Security Assessment Flashcards Preview

Applied Networking Security > Security Assessment > Flashcards

Flashcards in Security Assessment Deck (53):
1

What is a posture assessment

It is a thorough examination of each aspect to determine gow it might be compromised
-try to complete annually

2

What is a security audit?

Assessment performed orginaization accreddited by an agency that has security standards

3

What is a hacker?

Person who gains unauthorized access to systems

4

What is vulnerability?

Weakness of a system, process, or architecture

5

What is exploiting

Means of taking advantate of a vulnerability

6

What is 'zero-day exploit/attack'

Taking advantage of an undiscovered vulnerabilty
Most are well known

7

What are human associated security risks?

Consists of half of security vreaches
Eg, omission, ignorance, or error
Easiest way to circumvent network securty

8

What is social engineering?

Strategy yo gain access/ credentials

9

What is phishing?

Gaining sensitive info by posing as a trusted person in the organziation

10

What are layer 1 and 2 security risks?

- Wirless jamming
- RF emanation on a private wireless and copper media communications
- eaves dropping on connections to internet
-sniffing data on public wireless networks
- access to unused and unsecure ports
- arp table poisioning
- computes eith sensitive data connected to a publically accessable network

11

What are layer 3 -7 risks?

- Banner grabbing attack -malicuous use of network monitoring tools to inventory services running on servers
- session jacking - "man in the middle"
-invalid trust relationship, dhcp snooping
- nos backdoors
Buffer overflows

12

What are internet access risks

- Web browsing configured to permit scripts to access system
-ip snooping
-access sites
-use of insecure plug ins
-incompatibility with secure client software

13

Denial of service attack
What is distributes dos

Orchestrated through many sources called zombies

14

Denial of service attack
What is distributed reflection of dos
Drdos

Bounced off of uninfected computers at the target
Many requests sent to comp with source ip spoofed to attack the target

15

Denial of service attack
What is permanent dos

Replaces the device firmware to permanently damage it

16

Whatbis a security policy

Minimizes exploits by communicating with, and managing users via a throughly planned policy

17

What is a policy?

- Identifies security goals, risks, authority levels, coordination and team members
- Define responsibility of each user and team member
And how to address security breaches

18

What are malware risks and infections

- malware software designed to intrudr upon or harm system

19

What are viruses

Replicated code that attaches to an existing code or data

20

What is Trojan horse

Disguises itself as something useful, but harms the system

21

What is a worm?

Runs independently, travelling b/w computers over the network

22

What are bots?

They run automatically in the system

23

What are boot sector viruses

Viruses embedded in disk boot sector

24

What are macro viruses?

Take form of an application macro

25

What are file infection viruses

Viruses thay corrupts and attaches to executable files

26

What are network viruses?

Propogate via network protocol

27

What is encryption stealth?

Some malware is encrypted
Disguised as legitimate programs to prevent detection

28

Polymorphism

Changes characteristics on every infection using complicated algorithms

29

Time dependency

Lay dormant and activated on defined date

30

What are logic bombs?

Lay dormant and active on defined conditions

31

Visable symptoms of malware?

-unexplained size increases
-significant unexplained memory loss
-unusual error messages
- unexpected reboots
**usually discovered when damage is done
Often difficlt to find when system is running

32

What are the functions of anti virus software?

-scans data for signature of known malware
-checks integrity of files againstbknown good hash
- monitors unexpected file changes
- recieves regular updates to logic and malware signature
-reports valid malware instances
-quarentines to remove suspected or known malware

33

What are network design risks?

- breaches may occur due to poor network desgin
- Controll access points at every point where the trusted network connects to the public
- monitor and filter traffic on the lan to external connecting
- hide/mask internal hosts from external networks

34

What is scanning?

Technique used during posture assessment

35

Scanning tools
Network mapper (nmap)

Scans large networks
Provides info about ports/ services running on network

36

Scanning tools
Nessus

Performs more sophisticated scans than namp -can check for default passwords

37

What are things you can restrain for loggin on the network

- The time, day, and duration
- Source address
Unsuccessful log in attempts (lockout)

38

What is device access control

Controls type and level of access granted to a device when it joins a network
-need predefined access policy
-non complaint devicr may be placef in quarantine until complaint

39

Traffic access control

Routers may filter traffic bewteen netwprl
Rules define permitted and denied traffic
Generally based on layer 3 and 4 rules
Eg wlan cant access internal network

40

What are fiewalls?

Filter traffic
Generaly more sophisticated than traffic access control
- rules define permitted and denied rrafgic
Generally based on layer 3-7 rules
-used b/w public and dmz
And bma and intertior trusted networks
Often used between endpoint and server networks

41

What is a poxy server

Acts as an intermediary b/w ecternal amd internal network
-screens out all outgoing and incoming traffic

42

Whats a proxy server

Network gost ru ning
Application layer security
Appears on interal server to outside traffic

43

What is an intrision detection system

Detects suspicious network activity
Typically dedicated service

44

What is intrusion prevention service

Detects and reacts to suspicious network activity
Typically dedicated device
Prevents traffic flow

45

Security information and event management
Siem

Software that gathers analyzes amd reports on the data from network device logs
-routers, switches, ids, ips, os, databases can provide alerts
-can be used for compliance and audit monitoring and reporting
- May provide forensic analysis

46

What is a honey pot

Purposly vulnerable decoy designed to fool hackers and gaim info about their behaviours

47

What is honey net?

A network of honey pots

48

Demilitarized zone

Network segment that isnt public or local

49

Proxy services

Proxies act on behalf of whole network to separate packets from internal hosts and external hosts
Proxy server- first recieves request, examines, breaks down and creates new packet to send to external server

50

What does an ip proxy do?

Hides ip addressed of all devices on the internal network by exchanging its ip addr for the address of any requesting station

51

What is a web proxy?

Handles http rquests on behalf 9f the sending work station
Browser gets request and sends it to proxy server,
Proxy changes the from address to its own network addresss and sends it to the internet web server

52

Rules to live by whej configuring ACL's

Deny any source address from your internal network
Deny any local host addresses (127.0.0.0/8)
Deny any reserved private addresses (RFC1918)
Deny any addresses in the ip multicast address range (224.0.0.0/4)

53

What is implicit deny when it comes to access lists?

At the end of every access list os an implicit deny
-meaning if a packet doesnt match any lines in an access list it will be discarded
Also if nothing but deny statements, the list will not permiy any packets