with who has ________ to do what and how often. Because of this, these systems are normally used to monitor the conditions on the internal network rather than traffic coming through the firewall.
permission
You need ___________ from the higher-ups before starting work on network security. Set a schedule, give them updates and progress reports, ask them to give you feedback. The more they are included, the more likely they are to work with you, rather than against you.
permission and support
In Apple OS X, when a user runs a program, the program uses the user's ____ to accomplish whatever task it's being asked to perform. Sometimes a program needs to have more permissions that the user has. A method has been set up to temporarily give the program the permission it needs: you give the program a SUID (System User ID) or a SGID (System Group ID). The operating system automatically sets these permissions.
permissions
When your user account was created, you were given certain authorizations on the system to enable you to do your job. These authorizations are also called ______.
permissions
In the security infrastructure, the __________ layer involves the different operating systems that your servers and desktop machines use to run.
platforms
Keep all __________ simple, organized, and in one place.
policies and procedures
When a virus infects a program, it generally changes the size of that program. To track those changes, the known size of each executable program is computed and stored in the __________ when the anti-virus product is first installed. These sizes are called checksums.
database
Web servers run on port 80 or port 8080, so you may need to do a ________ of your network to determine if you have any unauthorized Web servers up and running. Web servers that aren't needed should be disabled because Web servers open big security holes in all networks.
port scan
__________ send queries across the network, enabling you to see what protocols and ports are open on all the connected computers.
port scanners
A router examines the traffic coming in from the Internet and then uses a database of routes and rules to send the traffic to the correct section of your network. Traffic can be filtered by originating IP addresses, destination IP addresses, and/or _______.
ports
Anti-virus scanners use three basic methods of operation to find, __________, and disinfect programs and files. They look for infections by known viruses using the database of signature files; they monitor changes, or attempted changes, to files and programs; and they scan for suspicious activity by using rules-based logic.
prevent
Clients that want to join a wireless network will send a request for a ________ packet from the access point. If the access point will allow the request, it responds with a probe packet. This data is not encrypted when encryption is enabled.
probe
Clients that want to join a wireless network will send a request for a probe packet from the access point. If the access point will allow the request, it responds with a ________ packet. This data is not encrypted when encryption is enabled.
probe
Security policies are the rules that everyone must follow and the __________ are how the rules will be put in place and enforced.
procedures
To manually _____ a machine, you may have to change registry settings or reinstall a portion, if not all, of the operating system,
disinfect
In Apple OS X, when a user runs a program, the program uses the user's permissions to accomplish whatever task it's being asked to perform. Sometimes a ____ needs to have more permissions that the user has. A method has been set up to temporarily give the program the permission it needs: you give the program a SUID (System User ID) or a SGID (System Group ID). The operating system automatically sets these permissions.
program
Network-based IDS can be set to listen only for traffic destined for the particular segment of the network on which it resides, or they can be set to ________, so they listen to all traffic sent to all segments.
promiscuous mode
Most routers have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as ______ or access control lists (ACL). Routers maintain logs of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based interfaces to make configuration easier.
filters
Anti-virus scanners use three basic methods of operation to __________ , prevent, and disinfect programs and files. They look for infections by known viruses using the database of signature files; they monitor changes, or attempted changes, to files and programs; and they scan for suspicious activity by using rules-based logic.
find
All anti-virus scanners work with a database that contains information about viruses; this information is called the virus ______. The database needs to be updated frequently so that it contains the most up-to-date virus information.
fingerprint or signature
A ________ software computer, dedicated to detecting and preventing unauthorized entry into the network, needs to be kept up to date with upgrades and patches.
firewall
A _________ is simply a pass/no-pass gateway. It either lets traffic through or turns it away. An IDS is better able to recognize attacks or misuse because they further examine the traffic that has been allowed through and is moving around your network.
firewall
In a _________, a proxy is a transparent intermediary that works between two connections.
firewall
IDS anomaly detection is like the _________ used in anti-virus software. Anomaly detection uses algorithms to create a sense of "logic" of what it sees happening. Because pattern matching can be defeated by completely new and previously unrecorded attacks, anomaly detection is added in response to that problem.
heuristics
The anti-virus database is based upon existing viruses and behaviors previously seen. This is a significant weakness of anti-virus products that vendors try to overcome with the use of ______- a method of anticipating and examining behaviors.
heuristics
A network-based IDS looks at traffic indiscriminately on the network, a ________ IDS system has sensors placed on one or more hosts (individual computers) on the network. Instead of capturing all traffic, this IDS system gathers information from logs that are stored on specific hosts and does some analysis of traffic.
host-based
A _____ is a little bit more substantial than a QFE Patch because some testing has been involved. A hotfix is not tested to see whether it is backwardly compatible, and also a hotfix can cause problems with the operating system or other applications. You can remove a hotfix if it is found to cause problems.
hotfix
IDS monitors logs from your systems, watches network traffic, and attempts to _________ patterns that look like an attack.
identify
Most routers have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or access control lists (ACL). Routers maintain logs of successful and failed connections so you can check for ________. Many routers have Web-based interfaces to make configuration easier.
intrusion attempts
Firewalls, ________ systems, anti-virus software, and other extensive security measures are required to protect T1, T3, and OC-3 network connections.
intrusion detection
The platforms are all ________ by hardening their operating systems and having security patches applied.
protected
Part of ______ your network involves knowing where everything is but also who can access the hardware and software and who controls the access.
