Midterm Flashcards
These enforce a series of rules defining what kind of network traffic is allowed and what is not allowed
Firewall
The act of verifying the identity of a particular person
Authentication
Anything a person would use to access a network (device type)
Host device
What is the difference between a threat and an attack?
Threat: potential violation of security
■ Does not need to have occurred
Attack: actions that take advantage of potential threats
■ People causing the attack are called attackers
What are the three goals of security
Protect
● Try to stop the attack from happening
Detect
● Quickly identify when an attack is happening
Respond & Recovery
● Stop, assess, repair
● Maintain functionality during an attack
Why is anti-virus not perfect?
Anti-viruses have to be manually updated
This part of the operating system creates and manages files and directories
File system
Passwords are stored on a system as these, which vary based on operating system
Hashes; keeps passwords from being readily available
How does a system authenticate a user password attempt?
The system compares the attempt to a stored hash
Systems on a network that include files and/or programs in use by multiple people on or outside a network
Server
Set of devices, software, and cables that enables the exchange of information
Networking
Describe two network topologies
Bus - Every component is connected to a single line, with “taps” for each
component
Advantages: quick to deploy, cheap
■ Disadvantage: lots of collisions, unreliable, a break in the line causes
the network to fail, performance is directly related to number of
components and usage
■ Example: Cable internet
Ring - Every component has 2
connections – a left and a right
side
■ Basically a bus with a
connection back around to
the beginning
■ Disadvantages:
Performance is generally
poor, not scalable, break in
one connection causes
complete network failure
Star
● Each node is connected to a
central point
● Most common physical topology
(Ethernet)
● Advantages: fast, non-central
failure does not bring down the
network, scalable
● Disadvantages: used to be very
expensive, but not anymore,
single point of failure, lots of
cabling
Mesh
● Advantages: self-healing, failure
tolerant, potentially fast
● Disadvantages: no known route
traversal, difficult to control and
filter traffic
● Example: Wireless ad-hoc
network
This device inspects the data of a packet to see if it is malicious in nature
IDS/IPS
(intrusion detection/prevention system)
What occurs when two hosts try to use the same connection at the same time
Collision
What are the 3 types of authentication and an example of each?
● Something you know
e.g. Password/passphrase
● Something you have
e.g. Smart card, USB key, your phone
● Something you are
e.g. Biometrics (retina, fingerprint, DNA, etc.)
What is the term used if 2 or more types of authentication are in use?
Two-factor
What is the purpose of CSMA/CD?
Carrier Sense Multiple Access with Collision Detection
Method to detect collisions before they occur in ethernet cables
What was the first operating system and service pack to include a firewall enabled by default?
Windows XP Server Pack 2
What is CIA and why is it important?
Confidentiality
Only those with sufficient privileges and a demonstrated need may access certain information
Integrity
Quality or state of being whole, complete, or uncorrupted
Availability
Enables user to access information without interference or obstruction and in a useable format
Traits of well-implemented security
This part of the operating system
determines when to allocate programs,
processes, and threads to the processor
Kernel
What is the best method of cracking a password and why?
Brute-force attacks
■ Will try every possible character combination until it finds the password
■ This method can be extremely slow based on password length and complexity
■ It will always find the password in some amount of time
■ Most systems now limit number of password guesses to thwart brute-force attacks
Dictionary Attacks
■ Functions by trying a list of pre-defined potential passwords, one after another
■ Very fast method
■ Can be useful if you know the user and can compile an intelligent list of potential
passwords
■ If the password is not an exact match to the list, the attack will fail
Hybrid Attacks
■ Uses a list like the dictionary attack, but is able to detect slight variations
■ Example: if “hello” is in the list, but the password is “Hello” or “HellO”, the
dictionary attack will fail but the hybrid attack will succeed
■ It is not as fast as the dictionary attack because it has more variables to account for
Rainbow Tables
■ They are not coffee tables painted with bright colors
■ They are actual data tables containing every single hash value for every possible password possibility up to a certain number of characters
■ You simply take the hash value you have extracted from the system and search for it – once it is found in the table, you will have the password
■ You must have the Rainbow Table for the specific type of hash you are trying to crack
■ Rainbow Tables for even a small amount of characters can be quite large in size and so storage and searching can be an issue
Adversary-in-the-middle attacks formerly known as person-in-the-middle
■ If a system is authenticating to a network or accessing resources on another system, it will be passing hashes over the network to authenticate
■ MITM attacks attempt to sniff and gather these hashes in transit
■ Example: The program Cain and Abel uses a process called ARP poisoning to route the traffic between the two systems through your computer. It then sniffs the traffic for the hashes
What are some advantages and disadvantages of wireless networks?
