Operations Security - Domain 7 Flashcards

1
Q

Q

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Operations Security - 3 Daily Tasks

A
  1. Operational Assurance 2. Daily Procedures 3. Vulnerability assessment and pen test
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Operations Security - Daily Procedures (6)

A
  1. Configuration Managment 2. Change Management 3. Asset Management 4 License Management 5 Capacity Planning 6 Fault Management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Operations Security - Operations Responsibilities (7)

A
  1. Maintaining production systems 2 Integrating new software and systems into production env. 3 Installing new versions of programs 4 Running bath jobs, creating reports, patching systems 5 Managing backups 6 Managing audit logs 7 dealing with network and system failures, upgrades, and configurations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Operations Security - Operational Duties (2)

A
  1. Unusaul or unexplained occurrences 2. Deviations from standards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Operations Security - Deviations from Standards (4)

A
  1. Performance decreases, bandwidth usage increases, excessive memory use 2 Unscheduled initial program loads 3 mainframe term for loading kernel 4 computer rebooting for no obvious reason
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Operations Security - Personnel (Operators - mainframes)

A
  1. Monitor execution of system 2 control flow of jobs 3 mounting i/o volumes 4 initial program load 5 renaming/relabeling resources 6 reassigning ports/lines
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Operations Security - Personnel (Network administrator)

A
  1. Maintenance and control of network operations 2. All device and system administration tasks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Operations Security - Personnel (Security administrator)

A
  1. Implementing dictated user clearances 2. setting initial passwords and security profiles for users 3. configuring sensitivity levels 4 Implementing device security mechanisms and secure communication channels 5 reviewing audit logs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Operations Security - Audit Data

A
  1. Audit logs are an automated feature of certain operating systems and programs that create a record of specific transactions or activities 2. computer fraud can increase if audit logs are not being kept and reviewed 3. trend analysis tools are used to identify anomalies in audit logs 4 exception reports area result of system monitoring activity that is a deviation from standards or policies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Operations Security - Library types

A
  1. Production - holds software in production 2 programmer - holds work in progress 3 source code - holds source and should be escrowed 4 media - hardware centrally controlled
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Controlling access to media - Librarian

A
  1. librarian to control access 2 logs who takes what material out and when 3 materials should be properly labeled 4 media must be properly sanitized
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Purpose of trusted recovery

A
  1. No comprimise of protection mechanisms or possibility of bypassing them (BSOD) 2. preparing system for failure and recovering the system 3 failure of system cannot be used to breach security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Fax machine security issues (2)

A

1 Can be used to xfer sensitive data 2 paper in bin for all to see

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Fax security solution (5)

A

1 fax server can route faxes directly to email box instead of printing 2 can disable print feature 3 fax encryptor encrypts bulk data at data link layer 4 provides extensive logging and auditing 5 can use public key crypt for secure xfer of material

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Network availability (3)

A

1 One of three primary security principles 2 attacks, component or device failure can affect a networks availability 3 single point of failure must be avoided

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Hot Spares

A

1 SLA 2 MTBF 3 MTTR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

RAID

A
  1. Provide fault tolerance 2 Data is separated into multiple units on multiple disks using the process striping and parity 3 HW or SW implementation 4 provides high availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

RAID types (4)

A

1 RAID 0 striped 2 RAID 1 Mirrored 3 RAID 5 striped w/ parity 4 RAID 10 Striped w/ mirrored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Backups

A

1 Backing up software and having backup hardware is a large part of network availability 2 It is important to be able to restore data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Backups - Types

A
  1. Full - archive bit set 2 Incremental - backup modified files and reset archive bit 3 Diff - all files since last backup - archive bit is not reset 4 Copy - same as full but archive is not reset
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Intrusion Detection Systems (4) IDS

A
  1. Software is used to monitor a network segment or computer 2. used to detect attacks and other malicious activity 3 dynamic 4 two types - network and host
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

IDS - Network (3)

A
  1. Monitors traffic on a segment 2 computer or network appliance with nic in promiscuous mode 3 sensors communicate with a central management console
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

