CP5291 SECURITY PRACTICES

 

CP5291 SECURITY PRACTICES

1. Define security services.

Security services is defined as a service that enhances the security of the data processing systems and the information transfers of an organization.

 

2. What is meant by zero day attack?

A zero-day attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability.

0day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.

 

3. What are the four phases of unknown vulnerability management process?

The unknown vulnerability management process consists of four phases:

• Analyze: This phase focuses on attack surface analysis.
• Test: This phase focuses on fuzz testing the identified attack vectors.
• Report: This phase focuses on reproduction of the found issues to developers.
• Mitigate: This phase looks at the protective measures.

 

4. Write a difference between sustained capture speed and peak capture speed.

The sustained captured speed is the rate at which a packet capture appliance can capture and record packets without interruption or error over a long period of time. This is different from the peak capture rate, which is the highest speed at which a packet capture appliance can capture and record packets. The peak capture speed can only be maintained for a short period of time, until the appliance’s buffers fill up and it starts losing packets.

 

5. Write the advantages of UTM.

UTM systems are multilayered and incorporate several security technologies into a single platform, often in the form of a plug-in appliance. UTM products can provide such diverse capabilities as antivirus, VPN, firewall services, and antispam as well as intrusion prevention.

Advantages:

• Ease of operation and configuration.
• Security features can be quickly updated to meet rapidly evolving threats.

6. Differentiate between hacker and cracker.

A Hacker is a person who is extremely interested in exploring the things and recondite workings of any computer system or networking system. Hackers are expert programmers. These are also called Ethical Hackers or white hat hackers. The technique they use is called ethical hacking.

Crackers or Black Hat hackers are also called cheaters or simply criminals. They are called criminals because they intend to cause harm to security, stealing very useful data and using it in wrong ways. Phishers, who steal account information and credit card numbers, also fall into this category

 

7. What is trapdoor?

It is also called Backdoors, are pieces of code written into applications or OS to grant programmers access to programs without requiring them to go through the normal methods of access authentication.

 

8. List the four phases of Remus.

1. Checkpoint the changed memory state at the primary, and continue to the next epoch of network and disk request streams.

2. Replicate system state on the backup.

3. Send checkpoint acknowledgment from the backup when complete memory checkpoint and corresponding disk requests have been received.

4. Release outbound network packets queued during the previous epoch upon receiving the acknowledgment.

 

9. Write about XACML.

XACML  stands for eXtensible Access Control Markup Language . It is an open standard XML-based language designed to express security policies and access rights to information for Web services, digital rights management (DRM), and enterprise security applications.

 

10. Define Token and its types.

A token is a device that employs an encrypted key. There are both software and hardware tokens. The software tokens can be installed on a user’s desktop system, in the cellular phone, or on the smart phone. The hardware tokens come in a variety of form factors, some with a single button that both turns the token on and displays its internally generated passcode. Tokens operate in one of three ways:

• time synchronous,
• event synchronous, or
• challenge-response (alsoknown as asynchronous

11. Define Man-in-the-middle attack.                      

The man-in-the-middle attack is one of the classical attacks that can be executed in a WSN environment. In this type of attack, the attacker intrudes into the network and attempts to establish an independent connection between a set of nodes and the sink node. He can be in either a passive or an active state. In a passive state, he simply relays every message among the nodes with the intention of performing an eavesdropping attack. In an active state, he can tamper with the intercepted data in an effort to break authentication     .          

 

12. What are the two attacks on WSN?       

In general, attacks can be divided into active and passive attacks:

Active Attack

In this type of attack, the attacker actively participates in all forms of communication (control and data) and may modify, delete, reorder, and replay messages or even send spoofed illicit messages to nodes in the network. Some other active attacks include node capturing, tampering with routing information, and resource exhaustion attacks.

Passive Attack

In this type of attack, the attacker is able to intercept and monitor data between communicating nodes, but does not tamper or modify packets for fear of raising suspicion of malicious activity among the nodes.

