Security 6.1 Flashcards
What technique would a hacker use to target the availability of network services?
Compromise hosts with bot malware to launch a coordinated attack that overwhelms a web service
Confidentiality
Information is only revealed to authorized people
Think Encryption
Confidentiality Concerns
Snooping, Eavesdropping/wiretapping, Social Engineering, dumpster diving
Snooping
this is any attempt to get access to information on a host or storage device
Eavesdropping/Wiretapping
snooping on data or telephone conversations as they pass over the network.
“tap” into a wire network or intercept unencrypted wireless transmissions
Social Engineering/Dumpster Diving
getting users to reveal information or finding printed information.
Integrity
Data being stored and transferred has not been altered without authorization.
(Think Non-Repudiation/Hashing)
Man in MIddle
hosts sits between 2 communicating nodes and captures comms and relays all communications between them.
Replay Attack
host captures another’s to some server and replays that response to gain unauthorized access.
Availability Concerns
Keeping a service running so that authorized users can access and process data whenever necessary.
(Think ACCESS)
Ex. Denial or Service D.O.S., Power Outage, Hardware Failure, Destruction, Service Outage
Authentication
One or more methods of proving that a user is who they say they are
(Proving that you are who you say you are or what you claim to be)
Non-repudiation
the assurance that someone cannot deny the validity of something.
Authorization
creating one or more barriers around the resource such that only authenticated users can gain access.
(permissions list that allows what users can do)
Accounting
Recording when and by whom a resource was accessed.
(
Hashing
the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.
Which action is an example of an appropriate redundancy measure?
Using a backup power generator in a hospital to provide electricity to critical life-support systems
What technique can be used to prevent eavesdropping on a data network?
Encrypting data in-transit
How do cyber criminals typically use wiretapping to steal information?
Using a hardware device that inserts the hacker between two hosts
Which is an availability-related factor to consider when choosing a third-party cloud service provider?
Fault tolerance
How can an administrator reduce the impact of hardware failures?
Provisioning redundant servers and configure a service to failover to a working server
What action can help mitigate the risk of impersonation attacks?
Implementing strong identity controls, such as badging systems for building access and multi-factor authentication for network access
impersonation attack
when a malicious actor assumes the identity of a legitimate party.
Ex.
What action can help mitigate the risk of replay attacks?
Ensuring that applications use encryption and time-stamping to make certain that the tokens cannot be misused
In which type of email-based social engineering attack does a person pretend to be someone else for the purpose of identity concealment by manipulating an IP address, MAC address, or email header?
Spoofing
If someone claims to be receiving spam, what problem is occurring?
The person is receiving advertising or promotional schemes through instant messaging.
