• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/297

Click to flip

297 Cards in this Set

  • Front
  • Back
What is a key difference in security between MAC and DAC?
In MAC, a user who can access a file cannot necessarily copy it
What DoD classification does MAC map to?
Level-B classification
What DoD classification does DAC map to?
Level-C classification
What does CHAP use for authentication?
hashing
What is AES?
Advanced Encryption Standard- algorithm used by US government for sensitive but unclassified information
What type of encryption is AES?
symmetric
What kind of algorithm is 3DES?
symmetric
What algorithm does AES use?
Rijndael
What two encryption standards is AES designed to replace?
DES and 3DES
What is the most effective way of enforcing security in a dialup network?
require callback
What port do DNS zone transfers use?
TCP port 53
What port do DNS lookups use?
UDP port 53
Why do routers help limit the damage done by sniffing and MITM attacks?
They send data to a specific subnet only
What are the two types of symmetric algorithms?
block and stream
What are the two advantages of block ciphers over stream ciphers?
they are faster and more secure
What is the main difference between S/MIME and PGP?
S/MIME relies upon a CA for public key distribution
What is the maximum throughput of 802.11a?
54 Mbps
What frequency does 802.11b operate at?
2.4 GHz
What is the maximum throughput of 802.11b?
11 Mbps
What frequency does 802.11g operate at?
2.4 GHz
What is the maximum throughput of 802.11g?
54 Mbps
Is 802.11g backwards-compatible with 802.11a and 802.11b?
backwards-compatible with 802.11b only at 11 Mbps
What type of media access control does 802.11 use?
collision avoidance
What sort of attack does TACACS+'s lack of integrity checking make it vulnerable to?
replay attacks
What two bit strengths is SSL available in?
40-bit and 128-bit
What two bit strengths is SSL available in?
40-bit and 128-bit
What is the maximum capacity of QIC?
20 GB
What is the maximum capacity of 4mm DAT?
40 Gb
What is the maximum capacity of 8mm tapes?
50 Gb
What is the maximum capacity of Travan?
40 Gb
What is the maximum capacity of DLT?
220 Gb
With biometric scanning, what is rejecting a valid user called?
Type I error
With biometric scanning, what is accepting a user who should be rejected called?
Type II error
In biometric scanning, what is the crossover rate?
error percentage when Type I and II errors are equal
What mathematical fact does a birthday attack rely on?
it is much easier to find two datasets that share a hash than to find a dataset that shares a hash with a given dataset
What is CRL?
Certificate Revokation list- list of subscribers to a PKI and their certificate status
What is OCSP?
Online Certificate Status Protocol- a replacement for CRL
What disadvantage does CRL have the OCSP addresses?
updates must be downloaded frequently to be accurate
What disadvantage does CRL have that OCSP addresses?
updates must be downloaded frequently to be accurate
Does TLS use the same ports for encrypted and unencrypted data?
no
What is the difference between S-HTTP and SSL?
S-HTTP is designed to send individual messages securely; SSL sets up a secure connection between two computers
What is the primary limitation of symmetric cryptography?
key distribution
What protocol is being pushed as an open standard for IM?
SIMPLE
In relation to AAA, what is CIA?
Confidentiality, Integrity, Availability
What are the three components of AAA?
Authentication, Authorization, Access Control
What is an open relay?
an SMTP relay that does not restrict access to authenticated users
What is an open relay?
an SMTP relay that does not restrict access to authenticated users
What encryption scheme does WEP use?
RC4
Who created RC2 and RC4?
Rivest
What are the two main types of firewalls?
application-level and network-level
How does an application-level firewall handle different protocols?
with a proxy program for each protocol
What happens if an application-level protocol doesn't have a proxy program for a given protocol?
the protocol can't pass through the firewall
What limitation do application-level firewalls create for proprietary software?
proprietary software often uses proprietary protocols, which often can't pass the firewall
Which is faster, application-level or network-level firewalls?
network-level firewalls
What are the two types of network-level firewalls?
packet filters and stateful packet inspection
What might be indicated by packets from an internal machine with an external source address in the header?
machine is being used in a DoS/DDoS attack
What might be indicated by packets from an internal machine with an external source address in the header?
machine is being used in a DoS/DDoS attack
What is the DSS?
Digital Signature Standard- provides for non-repudiation of messages
Does DSS use symmetric or asymmetric keys?
asymmetric
What is PEM?
Privacy Enhanced Mail- public-key encryption similar to S/MIME
What does PGP use in place of a CA?
a "web of trust"
What type of encryption is Kerberos?
symmetric
What is X.509 used for?
digital certificates
What are tokens also known as?
One-time passwords
What type of network is extremely vulnerable to Man in the Middle attacks?
wireless
What is smurfing?
broadcasting echo requests with a falsified source address, overwhelming the owner of the address
What port does the chargen exploit use?
TCP 19
What port does echo use?
port 7
What ports does FTP use?
ports 20 and 21
What port does FTP use for data?
port 20
What port does SSH use?
port 22
What port does Telnet use?
port 23
What port does SMTP use?
port 25
What port does TACACS use?
port 49
What ports does DNS use?
TCP and UDP 53
What port does POP3 use?
port 110
What port does SNMP use?
port 161
What port does HTTPS use?
TCP 443
What port does RADIUS use?
port 1812
What does 802.1x do?
provides an authentication framework for wired and wirelss networks
What is TACACS?
Terminal Access Controller Access Control System
What advantage does TACACS+ have over TACACS?
multi-factor authentication
What protocol is replacing PPTP?
L2TP
What two protocols were combined to form L2TP?
Microsoft's PPTP and Cisco's L2F
What are the two main components of L2TP?
L2TP Access Controller (LAC) and L2TP Network Server (LNS)
What three utilities comprise SSH?
SSH, Slogon, SCP
What type of encryption does SSH use?
RSA PKI
What two services are provided by IPSec?
Authentication Header (AH) and Encapsulating Security Payload (ESP)
What encryption does S/MIME use?
RSA
Who developed PGP?
Phillip R. Zimmerman
What is PGP primarily used for?
email encryption
What type of encryption does PGP use?
PKI
What type of encryption does PGP use?
PKI
What two algorithm options exist for PGP?
RSA and Diffie-Hellman
Are SSL sessions stateful or stateless?
stateful
What two strengths does SSL come in?
40-bit and 128-bit
What is TLS?
Transport-Layer Security- a successor to SSL
What type of encryption does SSL use?
RSA PKI
What two layers does TLS consist of?
TLS Record Protocol and TLS Handshake Protocol
Are SSL and TLS compatible?
no
What is HTTPS?
HTTP over SSL
What kind of encryption does HTTPS use?
40-bit RC4
What is Authenticode?
a method of signing ActiveX controls
What is Authenticode?
a method of signing ActiveX controls
What language is normally used to write CGI scripts?
Perl
What is DEN?
Directory-Enabled Networking- specification for how to store network information in a central location
What model is DEN based on?
Common Information Model (CIM)
What security problem does FTP have?
authentication sent in cleartext
What does S/FTP use for encryption?
SSL
What are the four WAP layers?
Wireless Application Environment (WAE); Wireless Session Layer (WSL); Wireless Transport Layer Security (WTLS); Wireless Transport Layer (WTL)
What is WML?
Wireless Markup Language- used to create pages for WAP
What is WML?
Wireless Markup Language- used to create pages for WAP
What OS do most PBX's use?
UNIX
What is hashing?
changing a character string into a shorter fixed-length value or key
What four trust models do PKI's fall into?
heirarchical; network/mesh; trust list; key ring
What is unique about the network/mesh model of PKI?
multiple parties must be present before access to the token is granted
Does PPTP require IP connectivity?
yes
Does L2TP require IP connectivity?
no
What does IPSec use for authentication and key exchange?
Diffie-Hellman
What does IPSec use for encryption?
40-bit DES algorithm
What three methods are used to determine VLAN membership on the local switch?
port-based; MAC-based; protocol-based
What two methods are used to determine VLAN membership on a remote switch?
implicit, based on MAC address; explicit, where the first switch adds a tag
Why is detecting statistical anomolies a good approach to intrusion detection?
don't have to understand the root cause of the anomolies
Why is detecting statistical anomolies a good approach to intrusion detection?
don't have to understand the root cause of the anomolies
What is the top priority in computer forensics?
document each step taken
What type of access control do most commercial OS's use?
DAC
How does CHAP work?
server sends random value to client; client uses MD5 to create hash with ID, random value, and shared secret; client sends hash to server; server performs same function and compares values
Is PPTP usually implemented through hardware or software?
software
Is L2TP usually implemented through hardware or software?
hardware
What is compulsory tunneling?
situation where VPN server chooses the endpoint of a communication
What advantage does compulsory tunneling provide?
allows VPN connections to be concentrated over fewer high-capacity lines
What port does L2TP use?
UDP 1701
What are the two encryption modes for IPSec?
Transport, where only the data is encrypted; and Tunneling, where the entire packet is encrypted
What protocol does IPSec use to exchange keys?
Internet Key Exchange (IKE)
What is key escrow?
administration of a private key by a trusted third party
What advantage does TACACS+ have over RADIUS?
better security
What advantage does RADIUS have over TACACS+?
better vendor support and implementation
What makes non-repudiation a stronger version of authentication?
non-repudiation comes from a third party
Non-repudiation has been compared to what real-world version of authentication?
using a public notary
What is a teardrop attack?
a type of DoS attack using a false fragmentation offset value
What is an AUP?
Acceptable Use Policy
From what does RSA derive its strength?
the difficulty of factoring large numbers
What three people were involved in the creation of RSA?
Rivest, Shamir, Adleman
Is RSA a public- or private-key system?
public-key
What is the standard key length for DES?
56 bits
What is the standard key length for IDEA?
128 bits
What is the standard key length for 3DES?
168 bits
How are RSA and DES used together?
RSA is used to encrypt the key for transmission; DES is used for message encryption
What kind of encryption does AES use?
private-key
What is IDEA?
International Data Encryption Algorithm- a 128-bit private-key encryption system
What are the two most popular hashing routines in use today?
MD5 and SHA-1
What size is an MD5 hash?
128 bits
What is MD5 designed for?
digital signatures
Observing the timer value in the TCP stack makes what possible?
determining the OS in use, useful in planning attacks
What are the three A's in computer forensics?
Acquire, Authenticate, Analyze
What is the first step in risk analysis?
identifying assets
What type of network is CHAP primarily used on?
PPP
What are the seven stages in a certificate life cycle?
certificate enrollment; distribution; validation; revocation; renewal; destruction; auditing
What security advantage do managed hubs provide over other hubs?
they can detect physical configuration changes and report them
What is port mirroring?
on switches, the ability to map the input and output of one or more ports to a single port
What does an attacker need to conduct ARP cache poisoning?
physical connectivity to a local segment
What security hole does RIPv1 pose?
RIPv1 does not allow router passwords
What are the five main services provided by firewalls?
packet filtering; application filtering; proxy server; circuit-level; stateful inspection
Which of the five router services do e-mail gateways provide?
application filtering
What OSI layer do stateful firewalls reside at?
network layer
What are the three types of NAT?
static NAT; dynamic NAT; overloading NAT
What security weakness does SPAP have?
does not protect against remote server impersonation
How do the RADIUS client and server avoid sending their shared secret across the network?
shared secret is hashed and hash is sent
In MAC, what is read-up?
the ability of users in lower security categories to read information in higher categories
In MAC, of read-up, read-down, write-up, and write-down, which two are legal? Which two are illegal?
"legal- read-down, write-up
Do hashing algorithms protect files from unauthorized viewing?
no, only verify files have not been changed
What is an SIV?
System Integrity Verifier- IDS that monitors critical system files for modification
Why are VLAN's considered broadcast domains?
all hosts on the VLAN can broadcast to all other hosts on the VLAN
What language are most new smart card applications written in?
Java
What is a bastion host?
a gateway in a DMZ used to secure an internal network
What type of IDS will likely detect a potential attack first? Why?
Network-based IDS: runs in real-time
What drawback do heuristic-based IDS's have?
higher rate of false positives
What are the four layers of the TCP/IP suite? How do they map to the OSI model?
"Application > Application-Session
What are the six steps to incident response?
Preparation; Identification; Containment; Eradication; Recovery; Follow-Up
What are most fire extinguishers loaded with?
FE-36
What is FE-13 used for?
explosion prevention
What is FE-13 used for?
explosion prevention
What is the maximum length of a valid IP datagram?
