May 06, 2005

Now It Can Be Told

The Jeopardy method of studying from your notes, where you form questions based on your notes and use them as test prep later, is one facet of the Cornell Notetaking System (I've also written about it here). It also works for most textbooks. Now that the semester's ended, I present the questions I derived from most chapters of CISSP All-in-One Exam Guide, Second Edition by Shon Harris. Out of deference to those readers who don't care about the CISSP exam (and also because it's about 900 questions), I present it below the fold. You can also visit it directly as a text file.

==> Note:  the level of detail of the questions of p222-p240 is higher (i.e., less detailed) than elsewhere, due to the requirements of the class I was orignally taking with this book.  


===== Chapter 4 - Access Control

107
- What is 'access?' A subject?  An object?
- What are access controls? (also 108)
108-109
- What are the three main security principles?
- What is availability?
- What is integrity?
110-111
- What is confidentiality?
- Why should a company encrypt only critical data, as opposed to everything including the cafeteria menu?
- What three steps need to happen to allow a subject to access an object (and describe each step)?
- What are logical access controls?
112-113
- What are the three authentication factors?
- How many authentication factors are used in strong authentication?
- What is biometric?
- What is it called when a biometric system rejects an authorized individual?  Vice versa?
- What is the CER, and how does it pertain to the accuracy of biometric authentication systems? (also 114)
114-115-116
- What are some barriers to the acceptance of biometric authentication?
- What are the characteristics of these biometric authentication systems:
  > fingerprint (and what's the key term here?)
  > finger scan
  > palm scan
  > hand geometry
  > retina scan
  > iris scan
  > signature dynamics
  > keyboard dynamics
  > voiceprint
  > facial scan
  > hand topology
117
- Why are passwords considered a weak security method?
- Why shouldn't automatic password generators just pump out a 20 character string of random characters?  What's a good guideline for a password generator?
- How should the password file on an authentication server be protected?
- What's a dictionary attack?
- What's the usefulness of displaying the date/time of a user's most recent login when they log in?
- What's a clipping level?
118-119 
- What is a password checker?
- What is password aging?
- What is a cognitive password?
- What is a dynamic password?  What other name is it known by?
- What's a token device?
- What are the two types of synchronous token authentication?
120-121
- What are the differences between synchronous and asynchronous token authentication?
- What is a passphrase and what does the application transform it into?
- What is the difference between a memory card and a smart card?
122-123
- What's the difference between authentication and authorization?
124-125
- What are some criteria used to define access?
- From a security standpoint, what is the best default action for access?
- What is the least-privilege principle?
- What is 'need-to-know?'
126-127
- What is single sign-on and why is it so difficult to implement? (also 128)
128-129
- Describe the 'scripting' implementation of single sign-on.
- What is Kerberos?  What kind of cryptography and security does it use?
- What is a Kerberos KDC?
130-131
- In Kerberos, what is a principal?
- What is the purpose of a ticket in Kerberos?
- What is a realm in Kerberos?
- Give an example of the Kerberos authentication process.
- In Kerberos, what's the difference between a secret key and a session key?
- What is a Kerberos AS and TGS?
- If a Kerberos implementation is configured to use an authenticator, what additional security measure is taken and what attack does it combat?
132-133
- What are some drawbacks to Kerberos?
- What is SESAME and how is it different from Kerberos?
- What is a PAC and PAS in SESAME?
- How do thin clients enforce access control?
- What is a network directory service?
134-135
- What are LDAP, NDS, and Active Directory?
- What is an access control model?  What are the three main types?
- How does DAC restrict access to data?
136-137
- How does MAC restrict access to data, and what system is it based on?
- How does RBAC restrict access to data, and what other name is it known by?
138-139
- Which model is best suited for companies with high employee turnover?
- What are role-based, task-based, and lattice-based access?
140-141
- What is rules-based access control?
- What is a constrained user interface, and how is a database view related to it?
- What is an access control matrix, and what model is it usually found in?
- What is a capability table, and how is it different from an ACL? (also 142)
142-143
- What is content-dependent access control?
144-145
- What is centralized access control administration?
- What is RADIUS?  Describe an example of it in use.
- What are TACACS, XTACACS, and TACACS+?  Describe an example of it in use.
146-147
- What is Diameter and how does it improve on RADIUS and TACACS?
- What is decentralized access control administration?  Why would a company use it instead of centralized administration? (also 144)
- What are the advantages of a hybrid administration scheme?
148-149
- What are the three categories of access control?  Give some examples of each.
- What is a security policy?
- What is separation of duties?
150-151
152-153
154-155
- What is a control zone, and how is it different from just having a dedicated machine room?
