Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ITN100 > Chp. 11 Chapter Questions > Flashcards

Chp. 11 Chapter Questions Flashcards

1
Q

What factors have brought increased emphasis on network security?

A
  • Numerous legal actions involving officers and directors of organizations
  • Pronouncements by government regulatory agencies requiring controls
  • Losses associated with computer frauds are greater on a per incident basis than those not associated with computers
  • Recent highly publicized cases of viruses and criminally instigated acts of penetration
  • Data is a strategic asset
  • The rise of the Internet with opportunities to connect computers anywhere in the world (increased potential vulnerability of the organization’s assets)
  • Highly publicized denial-of-service incidents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Briefly outline the steps required to complete a risk assessment.

A
  1. Develop risk measurement criteria
  2. Inventory IT assets
  3. Identify threats
  4. Document existing controls
  5. Identify improvements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name and describe the main impact areas. Who should be responsible for assessing what is meant by low/medium/high impact for each of the impact areas? Explain your answer.

A
  1. impact areas
  • Financial – revenue and expenses
  • Productivity – business operations
  • Reputation – customer perceptions
  • Safety – health of customers and employees
  • Legal – potential for fines and litigation
  1. Business leaders should make the decisions on the impact of each impact area because these are business decisions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some of the criteria that can be used to rank security risks?

A
  • Most damaging, most dangerous, most risky.
  • Most sensitive, most critical to organization, most likely to cause political problems
  • Most costly to recover, most difficult to recover, most time consuming to recover
  • Greatest delay, most likely to occur
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the most common security threats? What are the most critical? Why?

A
  • Some of the more common security threats:
    • viruses,
    • theft of equipment,
    • theft of information,
    • device failure,
    • natural disaster,
    • sabotage,
    • denial of services.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain the purpose of threat scenarios. What are the steps in preparing threat scenarios?

A
  1. Threat scenarios describe how an asset can be compromised by one specific threat. An asset can be compromised by more than one threat, so it is common to have more than one threat scenario for each asset.
  2. steps:
    • name the asset
    • describe the threat
    • explain the consequence (violation of confidentiality, integrity or availability)
    • estimate the likelihood of this threat happening (high, medium, low)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of the risk score and how is it calculated?

A
  1. Risk scores are used to compare the risk scores among all the different threat scenarios to help us identify the most important risks we face.
  2. It is calculated by multiplying the impact score by the likelihood (using 1 for low likelihood, 2 for medium likelihood, and 3 for high likelihood).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In which step of the risk assessment should existing controls be documented?

A

Documenting existing controls is the fourth step in the process, between identifying threats and identifying improvements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the four possible risk control strategies? How do we pick which one to use?

A
  1. The risk control strategies are to:
    * accept the risk, mitigate it, share it, or defer it.
  2. Selection of a strategy depends on things such as the impact (positive or negative) of the risk, the likelihood of the event occurring, and the cost.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why is it important to identify improvements that are needed to mitigate risks?

A

risks are always changing and responses (including technologies) are changing as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the purpose of a disaster recovery plan? What are the major elements of a typical disaster recovery plan?

A
  1. A disaster recovery plan should address various levels of response to a number of possible disasters and should provide for partial or complete recovery of all data, application software, network components, and physical facilities.
  2. backup and recovery controls that enable the organization to recover its data and restart its application software should some portion of the network fail.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a computer virus? What is a worm?

A
  1. A computer virus is an executable computer program that propagates itself (multiplies), uses a carrier (another computer program), may modify itself during replication, is intended to create some unwanted event.
  2. A worm is a special type of virus that spreads itself without human intervention. Worms spread when they install themselves on a computer and then send copies of themselves to other computers, sometimes by e-mail, sometimes via security holes in software.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Explain how a denial-of-service attack works.

A
  • A DOS attacks works by an attacker attempting to disrupt the network by flooding it with messages so that the network cannot process messages from normal users.
  • The simplest approach is to flood a Web server, mail server, and so on, with incoming messages. The server attempts to respond to these, but there are so many messages that it cannot.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does a denial-of-service attack differ from a distributed denial-of-service attack?

A
  • While the source of a denial-of-service (DoS) attack could be a single computer, a distributed denial-of-service (DDoS) attack could involve hundreds of computers on the Internet simultaneously sending messages to a target site.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Online backup allows you to back up data to a server across the Internet.

What is a disaster recovery firm? When and why would you establish a contract with them?

A
  1. Disaster recovery firms provide second level support for major disasters.
  2. Building a network that has sufficient capacity to quickly recover from a major disaster such as the loss of an entire data center is beyond the resources of most firms.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is online backup?

A
  • Online backup allows you to back up data to a server across the Internet.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

People who attempt intrusion can be classified into four different categories. Describe them.

A
  • four types:
  1. are casual computer users
  2. experts in security
  3. professional hackers who break into corporate or government computer for specific purposes
  4. organization employees who have legitimate access to the network, but who gain access to information they are not authorized to use.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

There are many components in a typical security policy. Describe three important components.

