Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
415 Cards in this Set
- Front
- Back
|
DRP
I&A PKI |
Disaster recovery plans
Identification and authentication Public Key Infrastructure |
|
|
hot site
|
facility design to provide immediate availability in the event of a system or network failure
|
|
|
MAC(not address)
|
Mandatory Access Control
MAC is a static model that uses a predefined set of access privileges for files on the system. The sys admin establish these parameters and associate them with an a account, files, or resources. |
|
|
DAC
|
Discretionary Access Control
DAC model allows the owner of a resource to establish privileges to the information they own. The difference between DAC and MAC is that labels are not mandatory but can be applied as needed. |
|
|
ACL
|
access control list
|
|
|
RBAC
|
Role-Based Access Model
RBAC model allows a user to act in a certain predetermined manner based on the role the user holds in the organization. The roles almost always shadow the organizational structure. |
|
|
Authentication(def)
|
proves that a user or a system is actually who the say they are
|
|
|
CA
|
Certificate Authority
|
|
|
CPS
|
Certificate Practice Statement
CPS outline the tules used ffor issuing and managing certificates. |
|
|
CRL
|
Certification Revocation List
CRL lists the revocations that must be addressed in order to stay current |
|
|
CHAP
|
Challenge Handshake Authentication Protocol
|
|
|
CHAP steps
|
1)Initiator sends a logon request to the server
2)the server sends challenge back to the client 3)the challenge is encrypted and sent back to the server 4)Server compares the value from the client and if the information matches grants authorization 3) |
|
|
PAP
|
Password Authentication Protocol
|
|
|
Access attack
|
someone who should not be able to wants to access your resources
|
|
|
Modification/repudiation attack
|
someone wants to modify information in your system
|
|
|
Denial-of-Service(DoS) attack
|
is an attempt to disrupt your network and services. When your system becomes so busy responding to illegitimate requests it can prevent authorize user from having access
|
|
|
Dumpster diving
|
common physical access method
|
|
|
Eavesdropping
|
the process of listening in on or overhearing parts of a conversation, including listening to your network traffic
|
|
|
Snooping
|
occurs when someone looks through your files hoping to find something interesting
|
|
|
Interception
|
can be either active or passive process.Passive interception in a network environment would involve someone who routinely monitors network traffic. Active includes putting a computer system in between the sender and receiver to capture information being send
|
|
|
Ping of death
|
type of DoS attack
crashes the system by sending ICMP packets that are larger than the system can handle |
|
|
Buffer overflow
|
type of DoS attack
attempts to put more data(usually long input strings) into the buffer that it can hold |
|
|
sPing
|
example of ping of death
|
|
|
Code Red, Slapper, Slammer
|
all attack that took advantage of buffer overflow
|
|
|
Null session attack
|
user logs into Windows-based computer as a null user(bypassing basic authentication). Often used to launch a DoS attack
|
|
|
DDoS
|
distributed denial-of-service attack DDoS is similar to DoS attack. It uses multiple computer system to conduct the attack against a single organization
|
|
|
Botnet
|
has come to be the word used to describe malicious software running on a zombie
|
|
|
Back door attack
|
1)referred to troubleshooting and developer hooks into system
2)gaining access to a network and inserting a program or utility that creates an entrance for an attacker |
|
|
Spoofing attacks
|
an attempt by someone or something to masquerade as someone else. Considered an access attack
|
|
|
IP spoofing
|
the goal is to make the data look as if it came from a trusted host when it didn't
|
|
|
DNS spoofing
|
the DNS server is given information about a name server that it thinks is legitimate when it isn't
|
|
|
DNS poisoning
|
DNS spoofing
|
|
|
Domain name kitting
|
When a new domain name is issued, there is a five day grace period before you must technically pay for it. Those engaged in kiting can delete the account within the five days and re-register it again - allowing them to have accounts that they never have to pay
|
|
|
Man-in-the-middle attacks
|
a piece of software is placed between a server and the user that neither the server administrators nor the user is aware of. The software intercepts data and then sends the information to the server as if nothing is wrong. The server responds, thinking it's communicating with the legitimate client.
|
|
|
TCP/IP hijacking
|
older name form Man-in-the-middle attacks
|
|
|
Reply attack
|
occur when information is captured over a network and later replayed
|
|
|
Password-guessing attacks
|
occur when an account is attacked repeatedly. This is accomplished by utilizing applications known as password cracker, which send possible passwords to the account in a systematic manner
|
|
|
Brute-force attack
|
is an attempt to guess passwords until a successful guess occurs. Usually occurs over a long period of time.
|
|
|
Dictionary attack
|
uses a dictionary of common words to attempt to find the user's password/
|
|
|
Rainbow tables
|
values of hashes to identify the salt(random bits added to the password) used in creating the stored value
|
|
|
Privilege escalation
|
can be result of an error on an administrator's part in assigning too high a permission set to a user, but it's more often associated with bugs left in software.
|
|
|
Application layer(DoD)
|
this layer is the highest layer of the suite. It allows application to access service or protocols to exchange data.
|
|
|
Host-to-Host(Dod)
|
provides the Application layer with session and datagram communication services. The TCP and UDP operate at this layer
|
|
|
Internet layer(DoD)
|
Internet layer is responsible for routing, IP addressing, and packaging. The protocols in this layer accomplish most of the behind-the-scenes work in establishing the ability to exchange information between hosts
|
|
|
Network interface layer
|
lowest level of the TCP/IP suite. This layer is responsible for placing and removing packets on the physical network through communication with the network adapters in the host
|
|
|
DoD layers
|
Application
Host-To-Host(aka Transport) Internet Network |
|
|
port 20
port 21 port 22 port 23 port 25 |
ftp(data channel)
ftp(control channel) ssh telnet smtp |
|
|
port 49
port 80 port 110 port 119 port 139 |
TACACS authentication service
HTTP POP3 NNTP NetBIOS session sevice |
|
|
port 143
port 389 port 443 port 53 port 69 |
IMAP
LDAP HTTPS DNS name queries TFTP |
|
|
port 137
port 135 port 161 port 162 |
NetBIOS name service
NetBIOS datagram service SNMP SNMP trap |
|
|
ISN
|
initial sequence number
used in TCP session establishment |
|
|
TCP three-way handshake
|
TCP establishes a session using three-way handshake
1)the client originates the connection, sends a TCP segment to the server, the segments include ISN for the connection and a window size 2)the server responds with a TCP segment thah contains its ISN and a value indicating its buffer, or window size 3)the client then sends back an acknowledgment of the server's sequence number |
|
|
TCP three-way handshake
(simple) |
1)host - SYN to server
2)server - SYN/ACK to host 3)host - ACK to server |
|
|
API
|
application programmable interface
|
|
|
network sniffer(aka scanner)
|
is a device that captures and displays network traffic
|
|
|
promiscuous mode
|
allows the NIC to capture all information that it sees on the network
|
|
|
IIS
|
internet information server
|
|
|
How to check whether a system has a particular protocol or port available
|
all you have to do is use the telnet command and add the port number
|
|
|
TCP SYN or TCP ACK flood attack
|
this is a common attack. Purpose is to deny service. Begins as a normal TCP connection, but the client keeps sending ACK packets to the server. The ACK packets tell the server that a connection is requested. The server responds with an ACK packet to the client. The client is supposed to respond with another packet, establishing the session. But this never happen. The sever keep this sessions open, causing the server to fill up the available sessions and deny client the ability to access the resources
|
|
|
TCP sequence number attack
|
occur when an attacker takes control of one end of a TCP session. Each time a TCP message is sent, either the client or the server generates a sequence number. During the attack the attacker intercepts and the responds with a sequence number similar to the one used in the original session. This attack can either disrupt or hijack a valid session.
