CYSE TEST COMPILATIONS BUNDLE $42.95 Add To Cart
10 Items
Confidentiality Unauthorized users cannot access sensitive information. Integrity Information is complete and corrupted. Availability Auth... [Show More] orized users can get to the information or resources. Vulnerability A flaw, weakness, or hole in a system or component. Examples of Vulnerabilities. *Software buffer overflow *System: weak or no password *Comm: no authentication or encryption. Threat Something that exploits a vulnerability to affect C,I, A. Examples of Threats People: Hackers, actors, terrorist. Code: worm, virus, phish nature: flood, wind, solar, storm. Risk. Vulnerabilities + Threats. Countermeasures. Tools and techniques we use to reduce risk. Examples of countermeasures. Protect (block, prevent) Detect React Offensively our adversaries are in a similar position so we aim to disrupt their mission capabilities and o collect intelligence and conduct operations via cyber means. Deception can used to defensively or offensively. Identification "Who are you?" Verification Confirming who you are Authentication. Proving who you are Authorization What you can do FAR False Acceptance rate. (False Positive.) FRR False Rejection Rate. (false negative.) rate at which we fail to authenticate legitimate users in a bio metric system. circumvention Hard to fool Types of Biometrics *Fingerprint *Hand *Face *Voice *Retina *Iris *DNA *Odor *Sweat pores *Lips Biometrics Something you are Access Control How the system enforces what you are authorized to do MAC Mandatory Access Control. DAC Discretionary Access Control Principle of Least Privilege provide the minimum privilege necessary to complete a task. Accountability What did you do Auditing Review what you did, test systems, collect information. Finding installed but unlicensed software on systems Vulnerability Assessment Scan for Vulnerabilities. Penetration Test Exploit Vulnerabilities. Crypotgraphy making codes Cryptanalysis breaking codes Encryption plain text -> Cipher text Decryption Cipher text -> Plain text Symmetric key key a = key a Asymmetric key key a = key b Scytale Cipher Transposition cipher wrap paper around staff Caesar Cipher A substitution cipher that shifts characters a certain number of positions in the alphabet Vigenere Cipher a method of encrypting text by applying a series of Caesar ciphers based on the letters of a keyword. Enigma Machine a piece of spook hardware invented by a German and used by Britain's code breakers as a way of deciphering German signals traffic during World War Two. What will happen to 4 digit pin passwords? Brute force password hackers will break into them quickly. What are Logical(technical ) controls? *Intrusion detection systems. *Encryption *Firewalls *passwords. CIA triad vs. Parkerian hexad Pakerian is more complete but is not as widely known. A physical key (like for a door lock) would be described as which type of authentication factor? Something you have Why are identity cards alone no a secure method of authentication? *Subject to change *may be duplicated *may be spoofed. Permanence How well a characteristic resist change over time Universality everybody has one uniqueness everybody's is different collectability I can easily get it Acceptability people will let me get it What is the difference between verification and authentication of an identity? verification is a weaker confirmation of identity than authentication What do we call the process in which the client authenticates to the server and the server authenticates to the client? Mutual authentication What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)? In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determines access Which type of access control would be used in the case where we wish to prevent users from logging in to their accounts after business hours? Attribute Based Access Control The Bell-LaPadula and Biba multilevel access control models each have a different primary security focus. Can these two models be used in conjunction? yes What does the Brewer and Nash model protect against? Conflict of interest The confused deputy problem can allow unauthorized privilege escalation to take place; how does this happen? software has greater privilege than the user of the software What is the difference between authorization and access control? Authorization specifies what a user can do, and access control enforces what a user can do Which should take place first, authorization or authentication? Authentication What is the difference between authentication and accountability authentication proves who you are, and accountability records what you did What impact can good accountability mechanisms have on the admissibility of evidence in court cases? maintain chain of custody What does nonrepudiation mean? sufficient evidence exists such that a user cannot deny an action What is one direct benefit of logging? provides a history of system activities Useful things to audit Physical security passwords software and licenses. When dealing with legal or regulatory issues, why do we need accountability to ensure compliance What is the difference between a block and a stream cipher? block ciphers operate on a predetermined number of bits at a time; stream ciphers operate on a single bit at a time Explain how Triple DES (3DES) differs from DES. 3DES encrypts each block 3 times using DES and a different key Kerckhoff's Principles 1. The system must be substantially, if not mathematically, undecipherable. 2. The system must not require secrecy and can be stolen by the enemy without causing trouble. 3. It must be easy to communicate and remember the keys without requiring written notes, and it must be easy to change or modify the keys with different participants. 4. The system ought to be compatible with telegraph communication. 5. The system must be portable, and its use must not require more than one person. 6. Finally, regarding the circumstances in which such system is applied, it must be easy to use and must require neither the stress of mind nor the knowledge of a long series of rules ECC Elliptic curve cryptography. An asymmetric encryption algorithm commonly used with smaller wireless devices. It uses smaller key sizes and requires less processing power than many other encryption methods Logging benefits *accountability and liability to users. *Keeps a record of user activity *detect an prevent intrusion *preparing material for legal proceedings. [Show Less]
Cybersecurity countermeasures are: the tools and techniques we use to reduce risk One vulnerability in air traffic control system case was unauthe... [Show More] nticated messages What does non-repudiation mean? suffuncent evidence exists such taht a user cannot deny an action What is the Parkerian hexad compared to the CIA triad Parkenian has 6 elements including the 3 from the CIA but is not as widely known Why does access control based on the Media Access Control (MAC) address of the systems on our networek not represent storng security MAC addresses can be easily spoofed or changed What is the difference between authentication and accountability Authentication proves who you are and accountability records what you did In the Maroochy Shire case, the actual threat was: A disgruntled former employee What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC) In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determine access In the Yahoo breach, attackers stole: User information The Dark Overlord case discussed by our guest speaker involved: physical threats and a financial demand What is the difference between vulnerability assessment and penetration testing? Penetration testing is more in depth than vulnerability assessment A simple vulnerability assessment probe: exhaustively exploits all possible vulnerabilites What was stolen in the OPM breach? Fingerprint, personal information, security clearance application data The cuckoo's egg story had to do with A cyber attack If a Unix file has permissions 654 who can read and execute Group Computer log entries: May contain user and remote system information the file /etc/shadow on a Unix system contains user names and hashed passwords What do we call the rate at which we fail to authenticate legitimate users in a biometric system? False Rejection Rate (FRR) The traceroute command tells you: The network path between two systems What is the key point of Kerckhoffs second principle (i.e., the one principle most applicable to modern cryptographic algorithms)? it is OK if the enemy knows the cryptographic system The Mirai bot net case: Used IoT devices for DDoS attack What is the difference between authorization and access control Authorization specifies what a user can do, and access control enforces what a user can do The primary vulnerability in the Lodz tram hack was: Unauthenticated infrared signals How many possible passwords can be formed using lower case letters (a-z) and numbers (0-9) if a length of 8 is used (^ is the exponent operator) 36^8 Salting a password Makes it harder to guess by brute force What does the concept of defense in depth mean? Protect your data and systems with tools and techniques from different layers What do we call the process in which the client authenticated top the server and the server authenticates to the client Mutual authentication What type of cipher is a Caesar cipher Subsitution In the fake finger video from class what was the printed circuit board used for? To etch the finger print One counter measure for the Polycom HDX case was: Check and control network traffic What is the difference between verification and authentication of an identity? verification is a weaker confirmation of identity then authentication What are the main difference between symmetric and asymmetric key cryptography? Symmetric key cryptography uses a single key for encryption and decryption; asymmetric key cryptography uses two keys, one for encryption and one for decryption How do we know at what point we can consider our environment to be secure? Never; perfect security does not exist What tool mentioned in the text might we use to scan for devices on a network, to include fingerprinting the operating system and detecting versions of services on open ports? nmap What is the primary purpose of a network firewall? control the traffic allowed in and out of a network Why does network segmentation generally improve security? malicious traffic cannot freely traverse the internal network What is the difference between a stateful packet filtering firewall and a basic packet filtering firewall? A stateful packet filtering firewall tracks sessions between systems What is the primary purpose of a Network Intrusion Detection System? detect possible attack traffic Wht reasons are thjere to use a honeypot? attract the attention of attackers in order to study them and their tools, detect, monitor, and sometimes tamper with the activities of an attacker, alert us to an attacker's presence For what might we use the tool Kismet? to detect wireless devices Which of the following is not a protocol for wireless encryption? kismet WPA2 WPA WEP kismet What is the purpose of a network DMZ? Provide external access to systems that need to be exposed to external networks such as the Internet in order to function What is a key difference between signature and anomaly detection in IDSs? Signature detection uses fingerprints or distinct patterns of attacks to detect intrusions; anomaly detection uses deviation from baseline activity to detect instructions How does the principle of least privilege apply to operating system hardening? prevents attack actions that require administrator or root privilege What is a cyber attack surface? the total of the number of available avenues through which our system might be attacked Which of the following is not part of operating system hardening? Making alterations to common accounts Making use of logging and auditing functions Applying the principle of least privilege Applying software updates in a timely manner Changing the main network firewall ruleset Removing or turning off unessential services Removing unnecessary software Changing the main network firewall ruleset Why might we want a (software) firewall (FW) on our host if one already exists on the network? host FWs know more about the local system What does executable space protection do for us and how? prevents buffer overflow attacks from working by blocking code execution on the memory stack Are nmap results always accurate, or is it sometimes necessary to verify nmap output with another tool? you should verify nmap results with another tool or data source What does applying a vendor OS update (patch) usually do? fixes vulnerabilities in the OS code Exploit frameworks make it... easier for amateurs to launch cyber attacks If an antivirus tool is looking for specific bytes in a file (e.g., hex 50 72 6F etc.) to label it malicious, what type of AV detection is this? signature What is the difference between a port scanner and a vulnerability assessment tool? port scanners discover listening ports; vulnerability assessment tools report known vulnerabilities on listening ports Name the two main categories of Web security. Client-side attacks and server-side attacks How does an XSRF attack works? a link or script on one web page is executed in the context of another open web page or web application What does the tool Nikto do? Scans a web server for common vulnerabilities Which of the following is an example of a race condition? Two bank transactions (withdrawals) run concurrently and the balances are not properly accumulated (recorded) Does an SQL injection attack compromise content in the database or content in the Web application? database How can we prevent buffer overflows in our applications? implement proper bounds checking Why is it important from a security perspective to remove extraneous files from a Web server? They may provide information or vulnerabilities useful to an attacker Why is input validation important from a security perspective? to prevent certain types of attacks What does a fuzzing tool do? Provide multiple data and inputs to discover vulnerabilities How might we use a sniffer to increase the security of our applications? to watch the network traffic being exchanged with a particular application or protocol Does an organization's location or the national origin or location of data they are transmitting or storing affect the organization's use of encryption or how they treat employee information? yes Which of the following is not a provision of the Federal Privacy Act of 1974? it places restrictions on how agencies can share an individual s data with other people and agencies it requires agencies to follow certain principles, called fair information practices, when gathering and handling personal data it lets individuals sue the government for violating its provisions it requires government agencies to show an individual any records kept on him or her it provides individuals the "right to be removed from the Internet" it provides individuals the "right to be removed from the Internet" At a high level, what does the Federal Privacy Act of 1974 do? Safeguards privacy through creating four rights in personal data What does California's SB 1386 deal with? handling unauthorized exposure of data relating to California residents What did the PCI DSS establish? security standards as a condition of processing credit card transactions What does the European Union s (EU) Data Protection Directive (Directive 95/46/EC) deal with? PII According to the text, which of the following is not a security professional's obligation relating to information protection and unauthorized disclosure? release test data to see where it shows up prevent information from unauthorized release be able to catalog and categorize what information was taken if there is a leak release test data to see where it shows up What does PII stand for? Personally Identifiable Information Why might extradition be a delicate issue when prosecuting computer crimes? lack of a consistent set of laws regarding extradition [Show Less]
