Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Security

Midterm

QuestionAnswer
CIA: C=? Confidentiality
CIA: I=? Integrity
CIA: A=? Availability
Internal or External Threats pose a greater risk of a technical attack? External more likely technical attack, internal threat already have access.
5 Levels of Data Classification Unclassified, Sensitive, Confidential, Secret, Top Secret
4 Factors for Data Classification Value, Age, Useful Life, Personal association.
3 Roles for Data Classification Owner, Custodian, User
3 Types of Security Controls Administrative (policy + procedure), Technical, Physical
3 Categories of Security Controls (The purpose they serve) Preventative (eg: Lock), Deterrent (eg: video surveillance), Detective (eg: motion sensor)
Definition: A weakness in a system or its design that can be exploited. Vulnerability
Definition: Someone or something that is a danger to a system. Threat
Definition: The likelihood that a particular threat using a specific attack will exploit a particular vulnerability of a system that results in an undesirable consequence, Risk
Definition: To take advantage of a vulnerability. Could be software or social. Exploit
Definition: Individuals who break into computer networks and systems to learn more about them Hackers
Definition: Individuals who break into computer networks and systems to steal or cause damages. Crackers
Definition: Individuals who compromise telephone systems. Phreakers
6 Step Process of Attacks Reconnaissance, Exploit (people & software), Escalate Privileges, Download (passwords & data), Backdoor, Leverage
Definition: Philosophy that provides layered security to a system by using multiple security mechanisms Defence in Depth
What is IP Spoofing? Changing the source IP address of packets to appear as if they are coming from a trusted source. Also used to hide real address while performing attacks.
Difference between Blind and Nonblind spoofing? Nonblind attacker is on same subnet as victim and can sniff SEQ and ACK numbers. Blind is not on subnet and SEQ and ACK numbers are unreachable.
What is Source Routing? Sending a full routing path with a packet, useful with IP spoofing but commonly discarded now.
Definition: Hacker monitors the traffic and introduces himself as a stealth intermediary between the sender and the receiver. Man in the Middle Attack
Definition: Attack where an attacker obtains access to read-sensitive data. Confidentiality Attack
What are some types of confidentiality attacks? Packet sniffing, port scanning, dumpster diving, emanations capturing, wiretapping, social engineering
Attack Type: attempting to acquire sensitive information by masquerading as a trustworthy entity. Often done through email or instant messaging. Phishing
Attack Type: Redirecting traffic of a website to another website either by exploiting hosts file or DNS system. Pharming
Attack Type: series of minor data security attacks that together result in a larger attack Salami Attacks
Attack Type: changing data before or during input into a computer. Data Diddling
Attack Type: Individual taking advantage of a trust relationship within a network. Trust Exploits
Attack Type: Any attack that attempts to identify a user account, password, or both. Password Attacks, often uses brute force attack method
Attack Type: Exploitation of a valid computer sessions to gain unauthorized access to information or services Session Hijacking
Attack Type: Attacker attempts to change sensitive data without proper authorization. Integrity Attacks
Attack Type: Attack which causes a denial of service of a host, network, or application. Availability Attacks
Difference between a Botnet and a DDoS? Botnet = infected collection of computers controlled by a cracker. DDoS = Using many machines to attack availability, often using a Botnet.
How does TCP SYN Flood attack work? Flood SYN segments to target but never complete handshake using up all available connection slots.
How does ICMP Flood attack work? Sending spoofed IP ICMP request to a broadcast address, causing an amplifying effect.
5 Phases of System Design Life Cycle? Initiation, Acquisition and Development, Implementation, Operations and maintenance, Disposition
System Design Life Cycle: Which phase includes: preliminary risk assessment and security categorization? Initiation Phase
System Design Life Cycle: Which phase includes: Risk assessment, security requirements/planning, cost considerations Acquisition and Development Phase
System Design Life Cycle: Which phase includes: inspection & acceptance, system integration, security certification/accreditation Implementation Phase
System Design Life Cycle: Which phase includes: Configuration management and control, continuous monitoring Operations and Maintenance Phase
System Design Life Cycle: Which phase includes: Information preservation, media sanitization, hardware & software disposal Disposition Phase
Principles of Operations Security: Principle Definition: No single individual should have control over two or more phases of transaction or operation Separation of Duties
What is the difference between 2-man control principle and dual-operator principle? 2-man control has two individuals review and approve work of the other, dual-operator actually requires 2 individuals to do the work.
Principles of Operations Security: Principle Definition: Having a group of individuals alternating through various roles during course of a week. Rotation of Duties
Principles of Operations Security: Principle Definition: Expect system and individual failure and prepare for this failure. Trusted Recovery
Principles of Operations Security: Principle Definition: Use standardized methods and procedure to efficiently handle all changes. Change and Configuration Control
5 Steps of Change and Configuration Control Apply to intro change, Catalogue, Schedule, Implement, Report
3 Reasons for having Security Policy 1-Inform: users, staff, managers. 2-Specify mechanisms for security. 3-Provide a baseline.
Who is the intended audience for a Governing policy? Managers and Technical Custodians
Standard vs Guideline vs Procedure Standard = Consistency, Guideline = more loose, Procedure = detailed
Quantitative vs Qualitative Risk Analysis Quantitative = maths and numbers, Qualitative = scenario models useful for very large entities too difficult to get hard numbers.
SLE = AV * EF ; What is SLE? Single Loss Expectancy, in $
SLE = AV * EF ; What is AV? Asset Value, how much is it worth in $, not easy to calculate might have to consider many costs
SLE = AV * EF ; What is EF? Exposure Factor, in %, degree of destruction that will occur, ie: flood causing 60% destruction
ALE = SLE * ARO ; What is ARO? Annualized Rate of Occurrence, frequency of an event per year. Eg: 20x per work day, 250x work days a year = 5000 times a year
ALE = SLE * ARO ; What is ALE? Annualized Loss Expectancy, Cost analysis of a Single Loss Event with expected annualized rate, used for risk analysis (what action should be taken)
4 Ways of dealing with risk Ignore, Accept (but take no action), Reduce, Transfer
Definition: adding additional security investments yields lower risk reduction than the previous investment. Diminishing Returns
Definition: Regardless of how many resources dedicated toward mitigating risk, it can never get reduced to zero. Residual Risk
Definition: Philosophy where each subject, user, etc. should have only the minimum necessary privileges to perform their tasks. Concept of Least Privilege
Definition: Complexity makes it hard to predict how parts of a system will interact, making it difficult to analyse for security. Concept of Simplicity
What type of vulnerability testing tool is: Wireshark Packet Analyzer
What type of vulnerability testing tool is: nmap Network Scanner
What type of vulnerability testing tool is: nessus Vulnerability Scanner
What type of vulnerability testing tool is: John the Ripper Password Cracker
What type of vulnerability testing tool is: Metasploit Penetration Testing
What type of vulnerability testing tool is: Maltego Data Mining
What type of vulnerability testing tool is: Network Stumbler War Driving
Process of Risk Analysis Step 1: System Characterization
Process of Risk Analysis Step 2: Threat Identification
Process of Risk Analysis Step 3: Vulnerability Identification
Process of Risk Analysis Step 4: Control Analysis
Process of Risk Analysis Step 5: Likelihood Determination
Process of Risk Analysis Step 6: Impact Analysis
Process of Risk Analysis Step 7: Risk Determination
Process of Risk Analysis Step 8: Control Recommendations
Process of Risk Analysis Step 9: Results Documentation
Reducing Risk: using firewalls, encryption, authentication, etc. Hardening
Reducing Risk: using policies, standards, guidelines, and procedures Assurance
Reducing Risk: finding intrusion attempts and terminating them Detection
Reducing Risk: bringing system back to an operational state Recovery
What is Malware? any software that gives partial to full control of your computer to do whatever the malware creator wants. Malware can be a virus, worm, trojan, adware, spyware, root kit, etc
Malware: Virus vs Worm? Virus is attached to a program or file (executable), worm requires no human action to spread.
Malware: Virus vs Trojan? Virus will self-replicate to spread, Trojan masquerades as useful software to spread (does not infect other files or self-replicate)
Malware: Virus vs Rootkit? Rootkit gains root privilege on infected machine, making it much harder to remove.
5 Phases (5P) of Malware: Probe, Penetrate, Persist, Propagate, Paralyze
How did the SQL Slammer worm work? Exploited buffer overflow bug in Microsoft SQL servers that were not updated.
4 Phases of worm mitigation: Containment, Inoculation, Quarantine, Treatment
Infection Phase: slow down or stop virus, try to prevent spread. Use ACLs & Firewalls. Containment Phase
Infection Phase: Patch uninfected systems for vulnerability, removing them as targets. Inoculation Phase
Infection Phase: Identify infected machines and disconnect, block, or remove them. Quarantine Phase
Infection Phase: Disinfect infected systems, or reinstall system in extreme cases. Treatment Phase
Attack Type: consists of ping sweeps, port scans, packet sniffers, internet information queries Reconnaissance
Attack Type: attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information Access Attacks
Attack Type: Attempt to compromise the availability. Require little effort to execute and difficult to eliminate. Denial of Service Attack (DoS)
Incident Handling Step 1: Preparation: plan a lot
Incident Handling Step 2: Identification: event or incident?
Incident Handling Step 3: Containment: gather evidence
Incident Handling Step 4: Eradication: remove root cause of incident
Incident Handling Step 5: Recovery: restore, validate, monitor
Incident Handling Step 6: Documentation: write many things
Common Attacks Experienced? Malware (67%), Phishing (39%), Mobile Hardware theft (34%)
Where do most attacks originate from (country)? Russian Federation (32%)
What motivates attackers? Profit, Fame, Ideological, Anger, Challenge
What is most used technologies for security defense? Anti-virus (97%), Firewalls (94%), VPN (85%)
Created by: Datheral