IT Security Mid Term

It is possible to capture packets that are not destined for your machine because of the way network traffic works. When packets are sent over a network, they are often broadcasted or sent to multiple machines. This means that even if a packet is not specifically intended for your machine, it can still be captured and read by network monitoring tools or devices. This is commonly used for network troubleshooting, security analysis, or monitoring network traffic.

Packet sniffers are network tools that capture and analyze network traffic. They can intercept and read the contents of packets, including the payload, which is the actual data being transmitted. By capturing and analyzing packets, packet sniffers can provide insights into network activity, help diagnose network issues, and even capture sensitive information. Therefore, it is true that packet sniffers can read and display/interpret the payload contained in a packet.

Confidentiality is the correct answer because it is the element of the CIA Triad that focuses on preventing unauthorized disclosure of information. It ensures that sensitive data is only accessed by authorized individuals and protects it from being accessed, viewed, or disclosed to unauthorized users. By implementing measures such as encryption, access controls, and secure communication channels, confidentiality safeguards the privacy and confidentiality of information.

A threat can be defined as a potential danger or harm that could exploit a vulnerability in a system or organization. However, it is only when this threat is identified and recognized as being connected to a specific vulnerability that it becomes a risk. In other words, the presence of a threat alone does not automatically constitute a risk. It is the combination of a threat and a vulnerability that creates the potential for harm or damage, making the statement "A threat becomes a risk only when it is identified as being linked to a specific vulnerability" true.

Passive reconnaissance is used by hackers for observing and learning about the target from afar, while active reconnaissance is used to gain more active and direct knowledge of the target.

The human element is considered the hardest vulnerability to properly protect against because humans are inherently prone to making mistakes, being manipulated, or falling victim to social engineering tactics. Unlike technical vulnerabilities like open ports or bad passwords, which can be addressed through technical solutions, the human element involves unpredictable behavior and decision-making, making it more challenging to mitigate. Organizations often need to invest in training, awareness programs, and strict policies to minimize the impact of human error or negligence on security.

The statement is true. Before two hosts can exchange any data, they need to establish a connection through a process called a 3-way handshake. This involves three steps: the initiating host sends a synchronization (SYN) message to the receiving host, the receiving host responds with a SYN-ACK message, and finally, the initiating host sends an acknowledgment (ACK) message to the receiving host. This handshake ensures that both hosts are ready and willing to communicate, establishing a reliable connection before data transmission begins.

The Acknowledgement Number (32 bits) contains the value of the next sequence number that the destination expects to receive, as well as the ACK flag. This number is used to acknowledge the receipt of data and to inform the sender of the next expected sequence number. The ACK flag indicates that the Acknowledgement Number field is valid and that the receiver has successfully received the previous data.

The goal of ensuring that the new Intranet web server is accessible to employees, both internal and external, 99.999% of the time represents the security goal of Availability. This means that the support group is focused on making sure that the server is consistently and reliably accessible to authorized users, without any significant downtime or interruptions.

Granularity is not a security mechanism that can be used to support the three elements of the CIA Triad. The CIA Triad consists of confidentiality, integrity, and availability, which are the core principles of information security. Identification, authentication, authorization, and accountability are all security mechanisms that help enforce these principles. However, granularity refers to the level of detail at which access controls are applied, and it is not a security mechanism itself.

Confidentiality is the goal of security that aims to prevent the unauthorized disclosure of information. It ensures that sensitive or private information is only accessed by authorized individuals or entities. By maintaining confidentiality, organizations can protect valuable data from being accessed, viewed, or shared by unauthorized parties, thereby minimizing the risk of data breaches, identity theft, or other security incidents.

It is possible to notice someone using a packet sniffer on the network because packet sniffing involves intercepting and analyzing network traffic. This activity can be detected through various means such as network monitoring tools, intrusion detection systems, or suspicious network behavior. Additionally, network administrators can implement security measures to detect and prevent unauthorized packet sniffing activities.

