Chapter 1: Intro to Security

Question 1

Universally Connected Devices

Answer 1

Almost all devices are now connected up to the internet. This allows people from anywhere to have the ability to attack any connected device.

Question 2

Increased Speed of Attacks

Answer 2

More tools allows for quicker scans. Many attacks can be automated

Question 3

Greater sophistication of attacks

Answer 3

Attacks use common protocols or tools to send malicious packets. Hard to distinguish from legitimate traffic.

Question 4

Availability/Simplicity of attack tools

Answer 4

Attackers use to have to know an extensive knowledge of networks, computers and programming capabilities. Now they need an internet connection. (Backtrack, Kali)

Question 5

Faster Detection of Vulnerabilities

Answer 5

Software weaknesses can be uncovered and exploited with new software tools and techniques.

Question 6

Delays in Patching

Answer 6

Hardware and software vendors can have trouble trying to constantly fix exploits.

Question 7

Weak Patch Distribution

Answer 7

Some software vendors lack ability to distribute security patches in a timely fashion. No notification for users that updates are available.

Question 8

Distributed Attacks

Answer 8

Make it impossible to stop an attack since it’s not coming from a single source. (Botnets)

Question 9

User Confusion

Answer 9

Users are sometimes tasked with making decisions regarding computer security with little or no information to guide them.

Ex. “Do you want to view only content that was delivered securely?

“Is it safe to quarantine this attachment?”

Question 10

CIA Triad

Answer 10

Confidentiality,Integrity,Availability

Question 11

AAA

Answer 11

Authentication,Authorization,Accounting

Question 12

HIPAA

Answer 12

Health Insurance Portability and Accountability Act

Question 13

HIPAA Title II

Answer 13

The Privacy Rule
›Transactions and Code Sets Rule
›Security Rule
›Unique Identifiers Rule
›Enforcement Rule

Question 14

Sarbox

Answer 14

A reaction to a rash of corporate fraud, the (Sarbox) is an attempt to fight corporate corruption.
Covers the corporate officers, auditors, and attorneys of publicly traded companies.
Requires stringent reporting requirements and internal controls on electronic financial reporting systems.
Consequences for willfully and knowingly certify false financial reports can be fined up to $5 million and serve 20 years in prison.

Question 15

Attacker Methodology

Answer 15

Probe for Info: The first step of an attack
This reconnaissance is essential to provide information, such as the type of hardware used, version of software or firmware and personal info about users.
Ping sweeps: determine if a system responds
Port scanning: determining which ports may be accessible

Question 16

Attacker Methodology II

Answer 16

Penetrate any defenses:
Once a potential system has been identified and information about it has been gathered, the next step is to launch the attack to penetrate the defenses.
Exploiting the print spooler service

Question 17

Attacker Methodology III

Answer 17

Modify security settings:
Modifying the security settings is the next step after the system has been penetrated. This allows the attacker to reenter the compromised system more easily.
Creating a backdoor

Question 18

Attacker Methodology IIII

Answer 18

Circulate to other systems: Once the network or system has been compromised, the attacker then uses it as a base of attack toward other networks and computers. The same tools that are used to probe for information are then directed toward other systems.
Pivoting:
Uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines.

Question 19

Attacker Methodology V

Answer 19

Paralyze networks and devices:
If the attacker chooses, she may also work to maliciously damage the infected computer or network. This may include deleting or modifying critical operating system files or injecting software that will prevent the computer from properly functioning.

Question 20

Defenses Against Attacks

Answer 20

Layering: The more layers of defense the harder it is for an attacker to circumvent them.

Limiting: Act of limiting access to information reduces the threat against it. Meaning that only those personnel who must use the data should have access to it.
Also includes what type of access they should have

Question 21

Defenses Against Attacks II

Answer 21

Diversity: Closely related to layering. Each layer of defense needs to be different so they can’t use the same techniques to break through every layer.
Obscurity: The technique of obscuring the vision to the outside world about what is on the inside.
Not revealing the type or version of the OS you are using.

Question 22

Defenses Against Attacks III

Answer 22

Simplicity: The more complex a system becomes, the more difficult it is to understand.
Complex systems allow many opportunities for something to go wrong and can sometimes be a boon to the attacker.
Sometimes they are compromised to make them easier for trusted users to work with, yet this can also make it easier for the attackers.