Chapter 8 Network Security Analysis

Question 1

Security Factors:

is the process of determining what rights and privileges a particular entity has.

Answer 1

Authorization or Authentication

Question 2

Security Factors:

is the process of determining and assigning privileges to various resources, objects, or data.

Answer 2

Access Control

Question 3

Security Factors:

is the process of determining who to hold responsible for a particular activity or event, such as a logon

Answer 3

Accountability

Question 4

Security Factors:

is the process of tracking and recording system activities and resource access.

Answer 4

Auditing or Accounting

Question 5

Components of the CIA Triad:

Answer 5

Confidentiality- This is the fundamental principle of keeping information and communications private and protecting them from unauthorized access.
Integrity- This is the property of keeping organizational information accurate, free of errors, and without unauthorized modifications.
Availability- This is the fundamental principle of ensuring that systems operate continuously and that authorized persons can access the data that they need. Consider what would happen if the Federal Aviation Administration’s air traffic control system failed.

Question 6

Basic Security Concepts:
is the goal of ensuring that data remains associated with the party that creates it or sends a transmission with that data

Answer 6

Non-repudiation

Question 7

Basic Security Concepts:
dictates that users and software should have only the minimal level of access that is necessary for them to perform their duties.

Answer 7

Least Privilege

Question 8

Basic Security Concepts:
is a concept that indicates exposure to the chance of damage or loss. It signifies the likelihood of a hazard or threat occurring. often associated with the loss of data, device, power, or network, and other physical losses.

Answer 8

Risks

Question 9

Basic Security Concepts:
is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.

Answer 9

Data Breaches

Question 10

Basic Security Concepts:

is any type of network or data access that is not explicitly approved by an organization.

Answer 10

Unauthorized Access

Question 11

is any condition that leaves a network open to attack

Answer 11

Vulnerabilities

Question 12

Examples of Vulnerabilities

Answer 12

Improperly configured or installed hardware or software
Bugs in software or operating systems
Misuse of software or communication protocols
Poorly designed networks
Poor physical security
Insecure passwords
Design flaws in software or operating systems
Unchecked user input
Unlocked workstations

Question 13

Taking advantage of a vulnerability. the attacker first identifies vulnerabilities and then takes advantage of that vulnerability to perform the attack. A few examples include taking advantage of open ports, unsecured accounts, or holes in applications or operating systems.

Answer 13

Exploits

Question 14

an event or action that could potentially result in the violation of a security requirement, policy, or procedure.

Answer 14

Threats

Question 15

a technique that is used to exploit a vulnerability in any application on a device without the authorization to do so.

Answer 15

Attacks

Question 16

are related terms for individuals who have the skills to gain access to computing devices through unauthorized or unapproved means.

Answer 16

Hackers and Attackers

Question 17

is a hacker who discovers and exposes security flaws in applications and operating systems so that manufacturers can fix them before they become widespread problems

Answer 17

White Hat

Question 18

is a hacker who discovers and exposes security vulnerabilities for financial gain or for some malicious purpose

Answer 18

Black Hat

Question 19

Examples might include logs of addition, deletion, or modification of an asset. occurs when you review those log files to find out what is occurring on the system.

Answer 19

Auditing and Logging

Question 20

is a formalized statement that defines how security will be implemented within a particular organization.

Answer 20

Security Policy

Question 21

Defines the acceptable use of an organization’s physical and intellectual resources.

Answer 21

Acceptable Use Policy (AUP)

Question 22

Defines the circumstances under which personal devices including cell phones, tablets, and laptops may be connected to the organization’s network

Answer 22

Bring Your Own Device (BYOD)

Question 23

Legal document between two parties that specifies restrictions on sharing any confidential or proprietary information with outside parties.

Answer 23

Non-Disclosure Agreement (NDA)

Question 24

Identifies the actions to take when an incident occurs and how to respond to the incident.

Answer 24

Incident Response Policies (IRP)

Question 25

Security Policy Components:

Answer 25

• Policy Statement- Outlines the plan for the individual security component.
• Standards- Define how to measure the level of adherence to the policy.
• Guidelines- Suggestions, recommendations, or best practices for how to meet the policy standard.
• Procedures- Step-by-step instructions that detail how to implement components of the policy.

