Upgrade to remove ads
Cybint Solutions Certification in Cyber Security Protection - Litigation Support Tip of the Night
Terms in this set (414)
What kind of devices can be included in a computer network?
Camera, printers, tablets, etc. Not just computers.
What are LANs?
Local area networks
How can data be transferred in a network?
Via wifi or cables
What services do computer networks allow for?
What two types of addresses do computers in a network have?
IP and MAC
What does MAC stand for?
Media Access Control
What is a MAC address?
A physical address; a unique identifier assigned by a manufacturer to a device. It does not change if is connected to a different address.
What many characters does a MAC address contain?
What characters can be used in MAC address?
What's the name for the kind of characters used in a MAC address?
How many possible entries are there for each hexadecimal character?
Is the MAC address included in every message sent through a network?
What does IP address stand for?
Internet protocol address
Does an IP address change between networks?
Will a computer have two different addresses for communicating inside a network and on the internet?
How many numbers are included in an IP address?
Four. E.g., 192,.168.0.32
What numbers can be used in an IP address?
How many possible IP addresses can there be?
Have all IP addresses already been used?
What are dynamic IP addresses?
Those assigned by a service provider
Why is difficult to trace an IP address?
Most users borrow an IP address from their ISP each time they connect to the internet.
Who has fixed IP addresses?
Big organizations and companies
How do MAC and IP addresses differ in direct messages?
MAC addresses are needed to direct messages within the network. IP addresses direct messages between network.
What are routers?
They direct messages between networks.
What addresses are used in sending a message to a different network?
The router's MAC address and the destination's IP address.
What does DNS stand fort?
Domain Name System
What does DNS do?
Translate domain names to numerical IP addresses.
Will typing a domain's numerical address in a browser lead to the same location as the domain name?
What are DNS servers?
They handle requests made when someone visits a site translating the request to a particular IP address
Are most cyber attacks directly against a specific target?
No. Most are widely spread.
How much has the median cost of a cyber attack increased annually over the past five years?
It has increased by 200% each year.
What can be the biggest harm caused by a cyber attack?
Damage to a company's reputation.
What percentage of cyber security breaches are due to human error?
Who causes more than half of all security breaches?
Individuals who had inside access to an organization's system
How can protection software be bypassed without detection?
By uploading a file directly to a network.
What are five ways to exploit a cyber user?
1. stealing passwords
3. infected USB drives
4. malwares and spywares
5. software vulnerabilities
What is the difference between a brute force attack and dictionary attack?
A brute force attack is used for short passwords. A dictionary attack is for longer passwords.
What is phishing?
The attempt to obtain sensitive information by masquerading as a trustworthy entity in an electronic communication
What is clickjacking?
Tricking a user into clicking on something different from what they believe they are clicking on.
What is cyber hygiene?
The establishment and maintenance of an individual's online safety.
What steps can be taken in maintain cyber hygiene?
1. Maintaining a firewall.
2. Updating virus definitions
3. Running security scans
4. maintaining passwords
5. backing up data.
6. securing personal data
What is the reach breach concept?
First an attacker has to identify an individual with access, then next gain access to the privileged information.
What is an SQL injection attack?
An attacker will gain the ability control a database server.
What is a buffer overflow attack?
a program overwrites memory that should not have been modified
What is the result of a buffer overflow?
The program will often crash or become unstable.
What is one way to hack a router?
Look up default passwords for routers on sites that post them.
What is malware?
any type of malicious software that tries to infect an electronic device.
What are types of malware?
Denial of service attacks
What is an APT?
An Advance Persistent Threat - to involves both reach and breach
What are the five steps of an APT?
2. incursion - break in using malware
3. maneuver - avoid detection
4. attack - capture information over an extended period
5. treasure - capture information is analyzed
What is Sykipot?
An APT attack that has been stealing information from companies for several years.
What is the MO of Skipot?
They send target emails with misleading links. It is a mail scam attack vector.
How are Chinese made e-cigarettes a threat?
They may deliver malware when plugged in a USB port for charging.
What is cyberwar known as?
The fifth domain of warfare
What is Cybint's sword and shield concept?
The need to act and defend in cyberspace.
Do all cyber attackers want to profit financially from their crimes?
No. For some the primary motivation is recognition and disruption. Others may want to gather intelligence, or engage in hactivism, terrorrism, or warfare.
What percentage of cyber attacks are criminal?
What types of damage may be inflicted by cyber attacks?
3. information disclosure
4. psychological damage
5. reputation damage. hurting a company's brand
What is Stuxnet?
