Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Studying > Domain 6 > Flashcards

Domain 6 Flashcards

1
Q

What is a security assessment?

A

It is a complete view of a company’s network security to assess your security posture. It analyzes the entire network from the inside and tires to find the weaknesses and gives a complete list of risks against critical assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are types of security testing?

A

1) Penetration Test
2) Vulnerability Assessment
3) Network Pen Test
4) Web application Pen Test
5) Source Code analysis
6) Phishing exercises
7) Password assessments

Goal - assess risk due by discovering and understanding flaws that persist in systems and applications

Full knowledge - I have access to internal documents before the test

Zero knowledge - I come in blind with no internal knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the purpose of security testing?

A

To look for flaws that exist in spite of security processes.

Assessing the security processes themselves is also necessary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is auditing?

A

Function that will verify the security of systems and resources and whether or not a system has been compromised or misused. Also tests the effectiveness of the operation controls implemented throughout the network.

Internal and external audits

  • compliance checks
  • internal and external
  • frequency of review
  • standard of due care
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is server side vs. client side attacks?

A

Server side attack is initiated by the attacker against a listening services
- it is an attack initiated by an attacker

Client side attack is when the victim initiates the attack by downloading malicious content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the difference between the attack surface for server side vs. client side attacks?

A

Server side attack surface is much smaller because you can just look at all of your points of entry (e.g., think about a house, you look at the doors and windows).

For a client side attack surface, it is much larger and there are many more variables of what a client might do that enables an attack.

Server side - limit by:

  • disable unnecessary services
  • host hardening
  • firewalls

Client side exploitation:

  • browser
  • browser plugin
  • email clients
  • chat clients
  • flash
  • java
  • PDF readers
  • microsoft office
  • itunes
  • realplayer
  • etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the server side exploitation process?

A

1) perform reconnaissance - collect as much information publicly available you can on the company (e.g., look at job postings to figure out what servers and DB they use (e.g., need Linux team), building and harvesting email names).
- resource - google, facebook. linkedin
- it is offline research performed by an attacker before launching an attack - includes public records research

2) Network enumeration - host discovery
3) port scanning - once a host is discovered, a port scanner cans all TCP and UDP ports and attempts to determine which are open (Nmap is a known tool for this)
4) determine version of OS and services
5) determine vulnerable service versions
6) exploit vulnerable services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is host discovery?

A

Attempts to determine live systems on the network

These can be discovered by:

  • ARP scans (for systems on the same LAN)
  • ICMP sweeps (echo request, netmask request, timestamp request) - point is to receive any type of response to see the system is live
  • TCP or IDP traffic sent to common ports (looking to get a response back)
  • IPv6 neighbor discovery
  • Sniffing packets and reviewing contents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is OS or service fingerprinting?

A

Fingerprinting seeks to identify the version of the OS or services running on a target system.

  • active fingerprinting sends packets to determine OS and service versions
  • passive fingerprinting is read-only and uses TTLs, IPIDs, sequence numbers and even layer 7 packet data to determine system details - read a live network feed, determine the OS is a certain way

**nmap is a scanner - just know it is used to do scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a vulnerability assessment?

A

Occurs when you scan key servers to look for a set list of vulnerabilities. It is usually done to look for common or known vulnerabilities and done using a vulnerability scanner tool.

This can be done in house or by a third party

Be careful not to crash stuff**

Focuses on weaknesses in a system but does not include exploitation.

Tools:

  • Nessus (Tenable) - Open VAS (Open Source)
  • Nexpose (Rapid7) - Retina (BeyondTrust)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are vulnerability scanners?

A

Vulnerability scanners go beyond port scanning

  • determine available applications and services
  • determine their versions
  • determine if they are vulnerable to exploitation

Methods to determine vulnerabilities:

  • determine version information, look up vulnerability in database
  • interrogate the system, modeling insecure behavior
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a penetration test?

A

Picks up where vulnerability assessment stops . It seeks to exploit vulnerabilities

  • simulates an attacker trying to break into a network
  • determines whether a site is susceptible to an attack
  • are only as good as the person/tool behind the test

They are narrow - the scope is so important - they cannot fully simulate an attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are types of penetration testing?

