Module 1: Introduction to Network Security Flashcards
What is a vulnerability?
Weakness in the network and/or its protocol.
What is a threat?
A set of circumstances that has the potential to cause harm.
What is intrusion?
Any act or event that compromises the information on a network.
What is a breach?
Breakdown of security of the network
What is an interruption intrusion and what is an example?
- Making access to a resource become unavailable
- Denial of service
What is an interception intrusion and what is an example?
- Gaining unauthorized access to information
- Eaves dropping / sniffing
- Traffic analysis
What is a modification intrusion and what is an example?
- Tampering with a resource or information and changing it.
- Man in the middle (MITM)
What is a fabrication intrusion and what is an example?
- Insertion of counterfeit objects into a system
- Malware
What is an invasion intrusion and what is an example?
- Taking control of a resource and steal information
- Session hijacking
What is active eavesdropping?
Send data probes & collect info
What is passive eavesdropping?
Silent eavesdropping - no probes
What is a Level 0 intrusion?
Normal system users - no intrusion
What is a Level 1 intrusion?
Intrusion occurs, but no evidence of damage and no trail is left.
What is a Level 2 intrusion?
Intrusion occurs, but no evidence of damage but a trail is left.
What is a Level 3 intrusion?
Files are damaged, programs and/or data are altered (e.g. Malware, MITM attack).
What is a Level 4 intrusion?
Services disrupted (e.g. DoS)
What is a Level 5 intrusion?
Valuable information is stolen - cyber espionage cyber felony is committed.
What are the four steps for a hacker to commit an attack?
- Gather information
- Look for vulnerabilities
- Get access to the network
- Launch the attack
What type of information is useful for a hacker to gather information?
- Domain names
- IP addresses
- Active ports
- OS/CPU
- Type of firewalls
- Social engineering
What are NSLOOKUP and DIG? How are they used?
- IP Address finder
- Gather information
What is Netcraft? How is it used? How are they used?
- Web server information gatherer
- Gather information
What is traceroute, tracert and VisualRoute? How are they used?
- IP address tracers
- Gather information
What is iplocation.net? How is it used?
- IP location finder (Geo location)
- Gather information
What are nmap and zenmap? How are they used?
- Port scanner ++ (veru detailed information about the host: hosts available, OS, packet filters and firewalls etc)
- Gather information
What is angry IP scanner? How is it used?
- Port scanner (light weight)
- Gather information
What is Wireshark? How is it used?
- Traffic monitoring
- Gather information
What is TCPDump? How is it used?
- Traffic monitoring
- Gather information
What is Netstumbler? How it is used?
- Wireless network information gatherer // Active sniffer
- Gather information
What is whois? How is it used?
- Get domain information
- Gather information
What is Kismet? How is it used?
- Wireless network information gatherer // passive sniffer
- Gather information
How can Google be used by hackers?
Social engineering tool used by hackers.
What is Nessus? How is it used?
- Vulnerability scanning (compliance and malware)
- Vulnerability testing
What is Nexpose? How is it used?
- For full cycle vulnerability assessment: detection, verification, risk calculation, impact analysis reporting and mitigation.
- Vulnerability testing
What is GFILANguard Network Security Scanner? How is it used?
- Scans network IP by IP and alerts vulnerabilities.
- Vulnerability testing
What is Nikto? How is it used?
- Web server scanner (scans with a database)
- Vulnerability testing
What is Nipper Studio? How is it used?
- Vulnerability assessment scanner for switches, routers and firewalls.
- Vulnerability testing
What are the four tools used by hackers for gaining access?
- Brute force
- Password Crackers
- Keyloggers
- Address spoofers
What is a Denial of Service attack?
Bring down a network so that legitimate users are prevented from accessing the network
What is a man-in-the-middle-attack?
- Secure position between a client and server
- Impersonates either or
- Data flows to attackers hose with no knowledge of the client or server
What is data modification?
- MITM attack extended to perform data modification
What is a replay attack?
Replay recorded packets at a later time fot the same server
What is an injection of malicious code attack?
Viruses, worms, trojan horses and logic bombs.
What is confidentiality? How is it achieved?
- No eavesdropping
- Cryptography
What is integrity? How is it achieved?
- Message received = message sent
- Cryptography
What is authentication? How is it achieved?
- Sender validation
- Cryptography
What is non-repudiation? How is it achieved?
- Source must not be able to deny a transaction
- Cryptography
What is certification? How is it achieved?
- Third party certifies the source as good
- Cryptography
What is access control? How is it achieved?
- Who can access what and when
- Firewalls
What is availability? How is it achieved?
- System resources are always available for legit users
- Firewalls
