Term
What are the 6 goals of network Security?
Elaborate on each... |
|
Definition
1) Confidentiality - The protection of data from unauthorized disclosure to a 3rd party.
2) Integrity - The assurance that data is not altered or destroyed in an unauthorized manner.
3) Availability - The continuous operation of computing sytems.
4) Authentication - Ensuring that you are who you claim you are, proving the genuineness of the user.
5) Non-repudiation - Prove that a user performed an action.
6) Access Control - Prevention of unauthorized access. |
|
|
Term
What is the goal of Confidentiality?
(#1 of Network Security goals) |
|
Definition
| To ensure the protection of data from unauthorized disclosure to a 3rd party |
|
|
Term
What is the goal of Integrity?
(#2 of Network Security goals)
|
|
Definition
| The assurance that data is not altered or destroyed in an unauthorized manner. |
|
|
Term
What is the goal of Availability?
(#3 of Network Security goals)
|
|
Definition
| To ensure the continuous operation of computing systems. |
|
|
Term
What is the goal of Authentication?
(#4 of Network Security goals)
|
|
Definition
| Ensures that you are who you claim you are, i.e., prove the genuineness of the user. |
|
|
Term
What is the goal of Non-Repudiation?
(#5 of Network Security goals)
|
|
Definition
| To prove that a user performed an action |
|
|
Term
What is the goal of Access Control?
(#6 of Network Security goals)
|
|
Definition
| To prevent unauthorized access. |
|
|
Term
What are the 3 types of malicious code?
Expand upon them too... |
|
Definition
1) Virus - A program that reproduces itself on the same computer, and inserts code into a file or application. Relies on user's interaction to be spread.
2) Worm - Self-replicating (like a virus), but doesn't attach itself to a program. It's a self-contained application with intent to exploit system vulnerabilities. No need for user interaction; use a network to travel.
3) Trojan - An executable program that appears to be something useful, but actually contains malware. Never replicates, but you have to invite it onto your computer. |
|
|
Term
| What are 4 ways to conceal malware? |
|
Definition
Through:
1) Trojans - Executable program that contains malware.
2) Rootkits - Software that hides the attacks.
3) Logic Bombs - computer code that lies dormant until it is triggered by a specific logical event.
4) Backdoors - Software code that gives access to program or service that circumvents normal security protection. |
|
|
Term
|
Definition
- Software designed to cause harm/disruption to a computer system.
- Software designed to perform activities on a computer without the consent of its owner. |
|
|
Term
| Explain what a phishing attack is... |
|
Definition
| The attacker poses as some sort of trusted site, like an online version of a banking company, to solicit you to update your financial information. |
|
|
Term
|
Definition
(Denial-Of-Service, attack)
An attempt to tie up network bandwidth or network services, so that it renders those resources useless to legitimate users.
Examples: Ping-Based attacks, TCP SYN flood, DDos attacks. |
|
|
Term
| What are 4 common attacks? |
|
Definition
1) Access attack
2) Malware attack
3) Social Engineering attack
4) Denial-Of-Service (DoS) attack |
|
|
Term
| What are the 3 types of DoS attacks, and their counterparts? |
|
Definition
1) Ping-based attacks:
- ping of death
- ping flood
- smurph attack
2) TCP SYN flood
3) DDoS attacks |
|
|
Term
| What is the "Ping of death?" |
|
Definition
| A program that sends a ping size greater than 65,535, which exceeds the largest allowed ping size, so the target computer/server cannont handle it and crashes. |
|
|
Term
|
Definition
| A large number of ping packets (ICMP echo requests) are sent to a target computer. |
|
|
Term
| What is a "TCP SYN flood attack?" |
|
Definition
(aka "Half-open SYN attacks")
Use the TCP's 3-way handshake to tie up a server with invalid TCP sessions, thereby preventing real sessions from being created |
|
|
Term
What is a "DDoS" attack?
How does it differ from a "DoS" attack? |
|
Definition
- Distributed denial of service attack, where multiple systems (typically containing trojans) are used to target a single system.
- DDoS uses multiple computers, focused on 1 target, whereas DoS attacks use only 1 computer. |
|
|
Term
| What are the 5 steps needed to achieve OS security? |
|
Definition
1) Develop a security policy
2) Perform host software baseline
3) Configure OS security
4) Deploy the settings
5) Implement patch management |
|
|
Term
| What is a Firewall, and what does it do? |
|
Definition
| A firewall, sometimes called a packet filter, is a hardware or software application that is designed to prevent malicious packets from entering (inbound traffic) or leaving (outbound traffic) computers. |
|
|
Term
| What are the major functionalities of Firewalls? |
|
Definition
1) Network Address Translation
2) Packet Filtering
3) Access Control Lists -- allows trafic from 2 networks to flow. |
|
|
Term
|
Definition
An ACL is an Access Controlled List, is a list of rules.
ACL's contain a list of packets--all of which are denied access initially-- and then the administrator creates "rules" that make exceptions for certain packets.
Routers contain this list. |
|
|
Term
|
Definition
(Virtual Private Network)
- A dedicated connection between 2 networks.
- Relies on Tunneling: "Encapsulating" private data into other packets and then sending them across a public network. |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Denial-of-service (attack) |
|
|
Term
|
Definition
| Distributed Denial-of-service (attack) |
|
|
