SANS SEC 301 EXAMS SCRIPT QUESTIONS AND ANSWERS
GRADED A+
✔✔years ago: teenagers
today: we face organized crime and nation states
-well funded
-highly motivated
disgruntled insider: difficult to counter; tends to be subtle; often damaging or even
devastating
Accidental insider: common; also tend to be subtle; in aggregate - even ore damaging
Outsider threat source - inside threat actor: a growing proble, the current most-common
attack vector
2014 - 47% of U. S. adults had private data compromised in a breach (NBC News)
FBI can prove it was North Korea that attacked Sony - ✔✔Nature of the Threat
✔✔ - ✔✔Security Policy
✔✔ - ✔✔Separation of Duties
✔✔ - ✔✔Acceptable Use Policy
✔✔verify identity; is Keith really Keith?
(1) Verifying the integrity of a transmitted message. See message integrity, e-mail
authentication and MAC.
(2) Verifying the identity of a user logging into a network. Passwords, digital certificates,
smart cards and biometrics can be used to prove the identity of the client to the network.
Passwords and digital certificates can also be used to identify the network to the client.
The latter is important in wireless networks to ensure that the desired network is being
accessed. See identity management, identity metasystem, OpenID, human
authentication, challenge/response, two-factor authentication, password, digital
signature, IP spoofing, biometrics and CAPTCHA.
Four Levels of Proof
There are four levels of proof that people are indeed who they say they are. None of
them are entirely foolproof, but in order of least to most secure, they are:
1 - What You Know
Passwords are - ✔✔Authentication
,✔✔ - ✔✔Biometric
✔✔Control what they are allowed to do. Although we know Keith is Keith, what can
Keith do? - ✔✔Authorization
✔✔ - ✔✔Accountability
✔✔Harden, patch & monitor - ✔✔HPM
✔✔Monitor what has been done. Although we know Keith is Keith, what did Keith do? -
✔✔Accountability
✔✔ - ✔✔Awareness Training Programs
✔✔Prevent /defense as much as you can; detect for everything else; or if the preventive
measures fail, respond to what is detected
-Prevention is ideal
-detection is a must
-detection without response is useless - ✔✔Prevent/Detect/Respond (PRD)
✔✔The protection of data, networks and computing power. The protection of data
(information security) is the most important. The protection of networks is important to
prevent loss of server resources as well as to protect the network from being used for
illegal purposes. The protection of computing power is relevant only to expensive
machines such as large supercomputers. - ✔✔computer security
✔✔The protection of data against unauthorized access. Programs and data can be
secured by issuing passwords and digital certificates to authorized users. However,
passwords only validate that a correct number has been entered, not that it is the actual
person. Digital certificates and biometric techniques (fingerprints, eyes, voice, etc.)
provide a more secure method (see authentication). After a user has been
authenticated, sensitive data can be encrypted to prevent eavesdropping (see
cryptography).
Authorized Users Can Be the Most Dangerous
Although precautions can be taken to authenticate users, it is much more difficult to
determine if an authorized employee is doing something malicious. Someone may have
valid access to an account for updating, but determining whether phony numbers are
being entered requires a great deal more processing. The bottom line is that effective
security measures are always a balance betw - ✔✔information security
✔✔The primary method for keeping a computer secure from intruders. A firewall allows
or blocks traffic into and out of a private network or the user's computer. Firewalls are
, widely used to give users secure access to the Internet as well as to separate a
company's public Web server from its internal network. Firewalls are also used to keep
internal network segments secure; for example, the accounting network might be
vulnerable to snooping from within the enterprise.
In the home, a personal firewall typically comes with or is installed in the user's
computer (see Windows Firewall). Personal firewalls may also detect outbound traffic to
guard against spyware, which could be sending your surfing habits to a Web site. They
alert you when software makes an outbound request for the first time (see spyware).
In the organization, a firewall can be a stand-alone machine (see firewall appliance) or
software in a router or se - ✔✔firewall
✔✔An assault against a computer system or network as a result of deliberate, intelligent
action; for example, denial of service attacks, penetration and sabotage. See attacker,
attack vector, brute force attack, dictionary attack, denial of service attack, replay attack,
piggybacking, penetration and sabotage. - ✔✔attack
✔✔A person or other entity such as a computer program that attempts to cause harm to
an information system; for example, by unauthorized access or denial of service.
Human attackers are also called "crackers" and "hackers. - ✔✔attacker
✔✔The systematic, exhaustive testing of all possible methods that can be used to break
a security system. For example, in cryptanalysis, trying all possible keys in the
keyspace to decrypt a ciphertext. See dictionary attack. See also brute force
programming. - ✔✔brute force attack
✔✔A type of brute force method for uncovering passwords and decryption keys. It sorts
common words by frequency of use and starts with the most likely possibilities; for
example, names of people, sports teams, pets and cars. For greater security, users
should not use passwords that could be found in an ordinary dictionary. While a
dictionary attack can be done manually by an individual, it is easily done via software
and a database with millions of words. - ✔✔dictionary attack
✔✔(Completely Automated Public Turing test to tell Computers and Humans Apart) A
category of technologies used to ensure that a human is making an online transaction
rather than a computer. Developed at Carnegie Mellon University, random words or
letters are displayed in a camouflaged and distorted fashion so that they can be
deciphered by people, but not by software. Users are asked to type in the text they see
to verify they are human.
