Chapter 2 - The Need for Security

Question 1

What are the 4 learning objectives?

Answer 1

1. Discuss the organizational business need for information security
2. Explain why a successful information security program is the shared responsibility of an organization’s general management and IT management
3. List and describe the threats posed to information security and common attacks associated with those threats
4. Describe the relationship between threats and attacks against information within systems

Question 2

information assets

Answer 2

information and the systems that house them

Question 3

What are the 4 important functions that IS performs for an organization?

Answer 3

1. Protect the org’s ability to function
2. Protect the data and info the organization collects and uses
3. Enabling the safe operation of applications running on the organizations’ IT systems
4. Safeguarding the organization’s tech assets

Question 4

What is the role of mgmt (general and IT) with respect to IS?

Answer 4

They are responsible for implementing and facilitating a security program

Question 5

How should information security be addressed?

Answer 5

In terms of business impact (outages, loss of client trust, etc.) and cost of business interruption

Question 6

What are the three stages through which data must be protected?

Answer 6

data in transmission (input), in processing (transfer), and at rest (storage)

Question 7

threats

Answer 7

a potential risk to an asset’s loss of value

Question 8

What are the most common types of attack/misuse as of CSI’s 2011 Survey?

Answer 8

1. Malware infection
2. Being fraudulently represented as the sender of a phishing message
3. Laptop/mobile theft or loss
4. Bot/Zombies in the organization
5. Insider abuse of internet or email

Question 9

12 categories of threat

Answer 9

1. Compromises to IP
2. Deviation in quality of service
3. Espionage/trespass
4. Forces of nature
5. Human error or failure
6. Information extortion
7. Sabotage or Vandalism
8. Software attacks
9. Hardware failures/errors
10. Software failures/errors
11. Technological obsolescence
12. Theft

Question 10

Intellectual Property (IP) & most common type of breach?

Answer 10

creation, ownership and control of original ideas as well as the representation of those ideas

software piracy

Question 11

What factors can affect quality of service if compromised?

Answer 11

Information systems depend on the operation of many interdependent systems: internet service, communications, suppliers, vendors, janitorial staff, garbage haulers, power irregularities

Question 12

Forms of espionage/trespass

Answer 12

1. industrial espionage
2. shoulder surfing

Question 13

Expert vs. unskilled hacker

Answer 13

Expert hackers: develop software scripts and program exploits, usually a master of many skills, often creates an attack software and shares it with others.

Unskilled hackers - use the expertly written software to exploit a system, do not usually fully understand the systems they hack

Question 14

Hacker - Cracker

Answer 14

“cracks” or removes the software protection that’s there to prevent unauthorized duplication

Question 15

Phreaker

Answer 15

hacks the public telephone system to make free calls or disrupt services

Question 16

Social engineering

Answer 16

using social skills to convince people to reveal access credentials or other valuable information to an attacker

Question 17

Advance-fee fraud

Answer 17

indicates the recipient is due money and small advance fee/personal banking information is required to facilitate the transfer.

Question 18

Phishing

Answer 18

attempting to gain personal/confidential info, apparent legitimate communication hides an embedded code that redirects the target to a third party site

Question 19

Timing attack

Answer 19

Timing Attack - Relatively new, works by exploring the contents of a Web browser’s cache. This could allow the designer to collect information to access to password-protected sites. Another attack by the same name involves attempting to intercept cryptographic elements to determine keys and encryption algorithms.

Question 20

Malware

Answer 20

Malware - malicious software used to overwhelm the processing capabilities of online systems or to gain access to protected systems via hidden means

Question 21

Types of Software attacks

Answer 21

–Viruses

–Worms

–Trojan horses

–Polymorphic threats

–Virus and worm hoaxes

–Back door or trap door

–Denial-of-service and distributed denial-of-service

–Mail bomb

Question 22

Virus

Answer 22

code segments that attach to an existing program and take control of the targeted computer

Question 23

Worms

Answer 23

replicate themselves until they completely fill available resources such as memory and hard-drive space

Question 24

Trojan horses

Answer 24

malware disguised as helpful, interesting, or necessary pieces of software

Question 25

Password attacks

Answer 25

Password Crack - Attempting to reverse calculate a password.

Brute Force - The application of computing and network resources to try every possible combination of options of a password.

Dictionary - The dictionary password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) to guess with.

Question 26

Denial of Service and Distributed Denial of Service

(DoS & DDoS)

Answer 26

Denial-of-Service (DoS) - The attacker sends a large number of connection or information requests to a target. So many requests are made that the target system cannot handle them successfully along with other, legitimate requests for service. This may result in a system crash or merely an inability to perform ordinary functions.

Distributed Denial-of-Service (DDoS) - An attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

Question 27

Spoofing and Man in the Middle

Answer 27

Spoofing - A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.

Man-in-the-Middle - In the man-in-the-middle or TCP hijacking attack, an attacker sniffs packets from the network, modifies them, and inserts them back into the network

Question 28

Packet sniffer

Answer 28

–Packet sniffer: It monitors data traveling over network; it can be used both for legitimate management purposes and for stealing information from a network.

Question 29

Pharming

Answer 29

Redirection of legitimate browser requests to illegitimate sites for the purpose of obtaining private information

Question 30

Deadly sins of software security

Answer 30

•Common failures in software development:

–Buffer overruns

–Command injection

–Cross-site scripting (XSS)

–Failure to handle errors

–Failure to protect network traffic

–Failure to store and protect data securely

–Failure to use cryptographically strong random numbers

–Format string problems

–Neglecting change control

–Improper file access

–Improper use of SSL

–Information leakage

–Integer bugs (overflows/underflows)‏

–Race conditions

SQL injection

Question 31

Technological Obsolescence

Answer 31

When the infrastructure becomes antiquated or outdated, it leads to unreliable and untrustworthy systems.

Question 32

Theft

Answer 32

Illegal taking of another’s physical, electronic, or IP

Question 33

Software assurance (SA) & CBK

Answer 33

• A national effort is underway to create a common body of knowledge focused on secure software development.
• U.S. Department of Defense and Department of Homeland Security supported the Software Assurance Initiative, which resulted in the publication of Secure Software Assurance (SwA) Common Body of Knowledge (CBK)‏.

Question 34

Good software design principles

Answer 34

–Keep design simple and small

–Access decisions by permission not exclusion

–Every access to every object checked for authority

–Design depends on possession of keys/passwords

–Protection mechanisms require two keys to unlock

Programs/users utilize only necessary privileges

–Minimize mechanisms common to multiple users

–Human interface must be easy to use so users routinely/automatically use protection mechanisms.

Question 35

PKI

Answer 35

Public key infrastructure

Question 36

SOHO

Answer 36

small office and home office device

Question 37

attack

Question 38

threat agent

Answer 38

person/entity that may cause loss of an asset’s value

Question 39

vulnerability

Answer 39

a potential weakness

Question 40

12 Categories of Threats

Answer 40

Categories of threat and their attack examples

Question 41

What is the difference between a virus and a worm?

Question 42

Pharming

Answer 42

Pharming is a cyberattack intended to redirect a website’s traffic to another, fake site.

Question 43

Spoofing

Answer 43

Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.

Question 44

Packet sniffer

Answer 44

A packet analyzer or packet sniffer is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or part of a network. Packet capture is the process of intercepting and logging traffic

Question 45

OWASP

Answer 45

Open Web Application Security Project - helps orgos build and operate software applications they can trust

Question 46

polymorphism

Answer 46

Polymorphic malware is a type of malware that constantly changes its identifiable features in order to evade detection.