InfoSec Flashcards

1
Q

What is a security plan?

A

A plan that identifies and organizes the security activities for a system/organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does a security plan do?

A

Describes the current situation and highlights the improvement

It is an official record of current security practices and a blueprint for orderly change to improve those practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What three essential questions should a security policy answer?

A

Who should be allowed access?

To what system and organizational resources should access be allowed?

What types of access should each user be allowed for each resource?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What should a security policy specify?

A
  • The organization’s security goals
  • Where the responsibility for security lies
  • The organization’s commitment to security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How should a security policy be written?

A

Not too long, complex, detailed, and fast and easy to read

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does “current security status” mean?

A
  • An understanding of the current vulnerabilities.
  • Defines the limits of responsibility for the security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is risk analysis?

A

A systematic investigation of the system, its environment, and what might go wrong

And then forms the basis for describing the current security state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What’s the meaning of security requirements?

A

Security requirements are functional or performance demands placed on a system to ensure a desired level of security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the characteristics of good security requirements?

A
  • Correctness: Are the requirements understandable? Are they stated without error?
  • Consistency: Are there any conflicting or ambiguous requirements?
  • Completeness: Are all possible situations addressed by the requirements?
  • Realism: Is it possible to implement what the requirements mandate?
  • Need: Are the requirements unnecessarily restrictive?
  • Verifiability: Can tests be written to demonstrate conclusively and objectively that the requirements have been met?
  • Traceability: Can each requirement be traced to the functions and data related to it so that changes in a requirement can lead to easy reevaluation?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What’s the meaning behind accountability/responsibility for implementation

A

A section of the security plan that will identify which people (roles) are responsible for implementing security requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the common roles in a security plan?

A
  • Users –Regardless of if they are responsible for the security of their own machines, they have some responsibility
  • Owners –Product/process/system/…
  • Managers - May be responsible for seeing that the people they supervise implement security measures, and can also be legally responsible
  • Administrators –Network/system/security/database/…
  • Information officers - May be responsible for overseeing the creation and use of data; these officers may also be responsible for the retention and proper disposal of data
  • Personnel staff members - May be responsible for security involving employees, e.g., screening employees, handling terminations, arranging security training programs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a timetable?

A

A timetable means of how and when the elements in it will be performed must be included

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a plan maintenance?

A

A plan that specify the order which controls are to be implemented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What must be included in a plan maintenance?

A
  • New equipment will be acquired
  • New connectivity requested
  • New threats identified…
  • The plan must include procedures for change and growth
  • The plan must include a schedule for periodic review
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why does security planning need team members and commitment?

A

Security planning touches every aspect of an organization and therefore requires participation well beyond the security group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What three groups must contribute to making a security plan if you want it to succeed?

A
  • Management
  • The planning team
  • Those affected by the security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a business continuity plan?

A

A (business) continuity plan documents how a business will continue to function during or after a computer security incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does a business continuity plan address?

A
  • Catastrophic situations, in which all or a major part of a computing capability is suddenly unavailable
  • Long duration, in which the outage is expected to last for so long that business will suffer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does a business continuity plan assess?

A
  • What are the essential assets?
  • What could disrupt the use of these assets?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What us the goal of a incident response?

A

Be able to handle the current security incident without direct regard for the business issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a security incident response plan?

A

It tells the staff how to deal with a security incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A incident response plan should include?

A
  • Define what constitutes an incident
  • Identify who is responsible for taking charge of the situation
  • Describe the plan of action
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is ISO/IEC 27005 about?

A

Information security risk management (ISRM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is ISO 31000 about?

A

(general) Risk Management (RM) (principles and guidelines)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What ISO has several terms according to it?

A

ISO 27000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What does risk mean?

A

Effect of uncertainty on objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is risk management?

A

Coordinated activities to direct and control an organization with regard to risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is risk management process?

A

Systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analyzing, evaluating, treating, monitoring and reviewing risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is risk assessment?

A

Overall process of risk identification, risk analysis and risk evaluation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is risk identification?

A

process of finding, recognizing and describing risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is risk evaluation?

A

process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What does “Level of risk” mean?

A

magnitude of a risk expressed in terms of the combination of consequences and their likelihood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What does “residual risk” mean?

A

risk remaining after risk treatment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What does risk treatment mean

A

Process to modify risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What does vulnerability mean?

A

Weakness of an asses or control that can be exploited by one or more threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What does threat mean?

A

potential cause of an unwanted incident, which may result in harm to a system or organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is ISO?

