Chapter 14 Flashcards
(39 cards)
It prevents users from accessing the network and/or its resources. p474
Denial of Service (DoS)
What is Ping of Death p474
Ping of Death attack, a humongous ICMP packet is sent to the remote host victim, totally flooding the victim’s buffer and causing the system to reboot or helplessly hang there, drowning.
It’s a version of a DoS attack that floods its victim with spoofed broadcast ping messages. p477
Smurf
Its also a DoS attack that inundates the receiving machine with lots of meaningless packets. p478
SYN Flood
What’s Stacheldraht p478
This is actually a mélange of techniques that translates from the German word for barbed wire. It basically incorporates TFN and adds a dash of encryption to the mix.
What is IP Spoofing p481
is the process of sending packets with a fake source address that makes it look like those packets actually originate from within the network that the hacker is trying to attack.
What is a Brute-Force Attacks p482
is another software-oriented attack that employs a program running on a targeted network that tries to log in to some type of shared network resource like a server.
What does Viruses do. p484
A key trait of viruses is that they can’t replicate themselves to other computers or systems without a user doing something like opening an executable attachment in an email to propagate them.
attacks executable application and system program files like those ending in .COM, .EXE, and .DLL. p485
File Viruses
one that affects both the boot sector and files on your computer, making such a virus particularly dangerous and exasperatingly difficult to remove. p486
Multipartite Viruses
is basically a script of commonly enacted commands used to automatically carry out tasks without requiring a user to initiate them. pp486
Macro Viruses
work their way into the master boot record that’s essentially the ground-zero sector on your hard disk where applications aren’t supposed to live. p486
Boot-Sector Viruses
On-access scan An on-access scan runs in the background when you open a file or use a program in situations like these: p517
Insert a floppy disk or thumb drive
Download a file with FTP
Receive email messages and attachments
View a web page
Before you initiate an on-demand scan, be sure that you have the oldest virus definitions. p517 T/F
False You must have the latest.
is the process that an antivirus program deploys to examine a computer suspected of having a virus, identify the virus, and then get rid of it. p517
antivirus scan
is a virus scan initiated by you or an administrator that searches a file, a directory, a drive, or an entire computer but only checks the files you’re currently accessing. p517
on-demand scan
I recommend doing this at least monthly, but you’ll also want to do an on-demand scan. p517
When you first install the antivirus software
When you upgrade the antivirus software engine
Any time you suspect a virus outbreak
is the core program that runs the scanning process and virus definitions are keyed to an engine version number. p516
antivirus engine
For your antivirus program to work for you, you’ve got to upgrade, update, and scan in a specific order: p516
- Upgrade the antivirus engine.
- Update the definition files.
- Create an antivirus emergency boot disk.
- Configure and run a full on-demand scan.
- Schedule monthly full on-demand scans.
- Configure and activate on-access scans.
- Make a new antivirus emergency boot disk monthly.
- Get the latest update when fighting a virus outbreak.
- Repeat all steps when you get a new engine.
A typical antivirus program consists of two components: p515
The definition files
The engine
Here are list of security procedure. p509
What to do when someone has locked themselves out of their account
How to properly install or remove software on servers What to do if files on the servers suddenly appear to be “missing” or altered
How to respond when a network computer has a virus
Actions to take if it appears that a hacker has broken into the network
Actions to take if there is a physical emergency such as a fire or flood
Your network users need to have a clearly written document, called a ___________ that fully identifies and explains what’s expected of them and what they can and can’t do. p508
security policy
security policies can cover literally hundreds of items. Here are some common ones: p505-07
Notification Equipment access Wiring Door locks/swipe mechanisms Badges Tracking Passwords Monitor viewing
The ICSA is a vendor-neutral organization that certifies the functionality of security products as well as makes recommendations on security in general. T/F p505
true
