DM5: Information Asset Security and Control Flashcards
What are examples of network security controls?
firewalls and intrusion detection systems
What is one major function of network security controls?
protection and critical alert information at borders between trusted and untrusted networks
What is a dedicated circuit?
symmetric telecommunications line connecting two locations
What is a switched circuit?
telecom line that does not permanently connect two locations and can be set up on demand using logical addressing
What are the types of switched circuits?
circuit switching and packet switching
What are switched circuits?
Mechanism used over telephone ISDN. Allows data connections that can be initiated when needed and terminated when complete, much like a telephone line.
What is packet switching?
Networks have connections into a carriers network where many customers share. The carrier creates virtual circuits between customers where packets are shared.
What is baseband?
analog telecom signal where signals are directly injected into the communications link and only one, half-duplex channel is available
What types of network architectures might an enterprise be implement?
modern networks (WAN); service oriented architecture (SOA);
What is a service oriented architecture (SOA)?
network architecture where components use simple object access protocol (SOAP) and XML to interoperate in a network
What is a benefit of a service-oriented architecture (SOA)?
information is highly accessible, available anytime and anywhere, and centrally managed for optimum netowrk use
What are common organizations networks?
Local, storage, wide, personal, and metropolitan
What is a LAN?
computer network that cover a limited area
What is a SAN?
variation of LAN dedicated to connecting storage devices to servers and computers
What is a WAN?
Computer network that covers a broad area (city, region)
What is a PAN?
Microcomputer network used for communication among devices used by a single person
What is a MAN?
WAN limited to a city or a region and have higher data rates than WANs
What are some examples of network services?
network file shares, email services, print services, remote access services, directory services, network management, DHCP, DNS
What is the purpose of DHCP?
Provides clients with IP address and other network parameters and ensures they are all unique.
Whats the purpose of a DNS?
translate names of network nodes into IP addresses (reference)
What does “interoperability” mean?
when connecting various system for communications where different sites may use media that could operate at different speeds
Whats the primary model used to understand network protocols?
Open Systems Interconnection (OSI) model
What are the 7 layers of the OSI below?
1) physical layer
2) data link layer
3) network layer
4) transport layer
5) session layer
6) presentation layer
7) application layer
What is the physical layer in the OSI model?
provides the hardware that transmits and receives signals. Typically defines cables, connectors, cards, and physical aspects of the hardware to connect to the network
What is the data link layer (OSI model)?
provides transfer of data across physical links; receives packets of data from the network layer and frames them; generally listens to only data intended for a single MAC address
What is the network layer (OSI model)?
creates a “virtual circuit” between the transport layers of the local device and other devices; layer that understands IP addresses; responsible for routing and forwarding data based on addresses
What is the transport layer (OSI model)?
provides transfer of data between end points; ensures that remote transport layers receives all data from the local session layer; acknowledges packets received from transport layer
What is the session layer (OSI model)?
Controls sessions between computers; establishes and manages connections between local and remote application layers and manages all data exchanges between them
What is the presentation layer (OSI model)?
standard interface for the application layer; converts outgoing data into standard format for the destination layer
What is the application layer (OSI model)?
interface for user-level applications; communicates resources to network and is used to access network resources
What is an acronym for the OSI model?
“People Dance Naked To Sexy Parties, Always!” PDNTSPA;
Which three OSI model layers align with TCP/IP’s application layer?
Application, presentation, session
What are the risks of a LAN?
-Loss of data and program integrity (unauthorized access)
-lack of data protection (poor version control)
-exposure to external activity (unauthorized access from outside)
-Virus/worms
-Illegal access through impersonation
-internal sniffing and spoofing
What is a repeater?
physical layer devices that extend the range of a network or connect networks together. They receive signals from one network segment and amplify the signal
What is a hub?
physical layer device that is the center of a star topology;
What is a bridge?
a data link layer device that connect LANs or create a LAN and WAN to reduce collision. They look at MAC addresses when forwarding data to devices
What is a layer 2 switch?
data link layer devices that interconnect network segments and help reduce collisions on ethernet-based networks. Use MACs and ASICs to better use data link protocols
What is a router?
create network segments but remain logically sepearate
What is a layer 3 switch?
looks at IP addresses in packets and analyzes IP address tables to find best route. They are used to create a VLAN.
What are benefits of using a VPN?
network managers can cost-efficiently increase span of corporate network;
remote users can securily access data;
secure communications with business partners;
substantial incremental bandwidth
How many modes does IPsec use?
two
What is tunneling IPsec?
type of mode where tunneling is used to encrypt an entire packet, including the header
What is transport IPSec?
type of mode where only a portion of the packet is encrypted
What are the primary concerns with VPNs?
security of transmission (hijacking);
management of technology;
configuration management;
unaltered/accurate data
What are CGI scripts?
executable, machine-independent software programs run on the server and called by a web server and perform specific sets of tasks.
What are the types of network management tools?
Response time reports, downtime reports, online monitors, network monitors, network analyzers, SNMP, help desk reports
Which network management tool is used to identify the time necessary for commands from users to be answered by a system?
Response time report
Which network management tool tracks the availability of telecom lines and circuits?
downtime reportw
Which network management tool checks data transmission for accuracy?
online monitors (ing)
Which network management tool attaches to the network and provides diagnostic tools for monitoring packet flow?
network analyzer
What is simple network management protocol (SNMP)?
TCP/IP based protocol to monitor network variables, manage configurations, and collect statistics.
What are the three types of firewalls?
packet filtering, application firewalls, stateful inspection
Which type of firewall is the first generation firewall where headers of each packet are read and analyzed and certain packets are prevented from being sent?
packet filtering
What are common attacks against packet filtering firewalls?
IP spoofing - faking IP address of a trusted host;
Source routing specification - assigning specific route for packet to bypass firewall;
miniature fragment attack - fragmenting an IP address into smaller ones into a firewall in hopes only part of the address is read
What are the two types of application firewall systems?
Application-level and circuit-level systems
What is the difference between application-level and circuit-level firewall systems?
Application-level systems analyze packets using proxys for each service and examines for known attacks on each proxy; circuit-level systems validate TCP and UDP sessions through a single proxy
What is a stateful inspection firewall?
Type of firewall that keeps track of destination IP addresses and uses this to determine if incoming packets are the response to a sent packet.
What is the difference between a symmetric key system and an asymmetric key in encryption?
symmetric keys use the same unique key (secret keys) for both encryption and decryption; asymmetric keys use different encryption and decryption keys (one public and one private)
What does hashing do?
Transforms text of arbitrary length into on of fixed width. Hashes are one-way and used in cryptographic schemes
Which type of encryption key system is consider a public key keys?
asymmetric key system
Which type of encryption key system is better suited for bulk data encryption due to being less complicated and requiring less power?
symmetric key system
What is non-repudiation?
a sender can’t deny that they sent a message because the private key is only known by the sender and is the only to know if it’s been decrypted
What does the certification authority maintain that includes all compromised certificates that are rejected when used?
certificate revocation list (CRL)
Does VoIP use packet switching or circuit switching to send data through the network layer?
packet switching
What is used to prevent man in the middle attacks on public key systems? And how does it prevent them?
certification authority; it appends information of the sender to the public key and creates a digital certificate for the encryption
Which key system is primarily vulnerable to to man in the middle attacks?
Public (asymmetric) key systems; when an attacker replaces a genuine public key with their own key
What are the primary risks related to VoIP?
protecting security of conversations; ineffective controls of the system leading to data loss;
What is a digital signature in email?
sequence of bits appended to a digital document and it’s authenticity can be verified and unique to each document.Wh
What are benefits of digital signatures in email?
Signature cannot be forged; signature is authentic and encrypted; signature is not reused; signed documents can’t be altered
What are the primary requirements of cloud computing environments?
continued availability of systems;
preservation of integrity and confidentiality;
conformity to applicable laws;
conformity to privacy policies
What are some considerations that should be made by IS auditors when review cloud computing?
data ownership, custody, and security of cloud deployments;
legal requirements for unique datasets;
limitations to the right-to-audit
What are the three types of virtualization that can be deployed?
native virtualization;
hosted virtualization;
containerization
What are the primary advantages of virtualization?
decreased server cost;
shared processing power;
decrease of physical footprint;
multiple environments can be used;
What are the primary DISadvantages of virtualization?
poor configurations could lead to vulnerabilities;
compromised management consoles expose hosts;
performance issues of the host server;
data leakage between different client users
What is an alteration attack? How can it be defended?
unauthorized modifications affect integrity of data or code;
hashing
What is a botnet attack?
collection of compromised computers (zombies) running malicious software placed worms/trojan horses/back doors
What are examples of passive network attacks?
network analysis, eavesdropping, and traffic analysis
What are examples of active network attacks?
brute force attack; masquerading; phishing; DoS; dial-in attacks; email attacks; unauthorized access
What is the purpose of a penetration test by an IS auditor?
attempt to circumvent the security features of a system and exploit vulnerabilities to gain access that would otherwise be unauthorized
How do intrusion detection systems (IDS) work?
They work continuously with routers and firewalls to monitor network usage anomalies and protect the network from internal or external misuse
What are the two categories of IDS?
network-based and host-basedW
What are host-based IDS’s?
IDS system that is configured for a specific environment that monitors internal resources by detecting changes to executables, deletion of files, and use of privileged commands?W
What are network-based IDS’s?
IDS system placed between the internet and the firewall to detect all attack attempts, regardless if they make it to the firewall. If placed between firewall and internal network, it will detect intruders.
What are the three specific types of IDS’s?
signature-based; statistical-based; neural network
What is a signature based IDS?
ISD that identifies intrusions using patterns that have been stored as signatures
What is a statistical based IDS?
ISD that use a comprehensive definition of known and expected behavior of systems in order to identify an intrustion
What are neural networks for IDS?
IDS feature that creates a database using patterns of activity and traffic on networks and uses self-learning technology to better understand these patterns
What are the cons of signature and statistical based IDS?
Signature based cant detect all types of intrusions to limitations of rules and statistical based may report normal network activity
What is the difference between a honeypot and a honeynet?
A honeypot pretends to be a vulnerable server to act as a decoy system and becomes valuable when targeted; honeynets are a set of honeypots that simulate a larger network where hacker activity can be observed
What is the purpose of an intrusion prevention system (IPS)?
detect and prevent attacks;
What is an applicaton-level gateway?
best way to protect against hacking because it can define with detail rules that describe the type of user or connection that is or is not permitted.
Is a digital signature or digital certificate more reliable authentication method?
Digital certificate - because its issue by a trusted third party
In addition to non-repudiation, digital signatures provide which: integrity or confidentiality?
Confidentiality