Authentication refers to the process of confirming one's identity with an element unique to the individual. This could involve providing a password, fingerprint, or other forms of biometric data to verify that the person accessing the system is indeed who they claim to be. By confirming the identity, the system can then grant appropriate access rights to the individual based on their authenticated identity.

When using a packet sniffer, you can see all of the above parts of the packet through the software. A packet sniffer is a tool used to capture and analyze network traffic. It intercepts and logs network packets, allowing you to view the contents of the packets. This includes the IP header content, MAC address, payload, and protocol header. By capturing and analyzing these parts of the packet, you can gain insights into network activity, troubleshoot network issues, and identify potential security threats.

Provides connectivity & path selection

ARP (Address Resolution Protocol) is responsible for resolving hardware addresses. It is used to map an IP address to a physical or MAC address on a local network. When a device wants to send data to another device on the same network, it uses ARP to determine the MAC address of the destination device. This allows the data to be properly addressed and delivered to the correct device.

The small company should implement TCP as the layer 4 protocol. TCP provides reliable and secure communication by establishing a connection between the sender and receiver, ensuring that all packets are received in the correct order and without errors. This makes it ideal for exchanging large financial transaction information where security is a primary concern. Additionally, TCP also offers flow control and congestion control mechanisms, which help in optimizing performance. UDP, IP, and ICMP do not provide the same level of reliability and security as TCP, making them less suitable for the company's requirements.

The given answer, "Ignorance," is not considered a category of exploit because it does not refer to a method or technique used to exploit vulnerabilities in a system. The other options, "Over the internet," "Over the LAN," "Locally," and "Offline," all describe different ways in which exploits can be carried out. Ignorance, on the other hand, refers to a lack of knowledge or awareness and does not directly relate to the act of exploiting vulnerabilities.

Multi-factor authentication is the correct answer because it combines multiple authentication methods, such as passwords, tokens, and biometrics, to provide the highest level of security. By requiring users to provide multiple forms of identification, it significantly reduces the risk of unauthorized access to a system. This ensures a stronger degree of authentication compared to token-based, password-based, or biometric authentication alone.

The Transport layer of the OSI model is responsible for determining the protocol type to be used for communications. This layer ensures that data is delivered reliably and error-free by establishing connections, managing flow control, and providing error recovery mechanisms. It also handles segmentation and reassembly of data packets. Therefore, the Transport layer is the correct answer for this question.

The Computer Security Triad consists of three fundamental principles: confidentiality, availability, and integrity. These principles aim to protect information from unauthorized access, ensure that resources are accessible when needed, and maintain the accuracy and reliability of data. "Ease of Use" is not considered a fundamental principle of the triad, as it focuses more on user experience and convenience rather than the core principles of security.

Nessus is designed as a vulnerability scanner. It is a widely used tool that scans computer systems and networks to identify potential vulnerabilities and security issues. Nessus performs comprehensive scans, including port scanning, vulnerability assessment, and detection of misconfigurations. It provides detailed reports and recommendations to help users address and mitigate any identified vulnerabilities.

The ICMP protocol, or Internet Control Message Protocol, is specifically designed to check and report on network error conditions. It is used by network devices to send error messages and diagnostic information, allowing for the detection and reporting of issues such as unreachable hosts, network congestion, and routing problems. ICMP messages are essential for troubleshooting network connectivity and ensuring the proper functioning of network communication.

Hackers attack systems for various reasons, such as personal gain, political or religious motivations, or seeking revenge. However, securing a system is not considered a valid reason for hackers to attack. Hackers typically exploit vulnerabilities in systems to gain unauthorized access or steal sensitive information, rather than to enhance the system's security.

Snort is designed as an Intrusion Detection System. Snort is an open-source network intrusion prevention and detection system that analyzes network traffic and detects suspicious activities or potential security threats. It monitors network packets in real-time, looking for patterns and signatures that match known attack patterns. Snort can also be configured to generate alerts or take action when it detects a potential intrusion, making it a valuable tool for network security monitoring and incident response.

