Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
IINS 640-554 Part 4
Cisco IINS 640-554 Part 4
| Question | Answer |
|---|---|
| Define a Remote Access VPN: | A VPN connection made from a mobile worker to business site. |
| Define an IPSec VPN Tunnel mode: | Encrypts the original header and creates a new header (encapsulation). |
| What is provided by AH when using IPSec? | Integrity. Authentication. |
| What does ESP provide that AH alone can't? | Confidentiality - AH doesn't encrypt the payload. |
| True/False: ESP and AH cannot be used simultaneously? | FALSE |
| List steps of IKE Phase 1 | Establishes bidirectional IKE SA. Authenticates peer. |
| List steps of IKE Phase 2 | Negotiates IPSec policies. When complete, unidirectional IPSec SAs are established for each protocol/algorithm combination. Transform sets are negotiated (proposals). |
| What is the purpose of the Crypto ACL? | To determine what traffic will be tunneled and what will be sent in planin text to the appropriate next hop. |
| Define The crypto ACLs on both ends of a VPN tunnel should have what relationship? | They should be mirror images of each other. |
| Define SSL remote access VPN characteristics (Anyconnect): | No client software reuuired. Works for a limited number of applications such as web-browsing and email. |
| Define IPSec remote access VPN characteristics: | Works for all IP-based applications. Clients must have specialized software. Has a stronger auth method. The stronger security method. |
| What type of VPN assigns host pc a new IP address? | Remote access IPSec |
| What is a reverse route injection? | Adding a static route entry for a PC when using remote access VPNs? |
| What is this definition of? Identify the purposes of the network to the organization? | Business Needs. |
| What is this definition of? Analyzing the cost versus the benefit of mitigating, transferring and accepting the various security risks. | Risk Analysis. |
| What is this definition of? Documenting procedures to be used for hardening, incident response, and auditing of the system. | Security Operations. |
| What is this definition of? Identifying the security practices that similar organizations currently employ | Industry-recommended practices. |
| What is this definition of? Identifying which threats are most likely to occur. | Threat identification. |
| When a failure in the system bypasses security functions, this is called _____. | fail-open. |
| Quantitative risk analysis uses a math model, qualitative risk analysis uses a scenario-based model. | TRUE. |
| Define: The % loss of an asset that a realized threat could have | SLE - Single Loss Expectancy. |
| Define: How often a threat is expected to occur. | Annualized Rate of Occurance |
| Define: The cost of a single asset | AV - Asset Value |
| Define: The financial amount expected to be lost in a single occurrence of a threat. | SLE - Single Loss Expectancy. |
| Define: The expected financial loss that a particular threat will cost an organization. | Exposure Factor. |
| Define: SLE * ARO | ALE - Annualized Loss Expectance |
| Define: AV * EF | Single Loss Expectancy |
| Which Cisco product performs Policy Management? | Cisco Security Manager (CSM) |
| Which product USED to perform Threat Mgmt (it is now retired)? | Cisco Security MARS. |
| Which Cisco product performs Endpoint Security? | Cisco Security Agent. Cisco NAC Appliance. |
| What cisco product is a network infrastructure device? | Cisco IPS Sensor Software. |
| List a few ways to define against Protection against rogue network admins? | Rotation of duties. Two person teams. Separation of duties. Change control. Multiple staff members involved in backups. |
| Planning for a failure or a natural disaster at a primary location is called ___ | Business Continuity (BC) or Disaster Recovery (DR). |
| Security categorization, preliminary risk assessment is called what? | Initiation. |
| Define this process: Inspection and acceptance, system integration, certification, accreditation. | Implementation. |
| Define this process: Information preservation, media sanitization, equipment disposal. | Disposition. |
| Define this process: Risk assessment, functional assurance requirements, planning, developmental testing and evaluation. | Acquisition and Development. |
| Define this process: Configuration management, continuous monitoring. | Operations and Maintenance. |
| What is the difference between policies and procedures? | Policies detail what is to be protected. Procedures detail how assets are to be protected. |
| Informing users of their security responsibilities and best practices is called a(n) | Security awareness program. |
| ALE (Annualized Loss Expectancy) = | ALE = AV * EF * ARO (Asset Value * Exposure Factor * Annualized Rate of Occurance) |
| Why are Internal Threats the most dangerous / serious? | 1. people already have knowledge of the network and available resources 2. people already have some level of access granted to them because of their job 3. traditional IPS and Firewall are ineffective against much misuse originating internally. |
| List some truths about External Threats: | 1. More technical 2. could perform ping sweep of network to identify IPs. 3. Then use port scan to identify open services. 4.Could then try to exploit known vulnerabilities for open services to gain access. |
| First 3 Elements of Confidentiality: | 1: Keeping data private 2: Physically or logically restricting access to sensitive data. 3: Use of Network Security mechanisms to prevent unauthorized access (Firewall and ACLs). |
| Last 2 Elements of Confidentiality: | 4: Require appropriate credentials to access specific network resources (Authentication) 5: Encrypt traffic |
| Elements of Integrity: | 1: Ensures data hasn't been modified 2: Verifies that traffic originates from source that should be sending it. |
| Elements of Availability: | 1: Measurement of data's accessibility. 2: Access from everywhere if possible / recommended. |
| Government/Military Data Classification: Unclassified | Data has few or no privacy requirements. |
| Government/Military Data Classification: Sensitive but unclassified SBU | Data could cause embarrassment but not constitute a security threat if revealed. |
