CIS 473 Final Question Set 3 Flashcards

1
Q

What does Pretty Good Privacy (PGP) do ?

A

-Provides a confidentiality and authentication service that can be used for electronic mail and file storage applications

Selected the best available cryptographic algorithms as building blocks

  • Integrated these algorithms into a general-purpose application that is independent of operating system and processor and that is based on a small set of easy-to-use commands
  • Made the package and its documentation, including the source code, freely available via the Internet, bulletin boards, and commercial networks
  • Entered into an agreement with a company to provide a fully compatible, low-cost commercial version of PGP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Secure/Multipurpose Internet Mail Extension (S/MIME) ?

A

Secure/Multipurpose Internet Mail Extension (S/MIME) is a security enhancement to the MIME Internet e-mail format standard based on technology from RSA Data Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the traditional e-mail format standard ?

A

RFC 822

Note: To understand S/MIME, we need first to have a general understanding of the underlying e-mail format that it uses, namely MIME. But to understand the significance of MIME, we need to go back to the traditional e-mail format standard, RFC 822, which is still in common use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is RFC 5322 ?

A
  • Defines a format for text messages that are sent using electronic mail
  • Messages are viewed as having an envelope and contents
  • The envelope contains whatever information is needed to accomplish transmission and delivery
  • The contents compose the object to be delivered to the recipient
  • RFC 5322 standard applies only to the contents
  • The content standard includes a set of header fields that may be used by the mail system to create the envelope
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Multipurpose Internet Mail Extensions (MIME) ?

A
  • An extension to the RFC 5322 framework that is intended to address some of the problems and limitations of the use of Simple Mail Transfer Protocol (SMTP)
  • Is intended to resolve these problems in a manner that is compatible with existing RFC 5322 implementations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can an MIME be secured ?

A

S/MIME secures a MIME entity with a signature, encryption or both.

  • The MIME entity is prepared according to the normal rules for MIME message preparation
  • The MIME entity plus some security-related data, such as algorithm identifiers and certificates, are processed by S/MIME to produce what is known as a PKCS object
  • A PKCS object is then treated as message content and wrapped in MIME
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What do IPsec provide ?

A

provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the exmaples in make use of IPsec ?

A
  • Secure branch office connectivity over the Internet
  • Secure remote access over the Internet
  • Establishing extranet and intranet connectivity with partners
  • Enhancing electronic commerce security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In IP security chapter, what are the fucntions of Transport Modes?

A

  • Provides protection primarily for upper-layer protocols•Examples include a TCP or UDP segment or an ICMP packet
  • Typically used for end-to-end communication between two hosts
  • ESP in transport mode encrypts and optionally authenticates the IP payload but not the IP header
  • AH in transport mode authenticates the IP payload and selected portions of the IP header
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In IP Security chapter, What are the fuctions of Tunnel Mode ?

A
  • Provides protection to the entire IP packet
  • Used when one or both ends of a security association (SA) are a security gateway
  • A number of hosts on networks behind firewalls may engage in secure communications without implementing IPsec
  • ESP in tunnel mode encrypts and optionally authenticates the entire inner IP packet, including the inner IP header
  • AH in tunnel mode authenticates the entire inner IP packet and selected portions of the outer IP header
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are three classes of Intruders ?

A
  1. Masquerader
  2. Misfeasor
  3. Clandestine user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Masquerader ?

A

•An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Misfeasor ?

A

•A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Clandestine user ?

A

•An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are Intrusion Detection Systems (IDSs) and Intrusion prevention Systems (IPSs) ?

A
  • are designed to counter hacker threats
  • In addition to using such systems, organizations can consider restricting remote logons to specific IP addresses and/or use virtual private network technology
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does CERTs stand for ?

A
  • Computer emergency response teams
  • These cooperative ventures collect information about system vulnerabilities and disseminate it to systems managers
  • Hackers also routinely read CERT reports
  • It is important for system administrators to quickly insert all software patches to discovered vulnerabilities
17
Q

What are Intrusion Techniques ?

A
  • Objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system
  • Most initial attacks use system or software vulnerabilities that allow a user to execute code that opens a backdoor into the system
18
Q

What are the Honeypots ?

What is it designed for?

A

•Decoy systems that are designed to lure a potential attacker away from critical systems

Designed for:

  1. divert an attacker from accessing critical systems
  2. collect information about the attacker’s activity
  3. encourage the attacker to stay on the system long enough for administrators to respond
19
Q

What is Base-Rate Fallacy ?

A

•To be of practical use, an intrusion detection system should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level

20
Q

What happen if Honeypot deploy outside the firewall ?

