Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Oral Exams - Concentration > Network and System Security > Flashcards

Network and System Security Flashcards

1
Q

2 sections of memory for hacking

A

Heap section
o Stores dynamic variables (malloc)
o Grows from lower memory to higher memory

Stack section
o	Track function calls
o	Local variables
o	Grows from higher memory to lower memory
o      For static memory allocation

Both stored in the computer’s RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Application-level gateway (FW)

A

aka Application Proxy

  • Acts as a relay of application-level traffic
  • If the gateway does not implement the proxy code for a specific application, the service is not supported and cannot be forwarded across the firewall
  • High level of granular configuration options
  • Tend to be more secure than packet filters

Disadvantage
o The additional processing overhead on each connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Circuit-level gateway (type of FW)

A

aka Circuit-level Proxy

A firewall that provides UDP and TCP connection security, and works between an OSI network model’s transport and application layers such as the session layer.

  • Can be a stand-alone system or a specialized function performed by an application-level gateway for certain applications
  • Does not permit an end-to-end TCP connection
  • The security function consists of determining which connections will be allowed
  • Typical use is a situation in which a system administrator trusts the internal users
  • Can be configured to support application-level or proxy service on inbound connections and circuit-level functions for outbound connections
  • Example of implementation is the SOCKS package
  • Work at the session layer of the OSI model, or as a “shim-layer” between the application layer and the transport layer of the TCP/IP stack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

7 layers of OSI model – from highest to lowest

A

Open Systems Interconnection (OSI) Model

  • Application
  • Presentation
  • Session
  • Transport layer
  • Network layer
  • Data link layer
  • Physical layer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

2 types of Enumeration

A

Passive
o Search of interwebs with minimal traces in targets log files
o Using public sources to gather intelligence
o Correlating separate sources to draw meaning

Active
o Goal: identify as many systems, services, and potential vulnerabilities as possible
o Used on external or internal to a target
o Ping sweeps and port scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Scanners examples

A

Masscan
o Scan entire internet in 6 minutes

Netdiscover
o LAN sniffing tool
o Good to discover MAC addresses
o Can now identify the types of devices on the network

Sparta
o GUI to run nmap, Nikto and more

Nikto
o Web server scanner
o Scans for known vulnerable files
o Output from nmap can be fed into Nikto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

WAF

A

Web application firewalls are special FWs that protect a service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Broadcast address

A

The last address of the network

A broadcast address is an IP address that is used to target all systems on a specific subnet network instead of single hosts. In other words broadcast address allows information to be sent to all machines on a given subnet rather than to a specific machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Fuzzing

A

Process where an attacker sends malformed packets to a service or application listening on the network

The goal is to force the application to fail or produce errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Symmetric key

A

More commonly used since faster and easier – better performance

Same key used to encrypt and decrypt

Faster compared to public key encryption

Problem
o Key needs to be stored securely – hackable
o Both need the key
o Better to combine with assymetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Hash

Examples?

A

A string or number generated from a string of text

The resulting string or number is a fixed length

The best hashing algorithms are designed so that it’s impossible to turn a hash back into its original string
o MD5
o SHA
o SHA-2

Used when storing passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Encryption

A
  • Turns data into a series of unreadable characters that aren’t a fixed length
  • CAN be reversed back into their originally decrypted form if you have the right key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Two primary types of Encryption

A

Symmetric key
 The key to both encrypt and decrypt is exactly the same

Public key
 Has two different keys
• One used to encrypt the string (the public key)
• One used to decrypt it (the private key)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

3 classes of intruders

A

Masquerader
o An individual who is not authorized to user the computer and who penetrates a system’s access controls to exploit a legitimate user’s account

Misfeasor
o A legitimate user who access data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges

Clandestine user
o An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Examples of intrusion (10)

A
  • Performing a remote root compromise of an email server
  • Defacing a web server
  • Guessing and cracking passwords
  • Copying a database containing credit card numbers
  • Viewing sensitive data, including payroll records and medical information without authorization
  • Running a packet sniffer on a workstation to capture usernames and passwords
  • Using a permission error on an anonymous FTP server to distribute pirated software and music files
  • Dialing into an unsecured modem and gaining internal network access
  • Posing as an executive, calling the help desk, resetting the executive’s email passwords, and learning the new password
  • Using an unattended, logged-in workstation without permission
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Hackers

Prevention?

