CS 150 Test 2 (ch 4,5,6,8) Flashcards
ABC Technologies experienced a cybersecurity breach, and they hired a cybersecurity expert to investigate the attack and assess the damage. The expert began by analyzing the available database to identify the threat actor responsible for the breach. During the investigation, the expert discovered that the cybercriminal was attempting to sell the company’s valuable data on the internet. To reach this stage of the investigation, the cybersecurity expert likely employed various methods such as analyzing network logs, conducting forensic analysis on compromised systems, monitoring network traffic, and potentially collaborating with law enforcement agencies or other cybersecurity professionals.
In another scenario, an organization is planning to upgrade its computer hardware and seeks to prevent future BIOS attacks. The IT manager requests assistance in improving boot security for the new computers. As an expert, you can recommend solutions such as enabling BIOS password protection, enabling secure boot functionality, updating the BIOS firmware to the latest version, and implementing hardware-based security features like Trusted Platform Module (TPM) or Secure Boot.
As a decision-maker for software application development at your company, you opt for agile application development, where products are developed and deployed in modular increments. Your manager also suggests considering SecDevOps. A significant and key feature of SecDevOps that can be considered for this project’s development model is the integration of security practices throughout the entire development lifecycle. This includes implementing security measures during the design, development, testing, and deployment phases to ensure the software’s security is considered from the beginning and not treated as an afterthought.
When dealing with a network compromise, a security professional aims to identify the cause of the attack and find new information on vulnerabilities similar to the one that occurred. To achieve this objective, actions such as conducting a thorough forensic analysis of the compromised systems, reviewing network logs for unusual activities, analyzing malware samples, and staying updated with the latest security research and intelligence can be helpful.
In a scenario where Ronald is developing a critical application for a finance company, he needs to employ a development process that ensures secure coding practices and allows for incremental deployment of identified functionalities. In this case, Ronald can choose an agile development approach with a focus on delivering minimum viable functionality in short iterations, followed by continuous deployment and integration of additional functionalities while the application is live.
For product testing, it is essential to adopt a procedure that ensures the browser and the computer’s operating system are not compromised. To achieve this, it is recommended to install necessary plugins for the software through the browser from trusted sources, carefully follow installation instructions, and ensure the software is obtained from a reputable and trusted source.
Mary, responsible for testing software, ran the application using tools and generated a report with inputs and corresponding exceptions to identify any issues or vulnerabilities. Mary likely followed a testing process known as dynamic testing or runtime testing, where the application is executed to observe its behavior and identify potential issues.
In the development stage of an ERP application, where the application is not yet stable enough for testing, conducting a secure coding review is an applicable technique. Secure coding reviews involve manual or automated examination of the codebase to identify and address security vulnerabilities, coding errors, or weak security practices that may compromise the application’s security.
To design a solution for secure transactions and verification of the user’s location, a system can be developed that tracks dates, times, locations of transactions, and the geolocation of the authorized cell phone. By comparing the location of the user’s cell phone with the location of the store where a purchase is made, the system can determine the legitimacy of the transaction.
Although Dan took precautions such as not connecting his laptop to any network, updating his system with the latest virus definitions and security patches, his laptop may still be vulnerable to physical attacks or insider threats. For example, someone with physical access to the laptop could install malware or steal the device, bypassing the network-based security measures.
When considering the deployment of mobile devices for employees in an enterprise, where employees can use company-approved devices for both professional and personal activities, the most suitable enterprise deployment model would be Choose Your Own Device (CYOD). This model allows employees to select their preferred device from a limited list of approved options while still meeting the organization’s security requirements.
For a lock pattern that detects changes in regular movement patterns, Simon should suggest a behavioral biometric lock pattern. This type of lock pattern utilizes biometric data, such as walking or body movement patterns, to authenticate and unlock the device. If any change is detected in the recorded patterns, the device can be locked to prevent unauthorized access.
To meet the company’s needs of providing smartphones to employees who pay for the devices themselves while receiving a monthly stipend, Zyan should suggest the Bring Your Own Device (BYOD) deployment method. Under the BYOD approach, employees use their own personal devices for work purposes, reducing the company’s financial burden while still providing flexibility to employees.
Walter’s team should suggest using a Mobile Device Management (MDM) tool that has the specified features. MDM tools are designed to manage and secure mobile devices, and they typically offer features such as applying default device settings, approving or quarantining new devices, configuring email and network settings, and detecting jailbroken or rooted devices.
In the given scenario, James, as an authorized officer, has low-level access to the mobile device using a backdoor. To gain higher-level access with root privileges and exploit underlying vulnerabilities, James should design and create his own custom firmware for the iOS 6.1.6 operating system. This custom firmware can be crafted to exploit specific vulnerabilities and provide elevated access to the device’s UNIX shell.
To develop a component that detects vibrations, movements, and determines device orientation, Peter should consider using materials such as accelerometers, gyroscopes, and orientation sensors. These sensors can detect and measure various types of movements and provide data for the device to adjust the screen image accordingly.
Even with the implementation of secure cryptography like SHA 256, a threat actor can compromise confidential information through an insider attack. Insiders with authorized access to the system or data can misuse their privileges to gain unauthorized access, tamper with data, or leak sensitive information. In this case, verifying whether any insider was involved should be the first consideration during the investigation.
To simplify the process of maintaining ledgers and avoid confusion caused by growing data, Harry can implement blockchain technology. Blockchain provides a decentralized and transparent ledger system where transactions are recorded in a tamper-evident and immutable manner. This technology eliminates the need for multiple ledgers maintained by different departments and ensures data integrity and transparency.
To ensure the security of data stored on external drives used by the sales team, Alex should implement encryption. By encrypting the data on these drives, even if they are lost or stolen, the data will remain secure and inaccessible to unauthorized individuals. Encryption protects the confidentiality of the data and mitigates the risks associated with physical theft or loss.
To determine whether a file has been tampered with, you can verify its integrity using a hash function. By calculating the hash value of the original file and comparing it to the hash value of the received file, you can determine if any changes have occurred. If the hash values match, the file has not been tampered with. However, if the hash values differ, the file has likely been modified.
When deciding between RSA and ECC for implementing cryptography in the enterprise’s internal communication channel, it is recommended to consider ECC (Elliptic Curve Cryptography). ECC offers stronger security with shorter key lengths compared to RSA, making it more efficient in terms of computational resources and storage requirements.
For an encryption device that allows remote management and control over user access and data, a self-encrypting drive (SED
) with a built-in management system can be used. SEDs offer features such as remote locking or wiping of data, enforcing access control policies, and performing cryptographic operations on the drive itself without relying on the host system.
Considering the global operations of ABC Enterprise and the need to secure confidential messages and data, implementing cryptography would be the better choice compared to steganography. Cryptography provides stronger protection for data, ensuring that only authorized users can view and understand the content while maintaining confidentiality and integrity during transmission.
In the given scenario, where the message There is no school today! was received as Come to the school ASAP! by Tina, the type of attack that caused this situation is a Man-in-the-Middle (MITM) attack. In an MITM attack, the threat actor intercepts communication between two parties, allowing them to eavesdrop, alter, or impersonate the messages exchanged between the parties.
To validate the newly configured DNS server on a Linux machine from a client machine, you can use the nslookup command. This command allows you to query the DNS server and verify if it properly resolves domain names to IP addresses.
In the scenario where Max discovered someone impersonating him and intercepting his messages, he should mention the attack as a Man-in-the-Middle (MITM) attack in the charge sheet. In an MITM attack, the threat actor intercepts communication between two parties, allowing them to eavesdrop on or manipulate the communication.
Maze proposes using an alarmed carrier PDS (Protected Distribution System) over a hardened carrier PDS to establish a communication channel between two data centers. An alarmed carrier PDS provides additional security measures, such as physical alarms and tamper detection, to monitor the integrity of the communication channel. This makes it more suitable for transmitting sensitive and unencrypted data between the data centers, ensuring any potential tampering or unauthorized access is detected.
In the scenario where the enterprise is using the ISP DNS server to resolve domain names, the specific attack that needs to be mitigated first to secure the network is a DNS cache poisoning attack. DNS cache poisoning can lead to incorrect DNS resolutions, redirecting users to malicious websites or causing communication disruptions.
The advice to implement cryptography in an enterprise communication channel is sound. Cryptography provides various security features, such as confidentiality, data integrity, and authentication, making it an ideal choice to protect sensitive information from internal and external threats. Steganography, on the other hand, focuses on hiding information within other data and does not provide the same level of security as cryptography.