Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
35 Cards in this Set
- Front
- Back
|
Define a NULL Session.
|
Allow an anonymous connection and query to the default, hidden Windows share IPC$, even if Guest access is disabled on the computer. Null sessions are a feature provided by NetBIOS service over TCP/IP. The attacker can determine password policy, other available shares, and user names on the machine. Can be disabled by disabling NetBIOS over TCP/IP, using a firewall, or by using third-party software.
|
|
|
Define a security baseline.
|
A collection of security and configuration settings that are to be applied to a particular system in the enterprise. The baseline security configuration is a benchmark tagainst which you can compare other systems in your network. Baselines differ depending on the target system.
|
|
|
Name two security analyzers for Unix-based systems.
|
Nessus and Nmap.
|
|
|
Name two security analyzers for Microsoft-based systems.
|
Microsoft Baseline Security Analyzer (MBSA) and Security Configuration Wizard (SCW).
|
|
|
List the four types of software updates.
|
Patch
Hotfix Rollup Service Pack |
|
|
Define a patch.
|
Small units of supplemental code meant to address either a security problem or a functionality flaw in a software package or operating system.
|
|
|
Define a hotfix.
|
A patch that is often issued on an emergency basis to address a specific security flaw.
|
|
|
Define a rollup.
|
A collection of previously issued patches and hotfixes, usually meant to be applied to one component of a system, such as the web browser or a particular service.
|
|
|
Define a service pack.
|
A large compilation of system updates that can include functionality enchancements, new features, and typically all patches, updates, and hotfixes issued up to the point of the release of the service pack.
|
|
|
What are the three phases of patch management.
|
Evaluate
Test Implement |
|
|
On Unix-based machines, what can be used for logging?
|
Use syslog to enable logging for areas of concern such as the kernal, user activity, and system daemon activity. The auditd daemon provides robust auditing functions for Linux. Store logs in a safe location and back them up regularly.
|
|
|
On Windows-based machines, what tool is used for logging?
|
The Event Viewer tool can be customized to include audit events. These events include: Account logon events, account management, directory service access, logon events, object access, policy change, privilege use, process tracking, and system events.
|
|
|
Define a service, NLM, and a Daemon.
|
All three are programs that run in the background of a system without needing an actively logged in user. Services: Windows. NLM: Novel (NetWare Loadable Module). Daemon: Unix.
|
|
|
Define a security template.
|
A predefined set of security configuration parameters that you can apply to a system to enforce security baseline rules. Security templates give you a way to standardize security settings, based on a computer role and the level of security you require, and to apply those settings consistently to multiple computers. Assist in automating security settings.
|
|
|
On Sun Solaris systems, what is used to automate the security policies?
|
ASET (Automated Security Enhancement Tool). Has a low, medium, and high setting. Runs through system and checks system files, system config files, file permissions, users and groups, environment variables, EEPROM security, and firewall settings.
|
|
|
Define virtualization technology.
|
Seperates computing software from the hardware it runs on via an additional software layer. This enables a great deal of additional flexibility and increases hardware utilization by running multiple OSs on a single computer, each thinking it is the only system present.
|
|
|
What are some steps that can be used to harden an OS?
|
Install OS patches, Use strong passwords, install application patches, implement hardware and software manufacturers' security recommendations, use antivirus, anti-spyware, and anti-adware software, disable unnecessary services, disable or delete guest accounts or other unnecessary accounts and rename default accounts, restrict access permissions to users, display security banners to users, implement audit and logging policies, physically secure critical systems, plan backups, test functionality of system after hardening, use scanning and auditing tools to detect vulnerabilities, document changes.
|
|
|
Define a directory service.
|
A network service that stores information about all the objects in a particular network, including users, groups, servers, clients, printers, and network services. The directory also provides user access to directory objects and network resources. Centralizes security and controls access to individual network resources.
|
|
|
Define a directory schema.
|
The structure of the directory is controlled by a schema that defines rules for how objects are created and what their characteristics can be. Most are extensible, so they can be modified to support the specific needs of an organization.
|
|
|
Define LDAP.
|
Lightweight Directory Access Protocol. A standard protocol that is used on TCP/IP networks to access an LDAP-compliant directory service or directory database. Has a schema that defines the tasks you can and cannot perform while accessing a directory database, the form your directory query must take, and how the directory server will respond. LDAP's schema is extensible, which means you can make changes or add on to it.
|
|
|
What documents can be reference for LDAP specifications?
|
Specification: RFC 4510-4519.
