Explore topic-wise InterviewSolutions in .

The CISO performs the following functions:

1. Manages the overall InfoSec program
2. Drafts or approves information security policies
3. WORKS with the CIO on strategic plans, develops tactical plans, and works with security managers on operational plans
4. Develops InfoSec budgets based on funding
5. Sets priorities for InfoSec projects & TECHNOLOGY
6. Makes decisions in recruiting, hiring, and FIRING of security staff
7. Acts as the spokesperson for the security team.

The CISO performs the following functions:

Walls, Fencing, and Gates

GUARDS

Dogs, ID Cards, and BADGES

Locks and Keys

Mantraps

Electronic Monitoring

Alarms and Alarm Systems

COMPUTER Rooms

Walls and Doors.

Walls, Fencing, and Gates

Guards

Dogs, ID Cards, and Badges

Locks and Keys

Mantraps

Electronic Monitoring

Alarms and Alarm Systems

Computer Rooms

Walls and Doors.

A secure facility is a physical LOCATION that has been engineered with controls designed to minimize the risk of attacks from physical threats.

A secure facility can use the natural terrain; TRAFFIC flow, urban development, and can complement these features with PROTECTION mechanisms such as fences, GATES, walls, guards, and ALARMS.

A secure facility is a physical location that has been engineered with controls designed to minimize the risk of attacks from physical threats.

A secure facility can use the natural terrain; traffic flow, urban development, and can complement these features with protection mechanisms such as fences, gates, walls, guards, and alarms.

1. Temperature extremes
2. Gases
3. Liquids
4. LIVING ORGANISMS
5. PROJECTILES
6. MOVEMENT
7. Energy anomalies.

Encryption cryptosystems have been adapted to inject some degree of security into e-mail:

S/MIME builds on the MULTIPURPOSE Internet Mail Extensions (MIME) encoding format by adding encryption and authentication

PRIVACY Enhanced Mail (PEM) was proposed by the Internet Engineering Task Force (IETF) as a STANDARD to function with the public KEY cryptosystems

PEM uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures

Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEA Cipher along with RSA for key exchange.

Encryption cryptosystems have been adapted to inject some degree of security into e-mail:

S/MIME builds on the Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication

Privacy Enhanced Mail (PEM) was proposed by the Internet Engineering Task Force (IETF) as a standard to function with the public key cryptosystems

PEM uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures

Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEA Cipher along with RSA for key exchange.

PKI PROTECTS information assets in several WAYS:

1. Authentication
2. Integrity
3. Privacy
4. Authorization
5. NONREPUDIATION.

PKI protects information assets in several ways:

PKI or PUBLIC Key INFRASTRUCTURE

Public Key Infrastructure is the entire set of HARDWARE, software, and cryptosystems necessary to implement public key encryption

PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities (CAS) and can:

1. ISSUE digital certificates
2. Issue crypto keys
3. Provide tools to use crypto to secure information
4. Provide verification and return of certificates.

PKI or Public Key Infrastructure

Public Key Infrastructure is the entire set of hardware, software, and cryptosystems necessary to implement public key encryption

PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities (CAs) and can:

Decryption is the PROCESS of converting the cipher text into a MESSAGE that conveys readily UNDERSTOOD meaning.

Decryption is the process of converting the cipher text into a message that conveys readily understood meaning.

Encryption is the PROCESS of converting an original message into a FORM that is unreadable to unauthorized individuals-that is,to ANYONE WITHOUT the tools to convert the encrypted message back to its original FORMAT.

Encryption is the process of converting an original message into a form that is unreadable to unauthorized individuals-that is,to anyone without the tools to convert the encrypted message back to its original format.

Cryptoanalysis is the PROCESS of obtaining the original MESSAGE(called plaintext) from an encrypted message(called the ciphertext) WITHOUT knowing the algorithms and KEYS used to perform the encryption.

Cryptoanalysis is the process of obtaining the original message(called plaintext) from an encrypted message(called the ciphertext) without knowing the algorithms and keys used to perform the encryption.

Cryptography, which comes from the Greek WORK kryptos,MEANING "hidden",and graphein,meaning "to write",is aprocess of making and using CODES to secure the transmission of information.

Cryptography, which comes from the Greek work kryptos,meaning "hidden",and graphein,meaning "to write",is aprocess of making and using codes to secure the transmission of information.

A network tool that collects copies of PACKETS from the network and analyzes them Can be used to eavesdrop on the network traffic

To USE a packet sniffer legally, you must be:

on a network that the organization owns under direct authorization of the OWNERS of the network have knowledge and consent of the CONTENT creators (users).

A network tool that collects copies of packets from the network and analyzes them Can be used to eavesdrop on the network traffic

To use a packet sniffer legally, you must be:

on a network that the organization owns under direct authorization of the owners of the network have knowledge and consent of the content creators (users).

Vulnerability scanners are capable of scanning networks for very DETAILED information.

As a class, they IDENTIFY exposed usernames and groups, SHOW open network SHARES, EXPOSE configuration problems, and other vulnerabilities in servers.

Vulnerability scanners are capable of scanning networks for very detailed information.

As a class, they identify exposed usernames and groups, show open network shares, expose configuration problems, and other vulnerabilities in servers.

One of the preparatory PART of the attack protocol is the collection of publicly available information about a potential TARGET,a process known as footprinting. Footprinting is the organized RESEARCH of the Internet addresses owned or controlled by the target ORGANIZATION.

The next phase of the attack protocol is a second INTELLIGENCE or data-gathering process called fingerprinting. This is systematic survey of all of the target organization's Internet addresses(which are collected during the footprinting phase); the survey is conducted to ascertain the network services offered by the hostsin that range. Fingerprinting reveals useful information about the internal structure and operational nature of the target system or network for the anticipated attack.

One of the preparatory part of the attack protocol is the collection of publicly available information about a potential target,a process known as footprinting. Footprinting is the organized research of the Internet addresses owned or controlled by the target organization.

The next phase of the attack protocol is a second intelligence or data-gathering process called fingerprinting. This is systematic survey of all of the target organization's Internet addresses(which are collected during the footprinting phase); the survey is conducted to ascertain the network services offered by the hostsin that range. Fingerprinting reveals useful information about the internal structure and operational nature of the target system or network for the anticipated attack.

Advantages:

1. Attackers can be diverted to targets that they cannot damage.
2. Administrators have time to decide how to respond to an ATTACKER.
3. Attackers action can be easily and extensively monitored
4. Honey pots may be EFFECTIVE at catching insiders who are snooping around a network.

Disadvantages:

1. The LEGAL implication of using such devices are not WELL defined.
2. Honey pots and Padded cells have not yet been shown to be generally useful security technologies.
3. An exper attacker,once diverted into a decoy system,may become ANGRY and launch a hostile attack againt an organization's systems
4. Admins and security managers will need a high level of expertise to use these systems.

Advantages:

Disadvantages:

A PADDED CELL is a HONEY POT that has been protected so that it cannot be easily COMPROMISED. In otherwords,a padded cell is a hardened honey spot..

A Padded Cell is a honey pot that has been protected so that it cannot be easily compromised. In otherwords,a padded cell is a hardened honey spot..

When a collection of honey pots connects several honey pot SYSTEMS on a subnet,it MAY be CALLED a honey NET.

When a collection of honey pots connects several honey pot systems on a subnet,it may be called a honey net.

Honey POTS are decoy systems designed to LURE POTENTIAL attackers away from critical systems and encourage attacks against the themselves. These systems are created for the SOLE purpose of deceiving potential attackers. In Industry they are known as decoys,lures,and fly-traps.

Honey pots are decoy systems designed to lure potential attackers away from critical systems and encourage attacks against the themselves. These systems are created for the sole purpose of deceiving potential attackers. In Industry they are known as decoys,lures,and fly-traps.

Log File Monitor(LFM) is an APPROACH to IDS that is similar to NIDS. Using LFm the system reviews the log files GENERATED by servers,NETWORK devices,and wven other IDSs. These SYSTEMS look for patterns and signatures in the log files that may indicate an attack or INTRUSION is in process or has already succeeded.

Log File Monitor(LFM) is an approach to IDS that is similar to NIDS. Using LFm the system reviews the log files generated by servers,network devices,and wven other IDSs. These systems look for patterns and signatures in the log files that may indicate an attack or intrusion is in process or has already succeeded.

A signature-based IDS(also CALLED Knowledge-based IDs) examines data traffic in search of patterns that MATCH known signatures - that is,preconfigured ,predetermined attack patterns.

A signature-based IDS(also called Knowledge-based IDs) examines data traffic in search of patterns that match known signatures - that is,preconfigured ,predetermined attack patterns.

A REFINEMENT of Host-BASED IDS is the application-based IDS(AppIDS). The application based IDs examines an application for abnormal incidents. It looks for anomalous occurrences such as users EXCEEDING their authorization,INVALID file executions etc.

A refinement of Host-based IDs is the application-based IDS(AppIDS). The application based IDs examines an application for abnormal incidents. It looks for anomalous occurrences such as users exceeding their authorization,invalid file executions etc.

A HIDS is also capable of monitoring system configuration databases,such as WINDOWS registries,in ADDITION to stored configuration files LIKE .ini,.cfg,and .dat files.

A HIDs is also capable of monitoring system configuration databases,such as windows registries,in addition to stored configuration files like .ini,.cfg,and .dat files.

A Host-based IDS(HIDS) works differently from a network-based VERSION of IDS. A host-based IDS resides on a particular computer or server,known as the host and monitors activity only on that SYSTEM. HIDs are also known as System Integrity Verifiers as they benchmark and monitorthe STATUS of KEY system files and detect when an intruder creates ,modifies or deletes monitored files.

A Host-based IDS(HIDS) works differently from a network-based version of IDS. A host-based IDS resides on a particular computer or server,known as the host and monitors activity only on that system. HIDs are also known as System Integrity Verifiers as they benchmark and monitorthe status of key system files and detect when an intruder creates ,modifies or deletes monitored files.

A network-based IDS(NIDS) resides on a computer or an appliance connected to a SEGMENT of an ORGANIZATION's network and monitors traffic on that network segment,looking for INDICATIONS of ongoing or successful attacks.

A network-based IDS(NIDS) resides on a computer or an appliance connected to a segment of an organization's network and monitors traffic on that network segment,looking for indications of ongoing or successful attacks.

1. Network-based IDS
2. Host-based IDS
3. Application-based IDS
4. Signature-based IDS
5. STATISTICAL Anomaly-Based IDS.

IDSS work LIKE BURGLAR alarms

IDSs require complex configurations to provide the level of detection and response desired

An IDS operates as either network-based, when the technology is focused on protecting network information assets, or host-based, when the technology is focused on protecting server or host information assets

IDSs use one of TWO detection methods, signature-based or STATISTICAL anomaly-based.

IDSs work like burglar alarms

IDSs require complex configurations to provide the level of detection and response desired

An IDS operates as either network-based, when the technology is focused on protecting network information assets, or host-based, when the technology is focused on protecting server or host information assets

IDSs use one of two detection methods, signature-based or statistical anomaly-based.

1. All traffic from the trusted network is allowed out
2. The firewall device is always inaccessible directly from the public network
3. Allow Simple Mail Transport PROTOCOL (SMTP) data to pass through your firewall, but insure it is all routed to a well-configured SMTP GATEWAY to FILTER and route messaging traffic securel,
4. All Internet Control Message Protocol (ICMP) data should be denied
5. Block telnet (terminal emulation) access to all INTERNAL servers from the public networks
6. When Web SERVICES are offered outside the firewall, deny HTTP traffic from reaching your internal networks by using some form of proxy access or DMZ architecture.

The SOCKS system is a proprietary circuit-level PROXY server that PLACES SPECIAL SOCKS client-side agents on each workstation.

The SOCKS system is a proprietary circuit-level proxy server that places special SOCKS client-side agents on each workstation.

Consists of two or more internal bastion-hosts, behind a packet-filtering ROUTER, with each host protecting the trusted network

The FIRST general model consists of two filtering routers, with one or more dual-homed bastion-host between them

The SECOND general model involves the CONNECTION from the outside or untrusted network.

Consists of two or more internal bastion-hosts, behind a packet-filtering router, with each host protecting the trusted network

The first general model consists of two filtering routers, with one or more dual-homed bastion-host between them

The second general model involves the connection from the outside or untrusted network.

A technology KNOWN as network-address TRANSLATION (NAT) is commonly implemented to map from real, valid, external IP addresses to ranges of internal IP addresses that are non-routable.

A technology known as network-address translation (NAT) is commonly implemented to map from real, valid, external IP addresses to ranges of internal IP addresses that are non-routable.

The bastion-host contains two NICs (NETWORK interface cards)

One NIC is connected to the external network, and one is connected to the internal network

With two NICs all TRAFFIC must PHYSICALLY go through the firewall to MOVE between the internal and external networks.

The bastion-host contains two NICs (network interface cards)

One NIC is connected to the external network, and one is connected to the internal network

With two NICs all traffic must physically go through the firewall to move between the internal and external networks.

An APPLICATION proxy EXAMINES an application layer PROTOCOL, such as HTTP, and performs the proxy SERVICES.

An Application proxy examines an application layer protocol, such as HTTP, and performs the proxy services.

Screened-Host firewall SYSTEM allows the router to pre-screen PACKETS to MINIMIZE the network traffic and LOAD on the internal proxy.

Screened-Host firewall system allows the router to pre-screen packets to minimize the network traffic and load on the internal proxy.

The drawback of packet-filtering ROUTER includes a lack of AUDITING and STRONG AUTHENTICATION.

The drawback of packet-filtering router includes a lack of auditing and strong authentication.

The five processing MODES are:

1. PACKET filtering
2. APPLICATION GATEWAYS
3. Circuit gateways
4. MAC layer firewalls
5. Hybrids.

The five processing modes are:

The FINAL form of firewall is the kernel proxy, a specialized form that works under the WINDOWS NT EXECUTIVE, which is the kernel of Windows NT. It evaluates packets at multiple layers of the protocol STACK, by CHECKING security in the kernel as data is passed up and down the stack.

The final form of firewall is the kernel proxy, a specialized form that works under the Windows NT Executive, which is the kernel of Windows NT. It evaluates packets at multiple layers of the protocol stack, by checking security in the kernel as data is passed up and down the stack.

The primary disadvantage is the additional processing requirements of MANAGING and verifying packets against the STATE table, which can possibly expose the system to a DoS attack. These firewalls can TRACK connectionless packet traffic such as UDP and remote PROCEDURE calls (RPC) traffic.

The primary disadvantage is the additional processing requirements of managing and verifying packets against the state table, which can possibly expose the system to a DoS attack. These firewalls can track connectionless packet traffic such as UDP and remote procedure calls (RPC) traffic.

It keeps track of each network connection ESTABLISHED between internal and EXTERNAL systems using a state table which tracks the state and context of each PACKET in the conversation by recording which station SENT what packet and when.

It keeps track of each network connection established between internal and external systems using a state table which tracks the state and context of each packet in the conversation by recording which station sent what packet and when.

The primary DISADVANTAGE of application-level firewalls is that they are designed for a specific PROTOCOL and cannot EASILY be RECONFIGURED to protect against attacks on PROTOCOLS for which they are not designed.

