IA 2 - UNIT 4 Flashcards
1
Q
Focuses in protecting computers, networks, program and data from unintended or authorized access, change or destruction.
A
Cybersecurity
2
Q
is the environment in which communication over computer networks occurs
A
Cyberspace
3
Q
3 Features of Security
A
- confidentiality
- integrity
- availability
4
Q
is a crime that involves computer, the network that may been used in the commission of a crime or it may be the target
A
Cybercrime
5
Q
It includes cybersquatting, cybersex, child pornography, identity theft, illegal access to data and libel..
A
CybercrimePrevention Act of 2012,
officially recorded as Republic Act No. 10175
6
Q
Types of Malwares
A
- trojan
- virus
- worm
- spyware
- ransomare
- adware
- rootkit
- keylogger
- remote access
7
Q
SECURITY TOOLS
A
- Network Security Monitoring
- Encryption
- Web Vulnerability Scanning
- Penetration Testing
- Packet Sniffers And Password Auditing
8
Q
identifying intrusions and detecting threats from both outside and within the organization.
A
Network Security Monitoring
9
Q
process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot
A
Encryption
10
Q
- software program which performs automatic black box testing on a web application and identifies security vulnerabilities.
- Scanners do not access the source code, they only perform functional testing and try to find security vulnerabilities.
A
Web Vulnerability Scanning
11
Q
- also called pen testing or ethical hacking,
- is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
- So it can be automated with software applications or performed manually.
A
Penetration Testing
12
Q
7 Best Cyber Security Penetration Testing Tools
A
- metasploit
- nmap
- wireshark
- aircrack-ng
- John the Ripper
- Nessus
- Burpsuite
13
Q
- It is a small program that listens to all traffic in the attached network(s), builds data streams out of TCP/IP packets,
- and extracts user names and passwords from those streams that contain protocols that send clear text passwords.
A
Packet Sniffers And Password Auditing
14
Q
Security Devices
A
- Video Management Platforms
- Video Surveillance
- Video Recording Devices
- Intrusion detection system (IDS)
- Intrusion prevention systems (IPS)
- Access Control Devices
- Firewalls
- Unified Threat Management
- Antivirus
15
Q
surveillance systemcapable of capturing images andvideosthat can be compressed, stored or sent over communication networks
A
Video Surveillance
16
Q
Records and stores recorded footages
A
Video Recording Devices
17
Q
- a device or software application that monitors a network for malicious activity or policy violations.
- Any malicious activity or violation is typically reported or collected centrally using a security information and event management system
A
Intrusion
detection system (IDS)
18
Q
- a network security device that can not only detect intruders, but also prevent them from successfully launching any known attack.
- combine the abilities of firewalls and intrusion detection systems.
A
Intrusion prevention systems
19
Q
- They prevent access to sensitive resources.
- For high protection of properties and resources, possession of well-designed and technically sound access control devices has become a trend
A
Access Control Devices
20
Q
- It is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
- have been a first line of defense in network security for over 25 years.
A
Firewalls
21
Q
- It is a category of security appliances which integrates a range of security features into a single appliance.
- appliances combine firewall, gateway anti-virus, and intrusion detection and prevention capabilities into a single platform.
A
Unified Threat Management
22
Q
Also known as anti-malware, it is a computer program used to prevent, detect and remove malware
A
Antivirus
23
Q
In securing one’s systems,
actions must be taken in three
areas
A
- prevention
- detection
- response
24
Q
involves those actions taken to discover failures in prevention (realizing that 100% prevention is never possible);
A
detection
25
involves all those actions one must take to attempt to prevent unauthorized access to a system
PREVENTION
26
is generally considered to include recovery measures, but might also include efforts to uncover what has been done to the system in the attack and how it was done
Response
27
Types of Intrusion
1. PHYSICAL INTRUSION
2. TARGET INTRUSION
3. RANDOM INTRUSION
28
occurs when an intruder has physical access to a machine
PHYSICAL INTRUSION
29
occurs on a particular system (or host machine) and can be initiated by an **authorized user with an account, an unauthorized user masquerading as an authorized user (e.g., with a stolen password)**
TARGET INTRUSION
30
a system is attacked simply due to the fact that a door was left open for access into the system and that door was discovered by happenstance over the network when intruders were looking for access into randomly selected potential systems
RANDOM INTRUSION
31
* works in a similar way, baiting a trap for hackers.
* It's a sacrificial computer system that’s intended to attract cyberattacks, like a decoy.