Question 26

Physical Security Threats and Vulnerabilities:

Answer 26

• Internal- Happens internally, example could be a disgruntled employee.
• External- Examples include power failures from a power company.
• Natural- Examples include weather-related problems including tornadoes, hurricanes, snow storms and floods.
• Man-made- Can be internal or external. Can be accidental or intentional Example could be a backhoe operator may accidentally dig up fiber optic cables. Or a disgruntled employee could choose to dig up cables.

Question 27

are plastic cards that have an integrated circuit built into the card. These often look like regular ID cards or credit cards, but have a secure microcontroller or intelligent memory that contains data that can be read by a physical or RFID scanner

Answer 27

Smart Cards

Question 28

is activated by human physical features, such as a fingerprint, voice, retina, or signature.

Answer 28

Biometric Devices

Question 29

a method or strategy to ensure that users are prevented from sending critical, confidential, or restricted data outside of the network, or even outside of a specified group within the organization. Data can be files, emails, or records

Answer 29

Data Loss Prevention (DLP)

Question 30

States of Data Loss:

Answer 30

• In Motion- Data in transit over the network being sent to or from a server, over email, or over FTP needs to be protected.
• In Use- Data at a workstation must be prevented from being transported outside of the organization through methods such as a USB or optical media devices.
• At Rest- Data stored on a server or in a database must be monitored to ensure it is not sent outside of the organization or otherwise compromised.

Question 31

a device or program that monitors network communications and captures data. An equivalent term that is used in the industry is Data Exfiltration.

Answer 31

Packet Sniffer

Question 32

the practice of using deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.

Answer 32

Social Engineering

Question 33

This is a human or software based attack in which the goal is to pretend to be someone else for the purpose of concealing their identity

Answer 33

Spoofing

Question 34

This is a human-based attack in which an attacker pretends to be someone he is not.

Answer 34

Impersonation

Question 35

In this type of attack, the attacker sends an email message that seems to come from a respected bank or other financial institution. The message claims that the recipient needs to provide an account number, Social Security number, or other private information to the sender in order to “verify an account.”

Answer 35

Phishing

Question 36

can be done by redirecting a request for a website, typically an e-commerce site, to a similar-looking, but fake website

Answer 36

Pharming

Question 37

This is a human-based attack for which the goal is to extract personal, financial, or confidential information from the victim by using services such as the telephone system and IP-based voice messaging services such as VoIP as the communication medium.

Answer 37

Vishing

Question 38

This is a form of phishing that targets individuals who are known to be upper-level executives or other high-profile employees. It is also known as Spear Phishing. attacks are well-researched attempts to access sensitive information and often resemble a legal subpoena, customer complaint, or executive issue. The content is meant to be tailored for upper management, and usually involves an alleged company-wide concern.

Answer 38

Whaling

Question 39

is an IM-based attack similar to spam that is propagated through instant messaging instead of through email.

Answer 39

Spim

Question 40

uses malicious code to insert some type of undesired or unauthorized software into a target device. Characteristics include:
They can be used to launch DoS attacks on other systems
Typically, you will see the results in corrupted applications, data files, and system files, unsolicited pop-up advertisements, counterfeit virus scan or software update notifications, or reduced performance or increased network traffic. Any of these could result in malfunctioning applications and operating systems.

Answer 40

Malware Attack

Question 41

A sample of code that spreads from one computer to another by attaching itself to other files.

Answer 41

Virus

Question 42

A piece of code that spreads from one device to another on its own, not by attaching itself to another file

Answer 42

Worm

Question 43

An insidious type of malware that is itself a software attack and can pave the way for a number of other types of attacks. There is a social engineering component because the user has to be fooled into executing it.

Answer 43

Trojan Horse

Question 44

A piece of code that sits dormant on a target device until it is triggered by a specific event, such as a specific date.

Answer 44

Logic Bomb

Question 45

Surreptitiously installed malicious software that is intended to track and report on the usage of a target device, or collect other data the author wishes to obtain

Answer 45

Spyware

Question 46

Software that automatically displays or downloads advertisements when it is used. While not all are malicious, many have been associated with spyware and other types of malicious software.

Answer 46

Adware

Question 47

Code that is intended to take full or partial control of a device at the lowest levels. often attempt to hide themselves from monitoring or detection, and modify low-level system files when integrating themselves into a device. infections install backdoors, spyware, or other malicious code once they have control of the target device.

Answer 47

Rootkit

Question 48

A set of devices that have been infected by a control program called a bot that enables attackers to exploit them and mount attacks. Distributed Denial of Service or DDoS attacks, sending spam email, and mining for personal information or passwords.

Answer 48

Botnet

Question 49

Malicious code that restricts access to a user’s device or the data stored on it until the victim pays the attacker to remove the restriction

Answer 49

Ransomware

Question 50

password attack that automates password guessing by comparing encrypted passwords against a predetermined list of possible password values. are successful against only fairly simple and obvious passwords, because they rely on a dictionary of common words and predictable variations, such as adding a single digit to the end of a word.

Answer 50

Dictionary Attack

Question 51

the attacker uses password-cracking software to attempt every possible alphanumeric password combination. When password guessing, this method is very fast when used on short passwords, but for longer passwords it takes much longer.

Answer 51

Brute Force Attack

Question 52

utilizes multiple attack vectors including dictionary, brute-force, and other attack methodologies when trying to crack a password.

Answer 52

Hybrid password attack

Question 53

a type of software attack in which an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote device

Answer 53

IP Spoofing Attack

Question 54

s a type of network attack in which an attacker attempts to disrupt or disable devices that provide network services, including:
Flooding a network link with data to consume all available bandwidth.
Sending data designed to exploit known flaws in an application.
Sending multiple service requests to consume a device’s resources.
Flooding a user’s email inbox with spam messages so genuine messages bounce back to the sender.

Answer 54

Denial of Service (DoS) attack

Question 55

is a type of DoS attack that uses multiple devices on disparate networks to launch the coordinated attack from many simultaneous sources. The attacker introduces unauthorized software called a Zombie or Drone that directs the devices to launch the attack. A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks that can be used to send spam email or participate in the attack

Answer 55

Distributed Denial of Service (DDos)

Question 56

attack involves sending forged requests of some type to a very large number of devices that will reply to the requests. Using Internet Protocol address spoofing, the source address is set to that of the targeted victim, which means all the replies will go and flood the target.

Answer 56

Reflective DoS

Question 57

attack that involves a new mechanism that increases the amplification effect, using a much larger list of DNS servers than seen earlier. SNMP and NTP can also be exploited as a reflector

Answer 57

DNS Amplification

Question 58

a WIFI attack in which a frame is sent from one station to another, terminating the connection to the wireless access point. The user must then reconnect, allowing the attacker to use tools that allow clear text information including passwords, cloaked AP names and addresses, and data packets to be viewed when the user has to reconnect to the AP.

Answer 58

Deauthentication

Question 59

is an attack that damages a system so badly that it requires replacement or reinstallation of hardware.

Answer 59

Permanent DoS

Question 60

a form of eavesdropping in which the attacker makes an independent connection between two victims (two clients or a client and a server) and relays information between the two victims as if they are directly talking to each other over a closed connection, when in reality the attacker is controlling the information that travels between the two victims.

Answer 60

Man-in-the-middle attack

Question 61

uses special monitoring software to intercept private network communications, either to steal the content of the communication itself or to obtain user names and passwords for future software attacks

Answer 61

Eavesdropping or sniffing attack

Question 62

occurs when an attacker redirects an IP address to the MAC address of a device that is not the intended recipient. Before the attack can begin, the attacker must gain access to the network. Once the attacker has gained access to the network, he or she can poison the Address Resolution Protocol (ARP) cache on the target devices by redirecting selected IP addresses to MAC addresses that the attacker chooses.

Answer 62

ARP cache poisoning

Question 63

attack that exploits DNS vulnerabilities to redirect traffic to spoofed servers or sites instead of the the actual server or site.

Answer 63

DNS Poisoning Attack

Question 64

a method of attack in which an attacking host on a VLAN gains access to traffic on other VLANs that would normally not be accessible

Answer 64

VLAN Hopping

Question 65

attack where an attacking host imitates a trunking switch by speaking the tagging and trunking protocols used in maintaining a VLAN

Answer 65

Switch Spoofing

Question 66

attack where an attacking host connected on a 802.1q interface prepends two VLAN tags to packets that it transmits

Answer 66

Double Tagging