How do wireless IDSs get their data?

How do wireless IDSs get their data?

Answer: In centralized wireless intrusion detection system, each access point becomes a wireless IDS agent, sending appropriate information to the central wireless IDS console. The console transfers the data to an IDS database. It also sorts through data in the database to find indications of problems.

What is the purpose of a wireless IDS?

What is the purpose of a wireless IDS?

Answer: It is to collect data from wireless access points that can be used to detect attacks.

How long must passphrases be for adequate security?

How long must passphrases be for adequate security?

Answer: Passphrases must be at least 20 characters long for adequate security, but preferably greater than 20 characters.

How are PSK/personal keys generated?

How are PSK/personal keys generated?

Answer: The administrator types a passphrase into every client and into the access point.

Why is using a shared initial key not dangerous?

Why is using a shared initial key not dangerous?

Answer: This key is used only briefly, when a client first authenticates itself to the access point. The access point sends the client a session key for use during the session. With only a few messages transmitted using the shared initial key, it is impossible for a cryptanalyst to discover the shared initial key.

How do users in this mode authenticate themselves to the access point?

How do users in this mode authenticate themselves to the access point?

Answer: In the PSK mode, users authenticate themselves to the access point via the use of a single, shared initial key.

What mode was created for homes or very small businesses with a single access point?

What mode was created for homes or very small businesses with a single access point?

Answer: PSK/personal mode

Despite its security weaknesses, why do many companies continue to use WPA instead of 802.11i?

Despite its security weaknesses, why do many companies continue to use WPA instead of 802.11i?

Answer: Companies still use WPA instead of WPA2 to avoid the cost of reconfiguring all access points and wireless clients to support WPA2.

What does the Wi-Fi Alliance call 802.11i?

What does the Wi-Fi Alliance call 802.11i?

Answer: WPA2

Compare WPA and 802.11i security.

Compare WPA and 802.11i security.

Answer: WPA uses the relatively weak RC4 cipher in encryption for confidentiality and uses the only moderately strong Temporal Key Integrity Protocol (TKIP) for keying and rekeying. Although there have been no published cracks for WPA as a whole, at least at the time of this writing, TKIP has been partially cracked, and security professionals are uncomfortable with WPA's security methods.

What prompted the Wi-Fi Alliance to create WPA?

What prompted the Wi-Fi Alliance to create WPA?

Answer: The inadequacy of WEP (which can be cracked in minutes) caused many companies to freeze WLAN deployment and in some cases turn off existing WLANs. This wide scale lack of trust in WLAN security prompted the Wi-Fi Alliance to create WPA.

Should corporations today use WEP for security today?

Should corporations today use WEP for security today?

Answer: No. Given how easily and quickly WEP can be cracked, it makes no sense for corporations to use WEP today. In fact, it only gives a false sense of security, which may be worse than no security at all.

How long may WEP take to crack today?

How long may WEP take to crack today?

Answer: If a company encrypts a large enough volume of traffic with the same secret key, the attacker can often compute the entire secret key in two or three minutes.

What mistake did the 802.11 Working Group make in selecting the length of the IV?

What mistake did the 802.11 Working Group make in selecting the length of the IV?

Answer: The 802.11 Working Group's mistake was making IVs too short (only 24 bits long).

What per-frame key does a WEP computer or access point use to encrypt when it transmits?

What per-frame key does a WEP computer or access point use to encrypt when it transmits?

Answer: WEP encrypts each frame with a per-frame key that consists of the shared RC4 key plus a 24-bit initialization vector (IV) that is different for each frame.

Why are permanent shared keys undesirable?

Why are permanent shared keys undesirable?

Answer: Permanent shared keys are undesirable because in large firms that have many access points sharing the same WEP key, the practical difficulties in changing everyone's key means that shared keys are almost never changed. In addition, because "everybody knows" the key, people share the key freely even when they are told not to. Worst of all, if a company fires a disgruntled employee, it must change the key on every access point for which the employee may know the key. In many cases, changing the key will be prohibitively expensive and will inconvenience many workers.

What encryption algorithm does it use?

What encryption algorithm does it use?

Answer: WEP uses RC4.

What was the first core wireless security standard?

What was the first core wireless security standard?

Answer: Wired equivalent privacy (WEP)

Is 802.11i security strong? Explain.

Is 802.11i security strong? Explain.

Answer: 802.11i security is very strong. 802.11i not only provides authentication, but it supplies all of the protections expected in a strong cryptographic security system. By using 128bit AES, 802.11i ensures a robust symmetric encryption cipher for confidentiality. 802.11i also uses the strong AES-CCMP standard for automatic and frequent rekeying.

Distinguish between their options for inner authentication.

Distinguish between their options for inner authentication.

Answer: For EAP/TLS, the inner authentication also uses TLS. For PEAP, the client can use any method specified in the EAP standard, ranging from passwords through digital certificates.

What two extended EAP protocols are popular today?

What two extended EAP protocols are popular today?

Answer: EAP/TLS and PEAP

What authentication method or methods does outer authentication use?

What authentication method or methods does outer authentication use?

Answer: Outer authentication uses SSL/TSL.

For 802.11i, distinguish between outer and inner authentication.

For 802.11i, distinguish between outer and inner authentication.

Answer: Outer authentication in 802.11i consists of the client authenticating itself to the access point by establishing an SSL/TSL connection. Inner authentication follows outer authentication and occurs when the wireless client authenticates itself with the central authentication server using EAP, within the protection of SSL/TLS.

What standard did the 802.3 Working Group create to extend 802.1X operation to WLANs with security for EAP?

What standard did the 802.3 Working Group create to extend 802.1X operation to WLANs with security for EAP?

Answer: 802.11i

Why is it impossible to extend 802.1X operation using EAP directly to WLANs?

Why is it impossible to extend 802.1X operation using EAP directly to WLANs?

Answer: EAP assumes that the connection between the supplicant and authenticator is secure, which is not the case in wireless transmission. Thus, 802.1X operation using EAP cannot be directly extended to WLANs.

What would happen if a wireless network were flooded with CTS frames?

What would happen if a wireless network were flooded with CTS frames?

Answer: A flood of CTS frames with long transmission durations keeps other clients waiting. A flood of RTS frames produces a flood of CTS frames. Both produce an effective DoS attack on the wireless network. Again, these messages are not authenticated.

What type of attack commands could be sent to cause a wireless DoS attack?

What type of attack commands could be sent to cause a wireless DoS attack?

Answer: An attacker could use packet injection to send spoofed deauthenticate messages to the AP. The spoofed source addresses would correspond to each wireless client on the WLAN. The deauthenticate message says that the sender wants to terminate the authenticated connection. The victim must reauthenticate with the AP before it can communicate.

What device could be used to identify a DoS flood if the entire frequency is being flooded by EMI?

What device could be used to identify a DoS flood if the entire frequency is being flooded by EMI?

