System Security 11

Question 0

What is the principle of least privilege

Answer 0

Dictates that users and software should only have the minimal level of access that is needed to perform their duties.

Question 1

Name the four major factors to achieve security

Answer 1

Authorization. Process of determining what rights and privileges an entity has

Access control. Process of determining and assigning privileges to resources, objects or data

Accountability. Process of determining who to hold responsible for particular activities or events

Auditing. The process of tracking or recording system activities and resource access.

Question 2

What is privilege bracketing

Answer 2

The network or security admin can allow privileges when needed and then revoke them when the task or need has passed

Question 3

What is non-repudiation

Answer 3

The goal of ensuring that data remains associated with the party that creates it or sends a transmission with that data

Question 4

Describe the CIA Triad

Answer 4

Information security address three specific principles: confidentiality, integrity and availability. If one is compromised the security of the organization is compromised.

Question 5

Explain the CIA Triad principle of confidentiality

Answer 5

Principle of keeping info and communication private and protecting it from unauthorized access

Question 6

Explain the CIA Triad principle of integrity

Answer 6

Principle of keeping organizational info accurate, free of errors and without unauthorized modifications.

Question 7

Explain the CIA Triad principle of availability

Answer 7

Principle of ensuring that systems operate continuously and that authorized persons can access the data as they need

Question 8

In computer security what is a threat

Answer 8

Any event or action that could potentially result in a violation of a security requirement, policy or procedure. Potential threats include:
Unintentional or unauthorized access or changes to data
Interruption of services and access to assets
Damage to hardware
Unauthorized access or damage to facilities.

Question 9

In terms of computer security what is a vulnerability

Answer 9

Any condition that leaves a system open to an attack
Can include improperly configured or installed hardware or software
Bugs in software or OS
Misuse of software or communication protocols
Poorly designed networks
Poor physical security
Insecure passwords
Design flaws in software or OS
Unchecked user input

Question 10

In computer security want is an attack

Answer 10

A technique used to exploit a vulnerability in any application on a computer system without the authorization to do so. 
Include: physical 
Network based
Software based 
Social engineering 
Web applications based.

Question 11

In computer security what is a risk

Answer 11

Exposure to the chance of damage or loss. Signifies the likelihood of a hazard or threat occurring.
Often associated with the loss of a system, power, or network, and other physical losses
The determining factor when looking at information systems security

Question 12

What is unauthorized access

Answer 12

Any type of network or data access not explicitly approved by an organization
Can be deliberate by an outsider, a misuse of valid privileges by an authorized user or inadvertent.
Does not necessarily result in data loss or damage.

Question 13

What is data theft

Answer 13

A type of attack resulting in unauthorized access used to obtain protected network information.
Attack can use stolen credentials to authenticate to a server and read data stored in files or can steal cars in transit on the network media by using a packet sniffer

Question 14

Describe the terms hackers and attackers

Answer 14

Hacking used to be described as having technical skill and creativity now associated with illegal or malicious system intrusions. Attacker always represents malicious system intruder

Question 15

What are white hat and black hat hackers

Answer 15

White hat is a hacker who discovers and exposes security flaws in applications and OSs so they manufacturers can fix them before becoming wide spread. Does this on a professional basis. Aka ethical hack

A black hat is a hacker who discovers and exposes security vulnerabilities for financial gain or a malicious purpose.

Question 16

What is a permission

Answer 16

A security setting they determined the level of access a user or group account has to a particular resource

Question 17

The three types of UNIX permissions

Answer 17

R-read. View file content. See in the directory
W-write. Modify file contents. Create and delete directory contents.
X-execute. Run the file. Move into the directory.

Question 18

What are NTFS permissions

Answer 18

New Technology File System
On windows OSs. File level security is supported on drives formatted to use the NTFS. these permissions can be applied to folders or files.

Question 19

What is a group policy in relation to system security

Answer 19

A centralized account management feature available for Active Directory on Windows Server systems
Used to control security feature such as limiting the desktop icons that get displayed, granting permission to access certain servers but not others or locking down a desktop

Question 20

In terms of security what is authentication and the factors it is based on

Answer 20

The method of uniquely validating a particular entity or individuals credentials
Factors include
Something you know, are, have.