A

the process to comprehend the nature of risk and to determine the level of risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is the characteristics of a risk?

A
  • Associated loss (also known as a risk impact)
  • Likelihood of occurring
  • The degree to which we can change the outcome (risk control)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Strategies for dealing with risk?

A
  • Avoid the risk by changing requirements for security or other system characteristics
  • Transfer the risk by allocating the risk to other systems, people, organizations, or assets or by buying insurance to cover any financial loss should the risk become a reality
  • Assume the risk by accepting it, controlling it with available resources, and preparing to deal with the loss if it occurs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What’s the steps of a risk analysis?

A
  1. Identify assets
  2. Determine vulnerabilities
  3. Estimate the likelihood of exploitation
  4. Compute expected annual loss
  5. Survey applicable controls and their costs
  6. Project annual savings of control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is the pros with risk analysis?

A
  • Improve awareness
  • Relate security mission to
    management objectives
  • Identify assets, vulnerabilities, and
    controls
  • Improve basis for decisions
  • Justify expenditures for security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is the cons of risk analysis?

A
  • False sense of precision and confidence
  • Hard to perform
  • Have a tendency to be filed and promptly forgotten
  • Lack of accuracy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is management systems?

A

A management system is a “set of interrelated or interacting elements of an organization to establish policies and objectives and processes to achieve those objectives” (ISO/IEC 27000:2014)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is the PDCA/continual improvement?

A

Also known as the demming cycle
* Used when:
* Starting from scratch, or when
* Improving or when, or when
* Performing a task

  • Also, on different levels
  • Strategic –Organization as a whole, policy,
    long-term…
  • Tactical –Implements the decisions…
  • Operational –Day-to-day operations…
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is cyber terrorism?

A

The use of computers to launch a terrorist attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What can cyber terrorism cause?

A
  • Significant economic damage
  • Disruptions to communications
  • Disruptions in supply lines
  • Disruptions in national infrastructure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is an Economic attack?

A

An attack that causes economic damage.

  • Lost files and records
  • Destroyed data
  • Stolen credit cards
  • Money stolen
  • Time spent cleaning up
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is cryptanalysis?

A

the study of methods for breaking ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is cryptography?

A

the use and practice of cryptographic techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is cryptology?

A

the study of both cryptography and cryptanalysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is plaintext/cleartext, P?

A

The original form a message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What is ciphertext/cyphertext, C?

A

encrypted version of a message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is a Cipher?

A

a pair of cryptographic algorithms, e.g., a mathematical function used for encryption and one for decryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

The character for a plaintext message?

A

P

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

The character for a ciphertext?

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is the cryptosystem in formal notation?

A

P = D(E(P))

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What is an encryption algorithm?

A

A set of rules of how to encrypt plaintext and how to decrypt the ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

The ciphertext for cipher system with a key?

A

C = E(K, P)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What is a symmetric cryptosystem?

A
  • Encryption and decryption keys are the same
  • Provide a two-way channel to their users
  • If the key is kept secret for a pair - the system also provides authentication proof
  • If the secret key is compromised, the adversary can decrypt all traffic and produce fake messages
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What is an Asymmetric cryptosytem?

A

*One key for encryption and another key for decryption
* Keys come in pairs
* A decryption key, KD, inverts the encryption of key KE so that:
* P = D(KD, E(KE,P))
* Also called public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What is a Stream cipher?

A
  • Each bit/byte of the data stream is encrypted separately (low diffusion)
  • Fast and encryption can take place as soon as data is read
  • If errors occur, only bit/byte is affected
  • Susceptible to malicious insertions and modifications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What is a block cipher?

A
  • Encrypts a group of plaintext symbols as a single block (typically 64, 128, 256 bits or
    more) (high diffusion)
  • Slower process, the last block needs to be padded, and an error affects more bytes
  • Impossible to insert a single symbol into one block
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What is The Data Encryption Standard (DES)?

A
  • Symmetric block cipher
  • Encryption and decryption algorithms are public but the design principles are classified
  • Used fixed 56 bits (short) key
  • Is considered insecure and was deprecated in 2017
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What is The Advanced Encryption Standard (AES)?

A
  • A replacement for DES
  • Symmetric, block cipher (128) bits
  • Three different key lengths: 128, 192, and 256 bits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What is the de-facto encryption standard today?

A

AES

  • Used in e.g., WPA2, IPsec, WhatsApp, Telegram… and in hardware such as Intel & AMD processors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What is Rivest-Shamir-Adelman (RSA)?

A
  • Asymmetric block cipher
  • Public key system (i.e., one private and one public key)
  • Long keys (1024-4096 bits)
  • Slow algorithm
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What is the Diffie-Hellman key exchange protocol?

A

A way in which a public channel can be used to create a confidential shared key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

How does the Diffie-Hellman key exchange work?

A
  1. First agree on an arbitrary staring key
  2. Then pick a private key
  3. Mix the (public) starting key with the secret key
  4. Exchange the keys with each other
  5. Mix the other shared key with their own secret key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What is error detecting codes?

A

A fast and reliable way of finding out if an error in a transmission have happened

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Name some simple error detecting codes?

A
  • Parity checks
  • Cyclic redundancy checks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Name some cryptographic error detecting codes?

A
  • One-way hash functions
  • Cryptographic checksums
  • Digital signatures
72
Q

What’s in Shannon’s characteristics of good ciphers?

A
  • The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption
  • The set of keys and the enciphering algorithm should be free from complexity
  • The implementation of the process should be as simple as possible
  • Errors in ciphering should not propagate and cause corruption of further information in the message
  • The size of the enciphered text should be no larger than the text of the original message
73
Q

What is Interception?

A

Unauthorized viewing
CIA: Confidentiality
Network security examples: Eavesdropping or wiretapping

74
Q

What is Modification?

A

Unauthorized change
CIA: Integrity
Network security examples: Integrity failures - insertion

75
Q

What is Fabrication?

A

Unauthorized creation
CIA: Integrity
Network security examples: Integrity failures - replay

76
Q

What is Interruption?

A

Preventing authorized access
CIA: Availability
Network security examples: DoS/DDoS

77
Q

What vulnerabilities is there in Wi-Fi?

A
  • It’s prone to eavesdropping
  • Shared media = easy insertion and easy disruption (DoS)
  • Protocols such as WEP and WPA
78
Q

What is the standard Wireless protocol?

A

WPA2/802.11i

79
Q

What is a policy?

A
  • A security policy is a document that defines how an organization deals with some
    aspect of security.
  • There can be policies regarding end user behavior, IT response to incidents, or
    policies for specific issues and incidents.
80
Q

What does CYOD mean?

A

The company lists acceptable devices (that is, those that meet company security requirements) and allows each employee to choose his or her own device.

81
Q

What is COPE?

A

The company owns and provides the equipment. This clearly offers the most security, but also comes at the highest cost.

82
Q

What does “personal” mean in WPA and WPA2?

A

Home and small office use

  • Using a pre-shared key
  • No authentication server
  • A shared key is a security issue (e.g., guessing attacks)
83
Q

What does “Enterprise” mean in WPA and WPA2?

A

Bigger organizations

  • Uses authentication server
  • No pre-shared key
  • Use IEEE 802.1X (so the access point become the authenticator), mutual authentication (i.e., no man-in-the-middle)
84
Q

What is segmentation?

A

Dividing a network into smaller segments.

85
Q

What is important for network security countermeasures?

A
  • System architecture
  • Segmentation
  • DMZ
  • Redundancy
  • Encryption
86
Q

What is a Virtual Private Network (VPN)?

A

I provides a way to the Internet. It creates a virtual connection between a remote user and the central location.

87
Q

What two approaches are it to VPN?

A
  • Remote access - one fixed side (What you get if you buy a VPN Service)
  • Site-to-site - two fixed sites
88
Q

Why use a VPN?

A

Is cheap, secure, scalable, and flexible

89
Q

What is a firewall?

A

A device that filters all traffic between a protected or “inside” network and less trustworthy or “outside” network

Firewalls implement security policies or rule-sets that determine what traffic can or cannot pass through

90
Q

What is a firewall an example of?

A

A reference monitor
* Always invoked (cannot be circumvented)
* Tamperproof
* Small and simple enough for rigorous analysis

91
Q

What is a demilitarized zone?

A
  • A perimeter network or screened subnet
  • Physical or logical subnetwork
  • DMZ is a form of network architecture
  • Services dedicated to outside use separated
  • The idea is that intrusion of DMZ hosts lead
    to only limited damage to the internal hosts
92
Q

What is a Intrusion Detection System (IDS)?

A

It monitors activity malicious or suspicious events

93
Q

What may a IDS do?

