General Security Concepts

  • Kerberos is an industry standard authentication protocol used to verify user or host identity.
  • Role-based access control (RBAC) is an access control model. In this model, a user can access resources according to his role in the organization.
  • Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the system.
  • Authentication is a process of verifying the identity of a person, network host, or system process. The authentication process compares the provided credentials with the credentials stored in the database of an authentication server.
  • Certificate-based authentication is the most secure method of authentication. It provides stronger key for encryption as compared to Digest authentication and sends encrypted passwords across the network. This prevents unauthorized users from intercepting the passwords.
  • Anonymous authentication is generally used for public Internet Web sites. Using this method, a user can establish a connection with a Web server without providing username and password.
  • Authentication is a process of verifying the identity of a person, network host, or system process. The authentication process compares the provided credentials with the credentials stored in the database of an authentication server.
  • Password Authentication Protocol (PAP) transmits user credentials as plaintext.
  • A certificate is a digital representation of information that identifies authorized users on the Internet and intranets.
  • Biometrics is a method of authentication that uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user.
  • Mutual authentication is a process in which a client process and server are required to prove their identities to each other before performing any application function.
  • User accounts can be disabled, rather than being deleted, as a security measure to prevent a particular user from logging on.
  • Multi-factor authentication involves a combination of multiple methods of authentication. For example, an authentication method that uses smart cards as well as usernames and passwords can be referred to as multi-factor authentication.
  • Anonymous authentication is an authentication method used for Internet communication. It provides limited access to specific public folders and directory information or public areas of a Web site.
  • Biometrics is the most secure method of authentication.
  • The distributed denial-of-service (DDoS) attack involves multiple compromised systems to attack a single target.
  • Eavesdropping is the process of listening in private conversations.
  • Spoofing refers to the emulation of the identity of a network computer by an attacking computer.
  • SYN attack refers to a condition in which a hacker sends a bunch of packets that leave TCP ports half open.
  • PING is a utility that sends Internet Control Message Protocol (ICMP) request packets to a specified destination host.
  • A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network.
  • A denial-of-service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network.
  • Brute force attack is the most likely cause of the account lockouts. In this attack, unauthorized users attempt to log on to a network or a computer by using multiple possible user names and passwords.
  • A strong encryption provides the best protection against a man-in-the-middle attack.
  • Back door is a program or account that allows access to a system by skipping the security checks.
  • Brute force attack and Dictionary attack are the types of password guessing attacks.
  • War driving is the most common method used by attackers to identify wireless networks.
  • Smurf is an ICMP attack that involves spoofing and flooding.
  • Replay attack used by attackers to obtain an authenticated connection on a network.
  • Teardrop is an attack with IP fragments that cannot be reassembled.
  • Snooping is an activity of observing the content that appears on a computer
    monitor or watching what a user is typing.
  • Phishing is a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number.
  • Dictionary attack is specially used for cracking a password.
  • Sniffing is a process of monitoring data packets that travel across a network. The software used for packet sniffing is known as sniffer.
  • Sudden reduction in system resources and corrupted or missing files are symptoms of a virus attack.
  • Boot sector, network files, and system files are vulnerable to virus attacks.
  • International Computer Security Association (ICSA) is an independent organization that defines standards for anti-virus software.
  • To minimize potential virus attacks, a virus protection program should be installed on each workstation on a network.
  • Updating the anti-virus software regularly is the best way of protecting important data against virus attack.
  • The main difference between worms and Trojan horses is that worms replicate itself from one computer to another, while Trojan horses do not.
  • Worm and Trojan horse are based on malicious code.
  • A logic bomb is a malicious program that executes when a predetermined event occurs.
  • Stealth virus masks itself from applications or utilities to hide itself by detection of anti-virus software.
  • The following methods can be helpful to eliminate social engineering threat:
    • Password policies
    • Vulnerability assessments
    • Data classification

  • Auditing is used to secure a network and the computers on a network. It is also used to track user accounts for file and object access, logon attempts, etc.
  • The following types of activities can be audited:
    • Network logons and logoffs
    • File access
    • Printer access
    • Remote access service
    • Application usage
    • Network services