A

A honeypot outside the external firewall (location 1 ) is useful for tracking attempts to connect to unused IP addresses within the scope of the network. A honeypot at this location does not increase the risk for the internal network. The danger of having a compromised system behind the firewall is avoided. Further, because the honeypot attracts many potential attacks, it reduces the alerts issued by the firewall and by internal IDS sensors, easing the management burden. The disadvantage of an external honeypot is that it has little or no ability to trap internal attackers, especially if the external firewall filters traffic in both directions

21
Q

What happen if Honeypot deploy near Servic Network ?

A

The network of externally available services, such as Web and mail, often called the DMZ (demilitarized zone), is another candidate for locating a honeypot (location 2 ). The security administrator must assure that the other systems in the DMZ are secure against any activity generated by the honeypot. A disadvantage of this location is that a typical DMZ is not fully accessible, and the firewall typically blocks traffic to the DMZ that attempts to access unneeded services. Thus, the firewall either has to open up the traffic beyond what is permissible, which is risky, or limit the effectiveness of the honeypot

22
Q

What happen if Honey is deployed ar Internal Network ?

A

A fully internal honeypot (location 3 ) has several advantages. Its most important advantage is that it can catch internal attacks. A honeypot at this location canalso detect a misconfigured firewall that forwards impermissible traffic from the Internet to the internal network. There are several disadvantages. The most serious of these is if the honeypot is compromised so that it can attack other internal systems. Any further traffic from the Internet to the attacker is not blocked by the firewall because it is regarded as traffic to the honeypot only. Another difficulty for this honeypot location is that, as with location 2, the firewall must adjust its filtering to allow traffic to the honeypot, thus complicating firewall configuration and potentially compromising the internal network.

23
Q

What are Firewall Characteristics ?

A

•Design goals for a firewall:

  • All traffic from inside to outside, and vice versa, must pass through the firewall
  • Only authorized traffic, as defined by the local security policy, will be allowed to pass
  • The firewall itself is immune to penetration
24
Q

What are the techniques that Firewall use ?

A
  • Service Control: Determine the types of Internet services that can be accessed, inbound or outbound
  • Direction control: Determine the direction in which particular service requests may ne intiated and allowed to flow through the firewall
  • User Control: Controls access to a service according to which user is attempting to access it
  • Behavior control: Controls how particular sevices are used
25
Q

What is a packet filtering ?

A

A packet filtering firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet. The firewall is typically configured to filter packets going in both directions (from and to the internal network)

26
Q

What is the strengths of Packet Filering Firewalls ?

A
  • Its simplicity
  • Transparent to users and are very fast
27
Q

What is the weakness of Packet Filtering Firewalls ?

A
  • Because packet filter firewalls do not examine upper-layer data, they cannot prevent attacks that employ application-specific vulnerabilities or functions
  • Because of the limited information available to the firewall, the logging functionality present in packet filter firewalls is limited
  • Most packet filter firewalls do not support advanced user authentication schemes
  • Packet filter firewalls are generally vulnerable to attacks and exploits that take advantage of problems within the TCP/IP specification and protocol stack
  • Due to the small number of variables used in access control decisions, packet filter firewalls are susceptible to security breaches caused by improper configurations
28
Q

What is Bastion Host ?

A

is a system identified by the firewall administrator as a critical strong point in the network’s security. Typically, the bastion host serves as a platform for an application-level or circuit-level gateway

29
Q

What is Host-Based Firewall ?

A

firewall is a software module used to secure an individual host. Suchmodules are available in many operating systems or can be provided as an add-on package. Like conventional stand-alone firewalls, host-resident firewalls filter and restrict the flow of packets. A common location for such firewalls is a server.

30
Q

How many Firewall is need for a proper protection?

A

2

31
Q

What is Virus ?

A

Malware that, when executed, tries to replicate itself into other executable code; when it succeeds the code is said to be infected. When the infected code is executed, the virus also executes.

32
Q

What is Worm ?

A

A computer program that can run independently and can propagate a complete working version of itself onto other hosts on a network.

33
Q

What is Trojan Horse ?

A

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanism, somtimes by exploiting legitimate authorizations of system entity that invokes the Trojan horse program,

34
Q

What is Mobile Code ?

A

Software (e.g script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.

35
Q

What is Rootkit ?

A

Set of hacker tools used after attacker has broken into the computer system and gained root-level access.

36
Q

What is Zombie, bot ?

A

Program activated on an infected machine that is activated to launch attacks on other machines.

37
Q

Keylogger

A

Captures keystrokes on a compromised systems

38
Q

What are the four Virus phrases ?

A

Dormant Phase

  • This virus is idle
  • Will eventually be activated by some event
  • Not all viruses have this stage

Propagation Phase

  • This virus places a copy of itself onto other programs or into certain system area on the disk

Triggering Phase

  • The virus is activated to perform the function for which it was intended.

Execution Phase

  • The function is performed