The flashcards below were created by user
on FreezingBlue Flashcards.
- TCP uses synchronized connections
- TCP SYN or TCP ACK Flood Attack P.74 TCP Sequence Number Attack
- TCP/IP hijacking
- UDP attack
- Associated with echoing
- ICMP supports maintenance and reporting in a TCP/IP network.
- Part of the IP level of the protocol suite.
- Used by Ping
- Used with DoS attacks
- Uses IP spoofing and broadcasting
- Sends a ping to a group of hosts
- ICMP ping request answered with an ICMP ping reply
- Overload of network and target system
- DoS attack that consumes the network bandwidth of the replying system while victim system deals with flood of ICMP traffic
- Eliminate with: prohibit ICMP traffic through a router
Targeted at the key, not the algorithm itself, just on the results. If you key is hashed, the possibility is that given enough time, another value can be created that will give the same hash value. Pages 342-343
Based on statistical likelihood of a match. As the key length grows, the probability of a match decreases.
Weak key attacks
- Page 343
- Many common passwords are used by lots of people. Hash value easier to guess with a short key length.
- Page 343
- Can be focused on the encryption algorithm itself, the key mechanism, or any potential area of weakness in the algorithm. Depend on intercepting large amounts of data and methodically attempting to decrypt the messages
Public Key Infrastructure
- PKC is a part of PKI
- Public Key Cryptograpy
Someone would use your public key to encrypt a message and send it to you.
Asymmetric Algorithms use two keys to encrypt and decrypt data.
You use your private key to decrypt a message that has been encrypted using your public key and sent to you.
Safe deposit box
Who has the private key?
Who has the public key?
- Box owner keeps the public key.
- Bank retains the second, or private, key.
- Must use both keys to open the box.
- ECC - Elliptic Curve Cryptography smaller than RSA, implemented in smaller devices
- El Gamal - similar to Diffie-Hellman
- Used for transmitting digital signatures and key exchanges
- Asymmetric Algorithm
- Used with SSLSecure Sockets Layer
- Rivest, Shamir, Adleman
- Early public-key encryption system that uses large integer numbers as the basis of th eprocess
- Asymmetric Algorithm
- Used primarily to send keys across the network
- Asymmetric Algorithm
- Elliptic Curve Cryptography
- Page 324
- Advanced Encryption Standard
- Adopted by the U.S. government
- Block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
- Based on the Rijndael cipher, the work of Rijmen and DaemenApproved by the National Security Agency (NSA) for top secret information
- 'tickets' to allow nodes communicating over a non-secure network
- symmetric key cryptography
- Windows 2000 and later use Kerberos as their default authentication method.
- The client authenticates itself to the Authentication Server (AS) which forwards the username to a Key distribution center (KDC). The KDC issues a Ticket Granting Ticket (TGT), which is time stamped, encrypts it using the user's password and returns the encrypted result to the user's workstation. This is done infrequently, typically at user logon; the TGT remains valid until it expires.
- It requires continuous availability of a central server. When the Kerberos server is down, no one can log in.
- Kerberos has strict time requirements, which means the clocks of the involved hosts must be synchronized within configured limits.
An application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
A common usage of LDAP is to provide a "single sign-on" where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).
LDAP was originally intended to be a lightweight alternative protocol for accessing X.500 directory services through the simpler (and now widespread) TCP/IP protocol stack.
Today, X.500 directory protocols can be used directly over TCP/IP.
TCP port and UDP port 389
Each entry has a unique identifier: its Distinguished Name (DN).
LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP.Short answer: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it.
Originally designed as means to automate logins, by which a person who was already authenticated on one host in the network could connect to another host on the same network without needing to authenticate again, TACACS is an open (quasi-)standard.
Cisco Systems began supporting TACACS in its networking products in the late 1980s, eventually adding their own extensions to the protocol, which the company then called 'XTACACS' ('eXtended TACACS'). In the simple (non-extended) form, Cisco's implementation was compatible with the original TACACS, while the extended form (XTACACS) was not.
'TACACS+', in which the individual tasks of authentication, authorization and accounting were separate processes. Also, while the XTACACS and TACACS use UDP (port 49), TACACS+ uses TCP (but still port 49).
- 3 separate processes: AAA
- Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates the two operations. Another difference is that
- TACACS+ uses the Transmission Control Protocol (TCP) while
- RADIUS uses the User Datagram Protocol (UDP).
