Chapter 1 - Essential Knowledge (Introduction to Ethical Hacking) Flashcards
Match OSI Layers with PDU’s
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application - Data PDU
Presentation - Data PDU
Session - Data PDU
Transport - Segment PDU
Network - Packet PDU
Data Link - Frame PDU
Physical - Bit PDU
Acronym for top-down list of PDU’s
Do Sergeants Pay For Beer
Data Segment Packet Frame Bit
Match OSI Layers with Protocols Application
Presentation
Session
Transport
Network
Data Link
Physical
Application - FTP, SMTP, HTTP
Presentation - AFP, MIME, NCP
Session - X.225, SCP, ZIP
Transport - TCP, UDP
Network - IP
Data Link - ARP, CDP, PPP
Physical - USB Standards, Bluetooth, Etc
TCP/IP Model and Protocols
Application
Transport
Internet
Network Access
Application - HTTP, FTP, SNMP, DNS, POP, Telnet
Transport - TCP, UDP
Internet - IP, ICMP
Network Access - ARP, L2TP, STP, HDLC, FDDI
Match OSI Model to TCP/IP Model
Application
Presentation
Session
Transport
Network
Data Link
Physical
OSI Model — TCP/IP Model
Application - Application
Presentation - Application
Session - Application
Transport - Transport
Network - Internet
Data Link - Network Access
Physical - Network Access
Ethernet Frame Diagram
Three-Way Handshake
6 steps
- Host A send TCP SYN nchronize packet to B
- Host B receives the SYN
- Host B sends a SYNnchronize-ACKnowledge
- Host A receives the SYN-ACK from B
- Host A sends ACKnowledgement
- Host B receives the ACK from A
connection established
Ethernet Frames in Transit Diagram
ECC’s Five Network Zones
Internet
Internet DMZ
Production Network
Intranet
Management Network
- Internet
- Outside the boundary. Uncontrolled. No security policies applied
- Internet DMZ
- Controlled buffer network betwen you and the internet
- Production Network
- Very restricted zone that strictly controls access from uncontrolled zones. Does not hold users
- Intranet
- Controlled zone with little to no heavy restrictions. Not wide open but fewer strict controls
- Management Network
- Highly secured zone with very strict policies
Security, Functionality, Usability Triangle
Shows that as you move towards one corner, you get further from the other two
5 Sections of Threat Modeling
Identify Security Objectives
Application Overview
Decompose Application
Identify Threats
Identify Vulnerabilities
EISA
Enterprise Information Security Architecture
Collection of requirements and processes that help determine how organization’s information systems are built and how they work
Security Controls
- Physical
- guards, lights, cameras
- Technical
- encryption, smartcards, ACL’s
- Administrative
- training, awareness, policy efforts
Preventive, Detective, Corrective Measures
- Preventive
- authentication
- Detective
- alarm bells, alerts, for unauthorized access, audits
- Corrective
- backup and restore options
BIA
Business Impact Analysis
Identify systems and processes that are critical for operations.
includes measurements of the Maximum Tolerable Downtime (MTD) which lets you prioritize recovery of assets
Business Continuity Plan (BCP)
Plans and procedures to follow in event of failure or disaster, to get business back up and running
Includes a Disaster Recovery Plan (DRP) addressing exactly what to do for recovering lost data or services
Annualized Loss Expectancy (ALE)
Annual Rate of Occurrence (ARO)
Single Loss Expectency (SLE)
Exposure Factor (EF)
Asset Value
ALE = ARO * SLE
ARO can come from statistics from similar businesses
EF is educated guess on percentage loss for an asset
SLE = EF * Asset Value
CIA Triad
- Confidentiality
- secrecy and privacy of info. measures taken to prevent unauthorized access to it
- Integrity
- Methods, actions taken to protect info from unauthorized alteration or revision, both at rest and in transit.
- Availability
- Ensuring that when the system or data is needed, it can be accessed
Common Criteria Information
Originated in 1999, took precedence in 2005.
Grew out of the TCSEC, a DoD standard
Designed to provide assurance that the system is designed, implemented and tested according to a specific security level
Common Criteria (CC) Terms
Evaluation Assurance Level (EAL)
Target of Evaluation (TOE)
Security Target (ST)
Protection Profile (PP)
- EAL
- Has 7 levels
- Allows vendors to make cliams about their in-place security by following these standards
- TOE
- What is being tested
- ST
- Documentation describing the TOE and security requirements
- PP
- Set of security requirements specifically for the type of product being test
Mandatory and Discretionary Access Control
MAC
DAC
- MAC
- security policy controlled by security administrator, users can’t set access controls themselves.
- OS restricts ability to access a resource or perform a task
- DAC
- Lets users set access controls on the resources they control.
- Means of restricting access to objects based on identity of subjects or groups they belong to.
- ex NTFS and Unix permissions for users, groups
Types of EC Council Policies
- Promiscuous
- Permissive
- Prudent
- Paranoid
- Promiscuous
- wide open
- Permissive
- blocks only known bad things
- Prudent
- maximum security but allows some potentially dangerous services because of business needs
- Paranoid
- locks everything down, not even a web browser is allowed
Definitions
- Standards
- Baselines
- Guidelines
- Procedures
- Standards
- mandatory rules used to achieve consistancy
- Baselines
- provide minimum security level necessary
- Guidelines
- flexible recommended actions to take if no standard to follow
- Procedures
- detailed step-by-step instructions to accomplish a task or goal
Definitions
- Script Kiddie
- Phreaker
- White Hats
- Black Hats
- Gray Hats
- Hacktivists
- Suicide Hackers
- Script Kiddie
- uneducated but uses tools
- Phreaker
- manipulates telecom systems
- White Hats
- ethical hackers hired to test & improve security. Always get permission first
- Black Hats
- Crackers, illegally using skills for malicious or illegal gain
- Gray Hats
- neither good nor bad. 2 subsets, those who are curious and those feel like it’s their duty to demonstrate security flaws
- Hacktivists
- Have a political agenda
- Suicide Hackers
- don’t care about their safety or freedom, or anyone else’s.