A
  • The name of the decision-making manager who is in charge of security.
  • An incident reporting system and a rapid response team that to respond to security breaches in progress.
  • A plan to routinely test and update all security controls that includes monitoring of popular press and vendor reports of security holes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the three major aspects of intrusion prevention (not counting the security policy)?

A
  1. securing the network perimeter,
  2. securing the interior of the network,
  3. authenticating users.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How do you secure the network perimeter?

A
  • There are three basic access points into most organizational networks: from LANs, the Internet, and WLANs.
  • One important element of preventing unauthorized users from accessing an internal LAN is through physical security.
    • A firewall is commonly used to secure an organization’s Internet connection.
    • NAT is a common security measure that can be used as well.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is physical security and why is it important?

A
  1. Physical security refers to policies and procedures that are designed to prevent outsiders from gaining access to the organization’s offices, server room, or network equipment facilities.
  2. only authorized personnel can enter closed areas where servers and network equipment are located or access the network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is eavesdropping in a computer security sense?

A
  • Eavesdropping refers to the process of unauthorized tapping into a computer network through local cables that are not secured behind walls or in some other manner.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a sniffer?

A
  • A sniffer program records all messages received for later (unauthorized) analysis.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A firewall is a router, gateway, or special purpose computer that examines packets flowing into and out of a network and restricts access to the organization’s network

How do you secure dial-in access?

A
  • strategies:
    • changing the modem telephone numbers periodically,
    • keeping the telephone numbers confidential,
    • requiring the use of computers that have an electronic identification chip for all dial-up ports.
    • use a call-back modem
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a firewall?

A
  • A firewall is a router, gateway, or special purpose computer that examines packets flowing into and out of a network and restricts access to the organization’s network
26
Q

How do the different types of firewalls work?

A
  • A packet-level firewall examines the source and destination address of every network packet that passes through it.
  • An application level firewall acts as an intermediate host computer between the Internet and the rest of the organization’s networks.
  • The NAT firewall uses an address table to translate the private IP addresses used inside the organization into proxy IP addresses used on the Internet
27
Q

What is IP spoofing?

A
  • IP spoofing means to fool the target computer (and any intervening firewall) into believing that messages from the intruder’s computer are actually coming from an authorized user inside the organization’s network
  • The goal of an intruder using IP spoofing is to send packets to a target computer requesting certain privileges be granted to some user (e.g., setting up a new account for the intruder or changing access permission or password for an existing account).
28
Q

What is a NAT firewall and how does it work?

A
  1. The NAT firewall (sometimes referred to as a proxy server) uses an address table to translate the private IP addresses used inside the organization into proxy IP addresses used on the Internet.
  2. The NAT firewall receives the incoming message, and after ensuring the packet should be permitted inside, changes the destination IP address to the private IP address of the internal computer and changes the TCP port id to the correct port id before transmitting it on the internal network.
29
Q

What is a security hole and how do you fix it?

A
  1. Many commonly used operating system have major security problems (called security holes) well known to potential intruders; UNIX systems are among the worst
  2. patches
30
Q

Explain how a Trojan horse works.

A
  • Trojans are remote access management consoles that enable users to access a computer and manage it from afar.
  • Trojans are often concealed in other software that unsuspecting users download over the Internet.
31
Q

Compare and contrast symmetric and asymmetric encryption.

A
  1. A symmetric (or single key) encryption algorithm is one in which the key used to encrypt a message is the same as the one used to decrypt it. The key must be kept secret, leading to a need for key management.
  2. An asymmetric algorithm is one in which the key used to decrypt a message is different from the one used to encrypt it. Public key encryption is the most common for asymmetric encryption. , there are two keys.
32
Q

Describe how symmetric encryption and decryption works.

A
  • Encryption is the process of disguising information into ciphertext, whereas decryption is the process of restoring it to readable form (plaintext).
  • An encryption system has two parts: the algorithm itself and the key, which personalizes the algorithm by making the transformation of data unique.
33
Q

What is key management?

A
  • Key management is concerned with dispersing and storing keys carefully.
  • Managing this system of keys can be challenging, especially with symmetric algorithms.
34
Q

How does DES differ from 3DES? From RC4? From AES?

A

DES uses a 56-bit key while 3DES uses a 168-bit key (3 x 56).

RC4 uses keys from 40 to 256 bits in length.

AES uses the Rijndael algorithm and has key sizes of 128, 192, and 256 bits.

35
Q

Compare and contrast DES and public key encryption.

A
  • DES is a symmetric algorithm, which means that the key used to decrypt a particular bit stream is the same as the one used to encrypt it.
  • Public key encryption is inherently different from secret key systems like DES. because it is asymmetric; there are two keys. One key (called the public key) is used to encrypt the message and a second, very different private key is used to decrypt the message.
36
Q

What is key escrow?

A
  • With key escrow, any organization using encryption must register its keys with the government.
  • This enables the government, after receiving a legally authorized search warrant, to decrypt and read any messages sent by that organization
37
Q

Explain how authentication works.

A
  • Public key encryption permits authentication (or digital signatures).
  • When one user sends a message to another, it is difficult to legally prove who actually sent the message.
  • Thus a digital signature or authentication sequence is used as a legal signature on many financial transactions.
38
Q

What is PKI and why is it important?