Question 21

One of the most basic and widely used authentication schemes

Answer 21

User name/password authentication.
A system compares the users credentials against credentials stores in a database.
Not very secure.

Question 22

Describe a strong password

Answer 22

A password that meets the complexity requirements set by a system admin and documents in a security policy

Question 23

What is authentication by assertion

Answer 23

Authentication based entirely on a user name and password combo to assert its identify to obtain access to a resource

Question 24

Describe tokens

Answer 24

Physical or virtual objects such as smart cards, I’d badges, or data packets, that store authentication information

Question 25

What are smart cards

Answer 25

Common examples of token based authentication.

A plastic card containing a computer chip that stores electronic information

Question 26

What are biometrics

Answer 26

Authentication schemes base on an individual’s physical characteristics.
Fingerprint scanner, retinal scanner, hand geometry or voice and facial recognition.

Question 27

What is multi factor authentication

Answer 27

Any authentication scheme that requires validation of at least two authentication factors

Question 28

What is mutual authentication

Answer 28

A security mechanism that requires each party in a communication verify each other’s identity.
Prevents a client from inadvertently submitting confidential info to a non secure server

Question 29

What is SSO

Answer 29

Single Sign On

A single user authentication provides access to all the systems or applications where the user has permission.

Question 30

Describe EAP

Answer 30

Extensible Authentication Protocol
Enables systems to use hardware based identifiers such as scanner and readers for authentication.
Allows for logon using different methods such as public key authentication, Kerberos, and certificates. Often used with RADIUS

Question 31

List five other protocols used in EAP implementations

Answer 31

EAPOL. extensible authentication protocol over LAN

LEAP. lightweight extensible authentication protocol

EAP-TLS. EAP-Transport Layer Security

EAP-MD5 provides minimal security. Easily hacked.

PEAP. Protected Extensible Authentication Protocol.

Question 32

What is the IEEE 802.1x standard

Answer 32

Also called port authentication. Is a standard for securing networks by implementing EAP as the authentication protocol over wired or wireless ethernet LAN.
Employs an authentication service to secure clients.

Question 33

Describe Kerberos

Answer 33

An authentication serve based on a time sensitive ticket granting system. Uses SSO
User enters access credentials that are passed to the authentication server which contains an access list and permitted access credentials.
Used to manage access control to several servers using one centralized authentication server.

Question 34

Describe the Kerberos authentication process

Answer 34

User logs on to the domain
User request a TGT from the authenticating server
Which responds with a time stamped TGT ticket granting ticket
User presents the TGT back to the authenticating server and requests a service ticket to access a specific resource
The authenticating server responds with a service ticket
The user presents the service ticket to the resource
Resource authenticates the user and allows access

Question 35

List the three wireless authentication methods

Answer 35

Open system. User names and passwords are not used to authenticate a user. The default for many APs and stations.

Shared key. Verifies the identity of a station by using WEP key. The station and the AP must be configured to use data encryption and the same WEP key

802.1x and EAP. EAP authentication method authenticates a user and not the station. Done with a RADIUS server.

Question 36

What is encryption

Answer 36

A cryptographic technique that converts data from plain or cleartext into coded or ciphertext form.

Question 37

Describe cryptography

Answer 37

The science of hiding information.

Question 38

What are ciphers

Answer 38

A specific set of actions used to encrypt data.
Enciphering is applying a cipher to plaintext, unencoded data. The obscured data is called ciphertext. The reverse process of translating ciphertext to cleartext is deciphering.

Question 39

Describe now encryption promotes security goals

Answer 39

Encryption enables confidentiality by protecting data from unauthorized access. Supports integrity because it’s difficult to decipher encrypted data and support non repudiation because only parties they know about the confidential encryption scheme can encrypt or decrypt data.