156-157
158-159
- What are the types of access control?  Give an example of each. (also 160)
160-161
162-163
- What is an audit reduction and why is it useful?
164-165
- What are some 'best practices' in the access control arena?
166-167
- What is object reuse and how can it be a security risk?
- What is Tempest?
168-169
- What is IDS?  What are the two kinds?
- What is signature-based IDS and what is its major weakness?
- What is behavior-based IDS, and how does a TIM factor into it?
170-171
- What is a honeypot?
- What's the difference between enticement and entrapment?
- What's a sniffer, and how can either side use them?
172-173
- What's a dictionary attack?  What are some countermeasures?
- What's a brute force attack? What are some countermeasures?
174-175
- What's wardialing?
- What's logon spoofing?  What are some countermeasures?  What's a trusted path?
- What is penetration testing?

===== Chapter 5 - Security Models and Architecture
185
- What is a security model? (also 210-211)
- What are the three main attributes of computer security?
188-189
- How does a buffer overflow attack work?
190-191
- How is memory management important to computer security?
- What is secondary storage?  Virtual storage?
- What is paging?
192-193
- What are protection rings?  What's the general term for processes that execute in the inner rings?  The outer rings?
194-195
- What runs at ring 0? 1? 2? 3?
- How does an application running on a lower ring access functionality provided by a higher ring?
196-197
- What operating states can a process be in?
198-199
- What's the difference between multithreading and multiprocessing?
- In terms of device management, why is WinNT safer than Win9x?
- What is a deadlock?
200-201
- Where are the three main areas security can happen when a user accesses data?
- As the complexity increases, does security become more or less certain?  Why / why not?
- What does it mean for a component to be trusted?  
- Should you design a system such that all components can be trusted?  Why or why not? (also 203)
202-203
- What is the TCB?
- What is the security perimeter?
204-205
- What is the reference monitor?
- What is the security kernel?  What does it have to do?  How does it relate to the reference monitor concept?
206-207
- In security terms, what is a domain?  What is an execution domain?
208-209
- What is hardware segmentation and how does it contribute to security?
- What is a security policy?
- What is the security kernel?
- What do multilevel security policies do?
- What is the concept of least privilege?
210-211
- What is layering and how does it provide security?
- What is data hiding and how is connected to layering?
- What is abstraction?
212-213
- How does the state machine model apply to security?
- Why is failing in a secure state important?
- What is a multilevel security system?
- What is Bell-LaPadula and what are its three main rules?
- What is an information flow security model?
- What is the simple security rule?  By what other term is it known?
- What is the *-property rule?  By what other term is it known?  Why is it important?
- What is the strong star property rule?
214-215
- What is the Basic Security Theorem?
- What security service does Bell-LaPadula provide?
- What are some criticisms of the Bell-LaPadula model?
- What is the Biba model?  What are its two main rules?
- The rules of the Biba model seem counterintuitive.  Why are they the way they are?
216-217
- In general, what does a 'simple-' rule describe?  A 'star-' or '*'- rule?
- What is the Clark-Wilson model and what does it emphasize?
- What is 'access triple' and why is it called that?
- What is separation of duties?
- What are the three main goals of integrity?  Which one(s) is/are emphasized by Clark-Wilson?  By Biba?
- What generic model were both Biba and Bell-LaPadula built upon?
- What is the noninterference model and how does it enforce confidentiality?
218-219
- What is the Brewer and Nash model?  What other name is it known by?
- What issues do the Graham-Denning and Harrison-Rizzo-Ullman models address?  How do they differ?
[great summary on 219]
220-221
- What is dedicated security mode?
- What is system-high security mode?  How is it different from dedicated security mode?
- What is compartmented security mode?  How is it different from system-high?
- What is multilevel security mode?  Which model is an example of it?
222-223
- What's the difference between assurance and trust?
- What is TCSEC?  What other name is it known by?
- What's A-level security? B? C? D?
- T/F: B1 is a superset of B2?
- What are the four main topics of the Orange Book?
- What seven different areas do they break down into?
224-225
- What is NCSC?  TPEP? EPL?
- What is C1?
- What is C2?
- What model are Division B levels based on?  What other evidence must be present?
- What is B1?
- What is B2?
226-227
- What is B3?
- What's the difference between A1 and B3?
- What are some of the limitations of the Orange Book?
228-229
- What's the TNI?  What is its other name?
- What Red Book ratings are available?
- What replaced TCSEC?
- What is ITSEC?  Where is it used? What are its two main attributes?
230-231
- What is the fundamental difference between ITSEC and TCSEC?
- What are the rating scales for ITSEC?
- What is the TOE?
- What are the Common Criteria? Who developed?
- What's the biggest difference between Common Criteria and the Orange Book?
- What is EAL?  How many packages are there?
232-233
- What is a protection profile?
- What is the security target?
234-235
- What's the difference between certification and accreditation?
- What is ISO I7799?  What was it originally called?
236-237
- What's the difference between open systems and closed systems?
- What are covert channels and why are they security risks?
- What is a covert storage channel?
- What is the Loki attack?
238-239
- How can you try to detect covert channel attacks?
- What's a backdoor?  What other name is it known by?
- What are some countermeasures against backdoors?
- What's an asynchronous attack?
- What's a TOC/TOU attack?
- What's a race condition?
240-241
- What's a buffer overflow?  How can it be exploited?
- What are some countermeasures against buffer overflow attacks?

===== Chapter 6 - Physical Security

p253-254
- What are some mechanisms of physical security?
- Why is physical security more challenging today than in the '60s and '70s?
- Why are physical computer incidents today raising costs for companies?
- What is the layered defense model, and why is it important?
- What are some physical security vulnerabilities?
p255-256
- What is an EAC token and what is it used for?
- What is a critical-path analysis?
- What kinds of controls fall under the physical security umbrella?
p258-259
- What are some of the issues with selecting a facility site?
- What are some of the issues with designing and building a facility?
p260-261
- What is an internal partition and what is its main vulnerability?
- Where in a building should data centers be located?  Why?
p262-263
- In the past, personnel were needed in computer rooms for proper operation.  Why isn't that the case now, and what changes in computer room design are now possible?
- Why should there be only one, dedicated, entry to a secured computer room?
p264-265
- What main threats do physical security components combat?
- Why is a cost-benefit analysis of physical security important?
- What physical security procedures use security components that are already part of the environment?
p266-267
- Why shouldn't you try to back up every piece of data on every computer?
- What is an SLA and why are the details important?
- What is MTBF? What is MTTR?  Why is knowing both necessary when evaluating hardware for purchase?
p268-269
- What are the three main methods of protecting against power problems?
- What's the difference between an online UPS and a standby UPS?
- What are the two primary sources of backup power?
- What factors should be considered when evaluating secondary power?
- Define the following: EMI, RFI, (transient) noise, inrush current, clean power
- What can induce EMI?  RFI?
p270-271
- Define spike, surge, fault, blackout, sag/dip, brownout
- What two kinds of devices are typically used to ensure clean power?
p272-273
- What are some preventative measures for power management?
- How does job rotation or cross-training serve as a kind of backup?
- What steps should typically be taken when a technical employee leaves or gives notice?
p274-275
- What is a positive drain?
- What are five preventative steps against static electricity?
- What's the proper range for relative humidity?  What are the risks if it is too high or too low?
- What's the proper temperature range?  What are the risks if it is too high or too low?
p276-277
- What is a closed-loop circulation system?
- What is positive pressurization?  Is it desirable for data centers?
- What are the four classes of fire?
p278-279
- What are the three kinds of fire detectors?
- What are the two different kinds of heat-activated sensors?
p280-281
- What distinugishes plenum-rated cable from other kinds?
- For each class of fire, what is the type of fire what is the suppression method?
- What are some dangers of using CO2 as a supression agent?
- Why is Halon no longer made?
p282-283
- What are the four types of water sprinkler systems and what are their distinguishing characteristics?
- What is another name for a 'wet pipe' system?
p284-285
- Summarize emergency planning.
p286-287
- What are the two main modes of perimeter defense?
- How can personnel assigned to sensitive areas help with perimeter defense?
- What is a disadvantage of a lock-and-key system?
p287-288
- Describe the following options for cypher-lock systems: door delay, key-override, master-keying, hostage alarm.
- Describe the following device locks: switch controls, slot locks, port controls, peripheral switch controls, cable traps.
p290-291
- What is piggybacking?
- What are the two types of wireless proximity readers?
- What are the three kinds of system sensing cards?
p292-293
- What is PIDAS fencing?
- At what height and characteristics is a fence considered serious for area denial?
- What are bollards and where are they used?
- What is the NIST standard for perimeter protection for lighting critical areas?
p294-295
- Describe the five types of perimeter scanning devices.
p296-297
- What is a mantrap?
p298-299
- What information should be kept in the audit log of access control systems?
- What is fail-safe?  Fail-secure?


===== Chapter 7 - Telecommunications and Networking Security
312-313
- What is a PSTN?
- What is ATM?
- What is TCP/IP? (also p325)
- What is a network protocol?
314-315
- What are the layers of the OSI and TCP/IP models and how do they map together?
- What is an open network architecture?
- What is encapsulation?
316-317
- What is the purpose of the application layer?