protecting
A VPN uses a special ________ to establish a virtual channel between two machines or two networks. The channel is actually a temporary direct session, this is what is commonly referred to as tunneling.
protocol
Oakley is a ________ used for exchanging secret keys.
protocol
LDAP is a set of ________ for computers to obtain information from one another, based on the X500 standard. In VPNs, LDAP is used for secret key information.
protocols
Multiprotocol Support means the VPN must be able to handle multiple protocols so data of different types can be shared. This includes ________ like SMTP, HTTP, telnet, and so on.
protocols
To harden your database: install only what is needed; change the ____ passwords on every account installed by default and use ____ passwords; and go through all the accounts on the database and manually lock out, expire, or disable accounts you don't need.
really strong
Clients that want to join a wireless network will send a ________ for a probe packet from the access point. If the access point will allow the request, it responds with a probe packet. This data is not encrypted when encryption is enabled.
request
User Authentication means the VPN must be able to verify a user's identity and ________ to only validated users. In addition, there must be a method of logging access.
restrict access
Your Web server should have its operating system hardened and security patches applied. The Web server needs to be configured for ______, which means disabling guest accounts, limiting access to directories, and applying necessary security patches.
security
If you have a budget for it, _______ are good at deterring theft and they keep a record of the comings and goings of staff.
security cameras
QFE patches are usually released to fix a bad bug in the program rather than a _____, and they are an example of "quick and dirty" programming. These patches are not rigorously tested, and you have no guarantees that they won't affect other parts of your system.
security hole
Some things to consider when defining your __________: viruses, web server security, server security, equipment theft, server room protection.
security requirements
If your company passes data between a remote connection and your network, you may want to consider setting up a VPN, which includes encryption, have a strong form of authentication such as _____, digital certificates, and biometrics (because logon IDs and passwords are easily cracked).
security tokens
The database server and Web server should always be on _________ computers. The reason for this is Web servers are easily hacked and databases are usually full of important information.
separate
Software-based VPNs mean a complete package is installed on a ________ dedicated to establishing and maintaining VPN connections.
server
The ______ should be in a locked, limited access room to prevent theft of the equipment and to prevent unauthorized changes to the configurations of the server
servers
____________ an unfinished folder of policies that sits on the shelf and never gets used because you tried to get everything written at once before releasing the document.
shelfware
A good computer security assessment team should have at a minimum a ________, head geek, and documenter.
team manager
Multiprotocol Support means the VPN must be able to handle multiple protocols so data of different types can be shared. This includes protocols like SMTP, HTTP, ________, and so on.
telnet
SSH is a secure form of ________ that encrypts the traffic.
telnet
In Apple OS X, when a user runs a program, the program uses the user's permissions to accomplish whatever task it's being asked to perform. Sometimes a program needs to have more permissions that the user has. A method has been set up to ____ give the program the permission it needs: you give the program a SUID (System User ID) or a SGID (System Group ID). The operating system automatically sets these permissions.
temporarily
Information warfare is a type of ____.
terrorism
(Result of ARO) x (EF) = ALE
the formula for the Annualized Loss Expectancy
An example of __________ infringement, any person who registers a domain name that consists of the name of another living person, or a name substantially and confusingly similar thereto, without that person's consent, with the specific intent to profit from such name by selling the domain name for financial gain to that person or any third party, shall be liable in a civil action by such person.
trademark
An IDS can look at all the ________ and draw a conclusion based on various factors - it's not just limited to certain types of traffic, but can look for patterns and changes.
traffic
Intrusion Detection Systems can be set up to examine the ________ on a single machine or on the entire network.
traffic
With IDS, the machine examines __________ and compares it to a database of known attack methods and then sends alerts when these conditions are met.
traffic
Do price comparison checks and shop around before you buy, don't forget ______ in addition to purchasing the product you often need to buy training for your staff. When it comes to training, don't skimp, it's usually well worth the cost.
training
___________ is important to get the people to go along with you. If they understand how and why they are more likely to follow the plans.
training
Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The application, user, and _______ method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.
transportation
A VPN uses a special protocol to establish a virtual channel between two machines or two networks. The channel is actually a temporary direct session, this is what is commonly referred to as ________.
tunneling
All anti-virus scanners work with a database that contains information about viruses; this information is called the virus fingerprint or signature. The database needs to be ______ frequently so that it contains the most up-to-date virus information.
updated
Software companies are aware that security holes exist and are fairly responsible in releasing fixes in a timely manner, called bug fixes, hot fixes, patches, and sometimes _______.
updates
Dangers to cable modems and ________ are similar: you are always connected, you have a static IP address, and you can remotely access the routers to configure the box.
DSL routers
In Registry, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: String, Binary, and ________.
DWORD
VPN has two main protocols L2TP and ________.
IPSec
Internet Security Association and Key Management Protocol
ISAKMP
________ VPNs mean a complete package is installed on a server dedicated to establishing and maintaining VPN connections.
Software-based
During the ______ section, you will notice that some things need to be changed and that brings you back to the first step, assessment.
audit
The computer security assessment team's documenter is responsible for all reports and documentation; must be ________; and must have a working knowledge of computing and networks.
detail-oriented
Telnet is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to access a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the password for telnet can be guessed or cracked, the intruder can telnet into your system, change configurations, or _____ unauthorized programs.
install
A Service Pack is the granddaddy of all bug fixes and security patches, because it has been extensively beta-tested for problems. You can feel fairly comfortable that _____ a service pack won't cause problems. You still have to check to see whether any security patches were released after the service pack was created, and you have to apply those separately.
installing
Firewalls don't protect your systems against _____, you need anti-virus software.
viruses
The anti-virus database is based upon existing viruses and behaviors previously seen. This is a significant ______ of anti-virus products that vendors try to overcome with the use of heuristics - a method of anticipating and examining behaviors.
weakness
The team will work together to identify the assets that need to be protected and will research and prepare the initial security plan that will describe ____________, how they should be protected, and the security roles and responsibilities of everyone in the company.
what needs to be protected
Firewalls use a combination of scanning methods to create a hybrid of its own. Hybrids typically include hard circuits between _________ that are not inspected, various levels of packet filtering, and more granularity in the stateful inspection and application of proxies.
networks
Apple OS X allows you to use a blank password on the root account. Never allow this to happen on your systems. A blank password equals ____ password, which means everyone can hack your machine.
no
There are many ways to secure a wireless network: strong ________, well-defined users' access lists, and various levels of encryption.
passwords
Using strong, hard-to-crack _________ is an easy line of defense against a breach of security.
passwords
The general term for a security hole fix is a _______.
patch
Most security designs only look at the network layer, add routers, firewalls and intrusion detection and consider the network secure. All the _____ is put into surrounding the network, and there's nothing to use as a defense if the perimeter is broken.
protection
Email filters can be used to move personal messages to specific mailboxes, move spam messages to the trash, and to __________ suspected virus bearing messages.
quarantine
Data is sent between computers. This is the only ________ that is encrypted when encryption is enabled.
traffic
Your ____ network card won't work on a computer that has a UFS partition.
Airport wireless
ISAKMP is the forerunner of ________.
IKE
SecureShell
SSH
UNIX File System
UFS
Enable _____ Virus Protection in all Microsoft Office programs.
Macro
Point to Point Tunneling Protocol
PPTP
Your Airport wireless network card won't work on a computer that has a ____ partition.
UFS
A ________ is a danger or something that can go wrong.
threat
Common Gateway Interface
CGI
VPN has two main ________ L2TP and IPSec.
protocols
A common threat to networks is ________.
virus infections
IPSec works at Layer _____of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.
3
In Apple OS X, to start SSH, open the Systems Preferences and click on Sharing. Then click on the Application tab and check the ____ remote login checkbox.
Allow
In Registry, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: String, ________, and DWORD.
Binary
____ is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand HTML and a Web server doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.
CGI
_____ are small programs created to allow disparate programs, like Web servers and databases, to communicate and share information.
CGI
Children's Online Privacy Protection Act
COPPA
__________ is a rule from the FTC on the collection and distribution of information gathered from children under the age of 13. It states that there must be a means of verifying a child's age and that parental consent must be given to collect the data.
COPPA
Don't forget the Good, Fast, _____ Triangle.
Cheap
_____ laws protect the individual or companies from damages or loss and usually result in fines and restitution instead of jail time.
Civil
__________ software is able to search the contents of network traffic for messages or programs you don't want to come in.
Content filtering
With the ______ permission, you can create new files inside a folder and you can make changes to existing files.
Create Files/Write Data
In the ______ permissions, you can create new subfolders and you can add data to the end of an existing file. You cannot delete or change what is already in the file.
Create Folders/Append Data
In the _________ permissions, you can delete a file.
Delete
In the _________ permissions, you can delete a subfolder and its files, but not a main folder. You can use this even if you haven't been given Delete Permission on the main folder and each of the files within that folder.
Delete Subfolders and Files
In a ________, someone floods the computer with so many requests that the system can't respond to anything anymore.
DoS attack
_____________, means that if your network security is breached and your network is then used to attack another, you may be held liable for damages. Similar to someone stealing your gun and committing a crime with it.
Downstream liability
__________ filters can be used to move personal messages to specific mailboxes, move spam messages to the trash, and to quarantine suspected virus bearing messages.
__________ is a security measure to protect the information in the database.
Encryption
You should never make changes to the Registry without saving a back-up of the current registry set. You can back-up the registry by choosing the ________ command.
Export Registry File
________ use a combination of scanning methods to create a hybrid of its own. Hybrids typically include hard circuits between networks that are not inspected, various levels of packet filtering, and more granularity in the stateful inspection and application of proxies.
Firewalls
_________ work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The application, user, and transportation method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.
Firewalls
An _______is also expecting the attack to come at a certain pace, so if the attacker sends the data very slowly, for example, the IDS won't necessarily see the pattern.
IDS
Don't forget the _____, Fast, Cheap Triangle.
Good
Rename or disable the built-in _____ account.
Guest
Hierarchical File System
HFS
In Apple OS X, the ____ file system has little to no local security.
HFS
Your Apple OS X must be formatted with ____ partitions if you want to use wireless networking on your Macs.
HFS
One of the most commonly overlooked method of attacking your network is the _________.
Human Element
In offices with ten or more people, ______ should be worn and color coded, to indicate which areas they are allowed to enter. Visitors and repair personnel should have visitor tags and should not be allowed to roam around unescorted.
ID tags
A firewall is simply a pass/no-pass gateway. It either lets traffic through or turns it away. An _________ is better able to recognize attacks or misuse because they further examine the traffic that has been allowed through and is moving around your network.
IDS
IKE is the protocol used for exchanging secret keys in ________.
