Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
203 Cards in this Set
- Front
- Back
|
Three components of CIA
|
Confidentiality, Integrity, Availability
|
|
|
Confidentiality
|
Information should only be accessible to its intended recipient
|
|
|
Integrity
|
Information should arrive at the destination as it was sent (not stampeded with or modified)
|
|
|
Availability
|
Information should be available to those authorized to view it
|
|
|
A user encrypts an email before sending it. The only person that can decrypt it is the recipient. by encrypting the email, the User is attempting to protect what?
|
Confidentiality of the information
|
|
|
A hooligan unplugs the power from the central data server at a large bank. This has what effect on information security based on the CIA model?
|
Loss of availability
|
|
|
Access Control
|
The ability of a system to limit access to certain users
|
|
|
Name the three categories of access control.
|
What you know, what you have, what you are
|
|
|
What you know
|
Access control methods that depend on a user knowing something, such as passwords, numeric keys, secret questions and answers, etc.
|
|
|
What you have
|
Access control method that uses a physical device to gain access, such as physical keys or cards, smart cards, and other physical devices
|
|
|
What you are
|
A form of access control closely related to biometrics or authentication by biological factors, such as fingerprints, retinal scans, or even DNA
|
|
|
Multi-factor authentication
|
Authentication that uses more than one factor or type of access control to ensure a user's identity
|
|
|
What are the three steps to any access control process?
|
Identification (who is the user), Authentication (is the User who he says), authorization (does the user have permission to do this)
|
|
|
In the context of Kerberos, how is authorization achieved?
|
It is achieved betweeen the reference model and the Kernel of the operating system.
|
|
|
Reference model
|
The reference model is the system that directs the Kernel what itcan and can't access. (A request to access information must go through the reference model in order to verify that the user requesting access should really have access to the information. The kernel then only acts if the reference model directs it to do so.)
|
|
|
What are the three forms of access control?
|
MAC, DAC, RBAC
|
|
|
MAC (Mandatory Access Control)
|
A system in which a central administrator or administration dictates all of the access to informationin a network or system. Subjects (the user or process requesting access) and objects (the item being requested) are associated with a set of labels. When a subject requests access to an object, access is granted if the labels match and denied if they do not.
|
|
|
DAC (Discretionary Access Control)
|
The system in which the owners of files actually determine who gets access to the information. In this system, a user who creates a sensitivefile determines (through his own discretion) who can access the file. This is considered less secure than MAC.
|
|
|
RBAC (Role Based Access Control)
|
A system in which the roles of users determine who has access to files.
|
|
|
Kerberos
|
An open source and widely accepted method of authentication that works on a shared key system with a trusted third party
|
|
|
How does Kerberos work?
|
If two users wish to communicate, they must first contact a trusted Kerberos server in order to obtain a shared key. Only users that have this key can communicate with eachother because the key encryps and decrypts messages.
|
|
|
What is the logical part of Kerberos that governs key distribution?
|
Key Distribution Center (KDC)
|
|
|
Using Kerberos, what is needed for storage of authentication information to allow further communication between Kerberos users?
|
Tickets must be issued from the TGS, or the Ticket Granting Server
|
|
|
Name a major weakness of Kerberos
|
Kerberos makes extensive use of a third party. if that party is compromised, information confidentiality is lost and integrity may be breached. if the third party simply fails, availability is lost.
|
|
|
Why does Kerberos use time stamps?
|
Kerberos uses time stamps in order to time out connections. this mitigates the threat of replay attacks. if the hosts are on different times, communication is impossible.
|
|
|
Kerberos is associated with __________________ technology
|
SSO (single sign-on)
|
|
|
Biometrics
|
Methods of authentication that utilize the biological entities of the user. It is considered to be the most secure form of authentication. typical biometrical factors include fingerprints, retinal scans and photo comparison.
|
|
|
What is the most common form of authentication?
|
Username and password
|
|
|
What makes a good password?
|
A good password is complex; it should be at least 6 characters long and probably eight, consist of numbers and letters, lower and uppercase, and symbols.
|
|
|
Multifactor authentication
|
A type of authentication that uses more than one type of access control to authenticate a user. Note that it is more than one TYPE not just more than one form of authentication.
