CSF

Question 1

What is Information Assurance?

Cybersecurity has replaced the term IA

Answer 1

Information Assurance (IA) is defined by the techniques and methods we use to protect and defend automated information and information systems through risk management techniques in order to provide reasonable stratums of availability, integrity, authentication, confidentiality, and non-repudiation.

Question 2

What is the Army Information Assurance Program? (AIAP)

Answer 2

The Army Information Assurance Program (AIAP) is a unified approach to protect unclassified, sensitive, or classified information stored, processed, accessed, or transmitted by Army ISs, and is established to consolidate and focus Army efforts in securing that information, including its associated systems and resources, to increase the level of trust of this information and the originating source. The AIAP will secure Army ISs through IA requirements, and does not extend access privileges to Special Access Programs (SAPs), classified, or compartmentalized data; neither does it circumvent need-to-know requirements of the data or information transmitted.

Question 3

What are the three focus elements of Defense in Depth? (DiD)

Answer 3

The elements of the Defense in Depth (DiD) strategy focus on three areas: people, operations, and defense of the environment (the latter of which encompasses the computing environment, networks, the enclave boundaries, and supporting infrastructure).

Question 4

What is a Threat?

Answer 4

Threats are any potential violation of security. a threat is the capabilities, intentions, and attack methods of adversaries to exploit, damage, or alter information or an information system.

Question 5

(Threat Methods) Masquerading, forging or spoofing

Answer 5

In order to gain an illegitimate advantage, such as the ability to by-passing an access control list (ACL) or to maliciously redirect network traffic, a person or application may masquerade as another. This is done by falsifying data. Common types of these attacks include: IP spoofing, E-mail spoofing, website spoofing, and MAC spoofing.

Question 6

(Threat Methods) Playback or replay

Answer 6

form of network attack where a valid transmission, often including authentication data, is fraudulently replayed by an attacker with the hopes of authenticating to a system by using the legitimate user’s credentials.

Question 7

(Threat Methods) Bypassing security controls

Answer 7

Normal security controls include basic user authentication to complex firewalls on the network. Identification can be faked and a firewall may be bypassed. Backdoors, Trojan-horses, and even rootkits are often used to bypass security controls.

Question 8

(Threat Methods) Authorization violations or misuse of authority

Answer 8

Insiders are a major area of concern to network security. According to the 2008 Computer Crime & Security Survey “insider abuse of networks was the second-most frequently occurring (incident), at 44 percent.”

Question 9

(Threat Methods) Eavesdropping

Answer 9

Eavesdropping can occur on a network, telephone, or even within a social gathering. An unauthorized sniffer running on a network can eavesdrop and gather data. Telephone bugs have been used for years to eavesdrop on conversations. People gained valuable information by listening to conversations while in social gatherings

Question 10

(Threat Methods) Network Attacks

Answer 10

The main intent of many network attacks is to cause a Denial of Service (DoS). Common DoS attacks include: SYN floods, ICMP floods, smurf attacks, teardrop attacks, and the land attack.

Question 11

(Threat Methods) Traffic analysis / network scanning

Answer 11

“Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic.”

Question 12

(Threat Methods) War dialing

Answer 12

War dialing is a specialized technique which utilizes a modem to detect potential access points into a network, usually a computer or fax machine, from a predetermined list of phone numbers. The Wardialer makes calls to these numbers making note of any that are answered by a modem or fax machine. These listed modems and fax machines provide the hacker with the possibility of bypassing the firewall in an attempt to accessing the network.

Question 13

(Threat Methods) War driving

Answer 13

War driving is the process of searching for wireless local area networks by driving through an area with a portable computer or similar device. By conducting war driving, a user may be able to gain unauthorized access to a network. The reasons for gaining this access may be malicious from a platform for launching attacks to simply gaining access to the internet free of charge.

Question 14

(Threat Methods) Malware (aka Malicious code)

Answer 14

“Malware is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it’s a virus, spyware, et al.” As such, malware can take many different forms: viruses, worms, rootkits, trojan-horses, spyware, and certain types of adware. Generally malware is designed to corrupt, alter, destroy, distribute information or cause disruption of the network or system.

Question 15

(Threat Methods) Backdoors

Answer 15

A backdoor is a means or method to covertly bypass normal authentication in order to establish remote access to a system. A backdoor can be a specialized program, such as Back Orifice, or the unauthorized modification of a legitimate program. A recent example includes the Sony rootkit backdoor in late 2005, which installed itself on a windows system when a Sony music CD was played.