Answer: Network administrators can use wireless spectrum analyzers to identify DoS floods. Spectrum analyzers record all signals, including packet transmissions, within a given radio frequency band.

What type of devices could be used to flood the transmission frequency for a WLAN?

What type of devices could be used to flood the transmission frequency for a WLAN?

Answer: Attackers can use common household items such as baby monitors, cordless phones, or Bluetooth devices to interfere with an 802.11 network. Attackers can also use commercial jamming devices.

How would a wireless DoS attack be carried out?

How would a wireless DoS attack be carried out?

Answer: Wireless DoS attacks can be carried out by 1) flooding the frequency being used, 2) flooding the AP with too many packets, and 3) continually sending "disassociate" packets to all internal wireless clients.

How can the danger of evil twin attacks be addressed?

How can the danger of evil twin attacks be addressed?

Answer: The danger of evil twin attacks can be eliminated by requiring remote clients to establish VPN connections with VPN gateways prior to gaining access to network resources. Remote access VPN connection setup requires a pre-shared key on the client and VPN gateway, and this pre-shared key is never transmitted during authentication, thus defeating the evil twin's ability to copy credentials and keying information.

In what two types of attacks can the evil twin engage?

In what two types of attacks can the evil twin engage?

Answer: It can capture credentials transmissions and keys and it can also send packets of its own, impersonating the victim client.

What happens when the legitimate supplicant sends credentials to the legitimate access point?

What happens when the legitimate supplicant sends credentials to the legitimate access point?

Answer: The evil twin access point will intercept all traffic passing through it, including credentials and keys that will later on give it permission to decrypt and encrypt any messages passing through.

Physically, what is an evil twin access point?

Physically, what is an evil twin access point?

Answer: An evil twin access point is simply a PC that has software to allow it to masquerade as an access point.

What man-in-the-middle attack is a danger for 802.11 WLANs?

What man-in-the-middle attack is a danger for 802.11 WLANs?

Answer: The most dangerous man-in-the-middle attack for 802.11 WLANs is the evil twin access point. An evil twin access point is simply a PC that has software that allows it to masquerade as a legitimate access point. The evil twin will pass traffic to legitimate access points transparently, retaining copies of important data sent from the host and a legitimate access point. Evil twin access points can intercept messages during and after security setup, allowing the evil twin to have the necessary keys to decrypt all traffic during a specific session.

Are you liable if someone else uses your wireless network to commit a crime? Why, or why not?

Are you liable if someone else uses your wireless network to commit a crime? Why, or why not?

Answer: At the time of this writing, it appears that you are likely not liable for crimes committed by criminals using your wireless network if you attempted to secure it. However, it's unknown if you could be liable for criminal acts performed through an unprotected network. In either case, your ISP can immediately discontinue your service.

Give examples of both internal and external harm caused by unauthorized wireless access.

Give examples of both internal and external harm caused by unauthorized wireless access.

Internally, attackers have greater access to information, resources, and other network traffic. They can covertly steal confidential information, read and record network traffic, alter network devices, or plant malware on targeted clients or servers. They may also have access to network shares that were assumed to be protected behind the firewall.
An attacker could anonymously download, upload, and store illegal content via the wireless network. Even worse, the network could be used as a launching pad for an external attack.

Who would set up a rogue access point? Why?

Who would set up a rogue access point? Why?

Answer: Rogue access points are unauthorized access points set up by individuals or departments with little or no security. They are typically set up by internal employees for convenience, without knowing the ramifications of an unsecured wireless AP.

What is the difference between an open network and a private network?

What is the difference between an open network and a private network?

Answer: Open networks can be legally accessed by anyone, but private networks do not allow access unless specifically authorized.

What is the typical range of a WLAN?

What is the typical range of a WLAN?

Answer: Wireless 802.11 networks typically have a range of 30 to 100 meters extending in all directions from the AP.

Which device acts as a relay between wired and wireless networks?

Which device acts as a relay between wired and wireless networks?

Answer: An access point

Which IEEE standard governs WLAN transmission?

Which IEEE standard governs WLAN transmission?

Answer: IEEE 802.11

What is the most common attack against wireless networks? Why?

What is the most common attack against wireless networks? Why?

Answer: The most common attack against wireless networks is unauthorized access, or connecting to a network without permission.

What authentication method does RADIUS use?

What authentication method does RADIUS use?

Answer: EAP

How are EAP and RADIUS related in terms of functionality?

How are EAP and RADIUS related in terms of functionality?

Answer: RADIUS is an AAA server that uses EAP for authentication.

What standard do most central authentication servers follow?

What standard do most central authentication servers follow?

Answer: Most central authentication servers are governed by the RADIUS standard.

Why is there no need to change the operation of the authenticator when a new EAP authentication method is added or an old EAP authentication mode is dropped?

Why is there no need to change the operation of the authenticator when a new EAP authentication method is added or an old EAP authentication mode is dropped?

Answer: The software on the authenticator (workgroup switch) does not have to be changed. It merely passes request and response messages through. This is good because a network will have many workgroup switches.

Why is this freedom from the need to make changes in the switch beneficial?

Why is this freedom from the need to make changes in the switch beneficial?

Answer: The freedom to make changes in authentication protocols is beneficial because it reduces costs that would normally be associated with upgrading authenticators if they were tied to specific authentication methods.

When a new authentication method is added, what device software must be changed to use the new method?

When a new authentication method is added, what device software must be changed to use the new method?

When a new authentication method is added, the central authentication server and supplicant both need to implement the new method.

When a new authentication method is added, what device software must be changed to use the new method?

When a new authentication method is added, what device software must be changed to use the new method?

Answer: When a new authentication method is added, the central authentication server and supplicant both need to implement the new method.

In what sense is EAP extensible?

In what sense is EAP extensible?

EAP is considered extensible because it is easy to add new authentication methods to EAP (such as smart cards, MS-CHAP, Diffie-Helman, etc.) without modification of the general format of the underlying EAP messages. Only the contents are modified by the authentication method chosen.

How does the authenticator pass this information on to the supplicant?

How does the authenticator pass this information on to the supplicant?

Answer: How the authenticator notifies the client of authentication success or failure is outside the scope of EAP.

Describe how the central authentication server tells the authenticator that the supplicant is acceptable.

Describe how the central authentication server tells the authenticator that the supplicant is acceptable.

It sends an EAP accept message if the supplicant is acceptable, but it sends an EAP failure message if the supplicant is not.

What types of messages carry requests for authentication information and responses to these requests?

What types of messages carry requests for authentication information and responses to these requests?

Answer: EAP request and response messages.

How does an EAP session start?

How does an EAP session start?

Answer: When a switch senses a connection, it sends an EAP Start message to the RADIUS server. This begins the EAP session.

Which device is called the authenticator?

Which device is called the authenticator?

The Extensible Authentication Protocol (EAP)

Which device is the verifier? Explain. (Tricky question.)

Which device is the verifier? Explain. (Tricky question.)

