Exam 2 (Material from Chapters 5 - 9ish) Flashcards
What are the layers of the OSI model?
Layer 7: Application
Layer 6: Presentation
Layer 5: Session
Layer 4: Transport
Layer 3: Network
Layer 2: Data Link
Layer 1: Physical
Explain the function of each layer of the OSI model?
Layer 7: Application - User interface
Layer 6: Presentation - Data format; encryption
Layer 5: Session - process-to-process communication
Layer 4: Transport - end-to-end communication
Layer 3: Network - routing data; logical addressing; WAN delivery
Layer 2: Data Link - Physical addressing; LAN delivery
Layer 1: Physical - Signaling
What is the difference between a WAN and a LAN?
Wide area networks (WANs)
- Connect systems over a large geographic area
Local area networks (LANs)
- Provide network connectivity for computers located in the same geographic area
What are some WAN Connectivity Options?
Cable modem
Digital subscriber line (DSL)
Fiber optics
Satellite
Dialup
Cellular 3G/4G/5G networks
What is the Ethernet standard?
- Defines how computers use Media Access Control (MAC) addresses to communicate with each other on the network
- Governs both the Physical and Data Link layers of the OSI Reference Model
What is a hub?
- Contain a number of plugs, or ports, where you can connect Ethernet cables for different network systems
- Echo incoming packets to all ports
What is a switch?
- Perform intelligent filtering
- Know the MAC address of the system connected to each port
- When a switch receives a packet on the network, they look at the destination MAC address and send the packet only to the port where the destination system resides
What is a virtual LAN?
- A collection of logically related network devices that are viewed as a partitioned network segment
- Give administrators the ability to separate network segments without having to physically separate the network cabling
- Can be used to isolate logical groups of devices to reduce network traffic and increase security
Transmission Control Protocol/Internet Protocol (TCP/IP) and How It Works
- A suite of protocols that operate at both the Network and Transport layers of the OSI Reference Model
- Governs all activity across the Internet and through most corporate and home networks
- Developed by the Department of Defense to provide a highly reliable and fault-tolerant network infrastructure (security was not a focus)
Internet Protocol version 4 (IPv4) addresses
are how many bytes long?
Four bytes or 32bits
Internet Protocol version 6 (IPv6) addresses
are how many bits long?
128 bits
Are IPv4 or IPv6 addresses more secure?
IPv6
What is DHCP?
Dynamic Host Configuration Protocol (DHCP)
- Allows each computer to get its configuration information dynamically from the network instead of manually
- Provides a computer with an IPv4 address, subnet mask, and other essential communication information
What is port 20?
File Transfer Protocol (FTP) data transfer
What is port 21?
File Transfer Protocol (FTP) control
What is port 22?
Secure Shell (SSH)
What is port 25?
Simple Mail Transfer Protocol(SMTP)
What is port 53?
Domain Name System(DNS)
What is port 80?
Hypertext Transport Protocol (HTTP)
What is port 110?
Post Office Protocol v3 (POP3)
What is port 139?
Network Basic Input/Output System (NetBIOS) Session Service
What is port 143?
Internet Message Access Protocol (IMAP)
What is port 443?
HTTP over Secure Sockets Layer (SSL)
What is port 989?
File Transfer Protocol over SSL/Transport Layer security (FTPS) for data
What is port 53?
Domain Name Service (DNS)
What is port 990?
File Transfer Protocol over SSL/Transport Layer security (FTPS) for control
What is port 161?
Simple Network Management Protocol (SNMP)
What is ICMP?
Internet Control Message Protocol (ICMP)
- A management and control protocol for IP
- Delivers messages between hosts about the health of the network
Attackers can use ICMP to create a _____ attack against a network
denial of service (DoS)
What tools use ICMP?
Ping and Traceroute
- Ping sends a single packet to a target IP address (ICMP echo request)
- Traceroute uses ICMP echo request packets to identify the path that packets travel through a network
What is reconnaissance?
The act of gathering information about a network for use in a future attack
What is Eavesdropping?
When an attacker taps the data cable to see all data passing through it
What is DoS
Flooding a network with traffic and shutting down a single point of failure
What is Distributed DoS (DDoS)?
Uses multiple compromised systems to flood the network from many different directions
Telephony denial of service (TDoS)
Attempts to prevent telephone calls from being successfully initiated or received by some person or organization
What are three basic Network Security Defense tools?