|
|
|
TCP/IP Hijacking
|
aka active sniffing, involves the attacker gaining access to a host in the etwork and logically disconnecting it from the network. The attacker then inserts another machine with the same IP address.
|
|
|
UDP flooding
|
UDP flooding overloads services, networks, and servers. Large streams of UDP packets are focused at a target, causing the UDP services on the host to shut down
|
|
|
ICMP attacks
|
ICMP attacks occur by triggering a response from the ICMP protocol to a seemingly legitimate maintenanace request.
|
|
|
Smurf attack
|
uses IP spoofing and broadcasting to send a ping to a group of hosts in a network. An ICMP request(type 8) is answered with an ICMP ping reply(type 0) if the targeted system is up, other wise unreachable message is returned.
|
|
|
ICMP tuneling
|
ICMP messages can contain data about timing and router. A packet can be used to hold information that is different from the intended information. This allows an ICMP packet to be used as a communication channel between two systems.
|
|
|
Software exploits
|
attacks launched against applications and higher-level services.
|
|
|
Database exploits
|
If a client session can be hijacked or spoofed, the attacker can formulate queries against the database that disclose unauthorized information
|
|
|
Application exploit
|
macro virus is a set of programing instructions in a language such as VBScript that commands an application to perform illicit action
|
|
|
E-mail exploitation
|
Modern e-mail clients offer many shortcuts, lists, and other capabilities to meet the user demands. A popular exploit of e-mail clients involve accessing the client address book and propagating viruses
|
|
|
Spyware
|
spyware differs from other malware in that it works - often actively - on behalf of a third party. The user often do not know they have asked for it, but have acquired it by downloading other programs, visiting infected sites, and so on
|
|
|
Rootkits
|
software programs that have the ability to hide certain things from the operating system
|
|
|
OVAL
|
open vulnerability and assessment language
OVAL is a community standard written in XML that strives ti promote open and publicly available security content. It consists of a language, interpreter, and repository and is meant to standardize information between security tools |
|
|
Malicious code
|
refers to a broad category of software threats to your network and system, including viruses, Trojan horses, bombs, and worms
|
|
|
Viruses
|
piece of software designed to infect a computer system.
|
|
|
Armored virus
|
designed to make itself difficult to detect or analyze.This type cover themselves with protective code that stops debuggers or disassemblers from examining critical elements of the virus
|
|
|
Companion virus
|
attaches itself to legitimate programs and then create a program with a different filename extension. This file may reside in your system's temporary directory. When the user tries to execute the legit program the companion virus executes instead
|
|
|
Macro virus
|
exploits the enhancements made to many application programs. This mini programs are called marcos. Macro virus can infect all the documents on your system and spread to other systems via e-mail or other methods.
|
|
|
Phage virus
|
modifies and alters other programs and databases. The only way to remove this virus is to reinstall the programs that are infected
|
|
|
Polymorphic virus
|
changes form in order to avoid detection. Frequently, the virus will encrypt parts of itself to avoid detection this process is also known as mutation.
|
|
|
Retrovirus
|
attacks or bypasses the antivirus software installed on a computer. Retroviruses can directly attack your antivirus software ad potentially destroy the virus definition databas. May also directly attack an antivirus program to create bypasses for itself
|
|
|
Stealth virus
|
attempts to avoid detection by masking itself from applications. When a system utility or program runs, the stealth virus redirects commands around itself in order to avoid detection.
|
|
|
Trojan horses
|
programs that enter a system or network under the guise of another program. The Trojan horse can be used to co compromise the security of your system.
|
|
|
Logic bomb
|
Programs or snippets of code that execute when a certain predefined event occurs
|
|
|
infrastructure security
|
deals with the most basic aspect of how information flows and how work occurs in your network system. Includes servers, networks, network device, workstations, and the process in place to facilitate work.
|
|
|
NOC
|
Network operation center
central area for network monitoring and administrative control |
|
|
firewall types
|
packet filter
proxy firewall stateful inspection firewall |
|
|
packet filter firewall
|
passes or blocks traffic to specific addresses based on the type of application. Doesn't analyze the data of a packet, it decides to pass or deny based on the packets addressing information
|
|
|
proxy firewall
|
is an intermediary between your network and any other network. They process requests from an outside network, examines the data and make a rule-based decisions to deny or allow the traffic
|
|
|
packet filter vs proxy firewall
|
proxy firewall provides better security than packet filtering firewall because of the increased intelligence that a proxy firewall offers. The proxy isolates the internal network form the external. Offers caching.
|
|
|
dual-homed firewall
|
type of firewall that uses two NIC. One connected to the internal network, while the other is connected to the external network
|
|
|
application level proxy
|
reads the individual commands of the protocols that are being served. This type of server is advanced and must know the rules and capabilities of the protocol used.
|
|
|
circuit level proxy
|
creates a circuit between client and server and doesn't deal with the content of the packets that are being processed.
|
|
|
stateful inspection firewall
|
records are kept using a state table that tracks every communication channel. Occurs at all levels of the network and provide additional security especially for UDP and ICMP
|
|
|
Hub
|
a device allowing many host to communicate with each other through the us of physical ports. Broadcast traffic can traverse the hub, and all data received through one port is sent to all other ports.
