Card Set Information

2015-09-08 23:21:25

CISA Domain 5
Show Answers:

  1. Kerberos
    • Network authentication protocol for client-server applications
    • Can be used to restrict access to DB
  2. Smurf Attack
    When misconfigured network devices allow packets to be sent to all hosts on a network via the broadcast address (DoS)
  3. Teardrop attack
    Sending mangled IP fragments w/ overlapping, oversized payloads to a target (DoS)
  4. Banana Attack
    Redirects outgoing messages from the client back onto the client (DoS)
  5. Reflected attack
    • Sending forged requests to a large number of computers
    • The source IP is spoofed so the reply goes to the target (DoS)
  6. Race Conditions
    • AKA Time of Check/Time of Use Attacks
    • Exploit a small window of time btw when the security control is applied and the service is used
  7. Authentication categories, something...
    • Something you know
    • Have
    • Or Do
  8. False-Rejection Rate
    • Number of times an individual granted authority to use a system is falsely rejected
    • Type-1 Error
    • Aggregate is failure to enroll rate
  9. Failure to enroll Rate
    • Proportion of people who fail to enroll successfully
    • Aggregate of FRR
  10. False-Acceptance Rate
    • Number of times an individual not granted authority to use a system is falsely accepted
    • Type II Error
  11. Equal Error Rate
    Percent showing when false rejections and acceptances are equal
  12. Network Access server
    Handles user authentication, access control, and accounting
  13. Network Access Server Protocols
    • RADIUS
    • Terminal Access Controller Access Control System (TACACS)
  14. Network access server good practices
    • Call is received and then terminated
    • Call number was recorded and then authenticated
    • Initiate callback to predetermined number
  15. Dial-Up Connectivity
    • Decentralized connectivity method
    • Server setup to accept remote access
    • Low cost, but low security
  16. Audit Reduction Tools
    Preprocessors designed to reduce the volume of audit records to facilitate manual review
  17. Firewall types
    • Packet filtering
    • Application
    • Stateful Inspection
  18. Packet Filtering Firewall Characteristics
    • Simple
    • Examine the header of every packet
    • Stable
  19. Common attacks against packet filtering firewalls
    • IP Spoofing
    • Source Routing specification (bypasses firewall)
    • Miniature fragment attacks
  20. Application firewall characteristics
    • Application and circuit types
    • Allow info flow between systems but not direct exchanges of packets
  21. Application-level Gateway Firewall
    • Analyzes packets through a set of proxies
    • Proxy for each service
  22. Circuit-Level Firewall
    • Efficient
    • Application level
    • Single, general purpose proxy
  23. Stateful inspection firewall characteristics
    • Keep track of the destination IP address of each packet that leaves
    • Records response packet to ensure that it corresponds to a sent packet
    • Transport layer
    • Complex
  24. Screened-host firewall
    • Packet filtering router and bastion host
    • Uses packet filtering (network) and proxy services (application)
    • Bastion host connect to private network w/ a packet filtering router btw the Internet and bastion
  25. Dual-homed firewall
    • Has two or more network interfaces
    • Restrictive form of a screened-host firewall
    • Bastion host is configured w/ one interface established for information servers and another for private network host computers
  26. DMZ or Screened-subnet
    • Utilizes two packet filtering routers and a bastion host
    • Outside router restrics incoming traffic to DMZ
    • External systems can only access the bastion and servers in DMZ
    • Inside router forms a second line, only accepts traffic from bastion
  27. Components of an IDS
    • Sensor (collector)
    • Analyzer
    • Admin Console
    • User Interface
  28. Types of IDS
    • Signature based
    • Statistical¬†
    • Neural Networks
  29. Elliptical Curve Cryptography
    • Variant and more efficient form of PKI
    • Less computation required
  30. IPSec Tunnel mode
    • Encapsulation security payload and authentication are applied
    • Achieve confidentiality and nonrepudiation
  31. IPSec Transport Mode
    • Encapsulation security payload
    • Data encrypted
    • Achieves confidentiality
  32. Scanners (anti-malware)
    Look for sequences of bits called signatures that are typical of malware programs
  33. Types of anti-malware scanners
    • Ones that look for masks/signatures
    • Heuristic scanners - statistical (false positives problem)
  34. Active monitors (anti-malware)
    • Interpret DOS and ROM BIOS calls
    • Look for malware actions
    • Cannot distinguish between a user request/program or malware
  35. Integrity CRC Checkers (anti-malware)
    • Compute a binary number on a known clean program
    • Stores the binary in a DB
    • If a mismatch occurs then change happened
    • Only effective after infection¬†
    • Ineffective if a file is infected before value first stored
  36. Behavior blocker (anti-malware)
    • Focus on detecting potentially abnormal behavior
    • Detect early on
  37. Immunizers (anti-malware)
    append sections of themselves to files
  38. Blind testing
    • when the tester is provided limited/no information on the target's system
    • Black box testing
    • Target is aware
  39. Double-blind testing
    • Tester is provided limited/no info
    • Target not aware
  40. Penetration testing phases
    • Planning
    • Discovery
    • Attack
    • Repeat
    • Reporting throughout
  41. Forward error control
    Transmitting redundant info w/ each character or frame to facilitate detection and correction nof errors