- Firewalls
- VPNs
- Network access control (NAC)
What is a firewall?
A firewall controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network
What are three important firewall security features and explain them.
Flood guard
Loop protection
Network segmentation
Flood guard: Rules can limit traffic bandwidth from hosts, reducing the ability for any one host to flood a network
Loop protection: Firewalls can look at message addresses to determine whether a message is being sent around an unending loop (for example, from another form of flooding)
Network segmentation: Filtering rules enforce divisions between networks, keeping traffic from moving from one network to another
What are three types of firewalls?
Packet filtering
Stateful inspection
Application proxy
What are four firewall deployment techniques?
Border firewalls
Screened subnet (or demilitarized zone [DMZ]) firewalls
Multilayered firewalls
Unified threat management
*Images of these in Chapter 5 slides number 25-26
What are URL filters?
Filters web traffic by examining the Uniform Resource Locator (URL) as opposed to the IP address
What is content inspection?
The device looks at some or all network packet content to determine if the packet should be allowed to pass
What is Malware inspection ?
A specialized form of content inspection, the device looks at packet content for signs of malware
What are some major VPN technologies in use today?
Point-to-Point Tunneling Protocol (PPTP)
Secure Sockets Layer (SSL)/ Transport Layer Security (TLS)
Secure Socket Tunneling Protocol (SSTP)
Internet Protocol Security (IPSec)
OpenVPN
What is a NAC?
Enables you to add more security requirements before allowing a device to connect to your network
Performs authentication and posture checking
IEEE 802.1x standard governs how clients may interact with a NAC device to gain entry to the network
What is SIP?
Securing Session Initiation Protocol
Voice and Video in an IP Network
Securing Session Initiation Protocol (SIP) and Voice over IP (VoIP)
- Patch all SIP/VoIP software and network component firmware
- Use virtual LANs (VLANs) to separate voice and video from other network use (i.e., workstations and printers)
- Enforce encrypted VPN use for all remote access (including SIP/VoIP)
- Require end-to-end encryption for all voice or video calls using TLS or Secure Real-Time Transport Protocol (SRTP)
- Enforce strong authentication for all network users
- Use firewalls to protect all SIP/VoIP devices and services
- Harden all SIP/VoIP devices and software
What are WAPs?
Wireless access points(WAPs)
A radio that sends and receives networking information over the air between wireless devices and the wired network
- Anyone with a wireless device who is within radio range of a WAP can communicate with and attempt to connect to the network via the device
- Anyone within radio range of wireless network can capture all data sent on that network if not encrypted
Additional Wireless Security Techniques: Hardware
Antenna types
Antenna placement
Power-level controls
Captive portals
Site surveys
Wireless Network Security Controls
VPN over wireless
Wireless encryption
WEP (insecure and flawed)
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Wi-Fi Protected Access (WPA), WPA2, WPA3
Service set identifier (SSID) broadcast
MAC address filtering
What is an Access Control?
The process of protecting a resource so that it is used only by those allowed to use it
Prevents unauthorized use
Mitigations put in place to protect a resource from a threat
What is the Four-Part Access Control?
Identification
Authentication
Authorization
Accountability
Identification - Who is asking to access the asset?
Authentication - Can their identities be verified?
Authorization - What, exactly, can the requestor access? And what can they do?
Accountability - How are actions traced to an individual to ensure the person who make data or system changes can be identified?
Policy definition phase
Who has access and what systems or resources can they use?
Tied to the authorization phase
Policy enforcement phase
Grants or rejects requests for access based on the authorizations defined in the first phase
Tied to identification, authentication, and accountability phases
What are the two types of access controls?
Physical and Logical
Physical: Controls entry into buildings, parking lots, and protected areas
Logical: Controls access to a computer system or network
A smart card is an example of what type of access control?
physical
Explain Logical Access Controls
Deciding which users can get into a system
Monitoring what each user does on that system
Restraining or influencing a user’s behavior on that system
The Security Kernel
Enforces access control for computer systems
Central point of access control
Implements the reference monitor concept
Mediates all access requests
Permits access only when appropriate rules or conditions are met
- Image of this on slide 10 of chapter 6
What are the four central components of access controls?
Users: People who use the system or processes (subjects)
Resources: Protected objects in the system
Actions: Activities that authorized users can perform on resources
Relationships: Optional conditions that exist between users and resources
What is authorization?