- Corresponding Layers
- DoD Model OSI Model
- Process Application Layer Application Presentation Session
- Host-to-Host Layer Transport
- Internet Layer Network
- Network Access Layer Data Link Physical
Effect of SMS text messages
Authorization in Active Directory is done by what?
SSH cannot be used to secure which protocol?
PPTP VPN can run over which protocols?
IPS has a lot of false positives. What type of IPS is it?
Which RSA standard is NOT used by Transparent Data Encryption?
What port is used to transfer the Cisco IOS to a router?
Which one of these does the answer apply to?
Host hardening methods
Application hardening methods
Network hardening methods
- System tampering protection,
- process spawning control, and executable files protection
What would be most effective in blocking a zero-day exploit that uses encrypted network packets to start malicious processes on a host?
Anomaly based HIPS???
Most secure wireless protocol?
Disadvantage of a low interaction honeypot?
How does LDAP store objects?
What can a war driver use to defeat low power settings and proper antenna placement on a wireless network?
FIPS Suite B for protection of data up to the SECRET level - Why use this?
Which attack harvests passwords from a web browsers cache?
XSS or XSRF?
What does a BCP define?
Is it Recovery point objectives and recovery time objectives
What type of risk controls would avoid single points of failure, and include fault-tolerant measures, and recovery procedures?
- Operational - what I chose
- All of these?
What is used to insure the integrity of a forensic image of a hard drive?
- 3DES - what I guessed
Which encryption method has up to a 448 bit key?
Is it Two-Fish?
In which color of penetration testing are testers given a user account with typical privileges?
- Grey box - I chose this one
- Black box
- White box
2. White-box testingWhite-box testing usually involves close communication and information sharing between your technology group and pen testers. Pen testers are typically supplied with legitimate user accounts, URLs, and even user guides and documentation. This type of penetration test will usually provide the most comprehensive results and is currently the most commonly requested.
What is grey box testing?
Grey Box testing is a technique to test the application with limited knowledge of the internal workings of an application. In software testing, the term the more you know the better carries a lot of weight when testing an application.Mastering the domain of a system always gives the tester an edge over someone with limited domain knowledge. Unlike black box testing, where the tester only tests the application's user interface, in grey box testing, the tester has access to design documents and the database. Having this knowledge, the tester is able to better prepare test data and test scenarios when making the test plan.
What is black box testing?
The technique of testing without having any knowledge of the interior workings of the application is Black Box testing. The tester is oblivious to the system architecture and does not have access to the source code. Typically, when performing a black box test, a tester will interact with the system's user interface by providing inputs and examining outputs without knowing how and where the inputs are worked upon.
What is white box testing?
White box testing is the detailed investigation of internal logic and structure of the code. White box testing is also called glass testing or open box testing. In order to perform white box testing on an application, the tester needs to possess knowledge of the internal working of the code.The tester needs to have a look inside the source code and find out which unit/chunk of the code is behaving inappropriately.
A circuit level firewall does improve on a packet filtering firewall in which of the following ways?
(Choose all that apply.)
- A Filters on time of day
- B Filters on transport layer protocols such as TCP and UDP
- C Filters on source IP address and port
- D Filters on destination IP address and port
I chose C and D
page wml or wmi
What type of cloud computing would be useful to a company with a lot of sensitive data on unreliable systems?
Which type of firewall would best protect against XSS, CSRF, and SQL injection?
- A Stateful packet inspection firewall
- B Proxy server
- C Network firewall
- D WAF
I chose D WAF
Types of SSL certificates?
A laptop using RADIUS performs which role?
Which type of virus infects only a small percentage of files to avoid detection?
Which IPSec protocol provides confidentiality?
What CANNOT encrypt email at rest?
C Diffie Hellman
I think it is RSA but not sure
What type of protocol is EFS?
What is used to identify users and computers to the SAM?
What is SAM?
What is Penetration testing
B Vulnerability scanning? Difference???
What is an Attack Surface Analyzer?
What is the most secure way to encrypt data?
What is SCTP?
- The Stream Control Transmission Protocol (SCTP) is a new IP transport
- protocol, existing at an equivalent level with UDP (User Datagram
- Protocol) and TCP (Transmission Control Protocol), which provide
- transport layer functions to many Internet applications. It provides some of the same service features of both: it is message-oriented like UDP and ensures reliable, in-sequence transport of messages with congestion control like TCP.
AAA security protocols
- A RADIUS
- B Diameter
- C TACACS+
- D XTACACS
The DNS server is given information about a name server that it thinks is legitimate when it isn't.
