Getting Ready for Chapter 3 - Answers
1. If you wish to allow only certain departments to surf the Internet you would set up a firewall .
Explanation: In the real-world differences in products are blurring. "Building the Perfect Box" -- Information Security October 2002 Page 16... A circuit level firewall will allow application access control. This may be included in some proxy servers.
2. A router operates on layer 3. This means a packet sniffer can access only the subnet that the packet snifer exists on .
Explanation: A router performs by directing IP traffic based on source and destination IP addresses. That would limit sniffing to the sub network area. If the packet sniffer is at the router, it can monitor everything that moves through the router. (Of course, if a cracker can manipulate the router to route additional traffic over to the subnet the cracker has compromised, that traffic can be seen as well. The key is that the packets have to be passing through the subnet on which the sniffer is installed.)
3. A subnet can be isolated from sniffing either a switch or a router .
Explanation: While a router will limit exposure via directed IP traffic, a switch will screen to the sub-net level by using MAC addresses. Do be aware that deploying switches does not make you totally immune to sniffing, as switches were not designed to segment traffic for security reasons, and many have at least one vulnerability that reduces their effectiveness for security.
4. A modem that is not part of the "official" modem pool in a firm is susceptible to war dialing .
Explanation: This is a very old form of hacking that is beginning to rise in popularity again. It is trivially easy to find a freeware program to dial numbers to log phone numbers that have modems attached, then checking to see if the connection has a back door. Such a modem could potentially be used by an attacker to bypass restrictions in place at the organization's official dial-ins or their Internet firewall.
5. The technology that enables the use of one-time passwords or pass phrases is called smartcards .
Explanation: Smart cards and other access tokens rely on one-time-only passwords, challenge-response phrases or public-key security to dramatically increase authentication strength
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.