|
|
|
RAS
|
remote access service
refers ti any server service that offers the ability to connect remote system |
|
|
RRAS
|
Routing and Remote Access Service
used in Microsoft Windows-based products |
|
|
border routers
|
Routers, in conjunction win CSU/DSU are used to translate from LAN framing to WAN framing. This is needed because the network protocols are different in LANs and WANs
|
|
|
RIP
|
Routing information protocol
protocol that is part of TCP/IP protocol suite. Routers that use RIP routinely broadcast the status and routing information of known routers. RIP also attempts to find routes between system using the smallest number of hops or connections |
|
|
BGP
|
border gateway protocol
allows groups of routers ti share routing information |
|
|
OSPF
|
open shortest path first
allow routing information to be updated faster than RIP |
|
|
PBX
|
private branch exchange
PBX systems now allow users to connect voice, data, pagers, networks, and almost any other conceivable application into a single telecommunication system |
|
|
sniffers
|
aka network monitors were originally introduced to help troubleshoot network problems. You can exam the signaling and traffic that occurs on a network.
|
|
|
IDS
|
intrusion detection systems
software that runs on either individual workstations or network devices to monitor and track network activity. IDS can be configured to evaluate system logs, look at suspicious network activity, and disconnect sessions that appear to violate security settings |
|
|
platform hardening
|
the process of making a workstation or a server more secure
|
|
|
OS hardening
|
the process of hardening the OS
|
|
|
locking down
|
all newer Windows clients allow permissions to be established to prevent software installation
|
|
|
Levels of security in the WAP protocol
|
1)Anonymous authentication - allows almost everybody ti connect to the wireless portal
2)Server authentication - requires the workstation to authenticate against a server 3)Two-way(client-server) authentication - requires both ends of the connection to authenticate to confirm validity |
|
|
WSP
|
wireless session protocol
manages the session information and connection between the devices |
|
|
WTP
|
wireless transaction protcol
provides service similar to TCP and UDP for WAP |
|
|
WDP
|
wireless datagram protocol
provides common interface between devices |
|
|
WTLS
|
wireless transport layer security
the security layer if the WAP |
|
|
WSP
WTP WDP WTLS |
wireless session protocol
wireless transaction protocol wireless datagram protocol wireless transport layer security |
|
|
PPP
|
point-to-point protocol
supports AppleTalk, IPX, DECnet works with POTS, ISDN, T1 doesn't provide security, but it does provide authentication using CHAP |
|
|
PPP, NCP, LCP
|
PPP works by encapsulating traffic in a protocol called Network control protocol(NCP). Authentication is handled by Link control protocol(LCP)
|
|
|
Tunneling protocol
|
adds the ability to create tunnels between networks that can be more secure, support additional protocols, and provide virtual paths between systems
|
|
|
PPTP
|
point-to-point tunneling protocol
encapsulates and encrypts PPP packets. The negotiation between the two ends of a PPTP is done in the clear. After negotiation is performed, the channel is encrypted. This is the major weakness of PPTP |
|
|
L2F
|
layer 2 forwarding
created by CISCO as a method of creating tunnels primarily for dial-up connections. |
|
|
L2TP
|
layer 2 tunneling protocol
is a hybrid of PPTP and L2F. PRimary a PPP. Supports multiple network protocols. Doesn't provide data security, information is unencrypted. Security is provided by IPSec |
|
|
SSH
|
secure shell
tunneling protocol. Uses encryption to establish a secure connection between two systems |
|
|
IPSec
|
internet protocol security
not a tunneling protocol but used with them. Proide secure authentication and encryption of data and headers. |
|
|
IPSec modes
|
1)Tunneling mode - encrypts both the data and message headers
2)Transport mode - encrypts only the data |
|
|
RADIUS
|
Remote authentication dial in user service
mechanism that allows authentication of dial-in and other network connections |
|
|
TACACS
|
Terminal access controller access control system
client-server-oriented environment, operates similar to RADIUS |
|
|
XTACACS
|
extended terminal access controller access control system
|
|
|
TACACS/+
|
most current method of TACACS.
Allows credentials to be accepted from multiple methods including Kerberos. |
|
|
SSL
|
secure socket layer
protocol that uses an encryption scheme between the two systems. The client initiates the session, the server responds, indication that encryption is needed, and then they negotiate an appropriate encryption scheme |
|
|
TLS
|
transport layer security
a newer protocol that merges SSL with newer protocols to provide encryption |
|
|
HTTP/S
|
HTTP Secure
protocol used for secure connections between two systems that use the web. It protects the connection, and all traffic between the two system is encrypted. Uses either TLS or SSL |
|
|
ActiveX
|
technology that was implemented by Microsoft to customize controls, icons, and other features, which increases the usability of web-enabled systems
|
|
|
Authenticode
|
type of certificate technology that allows ActiveX components to be validated by server
|
|
|
Buffer overflow
|
occurs when an application receives more data that it's programmed to accept. This can cause an application to terminate or to write date beyond the end of the allocated space.
|
|
|
CGI
|
common gateway interface
older form of scripting. CGI scritps were used to capture date from a user using simple forms. CGI scripts run on the web server and interact with the browser. |
|
|
Cookies
|
text files that a browser maintains on the user's hard disk in order to provide a persistent, customized web experience for each visit. They can contain personal information so if they fall in the wrong hands could case damage
|
|
|
GroupWise
|
Novel product, an e-mail and collaboration system similar to Microsoft Exchange
|
|
|
ZENWorks
|
software and configuration distribution product
|
|
|
ID
|
intrusion detection
the process of monitoring events in a system or network to determine if an intrusion is occurring |
|
|
MD-IDS
|
misuse detection IDS
primarily focused on evaluating attacks based on attack signatures and audit trails |
|
|
Signature-based-detection IDS
|
same as MD-IDS
|
|
|
AD-IDS
|
anomaly-detection IDS
looks for anomalies, meaning it looks for things outside of the ordinary. Usually AD-IDS establishes a base line |
|
|
N-IDS
|
network-based IDS
attaches the IDS to a pint in the network where it can monitor and report on all network traffic |
|
|
shunning
|
ignoring an attack is a common response. The attack being executed is aimed at a different application than the one being used(having an IIS attack on a server running Apache)
|
|
|
HIDS
|
host-based IDS
designed to run as a software on a host computer system |
|
|
NIPS
|
network intrusion prevention system
these systems focus on a signature matches and the take a course of action |
|
|
honeypot
|
a computer that has been designated as a target for computer attacks
|
|
|
enticement
|
the process of luring someone into ypour plan or trap
|
|
|
entrapment
|
the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead
|
|
|
forensics
|
the process of identifying what has occurred on a system be examing the data trail
|
|
|
IRP
|
incident response plan
|
|
|
chain of custody
|
when working with incidents you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been. The evidence must always be withing your custody, or you are ope to dispute about whether it has been tampered with
|
|
|
escalation
|
involves consulting policies, consulting appropriate management, and determining how best to conduct an investigation into the incident
|
|
|
WAP
|
wireless application protocol
technology designed for use with wireless device. WAP functions are equivalent to TCPI/IP functions |
|
|
gap in the WAP
|
WAP system communicates using a WAP gateway system. The gateway converts information back and fortth between HTTP and WAP as well as encodes and decodes between the security protocols. If the interconnection between the WAP server and the internet isn't encrypted, packets between the devices may be intercepted, creating a potential vulnerability called gap in the WAP
|
|
|
WEP
|
wired equivalent privacy
security standard for wireless devices. Encrypts data to provide data security |
|
|
WPA
WPA2 |
Wi-FI protected access
Wi-Fi protected access 2 addresses the problems with WEP |
|
|
site survey
|
site survey involve listening in on an existing wireless network using commercially available technology. Doing so allows intelligence, and possible data capture, to be performed on systems in your network
|
|
|
war driving
|
refers to driving around town with a laptop looking for WAPs that can communicate with. The network card on the laptop is set in promiscuous mode and it look for signals coming from everywhere
|
|
|
rogue access point
|
any wireless access point added to your network that has not been authorize is considered rogue
|
|
|
blue jacking
|
is the sending of unsolicited messages over Bluetooth connection
|
|
|
bluesnarfing
|
gaining of unauthorized access through a Bluetooth connection. Access is gained thorough phone, PDA
|
|
|
jamming
|
IM attack
the attack is intended to disrupt existing systems by interjecting or flooding a channel with garbage data |
|
|
SPIM
|
spam over IM
|
|
|
footprinting
|
the process of systematically identifying the network and its security posture.