A

Traditionally for the thrill of it or for status

  • Intrusion detection systems (IDSs)
  • Intrusion prevention systems (IPSs) are designed to counter hacker threads
  • Consider restricting remote logons to specific IP addresses and/or use virtual private network technology
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

CERTS

A

Computer Emergency Response Teams

  • They collect information about system vulnerabilities and disseminate it to the systems managers
  • Hackers also routinely read CERT reports
  • It is important for system administrators to quickly insert all software patches to discovered vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Criminal Hackers

A
  • Organized groups of hackers
  • Usually have specific targets, or at least classes of targets in mind
  • Once a site is penetrated, the attacker acts quickly, scooping up as much valuable information as possible and exiting
  • IDSs and IPSs can be used for these types of attackers, but may be less effective because of the quick in-and-out nature of the attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Insider attacks

countermeasures

A

Among the most difficult to detect and prevent

Can be motivated by revenge of simply a feeling of entitlement

Countermeasures
o Enforce least privilege
o Set logs to see what users access and what commands they are entering
o Protect sensitive resources with strong authentication
o Upon termination, delete computer and network access
o Upon termination, make a mirror image of employee’s hard drive before reissuing it (used as evidence if your company information turns up at a competitor)

20
Q

Intrusion objective

A

Objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system

Most initial attacks use system or software vulnerabilities that allow a user to execute code that opens a backdoor into the system

21
Q

Ways to protect a password file

A

One -way functional
 The system stores only the value of a function based on the user’s password

Access control
 Access to the password file is limited to one or a very few accounts

22
Q

Password guessing techniques (8)

A
  • Try default passwords used with standard accounts – many don’t change
  • Try all short passwords (2-3 characters)
  • Try words in the system’s online dictionary or a list of likely passwords – examples available on hacker bulletin boards
  • Collect information about users: full names, spouse and children, pictures in their office, books related to hobbies
  • Try user’s phone numbers, SSN, room numbers
  • Try all legitimate license plate numbers for this state
  • Use a Trojan horse to bypass restrictions on access
  • Ta; the line between a remote user and the host system
23
Q

Intrusion detection

considerations

A

A system’s 2nd line of defense (1st is prevention)

Based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified

o Considerations
 If an intrusion is detected quickly enough, the intruder can be identified and ejected from the system before any damage is done or any data is compromised
 An effective system can serve as a deterrent so acting to prevent intrusions
 Enables the collection of information about intrusion techniques that can be used to strengthen the intrusion prevention facility

24
Q

2 Approaches to intrusion detection

A

Statistical anomaly detection
o Involves the collection of data relating to the behavior of legitimate users over a period of time
o Then statistical tests are applied to observed behavior to determine whether that behavior is not legitimate user behavior
o Threshold detection
 Involves defining thresholds, independent of user, for the frequency of occurrence of various events
o Profile based
 A profile of the activity of each user is developed and used to detect changes in the behavior of individual accounts

Rule-based detection
o Involves an attempt to define a set of rules or attack patterns that can be used to decide that a given behavior is that of an intruder
o Often referred to as signature detection

25
Q

IP address spoofing attack

Countermeasure

A

The intruder transmits packets from the outside with a source IP address field containing an address of an internal host

Countermeasure
o Discard packets with an inside source address if the packet arrives on an external interface

26
Q

Source routing attacks

Countermeasure

A

The source station specifies the route that a packet should take as it crosses the internet in the hopes that this will bypass security measures that do not analyze the source routing information

Countermeasure
o Discard all packets that use this option

27
Q

Tiny fragment attacks

A

The intruder uses the IP fragmentation option to create extremely small fragments and force the TCP header information into a separate packet fragment

o Enforce a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header

28
Q

Convincing an organization to invest in security

A

Investing in security will save your business from becoming a victim of security breach

Breaches are costly and can ruin business rep

Investing could avoid lawsuits
o Consumers
o Organization may not be in compliance with government regulations

Invest
o Identity management
o High-level firewall and network security system

29
Q

How to detect and prevent threats (3)

A

Snort can run in the background to defend against port scanning
o Must be running to be effective
o Does not prevent information from coming through – alerts only

Install a firewall that has a built-in intrusion prevention system
o Protects the entire network – detects port scanning

Install a separate IPS dedicated to detecting and blocking port scanning
o Ports are occasionally open on a network – standard firewalls are ill-equipped to detect
o Install separate hardware/software that specifically checks for port scanning
o At the same time blocks or makes the ports appear invisible