Question 16

(Threat Methods) Media scavenging

Answer 16

Media scavenging describes the process of trying to obtain or in some cases recover sensitive information from floppy disks, thumb-drives, CD-Roms, hard drives or tapes that have often been erased or discarded. All too often these “erased” or “destroyed” types of media still contain data that can be beneficial to unauthorized personnel.

Question 17

(Threat Methods) Dumpster diving

Answer 17

Dumpster diving is the process of sifting through trash to obtain information. Sources of information include: old passwords, system architecture, network diagrams, employee lists containing name and numbers, and discarded manuals.

Question 18

(Threat Methods) Social engineering

Answer 18

Social engineering is another method used to gain unauthorized access to a network. Social engineering exploits people into revealing sensitive information or to carry out specific actions. Social engineering can be a very effective tool as it relies upon human weaknesses and frailties. Humans are prime targets for information gathering, so much so that humans are commonly referred to as the weakest link in computer security. Kevin Mitnick, one of the most infamous of all hackers, routinely relied upon this method.

Question 19

(Threat Methods) Phishing

Answer 19

“Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.” Two common email messages are: “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.” “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

Question 20

(Threat Methods) Pharming

Answer 20

Pharming is an attack that redirects traffic from one website to another, usually owned by a hacker. This can be done either by changing the hosts file on the target system or by changing the entries in DNS (DNS Attack). Antivirus and spyware detection software cannot detect or protect against pharming.

Question 21

What are the 3 phases of Hacking?

Answer 21

foot-printing, scanning and enumeration

Question 22

What is Foot-printing

Answer 22

Foot-printing, also referred to as reconnaissance, is the phase where the attacker will create a profile of the target by gathering specific information about the target.

Question 23

What is Scanning?

Answer 23

Scanning is the second pre-hacking phase, which may also be known as probing. The attacker now begins to probe the perimeter of the target for potential weaknesses. Tools used during this phase include Ping Sweeps, Port Scans and Automated Discovery Tools.

Question 24

What is Enumeration

Answer 24

Enumeration is the pre-phase that is risky to the attacker. Active connections are now being made to the target system as the attacker gains a toehold into the system. Information gathered by enumeration can be grouped as:
•Network Resources and Shares
•Users and Groups
•Applications and Banners

Question 25

What is a Vulnerability?

Answer 25

Any flaw that may be exploited.

Question 26

What is the CIA triad

Answer 26

confidentiality, integrity, availability

Question 27

(CIA Triad) What is confidentiality?

Answer 27

The means by which you may give or reveal information to those persons who are authorized.

Question 28

(CIA Triad) What is integrity?

Answer 28

Verifying the trustworthiness of the information, checking for unauthorized modifications. Ensuring what you asked for is what you got and has not been tampered with.

Question 29

(CIA Triad) What is availability?

Answer 29

Ensuring resources are made available to authorized users on a timely basis.

Question 30

What is authentication?

Answer 30

Authentication is the means of proving a person is whom they claim to be. Authentication is based on either:

1. Something you know
2. Something you have
3. Something you are

Question 31

What is Defense in Depth?

Answer 31

The Defense in Depth approach stretches the enemy’s start and completion time, making it more difficult to compromise a system by adding varied and overlapping safeguards in a linear fashion. By adding layers of defense, not only does overall system security become hardened, but more obstacles are presented to the enemy; what may have worked against one safeguard won’t work against the next safeguard.

Question 32

The Three Basic Choices in Risk Management

Answer 32

Risk avoidance, risk acceptance, Risk reduction and residual risk acceptance

Question 33

Handy formula: Risk = Threat x Vulnerabilities x Cost

Answer 33

In the formula, Cost is the value of your data. If your data is worthless, your risk will be zero. Vulnerabilities are the holes in your system, procedures or software. If you have no vulnerabilities, your risk is zero. Threats are those dangers in your environment. If there are no threats to your data, your risk is zero.

Question 34

What is risk management?

Answer 34

The total process of identifying, measuring, controlling, and minimizing or reducing the security risk incurred by an IS to a level commensurate with the value of the assets protected. Risks are generally defined as the coexistence of a threat and a point of vulnerability.

Question 35

Continuity of Operations (COOP)

Answer 35

Procedures are required that will permit the organization to continue essential functions if information technology support is interrupted. These procedures (contingency plans, business interruption plans, and continuity of operations plans) should be coordinated with the backup, contingency, and recovery plans of any general support systems, including networks used by the application. The contingency plans should ensure that interfacing systems are identified and contingency/ disaster planning coordinated.