There is no verifier in 802.1X. Instead, the verifier responsibilities are shared between the workgroup switch, known as the authenticator, and the central authentication server.

What are the three benefits of using a central authentication server?

What are the three benefits of using a central authentication server?

Reduced cost: Having a central authentication server reduces the work required to maintain multiple authentication databases updated, as well as reduces the authentication processing on individual switches.
Consistency: Credentials are checked against the same authentication database every time, versus relying on possibly outdated authentication databases residing on switches throughout the network.
Immediacy: Central authentication allows the ability to rapidly change access controls, which is especially important when trying to restrict access to a recently fired employee or rogue PC that may be negatively impacting the network.

Where is the heavy authentication work done?

Where is the heavy authentication work done?

The heavy authentication work is done on a central authentication server, rather than on the switch.

Why is 802.1X called Port-Based Access Control?

Why is 802.1X called Port-Based Access Control?

802.1X is called Port-Based Access Control because security is implemented on specific ports of an Ethernet workgroup switch.

Is eavesdropping usually a concern for wired LANs, wireless LANs, or both? It is a concern in both, but it is a rare concern in wired LANs and a common concern with wireless LANs.

Is eavesdropping usually a concern for wired LANs, wireless LANs, or both?

It is a concern in both, but it is a rare concern in wired LANs and a common concern with wireless LANs.

Why is the access threat to wireless LANs more severe? The intruder does not even have to enter the building, as he or she needs to do in wired LANs. In WLANs, attackers can connect to unprotected (or poorly protected) wireless access points and bypass border router security from outside of the physical premises of the company.

Why is the access threat to wireless LANs more severe?

The intruder does not even have to enter the building, as he or she needs to do in wired LANs. In WLANs, attackers can connect to unprotected (or poorly protected) wireless access points and bypass border router security from outside of the physical premises of the company.

What is the main access threat to wireless LANs?

What is the main access threat to wireless LANs?

An intruder can connect by radio to an unprotected wireless access point.

What is the main access threat to Ethernet LANs?

What is the main access threat to Ethernet LANs?

Traditionally, Ethernet LANs offered no access security. Any intruder who entered a corporate building could walk up to any wall jack and plug in a notebook computer. The intruder would then have unfettered access to the LAN's computers, bypassing the site's border firewall. This was a complete breakdown in access control.

Could a rogue router direct internal traffic to an outside rogue DNS server? How?

Could a rogue router direct internal traffic to an outside rogue DNS server? How?

Yes, the rogue router can assign a false DNS server to internal hosts as part of the SLAAC attack. A false DNS server would allow an attacker to redirect all internal traffic to any number of phishing sites.

Would a SLAAC attack work on an existing IPv6 network? Why not?

Would a SLAAC attack work on an existing IPv6 network? Why not?

No, the attack would only work on existing IPv4 networks. If the attack were tried on an existing IPv6 network, the network administrator would immediately see conflicts. The network administrator could also assign a specific (legitimate) internal DHCP server (IPv6) to each host.

What has to be introduced to a network for a SLAAC attack to work?

What has to be introduced to a network for a SLAAC attack to work?

With the physical introduction of a rogue IPv6 router, all internal traffic is automatically rerouted (Step 1). This happens because the rogue router advertises its presence on the network using Router Advertisement (RA) messages over ICMPv6 (Step 2). Hosts receive RAs and automatically derive their IPv6 address using a process called Stateless Address Auto Configuration (SLAAC).

Why do host automatically prefer IPv6 addressing?

Why do host automatically prefer IPv6 addressing?

Traffic on the existing IPv4 network is rerouted through the rogue IPv6 router because all newer operating systems are configured by default to prefer IPv6 networks. Microsoft Windows 7, Microsoft Server 2008, and Apple OS X all ship with IPv6 fully enabled.

What is a SLAAC attack?

What is a SLAAC attack?

A Stateless Address Auto Configuration (SLAAC) attack is an attack on the functionality and confidentiality of a network. This attack occurs when a rogue IPv6 router is introduced to an IPv4 network. All traffic is automatically rerouted through the IPv6 router, creating the potential for a MITM attack.

Why would limiting local access prevent DoS attacks?

Why would limiting local access prevent DoS attacks?

Limiting local access would prevent ARP DoS attacks because foreign hosts would not be able to send packets to internal hosts.

Can static IP and ARP tables be effectively used in large networks? Why not?

Can static IP and ARP tables be effectively used in large networks? Why not?

Most organizations are too large, change too quickly, and lack the experience to effectively manage static IP and ARP tables. The workload would be overwhelming.

How can static IP and ARP tables be used to prevent ARP poisoning?

How can static IP and ARP tables be used to prevent ARP poisoning?

ARP poisoning can be prevented by using static IP tables and static ARP tables. Static ARP tables are manually set and cannot be dynamically updated using ARP. Each computer has a known static IP address that does not change. All hosts on the LAN know which IP address is assigned to each MAC address (host).

How can ARP poisoning be used as a DoS attack?

How can ARP poisoning be used as a DoS attack?

Spoofed ARP replies can be used to stop all traffic on the local network as part of an ARP DoS attack. The attacker sends all internal hosts a continuous stream of unsolicited spoofed ARP replies, saying the gateway (10.0.0.4) is at E5-E5-E5-E5-E5-E5 (Step 1). Hosts record the gateway's IP address and nonexistent MAC address (Step 2).

Why does all network traffic go through the attacker after poisoning the network?

Why does all network traffic go through the attacker after poisoning the network?

If the attacker has successfully used spoofed ARP replies to record false entries in the ARP tables for all internal hosts and the gateway, all traffic sent from internal hosts to the gateway will go to the attacker (Step 4). All traffic from the gateway will also go through the attacker and is now redirected through the computer as part of a MITM attack (Step 5).

Does the attacker have to poison the gateway's ARP tables too? Why?

Does the attacker have to poison the gateway's ARP tables too? Why?

Yes, after the attacker has successfully rerouted the host traffic, it needs to reroute the traffic coming to, and from, the gateway. It uses a similarly spoofed ARP reply to poison the gateway. The attacker sends a continuous stream of spoofed ARP replies to the gateway, telling it that all other internal hosts are at C3-C3-C3-C3-C3-C3 (Step 3).

Do switches record IP addresses? Why not?

Do switches record IP addresses? Why not?

Switches only look at MAC addresses. They cannot identify the incorrect ARP resolution being pushed out to all other hosts. They merely forward all packets based on the MAC address. They do not look at the IP address on the packet.

Why does the attacker have to send a continuous stream of unrequested ARP replies?

Why does the attacker have to send a continuous stream of unrequested ARP replies?

The attacker must send a continuous stream of unsolicited ARP replies to all hosts on the LAN. Otherwise, all hosts would quickly resolve the true MAC addresses of all other hosts on the network.

