Security Flashcards
Spoofing - what is it? Why do hackers do it?
Spoofing is when a hacker assumes a trusted IP or physical (MAC) address to gain access to your network.
This can be done in order to:
• gain root access
• inject malicious data into your
network
- divert packets to themselves
- perform a DoS attack
- set up a larger attack.
DoS
Denial of Service attack - hacker will monopolize a networks resources, keeping legitimate users from being able to get service.
Zero-day attacks
Attack involving a virus that has never been seen “in the wild” before. Zero day attacks are more threatening because the malicious software is unrecognizable and often unidentifiable.
Pharming
Altering a host file to divert traffic intended for a legitimate site to another site (often an imposter site built by the attacker).
Brute Force Attack
A password attack in which all possible password combinations are tried sequentially until the correct one is guessed.
Packet Sniffer
A program that can intercept and log traffic passing over a digital network.
Keylogger
A program that detects and logs every keystroke made. Can be used to capture passwords and other confidential information.
Software keyloggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include: •clipboard logging - captures anything copied to the clipboard •screen logging - takes screen shots periodically or in response to user behavior •programmatically capturing the text in a control •recording all search engine queries, IM convos, etc.
What is the purpose of risk analysis?
To quantify the impact of a potential threat.
What are the two types of risk analysis? What does each type use to measure the impact of a threat?
• Quantitative - uses a mathematical
model
• Qualitative - uses a scenario
model
What are the five stage of the secure network life cycle?
- Initiation
- Acquisition and development
- Implementation
- Operations and maintenance
- Disposition
What are the four different models and frameworks regarding security?
- COBIT
- ISO 27000
- ITIL
- NIST
COBIT
Control Objectives for Information and Related Technology
ISO 27000
International Organization for Standardization
ITIL
Information Technology Infrastructure Library
NIST
National Institute of Standards and Technology
What is war dialing? Why might a network administrator do it?
War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines.
Hackers can use the resulting lists for various purposes. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company’s telephone network.
What is wardriving?
Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or personal digital assistant (PDA).
What is an event? What is an incident?
Even - Any observable occurrence in a system or network.
Incident - Any observable occurrence that has a negative consequence.
MTD
Maximum Tolerable Downtime - total amount of time the system owner or authorizing official is willing to accept for a mission or a business process outage or disruption; includes all impact considerations
RTO
Recovery Time Objective - the total amount of time a system resource can be unavailable before there is an unacceptable impact on other system resources, supported mission or other business processes.
RPO
Recovery Point Objective - the point in time (prior to a disruption or system outage) to which business or mission data can be recovered after an outage.
IaaS
Infrastructure as as Service
SaaS
Software as a Service - software existing in the cloud and being accessed as a service by end-point devices
SGA
Security Group Access
Cisco ASA
Adaptive security appliance
Five Nines
The goal of 99.999% up time