A
  1. PKI stands for Public Key Infrastructure.
  2. PKI refers to the encryption infrastructure that has developed around the most popular form of asymmetric encryption (also called public key encryption) called RSA.
39
Q

What is a certificate authority?

A
  • A certificate authority (CA) is a trusted organization that can vouch for the authenticity of the person or organization using authentication (e.g., VeriSign)
40
Q

How does PGP differ from SSL?

A
  • Pretty Good Privacy (PGP) is freeware public key encryption package developed by Philip Zimmermann that is often used to encrypt e-mail
  • Secure Sockets Layer (SSL) operates between the application layer software and the transport layer. SSL encrypts outbound packets coming out of the application layer before they reach the transport layer and decrypts inbound packets coming out of the transport layer before they reach the application layer.
41
Q

How does SSL differ from IPSec?

A
  • SSL differs from IPSec in that SSL is focused on Web applications,
  • IPSec can be used with a much wider variety of application layer protocols.
42
Q

Compare and contrast IPSec tunnel mode and IPSec transfer mode.

A
  • IPSec transport mode provides only encryption of the message payload, while tunnel mode additionally encrypts the final destination by encrypting the entire IP packet.
43
Q

What are the three major ways of authenticating users?

A
  • The three major ways to authenticate users:
    • is to base account access on something you know (ex: passwords),
    • something you have (smart card),
    • something you are (eyeball, finger print)
44
Q

What are the different types of one-time passwords and how do they work?

A
  • one-time password users
  • token system (device is used)
  • time based tokens (device with time limit)
45
Q

Explain how a biometric system can improve security.

A
  1. scan the user to ensure that user is the sole individual authorized to access the network account.
46
Q

Why is the management of user profiles an important aspect of a security policy?

A
  • Each user’s profile specifies what data and network resources he or she can access, and the type of access allowed (read only, write, create, delete).
47
Q

How does network authentication work and why is it useful?

A
  • Instead of logging into a file server or application server, network authentication requires that users login to an authentication server. This server checks the user id and password against its database and if the user is an authorized user, issues a certificate.
  • the user no longer needs to enter his or her password for each new service or resource he or she uses.
  • This also ensures that the user does not accidentally give out his or her password to an unauthorized service
48
Q

What is social engineering? Why does it work so well?

A
  1. Social engineering refers to breaking security simply by asking
  2. A skilled social engineer is like a good con artist, he can manipulate people.
49
Q

What techniques can be used to reduce the chance that social engineering will be successful?

A
  • Acting out social engineering skits in front of users often works very well; when a group of employees sees how they can be manipulated into giving out private information
50
Q

What is an intrusion prevention system?

A
  • intrusion prevention systems (IPSs) can be used to monitor networks, circuits, and particular applications and report detected intrusions.
51
Q

Compare and contrast a network-based IPS, a host-based IPS, and an application-based IPS.

A
  • The network-based IPS monitors key network circuits through IPS sensors that are placed on the key circuits to monitors all network packets on that circuit.
  • The host-based IPS monitors a server and incoming circuits. It is installed on the server that it is monitoring.
  • An application-based IPS is a specialized host-based IPS that monitors one application on its server such as a Web server.
52
Q

How does IPS anomaly detection differ from misuse detection?

A
  • Anomaly detection looks for extreme changes in certain kinds of behavior while misuse detection guards against a repeat of prior intrusions.
53
Q

What is computer forensics?

A
  • Computer forensics is the use of computer analysis techniques to gather evidence for criminal and/or civil
54
Q

What is a honey pot?

A
  • A honey pot is a server that contains highly interesting fake information available only through illegal intrusion to “bait” or “entrap” hacker
55
Q

What is desktop management?

A
  • Desktop management refers to security measures at the individual client level.
  • may include:
    • think clients (no hard drives)
    • centralized desktop management where users cant access certain settings on computers
56
Q

A few security consultants have said that broadband and wireless technologies are their best friends. Explain.

A
  • Anyone with physical access to the circuit can monitor the composite signal and, as in the case of wireless transmission, eavesdrop.
57
Q

Most hackers start their careers breaking into computer systems as teenagers. What can we as a community of computer professionals do to reduce the temptation to become a hacker?

A
  • Computer professionals can reduce the temptation to become a hacker by increasing the costs involved in the activity.
58
Q

Some experts argue that CERT’s posting of security holes on its Web site causes more security break-ins than it prevents and should be stopped. What are the pros and cons on both sides of this argument? Do you think CERT should continue to post security holes?

A
  1. it is necessary to help conscientious security operations reduce ris
  2. The CERT postings reduce the time it takes for potential victims to identify new security hole threats and respond to them, t
59
Q

What is one of the major risks of downloading unauthorized copies of music files from the Internet (aside from the risk of jail, fines, and lawsuits)?

A
  • One of the major risks of downloading files of this nature is the potential to introduce a Trojan Horse into the network.
60
Q

Although it is important to protect all servers, some servers are more important than others. What server(s) are the most important to protect and why?

A
  • To answer this question, return to the risk assessment process and ask which server loss will cause the greatest damage to the organization

ITN100 (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions