Sec_Vista Flashcards
BIA
business impact analysis interviewing to gather info about business units and their functions.
Id and Prioritize business function
contingency plan
detail how all business function will be carries out during an outage or disaster
Occupant Emergency Plan (OEP)
OEP minimize injury or loss of life during an outage or disaster
Define Privilege Escalation vs attack
Gain access to a file you should not have access to by changing permission of your valid account
Hacking is using another user’s credentials
Social Engineering is impersonating a user to get their credentials
What is a use for CSR?
Certificate Signing Request: first step to verify the authenticity of a certificate issued by a CA
Define OID
Object Identifiers: id X.509 certificates (dotted #s)
What type of encryption is EIGamal
asymmetric public key encryption based on D-H.
Used for digital signatures, key exchange, & data encryption
What is HAVAL, IDEA, & Knapsack?
HAVAL: hashing algorithm (message digests)
IDEA: International data encrypt algo: block cipher used by PGP for secret key encryption
Knapsack: asymmetric encryption algo; not D-H based
Would you format storage media? And what methods would destroy it?
No, format aka delete data does not remove data. Pulverize, degauss, purge, & wiping
What is degaussing and when to not use it?
Reduce or eliminate unwanted magnetic field on storage media. Does not work on CD or DVDs
How to describe DNS poisoning?
Practice of dispensing IP addresses & host names with the goal of traffic diversion.
What are other DNS attacks?
Syn Flood: send DNS server sync messages with spoofed packets
DNS DoS: transmit malformed packets to DNS server to cause a crash
How to log changes to a file?
Use a file integrity check to examine files and check for changes then log any changes that occurred
Define HIDS/HIPS
Alert for a Single server or computer & stop the attack
i.e. shut port 80 when if traffic exceeds baseline norm
What is a VPN?
A virtual private network is not a physical network. It allows secure communication between companies not located together or between private networks. It transports encrypted data
What is a VLAN?
Allows networks to be segmented logically without physically rewiring the network. Provides added security layer by isolating resources into subnets.
What is denial of service?
Attacker floods a system with messages to prevent the system from replying to valid requests
What model does PGP, PKI, and CA use?
PGP uses web of trust to validate key pairs
PKI & CA use hierarchy to sign key pairs
What is a RADIUS federation used for?
A group of RADIUS servers assisting with network roaming. The servers validate login credentials of a user belonging to another RADIUS server’s network.
i.e. tenants in a shopping area want all customer to access internet in their area
Define EAP-FAST, EAP-TLS, EAP-TTLS
These are all authentication protocols
EAP manages key tranmissions
TLS - uses X.509 digital certificate to authenticate
TTLS - encapsulates TLS allowing for client authentication
FAST - creates TLS tunnel used in wireless & point-to-point network
What devices connect multiple LAN segments?
Bridge, switches, & routers
Bridge & switch (layer 2) use MAC to send packets to destination
Routers (layer 3-network) use IP address to route packets to destination
What is ISA
Interconnection security agreement gives security requirements for interconnection between two organizations
Why use airgapping & sandboxing?
Air gapping: physically separate secure networks & equipment from insecure networks & equipment. Data can only be moved physically via disk or USB
Sanbox: test a system to security patches or issues i.e. legacy system
Who is responsible for access in DAC & RBAC?
DAC: data owner
RBAC: security administrator
what do phreakers attack?
VoIP or PBX equipment
What are 2 VPN protocols?
PPTP: create a secure WAN connection
L2TP: VPN, packets, encrypt data
Both use tunnels for security
PPP: establish dial-up network connections
What replaced Infrared?
Infrared needs line-of-sight communication i.e. TV. Replaced by Bluetooth & Wi-fi
What is ANT?
Low-power (proprietary) tech used in wearable devices like fitness sensors. NFC: connects devices automatically when in range i.e. smartphone or mobile payments
TPM vs. HSM
TPM chip implement hardware-based encryption
HSM stores key or digital certificates and can be replaced
What type of attack redirects a user to a fake website?
Hyperlink spoofing aka web spoofing or URL spoofing
Gets browser to connect to a fake server to get access to confidential info: PIN, credit card, bank details
Uses hyperlinks instead of DNS addresses
What should you consider when choosing a mail gateway?