Communication Security

  • Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication.
  • Virtual private network (VPN) uses a tunneling protocol to span public networks, such as the Internet, without security risk. VPN enables remote users to access corporate networks securely by using a tunneling protocol such as PPTP or L2TP.
  • PPP is a remote access protocol that supports encryption.
  • UDP port 49 is the default port for TACACS.
  • Internet Protocol Security (IPSec) is a standard-based protocol that provides the highest level of VPN security. IPSec uses Authentication Header (AH) for data integrity and Encapsulating Security Payload (ESP) for data confidentiality.
  • IPSEC is used with a tunneling protocol to provide security.
  • Point-to-Point Protocol (PPP) works on the OSI model’s data-link layer.
  • Secure Shell (SSH) is a protocol that provides strong authentication and secure communications over unsecured channels.
  • UDP port 1701 is the default port for L2TP.
  • IPSec operates at the network layer of the Open Systems Interconnect (OSI) model.
  • Secure Shell (SSH) is a protocol. It uses public key encryption as the main method for user authentication.
  • PPTP an L2TP are tunneling protocols.
  • Tunneling is a process used by remote users to make a secure connection to internal resources after establishing an Internet connection.
  • PPTP is used to securely connect to a private network by a remote client using a public data network, such as the Internet.
  • IEEE 802.1X standard provides an authentication framework for wireless LANs. It uses the Extensible Authentication Protocol (EAP) that works on Ethernet, Token Ring, or wireless LANs to exchange messages for the authentication process.
  • Extensible Authentication Protocol (EAP) is an authentication protocol that provides support for a wide range of authentication methods, such as smart cards, certificates, one-time passwords, public keys, etc.
  • The Secure Shell (SSH) protocol is used to establish a secure TELNET session over TCP/IP.
  • The two most commonly used methods for providing e-mail security are Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME).
  • Hoax is a false warning about a virus. It is commonly spread through e-mail messages.
  • E-mail filtering should be implemented to protect an organization from spam.
  • Pretty Good Privacy (PGP) is an encryption method that uses public-key encryption to encrypt and digitally sign e-mail messages during communication between e-mail clients.
  • Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME) are two ways of sending secure e-mail messages over the Internet.
  • Spam is a term that refers to the unsolicited e-mails sent to a large number of e-mail users.
  • Simple Mail Transfer Protocol (SMTP) is a protocol for sending e-mail messages between servers.
  • Post Office Protocol version 3 (POP3) is a protocol used to retrieve e-mails from a remote mail server.
  • Internet Message Access Protocol (IMAP) is a protocol that allows an e-mail client to access and manipulate a remote e-mail file without downloading it to the local computer.
  • If no expiration date is set for a cookie, it expires when the session ends.
  • Simple Mail Transfer Protocol (SMTP) is a common protocol for sending e-mails over the Internet.
  • The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web server.
  • Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. Secure Sockets Layer (SSL) uses a combination of public key and symmetric encryption to provide communication privacy, authentication, and message integrity.
  • Secure Sockets Layer (SSL) session keys are available in 40-bit and 128-bit lengths.
  • SNMP uses UDP port 161 by default.
  • TCP port 143 is the default port for Internet Message Access Protocol 4 (IMAP4).
  • Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. Secure Sockets Layer (SSL) uses a combination of public key and symmetric encryption to provide communication privacy, authentication, and message integrity.
  • IEEE 802.11b is an extension of the 802.11 standard. It is used in wireless local area networks (WLANs) and provides 11 Mbps transmission speeds in the bandwidth of 2.4 GHz.
  • SSL and TLS protocols are used to provide secure communication between a client and a server over the Internet.
  • Buffer overflow is a situation in which an application receives more data than it is configured to accept. This usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the application.
  • Hypertext Transfer Protocol Secure (HTTPS) is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site.
  • Common Gateway Interface (CGI) defines the communication link between a Web server and Web applications.
  • Cookie contains information that is read by a Web application, whenever a user visits a site. Cookies are stored in the memory or hard disk of client computers. A Web site stores information, such as user preferences and settings in a cookie.
  • JavaScript and Perl can be used to create and store cookies on client computers.
  • Packet filtering is a process of monitoring data packets that travel across a network.
  • HTTP protocol is responsible for requesting Web pages from a Web server and sending back the responses to a Web browser.
  • Encryption is a method of securing data while it travels over the Internet. The encryption software encodes information from plain text to encrypted text, using specific algorithms with a string of numbers known as a key.
  • Lightweight Directory Access Protocol (LDAP) is used to query and modify information stored within the directory services.
  • The Lightweight Directory Access Protocol (LDAP) is a protocol for clients to query and manage information in a directory service over a TCP connection.
  • The following attributes are used by Lightweight Directory Access Protocol (LDAP) to notify the names of active directory elements:
    • DC: It is the Domain Component tag that identifies a part of the DNS name of a domain such as COM.
    • OU: It is the Organizational Unit tag that identifies an OU container.
    • CN: It is the Common Name tag that identifies the common name configured for an Active Directory object.
  • Secure Socket Layer (SSL) is a technology built-in the Web server and browser to encrypt data traveling over the Internet. The Secure Socket Layer (SSL) protocol provides communication privacy, authentication, and message integrity by using a combination of public-key and symmetric encryption.
  • Packet filtering is a method that allows or restricts the flow of specific types of packets to provide security.
  • Passive detection is a type of intruder detection that involves logging network events to a file for an administrator to review later.
  • In order to configure a wireless LAN to provide security, set the authentication type for the wireless LAN to Shared Key, disable SSID Broadcast, and enable MAC address filtering on all the wireless access points. On each client computer, add the SSID for the wireless LAN as the preferred network.
  • In order to secure wireless networks, use techniques such as closed network, SSID spoofing, and MAC address filtering.
  • Only users with the correct WEP key can authenticate from the access point of the network.
  • Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs).