IPSec
________ works at Layer 3 of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.
IPSec
________ means the VPN must be able to generate shared, secret keys with the remote users.
Key Management
The ________ program was set up to share information and incident reports between organizations and government agencies.
InfraGard
Do not enable _____ for email. It's only a matter of time before JavaScript viruses being to appear.
JavaScript
________ had two major disadvantages - they were very expensive and could be very slow.
Leased lines
A ____ is on the inside of the computer, but can be seen from the outside by the RJ-45 plug.
NIC
The L2TP protocol allows the transmission of non-TCP/IP protocols like IPX, AppleTalk, and ________. L2TP works at Layer 2 of the OSI model, the Datalink Layer. L2TP does not use packets to transmit data, it uses frames.
NetBEUI
____ is an account management program in Apple OS X, that does a horrible job of protecting the passwords.
NetInfo
IPSec works at Layer 3 of the OSI model, the ________ Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting TCP/IP traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.
Network
______ allow you to do certain things and prevent you from doing others. You use permissions in an operating system to set the levels of access. When you were hired, your level was access was given based on the type of transactions you needed to do on a daily basis.
Permissions
Rivest-Shamir-Adleman
RSA
Quick Fix Engineering
QFE
_____ patches are usually released to fix a bad bug in the program rather than a security hole, and they are an example of "quick and dirty" programming. These patches are not rigorously tested, and you have no guarantees that they won't affect other parts of your system.
QFE
A hotfix is a little bit more substantial than a _____ because some testing has been involved. A hotfix is not tested to see whether it is backwardly compatible, and also a hotfix can cause problems with the operating system or other applications. You can remove a hotfix if it is found to cause problems.
QFE Patch
Quality of Service
QoS
Remote Authentication Dial In User Service
RADIUS
The ______ permissions allows you to view the Hidden, Read-Only, and System attributes of a file.
Read Attributes
Some files have more attributes that are added by the application. The ______ permission allows you to see those too.
Read Extended Attributes
In the _________ permissions, you can see what permissions are set on a file or folder. Even if you don't have permission to do anything, you can see who does have permission.
Read Permission
In ________, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as values. The values contain the actual information stored in the registry. The registry includes three types of values: String, Binary, and DWORD.
Registry
The ________ is a database used to store settings and options on Windows systems.
Registry
In Apple OS X, when a user runs a program, the program uses the user's permissions to accomplish whatever task it's being asked to perform. Sometimes a program needs to have more permissions that the user has. A method has been set up to temporarily give the program the permission it needs: you give the program a SUID (System User ID) or a ____. The operating system automatically sets these permissions.
SGID (System Group ID)
Multiprotocol Support means the VPN must be able to handle multiple protocols so data of different types can be shared. This includes protocols like ________, HTTP, telnet, and so on.
SMTP
Beacons continually broadcast by the access point with the ________ and the MAC address. These are sent so clients can find the network to join it. This data is not encrypted when encryption is enabled on the wireless network.
SSID
In Apple OS X, when a user runs a program, the program uses the user's permissions to accomplish whatever task it's being asked to perform. Sometimes a program needs to have more permissions that the user has. A method has been set up to temporarily give the program the permission it needs: you give the program a ____ or a SGID (System Group ID). The operating system automatically sets these permissions.
SUID (System User ID)
Apple OS X has included ____ in its default installation for a secure telnet program.
SecureShell (SSH)
Every once in a while, Microsoft assembles a collection of security updates into one patch, called a _____ or roll-up. A roll-up includes all the patches released before a certain date, but it does not include any changes that still have to be made manually.
Security Roll-up Patch
A _____ is considered by Microsoft to be pretty important, and therefore, the associated patch is fully tested prior to its release.
Security Update/ Security Bulletin
A _____ is the granddaddy of all bug fixes and security patches, because it has been extensively beta-tested for problems. You can feel fairly comfortable that installing a service pack won't cause problems. You still have to check to see whether any security patches were released after the service pack was created, and you have to apply those separately.
Service Pack
In Apple OS X, to start SSH, open the Systems Preferences and click on ____. Then click on the Application tab and check the Allow remote login checkbox.
Sharing
______ lists are important to know what you have and to ensure you possess all the legal licenses for software. You should list the maker, program, and version of the software as well as the number of copies you are using.
Software
Apple OS X has a small program called ____ which is included in System Preferences.
Software Update
_________ also supports connectionless protocols such as User Datagram Protocols (UDP), something that routers can't do.
Stateful inspection
In Apple OS X, to start SSH, open the ____ and click on Sharing. Then click on the Application tab and check the Allow remote login checkbox.
Systems Preferences
IPSec works at Layer 3 of the OSI model, the Network Layer. This is the layer we are more familiar with since it deals with IP packets that have all kinds of information in them. A packet has been likened to an envelope - on the outside of the envelope are the to/from addresses and a small description of the type of data enclosed. Since IPSec can only deal with packets, it is limited to transmitting ________ traffic. IPSec can't handle AppleTalk or NetBEUI network protocols.
TCP/IP
The L2TP protocol allows the transmission of non-________ protocols like IPX, AppleTalk, and NetBEUI. L2TP works at Layer 2 of the OSI model, the Datalink Layer. L2TP does not use packets to transmit data, it uses frames.
TCP/IP
The ________ stack is particularly vulnerable to a DoS attack.
TCP/IP
________is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to access a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the password for telnet can be guessed or cracked, the intruder can telnet into your system, change configurations, or install unauthorized programs.