Stuxnet is a malicious computer worm, first uncovered in 2010 by Kaspersky Lab. Thought to have been in development since at least 2005, Stuxnet targets SCADA systems and was responsible for causing substantial damage to Iran's nuclear program. Although neither country has openly admitted responsibility, the worm is believed to be a jointly built American/Israeli cyberweapon.
What is the sword?
Opportunities in cyber space. Examples include
1. profiling and due diligence
2. digital evidence tracking and analysis
3. tracing criminals
What is the cloud?
A network of servers, each with a different purpose.
What are the motivations for moving to the cloud?
Financial - a computer only pays for the programs and storage that it uses.
Stored data can be accessed through the internet.
What are cloud security concerns of providers?
They must ensure that users's data is protected and that the infrastructure is secure.
Ensure proper data isolation, so different customers can't access each other's data.
What are cloud security concerns of users?
They must secure their applications and choose strong passwords.
What does a company lose when it moves to the cloud?
Physical access to the servers holding their information.
What was the vulnerability that allowed hackers to obtain photos of celebrities in August of 2014?
A flaw in the iCloud API allowed them to try unlimited numbers of passwords
What is a router?
A networking device that forwards data between computer networks
What are core routers?
They are used by ISP to manage internet traffic.
What else do routers do?
Let users set up a wireless network and provide security.
What is WLAN?
Wireless Local Area Network
What protocol are WLANs based on?
the IEEE 802.11 protocol - generally known as wifi
What is the most important parameter to distinguish WLANs?
Are wifi networks more or less secure than wired networks?
What is s WWAN?
A Wireless Wide Area Network which covers much greater areas.
Is a cyber crime harder to detect than a regular crime?
Can some cyber crimes be carried out by amateur hackers?
What is the most common type of cyber crime attack?
Who the biggest target for cyber breaches?
The average user.
What are common types of money theft cyber scams?
1. Impersonation scam
3. Online shaming
4. identity theft
5. social engineering
What is DLP?
Data Loss Prevention software
What is a typical identify theft scenario?
Someone accumulates a lot of debt in your name.
Are cyber crimes treated the same as conventional crimes by law enforcement agencies?
In 2014 how long did it take JP Morgan Chase to discover that a cyber breach had occurred?
How much data and what kind of data was compromised in the JP Morgan Chase?
83 million records including bank account numbers, credit card information, email addresses and passwords
How did the JP Morgan breach occur?
Using the credentials of the bank's workers, possibly obtained during a phishing attack.
When did the attacks against the U.S. electrical infrastructure take place, and how many were there?
During 2013 and 2014 there were more than 200 such attacks.
How did the breach against the U.S. electrical infrastructure take place?
A worker clicked on a link in an email allowing malware to infect the network which went undetected for more than a year.
What damages were incurred in the breach of the U.S. electrical infrastructure?
More than $6B from two days of interruptions of service.
How did a breach of the Lockheed Martin network in 2011 occur?
Through a penetration of the RSA systems.
What has been the biggest data leak in history?
The Panama Papers disclosures - the result of the hack of a law firm in Panama.
What was one of the most important revelations of the Panama Papers breach?
The Prime Minister of Iceland had improper offshore accounts.
What is a dictionary attack?
It uses every word in the dictionary in a prearranged order.
How long will it take to crack a password that contains only one word?
A few seconds.
Does adding a digit to a password increase its stability?
It will only prolong the time needed to crack the password by between a few seconds and 24 hours.
Can dictionaries that include added digits be downloaded for free?
How does a brute force attack work?
It tries all of the possible combinations for a password in ascending order
How many options are there for every character in a password?
More than 80.
How many combinations can exist for a four digit password?
More than 26 million
What tendency do brute force attacks exploit?
The tendency of people to use lower case letters in passwords.
How long will it take a brute force program to crack a random combination of letters, numbers and special characters?
What are the three factors that effect password strength?
1. its length
2. the mix of characters
Will a ten character password that is a random mix of letters, numbers and special characters hold up against every attempt to crack it?
Where can you check your password strength?
What is 2 level authentication?
In addition to the user's password, they receive a code sent to them on another platform.
Face recognition, fingerprints, or questions about personal information may also be used.
What percentage of U.S. adults use social media?
More than 75 per cent
When did the myspace data breach occur? How many people were effected?
In 2016. Data from more than 360 million accounts was breached.
How many passwords were stolen from Linkedin in 2012?
More than 100 million
What was the nature of the Twitter breach discovered in 2016?
It found the login credentials of 32M users for sale on the dark web for 10 bitcoin.
How can you tell if your social media account has been hacked?
