Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

umm ... > wk2 security > Flashcards

wk2 security Flashcards

1
Q

What is authentication

A

The process by which a ysstem verifies the identity of a user who wishes to access it. In the context of CPhulk, this primarily relates to detected authentication attempts incoming to the server via one of the monitored services or via PAM authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

PAM

A

An acronym that, for our purposes at least, stands for Pluggable Authentication Module. On the system, this module handles the majority of standard authentiation attempts coming into the server, whether being called by another PAM-integrated 3rdparty-service, or for general system authentication. cphulk requests information from PAM to determine if a login attempt is a brute force attacke

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What tools might you use to help protect against a denial of service attack?

A

firewalls such as CSF with LFD

apache’s mod_evasive or mod_qos modules for apache-specific attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What tool might you use to help protect against a brute force attack?

A

cPHulk Brute Force Protection - monitors incoming authentication attempts and applies rules as necessary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What services does cPHulk monitor

A

SSH, FTP, IMAP, POP3, SMTP, any 3rd party services that authenticate using PAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Default duration for username-based protection lockout?

A

5 min

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Default duration for IP-based protection lockout?

A

15 min

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Script to disable cphulk?

A

/scripts/restartsrv_cphulkd stop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

There are five phases of an HTTP transaction in ModSecurity that can be used to intercept, inspect, or change behavior.

A
  1. Request Header
  2. Request Body
  3. Response Header
  4. Response Body
  5. Logging
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What’s the syntax for a secrule definition

A

The SecRule directive instructs the server on where to look (using a variable), what to look for (using an operator), and what to do if it finds a match (action). SecRule definitions follow a standard format, using variables, operators, and an optional action, all contained on a single line:

SecRule Variables Operator [Action]

Show above: Basic syntax of a SecRule definition, indicating by the brackets that the “Action” value is optional,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is owasp

A

s an independent, online project that focuses on making web application security tools, knowledge, and methods freely available to the general internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

umm ... (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions