CSCI 427 Exam 1 Flashcards by Jennifer Lauriello

What are the three principles that form the Security Triad?

confidentiality, integrity, availability

How well did you know this?

Not at all

Perfectly

What is confidentiality mean in the context of security?

data is only available to authorized users

How well did you know this?

Not at all

Perfectly

What does integrity mean in the context of security?

the data has not been altered between the person who originated it and the receiver

How well did you know this?

Not at all

Perfectly

What does availability mean in the context of security?

data and systems being available when needed without interruption

How well did you know this?

Not at all

Perfectly

What is the difference between authentication and authorization?

authentication: procedures to identify users are who they claim to be (the account itself)
authorization: permissions to control user access to data (permissions assigned to that particular account)

How well did you know this?

Not at all

Perfectly

? is the ability of a system to track the actions of users.

accountability

How well did you know this?

Not at all

Perfectly

When implemented correctly, ? provides nonrepudiation

accountability

How well did you know this?

Not at all

Perfectly

Pentesters should always have ? before starting a pentest

permission/contract

How well did you know this?

Not at all

Perfectly

List three questions pentesters should always ask clients prior to performing a penetration test

(1) Why do they want/need a pentest? (2) What are the rules of engagement? (3) What are the client’s expectations at the end of the test?

How well did you know this?

Not at all

Perfectly

Who was John Nevil Maskelyne, and why is he noteworthy in the context of hacking?

credited for the first known form of electronic “hacking” – disrupting a wireless telegraph (hacked the radio signal to prove insecure by turning the dial to the right frequency and overpowering the signal)

How well did you know this?

Not at all

Perfectly

Section 1030 of the Computer Fraud and Abuse Act defines a “protected computer” as any computer taking part in interstate and/or foreign commerce and/or communication. Why is this definition considered broad and applicable to almost any computer?

It sweeps up every modern computer because all are used for email, online shopping, etc.

How well did you know this?

Not at all

Perfectly

What is a Layer 2 (Ethernet) device that is outmoded and should never be used?

hubs

How well did you know this?

Not at all

Perfectly

How does a switch differ from a hub?

only send signals to their intended recipients (hubs forward signals to all connected devices)

How well did you know this?

Not at all

Perfectly

What is a Layer 3 (Network) device that connects networks?

router

How well did you know this?

Not at all

Perfectly

? is a critical network device that restricts traffic between networks and typically sits between a router and the Internet

firewall

How well did you know this?

Not at all

Perfectly

? are placed close to network choke points and monitor for malicious network traffic

Intrusion Detection Systems (IDS)

How well did you know this?

Not at all

Perfectly

List the 7 layers of the OSI Model

(in order 7 to 1): Application, Presentation, Session, Transport, Network, Data Link, Physical

How well did you know this?

Not at all

Perfectly

TCP takes place at which OSI layer?

transport (L4)

How well did you know this?

Not at all

Perfectly

Ethernet takes place at which OSI layer?

data link (L2)

How well did you know this?

Not at all

Perfectly

List the steps of the TCP three-way handshake

client sends a SYN data packet to a server to see if the server is open for new connections
the server responds and returns a SYN/ACK packet to confirm
the client receives the SYN/ACK from the server and responds with an ACK packet
the connection is created and the client and server can now communicate

How well did you know this?

Not at all

Perfectly

Which header includes IP addresses?

IP header format

How well did you know this?

Not at all

Perfectly

Which header can include SYN flags?

TCP segment header

How well did you know this?

Not at all

Perfectly

Which header includes MAC addresses?

Ethernet segment header

How well did you know this?

Not at all

Perfectly

List 3 common network device vulnerabilities.

enabled telnet, default passwords, out of date firmware

How well did you know this?