1. Posts are made which you didn't compose.
2. There are logins from unusual locations.
3. spam ads
4. unable to login
What is lifejacking?
spam ad which has another layer that will activate an app flooding the queue with spam if the fake like button is pressed.
What is leakedsource.com?
It gives users the ability to find out if their data is online.
What should you do after learning your account has been compromised?
Change your password
What should you do after recovering an account?
Confirm that none of your recovery information has been changed.
What is a BDA?
A breach damage assessment
What should be considered in a BDA?
Was the motivation to steal your information or expand the attack to other accounts?
Are there any applications connected to your account that you don't know about?
Inform all of your contacts of the breach as well as the company that hosts the account.
What are the signs that your email account has been breached?
1. logins that you don't recognize
2. Notification that your user name or password has changed.
3. Stop getting emails.
4. Friends complain that they receive spam from you.
5. Messages that you didn't send appear in sent items.
6. Signs of activity at unusual times annd places.
How can you check account activity on Gmail?
Last Account Activity. Press Details in the right corner. A separate activity on this account window will open listing:
1. Access Type (browser, mobile, POP3)
2. Location (IP Address)
What site can be used to check if you have an account that has been breached?
have I been pwned?
What steps should you take if your email account has been hacked?
1. reset your password
2. fill in the account recovery form
3. check your email settings to see if emails are being forwarded.
4. Scan your PC for malware
5. Find out what other account using the same password have been compromised
What are methods by which identity theft can be attempted?
3. Eavesdropping - make sure that your connection is encrypted when sending sensitive data online.
4. Data leaks
How can you check to determine if you've been the victim of identity theft?
1. google your name
2. google your account numbers
When you run a search on google is the communication encrypted?
What is pastebin?
A platform used by hackers to exchange stolen information.
How should pastebin be searched?
Run a search targeting the site from Google advanced search.
What is the most important step to take if you are concerned that you have been the victim of identity theft?
Inform law enforcement authorities; your bank; credit card provider; employer
Where can you report identity theft?
On the FTC's site, identitytheft.gov
What is a fraud alert?
It informs lenders and other businesses that you've been the victim of identify theft.
What is a credit freeze?
It blocks any attempt to open an account using your information. It can only be removed upon your request.
Who provides fraud alerts and credit freezes?
2. Trans Union
What are the two types of malware?
The spreading type and the acting type.
When does a virus activate?
When the user runs an infected program.
Can viruses remain undetected for a long period of time?
What does a virus do for a long time after penetrating a computer
infect new programs or hardware, only extracting data after a predefined period time or when it has spread widely enough.
Does a worm require a user to launch an infected program?
How does a worm spread?
It uses a computer network taking advantage of security failures on target computers.
When and what was one of the first computer worms distributed via the internet?
The Morris worm in 1988
How did the Morris worm cause damage?
Its self replication used a huge amount of bandwidth
Does a bot net harm your computer?
What does a bot net do?
It uses your computer to harm other computers.
What are bots often used for?
To send spam
What are two different ways that ransomware prevents someone from using their computer?
1. Locks the screen
2. Locks files
What is crypto ransomware?
Certain file types are encrypted and users are forced to pay the ransom online.
How is a computer infected with ransomware?
1. When users visit infected sets.
2. Delivered by other malware
Was ransomware a major problem before 2012?
What contributed to the rise of ransomware?
The popularity of Bitcoins
What are some ways to defend against ransomware?
1. Maintaining offline backs of data.
2. Use tools designed to decrypt ransomware
What is Cryptolocker?
A ransomware Trojan that targets computers running Windows. It was posted to the internet in 2013.
How did Cryptolocker propagate?
Via infected email attachments.
How does Cryptolocker work?
It encrypts files using RSA public key crytopgraphy
What kind of payment does Cryptolocker demand?
1. prepaid cash voucher
Did paying the ransom to Cryptolocker always lead to the files being decrypted?
What percentage of malware is compromised of Trojan horses or spyware?
Is a Trojan Horse usually the means or the ultimate goal?
Usually the means.
What kind of information does spyware collect?
2. browsing history
3. credit information
How can spyware function?
1. By recording keystrokes
2. Taking screenshots
3. activate microphone or camera
What is spyware usually used for?
1. To customize online advertising.
2. identity theft
What are some built-in functions of adware?
analysis of visited sites
What is DoS?
Denial of Service
What is the most common type of Denial of Service attack?
Sending a network more traffic than it can handle.
What is an example of DoS attack using email?
Certain email applications limit the number of characters that an attachment can use. Hackers can send attachments that exceed this limit
What is a SYN flood?
