How many critical characteristics of information did you learn?

What are they?

seven -> availability, accuracy, authenticity, confidentiality, integrity, utility,
and possession
How many components does an information system consist of? What are
they? What do they mean in Vietnamese?

six, they are hardware, software, data, people, procedures, network

What is an attack? How many types of attacks did you learn? What are they?
What do they mean in Vietnamese?

An attack is an act that takes advantage of a vulnerability to compromise a

controlled system. It is accomplished by a threat agent that damages or
steals an organization’s information or physical asset.

They are malicious code, Hoaxes, backdoors, password crack, brute force,
dictionary, DoS – DDoS, Spoofing, man-in-the middle, spam, mail bombing,
sniffers, social engineering, pharming, timing attack
What is a firewall in computing? How can firewalls be categorized?

is a network security system that monitors and controls incoming and

outgoing network traffic based on predetermined security rules

processing mode, development era, structure

What types of filtering is common in network routers and gateways?
How many subsets of packet-filtering firewalls are mentioned in the text?
What are they?

Static filtering

There are three subsets of packet-filtering firewalls: static filtering,

dynamic filtering, and stateful inspection.
Which attack includes the execution of viruses, worms, Trojan horses,
and active Web scripts with the intent to destroy or steal information?
Which attack does an attacker monitor packets from the network, modify
them, and insert them back into the network?

Malicious code attack

man-in-the-middle or TCP hijacking attack

................is a category of objects, persons, or other entities that presents a
danger to an asset.
Threat
.................... is a multilayered system that protects the sovereignty of a state,
its assets, its resources, and its people.
National security
A/An ………….is an entity in a two-party communication which is the
legitimate transmitter of information.
Sender
.................are stand-alone, self-contained combinations of computing
hardware and software.
Firewall appliances
....................combine the packet-filtering router with a separate, dedicated
firewall, such as an application proxy server.
Screened host firewalls
...................... requires that the filtering rules be developed and
installed with the firewall.
Static filtering
Which of the following attacks is a variation of the brute force attack?
Dictionary
...................occur when a manufacturer distributes equipment containing a
known or unknown flaw
Technical hardware failures
...........................attacks are the most difficult to defend against, and
there are presently no controls that any single organization can apply.
DDoS
Which attacks can be accomplished by exploiting various technical flaws in
the Simple Mail Transport Protocol?
Mail booming
What is information security service? Give some example.

Information security service is a method to provide some specific aspects of

security.

For example, integrity of transmitted data is a security objective, and a

method to ensure this aspect is an information security service.
What is encryption? What is decryption?

encryption is the process making readable information unreadable.

decryption is the process reversing unreadable information to readable

How many types of attacks did you learn?

16

They are malicious code, Hoaxes, backdoors, password crack, brute force,
dictionary, DoS – DDoS, Spoofing, man-in-the middle, spam, mail bombing,
sniffers, social engineering, phishing, pharming, timing attack
How many components does an information system consist of? What are
they?

They are network security, policy, computer & data, management of

information security
What is an information system?

It is the entire set of software, hardware, data, people, procedures, and

networks that make possible the use of information resources in the
organization
What can you use to protect the confidentiality of information?

Information classification
Secure document storage
Application of general security policies
Education of information custodians and end user
Which areas does information security include?

The broad areas of information security management, computer and data

security, and network security
What is a vulnerability?

is an identified weakness in a controlled system, where controls are not

present or are no longer effective

How many subsets of packet-filtering firewalls are mentioned in the text?

What are they?

static filtering, dynamic filtering, and stateful inspection

What is phishing? What is its variant?

is an attempt to gain personal or financial information from an individual,

usually by posing as a legitimate entity.

A variant is spear phishing,

What are hackers? How many types of hackers? Compare them.

Hackers are “people who use and create computer software to gain access to
information illegally.”

There are two types of hackers. The first is the expert hacker, or elite
hacker, who develops software scripts and program exploits used by
unskilled hackers. Unskilled hacker uses the software that made by elite
hacker

What do these words stand for? NIC:

NAT:
TCP:
DES:
MAC:

NIC: Network Interface Cards

NAT: Network Address Translation
TCP: Transmission Control Protocol
DES: Data Encryption Standard

MAC: Message Authentication Code

How many types of NIDs are there when we classify the design of the NIDS
according to the system interactivity property? Compare them.

There are two types: on-line and offline NIDS.

On-line NIDS deals with the network in real time. It analyses the Ethernet
packets and applies some rules, to decide if it is an attack or not. Off-line
NIDS deals with stored data and passes it through some processes to
decide if it is an attack or not.
How many cryptographic goals are there? What are they? What major classes
of authentication are usually subdivided? Why is it subdivided so?

Four. They are confidentiality, data integrity, authentication and non-

repudiation

Authentication is subdivided into two major classes: entity authentication

and data origin authentication because of 2 reasons + two parties entering
into a communication should identify each other + Information delivered
over a channel should be authenticated as to origin, date of origin, data
content, time sent, etc.

What is a man-in-the-middle attack? What method can prevent the traditional

man-in-the-middle attack?

A man-in-the-middle attack attempts to intercept a public key or even to

insert a known key structure in place of the requested public key. (Optional
part: Thus, attackers attempt to place themselves between the sender and
receiver, and once they’ve intercepted the request for key exchanges, they
send each participant a valid public key, which is known only to them.)

Solution: Establishing public keys with digital signatures can prevent the
traditional man in-the-middle attack, as the attacker cannot duplicate the
signatures.
What is cryptography? What is it used for?

Cryptography is the study of mathematical techniques related to aspects of

information security such as confidentiality, data integrity, entity
authentication, and data origin authentication to encrypt or decrypt
information.