IDS - Host (2)

A

1 Small segment programs that reside on individual computer 2 detects suspicious activity on one system, not a network segment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

IDS components (3)

A
  1. Sensors 2. Analysis engine 3. management console
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

IDS - Signature based (3)

A
  1. IDS has a dbase of signatures which are patterns of previously defined attacks 2 cannot identify new attacks 3 base needs continual updates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

IDS - Behaviour based (3)

A
  1. compares audit files, logs, and network behavior and develops and maintains profiles of normal behavior 2 Better defense against new attacks 3 Creates many false positives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

IDS - Analysis Engine Methods (Pattern)

A
  1. rule based ID 2 Signature based ID 3 knowledge based ID
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

IDS - Analysis Engine Methods (Profile)

A

1.Statistical ID 2 Anomaly ID 3 Behavior ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

IDS Response Options (5)

A
  1. page or email admin 2 log event 3 send reset packets to the attacker connections 4 change a firewall or router ACL to block an IP address or range 5 Reconfigure router or firewall to block protocol being used for attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

IDS Issues (5)

A
  1. May not be able to process all packets on a large network 2 cannot analyze encrypted data 3 switch-packet networks make it harder to pick up packets 4 a lot of false alarms 5 not an answer to all prayers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Honey Pot - Deployment (4)

A

1 Pseudo flaw: Loophole purposely added to operating sys or application to trap intruders 2 Sacrificial lamb system on network 3 Administrators hope that intruders will attack this system instead of their production systems 4 It is enticing because many ports are open and services are running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Depth in Defense

A

Multilayered with multiple dimensions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Security Testing - Vulnerability Assessment (3)

A
  1. Physical/Operations/Electronic 2 Identify weakness 3 Correct them
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Security Testing - Penetration testing (3)

A
  1. Ethical hacking to validate discovered weakness 2 Red teams 3 Black box tests
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Security Testing - NIST

A

SP 800-42 Guidline on security testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Blue Teaming

A

Least expensive and most frequently used testing

38
Q

Red Teaming

A

Provides a better indication of everyday security

39
Q

Testing Guidelines - Reasons for testing

A
  1. Risk analysis 2. Certification 3 Accreditation 4 Security Architectures 5 Policy Development
40
Q

Testing Guidelines (4)

A
  1. Reasons for evaluating an organizations systems 2 Develop a cohesive well-planned and operational security testing program 3 Responsible approach to overall security
41
Q

Why do tests work?

A
  1. Lack of awareness 2 Policies not enforced 3 Procedures not followed 4 Disjointed operations between departments 5 Systems not patched
42
Q

Penetration Testing Goals (5)

A

1 Check for unauthorized hosts connected to the organizations network 2 Identify vulnerable services 3 Identify deviations from the allowed services defined in the organizations security policy 4 Assist in the configuration of the IDS 5 Collect forensic evidence

43
Q

Penetration Testing Issues (4)

A
  1. Three basic requirements : a. defined goal which should be clearly documented b limited timeline outlined c approved by senior management only management should approve this type of activity 2 Issue: it could disrupt productivity and systems 3 Overal purpose is to determine subjects ability to withstand an attack and determine effectiveness of current security measures 4 tester should determine effectiveness of safeguards and identify areas of improvement
44
Q

Penetration Testing Roles and Responsibilities (4)

A
  1. Approval for the tests may need to come from as high as the CIO 2. Customary for the testing organization to alert other security officers management and users 3 Avoid confusion and unnecessary expense 4 In some cases it may be wise to alert local law enforcement
45
Q

Penetration Rules of Engagement (6)

A
  1. Specific IP addresses/ranges to be tested 2 A list of acceptable testing techniques 3. Times when testing is to be conducted 4 Points of contact for the penetration testing team, the targeted systems, and the networks 5 Measures to prevent law enforcement being called for false alarms 6 Handling of information collected by pen test team
46
Q

Types of Penetration Testing - Physical (3)

A
  1. Access into building or department 2. Wiring closets liked file cabinets offices server rooms sensitive areas 3 Remove materials from building
47
Q

