Beruflich Dokumente
Kultur Dokumente
KIM TRA NH K
Khoa CNTT
Lp: ..- Th/gian: ..
p n
Cu p n
1 2 3 4 5 6 7 8 9 10
G. ch
Cu p n
11 12 13 14 15 16 17 18 19 20
G. ch
Advanced Techniques:
Sniffers are used by hackers to collect information about a target network or system. Sniffing a switched network is harder than a network that uses hubs. The hacker must do one of two things to sniff a switched network: convince (thuyt phc) the switch to send the traffic to it or cause the switch to send traffic to all ports. The switch can be fooled (b nh la) to send traffic to the sniffer by duplicating the MAC or spoofing the ARP or DNS. In order for ARP spoofing (gi mo) to be effective, the sniffer must have the capability to forward the traffic on to the correct destination.
To accomplish (thc hin) attacks by sniffing, the attacker must have a system on the local switch. IP spoofing makes it more difficult to track an attacker. Using IP spoofing, the attacker cannot see the targets responses to his actions.
Address reconnaissance is used to identify the address space used by the target organization. Attackers can find more information on addresses in use at the target by doing a zone transfer from the primary DNS. Phone reconnaissance is more difficult than identifying network addresses associated with a target. The hacker, in addition to looking for phone numbers associated with the targets computer systems, would also check to see if to the target is using or misusing wireless. Attacker will use ping sweeps to find open ports. Vulnerability identification is potentially the most dangerous for the hacker in that there is a potential for being detected while identifying vulnerabilities. The hacker needs to understand the business of target to know how they use computer systems and what would hurt the target the most. A targeted hacker may use physical reconnaissance to gain access to systems or information they want (for example, watching the building for opportunities to enter or examining the trash). The targeted hacker will use a flaw in physical access to gain entry to the site. The hacker will use the information gathered to choose the best method of access without being detected. The hacker will know enough information to map external systems and all connection to internal systems. The attacker will attempt to cover up the intrusion by editing the logs to remove the entries related to the break-in. The easiest physical attack is to examine the contents of the organizations trash. Social engineering is the safest physical attack and can lead to electronic access. The most dangerous physical access is the physical penetration of the site.
Key Terms:
ARP spoofing ; buffer overflow ; denial of service (DoS) DNS spoofing ; hacktivism ; hybrid malicious code IP spoofing ; MAC duplicating ; malicious code Ping of Death ; rlogin ; rootkit ; script kiddies Smurf attack ; social engineering ; stack ; SYN flood Trojan horse ; virus ; worms ; zombies
3.
4.
5.
6.
7.
8.
9.
b. Greed c. Malicious intent d. Being dared File sharing via __________________ was used by some of the first hackers to gain access to information. a. NTFS b. FAT c. SPX d. NFS Improper access to files can be prevented by __________________. a. Denying access to everyone b. Using the default settings for any operating system c. Property setting rules for access to the files d. Not keeping files in electronic formats __________________ are still most common form of authentication in use on information systems. a. Smart cards b. Locks c. Biometrics d. Passwords Short passwords will allow an attacker to use _________________ to break in. a. Brute-force b. Social engineering c. Viruses d. Spoofing The most powerful weapon (v kh) used by an attacker that involves having a kind voice and the ability to fie is __________________. a. A murf attack b. A virus attack c. Social engineering d. Brute-force What cause buffer overflows? a. A programming flaw b. A shell program c. A SYN flood d. A stack Most denial-of-service attacks originate (xut pht) from _________________. a. Trojan horse programs
b. Reconnaissance c. Legitimate systems d. Spoofed addresses 10. Which of the following is used to cause a switch to send traffic to a sniffer? a. IP spoofing b. IOS spoofing c. NIC spoofing d. DNS spoofing 11. If a switch is no longer switching traffic (khng chuyn traffic na), it is acting like a ________________. a. Stack b. Router c. Hub d. Firewall 12. Of the following, which is classified as malicious code? a. Vendor updates for commercial packages b. Scripts used to update signature files c. Worms sent over the Internet d. Logon scripts to map drives 13. Of the following, which is a technique typically used by an untargeted hacker? a. Gathering (thu nht) information about a specific organization over along period of time. b. War-dialing c. Physical reconnaissance (s thm d) d. Social engineering (k nng x hi) 14. Targeted hackers usually __________________. a. Brag (khoc lc) about their conquest (s chinh phc). b. Target just one system within an organization. c. Conduct a brute-force attack. d. Remove entire log files to cover up their tracks. 15. Which of the following hacker techniques concerning log files is least likely to draw attention to the intruders presence? a. The attacker will completely remove log files. b. The attacker will not manipulate the log files to avoid the risk of detection. c. The attacker will manipulate the log files to remove entries they caused. d. The attacker will manipulate the log files to add entries to throw off the administrator.
16. Dch v no sau y khng c xem l dch v qun l mng: a. Xc thc truy cp qua ng dial-up b. iu khin lu thng c. Theo di License d. Phn tn c s d liu 17. S an ton (security) l iu cn quan tm khi s dng cc server truyn thng trn mng, bi v: a. Cc server truyn thng khng cho php s dng password khi s dng n b. Cc server truyn thng cho php cc my tnh Dial-up vo mng, do cc mng b phi ra vi th gii bn ngoi c. Cc server truyn thng khng chp nhn truyn d liu c m ha, n yu cu user truyn d liu nguyn bn n/i t mng d. Cc server truyn thng thng kh cu hnh, nn cc mng thng s dng n khng ng v c th khng an ton 18. Chc nng chnh ca Router l g? a. Xc nh mt ng dn tt nht chuyn tip cc gi tin (packet) n ch ca n b. Phn chia cc nhm thit b mng thnh cc domain broadcast. c. Gi cc tn hu broadcast n tt c cc segment mng d. Phc hi cc tn hiu b yu i khi i qua ng truyn 19. S dng Switch c nhiu thun li hn so vi Hub l v: a. Switch c th cung cp thng tin qun l mng b. Switch c th cnh bo cho ngi qun tr mng v s xung t c th xy ra trn mng c. Switch c th truyn d liu hiu qu hn t segment ny n segment khc d. Switch c th gn cc knh (channel) ring bit n cc node khc, vic truyn d liu gia n c an ton hn 20. Mt my tnh A (host A) mun gi d liu cho my tnh B (host B) th trc ht d liu phi c ng gi bi mt qu trnh c gi l ng gi (Encapsulation). Pht biu no sau y l ng v hot ng ng gi? a. Hot ng ng gi s ng gi cc gi tin m n nhn c sau chuyn tip cc gi tin b. Hot ng ng gi s gi d liu vi cc thng tin giao thc cn thit trc khi chuyn i c. Hot ng ng gi phi tp hp cc mnh ca gi tin, trong trng hp gi tin b phn mnh, thnh gi tin ban u sau chuyn tip gi tin d. Tt c pht biu trn u sai.