Telnet
________ anti-virus software to see if it causes any conflicts with your email program. If it does, you will either have to change the email program you use, or not enable that particular feature of the anti-virus software.
Test
__________ is defined as information, including a formula, pattern, compilation, program, device, method, technique, or process.
Trade secret
___________ seem to focus on Microsoft systems and applications because of their widespread use, the ease of interoperability between programs, and the numerous security flaws.
Virus writers
The database server and _________ server should always be on separate computers. The reason for this is Web servers are easily hacked and databases are usually full of important information.
Web
CGI is a way for computer of different types to talk to one another. It's most often used to exchange data between Web servers and databases because a database doesn't understand HTML and a ____ doesn't understand database query languages (such as SQL). Think of CGI script as an interpreter.
Web server
If your __________ offers dynamic content, or if you are using it for e-commerce, you will also need at least one database server to hold and serve up the data to the Web server.
Web server
If your company has a need for a Web site, then you need at least one __________, depending on the amount of traffic you support.
Web server
One of the biggest mistakes you can make is to combine a _____ and a database on the same computer. Place a firewall between a Web server and a database server to make it harder for a malicious intruder to destroy your entire system.
Web server
Because ________ tend to handle high traffic volumes, it usually makes sense to put the Web server in a DMZ in front of the firewall so it doesn't add to the workload of the firewall.
Web servers
________ run on port 80 or port 8080, so you may need to do a port scan of your network to determine if you have any unauthorized Web servers up and running. Web servers that aren't needed should be disabled because Web servers open big security holes in all networks.
Web servers
Before securing your network, form an ________, where each member of the team has a good working knowledge of computing and networks and understands the value of a good computer security program.
assessment team
Do a risk assessment on your computer and network. List all your ______, figure out what those assets are worth and how much it would cost to replace them. Then decide how they need to be protected and how much that protection is going to cost. If you find that the protection costs more than the asset is worth, then you'll have to justify the expense of the protection or decide not to do it.
assets
After-hours ________ should be controlled to prevent theft and eliminate people as suspects if something goes missing at night or on the weekends.
access
Clients that want to join a wireless network will send a request for a probe packet from the ________ point. If the access point will allow the request, it responds with a probe packet. This data is not encrypted when encryption is enabled.
access
Part of protecting your network involves knowing where everything is but also who can _____ the hardware and software and who controls the access.
access
Telnet is a remote connection program that allows you to act as if you are sitting directly in front of the computer. Because telnet authorizes people to ________ a computer located elsewhere, it can possibly allow malicious intruders to enter your system if the password for telnet can be guessed or cracked, the intruder can telnet into your system, change configurations, or install unauthorized programs.
access
Most routers have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or ____________. Routers maintain logs of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based interfaces to make configuration easier.
access control lists (ACL)
There are many ways to secure a wireless network: strong passwords, well-defined users'________, and various levels of encryption.
access lists
Ad-hoc are packets that allow the clients to speak to one another without having to go through the ________. These packets don't contain beacon data and are considered to be the same as data packets by the network.
access point
To harden your database: install only what is needed; change the passwords on every account installed by default and use really strong passwords; and go through all the ____ on the database and manually lock out, expire, or disable accounts you don't need.
accounts
To be considered a true VPN, the service must support: data protection, user authentication, key management, ________, and multiprotocol support.
address management
Make a list of all ______accounts.
administrative
The default installation of Apple OSX includes three accounts: root, administrator, and regular users. The root account allows you to do everything, just like the UNIX root account. The ____ account in Macs is restricted and does not have a full set of privileges like a root account does. The root account is not enabled by default.
administrator
Not everyone in a corporate environment should have permission to install programs on their workstations. That responsibility is best left to system _________.
administrators
IDS send __________ to the administrators based on what they are finding, so the administrators don't have to rely upon deciphering log entries to see what's going on.
alerts and reports
AES is the encryption ________ used by the US Government.
algorithm
Diffie-Hellman is a cryptographic ________ used in VPNs.
algorithm
DES is one of the cryptographic ________ used in encryption. A stronger version is known as 3DES (Triple DES).
algorithms
The anti-virus scanning engine provides the user interface and a library of commonly used functions which consist of dozens of complex searching __________, CPU emulators, and various forms of programming logic. The engine determines which files to scan, which functions to run, and how to react when a suspected virus is found.
algorithms
Configure the anti-virus program to scan _____ files, not just executable programs. Viruses come in all sorts of files and just scanning executables isn't enough.
all
An __________ server usually stores a program to be used by numerous users.
application
Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The _________, user, and transportation method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.
application
The database __________ will also need to have its own security patches applied.
application
All ________ on all platforms have the appropriate security patches applied.
applications
A good computer security _______team should have at a minimum a team manager, head geek, and documenter.
assessment
Employee education and ¬¬¬¬¬________ is the only security mechanism that will work against social engineering.
awareness
All ______ tapes should be labeled and locked away. Archived tapes should be kept off premises.
back-up
________ don't prevent hacks or intrusions into your network, but they can help you recover in the case of such events.
backups
When an IDS is first installed, the anomaly detection portion starts to gather data to establish a ________ of behavior.
baseline
Many homes and some businesses now connect to the Internet with a _______ modem.
cable
Dangers to ________ and DSL routers are similar: you are always connected, you have a static IP address, and you can remotely access the routers to configure the box.
cable modems
Make a note of the make and model of ________ as this makes a difference in securing them.
cable modems
If you have the correct signatures in your database but the wrong version of the scanning engine, there's a good chance that your anti-virus program won't __________ important viruses.
catch
Employee ¬¬¬¬¬________ and awareness is the only security mechanism that will work against social engineering.
education
Do not base your security training on _______ messages. Most users are so inundated with junk that they don't even read the whole message.
