Final Exam Flashcards
These enforce a series of rules defining
what kind of network traffic is allowed and
what is not allowed
Firewall
The act of verifying the identity of a particular person
Authentication
Difference between a threat and an attack
Threat is a potential and does not need to have occured
Three goals of security
Prevention, Detection, Recovery
Why anti-virus is not perfect
1) Zero-day attacks, 2) based on signatures for KNOWN malware (lots of variants)
Occurs when a malicious user utilizes a vulnerable web app to send malicious code to a different end user
XSS
cross-site scripting, a type of injection
This part of the operating system creates and manages files and directories
File system
Standard of proof in a criminal case vs a civil case
Criminal: beyond a reasonable doubt
Civil: preponderance of the evidence (AKA more likely than not)
What are 4 ways malware can get onto a system
flashdrives, spam email, emails from infected friends/contacts, malicious websites, infected websites, infected computers on a network
password are stored on a system as these, which vary based on a operating system
Also, how does a system authenticate a user password attempt
Hashes
The system hashes the attempt and compares the calculated hash to the stored hash
What is the California Security Breach Act and its importance
Requires organizations that maintain personal identifiable information to inform customers about data breaches
Important bc if you work in security industry, there are notification requirements and guidelines (state governed)
Systems on a network that includes files and/or progams in use by multiple people on or outside a network
Servers
Sets of devices, software, and cables that enables the exchange of information
Network
Describe two network topologies
Bus - Every component is connected to a single line, with “taps” for each
component
Advantages: quick to deploy, cheap
■ Disadvantage: lots of collisions, unreliable, a break in the line causes
the network to fail, performance is directly related to number of
components and usage
■ Example: Cable internet
Ring - Every component has 2
connections – a left and a right
side
■ Basically a bus with a
connection back around to
the beginning
■ Disadvantages:
Performance is generally
poor, not scalable, break in
one connection causes
complete network failure
Star
● Each node is connected to a
central point
● Most common physical topology
(Ethernet)
● Advantages: fast, non-central
failure does not bring down the
network, scalable
● Disadvantages: used to be very
expensive, but not anymore,
single point of failure, lots of
cabling
Mesh
● Advantages: self-healing, failure
tolerant, potentially fast
● Disadvantages: no known route
traversal, difficult to control and
filter traffic
● Example: Wireless ad-hoc
network
This device inspects the data of a packet to see if it is malicious in nature
IDS
What was the first operating system & service pack to include a firewall enabled by default
Windows XP SP2
Any program that is hidden within another
Trojan
What is CIA and why is it important?
“Confidentiality
Only those with sufficient privileges and a demonstrated need may access certain information
Integrity
Quality or state of being whole, complete, or uncorrupted
Availability
Enables user to access information without interference or obstruction and in a useable format
Traits of well-implemented security”
What happens when there is not enough RAM for memory
Virtual memory - aka pagefile or swapfile
Paging allows for memory to be “swapped” out to the hard disk when there is not enough RAM to hold everything attempting to be stored
Inserting code into a web app when it should be processing data
Code injection
This model is a set of guidelines used to standardize network processes
What are the layers
OSI or TCP/IP
7) Application
6) Presentation
5) Session
4) Transport
3) Network
2) Data Link
1) Physical
Examples of layer 6 of the OSI model, presentation
.doc, .jpg
Smallest unit of processing that can be scheduled
Thread
The act of luring a victim to divulge his/her personal or financial info
Phishing
An executable set of code
Program
This command is used to test the reachability of a host and measure round-trip time for messages sent from a host to a destination machine
Ping
Explain the three way handshake
Hi, I’m here. Are you there.
SYN
Yes, I see you’re there, I’m here and listening.
SYN,ACK
Great! Got your response. Ready to start sending.
ACK
Purpose of PAR
Positive acknowledgement and retransmission
Allows receiver to reassemble message and for
sender to know which packets may have gotten
dropped after the 3-way handshake
What type of user account has complete power over a system?
Super user
This part of any computer system is responsible for managing hardware and software resources
Operating System
Self-replicating computer programs
Computer viruses/worm
What does the TCP sliding window do
Indicates how many segments can be sent before ACK - smaller when the computer is busier and bigger when the computer is idle
What are the 3 pieces of hardware where data resides on a computer and how long do each store it? Order of speed?
