Chapter 14 Flashcards
It prevents users from accessing the network and/or its resources. p474
Denial of Service (DoS)
What is Ping of Death p474
Ping of Death attack, a humongous ICMP packet is sent to the remote host victim, totally flooding the victim’s buffer and causing the system to reboot or helplessly hang there, drowning.
It’s a version of a DoS attack that floods its victim with spoofed broadcast ping messages. p477
Smurf
Its also a DoS attack that inundates the receiving machine with lots of meaningless packets. p478
SYN Flood
What’s Stacheldraht p478
This is actually a mélange of techniques that translates from the German word for barbed wire. It basically incorporates TFN and adds a dash of encryption to the mix.
What is IP Spoofing p481
is the process of sending packets with a fake source address that makes it look like those packets actually originate from within the network that the hacker is trying to attack.
What is a Brute-Force Attacks p482
is another software-oriented attack that employs a program running on a targeted network that tries to log in to some type of shared network resource like a server.
What does Viruses do. p484
A key trait of viruses is that they can’t replicate themselves to other computers or systems without a user doing something like opening an executable attachment in an email to propagate them.
attacks executable application and system program files like those ending in .COM, .EXE, and .DLL. p485
File Viruses
one that affects both the boot sector and files on your computer, making such a virus particularly dangerous and exasperatingly difficult to remove. p486
Multipartite Viruses
is basically a script of commonly enacted commands used to automatically carry out tasks without requiring a user to initiate them. pp486
Macro Viruses
work their way into the master boot record that’s essentially the ground-zero sector on your hard disk where applications aren’t supposed to live. p486
Boot-Sector Viruses
On-access scan An on-access scan runs in the background when you open a file or use a program in situations like these: p517
Insert a floppy disk or thumb drive
Download a file with FTP
Receive email messages and attachments
View a web page
Before you initiate an on-demand scan, be sure that you have the oldest virus definitions. p517 T/F
False You must have the latest.
is the process that an antivirus program deploys to examine a computer suspected of having a virus, identify the virus, and then get rid of it. p517
antivirus scan
is a virus scan initiated by you or an administrator that searches a file, a directory, a drive, or an entire computer but only checks the files you’re currently accessing. p517
on-demand scan
I recommend doing this at least monthly, but you’ll also want to do an on-demand scan. p517
When you first install the antivirus software
When you upgrade the antivirus software engine
Any time you suspect a virus outbreak
is the core program that runs the scanning process and virus definitions are keyed to an engine version number. p516
antivirus engine
For your antivirus program to work for you, you’ve got to upgrade, update, and scan in a specific order: p516
- Upgrade the antivirus engine.
- Update the definition files.
- Create an antivirus emergency boot disk.
- Configure and run a full on-demand scan.
- Schedule monthly full on-demand scans.
- Configure and activate on-access scans.
- Make a new antivirus emergency boot disk monthly.
- Get the latest update when fighting a virus outbreak.
- Repeat all steps when you get a new engine.
A typical antivirus program consists of two components: p515
The definition files
The engine
Here are list of security procedure. p509
What to do when someone has locked themselves out of their account
How to properly install or remove software on servers What to do if files on the servers suddenly appear to be “missing” or altered
How to respond when a network computer has a virus
Actions to take if it appears that a hacker has broken into the network
Actions to take if there is a physical emergency such as a fire or flood
Your network users need to have a clearly written document, called a ___________ that fully identifies and explains what’s expected of them and what they can and can’t do. p508
security policy
security policies can cover literally hundreds of items. Here are some common ones: p505-07
Notification Equipment access Wiring Door locks/swipe mechanisms Badges Tracking Passwords Monitor viewing
The ICSA is a vendor-neutral organization that certifies the functionality of security products as well as makes recommendations on security in general. T/F p505
true
What does Clean-Desk Policy mean. p504
it means requiring that all potentially important documents like books, schematics, confidential letters, notes to self, and so on aren’t left out in the open when someone’s away from their desk.
What is a Security Audit. p504
A security audit is a thorough examination of your network that includes testing all its components to make sure everything is secure. You can do this internally, but you can also contract an audit with a third party if you want the level of security to be certified.
So what exactly is a security policy. p504
it should precisely define how security is to be implemented within an organization and include physical security, document security, and network security.
What is the order of volatility. p502
Memory content Swap files Network processes System processes File system information Raw disk blocks
This process may be initiated by a notice or communication from legal counsel to an organization. p503
Legal hold
What is a Active Detection. p500
Is special software that searches for hackers attempting known attack methods and scans for the kind of suspicious activity and weird network traffic that hackers leave behind as they travel over the network.
Is a software tool that can be incredibly effective in troubleshooting a problematic network but it can also be a hackers friend. p495
Packet Sniffers
Programs that ping every port on the target to identify which ports are open. It does this by pinging the IP address of the target with the port number appended after a colon. p495
Port Scanners
This attack requires a host machine the hacker has broken into and uses to redirect traffic that normally wouldn’t be allowed passage through a firewall. p495
Port-Redirection Attacks
From simple invasions to elaborate Trojan horses villains can use their previously placed inroads into a specific host or a network whenever they want to. p494
Backdoors
What is Bluejacking. p493
Is an attack aimed at bluetooth connections. It sends unsolicited messages to the devices. These messages are typically in the form of a vCard that contains the message in the name field.
Is a network security standard that attempts to allow users to easily secure a wireless home network. It works by enabling the user to add a device to the network without typing credentials. p492
WPS Attacks
An AP that is not under your control but is used to perform a hijacking attack. p492
Evil Twin
These attacks allow access to the data on the device and make use of the pairing function used to connect two devices to transfer data between them. p493
Bluesnarfing
Are miniature programs that run on a web server or that you download to your local machine. p494
ActiveX Attacks
