Final Exam Written Flashcards
What is the purpose of an ACL?
ACLs provide file system security for protecting files managed by the OS. ACLs have also been ported to SQL and relational database systems so that ACLs can provide database security as well. ACLs are the oldest and most basic form of access control.
Explain how to best secure volatile data.
Securing volatile information can best be performed by capturing the entire system image, which is a snapshot of the current state of the computer that contains all current settings and data.
Why should redundant networks be implemented in many enterprise environments?
Due to the critical nature of connectivity today, redundant networks also may be necessary. A redundant network waits in the background during normal operations and uses a replication scheme to keep its copy of the live network information current. If a disaster occurs, the redundant network automatically launches so that it is transparent to users. A redundant network ensures that network services are always accessible.
What is a bollard?
A bollard is a short but sturdy vertical post that is used to as a vehicular traffic barricade to prevent a car from “ramming” into a secured area.
What basic steps are included in securing mobile devices?
Securing mobile devices requires configuring the device, using mobile management tools, and configuring device app security.
For this question, take on the role of an Attacker wanting to get personally identifiable data from FRCC systems. Identify the actions you would take in order, why, and the step(s) of the CyberKill Chain your actions relate.
- Reconnaissance
a. Observe and understand the security of the FRCC system and how best to infiltrate.
b. From your observations you note that a student email would be the weakest link. - Weaponization
a. identify a student that is actively enrolled in FRCC and attack them personally obtaining there FRCC login info; With targeted scam attack.
b. Once you have a login investigate and get a better understanding of the FRCC system from the inside; Record your findings.
c. From your understandings, find a vulnerable teacher or faculty member and use another targeted attack on the teacher/faculty member.
d. Create a spyware virus and worm that will search the data through the emails and server, name it “assignment”. - Delivery
a. With your teacher/faculty member email request for some technical support. with being RTR have a zoom meeting and show that your having trouble with something and get them to download your “assignment” - Exploitation
a. Have your virus be an auto run when the “assignment” is ran on the technicians computer. - Installation
a. once on the support computer remain docile and observe looking for vulnerabilities. - Command and Control
a. Once you have found a vulnerability, execute the worm and let it steal some administrator logins through email.
b. With your admin login set up a fake update. So the FRCC site is temporary down.
c. With this the worm have it look to cut off the tech support computer you have accesses to.
d. With the virus infect the network to steal the network data/traffic and shut down the FRCC network with a DDoS network attack from the inside.
- Actions on Objectives
a. With the entire data base compromise steal and sell all the data you can and leak the network and security.
b. If possible create a backdoor. - Get paid.
Use Front Range Community College, Westminster campus to describe at least 2 types of servers that would be placed in the Internal network and 2 types of servers which would be placed in the DMZ. Give your reasons for placement of each server.
Internal network the servers that you might have is a database server and a application server. The Internal network you would want to cut off as much of the “outside world” as possible. The more connection to the outside world the more vulnerable your Internal network could be.
Demilitarized Zone network or DMZ, the servers that you might have are a Web server and a email server. As the DMZ network isn’t linked to your data server it can be more open as if its compromised you could use a back up to restore it, less risk involved.
Explain Salt when applied to cryptography and why salt is an effective deterrent to rainbow table and dictionary attacks?
Salt makes it so one password can be hashed multiple way creating some randomness. When cracking with a rainbow table or a dictionary attack salt makes it much more difficult due to the randomness.
Alice wants to send a message (M) to Bob. The following cryptographic steps take place between Alice and Bob:
1) Alice creates a Hash of the Message using a Hash algorithm.
2) Alice encrypts the Hash using Alice’s Public Key.
3) Alice encrypts the Message using Bob’s Public key.
4) Alice transmits the Message and Hash to Bob
5) Bob decrypts the Hash using Alice’s Private Key
6) Bob decrypts the Message using Bob’s Private key
7) Bob creates a Hash of the Message (from step 6)
8) Bob compares his Hash value to Alice’s Hash value (from Step 5).
Is this process secure? If not, what items would you change.
5) Bob decrypts the Hash using Alice’s Private Key
Why dose Bob have Alice’s Private Key? If Alice’s Private Key is public then its not secure.