Infrastructure Security

  • Firewall is used to protect the network against unauthorized access.
  • The Web browser’s Security setting controls the way in which a Web browser receives information and downloads content from Web sites.
  • Routers prevent broadcasts from crossing over subnets.
  • Firewall should be installed between the LAN and the Internet to protect a LAN against external access and misuse.
  • Firewall is available both as software and hardware. You can implement hardware-based firewall for security with minimum administrative effort.
  • NSLOOKUP utility queries the DNS server to check whether or not the zone database contains the correct information.
  • Blocking all the packets, unless they are explicitly permitted, is the most secure policy for a firewall.
  • Switch reads the destination’s MAC address or hardware address from each incoming data packet and forwards the data packet to its destination. This reduces the network traffic.
  • Firewall performs packet screening for security on the basis of port numbers.
  • Smart card is a device that contains a microprocessor and permanent memory. It is used to securely store public and private keys for log on, e-mail signing and encryption, and file encryption.
  • A fibre optic cable provides maximum security against electronic eavesdropping on a network.
  • Fiber-optic cable is used for high-speed, high-capacity data transmission. It uses optical fibers to carry digital data signals in the form of modulated pulses of light.
  • RG-59 type of coaxial cable is used for cable TV and cable modems.
  • Fiber-optic cables use light as a transmission media.
  • The extranet will be used to specify the nature of access to the Web site. The extranet is an area on a Web site that is available only to a set of registered visitors.
  • VPN is an example of extranet.
  • Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network.
  • A perimeter network is also known as a demilitarized zone or DMZ. It has a connection to the Internet through an external firewall and a connection to the internal network through an interior firewall. It protects a network from unauthorized traffic.
  • Network Address Translation (NAT) is a technique that hides internal network hosts from the public network.
  • Bastion host is a computer that must be made secure because it is accessible from the Internet and hence is more vulnerable to attacks.
  • Extranet is an area of a company’s Web site, which is available only to selected customers, suppliers, and business partners. It allows users limited access to a company’s Intranet.
  • The DMZ is an IP network segment that contains resources available to Internet users such as Web servers, FTP servers, e-mail servers, and DNS servers.
  • Rogue employees and dial-up connections are threats to network security.
  • A honey pot is a computer that is used to attract potential intruders or attackers. It is for this reason that a honey pot has low security permissions. A honey pot is used to gain information about the intruders and their attack strategies.
  • NSLOOKUP is a tool for diagnosing and troubleshooting Domain Name System (DNS) resolution problems.
  • In case users are unable to access a Web site by entering the Web site address while able to access the Web site by using the IP address. This is because the DNS server has no entry for the host name of the Web site.
  • Start of Authority (SOA) record is the first record in any DNS database file.
  • FTP uses port 20 and 21 by default.
  • IIS provides the FTP, SMTP, and NNTP services with HTTP.
  • NTFS supports security features, such as encryption using Encrypting File System (EFS) and file and folder level permissions.
  • Port 53 is the default port for DNS zone transfer.
  • UDP port 137 is the default port for the NetBIOS name service.
  • Malicious e-mails can be prevented from entering the network from the non-existing domains by enabling DNS reverse lookup on the e-mail server. DNS reverse lookup enhances the security of a network by confirming the identity of incoming e-mails.
  • System hardening is a term used for securing an operating system.
  • Hotfix is a collection of files used by Microsoft for software updates that are released between major service pack releases. It is generally related to security problems.
  • Access control list (ACL) is a rule list containing access control entries. It is used to allow or deny access to network resources.
  • NTFS file system provides file-level security.
  • Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard used to dynamically assign IP addresses to computers, so that they can communicate with other network services. It reduces the complexity of managing network client IP address configuration.
  • System hardening is a term used for securing an operating system. It can be achieved by installing the latest service packs, removing unused protocols and services, and limiting the number of users with administrative privileges.
  • Directory service is a network service that stores and organizes information about a computer network’s users and network resources, and that allows network administrators to manage users’ access to the resources.
  • Service pack is a medium by which product updates are distributed. It is a collection of Fixes and Patches in a single product. It contains updates for system reliability, program compatibility, and security.
  • It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC).
  • Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group.
  • Internet Control Message Protocol (ICMP) protocol provides maintenance and error reporting function.
  • TFS has all the basic capabilities of FAT and it provides better file security, improved disk compression and support for larger hard disks.

