Network Security Concepts Flashcards
What are six terms associate with security management?
Asset; Vulnerability; Exploit; Threat; Risk; Countermeasure
A weakness in a system or its design that could be exploited by a threat.
Vulnerability
The mechanism used to leverage a vulnerability to compromise an asset.
Exploit
A potential danger to an asset such as information or network functionality.
Threat
The likelihood that a particular threat will exploit a particular vulnerability of an asset that results in an undesirable consequence.
Risk
A protection that mitigates a potential threat or risk.
Countermeasure
To provide adequate protection of network assets, what three things must be guaranteed?
Confidentiality, Integrity, Availability (CIA)
Only authorized users can view sensitive information.
Confidentiality
Only authorized users can change sensitive information. It can also guarantee the authenticity of data.
Integrity
Authorized users must have uninterrupted access to important resources and data.
Availability
What factors should be considered when classifying data?
Value; Age; Useful Life; Personal association
The number one criteria when classifying data, and is based on the cost to acquire, develop, and replace.
Value
The importance of data usually decreases with time.
Age
The amount of time in which data is considered valuable and must be kept classified.
Useful Life
Data that involves personal information of users and employees.
Personal association
What data classifications terms are commonly used by government and military?
Unclassified; Sensitive but Unclassified (SBU); Confidential; Secret; Top Secret
Which security term refers to a person, property, or data of value to a company?
Asset
Which asset characteristic refers to the risk that results from a threat and lack of a countermeasure?
Liability
Data that has little or no confidentiality, integrity, or availability requirements, and therefore little effort is made to secure it.
Unclassified
Data that could prove embarrassing if it is revealed, but no great security breach would occur.
Sensitive but Unclassified (SBU)
Data that must be kept secure.
Confidential
Data for which significant effort is made to keep it secure. Few individuals have access to this data.
Secret
Data for which great effort and sometimes considerable cost is made to guarantee its secrecy. Few individuals on a need-to-know condition have access.
Top secret
What data classifications terms are commonly used by private sector?
Public; Sensitive; Private; Confidential
Data that is available publicly, such as websites, publications, and brochures.
Public
Data that is similar to SBU data in that it might cause some embarrassment if revealed.
Sensitive
Data that is important to an organization and an effort is made to maintain secrecy and accuracy of this data.
Private
Data that companies make the greatest effort to keep secure, such as trade secre4ts, employee data, and customer information.
Confidential
What are the three Classification roles?
Owner; Custodian; User
Person responsible for the information
Owner
Perosn in charge of performing day-day data maintenance, including securing and backing up the data.
Custodian
Person using the data in accordance to established procedures.
User
What are the three categories of threat classification?
Administrative; Technical; Physical
Policy and procedure based, including change/configuration control, security training, audits, and tests.
Administrative
Controls that involve hardware and software.
Technical
Controls for protecting the physical infrastructure.
Physical
_______ includes insidious reasons, such as for political and financial reasons, aimed at economic espionage and money-making activities.
Motivation
Activities are now _____ with mutating and stealth features.
Targeted
Threats are consistently focusing on the _______ _______ such as known web browser vulnerabilities and looking for new web programming errors.
Application Layer
________ ________ sites are a huge source of information. Attackers use it not only to try to steal an identity, but also try to assume the identity of the user.
Social Engineering
Attackers are also targeting mobile platforms because data is in more places.
Borderless
What five categories entail Incident and Exposure management?
Preventive; Detective; Corrective; Recovery; Deterrent
Preventing the threat form coming in contact with a vulnerability, such as using a firewall, physical locks, and security policy.
Preventive
Identifying that the threat has entered the network or system using system logs, intrusion prevention systems (IPSs), and surveillance cameras.
Detective
Determining the underlying cause of a security breach and then mitigating the effects of the threat being manifested, such as updating virus or IPS signatures.
Corrective
Putting a system back into production after an incident.
Recovery
discouraging security violations.
Deterrent
What are the four categories of managing risk?
Risk Avoidance; Risk Reduction; Risk Sharing or Transfer; Risk Retention or Acceptance
Avoiding activity that could carry risk.
Risk Avoidance
Involves reducing the severity of the loss or the likelihood of the loss from occurring.
Risk Reduction
Involves sharing the burden of the loss or the benefit of gain with another party.
Risk Sharing or Transfer
Involves accepting the loss, or benefit of gain, from a risk when it occurs.
Risk Retention or Acceptance
What key factors are considered when designing a secure network?