The VPN exchanges a set of shared secrets to create an encryption key. The traffic traveling along the established channel is wrapped with an ________ package that has an address on the outside of the package. But the contents are hidden from view. Once the data reaches its destination, the wrapper is safely removed.
encrypted
All computers used for remote connections should be protected from unauthorized use such as enabling the BIOS password and ________ the data on laptops.
encrypting
Hardware-based VPNs mean these are ________ routers.
encrypting
AES is the ________ algorithm used by the US Government.
encryption
Beacons continually broadcast by the access point with the SSID and the MAC address. These are sent so clients can find the network to join it. This data is not encrypted when ________ is enabled on the wireless network.
encryption
DES is one of the cryptographic algorithms used in ________. A stronger version is known as 3DES (Triple DES).
encryption
If your company passes data between a remote connection and your network, you may want to consider setting up a VPN, which includes ______, have a strong form of authentication such as security tokens, digital certificates, and biometrics (because logon IDs and passwords are easily cracked).
encryption
There are many ways to secure a wireless network: strong passwords, well-defined users' access lists, and various levels of ________.
encryption
To harden your database: put your database behind a firewall; never put a Web server on your database; use ____ when possible; harden the OS that the database runs on; and apply security patches and upgrades as soon as they are available.
encryption
SSH is a secure form of telnet that ________ the traffic.
encrypts
____ SSL runs whenever you connect to a secure website. You know that a site is running SSL because the address changes to https from http. SSL directs the traffic to the Web server to port 443 and ____ the data during the transmission.
encrypts
The VPN ________ a set of shared secrets to create an encryption key. The traffic traveling along the established channel is wrapped with an encrypted package that has an address on the outside of the package. But the contents are hidden from view. Once the data reaches its destination, the wrapper is safely removed.
exchanges
MPLS is used to divert traffic when there are ________ or bottlenecks in the network.
failures
If you install anti-virus software on your Internet ____________, the software can catch viruses coming in from outside connections.
gateway servers
A network-based IDS looks at traffic indiscriminately on the network, a host-based IDS system has sensors placed on one or more hosts (individual computers) on the network. Instead of capturing all traffic, this IDS system ________ from logs that are stored on specific hosts and does some analysis of traffic.
gathers information
Key Management means the VPN must be able to ________ shared, secret keys with the remote users.
generate
Before VPNs, if a company wanted to have a secure network connection to an office in another ________ location, they had one choice: a dedicated leased line.
geographic
The set of access criteria for your level of access is based on one of three models: the role, the ______, and the types of transactions.
group
In Apple OS X, you have to use the command line to create ____ and to set their privileges using the newgrp and chgrp commands.
groups
Apple OS X allows you to use a blank password on the root account. Never allow this to happen on your systems. A blank password equals no password, which means everyone can ____ your machine.
hack
The database server and Web server should always be on separate computers. The reason for this is Web servers are easily_________ and databases are usually full of important information.
hacked
___________ are computer terrorists. They keep you on edge because you don't know when or where they are going to strike.
hackers
The common hacker is also often involved in _________, which related to geopolitical conflicts and issues.
hactivism
Multiprotocol Support means the VPN must be able to ________ multiple protocols so data of different types can be shared. This includes protocols like SMTP, HTTP, telnet, and so on.
handle
The computer security assessment team's head geek is responsible for all _________with the computers; must understand basic vulnerability assessment; must have an in-depth knowledge of computing and networks; and must be able to communicate well with other team members.
hands-on work
The modem __________ signal is that somewhat annoying series of beeps, boops, and buzzing sounds that you hear when a modem is trying to complete a connection.
handshake
LDAP is a set of protocols for computers to obtain information from one another, based on the X500 standard. In VPNs, LDAP is used for secret ________ information.
key
To be considered a true VPN, the service must support: data protection, user authentication, ________, address management, and multiprotocol support.
key management
All _____ need to be labeled and their distribution should be kept in a log. Keys that aren't needed every day should be kept in a key locker or other safe environment.
keys
IKE is the protocol used for exchanging secret ________ in IPSec.
keys
Before VPNs, if a company wanted to have a secure network connection to an office in another geographic location, they had one choice: a dedicated ________.
leased line
The ________ was a physical phone line laid between the two offices and the only connections allowed on it were the two ends of the networks. No one could dial in to the network and you had to have physical access to the line to be able to connect.
leased line
One of the best security measures for all types of modems is to use long passwords that cannot be easily guessed and include numbers and both upper- and lower-cased __________.
letters
Permissions allow you to do certain things and prevent you from doing others. You use permissions in an operating system to set the ______ of access. When you were hired, your level was access was given based on the type of transactions you needed to do on a daily basis.
levels
The computer security assessment team's manager is responsible for determining the scope and direction of the security effort; acts as the _______between other members of the team and upper management; and must understand basic risk assessment.
liaison
The anti-virus scanning engine provides the user interface and a __________ of commonly used functions which consist of dozens of complex searching algorithms, CPU emulators, and various forms of programming logic. The engine determines which files to scan, which functions to run, and how to react when a suspected virus is found.
