On tap TACN

What is cryptographic hash function?

A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will change the hash value.

What are honeypots? What are honeypots designed for? What should admin do when using honeypots and honeynet

Honeypots are decoy systems designed to lure potential attackers away from critical systems.
They are designed to do the following:
-Divert an attacker from critical systems

-Collect information about the attacker’s activity

-Encourage the attacker to stay on the system long enough for administrators to document the event and, perhaps, respond

Administrators should be careful not to cross the line between enticement and entrapment

What is DDoS and dictionary attack?

A distributed denial-of-service (DDoS) is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
The dictionary attack is a variation of the brute force attack which narrows the field by selecting specific target accounts and using a list of commonly used passwords (the dictionary) instead of random combinations.

What are types of IDS? What are IDPS methods?

Two types of IDS are NIDS and HIDS.
Three types of IDPS methods are Signature-based IDPS, Statistical Anomaly-based IDPS, Stateful protocol analysis IDPS.

How many security technologies in Unit 4? What are they?

there are seven security technologies. They are IDS, IPS, Honeypots, Honeynets, Padded Cell Systems, Trap-and-Trace Systems, Active Intrusion Prevention.

What is an IDS? How does it work?

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations.

What is encryption and decryption?

The process of making the information unreadable is called encryption or enciphering.
Reversing this process and retrieving the original readable information is called decryption or deciphering.

What is cryptography? Where does cryptography derive from and what does it mean?

Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication.
The word “cryptography” is derived from the Greek words kryptos, meaning hidden, and graphien, meaning to write.

What is hash function? Why are hash function considered one-way operation?

Hash functions are mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm the identity of a specific message and to confirm that there have not been any changes to the content.
Because the same message always provides the same hash value, but the hash value itself cannot be used to determine the contents of the message

What is sender, receiver, adversary?

A sender is an entity in a two-party communication which is the legitimate transmitter of information. A receiver is an entity in a two-party communication which is the intended recipient of information. An adversary is an entity in a two-party communication which is neither the sender nor receiver, and which tries to defeat the information security service being provided between the sender and receiver.

What is the difference between an active adversary and a passive adversary?

An active adversary is an adversary who may also transmit, alter, or delete information on an unsecured channel..
A passive adversary is an adversary who is capable only of reading information from an unsecured channel.

What does PKI stand for? What is it?

PKI stand for Public-key Infrastructure. It is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.

Why are hash function widely used in e-commerce?

Because hash functions confirm message identity and integrity, both of which are critical functions in e-commerce.

What is one of the most important reason to install an IDPS?

One of the best reasons to install an IDPS is that they serve as deterrents by increasing the fear of detection among would-be attackers.

What is security? What is information security?

Security is “quality or state of being secure to be free from danger”. The committee on National Security System (CNSS) defines information security as the protection of information and its critical elements, including the systems and hardware that use, store and transmit that information.

How many fundamental characteristics does information have? What are they?

Three characteristics . They are confidentiality, intergirty and availability.

What is NIDS' function?

It performs an analysis of passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks.

What is firewall in computing?

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Who are hackers? Which skill levels are divided among hackers?

Hackers are “people who use and create computer software to gain access to information illegally.
There are generally two skill levels among hackers. The first is the expert hacker or elite hacker, the second is the novice or unskilled hacker.

What is symmetric cipher? What is mathematical trapdoor?

Encryption methodologies that require the same secret key to encipher and decipher the message are using what is called private key encryption or symmetric encryption.
A mathematical trapdoor is a “secret mechanism that enables you to easily accomplish the reverse function in a one-way function.”

What is trojan horse? How does it work?

trojan horses are software programs that hide their true nature and reveal their designed behavior only when activated.
trojan horses arrives via email or software such as free games.
trojan horses is activated when the software or attachment is executed.
trojan horses releases its payload, monitors computer activity, installs back door, or transmits information to hacker.

What are stateful filter's function?

maintain knowledge of specific conversations between endpoints by remembering which port number the two IP addresses are using at layer 4 (transport layer) of the OSI model for their conversation, allowing examination of the overall exchange between the nodes.

What are differences between traditional hackers' profile and modern hackers' profile?

Traditional hacker profile: age 13 - 18, male with limited parental supervision; spend all his free time at the computer. Modern hacker profile: age 12 - 60, male or female; unknow background, with varying technological skill level, may be internal or external to the organization.

What is asymmetric encryption?

asymmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message.

What method is used for protecting residential users?

Method of protecting the residential user is to install a software firewall directly on the user’s system.

What is the most important benefit of application layer filtering?

The key benefit of application layer filtering is that it can understand certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)).

What is the difference between online NIDS and offline NIDS?

On-line NIDS deals with the network in real time. It analyses the Ethernet packets and applies some rules, to decide if it is an attack or not. Off-line NIDS deals with stored data and passes it through some processes to decide if it is an attack or not.