Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Security
Midterm
| Question | Answer |
|---|---|
| CIA: C=? | Confidentiality |
| CIA: I=? | Integrity |
| CIA: A=? | Availability |
| Internal or External Threats pose a greater risk of a technical attack? | External more likely technical attack, internal threat already have access. |
| 5 Levels of Data Classification | Unclassified, Sensitive, Confidential, Secret, Top Secret |
| 4 Factors for Data Classification | Value, Age, Useful Life, Personal association. |
| 3 Roles for Data Classification | Owner, Custodian, User |
| 3 Types of Security Controls | Administrative (policy + procedure), Technical, Physical |
| 3 Categories of Security Controls (The purpose they serve) | Preventative (eg: Lock), Deterrent (eg: video surveillance), Detective (eg: motion sensor) |
| Definition: A weakness in a system or its design that can be exploited. | Vulnerability |
| Definition: Someone or something that is a danger to a system. | Threat |
| Definition: The likelihood that a particular threat using a specific attack will exploit a particular vulnerability of a system that results in an undesirable consequence, | Risk |
| Definition: To take advantage of a vulnerability. Could be software or social. | Exploit |
| Definition: Individuals who break into computer networks and systems to learn more about them | Hackers |
| Definition: Individuals who break into computer networks and systems to steal or cause damages. | Crackers |
| Definition: Individuals who compromise telephone systems. | Phreakers |
| 6 Step Process of Attacks | Reconnaissance, Exploit (people & software), Escalate Privileges, Download (passwords & data), Backdoor, Leverage |
| Definition: Philosophy that provides layered security to a system by using multiple security mechanisms | Defence in Depth |
| What is IP Spoofing? | Changing the source IP address of packets to appear as if they are coming from a trusted source. Also used to hide real address while performing attacks. |
| Difference between Blind and Nonblind spoofing? | Nonblind attacker is on same subnet as victim and can sniff SEQ and ACK numbers. Blind is not on subnet and SEQ and ACK numbers are unreachable. |
| What is Source Routing? | Sending a full routing path with a packet, useful with IP spoofing but commonly discarded now. |
| Definition: Hacker monitors the traffic and introduces himself as a stealth intermediary between the sender and the receiver. | Man in the Middle Attack |
| Definition: Attack where an attacker obtains access to read-sensitive data. | Confidentiality Attack |
| What are some types of confidentiality attacks? | Packet sniffing, port scanning, dumpster diving, emanations capturing, wiretapping, social engineering |
| Attack Type: attempting to acquire sensitive information by masquerading as a trustworthy entity. Often done through email or instant messaging. | Phishing |
| Attack Type: Redirecting traffic of a website to another website either by exploiting hosts file or DNS system. | Pharming |
| Attack Type: series of minor data security attacks that together result in a larger attack | Salami Attacks |
| Attack Type: changing data before or during input into a computer. | Data Diddling |
| Attack Type: Individual taking advantage of a trust relationship within a network. | Trust Exploits |
| Attack Type: Any attack that attempts to identify a user account, password, or both. | Password Attacks, often uses brute force attack method |
| Attack Type: Exploitation of a valid computer sessions to gain unauthorized access to information or services | Session Hijacking |
| Attack Type: Attacker attempts to change sensitive data without proper authorization. | Integrity Attacks |
| Attack Type: Attack which causes a denial of service of a host, network, or application. | Availability Attacks |
| Difference between a Botnet and a DDoS? | Botnet = infected collection of computers controlled by a cracker. DDoS = Using many machines to attack availability, often using a Botnet. |
| How does TCP SYN Flood attack work? | Flood SYN segments to target but never complete handshake using up all available connection slots. |
| How does ICMP Flood attack work? | Sending spoofed IP ICMP request to a broadcast address, causing an amplifying effect. |
| 5 Phases of System Design Life Cycle? | Initiation, Acquisition and Development, Implementation, Operations and maintenance, Disposition |
| System Design Life Cycle: Which phase includes: preliminary risk assessment and security categorization? | Initiation Phase |
| System Design Life Cycle: Which phase includes: Risk assessment, security requirements/planning, cost considerations | Acquisition and Development Phase |
| System Design Life Cycle: Which phase includes: inspection & acceptance, system integration, security certification/accreditation | Implementation Phase |
| System Design Life Cycle: Which phase includes: Configuration management and control, continuous monitoring | Operations and Maintenance Phase |
| System Design Life Cycle: Which phase includes: Information preservation, media sanitization, hardware & software disposal | Disposition Phase |
| Principles of Operations Security: Principle Definition: No single individual should have control over two or more phases of transaction or operation | Separation of Duties |
| What is the difference between 2-man control principle and dual-operator principle? | 2-man control has two individuals review and approve work of the other, dual-operator actually requires 2 individuals to do the work. |
| Principles of Operations Security: Principle Definition: Having a group of individuals alternating through various roles during course of a week. | Rotation of Duties |
| Principles of Operations Security: Principle Definition: Expect system and individual failure and prepare for this failure. | Trusted Recovery |
