81. Defense against social engineering may be built by:
- Including instructions in your security policy for handling it, and
- Training the employees what social engineering is and how to deal with it.
The security policy should clearly state that no one is ever allowed to share
his/her password with anyone else. Secondly, the security policy should state
that the help desk can only change or assign a new password after positive
identification of the individual requesting the information.
82. Some of the features of Kerberos authentication system:
- Uses client-server based architecture.
- Kerberos server, referred to as KDC (Key Distribution Center) implements
the Authentication Service (AS), Ticket Granting Ticket and the Ticket
Granting Service (TGS).
- Uses symmetric encryption
- Unlike other authentication protocols ( FTP, PAP, etc. which transmits
passwords over the network) passwords are not transmitted over the network.
83. Viruses, worms, and Trojan horses are all harmful pieces of software. The
way they differ is how they infect the computers, and spread.
- Virus: A computer virus attaches itself to a program or file so it can
spread from one computer to another. Almost all viruses are attached to an
executable file, and it cannot infect your computer unless you run or open
the malicious program. It is important to note that a virus cannot be spread
without a human action, (such as running an infected program) to keep it
- Worm: Worms spread from computer to computer, but unlike a virus, it has
the capability to travel without any help from a person. The danger with a
worm is its capability to replicate itself. Unlike Virus, which sends out a
single infection at a time, a Worm could send out hundreds or thousands of
copies of itself, creating a huge devastating effect.
- Trojan Horse: The Trojan Horse, at first glance appears to be a useful
software but will actually do damage once installed or run on your computer.
Those on the receiving end of a Trojan Horse are usually tricked into
opening it because it appears to be receiving legitimate software or file
from a legitimate source.
- Rootkit: It is a collection of tools that enable administrator-level
access to a computer. Typically, a hacker installs a rootkit on a computer
after first obtaining user-level access, either by exploiting a known
vulnerability or cracking a password. Once the rootkit is installed, it
allows the attacker to gain root access to the computer and, possibly, other
machines on the network.
84. Computer log files can be tampered with by a hacker to erase any
intrusions. Computer logs can be protected using the following methods:
- Setting minimal permissions
- Using separate logging server
- Encrypting log files
- Setting log files to append only
- Storing them on write-once media
Implementing all the above precautions ensures that the log files are safe
from being tampered.
85. Phishing is the act of sending an e-mail to a user claiming to be a
reputed organization (such as a bank) in an attempt to scam the user into
providing information over the Internet. The e-mail directs the user to a Web
site where they are prompted to provide private information, such as credit
card, and bank account numbers, that the legitimate organization already has.
The Web site, however, is bogus and set up only to steal the user’s
Piggybacking is another type of social engineering. Here the intruder poses as a
new recruit, or a guest to your boss. The intruder typically uses his social
engineering skills to enter a protected premises on someone else’s identity,
just piggybacking on the victim.
86. Social engineering, and Trojan attack are two well-known problems
associated with Discretionary Access Control (DAC).
87. TCP/IP Troubleshooting Utilities:
- NBTSTAT This utility displays current NetBIOS over TCP/IP connections, and
display NetBIOS name cache.
- NETSTAT Displays current TCP/IP connections since the server was last
- TRACERT Used to determine which route a packet takes to reach its
destination from source.
- IPCONFIG Used to display Windows IP configuration information.
- NSLOOKUP This utility enables users to interact with a DNS server and
display resource records.
- ROUTE Used to display and edit static routing tables.
88. RAID (short for Redundant Array of Inexpensive Disks) can be used to
provide fault tolerance on a computer. There are several RAID levels such as
RAID 1, RAID 5, etc. RAID 1 provides disk mirroring, where as RAID 5 provides
striping with parity and minimum 3 disks are required for RAID 5.
Clustering is a technique where two or more computers are clustered and share
the load. If one computer fails, the other computer's) take the load off the
failed computer. Clustering is more expensive and requires two or more
89. Acceptable use policy specifies what employees can do with their systems,
and network access. The policy may put limits on personal use of resources, and
resource access time.
90. It is recommended to store the backup tapes in a secure, physically
distant location. This would take care of unforeseen disasters like natural
disasters, fire, or theft. It is also important that the backup tapes are
regularly verified for proper recovery in a test server, even though recovery is
not really required at that time. Otherwise, it may so happen that you find a
backup tape corrupt when it is really required.
91. A host based IDS should be place on a host computer such as a server.
Network based IDS is typically placed on a network device such as a router.
92. Using Discretionary Access Control (DAC), the access rights for resources
are controlled by the owner of a given resource.
93. For detecting spamware and virus, one need to install anti spamware, and
anti virus programs. Installing the latest updates to Operating Systems will
protect your system from exploits (like gaining back-door entry), but not
necessarily from downloaded virus or spamware.
94. PGP uses public-key encryption for sending and receiving email messages.
Diffie-Hellman and RSA algorithms are used for encryption/ decryption of PGP
95. NAT (short for Network Address Translation) device changes the source IP
address of a packet passing through it. Because of this, the destination host
would not be able to receive the packets. The NAT devices at either side need to
be configured so that it allows VPN packets through it.
96. A few techniques used by IDS (Intrusion Detection Systems) include the
- Anomaly detection
- Signature detection
- Target monitoring, and
- Stealth probes
97. SNMP is based on the manager/agent model. The manager runs on the server,
and the agent runs on the client computers. Three important constituents of SNMP
are a manager, an agent, and a database of management information. The manager
provides the interface between the human network manager and the management
system. The agent provides the interface between the manager and the physical
device(s) being managed. The manager and agent use a Management Information Base
(MIB) and a set of commands to exchange information.
98. In Public Key Infrastructure parlance, the term Principal means an entity
whose identity can be verified.
99. Encryption Schemes:
- AES (Advanced Encryption Standard) is more secure than DES or 3DES.
- AES is a symmetric block cipher that can encrypt (encipher) or decrypt
- AES is based on Rijndael algorithm
- PGP (Pretty Good Privacy) can use Diffie-Hellman or RSA algorithms, but
not AES or DES.
100. All web applications such as Web servers, News servers, email servers
etc. need to be configured as secure as possible. This can be achieved by
- Removing all unnecessary services. These are the services that are
installed but not used. For example, you might have installed TFTP, but not
using it. It is better to remove the application or service that is not used
as it may provide an opportunity to a hacker to abuse the resource.
- Remove all unnecessary protocols: These are the protocols that are
installed but not used. For example, you might have installed Novell Netware
protocol but not necessary. It is preferable to remove that protocol.
- Enable server and application logs: The logs provide an opportunity to
look into the activity on the server over the past few hours or days. Check
for any unusual activity such as failed login attempts etc.