Introduction to Network Security

Jan 1, 2099

📄 Contents

␡

⎙ Print

< Back Page 14 of 14

This chapter is from the book 

Network Defense and Countermeasures: Principles and Practices, 3rd Edition

Learn More Buy

Summary

Threats to networks are growing. We are seeing an increase in the number of hacking attacks and viruses, as well as other forms of attack. Couple this growing danger with increasing legal pressures (such as HIPAA and SOX) and network administrators have an ever-increasing demand on network security. To meet this demand you must have a thorough understanding of the threats to your network, as well as the countermeasures you can employ. This begins with a realistic assessment of the dangers to your network.

This chapter has introduced you to the basic concepts of network security, the general classes of danger, and basic security terminology. Subsequent chapters elaborate on this information.

Test Your Skills

Multiple Choice Questions

Which of the following is not one of the three major classes of threats?
1. Denial of service attacks
2. A computer virus or worm
3. Actually intruding on a system
4. Online auction fraud
Which of the following is the most accurate definition of a virus?
1. Any program that spreads via e-mail
2. Any program that carries a malicious payload
3. Any program that self-replicates
4. Any program that can damage your system
Are there any reasons not to take an extreme view of security, if that view errs on the side of caution?
1. No, there is no reason not to take such an extreme view.
2. Yes, that can lead to wasting resources on threats that are not likely.
3. Yes, if you are going to err, assume there are few if any realistic threats.
4. Yes, that can require that you increase your security skills in order to implement more rigorous defenses.
What is a computer virus?
1. Any program that is downloaded to your system without your permission
2. Any program that self-replicates
3. Any program that causes harm to your system
4. Any program that can change your Windows registry
Which of the following gives the best definition of spyware?
1. Any software that logs keystrokes
2. Any software used to gather intelligence
3. Any software or hardware that monitors your system
4. Any software that monitors which websites you visit
Which of the following is the best definition for the term ethical hacker?
1. An amateur who hacks a system without being caught
2. A person who hacks a system by faking a legitimate password
3. A person who hacks a system to test its vulnerabilities
4. An amateur hacker
What is the term for hacking a phone system?
1. Telco-hacking
2. Hacking
3. Cracking
4. Phreaking
Which of the following is the best definition of malware?
1. Software that has some malicious purpose
2. Software that self-replicates
3. Software that damages your system
4. Any software that is not properly configured for your system
Which of the following is the best definition for war-driving?
1. Driving while hacking and seeking a computer job
2. Driving while using a wireless connection to hack
3. Driving looking for wireless networks to hack
4. Driving and seeking rival hackers
Which of the following is the most basic security activity?
1. Installing a firewall
2. Authenticating users
3. Controlling access to resources
4. Using a virus scanner
Blocking attacks seek to accomplish what?
1. Install a virus on the target machine
2. Shut down security measures
3. Prevent legitimate users from accessing a system
4. Break into a target system
What are the three approaches to security?
1. Perimeter, layered, and hybrid
2. High security, medium security, and low security
3. Internal, external, and hybrid
4. Perimeter, complete, and none
An intrusion-detection system is an example of:
1. Proactive security
2. Perimeter security
3. Hybrid security
4. Good security practices
Which of the following would most likely be classified as misuse(s) of systems?
1. Looking up information on a competitor using the web
2. Getting an occasional personal e-mail
3. Using your business computer to conduct your own (non-company) business
4. Shopping on the web during lunch
The most desirable approach to security is one which is:
1. Perimeter and dynamic
2. Layered and dynamic
3. Perimeter and static
4. Layered and static
When assessing threats to a system, what three factors should you consider?
1. The system’s attractiveness, the information contained on the system, and how much traffic the system gets
2. The skill level of the security team, the system’s attractiveness, and how much traffic the system gets
3. How much traffic the system gets, the security budget, and the skill level of the security team
4. The system’s attractiveness, the information contained on the system, and the security budget
Which of the following is the best definition for non-repudiation?
1. Security that does not allow the potential intruder to deny his attack
2. Processes that verify which user performs what action
3. It is another term for user authentication
4. Access control
Which of the following types of privacy laws affect computer security?
1. Any state privacy law
2. Any privacy law applicable to your organization
3. Any privacy law
4. Any federal privacy law
The first computer incident response team is affiliated with what university?
1. Princeton University
2. Carnegie-Mellon University
3. Harvard University
4. Yale University
Which of the following is the best definition of “sensitive information”?
1. Military- or defense-related information
2. Any information that is worth more than $1,000
3. Any information that, if accessed by unauthorized personnel, could damage your organization in any way
4. Any information that has monetary value and is protected by any privacy laws
Which of the following best defines the primary difference between an ethical hacker and an auditor?
1. There is no difference.
2. The ethical hacker tends to be less skilled.
3. The auditor tends to be less skilled.
4. The ethical hacker tends to use more unconventional methods.

Exercises

Exercise 1.1: How Many Virus Attacks Have Occurred This Month?

Using various websites, determine the number of virus attacks reported this month. You may find that sites such as www.f-secure.com are helpful for finding this information.
Compare that figure to the number of virus outbreaks per month in the last three, nine, and twelve months.
Are virus attacks increasing or decreasing in frequency? Give examples to support your answer and state the estimated amount of change in virus attacks over the past year.

Exercise 1.2: Trojan Horse Attacks

Using the Internet, journals, books, or other resources, find one incident of a Trojan horse attack in the past nine months.
How was this Trojan horse delivered? What damage did it cause?
Describe the Trojan horse attack, including:
- Any specific targets
- Whether the perpetrators of the attack have been caught and/or prosecuted
- What types of security warnings were issued about the attack as well as measures prescribed to defend against it

Exercise 1.3: Recent Trends in Computer Crime

Using your preferred search engine, find its most recent survey on computer crime.
Note which areas of computer crime have increased and decreased.
Describe the changes between this survey and the one published in 2002.
What do the two surveys tell you about trends in computer crime?
What area of computer crime appears to be increasing most rapidly?

Exercise 1.4: Hacking Terminology

Using the New Hacker’s Dictionary (http://www.outpost9.com/reference/jargon/jargon_toc.html), define the following terms. Then check the Internet (web pages, chat rooms, or bulletin boards) to find an example of each term being used.

daemon
dead code
dumpster diving
leapfrog attack
kluge
nuke

Exercise 1.5: Security Professional Terminology

Using one of the three glossaries discussed in this chapter, define the following terms:

access control list
adware
authentication
backdoor
buffer
HotFix

Projects

Project 1.1: Learning About a Virus

Searching with your preferred search engine, find a virus that has been released in the last six months. You might find information on sites such as www.f-secure.com.
Describe how the virus you chose worked, including the method it used to spread.
Describe the amount of damage caused by the virus.
Were any specific targets identified?
Were the perpetrators of the virus attack caught and/or prosecuted?
What types of security warnings were issued about the virus attack?
What measures were prescribed to defend against it?
Would the virus most properly be described as a virus or a worm?

Project 1.2: Security Profession

Using various resources including the web, find out qualifications required for computer security administrator jobs. You will need to find out specific technologies required, years of experience, educational level, and any certifications. This project should help you see what topics the industry considers most important for a security professional to understand. Websites that might help you include:

Project 1.3: Finding Web Resources

This chapter provides several good web resources for security information. You should now use the Internet to identify three websites you think provide reliable and valid information that would be beneficial to a security professional. Explain why you believe these to be valid sources of information.

Note: You will likely use these sources in later chapter exercises and projects, so make certain you can rely on the data they provide.