|
|
|
stages of incident report
|
1)identification
2)investigation 3)repair 4)documentation |
|
|
penetration testing
|
involves trying to get access to your system from an attacker's perspective. Typically, you perform this from a system on the on Iternet and try to see if you can break in.
|
|
|
vulnerability testing
|
typically you run a software program that contains a database of known vulnerabilities against your system to identify weakness.
|
|
|
security baseline
|
defines the level of security that will be implemented and maintained
|
|
|
EAL
|
evaluation assurance levels
EAL1 through EAL7 |
|
|
EAL1
|
EAL1 is primarily used when the user wants assurance that the system will operate correctly but threats to security aren't viewed as serious
|
|
|
EAL2
|
EAL2 requires product developers to use good design practice. Security isn't considered a high priority in EAL2 certification
|
|
|
EAL3
|
EAL3 requires conscientious development efforts to provide moderate levels of security
|
|
|
EAL4
|
EAL4 requires positive security engineering based on good commercial development practice. It is anticipated that EAL4 will be the common benchmark for commercial systems
|
|
|
EAL5
|
EAL5 is intended ti ensure that security engineering has been implemented in a product from the early design phases. It's intended for high levels f security assurance. The EAL documentation indicates that special deign considerations will most likely be required to achieve this level of certification
|
|
|
EAL6
|
EAL6 provides high levels of assurance of specialized security engineering. This certification indicates high levels of protection against significant risks. Systems with EAL6 certification will be highly secure from penetration attackers
|
|
|
EAL7
|
EAL7 indicates for extremely high levels of security. The certification requires extensive testing, measurement, and complete independent testing of every component
|
|
|
CC
|
Common criteria
security standard that defines a comprehensive set of evaluation criteria, broken down into EAL1 through EAL7 |
|
|
The recommended level of certification for commercial system is
|
EAL4
|
|
|
Binding
|
the process of tying a network protocol ti another network protocol or to a NIC
|
|
|
whole disk encryption
|
encrypt an entire volume with 128-bit protection. When the entire volume is encrypted, the data is not accessible to someone who might boot another operating system in an attempt to bypass the computer's security
|
|
|
Bitlocker
|
is a whole disk encryption feature available in Vista Enterprise and Ultimate
|
|
|
local policies
|
settings that apply to the workstation when the user has yet to authenticate with the network. This policies restrict the user locally.
|
|
|
group policies
|
you create restrictions that will apply to workstations when users authenticate. Upon each authentication, those restrictions are the applied as Registry settings, providing an efficient way to manage a large number of computers
|
|
|
secpol.msc
|
runs the Group policies snap-in
|
|
|
perfmon.msc
|
runs the Performance console snap-in
|
|
|
TCP wrappers
|
low-level logging packages designed for Unix system. Wrappers provide additional detailed logging on activity using a specific protocol. Each protocol or port must have a wrapper installed for it. The wrappers then record activities and deny access to the service or server
|
|
|
NLM
|
Netware loadable modules
can extend the server services by adding NLM. These modules allow executable code to be patched or inserted into the OS |
|
|
support pack
|
same as service pack but for Novell
|
|
|
NSS
|
netware storage services
provide higher performance and larger file storage capacities that NFS |
|
|
NFS
|
netware file system
Novell proprietary file structure. This system allow complete control of every file resource on a NetWare server |
|
|
DNS DoS
|
attack that are primarily aimed at DNS server. The intention is to disrupt the operations of the server, thereby making the system unusable. To prevent the attack make sure that the OS software is kept up to date
|
|
|
Network footprinting
|
the act of gathering data about a network in order to find ways someone might intrude. You are looking for vulnerabilities and any means of entry
|
|
|
DNS poisoning
|
aka cache poisoning
a deamon caches DNS reply packets, which sometimes contain other information. The extra data can be scanned for information useful in a break-in or man-in-the-middle attack |
|
|
ARP poisoning
|
tries to convince the network that the attacker's MAC address is the one associated with an IP address so that traffic send to that IP address is wrongly sent to the attacker's machine
|
|
|
RPC
|
remote procedure call
programming interface that allows a remote computer to run programs on a local machine. It has created a serious vulnerabilities in systems that have RPC enable uses port 111 on Unix systems |
|
|
data repositories
|
many of the systems that are being used in networks today rely heavily on stored data. The data is usually kept in servers that provide directory services and database services. These systems are referred to data repositories
|
|
|
directory service
|
tools that help organize and manage complex networks.
|
|
|
LDAP
|
Lightweight Directory Access Protocol is a standardized directory access protocol that allows queries to be made of directories. LDAP is the main protocol used by AD uses port 389
|
|
|
LDAP name types
|
1)Distinguished Name(DN)
2)Relative Distinguished Name(RDN) 3)User principal name(UPN) 4)Canonical name(CN) |
|
|
DN
|
Distinguished name exist for every object in AD. This values must be unique.
|
|
|
RDN
|
Relative Distinguished Name doesn't need to be a wholly unique value as long as there are no duplicates within the organization unite.