|
|
|
CHAP (Challenge Handshake Authentication Protocol)
|
An authentication protocol that uses username and password combinations that authenticate users.
|
|
|
What is the most common application of CHAP?
|
Dial-up Internet access user authentication (i.e. PPP technology)
|
|
|
SSO (Single Sign On)
|
The ability for a user to only be authenticated once to be provided authorization to multiple services.
|
|
|
Social Engineering
|
An attack by which the attacker manipulates the people who work in some capacity of some authority so that the attacked can get these people to do something he desires (social engineering = manipulating people)
|
|
|
Dumpster Diving
|
A low-tech attack in which an attacker looks through trash and other unsecured materials to find pertinent information to either launch an attack or carry out some other malicious intended action
|
|
|
Password cracking
|
An attack by which the attacker wishes to gain authentication (and authorization) to network resources by guessing the right password
|
|
|
What are three types of password cracking attacks?
|
Brute force, dictionary and hybrid attacks
|
|
|
Brute force attack
|
A password cracking attack in which the attacker tries every possible combination of letter (aaa, aaA, aAA, aab ...etc.)
|
|
|
Dictionary attack
|
A password cracking attack in which the attacked tries to enter passwords from a text file (a dictionary)
|
|
|
What is a popular way that attackers can determine passwords with sniffers?
|
Since most people use the same passwords (on bother secure and unsecured sites), attackers often use sniffers to determine the password on the unsecured site and then use it as a Astarte to cracking the website on the secure platform)
|
|
|
What is Brutus?
|
Brutus is a software application that allows attackers to quickly enter in a combination of letters and patterns into the username and password fields.
|
|
|
Name three ways that a security administrator can defend the system against password cracking attempts.
|
Mandatory wait times between loving attempts, locking the system after a certain amount of invalid login attempts, and limiting the number of concurrent connections to a loving system
|
|
|
Flooding attack
|
An attack which can overwhelm the processing and memory capabilities of a network system or server; in this type of attack, the attacker sends an inordinate amount of packets to a server or group of hosts in order to overwhelm the network or server. This causes a denial of service to the hosts who demand whatever resource has been overwhelmed.
|
|
|
What are two types of flooding attacks?
|
SYN flood and ICMP ping flood
|
|
|
SYN Flood
|
A flood of specially crafted SYN packets
|
|
|
ICMP Ping Flood
|
A flood of ICMP pings
|
|
|
Birthday attack
|
Any attack based on probability
|
|
|
Buffer Overflow
|
A specific kind of attack in which an attacker ends specifically and specially crafted packets that can overflow the stack with information, causing a number of problems (as simple as denial of service to as complex as a system compromise and remote takeover of the server). Patches are usually issued to defend against specific buffer overflow issues.
|
|
|
Sniffing
|
An attack in which the attacker "sniffs" information, either off media directly or from regular network traffic, in order to compromise the confidentiality of integrity of information.
|
|
|
Promiscuous mode
|
A mode in which NIC reads all traffic regardless of the destination IP address. Unswitched Ethernet in this mode can be easily sniffed.
|
|
|
Remote Access
|
Protocol that allows users to remotely 'dial in' to a network of choice
|
|
|
RAS (Remote Access Service)
|
A rarely-used, unsecure, and outdated Microsoft offering that provides dial-up access; this was once the protocol of choice for connecting to the Internet.
|
|
|
PPP (Point-to-Point Protocol)
|
The most common dial-up networking protocol today that utilizes a direct connection from a client to WAN over TCP/IP (think dial-up = PPP)
|
|
|
Secure Connections
|
Technologies set up in an encrypted, sometimes "tunneled" and difficult-to-intercept connection; these connections are typically employed in VPN (Virtual Private Network) applications and corporate remote networks
|
|
|
PPTP (Point-to-point tunneling)
|
A tunneling protocol that can encapsulate connection-oriented PPP packets (which are simple remote access packates) into connectionless IP packets.
|
|
|
What is the server / client setup of PPTP?
|
PPTP is a client-server system that requires a PPTP client, a PPTP server, and a special network access server to provide normal PPP service.
|
|
|
What type of network is PPTP often used to set up?