Accountability in security environments refers to the practice of tracking and monitoring the actions of users while they are accessing systems. This involves keeping a record of their activities, such as the files they access, changes they make, or any suspicious behavior they exhibit. By tracking user actions, organizations can ensure that individuals are held responsible for their actions and can identify any unauthorized or malicious activities. This helps to maintain the security and integrity of the systems and prevent potential security breaches.

A packet sniffer needs to put the NIC card into promiscuous mode in order to work properly. Promiscuous mode allows the NIC card to capture and analyze all network traffic passing through it, including packets not intended for the device. This mode is essential for packet sniffers as it enables them to intercept and analyze all network communications for troubleshooting, monitoring, or security purposes.

Authentication is the correct answer because it is the security goal that provides a means for objective verification of a user's identity. Authentication is the process of verifying the identity of a user or entity, typically through the use of credentials such as passwords, biometrics, or security tokens. It ensures that the user is who they claim to be before granting them access to a system or resource.

Hackers can use the mechanism of destruction to defeat availability. Destruction refers to the act of causing damage or loss to a system or its data, making it unavailable for its intended users. By intentionally deleting or corrupting critical files or disrupting the functioning of a system, hackers can effectively render it inaccessible or unusable, thereby defeating its availability. This can have severe consequences for organizations or individuals who rely on the availability of their systems or data for normal operations.

The IP header is the first part of the information in the packet concerned with. The IP header contains important information such as the source and destination IP addresses, protocol version, header length, type of service, and other fields necessary for routing and delivering the packet to its destination. It is located at the beginning of the packet and is crucial for the proper functioning of the network communication.

The highlighted portion of the captured packet code "4001" corresponds to the protocol field in the IP header. In this case, the value "4001" indicates that the protocol being used in the payload portion of this IP packet is ICMP (Internet Control Message Protocol). ICMP is typically used for diagnostic or control purposes in IP networks, such as error reporting or network congestion notification.

The TCP three-way handshake is a process used to establish a TCP connection between two devices. The first packet sent by the client includes the SYN (synchronize) flag, indicating its intention to initiate a connection. The second packet sent by the server includes the SYN flag as well, confirming the client's request and also includes the ACK (acknowledge) flag, acknowledging the receipt of the client's packet. The third packet sent by the client includes the ACK flag, confirming the receipt of the server's packet. Therefore, the two flags required to be set across these three packets are the SYN flag and the ACK flag.

Packet sniffing is a form of passive reconnaissance because it involves the interception and analysis of network traffic without actively engaging with the target system. By capturing and examining packets, an attacker can gather information about the network, identify vulnerabilities, and potentially gain unauthorized access to sensitive data. Unlike active reconnaissance techniques, such as port scanning or vulnerability scanning, packet sniffing does not involve any direct interaction with the target system.

Authorization in security environments refers to the process of using an individual's identity to assign access rights. This means that once a person's identity is confirmed, they are granted specific permissions and privileges to access certain resources or perform certain actions within a system. This ensures that only authorized individuals can access sensitive information or carry out certain tasks, enhancing security and preventing unauthorized access.

The elements that make up the Hackers DAD Triad are disclosure, alteration, and destruction. Disclosure refers to unauthorized access or exposure of sensitive information. Alteration involves unauthorized modification or manipulation of data or systems. Destruction refers to the intentional deletion or corruption of data or systems. These three elements represent the main objectives of hackers when they target a system or network.

Packet sniffers are designed to analyze and interpret the IP header content and Layer 4 Protocol header (TCP, UDP, ICMP, etc) content of a packet. These tools capture network traffic and examine the information within these headers to gain insights into the source and destination IP addresses, port numbers, and other network protocol details. By analyzing these headers, packet sniffers can help identify network issues, troubleshoot problems, and detect suspicious activities or security threats. Layer 5, 6, and 7 information refers to higher-level application data, which is not typically analyzed by packet sniffers.

The Presentation Layer of the OSI model is responsible for data encryption. It ensures that the data is properly formatted and encrypted before being transmitted to the receiving system. This layer takes care of encryption and decryption processes, allowing secure communication between the sender and receiver. It also handles data compression and decompression, as well as data conversion between different formats.

