Module 4: An overview of security tools

by
Contents hide
1 INTRODUCTION – An overview of security tools
2 Firewalls
3 ANTIVIRUS/ANTIMALWARE
4 INTRODUCTION TO CRYPTOGRAPHY
5 FIRST LOOK AT PENETRATION TESTING AND DIGITAL FORENSICS
6 KEY SECURITY TOOLS
7 CONCLUSION – An overview of security tools
Spread the love

INTRODUCTION – An overview of security tools

Get industrious and accumulate all necessary security gadgets within firewalls, antivirus software, and cryptography. Venture into penetration testing and digital forensics with new access on current trends and emerging threats as part of the thorough cybersecurity research.

Learning Outcomes

  • Defining digital forensics as well as its core concepts and tools.
  • Present the assessment of vulnerabilities.
  • Mention the various stages of penetration testing according to the Penetration Testing Execution Standard (PTES).
  • Recognize different common penetration testing methodologies.
  • Distinguish different kinds of threat actors.
  • Differentiation between attackers, offensive security researchers, and gray hat hackers.
  • What is penetration testing and why do it?
    Explain symmetric key cryptography principles, including DES and AES.
  • The most basic cryptographic attacks.
  • Compare symmetric encryption, asymmetric encryption, and hashing.
  • Understand stream and block ciphers.
  • Defining cryptography and the basic principles.
  • Explain the operation of antivirus and antimalware programs.
  • Differentiate stateless, stateful, and proxy firewalls.
    Explain XML gateways and their role.
  • Identify specific examples of limitations of firewalls.
  • Comparison of application gateways with packet filters.
  • Explain what an packet filtering is and how it works.
  • State the purpose and benefits of firewalls.
  • Alice and Bob Characters and Concepts in Cryptography Scenario.

Firewalls

1. Firewalls contribute to the security of your network in which three (3) ways?

  • Prevent an internal user from downloading data she is not authorized to access.
  • Prevent Denial of Service (DOS) attacks. (CORRECT)
  • Allow only authorized access to inside the network. (CORRECT)
  • Prevent unauthorized modifications to internal data from an outside actor. (CORRECT)

Partially correct! SYN flood stepping stones can also be filtered by firewalls.

Partially correct! Only authenticated users are allowed to access the network via firewalls.

Partially correct! Inner data can be protected from outside access by firewalls.

2. Which packets are selected for inspection by a packet filtering firewall?

  • Every packet entering or leaving a network. (CORRECT)
  • The first packet in any transmission, whether entering or leaving.
  • The first packet of every transmission but only subsequent packets when “high risk” protocols are used.
  • Every packet entering the network but no packets leaving the network.

Correct! Every packet is inspected.

3. True or False: Application Gateways are an effective way to control which individuals can establish telnet connections through the gateway.

  • False
  • True (CORRECT)

Correct! Application gateways can perform effective access control depending on a given protocol.

4. Why are XML gateways used?

  • XML traffic passes through conventional firewalls without inspection. (CORRECT)
  • XML packet headers are different from that of other protocols and often “confuse” conventional firewalls.
  • XML traffic cannot pass through a conventional firewall.
  • Conventional firewalls attempt to execute XML code as instructions to the firewall.

Correct! Commonly, traditional firewalls do not scan or inspect XML payloads for threats such as active malicious code.

5. Which three (3) things are True about Stateless firewalls?

  • They are also known as packet-filtering firewalls. (CORRECT)
  • They maintain tables that allow them to compare current packets with previous packets.
  • They filter packets based upon Layer 3 and 4 information only (IP address and Port number) (CORRECT)
  • They are faster than Stateful firewalls. (CORRECT)

Partially correct! This is another term for a packet-filtering firewall.

Partially correct! They filter on IP and port only.

Partially correct. They have less work to do.

ANTIVIRUS/ANTIMALWARE

1. True or False: Most Antivirus/Antimalware software works by comparing each file encountered on your system against a compressed (zipped) version of known malware maintained by the vendor on the local host.

  • False (CORRECT)
  • True

Correct! One of the most common methods for detecting a malicious file in your system is by comparing file hashes.

INTRODUCTION TO CRYPTOGRAPHY

1. How many unique encryption keys are required for 2 people to exchange a series of messages using asymmetric public key cryptogrophy?

  • 2
  • no keys are required
  • 1
  • 4 (CORRECT)

Correct! To securely communicate, both the sender and the receiver have to possess a public key and a private key.

2. What is Cryptographic Strength?

  • Relies on math, not secrecy
  • Ciphers that have stood the test of time are public algorithms.
  • Exclusive Or (XOR) is the “secret sauce” behind modern encryption.
  • All of the above. (CORRECT)

Correct! All of these are critical.

3. What is the primary difference between Symmetric and Asymmetric encryption?

  • The same key is used to both encrypt and decrypt the message. (CORRECT)
  • Symmetric encryption is inherently less secure than Asymmetric encryption.
  • Symmetric encryption is inherently more secure than Asymmetric encryption.
  • Asymmetric uses only single-use keys so a subscription to a key vendor is required to obtain new keys.

Correct! That is what is symmetric about the process.

4. Which type of cryptographic attack is characterized by an attack based upon trial and error where many millions of keys may be attempted in order to break the encrypted message?

