Chapter 1 - Essential Knowledge (Introduction to Ethical Hacking)

Question 1

Match OSI Layers with PDU’s

Application

Presentation

Session

Transport

Network

Data Link

Physical

Answer 1

Application - Data PDU

Presentation - Data PDU

Session - Data PDU

Transport - Segment PDU

Network - Packet PDU

Data Link - Frame PDU

Physical - Bit PDU

Question 2

Acronym for top-down list of PDU’s

Answer 2

Do Sergeants Pay For Beer

Data Segment Packet Frame Bit

Question 3

Match OSI Layers with Protocols Application

Presentation

Session

Transport

Network

Data Link

Physical

Answer 3

Application - FTP, SMTP, HTTP

Presentation - AFP, MIME, NCP

Session - X.225, SCP, ZIP

Transport - TCP, UDP

Network - IP

Data Link - ARP, CDP, PPP

Physical - USB Standards, Bluetooth, Etc

Question 4

TCP/IP Model and Protocols

Application

Transport

Internet

Network Access

Answer 4

Application - HTTP, FTP, SNMP, DNS, POP, Telnet

Transport - TCP, UDP

Internet - IP, ICMP

Network Access - ARP, L2TP, STP, HDLC, FDDI

Question 5

Match OSI Model to TCP/IP Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Answer 5

OSI Model — TCP/IP Model

Application - Application

Presentation - Application

Session - Application

Transport - Transport

Network - Internet

Data Link - Network Access

Physical - Network Access

Question 6

Ethernet Frame Diagram

Answer 6

Question 7

Three-Way Handshake

6 steps

Answer 7

1. Host A send TCP SYN nchronize packet to B
2. Host B receives the SYN
3. Host B sends a SYNnchronize-ACKnowledge
4. Host A receives the SYN-ACK from B
5. Host A sends ACKnowledgement
6. Host B receives the ACK from A

connection established

Question 8

Ethernet Frames in Transit Diagram

Answer 8

Question 9

ECC’s Five Network Zones

Internet

Internet DMZ

Production Network

Intranet

Management Network

Answer 9

• Internet
  
  • Outside the boundary. Uncontrolled. No security policies applied
• Internet DMZ
  
  • Controlled buffer network betwen you and the internet
• Production Network
  
  • Very restricted zone that strictly controls access from uncontrolled zones. Does not hold users
• Intranet
  
  • Controlled zone with little to no heavy restrictions. Not wide open but fewer strict controls
• Management Network
  
  • Highly secured zone with very strict policies

Question 10

Security, Functionality, Usability Triangle

Answer 10

Shows that as you move towards one corner, you get further from the other two

Question 11

5 Sections of Threat Modeling

Answer 11

Identify Security Objectives

Application Overview

Decompose Application

Identify Threats

Identify Vulnerabilities

Question 12

EISA

Answer 12

Enterprise Information Security Architecture

Collection of requirements and processes that help determine how organization’s information systems are built and how they work

Question 13

Security Controls

Answer 13

• Physical
  
  • guards, lights, cameras
• Technical
  
  • encryption, smartcards, ACL’s
• Administrative
  
  • training, awareness, policy efforts

Question 14

Preventive, Detective, Corrective Measures

Answer 14

• Preventive
  
  • authentication
• Detective
  
  • alarm bells, alerts, for unauthorized access, audits
• Corrective
  
  • backup and restore options

Question 15

BIA

Business Impact Analysis

Answer 15

Identify systems and processes that are critical for operations.

includes measurements of the Maximum Tolerable Downtime (MTD) which lets you prioritize recovery of assets

Question 16

Business Continuity Plan (BCP)

Answer 16

Plans and procedures to follow in event of failure or disaster, to get business back up and running

Includes a Disaster Recovery Plan (DRP) addressing exactly what to do for recovering lost data or services

Question 17

Annualized Loss Expectancy (ALE)

Annual Rate of Occurrence (ARO)

Single Loss Expectency (SLE)

Exposure Factor (EF)

Asset Value

Answer 17

ALE = ARO * SLE

ARO can come from statistics from similar businesses

EF is educated guess on percentage loss for an asset

SLE = EF * Asset Value

Question 18

CIA Triad

Answer 18

• Confidentiality
  
  • secrecy and privacy of info. measures taken to prevent unauthorized access to it
• Integrity
  
  • Methods, actions taken to protect info from unauthorized alteration or revision, both at rest and in transit.
• Availability
  
  • Ensuring that when the system or data is needed, it can be accessed

Question 19

Common Criteria Information

Answer 19

Originated in 1999, took precedence in 2005.

Grew out of the TCSEC, a DoD standard

Designed to provide assurance that the system is designed, implemented and tested according to a specific security level

Question 20

Common Criteria (CC) Terms

Evaluation Assurance Level (EAL)

Target of Evaluation (TOE)

Security Target (ST)

Protection Profile (PP)

Answer 20

• EAL
  
  • Has 7 levels
  • Allows vendors to make cliams about their in-place security by following these standards
• TOE
  
  • What is being tested
• ST
  
  • Documentation describing the TOE and security requirements
• PP
  
  • Set of security requirements specifically for the type of product being test

Question 21

Mandatory and Discretionary Access Control

MAC

DAC

Answer 21

• MAC
  
  • security policy controlled by security administrator, users can’t set access controls themselves.
  • OS restricts ability to access a resource or perform a task
• DAC
  