RDN is the portion of the name that is unique within its container |
|
|
UPN
|
User Principal Name
often referred to as a friendly name. Consists of the user account and the user's domain name and is used to identify the use |
|
|
CN
|
Canonical name is the DN given in top-down notation
|
|
|
X.500
|
the basis for later models of directory structure such as LDAP
|
|
|
relation database
|
most common implementation. Allows data to be viewed in dynamic ways based on the user's or administrator's needs. Example SQL
|
|
|
One-tier model
|
or single-tier environment, the database and the application exist on a single system. Example desktop running a stand alone databas.
|
|
|
Two-tier model
|
the client PC or system runs an application that communicates with the database that is runnig on a different server
|
|
|
Three-tier mode
|
effectively isolate the end user from the database by introducing a middle-tier server. The middle server accepts requests from clients, evaluates them, and then sends them on to the database server for processing. The database server returns the data to the middle server.
|
|
|
Physical barriers
|
prevents access to computes and network systems.
|
|
|
Multiple barrier system
|
effective physical barrier implementation require more than one physical barrier
|
|
|
perimeter
|
the external entrance to the building, which is protected by burglar alarms, external walls, surveillance.
|
|
|
physical token
|
anything that a user must have on them ti access network resources and are often associated with devices that enable the user to generate a one-time password authenticating their identity
|
|
|
mantrap
|
access-control mechanism, requires visual identification and authentication, to gain access. It allows only one or two people into the facility at a time.
|
|
|
perimeter security
|
is the first line of defense in your security model.
|
|
|
security zones
|
area in a building where access is individually monitored and controlled. In a building, floors, sections of floors, and even offices can be broken down into smaller areas called security zones
|
|
|
network security zone
|
perform the same function as physical security zones. Divides a network into smaller sections, each zone can have its own security consideration and measures.
|
|
|
Partitioning
|
partitioning a network is functionally the same as partitioning a building. Involves creating a private networks within larger network. Partitions can be isolated from each other using routers and firewalls
|
|
|
social engineering
|
the process by which intruders gain access to your facilities, your network, and even to your employees by exploiting the generally trustin nature of people.
|
|
|
Physical barriers
|
prevents access to computes and network systems.
|
|
|
Multiple barrier system
|
effective physical barrier implementation require more than one physical barrier
|
|
|
perimeter
|
the external entrance to the building, which is protected by burglar alarms, external walls, surveillance.
|
|
|
physical token
|
anything that a user must have on them ti access network resources and are often associated with devices that enable the user to generate a one-time password authenticating their identity
|
|
|
mantrap
|
access-control mechanism, requires visual identification and authentication, to gain access. It allows only one or two people into the facility at a time.
|
|
|
perimeter security
|
is the first line of defense in your security model.
|
|
|
security zones
|
area in a building where access is individually monitored and controlled. In a building, floors, sections of floors, and even offices can be broken down into smaller areas called security zones
|
|
|
network security zone
|
perform the same function as physical security zones. Divides a network into smaller sections, each zone can have its own security consideration and measures.
|
|
|
Partitioning
|
partitioning a network is functionally the same as partitioning a building. Involves creating a private networks within larger network. Partitions can be isolated from each other using routers and firewalls
|
|
|
social engineering
|
the process by which intruders gain access to your facilities, your network, and even to your employees by exploiting the generally trustin nature of people.
|
|
|
Physical barriers
|
prevents access to computes and network systems.
|
|
|
Multiple barrier system
|
effective physical barrier implementation require more than one physical barrier
|
|
|
perimeter
|
the external entrance to the building, which is protected by burglar alarms, external walls, surveillance.
|
|
|
physical token
|
anything that a user must have on them ti access network resources and are often associated with devices that enable the user to generate a one-time password authenticating their identity
|
|
|
mantrap
|
access-control mechanism, requires visual identification and authentication, to gain access. It allows only one or two people into the facility at a time.
|
|
|
perimeter security
|
is the first line of defense in your security model.
|
|
|
security zones
|
area in a building where access is individually monitored and controlled. In a building, floors, sections of floors, and even offices can be broken down into smaller areas called security zones
|
|
|
network security zone
|
perform the same function as physical security zones. Divides a network into smaller sections, each zone can have its own security consideration and measures.
|
|
|
Partitioning
|
partitioning a network is functionally the same as partitioning a building. Involves creating a private networks within larger network. Partitions can be isolated from each other using routers and firewalls
|
|
|
social engineering
|
the process by which intruders gain access to your facilities, your network, and even to your employees by exploiting the generally trustin nature of people.
|
|
|
GSM
SIM ECC |
global system for mobile communication
subscriber identification module elliptic curve cryptography |
|
|
BCP
|
business continuity planning
the process of implementing policies, controls, and procedures to counteract the effects of losses, outages, or failure of critical business process. |
|
|
CBP
|
critical business function
BCP is a management tool that ensures that CBF can be performed when normal business operations are disrupted |
|
|
components of BCP
|
Business impact analysis(BIA) and risk management
|
|
|
BIA
|
business impact analysis
concerned with evaluating the processes |
|
|
ARO
SLE ALE |
annualized rate of occurrence
single lost expectancy annual loss expectancy SLExARO=ALE |
|
|
policies
|
provide the people in an organization with guidance about their expected behavior
|
|
|
standard
|
deals with specific issues or aspects of business. Derived from policies.
|
|
|
guideline
|
help an organization implement or maintain standards by providing information on how to accomplish the policies and maintain the standards
|
|
|
Implicit denies
|
you specifically lock certain users out
|
|
|
Bell La-Padula
|
prevents user from accessing information that has a higher security rating that they are authorized to access. Also prevents information from being written down
No READ UP or WRITE DOWN |
|
|
Biba Model
|
more concerned with information integrity. No write up or read down
|
|
|
Clark-Wilson model
|
data can't be accessed directly. It must be accessed through applications that have predefined capabilities.
|
|
|
Information flow model
|
requires that each piece of information have unique properties, including operation capabilities. If an attempt were made to write lower-level information to a higher level, the model would evaluate the properties of the information and determine if the operation were legal
|
|
|
Noninterference model
|
intended to insure that higher-level security functions don't interfere with lower-level functions. A higher-level user changes the information, the lower-level user wouldn't know or be affected by the changes.
|
|
|
physical cryptography
|
transposition or substitution of characters or words.
|
|
|
steganography
|
the science of hiding information within other information
|
|
|
cipher
|
method used to encode characters to hide their value.
