Cybersecurity countermeasures are:
the tools and techniques we use to reduce risk
One vulnerability in air traffic control system case
... [Show More] was
unauthenticated messages
What does non-repudiation mean?
suffuncent evidence exists such taht a user cannot deny an action
What is the Parkerian hexad compared to the CIA triad
Parkenian has 6 elements including the 3 from the CIA but is not as widely known
Why does access control based on the Media Access Control (MAC) address of the systems on our networek not represent storng security
MAC addresses can be easily spoofed or changed
What is the difference between authentication and accountability
Authentication proves who you are and accountability records what you did
In the Maroochy Shire case, the actual threat was:
A disgruntled former employee
What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)
In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determine access
In the Yahoo breach, attackers stole:
User information
The Dark Overlord case discussed by our guest speaker involved:
physical threats and a financial demand
What is the difference between vulnerability assessment and penetration testing?
Penetration testing is more in depth than vulnerability assessment
A simple vulnerability assessment probe:
exhaustively exploits all possible vulnerabilites
What was stolen in the OPM breach?
Fingerprint, personal information, security clearance application data
The cuckoo's egg story had to do with
A cyber attack
If a Unix file has permissions 654 who can read and execute
Group
Computer log entries:
May contain user and remote system information
the file /etc/shadow on a Unix system contains
user names and hashed passwords
What do we call the rate at which we fail to authenticate legitimate users in a biometric system?
False Rejection Rate (FRR)
The traceroute command tells you:
The network path between two systems
What is the key point of Kerckhoffs second principle (i.e., the one principle most applicable to modern cryptographic algorithms)?
it is OK if the enemy knows the cryptographic system
The Mirai bot net case:
Used IoT devices for DDoS attack
What is the difference between authorization and access control
Authorization specifies what a user can do, and access control enforces what a user can do
The primary vulnerability in the Lodz tram hack was:
Unauthenticated infrared signals
How many possible passwords can be formed using lower case letters (a-z) and numbers (0-9) if a length of 8 is used (^ is the exponent operator)
36^8
Salting a password
Makes it harder to guess by brute force
What does the concept of defense in depth mean?
Protect your data and systems with tools and techniques from different layers
What do we call the process in which the client authenticated top the server and the server authenticates to the client
Mutual authentication
What type of cipher is a Caesar cipher
Subsitution
In the fake finger video from class what was the printed circuit board used for?
To etch the finger print
One counter measure for the Polycom HDX case was:
Check and control network traffic
What is the difference between verification and authentication of an identity?
verification is a weaker confirmation of identity then authentication
What are the main difference between symmetric and asymmetric key cryptography?
Symmetric key cryptography uses a single key for encryption and decryption; asymmetric key cryptography uses two keys, one for encryption and one for decryption
How do we know at what point we can consider our environment to be secure?
Never; perfect security does not exist
What tool mentioned in the text might we use to scan for devices on a network, to include fingerprinting the operating system and detecting versions of services on open ports?
nmap
What is the primary purpose of a network firewall?
control the traffic allowed in and out of a network
Why does network segmentation generally improve security?
malicious traffic cannot freely traverse the internal network
What is the difference between a stateful packet filtering firewall and a basic packet filtering firewall?
A stateful packet filtering firewall tracks sessions between systems
What is the primary purpose of a Network Intrusion Detection System?
detect possible attack traffic
Wht reasons are thjere to use a honeypot?
attract the attention of attackers in order to study them and their tools, detect, monitor, and sometimes tamper with the activities of an attacker, alert us to an attacker's presence
For what might we use the tool Kismet?
to detect wireless devices
Which of the following is not a protocol for wireless encryption?
kismet
WPA2
WPA
WEP
kismet
What is the purpose of a network DMZ?
Provide external access to systems that need to be exposed to external networks such as the Internet in order to function
What is a key difference between signature and anomaly detection in IDSs?
Signature detection uses fingerprints or distinct patterns of attacks to detect intrusions; anomaly detection uses deviation from baseline activity to detect instructions
How does the principle of least privilege apply to operating system hardening?
prevents attack actions that require administrator or root privilege
What is a cyber attack surface?
the total of the number of available avenues through which our system might be attacked
Which of the following is not part of operating system hardening?
Making alterations to common accounts
Making use of logging and auditing functions
Applying the principle of least privilege
Applying software updates in a timely manner
Changing the main network firewall ruleset
Removing or turning off unessential services
Removing unnecessary software
Changing the main network firewall ruleset
Why might we want a (software) firewall (FW) on our host if one already exists on the network?
host FWs know more about the local system
What does executable space protection do for us and how?
prevents buffer overflow attacks from working by blocking code execution on the memory stack
Are nmap results always accurate, or is it sometimes necessary to verify nmap output with another tool?
you should verify nmap results with another tool or data source
What does applying a vendor OS update (patch) usually do?
fixes vulnerabilities in the OS code
Exploit frameworks make it...
easier for amateurs to launch cyber attacks
If an antivirus tool is looking for specific bytes in a file (e.g., hex 50 72 6F etc.) to label it malicious, what type of AV detection is this?
signature
What is the difference between a port scanner and a vulnerability assessment tool?
port scanners discover listening ports; vulnerability assessment tools report known vulnerabilities on listening ports
Name the two main categories of Web security.
Client-side attacks and server-side attacks
How does an XSRF attack works?
a link or script on one web page is executed in the context of another open web page or web application
What does the tool Nikto do?
Scans a web server for common vulnerabilities
Which of the following is an example of a race condition?
Two bank transactions (withdrawals) run concurrently and the balances are not properly accumulated (recorded)
Does an SQL injection attack compromise content in the database or content in the Web application?
database
How can we prevent buffer overflows in our applications?
implement proper bounds checking
Why is it important from a security perspective to remove extraneous files from a Web server?
They may provide information or vulnerabilities useful to an attacker
Why is input validation important from a security perspective?
to prevent certain types of attacks
What does a fuzzing tool do?
Provide multiple data and inputs to discover vulnerabilities
How might we use a sniffer to increase the security of our applications?
to watch the network traffic being exchanged with a particular application or protocol
Does an organization's location or the national origin or location of data they are transmitting or storing affect the organization's use of encryption or how they treat employee information?
yes
Which of the following is not a provision of the Federal Privacy Act of 1974?
it places restrictions on how agencies can share an individual s data with other people and agencies
it requires agencies to follow certain principles, called fair information practices, when gathering and handling personal data
it lets individuals sue the government for violating its provisions
it requires government agencies to show an individual any records kept on him or her
it provides individuals the "right to be removed from the Internet"
it provides individuals the "right to be removed from the Internet"
At a high level, what does the Federal Privacy Act of 1974 do?
Safeguards privacy through creating four rights in personal data
What does California's SB 1386 deal with?
handling unauthorized exposure of data relating to California residents
What did the PCI DSS establish?
security standards as a condition of processing credit card transactions
What does the European Union s (EU) Data Protection Directive (Directive 95/46/EC) deal with?
PII
According to the text, which of the following is not a security professional's obligation relating to information protection and unauthorized disclosure?
release test data to see where it shows up
prevent information from unauthorized release
be able to catalog and categorize what information was taken if there is a leak
release test data to see where it shows up
What does PII stand for?
Personally Identifiable Information
Why might extradition be a delicate issue when prosecuting computer crimes?
lack of a consistent set of laws regarding extradition [Show Less]