121. The Internet architecture provides an unregulated network path to attack
innocent hosts. Denial-of-service (DoS) attacks exploit this to target
mission-critical services. DoS attacks, are explicit attempts to block
legitimate users system access by reducing system availability. Any physical or
host-based intrusions are generally addressed through hardened security policies
and authentication mechanisms. Although software patching defends against some
attacks, it fails to safeguard against DoS flooding attacks, which exploit the
unregulated forwarding of Internet packets.
122. Authentication Types:
- Mutual authentication: Here both the server and client computers
authenticate each other. This type of authentication is more secure than
one-way authentication, where only the client is authenticated.
- Multifactor authentication: Here two or more number of authentication
methods are used for granting access to a resource. Usually, it combines a
password with that of a biometric authentication.
- Biometric authentication: Biometric authentication uses measurable
physical attributes of a human being such as signature, fingerprint.
- CHAP: It is an authentication type that uses three-way handshake. The
passwords are transmitted in encrypted form ensuring security. Compare this
with PAP, which transmits passwords in clear text.
123. Sensitivity labels are associated with Mandatory Access Control (MAC).
124. Computer log files can be tampered with by a hacker to erase any
intrusions. Computer logs can be protected using the following methods:
- Setting minimal permissions
- Using separate logging server
- Encrypting log files
- Setting log files to append only
- Storing them on write-once media
Implementing all the above precautions ensures that the log files are safe
from being tampered.
125. A hacker begins a DDoS attack by exploiting a vulnerability in one computer
system and making it the DDoS "master", also called as “zombie”.
It is from the zombie that the intruder identifies and communicates with other
systems that can be compromised. The intruder loads hacking tools on the
compromised systems. With a single command, the intruder instructs the
controlled machines to launch one of many flood attacks against a specified
target. This causes Distributed Denial of Service (DDoS) attack on the target
126. Log Files Explained:
- Application log: The application log contains events logged by
applications or programs. For example, a database program might record a
file error in the application log. The developer decides which events to
- System log: The system log contains events logged by the Windows 2000
system components. For example, the failure of a driver or other system
component to load during startup is recorded in the system log. The event
types logged by system components are predetermined.
- Security log: The security log can record security events such as valid
and invalid logon attempts, as well as events related to resource use, such
as creating, opening, or deleting files. An administrator can specify what
events are recorded in the security log. For example, if you have enabled
logon auditing, attempts to log on to the system are recorded in the
- Antivirus log: Antivirus log analyzer can process log files from various
antivirus packages and generate dynamic statistics from them, analyzing and
127. Security policy planning should include the following:
- Due care, acting responsibly and doing right thing.
- Privacy, letting the employees and administrator know of the privacy
- Separation of duties
- Need to know, providing employees only the information required to perform
their role or duties.
- Password management, auditing the passwords
- Disposal and destruction
- Human rights policies, and
- Incident response
128. “Single sign-on” enables one to use all the eligible services with one
sign-in. Though other terms appear relevant, they are not widely used for
describing this type of service.
129. Always try to download, and apply latest patches and service packs (if any)
directly from the manufacturer’s website. Downloading from unreliable sources
may compromise the system security.
130. SLA (Short for Service Level Agreement) is the formal negotiated document
between two parties. It is a legal document that binds both the parties during
the tenure of the agreement.
DRP (stands for Disaster Recovery Planning), security audit, and invoice are not
131. A host based IDS should be place on a host computer such as a server.
Network based IDS is typically placed on a network device such as a router.
132. In IP spoofing, the attacker uses somebody else’s IP address as the
source IP address. Since routers forward packets based on the destination IP
address, they simply forward the packets to the destination without verifying
the genuineness of the source IP address.
133. A digital certificate is a credential issued by a trusted authority that
binds you (and individual or an organization) to an identity that can be
recognized and verified electronically by other agencies. Locally issued digital
certificates are valid only within an organizations network (like intranet).
Therefore, any secure pages or digital signatures containing local registration
will not work on the Internet.
134. A personal firewall is software that resides on the end users computers.
This is different from a regular firewall, in the sense that a personal firewall
is geared to protect a single user computer.
135. Smurf attack is a denial-of-service attack that uses spoofed broadcast ping
messages to flood a target system
136. DDoS, Short for Distributed Denial of Service, it is an attack where
multiple compromised systems (which are usually infected with a Trojan) are used
to send requests to a single system causing target machine to become unstable or
serve its legitimate users.
137. PGP certificates differ from X.509 certificates in two ways:
- PGP certificates are issued (signed) by normal people while the X.509
certificates must be issued by a professional CA, and
- PGP implements a security fault tolerance mechanism, called the Web of
Trust. Here an individual is allowed to sign and issue certificates to
people they know.