| Principles of Operations Security: Principle Definition: Use standardized methods and procedure to efficiently handle all changes. | Change and Configuration Control |
| 5 Steps of Change and Configuration Control | Apply to intro change, Catalogue, Schedule, Implement, Report |
| 3 Reasons for having Security Policy | 1-Inform: users, staff, managers. 2-Specify mechanisms for security. 3-Provide a baseline. |
| Who is the intended audience for a Governing policy? | Managers and Technical Custodians |
| Standard vs Guideline vs Procedure | Standard = Consistency, Guideline = more loose, Procedure = detailed |
| Quantitative vs Qualitative Risk Analysis | Quantitative = maths and numbers, Qualitative = scenario models useful for very large entities too difficult to get hard numbers. |
| SLE = AV * EF ; What is SLE? | Single Loss Expectancy, in $ |
| SLE = AV * EF ; What is AV? | Asset Value, how much is it worth in $, not easy to calculate might have to consider many costs |
| SLE = AV * EF ; What is EF? | Exposure Factor, in %, degree of destruction that will occur, ie: flood causing 60% destruction |
| ALE = SLE * ARO ; What is ARO? | Annualized Rate of Occurrence, frequency of an event per year. Eg: 20x per work day, 250x work days a year = 5000 times a year |
| ALE = SLE * ARO ; What is ALE? | Annualized Loss Expectancy, Cost analysis of a Single Loss Event with expected annualized rate, used for risk analysis (what action should be taken) |
| 4 Ways of dealing with risk | Ignore, Accept (but take no action), Reduce, Transfer |
| Definition: adding additional security investments yields lower risk reduction than the previous investment. | Diminishing Returns |
| Definition: Regardless of how many resources dedicated toward mitigating risk, it can never get reduced to zero. | Residual Risk |
| Definition: Philosophy where each subject, user, etc. should have only the minimum necessary privileges to perform their tasks. | Concept of Least Privilege |
| Definition: Complexity makes it hard to predict how parts of a system will interact, making it difficult to analyse for security. | Concept of Simplicity |
| What type of vulnerability testing tool is: Wireshark | Packet Analyzer |
| What type of vulnerability testing tool is: nmap | Network Scanner |
| What type of vulnerability testing tool is: nessus | Vulnerability Scanner |
| What type of vulnerability testing tool is: John the Ripper | Password Cracker |
| What type of vulnerability testing tool is: Metasploit | Penetration Testing |
| What type of vulnerability testing tool is: Maltego | Data Mining |
| What type of vulnerability testing tool is: Network Stumbler | War Driving |
| Process of Risk Analysis Step 1: | System Characterization |
| Process of Risk Analysis Step 2: | Threat Identification |
| Process of Risk Analysis Step 3: | Vulnerability Identification |
| Process of Risk Analysis Step 4: | Control Analysis |
| Process of Risk Analysis Step 5: | Likelihood Determination |
| Process of Risk Analysis Step 6: | Impact Analysis |
| Process of Risk Analysis Step 7: | Risk Determination |
| Process of Risk Analysis Step 8: | Control Recommendations |
| Process of Risk Analysis Step 9: | Results Documentation |
| Reducing Risk: using firewalls, encryption, authentication, etc. | Hardening |
| Reducing Risk: using policies, standards, guidelines, and procedures | Assurance |
| Reducing Risk: finding intrusion attempts and terminating them | Detection |
| Reducing Risk: bringing system back to an operational state | Recovery |
| What is Malware? | any software that gives partial to full control of your computer to do whatever the malware creator wants. Malware can be a virus, worm, trojan, adware, spyware, root kit, etc |
| Malware: Virus vs Worm? | Virus is attached to a program or file (executable), worm requires no human action to spread. |
| Malware: Virus vs Trojan? | Virus will self-replicate to spread, Trojan masquerades as useful software to spread (does not infect other files or self-replicate) |
| Malware: Virus vs Rootkit? | Rootkit gains root privilege on infected machine, making it much harder to remove. |
| 5 Phases (5P) of Malware: | Probe, Penetrate, Persist, Propagate, Paralyze |
| How did the SQL Slammer worm work? | Exploited buffer overflow bug in Microsoft SQL servers that were not updated. |
| 4 Phases of worm mitigation: | Containment, Inoculation, Quarantine, Treatment |
| Infection Phase: slow down or stop virus, try to prevent spread. Use ACLs & Firewalls. | Containment Phase |
| Infection Phase: Patch uninfected systems for vulnerability, removing them as targets. | Inoculation Phase |
| Infection Phase: Identify infected machines and disconnect, block, or remove them. | Quarantine Phase |
| Infection Phase: Disinfect infected systems, or reinstall system in extreme cases. | Treatment Phase |
| Attack Type: consists of ping sweeps, port scans, packet sniffers, internet information queries | Reconnaissance |
| Attack Type: attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information | Access Attacks |
| Attack Type: Attempt to compromise the availability. Require little effort to execute and difficult to eliminate. | Denial of Service Attack (DoS) |
| Incident Handling Step 1: | Preparation: plan a lot |
| Incident Handling Step 2: | Identification: event or incident? |
| Incident Handling Step 3: | Containment: gather evidence |
| Incident Handling Step 4: | Eradication: remove root cause of incident |
| Incident Handling Step 5: | Recovery: restore, validate, monitor |
| Incident Handling Step 6: | Documentation: write many things |
| Common Attacks Experienced? | Malware (67%), Phishing (39%), Mobile Hardware theft (34%) |
| Where do most attacks originate from (country)? | Russian Federation (32%) |
| What motivates attackers? | Profit, Fame, Ideological, Anger, Challenge |
| What is most used technologies for security defense? | Anti-virus (97%), Firewalls (94%), VPN (85%) |
Created by:
Datheral
Popular Computers sets