Explain ARP poisoning? ARP poisoning can be used to reroute traffic for a MITM attack by sending unsolicited false ARP replies to all other hosts. An attacker can force hosts to erroneously mismatch MAC addresses and IP addresses. Essentially, the attacker can reroute all internal traffic as desired.

Explain ARP poisoning?

ARP poisoning can be used to reroute traffic for a MITM attack by sending unsolicited false ARP replies to all other hosts. An attacker can force hosts to erroneously mismatch MAC addresses and IP addresses. Essentially, the attacker can reroute all internal traffic as desired.

How could an attacker use ARP spoofing to manipulate host ARP tables?

How could an attacker use ARP spoofing to manipulate host ARP tables?

ARP requests and replies do not require authentication or verification. All hosts trust all ARP replies. Spoofed ARP replies are broadcast to other hosts on the LAN. This allows an attacker to manipulate ARP tables on all LAN hosts.

What is ARP spoofing?

What is ARP spoofing?

ARP spoofing uses false ARP replies to map any IP address to any MAC address. Spoofed ARP replies can be broadcast to other hosts on the LAN

Why do hosts send ARP requests?

Why do hosts send ARP requests?

If a host (gateway) receives a packet addressed to an internal host (10.0.0.1) it sends an ARP request to every host on the LAN, asking if they have that IP address (Step 1). Only the host that has the requested IP address responds. All other hosts ignore the request (Step 2). Thus, hosts use ARP requests to resolve IP addresses into MAC addresses.

Can ARP poisoning be used outside the LAN? Why not?

Can ARP poisoning be used outside the LAN? Why not?

Typically not. Packets with IP addresses not on that LAN are redirected out of the network. ARP requests are only sent on the LAN.

Why do hosts use ARP?

Why do hosts use ARP?

Address Resolution Protocol (ARP) is used to resolve 32-bit IP addresses (e.g., 55.91.56.21) into 48-bit local MAC addresses (e.g., 01-1C-23-0E-1D-41). Hosts on the same network must know each other's MAC addresses before they can send and receive packets using IP addresses. Hosts build ARP tables by sending ARP requests and replies to each other.

Why is DoS protection a community problem, not just a problem for individual victim firms to solve?

Why is DoS protection a community problem, not just a problem for individual victim firms to solve?

DoS attacks are community problems that can only be stopped with the help of ISPs and organizations whose computers are taken over as bots and used to attack other firms. DoS attacks may unintentionally originate from an unsuspecting firm. Working together, firms can stop attacks from leaving their organizations, before they even reach their target.

Why is it limited in effectiveness?

Why is it limited in effectiveness?

Rate limiting frustrates both attackers and legitimate users. It helps, but it does not solve the problem.

Why is rate limiting a good way to reduce the damage of some DoS attacks?

Why is rate limiting a good way to reduce the damage of some DoS attacks?

Rate limiting can be used to reduce a certain type of traffic to a reasonable amount. This is good if an attack is aimed at a single server because it keeps transmission lines at least partially open for other communication.

What is a false opening?

What is a false opening?

False opens occur when a SYN segment arrives and the firewall itself sends back a SYN/ACK segment without passing the SYN segment on to the target server.

How can the effects of SYN floods be mitigated?

How can the effects of SYN floods be mitigated?

The effects of SYN floods can be mitigated by validating the TCP handshake, rate limiting, or even black holing.

Is black holing an effective defense against DoS attacks? Why?

Is black holing an effective defense against DoS attacks? Why?

Black holing an attacker is not a good long-term strategy because attackers can quickly change source IP addresses.

What is black holing?

What is black holing?

Black holing is when a firm drops all IP packets from an attacker.

How could a malformed packet cause a host to crash?

How could a malformed packet cause a host to crash?

An attacker could send a malformed packet that will cause the victim to crash. For example, ping of death is a well-known older attack that uses an illegally large IP packet to crash the victim's operating system.

What type of packet is sent in a Smurf flood? Why?

What type of packet is sent in a Smurf flood? Why?

ICMP, the attacker benefits from a multiplier effect because a single ICMP request is responded to by multiple hosts (Step 4).

What is a Smurf flood?

What is a Smurf flood?

A Smurf flood is a variation of a reflected attack that takes advantage of an incorrectly configured network device (router) to flood a victim. The attacker sends a spoofed ICMP echo request to a network device (Step 1) that has broadcasting enabled to all internal hosts. The network device forwards the echo request to all internal hosts (Step 2). All internal hosts respond to the spoofed ICMP echo request (Step 3) and the victim is flooded

What is a DRDoS attack, and how does it work?

What is a DRDoS attack, and how does it work?

Using a botnet in a reflected attack using legitimate services is known as a distributed reflected denial-of-service (DRDoS) attack.

How does a reflected attack work?

How does a reflected attack work?

A reflected attack uses responses from legitimate services to flood a victim. The attacker sends spoofed requests to existing legitimate servers (Step 1). Servers then send all responses to the victim (Step 2). There is no redirection of traffic.

How does a P2P attack work?

How does a P2P attack work?

A peer-to-peer (P2P) redirect attack uses many hosts to overwhelm a victim using normal P2P traffic (Figure 4-7, Step 1). A P2P redirect attack differs from a traditional DDoS attack in several ways. The attacker does not have to control each of the hosts (i.e., make them bots) used to attack the victim. The attacker just needs to convince the hosts to redirect their legitimate P2P traffic (Step 2) from the P2P server to the victim (Step 3).

What does a handler do?

What does a handler do?

Handlers are an additional layer of compromised hosts that are used to manage large groups of bots. Handlers can direct bots to send a variety of different packets depending on the service being targeted.

How does a DDoS attack work?

How does a DDoS attack work?

DDoS attacks are the most common form of DoS attack that uses intermediaries to attack the victim. The attacker's identity can be hidden behind layers of bots that directly attack the victim. Second, the ability to control thousands of bots can give the attacker the resources needed to overwhelm the victim

Describe a SYN flood.

Describe a SYN flood.

A SYN flood, or half-open TCP attack, happens when the attacker sends a large number of TCP SYN segments to the victim server. Each SYN begins a TCP session opening process on the server. The server sets aside RAM and other resources for the connection. The server then sends back a SYN/ACK segment. The attacker never completes the connection opening by sending a final ACK. As the attacker sends more SYN segments, the victim host keeps setting aside resources until it crashes or refuses to provide any more connections, even to legitimate users.

What types of packets can be sent as part of a DoS attack?

What types of packets can be sent as part of a DoS attack?

A few of the types of packets that could be sent in a DoS attack include SYN, ICMP, and HTTP.

What is backscatter?

What is backscatter?

Backscatter occurs when a victim sends responses to the spoofed IP address used by the attacker, and inadvertently floods an unintended victim.

What is the difference between a direct and indirect DoS attack?

What is the difference between a direct and indirect DoS attack?

A direct attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer. An indirect attack tries to flood the victim computer in the same way, but the attacker's IP address is spoofed (i.e., faked) and the attack appears to come from another computer.