 

13. Write about Signature algorithms in LAN security.

Signature analysis is based on the following algorithms:

• Pattern matching
• Stateful pattern matching
• Protocol decode-based analysis
• Heuristic-based analysis
• Anomaly-based analysis

                       

 

14. Write a difference between single mode vs. multimode.                                                          

Specification	Single mode fiber	Multimode fiber
Definition	Single-mode fiber has a narrow core, allowing only a single mode of light to propagate within the core	Multimode has a wide core and allows multiple modes of light to propagate
Outside diameter	125 microns	125 microns
Core size	core size between 8 and 10 micorns	core size between 62.5 μm OM1 and 50 μm OM2.
Cost of fiber	Less Expensive	Expensive
Transmission wavelengths	1260 nm to 1640 nm	850 nm to 1300 nm
Advantages/disadvantages	Provides higher performance, but building the network is expensive.	The fiber is more costly, but the network deployment is relatively inexpensive.

 

 

15. Give diagrammatic representations for deployment architecture of optical wireless security.       

                     Mesh                            Ring                            Point to Point  

16. Write about IR plan

An Incident Response (IR) Plan is a detailed set of processes and procedures that anticipate, detect, and mitigate the impact of an unexpected event that might compromise information resources and assets. It consists of six major phases.

1. Preparation: Planning and readying in the event of a security incident.
2. Identification. To identify a set of events that have some negative impact on the business and can be considered a security incident.
3. Containment: During this phase the security incident has been identified and action is required to mitigate its potential damage.
4. Eradication: After it’s contained, the incident must be eradicated and studied to make sure it has been thoroughly removed from the system.
5. Recovery: Bringing the business and assets involved in the security incident back to normal operations.
6. Lessons learned: A thorough review of how the incident occurred and the actions taken to respond to it where the lessons learned get applied to future incidents.

 

17. Write  the three Access control models.

Three main access control models are in use today: RBAC, DAC, and MAC

Role-Based Access Control (RBAC)

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

 

18. Write about Network based Intrusion detection system.

Network-based intrusion detection systems (NIDS) have been the workhorse of information security technology(figure). NIDS function in one of three modes:

• Signature detection
• Anomaly detection, and
• Hybrid

 

19. What are the four types of evidence in Cyber Forensics In The Court System?

There are four types of evidence

1.      Documentary evidence

2.      Real evidence

3.      Witness testimony

4.      Demonstrative evidence

 

20. Write about Data Retention policies.

This leads us directly into data retention policies, A rigorous data retention policy will  prevent the exposure of outdated and irrelevant files. Deleted files are a security concern because they may still be extant. The following items present deleted data security challenges:

1. Email databases.

2. SQL log files.

3. Decommissioned servers.

4. Old backup tapes.

5. Forgotten share locations

 

21. Define Cyberforensics.

Cyber forensics is the acquisition, preservation, and analysis of electronically stored information (ESI) in such a way that ensures its admissibility for use as either evidence, exhibits, or demonstratives in a court of law.

 

22. Write about Plaintiffs and defendants.

When someone, an individual or an organization, decides it has a claim of money or damages against another individual or entity, they file a claim in court. The group filing the claim is the plaintiff, the other parties are the defendants.

 

23. Define P3P policy.

P3P (Platform for Privacy Preferences Project) allows Web sites to declare their privacy ractices in a standard and machine-readable XML format known as P3P policy. A P3P policy contains the specification of the data it protects, the data recipients allowed to access the private data, consequences of data release, purposes of data collection, data retention policy, and dispute resolution mechanisms.

 

24. Mention the advantages of Tor over AN.ON

Advantages of Tor over AN.ON are as follows:

1. Tor provides forward secrecy.

2. It is easy to set up new onion routers (“mixes”), which are run by many volunteers all over the world.

3. There are lower performance requirements for each “mix.”

4. Each mix is a possible bottleneck, however, in Tor, “mixes” that do not perform can be excluded from the dynamic routing.

 

25. Define onion routing. What are three phases in which onion routing protocol works?

Onion routing is intended to provide real-time bidirectional anonymous connections that are resistant to both eavesdropping and traffic analysis in a way that is transparent to applications.

The onion router infrastructure, the onion routing protocol works in three phases:

• Anonymous connection setup
• Communication through the anonymous connection
• Anonymous connection destruction