The goal is to make the data look as if it came from a trusted host when it didn't ( thus spoofing the IP address of the sending host).
Which type of attack can also do stack fingerprinting?
- A Smurf Page 77
- B Xmas tree
- C SYN flood Page 74, 57
- D DoS Page 57
- See pages 72 - 76 for TCP attacks
- Page 77 for UDP attacks
Which key is used to verify a digital signature?
The sender uses the receiver's public key to create a has value that is stored in the message digest. The sender then sends the message to the receiver. The receiver can use their private key and compare the value of the message digest. If the message value from the private key is the same as the message digest sent with the message, the receiver knows he message is authentic.
Provides both message integrity and authentication.
A user receives notice in a pop-up that their computer is infected with a virus. Which way is the most likely to stop this message safely? A:
A Alt + F4
B Ctrl + Shift + Escape
Ctrl + Shift + Escape
If you download a registry cleaner for your home computer using BitTorrent, what is the most serious malware that could infect your computer when you run the registry cleaner?
Steganography is the process of hiding one message in another. It is also called electronic watermarking.
Page 318. A message is sent using a series of photons. If the receiver know the sequence and polarity of the photons, they can decode the message. Otherwise, the photons look like random noise. Only implemented using fiber-optic technology.
The primary instrument used for connectivity between two or more networks
Multiport devices that improve network efficiency. Switches improve network efficiency and network security . Switch has limited routing information.
A hardware device that connects the digital signals from a computer to an analog telephone line.
Device allowing mamy hosts to communicate with each other through the use of physical ports. Extrememly insecure. All data received through one port is sent to all other ports.
Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields.
Database activity monitoring (DAM) is a database security technology for monitoring and analyzing database activity that operates independently of the database management system (DBMS) and does not rely on any form of native (DBMS-resident) auditing or native logs such as trace or transaction logs. DAM is typically performed continuously and in real-time.
Database activity monitoring and prevention (DAMP) is an extension to DAM that goes beyond monitoring and alerting to also block unauthorized activities.
Authentication Header (AH) is a member of the IPsec protocol suite. AH guarantees connectionless integrity and data originauthentication of IP packets. Further, it can optionally protect against replay attacks by using the sliding window technique and discarding old packets (see below).
What is L2TP?
An Internet-standard protocol combination of PPTP and Layer 2
An Internet-standard protocol combination of PPTP and Layer 2
- Forwarding (L2F) that enables the tunneling of PPP sessions across a
- variety of network protocols, such as IP, frame relay, or Asynchronous
- Transfer Mode (ATM). L2TP was specifically designed to provide
- tunneling and security interoperability for client-to-gateway and gateway-
- to-gateway connections. L2TP does not provide any encryption on its
- own and L2TP tunnels appear as IP packets, so L2TP employs IP
- Security (IPSec) Transport Mode for authentication, integrity, and
What is PPTP?
- A Microsoft VPN Layer 2 protocol that increases the security of PPP by providing tunneling and data encryption for PPP packets. It uses the
- same authentication types as PPP, and is the most widely supported
- VPN method among older Windows clients. PPTP encapsulates any
- type of network protocol and transports it over IP networks.
What is SSTP?
- This protocol uses the Hypertext Transfer Protocol over Secure Sockets
- Layer (HTTP over SSL) protocol and encapsulates an IP packet with a
- PPP header and then with an SSTP header. The IP packet, PPP header,
- and SSTP header are encrypted by the SSL session. An IP header
- containing the destination addresses is then added to the packet. It is
- supported in all current Windows operating systems.
Which of the following can connect to a secure application or a secure web site using just a browser?
In eCommerce, which key is used to encrypt the session key?
- Message A: Client/TGS Session Key encrypted using the secret key of the client/user.
- Message B: Ticket-Granting-Ticket (which includes the client ID, client network address, ticket validity period, and theclient/TGS session key) encrypted using the secret key of the TGS
In an enterprise network what produces the highest availability for data?
Fibre Channel point-to-point (FC-P2P) is a Fibre Channel topology where exactly two ports (devices) are directly connected to each other.It is the simplest topology, no network addressing is needed, because each message has only one possible receiver.The bandwidth is dedicated.
Fibre Channel switched fabric
What is a defense against compromise of codes on cyberlocks? (Choose all that apply.)