Is a slow degradation of service worse than a total stoppage? Why?

Is a slow degradation of service worse than a total stoppage? Why?

An attack that slowly degrades services is more difficult to detect because there isn't an abrupt change in service quality. Network administrators cannot see a clear distinction between genuine growth in network traffic and a progressive DoS attack. They may be forced into unnecessary capital expenditures for additional bandwidth, hardware, and software.

What are the main goals of DoS attacks?

What are the main goals of DoS attacks?

The ultimate goal of a DoS attack is to cause harm. For corporations, this can come in the form of losses related to online sales, industry reputation, employee productivity, or customer loyalty. DoS attacks can cause harm by (1) stopping a critical service or (2) slowly degrading services over time.

Other than a DoS attack, what could cause a company's webserver crash?

Other than a DoS attack, what could cause a company's webserver crash?

Faulty coding or referrals from large sites

What is a denial-of-service attack?

What is a denial-of-service attack?

A DoS attack attempts to make a server or network unavailable to legitimate users. In terms of the general goals discussed earlier, DoS attacks are ways of reducing availability.

How does the city model relate to secure networking?

How does the city model relate to secure networking?

The city model has no distinct perimeter, and there are multiple ways of entering the network. Like a real city, who you are will determine which buildings you will be able to access. In technical terms, this will mean more internal intrusion detection systems, virtual LANs, central authentication servers, and encrypted internal traffic.

What is meant by "death of the perimeter?"

What is meant by "death of the perimeter?"

The "death of the perimeter" is a phrase used by network administrators to convey the idea that creating a 100-percent secure network is impossible. They argue that it is impractical, if not impossible, to force all information in an organization through a single point in the network.

How does the castle model relate to secure networking?

How does the castle model relate to secure networking?

The traditional castle model of network defense had the good guys on the inside, and the attackers on the outside. There was a well-guarded single point of entry. All network administrators had to do was secure this point of entry and attackers

Give an example of how new technology has made networks less secure.

Give an example of how new technology has made networks less secure.

For example, newer cell phones have the ability to allow wireless laptops to tether themselves to the cell phone and share their Internet connectivity. Allowing cell phones into the corporate network completely circumvents access control procedures, firewalls, antivirus protection, data loss prevention systems, and so on.

How can information be gathered from encrypted network traffic?

How can information be gathered from encrypted network traffic?

Information transmitted during an SSL session cannot be viewed. However, the sender's IP address, receiver's IP address, the DNS request to resolve the hostname, the port numbers used, and the quantity of data sent are all visible. Even if the traffic is encrypted, the attacker can still see which websites are visited, how much data is sent or received, and which port numbers are used.

Explain the four general goals for secure networking.

Explain the four general goals for secure networking.

These four goals include availability, confidentiality, functionality, and access control.
Availability means that authorized users have access to information, services, and network resources.
Confidentiality means preventing unauthorized users from gaining information about the network's structure, data flowing across the network, network protocols used, or packet header values.
Functionality means preventing attackers from altering the capabilities or operation of the network.
Access control is the policy-driven control of access to systems, data, and dialogues.

The use of computer analysis techniques to gather evidence for criminal and/or civil trials is known as:

The use of computer analysis techniques to gather evidence for criminal and/or civil trials is known as:

a. Trojan horse
b. sniffing
c. tunneling
d. computer forensics
e. misuse detection



Answer: d. computer forensics

To snare intruders, many organizations now use _________ techniques.

To snare intruders, many organizations now use _________ techniques.

a. entrapment
b. hacker
c. Trojan horse
d. cracker
e. DES


Answer: a. entrapment

A fundamental technique to determine if an intrusion is in progress in a stable network is: a. anomaly detection b. armoring cable c. RSA algorithm d. patching e. scanning a user's fingerprint Answer: a. anomaly detection

A fundamental technique to determine if an intrusion is in progress in a stable network is:

a. anomaly detection
b. armoring cable
c. RSA algorithm
d. patching
e. scanning a user's fingerprint


Answer: a. anomaly detection

Which of the following is not a type of intrusion prevention system?

Which of the following is not a type of intrusion prevention system?

a. network-based
b. data link-based
c. application-based
d. host-based
e. none of the above is an appropriate answer


Answer: b. data link-based

Which of the following is not true about one-time passwords?

Which of the following is not true about one-time passwords?

a. Users' pagers can receive them.
b. They can be used in conjunction with a token system.
c. The user must enter the one-time password to gain access or the connection is terminated.
d. This is a good security solution for users who travel frequently and who must have secure dial-in access.
e. They create a packet level firewall on the system.



Answer: e. They create a packet level firewall on the system.

Which of the following is a mode that is used by IPSec?

Which of the following is a mode that is used by IPSec?

a. exchange
b. sniffer
c. tunnel
d. creeper
e. firefighter



Answer: c. tunnel

IP Security Protocol:

IP Security Protocol:

a. is focused on Web applications
b. is primarily used to encrypt e-mail
c. is a policy which makes public key encryption work on the Internet
d. sits between IP at the network layer and TCP/UDP at the transport layer
e. operates in entrapment mode


Answer: d. sits between IP at the network layer and TCP/UDP at the transport layer

A __________ is a trusted organization that can vouch for the authenticity of the person or the organization using the authentication.

A __________ is a trusted organization that can vouch for the authenticity of the person or the organization using the authentication.

a. disaster recovery firm
b. DES company
c. directory company
d. certificate authority
e. fingerprint advisory board



Answer: d. certificate authority

__________ provide authentication which can legally prove who sent a message over a network.

__________ provide authentication which can legally prove who sent a message over a network.

a. Digital signatures
b. DES keys
c. Directory keys
d. Screen names
e. User Ids



Answer: a. Digital signatures 

DES:

DES: 

a. is maintained by ISO
b. refers to Date Electronic Security
c. is a commonly used symmetric encryption algorithm that was developed in the mid-1970s
d. was developed by a joint effort that included Microsoft
e. is an asymmetric algorithm


Answer: c. is a commonly used symmetric encryption algorithm that was developed in the mid-1970s

A brute force attack against an encryption system:

A brute force attack against an encryption system: 

a. tries to gain access by trying every possible key
b. is called RC4
c. is also known as 3DES
d. always uses the Rijndael algorithm
e. is part of the Advanced Encryption Standard



Answer: a. tries to gain access by trying every possible key

A symmetric encryption system has two parts: the key and the ____________.