30
Q

Identity Management

A

• The “organizational process for identifying, authenticating and authorizing individuals or groups of people to have access to applications, systems or networks by associating user rights and restrictions with established identities

o Every individual in an organization has an identity
o Only give what they need
o Make sure old permissions are removed
o Keep data updated
o Monitor activities of employee logins
o Have a record tracking system in place
o Bad data due to duplicates of one employee with different permissions
o Delete terminated employees
 May be disgruntled
 Profiles may accessed unknowingly and may be hard to trace

31
Q

Firewall design goals

A

ALL TRAFFIC from inside to outside and vice versa must pass through firewall

Only authorized traffic will be allowed to pass

The firewall itself is immune to penetration

32
Q

4 Firewall characteristics

A

Service control – determines the types of internet services that can be accessed, in or out

Directional control – determines the direction the service requests may be initiated and allows to flow through the firewall

User control – controls access to a service according to which user is attempting to access it

Behavior control – controls how particular services are used

33
Q

Firewall expectations

A

Defines a single choke point that keeps bad out
o Unauthorized users out of protected network
o Prohibits potentially vulnerable services from entering or leaving the network
o Provides protection from various kinds of IP spoofing and routing attacks

Provides a location for monitoring security-related events

Can server as a platform for IPsec

Convenient platform for several internet functions not security related

34
Q

Firewall limitations (4)

A

Cannot protect against attacks that bypass the firewall

May not protect fully against internal threats
o Disgruntled employees
o Tricked user

Cannot guard against wireless communications between local systems on different sides of the internal firewall

A laptop, PDA, or portable storage device may be used and infected outside the corporate network, and then attached and used internally

35
Q

Packet Filtering firewalls

Strengths/Weaknesses

A

Strengths
o Simplicity
o Transparent to users
o Fast

Weaknesses
o Open to attacks that employ application-specific vulnerabilities or functions
o Limited log functionality
o Most packet filter firewalls do not support advanced user authentication schemes
o Generally vulnerable to attacks and exploits that take advantage of problems within the TCP/IP specification and protocol stack
o Misconfiguration

36
Q

Host-based firewall

A

A software module used to secure an individual host

Available in many operating systems or can be provided as an add-on package

Filters and restricts the flow of packets

Common location is a server

Advantages
o Filtering rules can be tailored to the host environment
o Protection is provided independent of topology
o Used in conjunction with stand-alone firewalls, provides an additional layer of protection

37
Q

Personal firewall

A

Controls the traffic between a personal computer or workstation on one side and the Internet or enterprise network on the other side

Can be used in the home or on corporate intranets

Typically, is a software module on the personal computer

Can also be housed in a router that connects all of the home computers to a DSL, cable modem, or other Internet interface

Primary role is to deny unauthorized remote access to the computer

Can also monitor outgoing activity in an attempt to detect and block worms and other malware

38
Q

OSI Model

Application layer

Example protocols

A

Supports application and end user processes

HTTP, FTP, IRC, SSH, DNS

39
Q

OSI Model

Presentation layer

Example protocols

A

Transforms data into the form that the application layer can accept

(SSL, FTP, IMAP, SSH)

40
Q

OSI Model

Session layer

Example protocols

A

Manages and terminates connections between applications

API’s, Sockets

41
Q

OSI Model

Transport layer

Example protocols

A

Transparent transfer of data between end systems or hosts, responsible for flow control - end to end

(TCP, UDP, SCTP, DCCP, ECN)

42
Q

OSI Model

Network layer

Example protocols

A

Provides switching and routing technologies, transmitting data from node to node via logical paths

(IP, IPSec, ICMP, IGMP)

43
Q

OSI Model

Data link layer

Example protocols

A

Data layers are encoded and decoded into bits - handles the moving of data into and out of a physical link in a network

(Ethernet, SLLIP, PPP)

44
Q

OSI Model

Physical layer

Example protocols

A

This layer conveys the bit stream thru the network at the electrical and mechanical level - Media, Signal, and Binary Transmission

(Coax, Fiber, Wireless)

45
Q

Enumeration definition

A

The process of extracting user names, machine names, network resources, and other services from a system.

All the gathered information is used to identify the vulnerabilities or weak points in system security and then tries to exploit it.

Oral Exams - Concentration (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions