Module 3 open book written assignment lalita
docx
keyboard_arrow_up
School
College of New Caledonia *
*We aren’t endorsed by this school
Course
165
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
7
Uploaded by LieutenantBison2599
Module 3 open book written assignment.
Students name: Lalita Lalita
Descriptions: Give a brief description of the following.
Asset
: An asset is anything of value to the organization. It includes people, equipment, resources, and data.
Vulnerability
: A vulnerability is a weakness in a system, or its design, that could be exploited by a threat.
Threat: A threat is a potential danger to a company’s assets, data, or network functionality
.
Exploit: An exploit is a mechanism that takes advantage of a vulnerability.
Mitigation
: Mitigation is the counter-measure that reduces the likelihood or severity of a potential threat or risk. Network security involves multiple mitigation techniques.
Risk
: Risk is the likelihood of a threat to exploit the vulnerability of an asset, with the aim of negatively affecting an organization. Risk is measured using the probability of the occurrence
of an event and its consequences.
.
Attack Vector
: An
attack vector
is a path by which a threat actor can gain access to a server, host, or network.
Attack vector originate from inside or outside the corporate network
DoS: Trojan horse slows or halts network activity
.
DoS attack: A DoS attack prevents normal use of a computer or network by valid users. A DoS attack can flood a computer or the entire network with traffic until a shutdown occurs because of the overload
White Hat Hacker: These are ethical hackers who use their programming skills for good, ethical, and legal purposes. White hat hackers may perform network penetration tests in an attempt to compromise networks and systems by using their knowledge of computer security
systems to discover network vulnerabilities.
.
Grey Hat Hacker: These are individuals who commit crimes and do arguably unethical things, but not for personal gain or to cause damage. Gray hat hackers may disclose a vulnerability to the affected organization after having compromised their network.
Black Hat Hackers: These are unethical criminals who compromise computer and network security for personal gain, or for malicious reasons, such as attacking networks.
Vulnerability Broker
: These are usually gray hat hackers who attempt to discover exploits
and report them to vendors, sometimes for prizes or rewards.
Packet Sniffers: These tools are used to capture and analyze packets within traditional Ethernet LANs or WLANs. Tools include Wireshark, Tcpdump, Ettercap, Dsniff, EtherApe, Paros, Fiddler, Ratproxy, and SSLstrip
Fuzzers: Fuzzers are tools used by threat actors to discover a computer’s security vulnerabilities. Examples of fuzzers include Skipfish, Wapiti, and W3af
.
Vulnerability Exploitation Tools: These tools identify whether a remote host is vulnerable to a security attack. Examples of vulnerability exploitation tools include Metasploit, Core Impact.
.
Viruses: The first and most common type of computer malware is a virus. Viruses require human action to propagate and infect other computers. For example, a virus can infect a computer when a victim opens an email attachment, opens a file on a USB drive, or downloads a file.
.
Trojan Horse
:
A Trojan horse is a program that looks useful but also carries malicious code. Trojan horses are often provided with free online programs such as computer games. Unsuspecting users download and install the game, along with the Trojan horse.
.
Pretexting: A threat actor pretends to need personal or financial data to confirm the identity of the recipient
Phishing: A threat actor sends fraudulent email which is disguised as being from a legitimate, trusted source to trick the recipient into installing malware on their device, or to share personal or financial information.
Spear phishing
: A threat actor creates a targeted phishing attack tailored for a specific individual or organization
Spam: Also known as junk mail, this is unsolicited email which often contains harmful links, malware, or deceptive content.
Baiting: A threat actor leaves a malware infected flash drive in a public location. A victim finds the drive and unsuspectingly inserts it into their laptop, unintentionally installing malware.
Man
-
in-the-middle: Threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication. They could eavesdrop by inspecting captured packets, or alter packets and forward them to their original destination.
TCP Services:
TCP SYN Flood Attack: The TCP SYN Flood attack exploits the TCP three-way handshake. a threat actor continually sending TCP SYN session request packets with a randomly spoofed source IP address to a target. The target device replies with a TCP SYN-ACK packet to the spoofed IP address and waits for a TCP ACK packet. Those responses never arrive. Eventually the target host is overwhelmed with half-open TCP connections, and TCP services are denied to legitimate users.
TCP Reset Attack
: A TCP reset attack can be used to terminate TCP communications between two hosts. TCP can terminate a connection in a civilized (i.e., normal) manner and uncivilized (i.e., abrupt) manner
.
UDP Flood Attacks: . In a UDP flood attack, all the resources on a network are consumed. The threat actor must use a tool like UDP Unicorn or Low Orbit Ion Cannon. These tools send a flood of UDP packets, often from a spoofed host, to a server on the subnet.
ASA Firewall
: network security device ensures that internal traffic can go out and come back, but external traffic cannot initiate connections to inside hosts
.
IPS
: To defend against fast-moving and evolving attacks, you may need cost-effective detection and prevention systems, such as intrusion detection systems (IDS), or the more scalable intrusion prevention systems (IPS). The network architecture integrates these solutions into the entry and exit points of the network.
ESA/WSA
: The Cisco Email Security Appliance (ESA) is a special device designed to monitor Simple Mail Transfer Protocol (SMTP). The Cisco ESA is constantly updated by real-
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
time feeds from the Cisco Talos, which detects and correlates threats and solutions by using a worldwide database monitoring system. The Cisco Web Security Appliance (WSA) is a mitigation technology for web-based threats. It helps organizations address the challenges of
securing and controlling web traffic. The Cisco WSA combines advanced malware protection, application visibility and control, acceptable use policy controls, and reporting
.
AAA Server: network security device contains a secure database of who is authorized to access and manage network devices
Questions:
1.
Which penetration testing tool uses algorithm schemes to encode the data, which then prevents access to the data?
Encryption Tools
2.
Which penetration testing tool is used by black hats to reverse engineer binary files when writing exploits?
Debuggers
3.
Which penetration testing tool is used to probe and test a firewall’s robustness?
Packet Crafting Tools
4.
Which penetration testing tool is used by white hat hackers to sniff out any trace of evidence existing in a computer?
Forensic tools
5.
Which penetration testing tool identifies whether a remote host is susceptible to a security attack?
Vulnerability Exploitation Tools
6.
Which malware executes arbitrary code and installs copies of itself in the memory of the infected computer? The main purpose of this malware is to automatically replicate from system to system across the network.
Worm
7.
Which malware typically displays annoying pop-ups to generate revenue for its author?
Adware
8.
Which malware is installed on a compromised system and provides privileged access to the threat actor?
Rootkit
9.
List 5 Reconnaissance Attack Technique below
Perform an information query of a target
Initiate a ping sweep of the target network
Initiate a port scan of active IP addresses
Run vulnerability scanners
Run exploitation tools
More Questions.
1.
Which security term is used to describe a potential danger to a company’s assets, data or network functionality.
Threat
2.
What is the purpose of initiating a port scan of active IP addresses?
This is used to determine which ports or services are available.
3.
Name at least 4 Access Attack methods.
Trust exploitations
Port redirections
Man-in-the-middle attacks
Buffer overflow attacks
4.
Which encryption method repeats an algorithm process three times and is considered very trustworthy when implemented using very short key lifetimes?
Triple DES (Data Encryption Standard).
5.
Which encryption method encrypts plaintext one byte or one bit at a time?
Stream cipher.
6.
Which encryption method uses the same key to encrypt and decrypt data?
Symmetric key encryption.
7.
Which encryption method is a stream cipher and is used to secure web traffic in SSL and TLS?
RC4
Module exam questions
8.
The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?
Distributed Denial of Service (DDoS) attack
9.
What causes a buffer overflow?
A buffer overflow occurs when a program writes more data to a buffer than it can hold, thereby overwriting adjacent memory space. This often happens due to insufficient bounds checking in the code
10.
Which objective of secure communications is achieved by encrypting data?
Confidentiality
11.
What type of malware has the primary objective of spreading across the network?
Worms
12.
What three items are components of the CIA triad? (Choose three.).
Confidentiality, Integrity, and Availability
13.
What specialized network device is responsible for enforcing access control policies between networks?
A firewall is typically responsible for enforcing access control policies between networks
14.
To which category of security attacks does man-in-the-middle belong?
Man-in-the-middle attacks belong to the category of Eavesdropping or Interception attacks.
15.
What is the role of an IPS?
Intrusion Prevention System (IPS) monitors network and/or system activities for malicious activity, logs information about such activities, reports it, and tries to block or stop it
16.
Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?
This describes a DNS poisoning attack, specifically through the creation of fraudulent subdomains
17.
Which two types of hackers are typically classified as grey hat hackers? (Choose two.).
Vulnerability Broker
Hacktivists
18.
What is a significant characteristic of virus malware?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
A virus is a type of malware that attaches itself to a legitimate program and executes malicious code when that program is run.
19.
A cleaner attempt to enter a computer lab but is denied entry by the receptionist because there is no scheduled cleaning for that day. What type of attack was just prevented?
Pretexting or Impersonation.