Network Security

Question 1

What is the CIA triad?

Answer 1

Confidentiality - only those who are supposed to access the data can access it.

Integrity - the data there is only changed when it’s supposed to be

Availability - the data is there when it is needed

Question 2

What is authentication?

Answer 2

You are who you say you are.

Question 3

What is authorization?

Answer 3

You are where you’re supposed to be.

Question 4

What is accounting?

Answer 4

Professionals sometimes call this logging. This means that everything you do is properly noted, and any changes to data can be tied to a user account.

Question 5

What is a network security key?

Answer 5

The network security key is your network’s equivalent to a shut and locked door, with the password acting as a key for entry. If you don’t protect your wireless network with a strong password, someone can get into the devices on your network (access files on your computer) or use your Internet connection.

Question 6

What is WEP?

Answer 6

WEP (Wired Equivalent Privacy) is an older protection method that was designed to provide a similar level of protection to wireless network traffic as is provided in a wired network.

Question 7

What is WPA?

Answer 7

WPA (Wi Fi Protected Access) is a newer protection method than WEP and provides a higher level of encryption and authentication (a shared greeting procedure used to verify identity)

Question 8

What is WPA2?

Answer 8

WPA2 is the latest version of WI-FI Protected Access and is standard on most network devices today. WPA2 can use two different forms of encryption: AES (Advanced Encryption Standard) or TKIP (Temporal Key Integrity Protocol). AES offers the stronger encryption of the two.

Question 9

What is non-repudiation?

Answer 9

the ability to ensure that someone cannot deny or contest that thing.

Question 10

What is a computer virus?

Answer 10

A computer virus is a software program downloaded to your network then executing without your knowledge.

Question 11

Blended Threats

Answer 11

A combination of several different approaches using a variety of malware elements generating multiple forms of viruses, worms and Trojan horses.

Question 12

Botnet

Answer 12

A group of computers pirated by a hacker. The pirated computers are referred to as zombies. Zombies can then be combined and used to saturate a network causing a Denial of Service attack.

Question 13

Computer worm

Answer 13

Malware that copies itself from one computer to another, without human interaction. Worms replicate themselves quickly and have been known to send copies of itself to people in your address book.

Question 14

Malicious spyware

Answer 14

Records keystrokes and periodically sends the recorded information back to the originating cyber criminal using the internet and making the information available for further exploitation.

Question 15

Malware

Answer 15

Malware is short for ‘malicious software.’ Always hostile, intrusive, and annoying. Takes various forms such as a virus, worm, and a Trojan horse to name a few.

Question 16

Phishing

Answer 16

Fraudulent attempts to obtain private information. Phishing scams attempt to lure you into divulging personal information to a false representative of a trusted financial institution or agency.

Question 17

Rogue Security Software

Answer 17

A pop-up message alerting you that a virus has been detected on your network recommending a program be downloaded to remove the virus. This rogue security software is designed to entice you into clicking and downloading malicious software.

Question 18

Rootkit

Answer 18

A collection of tools that are used to obtain administrator-level access to a computer or a network of computers. Typically installed on your computer by a cyber criminal exploiting a vulnerability in your network security scheme.

Question 19

Trojan Horse

Answer 19

Users infect their computers with a Trojan horse by downloading an application they believe to be legitimate but in fact contains malware. If released in your system the malware may do such things as record your passwords or hijack your webcam.

Question 20

Active threat

Answer 20

one that actively seeks to damage or destroy your information.

Question 21

Passive threats

Answer 21

monitoring

Question 22

Data modification

Answer 22

something about your information is altered

Question 23

DOS

Answer 23

Denial of Service, floods the door and causes the site to crash

Question 24

Masquerade

Answer 24

the attacker pretends to be a valid user in order to access the system

Question 25

Repudiation

Answer 25

the attacker denies any action taken against the network

Question 26

Replay

Answer 26

involves the capture of a network message and then using it later for other uses

Question 27

Sinffer attack

Answer 27

pokes around waiting for just the right data, then it attacks.

Question 28

Man in the middle

Answer 28

A man in the middle sets up shop between two communicators, eavesdropping on everything that is said

Question 29

Release of message content

Answer 29

This is like an old fashioned phone tap, where the attacker listens in on a conversation, e-mail message, or even a sensitive file, and saves that information.

Question 30

Traffic analysis

Answer 30

This is similar to sniffing and the man-in-the-middle. However, an attacker doesn’t need to know the detail of the transmission: if they listen long enough and observe patterns and length of messages, they can guess the type of communication taking place.