| Government/Military Data Classification: Confidential | Data that has a reasonable probability of causing damage if disclosed to an unauthorized party. |
| Government/Military Data Classification: Secret | Data has a reasonable probability of causing serious damage if disclosed to an unauthorized party. |
| Government/Military Data Classification: Top-secret | Data has a reasonable probability of causing exceptionally grave damage if disclosed to an unauthorized party. |
| Organizational Data Classification: Public | Information made available to the public (Marketing / Press Releases) |
| Organizational Data Classification: Sensitive | Data that could cause embarrassment but not constitute a security threat if revealed. |
| Organizational Data Classification: Private | Organizational infromation that should be kept secret and whose accuracy should be maintained. |
| Organizational Data Classification: Confidential | Sensitive organizational information (for example, employee records) that should be protected with great care. |
| Security Solution Controls: Administrative Controls | primarily policy-centric. Examples: Routine security awareness training programs. Clearly defined security policies. Logging configuration changes. |
| Security Solution Controls: Physical Controls | help protect the data's environment and prevent potential attacks from readily having physical access to the data Examples: Security systems to monitor for intruders Physical security barriers Climate protection systems |
| Security Solution Controls: Technical Controls | variety of hardware and software technologies to protect data. Examples: Security appliances - Firewalls, IPSs, VPN termination. Authorization applications - RADIUS or TACACS+ servers, one-time passwords, biometric security scanners. |
| Describe a Passive Attack detection: | difficult to detect because the attacker isn't actively sending traffic (malicious or otherwise) Example: attacker capturing packets from the network and attempting to decrypt them (if traffic was encrypted originally). |
| Describe a Active Attack detection: | easier to detect because the attacker is actively sending traffic (malicious and otherwise) Example: might launch an active attack in an attempt to access classified information or to modify data on a system. |
| Describe a Close-in Attack detection: | Occurs when the attacker is in close physical proximity with the target system Example: an attacker can bypass password protection on some routers, switches and servers if he gains physical access to those devices |
| Describe a insider Attack detection: | Occurs when legitimate network users leverage their credentials and knowledge of the network in a malicious fashion. |
| Describe a distribution Attack detection: | Intentionally introduce back doors to hardware or software systems at the point of manufacture. Example: Huawei equipment... |
| Define the theory of Defense in Depth: | Layered approach for security that eliminates SPOF's and weak links in security strengthened. |
| Defense in Depth design: | Defend multiple attack targets in network -protect the network infrastructure -protect strategic computing resources, such as HIPS Create overlapping defenses - IDS and IPS. Protect more at the border of the network. Use Strong Encryption. |
| TCP Three-Way Handshake: | Syn Syn-Ack Ack |
| List the two types of IP spoofing: | Nonblind Blind |
| Describe Nonblind spoofing: | This occurs when attacker and the destination are on the same subnet. By being on the same subnet, the attacker might be able to use a packet-capture utility to glean sequence numbers. |
| Describe Blind Spoofing: | Occurs when attacker is not on the same subnet as the destination. Obtaining correct sequence numbers is more difficult. Using techniques such as IP source routing, an attacker can accurately determine those sequence numbers. |
| Describe Loose source routing attack: | attacker specifies a list of IP addresses through which a packet must travel. However, the packet could also travel through additional routers that interconnect IP addresses specified in the list. |
| Describe a Strict source routing attack: | IP addresses in the list specified by the attacker are the only IP addresses through which a packet is allowed to travel. |
| Confidentiality Attack Strategies for packet capture: | Promiscuous mode NIC's. Telnet and HTTP scraping. |
| Confidentiality Attack Strategies for ping sweep and port scan: | Scans ranges for alive IP's and then interrogates the IP's for live ports. Port scans often help attackers identify the OS running on the target system. |
| Confidentiality Attack Strategies for dumpster diving: | because many companies throw away confidential information without properly shredding it, some attackers might rummage through company dumpsters in hopes of discovering information that could be used to compromise network resources. |
| Confidentiality Attack Strategies for EMI interception or emanation capture: | data is often transmitted over wire (UTP wire) attackers can sometimes copy information traveling over the wire by intercepting EMI being emitted by the transmission medium. |
| Confidentiality Attack Strategies for Wiretapping: | if an attacker gains physical access to a wiring closet, they might be able to physically tap into telephone cabling to eavesdrop on telephone conversations. Might also inject a hub between target and himself. |
| Confidentiality Attack Strategies for Social engineering: | Sometimes use social techniques to obtain confidential information. |
| Confidentiality Attack Strategies for sending information over overt channels: | attacker might send or receive confidential information over a network using an overt channel. I.E. Protocol tunneling - http encapsulating IM or FTP, or steganography. |
| Confidentiality Attack Strategies for Sending information over covert channels: | attacker might send or receive confidential information over a network using a covert channel, which can communicate information as a series of codes and/or events. |
Created by:
pkillur
Popular Engineering sets