A Code expiration
B Minimum code length
C Biometric component
D Card reader
Biometric component Card reader The lock holds: a lock id, encrypted access codes, a lost key list, and a list of 1,100 events. https://cubist.cs.washington.edu/Security/2008/02/10/cyberlocks-security-review/
A government contractor wants to block spam and any malicious email traffic. They want to take a multi-layer approach so that if one control is bypassed, another will still block traffic. Which of the following controls will NOT help? (Choose all that apply.) A:
A Use a real-time blackhole list
C Spam Filter
E Close open relays
F Use an enterprise antivirus suite
See page 83 and page 87
Getting inside information on targets
SSH cannot be used to secure which Protocol?
The ../ (dot dot slash) attack does what?
It exploits insufficient validation of user supplied file names so that characters representing "traverse to parent directory" are parsed. The goal is to access a file that is not intended to be accessible such as a password file or other confidential data.
System tampering protection, process spawning control, and executable files protection are:
- Application hardening methods
Network hardening methods
- Updating Software and Hardware
- Password Protection
- Unnecessary Protocols and Services
- Wireless Security
- Restricted Network Access
Recovery Agent functions
- If you have a stand alone computer and the Recovery Agent is the built in administrator account [which it would be by default] then logon as that account and try to decrypt the files.
- Decrypt files
- Most secure wireless protocol
- Counter Mode Cipher Block Chaining Message Authentication Code Protocol
P2P networking and social networking are MOST likely to compromise which aspects of security? (Choose all that apply.) A:
Both of these are compromised
A Yagi-Uda array, commonly known simply as a Yagi antenna, is a directional antenna consisting of adriven element (typically a dipole or folded dipole) and additional parasitic elements (usually a so-calledreflector and one or more directors).
WEPCrack Main:"WEPCrack is an open source tool for breaking 802.11 WEP secret keys. The tool is is an implementation of the attack described by Fluhrer, Mantin, and Shamir in the paper Weaknesses in the Key Scheduling Algorithm of RC4...WEPCrack was the first publicly available code that demonstrated the above attack...released to Bugtraq on Aug 12, 2001"
Sparse infector viruses use conditions before infecting files. Examples include files infected only on the 10th execution or files that have a maximum size of 128kb. These viruses use the conditions to infect less often and therefore avoid detection. They are also called sparse viruses.
Best for clustered servers to talk to each other while maintaining high availability
What can stop the viewing of confidential files if a Linux boot disk is used on a Windows server?
EFS and a bitlocker
Encrypting File System
Bitlocker: BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7, and with the Pro and Enterprise editions of Windows 8 desktop operating systems, as well as the server platforms, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm inCBC mode with a 128-bit or 256-bit key, combined with the ''Elephant'' diffuser for additional disk encryption-specific security not provided by AES. CBC is not used over the whole disk, only for each individual disk sector.
a type of malicious software designed to block access to a computer system until a sum of money is paid."although ransomware is usually aimed at individuals, it's only a matter of time before business is targeted as well"
passively tests security controls, identifies vulnerabilities, identifies a lack of security controls, and identifies common misconfigurations.
What is the most secure way to encrypt data?
In cryptography, a one-time pad is a system in which a private key generated randomly is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key
- One Time Password
The VLANs, switch firmware, and the firewall rules are being updated by a consulting firm. What is the LEAST important thing to do?
System state backup
Xmas tree attack
- It is mainly used to check which machines are alive or reachable, and subsequently what ports are open or responding, so that those
- machines or ports can be used as an avenue for a follow-up attack. The type of port scanning attack
- uses an Xmas packet with all the flags turned on in the TCP header of the packet. The name “Xmas” refers to all the flags being “on” (like lights) and so a packet is “lit up like a Christmas tree.”
- This scan is commonly known as a stealth scan due to its ability to hide the scan in progress, and its
- ability to pass undetected through some popular firewalls, intrusion detection systems (IDSes), and
- A remote access Trojan (RAT) is a malware program that includes aback door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
- The Back Orifice rootkit is one of the best known examples of a RAT.
- RAT also stands for remote administration tool.
- A remote access tool (a RAT) is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity. Malicious RAT software is typically installed without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software.
What factors are important for major companies with founding, visionary CEOs, who seem to be irreplaceable? (Choose all that apply.)
- Removing single points of failure
- Succession planning
Q:A government contractor wants to block spam and any malicious email traffic. They want to take a multi-layer approach so that if one control is bypassed, another will still block traffic. Which of the following controls will NOT help? (Choose all that apply.)
Explain the purpose of
- high availability
- and impressive scalability
- VPN concentrators provide high performance, high availability,
- and impressive scalability.