  • Brute force (CORRECT)
  • Rainbow tables
  • Social Engineering
  • Known Plaintext
  • Known Ciphertext
  • All of the above.

Correct! However, in front of a very strong encryption, it takes billions of years even for the strongest computer to decrypt its millions of billions of trial attempts per second.

5. What is the correct sequence of steps required for Alice to send a message to Bob using asymmetric encryption?

  • Alice and Bob exchange their private keys to confirm each other’s identity and then Alice uses her public key to encrypt the message that Bob can decrypt using his public key.
  • Alice and Bob exchange their public keys to confirm each other’s identity and then Alice uses her private key to encrypt the message that Bob can decrypt using his private key.
  • Alice uses her private key to encrypt her message and then sends it to Bob. Bob requests Alice’s public key and uses it to decrypt the message.
  • Alice requests Bob’s public key and uses it to encrypt her message. Alice then sends the encrypted message to Bob who decrypts it using his private key. (CORRECT)

Correct! Her name was Alice, and through Bob’s public key, she could encrypt the message from either side so that only Bob’s private key would ever decrypt it.

FIRST LOOK AT PENETRATION TESTING AND DIGITAL FORENSICS

1. A skilled penetration tester wants to show her employer how smart she is in hopes of getting a promotion. Without obtaining permission, she hacks into the company’s new online store to see if there are any weaknesses that can be hardened before the system goes live. She does not do any damage and writes a useful report which she sends over her boss’s head to the CISO. What color hat was she wearing?

  • A White Hat
  • A Gray Hat (CORRECT)
  • A Black Hat
  • A Pink Hat
  • A Rainbow Hat

Correct! Though her intentions might be good; however, getting access to a system without authorization is really uncomfortable with the Pakistan law and probably against her company policy on computer security. She might be promoted or terminated.

2. Which three (3) are resources that are available to help guide penetration testing efforts by cybersecurity specialists?

  • Open Source Security Testing Methodology Manual (OSSTMM). (CORRECT)
  • NIST SP 800-42 Guidelines on Network Security Testing. (CORRECT)
  • Information Systems Security Assessment Framework (ISSAF) (CORRECT)
  • General Data Protection Regulation (GDPR)

Partially correct! As the name implies, this is a fantastic resource.

3. According to the Vulnerability Assessment Methodology, Potential Impacts are determined by which 2 factors?

  • Identify Indicators and Exposure
  • Sensitivity and Adaptive Capacity
  • Exposure and Sensitivity (CORRECT)
  • Potential Impacts and Adaptive Capacity

Correct! Assess the likelihood that the event might be exposed and sensitivity to conclude the assessment in volume terms on potential impact.

4. In digital forensics, the term Chain of Custody refers to what?

  • This is a physical chain that is place around a crime scene to protect the evidence from being disturbed.
  • The record that documents the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence. (CORRECT)
  • This is a digital “chain” that isolated digital evidence from being disturbed until it can be analyzed by the police or other authorities.
  • This chain of custody is simply a written record of who possessed the evidence as it moves from collection to analysis to presentation in a court of law.

Correct! This is so for it serves as a chain where the continuation looks like a lock that represents the position of the evidence at a specific moment in time.

KEY SECURITY TOOLS

1. What is the primary function of a firewall?

  • Uses malware definitions.
  • Filter traffic between networks. (CORRECT)
  • Secures communication that may be understood by the intended recipient only.
  • Scans the system and search for matches against the malware definitions.

2. How many unique encryption keys are required for 2 people to exchange a series of messages using symmetric key cryptography?

  • 1 (CORRECT)
  • 2
  • 4
  • no keys are required

3. Which type of data does a packet-filtering firewall inspect when it decides whether to forward or drop a packet?

  • Source and destination IP addresses.
  • TCP/UDP source and destination port numbers.
  • ICMP message type.
  • TCP SYN and ACK bits.
  • All of the above. (CORRECT)

4. Which type of firewall inspects XML packet payloads for things like executable code, a target IP address that make sense, and a known source IP address?

  • An XML Gateway. (CORRECT)
  • An application-level firewall.
  • A packet-filtering firewall.
  • All of the above.

5. Which statement about Stateful firewalls is True?

  • They have state tables that allow them to compare current packets with previous packets. (CORRECT)
  • They are less secure in general than Stateless firewalls.
  • They are faster than Stateless firewalls.
  • All of the above.

6. True or False: Most Antivirus/Antimalware software works by comparing a hash of every file encountered on your system against a table of hashs of known virus and malware previously made by the antivirus/antimalware vendor.

  • True (CORRECT)
  • False

7. Which type of cryptographic attack is characterized by comparing a captured hashed password against a table of many millions of previously hashed words or strings?

  • Social Engineering
  • Known Ciphertext
  • Rainbow tables (CORRECT)
  • Brute force
  • Known Plaintext

CONCLUSION – An overview of security tools

This module provides a very detailed and thorough introduction to important security tools such as firewalls, anti-virus, or cryptography. Penetration testing is also further discussed in the module as well as digital forensics. Learning where to find resources on industry trends and emerging threats has prepared one to do extensive research and investigation in the field of cyber security.

Leave a Comment