Validated Digital Signatures and ESP Protocol

Questions and Answers

In email software, a validated digital signature's primary function is to:

• Assist in identifying and filtering out unsolicited commercial email. (correct)
• Ensure confidentiality of email content during transit.
• Help recipients automatically archive important emails.
• Minimize the computational workload on email gateway servers.

When utilizing IPSec in transport mode, ESP is preferred over AH primarily because:

• ESP ensures connectionless integrity, while AH does not.
• ESP offers enhanced data origin authentication compared to AH.
• ESP provides confidentiality through encryption, a feature absent in AH. (correct)
• ESP includes more robust antireplay mechanisms than AH.

Replacing a wired LAN with a wireless infrastructure introduces heightened risks associated with:

• Discovery and unauthorized access via war driving techniques. (correct)
• Detection and mapping of network vulnerabilities through active port scanning.
• Exploitation of back doors maliciously inserted into application code.
• Interception and manipulation of communications via man-in-the-middle attacks.

Which concern is most paramount when evaluating the implications of peer-to-peer (P2P) computing within an organization?

Potential exposure of sensitive data stored on networked devices. (A)

In a multinational corporation upgrading its VPN for Voice over IP, what should be the foremost consideration?

Maintaining consistent reliability and quality of service for voice communications. (A)

Among antispam filtering techniques, which exhibits the lowest incidence of misidentification of legitimate email ('false positives')?

Filters that compute checksums to detect identical spam messages. (B)

With a compromised private key, which component of a PKI specifies the protocols for revoking a compromised key?

The certification practice statement. (D)

An attacker reuses biometric fingerprints left on a device. This is an example of which kind of attack?

A replay attack. (A)

An IS auditor finds many users with privileged access accounts. What compensating control should they look for?

Senior managements awareness of the issue. (B)

Circumventing multifactor authentication procedures is most feasible through:

A man-in-the-middle attack. (A)

An organization can ensure the authenticity of email from its domain by implementing:

Digitally signing all email messages. (A)

A company outsources production with a company with XYZ. What provides the best assurance that ABC are authorized users?

Multifactor authentication. (B)

When providing production support, XYZ transmits information using what technique to ensure that transmission is secure?

Virtual private network tunnel. (A)

What should a primary goal be of installing data leak prevention software?

Control confidential documents leaving the internal network. (A)

Without proper controls, what is the highest risk from programmers implementing programs to the production environment?

Registration and review of changes. (C)

Packets may arrive out of order with which network communication?

User datagram protocol. (D)

When accountability is needed for users in a human resource management system, the most effective control is:

Single sign-on with authentication. (B)

When wireless access points have disabled DHCP, this leads to:

Reduced risk of unauthorized network access. (B)

Of the following, what is the most indicative of a security program?

Documentation of roles in a job. (A)

What is the best control to ensure wireless access and a secure wired network are distinct?

Firewall between the networks. (D)

From a control perspective, what is the primary goal of classifying information?

Guidelines for the level of access controls. (A)

When reviewing access controls, the IS auditor should?

Review access points. (A)

How do you prevent internet protocol spoofing attacks?

Route that a packet takes through the network should be a primary focus. (B)

What is the most security if the network main frame users connect to headquarters over the internet via Telnet?

A use the two factor authentication. (D)

If you are concerned about a single sign-on process, what is the most important action to do?

Deactivate unused accounts. (B)

What action would an IS auditor take if intrusion detection systems (IDS) sensors were placed outside of the firewall?

A signature based IDS is weak. (D)

If an unauthorized user makes certificates available, what is this relevant to?

Makes other users certificates available to applications. (B)

What concern is most critical for a reviewed organization's network operations center (NOC)?

An interrupted supply for 10 mins. (A)

The coding of production practices and procedures increases which of the following?

Buffer exploiting. (A)

How are user security groups without designated owners a concern?

Updating metadata. (C)

An IS auditor discovers that uniform source locations are sent using URL short services. What type of attack is used?

A phishing attack. (A)

What should be installed if the intrusion is most important?

Locating it in system architecture. (D)

Which method assesses security adequate program?

Describe clear statement responsibility. (D)

With public infrastructure, what is associated with online transactions?

Prevent senders from denying. (B)

What does the IS auditor need to determine is most correct?

The least amount of unauthorized access. (D)

What type of action by an auditor would stop all hackers for any types of vulnerabilities?

Use proper data. (C)

During implementation of an intrusion system an ID should be implemented and should be checked to?

Many false alarms. (C)

When a web server is breached or compromised then you should?

Disconnect from the computer. (A)

What can be set up to mitigate against an attack?

User. (B)

What part will you delete?

Remove password. (C)

Flashcards

Validated digital signatures

Help detect spam in email software.

Encapsulating Security Payload (ESP)

Provides confidentiality via encryption.

War driving attack

Increases risk by penetrating wireless systems from outside.

Data leakage (P2P)

Peer-to-peer computing sharing data over the Internet.

Reliability and Quality of Service (VoIP)

Ensuring consistent service levels for voice communication.

Check-sum based antispam

Filtering method with the lowest probability of false-positive alerts.

Certification practice statement (CPS)

Describes procedure for disabling a compromised private key.

Replay attack (biometrics)

Unauthorized access using biometric data.

Excessive users with privilege

Course of action: Determine whether compensating controls are in place.

Digitally signing emails

Validated e-mail identity of the sender.

Man-in-the-middle attack

Can intercept a legitimate destination, and then retransmits info

Two factor authentication

Two factor authentication method for securely accessing an outsourced provider over the internet

Virtual private network (VPN)

Ensuring data is secure in transmission while outsourcing production support

Data leak prevention (definition)

Control of sensitive & confidential documents.

Registration and review of changes

Independent review of program changes ensures unauthorized changes can be identified.

User Datagram Protocol (Characteristics)

UDP transmits packets out of order.

Audit trails (HRMS Systems)

Audit trails track all user activity and establish accountability.

Dynamic Host Configuration Protocol (DHCP)

Reduces the risk of network.

Security program (reporting events)

Reporting events signifies success of information.

Firewall

Ensures authorized access.

Classifying assets

Level of access controls assigned.

Auditing network access points

Network access points identified.

Source routing field

Configured firewall avoids a spoofing attack.

Solution Provides Stronger Security

A point to point leased line.

Strong Password policy

Broad preventative effects by the use of a strong password policy

behavior-based IDS (tune)

Improperly tuned-causing false alarms.

Store cert revocation list

Directory server is best because it makes the users' certificates available

GREATEST Concern - CO2

CO2 usage is cause for greatest concern because consider people first

Inadequate programing Coding.

overflow exploitation code

User Security Group Owners.

approval of user access to the data

URL shortening services

Phishing risk.

instrusion detetection systems in networks

Properly locating - leave key areas on network unprotected

Concern for their protection

Preventive- monitor that managers concern their with their protection

Authorization

nonrepudiation.

Study Notes

Validated Digital Signatures

• Validated digital signatures in email software help detect spam.
• These signatures are based on qualified certificates from a certificate authority, ensuring the key cannot be forced or reproduced.
• Recipients can configure their email to automatically delete emails from specific senders using strong signatures.
• Confidentiality requires encryption, not a signature.
• Without filters, workload does not increase significantly. Direct gateway filters cause less overhead than antivirus software,
• Digital signatures are small, so bandwidth isn't reduced. Even with certificate revocation lists, there is little overhead.

Encapsulating Security Payload (ESP) Protocol

• In transport mode, using ESP protocol instead of authentication header protocol, is beneficial because it provides confidentiality.
• Both ESP and authentication header (AH) provide connectionless integrity.
• Both ESP and AH authenticate data origin.
• IPSec time stamps prevent replay attacks.

Wired to Wireless LAN risk assessment

• Wireless infrastructure increases the risk of war driving attacks where attackers use a wireless Ethernet card and antenna to penetrate the systems from outside.
• Port scanning often targets the external firewall and is not affected by wireless.
• Back doors enable unauthorized system entry.
• Man-in-the-middle attacks intercept and modify messages.

Peer-to-Peer Computing Risks

• Data leakage with peer-to-peer computing is a greater concern than virus infection, network performance issues, or unauthorized software usage.
• Peer-to-peer setups enable sharing of contents of a user's hard drive over the Internet, posing risk of sensitive data exposure.
• P2P's network bandwidth usage creates performance issues.
• P2P use enables the downloading or sharing of unauthorized software, which could be installed from PCs unless pre existing controls inhibit it.

Voice-over Internet Protocol (VoIP)

• When upgrading a virtual private network to support VoIP, reliability and quality of service should be the primary considerations. Voice communications demand a level of service, and can be provided through QoS and class of service controls. Authentication is implemented via VPN tunneling, and privacy of voice transmission is provided via VPN protocol.

Anti-Spam Filtering Methods

• Check-sum based anti-spam filtering has the lowest possibility of false-positive alerts.
• Rule-based filtering triggers false-positive alerts when a keyword is found in the message.
• Heuristic filtering uses shortcuts to quickly find a solution.
• Statistical filtering analyzes word frequency within messages and can ignore suspicious keywords if the overall message is normal, making it prone to false-positive alerts.

Public Key Infrastructure (PKI)

• Within PKI, the certification practice statement describes the process of disabling a compromised private key.
• The certificate revocation list is a list of certificates that have been revoked before their scheduled expiration date.
• The certification practice statement describes policy-based public key infrastructure
• The certificate policy sets the requirements for the CPS.
• The PKI disclosure statement covers warranties, limitations, and obligations.

Biometric Attacks

• The use of residual biometric information to gain unauthorized access is an example of a replay attack.
• Residual biometric characteristics left on a biometric capture device can be reused by an attacker.
• A brute force attack involves feeding the biometric capture device numerous samples.
• Cryptographic attacks targets the algorithm or the encrypted data.
• Mimic attacks reproduces characteristics similar to the enrolled user.

IS Auditor Best course of action

• An IS auditor who reviewing privileged access should first determine whether compensating controls are in place rather than immediately document the issue, recommend an update, or discuss with senior management.
• An excessive number of users with privileged access isn't necessarily an issue if compensating controls are in place.
• An auditor should gather additional information.

Two-Factor Authentication

• Man-in-the-middle attacks can circumvent two-factor authentication.
• A man-in-the-middle attacker pretends to be the legitimate destination and retransmits what is sent by the authorized user with additional transactions approved.
• Denial-of-service attacks do not have a relationship to authentication.
• Brute force and key logging could circumvent only single-factor, but not two-factor, authentication.

Email Authentication

• Organizations ensure recipients can authenticate emails from employees by digitally signing all messages.
• Message authentication is achieved through digital signatures.
• Encryption ensures only the intended recipient can open a message, but not authenticity.
• Compression reduces size but does not ensure authenticity.
• Password protection ensures only those with the password can open the message but not authenticity.

Access assurance

• Two-factor authentication provides the best assurance that only authorized users connect over the Internet for production support.
• Single sign-on authentication is a single access point to system resources, no the best solution in this case.
• Password complexity requirements are not as effective as two-factor authentication.
• Internet Protocol addresses change too easily and are not the best form of authentication in this kind of scenario.
• Two-factor authentication is the best method to provide a secure connection because it uses two factors, typically "what you have" (for example, a device to generate one-time-passwords), "what you are" (for example, biometric characteristics) or "what you know" (for example, a personal identification number or password)

Secure transmission assurance

• Establishing an encrypted virtual private network tunnel would best ensure that the transmission of information was secure.
• Secret key encryption is not feasible.
• Dynamic Internet Protocol addresses and ports are not effective.
• Cryptographic hash functions wouldn't be useful for remotely connecting production supporting teams.

Data Leak Prevention Software

• The primary purpose of data leak prevention software is to control confidential documents leaving the internal network.
• Access privileges will be controlled through digital rights management (DRM) software.
• Potential system attacks would normally be controlled through an intrusion detection system (IDS) and intrusion prevention system (IPS).
• Controlling what external systems can access internal resources is the function of a firewall rather than a DLP system.

Reducing Internal Fraud Risk

• Registering and review of changes is a control that can be implemented to reduce risk of internal fraud if application programmers are allowed to move programs into the production environment in a small organization.
• Independent postimplementation testing would not be as effective because the system could be accepted by the end user without detecting the undocumented functionality.
• An independent review of the changes to the program can identify potential unauthorized changes, versions, or functionality.
• Independent review of user requirements or user acceptance would not be as effective because the system could meet user requirements/be accepted and still include unapproved functionalities.

User Datagram Protocol (UDP)

• A characteristic of User Datagram Protocol (UDP) in network communications is packets may arrive out of order.
• UDP uses a simple transmission model without implicit handshaking routines for providing reliability, ordering or data integrity. UDP provides an unreliable service where datagrams may arrive out of order duplicated or dropped

Application users

• The most effective control to ensure accountability is audit trails that capture which user, at what time, has performed the transaction, helping to establish accountability among application users.
• Two-factor authentication enhances security while logging in, but doesn't establish accountability for subsequent actions.
• Digital certificates enhance login security but do not establish accountability without an audit trail.

Dynamic Host Configuration Protocol

• Disabling Dynamic Host Configuration Protocol at all wireless access points reduces the risk of unauthorized network access.
• With DHCP disabled, static IP addresses must be used requiring administration support or technical skill to gain Internet access.

Information Security Awareness Program

• The best indication of how effective an information security awareness program is, is the amount of incident response reporting by employees .
• Reporting incidents implies employees are acting due to the awareness program.

Separation of Networks control

• A firewall is the best control to ensure separation of two networks along authorized users to wireless and wired networks.
• A firewall is used as a strong control to allow authorized users on the wireless network to access the wired network.

Classifying Information Assests

• From a control perspective, the primary objective of classifying information assets is to establish guidelines for the level of access controls that should be assigned.
• Information has varying degrees of sensitivity and criticality meeting business objectives, establishing guidelines for access control based on classes or levels can be assigned.

Client- Server

• An IS auditor reviewing access controls for a client-server environment should FIRST: identify the network access points.
• Review Identity management then application access.

Firewall setup

• To prevent Internet Protocol (IP) spoofing attacks, a firewall should be configured to drop a packet for which the sender of a packet specifies the route.
• With the option enabled, an attacker can insert a spoofed source IP address.

A single point leased line

• the way to make sure the is the safest way to connect Telnet

Data loss and the key to SSO policy

• Having strong passwords is great for preventative control in SSO environments

Discover the uniformed resource

-Phishing is always a potential problem

Proper network to have an IDS

• Having and knowing where the device is the most important during set up

Security and the balance

• Including a lot of details into accounts

Code with sensitive data

• When people right have have no one with a clear responsibility for user access.

Make network to have different connections.

• A great way is a virtual private network tunnel