Question 40

What is an encryption algorithm

Answer 40

The rule, system or mechanism used to encrypt data. In electronic cryptography they are complex mathematical functions

Question 41

The two main categories of key based encryption

Answer 41

Shared key or symmetric encryption systems
The same key is used to encode and decode the message. The secret key must be communicated securely between the two parties involved

In key pair os asymmetric encryption systems
Each party has two keys. A public key and a private key

Question 42

What is WEP

Answer 42

Wired Equivalent Privacy
A protocol the provides 64 bit, 128 bit, 256 bit encryption using the Rivest Cipher 4, RC4, algorithm for wireless communication that uses the 802.11a and b protocols.
Attackers can generate there own keys using a wireless network capture tool and get as much as 10 Mbps of data transferred through the air

Question 43

What is WPA/WPA2

Answer 43

Wi-FI Protected Access
A security protocol to designed to overcome WEP security flaws. Provides for dynamic reassignment of keys to prevent the key attack vulnerabilities of WEP. provides improved data encryption through TKIP, Temporal Key Integrity Protocol.

Question 44

There are two modes of WPA. WPA-Personal and WPA-Enterprise. Explain both

Answer 44

Personal. The WAP is configured with a ore shared key used to encrypt the data. WPA-PSK

Enterprise. Assigns a unique encryption key for every client as the log on to the network. Regularly updated to prevent decoding. Uses a RADIUS server for authentication. EAP provides authentication

Question 45

What is a digital certificate

Answer 45

An electronic document that associates credentials with a public key. Both users and devices can hold certificates.
A server called the Certificate Authority, CA, issues the certificates and the associated key pairs

Question 46

Describe what an encryption key is

Answer 46

A specific piece of info used in conjunction with an algorithm to perform encryption and decryption

Question 47

Lists the steps in the certificate encryption process

Answer 47

A security principal obtains a certificate and a public/private key pair from a CA
the party that encrypts the data obtains the users public key from the user or from the CAs certificate repository
The encrypting party uses the public key to encrypt the data and sends it to the other user
The other user uses the private key to decrypt the data

Question 48

Describe the encrypting file system, EFS

Answer 48

A file encryption tool on windows systems that have partitions formatted with the NTFS. EFS Encrypts file data by using digital certificates. If CA not available the local system can issue self assigned encryption certificates.
Can keep data secure even if NTFS security is breached

Question 49

What is PKI

Answer 49

Public Key Infrastructure
An encryption system that is composed of CA certificates, software, services, and other cryptographic components. Used to verify data authenticity and validate data and entities.

Question 50

List the PKI components

Answer 50

Digital certificates to verify the identity of entities
CAs to issuer digital certificates
A Registration Authority, RA, responsible for verifying users identities and approving or denying requests for digital certificates
A certificate repository database to store the digital certificates
A certificate management system to provide tools to perform the day to day functions of the PKI

Question 51

What is certificate authentication

Answer 51

The process of identifying users in a transaction by carrying out a series of steps before confirming the identity of the users

Question 52

What is a digital signature

Answer 52

A message digest or hash that has been encrypted with a users private key. Asymmetric encryption algorithms can be used with hashing algorithms to create digital signatures
Supports integrity through hash values
Supports nonrepudiation through hash value being unique to a sender

Question 53

What Is hash encryption

Answer 53

One way encryption that transforms cleartext into ciphertext not intended to be decrypted. The result of the hashing process is called hash, hash value or message digest. The hash length is fixed.

Question 54

What is DES

Answer 54

Data Encryption Standard
A shared key encryption standard that is based on a 56 bit encryption key that includes an additional 8 parity bits. Applies the encryption key to each 64 bit block of the message.
Triple DES Or 3DES is more secure and uses three separate DES keys to repeatedly encode the message

Question 55

What is an encryption device

Answer 55

Encryption, decryption, and access control are enforced by a cryptographic module called a hardware security module HSM
Do not allow the execution of external programs

Question 56

What is SSL

Answer 56

Secure Sockets Layer
A security protocol that combines digital certificates for authentication with a public key data encryption. Is a server driven process

Question 57

Describe the encryption process using SSL

Answer 57

A client requests a session from a server
The server responds by sending its digital certificate and public key to the client
The server and client then negotiate an encryption level
The client generates and encrypts a session key using the servers public key and returns it to the server
The client and server use the session key for data encryption

Question 58

What is TLS

Answer 58

Transport Layer Security
A security protocol that protects sensitive communication from being eavesdropped and tampered. Uses certificates and public key cryptography for mutual authentication and data encryption using negotiated keys