Spam Filter, DLP, encryption
Spam filters: trap undesirable mail
DLP: prevent unauthorized access, protect data
Encrypt: critical feature, scramble outgoing messages
When creating a wireless network what protocol has maximum security and supports older wireless clients?
WPA: wi-fi protected access
WPA fixed WEP issues
WAP: wireless app protocol is the weakest (don’t use)
WEP: security standard for wireless networks and devices to encrypt data - not as secure as WPA
WAP vs. WAP2
WPA uses TKIP (temporal key integrity protocol)
WPA2 uses CCM Mode Protocol (CCMP) for encryption with AES
Operate in two modes: personal & enterprise
Personal uses Preshared Key (PSK)
Enterprise uses EAP for authentication
more secure than WPA2-PSK & needs a digital certificate
Which protocols should be used for implementing a secure wireless authentication method using a RADIUS server for authentication?
LEAP (lightweight extensible authentication protocol) to
PEAP (protected extensible authentication protocol)
Both offer to simplify secure authentication, but PEAP is more secure
How do Trojan horses, worms, viruses, and spyware work?
Spyware: tracks cookies to collect & report on user’s activities
Virus (malware) relies on other apps to execute itself and infect a system
Worm: spreads itself through network connections
Trojan Horse: disguised as a useful utility but contains malicious code that can damage a network or give hackers a pathway into a network
What is DER?
DER (distinguished encoding rules) certificate encoded by ASN.1 not Base64 ASCII
Its a parent format of PEM (used by webservers)
And does not support storage of private key or cert paths
What are PFX, P12, P7B?
All are certificate types using Base64 ASCII encoding
PFX & P12 are ways to export private keys
What is DIAMETER used for?
VoIP & wireless services
DIAMETER uses EAP and was meant to handle tech that RADIUS could not
What is SAML?
Security Assertion Markup Language: an XML data format for exchanging authentication & authorization data between an identity provider and a service provider
Is Kerberos more secure than RADIUS, TACACS, or LDAP and what is it for?
Yes, its a method of access, authentication, & authorization
TACACS is a CISCO implement of RADIUS, TACACS+ uses challenge response
What are some security solutions for a mobile device?
White-listing: permit certain apps to be installed & run on the device
Transitive Trust: federated user identities allow users to access multiple apps, devices, & resources
Remote Wiping & Screen Lock
When using social media at work what is a concern?
Data Exfiltration
How does a weak security configuration happen?
Neglecting to implement a specific security device or not configuring security settings properly
What cipher & hash algorithm would be good to use on an organization’s network?
RC4 - encrypts streaming video based on a stream cipher for streaming video providing 56-bit encryption
A type of symmetric algo
What is one-way hashing and which algorithm uses it?
MD5 inserts a string of variable length into a hashing algorithm and produces a hash value of a fixed length
then it attaches to the end of the message and if the recomputed hash value is the same then the message wasn’t altered during transmission
Used to verify file integrity
What are SHA variants?
Secure Hash Algorithm (SHA) are MD2, MD4, MD5, HAVAL
MD5 is a one-way hashing algorithm
Mostly replaced by SHA-2 aka SHA-256
What are the four modes of symmetric ciphers?
ECB (Electronic Cook Book) implements the cipher in its original form (each block independent from the rest)
CBC (Cipher Block Chaining) uses output & XOR to increase diffusion
CTM or CTR (Counter Mode) converts block into a stream cipher
GTM (Galois Counter Mode) uses hash function to complicate encrypt
What is XSRF?
Cross-site request forgery aka session riding involves unauthorized commands from a trusted user to a or web site (usually social networking involved)
i.e. 2 friends chatting on instant message app and one clicks on a link that ends up sending bank info
What type of attack is a buffer overflow attack? What does a macro virus do?
Buffer is a DoS occurring when more data goes into the buffer than it can handle
Macro Virus commands an app to perform actions using programming instructions
What control type is a security policy that includes system testing and security awareness training?
Preventative Administrative Controls
Admin Control dictate how security policies are implemented to fulfill a company’s security goals
Includes policies & procedures, training, supervisory structure
Detective is monitoring & supervising
What are detective & preventative technical controls
Detective include audit logs & IDS
Preventative: include ACL, routers, A-V, smart cards,…
What is throughput?
The rate at which something is processed
Processor speed, memory, & bandwidth allocated affect a workstation’s throughput
What is an advantage & disadvantage to using NIDS?