When a computer establishes a connection with a server, a handshake packet is sent. In a SYN flood the attacker will send a large number of connection requests but fails to respond.
What is ARP spooling?
The aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.
What does ARP stand for?
Address resolution protocol.
How does an ARP or man in the middle attack work?
The hacker prevents packets from getting to their destination.
What are ways to guard against DoS attacks?
1. Block the originating IP address
2. Use security tools designed to prevent flood attacks.
3. Configure serves to detect http request attacks
4. Use tools to prevent single origin attacks as soon as they begin.
What is a DDoS?
A distributed denial of service attack.
How does a DDoS work?
It uses many computers, functioning as a bot net.
What are the types of software exploits?
1. remote exploits
2. local exploits
What is a remote exploit?
Exploit the vulnerability of the software without having prior access to it. It usually means there is a weakness in the code.
What is a local exploit?
The hacker has prior access to the software and can make changes to it.
What is a common local exploit?
1. Changing the user's permissions to a higher level.
2. Replacing a CD need to run a program with an infected one.
What is zero day?
The period that begins when a program's vulnerability is discovered. It only ends when the code is changed, or a patch is distributed.
What common program had an exploit in 2014?
MS Word had a vulnerability that allowed a remote exploit to cause a DoS or a massive memory loss. The zero day period lasted about two weeks.
Where is every exploit recorded?
The US cert site. https://www.us-cert.gov/
CERT - computer emergency readiness team
How does anti-virus software work?
It compares every bit of program to a file signature database.
Should you choose between having anti-virus or anti-malware software?
No, you should use both.
Are firewall settings global?
No they are specific to particular companies.
What do firewalls examine?
1. Country of origin
3. Content e.g., games
Do firewalls just monitor in-going traffic?
No they monitor out-going traffic as well.
What is a web application firewall?
A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers. By inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.
Should you install more than one antivirus program?
No it will cause difficulties for the operating system.
Can operating systems have built-in firewalls?
Do you need to clean unneeded files to maintain the security of your computer?
What devices are files regularly cleaned from?
What are examples of common cleaning programs?
1. Bleach Bit
2. Clean master
3. C cleaner
What are ways to detect the presence of malware?
1. Antivirus software
3. Monitor the computer with external tools like VirusTotal
What is a honeypot?
A computer security tool designed to detect unauthorized activity on a computer or network. It appears to be a legitimate part of the network but is actually isolated. It appears to contain valuable information.
How can you manually detect the presence of a virus?
Using Task Manager google the program using most of the CPU data.
What is VirusTotal?
It is a free online service that analyzes files to detect the presence of malware.
What does VirusTotal utilize?
Antivirus engines and website scanners from AVG, Avast and Malwarebytes
How does VirusTotal work?:
You upload a file or enter a specific url and VirusTotal uses scanners from multiple sources
What is the biggest threat that malware poses to your computer?
What is the best way to deal with the risk of malware?
Backing up your data to another platform.
Should you use more than one backup method?
What are some backup methods?
1. Keep a local backup in a different location on your computer.
2. Keep an external backup
3. Storage cloud service
What are examples of free cloud storage services?
!. Google Drive
2. Microsoft One Drive
Do cloud services mean that you don't have to back up your files?
Yes. They will automatically synch the files.
How often should valuable data be backed up?
At least once a week, using different platforms.
If you suspect that you have malware what is the first thing you should do?
Make sure your anti-virus and anti-malware software is up to date, and your operating system has the latest updates. Then run a full malware scan. Disconnect the computer from the internet if the anti-malware software doesn't detect the problem.
What is an example of when it may not be possible to disconnect from the internet?
laptops having a software based wifi switch that malware can bypass
What is something a very aggressive malware program can do?
Stop your computer from booting on startup.
if malware stops your computer from starting what can you do?
1. use emergency rescue media.
2. reformat the entire system
What is emergency rescue media?
A CD or UBS with special software to disinfect malware
What weakness do social engineers exploit?
What do social engineers manipulate?
What are the four top social engineering methodologies?
What is phishing?
The attempt to obtain sensitive information, for malicious reasons. E..g. sending an email from what appears to be a legitimate business.
What are some phishing attack types?
1. URL and email manipulation
2. Taking advantage of current events. e.g. earthquake.
3. Spear phishing
What is spear phishing?
Phishing targeting select groups.
How do identify a suspicious email?
1.Warning from email service.
2. Show original
After displaying the original email, what should look for?
The original IP address
What are the most common ways to deceive someone into giving up their personal credentials?
Caller ID and email spoofing.
Can Caller IDs be changed?