A symmetric encryption system has two parts: the key and the ____________.

a. algorithm
b. spamming method
c. IP spoofer
d. clearance code
e. smart card bits



Answer: a. algorithm 

Encryption is the process of:

Encryption is the process of: 

a. transmission of information over secure lines in analog form to prevent illegal access
b. detecting errors in messages by means of mathematical rules
c. correcting errors in message by means of mathematical rules
d. disguising information by the use of mathematical rules, known as algorithms
e. preventing errors in messages by means of logical rules



Answer: d. disguising information by the use of mathematical rules, known as algorithms 

A way to prevent intrusion by disguising information through algorithms is:

A way to prevent intrusion by disguising information through algorithms is: 

a. spoofing
b. call-back access
c. encryption
d. disk elevatoring
e. disk mirroring



Answer: c. encryption 

Spyware, adware and DDOS agents are three types of:

Spyware, adware and DDOS agents are three types of:

a. IP spoofing attacks
b. Denial-of-service attacks
c. Trojans
d. Physical security threats
e. Intrusion prevention detection approaches


Answer: c. Trojans

A security hole is a(n):

A security hole is a(n): 

a. malfunction or bug in an application program that allows data to be seen or accessed by unauthorized users
b. small peep-hole in a door or wall to allow a security guard to examine an individual before allowing that individual access to a secure area or location
c. packet-level firewall
d. missing or absent protected mode addressing restrictions on user programs during multitasking or multithreaded program execution
e. ANI system


Answer: a. malfunction or bug in an application program that allows data to be seen or accessed by unauthorized users

A(n) _________ is a type of application level firewall that is transparent so that no other computer notices that it is on the network.

A(n) _________ is a type of application level firewall that is transparent so that no other computer notices that it is on the network.

a. ANI system
b. NAT proxy server
c. IP spoofing bridge
d. packet level firewall
e. smart hub


Answer: b. NAT proxy server

A(n) ____________ acts an intermediate host computer or gateway between the Internet and the rest of the organization's networks.

A(n) ____________ acts an intermediate host computer or gateway between the Internet and the rest of the organization's networks.

a. application level firewall
b. bullion server
c. ANI system
d. IP spoofing systems
e. packet level firewall


Answer: a. application level firewall

IP spoofing means to:

IP spoofing means to: 

a. fool the target computer and any intervening firewall into believing that messages from the intruder's computer are actually coming from an authorized user inside the organization's network
b. clad or cover the internal processing (IP) lines with insulating material to shield the IP lines from excess heat or radiation
c. illegally tape or listen in on telephone conversations
d. detect and prevent denial-of-service attacks
e. act as an intermediate host computer between the Internet and the rest of the organization's networks



Answer: a. fool the target computer and any intervening firewall into believing that messages from the intruder's computer are actually coming from an authorized user inside the organization's network

A(n) ____________ examines the source and destination address of every network packet that passes through it.

A(n) ____________ examines the source and destination address of every network packet that passes through it.

a. packet level firewall
b. mullion server
c. ANI system
d. IP spoofing system
e. application level firewall


Answer: a. packet level firewall

A __________ is a router or special purpose computer that examines packets flowing into and out of a network and restricts access to the organization's network.

A __________ is a router or special purpose computer that examines packets flowing into and out of a network and restricts access to the organization's network.

a. firewall
b. token system
c. ANI
d. call-back modem
e. firefighter



Answer: a. firewall

__________ refers to the process of translating between one set of private addresses inside a network and a set of public address outside the network.

__________ refers to the process of translating between one set of private addresses inside a network and a set of public address outside the network.

a. Translation
b. Conversion
c. Network address translation
d. Proxy translation
e. IP conversion.


Answer: c. Network address translation

With ANI security control, the network manager:

With ANI security control, the network manager: 

a. uses the Authorization Notation Investigation protocol to trace only authorized user passwords
b. allows the Asynchronous NetWare Interface to act as a firewall
c. can define several remote telephone numbers authorized to access each account
d. assigns selected Access Network Invitations to users cleared for various levels of network access
e. can only define one remote telephone number authorized to access each account


Answer: c. can define several remote telephone numbers authorized to access each account

The use of a(n) _________ prevents unauthorized intruders from accessing a computer network because the host or server will only permit access via inbound calling from prespecified phone numbers.

The use of a(n) _________ prevents unauthorized intruders from accessing a computer network because the host or server will only permit access via inbound calling from prespecified phone numbers.

a. Automatic number identification
b. network cloaking device
c. call-back codec
d. Trojan horse
e. call-forward modem



Answer: a. Automatic number identification

A sniffer program is a:

A sniffer program is a: 

a. type of macro-virus
b. small peep-hole in a door or wall to allow a security guard to sniff the area with his or her nose before entering a secure area or location
c. used in a call-back modem
d. a program that records all LAN messages received for later (unauthorized) analysis
e. secure hub program


Answer: d. a program that records all LAN messages received for later

Which of the following is not a method for deterring outside intruders from gaining access to the organization's office or network equipment facilities?

Which of the following is not a method for deterring outside intruders from gaining access to the organization's office or network equipment facilities? 

a. locks on network circuits after working hours
b. passwords that disable the screen and keyboard of a computer
c. secured network cabling behind walls and above ceilings
d. use of armored cable
e. unlocked wiring closet for network devices


Answer: e. unlocked wiring closet for network devices

For Ethernet networks, a _______ switch can make eavesdropping more difficult.

For Ethernet networks, a _______ switch can make eavesdropping more difficult. 

a. secure
b. Trojan horse
c. proxy
d. spoofing
e. spamming



Answer: a. secure

Which of the following are usually the first choice for eavesdropping?

Which of the following are usually the first choice for eavesdropping? 

a. unshielded twisted pair
b. shielded twisted pair
c. local cables owned by the organization
d. infrared
e. fiber optics



Answer: d. infrared 

Which of the following type of media is least susceptible to eavesdropping?

Which of the following type of media is least susceptible to eavesdropping? 

a. fiber optics
b. twisted pair
c. microwave
d. infrared
e. coaxial cable



Answer: a. fiber optics

The three basic network access points into most organizational networks are from the Internet, from LANs inside of the organization and ________________.

The three basic network access points into most organizational networks are from the Internet, from LANs inside of the organization and ________________.

a. dial-up access through a modem
b. intranet
c. extranet
d. WAN
e. none of the above



Answer: a. dial-up access through a modem 

Which of the following is not a method for deterring intrusion?

Which of the following is not a method for deterring intrusion? 

a. training end users not to divulge passwords
b. using a smart card in conjunction with a password to gain access to a computer system
c. using biometric devices to gain access to a computer system
d. using a security software package that logs out users if that user is 'idle' for a certain amount of time
e. performing social engineering



Answer: e. performing social engineering

Which of the following is not a type of intruder who attempts to gain intrusion to computer networks?

Which of the following is not a type of intruder who attempts to gain intrusion to computer networks? 

a. Delphi team member
b. script kiddies
c. crackers
d. professional hackers
e. organization employees



Answer: a. Delphi team member

A ____________ is a situation in which a hacker attempts to disrupt the network by sending messages to the network that prevent normal users' messages from being processed.

A ____________ is a situation in which a hacker attempts to disrupt the network by sending messages to the network that prevent normal users' messages from being processed.

a. denial-of-service attack
b. service level agreement
c. virus
d. spamming
e. scamming



Answer: a. denial-of-service attack

A (n) ______ is a special type of virus that spreads itself without human intervention.

A (n) ______ is a special type of virus that spreads itself without human intervention.

a. snake
b. worm
c. Trojan horse
d. boot sector virus
e. stealth virus



Answer: b. worm

A(n) ___________ is one of the most common examples of redundancy built into a network to help reduce the impact of disruption.

A(n) ___________ is one of the most common examples of redundancy built into a network to help reduce the impact of disruption.

a. network cloaking device
b. backup punch card reader
c. uninterruptible power supply
d. service level agreement
e. help desk



Answer: c. uninterruptible power supply 

The key principle in preventing disruption, destruction and disaster is ___________.

The key principle in preventing disruption, destruction and disaster is ___________.

a. redundancy
b. control spreadsheet
c. IDS
d. anti-virus software
e. prevention controls


Answer: a. redundancy

Threat of intrusion comes from ____________.

Threat of intrusion comes from ____________.

a. the government
b. crackers
c. outside of the organization
d. both inside and outside of the organization
e. inside of the organization


Answer: d. both inside and outside of the organization

A(n) __________ is any potential adverse occurrence that can do harm, interrupt the system using the network to cause monetary loss to the organization.

A(n) __________ is any potential adverse occurrence that can do harm, interrupt the system using the network to cause monetary loss to the organization.

a. asset
b. service level agreement
c. threat
d. security plan
e. network design



Answer: c. threat

A(n) ____________, is an information system that is critical to the survival of an organization.

A(n) ____________, is an information system that is critical to the survival of an organization. 

a. network plan
b. accounting system
c. IDS
d. mission critical application
e. firewall


Answer: d. mission critical application

A(n) _________ is something of value and can be either hardware or software.

A(n) _________ is something of value and can be either hardware or software.

a. asset
b. service level agreement
c. threat
d. security plan
e. network design


Answer: a. asset

A ___________ assigns levels of risk to various threats to network security by comparing the nature of the threats to the controls designed to reduce them.

A ___________ assigns levels of risk to various threats to network security by comparing the nature of the threats to the controls designed to reduce them.

a. risk assessment
b. backplane
c. mitigating control factor analysis
d. control verification worksheet
e. control test plan


Answer: a. risk assessment

_______ controls fix a trespass into the network.

_______ controls fix a trespass into the network.

a. corrective
b. detective
c. preventive
d. mitigating
e. backup


Answer: a. corrective

________ controls discover unwanted events.

________ controls discover unwanted events.

a. preventive
b. corrective
c. detective
d. mitigating
e. backup


Answer: a. preventive

________ controls stop a person from acting.

________ controls stop a person from acting.

a. detective
b. corrective
c. mitigating
d. preventive
e. backup


Answer: d. preventive

Developing _______ helps develop a secure network.

Developing _______ helps develop a secure network.

a. rules
b. controls
c. network maps
d. vendor documentation
e. service level agreements



Answer: b. controls

A hacker gaining access to organizational data files and resources is an example of a(n) ____________ threat.

A hacker gaining access to organizational data files and resources is an example of a(n) ____________ threat.

a. disruptive
b. controlled chaos
c. disruptive
d. intrusion
e. disaster


Answer: d. intrusion

A network switch failure is an example of a(n) ________ threat.

A network switch failure is an example of a(n) ________ threat.

a. internal
b. disruptive
c. causal
d. intrusion
e. disaster


Answer: b. disruptive

Often, incidents of ___________ involve employees of the organization, surprisingly enough.

Often, incidents of ___________ involve employees of the organization, surprisingly enough.

a. intrusion
b. disruption
c. controlled chaos
d. destruction
e. disaster



Answer: a. intrusion

A tornado that eliminates a network control center would be an example of a natural __________

A tornado that eliminates a network control center would be an example of a natural __________

a. disaster
b. disruption
c. controlled chaos
d. destruction
e. intrusion



Answer: a. disaster

An example of _____ of data would be if a computer virus eliminated files on that computer.

An example of _____ of data would be if a computer virus eliminated files on that computer.

a. disruption
b. controlled chaos
c. intrusion
d. destruction
e. disaster


Answer: d. destruction

In recent years, management's concern about the adequacy of current control and security mechanisms used in a data communications environment has:

In recent years, management's concern about the adequacy of current control and security mechanisms used in a data communications environment has: 

a. decreased because the new sophisticated technology is far more secure than the old manual methods
b. remained the same because management was always deeply interest in control and security
c. decreased because of the change in moral and ethical codes in the U.S. to a kinder and gentler society
d. increased because this commitment to data communications has changed the potential vulnerability of the organization's assets
e. remained the same because there are very few threats to data communications


Answer: d. increased because this commitment to data communications has changed the potential vulnerability of the organization's assets

Which of the following is not one of the major categories (or sub-categories) into which network security threats can be placed?

Which of the following is not one of the major categories (or sub-categories) into which network security threats can be placed? 

a. disruption
b. destruction
c. controlled chaos
d. intrusion
e. disaster

Answer: c. controlled chaos

A host based intrusion prevention system (IPS) monitors activity on the server and reports intrusions to the IPS management console.

A host based intrusion prevention system (IPS) monitors activity on the server and reports intrusions to the IPS management console.

Answer: True 

The most common authentication protocol used today is Kerberos.

The most common authentication protocol used today is Kerberos.

Answer: True 

Social engineering refers to creating a team that solves virus problems.

Social engineering refers to creating a team that solves virus problems.

Answer: False

Biometric systems scan the user to ensure that the user is the sole individual authorized to access the network account.

Biometric systems scan the user to ensure that the user is the sole individual authorized to access the network account.

Answer: True 

In transport mode, IPSec encrypts the entire IP packet.

In transport mode, IPSec encrypts the entire IP packet.

Answer: False 

Secure Sockets Layer is an encryption standard designed for use on the Web.

Secure Sockets Layer is an encryption standard designed for use on the Web.

Answer: True 

A certificate authority is a trusted organization that can vouch for the authenticity of a person or organization.

A certificate authority is a trusted organization that can vouch for the authenticity of a person or organization.

Answer: True 

When using a digital signature, the sender encrypts the message with their private key and the recipient decrypts the message with the sender's public key.

When using a digital signature, the sender encrypts the message with their private key and the recipient decrypts the message with the sender's public key.

Answer: True

DES is a commonly used symmetric encryption algorithm developed in the mid-1990s by the American government in conjunction with IBM.

DES is a commonly used symmetric encryption algorithm developed in the mid-1990s by the American government in conjunction with IBM.

Answer: False 

A brute-force attack is a method of trying to guess the correct password by trying every possible key.

A brute-force attack is a method of trying to guess the correct password by trying every possible key.

Answer: True 

Asymmetric encryption uses the same key to encrypt and decrypt an message..

Asymmetric encryption uses the same key to encrypt and decrypt an message..