Best practices: RFC 4520/4521. LDAPv2: RFC 1777. |
|
|
List some common directory services.
|
Novell eDirectory, Microsoft Active Directory, Sun Java Systems Directory Server, OpenDS, OpenLDAP, open Directory.
|
|
|
Define Group Policy.
|
A centralized configuration management feature available for Active Directory on Windows Server systems. Used to control certain desktop workstation features within an enterprise, such as specifying that all workstations display the company logo as their wallpaper, or that the default browser should have preloaded settings. It is also used to control security features, such as limiting the desktop icons that get displayed, granting permission to access certain servers but not other, or total desktop lockdown.
|
|
|
How do you backup Active Directory?
|
Using the Windows Backup utility, back up the computer's System State Data. This saves the following information: REgistry, COM_ Class Registration database, boot and system files, certificate services database, thte SYSVOL folder, and the IIS Metabase. Volume Snap Shots (VSS) can also be used to back up Active Directory.
|
|
|
What are the three methods to restoring Active Directory?
|
Primary Restore: Full restore of all domain controllers.
Nonauthoritative Restore: Restore a single DC. Authoritative Restore: Forces all DCs to update their information from a single DC. Used when bad data has been pushed to hundreds of machines. Updates the USNs (update sequence number) on all other DCs. |
|
|
Define HDCP.
|
An internet standard protocol that provides for automatic assignment of IP addresses and other TCP/IP configuration information. DHCP implementation is included with most network OSs. Should be protected from external systems requesting DHCP information and connecting to your network.
|
|
|
Define the DHCP vulnerability: MAC address spoofing.
|
An attacker leases an IP address by pretending to be a hardware device that is part of the corporate network. As a result, the attacker can communicate with the other computers on that network.
|
|
|
Define the DHCP vulnerability: Scope modification.
|
An attacker gains access to a DHCP server and modifies the scope, causing incorrect IP address leases and disruption communications on the network.
|
|
|
Define the DHCP vulnerability: Rogue DHCP servers.
|
Anyone with administrative access to a server can install the DHCP service, create a scope with false addresses, and begin handling them out to DHCP clients, thus preventing the clients from communicating on the network.
|
|
|
Define the DHCP vulnerability: DHCP for remote clients.
|
A remote access server that uses DHCP to assign remote clients' IP addresses can provide attackers with IP addresses and other network configuration information if they can connect to the remote access server.
|
|
|
Where is the DHCP database stored?
|
\system32\dhcp\backup. Frequency of backups is located at \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters\BackupInterval. You can perform a manual backup within the DHCP console by selecting the server and choosing Action->Backup.
|
|
|
How do you restore a DHCP server?
|
Stop and restart the service. When you do so it will automatically restore any databases from backup. Manually: Action->Restore.
|
|
|
What are some file and print sharing vulnerabilities?
|
Default administrative shares (can't browse but can be accessed directly), insecure file systems (FAT, should use NTFS), lack of redundancy, man-in-the-middle vulnerabilities (SMB protocol is particularly susceptible), weak default file security, physical disk security, and physical printer security (printed docs can be stolen).
|
|
|
Define the SMB protocol.
|
Server Message Block protocol. Runs on top of network transport protocols, such as TCP/IP, and is used to access shared network resources, such as files and printers. Used in older windows systems. Known as Samba for Solaris, Mac OS X, and other Unix and Linux systems.
|
|
|
Define the CIFS protocol.
|
Common Internet File System. Used in Windows 2000 and later to access shared network resources. Replaced SMB. Novell uses CIFS NLM.
|