- What protocols work at the application layer? (also p323)
- Does the application layer include the actual applications?
- What is the purpose of the presentation layer?
- What protocols work at the presentation layer? (also p323)
318-319
- What is the purpose of the session layer?
- What protocols work at the session layer? (also p323)
- What's a good analogy for the session layer?
- What are the three phases of session layer operation?
- What is dialog management?
- What is the purpose of the transport layer?
- What protocols work at the transport layer? (also p323)
- What's the difference between the functions of the transport layer and the session layer?
- What is UDP?
- What is SPX?
320-321
- What is the purpose of the network layer?
- What protocols work at the network layer? (also p324)
- What is ICMP? RIP? OSPF? BGP? IGMP?
- What is the purpose of the data link layer?
- What protocols work at the data link layer? (also p324)
- What are the two sublayers of the data link layer?
- What is FDDI?
- What is SLIP?  PPP? RARP? L2F? L2TP? ISDN?
322-323
- What is the purpose of the physical layer?
- What protocols work at the physical layer? (also p324)
324-325
- The 'IP' in TCP/IP provides "____________ routing services."
326-327
- What are the two main tasks of IP?
- Is TCP a connectionless protocol or a connection-oriented protocol?  What does that mean?
- What is UDP?  Is it a connectionless or connection-oriented protocol?  What does that mean?
- What is best-effort?
- Apply the postal system analogy to the Data, IP, and Network components of IP.
- Is TCP simplex, half-duplex, or full-duplex?
- What are some tradeoffs of using UDP vs. TCP?
- What is a socket?
328-329
- What are port numbers up to 1024 called?  Why?
- What ports are the following protocols usually mapped to: Telnet, SMTP, HTTP, SNMP, FTP?
- Differentiate between TCP and UDP according to reliability, connection, packet sequencing, congestion control, usage, and speed/overhead.
- What is the three-way handshake? Describe it in action.
- What is a SYN packet?  A SYN/ACK packet?  An ACK packet?
330-331
- What is the term used to describe the data at each layer of the TCP model?  The UDP model?
- What are the major differences between IPv4 and IPv6?
- How many bits for addressing does IPv4 use?  IPv6?
- What is a class?  What is a subnet?
332-333
- What is baseband?  What is broadband? (also p334)
- What is an analog transmission signal?
- Why are digital signals more reliable over long distances?
- What is the local loop (or last mile) and what's different about it?
- What is asynchronous communication?  Synchronous communication?
334-335
- Do modems use synchronous or asynchronous communication?
- Is CATV a baseband or broadband medium?
- What is the physical arrangement of computers and devices on a network called?
336-337 (for more topology info, see p338)
- What is a ring topology? What's the difference between physical ring and logical ring?
- What is a bus topology?  What are the two main types and how do they differ?
- What are two vulnerabilities of a simple bus topology?
- What's a star topology?
- What is a main vulnerability of a star topology?
- Most LANs nowadays are star topology.  Why?
- What's a mesh topology?  Full mesh?  Partial mesh?
- What defines a LAN as opposed to a WAN? (also 338)
338-339
- What's the difference between a LAN and an internetwork?
- What is attenuation?  What causes it?
- What is Ethernet?  What IEEE standard applies?
- What topologies does Ethernet traditionally use?
- What are Ethernet's characteristics?
340-341
- What is a BNC?  What types of Ethernet use it?
- What is 10Base2?
- What is 10Base5 and what distinguishes it from 10Base2?
- What is 10BaseT and what distinguishes it from the others?
- What topology does 10BaseT usually use?
- What is 100Base-TX also called? (also 342)
- What is 1000Base-T also called?
342-343
- What is token-passing and what LAN technology uses it?
- What is the central hub in a Token Ring LAN called?
- What is the transmit speed for Token Ring?
- What does the active monitor do?
- What is beaconing?
344-345
- What is FDDI?  How fast is it?  What IEEE standard applies?
- How does it provide fault tolerance?
- What is a ring wrap?
- How long can a FDDI network be?
346-347
- How is the bandwidth of a cable different from its data rate?
- What are some advantages and disadvantages of coaxial cable?
- What is the difference between STP and UTP?
- What is crosstalk?
- How does the twist of the wire improve its usability?
- What are some disadvantages of UTP?
348-350
- What are some advantages and disadvantages of fiber-optic cabling?
- What is cable noise?
- What is attenuation?  How do you minimize it?
- What is crosstalk?  How do you minimize it?
350-351
- What is plenum space?  Why is it relevant to cabling?
- What is a pressurized conduit?
- What is unicast?
- What is multicast?  How is it done across routers?
- What is broadcast?
352-353
- What is MTU?
- What is a token?
- Can token-passing networks have collisions?  Why or why not?