Basics of Cryptography

  • Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data. Symmetric encryption algorithms are faster than public key encryption.
  • Public key and private key re used in asymmetric encryption.
  • NTLM version 2 uses 128-bit encryption. It is the most secure form of challenge/response authentication.
  • Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data.
  • Asymmetric encryption is a type of encryption that uses two keys, namely a public key and a private key pair for data encryption.
  • Symmetric encryption algorithms are faster than public key encryption. Therefore, it is commonly used when a message sender needs to encrypt a large amount of data. Data Encryption Standard (DES) uses symmetric encryption key algorithm to encrypt data.
  • Digital signature is a personal authentication method based on encryption and authorization codes.
  • Message authentication code (MAC) is a mechanism that applies an authentication scheme and a secret key to a message, so that the message can only be verified by the intended recipient. It provides integrity checks based on a secret key.
  • Digital signature is a personal authentication method based on encryption and authorization codes. It is created by implementing a public-key encryption.
  • Confidentiality is a term that refers to the protection of data against unauthorized access.
  • Non-repudiation is a mechanism which proves that the sender really sent a message.
  • Integrity ensures that no intentional or unintentional unauthorized modification is made to data.
  • Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication.
  • Public Key Infrastructure (PKI) provides security through data encryption and digital signature.
  • Certification authority (CA) is an entity in a network, which manages security credentials and public keys for message encryption. It issues certificates that confirm the identity and other attributes of a certificate in relation to other entities.
  • Certificate Enrollment Protocol (CEP) allows Cisco devices to acquire and utilize digital certificates from Certification Authorities (CAs).
  • Certificate Management Protocol (CMP) provides functionalities for advanced management associated with the use of digital certificates such as certificate issuance, exchange, revocation, invalidation, etc.
  • Online Certificate Status Protocol (OCSP) is used to verify the status of a certificate.
  • International Data Encryption Algorithm (IDEA) operates on 64-bit blocks using a 128-bit key.
  • Twofish symmetric key block cipher operates on 128-bits block size using key sizes up to 256 bits.
  • Certificate server is a standards-based, highly customizable server program for managing the creation, issuance, and renewal of digital certificates.
  • In a decentralized privilege management environment, user accounts and passwords are stored on each server.

Operational / Organizational Security

  • Shielding is a way of preventing electronic emissions that are generated from a computer or network from being used by unauthorized users for gathering confidential information.
  • Incremental backup backs up files that are created or changed since the last full or incremental backup.
  • Sanitization is the process of removing the content from the media so that it is difficult to restore.
  • Declassification is the process of assessing the risk involved in discarding particular information.
  • Incremental backup is the fastest backup process. It backs up files that are created or changed since the last full or incremental backup, and clears the archive bit.
  • RAID provides high availability of data.
  • A minimum of three disks are required for RAID-5 volumes.
  • Due Care policy identifies the level of confidentiality of information on a computer. It specifies how the information is to be handled.
  • A backup policy is a documentation of guidelines that are used to create archival copies of important data.
  • A chain of custody is a documentation that shows who has collected and accessed each piece of evidence. It is a documentation of guidelines that computer forensics experts use to handle evidences.
  • A retention policy is a company policy, which is set by a network administrator to allow users to retain their e-mails and documents for a fixed period of time.

Comments are closed.