  • Lets users set access controls on the resources they control.
  • Means of restricting access to objects based on identity of subjects or groups they belong to.
  • ex NTFS and Unix permissions for users, groups

Question 22

Types of EC Council Policies

1. Promiscuous
2. Permissive
3. Prudent
4. Paranoid

Answer 22

1. Promiscuous
   
   1. wide open
2. Permissive
   
   1. blocks only known bad things
3. Prudent
   
   1. maximum security but allows some potentially dangerous services because of business needs
4. Paranoid
   
   1. locks everything down, not even a web browser is allowed

Question 23

Definitions

• Standards
• Baselines
• Guidelines
• Procedures

Answer 23

• Standards
  
  • mandatory rules used to achieve consistancy
• Baselines
  
  • provide minimum security level necessary
• Guidelines
  
  • flexible recommended actions to take if no standard to follow
• Procedures
  
  • detailed step-by-step instructions to accomplish a task or goal

Question 24

Definitions

• Script Kiddie
• Phreaker
• White Hats
• Black Hats
• Gray Hats
• Hacktivists
• Suicide Hackers

Answer 24

• Script Kiddie
  
  • uneducated but uses tools
• Phreaker
  
  • manipulates telecom systems
• White Hats
  
  • ethical hackers hired to test & improve security. Always get permission first
• Black Hats
  
  • Crackers, illegally using skills for malicious or illegal gain
• Gray Hats
  
  • neither good nor bad. 2 subsets, those who are curious and those feel like it’s their duty to demonstrate security flaws
• Hacktivists
  
  • Have a political agenda
• Suicide Hackers
  
  • don’t care about their safety or freedom, or anyone else’s.

Question 25

Attack Types

• OS Attacks
• Application-level attacks
• Shrink-wrap code attacks
• Misconfiguration Attacks

Answer 25

• OS Attacks
  
  • Target common mistaks when installing OS’s
• Application-level attacks
  
  • Target actual programming code and software logic of app. Many apps on network aren’t tested for vulnerabilities
• Shrink-wrap code attacks
  
  • Take advantage of built-in code that most COTS applications come with
• Misconfiguration Attacks
  
  • Take advantage of systems that aren’t configured well for security. ie the administrator who “makes things easy” for users.

Question 26

5 Hacking Phases

1. Reconnaisance
2. Scanning and Enumeration
3. Gaining Access
4. Maintaining Access
5. Covering Tracks

Answer 26

1. Reconnaisance
   
   1. Passive - gain info without the target knowing. Observing building.
      
      1. CEH Passive Recon: Dumpster diving, Social Engineering, Network Sniffing
   2. Active - puts hacker at higher risk of discovery. Entering buildling
2. Scanning and Enumeration
   
   1. Use recon info and apply tools and techniques to get more in depth info
3. Gaining Access
   
   1. True attacks used agains targets enumerated in phase 2
4. Maintaining Access
   
   1. Ensure they have way back into the system
5. Covering Tracks
   
   1. Attempt to conceal success and avoid detection

Question 27

3 Pen Test Phases

1. Preparation
2. Assessment
3. Conclusion

Answer 27

1. Preparation
   
   1. Defines scope, types of attacks allowed, individuals to perform acitvity
2. Assessment (aka Security Eval Phase)
   
   1. Actual attacks are performed
3. Conclusion
   
   1. Final reports prepared for customer, detailing findings, possibly recommendations

Question 28

3 Types of Testing

1. Black Box
2. White Box
3. Gray Box

Answer 28

1. Black Box
   
   1. hacker has no knowledge of the TOE. Longest test. Simulates outside hacker
2. White Box
   
   1. Pen tester has full knowledge of the TOE. Quickets test. Simulates internal threat from trusted user (sysadmin)
3. Gray Box
   
   1. Assumes partial knowledge, like a regular user inside the network

Question 29

HIPAA

Answer 29

Developed by US Health & Human Services

Sets privacy standards to protect patient medical records and health information

5 Sub-Sections

Electronic Transaction and Code Sets

Privacy Rule

Security Rule
National Identifier Requirements

Enforcement

Question 30

Sarbanes-Oxley (SOX)

Answer 30

Created to make corporate disclosures more accurate and reliable to protect investors from shady behaviour

11 Titles in SOX

Question 31

OSSTM

Open Source Security Testing Methodology Manual

Answer 31

Peer reviewed methodology of security testing and analysis.

Defines 3 types of compliance for testing

1. Legislative - government regs
2. Contractual - industry requirements
3. Standards-based - practices required to remain a member of a group or organization

Question 32

PCI-DSS

Payment Card Industry Data Security Standard

Answer 32

Applies to everyone in the payment card process (card issuers, merchants, those storing & transmitting card information)

12 Requirements

1. Install, maintain firewall
2. remove default passwords
3. protect stored data
4. encrypt transmitted data
5. use antivirus
6. develop secure systems, applications
7. use ‘need-to-know to restrict access
8. assign unique ID to each stakeholder with computer access
9. restrict physical access to data
10. monitor access to data and devices storing, transmitting it
11. test security procedures regularly
12. create, maintain security policy

Question 33

COBIT

Control Objects for Information and Related Technology

Answer 33

created by Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI)

A governance framework and supporting toolset that allows managers to bridge gap between control requirements, technical issues, business risks

Enables clear policy development, good practice and regulatory compliance

Categorizes control objectives into 4 domains

1. planning and organization
2. acquisition and implementation
3. delivery and support
4. monitoring and evaluation