Unit 11 - h

Question 1

What are two approaches to security?

Answer 1

• Secure things when the problems occur

- Proactive security measures

Question 2

What is a Black Hat?

Answer 2

Someone who maliciously breaks into a system

Question 3

What is a White Hat?

Answer 3

Someone who breaks systems without damaging and helps admin improve security.

Question 4

What is a Grey Hat?

Answer 4

Someone who breaks ‘some’ systems (Idealogical motivation) or accidentally breaks in.

Question 5

What are three hacking approaches?

Answer 5

• Technical Intrusions
• Social Engineering
• Brute Force

Question 6

What is the main goal of hacking?

Answer 6

Privalage escaltion.

Question 7

What is social engineering?

Answer 7

Social engineering uses social deception to make someone do something or reveal information.

Question 8

What is brute force?

Answer 8

Brute forcing is when you make many attempts or repetitions of a process to break security.

Question 9

What is DOS?

Answer 9

DOS is denial of service and is used to stop a service from running/functioning.

Question 10

What is a SMURF attack? Describe the process.

Answer 10

A SMURF attack is when someone pings a broadcast address with a spoofed source address multiple times causing all the replies to go back to the spoofed machine which then can cause a DOS.

Question 11

What is DDOS and what is one way this can be dealt with?

Answer 11

DDOS = Distributed Denial Of Service

Multiple machines are overtaken by a single machine using virus or trojan.

They are all commanded at once to ping a machine. This makes them hard to trace.

Best approach is to limit ‘syn’ packets.

Question 12

What are the 5 problem areas that can be exploited?

Answer 12

• Inherent Security defects
• Misuse of legitimate tools
• Improper maintenance
• Ineffective security
• Inadequate detection system

Question 13

Explain how/why inherit security defects can be exploited?

Answer 13

• Software is now so complex that it can be shipped with ‘unexpected features’
• These issues are publicly known
• Vendors have to release ‘fixes’
• Admins have to find time to update software
• Not all problems can be fixed such as a weak protocl.

Question 14

Explain how/why legitimate tools can be misused?

Answer 14

ping - find victims

traceroute - trace network topologies

dig - DNS info

whois - background info on target

finger - who is logged in

rpcinfo - shows rpc servcies that are running

showmount - what NFS mounts are exported

telnet - interact with TCP protocol service

Question 15

Explain how/why improper maintenance can be exploited?

Answer 15

• Critical updates being delayed or missed

- Lack of time/priority of admin

Question 16

Explain how/why ineffective security can be exploited?

Answer 16

• Lack of security policy

- Trusted users might create scripts to bypass security

Question 17

Explain how/why lack of detection systems can be exploited?

Answer 17

• Many sits rely on audit trails to detect problems

- This does nothing to protect against viruses, worms and trojans.

Question 18

What are the steps of a hack?

Answer 18

• Casing
• Scanning
• Enumeration

Question 19

What is the process of casing?

Answer 19

• Gather info on target

- Often called fingerprinting

Question 20

What is the process of scanning?

Answer 20

• Making direct communication with machines to gather info

- Should include routers and firewalls as they can have remote config

Question 21

What is the process of enumartion?

Answer 21

• Finding the actual access point/method
• This can include a username and password.
• It could be NFS or:
  - Null shares
  - Zone transfers

Question 22

Where are failed SSH logins stored and what can be done about many failed attempts?

Answer 22

• /var/log/secure

- An iptables rule can be created to block the source IP