A

1) war dialing - attack the system via dialing all the phone numbers in an exchange
2) sniffing - passively monitors network traffic for network knowledge such as passwords
3) eavesdropping - involves listening to phone conversations
4) radiation monitoring - receiving images, data or audio from an unprotected source by listening - tempest
5) dumpster diving - see what they threw away
6) social engineering - lies, impersonation, tricks, bribes, blackmail, etc. confusing the human mind to bypass security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the process for performing a pen test?

A

1) business process:
- determine scope, rules of the engagement
- e.g., client side attacks, server side attacks, social engineering, etc.
- sign explicit legal permissions and contracts and lawyers

2) reconnaissance
3) scanning (vulnerability assessment)
4) exploitation
5) post exploitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some additional security testing methods?

A
  • black box and white box testing
  • code review
  • fuzzing
  • web application testing
  • interception proxies
  • phishing campaigns
  • password assessments

These can be used independently or parts of other tests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is white box testing and black box testing?

A
  • White box - we can see into the box - source code reviews - it is a software testing method that uses internal algorithms and information to conduct the test - white we can see in
  • Blackbox - begins with no inside knowledge of an application - can be used against compiled code with no access to source; fuzzing is usually a black box process
  • Gray box is a combination of black and white box penetration testing - partial knowledge test
17
Q

What is source code review?

A

A White box testing approach that attempts to discover security vulnerabilities by inspecting the source code of a target application - static analysis

Look for functions that are known to be vulnerable or insecure

Some insecure functions like C lead to buffer overflows.

A formal code review requires the inspection of every line of code and requires the reviewer to fully understand what the code is doing - heavy code review

18
Q

What is fuzzing?

A

Sending malformed input. e.g., enter your user name, its a 32 bit system, send 4 bytes, check to determine when the system crashes by sending too many bytes
- buffer overflow - system crashes

Black box process that sends unexpected input to computers.

Enter information and check the exit code and if you get an error you know you crashed the system. it is automated cramming.

19
Q

What is web application testing?

A

Code analysis and fuzzing are employed in testing web apps.

HTTP interception proxy intercepts web data in real time

  • Beyond the proxy, the dynamic web application scanner attempts to automate assessing the security of custom web applications
20
Q

What is a password assessment?

A

1) Password guessing: Attempting to authenticate a user by guessing their password
2) Password cracking: offline process that attempts to match a password with its hash output. It requires password hashes which are acquired from a file system - runs passwords through an algorithm and compares them to the stored hash to see if they get the same result
- — types of password cracking
- — dictionary attack
- — hybrid attack
- — brute force attack
- — rainbow table - pre-populated password/hash pairs

21
Q

After a pen test, you should produce a security report. Why?

A

Need to make sure that management:

  • understands the weakness
  • you prioritize and perform remediation
  • seek to determine the underlying cause
  • if you dont remediate you can cause more harm than good from the pen test
22
Q

What is security root cause analysis?

A

This is the “lessons learned” meeting.

Understand, what allowed for a flaw to exist in the first place?

Failure to understand the underlying cause or root cause of a flaw will increase chances the same flaw will crop up repeatedly.

Assessing security processes can help identify the root cause of the security failure. Security audits can identify these.

23
Q

What is a security audit?

A

Involve assessing an organization against a particular standard which they seek or are required to meet.

Compliance is one of the most common goals of security programs and compliance audits are very common.

Implies you are being tested against a published standard

A lot of large audits are done by third parties (external audits)

Certification and accreditation processes - creditor is a data owner, certifier is a third party - you receive an authority to operate. The creditor accepts the risk of you running the system

24
Q

Key security processes are:

A
  • ***security processes that need to be assess:
  • account management processes - access management, privileged access, new users, terminated users, re-certification
  • backup and recovery verification - testing the efficacy of recovery - testing for successful backup and recovery of data
  • log review process - reviewing security logs
  • security training and awareness - security awareness can influence behavior - ensure orgs are providing security awareness and training on a regular basis
  • disaster recovery and business continuity

Studying (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions