Exam Objectives Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts.

Q.

 

Why aren't the tools described in this chapter-port-scanning utilities, packet sniffers, keystroke-logging devices, and so on-illegal to create or download?

A.  Many of these tools have legitimate uses. It is especially important for network administrators and security consultants to be able to use scanning tools to determine where the vulnerabilities are in their own or their clients' networks in order to take the appropriate steps to "harden" the systems. These utilities-like many other things-can be used either offensively or defensively. Keystroke-logging devices and other "spyware" can be useful in situations in which monitoring users' activities is legal and appropriate (for example, for employers to keep tabs on what employees are doing on the network and for parents to exercise control over children's online activities.

Q.

 

If a company has a good firewall installed, won't that protect it from all these attacks?

A.  No. Firewall products are very useful for controlling what comes into or goes out of a network. But a firewall is like a computer (in many cases, a firewall is a specialized computer); it does only what the person who configures it tells it to do. Some types of attacks are recognized and can be stopped by firewalls, but others exploit the characteristics of the protocols commonly used for legitimate network communications, and packets might appear to be nothing more than a benign bit of data destined for a computer on the internal network. Trojans, viruses, and worms piggyback into the network as e-mail attachments or through remote file sharing. Firewalls will not catch them, but a good antivirus program, frequently updated and set to scan all incoming e-mail, might be able to do so. Many companies seem to operate under the assumption that installing a firewall is akin to invoking a magic spell that casts a force field of protection around their networks, rendering them completely immune to attack. Even the best firewall will not protect against social engineering attacks, nor will it do any good against internal attackers who have physical access to the network. Studies have shown that a large number of network-related crimes are actually "inside jobs."

Q.

 

Exactly how does social engineering work? Why would anyone reveal their password to a stranger? Does this really happen?

A.  Yes, it really happens-and more often than you might think. Skilled social engineers are good con artists; they are masters at making other people trust them. In large companies, employees often are not personally familiar with all the other employees, so it is relatively easy for a social engineer to come in or even call on the phone and persuade a user that they are a member of the IT department and need the user's password. The social engineer might have a convincing story, saying, for instance, that a hacker has gotten into the system and discovered all the password files, and now the IT department needs to know everyone's old password so they can reset them and issue new ones to protect against the hacker. Like all con artists, the social engineer usually plays on common human emotions. For example, the engineer will play up the danger that the hacker can access and destroy all of the user's data if the "IT worker" does not get the password immediately and make the change. In other cases, the engineer might exploit other emotions, such as people's natural desire to help, claiming that the "IT worker" will get in trouble with the "big boss," maybe even lose the job, if they are unable to get the password information needed. Social engineers are not above appealing to the user's ego or pretending sexual/romantic interest in the user to get the password, either. Although some might not categorize it as social engineering, another technique involves simply spying on the user to obtain the password ("shoulder surfing" or looking over the user's shoulder as it is typed) or going through the user's papers to find a written record of the password. Infamous hacker Kevin Mitnik is quoted as saying, "You can have the best technology, firewalls, intrusion-detection systems, and biometric devices. All it takes is a call to an unsuspecting employee, and that is all she wrote, baby. They got everything." Visit http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci771517,00.html for more on this topic.

Q.

 

I think I understand the differences among a virus, a Trojan horse, and a worm. But what are all these other types of viruses I hear about: stealth viruses, polymorphic viruses, armored viruses, and cavity viruses?

A.  Stealth viruses are able to conceal the changes they make to files, boot records, and the like from antivirus programs. They do so by forging the results of a program's attempt to read the infected files. A polymorphic virus makes copies of itself to spread, like other viruses, but the copies are not exactly like the original. The virus "morphs" into something slightly different in an effort to avoid detection by antivirus software that might not have definitions for all the variations. Viruses can use a "mutation engine" to create these variations on themselves. An armored virus uses a technique that makes it difficult to understand the virus code. A cavity virus is able to overwrite part of the infected (host) file while not increasing the length of the file, which would be a tip-off that a virus had infected the file. All of these and more virus classifications are described in Nick FitzGerald's Virus FAQ sheet located at www.safetynet.com/support/kbvfaq.asp#SB. Although somewhat out of date in regard to specific viruses, this sheet contains some good basic information that forms a foundation for modern virus studies.



SSCP Systems Security Certified Practitioner Study Guide
SSCP Study Guide and DVD Training System
ISBN: 1931836809
EAN: 2147483647
Year: 2003
Pages: 135

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net