library
How can you convert an intangible such as security into dollars and cents? By looking at the cost of ________ and potential lost sales.
manpower
To harden your database: install only what is needed; change the passwords on every account installed by default and use really strong passwords; and go through all the accounts on the database and ____ lock out, expire, or disable accounts you don't need.
manually
The countermeasures and protections you put in place are the way you ______ and manage your risk.
mitigate
The computer security assessment team's documenter is responsible for all ___________; must be detail-oriented; and must have a working knowledge of computing and networks.
reports and documentation
LDAP is a set of protocols for computers to ________ information from one another, based on the X500 standard. In VPNs, LDAP is used for secret key information.
obtain
Before putting a computer _______, you should change the default account names and passwords and apply all security patches.
online
Each computer's _________ should be noted on the software checklist.
operating system
Many companies have a Web-hosting company to host their Web site or a co-location provider to house their computers for them at an external site. Make note of the ___________ and the application software and anything else that is running on this computer.
operating system
Your Web server should have its ______ hardened and security patches applied. The Web server needs to be configured for security, which means disabling guest accounts, limiting access to directories, and applying necessary security patches.
operating system
A hotfix is a little bit more substantial than a QFE Patch because some testing has been involved. A hotfix is not tested to see whether it is backwardly compatible, and also a hotfix can cause problems with the operating system or other applications. You can _____ a hotfix if it is found to cause problems.
remove
Lists are important to keep a ______ of what you've done and why you've done it: organization charts, hardware lists, software lists, network map, and building plans.
record
The security training program should be attended by new hires and have an annual _______ course where at the end, the employee signs a statement indicating that he has received the training, understands it, and will comply with the rules.
refresher
In order to make changes to the registry, you have to use a program called ____________.
regedit32.exe
The default installation of Apple OSX includes three accounts: root, administrator, and ____. The root account allows you to do everything, just like the UNIX root account. The administrator account in Macs is restricted and does not have a full set of privileges like a root account does. The root account is not enabled by default.
regular users
All computers used for ________ connections should be protected from unauthorized use such as enabling the BIOS password and encrypting the data on laptops.
remote
If your company passes data between a ______ connection and your network, you may want to consider setting up a VPN, which includes encryption, have a strong form of authentication such as security tokens, digital certificates, and biometrics (because logon IDs and passwords are easily cracked).
remote
Dangers to cable modems and DSL routers are similar: you are always connected, you have a static IP address, and you can ________ the routers to configure the box.
remotely access
The countermeasures and protections you put in place are the way you mitigate and manage your ______.
risk
Threat + vulnerability = _____
risk
Do a _________ on your computer and network. List all your assets, figure out what those assets are worth and how much it would cost to replace them. Then decide how they need to be protected and how much that protection is going to cost. If you find that the protection costs more than the asset is worth, then you'll have to justify the expense of the protection or decide not to do it.
risk assessment
The __________ should also take into account the dollar amount, replacement cost, loss of productivity, man-hours required for repair, and any data that is lost or corrupted.
risk assessment
The computer security assessment team's manager is responsible for determining the scope and direction of the security effort; acts as the liaison between other members of the team and upper management; and must understand basic __________.
risk assessment
If risk mitigation is like establishing a fortress against the enemy, __________ is like deciding not to go into battle at all.
risk avoidance
The key to good network security is to either eliminate your vulnerability or employ protection mechanisms to reduce your vulnerabilities. Also called ________________.
risk management
___________ considerations: weather, electrical damage, theft, vandalism, human error.
risk management
If __________is like establishing a fortress against the enemy, risk avoidance is like deciding not to go into battle at all.
risk mitigation
The set of access criteria for your level of access is based on one of three models: the ______, the group, and the types of transactions.
role
The team will work together to identify the assets that need to be protected and will research and prepare the initial security plan that will describe what needs to be protected, how they should be protected, and the security __________ of everyone in the company.
roles and responsibilities
Every once in a while, Microsoft assembles a collection of security updates into one patch, called a Security Roll-up Patch or roll-up. A _____ includes all the patches released before a certain date, but it does not include any changes that still have to be made manually.
roll-up
Apple OS X allows you to use a blank password on the ____ account. Never allow this to happen on your systems. A blank password equals no password, which means everyone can hack your machine.
root
The default installation of Apple OSX includes three accounts: ____, administrator, and regular users. The root account allows you to do everything, just like the UNIX root account. The administrator account in Macs is restricted and does not have a full set of privileges like a root account does. The root account is not enabled by default.
root
The default installation of Apple OSX includes three accounts: root, administrator, and regular users. The ____ account allows you to do everything, just like the UNIX root account. The administrator account in Macs is restricted and does not have a full set of privileges like a root account does. The root account is not enabled by default.
root
The cable modem itself is a simple ________.
router
The networks (internal and DMZ) are protected with security devices (________ and firewall).
router
Most _________ have rules that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or access control lists (ACL). Routers maintain logs of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based interfaces to make configuration easier.
routers
Stateful inspection also supports connectionless protocols such as User Datagram Protocols (UDP), something that _________ can't do.
routers
Firewalls can examine an entire stream of data and not just the packet itself. Based on the content of the stream, the firewall makes a decision as to which application is being used to transmit the data. It then starts a restrictive version, like FTP or Telnet, in which ________ are set as to verify the user and the destination.