Types of Penetration Testing - Operational

A

Help Desk giving out sensitive information, data on disposed disks

48
Q

Types of Penetration Testing - Electronic

A

Attack on systems, networks, communications

49
Q

Attack Methodology - Target Acquisition

A

Intelligence gathering, limit information, distractions (honeypots)

50
Q

Attack Methodology - Target Analysis

A

Look for weakness, remove vulnerable services, hide identifying information regarding vulnerable services

51
Q

Attack Methodology - Target Access

A

Strong Access Controls (AAA) and identity management

52
Q

Attack Methodology - Target Appropriation

A

Privilege escalation and rootkit (back door) escalation

53
Q

Test Attack Phases - Reconnaissance

A

Learning about the target from public sources of information

54
Q

Test Attack Phases - Footprinting (3)

A
  1. Mapping the network 2 ICMP ping sweeps 3 DNS Zone transfers
55
Q

Test Attack Phases - Fingerprinting (2)

A
  1. Identifying the host information 2 Port scanning
56
Q

Test Attack Phases - Vulnerability Assessment (2)

A
  1. Identifying weaknesses in system configuration 2 Discovering unpatched software
57
Q

Test Attack Phases - The Attack! (4)

A
  1. Penetration 2 Privilege escalation 3 Root Kits 4 Cover tracks
58
Q

Attacks - Ping of Death (3)

A

1 Sending a series of oversized ICMP packets 2 receiver does not expect this size packet or know what to do with it 3 DoS attack

59
Q

Attacks - Spoofing (3)

A
  1. Use a bogus IP address 2 Using captured credentials 3 Countermeasures: encryption, OTP, ingress and egress filtering, report last time user accessed system
60
Q

Attacks - Spamming (2)

A
  1. Distributing un-requested mail 2 Countermeasures: e-mail filters, disable mail relay on mail servers
61
Q

Attacks - Teardrop

A

Sending malformed fragmented packets that freeze certain systems when they try to assemble the fragments

62
Q

Attacks - Land

A
  1. Destination and source address and port numbers are the same 2. Most operating system and routers have been vulnerable
63
Q

Patch Management

A

Faster more systematic testing and optimized patch rollout reduces the window of vulnerability on installed systems

64
Q

Padded Cell and vulnerability tools (4)

A
  1. Concept used in software programming where a safe environment is created for applications and processes to run in 2 Concept used in IDS where identified intruder is moved to a “safe” environment without their knowing 3 Simulated environment to keep the intruder happy and busy 4 aka: self mutating honey pot , Tarpit
65
Q

Watching Network Traffic - Traffic Analysis

A

Watching traffic and its patterns to try and determine if something special is taking place

66
Q

Watching Network Traffic - Traffic Padding (3)

A
  1. Generationg spurious data in traffic to make traffic analysis more difficult 2. the amount and nature of traffic maybe masked 3 attempt to keep traffic constant so no information can be gained
67
Q

Attack Phases (4)

A
  1. Gaining access 2 Escalation of privilege 3 System browsing 4 Install additional software
68
Q

Privilege Escalation - SetUID

A
  1. Unix program that has root privileges but can be run by users 2 When a user changes their password, the command changes files that only root has access to 3. Some SetUID programs have bugs to allow elevated privilege through buffer overflows or race conditions
69
Q

Privilege Escalation - SU

A

1 Switch User command 2 changes user credentials to rott or specified user temporarily

70
Q

Network Scanning (3)

A
  1. List all active hosts 2 Network services 3 Port scanner (NMAP, Finger, Banner Grabbing)
71
Q

Vulnerability Scanning - Identifying (6)

A
  1. Identifying active hosts on network 2. Identifying active and vulnerable services 3 Identifying Applications 4 Identifying OS 5 Identifying vulnerabilities associated with identified apps and OS 6 Identifying misconfigured settings
72
Q

Vulnerability Scanning - Testing

A

Compliance with host application usage/security policies

73
Q

Vulnerability Scanning - Establish

A

Foundation for penetration testing

74
Q

Password Cracking (3)