Not at all

Perfectly

SYN flag

initiates a connection between two hosts

ACK flag

acknowledges the receipt of a SYN and data packets after a connection is established

FIN flag

tells the remote system that no more data will be sent, gracefully closing a connection

Encryption primarily accomplishes ? in the Security Triad.

confidentiality

Digital signatures provide nonrepudiation because

only the public key can decrypt anything that’s been encrypted with the private key; cryptography allows authentication to positively identify data as coming from its creator

Nonrepudiation is

positive, undeniable evidence of a source

A cipher is

the algorithm used for encrypting plain text into cipher text (encryption algorithm)

What is the difference between symmetric and asymmetric cryptography?

symmetric uses a single key to both encrypt and decrypt asymmetric uses a key pair system – a public (internet) key and a private (you/server only) key

Which of the following symmetric algorithms is still considered secure? RC4, DES, AES- 256

AES-256

What are the two drawbacks (weaknesses) to using symmetric cryptography?

1. no nonrepudiation features because you only have one key | 2. key management (how do both parties get the same key securely?)

What are the six steps of the TLS handshake?

1. Client sends “hello” to the server, which includes the encryption algorithms the client supports 2. Server responds with “hello” that includes the encryption algorithm the server will accept and also includes the server’s certification which contains he public key 3. Client uses agreed upon encryption algorithm to generate a session key, which is then encrypted with the public key 4. Client sends the encrypted session key and a “client finished” message to the server 5. Server uses private key to decrypt the session key and responds with a “server finished” message 6. Secure symmetrically encrypted transmissions now take place using the session key

What do certificate authorities do?

create & bind together private and public keys and issue them to clients

Define hashing

a one-way encryption algorithm that in theory cannot be reversed

The five steps of the RSA algorithm

1. Generate two large primes, p and q, such that their product is the required bit length. 2. n = p*q 3. phi(n) = (p-1)(q-1) 4. Select e such that 1 < e < phi(n) AND the GCD of e and phi(n) = 1 5. Compute d, where 1 < d < phi(n), such that d*e(mod phi(n)) = 1

What two values constitute the RSA public key?

(e, n)

What two values constitute the RSA private key?

(d, n)

RSA encryption algorithm

t^e (mod n) = c

RSA decryption algorithm

c^d (mod n) = t

Why have the majority of mobile devices moved to elliptic curve cryptography?

less cpu cycles are required compared to RSA (computationally efficient)

In ECC, what is P?

random generator point (starts encryption process)

In ECC, what is T?

public key; some other point on the curve derived after a number of group operations

In ECC, what is d?

private key; number of group operations to arrive at T

What is the difference between a port scan and a vulnerability scan?

open ports vs vulnerable services running on those ports

What is the phase of penetration testing where you build a picture of the target’s security posture?

footprinting

What is the phase of penetration testing where information gathered during footprinting is built upon by finding open ports, locating more hosts, and revealing host vulnerabilities?

scanning

? is a full-featured data mining tool included in Kali.

Maltego

whois

finds domain name and name server ownership

nslookup

queries DNS servers for IP addresses

traceroute

how many routers b/w you and target

perform an aggressive scan

nmap -A

perform a ping scan only

nmap -sP

operating system detection

nmap -O

service version detection

nmap -sV

Know the hping3 command to perform a DoS attack while obfuscating your IP.

hping3 -S –flood –rand-source [ip of target]

A ? connection creates a listening socket on the target and requires the attacker to use an open port on the organization’s firewall.

forward bind

List 3 of the most common system vulnerabilities.

memory, input validation, privilege escalation

What is RHOST?

target IP

What is LHOST?

attacker IP

What is an exploit?

code that takes advantage of a vulnerability

What is a payload?

code delivered via exploit that creates a connection to attacker

What is the command to start the database Metasploit uses?

service postgresql start

What is the command to initialize the database Metasploit uses?

msfdb init

Why is it forensically difficult to determine if a computer has been compromised by Metasploit?

runs in RAM

What is the command to search for exploits in Metasploit?

How do you know if a payload creates a forward or reverse connection?

forward has bind in title, reverse is in the /reverse directory

What is the command to view options for exploits and payloads?

show options

What is the command to set options?

set

What is the command to use an exploit?

use

What is the command to run an exploit?

exploit or run

IP goes with Layer

3 (network)

MAC goes with Layer

2 (data link)

Know the option and syntax to perform an nmap scan against a given target and range of ports.

nmap -p50-100 [target]

What is Armitage?

gui interface for metasploit

A ? connection creates a listener on the attacker’s computer and requires waiting for the target to connect to the attacker, thus bypassing inbound firewall rules at the organization

reverse