rules
Most routers have _____ that allow you to control what traffic comes in and what traffic goes out. These rules are referred to as filters or access control lists (ACL). Routers maintain logs of successful and failed connections so you can check for intrusion attempts. Many routers have Web-based interfaces to make configuration easier.
rules
A machine that can be placed on its own network segment with protection measures between it and the internal network, but little or no protections between it and the outside is called a ___________.
sacrificial lamb
Anti-virus scanners use three basic methods of operation to find, prevent, and disinfect programs and files. They look for infections by known viruses using the database of signature files; they monitor changes, or attempted changes, to files and programs; and they __________ for suspicious activity by using rules-based logic.
scan
The anti-virus software's ___________ engine tells the software how and where to scan.
scanning
Anti-virus software consists of two parts: the ___________ and the signature files.
scanning engine
The anti-virus __________ provides the user interface and a library of commonly used functions which consist of dozens of complex searching algorithms, CPU emulators, and various forms of programming logic. The engine determines which files to scan, which functions to run, and how to react when a suspected virus is found.
scanning engine
The anti-virus scanner consists of two parts, the __________ and the database.
scanning engine
It's recommended to upgrade your anti-virus software at least once a week for the dat files and once a month for the ___________.
scanning engines
The computer security assessment team's manager is responsible for determining the _______ of the security effort; acts as the liaison between other members of the team and upper management; and must understand basic risk assessment.
scope and direction
Password protect ___________.
screen saver
In order for databases and Web servers to exchange data, you need to run small programs called ______.
scripts
Address Management means the VPN must be able to keep the IP addresses of the internal network ________.
secret
Key Management means the VPN must be able to generate shared, ________ keys with the remote users.
secret
Oakley is a protocol used for exchanging ________ keys.
secret
Apple OS X has included SecureShell (SSH) in its default installation for a ____ telnet program.
secure
Before VPNs, if a company wanted to have a ________ network connection to an office in another geographic location, they had one choice: a dedicated leased line.
secure
If personnel write programs for your company, it's important that they know how to write _________ code.
secure
SSH is a ________ form of telnet that encrypts the traffic.
secure
The security training program should be attended by new hires and have an annual refresher course where at the end, the employee ______ a statement indicating that he has received the training, understands it, and will comply with the rules.
signs
On the ________checklist there is a column for software license. If you do not have the correct number of licenses for the number of applications, you are in violation of software copyright laws.
software
There are three different types of VPNs: firewall-based, hardware-based, and ________ -based.
software
Your assets include hardware, ___________, and invested time.
software
If you're connected to the Internet via modem, chances are your vulnerability to hack attacks is quite small because you are not connected all the time and you do not have a set IP address (__________ IP address). Each time you connect, your ISP gives you a changing address (dynamic IP address).
static
Create ___________: use a nonsensical combination of letters, include a mix of upper-and lower-case letters, longer passwords are better, change your passwords regularly, set new passwords instead of reusing the same ones over and over, don't use a set of characters straight off the keyboard, and treat your passwords as top-secret information.
strong passwords
VLANs work with _________ rather than routers and are used to virtually split networks into segments.
switches
Data Protection means the data traveling on the public network (Internet) must be ________ by unauthorized users on the network.
unreadable
Multiprotocol Support means the VPN must be able to handle multiple ________ protocols so data of different ________ can be shared. This includes protocols like SMTP, HTTP, telnet, and so on.
types
The set of access criteria for your level of access is based on one of three models: the role, the group, and the ______.
types of transactions
Data Protection means the data traveling on the public network (Internet) must be unreadable by ________ users on the network.
unauthorized
In offices with ten or more people, ID tags should be worn and color coded, to indicate which areas they are allowed to enter. Visitors and repair personnel should have visitor tags and should not be allowed to roam around _________.
unescorted
Everyone on your network should have a _____ logon ID and a strong password.
unique
IDS compares traffic of known patterns in a database, so if your attacker is using a method not found in the database, or an ________ pattern of attack, there's a chance the attack won't be seen.
unknown
Firewalls work by examining the network traffic and applying rules as to what is allowed and what isn't. Firewalls thoroughly inspect arriving traffic (packets). The application, ______, and transportation method are also queried and verified. The information is maintained so that all future transmissions are inspected and compared to past transmissions. If both the "state" of the transmission and the "context" in which it is used deviate from the norm, connection is refused.
user
To be considered a true VPN, the service must support: data protection, ________, key management, address management, and multiprotocol support.
user authentication
The anti-virus scanning engine provides the __________ and a library of commonly used functions which consist of dozens of complex searching algorithms, CPU emulators, and various forms of programming logic. The engine determines which files to scan, which functions to run, and how to react when a suspected virus is found.
user interface
SSL has been a standard for a while now and is generally accepted as safe. However, some vulnerabilities have been discovered in the way that different Web server applications ____ the SSL session, and some buffer overflows have been discovered.
validate
In Registry, each folder icon is called a hive and hives contain keys. Each key contains sub-keys, as well as ________. The values contain the actual information stored in the registry. The registry includes three types of values: String, Binary, and DWORD.
values
User Authentication means the VPN must be able to ________ a user's identity and restrict access to only validated users. In addition, there must be a method of logging access.
verify
If you have the correct signatures in your database but the wrong _________ of the scanning engine, there's a good chance that your anti-virus program won't catch important viruses.
version
A VPN uses a special protocol to establish a ________ channel between two machines or two networks. The channel is actually a temporary direct session, this is what is commonly referred to as tunneling.
virtual