Term
|
Definition
| gathering information to launch malicious packets at a target network. |
|
|
Term
| What is site reconnaissance? |
|
Definition
| retrieving info directly from target |
|
|
Term
| What is social engineering? |
|
Definition
| Con to gain access to privledged information |
|
|
Term
| What type of information is given away freely? |
|
Definition
|
|
Term
| What is a good starting point for mapping IP addresses to target organization? |
|
Definition
|
|
Term
| what does ARIN stand for? |
|
Definition
| American Registry for Internet Numbers |
|
|
Term
|
Definition
| Maintains information about the IP allocations assigned to particular organizations. |
|
|
Term
| What are Zone Transfers in relation to DNS? |
|
Definition
| polls the main database for updated information and then transfers if needed |
|
|
Term
|
Definition
| activities that hackers use to gather information about a target network. |
|
|
Term
| What type of reconnaissance was used in the movie War Games? |
|
Definition
|
|
Term
| What does ICMP stand for? |
|
Definition
| Internet Controlled Message Protocal |
|
|
Term
|
Definition
| Validates networked systems and maps topology |
|
|
Term
|
Definition
| Ping TCP ports to verify open ports |
|
|
Term
| Is it good practice to block inbound pings? |
|
Definition
|
|
Term
|
Definition
| The process of connecting to a system on a specific port and examining the banner provided by the application listening on that port. |
|
|
Term
| What does enumeration mean? |
|
Definition
| The extraction of user names, machine names, network resources, shares and services. |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| What is DNS Zone Transfer? |
|
Definition
| Zone Transfer to retrieve details of nonpublic internal networks and other useful information to help build accurate map of network. |
|
|
Term
| What are BIND Vulnerabilities? |
|
Definition
| overflow attacks and DoS attacks |
|
|
Term
| What does BIND stand for? |
|
Definition
| Berkeley Internet Name Daemon |
|
|
Term
|
Definition
| Service commonly found listening on TCP port 79 of Cisco IOS routers that uses telnet |
|
|
Term
|
Definition
| listens on port 113 to provide a degree of authentication through mapping local usernames to TCP Network ports |
|
|
Term
| What is an information system firewall? |
|
Definition
| protects internal network from external networks. |
|
|
Term
|
Definition
| sends SYN pack and responds w/ SYN/ACK when open and RST/ACK when closed |
|
|
Term
|
Definition
| if closed response is RST |
|
|
Term
|
Definition
| used to determine firewall rulesets, statefull and will reject ACK |
|
|
Term
|
Definition
| disables all flags, RST for all closed ports |
|
|
Term
|
Definition
| identify remote procedure call(RPC) and their associated program and version number |
|
|
Term
|
Definition
| TCP port 113, Responds with ID of user that owns process. |
|
|
Term
| What is Flie System Hacking? |
|
Definition
| Hostile and Self-Replicating Code |
|
|
Term
|
Definition
| Gains access to the Shell |
|
|
Term
| What is Traffic Capture also known as? |
|
Definition
|
|
Term
| What is a state based attack? |
|
Definition
| incorporate a variety of exploits that appropriate OS or application facilities for session tracking |
|
|
Term
| What is Denial of service? |
|
Definition
| Complement to system penetration and encompasses a veriety of techniques designed to deny users or clients access |
|
|
Term
| What is multi-homed device? |
|
Definition
| Device that is based on a configuration of multi network interfaces. |
|
|
Term
| What is an application filtering firewall? |
|
Definition
| intercepts connections and performs security inspections. |
|
|
Term
|
Definition
| A type of firewall that implements both network-layer and application layer |
|
|
Term
| What are the major types of personal firewalls? |
|
Definition
Personal Firewalls
Packet Filtering
Proxy servers
Circuit-level
Stateless inspection
Stateful inspection |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Created between two packet filter routers |
|
|
Term
| What should you do when you create a new rule for a firewall? |
|
Definition
|
|
Term
| What is it called when an IP address is combined with a port number? |
|
Definition
|
|
Term
| When using proxies, what does not exist between the server and client? |
|
Definition
|
|
Term
| What is the Proxy Process? |
|
Definition
1. Proxy allows the request
2. New packet is created and has the IP address of the proxy server
3. Web server receives the request
4. Web page is returned to the host (proxy server)
5. Proxy server checks the rule sets to verify that the web page is permitted
6. Decision is made to allow or deny
7. If allowed, the proxy creates a new information packet and delivers it to the original client |
|
|
Term
| How many editions are there for ISA server? |
|
Definition
|
|
Term
| What are the editions for the ISA server? |
|
Definition
|
|
Term
| What is the minimum requirement for installing ISA server 2004? |
|
Definition
|
|
Term
| What is used to configure the Microsoft Windows XP Firewall? |
|
Definition
|
|
Term
| What information can be found in the audit trail? |
|
Definition
| login, logouts, file manipulation and privileged actions, event name, date and time, success and failure rates, program, files accessed and user name. |
|
|
Term
| What is a hybrid Firewall? |
|
Definition
| combines both packet filtering with application-level firewall techniques |
|
|
Term
| Firewalls don't protect against what? |
|
Definition
| as access restrictions, back-doors threats, and vulnerability to inside hackers. |
|
|
Term
| What do firewalls filter? |
|
Definition
| Potentially harmful incoming or outgoing traffic or connections |
|
|
Term
| What is a way for a malicious insider to avoid or circumvent a firewall? |
|
Definition
|
|
Term
| Tab characters in the syslog are for what? |
|
Definition
| ensure the actions in the syslog are separated. |
|
|
Term
| An IDS has the ability to do what? |
|
Definition
| to sniff individual packets of network traffic for attack signatures and alert the network administrator if intruders have slipped through the firewall. |
|
|
Term
| What type of traffic does the IDS report on? |
|
Definition
| that the firewall allows it to see |
|
|
