Exam Study Guide - Chapter 3
Exam Study Guide - Chapter 3 IST 233 - M001
Popular in Introduction to Computer Networking
Popular in Information technology
This 7 page Study Guide was uploaded by Frankie Prijatel on Monday September 28, 2015. The Study Guide belongs to IST 233 - M001 at Syracuse University taught by D. Molta in Fall 2015. Since its upload, it has received 200 views. For similar materials see Introduction to Computer Networking in Information technology at Syracuse University.
Reviews for Exam Study Guide - Chapter 3
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 09/28/15
Chapter 3 Review Monday September 28 2015 848 PM Review Questions a Summarize the 2013 cybersecurity attack on Target What were the hackers motivations How did they pull off their attack What were the consequences for Target What steps can credit card companies and retailers take to thwart these attacks gt Christmas of 2013 Target experienced two cyber attacks The first attack was a pointof scale black malware attack designed to quotscrapequot transaction data and 40 millions customers39 cards were quotscrapedquot The second attack was more individualized and stole customer information from over 70 million people The consequences were damages to Target39s reputation sales losses legal expenses stock decline technology officer fired and CEO fired As seen from the Home Depot attack similar to this one companies can take precautions to encrypt consumer data and raise security as a priority but it is expensive and timely b Describe the following network attacksthreats Malware Vulnerabilities Viruses Worms Spyware Spam Social Engineering Phishing Mobile Code Trojan Horses Downloaders Spam gt Malware malicious software that exploits technical system program errors improper installation of updates and behavioral vulnerabilities attacks people security exposures that are the result of poor business processes or user gullibility 39 Beware of Security by obscurity vendors try to keep vulnerabilities a secret when making sales Viruses type of malware destructive code concealed within applications that affectsinfects computer negatively by altering the way the computer works without user knowledge Transmitted through email attachments filesharing USB sticks etc Worms type of malware standalone programs that replicate themselves repeatedly Spyware secretly collects program information and gives it to another source Social Engineering attacks on individuals bent on tricking victims into doing something against their personal or organizational interest Phishing using an authenticlooking email or website to entice users to enter authentication credentials or other financial information Mobile Code Often concealed within web page applets or scripts that are designed to make applets easier to use Trojan Horses hides within or looks like a legitimate program spyware Trojans collect sensitive data and send the data to an attacker Downloaders small type of malware that exists to download other malware onto the victim39s computer Spam the most annoying type of malware that is unsolicited commercial email and when the recipient responds the unwittingly participate in fraud c With respect to malware what is a propagation vector Provide several examples V Propagation vectors are computertocomputer transmission methods of malware which can include email attachments visits to websites social networking sites USB RAM sticks peertopeer file sharing Some worms can directly propagate themselves by jumping from an infected computer to another target computer that has a particular vulnerability d What is social engineering What s the difference between Phishing and Spear Phishing attacks Can you use a network rewall to protect against social engineering V Social Engineering is when malware writers are able to trick the victim into doing something against personal or organizational security interests V Phishing attacks use authenticlooking email or websites to entice the user into sending hisher username password or other sensitive info to the attacker whereas spear phishing are directed at a particular individual such asa company39s purchasing manager e De ne hacking Describe the key phases of a hacking effort Scanning reconnaissance BreakIn ExitCoverUp Explain the different types of hackersattackers that enterprises may face V Hacking is intentionally using acomputer resource without authorization or in excess of authorization V Key Phases of a hacking effort 39 Scanningreconnaisa nce an exploit software or procedure that exploits a vulnerability must be found I Breakin the hacker uses the exploit to take over the host by sending exploit packets V V V V V f I ExitCoverup the hacker exploits the victim manually by looking thru files deleting them and transferring them outside the network and can even add malware like a Trojan horse for continuous automated exploitation V Different types of hackersattackers that enterprises may face 1 Traditional D Script kiddies unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites III Technology geeks III Disgruntled ex employees 2 New Attackers III Organized criminal attackers III Cyberterrorists III Government sponsored cyberwarfare What is a distributed denial of service attack What is a Bot What is a Botnet Explain how DoS attacks and botnets can be used as an element of a cyber warfare plan V A DDOS or distributed denial of service attacks make computers or entire networks unusable often involving the distribution of attack packets known as bots Attack wBot Command g j Attack Packets gt Attacker I Bot 7 Attack 39 Q Victim Command T Attack Packets Attacker aka quotbotmasterquot sends attack commands to Bots who then attack victims and the collection of computers compromised by the bots is referred to as a botnet V DoS attacks and bots can be used as an element of cyberwarfare because it39s difficult to identify the botmaster The Botmaster doesn39t communicate with the bots directly rather they send messages to a command and control server which then sends attack commands to bots thus removing the botmaster two levels from the attack g What are zeroday attacks and why do they scare the heck out of network and system managers What is the Stuxnet worm What was its target What makes it so special Who developed it and what are the implications of this V When a software vendor discovers a vulnerability they issue a patch which is a small program designed to fix the security vulnerability A zero day attack is a vulnerabilityspecific attack that occurs before a patch is made or even before the security vendor realizes there is a vulnerability V STUXnet 39 Computer worm can navigate through devices in a network discovered in 2010 1 Targeted Iranian nuclear centrifuges 2 Developed by US and Israeli intelligence 3 Spread thru Windows and USB memory sticks 4 Employed social engineering and multiple zeroday attacks 5 Geopolitical implications h De ne cryptography Explain the concepts of symmetric key encryption and electronic signatures How does a hosttohost VPN utilize cryptography V Cryptography is the use of math to protect information