Reliability, range, accessibility (swings either way)
What is responsible for address at Layer 2 - Data Link?
MAC address (media access control)
What happens when there is not enough RAM for memory?
Paging allows for memory to be “swapped” out to the hard disk when there is not enough RAM to hold everything attempting to be stored
What is the purpose of POST & BIOS on a system?
Power On Self Test
- Process performed by firmware immediately after a computer or other electronic devices is powered on
- verifies the integrity of the BIOS, system memory and size, and CPU
Basic Input/Output System
- A type of firmware used during the booting (POST) process
- initializes and tests system hardware (POST) and loads an operating system from a boot device
This model is a set of guidelines used to standardize network processes
TCP/IP, OSI
What are some examples of layer 6 - presentation?
jpg, doc, txt
The smallest unit of processing that can be scheduled
Thread
How is a digital signature applied?
You sign a message with your private key
Anyone who wants to read the message can verify that you created it by verifying it with your public key
At which layer does the TCP protocol function?
Transport
An executable set of code
Program
This command is used to test the reachability of a host and measure round-trip time for messages sent from a host to a destination machine
ping
Explain the three way handshake
First step in establishing a reliable connection
■ Purpose is to allow hosts to exchange starting sequence numbers and test the connection
● Sender sends a SYN (synchronize) to the Receiver saying what port it wants to connect to and the sequence number of the Sender’s first packet
● Receiver sends back a SYN/ACK (synchronize/acknowledge) saying it is ready for the Sender’s next packet and the sequence number of the
Receiver’s first packet
● Sender responds ACK (acknowledge) that it received the Receiver’s packet and the connection is established
● Then data exchange begins
What process do motherboards post-2014 and Macs use at boot and why?
UEFI (Unified Extensible Firmware Interface); ability to boot from disks larger than 2TB
What is the purpose of PAR?
Positive acknowledgement and retransmission
To determine when packets are dropped after the 3-way handshake
This network device broadcasts all network traffic to everyone connected to the device
Hub
Why are hubs not as used and what device replaces them on modern networks?
Switches are a better option to avoid broadcasting network traffic to everyone
What type of user account has complete power over a system?
Administrator (Windows)
Root (MacOS, Linux)
This part of any computer system is responsible for managing hardware and software resources
OS
What does the TCP sliding window do?
Tells how much data can be sent at a time based on how busy the receiving host is
What are the 3 pieces of hardware where data resides on a computer and how long do each of them store it? Rank in order of speed
CPU -> RAM -> hard drive
What is the difference between dynamic and static IP addresses?
Dynamic - Assigned via DHCP (Dynamic Host Configuration Protocol)
Addresses changed based on length of lease
Static - Manually assigned by the user or system administrator
Can only be changed manually
What are ports?
Port numbers allow traffic to be sent to different programs and applications (“services”) within a system
Like a PO Box Number on a computer where the zip code is the IP address
A single system in a network that connects to the internet
Gateway
What is UDP and when is it used?
User datagram protocol
When speed»_space; reliability
What are the four layers of the TCP/IP model?
Application, transport, internet, network interface
What is the difference between public and private IP addresses and what is the purpose of each?
Public IP addresses
– purchased from Internet Service Providers
(ISPs)
Private IP addresses
– used on an internal network to share a single
public IP address with multiple devices
What type of encryption uses the same key for encryption and decryption?
Symmetric
How does the internet translate between human-readable URLs and IP addresses of web servers holding the web pages?
DNS
domain name system
What do routers use to associate IP address to MAC addresses?
ARP (Address Resolution Protocol) table
What was the first version of Windows designed from a security standpoint and what went wrong?
Windows vista; it was too secure to use
Describe how public-key encryption functions
The public key is accessible to everyone and is used to decrypt a message sent from you
What is one way of protecting against an attack on a password?
Maximum attempts
Why do we secure our wireless networks and what security protocol do we use to do this?
Wireless networks aren’t encrypted
WPA2
