Quiz 3 Flashcards
A \_\_\_\_ attack prevents legitimate users from accessing network resources. Answer buffer overflow session hijacking social engineering DoS
DoS
A \_\_\_\_ can replicate itself, usually through an executable program attached to an e-mail. Answer shell virus keylogger rootkit
virus
A \_\_\_\_ is created after an attack and usually hides itself within the OS tools, so it’s almost impossible to detect. Answer toolbox rootkit shell macro virus
rootkit
A(n) ____________________ is a virus encoded as a macro in programs that support a macro programming language, such as Visual Basic for Applications (VBA).
macro virus
Antivirus software compares ____________________ of known viruses against the files on the computer; if there’s a match, the software warns you that the program or file is infected.
signatures
programming code
Describe an example of a macro virus.
The most infamous macro virus is Melissa, which appeared in 1999. The virus was initiated after a user opened an infected document; the virus then sent an e-mail message to the first 50 entries it located in the infected computer’s address book.
IDS stands for \_\_\_\_. Answer Intrusion Detection System Information Dissemination System Information Destruction System Intruder Dispersal System
Intrusion Detection System
In a \_\_\_\_ attack, a programmer finds a vulnerability in poorly written code that doesn’t check for a defined amount of memory space use. Answer buffer overflow DoS DDoS session hijacking
buffer overflow
Malware programs cannot be detected by antivirus programs.
False
PKI stands for \_\_\_\_. Answer Public Key Infrastructure Private Key Infrastructure Protected Key Infrastructure Primary Key Infrastructure
Public Key Infrastructure
Software keyloggers behave like \_\_\_\_ and are loaded on a computer. Answer Trojan programs viruses shells firewalls
Trojan programs
Some security professionals use fear tactics to scare users into complying with security measures. Is this a good tactic?
Some security professionals use fear tactics to scare users into complying with security measures. Their approach is to tell users that if they don’t take a particular action, their computer systems will be attacked by every malcontent who has access to the Internet. This method is sometimes used to generate business for security testers and is not only unethical, but also against the OSSTMM’s Rules of Engagement. The rule states: “The use of fear, uncertainty, and doubt may not be used in the sales or marketing presentations, websites, supporting materials, reports, or discussion of security testing for the purpose of selling or providing security tests. This includes but is not limited to crime, facts, criminal or hacker profiling, and statistics.”
Your approach to users or potential customers should be promoting awareness rather than instilling fear. You should point out to users how important it is not to install computer programs—especially those not approved by the company—on their desktops because of the possibility of introducing malware. Users should be aware of potential threats, not terrified by them.
The most effective approach to protect a network from malware being introduced is to conduct structured training of all employees and management.
True
Trojan Programs can install a backdoor or \_\_\_\_ on a computer. Answer rootkit shell worm macro virus
rootkit
To represent 0 to 63 characters you need only \_\_\_\_ bits. Answer four five six seven
six
What is spyware?
A spyware program sends information from the infected computer to the person who initiated the spyware program on your computer. This information could be confidential financial data, passwords, PINs—just about any data stored on your computer. You need to make sure your users understand that this information collection is possible, and that spyware programs can register each keystroke entered. It’s that simple. This type of technology not only exists, but is prevalent. It can be used to record and send everything a user enters to an unknown person located halfway around the world.
What is a DDoS attack?
A distributed denial-of-service (DDoS) attack is launched against a host from multiple servers or workstations. In a DDoS attack, a network could be flooded with literally billions of packets; typically, each participant in the attack contributes only a few of the total number of packets. If one server bombards an attacked server with hundreds or even thousands of packets, available network bandwidth could drop to the point that legitimate users notice a performance degradation or loss of speed. Now imagine 1000 servers or even 10,000 servers involved, with each server sending several thousand IP packets to the attacked server. There you have it: a DDoS attack. Keep in mind that participants in the attack often aren’t aware their computers are taking part in the attack. They, too, have been attacked by the culprit. In fact, in one DDoS attack, a company was flooded with IP packets from thousands of Internet routers and Web servers belonging to Yahoo.com.
What is the most important recommendation that should be made to a client to help prevent viruses from being introduced into corporate networks?
To help prevent viruses from being introduced into corporate networks, the most important recommendation you should make to a client is to update virus signature files as soon as they’re available from the vendor. Most antivirus software does this automatically or prompts the user to do so. An organization can’t depend on employee vigilance to protect its systems, so centralizing all antivirus software updates from a corporate server is prudent.
What is the difference between spyware and adware?
The difference between spyware and adware is a fine line. Both programs can be installed without the user being aware of their presence. Adware, however, sometimes displays a banner that notifies the user of its presence. Adware’s main purpose is to determine a user’s purchasing habits so that Web browsers can display advertisements tailored to that user. The biggest problem with adware is that it slows down the computer it’s running on.
Why is “attach” a key word when talking about viruses?
A virus does not stand on its own. It can’t replicate itself or operate without the presence of a host program. A virus attaches itself to a host program, just as the flu attaches itself to a host organism.
What types of ports do successful Trojan programs commonly use?
A good software or hardware firewall would most likely identify traffic that’s using unfamiliar ports, but Trojan programs that use common ports, such as TCP port 80 (HTTP) or UDP port 53 (DNS), are more difficult to detect.
The programmer who wrote Backdoor.Slackbot.B controlled a computer by using Internet Relay Chat (IRC), which is on port 6667.
\_\_\_\_ are devices or computer programs that can be used to capture keystrokes on a computer. Answer Viruses Keyloggers Macro viruses Firewalls
Keyloggers
\_\_\_\_ commands that open and close files can be used in destructive ways. Answer Macro Firewall Keylogger Adware
Macro
\_\_\_\_ enables an attacker to join a TCP session and make both parties think he or she is the other party. Answer A DoS attack The Ping of Death A buffer overflow attack Session hijacking
Session hijacking
\_\_\_\_ is a remote control program. Answer Slammer BlackIce Symantec pcAnywhere Zone Alarm
Symantec pcAnywhere
\_\_\_\_ is concerned with the security of computers or devices that are part of a network infrastructure. Answer Attack security Cybercrime Computer security Network security
Network security
\_\_\_\_ sometimes displays a banner that notifies the user of its presence. Answer Spyware Adware Webware Malware
Adware
____________________ is malicious software, such as a virus,worm, or Trojan program, introduced to a network for just that reason.
Malware
____________________ is defined as securing a stand-alone computer that’s not part of a network infrastructure.
Computer security