CAPTCHAs were created in response to bots (software agents) that automatically fill in
Web forms as if they were individual users. Bots are used to overload opinion polls,
steal passwords (see dictionary attack) and, most popular, to register thousands of free
GRADED A+
✔✔years ago: teenagers
today: we face organized crime and nation states
-well funded
-highly motivated
disgruntled insider: difficult to counter; tends to be subtle; often damaging or even
devastating
Accidental insider: common; also tend to be subtle; in aggregate - even ore damaging
Outsider threat source - inside threat actor: a growing proble, the current most-common
attack vector
2014 - 47% of U. S. adults had private data compromised in a breach (NBC News)
FBI can prove it was North Korea that attacked Sony - ✔✔Nature of the Threat
✔✔ - ✔✔Security Policy
✔✔ - ✔✔Separation of Duties
✔✔ - ✔✔Acceptable Use Policy
✔✔verify identity; is Keith really Keith?
(1) Verifying the integrity of a transmitted message. See message integrity, e-mail
authentication and MAC.
(2) Verifying the identity of a user logging into a network. Passwords, digital certificates,
smart cards and biometrics can be used to prove the identity of the client to the network.
Passwords and digital certificates can also be used to identify the network to the client.
The latter is important in wireless networks to ensure that the desired network is being
accessed. See identity management, identity metasystem, OpenID, human
authentication, challenge/response, two-factor authentication, password, digital
signature, IP spoofing, biometrics and CAPTCHA.
Four Levels of Proof
There are four levels of proof that people are indeed who they say they are. None of
them are entirely foolproof, but in order of least to most secure, they are:
1 - What You Know
Passwords are - ✔✔Authentication
,✔✔ - ✔✔Biometric
✔✔Control what they are allowed to do. Although we know Keith is Keith, what can
Keith do? - ✔✔Authorization
✔✔ - ✔✔Accountability
✔✔Harden, patch & monitor - ✔✔HPM
✔✔Monitor what has been done. Although we know Keith is Keith, what did Keith do? -
✔✔Accountability
✔✔ - ✔✔Awareness Training Programs
✔✔Prevent /defense as much as you can; detect for everything else; or if the preventive
measures fail, respond to what is detected
-Prevention is ideal
-detection is a must
-detection without response is useless - ✔✔Prevent/Detect/Respond (PRD)
✔✔The protection of data, networks and computing power. The protection of data
(information security) is the most important. The protection of networks is important to
prevent loss of server resources as well as to protect the network from being used for
illegal purposes. The protection of computing power is relevant only to expensive
machines such as large supercomputers. - ✔✔computer security
✔✔The protection of data against unauthorized access. Programs and data can be
secured by issuing passwords and digital certificates to authorized users. However,
passwords only validate that a correct number has been entered, not that it is the actual
person. Digital certificates and biometric techniques (fingerprints, eyes, voice, etc.)
provide a more secure method (see authentication). After a user has been
authenticated, sensitive data can be encrypted to prevent eavesdropping (see
cryptography).
Authorized Users Can Be the Most Dangerous
Although precautions can be taken to authenticate users, it is much more difficult to
determine if an authorized employee is doing something malicious. Someone may have
valid access to an account for updating, but determining whether phony numbers are
being entered requires a great deal more processing. The bottom line is that effective
security measures are always a balance betw - ✔✔information security
✔✔The primary method for keeping a computer secure from intruders. A firewall allows
or blocks traffic into and out of a private network or the user's computer. Firewalls are
, widely used to give users secure access to the Internet as well as to separate a
company's public Web server from its internal network. Firewalls are also used to keep
internal network segments secure; for example, the accounting network might be
vulnerable to snooping from within the enterprise.
In the home, a personal firewall typically comes with or is installed in the user's
computer (see Windows Firewall). Personal firewalls may also detect outbound traffic to
guard against spyware, which could be sending your surfing habits to a Web site. They
alert you when software makes an outbound request for the first time (see spyware).
In the organization, a firewall can be a stand-alone machine (see firewall appliance) or
software in a router or se - ✔✔firewall
✔✔An assault against a computer system or network as a result of deliberate, intelligent
action; for example, denial of service attacks, penetration and sabotage. See attacker,
attack vector, brute force attack, dictionary attack, denial of service attack, replay attack,
piggybacking, penetration and sabotage. - ✔✔attack
✔✔A person or other entity such as a computer program that attempts to cause harm to
an information system; for example, by unauthorized access or denial of service.
Human attackers are also called "crackers" and "hackers. - ✔✔attacker
✔✔The systematic, exhaustive testing of all possible methods that can be used to break
a security system. For example, in cryptanalysis, trying all possible keys in the
keyspace to decrypt a ciphertext. See dictionary attack. See also brute force
programming. - ✔✔brute force attack
✔✔A type of brute force method for uncovering passwords and decryption keys. It sorts
common words by frequency of use and starts with the most likely possibilities; for
example, names of people, sports teams, pets and cars. For greater security, users
should not use passwords that could be found in an ordinary dictionary. While a
dictionary attack can be done manually by an individual, it is easily done via software
and a database with millions of words. - ✔✔dictionary attack
✔✔(Completely Automated Public Turing test to tell Computers and Humans Apart) A
category of technologies used to ensure that a human is making an online transaction
rather than a computer. Developed at Carnegie Mellon University, random words or
letters are displayed in a camouflaged and distorted fashion so that they can be
deciphered by people, but not by software. Users are asked to type in the text they see
to verify they are human.
CAPTCHAs were created in response to bots (software agents) that automatically fill in
Web forms as if they were individual users. Bots are used to overload opinion polls,
steal passwords (see dictionary attack) and, most popular, to register thousands of free
