HACKING PROCESS & DOMAINS OF IT INFRASTRUCTURE PRACTICE QUESTIONS WITH COMPLETE SOLUTIONS 100% PASS

HACKING PROCESS & DOMAINS OF IT INFRASTRUCTURE PRACTICE QUESTIONS WITH COMPLETE SOLUTIONS 100% PASS List the 7 domains of IT infrastructure - Answers 1. User domain 2. Workstation domain 3. LAN domain 4. LAN to WAN domain 5. WAN domain 6. Remote domain 7. System/Application domain What are the threats, vulnerabilities (weaknesses) and risks associated with the User domain? - Answers User domain includes individual associated with the organization like users, employees, managers, contractors, or consultants. Threats * Social engineering - users are attacked by persuasion or impersonation in order to gain access to facilities or computing resources * Phishing - users are tricked into giving away information such as login/passwords via fraudulent e-mail * Trojan horses & Spyware - users are tricked into installing malware on their systems Vulnerabilities * Weak procedures * Weak physical security Risks * Unauthorized access to facilities * Compromised user accounts * Unauthorized access to data * Bypass of security controls What are the threats, vulnerabilities (weaknesses) and risks associated with the Workstation domain? - Answers Workstations, stand-alone systems, home computers Threats * Malware (e.g., viruses, worms, Trojans, spyware, etc.) * Port scanning can be used to find unsecured ports for attackers to exploit * Malicious Web sites use attack techniques such as cross-site scripting Vulnerabilities * Non-patched operating systems/applications * Weak or default passwords * Insecure use of administrative accounts * Insufficient or no malware protection Risks * Compromised systems can be used to attack others * Data exposure, loss or change * Loss of availability What are the threats, vulnerabilities (weaknesses) and risks associated with the Local Area Network (LAN) domain? - Answers LAN has hosts on private LANs Threats *Electronic threats include malware, malicious code, botnets, and software bugs *Physical threats include hardware failure, natural disasters, and accidental or purposeful damage to equipment * Human threats include disgruntled employees, poorly trained employees, hackers Vulnerabilities * weak security procedures * weak security controls * weak perimeter controls. Risks * Result in compromise of the enterprise * Data exposure, loss, or change - basic risk * Disruption of business What are the threats, vulnerabilities (weaknesses) and risks associated with the LAN/WAN connection point? - Answers Routers, firewalls, other devices at the LAN/WAN connection point Threats * Port scanning to reveal details of configuration that may allow an attacker to better profile additional services. * DoS/DDoS: Gateway is a constrained point with limited bandwidth and can be easily saturated. * Directed attack: WAN connection is exposed to the public Internet and directly accessible. Vulnerabilities * Weak perimeter security * Weak or default firewall passwords * Incorrect configuration or misconfiguration due to complexities in rules sets Risks * Network instability.