The process of deciding who has access to which resources
In most organizations, authorization is based on what?
job roles
background screening
and government requirements
Conditions or policies are decided by what?
Individual users (user is assigned privileges; most detailed and difficult to maintain)
Group membership policy
Authority-level policy
What are some methods used for identification?
Username
Smart card
Biometrics
What are some guidelines for identificaiton?
Nonrepudiation
Accounting
What are some processes and requirements for authentication?
Knowledge: Something you know
Ownership: Something you have
Characteristics: Something unique to you (something you are)
Action/performance: Something you do/how you do it
Behavior: Some observable trait or behavior that is unique to you
Location: Somewhere you are
Relationship: A trusted individual with whom you have a relationship/someone you know
Authentication by Knowledge examples
Password
- Weak passwords easily cracked by brute-force or dictionary attack
- need password best practices
Passphrase
- Stronger than a password
Authentication by Ownership
Synchronous token
- Calculates a number at both the authentication server and the device
– Time-based synchronization system
– Event-based synchronization system
– Continuous authentication
Asynchronous token
- Uses challenge-response technology
– Key-fob sized device
– Token software installed on a validated mobile device
– USB token
– Smart card
*image of this on slide 17 on chapter 6 slides
Authentication by Characteristics/Biometrics
Static (physiological) measures
What you are
Examples: Fingerprint patterns, iris granularity, retina blood vessels
Dynamic (behavioral) measures
What you do
Examples: Voice inflections, keyboard strokes, signature motions
What are some concerns surrounding biometrics?
- Accuracy
- Acceptability
- Reaction time
What are some types of biometrics?
Fingerprint
Palm print
Hand geometry
Vein analysis
Retina scan
Iris scan
Facial recognition
Voice pattern
Keystroke dynamics
Signature dynamics
Gait analysis
What are some advantages of biometrics?
- Person must be physically present to authenticate
- There is nothing to remember
- Biometrics are difficult to fake
- Lost IDs or forgotten passwords are not problems
What are some disadvantages of biometrics?
- Physical characteristics might change
- Physically disabled users might have difficulties
- Not all techniques are equally effective
- Response time may be too slow
- Required devices can be expensive
- Privacy issues
What is an example of an authentication by action?
Recording typing patterns
What is Single Sign On?
- Sign on to a computer or network once and then be allowed into all computers and systems where authorized
- Reduces human error
- Difficult to put in place
What are some advantages of Single Sign On?
Logon process is efficient
Users are generally willing to use stronger passwords
Provides continuous, clear reauthentication
Provides failed logon attempt thresholds and lockouts
Provides centralized administration
What are some disadvantages of Single Sign On?
Compromised passwords grants access to an intruder
Static passwords provide very limited security
Difficulty adding SSO to unique computers or legacy systems
Scripts can expose data and do not provide two-factor authentication
Authentication server can become a single point of failure
What are some processes used for Single Sign On (SSO)?
Kerberos
Secure European System for Applications in a Multi-vendor Environment (SESAME)
Lightweight Directory Access Protocol (LDAP)
What are the formal models of access control?
Discretionary access control (DAC)
Mandatory access control (MAC)
Nondiscretionary access control
Rule-based access control
______ denies access based on context or content through the application by presenting only options that are authorized for the current user.
Application-based DAC
___ permission levels are:
- User based
- Job-based, group-based, or role-based access control (RBAC)
- Project based
- Task based
DAC
Operating systems-based ___ policy considerations:
- Access control method
- New user registration
- Periodic review
DAC
True or False: MAC is stronger than DAC
True
What determines the level of restriction by sensitivity of resource (classification label)
and individuals then formally authorized (i.e., obtain clearance) to access sensitive information?
MAC
Which is more secure? Nondiscretionary Access Control or DAC?
Nondiscretionary Access Control
Access rules are closely managed by security administrator, not system owner or ordinary users in this access control.
Nondiscretionary Access Control
Sensitive files are write-protected for integrity and readable only by authorized users in this access control.
Nondiscretionary Access Control
___ ensures that system security is enforced and tamperproof.
Nondiscretionary Access Control
Explicit rules grant access in this access control.
Rule-based access control
Linux and macOS Access Control List (share and security permissions)
- Permissions
– Read, write, execute - Applied to
– File owners, groups, global users
Windows Access Control List (share and security permissions)
Share permissions
- Full, change, read, deny
Security permissions
- Full, modify, list folder contents, read-execute, read, write, special, deny
What are some methods of constraining users
Menus
Database views
Physically constrained user interfaces
Encryption
Microsoft offers _____ to help administrators manage access controls
Group Policy and Group Policy Objects (GPOs)
Which centralized authentication, authorization, and accounting (AAA) servers are the most popular and have two configuration files?
RADIUS
Which centralized authentication, authorization, and accounting (AAA) servers is an Internet Engineering Task Force (IETF) standard and has one configuration file
TACACS+
Which centralized authentication, authorization, and accounting (AAA) servers has base protocol and extensions, uses User Datagram Protocol (UDP) in peer-to-peer (P2P) mode rather than client/server mode
DIAMETER
Which centralized authentication, authorization, and accounting (AAA) servers is an open standard based on XML for exchanging both authentication and authorization data
SAML
What access control handles access control decisions and administration locally; access control is in hands of the people closest to the system users?
Decentralized Access Control
Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP) are what common access protocols?
Decentralized access control
What are some advantages of cloud computing?
No need to maintain a data center
No need to maintain a disaster recovery site
Outsourced responsibility for performance and connectivity
On-demand provisioning
What are some disadvantages of cloud computing?
More difficult to keep private data secure
Greater danger of private data leakage
Greater demand for constant network access
Greater need for clients to trust outside vendors
What is the goal of cryptography?
Make the cost or the time required to decrypt ciphertext without the key exceed the value of the protected information
____ is the number of possible keys to a cipher.
Keyspace
What is the most scrutinized cipher in history?
Data Encryption Standard (DES)
_____ is the art of breaking code.
Cryptanalysis
True/False: Cryptography was used in World Wars I and II
True
What year was symmetric and asymmetric key cryptography introduced in?
1976
____ cryptography uses photons, particles, or waves of light, and their unique properties transmitted across an optical fiber channel to create an unbreakable cryptosystem
Quantum
What enables you to prevent a party from denying a previous statement or action
Nonrepudiation
Many symmetric ciphers operate as either a ____ cipher or a ____ cipher.
stream, block
What is a keyword mixed alphabet cipher?
Uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet
What is a simple substitution cipher
Allows any letter to uniquely map to any other letter
What is a product cipher?
Combination of multiple ciphers, each of which could be a transposition or substitution cipher
What is an example of a product cipher?
Data Encryption Standard (DES)
What is an example of an exponentiation cipher?
Involves computing exponentials over a finite mathematical field and relies on the difficulty of factoring large numbers
What is an example of an exponentiation cipher?
Rivest–Shamir–Adelman (RSA)
In asymmetric key ciphers when given some random input, you can generate associated key pairs that are _____ of each other.
inverses
What is a checksum?
Summary information appended to a message to ensure that the values of the message have not changed
Digital signatures require _____ key cryptography
asymmetric
____ bind the identity of an entity to a particular message or piece of information and ensure the integrity of a message and verify who wrote it.
Digital Signatures
Is DES symmetric key or asymmetric key cryptography?
symmetric
Is 3DES symmetric key or asymmetric key cryptography?
symmetric
Is International Data Encryption Algorithm (IDEA) symmetric key or asymmetric key cryptography?
symmetric
Is CAST symmetric key or asymmetric key cryptography?
symmetric
Is Blowfish symmetric key or asymmetric key cryptography?
symmetric
Is AES symmetric key or asymmetric key cryptography?
symmetric
Is RC2 symmetric key or asymmetric key cryptography?
symmetric
Is RSA symmetric key or asymmetric key cryptography?
asymmetric
Is ECC symmetric key or asymmetric key cryptography?
asymmetric
A ___ is a key storage method that allows some authorized third-party access to a key under certain circumstances.
key escrow
The ______ Handshake Protocol consists of two phases: server authentication and an optional client authentication.
Secure Sockets Layer (SSL)
_____ verify a person’s identity or that person’s association with a message.
Digital signatures
A ______ vouches for the validity of a credential, and maintains a list of invalid, or revoked, certificates in either a certificate revocations list (CRL) or by maintaining the data to support the newer Online Certificate Status Protocol (OCSP).
certificate authority (CA)
This hash takes an input of any arbitrary length and generates a 128-bit message digest that is computationally infeasible to match by finding another input
MD5 message digest algorithm
This hash produces a 160-bit hash from a message of any arbitrary length
Secure Hash Algorithm (SHA-1)
This is a hash function that uses a key to create the hash, or message digest
Hash message authentication code (HMAC)
This is a collection of functions that provide hash values for a wide range of applications
RACE Integrity Primitives Evaluation Message Digest (RIPEMD)
_____ are a combination of a strong hash of a message, which acts as a fingerprint
Digital signatures
____ is any program that contains instructions that run on a computer system and perform operations that the user does not intend
Malware
Malicious code attacks what?
A: Confidentiality
B. Integrity
C. Availability
D. All of the above
D. All of the above
What are the 3 types of viruses?
System infectors, File infectors, Data infectors
Explain the difference between system infectors, file infectors, and data infectors.
System infectors
– Target computer hardware and software startup functions
File infectors
– Attack and modify executable programs (COM, EXE, SYS, and DLL files in Microsoft Windows)
Data infectors
– (Also called macro infectors) Attack document files containing embedded macro programming capabilities
What is a rootkit?
Malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised
Modify parts of the operating system to conceal traces of their presence
Provide attackers with access to compromised computers and easy access to launching additional attacks
____ consumes computing resources bandwidth and central processing unit (CPU) time.
Spam
True/False: Opt-out (unsubscribe) features in spam messages can represent a new form of reconnaissance attack to acquire legitimate target addresses
True
____ are self-contained programs designed to propagate from one host machine to another using the host’s own network communications protocols
Worms
____ are unlike viruses, do not require a host program to survive and replicate
Worms
___ usually probe network-attached computers to exploit a specific vulnerability
Worms
What is the largest class of malware?
Trojan Horses
What are programs that masquerade as useful programs while hiding malicious intent?
Trojan Horses
These programs rely on social engineering to spread and operate; spread through email messages, website downloads, social networking sites, and automated distribution agents (bots)
Trojan Horses
_____ are programs that execute a malicious function of some kind when they detect certain conditions
Logic bombs
Once in place, these programs wait for a specified condition or time, which, when it occurs, causes ______ to activate and carry out its tasks
logic bombs
_______ typically originate with organization insiders because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders
Logic bombs
___ are robotically controlled networks.
botnets
Controllers communicate with other members of the botnet using ______ channels
Internet Relay Chat (IRC)
Attackers can use botnets to distribute malware and spam and to launch ______ attacks against organizations or even countries
denial of service (DoS)
____ are attacks that overwhelm a server or network segment to the point that the server or network becomes unusable
Denial of Service (DoS)
_____ attacks crash a server or network device or create so much network congestion that authorized users cannot access network resources
Denial of Service (DoS)
______ attacks are when an attacker uses Internet Protocol (IP) spoofing to send a large number of packets requesting connections to the victim computer
Synchronize (SYN) Flood
______ attacks are when attackers forge Internet Control Message Protocol (ICMP) echo request packets to IP broadcast addresses from remote locations to generate DoS attacks
Smurf
____ is any unsolicited background process that installs itself on a user’s computer and collects information about the user’s browsing habits and website activities
Spyware
Spyware affects ______ and ______.
privacy and confidentiality
______ cookies are cookies that share information across sites. Some cookies are persistent and are stored on a hard drive indefinitely without user permission.
Spyware
______ triggers nuisances such as popup ads and banners when user visits certain websites
Adware
_______ affects productivity and may combine with active background activities. It collects and tracks information about application, website, and Internet activity.
Adware
_____ tricks users into providing logon information on what appears to be a legitimate website but is actually a website set up by an attacker to obtain this information
Phishing
_____is when an attacker supplies information about victim that appears to come from a legitimate company
Spear Phishing
___ is the use of social engineering to obtain access credentials such as usernames and passwords
Pharming
_____ capture keystrokes or user entries and forwards information to attacker. This enables the attacker to capture logon information, banking information, and other sensitive data.
Keystroke Loggers
What motivates attackers?
- money
- fame
- political beliefs or systems
- anger or revenge
- cyberwarfare or espionage
____ are the group of individuals responsible for planning, designing, implementing, and monitoring an organization’s security plan
Security administration
The physical location where security administration work is often referred to as the
_____?
security operations center (SOC)
