Chapter 11: Network Security Flashcards
at are the most common security threats? What are the most critical? Why?
There are 7 common security threats Virus, Theft of Equipment, Theft of Information, Device Failure, Natural disaster, Sabotage, and Denial of Service. The most critical is those that are determined by threat scenario and are categorized by their relative risk score.
People who attempt intrusion can be classified into four different categories. Describe them.
The four types of people who attempt intrusion are casual, hackers, professional hackers, and employees. The casual intruder is someone who has very little computer skills and is casually surfing looking for an easy entry point. The second level is a skilled hacker that is simply working into other systems for the thrill or to show off, no damage is usually caused. The third type is a professional hacker that is hacking into systems like government agencies to cause damage or possible espionage. The fourth type is an internal employ that may already have access to the network, but uses the internal information to profit for themselves.
What are three major aspects of intrusion prevention (not counting the security policy)?
Perimeter Security and Firewalls, Server and Client Protection, and Encryption are the 3 major aspects of intrusion prevention.
How do the different types of firewalls work?
Packet-level firewalls validate the source and destination addresses and only allow those with acceptable addresses into the organization. The application-level firewall examines the application level packet and searches for known attacks. Network address translation firewalls use an address table convert private IPs from within the organization or proxy IPs that are used on the internet. When the return message is received it performs this action in reverse.
What are the 3 primary goals in providing security
Confidentiality, Integrity, and Availability
Confidentiality
Refers to the protection of organizational data from unauthorized disclosure of customer and proprietary data.
Integrity
Is the assurance that data have not been altered or destroyed.
Availability
mans providing continuous operation of the organization’s hardware and software so that staff, customers, and suppliers can be assured of no interruptions in service.
What are the 3 risk assessment frameworks?
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), Control Objectives for Information and Related Technology (COBIT), and Risk Management Guide for Information Technology Systems (NIST guide)
What are the 5 common risk assessment steps
- Develop risk measurement criteria
- Inventory IT assets
- Identify threats
- Document existing controls
- Identify improvements.
How does symmetric encryption work?
the key used to encrypt a message is the same as the one used to decrypt it.
What is a denial of service attack (DoS)
An attacker attempts to disrupt the network by flooding it with messages so that the network cannot process messages from normal users.
What is a distributed denial of service attack (DDos)
The attacker breaks into and takes control of many computers on the Internet and plants software on them called a DDoS agent. The attacker then uses software called DDoS handler (botnet) to control the agents.
Triple DES (3DES)
a newer standard that is harder to break. As the name suggests, it involves using DES (Data Encryption Standard) 3 times, usually with 3 different keys to produce the encrypted text, which produces a stronger level of security because it has a total 168 bits as they key (3x56)
What is PKI
Public Key Infrastructure: is inherently different from symmetric single-key systems like DES. Because public key encryption is asymmetric, there are two keys. One key, called the public key, is used to encrypt the message and a second, very different private key is used to decrypt the message.