Business Needs Risk Analysis Security Policy Industry best practices Security Operations
____ ____ and ______ refers to means by which data leaves the organization w/o authorization.
Data Loss and Exfiltration
What are four ways Data Loss and Exfiltration occur
Email Attachments
Unencrypted Devices
Cloud Storage Devices
Removable Storage Devices
What is malicious code also known as?
Malware
Infectious malicious software that attaches to another program to execute a specific unwanted function on a computer. Most ____ require end-user activation and can lay dormant for an extended period and then activate at a specific time and date.
Viruses
Infectious malware, ____ are self-contained programs that exploit known vulnerabilities with the goal of slowing a network. ____ do not require end-user activation. An infected host replicates the ____ and automatically attempts to infect other hosts by independently exploiting vulnerabilities in networks.
Worms
_____ is typically used for financial gain and collects personal user information, monitoring web-browsing activity for marketing purposes, and routing of HTTP requests to advertising sites.
Spyware
Refers to any software that displays advertisements, whether or not the user has consented, sometimes in the form of pop-up advertisements.
Adware
Refers to a class of software used for scamming unsuspecting users. _______ can contain malicious payloads or be of little or no benefit.
Scareware
These are applications written to look like something else, such as a free screensaver, free virus checker, and so on. When a ____ ____ is downloaded and opened, it attacks the end0user computer from within.
Trojan Horse
Trojan Horses may be created to initiate specific types of attacks, to include:
Remote Access Data Sending (key logging) Destructive Security Software Disabler Denial of Service (DoS)
Most worms have what three components?
Enabling vulnerability
Propagation Mechanism
Payload
The primary means of mitigating malware is ______ _____.
Anti-virus Software
The goal of ________ is to limit the spread of infection and requires segmentation of the infected devices to prevent infects hosts from targeting other uninfected systems.
Containment
The goal of ________ is to deprive the worm of any available targets. Therefore, all uninfected systems are patched with the appropriate vendor patch. Often runs parallel to, or subsequent to, the containment phase.
Inoculation
The goal of ________ is to track down and identify the infected machines. Once identified, they are disconnected, blocked, or removed from the network and isolated for the treatment phase.
Quarantine
The goal of ________ is to disinfect infected systems of the worm. This can involve terminating the worm process, removing modified files or system settings that the worm introduced, and patching the vulnerability the worm used to exploit the system.
Treatment
Individuals who break into computer networks to learn more about them. Most mean no harm and do not expect financial gain.
Hackers
Names given to identify types of good hackers. __1__ 1 are ethical hackers, such as individuals performing security audits for organizations. __2__ 2 are bug testers to ensure secure applications.
- White Hat
2. Blue Hat
Hackers with criminal intent to harm information systems or for financial gain. They are sometimes called “black hat hackers.”
Crackers
Names given to identify types of crackers. __1__ 1 is synonymous with crackers, and __2__ 2 are ethically questionable crackers.
- Black Hat
2. Gray Hat
Hackers of telecommunication systems. They compromise telephone systems to reroute and disconnect telephone lines, sell wiretaps, and steal long-distance services.
Phreakers
Hackers with very little skill. They do not write their own code but instead run scripts written by more skilled attackers.
Script Kiddies
Individuals with political agendas who attack government sites.
Hacktivists
__________ ______ typically involve the unauthorized discovery and mapping of systems, services, or vulnerabilities.
Reconnaissance Attacks
What are four common ways reconnaissance attacks are achieved?
Internet Information Queries; Ping Sweeps; Port Scanners; Packet Sniffers
Uses readily available Internet tools, such as WHOIS, which is widely used for querying databases that store the registered users or assignee of an Internet resource.
Internet Information Queries
Method is used to discover a range of live IP addresses.
Ping Sweeps
An application program designed to probe a target host for open ports and identify vulnerable services to exploit.
Port Scanners
An application program that can intercept, log, and analyze traffic flowing over a network (also referred to as a packet analyzer, network analyzer, or protocol analyzer).
Packet Sniffers
The goal of ______ ______ is to discover usernames and passwords to access various resources.
Access Attacks
______ ______ are attack mechanisms that combine the characteristics of viruses, worms, Trojan horses, spyware, and others.
Blended Threats
______ attacks masquerade as trustworthy entity to get unsuspecting users to provide sensitive information (and are usually used for identity theft).
Phishing
______ ______ is when a phishing attack is directed at a specific user.
Spear Phishing
______ is when the attack is targeted at a group of high profile individuals such as top-level executives, politicians, famous people, and more.
