84. Defense against social engineering may be built by:
1. Including instructions in your security policy for handling
it, and
2. Training the employees what social engineering is
and how to deal with it.
85. The security policy should clearly state that no one is ever allowed to share his/her password with anyone else. Secondly, the security policy should state that the help desk can only change or assign a new password after positive identification of the individual requesting the information.
86. Some of the features of Kerberos authentication system:
1. Uses client-server based architecture.
2. Kerberos server,
referred to as KDC (Key Distribution Center) implements the Authentication
Service (AS), Ticket Granting Ticket and the Ticket Granting Service
(TGS).
3. Uses symmetric encryption
4. Unlike other authentication
protocols ( FTP, PAP, etc. which transmits passwords over the network)
passwords are not transmitted over the network.
87. Viruses, worms, and Trojan horses are all harmful pieces of software. The way they differ is how they infect the computers, and spread.
Virus: A computer virus attaches itself to a program or file so it can spread from one computer to another. Almost all viruses are attached to an executable file, and it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going.
Worm: Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. The danger with a worm is its capability to replicate itself. Unlike Virus, which sends out a single infection at a time, a Worm could send out hundreds or thousands of copies of itself, creating a huge devastating effect.
Trojan Horse: The Trojan Horse, at first
glance appears to be a useful software but will actually do damage
once installed or run on your computer. Those on the receiving end
of a Trojan Horse are usually tricked into opening it because it
appears to be receiving legitimate software or file from a legitimate
source.
Rootkit: It is a collection of tools that enable
administrator-level access to a computer. Typically, a hacker installs
a rootkit on a computer after first obtaining user-level access,
either by exploiting a known vulnerability or cracking a password.
Once the rootkit is installed, it allows the attacker to gain root
access to the computer and, possibly, other machines on the network.
88. Computer log files can be tampered with by a hacker to erase any intrusions. Computer logs can be protected using the following methods:
1. Setting minimal permissions
2. Using separate logging server
3. Encrypting log files
4. Setting log files to append only
5. Storing them on write-once media
Implementing all the
above precautions ensures that the log files are safe from being
tampered.
89. Phishing is the act of sending an e-mail to a user claiming
to be a reputed organization (such as a bank) in an attempt to scam
the user into providing information over the Internet. The e-mail
directs the user to a Web site where they are prompted to provide
private information, such as credit card, and bank account numbers,
that the legitimate organization already has. The Web site, however,
is bogus and set up only to steal the user's information.
Piggybacking
is another type of social engineering. Here the intruder poses as
a new recruit, or a guest to your boss. The intruder typically uses
his social engineering skills to enter a protected premises on someone
else's identity, just piggybacking on the victim.
90. Social engineering, and Trojan attack are two well-known problems associated with Discretionary Access Control (DAC).
91. NBTSTAT This utility displays current NetBIOS over TCP/IP connections, and display NetBIOS name cache.
92. NETSTAT Displays current TCP/IP connections since the server was last booted.
93. TRACERT Used to determine which route a packet takes to reach its destination from source.
94. IPCONFIG Used to display Windows IP configuration information.
95. NSLOOKUP This utility enables users to interact with a DNS server and display resource records.
96. ROUTE Used to display and edit static routing tables.
97. RAID (short for Redundant Array of Inexpensive Disks) can
be used to provide fault tolerance on a computer. There are several
RAID levels such as RAID 1, RAID 5, etc. RAID 1 provides disk mirroring,
where as RAID 5 provides striping with parity and minimum 3 disks
are required for RAID 5.
Clustering is a technique where two
or more computers are clustered and share the load. If one computer
fails, the other computer's) take the load off the failed computer.
Clustering is more expensive and requires two or more computers.
98. Acceptable use policy specifies what employees can do with their systems, and network access. The policy may put limits on personal use of resources, and resource access time.
99. It is recommended to store the backup tapes in a secure, physically distant location. This would take care of unforeseen disasters like natural disasters, fire, or theft. It is also important that the backup tapes are regularly verified for proper recovery in a test server, even though recovery is not really required at that time. Otherwise, it may so happen that you find a backup tape corrupt when it is really required.
100. A host based IDS should be place on a host computer such as a server. Network based IDS is typically placed on a network device such as a router.
101. Using Discretionary Access Control (DAC), the access rights for resources are controlled by the owner of a given resource.
102. For detecting spamware and virus, one need to install anti spamware, and anti virus programs. Installing the latest updates to Operating Systems will protect your system from exploits (like gaining back-door entry), but not necessarily from downloaded virus or spamware.
103. PGP uses public-key encryption for sending and receiving email messages. Diffie-Hellman and RSA algorithms are used for encryption/ decryption of PGP messages.
104. NAT (short for Network Address Translation) device changes the source IP address of a packet passing through it. Because of this, the destination host would not be able to receive the packets. The NAT devices at either side need to be configured so that it allows VPN packets through it.
105. A few techniques used by IDS (Intrusion Detection Systems) include the following:
a. Anomaly detection
b. Signature detection
c. Target monitoring,
and
d. Stealth probes
106. SNMP is based on the manager/agent model. The manager runs on the server, and the agent runs on the client computers. Three important constituents of SNMP are a manager, an agent, and a database of management information. The manager provides the interface between the human network manager and the management system. The agent provides the interface between the manager and the physical device(s) being managed. The manager and agent use a Management Information Base (MIB) and a set of commands to exchange information.
107. In Public Key Infrastructure parlance, the term Principal
means an entity whose identity can be verified.
1.AES (Advanced
Encryption Standard) is more secure than DES or 3DES.
2. AES
is a symmetric block cipher that can encrypt (encipher) or decrypt
(decipher) information
3. AES is based on Rijndael algorithm
4. PGP (Pretty Good Privacy) can use Diffie-Hellman or RSA algorithms,
but not AES or DES.
108. All web applications such as Web servers, News servers, email servers etc. need to be configured as secure as possible. This can be achieved by
1. Removing all unnecessary services. These are the services
that are installed but not used. For example, you might have installed
TFTP, but not using it. It is better to remove the application or
service that is not used as it may provide an opportunity to a hacker
to abuse the resource.
2. Remove all unnecessary protocols: These
are the protocols that are installed but not used. For example,
you might have installed Novell Netware protocol but not necessary.
It is preferable to remove that protocol.
3. Enable server and
application logs: The logs provide an opportunity to look into the
activity on the server over the past few hours or days. Check for
any unusual activity such as failed login attempts etc.