- What is CSMA/CD?
- What is contention?
- What is collision?  What does a system do when it detects one?
- What is the back-off algorithm?
- What is CSMA/CA and how does it differ from CSMA/CD?
354-355
- What is a collision domain?
- What is latency and how does it happen?
- A subnet will be on the same broadcast and collision domain if it is not separated by what?
- What is polling?
356-357
- What is ARP and how does it work?
- What is a MAC address?  How many bits?  What's the layout?
- What is ARP table poisoning, and what kind of attack is it?
- What is RARP and how does it work?
- What is a DHCP server and how does it work?
- What is BOOTP and how does it work?
- What's the difference between ARP and RARP?
358-359
- What is ICMP and what does it do?
- What is a repeater?
- What is a hub, and what other name is it known by?
- What is a bridge and why is it used?
- What is the difference between a local bridge, a remote bridge, and a translation bridge?
360-361
- What are the functions of a bridge?
- What's the difference between a bridge and a router?
- What's transparent bridging?
- What's source routing? (also 386)
- What is an internetwork?
- What is STA and what is it used for?
- What's a security risk associated with source routing?
362-363
- A router can connect similar networks.  Can it connect dissimilar ones (e.g., Ethernet LAN and Token Ring LAN)?
- What does a router use to filter traffic?
- What actually happens inside the router when it receives a packet?
- What is TTL and what's it used for?
- What happens if the destination network requires a smaller MTU than the packet being routed?
- What are the differences between routers and bridges?
- What is routing?
- Where does the sending computer send the packet if the destination computer is on a remote network?
364-365
- How were routing tables originally built, and why aren't they done that way anymore?
- What are ASs and how do they come into play in routing?
- What's a border router?
- A switch functions as a combination what and what?
366-367
- What's a VLAN?
- What's a gateway?
- What's IPX?
- What's a NAS?
- What standard do all mail servers understand?
370-371
- What's a PBX?
372-373
- What's a firewall?
- What is a DMZ and how is it used?
- What's packet filtering?
- Are packet filtering firewalls considered 'stateful?' Why/why not?
374-375
- What are pros and cons of packet filtering?
- What is stateful inspection, and what are some characteristics of a stateful inspection firewall?
- What's a firewall state table?
- What's a proxy?
376-377
- How can a proxy fight attempts by an attacker to probe a network?
- What are some pros and cons of proxy firewalls?
- What is a dual-homed firewall?
- What two functions should be shut down on a dual-homed firewall for security reasons?
- What's an application-level proxy?
378-379
- What's a circuit-level proxy?
- What is SOCKS?
380-381
- What is dynamic packet filtering?
- What is a kernel proxy?  What makes it different from the others?
- What are the characteristics of a 'bastion host' firewall architecture?
- How can a system be configured as a bastion host?
382-383
- Should all systems in DMZs be running as bastion hosts?  Why/why not?
- What is a screened host?
- What is a screened subnet?  Why is it superior to a screened host or standalone firewall?
384-385
- What should the default action of any firewall be?
386-387
- What is masquerading or spoofing?
- What's a zombie?
- What should a firewall do when it encounters a fragmented packet? What's the catch?
- What are some disadvantages to firewalls?
- Some firewalls perform authentication.  How does this help?
- What's a honeypot?
388-389
- What's the difference between enticement and entrapment?
- Why is suppressing broadcast and collision domain formation important?
- What's a NOS?
- What's a redirector?
390-391
- What is DNS?
- Who maintains the authoritative root databases?
- Who allocates IP addresses?
- Where do DNS servers live?
- Why are internal DNS servers usually split up?  What is this called?
- The DNS server that holds the file for a zone is called the  for that zone?
- What is a resource record?
- If a router does not know the necessary path to the destination of a packet, what does it do?
- If a DNS server does not know the necessary necessary resource record to resolve a hostname, what does it do?
392-393
- What are the seven most common top-level domains?
- What seven top-level domains did the International Ad Hoc Committee create?
- What is a directory service, and what model and protocol is it built on?
394-395
- What is a metadirectory and what is it used for?
- What is a schema?
- What's Microsoft's directory service?
- What's Novell's directory service?
- What is an intranet?
- What are the non-routing class A, B and C networks?
- What is an extranet?
396-397
- What is EDI?
- What is NAT?  How does it help provide security?
- How does NAT distinguish between IPs of all the computers connected downstream of it, if all are accessing the WWW at the same time?
- What is a MAN?
398-399
- What is SONET?
- What is self-healing?
- What is multiplexing?
400-401
- What's the bandwidth of a T1 line? How many telephone calls can it carry?
- How many T-1 lines can a T3 carry?
- What is ATM?  Describe its relationship with SONET in terms of a highway analogy.
- What is OC?  What's the throughput of an OC-1 line?
402-403
- What is SDH?  Is it compatible with SONET?  
- What are the bandwidth of E1 and E3 lines?
- How could an SDH network communicate with a SONET network?
- What is a dedicated link and what other names is it known by?
- What is TDM and who uses it?
- How many bits in a time slot?  How many time slots in a frame?
- How many T1 frames go in a second?
- What's it called when a T1 line is split between more than one customer?
- What's the main driver in the cost of a dedicated line?
- What is S/WAN?
404-405
- What is a CSU/DSU?
- What is DTE?  Give an example of a DTE object. (also 408-9)
- What is DCE?  Give an example of a DCE object. (also 408-9)
- What's the difference between circuit switching and packet switching? (also 406-7)
- What scheme does ISDN use?
406-407
- What is frame relay?
- What is CIR?
408-409
- What is the frame relay cloud?
- What's the difference between PVC and SVC?
- What is X.25?
- What is an HDLC frame and how large is it?
- Why was X.25 good for its time but obsolete today?
410-411
- What is ATM?
- Are ATM and frame relay connectionless switching technologies?
- What's the difference between packet switching and cell switching?
- How large is an ATM cell?
- Is ATM a good choice for voice and video transmission?  Why or why not?
- What is SMDS? 
- What is SDLC? What's its primary use?
- What is HDLC? What is it an extension of?
- What is HSSI? What's its max bandwidth?
412-413
- What is a multiservice access technology?
- What is the Signaling System 7 protocol?
- How does VoIP get around some of the barriers present in today's PSTN?
- What's the term used to describe packet loss or latency in a VoIP call?
- What's an H.323 gateway?
414-415
- (good WAN comparison table on 415)
416-417
- Remote access can be a huge security problem.  Why allow it at all?
- What is a NAS?
- What is a RAS?
- How can a call-back mechanism be defeated?
- Is it a good idea to have modem-pool access filtered through a firewall?
- What is wardialing?
- What's the local loop?
- What is ISDN?  What are the three implementations of it in use today?
418-419
- What is DSL?  What's its bandwidth? What are the two biggest disadvantages?
- What's the difference between symmetric and asymmetric DSL, and which one is better suited for home use?
- What's the biggest drawback of cable modems?
- What's the security risk behind DSL and cable connections being 'always-on?'
420-421
- What's a VPN?  
- What's a tunnel?
- Why would you use an encapsulated but unencrypted tunnel?
422-423
- What is PPP? What protocol did it replace? How does it use PoPs?
- What are PAP, CHAP, and EAP?
- Is PPP alone sufficient to bring serial data to, say, a corporate network?  Why/why not?
- What is PPTP?  How does it use MPPE?
- What is a GRE header, and how does it work in PPTP?
424-425
- What is L2F, and why did Cisco then create L2TP?
- What is PAP? 
426-427
- What is PAP's major security drawback?
- What is CHAP?  How does it overcome PAP's major security drawback?
- Is CHAP vulnerable to man-in-the-middle attacks?  Why or why not?
- What is EAP, and how is it different from CHAP and PAP?
428-429
- Modem pools should be set up to answer after how many rings?  Why?
- What is a possible effect of two machines on a network having the same MAC address?
- What is a single point of failure and what's the best defense against it?
430-431
- What is RAID?
- Name and describe the following RAID levels: 0-6, 10.
- Why is RAID 10 not called RAID 7?
- What are the characteristics of these RAID classifications:
  . Failure Resistant Disk Systems
  . Failure Tolerant Disk Systems
  . Disaster Tolerant Disk Systems
- What is HSM?
- What is SAN?
- What is clustering, and what is its advantage over just having secondary servers? (also 432)
432-433
- What's the relationship between frequency, bandwidth, and distance?
- What is CSMA/CA?
- What is spread spectrum?
434-435
- What is FHSS?  What two problems with wireless communication does it address?
- What is DSSS? 
- What is a chip?  A chipping code?
- What are some advantages DSSS has over FHSS?
436-438
- What is the IEEE wireless LAN standard?
- What is the frequency range and bandwidth of these wireless standards:
  . 802.11b
  . 802.11a (and how is it different from .11b?)
  . 802.11g
  . 802.11h (and where is it used?)
- What are the characteristics of these standards?
  . 802.11e 
  . 802.11f 
  . 802.11i
  . 802.11j
  . 802.16
  . 802.15
439
- What is WAP and why is it necessary?
440-441
- What is WTLS?  What are the three classes of WTLS?
- What is the 'gap in the WAP?'
- What is an infrastructure WLAN and how does it differ from an ad-hoc WLAN?
442-443
- What's a channel?
- What's a SSID?  When is it required?  Why should it not be relied on as a security mechanism?
- What two ways can a wireless device authenticate to an access point, and what is the difference between them?
- What is WEP and how secure is it?
- What is wardriving?
- What is NetStumbler?
- What are NetSnort and WEPCrack?
- What are some security best practices to implement a wireless LAN?

===== Chapter 8 - Cryptography
p457
- What is cryptography?
- Since most crypto algorithms can be broken, what's the point?
p458-459
- What is a substitution cipher? Monoalphabetic substitution?  Polyalphabetic substitution?
p460-461
- What is DES and how does Lucifer play a role in it?
- What is the Clipper Chip and what were some problems with it? (also p470-472)
P462-463
- What is the unencrypted message called?  The encrypted message?
- What is a cryptosystem?
- How are algorithms used in cryptography?
- What is a keyspace, and what are its characteristics?
- Should the algorithm for a cryptosystem be kept secret?  Why or why not?
p464-465
- What factors comprise the strength of the encryption method?
- What is 'work factor'?
- What four of the Big Five does cryptography contribute to?
- What different emphasis wrt crypto might military, financial, legal institutions have?
p466-467
- What is key clustering?
- What is a transposition cipher?
- What is frequency analysis and how is it used?
p468-469
- What is a running key cipher?  
- What is a concealment cipher?
- What is steganography?
p470-471
- What is Kerckoff's Principle?
- What is EES?
- What is key escrow?
p472-473
- By what name is key escrow also known when describing a software cryptosystem?
p474-475
- What is symmetric cryptography?  What are symmetric keys also called?
- How many different keys would be needed for N people to communicate without more than two people sharing any one key?
- What is an 'out-of-band' method?
- Which of the Big Five does symmetric cryptography contribute to?
- What are the main strengths/weaknesses of symmetric cryptography?
p476-477
- Are the following stream or block ciphers: DES, 3DES, Blowfish, IDEA, RC4, RC5, RC6, AES?
- What is asymmetric cryptography?  By what other name is it known?
- What are asymmetric keys also called?
- What is an important distinction between the public and private keys?
- Which of the Big Five does symmetric cryptography contribute to?
- What is a secure message format?
- How is authentication accomplished with asymmetric crypto?
p478-479
- What is an open message format?
- What is a 'secure and signed message format?'
- What are some strengths and weaknesses to asymmetric crypto?
- Between the list of algorithms on this page, and the list on p476, which are symmetric and which are asymmetric?
p480-481
- What's the difference between a block cipher and a stream cipher?
- What's the distinction between confusion and diffusion?
- What is an S-box?
p482-483
- What is a keystream generator?
- What are the characteristics of a good stream cipher algorithm?
- Are stream ciphers better suited for HW or SW implementations?  Why?
- What is DEA?  What's its effective key size, and why is it different than its full key size?
484-485
- What is 3DES?
- What is AES?  What algorithm does it use?
- What block size does DES use?
- How many rounds of transposition/substitution does DES use?
- What are the four DES operation modes and how are they different?
486-487
- Why 3DES and not 2DES?
- How many computation rounds does 3DES use?
- How much stronger than DES is 3DES?
- How much slower?
- Define and explain the three different operation modes of 3DES.
488-489
- What is IDEA?  What's its block size?  Key size?  Number of rounds?
- What is Blowfish?  What's its block size?  Key size?  Number of rounds?
- What is RC5?  What's its block size?  Key size?  Number of rounds?
- What is RSA?  What Big 5 functions can it perform?
- What provides the strength of the RSA algorithm?
- What's a one-way function?  How does it apply to the RSA algorithm?
490-491
- What is El Gamal?  What is it based on?
- What are ECCs?  What are they based on?  What advantages does it have over RSA?
492-493
- What is public key crypto? Describe a message exchange using it.
494-495
- What is a session key?  Describe a message exchange using it.
- What is a disadvantage of reusing the same secret key over and over?
- What is the Diffie-Hellman algorithm used for?
496-497
- What is PKI? What's the difference between it and public key crypto?
- What is a digital certificate?
- What is a certificate authority?  Name two well-known CAs.
- What is a registration authority? (also p498)
498-499
- What is a CRL?
- Why might a certificate be revoked?
- What is the current standard for creating a digital certificate?
- Describe an example of all components of a PKI working together.
- What's another name for a directory of public keys?
500-501
- What security services does PKI provide?
- How can crypto detect if a message has been modified in an unauthorized way?
- Why aren't parity bits a sufficient means of ensuring message integrity?
- What's a one-way hash?  How does it differ from an encryption algorithm's 'one-way function?'
- What's a message digest?
502-503
- What is a weakness of using a simple message digest to verify integrity?
- What is a MAC? How does it work?  What is its weakness?
504-505
- What kind of authentication does MAC provide (two different terms)?
- How is system authentication different than user authentication?
- What is a digital signature?
- Go through an example of sending a digitally-signed message.
506-507
- Encrypting a message provides which security service(s)?
- Hashing a message provides which security service(s)?
- Digitally signing a message provides which security service(s)?
- Encrypting and digitally signing a message provides which security service(s)?
- What are DSS, DSA, ECDSA, and SHA?
- How large a message digest does SHA produce?
- What does it mean if a hashing algorithm is 'collision free?'
- Re-create Table 8-2.
- What is a 'birthday attack?'
- What are features of a good hash function?
508-509
- What are characteristics of MD4, MD5, MD2, HAVAL?
- Describe the digital signing process using SHA and DSS.
510-511
- For a hash algorithm with n-bit output, using a brute-force attack, how many messages could it take to determine the input from a given output?
- For a hash algorithm with n-bit output, using a brute-force attack, how many messages could it take to determine two messages with the same output?
- What is a one-time pad?  What is its major advantage?  Its major flaw?
512-513
- What does it mean that cryptography is based on a 'trust model?'
- What is a KDC?
- What is KEA?
- Describe a good way to manage backups of crypto keys.
514-515
- What are the rules of key management?
- For link encryption and end-to-end encryption, answer the following:
  > What is it?
  > What part of the packet is encrypted?
  > What are its advantages?
  > What are its disadvantages?
  > Which part (higher or lower) of the OSI model is it performed in?
- Where is end-to-end encryption usually initiated?
- What is traffic-flow security?
- What is link encryption? What part of the packets are encrypted?
- What is end-to-end encryption? What part of the packets are encrypted?
- What are the advantages/disadvantages of each?
516-517
- What are the tradeoffs of hardware v. software encryption?
- If a company's security needs are as given below, what cryptosystem / scheme is the best choice:
  > only encrypting the occasional email message?
  > encrypting all network traffic, both internal and external?
  > single sign-on?
- What is MIME?
518-519
- What is S/MIME?  What security services does it provide?
- What is PEM?  What security services does it provide?  Why hasn't it really caught on?
- What is MSP?  What security services does it provide?  Who uses it?
- What is PGP?  What security services does it provide? 
- What is a PGP 'web of trust?'  
520-521
- What is a PGP key ring?
- What disadvantages does PGP have when compared to a CA model?
- Is PGP a complete cryptosystem?  Why or why not?
- What is the main security issue with browser plug-ins?
522-523
- What is a stateless protocol? Is HTTP a stateless protocol? Is S-HTTP?
- How is S-HTTP different from HTTP?
- What security services does S-HTTP provide?
- What is the difference between S-HTTP and HTTPS?
- What is SSL and how is it different from S-HTTP?  What security services does it provide?  Where on the protocol stack does it reside?
- Describe an SSL session.
- Does SSL provide security for the data once it is received?
- How does a user verify an SSL connection?
524-525
- What is SET?  Why hasn't it caught on?
- Describe an SET transaction.
- What are cookies?  Why are they used?
526-527
- What potentially damaging information can be in cookies?
- What is SSH? 
- Describe an SSH session? 
- What is IPSec? What two basic security protocols does it use?
- What is AH?
- What is ESP?
- What two modes can IPSec work in?
528-529
- Describe an IPSec session.
- What is an SA, and how does it work?
- Are SAs directional or omnidirectional?
- What is the SPI?
- How does AH use MAC?
- What security services do AH and ESP provide?  Why would you choose one over the other?
- Which would you choose to set up a VPN?
- Which would you choose in a NAT environment?
530-531
- What is an ICV? What part of the packet is used to calculate the ICV in AH?  ESP?
- Does IPSec dictate how hashing and encryption algorithms are to be used?
- What is IKE?
- What is ISAKMP?  OAKLEY?
- What is a passive attack?  An active attack?
- What is a cyphertext-only attack?
- What is a known-plaintext attack?
532-533
- What is a chosen-plaintext attack?
- What is a chosen-ciphertext attack?
- What is 'adaptive' when applied to all the above attacks?
- Why are public crypto algorithms generally better than private/proprietary ones?
- Why would you want to keep your crypto algorithm secret?
- What is the man-in-the-middle attack?  Describe it in action.
- What protocol is vulnerable to MITM?
- How can MITM be prevented?
534-535
- What is a dictionary attack?
- What is a replay attack?
- What is a side-channel attack?

Posted by Chris at May 6, 2005 10:41 AM

Category: General Weirdness
Comments