CP5291 SECURITY PRACTICES
1. Define security services.
Security services is defined as a service
that enhances the security of the data processing systems and the information
transfers of an organization.
2.
What is meant by zero day attack?
A zero-day attack or threat is an attack
that exploits a previously unknown vulnerability in a computer application,
meaning that the attack occurs on “day zero” of awareness of the vulnerability.
This means that the developers have had zero days to address and patch the
vulnerability.
0day exploits
(actual software that uses a security hole to carry out an attack) are used or
shared by attackers before the developer of the target software knows about the
vulnerability.
3. What are the four phases of unknown vulnerability
management process?
The unknown
vulnerability management process consists of four phases:
- Analyze: This phase focuses on attack surface analysis.
- Test: This phase focuses on fuzz testing the identified attack
vectors.
- Report: This phase focuses on reproduction of the found issues
to developers.
- Mitigate: This phase looks at the protective measures.
4. Write a difference between sustained capture speed
and peak capture speed.
The sustained
captured speed is the rate at which a packet capture appliance can capture and
record packets without interruption or error over a long period of time. This
is different from the peak capture rate, which is the highest speed at which a
packet capture appliance can capture and record packets. The peak capture speed
can only be maintained for a short period of time, until the appliance’s
buffers fill up and it starts losing packets.
5. Write the advantages of UTM.
UTM systems are
multilayered and incorporate several security technologies into a single
platform, often in the form of a plug-in appliance. UTM products can provide
such diverse capabilities as antivirus, VPN, firewall services, and antispam as
well as intrusion prevention.
Advantages:
- Ease of operation and configuration.
- Security features can be quickly updated to meet rapidly
evolving threats.
6. Differentiate between hacker and cracker.
A Hacker is
a person who is extremely interested in exploring the things and recondite
workings of any computer system or networking system.
Hackers are expert programmers. These are also
called Ethical Hackers or
white
hat hackers. The technique they use is called ethical hacking.
Crackers or Black Hat hackers are also called cheaters or simply criminals.
They are called criminals because they intend to cause harm to security,
stealing very useful data and using it in wrong ways. Phishers, who steal
account information and credit card numbers, also fall into this category
7. What is trapdoor?
It is also
called Backdoors, are pieces of code written into applications or OS to grant
programmers access to programs without requiring them to go through the normal
methods of access authentication.
8. List the four phases of Remus.
1. Checkpoint
the changed memory state at the primary, and continue to the next epoch of
network and disk request streams.
2. Replicate
system state on the backup.
3. Send
checkpoint acknowledgment from the backup when complete memory checkpoint and
corresponding disk requests have been received.
4. Release
outbound network packets queued during the previous epoch upon receiving the
acknowledgment.
9. Write about XACML.
XACML stands for eXtensible Access Control Markup Language . It is an open
standard XML-based language designed to express security policies and
access rights to information for Web services, digital rights management
(DRM), and enterprise security applications.
10. Define Token and its types.
A token is a
device that employs an encrypted key. There are both software and hardware tokens.
The software tokens can be installed
on a user’s desktop system, in the cellular phone, or on the smart phone. The hardware tokens come in a variety of
form factors, some with a single button that both turns the token on and
displays its internally generated passcode. Tokens operate in one of three
ways:
- time synchronous,
- event synchronous, or
- challenge-response (alsoknown as asynchronous
11. Define Man-in-the-middle attack.
The
man-in-the-middle attack is one of the classical attacks that can be executed
in a WSN environment. In this type of attack, the attacker intrudes into the
network and attempts to establish an independent connection between a set of
nodes and the sink node. He can be in either a passive or an active state. In a passive state, he simply
relays every message among the nodes with the intention of performing an
eavesdropping attack. In an active state, he can tamper with the intercepted
data in an effort to break authentication .
12. What are the two attacks on WSN?
In general, attacks can be divided into
active and passive attacks:
Active
Attack
In this type of attack, the attacker
actively participates in all forms of communication (control and data) and may modify,
delete, reorder, and replay messages or even send spoofed illicit messages to
nodes in the network. Some other active attacks include node capturing,
tampering with routing information, and resource exhaustion attacks.
Passive
Attack
In this type of attack, the attacker is
able to intercept and monitor data between communicating nodes, but does not tamper
or modify packets for fear of raising suspicion of malicious activity among the
nodes.
13.
Write about Signature algorithms in LAN security.
Signature analysis is based on the
following algorithms:
- Pattern
matching
- Stateful
pattern matching
- Protocol
decode-based analysis
- Heuristic-based
analysis
- Anomaly-based
analysis
14.
Write a difference between single mode vs. multimode.
|
Specification
|
Single mode fiber
|
Multimode fiber
|
|
Definition
|
Single-mode fiber has a narrow core,
allowing only a single mode of light to propagate within the core
|
Multimode has a wide core and allows
multiple modes of light to propagate
|
|
Outside diameter
|
125 microns
|
125 microns
|
|
Core size
|
core size between 8 and 10
micorns
|
core size between 62.5 μm OM1 and 50 μm
OM2.
|
|
Cost of fiber
|
Less Expensive
|
Expensive
|
|
Transmission wavelengths
|
1260 nm to 1640 nm
|
850 nm to 1300 nm
|
|
Advantages/disadvantages
|
Provides higher performance, but building the network is
expensive.
|
The fiber is
more costly, but the network deployment is relatively inexpensive.
|
15. Give
diagrammatic representations for deployment architecture of optical wireless
security.
Mesh Ring Point to Point
16.
Write about IR plan
An Incident Response (IR) Plan is a
detailed set of processes and procedures that anticipate, detect, and mitigate
the impact of an unexpected event that might compromise information resources
and assets. It consists of six major phases.
- Preparation:
Planning and readying in the event of a security incident.
- Identification.
To identify a set of events that have some negative impact on the business
and can be considered a security incident.
- Containment:
During this phase the security incident has been identified and action is
required to mitigate its potential damage.
- Eradication:
After it’s contained, the incident must be eradicated and studied to make
sure it has been thoroughly removed from the system.
- Recovery:
Bringing the business and assets involved in the security incident back to
normal operations.
- Lessons
learned: A thorough review of how the incident occurred and the actions
taken to respond to it where the lessons learned get applied to future
incidents.
17.
Write the three Access control models.
Three main access control models are in use
today: RBAC, DAC, and MAC
Role-Based Access Control (RBAC)
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
18.
Write about Network based Intrusion detection system.
Network-based intrusion detection systems
(NIDS) have been the workhorse of information security technology(figure). NIDS
function in one of three modes:
- Signature
detection
- Anomaly
detection, and
- Hybrid
19.
What are the four types of evidence in Cyber Forensics In The Court System?
There are
four types of evidence
1.
Documentary evidence
2.
Real evidence
3.
Witness testimony
4.
Demonstrative evidence
20. Write about Data Retention policies.
This
leads us directly into data retention policies, A rigorous data retention
policy will prevent the exposure of
outdated and irrelevant files. Deleted files are a security concern because
they may still be extant. The following items present deleted data security
challenges:
1. Email
databases.
2. SQL
log files.
3.
Decommissioned servers.
4. Old
backup tapes.
5.
Forgotten share locations
21. Define Cyberforensics.
Cyber
forensics is the acquisition, preservation, and analysis of electronically
stored information (ESI) in such a way that ensures its admissibility for use
as either evidence, exhibits, or demonstratives in a court of law.
22. Write about Plaintiffs and
defendants.
When
someone, an individual or an organization, decides it has a claim of money or
damages against another individual or entity, they file a claim in court. The
group filing the claim is the plaintiff,
the other parties are the defendants.
23. Define P3P policy.
P3P
(Platform for Privacy Preferences Project) allows Web sites to declare their
privacy ractices in a standard and machine-readable XML format known as P3P policy. A P3P policy contains
the specification of the data it protects, the data recipients allowed to
access the private data, consequences of data release, purposes of data
collection, data retention policy, and dispute resolution mechanisms.
24. Mention the advantages of Tor over
AN.ON
Advantages
of Tor over AN.ON are as follows:
1. Tor
provides forward secrecy.
2. It is
easy to set up new onion routers (“mixes”), which are run by many volunteers
all over the world.
3. There
are lower performance requirements for each “mix.”
4. Each
mix is a possible bottleneck, however, in Tor, “mixes” that do not perform can
be excluded from the dynamic routing.
25. Define onion routing. What are three
phases in which onion routing protocol works?
Onion
routing is intended to provide real-time bidirectional
anonymous connections that are resistant to both eavesdropping and
traffic analysis in a way that is transparent to applications.
The onion
router infrastructure, the onion routing protocol works in three phases:
- Anonymous connection setup
- Communication through the anonymous
connection
- Anonymous connection destruction