Yes, they can be altered to show any number regardless of the true source of the call.
What are some of the tools used in spoofing?
1. Caller ID spoofing
2. SMS spoofing
3. Adding background voices
4. Voice changing
What happens if you call the number used in Caller ID spoofing?
You may reach the rightful owner of the number.
Which government organization was impersonated in famous caller ID scam?
Does email spoofing require technical knowledge?
How does email spoofing work?
Gain access to someone's contacts and send out emails from that person to others.
What are two examples of email spoofing?
1. Bank phishing
2. Bogus boss asking for an account transfer.
What are cookies?
Small, often encrypted text files that are located in browser directories. They are used to navigate a site more easily and perform complex functions.
When are cookies created?
When a user visits a web site.
Where are cookies sent to and from?
From a web site to a browser.
How are cookies used?
They are sent by the browser to the web site the next time it is visited.
Are cookies only created by the site that a user visits?
No. They may also be created by widgets and ads
What are some standard uses of cookies?
1. to authenticate users with stored login information
2. Sessions cookies
3. Customizing / tracking cookies
What are session cookies?
They store information about user page activities, so users can pick up where they left off. E..g, by ordering items in a shopping cart.
What do tracking cookies do?
Store user preferences
Can cookies execute code or making copies of themselves?
Can cookies be used to act as a form of spyware?
Yes. Sensitive information sent between a browser and a web site can be intercepted.
How do anti-spyware programs handle cookies?
They often flag them for deletion after standard scans.
How can browsers effect cookie usage?
1. set them to expire after a certain time.
2. disposal after a user visits a particular site.
What is one of consequences of disabling cookies?
It may lock you about of web based email applications like gmail, and YouTube.
Why do searching settings require cookies?
They need them for language settings.
When should cookies be set to expire?
When using a shared computer.
How do you customize cookies in Chrome?
Four bars . . . Settings . . . Advanced Settings . . . Content setings under 'Privacy'.
Can Chrome manage the cookies for specific sites?
What are three ways of handling cookies?
Keep them, block them, or delete them when you exit.
How can web browsers be breached?
1. A breach in the operating systems may allow malware to modify the brower's settings.
2. Breach in browser's source code
3. Hacking browser plug-ins
4. Intercept the browser's network communications
What are reasons to breach a web browser's security?
1. display pop ads
2. collect information for internet marketing or ID theft.
3. install malware
4. allow for MITB attacks
What does MITB standard for?
Man in the Browser
What is MITB?
A Trojan horse effecting the web browser related to man in the middle attacks.
What is the most widely used browser?
What is an advantage of Chrome?
Cutting edge extensions are offered in Chrome first.
What is an advantage of Firefox?
It offers a built-in PDF viewer
What is an advantage of IE?
It lets you pin a site to the taskbar.
What is Google safe browsing?
It is a blacklist of cites that contain malware or phishing content
Which browsers use google safe browsing?
Chrome, Safari, and Firefox use the lists.
Who sends email alerts to ISPs?
Google sends them about threats on their networks.
What does MWOT stand for?
My Web of Trust
What is My Web of Trust?
It is a web service that helps users determine if a web site is trustworthy.
What is the integrated review of MWOT?
It is a add-in ranking sites from Excellent to Very Poor
What is the most popular ad blocking service?
Ad Block, a free download
Are there web sites which prevent users from seeing advertising until an ad blocking extension is disabled?
What a trackers?
They develop a profile about an individual and track their online actiivty
What is a liability of trackers?
They can slow down your browser.
What is a browser extension that can be used to detect and control trackers?
What are digital certificates?
Verifiable small data files with identity credentials to help web sites represent their authentic online identity.
What is the most common cryptographic protocol?
TSL, formerly known as SSL
What communication protocol uses TSL?
What will you see if a HTTPS site is safe?
A green lock icon.
What are the three categories of web attacks?
1. User targeted attacks
2. Web application targeted attacks
3. Browser targeted attacks
What are types of user targeted attacks?
1. a site that convinces users to download files that contain malicious software.
2. web browser phishing - encouraging users to fill out forms with their personal data.
What is an example of a web application attack?
Cross site scripting - XSS
How does an XSS attack work?
It encourages a user to submit information that will then be visible to all other users.
How is an XSS attack accomplished?
Malicious code is submitted to web based application by the hacker which is then executed by subsequent users.
What does CSRF stand for?
Cross site request forgery
How does CSRF work?
Forces users to execute unwanted actions on a web app on which they are currently authenticated. The actions may include information theft or money transfers.
What is example of a CSRF attack?