|
VPNs (similar to LAN's that are spread across the Internet so that multiple remote clients can connect to one logical network)
|
|
|
L2TP (Layer 2 Tunneling Protocol)
|
A tunneling protocol that utilizes IPSec (IP Security) to encrypt data all the way from the client to the server, making it more difficult to intercept. It can also accommodate protocols other than IP to send data grams and is very common in VPN applications
|
|
|
SSL (Secure Socket Layer)
|
A technology employed to allow for transport-layer security via public-key encryption.
|
|
|
How is SSL typically employed?
|
This protocol is typically employed over HTTP, FTP, and other Application-layer protocols to provide security.
|
|
|
How does PPTP utilize tunneling?
|
PPTP (an implementation of PPP) utilizes tunneling by encapsulating data.
|
|
|
What is the purpose of IPSec?
|
IPSec allows for the encryption of data being transmitted from host-to-host (or router-to-router, or router-to-host, etc.) and is basically standardized within the TCP/IP suite).
|
|
|
What are two protocols that utilize IPSt mode?et?
|
TLS and SSL
|
|
|
What are the two basic modes of IPSec?
|
Transport mode and tunneling mode
|
|
|
Describe the IPSec Transport Mode
|
Provides host-to-host security in a LAN network but cannot be employed over any kind of gateway or NAT device. Note that in transport mode, only the packet's information, not the headers, are encrypted
|
|
|
Describe the IPSec Tunneling mode
|
In this IPSec mode, IPSec provides encapsulation of the entire packet, including the header information. The packet is encrypted and then allowed to be routed over networks, allowing for remote access. This is the mode the exam is most interested in.
|
|
|
What are the two components that IPSec is comprised of?
|
AH - Authentication Header and ESP - Encapsulating Security Protocol
|
|
|
AH (Authentication Header)
|
A component of IPSec, this component provides authentication of the user who sent the information as well as the information itself
|
|
|
ESP (Encapsulating Security Protocol)
|
A component of IPSec, this component provides actual encryption services which can ensure the confidentiality of the information being sent.
|
|
|
What is the most secure tunneling protocol in the Security+ objectives?
|
L2TP (Layer 2 tunneling protocol); this is an alternative protocol to PPTP that overs the VPN functionality in a more secure and efficient manner
|
|
|
What OSI model layer does L2TP use?
|
Data Link Layer
|
|
|
Cryptography
|
The science of hiding the meaning of a message
|
|
|
How does cryptography work (basic concept)?
|
Information that is meant to be hidden is encrypted, or ciphered into a difficult-to-interpret form. This involves the change of clear text, or understandable data, into cipher text, or difficult-to-interpret data. At the end of the process is decryption, or the conversion of cipher text into clear text. Decryption is not always used, however (i.e. hashes only apply encryption, not decryption)
|
|
|
In relation to cryptography, what is a key?
|
The password of sorts used to encrypt and decrypt data
|
|
|
Public key
|
An encryption key that is made available to all hosts
|
|
|
Private key
|
An encryption key that is confidentially shared between two hosts or entities
|
|
|
Symmetric encryption algorithm
|
This encryption algorithm uses the same key for encryption and decryption
|
|
|
Asymmetric encryption
|
This encryption algorithm uses different keys for encryption and decryption
|
|
|
Cryptanalysis
|
The act of breaking the cipher or attempting to understand the cipher text
|
|
|
What type of encryption could take a millenia to crack?
|
RSA
|
|
|
In addition to data confidentiality and integrity, what does cryptography provide?
|
Non-repudiation
|
|
|
Non-repudiation
|
The idea that a sender of information would not be able to refute the fact that he or she did send that information or data
|
|
|
Name some well-known functions of cryptography
|
* Tunneling protocols and VPN
* Email security (PGP et al.) * Secure file transfer (S-FTP) * Secure access to web pages (SSL) * Kerberos authentication * Certificates * Document security |
|
|
What is a computer virus?
|
Malicious software that propagates itself upon the action of a user.
|
|
|
How does a virus inflict damage?
|
They typically inflict damage by either destroying files categorically or installing new files that drastically affect the performance of the computer. They also act to "insert" themselves into various executable files, increasing the likelihood that a user will re-run the malicious executable file.
