1. What is intrusion?
An intrusion is a type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operations of a system with, almost always, the intent to do malicious harm.
2. What is IDS?
IDS stands for Intrusion Detection Systems. It works like a burglar alarm in that it detects a violation of its configuration and activates and alarm. This alarm can be audible and/or visual or it can be silent.
3. What is Signature based IDSs?
Signature based IDSs, also known as knowledge based IDSs, examine data traffic for patterns that match signatures, which are pre-configured, predetermined attack patterns.
4. What are Honey pots?
Honey pots are decoy systems, which means they are designed to lure potential attackers away from critical systems.
In the security industry, these systems are also known as decoys, lures, or flytraps.
5. What is the use of Scanning and analysis tools?
Scanning and analysis tools are used to pinpoint vulnerabilities in systems, holes in security components, and unsecured aspects of the network. Although these tools are used by attackers, they can also be used by an administrator not only to learn more about his/her own system but also identify and repair system weaknesses before they result in losses.
6. What are the factors of authentication?
What a supplicant knows
What a supplicant has
Who a supplicant is
What a supplicant produces
7. What is Hash function?
Hash functions are mathematical algorithms that generate a message summary or digest that can be used to confirm the identity of a specific message and to confirm that the message has not been altered.
8. What is PKI?
PKI – Public Key Infrastructure
It is an integrated system of software, encryption methodologies, protocols, legal agreements and third party services that enables users to communicate securely. It includes digital certificates and certificate authorities.
9. What is Steganography?
Steganography is the process of hiding information, and while it is not properly a form of cryptography, it is related to cryptography in that both are ways of transmitting information without allowing it to be revealed in transit.
10. What are the protocols used in Secure Internet Communication?
S-HTTP(Secure Hypertext Transfer Protocol)
SSL(Secure Socket Layer)
SSL Record Protocol
11. What is Physical security?
Physical security addresses the design, implementation, and maintenance of countermeasures that protect the physical resources of an organization. This means the physical protection of the people, the hardware, and the supporting system elements and resources associated with the control of information in all its states: transmission, storage and processing.
12. What are the controls of protecting the Secure Facility?
Walls, Fencing, Gates
ID Cards and Badges
Locks and keys
Alarms and Alarm Systems
Computer Rooms and Wiring Closets
Interior Walls and Doors
13. What are the basic types of Fire Detection Systems?
14. What is TEMPEST?
TEMPEST is a technology that prevents the loss of data that may result from the emissions of electromagnetic radiation.
15. What is UPS? What are the types of UPS? UPS- Uninterruptible Power Supply
It is a electrical device that serves as a battery backup to detect the interruption of power to the power equipment.
The basic configurations are,
Standby or offline UPS
Ferroresonant Standby UPS
True online UPS
16. What are the relevant terms for electrical power influence?
Fault: Momentary Interruption in power
Blackout: Prolonged Interruption in power
Sag: Momentary drop in power voltage levels
Brown out: Prolonged drop in power voltage levels
Spike: Momentary increase in power voltage levels
• Surge: Prolonged increase in power voltage levels
17. What is fail-safe lock?
It is usually used on an exit, where it is essential for human safety in the event of a fire. It is used when human safety is not a factor.
18. What are the conditions controlled by HVAC Systems? • Temperature
19.How firewalls are categorized by processing mode?
The five processing modes are
MAC layer firewalls
20. What are the factors to be considered while selecting a right firewall? Selecting the Right Firewall
What type of firewall technology offers the right balance of protection features and cost for the needs of the organization?
What features are included in the base price? What features are available at extra cost? Are all cost factors known?
How easy is it to set up and configure the firewall? How accessible are staff technicians with the mastery to do it well?
Can the candidate firewall adapt to the growing network in the target organization?
21. What are Sock Servers?
The SOCKS system is a proprietary circuit-level proxy server that places special SOCKS client-side agents on each workstation
Places the filtering requirements on the individual workstation, rather than on a single point of defense (and thus point of failure)
This frees the entry router of filtering responsibilities, but then requires each workstation to be managed as a firewall detection and protection device
A SOCKS system can require additional support and management resources to configure and manage possibly hundreds of individual clients, versus a single device or set of devices
22. What are the recommended practices in designing firewalls?
Firewall Recommended Practices
All traffic from the trusted network is allowed out
The firewall device is always inaccessible directly from the public network
Allow Simple Mail Transport Protocol (SMTP) data to pass through your firewall, but insure it is all routed to a well-configured SMTP gateway to filter and route messaging traffic securely
All Internet Control Message Protocol (ICMP) data should be denied
Block telnet (terminal emulation) access to all internal servers from the public networks
When Web services are offered outside the firewall, deny HTTP traffic from reaching your internal networks by using some form of proxy access or DMZ architecture
23. What are intrusion detection systems(IDS)?
Intrusion Detection Systems (IDSs)
IDSs work like burglar alarms
IDSs require complex configurations to provide the level of detection and response desired
An IDS operates as either network-based, when the technology is focused on protecting network information assets, or host-based, when the technology is focused on protecting server or host information assets
IDSs use one of two detection methods, signature-based or statistical anomaly-based
keeps track of the state of network connections (such as TCP streams) traveling across it.
Stateful firewall is able to hold in memory significant attributes of each connection, from start to finish. These attributes, which are collectively known as the state of the connection, may include such details as the IP addresses and ports involved in the connection and the sequence numbers of the packets traversing the connection.
Treats each network frame (Packet) in isolation. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
The classic example is the File Transfer Protocol, because by design it opens new connections to random ports.
Type of attack on information assets in which instigator attempts to gain entry into or disrupt system with harmful intent
ü Consists of procedures and systems created and operated to detect system intrusions
ü Encompasses actions an organization undertakes when intrusion event is detected
Intrusion correction activities:
ü Finalize restoration of operations to a normal state
ü Consists of activities that seek to deter an intrusion from occurring
ü Examine data traffic in search of patterns that match known signatures
Statistical Anomaly-Based IDS
The statistical anomaly-based IDS (stat IDS) or behavior-based IDS sample network activity to compare to traffic that is known to be normal
Network-Based IDS (NIDS)
Resides on computer or appliance connected to segment of an organization’s network; looks for signs of attacks
Decoy systems designed to lure potential attackers away from critical systems and encourage attacks against the themselves
ü Collection of honey pots connecting several honey pot systems on a subnet
ü Small enclosure that has entry point and different exit point