01 I FIND YOU
Nmap sends out probes and classifies the responses (or lack thereof) to determine the status of ports...
What are the possible port states?
What are Open, Closed, Filtered
PGP stands for what?
What is Pretty Good Privacy.
This concept describes layering multiple assets/technologies/methods to secure a network and creates multiple "tripping hazards" to slow or stop an attacker.
What is Defense in Depth (DiD)
What are the three modes that snort can operate in?
Sniffer Mode / Packet Logger Mode / NIDS Mode
What is a form of extortion where an individual or entity threatens to reveal embarrassing?
Blackmail
This command line tool will utilize Twofish encryption to conduct: port scanning, file transfers, remote administration, banner grabbing, proxying, or listening...
Base 64, UTF-8, ASCII, UTF-16, Hexadeimal, URL, JSON, and XML are all forms of what?
What is Encoding
These two different devices can either warn you of threats or actively stop those threats, what are they and where would you place each on a network?
IDS - behind firewall off to the side
IPS - behind firewall in-line
IDS and IPS operate to warn or prevent threats to systems. They typically do this by monitoring for _____________ which are snippets of data or code that indicate a known threat.
What are Signatures
What two terms are used to describe when an attacker assumes a false identity to manipulate individuals into giving up confidential information?
Pretexting, Role playing
Make this statement true...
NMAP will scan the first 1,500 unused ports for the one conducting the scan
NMAP will scan the 1,000 most used ports of the target being scanned.
ITS A RACE!!!!
In your downloaded file: Practical_Hash_03, what file hash ends with "b9c8991bc5b88c2ac"?
300.66.jpeg
We discussed firewalls, what are the two packet filtering TYPES and what are the key differences.
Stateless - operates on individual packets in isolation without considering the bigger picture of network connections
Dynamic - adds a layer of context awareness by keeping track of established connections, making it more sophisticated and secure.
What are the four event classifications of IPS/IDS?
Also, which one identifies a threat that DID occur on a system and DID trigger an alert.
True Negative / False Negative / False Positive / True Positive
TRUE POSITIVE
DAILY DOUBLE!!!
What 3 branches of the military have never had an "insider threat"?
ITS A RACE!!!!
In your hostdiscovery.pcap, at what time did the 10442 packet take place using the format: UTC time of day (XX:XX:XX.XXXXXX)?
15:34:27.917381
The mailman sends a message to your mom stating he is your real father, however he doesn't want this to be read by anyone else, therefore he utilizes asymmetric encryption. Which key is used to encrypt the email and which key is used to decrypt the email?
What is You'r mom's public key and your mom's private key
Those threat stoppers/alerters we talked about, what are their key components?
IDS/IPS Components:
Sensors/Data Processor
Detection Engine
Event Management System/Decision Engine
Policy Management/Configuration
Console/User Interface
My IDS triggered an alert and found a signature that matches 24 x90's in a row. What did it find?
NOOP Sled
Surveillance cameras, locks, or access controls are all examples of what?
Physical security measures
IPV6 has multiple vulnerabilities, such as NDP, specifically _______ creates a host's IP based on their MAC. (FULL PROPER NAME)
What is Stateless Address Auto-configuration (SLAAC)
TLS/SSL are utilized for security online. They run on layer 4, the transport layer. However, these need to be factored in when building an application that will specifically utilize them. Another method of securing data in transit is what and which layer of the OSI model does it operate on?
IPSEC, OSI layer 3 Network
What technique can be used by network administrators to contain and prevent the spread of a current threat in the network?
Network Segmentation and Isolation
What are TWO operating system baseline configurations to consider in network security?
User Accounts, File System Permissions, Service Configuration, Patch Management
What is ONE mitigation strategy for drive-by downloads?