The primary disadvantage of application-level firewalls is that they are designed for a specific protocol and cannot easily be reconfigured to protect against attacks on protocols for which they are not designed.

The restrictions most commonly IMPLEMENTED are BASED on:

1. IP source and destination ADDRESS
2. Direction (inbound or OUTBOUND)
3. TCP or UDP source and destination port-requests.

The restrictions most commonly implemented are based on:

Examines every incoming packet HEADER and selectively filters packets based on ADDRESS, packet type, port request, and OTHERS FACTORS.

Examines every incoming packet header and selectively filters packets based on address, packet type, port request, and others factors.

1. First GENERATION - packet FILTERING FIREWALLS
2. Second Generation-application-level firewall or PROXY server
3. Third Generation- Stateful inspection firewalls
4. FOURTH Generation-dynamic packet filtering firewall
5. Fifth Generation- kernel proxy.

A firewall is any device that prevents a specific TYPE of information from MOVING between the untrusted network outside and the trusted network inside The firewall may be:

• a SEPARATE computer system
• a service running on an existing router or server
• a separate network CONTAINING a number of supporting devices.

A firewall is any device that prevents a specific type of information from moving between the untrusted network outside and the trusted network inside The firewall may be:

THREE APPROACHES:

1. CREATE a NUMBER of INDEPENDENT ISSP documents
2. Create a single comprehensive ISSP document
3. Create a modular ISSP document.

Three approaches:

The blueprint should specify the TASKS to be accomplished and the order in which they are to be REALIZED. It should serve as a scaleable,upgradable,and comprehensive paln for the information security needs for coming years.

The blueprint should specify the tasks to be accomplished and the order in which they are to be realized. It should serve as a scaleable,upgradable,and comprehensive paln for the information security needs for coming years.

SysSPs are frequently codified as standards and procedures used when configuring or maintaining systems..

Systems-specific policies fall into TWO groups:

Access CONTROL lists (ACLS) CONSIST of the access control lists, matrices, and capability tables GOVERNING the rights and privileges of a particular user to a particular system.

SysSPs are frequently codified as standards and procedures used when configuring or maintaining systems..

Systems-specific policies fall into two groups:

Access control lists (ACLs) consist of the access control lists, matrices, and capability tables governing the rights and privileges of a particular user to a particular system.

A firewall is a device that selectively discriminates against information flowing into or out of the organization

The DMZ (demilitarized zone) is a no-man's land, between the inside and OUTSIDE networks, where some organizations place Web servers

In an effort to detect UNAUTHORIZED activity within the inner network, or on individual machines, an organization may WISH to implement Intrusion Detection Systems or IDS.

A firewall is a device that selectively discriminates against information flowing into or out of the organization

The DMZ (demilitarized zone) is a no-man's land, between the inside and outside networks, where some organizations place Web servers

In an effort to detect unauthorized activity within the inner network, or on individual machines, an organization may wish to implement Intrusion Detection Systems or IDS.

The POINT at which an organization's SECURITY protection ends, and the OUTSIDE world BEGINS is referred to as the security PERIMETER.

The point at which an organization's security protection ends, and the outside world begins is referred to as the security perimeter.

The "sphere of PROTECTION" overlays each of the levels of the "sphere of use" with a layer of security, protecting that layer from direct or indirect use through the next layer.

The people must become a layer of security, a human firewall that PROTECTS the information from unauthorized access and use Information security is therefore designed and implemented in three layers POLICIES people (EDUCATION, training, and awareness programs) technology.

The "sphere of protection" overlays each of the levels of the "sphere of use" with a layer of security, protecting that layer from direct or indirect use through the next layer.

The people must become a layer of security, a human firewall that protects the information from unauthorized access and use Information security is therefore designed and implemented in three layers policies people (education, training, and awareness programs) technology.

IDENTIFICATION and Authentication

LOGICAL ACCESS Controls

Audit TRAILS.

Identification and Authentication

Logical Access Controls

Audit Trails.