Deck 10: Planning for Contingencies

Why is TCP port 80 always of critical importance when securing an organization's network?

How should RWW go about notifying its peers? What other procedures should Iris have the technician perform?

What kind of data and information can be found using a packet sniffer?

Go to the Web site of VeriSign, one of the market leaders in digital certificates. Determine whether VeriSign serves as a registration authority, certificate authority, or both. Download its free guide to PKI and summarize VeriSign's services.

What are the main components of cryptology?

What is the most effective biometric authorization technology? Why?

Explain the relationship between plaintext and ciphertext.

When would be the appropriate time to begin the forensic data collection process to analyze the root cause of this incident? Why?

Define asymmetric encryption. Why would it be of interest to information security professionals?

Go to csrc.nist.gov and locate "Federal Information Processing Standard (FIPS) 197." What encryption standard does this address use? Examine the contents of this publication and describe the algorithm discussed. How strong is it? How does it encrypt plaintext?

One tenet of cryptography is that increasing the work factor to break a code increases the security of that code. Why is that true?

What is the typical relationship between the untrusted network, the firewall, and the trusted network?

Explain the key differences between symmetric and asymmetric encryption. Which can the computer process faster? Which lowers the costs associated with key management?

Search the Internet for vendors of biometric products. Find one vendor with a product designed to examine each characteristic mentioned in Figure 10-4. What is the crossover error rate (CER) associated with each product? Which would be more acceptable to users? Which would be preferred by security administrators?
Reference: Figure 10-4

What is a VPN? Why are VPNs widely used?

How is an application-layer firewall different from a packet filtering firewall? Why is an application-layer firewall sometimes called a proxy server?

What special function does a cache server perform? Why does this function have value for larger organizations?

How does screened-host firewall architecture differ from screened-subnet firewall architecture? Which offers more security for the information assets that remain on the trusted network?

What can be done to minimize the risk of this situation recurring? Can these types of situations be completely avoided?

What is a DMZ? Is this really a good name for the function that this type of subnet performs?

Create a spreadsheet that takes eight values input into eight different cells and then applies a transposition cipher to them. Next, create a row that takes the results and applies a substitution cipher to them (substitute 0 for 5, 1 for 6, 2 for 7, 3 for 8, 4 for 9, and vice versa).

What is RADIUS? What advantage does it have over TACACS?

What is the difference between authentication and authorization? Can a system permit authorization without authentication? Why or why not?

How does a network-based IDPS differ from a host-based IDPS?

Iris's smartphone beeped. Frowning, she glanced at the screen, expecting to see another junk e-mail. "We've really got to do something about the spam!" she muttered to herself. She scanned the header of the message.
"Uh-oh!" She glanced at her watch, and while looking at her incident response pocket card, dialed the home number of the on-call systems administrator. When he answered, she asked
"Seen the alert yet? What's up?"
"Wish I knew-some sort of virus," he replied. "A user must have opened an infected attachment."
Iris made a mental note to remind the awareness program manager to restart the refresher training program for virus control. Her users should know better, but some new employees had not been trained yet.
"Why didn't the firewall catch it?" Iris asked.
"It must be a new one," he replied. "It slipped by the pattern filters."
"What are we doing now?" Iris was growing more nervous by the minute.
"I'm ready to cut our Internet connection remotely, then drive down to the office and start our planned recovery operations-shut down infected systems, clean up any infected servers, recover data from tape backups, and notify our peers that they may receive this virus from us in our e-mail. I just need your go-ahead." The admin sounded uneasy. This was not a trivial operation, and he was facing a long night of intense work.
"Do it. I'll activate the incident response plan and start working the notification call list to get some extra hands in to help." Iris knew this situation would be the main topic at the weekly CIO's meeting. She just hoped her colleagues would be able to restore the systems to safe operation quickly. She looked at her watch: 12:35 a.m.
If you were in Iris's position, how would you approach your interaction with the second-shift operator?

What is network footprinting? What is network fingerprinting? How are they related?

Search the Internet for information about a technology called personal or home office firewalls. Examine the various alternatives, select three of the options, and compare their functionalities, cost, features, and types of protection.

Why do many organizations ban port scanning activities on their internal networks? Why would ISPs ban outbound port scanning by their customers?