Question | Answer |
Please give example about hacker behavior | select target using IP lookup tools
map network for accessible services
identify vulnerable service
brute-force or guess password
install remote administration tools
access the other part of the network |
Please give example about insider behavior | create additional accounts for themselves and friends
access accts and applications they do not need to use for work
e-mail former and prospective employers
conduct furtive instant message chatting
visit web sites
perform large DL and file copying |
Please give example about criminal enterprise behavior | act quickly and precisely to make their activities hard to detect
exploit perimeter via vulnerable ports
leave trojan horse for re-entry
use sniffers to get password
make few or no mistakes |
Please list the four main steps in intrusion methodology | -hacker
-password
-IDS
-honeypot |
Please list the two main techniques for intrusion detection | -statistical anomaly detection- normal behavior
-rule-based detection- rule-based anomaly/penetration identification |
Please explain the main types of malware | trapdoor-secret entrypoint into prog
logic bomb-code embed in prog is activ8 under spec cond
trojan-prog with hidden sideFX
virus-software that infects progs
worm-replicat prog propagates over internet
zombie-a comprimised PC exe ma code in an attack |
Please list the main structure of virus | infection mechanism
trigger
payload |
Please explain what is DDOS attack | Distributed Denial of Service- using "zombie" computers to flood network with useless traffic to overload a server or service down |
What is the main generation of firewall | -packet filter firewall
-stateful packet firewall
-application level firewall
-circuit level firewall |
Please list the main firewall based on the location | -bastion host
-DMZ dual
-host based firewall
-personal firewall |