|
|
|
Are viruses self-propagating?
|
No. Viruses include some mechanism for both local and network propagation, including the sending of instant messages, setting up of web servers, and emails. However, they are not truly "self-propagating" in the sense that the virus is actually incapable of "forcing" itself on another host machine. A virus typically needs user interaction to act (such as opening an attachment)
|
|
|
Worms
|
Extremely destructive and costly malicious programs that self-propagate to cause unbelievable damage to computer networks across the world.
|
|
|
"Friendly" worms
|
Some worms are simply pieces of software that are able to (through various means) self-propagate about the Internet. They can provide various services such as web searches or even quickly creating patch software against malicious worms.
|
|
|
How do worms cause damage to computers?
|
Worms often instal elf-destructive software or a backdoor into the PC. Often remote control of the infected hosts is the primary goal of work writers who seek to crash high-profile websites and services through "Denial of Service" attacks
|
|
|
Trojan Horses and Backdoors
|
Any software that attempts to give a remote user unauthorized access to a host machine or user account.
|
|
|
What legitimate protocol can be classified as a "backdoor"
|
SSH
|
|
|
What are some popular Trojan horses?
|
BackOrfice, NetBus, SubSeven, VNC (can be used legitimately but also used for unauthorized access in conjunction with a worm)
|
|
|
What is a firewall?
|
Any hardware or software designed to prevent unwanted network traffic.
|
|
|
What is a packet filtering firewall?
|
A packet filtering firewall polices traffic on the basis of packet headers. IP, UDP, TCP, and even ICMP have enough header information for this type of firewall to make an informed decision as to whether to accept or reject the packet. (think = bouncer at a party)
|
|
|
What information is typically examined by a packet filtering firewall (beyond examining the packet header)?
|
It examines the source, destination, and port number
|
|
|
What type of ACL does packet filtering use?
|
A special kind of ACL in which both the white and black list of IP addresses and ports are listed
|
|
|
Why is port 27374 typically blocked by packet filtering firewalls?
|
This port is typically used by the Trojan Horse "SubSeven"
|
|
|
What layer(s) does a packet filtering firewall operate at?
|
The network and transport layers of the OSI model
|
|
|
What is a major weakness of packet filtering firewalls?
|
While the model is noted for speed and simplicity, it does not inspect traffic for malicious content. In addition, IP addresses and DNS addresses can be hidden or "spoofed"
|
|
|
What is a circuit-level gateway?
|
A type of firewall that operates on the Session layer of the OSI model. It maintains a connection between two hosts that is approved to be safe. This type of firewall establishes a secure connection between the two hosts that have been authenticated and trust eachother (think = parent approving the people children can speak on the phone once they trust those people, hence not needing to monitor the conversation)
|
|
|
What is an application-level gateway?
|
Operates in the Application layer of the OSI model and actively inspects the contents of packets that are passed through the gateway.
|
|
|
What is a proxy server?
|
This is a special kind of application-level gateway; it is a server that serves as the "middle man" between two hosts that wish to communicate. The host wishing to communicate sends a packet to the application-level gateway, which then makes the decision whether to forward the packet to the intended recipient or to deny the request to send the packet.
|
|
|
What is an IP address?
|
A unique numeric identifier of a host machine within the scope of a TCP / IP network.
|
|
|
What is the difference between a public and private IP address?
|
Public IP addresses are unique and individual to each host in the world, while private IP addresses are often duplicated among different private networks (think= public IP address as telephone number and private IP address as extension system "in-house")
|
|
|
What is a NAT?
|
NAT, or Network Address Translation, is a service in which a gateway can allow multiple private hosts to operate under the guise of a single public IP address.
|
|
|
In what way does a NAT act like a firewall?
|
Hosts "behind" the NAT are effectively "hidden" from the rest of the Internet, allowing the NAT to act as a sort of packet filtering firewall.
|
|
|
What is the purpose of a router?
|
A router can forward packets of information based on the IP address of the header of the packet (think header = shipping label that allows the transportation to send it to the right destination)
|
|
|
What is a gateway?
|
A sort of middle-man between two networks, usually between the Internet and a private network.
|
|
|
How are routers, gateways and NAT functionality related?
|
Routers often serve as gateways and many gateways have NAT functionality built into them.
|
|
|
In the context of networking, what does the term "media" refer to?
|
The physical medium of communication that the network utilizes.
|
|
|
In the sense of networking, what are applications?
|
Applications refer to specific Application-layer services that hosts provide over specific ports or gateways into the system
|
|
|
Name some application servers (5)
|
Web servers (over port TCP 80), FTP, Telnet, SSH, and Media Servers
|
|
|
What is the difference between a switch and a hub?
|
All hosts are connected to each other via a switch or hub. The difference between them is that a hub forwards all packets to all connected hosts whereas a switch forwards packets only to selected recipients, increasing information confidentiality
|
|
|
What is a DMZ host?
|
Basically a "catch-all" host for requests on non-configured ports. Through a DMZ host, undesirable network traffic can be sent to a single safe host rather than any host that would be in danger from malicious traffic (think buffer area)
|
|
|
What is a block cipher?
|
This type of cipher breaks up a clear text into fixed length blocks and then proceeds to encrypt those blocks into fixed-length ciphers. This allows keys to be re-used
|
|
|
What is a stream cipher?
|
This type of cipher operates on continuous (think non-discrete) portions of data that arrive in "real time". In other words, they work on information "bit-by-bit" rather than "block-by-block".
|
|
|
Why are stream ciphers typically faster than block ciphers?
|
Since data does not need to be broken down, stream ciphers are generally faster than block ciphers
|
|
|
What level are stream ciphers typically used - and why?
|
Stream ciphers are typically used at the hardware level since the keys are not re-usable (making key management very difficult).
|
|
|
What is end-to-end encryption?
|
A situation in which data is encrypted when it is sent and decrypted only by the recipient; the relevant TCP/IP headers must be present and unencrypted on the packet in order for it to be routed
|
|
|
What is link encryption?
|
Every packet is encrypted at every point between two communicating hosts.Information sent to one router is encrypted by the host and decrypted by the router, which then re-encrypts the information with a different key and sends it to the next point. In this formulation, the headers are also encrypted
|
|
|
What are the drawbacks to link encryption?
|
Slow speed and vulnerability to "man-in-the-middle" attacks.
|
|
|
Cryptovariable
|
The value applied to encrypted or clear text in order to decrypt or encrypt the text.
|
|
|
What indicates the strength of the key?
|
The length of a key in bits.
|
|
|
Symmetric key cryptography
|
A single key is used to encrypt and decrypt data between two communicating hosts
|
|
|
How can an attacker break a system that uses symmetric key cryptography?
|
The attacker must either discover the key through trial-and-error or discover the key during the initial "key agreement"
|
|
|
DES
|
An outdated 64-bit block cipher that uses a 56-bit key; it is a symmetric algorithm that splits the 64-bit block into two separate blocks under the control of the same key. This cipher is highly insecure and unreliable
|
|
|
3DES
|
Triple DES or 3DES is the partial successor to DES but is still considered outdated and slow. It uses three separate 56-bit keys for an effective key length of 168 bits. However, a vulnerability exists that allows hackers to reduce the length of the key, reducing the time to crack the key. It also is very slow by today's standards.
|
|
|
AES
|
The true successor to DES; it uses a strong algorithm with a strong key and is based on the Rijndael block cipher.
|
|
|
Rijndael Block Cipher
|
A cipher that can utilize different block and key lengths (including 128, 192, and 256 bit keys) to produce a fast and secure symmetric block cipher.
|
|
|
Twofish algorithm
|
The Twofish algorithm is an alternative to Rijndael; it utilizes 128-bit blocks for keys up to 256 bits
|
|
|
IDEA
|
Remember that PGP uses IDEA to ensure email security and that it operates using 64-bit blocks and 128-bit keys
|
|
|
RC5
|
RSA Security developed RC5, a fast, variable-length, variable-block symmetric ciipher. It can accomodate a block size of up to 128 bits and a key up to 2048 bits.
|
|
|
What are the differences between symmetric and asymmetric key algorithms?