|
|
|
substitution cipher
|
type of coding or ciphering system that changes one character or symbol into another.
|
|
|
rot13
|
one of the oldest encoding algorithm. Rotates every letter 13 places in the alphabet
|
|
|
transposition cipher(transposition code)
|
involves transposing or scrambling the letters in a certain manner. Message is broken into blocks of equal size
|
|
|
hashing
|
refers to performing a calculation on a message and converting it onto a numeric hash value
|
|
|
tpm
|
trusted platform module
used to assist hash key generation. TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates |
|
|
cryptographic algorithms
|
used to encode a message from its unencrypted state into an encrypted message
|
|
|
SHA
|
secure hash algorithm
designed to ensure the integrity of a message. SHA is one-way hash that provides a hash value that can be used with an encryption protocol. This algorithm produces a 160-bit hash value. Updated to SHA-1 |
|
|
MDA
|
Message Digest Algorithm
creates a hash value and uses a one-way hash, The hash values used to help maintain integrity. |
|
|
LANMAN
|
used in OS prior to WinNT
|
|
|
NTLM
|
NT Lan Manager
released with WinNT |
|
|
Symmetric algorithms
|
requires both ends of an encrypted message to have the same key and processing algorithms. This algorithm generates a secret key that must be kept protected.
|
|
|
DES
|
data encryption standard
used since 1970. Base on 56-bit key |
|
|
AES
|
advanced encryption standard
supports key sizes of 128, 192, 256 |
|
|
AES256
|
uses 256 bits instead of 128
|
|
|
Triple-DES(3-DES)
|
upgrade of DES
|
|
|
CAST
|
algorithm developed by Carlisle Adams and Staffor Tavares. Used be IBM and Microsoft
|
|
|
Rivest's cipher
|
RC is an encryption family produced by RSA laboratories. Current levels RC5&RC6 can use a key size up to 2,048bits
|
|
|
Blowfish
|
encryption system produced by Counterpane Systems that performs a 64-bit block cipher at very fast speeds
|
|
|
IDEA
|
International Data Encryption Algorithm
Uses 128-bit key |
|
|
Asymmetric algorithms
|
use two keys to encrypt and decrypt data. This two key are referred to as the public key and the private key
|
|
|
PKC
|
Public Key Cryptography
two-key systems are referred as PKC |
|
|
RSA
|
Rivest, Shamir, Adleman
uses larger integer numbers as the basis of the process. RSA works for both encryption and digital signatures |
|
|
Diffie-Hellman
|
used primarily to send keys across public networks. The process isn't used to encrypt or decrypt message; it's used merely for the transmission of keys in secure manner
|
|
|
ECC
|
elliptic curve cryptography
similar functionality to RSA. Implemented in smaller less intelligent devices(cell phones, wireless devices). ECC encryption systems are based in the idea of using points of a curve to define the public/private key pair. |
|
|
El Gamal
|
algorithm used for transmitting digital signatures and key exchange. Similar to Diffie-Hellman key exchange and is based on the characteristics of logarithmic numbers and calculations
|
|
|
strength (in cryptography)
|
the effectiveness of cryptographic system in preventing unauthorized decryption is referred as strength
aka as Work factor |
|
|
work factor
|
describes an estimate of the amount of time and effort that would be needed to break a system
|
|
|
MAC(in messages)
|
message authentication code
MAC is derived from the message key. MAC is encrypted with the message, adding another layer of integrity check |
|
|
digital signatures
|
similar in function to a standard signature on a document. Validates the integrity of the message and sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message
|
|
|
nonrepudation
|
prevents one party from denying actions they carried out.
|
|
|
PKI
|
public key infrastructure
attempt to provide all the aspects of security to messages and transaction. PKI is a two-key - asymmetric system with four components |
|
|
PKI components
|
Certificate Authority(CA)
Registration Authority(RA) RSA digital certificates |
|
|
CA
|
certification authority
organization that is responsible for issuing, revoking, and distributing certificates. Certificate is nothing more than a mechanism that associates the public key with an individual |
|
|
RA
|
registration authority
can distribute keys, accept registration for the CA, and validate identities. RA doesn't issue certificates. |
|
|
LRA
|
local registration authority
used ti identify or establish the identity of an individual for certificate issuance. LRA can be used to verify and certify the identity of the individual on behalf of CA. LRA can then forward authentication documents to the CA to issue the certificate |
|
|
RA vs LRA
|
LRA can be used to identify or establish the identity of an individual
while RA can only validate identity |
|
|
X.509 v3
|
standard certificate format supported by the ITU.
1)Contains identifiers of two different algorithms used in the process. 2)contains a unique serial number issued by CA |
|
|
CPS
|
certification practice statement
detailed statement the CA uses to issue certificates and implement its policies of the CA |
|
|
certificate revocation
|
the process of revoking a certificate before it expires. Certification revocation is handled either through a CRL or OCSP
|
|
|
CRL
OCSP |
certification revocation list
online certificate status protocol |
|
|
trust models in PKI
|
1)hierarchial
2)bridge 3)mesh 4)hybrid |
|
|
hierarchical trust model
|
aka tree.
Root CA at the top provides all the information. The intermediate CAs are next in the hierarchy, and they only trust information provided by the root CA |
|
|
bridge trust model
|
peer-to-peer relationship exists between the root CAs. The root CAs can communicate with each other, allowing cross certification. Allows a certification process to be established between organizations and departments. Each intermediate CA trust only the CA above and below it, but the CA structure can be expanded without creating additional layers of CAs
|
|
|
mesh trust model
|
expands the bridge model by supporting multiple path and multiple root CAs. Each of the root CAs can cross-certify with the other root CAs in the mesh. This arrangement is also referred to as a web structure.
|
|
|
hybrid trust model
|
can use the capabilities of any or all of the structures bridge, mesh, hierarchical. Can be extremely flexible.
|
|
|
attacking the key
|
key attacks are typically launched to discover the value of a key by attacking it directly. Involves trying to crack a key by repeatedly guessing the key value
|
|
|
attacking the algorithm
|
if an error isn't discovered and corrected by a program's developer, an algorithm might not be able to secure the program.
|
|
|
intercepting transmission
|
allows over time the attacker to inadvertently gain information about the encryption system used by an organization.
|
|
|
birthday attack
|
attack targeted at the key.
if your key is hashed,the possibility is that given enough time, another value can be created that will give the same hash value |
|
|
weak key attack
|
based on the premise that many common passwords are used by lots of people. If the key length is short, the resulting value will be easier to guess.