The given question asks about software tools that are not effective for security purposes. The options provided are Ping, Traceroute, Route, NMap, and none of the above. The correct answer is "none of the above" because all of the mentioned software tools can be effectively used for security purposes. Ping can be used to test the reachability of a host and check for network connectivity issues. Traceroute helps in identifying the path packets take to reach a destination, which can be useful for detecting any unauthorized hops. Route allows for managing and viewing the network routing table. NMap is a powerful network scanning tool that can be used for security auditing and vulnerability assessment.

The data is actually transported on the network at the Physical layer. This layer is responsible for the physical transmission of data over the network, including the actual movement of bits through cables, wires, and other physical media. It deals with the electrical, mechanical, and physical aspects of data transmission, such as voltage levels, signal encoding, and physical connectors.

The first frame in the Ethernet header is the preamble, which is 8 bytes long. The preamble is used to synchronize the receiving and transmitting devices on the network. It consists of a pattern of alternating 1s and 0s, followed by a unique synchronization pattern. The preamble allows the receiving device to detect the beginning of a frame and adjust its clock to match the transmitting device.

Availability is the correct answer because it refers to the element of the CIA Triad that ensures that legitimate users have access to the information and resources they need. Availability focuses on preventing unauthorized disruptions or denials of service, ensuring that systems and data are accessible and usable when needed. It involves implementing measures such as redundancy, backup systems, and disaster recovery plans to maintain continuous access to information and resources.

The highlighted portion of the captured packet is "b755", which corresponds to the hexadecimal value for ICMP (Internet Control Message Protocol). ICMP operates at the network layer and is responsible for sending error messages and operational information about the network. Therefore, the correct answer is ICMP.

Ethereal is considered a high-end packet sniffer because it is a powerful network protocol analyzer that can capture and analyze network traffic. Nessus, on the other hand, is a strong vulnerability scanner that can identify vulnerabilities in network devices and systems. It scans for weaknesses and provides detailed reports on potential security issues.

During the TCP three-way handshake used to close a TCP connection, the FIN (Finish) flag is used to initiate the connection termination process. It indicates that the sender has finished sending data. The ACK (Acknowledgment) flag is used to acknowledge the receipt of the FIN flag and confirms the termination of the connection. Therefore, the two flags required to be set across these three packets are the FIN flag and the ACK flag.

Defence in Depth is the correct answer because it refers to a strategy that involves implementing multiple layers of security controls to protect against potential threats. This approach ensures that even if one layer of defense is breached, there are additional layers in place to mitigate the risk and protect the system or data. It is a comprehensive and proactive strategy that aims to provide a strong and robust security posture. Separation of Privileges and Principle of Least Privileges are also important security principles, but they do not encompass the entire optimal information security strategy. Security through obscurity is not a recommended strategy as it relies on hiding information rather than implementing effective security measures.

In security environments, the process of Identification involves supplying your identity. This means providing information or credentials that establish who you are, such as a username, password, or biometric data. It is the initial step in the authentication process, where the system verifies if the supplied identity matches the stored identity for granting access rights. Confirmation of identity with a unique element, assigning access rights, and tracking user activities are different steps in the overall security process but not specifically related to the process of identification.

The highlighted portion of the captured data "4500" indicates the IP version used, which is IPv4. This suggests that the network protocol being used is IP (Internet Protocol), as IPv4 is one of the main protocols used for communication over the internet. TCP, ICMP, UDP, and ARP are all protocols that operate at a higher level and rely on IP for their communication.

The three key elements in balancing security goals are security, ease of use, and functionality. Security ensures the protection of data and systems from unauthorized access or attacks. Ease of use focuses on making security measures user-friendly and accessible to users. Functionality ensures that security measures do not hinder the normal operation and functionality of systems and processes.

Source/Destination Port - 16 bits each

The highlighted portion of the captured packet code "4500" indicates that the network protocol being used is IP. The first four characters "4500" represent the IP header, which contains information about the source and destination IP addresses, as well as other details about the packet.