64K
What is the RFC-recommended size of an IP datagram?
576 bytes
What is IGMP used for?
multicasting
What is bytestream?
data from Application layer is segmented into datagrams that source and destination computers will support
What two pieces of information comprise a socket?
source IP address and source port
At the Network Interface layer, what is the packet of information placed on the wire known as?
a frame
What IP layer do man-in-the-middle attacks take place at?
internet layer
What IP layers do DoS attacks occur at?
any layer
What IP layer do SYN floods occur at?
transport layer
Which hashing algorithm is more secure, MD5 or SHA-1?
SHA-1
What is the key length for Blowfish?
variable length
How are digital signatures implemented?
a hash is created and encrypted with the creator's private key
How are asymmetric algorithms used for authentication?
authenticator sends a random number (nonce) to receiver, who encrypts it with their private key
In a bridge CA architecture, what is the CA that connects to a bridge CA called?
a principal CA
Who defines a certificate's life cycle?
the issuing CA
At what OSI layer (and above) must networked computers share a common protocol?
data link and above
What security hole does SPAP have?
remote server can be impersonated
What protocol does RADIUS use?
UDP
What protocol does TACACS+ use?
TCP
What sort of devices normally use TACACS?
network infrastructure devices
What limitation does IPSec have?
only supports unicast transmissions
What does IPSec require to be scaleable?
a PKI
What are the three major components of SSH?
Transport Layer protocol (SSH-TRANS); User authentication protocol (SSH-USERAUTH); connection protocol (SSH-CONN)
What do BSS and ESS stand for?
Basic Service Set and Extended Service Set
What does ESS offer that BSS does not?
the ability to roam between AP's
What are the two parts of a Key Distribution Center?
An authentication server (AS) and a ticket-granting server (TGS)
What are the three major classification levels with MAC?
Top Secret; Confidential; Unclassified
What does echo do?
responds to packets on UDP port 7
What does chargen do?
responds to packets on UDP port 19 with random characters
What is an FTP bounce?
running scans against other computers through a vulnerable FTP server
What version of BIND allows for mutual authentication?
BINDv9
What ports are commonly used for NetBIOS names and sessions?
TCP/UDP 137, 138, 139
What ports do DHCP and BOOTP use?
TCP/UDP ports 67 and 68
What port does NNTP use?
TCP/UDP 119
What port does LDAP use?
TCP/UDP port 389
What port does LDAPS use?
TCP/UDP port 636
Why can hand geometry only be used for verification, rather than identification?
hand geometry is not unique
What advantages do hand geometry scans have over fingerprint scans?
they are faster, cleaner, and less invasive
What are the advantages and disadvantages of retinal scanning?
most reliable but most invasive
What disadvantage does speech recognition have?
easier to spoof than other biometric techniques
What are QIC tapes primarily used for?
backing up standalone computers
What are DAT drives primarily used for?
basic network backups
What three tape types offer high capacity and rapid data transfer?
8mm, DLT, and LTO
How does a host respond to a TCP connect scann if the scanned port is open? Closed?
open: SYN-ACK; closed: RST
What can be done to reduce the effects of half-open attacks?
reduce the time a port waits for a response
How does a host respond to a FIN packet if the scanned port is open? Closed?
open: packet discarded; closed: RST
How does an XMAS scan work?
a variety of TCP packets are sent to elicit a response
What TCP sequence number does an XMAS scan use?
0
What are two characteristics of a null scan?
TCP sequence number set to 0; no TCP flags set
What is a TCP ACK scan used for?
determining if a port is filtered by a firewall
What is a window scan?
a scan that attempts to determine the OS in use by its default TCP window size
What are the two basic types of DoS attacks?
flaw exploitation attacks and flooding attacks
What three basic router/firewall measures will reduce the effects of a DoS attack?
egress filtering, ingress filtering, and disabling IP-directed broadcasting
What is source routing?
Sender defines hops a packet must travel through
How is source routing used by attackers?
used to route packets around security devices
How can source routing be defended against?
routers can be configured to discard source-routed packets
What two methods do IDS's use to detect and analyze attacks?
misuse detection and anomoly detection
What advantage does LEAP have over EAP?
LEAP allows for mutual authentication
What advantage does LEAP have over EAP?