|
|
|
mathematical attack
|
van be focused on the encryption algorithm itself, the key mechanism, or any potential are of weakness in the algorithm. Uses mathematical modeling and statistical analysis to determine how the system operates. This attack depends on intercepting large amounts of data methodically attempting to decrypt the messages
|
|
|
public domain cryptography
|
refers to the standards and protocols that emerge from individual or corporate efforts and are released to the general public for use.
|
|
|
PGP
|
pretty good privacy
encryption system used in e-mail encryption. Uses both symmetrical and asymmetrical encryption |
|
|
PKIX
|
Public Key Infrastructure X.509
working group formed to develop standards and models for the PKI environment. |
|
|
PKCS
|
Public-Key Cryptography Standards
set of voluntary standards created by RSA and security leaders currently 15 standards are published |
|
|
PKCS #1
PKCS #2 PKCS #3 PKCS #4 PKCS #5 |
RSA cryptography standard
Incorporated in PKCS #1 Diffie-Hellman Key agreement standard Incorporated in PKCS #1 Password-Based cryptography standard |
|
|
PKCS #6
PKCS #7 PKCS #8 PKCS #9 PKCS #10 |
Extended-Certificates Syntax Standard
Cryptographic Message Syntax Standard Private-Key Information Syntax Standard Selected Attributes Types Certification Request Syntax Standadrd |
|
|
PKCS #11
PKCS #12 PKCS #13 PKCS #14 PKCS #15 |
Cryptographic Token Interface Standard
Personal Information Exchange Syntax Standard Elliptic Curve Cryptography Standard Pseudorandom Number Generators Cryptographic Token Information Format Standard |
|
|
CMP
|
Certificate Management Protocol
messaging protocol used between PKI entities. |
|
|
S/MIME
|
Secure Multipurpose Internet Mail Extensions
standard used for encrypting e-mail. S/MIME contains signature data. Uses asymmetric encryption algorithms for confidentiality and digital certificates for authentication |
|
|
SET
|
Secure Electronic Transaction
provide encryption for cred card numbers that can be transmitted over the Internet |
|
|
S-HTTP
|
secure HTTP
HTTP with message security(added by RSA or digital certificate). Whereas HTTPS create a secure channel, S-HTTP creates a secure message. |
|
|
Key management
|
refers to the process of working with keys from the time the are created until the time the are retired or destroyed
|
|
|
centralized key generation
|
allow the key-generating process to take advantage of large-scale system resources. Allows additional management functions to be centralized. Disadvantage is that the key archival and storage process may be vulnerable to an attack
|
|
|
decentralized key generation
|
allows the key-generation process to be pushed out into the organization or environment.
Adv.: allow work to be decentralize and risk spread. Dis.: creates storage and management issue |
|
|
KEA
|
key exchange algorithm
KEA negotiates a secret key between the two parties; the secret key is a short-term, single-use key intended strictly for key distribution |
|
|
redundancy
|
refers to system that are either duplicated or that fail over to other system in the event of a malfunction
|
|
|
fail-over
|
the process or reconstructing a system or switching over to other systems when a failure is detected
|
|
|
shadow copies
|
aka working copies
partial or full backups that are kept at the computer center for immediate recovery purpose |
|
|
grandfather, father, son method
|
the most recent backup after the full backup is the son. As newer backups are made, the son becomes a father, and the father becomes a grandfather.
|
|
|
full archival method
|
all backups are kept indefinitely using some form of backup media.
|
|
|
backup server method
|
establishes a server with large amounts of disk space whose sole purpose is to backup data
|
|
|
organizational security policies
|
help describe what activities, processes, and steps are necessary to continue your security program
|
|
|
information classification policies
|
define how information is classified
|
|
|
notification policies
|
define who is notified when information classification need to be evaluated, changes are made, and information is updated
|
|
|
information retention and storage policies
|
deal with how information is stored, how long it's retained, and any other significant considerations. Identify who owns certain types of information
|
|
|
csi
|
computer security institute
|
|
|
nist
|
national institute of standards and technology
|
|
|
nsi
|
national security institute
|
|
|
ALE
|
annual loss expectancy
|
|
|
ARO
|
annualized rate of occurrence
a calculation of how often a threat will occur |
|
|
CCRA
|
common criteria recognition agreement
|
|
|
ESP
|
encapsulating security payload
header used to provide a mix of security service in IPv4 and IPv6 |
|
|
What two types of certificates does S/Mime use?
|
PKSC#7 certificates for message content
X.509v3 for source authentication |
|
|
Ping flood
|
attacker sends numerous ping echo requests to a victim. The Victim responds the echo. If enough inbound and outbound packets are transmitted, no legitimate traffic will be able to use the communication link
|
|
|
bootstrap/bootp/DHCP clients port
bootstrap protocol server/DHCP server port |
68
67 |
|
|
Bit value for SHA-1?
|
160-bit value
|
|
|
What are the two types of symmetric algorithms?
|
block and stream
|
|
|
What three basic router/firewall measures will reduce the effects of a DoS attack?
|
egress filtering
ingress filtering disabling IP-directed broadcasting |
|
|
TLS consists of what two layers
|
TLS record protocol
TLS handshake protocol |
|
|
What are the two main components of L2TP?
|
L2TP Access Controller(LAC)
L2TP Network Server(LNS) |
|
|
LNS
LAC |
L2TP Access Controller(LAC)
L2TP Network Server(LNS) |
|
|
What three utilities compromise SSH?
|
SSH,Slogon,SCP
|
|
|
Kerbos port
POPv9 |
88
109 |
|
|
What are the three major components of SSH?
|
Transport Layer protocol SSH-Trans
User authentication protocol SSH-Userauth Connection protocol SSH-Conn |
|
|
L2TP port
|
1701
|
|
|
What type of encryption does SSH use?
|
RSA publickey
|
|
|
mitm attack
aka ? |
men in the middle attack
aka as janus attack |
|
|
What three methods are used to determine VLAN membership on the local switch?
|
port-based, MAC-based, protocol-based
|
|
|
GRE
|
generic Routing Encapsulation
used in PPTP |
|
|
Bonk Attacks
|
similar to a Teardrop attack. Sending IP fragments with Offset values that are too large this may cause the target system to crash.