A
  • Monitor user and system activity
  • Audit system configurations for vulnerabilities and
    misconfigurations
  • Assess the integrity of critical system and data files
  • Recognize known attack patterns in system activity
  • Identify abnormal activity through statistical analysis
  • Manage audit trails and highlight policy violations
  • Install and operate traps to record information about
    intruders
94
Q

What is the goal of an IDS?

A
  • Ideally, an IDS should be fast, simple, and accurate while at the same time being complete
  • It should detect all attacks with little performance penalty
95
Q

What is an IDS detection methods?

A

Signature-based
* Monitor and compare against patterns (signatures)
* Signatures can be e.g., series of TCP SYN packets sent to many different ports in succession and at times close to one another
* Cannot detect new attacks (zero-day)
* Modification of existing attacks to evade detection
* Rely on statistical analysis

Heuristic
* Anomaly-based, based on a model of acceptable behavior and flag exceptions to that model
* Looks for behavior that is out of the ordinary
* Could be based on current traffic behavior or user behavior

96
Q

What is the Scope of an IDS?

A

Network-based IDS (NIDS)
* Stand-alone device
* Placed at a strategic point in the network, monitoring traffic to and from all devices on the network

Host-based IDS (HIDS)
* Installed on individual hosts or devices on the network

97
Q

What is the location of an IDS?

A

Front end
* Looks at traffic as it enters the network
* Can spend a long time analyzing
* Can filter before entering network (like a firewall)
* Easier to spot from the outside (and possibly to circumvent or attack)
* Not checking the internal network

Internal
* Monitors traffic within the network
* Less exposed
* Handle both internal and external traffic

98
Q

What is the Capability of IDS?

A
  • Passive –sound the alarm
  • Active, that’s when it become IPS
99
Q

How does a IPS respond to an alarm?

A
  • Monitor and collect data
  • Increase data collection during event e.g., record all traffic from a given source for future analysis
  • Watch the intruder - see accessed resources
  • Protect
  • Act to reduce exposure, e.g., by increasing access controls
  • Making assets unavailable
  • Visible
  • Signal an alert to other protection components
  • Call a human
100
Q

What is capacity planning?

A
  • Know what cause spikes in traffic
  • Plan for them
101
Q

What is load balancing?

A
  • Use more machines
  • Buy more cloud capacity
102
Q

What is network tuning?

A
  • Adjusting the number of segments, machines, uplinks…
  • Rate limiting - countermeasure that reduces the impact of an attack by limiting capacity to a host/network
103
Q

What is shunning?

A

Reducing service given to traffic from certain address ranges

104
Q

What is blacklisting?

A

Blocking all traffic to/from a specific host

105
Q

What is sinkholing?

A

Incoming traffic is analyzed, and bad traffic rejected

106
Q

What is a honeypot?

A

A virtual machine meant to lure an attacker into an environment that can be both controlled and monitored

107
Q

What is simplicity of design in a OS?

A

OSs are inherently complex, and any unnecessary complexity only makes them harder to understand and secure

108
Q

What is layered design?

A
  • At least four levels: hardware, kernel, OS, and user
  • Enables layered trust
109
Q

What is layered trust?

A
  • Layering is both a way to keep a design logical and understandable and a way to limit risk
  • Very tight access controls on critical OS functions, fewer access controls on important noncritical functions, and few if any access controls on functions that aren’t important to the OS
110
Q

What is a kernel?

A
  • A kernel is the part of the OS that performs the lowest-level functions
  • Synchronization, inter-process communication, interrupt handling…
111
Q

What is a security kernel?

A
  • A security kernel is responsible for enforcing the security mechanisms of the entire OS
  • Typically contained within the kernel
112
Q

What is kernel-mode?

A

Kernel-mode - executing code has complete and unrestricted access to the underlying hardware and memory

113
Q

What is User-mode?

A

User-mode - executing code has no direct access to hardware or reference memory

114
Q

What does execution mean?

A
  • The OS should be responsible for executing processes
  • When a user-mode application is executed, the OS creates a process for the application
115
Q

What is a reference monitor?

A
  • A reference monitor mediates access by subjects to objects (e.g., to let a user read a file)
  • An easy way of implementing access control
116
Q

A reference monitor must be?

A
  • Tamperproof
  • Unbypassable
  • Analyzable
117
Q

What is access control?

A
  • Authentication is verifying the identity of a user or a host
  • Authorization is permitting or restricting access to the information based on the type of users and their roles
  • Accountability identifies what a user did (auditing)
  • Access control is often performed by the OS
118
Q

What is the requirements of access control?

