CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

d

a,c

e

c,e

a,c

b,d

b,d,e

b,c

d

b

e

Describe the characteristics of a strong password.

Strong passwords have the following characteristics: a minimum length of at least eight characters; upper- and lowercase characters; both alphanumeric and nonalphanumeric characters such as #,@,%, and $. Ideally passwords are randomly generated.

What is two-factor authentication?

A two-factor authentication system is one that requires two items of information to complete the authentication. Typically, these items are something that a person has (such as an ATM card or a token card) and something that a person knows (a PIN number or a password).

How can cryptography mitigate packet sniffers?

Cryptography renders packet sniffers irrelevant. A packet sniffer that is monitoring a cryptographic channel sees data that appears to be only a random string of bits. The original message is not readable as it traverses the network.

How can an attacker insert himself between two systems using cryptography in a man-in-the-middle attack?

A man-in-the-middle attack against an encrypted session can succeed only if the attacker can insert himself into the key-exchange process such that the attacker negotiates a separate session key with both parties and relays the communication sufficiently fast enough to keep up with the other two machines.

How can Trojan-horse applications be mitigated?

Through the use of antivirus or host-based IPS software.

RFC 2827 describes filtering by service providers at their edge devices. How can an enterprise network that is connecting through a service provider also benefit from RFC 2827 filtering?

Service provider customers can implement egress filters according to the RFC 2827 guidelines as an additional filter to prevent their networks from becoming a source of DoS attacks.

Port redirection is effective when there is a poor or weak trust model between systems. How can an attacker use such an attack to gain access to the internal host through the DMZ web server shown earlier in Figure 9-3?

By identifying a vulnerability in the web server software that provides access to the server, the attacker can then access the server. Once on the server, the attacker can set up the port redirection software (such as HTTPtunnel), have the software listen on the web port of the server, and point to the other end of the tunnel at a port, such as the Telnet port, on the internal system.

How do switched infrastructures affect packet sniffers?

Switches do not direct all traffic within a network segment to a switch port. Because of this, switched infrastructures present a significant hurdle to packet sniffers by reducing the amount of traffic seen by the host that is doing the sniffing. The attacker has access only to the traffic that is destined for the specific port that the compromised host connects to.

What are two methods that antisniffer tools use to detect the possible presence of a sniffer?

Antisniffer tools can detect changes in the response time of hosts to determine whether the hosts are processing more traffic than their own. Other software can run on the host and detect whether the network interface has entered promiscuous mode, which is necessary to facilitate sniffing activities.

How do password-testing tools work?

Password-testing programs such as LC4, Crack, and John the Ripper can take a list of known passwords and try various case changes and the addition of nonalphanumeric characters. They then encrypt these passwords and compare them against the stored hashes in the password file. If they match, then the password has been "cracked."