Network Security Concepts Flashcards
1
Q
What are six terms associate with security management?
A
Asset; Vulnerability; Exploit; Threat; Risk; Countermeasure
2
Q
A weakness in a system or its design that could be exploited by a threat.
A
Vulnerability
3
Q
The mechanism used to leverage a vulnerability to compromise an asset.
A
Exploit
4
Q
A potential danger to an asset such as information or network functionality.
A
Threat
5
Q
The likelihood that a particular threat will exploit a particular vulnerability of an asset that results in an undesirable consequence.
A
Risk
6
Q
A protection that mitigates a potential threat or risk.
A
Countermeasure
7
Q
To provide adequate protection of network assets, what three things must be guaranteed?
A
Confidentiality, Integrity, Availability (CIA)
8
Q
Only authorized users can view sensitive information.
A
Confidentiality
9
Q
Only authorized users can change sensitive information. It can also guarantee the authenticity of data.
A
Integrity
10
Q
Authorized users must have uninterrupted access to important resources and data.
A
Availability
11
Q
What factors should be considered when classifying data?
A
Value; Age; Useful Life; Personal association
12
Q
The number one criteria when classifying data, and is based on the cost to acquire, develop, and replace.
A
Value
13
Q
The importance of data usually decreases with time.
A
Age
14
Q
The amount of time in which data is considered valuable and must be kept classified.
A
Useful Life
15
Q
Data that involves personal information of users and employees.
A
Personal association
16
Q
What data classifications terms are commonly used by government and military?
A
Unclassified; Sensitive but Unclassified (SBU); Confidential; Secret; Top Secret
17
Q
Which security term refers to a person, property, or data of value to a company?
A
Asset
18
Q
Which asset characteristic refers to the risk that results from a threat and lack of a countermeasure?
A
Liability
19
Q
Data that has little or no confidentiality, integrity, or availability requirements, and therefore little effort is made to secure it.
A
Unclassified
20
Q
Data that could prove embarrassing if it is revealed, but no great security breach would occur.
A
Sensitive but Unclassified (SBU)
21
Q
Data that must be kept secure.
A
Confidential
22
Q
Data for which significant effort is made to keep it secure. Few individuals have access to this data.
A
Secret
23
Q
Data for which great effort and sometimes considerable cost is made to guarantee its secrecy. Few individuals on a need-to-know condition have access.
A
Top secret
24
Q
What data classifications terms are commonly used by private sector?
A
Public; Sensitive; Private; Confidential
25
Data that is available publicly, such as websites, publications, and brochures.
Public
26
Data that is similar to SBU data in that it might cause some embarrassment if revealed.
Sensitive
27
Data that is important to an organization and an effort is made to maintain secrecy and accuracy of this data.
Private
28
Data that companies make the greatest effort to keep secure, such as trade secre4ts, employee data, and customer information.
Confidential
29
What are the three Classification roles?
Owner; Custodian; User
30
Person responsible for the information
Owner
31
Perosn in charge of performing day-day data maintenance, including securing and backing up the data.
Custodian
32
Person using the data in accordance to established procedures.
User
33
What are the three categories of threat classification?
Administrative; Technical; Physical
34
Policy and procedure based, including change/configuration control, security training, audits, and tests.
Administrative
35
Controls that involve hardware and software.
Technical
36
Controls for protecting the physical infrastructure.
Physical
37
_______ includes insidious reasons, such as for political and financial reasons, aimed at economic espionage and money-making activities.
Motivation
38
Activities are now _____ with mutating and stealth features.
Targeted
39
Threats are consistently focusing on the _______ _______ such as known web browser vulnerabilities and looking for new web programming errors.
Application Layer
40
________ ________ sites are a huge source of information. Attackers use it not only to try to steal an identity, but also try to assume the identity of the user.
Social Engineering
41
Attackers are also targeting mobile platforms because data is in more places.
Borderless
42
What five categories entail Incident and Exposure management?
Preventive; Detective; Corrective; Recovery; Deterrent
43
Preventing the threat form coming in contact with a vulnerability, such as using a firewall, physical locks, and security policy.
Preventive
44
Identifying that the threat has entered the network or system using system logs, intrusion prevention systems (IPSs), and surveillance cameras.
Detective
45
Determining the underlying cause of a security breach and then mitigating the effects of the threat being manifested, such as updating virus or IPS signatures.
Corrective
46
Putting a system back into production after an incident.
Recovery
47
discouraging security violations.
Deterrent
48
What are the four categories of managing risk?
Risk Avoidance; Risk Reduction; Risk Sharing or Transfer; Risk Retention or Acceptance
49
Avoiding activity that could carry risk.
Risk Avoidance
50
Involves reducing the severity of the loss or the likelihood of the loss from occurring.