Answer: False

Decryption is the process of converting plaintext into ciphertext.

Decryption is the process of converting plaintext into ciphertext.

Answer: False 

A Trojan horse allows a user to access a computer from a remote location.

A Trojan horse allows a user to access a computer from a remote location.

Answer: True 

Microsoft's Windows operating system meets A1 level security.

Microsoft's Windows operating system meets A1 level security.

Answer: False 

A patch is a software solution to correct a security hole

A patch is a software solution to correct a security hole

Answer: True 

A security hole is a bug that permits intrusion to a computer. Answer: True

A security hole is a bug that permits intrusion to a computer.

Answer: True 

A NAT proxy server uses an address table to translate private IP addresses used inside the organization into proxy data link layer addressed used on the Internet.

A NAT proxy server uses an address table to translate private IP addresses used inside the organization into proxy data link layer addressed used on the Internet.

Answer: True 

With application level firewalls, any access that has not been disabled is permitted.

With application level firewalls, any access that has not been disabled is permitted.

Answer: False

A packet-level firewall examines the source and destination address of every network packet that passes though the firewall

A packet-level firewall examines the source and destination address of every network packet that passes though the firewall

Answer: True 

An intruder uses TCP spoofing to send packets to a target computer requesting certain privileges be granted to some user.

An intruder uses TCP spoofing to send packets to a target computer requesting certain privileges be granted to some user.

Answer: False 

Automatic number identification accepts a login from a user if that user's incoming phone call comes from a pre-authorized list of phone numbers.

Automatic number identification accepts a login from a user if that user's incoming phone call comes from a pre-authorized list of phone numbers.

Answer: True

Network cables are the easiest target for eavesdropping.

Network cables are the easiest target for eavesdropping.

Answer: False

Physical security of an organization's IT resources is not an important element in preventing intrusion to an internal LAN.

Physical security of an organization's IT resources is not an important element in preventing intrusion to an internal LAN.

Answer: False

The most common access point used by attackers to gain access to an organization's network is the dial-up access via a modem.

The most common access point used by attackers to gain access to an organization's network is the dial-up access via a modem.

Answer: False

Crackers are casual hackers with a limited knowledge of computer security.

Crackers are casual hackers with a limited knowledge of computer security.

Answer: False 

Fault-intolerant servers contain many redundant components to prevent failure.

Fault-intolerant servers contain many redundant components to prevent failure.

Answer: False 

DoS attackers generally use fake source IP addresses, making it harder to identify the DoS messages.

DoS attackers generally use fake source IP addresses, making it harder to identify the DoS messages.

Answer: True 

The denial-of-service attack disrupts the network by flooding the network with messages so that regular messages cannot be processed.

The denial-of-service attack disrupts the network by flooding the network with messages so that regular messages cannot be processed.

Answer: True

Researchers estimate that only one or two new viruses are developed every week.

Researchers estimate that only one or two new viruses are developed every week.

Answer: False 

Macro viruses can spread when an infected file is opened.

Macro viruses can spread when an infected file is opened.

Answer: True 

The best solution for planning for disaster recovery is to have a fully redundant backup network placed in a different location that would not be threatened by the same natural or man-made disaster that would destroy the original network.

The best solution for planning for disaster recovery is to have a fully redundant backup network placed in a different location that would not be threatened by the same natural or man-made disaster that would destroy the original network.

Answer: True

With the passage of HIPAA and the Sarbanes-Oxley Act, more and more regulations are addressing security.

With the passage of HIPAA and the Sarbanes-Oxley Act, more and more regulations are addressing security.

Answer: True 

Disk mirroring writes duplicate copies of all data on at least two different disks.

Disk mirroring writes duplicate copies of all data on at least two different disks.

Answer: True 

An uninterruptible power supply utilizes a second redundant disk for every disk on the server.

An uninterruptible power supply utilizes a second redundant disk for every disk on the server.

Answer: False

A Delphi team that helps the network manager assess the security risks to the organization should always have at least 20 members.

A Delphi team that helps the network manager assess the security risks to the organization should always have at least 20 members.

Answer: False 

A denial-of-service attack occurs when someone external blocks access to your network.

A denial-of-service attack occurs when someone external blocks access to your network.

Answer: True 

Companies have learned that threats from hacking from its own employees occur about as often as by outsiders.

Companies have learned that threats from hacking from its own employees occur about as often as by outsiders.

Answer: True 

A threat to the data communications network is any potential adverse occurrence that can do harm, interrupt the systems using the network, or cause a monetary loss to the organization.

A threat to the data communications network is any potential adverse occurrence that can do harm, interrupt the systems using the network, or cause a monetary loss to the organization.

Answer: True

A control spreadsheet lists threats to the network across the top of the spreadsheet and lists the network assets down the side of the sheet.

A control spreadsheet lists threats to the network across the top of the spreadsheet and lists the network assets down the side of the sheet.

Answer: True 

Preventive controls mitigate or stop a person from acting or an event from occurring.

Preventive controls mitigate or stop a person from acting or an event from occurring.

Answer: True 

Corrective controls reveal or discover unwanted events.

Corrective controls reveal or discover unwanted events.

Answer: False 

Controls are mechanisms that reduce or eliminate threats to network security.

Controls are mechanisms that reduce or eliminate threats to network security.

Answer: True

Intrusion refers to confidentiality and integrity of data.

Intrusion refers to confidentiality and integrity of data.

Answer: True 

Confidentiality is not a threat to business continuity.

Confidentiality is not a threat to business continuity.

Answer: False 

Business continuity planning refers primarily to ensuring availability, with some aspects of data integrity.

Business continuity planning refers primarily to ensuring availability, with some aspects of data integrity.

Answer: True

Integrity is not a primary goal of security.

Integrity is not a primary goal of security.

Answer: False 

Confidentiality refers to the protection of the organizational data from unauthorized disclosure of customer and proprietary data.

Confidentiality refers to the protection of the organizational data from unauthorized disclosure of customer and proprietary data.

Answer: True 

A recent study by CSO Magazine and the Computer Security Institute stated that the average loss suffered by businesses because of computer security breaches was approximately $350,000.

A recent study by CSO Magazine and the Computer Security Institute stated that the average loss suffered by businesses because of computer security breaches was approximately $350,000.

Answer: True

The CERT at Carnegie Mellon University was established by the U.S. Department of Agriculture in 1988.

The CERT at Carnegie Mellon University was established by the U.S. Department of Agriculture in 1988.

Answer: False 

The rise of the Internet has increased significantly the potential vulnerability of an organization's assets.

The rise of the Internet has increased significantly the potential vulnerability of an organization's assets.

Answer: True

Security on a network not only means being able to prevent a hacker from breaking into your computer but also includes being able to recover from temporary service problems or from natural disasters.

Security on a network not only means being able to prevent a hacker from breaking into your computer but also includes being able to recover from temporary service problems or from natural disasters.

Answer: True