A
  • Need a mechanism to authenticate
  • Least privilege - minimum authorization to do its work
  • Separation of duty - should divide steps in a system function among different individuals
  • Administrative policies - who can add, delete, modify rules
  • Closed vs. open policies
  • Closed = disallowed unless explicitly allowed
  • Open = allowed unless explicitly disallowed
119
Q

What is the access control elements?

A
  • Subject
  • An entity that can access objects (often the human user)
  • Objects
  • Are things on which an action can be performed
  • Access modes
  • Any controllable actions of subjects on objects
120
Q

What is Discretionary access control (DAC)?

A

Access control model based on the identity of the user
* The owner decides who is allowed to access the object
and what privileges they have
* Rights can be delegated at users’ discretion
* Most common model

  • Often provided using an access control matrix
  • Access control lists (decomposed by column)
  • Capability tickets (decomposed by row)
121
Q

What is Role-based access control (RBAC)?

A
  • Controls based on a subject’s (user’s or program’s) role, not their identity
  • Subject’s rights can change depending on their current role
  • access is controlled at the system level, outside of the user’s control
  • Used in, e.g., Microsoft Azure
122
Q

What does reconnaissance mean?

A

The hacker research their target

123
Q

What does reconnaissance (passive) mean?

A
  • Before an attack is executed the hacker attempt to find out information about the target system
124
Q

What does Reconnaissance (Active) mean?

A

Port scanning (Nmap) Scans to see which ports are open

  • Ping scan
  • Connect scan
  • SYN scan
  • FIN scan
125
Q

What is a Ping scan?

A

A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).

126
Q

What is a connect scan?

A
  • Complete connection is executed
    with the destination device.
  • Most likely to be detected.
127
Q

What is a SYN scan?

A
  • Stealthy scan
  • Also called half-open scan

You send a SYN packet but you
never respond to the SYN/ACK

128
Q

What is an SQL attack?

A

You enter SQL commands into login forms to trick the server into executing those commands.

  • The most common attack.
  • The most common purpose is to force the server to log the attacker on.
129
Q

What is Bluesnarfing?

A

Unauthorized access of information from a Bluetooth device

130
Q

What is Blue jacking?

A

Using another blue tooth device within range and sending messages to the target

131
Q

What is Bluebugging?

A

Accesses and uses all phone features

132
Q

What is Pod slurping?

A

Using a device such as an iPod to steal confidential data by directly plugging it into a computer where the data are held

133
Q

Why does a buffer overflow occur?

A

Data is written beyond the space allocated
* Inputs expected to go into regions of memory allocated for data end up in memory holding executable code

134
Q

What is Malware?

A

Software planted by an agent with malicious intent to cause unanticipated or undesired effects

135
Q

What is a Virus?

A

A program that can replicate itself and pass on malicious code to other non-malicious programs by modifying them

136
Q

What is a Worm?

A

A program that spreads copies of itself through a network

137
Q

What is a Trojan Horse?

A

A application/software that looks legit but contains code that, in addition to its stated effect, has a second, nonobvious, malicious effect

138
Q

What is a Rabbit?

A

Code that replicates itself without limit to exhaust resources

139
Q

What is a Logic Bomb?

A

Code that triggers when a predetermined condition occurs

140
Q

What is a Time Bomb?

A

Code that triggers action when a predetermined time occurs

141
Q

What is a Dropper?

A

Transfer agent code only to drop other malicious code, such as virus or Trojan horse

142
Q

What is Hostile mobile code agent?

A

Code communicated semi-autonomously by programs transmitted through the web

143
Q

What is a cross-site script attack?

A
  • Tricking a client or server into executing scripted code by including the code in data inputs
  • An attacker can gain elevated access privileges to sensitive content, cookies, and other information maintained by the browser
144
Q

What is a RAT (remote access Trojan)?

A

Trojan horse that, once planted, gives access from remote location

145
Q

What is Spyware?

A

Program that intercepts and covertly communicates data on the user or user’s activity

146
Q

What is a bot?

A

Semi-autonomous agent, under control of a (usually remote) controller or “herder”; not necessarily malicious

147
Q

What is a Zombie?

A

Code or entire computer under control of a (usually remote) program

148
Q

What is a Browser hijacker?

A

Code that changes browser settings, disallows access to certain sites, or redirects browser to other

149
Q

What is a Rootkit?

A

A collection of tools that a hacker uses to mask their intrusion and obtain admin-level access to a computer or network.

150
Q

What is trapdoor or backdoor?

A

Code feature that allows unauthorized access to a machine or program; bypasses normal access control and authentication

151
Q

What is a tool or toolkit?