Low maintenance in analyzing network traffic
Monitors a packets sent over a network segment but cannot analyze encrypted information
i.e. packets going through a VPN
What are the advantages & disadvantages of HIDS?
HIDS are difficult to configure & monitor
Uses OS audit logs & system logs
Not affected by a switched network
Explain Kerberos using AS, TGT, TGS, & CS
AS (Authentication Service) authenticates users with TGT
User, who wants access to a network resources, gives TGT to TGS
TGS turns TGT into a session key
The CS (client-server) takes the session key letting the client & server authenticate with one another
AS, TGS, CS are the main protocols to authenticate & authorize use of resources
Define how a firewall, proxy server & NAT server work on a network?
Firewall: allows & denies network access through communication ports
NAT server: presents IP to the internet on behalf of computers on a private network
Proxy server: enables hosts to access internet resources
Increases performance by caching web pages and filtering content
What does RSA encryption algorithms do?
RSA is an asymmetric cryptography that can prevent MiTM by authenticating with public & private keys
Does not use logarithms its uses prime numbers and is the de factor standard for digital signatures
Least privilege can be called what?
File system security only allow what is necessary to do a job
Define recertification
Examine a user’s permissions to determine if they still need access to what was previously granted
What is Snort & Wireshark?
Snort is a network intrusion detection system (NIDS)
Wireshark is a network protocol analyzer: monitors data traffic & analyze captured signals as it moves along LAN, PAN, & wireless networks
What does Message Authentication Code (MAC) ensure?
Message Integrity
Protects against message replay, but does not ensure availability of data or confidentiality
HMAC - Hash-MAC is a symmetric key appended to message to the authorized recipient but lack confidentiality too
CBC-MAC symmetric key in CBC cipher mode encrypts the message
What should you implement if you need to ensure wireless clients can only communicate with wireless access points and not other wireless clients?
Isolation Mode
FYI: SSID is a wireless network’s name
What are the steps in a change control process?
Make a Request Analyze the Request (cost, security?,...) Record the Request Submit the Request for Approval Make the Change Send to management for review
Define spoofing
Spoofing aka masquerading is when a person or program pretends to be another person or program
the source IP addr is spoofed/modified to imitate an IP address from an authorized source
i.e. MiTM or session hijacking or email
Pharming vs. spoofing
Both redirect to a fake site to steal info but pharming often poisons the DNS cache to ensure redirect even if correct URL is entered
What does a packet-filtering firewall do?
Looks at a data packet to obtain source & destination addresses along with the protocol & port used
Compares to rules based on ACL
An application-level firewall examines the entire packet
Define stateful firewal
Examines all packet layers to compile information for the state table
What is a KDC?
Key Distribution Center used in Kerberos for storing, distributing, & maintaining cryptographic session keys
Client requests resource access through the KDC which Stores secret keys used to generate session keys so it does not use public keys
What are 4 SIEM features?
Automated Alerting & Triggers for when a predetermined event occurs
i.e. NIPS shut down port 80 during unusually high web traffic
Correlation: find patterns between events among different devices
Logs/WORM long-term storage & security so data can’t be modified
Aggregation: collects events that are flagged by network hardware & SW applications
Which algorithm does the US gov’t use for digital signatures that NIST & NSA developed?
Digital Signature Algorithm (DSA)
Name three secret key encryption standards used to encrypt files.
AES, DES, IDEA
SHA-1 is a hashing algo to determine if the file was changed
Define Protocol Analyzer
Provides info regarding traffic flow & statistical information on your network
Also called network analyzer or packer sniffer
What are transport & tunnel modes used for?
Provided by IPSec to transmit IP packets securely
Tunnel good for VPN & entire IP packet
Transport good for ESP host-to-host & upper layer
Method to send encrypted data over the internet
Difference between what backdoor & escalation of privilege use to gain access
Backdoor attacker inserts code to enter an app and bypass security
Escalation of privilege uses design flaws to gain unauthorized access
Vertical: obtains higher privileges to run unauthorized code
Horizontal: same level of permissions but using a different user account
Define database views
A content-dependent access control based on sensitivity of info & user privilege
Partitioning ensures database security making it difficult to collect & combine confidential information to deduce facts
Define stored procedures
SQL statements executed as a group & similar to scripts. Protects from SQL injection attacks
