Ch5 Securing Individual Systems Flashcards
most cyber-attacks are mitigated fairly quickly, one exception is ___
Denial of Service
a ___ attack might involve a ping flood or UDP flood
Volume
when a client sends continuous SYN requests without waiting for a response, this is a ___ attack
protocol
how do later versions of Apache web server defend against a slow loris attack?
shorter timeouts when waiting for responses
in a ___ attack, conversations are repeatedly initiated by a client with a web server but never continued
+++slow loris
in a ___ attack, the IP address is spoofed so everyone starts responding to the target
smurf
in a ___ attack, malware is used to generate a botnet and several computer attack the target at once
Distributed Denial of Service (DDOS)
when spam is done over instant messaging it is called ___
spim
___ is an attempt (via email) to collect information, targeted to a particular person
spear phishing
___ is like phishing, but more dangerous and done using voice
vishing
___ is just trying to get you to click on an ad, but ___ is trying to get you to click on something different than what you thought you were clicking
clickbait; clickjacking
___ is taking advantage of common typos to send you to a decoy url
typo squatting
if you let the registration of a domain lapse, you might become a victim of ___
domain hijacking
in ___ a user’s group might be surreptitiously changed to one with more permissions
privilege escalation
when a 3rd party inserts themselves into a conversation without the other two knowing, this is the beginning of a ___ attack
man in the middle (MITM)
for wireless connections, ___ or ___ protocols have encryption, but ___ does not
WPA; WPA2; WEP
the ___ protocol is used to secure financial data on Bluetooth connections
NFC
when an attacker convinces a system that his address is the target computers or vice versa, this is called ___
spoofing
___ is lying to the system about the IP address for another machine
ARP poisoning
in a ___attack, a password or certificate is obtained, and the login performed again
replay
in a ___attack, the system is tricked into using a more primitive version of the protocols, which is more easily hacked
downgrade
in ___ the attacker must enter a live conversation and inject information in real-time
session hacking
system ___ is the ability to withstand a negative impact
resiliency
the ability to add more servers to meet changing network demand is ___, and if you can also reduce servers as demand contracts, this is called ___
scalability; elasticity
___ is a way to achieve system resiliency through the ability to return to an earlier state
non-persistence
in ___ recovery, the system revert back to an earlier OS or application version
known state
in ___ recovery, drivers revert to an earlier version
rollback
in using a ___ for system recovery, a virtual installation is run in active memory only
live CD
in a ___ system, several drives are used to provide inexpensive and efficient protection against loss of data
Redundant Array of Independent Devices (RAID)
RAID systems work by splitting large files into clusters called ___ to distribute between drives, speeding up data access
stripes
RAID systems work by duplicating data between drives, called ___, to improve data security
mirroring
a RAID 2 system requires at least 3 drives, with the 3rd being a dedicated ___ drive
parity
RAID __ systems can recover after losing one drive, and RAID __ systems can recover after losing 2 drives
5; 6
why would proprietary RAID systems be used?
to accommodate different drive sizes
one proprietary RAID system found in Windows is ___
storage spaces
___ is file-level network storage, while ___ is block-level network storage
Network Attached Storage (NAS); Storage Area Networking (SAN)
the best way to prevent misuse of ports and connections is to ___
disable them at the BIOS level
if you cannot disable a USB port from BIOS, you can probably at least ___ so files can’t be copied from it
disable mass storage
the energetic fields of devices can cause harm due to ___, or in the case of wireless routers ___
electro-magnetic interference (EMI); radio frequency interference (RFI)
3 steps to reduce EMI disruption on a network would be:
shielding; separation; separate electrical circuits
___ can destroy electrical circuits in a flash, but wearing an ___ protects them while you are working on them
electro-static charge (ESD); ESD wrist strap
even in the absence of malware, a system can be slowed down unless you disable ___
unnecessary services
a major source of attack now is through the Internet of Things devices, unless you ___
change their default passwords
best practices for updating OS, application and device patches consists of 5 steps:
Monitor (for updates); Test (on a sandbox system); Evaluate (if needed); Deploy (without disrupting operations); Document what was done
what does a RAID system NOT protect from?
power supply of other devices failing
what will make it much less expensive to use RAID, load balancing and redundancy on a network?
virtualization of the drives
___ is often the easiest way to secure data on a media, but very difficult to recover if you lose the key
disk encryption
in ___ a disk is encrypted with a physical chip containing a public/private key
Trusted Platform Module (TPM)
the built-in Windows version of TPM security is called __, but you may have to ___ before you can use it
bitlocker; enable TPM in the BIOS
___ is a form of hardware/firmware security often found in smartphones, navigation systems, etc. (and now in Windows 10) which creates a “hardware root of trust” and a “secure supply chain”
Secure Boot
sometimes a network will have a ___ just to handle security certificates
Hardware Security Module (HSM)
when selecting an OS for security, follow the Principle of ___
Least Functionality
versions of Windows or Linux that have been certified and locked-down are called ___
Trusted Operating Systems
connecting to a Bluetooth signal in order to steal data is called ___
Bluesnarfing
a wireless NIC could be inserted into a computers ___ and might go unnoticed for some time
SD slot
a ___ can look just like a USB drive, but will actually be grabbing data while it is plugged in
Rubber Duck
if a security camera sends video to a smartphone app, assume your video is ___
being monitored by another organization
a ___ is a Trojan that is activated by an event (like the deactivation of a user account)
Logic Bomb
___ is software that escalates privileges to execute other things
rootkit
a ___ works with a USB device to record keystrokes
keylogger
___ viruses have superfluous code to confuse anti-malware software
armored
most malware today is ___ so anti-malware software has a hard time identifying it
polymorphic
the output of a host-based firewall is basically a ___
whitelist
firewalls are like ___ of traffic coming into a network, while ___ sends alerts if something bad is found within the network and ___ takes action to shut bad things down
filter; Intrusion Detection System (IDS); Intrusion Prevention System (IPS)
automating the security of your network provides both ___ and ___
consistency; repetition
when data is ___, it is overwritten with random binary code
wiped
when data is ___, something external (like degaussing) is done to the drive which may make it unusable
purged
one quick way to make encrypted data inaccessible is to destroy the key, this is called ___
crypto-erasing