Risk Reduction
51
Involves sharing the burden of the loss or the benefit of gain with another party.
Risk Sharing or Transfer
52
Involves accepting the loss, or benefit of gain, from a risk when it occurs.
Risk Retention or Acceptance
53
What key factors are considered when designing a secure network?
```
Business Needs
Risk Analysis
Security Policy
Industry best practices
Security Operations
```
54
____ ____ and ______ refers to means by which data leaves the organization w/o authorization.
Data Loss and Exfiltration
55
What are four ways Data Loss and Exfiltration occur
Email Attachments
Unencrypted Devices
Cloud Storage Devices
Removable Storage Devices
56
What is malicious code also known as?
Malware
57
Infectious malicious software that attaches to another program to execute a specific unwanted function on a computer. Most ____ require end-user activation and can lay dormant for an extended period and then activate at a specific time and date.
Viruses
58
Infectious malware, ____ are self-contained programs that exploit known vulnerabilities with the goal of slowing a network. ____ do not require end-user activation. An infected host replicates the ____ and automatically attempts to infect other hosts by independently exploiting vulnerabilities in networks.
Worms
59
_____ is typically used for financial gain and collects personal user information, monitoring web-browsing activity for marketing purposes, and routing of HTTP requests to advertising sites.
Spyware
60
Refers to any software that displays advertisements, whether or not the user has consented, sometimes in the form of pop-up advertisements.
Adware
61
Refers to a class of software used for scamming unsuspecting users. _______ can contain malicious payloads or be of little or no benefit.
Scareware
62
These are applications written to look like something else, such as a free screensaver, free virus checker, and so on. When a ____ ____ is downloaded and opened, it attacks the end0user computer from within.
Trojan Horse
63
Trojan Horses may be created to initiate specific types of attacks, to include:
```
Remote Access
Data Sending (key logging)
Destructive
Security Software Disabler
Denial of Service (DoS)
```
64
Most worms have what three components?
Enabling vulnerability
Propagation Mechanism
Payload
65
The primary means of mitigating malware is ______ _____.
Anti-virus Software
66
The goal of ________ is to limit the spread of infection and requires segmentation of the infected devices to prevent infects hosts from targeting other uninfected systems.
Containment
67
The goal of ________ is to deprive the worm of any available targets. Therefore, all uninfected systems are patched with the appropriate vendor patch. Often runs parallel to, or subsequent to, the containment phase.
Inoculation
68
The goal of ________ is to track down and identify the infected machines. Once identified, they are disconnected, blocked, or removed from the network and isolated for the treatment phase.
Quarantine
69
The goal of ________ is to disinfect infected systems of the worm. This can involve terminating the worm process, removing modified files or system settings that the worm introduced, and patching the vulnerability the worm used to exploit the system.
Treatment
70
Individuals who break into computer networks to learn more about them. Most mean no harm and do not expect financial gain.
Hackers
71
Names given to identify types of good hackers. __1__ _1_ are ethical hackers, such as individuals performing security audits for organizations. __2__ _2_ are bug testers to ensure secure applications.
1. White Hat
| 2. Blue Hat
72
Hackers with criminal intent to harm information systems or for financial gain. They are sometimes called "black hat hackers."
Crackers
73
Names given to identify types of crackers. __1__ _1_ is synonymous with crackers, and __2__ _2_ are ethically questionable crackers.
1. Black Hat
| 2. Gray Hat
74
Hackers of telecommunication systems. They compromise telephone systems to reroute and disconnect telephone lines, sell wiretaps, and steal long-distance services.
Phreakers
75
Hackers with very little skill. They do not write their own code but instead run scripts written by more skilled attackers.
Script Kiddies
76
Individuals with political agendas who attack government sites.
Hacktivists
77
__________ ______ typically involve the unauthorized discovery and mapping of systems, services, or vulnerabilities.
Reconnaissance Attacks
78
What are four common ways reconnaissance attacks are achieved?
Internet Information Queries; Ping Sweeps; Port Scanners; Packet Sniffers
79
Uses readily available Internet tools, such as WHOIS, which is widely used for querying databases that store the registered users or assignee of an Internet resource.
Internet Information Queries
80
Method is used to discover a range of live IP addresses.
Ping Sweeps
81
An application program designed to probe a target host for open ports and identify vulnerable services to exploit.
Port Scanners
82
An application program that can intercept, log, and analyze traffic flowing over a network (also referred to as a packet analyzer, network analyzer, or protocol analyzer).
Packet Sniffers
83
The goal of ______ ______ is to discover usernames and passwords to access various resources.
Access Attacks
84
______ ______ are attack mechanisms that combine the characteristics of viruses, worms, Trojan horses, spyware, and others.
Blended Threats
85
______ attacks masquerade as trustworthy entity to get unsuspecting users to provide sensitive information (and are usually used for identity theft).