|
Symmetric keys are faster and easier to implement. They also lower overhead on system resources. Asymmetric keys are scalable and do not require much administration. They are also easier for users to use.
|
|
|
What is public key cryptography?
|
A widely-applied form of cryptography commonly utilized in many network transactions that utilizes widely-available and unique "public keys" as well as "private keys" to securely transmit confidential data.
|
|
|
How do systems using Public Key Cryptography ensure both information authenticity and confidentiality?
|
Information authenticity and confidentiality are ensured by signing and using a secure message format (clear text message is encrypted with destination user's public key and is then decrypted by the destination user's private key.)
|
|
|
What are three public key protocols?
|
RSA, Diffie-Hellman, and El Gamal
|
|
|
RSA
|
An assymetric key transport protocol that can be used to transmit private keys between hosts. It utilizes large prime numbers for effectiveness.
|
|
|
Diffie-Hellman
|
A key agreement protocol that can be used to exchange keys. It uses logarithms to ensure security.
|
|
|
El Gamal
|
An extension of Diffie-Hellman that includes encryption and digital signatures.
|
|
|
Message Digest
|
An unreadable, condensed version of a message that utilizes a one-way hash function to calculate a set-length version of a message that cannot be deciphered into clear text.
|
|
|
When are message digests typically used?
|
In situations where it would be undesirable to be able to decrypt the message (such as in modern username/password systems, in which the password is stored as a hash)
|
|
|
What are two hashing protocols?
|
MD5 and SHA-1
|
|
|
What is MD5?
|
The most commonly-used hash protocol; it uses a 128-bit digest; it is very fast in hashing a message and is open source.
|
|
|
What is SHA-1?
|
A more secure implementation of a hashing protocol (as opposed to MD5) that uses a 160-bit digest and "pads" a message to create a more difficult-to-decipher hash.
|
|
|
Physical Security
|
Aspects of information security that are related to physical threats, such as fire or natural disasters
|
|
|
What are the four classes of fire?
|
Common combustibles (A), burnable fuels (B), electronics (C), and chemical / other (D)
|
|
|
What are three common methods of fire detection?
|
Heat-sensing, flame-sensing, and smoke-sensing
|
|
|
What are four different systems to suppress fire?
|
Water, C02, Soda acid, Halon
|
|
|
What fire supressants are effective with Type A fires (common combustibles)
|
Water, soda acid, and halon
|
|
|
What fire suppressants are useful for Type B fires (burnable fuels)?
|
CO2, soda acid, and halon
|
|
|
What does HVAC stand for?
|
Heating, Ventilation and Air Conditioning
|
|
|
What can high temperatures cause?
|
Overheating of computer equipment, especially processors
|
|
|
What can high humidity cause?
|
Corrosion in equipment due to water damage
|
|
|
What can low humidity cause?
|
An environment suited for too much static electricity (ESD)
|
|
|
Where is electrical power generated?
|
A utility substation or power grid
|
|
|
What are EPO switches?
|
Used to shut down power immediately
|
|
|
What are backup power sources used for?
|
They are used to ensure continuity in the case of a disaster
|
|
|
What are backup sources needed for?
|
Backup sources are needed for reliability of critical applications, such as servers and physical equipment
|
|
|
What is ESD?
|
Electrostatic discharge, or electricity build-up and release
|
|
|
What can prevent ESD?
|
40 to 60 percent humidity levels, grounding, and antistatic floor mats
|
|
|
What causes electronic noise?
|
Electronic noise occurs when high-energy electrons "cross over" into another wire or signal
|
|
|
How can you avoid electrical noise?
|
Use power line conditioners and surge protectors, and use grounding and shielded cabling
|
|
|
What is business continuity?
|
The premise that your business should continue to operate in the face of a disaster
|
|
|
What is disaster recovery planning?
|
The effort to recover infrastructure that fails as a result of a disaster.
|
|
|
How can you ensure confidentiality of emails?
|
Encryption
|
|
|
How can you ensure i ntegrity of emails?
|
Encryption, digital signatures, and strong passwords
|
|
|
What is S/MIME (Secure Multipurpose Internet Mail Extensions)?