In a data breach (such as the OPM case) which security characteristic of data has been violated? Confidentiality Which of the following about vulne... [Show More] rabilities and threats is not true? A vulnerability or a threat, but not both, are required to create risk Considering the CIA triad and the Parkerian hexad, which of the following is true? Parkerian is more complete but not as widely known Which of the following is not true about complex and automatically generated passwords that are unique to each system and are a minimum of 30 characters in length, such as !Hs4(j0qO$&zn1%2SK38cn^!Ks620! ? Brute force password crackers will break them as quickly as a 4-digit PIN Which of the following would not be part of a solution in the Polycom case study Off site backups Which of the following is true regarding the history of cybersecurity as presented in class and the associated document? Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses What does the concept of defense in depth mean? Protect your data and systems with tools and techniques from different layers The primary vulnerability in the Lodz Tram Hack case study was: Lack of authentication Which of the following would not be considered a logical (technical) control? fences How do we know at what point we can consider our environment to be secure? Never; perfect security does not exist If we are using an identity card such as a driver's license as the basis for our authentication scheme, which of the following additions would not represent multifactor authentication? A birth certificate What do we call the rate at which we fail to authenticate legitimate users in a biometric system? False Rejection Rate (FRR) What do we call the process in which the client authenticates to the server and the server authenticates to the client? Mutual authentication Which of the following is not true? Voice authentication requires speech to text capability A physical key (like for a door lock) would be described as which type of authentication factor? something you have What biometric factor describes how well a characteristic resists change over time? permanence If we are using an 4-character password that contains only lowercase English alphabetic characters (26 different characters), how many more possible passwords are there if we use a 5-character password (still only lowercase English alphabetic characters? 11,424,400 more possibilities In the fake finger video from class, what was the printed circuit board used for? to etch the fingerprint What is the difference between verification and authentication of an identity? Which of the following is not a reason why an identity card alone might not make an ideal method of authentication? Given a file containing sensitive data and residing in a Linux operating system with some users who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a potential security issue? What is the difference between authorization and access control Authorization specifies what a user can do, and access control enforces what a user can do Why does access control based on the Media Access Control (MAC) address of the systems on our network not represent strong security? MAC addresses can be easily spoofed or changed The Bell-LaPadula and Biba multilevel access control models each have a different primary security focus. Can these two models be used in conjunction? Yes What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)? In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determines access Which should take place first, authorization or authentication? Authentication Which type of access control would be used in the case where we wish to prevent users from logging in to their accounts after business hours? Attribute Based Access Control The confused deputy problem can allow unauthorized privilege escalation to take place; how does this happen? software has greater privilege than the user of the software What does the Brewer and Nash model protect against? Conflict of interest What is the "principal of least privilege"? Users are only provided the level of access needed for the task Which if the following is not a reason that accountability is important for security? prevents weak passwords When dealing with legal or regulatory issues, why do we need accountability? to ensure compliance Which of the following is probably not a useful item to audit for cyber security purposes? typing speed and accuracy Finding installed but unlicensed software on systems is primarily a function of: auditing What does nonrepudiation mean? sufficient evidence exists such that a user cannot deny an action What is one direct benefit of logging? provides a history of system activities What impact can good accountability mechanisms have on the admissibility of evidence in court cases? maintain chain of custody Which of the following is not true about logging user and program actions on a computer? What is the difference between vulnerability assessment and penetration testing? penetration testing is more in depth than vulnerability assessment What is the difference between authentication and accountability? authentication proves who you are, and accountability records what you did What type of cipher is a Caesar cipher? substitution Explain how Triple DES (3DES) differs from DES. 3DES encrypts each block 3 times using DES and a different key Would weak physical security make cryptographic security of data more or less important? more [Show Less]
Waht is the difference between authorization and access control? Authorization specifies what a user can do, and access control enforces what a user can d... [Show More] o Which should take place first, authorization or authentication? Authentication The Bell-LaPadula and Biba multilevel access control models each have a different primary security focus. Can these two models be used in conjunction? yes What does the Brewer and Nash model protect against? Conflict of interest What is the "principal of least privilege"? Users are only provided the level of access needed for the task Given a file containing sensitive data and residing in a Linux operating system with some users who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a potential security issue? yes, because other users can read and modify the file What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)? In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determines access Why does access control based on the Media Access Control (MAC) address of the systems on our network not represent strong security? MAC addresses can be easily spoofed or changed Which type of access control would be used in the case where we wish to prevent users from logging in to their accounts after business hours? Attribute Based Access Control The confused deputy problem can allow unauthorized privilege escalation to take place; how does this happen? software has greater privilege than the user of the software [Show Less]
What is the difference between authentication and accountability? authentication proves who you are, and accountability records what you did What d... [Show More] oes nonrepudiation mean? sufficient evidence exists such that a user cannot deny an action What impact can good accountability mechanisms have on the admissibility of evidence in court cases? maintain chain of custody When dealing with legal or regulatory issues, why do we need accountability? to ensure compliance Finding installed but unlicensed software on systems is primarily a function of: auditing What is the difference between vulnerability assessment and penetration testing? ??? Which of the following is not true about logging user and program actions on a computer? every action on a system is recorded in the kernel log Which of the following is probably not a useful item to audit for cyber security purposes? typing speed and accuracy What is one direct benefit of logging? provides a history of system activities Which if the following is not a reason that accountability is important for security? prevents weak passwords [Show Less]