How many major processing-mode categories are firewalls categorized? What

are they?

packet-filtering firewalls, application gateways, circuit gateways, MAC layer

firewalls, and hybrid
What does NIC stand for?How many NICs does the bastion host contain? What
are they?

2
One NIC is connected to the external network, and one is connected to the
internal network, providing an additional layer of protection

Network Interface cards

What do hackers use to engage in IP spoofing?
hackers use a variety of techniques to obtain trusted IP addresses, and
then modify the packet headers to insert these forged addresses
What is an intrusion detection system?

is a device or software application that monitors a network or systems for

malicious activity or policy violations
What are the weaknesses of the signature-based approach?

new attack strategies must be added into the IDPS’s database of signatures;
otherwise, attacks use new strategies will not be recognized and might
succeed

a slow, methodical attack might escape detection if the relevant IDPS

attack signature has a shorter time frame

What common architectural implementations are mentioned in the text?

Packet-filtering routers, screened host firewalls, dual-homed firewalls, and

screened subnet firewalls
What is the difference among a sender, a receiver, and an adversary?

A sender is an entity in a two-party communication which is the legitimate

transmitter of information.
A receiver is an entity in a two-party communication which is the intended
recipient of information.

An adversary is an entity in a two-party communication which is neither the

sender nor receiver, and which tries to defeat the information security
service being provided between the sender and receiver.

What are unsecured channel and secured channel?

An unsecured channel is one from which parties other than those for which
the information is intended can reorder, delete, insert, or read.

A secured channel is one from which an adversary does not have the ability
to reorder, delete, insert, or read.

What is the difference between an active adversary and a passive adversary?

A passive adversary is an adversary who is capable only of reading

information from an unsecured channel.

An active adversary is an adversary who may also transmit, alter, or delete

information on an unsecured channel

What is security? Which areas does information security include?

The broad areas of information security management, computer and data
security, and network security

Security is “the quality or state of being secure to be free from danger

How many fundamental characteristics does information have? What are

they? Translate into Vietnamese.

Three characteristics. They are confidentiality, integrity, and availability

What can you use to protect the confidentiality of information?

a number of measures, including Information classification, Secure

document storage, Application of general security policies, Education of
information custodians and end user
What is an information system?

It is the entire set of software, hardware, data, people, procedures, and

networks that make possible the use of information resources in the
organization.
Which attack does an attacker monitor packets from the network, modify
them, and insert them back into the network?

Man in the middle attack

Timing attack
How many subsets of packet-filtering firewalls are mentioned in the text?
What are they? Translate into Vietnamese.

There are three subsets of packet-filtering firewalls: static filtering,

dynamic filtering, and stateful inspection
Which malicious code software programs that hire their true nature and
reveal their designed behavior only when activated?
Trojan horse
................can be a documented process to take advantage of a vulnerability
or exposure, usually in software, that is either inherent in the software or is
created by the attacker.
An exploit
Which critical characteristics of information is the quality or state of being
genuine or original, rather than a reproduction or fabrication?
Authenticity
The IS component that created much of the need for increased computer and
information security is ..............…
Networking
....................are often created under the constraints of project management,
which limit time, cost, and manpower
software program
................... is a well-known and broad category of electronic and human
activities that can breach the confidentiality of information.
Espionage or trespass
...................is one that over time changes the way it appears to antivirus
software programs, making it undetectable by techniques that look for
preconfigured signatures.
A polymorphic threat
.....................failures occur when a manufacturer distributes equipment
containing a known or unknown flaw.
Technical hardware failures
Which of the following attacks is a variation of the brute force attack?
Dictionary
...............can be used both for legitimate network management
functions and for stealing information.
Sniffers
How many main properties does an ideal cryptographic hash function have?
What are they?

The ideal cryptographic hash function has four main properties

It is easy to compute the hash value for any given message
It is infeasible to generate a message that has a given hash
It is infeasible to modify a message without changing the hash

It is infeasible to find two different messages with the same hash.

What do these words stand for?
AES:
PKI:
UDP:
IDPS:
NIDS:

Advanced Encryption Standard

PKI: Public key infrastructure
UDP: User Datagram Protocol
IDPS: Intrusion Detection and Prevention System

NIDS: Network intrusion detection system

What are "Sniffers"? What are they used for? Why are unauthorized sniffers
dangerous to a network’s security?

Sniffers are programs or devices that can monitor data traveling over a
network. Sniffers can be used both for legitimate network management
functions and for stealing information.

Unauthorized sniffers can be extremely dangerous to a network’s security,

because they are virtually impossible to detect and can be inserted almost
anywhere.
What is a padded cell? What are its benefits?

A padded cell is a honeypot that has been protected so that that it cannot be
easily compromised—in other words, a hardened honeypot.
Attackers can be diverted to targets that they cannot damage.
Administrators have time to decide how to respond to an attacker
Attackers’ actions can be easily and more extensively monitored, and
the records can be used to refine threat models and improve
system protections.

Honeypots may be effective at catching insiders who are snooping around

a network.
What are correlation attacks? What method can prevent correlation attacks?

Correlation attacks are a collection of brute-force methods that attempt to

deduce statistical relationships between the structure of the unknown key
and the ciphertext generated by the cryptosystem.

The only defense against this attack is the selection of strong

cryptosystems that have stood the test of time, thorough key
management, and strict adherence to the best practices of cryptography in
the frequency of key changes.

Compare the differences between “Virus” and “Worm”

Virus consists of segments of code that perform malicious actions.

A worm is a malicious program that replicates it.

The primary difference between a virus and a worm is that viruses must be
triggered by the activation of their host; whereas worms are stand-alone
malicious programs that can self-replicate and propagate independently as
soon as they have breached the system.