Phishing
86
______ ______ is when a phishing attack is directed at a specific user.
Spear Phishing
87
______ is when the attack is targeted at a group of high profile individuals such as top-level executives, politicians, famous people, and more.
Whaling
88
______ is an attack aimed at redirecting the traffic of a website to another website.
Pharming
89
In a ________________ ______, a hacker positions himself between a user and the destination and can be carried out in a variety of ways. This type of attack is used for session hijacking, theft or information, sniffing and analyzing network traffic, corrupting data flows, propagating bogus network information, and for DoS attacks.
Man-in-the-middle attacks
90
In __ ______ ______ attacks, a hacker forges IP packets with trusted IP source addresses. MAC address spoofing similarly forges trusted host MAC address on a LAN.
IP and MAC address spoofing
91
_____ _______ refers to when a hacker has compromised a target and that host is trusted by another host (new target).
Trust exploitation
92
This is using social skills, relationships, or understanding of cultural norms to manipulate people inside a network and have them willingly (but usually unknowingly) participate and provide access to the network.
Social Engineering
93
Attacker manually enters possible passwords based on informed guesses.
Password Guessing
94
Programs use dictionary and word lists; phrases; or other combinations of letters, numbers, and symbols that are often used as passwords.
Dictionary Lists
95
This approach relies on power and repetition, comparing every possible combination and permutation of characters until it finds a match.
Brute Force
96
some password crackers mix a combination of techniques and are highly effective against poorly constructed passwords.
Hybrid Cracking
97
The goal of a _____ attack is to deny network services to valid users.
DoS
98
A DoS attack in which the attacker provides input that is larger than the destination device expected. It may overwrite adjacent memory, corrupt the system, ad cause it to crash.
Buffer Overflow
99
Legacy attack in which the attacker would craft a packet specifying a packet size greater that 65,536 bytes. Servers receiving these packets would crash causing a DoS situation. Modern servers are no linger susceptible to this attack.
Ping of Death
100
A DoS attack that sends a large number of ICMP requests or ICMP responses to a destination device in an attempt to overwhelm it, slow it down, or even crash it.
ICMP Flood
101
A DoS attack that sends large number of UDP packets to a destination device in an attempt to overwhelm it, slow it down, or even crash it.
UDP Flood
102
A DoS attack that exploits the TCP three-way handshake operation. The attacker sends multiple TCP SYN packets with random source addresses to the target host. The victim replies with a SYN ACK, adds an entry in its states table, and waits for the last part of the handshake, which is never completed.
TCP SYN Flood
103
A DoS attack that sends a flood of protocol request packets with a spoofed source IP address to numerous target hosts.
Reflection
104
A DoS attack that amplifies a reflection attack by using a small request packet to solicit a large response form the victim. For instance, a small DNS query that results in a large reply by the DNS server.
Amplification
105
This is a self-propagating malware designed to infect a host and make it surrender control to an attacker's command and control server. ____ can also log keystrokes, gather usernames and passwords, capture packets, and more.
Bots
106
Describes a collection of compromised zombie systems that are running bots.
Botnets
107
Describes a host compromised with a bot. The ______ is logged in to the command and control server and quietly waits for commands.
Zombie
108
Describes the attacker's host, which remotely controls the botnets. The attacker uses the master control mechanism on a ______ and _____ _____ to send instructions to zombies.
Command and Control Server
109
Architecture uses a layered approach to create security domains and separate them by different types of security controls.
Defense in Depth
110
Architecture segments the network where different assets with different values are in different security domains, be it physical or logical.
Compartmentalization
111
Principle applies a need-to-know approach to trust relationships between security domains. This results in restrictive policies between security domains. This results in restrictive policies, where access to and from a security domain is allowed only for the required users, applications, or network.
Least Privilege
112
Architecture uses a layered approach to security, with weaker or less-protected assets residing in separated security domains.
Weakest Link
113
______ are often considered to be the weakest link in information security architecture.
Humans
114
Concept of developing systems where more than one individual is required to complete a certain task to mitigate fraud and error. This applies to information security controls, and it applies to both technical controls and human procedures to manage those controls.
Separation and Rotation of duties
115
Principle is based on centralizing security controls to protect groups of assets or security domains such as using firewalls, proxies, and other security controls to act on behalf of the assets they are designed ti protect, and mediate the trust relationships between security domains.
Mediated Access
116
Architecture should provide mechanisms to track the activity of users, attackers, and even security administrators. It should include provisions for accountability and non repudiation.
Accountability and Traceability
117
What are some recommendations for a Defense-In-Depth strategy?
```
Defend in Multiple places
Build Layered Defenses
Use Robust Components
Employ Robust Key Management
Deploy intrusion detection/prevention systems (IDSs/IPSs)
```