A
  1. Goal is to identify weak passwords 2 Passwords are generally stored and transmitted in an encrypted form called hash 3 Password cracking requires captured password hashes
75
Q

Password Cracking Techniques (5)

A
  1. Dictionary 2 Brute Force 3 Hybrid 4 LanMan password hashes 5 Rainbow tables
76
Q

War Dialing (4)

A
  1. Goal is to discover unauthorized modems 2 Dial large blocks of numbers in search of modems 3 include all numbers for an organization but those that ould be impacted negatively 4 If removal is not possible, block inbound calls to the modem
77
Q

Wireless LAN testing - 802.11 (2)

A

1 Serious flaws in its current implementation of WEP 2 Default configuration

78
Q

Wireless LAN testing - Web

A

Web sites publish the locations of discovered wireless networks

79
Q

Wireless LAN testing - Wireless Attacks (4)

A

1 Insertion attacks 2 Interception and monitoring of wireless traffic 3 DoS 4 Client to Client attacks

80
Q

Reporting - Planning (3)

A
  1. Rules of engagement 2 Test plans 3 Written permission
81
Q

Reporting - Discovery and attack (2)

A
  1. documentation of logs 2. Periodic reports
82
Q

Reporting - End of test Report (2)

A
  1. Describe the identified vulnerabilities and risk rating 2 Guidance on the mitigation of these weaknesses
83
Q

Corrective Actions (9)

A
  1. Investigate and disconnect unauthorized hosts 2 Disable or remove unnecessary and vulnerable services 3 Modify vulnerable hosts to restrict access to vulnerable services to a limited number of required hosts 4 Modify enterprise firewalls to restrict outside access to known vulnerable services 5 Upgrade or patch vulnerable systems 6 deploy mitigating countermeasures 7 improve configuration management program and procedures 8 assign a staff member to: a. monitor vulnerability alerts b examine applicability to environment c intimate appropriate system changes 9 modify the organizations security policies and architecture
84
Q

Log Reviews (6)

A
  1. Firewall Logs 2. IDS Logs 3 Server Logs 4 Other logs that collect audit data 5 Snort is a free IDS sensor 6 Log reviews should be conducted very frequently on major servers and firewalls
85
Q

Deploy file integrity checkers (6)

A

1 Computes and stores a checksum 2 Should be recomputed regularly 3 Usually included with any host-based intrusion detection system 4 Requires a system that is known to be secure to create the initial reference database 5 False positive alarms 6 LAN guard is a freeware file integrity checker

86
Q

Change Control (3)

A

1 Operations staff should be involved with decisions pertaining to changes of the environment to control any modifications 2 Involvement of Operations ensures that changes to a system are not done unintentionally 3 Change should be submitted, approved, tested, and documented before being implemented

87
Q

Purpose of Configuration Management (3)

A
  1. Identfying, controlling, accounting for and auditing changes made to the baseline TCB 2 A system that will control changes and test documentation through the operational lifecycle of a system 3 Major objective is system stability
88
Q

Redundant Servers

A

Primary server mirrors data to secondary server: hot-a online spare that is available for immediate failover with no interruption in client hosting b. Warm -a hot spare that would be available for immediate failover although clients would loose their connections and require re-establishment c. cold-a configured standby spare that could be used if the primary is unavailable. This results in lost connections.

89
Q

Redundant Networks - Dual Backbone (3)

A

1one of the best examples of increasing network availability is the over design of backbone networks 2 a completely redundant backbone network design is commonly referred to as the dual backbone network 3 building and campus networks utilize a dual backbone design to ensure paths between endpoints, data centers, plus wide area and internet connections always stay open

90
Q

Clustering (4)

A
  1. Group of servers that are managed as a single system 2 higher availability, greater scalability, easier to manage instead of individual systems 3 All servers take part in processing 4 cluster looks like a single server to the user
91
Q

SAN - Bring networking to storage (6)

A

1 Best in class system elements 2 Server and storage consolidation 3 Redundancy 4 Load balancing 5 Business continuance 6 centralized management