CPU - fastest - only holds data for immediate use
RAM - fast - holds data for currently running processes
Hard drive - slowest - holds data for permanent storage
Difference between dynamic and static IP addresses
Dynamics is assigned via DHCP server/router on the network automatically as hosts connect
Static are assigned by a person to a network interface/system
What are ports?
Like PO boxes - allows the network to direct traffic at a specific program or service
A single system in a network that connects to the internet
Gateway
Four layers of the TCP/IP model
Network, internet, transport, application
Difference between public and private IP addresses and purpose of each
Public - purchased from an ISP and paid for - how you connect to the rest of the internet
Private - created by your router within your home network in order to share one public IP address amongst many devices
What type of encryption uses the same key for encryption and decryption
Symmetric, DES, AES
The first version of Windows designed from a security standpoint and what went wrong
Vista; too much security impacted usability
Name and describe 4 types of malware
Spyware - malicious software that enters a user’s computer, gathers data from the device and user, and sends it to third parties without their consent
Ransomeware - encrypts files on a device, rendering any files and the systems that rely on them unusable until a ransom is paid
Keylogger - records keystrokes
Backdoor - attack bypassing existing security systems to gain unauthorized access
Phishing attack aimed at specific individuals or companies
Spearphishing
According to OWASP, this type of web attack is the most common security risk to web apps
Code injection
Difference between stored and reflected cross site scripting
Stored - code is injected and permanently on target servers (databases), victim retrieves malicious script when they request the stored info
Reflected - injected code reflected off of web server. response includes some or all of input sent to server as part of the request. Delivered to user via email message/other web server, user is tricked into clicking on malicious link
The science of manipulating human beings to divulge confidential info or take a certain action
Social engineering
Difference btwn top down and bottom up info processing
Top down - knowledge driven, based on prev exp, goals/expectations drive perception
Bottom up - used when knowledge is lacking, recognition by components, info driven
Four steps of a social engineering attack
Research, hook, play, exit
4 basic human tendencies
Reciprocity, social proof, consistency, scarcity, liking, authority
Lollipop vs onion model
Lollipop - perimeter, hard crunchy shell on outside, soft chewy center inside, valuables exposed once perimeter breached
onion - layered security architecture
used to control intercommunication btwn lvls of trust
Access Control Lists (ACLs)
4 main components of a secure network topology
Perimeter firewall (btwn internet and organization)
Perimeter network (DMZ - area btwn perimeter firewall and internal firewall)
Internal firewall (limits all access to internal network)
Internal Network (location of rest of info assets)
6 basic ways to defend your system (personal and enterprise)
- remove unnecessary hardware
- rename admin account and change password
- remove unused user accounts
- use antivirus and keep it up to date
- use software/hardware firewalls
- use encryption
- perform backups
- enforce password policies
- content filter
- app whitelisting
- restrict BYOD
Type of software designed to detect and prevent unauthorized attempts to copy/send sensitive data, intentionally or unintentionally, even if the person is authorized to access the info
Data loss prevention software
Using court approved methods to acquire, investigate, and present evidence which allows decision makers to act on knowledge
Digital forensics
Difference btwn 3 types of investigations
Internal - internal to org (e.g. employee processes unauthorized documents)
Civil - 2 parties in a civil suit (e.g. employee sues for wrongful termination)
Criminal - criminal lawsuit (e.g. CP)
2 golden rules of forensics
1 - protect and preserve evidence
2 - always assume case will go to court
Examples of what are considered “original evidence media”
Hard disk, CD rom, SSD, cell phone, tablet, USB flash drive, portable hard drive, email accounts, server
Items required for court admissibility of a hard drive
Bitstream copy (forensic image) of drive
Imaging log record cryptographic hashes of source drive and image file
Chain of custody document
What is Info Sec Management
Activities relating to protection of info/info assets against risk of loss, misuse, disclosure, or damage and describes controls that org needs to implement to ensure risks are managed
Benefits of risk assessments
Proactive rather than reactive
Help identify vulnerabilities
Help identify threats
Will provide info to form cohesive strategy
2 procedures used for contingency planning
Incident response - procedure for when infosec incident occurs
Disaster recovery - procedure for when natural/manmade disaster occurs
3 things needed to adequately secure a system, and the weakest link
People (weakest link), process, technology
Characteristics of common law legal systems
- uncodified
- everything based on precedent
- contest btwn 2 opposing parties before a judge who moderates
- divided into criminal, civil, and administrative codes
- everyone innocent until proven guilty
3 roles of computers in a lawsuit
computer assisted crime
computer targeted crime
computer was incidental