LEAP allows for mutual authentication
What protocol does 802.1x use for authentication?
EAP
What protocol does 802.1x use for authentication?
EAP
How does an 802.1x authenticator handle authentication traffic?
Passes it to a RADIUS server for authentication
What is ECC?
Elliptical Curve Cryptography- public-key cryptographic method which generates smaller, faster, and more secure keys
What standard is LDAP based on?
X500
Who developed SSL?
Netscape
What three protocols are routinely layered over TLS?
IMAP, POP3, and SMTP
What two types of certificates does S/MIME use?
PKCS #7 certificates for message content and X.509v3 for source authentication
What is the "hidden node" problem?
When a wireless client cannot see the network due to interference.
What does WEP stand for?
Wired Equivalent Protection
In a 128-bit WEP key, how long is the actual secret key?
104 bits- the first 24 bits are used for the Initialization Vector (IV)
No Read Up, No Write Down describes what Security Model
Bell LaPadula
Biba, Clark Wilson, and Non-Interference models cover what aspect of security
Integrity
Execution and memory space assigned to each process is called a _______ _______
Protection Domain
The Boundary that separates the TCB from the rest of the system.
Security Perimeter
Programming technique used to encapsulate methods and data in an object
Information Hiding
System component that manages and enforces access controls on objects
Reference Monitor
Operates at the highest level of information classification where all users must have clearances for the highest level
System High mode
Lack of parameter checking leaves a system vulnerable to this type of attack
Buffer overflow
Also called a maintenance hook
Trap door
Attack that exploits difference in time when a security control is applied and a service is used
TOC/TOU attack
This recovery mode permits access by only privileged users from privileged terminals
Maintenance mode
Design where a component failure allows the system to continue to function
Fault-tolerant
Design where a failure causes termination of processes to protect the system from compromise
Fail-safe
Design where a failure causes non-critical processes to terminate, and system runs in a degraded state
Fail-soft or Resilient
Design where a failure causes the system to use backup spare components to compensate for failed ones
Fail-over
This standard includes levels of assurance, from D (Least secure) to A (Most secure)
TCSEC (Trusted Computer Security Evaluation Criteria)
TCSEC Minimal Protection (one class)
D (Minimal Protection)
TCSEC Discretionary Protection (two classes)
"C1 (User logon, Groups allowed)
TCSEC Mandatory Protection (three classes)
"B1 (MAC)
TCSEC Verified Protection (one class)
A1 (Mathematical model must be proven)
European counterpart to TCSEC
ITSEC (Information Technology Security Evaluation Criteria)
ITSEC separately evaluates ____ and _____
Functionality and Assurance
The ITSEC subject of an evaluation is called the ___ __ _____
Target of Evaluation (TOE)
Combination of ITSEC, TCSEC, and Canada's CTCPEC
Common Criteria
Unit of evaluations levels in the Common Criteria
"Evaluation Assurance Level
4 Phases of DITSCAP and NIACAP accreditation
"1. Definition
This Access Control model specifies the rights that a subject can transfer to an object, or that a subject can take from another subject.
Take-Grant model
TCSEC Level that addresses covert storage channels
B2
TCSEC level that addresses both covert storage and timing channels
B3, A1
Consolidation of power should not be allowed in a secure system, this is called
Separation (or segregation) of duties
Two operators are needed to perform a function. This is called
Dual Control
Two operators review and approve each other's work. This is called
Two-man control
Operators are given varying assignments for a time period, then their assignment changes. This is called
Rotation of duties
This type of recovery is required for only B3 and A1 TCSEC levels
Trusted Recovery
Operating system loaded without the front-end security enabled, is only done in this mode
Single-user mode
Required tracking of changes to a system under B2, B3, and A1 is called
Configuation Management
This refers to the data left on media after erasure
Data Remanence
Separation of duties, least privilege, personnel security, configuration control, Record retention, are examples of what type of controls?
Administrative Controls
Software controls, media controls, hardware controls, physical access controls are examples of what type of controls?
Operations Controls
A weakness in a system which might be exploited
Vulnerability
An event that can cause harm to a system and create a loss of C, I , A
Threat
EF
Exposure Factor
SLE
Single Loss Expectancy
ARO
Annualized Rate of Occurence
ALE
Annualized Loss Expectancy