* It mimics a target for hackers, and uses their intrusion attempts to gain information about cybercriminals and the way they are operating or to distract them from other targets
HONEYPOT
32
* technique that hackers use to **entice victims into risky circumstances.**
* Although it can take many forms, they usually entail developing a false identity or online presence to win over an unsuspecting victim
HONEY TRAP
33
is a centralized **collection of honeypots** and
analysis tools
HONEY FARM
34
DIFFERENT TYPES OF HONEYPOT AND
HOW THEY WORK
1. spam trap
2. decoy database
3. malware honeypot
4. spider honeypot
35
place a fake email address in a hidden location where only an automated address harvester will be able to find it
spam trap
36
can be set up to monitor software vulnerabilities and spot attacks exploiting insecure system architecture or using SQL injection, SQL services exploitation, or privilege abuse
DECOY DATABASE
37
* is intended to trap webcrawlers ('spiders') by creating web pages and links only accessible to crawlers.
* Detecting crawlers can help you learn how to block malicious bots, as well as ad-network crawlers.
SPIDER
HONEYPOT
38
a single service or computer on a network,
that is configured to act as a decoy, attracting and
trapping would-be attackers
honeypot
39
* **collection of high-interaction honeypots** designed to capture extensive information on threats.
* It is a combination of several honeypots to represent a
network subnet
HONEYNET
40
provide real operating systems and services with real content with which attacker can interact.
high-interaction
honeypots
41
is one that **uses emulated services and signatures to respond to an attacker’s probes.**
low-interaction
honeypot
42
LEGAL RISK OF DEPLOYMENT
1. Entrapment
2. Wiretapping
3. The Patriotic Act
4. Pen Trap Act
43
* is defined as enticing the other party to commit an act that he/she was not already predisposed to do.
* the action of tricking someone into committing a crime in order to secure their prosecution
* his style of investigation constitutes entrapment
ENTRAPMENT
44
was enacted to limit the ability for any individual to intercept communications
The Wiretap Act
45
allows the government to monitor electronic
communication when in conjunction with an ongoing
investigation
THE PATRIOT ACT
46
This statute prohibits the capture of non-content related
data like the information contained in the IP-packet
headers
PEN TRAP ACT
47
TWO ISSUES THAT MUST BE ADDRESSED WHEN
DEVELOPING AND DEPLOYING A HONEY NET
1. data control
2. data capture
48
* is crucially important to the implementation of a honey net.
* The key to protecting the rest of your network is to **provide a mechanism for catching and mitigating all outbound packets.**
Data control
49
* The honey net won't help you if you don't **record the data and set alerts.**
* The data can also be utilized for forensic investigation to understand more about the attack in addition to capturing traffic for event notification
Data Capture
50
The word steganography is derived from
the Greek words
steganos (meaning hidden or covered) and the Greek root graph
(meaning to write)
51
The term was first used in the 14th
century by the German mathematician ------ as the title
for his book -------
Johannes Trithemius (1606)
Steganographia
52
* approach allows the last bit in a byte to be altered.
* While one might think that this would significantly alter the colors in an image file, it does not.
* In fact, the change is indiscernible to the human eye.
least significant bit
(LSB)
53
* is hiding and protecting the content of information
* messages can be transported by themselves
cryptography
54
* hides the presence of information itself
* to hide information, the secret content has to be hidden in a cover message
* refers to the technique of hiding secret messages into media such as text, audio, image and video without any suspicion
steganography
55
is the art and
science of detection of the
presence of steganography
steganalysis
56
the scientific bridge between law and computer science that
allows digital evidence to be collected in a legally sound manner
COMPUTER FORENSICS
57
* a **branch of forensic science that focuses on identifying, acquiring, processing, analysing, and reporting on data stored electronically**
* dependent on the integrity, dependability, and admissibility of digital evidence in judicial proceedings
* process of locating, safeguarding, analyzing, and documenting digital evidence
DIGITAL
FORENSIC
58
digital forensic investigation process
1. identification
2. documentation
3. preservation
4. analysis
5. presentation
59
digital forensic investigation process - identification
identify purpose of investigation & resource required
60
digital forensic investigation process - documentation
document the crime scene with the help of photographic sketches
61
digital forensic investigation process - preservation
isolate from network, secure and preserve the device
62
digital forensic investigation process - analysis
identify tools and techniques to use and interpret the analysis results
63
digital forensic investigation process - presentation
report the findings in a legally acceptable manner
64
PREREQUISITES OF A
COMPUTER
FORENSIC EXAMINER
1. forensic skills
2. forensic techniques and tools
3. media and file system forensics
65
The foremost common forensic
skill is
scientific method in which it ensures that the examiner is merely a finder of facts.
66
the expert must by supported by forensically sound skills, tools, and methods.
FORENSIC TECHNIQUES AND TOOLS
67
Successful forensic analysis requires a thorough
knowledge of file types and digital media
used to store data and the file structures
used on those devices
MEDIA AND FILE SYSTEM FORENSICS
68
types of digital forensics
1. media forensics
2. network forensics
3. wireless forensics
4. database forensics
5. software forensics
6. email forensics
7. memory forensics
8. mobile phone forensics
