Security of Networks, Systems, Applications and Data Flashcards
While every risk assessment methodology has different nuances and approaches, most have three common inputs:
asset identification,
threat assessment and
vulnerability assessment.
Risk analyses can be oriented toward one of the inputs, making the risk assessment:
asset-oriented,
threat-oriented or
vulnerability-oriented.
For risk that has inadequate or no controls, there are many options to address each risk:
Risk Reduction
Risk Avoidance
Risk Transfer or Sharing
Risk Acceptance
Four common types of vulnerabilities:
- Technical - Errors in design, implementation, or configuration
- Process - Errors in operation
- Organizational - Errors in management, decision, planning or from ignorance
- Emergent - Interactions between, or changes in, environments
Penetration testing includes identifying existing vulnerabilities and then using common exploit methods to:
- Confirm exposures
- Assess the level of effectiveness and quality of existing security controls
- Identify how specific vulnerabilities expose IT resources and assets
- Ensure compliance
Several considerations are important prior to any penetration testing:
- Clearly define the scope of the test
- Gather explicit, written permission
- Ensure testers implement “Do no harm” procedures
- Put in place communication and escalation plans
Penetration testing can be divided into four main phases:
- Planning
- Discovery
- Attack
- Reporting
Techniques used to gather information during the Discovery phase of penetration testing include:
a. DNS interrogation, WHOIS queries and network sniffing to discover host name and IP address information
b. Search web servers and directory servers for employee names and contact information
c. Banner grabbing for application and service information
d. NetBIOS enumeration for system information
e. Dumpster diving and physical walk-throughs of the facilities to gather additional information
f. Social engineering, such as posing as a help desk agent and asking for passwords, posing as a user and calling the help desk to reset passwords or sending phishing emails
And includes a vulnerability assessment.
The ______ phase (of penetration testing) is the process of verifying previously identified vulnerabilities by attempting to exploit them. Metasploit® hosts a public database of quality-assured exploits. They rank exploits for safe testing.
attack
Metasploit’s most popular payload is called _______, which enables a user to upload and download files from the system, take screenshots and collect password hashes.
Meterpreter
The ______ phase (of penetration testing) is the process of verifying previously identified vulnerabilities by attempting to exploit them. Metasploit® hosts a public database of quality-assured exploits. They rank exploits for safe testing.
attack
The ________ phase (of penetration testing) occurs simultaneously with the other phases. An assessment plan is developed during the planning phase. Logs are kept during the discovery and attack phases.
reporting
Network management is the process of assessing, monitoring, and maintaining network devices and connections. The International Organization for Standardization (ISO) network management model defines five functional areas of network management (FCAPS):
- Fault Management—Detect, isolate, notify and correct faults encountered in the network. This category analyzes traffic, trends, SMMP polls and alarms for automatic fault detection.
- Configuration Management—Configuration aspects of network devices include configuration file management, inventory management and software management.
- Accounting Management—Usage information of network resources.
- Performance Management—Monitor and measure various aspects of performance metrics so that acceptable performance can be maintained. This includes response time, link utilization and error rates. Administrators can monitor trends and set threshold alarms.
- Security Management—Provide access to network devices and corporate resources to authorized individuals. This category focuses on authentication, authorization, firewalls, network segmentation, IDS and notifications of attempted breaches.
LANs and WANs are particularly susceptible to people and virus-related threats because
of the large number
of people who have access rights.
The emphasis has been on providing capability and functionality rather than security.
True.
Commonly available network security administrative capabilities include:
• Declaring ownership of programs, files and storage.
• Limiting access to a read-only basis.
• Implementing record and file locking to prevent simultaneous update.
• Enforcing user ID/password sign-on procedures, including the rules relating to password length, format and change frequency.
• Using switches to implement port security policies rather than hubs or nonmanageable routers. This will prevent unauthorized hosts, with unknown MAC addresses, from connecting to the LAN.
Encrypting local traffic using IPSec (IP security) protocol.
The most useful WLAN standard used currently is the ____ .
IEEE 802.11 standard.
WEP
IEEE 802.11’s Wired Equivalent Privacy encryption uses symmetric, private keys, which means the end user’s radio-based NIC and access point must have the same key. This leads to periodic difficulties distributing new keys to each NIC. As a result, keys remain unchanged on networks for extended times.
WPA2 and WPA
Wi-Fi Protected Access utilize public key cryptography techniques to provide effective authentication and encryption between users and access points.
A port is a logical connection. When using Transmission Control Protocol/Internet Protocol (TCP/IP), designating a port is a way to identify the specific process to which an Internet or other network message is to be forwarded when it arrives at a server.
True
Allowable port numbers range from 0 to ____. Ports 0 to ____ are reserved for certain privileged services— the well-known ports.
65535; 1023
Port numbers are divided into three ranges:
- The well-known ports—0 through 1023: Controlled and assigned by the IANA.
- The registered ports—1024 through 49151.
- The dynamic and/or private ports—49152 through 65535:
Tunneling is the process of encapsulating one type of protocol in another.
True
VoIP networks are still vulnerable to:
sniffing,
DoS,
traffic-flow disruption and
toll fraud.