|
|
|
land attack
|
attacker sends a forged TCP SYN packet with the same source and destination IP addr. This confuses systems with outdated versions of the TCP/IP stack because it receives a TCP connection request from itself. This may cause the target system to crash
|
|
|
bonk attack
|
sending IP fragments with the Offset values that are too large. This may cause the target system to crash
|
|
|
teardrop attack
|
when data is sent across a TCP/IP network, it's fragmented into small fragments. This fragments contain an Offset field in their TCP header that specifies where certain data starts and ends. During the attack fragments with overlapping values in the Offset fields are send to the target system. Which may cause the system to crash
|
|
|
RADIUS port
NetBios name and session KERBEROS port |
1812
137, 138, 139 88 |
|
|
dss
|
digital signature standard
|
|
|
bonk attack
|
sending IP fragments with the Offset values that are too large. This may cause the target system to crash
|
|
|
teardrop attack
|
when data is sent across a TCP/IP network, it's fragmented into small fragments. This fragments contain an Offset field in their TCP header that specifies where certain data starts and ends. During the attack fragments with overlapping values in the Offset fields are send to the target system. Which may cause the system to crash
|
|
|
RADIUS port
NetBios name and session KERBEROS port |
1812
137, 138, 139 88 |
|
|
dss
|
digital signature standard
|
|
|
L2TP
AH NNTP LDAPS |
1701
Authentication Header 51 119 636 |
|
|
Does L2TP require IP connectivity?
|
Diffie-Hellman
|
|
|
What encryption does S/MIME use?
|
RSA
|
|
|
IKE
|
Internet Security Association and Key Management Protocol
|
|
|
TACACS port
SNMP trap port |
49
162 |
|
|
What is a key difference in security between MAC and DAC?
|
In MAC a user who can access a file cannot necessarily copy it
|
|
|
What are the two types of symmetric algorithms?
|
block and stream
|
|
|
What is the maximum capacity of
QIC 4mm DAT 8mm tapes |
QIC - 20GB
4mm DAT - 40GB 8mm tapes - 50GB |
|
|
What is the maximum capacity of
Travan DKT |
Travan - 40GB
DLT - 220GB |
|
|
With biometric scanning what is rejecting a valid user called?
|
Type I Error
|
|
|
With biometric scanning what is accepting a user who should be rejected called?
|
Type II Error
|
|
|
In biometric scanning what is the crossover accuracy?
|
When type I error equals Type II error.
|
|
|
Describe the Diffie-Hellman key exchange.
|
A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.
|
|
|
What encryption scheme does WEP use?
|
RC4
|
|
|
Who created RC2 and RC4?
|
Rivest
|
|
|
DSS
PEM |
Digital Signature Standard
Privacy Enhanced Mail |
|
|
ECHO port
chargen exploit port TACACS RADIUS |
7
19 49 1812 |
|
|
What type of encryption does SSH use?
|
RSA publickey
|
|
|
What two services are provided by IPSec?
|
Authentication Header (AH)
Encapsulating Security Payload (ESP) |
|
|
What type of encryption does PGP use?
What two algorithm options exist for PGP? |
public key - asymetric
RSA and Diffie-Hellman |
|
|
What two layers does TLS consist of?
|
TLS Record Protocol
TLS Handshake Protocol |
|
|
What kind of encryption does HTTPS use?
|
40-bit RC4
|
|
|
What is hashing?
|
It is a reproducible method of turning some kind of data into a (relatively) small number that may serve as a digital "fingerprint" of the data.
|
|
|
Does PPTP require IP connectivity?
Does L2TP require IP connectivity? |
Yes
No |
|
|
What does IPSec use for authentication and key exchange?
What does IPSec use for encryption? |
Diffie-Hellman
40-bit DES algorithm |
|
|
What three methods are used to determine VLAN membership on the local switch?
|
port-based, MAC-based, protocol-based
|
|
|
What two methods are used to determine VLAN membership on a remote switch
|
implicit, based on MAC address
explicit, where the first switch adds a tag |
|
|
What type of access control do most commercial OS's use?
|
DAC
|
|
|
Is PPTP usually implemented through hardware or software?
Is L2TP usually implemented through hardware or software? |
Software
Hardware |
|
|
What is compulsory tunneling?
What advantage does compulsory tunneling provide? |
situation where VPN server chooses the endpoint of a communication
allows VPN connections to be concentrated over fewer high-capacity lines |
|
|
What is the standard key length for DES?
IDEA MD5 3DES |
56bit DES
128bit IDEA 128bit MD5 168bit 3DES |
|
|
How are RSA and DES used together?
|
RSA is used to encrypt the key for transmission, DES is used for message encryption
|
|
|
What type of network is CHAP primarily used on?
|
PPP
|
|
|
What security hole does RIPv1 pose?
|
RIPv1 does not allow router passwords
|
|
|
What are the five main services provided by firewalls?
|
packet filtering, application filtering, proxy server, circuit-level, stateful inspection
|
|
|
What are the three types of NAT?
|
static
dynamic overloading |
|
|
What security weakness does SPAP have?
|
does not protect against remote server impersonation
|
|
|
In MAC:read-up, read-down, write-up, and write-down
Which two are illegal? |
legal: read-down, write-up
illegal- read-up, write-down |
|
|
What is the maximum length of a valid IP datagram?
What is the RFC-recommended size of an IP datagram? |
64 kb
576 bytes |
|
|
How does a host respond to a TCP connect scann if the scanned port is open? Closed?
|
open: SYN-ACK, closed: RST
|
|
|
How does a host respond to a FIN packet if the scanned port is open, closed?
|
open: packet discarded
closed: RST |
|
|
What three basic router/firewall measures will reduce the effects of a DoS attack?
|
egress filtering
ingress filtering disabling IP-directed broadcasting |
|
|
In a 128-bit WEP key, how long is the actual secret key?
|
104 bits
The first 24 bits are used for the Initialization Vector (IV) |
|
|
UNIX Syslog port
L2TP port PPTP port Sun NFS port |
514
1701 1723 2049 |
|
|
Microsoft Terminal Service
PCAnyware data prot PCAnyware status port |
3389
5631 5632 |
|
|
ICMP protocol
TCP protocol UDP protocol GRE protocol |
1
6 17 47 |
|
|
What is the Bonk Attack?
|
The attacker sends a corrupt UDP packet to DNS port 53. This type of attack may cause Windows systems to crash.
|
|
|
What is the Boink attack?
|
The same as Bonk, but the corrupt UDP packets are sent to numerous ports. The result may cause a Windows system to crash.
|
|
|
Common symmetric cryptography solutions
|
AES, 3DES, DES, IDEA, Blowfish, Twofish, Rivest Cipher (RC5), Carlisle Adams/Stafford Tavares (CAST-128)
|
|
|
Common asymmetric solutions
|
Rivest Shamir Adleman (RSA), Diffie-Hellman, Error Correcting Code (ECC), and El Gamal
|
|
|
What are the three access methods used by RBAC?
|
task-based, lattice-based & role-based
|