A

Program containing a set of tests for vulnerabilities; not dangerous itself, but each successful test identifies a vulnerable host that can be attacked

152
Q

What is Scareware?

A

Not code; false warning of malicious code attack

153
Q

What kind of harm can malicious code do?

A

Harm to users and systems:
* Sending emails to user contacts
* Deleting or encrypting files
* Modifying system information, such as the Windows registry
* Stealing sensitive information
* Attaching to critical system files
* Hide copies of malware in multiple complementary locations

154
Q

What are some countermeasures for users to protect them from Malware?

A
  • Use software acquired from reliable sources
  • Test software in an isolated environment
  • Only open attachments when you know them to be safe
  • Treat every website as potentially harmful
  • Create and maintain backups
155
Q

What are some countermeasures that doesn’t work against Malware?

A

Penetrate-and-patch
* Search after flaws and then fix them
* Fails because it is normally hurried, misses the context of the fault, and focuses on one failure, not the complete system

Security by obscurity (or Security through obscurity)
* Things meant to stay hidden seldom do
* Security should not depend on the secrecy of the implementation or its components

A perfect good-bad code separator
* Impossible to separate good programs from bad

156
Q

How does virus scanners work?

A

Virus scanners look for signs of malicious code infection using signatures in program files and memory

Detection mechanisms:
* Known string patterns in files or memory
* Execution patterns
* Storage patterns

157
Q

What is a Denial-of-Service Attacks?

A

A way to prevent legitimate access to a system, by flooding the system with so many false connection requests that the system cannot respond to legitimate requests

158
Q

What is DHCP Starvation?

A

If enough requests flooded a network, the attacker could completely exhaust the address space allocated by the DHCP servers for an indefinite period of time

159
Q

What are some DoS weaknesses?

A
  • The flood must be sustained.
  • When machines are disinfected, the attack stops.
  • Hacker’s own machine are at risk of discovery
160
Q

How does a SYN Attack/Flood work?

A
  • The client sends a SYN.
  • Server responds with SYN+ACK

The client should now respond with an ACK, but through non –responsiveness and continues sending of a SYN from other clients the server ends up in a busy state.

161
Q

How does a UDP Flood work?

A
  • Connectionless protocol.
  • UDP packet delivery to random port.
  • ICMP response “destination unreachable”.
  • Enough packets overloads system.
162
Q

What is Low Orbit Ion Cannon? (LOIC)

A
  • A common tool for DoS attacks
  • Requires the user to put in the target URL or IP address and then begin the attack
163
Q

What is XOIC?

A
  • XOIC is another DoS attacking tool.
  • Performs a DoS attack on any server with an IP address, a user-selected port, and a user-selected protocol.
164
Q

How do you protect yourself against Smurf attacks?

A
  • Guard against Trojans.
  • Have adequate Anti Virus software.
  • Utilize proxy servers..
165
Q

What is Ping of Death?

A
  • A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer.
  • A ping packet that is oversized.
  • Some computer systems were never designed to properly handle a ping packet larger than the
    maximum packet.
166
Q

What is a Man-in-the-Browser?

A
  • Malicious code in browser/add-ons
  • The key point is that it enters before
    encryption, and if something is
    inserted, it is also encrypted
167
Q

What is a Keystroke logger?

A
  • Hardware or software that records all keystrokes
  • It may be a small dongle plugged into a USB port or can masquerade as a keyboard
  • It may also be installed as malware
168
Q

What is Page-in-the-Middle

A
  • The user is directed to a different page than believed or intended
  • Similar to man-in-the-browser
  • Here a new page is displayed. The man-in-the-browser is only in the background
169
Q

What is a download substitution?

A
  • The attacker creates a page with seemingly harmless and desirable programs for download
  • Instead of, or in addition to, the intended functionality, the user installs malware
  • This is a very common technique for spyware
  • The user does not know what is installed after they click YES.
170
Q

What is clickjacking?

A
  • A way of tricking user into providing desired input, like personal information
171
Q

What is Drive-by download?

A

Code is downloaded, installed, and executed on a computer without the user’s knowledge.

172
Q

What is SQL injection?

A

Injecting SQL code into an exchange between an application and its database server

173
Q

What is Phishing?

A

A message that tries to trick a victim into providing private information or taking some other unsafe action

174
Q

What is Spear phishing?

A

A more personalized attack to a particular recipient or set of recipients

175
Q

What is Whaling?

A

Attacks directed at high-profile targets such as CEO:s…