Why does network segmentation generally improve security? network segmentation does not generally improve security different people are in charge of ... [Show More] different networks traffic on each isoalted segment is faster malicious traffic cannot freely traverse the internal network malicious traffic cannot freely traverse the internal network For what might we use the tool Kismet? to block network traffic to patch computers to detect wired devices to detect wireless devices to detect wireless devices What is the primary purpose of a network firewall? control the traffic allowed in and out of a network allow connections to any internal system IP address allow connections to any internal system port number encrypt network traffic control the traffic allowed in and out of a network Which of the following is not a reason to use a honeypot? attract the attention of attackers in order to study them and their tools release classified or PII data alert us to an attacker's presence detect, monitor, and sometimes tamper with the activities of an attacker release classified or PII data What is a key difference between signature and anomaly detection in IDSs? Anomaly detection uses code genealogy (derived code) to detect instructions; signature detection uses fingerprints or distinct patterns of attacks to detect intrusions Anomaly detection uses fingerprints or distinct patterns of attacks to detect intrusions; signature detection uses deviation from baseline activity to detect instructions Signature detection uses fingerprints or distinct patterns of attacks to detect intrusions; anomaly detection uses deviation from baseline activity to detect instructions Signature detection uses software behaviors to detect intrusions; anomaly detection uses deviation from baseline activity to detect instructions Signature detection uses fingerprints or distinct patterns of attacks to detect intrusions; anomaly detection uses deviation from baseline activity to detect instructions What is the difference between a stateful packet filtering firewall and a basic packet filtering firewall? A basic packet filtering firewall tracks sessions between systems A stateful packet filtering firewall does not track sessions between systems A stateful packet filtering firewall tracks sessions between systems A basic packet filtering firewall inspects all bytes in every packet A stateful packet filtering firewall tracks sessions between systems What is the primary purpose of a Network Intrusion Detection System? detect possible attack traffic attack (hack back) against the source of malicious traffic encrypt network traffic block malicious network traffic detect possible attack traffic What is the purpose of a network DMZ? Isolate systems so that they cannot be reached from external networks such as the Internet Encrypt the traffic to and from sensitive systems Provide external access to systems that need to be exposed to external networks such as the Internet in order to function Encrypt the hard drives of sensitive systems Provide external access to systems that need to be exposed to external networks such as the Internet in order to function What tool mentioned in the text might we use to scan for devices on a network, to include fingerprinting the operating system and detecting versions of services on open ports? wireshark honeypots nmap WPA2 nmap Which of the following is not a protocol for wireless encryption? WPA2 WPA WEP kismet kismet Are nmap results always accurate, or is it sometimes necessary to verify nmap output with another tool? you do not need to verify nmap results with another tool or data source you should verify nmap results with another tool or data source you should verify nmap results with another tool or data source What does applying a vendor OS update (patch) usually do? detects a vulnerability in the OS code fixes vulnerabilities in the OS code creates vulnerabilities in the OS code exploits a vulnerability in the OS code fixes vulnerabilities in the OS code Why might we want a (software) firewall (FW) on our host if one already exists on the network? host FWs see more network-wide traffic than network FWs host FWs know more about the local system host FWs provide no advantage over network FWs host FWs know less about the local system host FWs know more about the local system Which of the following is not part of operating system hardening? Changing the main network firewall ruleset Removing unnecessary software Making use of logging and auditing functions Applying the principle of least privilege Removing or turning off unessential services Applying software updates in a timely manner Making alterations to common accounts Changing the main network firewall ruleset What is the difference between a port scanner and a vulnerability assessment tool? port scanners close listening ports; vulnerability assessment tools open listening ports vulnerability assessment tools close listening ports; port scanners open listening ports port scanners discover listening ports; vulnerability assessment tools report known vulnerabilities on listening ports vulnerability assessment tools discover listening ports; port scanners report known vulnerabilities on listening ports port scanners discover listening ports; vulnerability assessment tools report known vulnerabilities on listening ports Exploit frameworks make it... harder to recognize possible attacks on the network easier for amateurs to launch cyber attacks harder to amateurs to launch cyber attacks easier for amateurs to launch cyber attacks How does the principle of least privilege apply to operating system hardening? prevents attack actions that require administrator or root privilege prevents attacks by blocking code execution on the memory stack prevents attacks by blocking known malicious code from executing allows attack actions that require administrator or root privilege prevents attack actions that require administrator or root privilege What does executable space protection do for us and how? prevents virus attacks from working by detecting specific byte strings in the code prevents virus attacks from working by preventing an application from running prevents buffer overflow attacks from working by allowing code execution on the memory stack prevents buffer overflow attacks from working by blocking code execution on the memory stack prevents buffer overflow attacks from working by blocking code execution on the memory stack What is a cyber attack surface? the number of vulnerabilities in the network area of security the size of the facility housing our critical systems the number of vulnerabilities in the human area of security the total of the number of available avenues through which our system might be attacked the total of the number of available avenues through which our system might be attacked If an antivirus tool is looking for specific bytes in a file (e.g., hex 50 72 6F etc.) to label it malicious, what type of AV detection is this? reputation signature behavior zero-day signature How does an XSRF attack works? a buffer overflow on one site is executed by a remote user on a another site a link or script on one web page is executed in the context of that same web page a user's credentials compromised in one attack are used to log in to another target a link or script on one web page is executed in the context of another open web page or web application a link or script on one web page is executed in the context of another open web page or web application What does a fuzzing tool do? Decrypts poorly encrypted content Provide multiple data and inputs to discover vulnerabilities Decrypts strongly encrypted content Guesses a password to gain system access Provide multiple data and inputs to discover vulnerabilities Why is input validation important from a security perspective? to catch brute force attacks to ensure bank balances are correct to authenticate users to prevent certain types of attacks to prevent certain types of attacks What does the tool Nikto do? Guesses a password to gain system access Decrypts strongly encrypted content Decrypts poorly encrypted content Scans a web server for common vulnerabilities Scans a web server for common vulnerabilities How might we use a sniffer to increase the security of our applications? to speed up network traffic to slow down network traffic to read (decrypt) encrypted traffic to watch the network traffic being exchanged with a particular application or protocol to watch the network traffic being exchanged with a particular application or protocol Name the two main categories of Web security. Race conditions and input validation Buffer overflows and SQL injection Client-side attacks and server-side attacks Denial of Service (DoS) and Distributed Denial of Service (DDoS) Client-side attacks and server-side attacks How can we prevent buffer overflows in our applications? only run programs on Linux use strong passwords implement proper bounds checking add network capacity implement proper bounds checking Which of the following is an example of a race condition? An attacker sends high volumes of network traffic to overwhelm a target A malicious user leaves a trojan horse program for a later user to execute Two bank transactions (withdrawals) run sequentially and the balances are not properly accumulated (recorded) Two bank transactions (withdrawals) run concurrently and the balances are not properly accumulated (recorded) Two bank transactions (withdrawals) run concurrently and the balances are not properly accumulated (recorded) Does an SQL injection attack compromise content in the database or content in the Web application? database neither web application both database [Show Less]
How might we use a sniffer to increase the security of our applications? to watch the network traffic being exchanged with a particular application or pro... [Show More] tocol Does an SQL injection attack compromise content in the database or content in the Web application? database What does the tool Nikto do? Scans a web server for common vulnerabilities What does a fuzzing tool do? Provide multiple data and inputs to discover vulnerabilities How can we prevent buffer overflows in our applications? implement proper bounds checking Name the two main categories of Web security. Client-side attacks and server-side attacks Why is it important from a security perspective to remove extraneous files from a Web server? They may provide information or vulnerabilities useful to an attacker Why is input validation important from a security perspective? to prevent certain types of attacks How does an XSRF attack works? a link or script on one web page is executed in the context of another open web page or web application Which of the following is an example of a race condition? Two bank transactions (withdrawals) run concurrently and the balances are not properly accumulated (recorded) [Show Less]
NIST Incident Response Life Cycle PREPARATION DETECTION AND ANALYSIS CONTAINMENT, ERADICATION, and RECOVERY POST-INCIDENT ACTIVITY PREPARATION ... [Show More] involves establishing and training an incident response team, and acquiring the necessary tools and resources. During preparation, the organization also attempts to limit the number of incidents that will occur by selecting and implementing a set of controls based on the results of risk assessments. DETECTION AND ANALYSIS Detection of security breaches is necessary to alert the organization whenever incidents occur. CONTAINMENT, ERADICATION, and RECOVERY In keeping with the severity of the incident, the organization can mitigate the impact of the incident by containing it and ultimately recovering from it. During this phase, activity often cycles back to detection and analysis—for example, to see if additional hosts are infected by malware while eradicating a malware incident. POST-INCIDENT ACTIVITY After the incident is adequately handled, the organization issues a report that details the cause and cost of the incident and the steps the organization should take to prevent future incidents. Threat Modeling: four steps and four key questions What is being protected? Model system What can go wrong with security? Apply model of security threats to system model to identify threats What should be done about threats? Address threats .Is this model complete and correct? Check model Approaches to Identifying Threats •Informal, unstructured consideration of security issues •Brainstorming or unstructured discussions of security threats in response to system architecture •Structured discussions using STRIDE mnemonic (or variant) •Structured discussions using attack libraries STRIDE •SPOOFING: pretending to be something or someone else •TAMPERING: modifying something •REPUDIATION: claiming you didn't do something •INFORMATION DISCLOSURE: exposing information to people who are not authorized to see it •DENIAL OF SERVICE: attacks designed to present a system from providing service •ELEVATION OF PRIVILEGE: enabling a program, device, or user to technically do things that they are not allowed to do Secure Coding reducing the number of vulnerabilities in software to a degree that can be mitigated by operational controls (aspirational) Secure Software Development: Testing •(Automated) Static and Dynamic Code Analysis to identify security policy violations, such as not validating user input •(Manual) Peer code Reviews by developer other than the author •Testing by security team (in addition to business functional testing) •Web Application vulnerability scanning •Interception proxy software that logs and examines communications between two endpoints to check for (i) input validation, (ii)parameter validation, (iii) plaintext credentials, and (iv) session tokens that aren't pseudo-random to prevent attacker guessing •"Fuzzing" that sends large amounts of malformed and unexpected data to a program to trigger failures •Stress testing by placing extreme demands well beyond planning thresholds to determine degree of robustness (simulating Denial of Service attacks) Top Ten Secure Coding Practices 1.Validate all inputs 2.Don't ignore compiler warnings 3.Architect for security 4.Avoid unnecessary complexity 5.Deny by default 6.Use least privilege 7.Don't share data you don't have to 8.Defend in depth 9.Strive for quality 10.Use specific secure coding standards (SEI has developed standards for C, C++, Perl, Java, Android) Ways to protect IoT devices: Know the governance Private networks must establish policies on usage, data retention, surveillance, and communicate those to employees/users Awareness of known and suspected vulnerabilities Good practices on configuration, limitation of attack surfaces Research and communication to ensure continuous reevaluation of risk Penetration testing, analysis of traffic and potential mitigations Code of Practice for Consumer IoT Security: 1.No default passwords 2.Implement a vulnerability disclosure policy 3.Keep software updated 4.Securely store credentials and security-sensitive data 5.Communicate securely 6.Minimize exposed attack surfaces 7.Ensure software integrity 8.Ensure that personal data is protected 9.Make systems resilient to outages 10.Monitor system telemetry data Zero Trust Model: •Zero trust means "verify and never trust" •Inspect and log all traffic •Design from the inside out to protect most sensitive data •Design with compliance in mind for sensitive data •Embed security into network DNA by micro segmentation of network through use of security appliance gateways with access control inside the perimeter of the network Zero Trust Architecture (NIST 800-207): Network Connectivity Assumptions 1.The enterprise private network is not trustworthy 2.Devices on the network may not be owned or configurable by the enterprise 3.No device is inherently trusted 4.Not all enterprise resources are on enterprise-owned infrastructure 5.Remote enterprise users cannot trust the local network connection Zero Trust Architecture (NIST 800-207)Network Requirements ●Enterprise systems must have basic network connectivity ●The enterprise must be able to determine which devices/systems are owned or managed by the enterprise and which are not ●The enterprise must be able to capture all network traffic ●Enterprise resources should not be discoverable without accessing a PEP (Policy Enforcement Point) ●The data plane must be logically separate from the control plane ●Enterprise systems must be able to reach the PEP component ●The PEP must be the only component able to reach the Policy Administrator and the Policy Engine ●Remote enterprise systems must be able to access enterprise resources without needing to traverse through the enterprise infrastructure ●Enterprise systems must not be able to reach certain PEPs due to observable factors. For example, mobile systems must not be able to reach certain resources unless using enterprise infrastructure. Observable factors controlling access include location (geolocation or network location) and device type. User Education ●Human element is a very weak security link ●Importance of having easy and friendly process for folks to report suspicious emails User Education: Security Awareness Programs •Mandatory annual training (often computer-based training) •Live-fire phishing campaign User Education: Using Strong Passwords oEarly attempts to get users to use strong passwords: --Assumption was that people didn't know the importance of using strong passwords --Perceived solution: tell people what a strong password was and the importance of using them, people would use them voluntarily --But people didn't use strong passwords even after being educated oNext attempt: force people to use a strong password but people wrote them down Security Through Obscurity ●Hiding assets, services, or procedures in non-standard ways ●May be an added measure ●Examples: oSet up services on non-standard ports oRename local administrator account oReconfigure service banners not to report the server operating system type and version oWhat else? Cyber Incident Risk Transfer ●Risk transfer: insurance to cover cyber incidents ●Early cyber policies were (i) highly customized and negotiated policies or (ii) cheap, limited add-ons to other policies ●Today: mainstream policies offered by major insurance companies including (AIG, Nationwide, Zurich, among others) Cyber Insurance Potential Coverage •Cyber insurance can cover direct costs of a cyber incident (but policies vary) •Network security costs (legal expenses, IT forensics, negotiation and payment of ransom, breach notifications to customers, data restoration, public relations expertise •Network business interruptions (from attack, failed software patch, human error) •"Errors and omissions" coverage for inability to deliver on contracts for products and services •Reputational harm (profit impact due to brand damage) Bricking (covers replacement of equipment rendered useless) In light of requirements and current design, what are the key "assets" to protect of an ICS? -If PLC attack directly and can modify firmware of PLC and can blow up the PLC the attack -Insider threat Solutions that mitigate these highest risks of an ICS? -Encrypt data -IDS -Firewall -Anitvirus on workstation -Monitor control down in the sensor and make sure the data matches the historian -2 factor authentication CBP Data Breach (2019) •CBP (US Customs and Border Protection) maintains databases of license plate images, travelers' ID photos, etc. •A subcontractor transferred copies of the data from CBP to external systems; those external systems were subsequently compromised and the data copied. •Press release inadvertently (?) identified Perceptics as the subcontractor (provider of license plate readers). •According to CBP, fewer than 100,000 people were impacted. CBP press release says no data on Internet or dark web, but media reports finding such data on the dark web (along with financial and location information). Polish Airline LOT Attack (2015) •Flight plans must be sent to aircraft before takeoff. •Flight plans contain data such as route, weather, etc. •DDoS attack over five hours prevented flight plan transmission. •Cancelled 10 flights and delayed 15. Petro Rabigh (2017) •Saudi Arabian integrated chemical and refining complex. •June 2017 : "Schneider Electric product specialists were called in to assess an apparently malfunctioning Triconex unit. The safety device had tripped part of Petro Rabigh offline, but it wasn't clear why. Everything seemed to be working normally." •Safety devices are designed to act if dangerous circumstances are detected; they serve as a backup to control systems. •August 2017: another outage, this time malware (Triton) is found. •IT infection apparently enabled by a poorly configured firewall; then pivot to OT. •Got to safety devices via Windows workstations. •Malware includes memory manipulation capability on Triconex units. •Plant down for more than one week. •Response included password changes and 2FA. •Attackers changed account phone numbers to intercept 2FA login codes. Norsk Hydro (2019) •Aluminum production operations are primarily computer controlled but have manual backup; some parts of the operation need to be kept running 24x7 (can't turn furnace off with hot metal inside). •Expensive emergency shutdown due to cyber attack has happened: German steel mill in 2014. •Ransomware blocked access to computer control systems. •Some production was stopped, some switched to manual control. •Affected plants were isolated. •Some operations down or reduced for weeks. •Ransomware was LockerGaga: •Manual targeting (not a worm). •Really destroyware (no way to decrypt files). •Attackers leveraged the single central Active Directory domain to infect multiple workstations simultaneously. •OT (ICS) not on AD; MS Office servers in the cloud (and unaffected). Please match Kohnfelder and Garg's threat names to corresponding definition Spoofing of user identity A. Making the system temporarily unavailable or unusable, such as those attacks that could force a reboot or restart of the user's machine B. An untrusted user performing an illegal operation without the ability to be traced C. Compromising the user's private or business-critical information D. Modifying system or user data with or without detection E. Breaching the user's authentication information F. An unprivileged user gains privileged access and thereby has sufficient access to completely compromise or destroy the entire system E. Breaching the user's authentication information Please match Kohnfelder and Garg's threat names to corresponding definition Tampering with data A. Making the system temporarily unavailable or unusable, such as those attacks that could force a reboot or restart of the user's machine B. An untrusted user performing an illegal operation without the ability to be traced C. Compromising the user's private or business-critical information D. Modifying system or user data with or without detection E. Breaching the user's authentication information F. An unprivileged user gains privileged access and thereby has sufficient access to completely compromise or destroy the entire system D. Modifying system or user data with or without detection Please match Kohnfelder and Garg's threat names to corresponding definition Repudiability A. Making the system temporarily unavailable or unusable, such as those attacks that could force a reboot or restart of the user's machine B. An untrusted user performing an illegal operation without the ability to be traced C. Compromising the user's private or business-critical information D. Modifying system or user data with or without detection E. Breaching the user's authentication information F. An unprivileged user gains privileged access and thereby has sufficient access to completely compromise or destroy the entire system B. An untrusted user performing an illegal operation without the ability to be traced Please match Kohnfelder and Garg's threat names to corresponding definition Information disclosure A. Making the system temporarily unavailable or unusable, such as those attacks that could force a reboot or restart of the user's machine B. An untrusted user performing an illegal operation without the ability to be traced C. Compromising the user's private or business-critical information D. Modifying system or user data with or without detection E. Breaching the user's authentication information F. An unprivileged user gains privileged access and thereby has sufficient access to completely compromise or destroy the entire system C. Compromising the user's private or business-critical information Please match Kohnfelder and Garg's threat names to corresponding definition Denial of Service A. Making the system temporarily unavailable or unusable, such as those attacks that could force a reboot or restart of the user's machine B. An untrusted user performing an illegal operation without the ability to be traced C. Compromising the user's private or business-critical information D. Modifying system or user data with or without detection E. Breaching the user's authentication information F. An unprivileged user gains privileged access and thereby has sufficient access to completely compromise or destroy the entire system A. Making the system temporarily unavailable or unusable, such as those attacks that could force a reboot or restart of the user's machine Please match Kohnfelder and Garg's threat names to corresponding definition Elevation of privilege A. Making the system temporarily unavailable or unusable, such as those attacks that could force a reboot or restart of the user's machine B. An untrusted user performing an illegal operation without the ability to be traced C. Compromising the user's private or business-critical information D. Modifying system or user data with or without detection E. Breaching the user's authentication information F. An unprivileged user gains privileged access and thereby has sufficient access to completely compromise or destroy the entire system F. An unprivileged user gains privileged access and thereby has sufficient access to completely compromise or destroy the entire system Which of the following is not a mechanism of attack according to the CAPEC Mechanism of Attack hierarchy of attack patterns? A. Engage in Deceptive Interactions, such as spoofing B. Abuse Existing Functionality, such as flooding C. Inject Unexpected Items, such as code injection D. Reverse Engineering in the Physical Security Domain of Attack D. Reverse Engineering in the Physical Security Domain of Attack According to CAPEC, firmly grasping the attacker's perspective and approaches used to exploit software systems is necessary to enhance security throughout the software development lifecycle. True or False True According to CAPEC, to identify and mitigate relevant vulnerabilities in software, the development community only needs good software engineering and analytical practices, a solid grasp of software security features, and a powerful set of tools. True or False False According to CAPEC, what is the typical severity of HTTP Response Splitting? A. CAPEC does not provide a severity B. High C. Low D. Medium B. High OWASP Injection These occur when untrusted data is sent to an interpreter as part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Examples of this risk can occur in SQL, NoSQL, and LDAP. Broken Authentication Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users' identities temporarily or permanently. Sensitive data exposure Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. XML External Entities Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks [Show Less]
All of the following are considered a logical (technical) control? encryption, passwords, firewalls, intrusion detection systems What does the conc... [Show More] ept of defense in depth mean? Protect your data and systems with tools and techniques from different layers All of the following about vulnerabilities and threats are true? Vulnerability is a weakness that may be exploited by a threat, Threat is an actor that may exploit a vulnerability, Vulnerabilities and threats combine to create risk All of the following are solutions in the Polycom case study? Code review, Traffic encryption, Firewall rules All of the following are true about complex and automatically generated passwords that are unique to each system and are a minimum of 30 characters in length, such as !Hs4(j0qO$&zn1%2SK38cn^!Ks620! ? They may cause users to write the password down, For most users, they are difficult to remember, For most users, they make system access less convenient than user-chosen passwords Which of the following is true regarding the history of cybersecurity as presented in class and the associated document? Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses How do we know at what point we can consider our environment to be secure? Never; perfect security does not exist Considering the CIA triad and the Parkerian hexad, which of the following is true? Parkerian is more complete but not as widely known In a data breach (such as the OPM case) which security characteristic of data has been violated? Confidentiality The primary vulnerability in the Lodz Tram Hack case study was: Lack of authentication In the fake finger video from class, what was the printed circuit board used for? to etch the fingerprint What do we call the process in which the client authenticates to the server and the server authenticates to the client? Mutual authentication What do we call the rate at which we fail to authenticate legitimate users in a biometric system? False Rejection Rate (FRR) A physical key (like for a door lock) would be described as which type of authentication factor? something you have If we are using an identity card such as a driver's license as the basis for our authentication scheme, all of the following additions would represent multifactor authentication? A fingerprint, A voice print, A PIN (personal identification number) If we are using an 4-character password that contains only lowercase English alphabetic characters (26 different characters), how many more possible passwords are there if we use a 5-character password (still only lowercase English alphabetic characters? 11,424,400 more possibilities All of the following are true? Fingerprints have features such as bifurcations, islands, and crossovers, The human iris is unique to an individual, Facial recognition may be used for authentication What is the difference between verification and authentication of an identity? verification is a weaker confirmation of identity than authentication What biometric factor describes how well a characteristic resists change over time? permanence Why does access control based on the Media Access Control (MAC) address of the systems on our network not represent strong security? MAC addresses can be easily spoofed or changed Which type of access control would be used in the case where we wish to prevent users from logging in to their accounts after business hours? Attribute Based Access Control What is the difference between authorization and access control Authorization specifies what a user can do, and access control enforces what a user can do What does the Brewer and Nash model protect against? Conflict of interest Which should take place first, authorization or authentication? Authentication What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)? In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determines access Given a file containing sensitive data and residing in a Linux operating system with some users who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a potential security issue? yes, because other users can read and modify the file The confused deputy problem can allow unauthorized privilege escalation to take place; how does this happen? software has greater privilege than the user of the software The Bell-LaPadula and Biba multilevel access control models each have a different primary security focus. Can these two models be used in conjunction? yes [Show Less]
Which of the following is not true about complex and automatically generated passwords that are unique to each system and are a minimum of 30 characters in... [Show More] length, such as !Hs4(j0qO$&zn1%2SK38cn^!Ks620! ? A) They may cause users to write the password down B) Brute force password crackers will break them as quickly as a 4-digit PIN C) For most users, they are difficult to remember D) For most users, they make system access less convenient than user-chosen passwords B) Brute force password crackers will break them as quickly as a 4-digit PIN What does the concept of defense in depth mean? A) Protect your data and systems with tools and techniques from different layers B) Use every available tool at a particular layer to protect you data and systems C) Encrypt your data multiple times D) Hide your data and systems deep underground A) Protect your data and systems with tools and techniques from different layers Which of the following would not be considered a logical (technical) control? A) encryption B) fences C) passwords D) firewalls E) intrusion detection systems B) fences In a data breach (such as the OPM case) which security characteristic of data has been violated? A) Integrity B) Availability C) Authenticity D) Confidentiality D) Confidentiality Which of the following is true regarding the history of cybersecurity as presented in class and the associated document? A) No actual data was exposed nor harm done in any of the events B) Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses C) All of the events were perpetrated by non-US governments against the US government D) None of the attack perpetrators were caught or identified B) Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses How do we know at what point we can consider our environment to be secure? A) When we spend 10% of our organization's annual budget B) Never; perfect security does not exist C) When we follow industry best practices D) If we make it 10 years without a reported incident B) Never; perfect security does not exist Considering the CIA triad and the Parkerian hexad, which of the following is true? A) Confidentiality, integrity, and availability are only in the CIA triad B) Parkerian is more complete but not as widely known C) They both have six key elements D) They both have three key elements B) Parkerian is more complete but not as widely known The primary vulnerability in the Lodz Tram Hack case study was: A) Lack of train speed control B) Lack of authentication C) Interference from the surrounding environment D) Over use of encryption B) Lack of authentication Which of the following would not be part of a solution in the Polycom case study? A) Code review B) Off site backups C) Traffic encryption D) Firewall rules B) Off site backups Which of the following about vulnerabilities and threats is not true? A) Threat is an actor that may exploit a vulnerability B) Vulnerabilities and threats combine to create risk C) Vulnerability is a weakness that may be exploited by a threat D) A vulnerability or a threat, but not both, are required to create risk D) A vulnerability or a threat, but not both, are required to create risk Which of the following is not a reason why an identity card alone might not make an ideal method of authentication? A) subject to change B) may be duplicated C) issued by the government D) may be spoofed C) issued by the government What is the difference between verification and authentication of an identity? A) authentication is a weaker confirmation of identity than verification B) verification is a weaker confirmation of identity than authentication C) authentication always includes a biometric mechanism D) nothing - they mean the same thing B) verification is a weaker confirmation of identity than authentication A physical key (like for a door lock) would be described as which type of authentication factor? A) something you made B) something you bought C) something you stole D) something you have D) something you have What biometric factor describes how well a characteristic resists change over time? A) permanence B) uniqueness C) universality D) circumvention A) permanence If we are using an identity card such as a driver's license as the basis for our authentication scheme, which of the following additions would not represent multifactor authentication? A) A voice print B) A PIN (personal identification number) C) A birth certificate D) A fingerprint C) A birth certificate What do we call the process in which the client authenticates to the server and the server authenticates to the client? A) Mutual authentication B) Biometric authentication C) Verification D) Single Sign On A) Mutual authentication What do we call the rate at which we fail to authenticate legitimate users in a biometric system? A) True Acceptance Rate (TAR) B) False Rejection Rate (FRR) C) True Rejection Rate (TRR) D) False Acceptance Rate (FAR) B) False Rejection Rate (FRR) If we are using an 4-character password that contains only lowercase English alphabetic characters (26 different characters), how many more possible passwords are there if we use a 5-character password (still only lowercase English alphabetic characters? A) 11,424,400 more possibilities B) same number of possibilities because still using lowercase English alphabetic characters C) 456,976 more possibilities D) 26 more possibilities A) 11,424,400 more possibilities Which of the following is not true? A) Fingerprints have features such as bifurcations, islands, and crossovers B) The human iris is unique to an individual C) Facial recognition may be used for authentication D) Voice authentication requires speech to text capability NOT C) Facial recognition may be used for authentication In the fake finger video from class, what was the printed circuit board used for? A) to write code that simulated the fingerprint B) to etch the fingerprint C) to build a circuit to bypass the phone's authentication program D) to capture a fingerprint from a camera application B Given a file containing sensitive data and residing in a Linux operating system with some users who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a potential security issue? A) no, because other users cannot modify the file B) yes, because all users have full permissions for the file C) no, because no users can execute the file D) yes, because other users can read and modify the file D) yes, because other users can read and modify the file Which should take place first, authorization or authentication? A) It does not matter B) Authentication C) Authorization D) They should happen concurrently B) Authentication [Show Less]
$42.95
89
0
$42.95
DocMerit is a great platform to get and share study resources, especially the resource contributed by past students.
Northwestern University
I find DocMerit to be authentic, easy to use and a community with quality notes and study tips. Now is my chance to help others.
University Of Arizona
One of the most useful resource available is 24/7 access to study guides and notes. It helped me a lot to clear my final semester exams.
Devry University
DocMerit is super useful, because you study and make money at the same time! You even benefit from summaries made a couple of years ago.
Liberty University