A hacker sets up a currency converter to be used when a user has accessed a bank web application The converter site may enter malicious script in the browser, which may then execute a malicious transfer using the user's credentials.
Should browsers prevent unknown scripts from running?
How do add-ins or plug-ins function in targeted attacks?
They allow for malicious software to be downloaded, or for the browser settings to be altered.
What is clickjacking typically used for?
Getting users to follow Twitter accounts or like Facebook pages.
What is the Google pay per click scam?
It encourages users to pay for online advertisements.
What is a common back list of infected sites?
malwaredomainlist.com, but malicious actors will be aware of these sites.
What are digital certificates?
Verifiable small data files that contain identity credentials to help websites, people and devices represent their authentic online identity.
What are lesser known types of browsers?
Opera, Mosaic, Edge, Vivaldi
What is the difference between a worm and a virus?
Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate.
What are the risks of using wifi networks?
1. using public and unsecured wifi networks.
2. using untrusted hotspots and evil twins.
What is the biggest risk entailed with using a wifi network?
Everyone within range with the correct login credentials can login, making the network vulnerable to eavesdropping.
Is it difficult to install malware on a wifi network?
No. It can be accomplished using tools freely available online.
What protective features do most wifi networks have?
WPA - Wireless Protective Access protocol
What does WPA do?
Encrypts traffic on the network.
What is common technique of hackers looking to take advantage of wifi users?
Setting up a fake hotspot.
What is an evil twin?
The hacker targets a specific group setting up a hotspot that mimics the properties of a nearby network. Browser requests can be redirected to malicious sites with malware.
How does a MITM attack work?
A Man in the Middle attack, the attacker intercepts a communication between two parties, and the entire communication is directed through the attacker, which each party thinking that he is the other party. The intercepted data can be manipulated.
What are most MITM attacks directed against?
Network components - they don't involve a human factor. Network traffic is redirected.
Do most MITM attacks require access to a network?
Yes, either legitimately or by penetrating it.
What is one of the most common MITM attacks?
What does ARP stand for?
Address Resolution Protocol
What kind of networks use ARP?
Those that use IP - internet protocol
What does the ARP protocol do?
It matches the IP and MAC addresses
Where is ARP spoofing usually conducted from?
One of computers in the network controlled by the attacker.
What does ARP spoofing do?
It listens to the ARP traffic in a network and responds to ARP requests with its own MAC address. The goal of the software is to pretend to be one of the components in the network.
What component in the network does a computer used for ARP spoofing usually pretend to be?
What is one the best solutions for keeping your data private while using a wifi connection?
a virtual private network
What is a VPN?
A private, closed and usually encrypted network that works inside other networks. It also users to encrypt data that is sent across public networks.
What is the basic structure of a VPN?
Every VPN is based on a VPN server that all the other users of the network communicate with using the infrastructure of another network. The other network is usually the internet.
What are the advantages of using a VPN?
1. It keeps your IP address private, hiding it behind the VPN IP address
2. It uses strong encryption that only other users of the network can de-crypt.
3. It directs your data through private servers.
4. It allows you to bypass geographical limitations. E.g., people in foreign countries can watch American content on Netflix using a VPN.
How do you find the VPN settings menu in Windows 10?
1. Click the Action center button on the lower right.
2. Click the a VPN connection button.
3. Enter the VPN details
What is an alternate way to set up a VPN in Windows?
1. In Windows Settings click Network & Internet
2. Click the VPN label
3. Click a VPN connection
How do commercial VPNs differ?
4. number of servers
5. ease of use
What is one way for a commerical VPN to function?
As an add-in to your browser.
What is one of the best precautions you can take when using a wifi network?
using the HTTPS protocol
What does the HTTPS protocol?
Encrypts the connection between the user and the server with an SSL encryption algorithm.
Should wifi auto-connections be enabled by default?
What are most modern routers' default passwords set to?
Random numbers printed on a label attached to the device.
How do you enter your router's settings?
1. In the system tray right click the internet access button
2. Click the Open Network and Sharing Center button
3. Click the connection name link
4. Click the Details button
5. Record the value of the IPv4 Default Gateway, the address for the Router's Properties.
6. Type it in the address bar.
7. Enter the admin user name and password.
8. In security settings, change your password.
Where are the security settings for most routers?
In advanced options.
What is the router's admin interface password? Is it different than the wifi password?
Yes, it is different. This is the password required to log on to the router's interface. It usually set to default.
What is the risk of keeping the router admin interface password as the default?
You are taking the change that someone else on the wifi network can log in and change the password
How many wifi networks should an office use?
One for visitors and one for employees. Many routers support two different connections.
What is the router's wifi name?
What is the evil twin risk?
Hackers may try to imitate your network's SSID to lure users to use their fake network.
What site stores the SSIDs for networks?
How can a network's SSID be changed?
Through the router's admin interface.
What kinds of information about networks can be found on wigle.net?
1. A network encryption type
2. When a network was last spotted.
3. When the network was last seen and updated.
4. Its geo location
If you click on a link in an email shown on your smartphone can it install malware?
Can a smart phone's recorder be used for eavesdropping?
Is the threat of eavesdropping higher on a smartphone than on a land line?
What are kinds of Phone Scams?
1. use a fake caller ID
2. Record parts of the conversation to make it sound like you agreed to things that you don't actually agree to.
What are security features you should look for on smart ;phones?
1. File encryption
2. Find and wipe remotely
3. Antivirus software allowing for apps to be deleted remotely
4. Authentication features such as access passwords
5. Can back-ups be encrypted?
Should you publish your number to a public web site?
No. Hackers can collect these numbers and use them to target attacks.
On a mobile phone how do you secure your browser?
Click on the three dots . . . .Settings . .. .
Turn off save passwords
What should you do before installing a new app?
Check the permissions that it requires.
What connections should you disable when they are not in use?
What is a liability of social media apps?
They often track your location making it public.
What is one of the problems with rooting or jailbreaking a phone?
It will alter the firmware code and prevent future operating system updates from being received.
What should you do if your phone is stolen?
1. If you have work documents on the phone, report the loss to your employer.
2. Report the loss to your service provider.
3. Report the loss to the local authorities.
4. Change your account credentials.
5. Wipe the phone remotely.
What does a USB drive have that makes it vulnerable?
Flash memory that can be electronically erased and reprogrammed.
What are needed when using USB flash drives?
Adequate operation controls and logical controls.
What can USB drives be used to delivered?
1. Trojan horses
3. Browser hijackers redirecting you to a malicious sites.
Can USB drives that appear empty still contain malware?
Yes, even when formatted.
What security features do some USB drives have?
1. fingerprint authentication
2. Built-in encryption
What precautions should you follow with respect to USB drives?
1. Mark a USB drive to indicate its purpose.
2. Only use your own USB drives.
3. Keep home and office devices separate
4. Avoid opening unknown files stored on the device.
Can copiers, home security systems, and printers be hacked?
Can external hard drives have remote connections?
Do online sites listing the IP addresses of devices like security cameras exist?
Yes. The also list the default passwords of the devices.
What can printers and copiers have that makes them vulnerable?
Public IP addresses.
What can be obtained from copiers and printers?
1. a list of all scan documents.
2. email settings
3. active print jobs
How does keystroke logging take place?
Keyboards emit electromagnetic waves that can be read by keyboard loggers.
Are keyboard loggers hardware or software?
They can be both.
How do hardware keyboard loggers work?
They must be connected to the keyboard.
Are software based key loggers available for free?
Can cameras on smartphones be hijacked without turning on the indicator light?
Will muting a smartphone mic prevent eavesdropping?
How do you protect yourself against remote takeovers?
1. enable strong passwords
2. always change the default password
3. When discussing sensitive subjects leave your cell phones outside the room. Don't just silence them.
4. Don't use the office printer to print classified documents.
5. Cover your webcam.
What is Shodan?
It is a search engine that searches for hardware and devices connected to the internet, such as servers, routers, web cameras, thermostats and cars. It is the search engine for the Internet of Things.
What kind of information does Shodan store?
1. Device type
2. IP address
What is Shodan mainly used for?
Security and penetration tests.
What precautions should you take to protect devices connected to the Internet of Things?
1. Turn off any device not currently in use.
2. Use strong passwords
How can you obtain your IP address?
Search for 'My IP' on Google.
Where can devices IP addresses be found?
In their Properties
What is the most informative piece of information collected by websites?
Your IP address
What can you determine with someone's IP address?
Their general location.
What else can your IP address be used for?
To identify you and track your browser on the internet.
What kind of information can be stored in cookies?
Any kind of information that a web site owner chooses to store.
What is the information collected in cookies usually used for?
To show you advertising.
Can a web site determine the type and version of browser you're using?
What other kinds of information about a browser can a site determine?
1. the fonts it uses
2. time zone
. . . all information that can be used to ID you.
What add-ons can be installed on your browser to maintain your privacy?
1. ad blockers
What's one technique to avoid the collection of data from your online?
Use different browsers for different purposes.
What is Google timeline?
An app that lets you look back on all of the places you've been.
How can you monitor someone's internet communications?
By tracking their IP address.
What is the best way to hide your IP address?
Using a VPN
When using a VPN what IP address is shown to the world?
Not your own IP address but that of the VPN providers.
Where can you find information on the owner of a web site?
What is used with the data collected by search engines?
1. to refine your search results.
2. make sure the search engines function correctly
3. develop new features and services
4. target ads
5. analyze trends
Are search engines required by law to release information regarding certain users?
What percentage of requests by the US for information from Google were approved in 2015?
19000 out of 24000 - 79%
What are the two categories of private search engines?
1. independent search engines.
2. proxy search engines
How do proxy search engines function?
They use the services of other search engines such as Google, removing tracking cookies.
What is an example of proxy search engine that uses Google?
What is an example of an independent search engine?
Duck Duck Go
What is a famous example of the use of metadata?
The arrest of the serial killer Daniel Raeder. He sent the police a MS Word document a floppy disk, which included his name in the metadata
What is usually included in metadata?
1. the operating system.
2. computer's name
3. printers in use
4. sometimes the files original location on the computer.
On what site can you either extract or delete metadata from files?
Metashield Analyzer - ElevenPaths . In order to delete the metadata a specific program must be downloaded.
What is the structure of the hard drive on a computer?
It contains sections that each either magnetized or de-magnetized so it reads as a one or a zero.
What is a pointer?
It shows where on a hard drive a file is stored.
What does deleting a file from the recycle bin?
It removes the pointer to the file, not the file itself.
Can data be recovered from damaged storage devices?
What do overwrite programs do?
Write new data over the old data.
How many times should data be written over with new data in order to make sure it is completely overwritten?
At least three times.
What options do overwrite programs give you?
Overwrite only the free space on a drive or the entire drive.
What are some of the programs that overwrite data?
CBL Data Shredder
How should you use a fictive email address?
Keep one fictive email address for any commercial purposes.
Should your fictive email name be similar to your own?
What can you use to create a fictive number?
Google Voice, which forwards all calls to your real number.
Can Google listen to calls made with Google Voice?
What data gets saved with a photo taken with a smartphone?
Exchangeable Image File Format EXIF
What data is included in EXIF?
1. Who made it.
2. Where is was made it.
3. When it was made.
4. What is was made with.
5. lens aperture
6. focal length
7. shutter speed
8. ISO sensitivity
9. flash use
Can information be entered manually into the EXIF?
What is the purpose of image metadata?
1. protect copyrights.
2. manage digital assets
3. retrieve images easily
What are the types of threats from image metadata?
1. inadvertent disclosure
2. profiling and stalking
3. forensic investigation
Can you tell if photoshop was used by checking EXIF data?
Can you stop EXIF metadata from being added to photos?
Is metadata for images uploaded to Facebook, Instagram, Google Plus, and Twitter automatically stripped?
What is a site you can use to view or strip image metadata?
Where is data on the internet always accessed from?
A particular IP address.
Can IP addresses be mapped to particular ISPs?
What are the three parts of the world wide web?
1. The Surface Web
2. The Deep Web
3. The Dark Web
What is the surface web?
Anything that can be indexed by a search engine like Google.
What is the deep web?
Anything a search engine can't find - it's accessible but not indexed.
What is the dark web?
Data on overlay networks that are not indexed and which require specific software configurations or authorizations to access
What is included in the dark web?
Small friend to friend or peer to peer networks operated by organizations individuals and networks like Tor.
What is the Tor dark web short for?
The Onion network
Where was the Tor network developed?
U.S. Navy's worldwide web of servers
What is the main purpose of Tor?
It's a non-profit that researches the development of online privacy tools.
What is the Tor browser?
Free software allowing for anonymous online communication.
What happens when you connect to Tor?
Your computer becomes a node in a network and can be used by another other user in the network to direct traffic.
How is data sent on the Tor network directed?
It takes a random path through several servers.
Where is TOR often used?
In countries where the internet is restricted.
Do the police sometimes use TOR for undercover investigations?
What percentage of Tor site facilitate criminal activity?
Does the Tor browser require special configurations?
What are some of the risks of using Tor?
1. Exposing your computer to malware.
2. Being a victim of information theft
3. Many transactions are fraudulent
4. Tor may attract the attention of the FBI or NSA.
YOU MIGHT ALSO LIKE...
ACC 308 Chapter 6 Computer Fraud and Abuse Techniq…
Chapter 9: Technology in action
Chapter 9: Technology in action
Ch. 10 Worksheet
OTHER SETS BY THIS CREATOR
Litigation Support Tip of the Night - Re…
Litigation Support Tips of the Night