|
An extension that provides basic cryptographic services via the Internet
|
|
|
What is one of the most popular cryptographic email security services available?
|
S/MIME
|
|
|
What is MOSS (MIME Object Security Services)?
|
A less common more extensive suite of security services for email
|
|
|
What is PEM (Privacy Enhanced Mail)?
|
A service that provides 3DES encryption for email
|
|
|
What is PGP (Pretty Good Privacy)?
|
An open-source and extremely popular email security suite that uses IDEA to encrypt emails and validate signatures
|
|
|
What are a few email security vulnerabilities?
|
Spam (often causing denial of service), Open relays (email servers that forward email without authentication) and malicious software
|
|
|
What is SSL?
|
A connection-oriented standard designed to allow for secure cryptographic communication between two hosts?
|
|
|
What is the newest version of SSL?
|
TLS
|
|
|
How can you ensure confidentiality of emails?
|
Encryption
|
|
|
How can you ensure i ntegrity of emails?
|
Encryption, digital signatures, and strong passwords
|
|
|
What is S/MIME (Secure Multipurpose Internet Mail Extensions)?
|
An extension that provides basic cryptographic services via the Internet
|
|
|
What is one of the most popular cryptographic email security services available?
|
S/MIME
|
|
|
What is MOSS (MIME Object Security Services)?
|
A less common more extensive suite of security services for email
|
|
|
What is PEM (Privacy Enhanced Mail)?
|
A service that provides 3DES encryption for email
|
|
|
What is PGP (Pretty Good Privacy)?
|
An open-source and extremely popular email security suite that uses IDEA to encrypt emails and validate signatures
|
|
|
What are a few email security vulnerabilities?
|
Spam (often causing denial of service), Open relays (email servers that forward email without authentication) and malicious software
|
|
|
What is SSL?
|
A connection-oriented standard designed to allow for secure cryptographic communication between two hosts?
|
|
|
What is the newest version of SSL?
|
TLS
|
|
|
What is S-HTTP?
|
A connectless standard that provides for symmetric encryption, message digests, and client-server authentication
|
|
|
What are browser scripts/vulnerabilities?
|
Controls, scripts, programs, or other software that can run from the browser and cause damage to a host.
|
|
|
What is the best way to protect against browser buffer overflows?
|
Remain vigilant and updated on latest patches
|
|
|
Explain the setup of a screening router.
|
The router acts as the sole gateway and gatekeeper between the untrusted, outside network and the trusted network
|
|
|
How does a router decide what traffic is allowed?
|
Through an ACL list; it blocks traffic based on source, destination and other header information (think=St Peter as the gatekeeper of Heaven)
|
|
|
In the screening router setup, what is a major vulnerability?
|
The router is a single point of failure; it depends highly on the administrator to maintain a favorable ACL and has difficulty masking internal network structure
|
|
|
What is a Dual-Homed Gateway?
|
A screening router that implements a bastion host between the screening (external) router and the trusted network.
|
|
|
What is a bastion host?
|
A host that is configured to withstand most attacks and can additionally function as a proxy server. This prevents direct communication between the external and trusted networks.
|
|
|
What is a screen host gateway?
|
A dual-homed gateway in which outbound traffic (from trusted to un-trusted) can move unrestricted.
|
|
|
What is a screen-subnet?
|
A screened subnet works to employ a bastion host between two screening routers.
|
|
|
What is the zone around the bastion host called?
|
DMZ
|
|
|
What is an IDS (Intrusion Detection System)
|
A system that can track or detect a possible malicious attack on a network
|
|
|
Active IDS
|
An active IDS will attempt to thwart any kind of malicious attack on a nework
|
|
|
Passive IDS
|
Logs and detects any kind of malicious attack; it does not thwart the attack
|
|
|
Network-based IDS
|
Operates as its own node on a network
|
|
|
Host IDS
|
Requires agents to be installed on every potrected hostl
|
|
|
How does a knowledge-based IDS work?
|
It works by assessinbg network traffic and comparing it with known malicious signatures.
|
|
|
Behavior-based IDS
|
Analyzes baseline information about the system
|
|
|
Honeypot
|
A server designed to lure attackers or malicious users into attempting an attack on a fictional or purposely week
|