Whaling
______ is an attack aimed at redirecting the traffic of a website to another website.
Pharming
In a ________________ ______, a hacker positions himself between a user and the destination and can be carried out in a variety of ways. This type of attack is used for session hijacking, theft or information, sniffing and analyzing network traffic, corrupting data flows, propagating bogus network information, and for DoS attacks.
Man-in-the-middle attacks
In __ ______ ______ attacks, a hacker forges IP packets with trusted IP source addresses. MAC address spoofing similarly forges trusted host MAC address on a LAN.
IP and MAC address spoofing
_____ _______ refers to when a hacker has compromised a target and that host is trusted by another host (new target).
Trust exploitation
This is using social skills, relationships, or understanding of cultural norms to manipulate people inside a network and have them willingly (but usually unknowingly) participate and provide access to the network.
Social Engineering
Attacker manually enters possible passwords based on informed guesses.
Password Guessing
Programs use dictionary and word lists; phrases; or other combinations of letters, numbers, and symbols that are often used as passwords.
Dictionary Lists
This approach relies on power and repetition, comparing every possible combination and permutation of characters until it finds a match.
Brute Force
some password crackers mix a combination of techniques and are highly effective against poorly constructed passwords.
Hybrid Cracking
The goal of a _____ attack is to deny network services to valid users.
DoS
A DoS attack in which the attacker provides input that is larger than the destination device expected. It may overwrite adjacent memory, corrupt the system, ad cause it to crash.
Buffer Overflow
Legacy attack in which the attacker would craft a packet specifying a packet size greater that 65,536 bytes. Servers receiving these packets would crash causing a DoS situation. Modern servers are no linger susceptible to this attack.
Ping of Death
A DoS attack that sends a large number of ICMP requests or ICMP responses to a destination device in an attempt to overwhelm it, slow it down, or even crash it.
ICMP Flood
A DoS attack that sends large number of UDP packets to a destination device in an attempt to overwhelm it, slow it down, or even crash it.
UDP Flood
A DoS attack that exploits the TCP three-way handshake operation. The attacker sends multiple TCP SYN packets with random source addresses to the target host. The victim replies with a SYN ACK, adds an entry in its states table, and waits for the last part of the handshake, which is never completed.
TCP SYN Flood
A DoS attack that sends a flood of protocol request packets with a spoofed source IP address to numerous target hosts.
Reflection
A DoS attack that amplifies a reflection attack by using a small request packet to solicit a large response form the victim. For instance, a small DNS query that results in a large reply by the DNS server.
Amplification
This is a self-propagating malware designed to infect a host and make it surrender control to an attacker’s command and control server. ____ can also log keystrokes, gather usernames and passwords, capture packets, and more.
Bots
Describes a collection of compromised zombie systems that are running bots.
Botnets
Describes a host compromised with a bot. The ______ is logged in to the command and control server and quietly waits for commands.
Zombie
Describes the attacker’s host, which remotely controls the botnets. The attacker uses the master control mechanism on a ______ and _____ _____ to send instructions to zombies.
Command and Control Server
Architecture uses a layered approach to create security domains and separate them by different types of security controls.
Defense in Depth
Architecture segments the network where different assets with different values are in different security domains, be it physical or logical.
Compartmentalization
Principle applies a need-to-know approach to trust relationships between security domains. This results in restrictive policies between security domains. This results in restrictive policies, where access to and from a security domain is allowed only for the required users, applications, or network.
Least Privilege
Architecture uses a layered approach to security, with weaker or less-protected assets residing in separated security domains.
Weakest Link
______ are often considered to be the weakest link in information security architecture.
Humans
Concept of developing systems where more than one individual is required to complete a certain task to mitigate fraud and error. This applies to information security controls, and it applies to both technical controls and human procedures to manage those controls.
Separation and Rotation of duties
Principle is based on centralizing security controls to protect groups of assets or security domains such as using firewalls, proxies, and other security controls to act on behalf of the assets they are designed ti protect, and mediate the trust relationships between security domains.
Mediated Access
Architecture should provide mechanisms to track the activity of users, attackers, and even security administrators. It should include provisions for accountability and non repudiation.
Accountability and Traceability
What are some recommendations for a Defense-In-Depth strategy?
Defend in Multiple places Build Layered Defenses Use Robust Components Employ Robust Key Management Deploy intrusion detection/prevention systems (IDSs/IPSs)