The most common types of cryptography relate to encryption for con dentiality where a message is sent from a host to a destination in cipher text and necessitates decryption on the receiving end Single key encryption also known as symmetric key encryption uses one key to both encrypt and decrypt a message Asymmetric key encryption uses a twostep key decryption so it39s more secure Cryptographic systems also add electronic signatures in addition to packet encryption which are small bit strings that provide messageby message authentication providing the sender39s identity V Sending messages on the Internet which has no builtin security and is full of attackers is vulnerable to interception In order to reduce your vulnerability you can create a virtual private network VPN in which you can communicate hostto host with cryptographic protections This way you are using a private cryptographically protected transmission path in the larger umbrella of Untrusted networks like the Internet and wireless networks i Describe the key issues associated with administering authentication systems What is the difference between traditional passwordbased authentication and twofactor authentication How might biometric authentication be used in a twofactor authentication system b Allfhpnfirnfinn cvcfpmc nrp rrllrinl fnr rnnfrnllino nrrpcc fn rpcnllrrpc en V I UILI IHIILIUULIVII J JBUIIIJ HIM VI UIUIUI Ivl le ILI VIIIIID UUUUJJ uv IUJVUII UUJ JV that adversaries can be prevented from reaching them however each resource must be appropriate for the risks to that particular resource Strong authentication is expensive and often inconvenient so for relatively nonsensitive data weaker but less expensive authentication is sufficient V Traditional password based authentication only requires one password and therefore only one level of protection Twofactor authentication requires two credentials for access to the information example simply possessing a debit card isn39t enough to use it you need a PIN Biometrics can be beneficial as part of twofactor authentication by utilizing body measurements as identification 39 Fingerprints inexpensive but poor precision sufficient for lowrisk uses 39 ris based on color patterns in your eye expensive but precise and difficult to deceive 39 Facial Recognition facial features controversial bc it can be done without the supplicant39s knowledge j With respect to cracking passwords what is the difference between dictionary attacks and bruteforce attacks How does this impact the password policies adopted by organizations V Dictionary Attacks are when an attacker uses a password dictionary to run common and weak passwords that users may utilize Bruteforce attacks in contrast are used on complex passwords where the crack first tries all combinations of one character passwords all combinations of twocharacter passwords etc until one works Even though complex and long passwords are more likely to deter attackers most users still use passwords that can be cracked with dictionary attacks The reason for this is because they only use passwords for nonsensitive assets k What is the purpose of a rewall Where might you expect to see rewalls deployed within an organization Why do you need to have a clear understanding of an organization s application environment in order to install and con gure a rewall What additional security features are provided by nextgeneration rewalls V The purpose of a firewall is to block unwanted attack packet access to your computer Often organizations use egress ltering which actually keeps specific packets from leaving the company network that might contain sensitive information It39s important to understand an org39s application environment when it comes to stateful packet inspection rewalls SPls because so many applications today run over Port 80 and connect to single servers so portbased policies from the access control list ACL can no longer sufficiently filter what you desire by themselves Next Generation Firewalls NGFWs I Deep Inspection III they look at everything in a packet including its message and headertrailer and also reassemble packets to look at the full application message as well as detecting what application actually created a stream of messages vs SPI rewalls which only analyze the given IP addresses and port numbers in their rules I Intrusion Detection Systems III When it comes to SPI firewalls they only block definite attack packets not suspicious ones With NSFWs they also now use intrusion detection systems IDS that log suspicious packet streams detected through deep inspection and if the threat turns out to be serious the IDS sends an alarm to the firewall administrators Be aware that intrusion detection systems can also create many false alarms so sufficient labor is needed to weed through the log files It almost becomes a needleina haystack situation and even then firewalls will never be able to stop all attack packets I Intrusion Prevention Systems III When companies are concerned with DoS attacks they can program their firewalls to discard packets they have high levels of confidence that are suspicious called intrusion prevention systems IPS and most NGFWs today discard highly suspicious packets I Reputation Management III Companies can program NGFWs to be sensitive to whitelists and blacklists which are compiled lists created by external services that show websites and other resources that have respectively very good or very bad reputations This technique known as reputation management uses the list database to enhance their ability to identify potentially bad content and to give fasttrack approval to whitelist content I NAT and VPN Traversal III All firewalls today have NAT functionality Network Address Translator which virtualizes IP addresses which improves LI I r Il39 ll L I I security and decreases tne number or It addresses a company needs Additionally they universally allow approved VPN virtual private network traffic to traverse firewalls without filters This is a necessary tradeoff between encryption security and filtering security 39 Wirespeed Operation III NGFWs use extremely large amounts of processing power and necessitate no delays in traffic This need for speed as well as processing power known as wirespeed operation use Applicationspeci c Integrated Circuits which are purpose built computer chips that can process NGFW functions much quicker than SPI firewalls with generalized computer chips Which protocol allows you to securely communicate with a web server V HTTPS A computing environment that is simulated through software like VMWare is called V Avirtual machine A is required to allow an external program to communicate through a rewall V Open port What is the recommended strategy for hosts regarding inbound connections V Block all inbound connections and allow only authorized apps to make in bound connections What tool might a hacker use to steal credit card info when a user is shopping on an H1TPonly site V Packet capturing tool like Wireshark uses the same key for encrypting and decrypting V Symmetric encryption
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'