Tipo 3 Realizan modelación a partir de un modelo adecuando la
2. Diseñar y construir un material lúdico para el desarrollo del pensamiento variacional en un contexto algebraico en el cual se desarrollan diferentes temático donde los
7.3 DESARROLLO DE LA PROPUESTA
7.3.5. Juegos con tableros Juego: Valores para N.
20. What type of attack occurs when malicious users position themselves between a client and server and then interrupt the session and takes it over?
A. Man-in-the-middle
B. Spoofing
C. Hijack
D. Cracking
74 Chapter 2 Attacks and Monitoring
Answers to Review Questions
1. B. Accountability is maintained by monitoring the activities of subjects and objects as well as of core system functions that maintain the operating environment and the security mechanisms.
2. D. In most cases, when sufficient logging and auditing is enabled to monitor a system, so much data is collected that the important details get lost in the bulk. For automation and real-time analysis of events, an intrusion detection system (IDS) is required.
3. A. An IDS automates the inspection of audit logs and real-time system events to detect abnormal activity. IDSs are generally used to detect intrusion attempts, but they can also be employed to detect system failures or rate overall performance.
4. A, B, C. IDSs watch for violations of confidentiality, integrity, and availability. Attacks recog- nized by IDSs can come from external connections (such as the Internet or partner networks), viruses, malicious code, trusted internal subjects attempting to perform unauthorized activities, and unauthorized access attempts from trusted locations.
5. B. A host-based IDS watches for questionable activity on a single computer system. A network- based IDS watches for questionable activity being performed over the network medium, can be made invisible to users, and is ineffective on switched networks.
6. C. A knowledge-based IDS is effective only against known attack methods, which is its primary drawback.
7. D. A behavior-based IDS can be labeled an expert system or a pseudo-artificial intelligence sys- tem because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events.
8. B. Honey pots are individual computers or entire networks created to serve as a snare for intruders. They look and act like legitimate networks, but they are 100 percent fake. Honey pots tempt intruders with unpatched and unprotected security vulnerabilities as well as attrac- tive and tantalizing but faux data.
9. C. When intruders are detected by an IDS, they are transferred to a padded cell. The transfer of intruders into a padded cell is performed automatically, without informing any intruder that the change has occurred. The padded cell is unknown to the intruder before the attack, so it cannot serve as an enticement or entrapment. Padded cells are used to detain intruders, not to detect vulnerabilities.
10. C. Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weak- nesses, they produce evaluation reports and make recommendations.
11. B. Penetration testing should be performed only with the knowledge and consent of the
management staff. Unapproved security testing could result in productivity loss or trigger emergency response teams. It could even cost you your job.
Answers to Review Questions 75
12. A. A brute-force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols.
13. C. Strong password policies, physical access control, and two-factor authentication all improve the protection against brute-force and dictionary password attacks. Requiring remote logons has no direct effect on password attack protection; in fact, it may offer sniffers more opportunities to grab password packets from the data stream.
14. D. Spoofing is the replacement of valid source and destination IP and port addresses with false ones. It is often used in DoS attacks but is not considered a DoS attack itself. Teardrop, smurf, and ping of death are all DoS attacks.
15. C. A SYN flood attack is waged by breaking the standard three-way handshake used by TCP/IP to initiate communication sessions. Exploiting a packet processing glitch in Windows 95 is a WinNuke attack. The use of an amplification network is a smurf attack. Oversized ping packets are used in a ping-of-death attack.
16. A. In a land attack, the attacker sends a victim numerous SYN packets that have been spoofed to use the same source and destination IP address and port number as the victim’s. The victim then thinks it sent a TCP/IP session-opening a packet to itself.
17. D. In a teardrop attack, an attacker exploits a bug in operating systems. The bug exists in the routines used to reassemble (that is, resequence) fragmented packets. An attacker sends numerous specially formatted fragmented packets to the victim, which causes the system to freeze or crash.
18. C. Spoofing grants the attacker the ability to hide their identity through misdirection. It is therefore involved in most attacks.
19. B. A spamming attack is a type of denial-of-service attack. Spam is the term describing unwanted email, newsgroup, or discussion forum messages. It can be an advertisement from a well-meaning vendor or a flood of unrequested messages with viruses or Trojan horses attached.
20. C. In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is positioned between a client and server and then interrupts the session and takes it over.