Đang tải... (xem toàn văn)
Đề kiểm tra định kỳ An toàn mạng
Trường ĐH Khoa học Huế ĐỀ KIỂM TRA ĐỊNH KỲKhoa CNTT Môn: An Toàn MạngLớp: … …- Th/gian: …… Họ và tên SV:…………………………………………Lớp:…………………………… .Phần trả lời trắc nghiệm:Câu Đáp án Câu Đáp án G. chú Câu Đáp án G. chúa 1 11b 2 12c 3 13d 4 14e 5 15f 6 16g 7 17h 8 18i 9 19j 10 20Phần câu hỏi và trả lời tự luận: Giải thích rõ (ngắn gọn) các câu sau: ………………1 SUMMARY Historical Hacking Techniques:• The original (đầu tiên) intent (mục tiêu) of the Internet was toshare resources openly between research institutions.• Some of the first hackers used the Network File System (NFS) to gain (giành quyền) access to information.• rlogin was commonly used by administrator and users to enter remote systems without a password.• Cracking weak passwords or short passwords using brute-force methods is one of the most common ways hackers gain access to systems.• Some weak passwords fall into the bad configuration category because a developer will use a simple password that matches the ID for example, a user ID and password that are both jdoe.• Alternatives to bad password are the use of smart cards or biometrics (sinh trắc học) .• Programming flaws are another method hackers use to exploit (khai thác) computer systems.• Hackers use buffer overflows to inundate (tràn ngập) the target system, causing it to crash or run commands to elevate privileges to the system.• Denial of service (DoS) is used by hackers to render the target unusable.• Distributed denial of service (DDoS) can be targeted toward a large number of systems.• DDoS attacks have three-tiered architecture using the master, slave, and client processes that have been installed on compromised (thoả hịêp/tổn thương) systems.Advanced Techniques:• Sniffers are used by hackers to collect information about a target network or system.• Sniffing a switched network is harder than a network that uses hubs.• The hacker must do one of two things to sniff a switched network: convince (thuyết phục) the switch to send the traffic to it or cause the switch to send traffic to all ports.• The switch can be fooled (bị đánh lừa) to send traffic to the sniffer by duplicating the MAC or spoofing the ARP or DNS.• In order for ARP spoofing (giả mạo) to be effective, the sniffer must have the capability to forward the traffic on to the correct destination.2 • To accomplish (thực hiện) attacks by sniffing, the attacker must have a system on the local switch.• IP spoofing makes it more difficult to track an attacker.• Using IP spoofing, the attacker cannot see the target’s responses to his actions. Identify Malicious (có hại) Code:• Viruses are not structured to exist by themselves.• Initially, viruses attached themselves to executable files.• Viruses first appeared when the majority of the computer used the Disk Operating System (DOS).• Macro viruses attach themselves to word processing documents.• Trojan horse damage can be similar to that of computer viruses.• Worms travel from system to system without the assistance (trợ giúp) of the user.• The Slapper worm uses a peer-to-peer model.• Attackers combine two types of malicious code to accomplish multiple roles.Identify Methods of the Untargeted Hacker:• The untargeted hacker is not looking (chú ý) to access a particular system.• Reconnaissance (thăm dò) for an untargeted hacker can take many forms.• Untargeted attackers will use a stealth scan to identity what systems are up.• The reset scan is a variation of a stealth scan.• Telephone reconnaissance (war-dialing) is used to identity potential victims (nạn nhân).• Attackers look for wireless network by war-driving.• The untargeted hackers will have a single exploit or a small group of exploits available.• More sophisticated (tinh vi) hackers use reconnaissance tools to identity multiple vulnerability (dễ bị tấn công/“yếu”) systems and then write scripts to allow them to exploit all the systems in a short amount of time.Identify Methods of the Targeted Hacker:• Targeted hackers are motivated by the desire for something an organization has.• The target for this attacker is chosen for a reason.• Address reconnaissance is used to identify the address space used by the target 3 organization.• Attackers can find more information on addresses in use at the target by doing a zone transfer from the primary DNS.• Phone reconnaissance is more difficult than identifying network addresses associated with a target.• The hacker, in addition to looking for phone numbers associated with the target’s computer systems, would also check to see if to the target is using or misusing wireless.• Attacker will use ping sweeps to find open ports.• Vulnerability identification is potentially the most dangerous for the hacker in that there is a potential for being detected while identifying vulnerabilities.• The hacker needs to understand the business of target to know how they use computer systems and what would hurt the target the most.• A targeted hacker may use physical reconnaissance to gain access to systems or information they want (for example, watching the building for opportunities to enter or examining the trash).• The targeted hacker will use a flaw in physical access to gain entry to the site.• The hacker will use the information gathered to choose the best method of access without being detected.• The hacker will know enough information to map external systems and all connection to internal systems.• The attacker will attempt to cover up the intrusion by editing the logs to remove the entries related to the break-in.• The easiest physical attack is to examine the contents of the organization’s trash.• Social engineering is the safest physical attack and can lead to electronic access.• The most dangerous physical access is the physical penetration of the site.Key Terms:ARP spoofing ; buffer overflow ; denial of service (DoS) DNS spoofing ; hacktivism ; hybrid malicious code IP spoofing ; MAC duplicating ; malicious code Ping of Death ; rlogin ; rootkit ; script kiddies Smurf attack ; social engineering ; stack ; SYN flood Trojan horse ; virus ; worms ; zombies 4 Key Term Quiz:Use terms from the Key Terms List to complete the sentences that follow. Don’t use the same term more than once. Not all terms will be used.a. ARP spoofing is what an attacker uses to forge (giả mạo) the _____________ of the attacking computer.b. __________________ is the process of overwhelming a computer system with the intent of gaining elevated privileges.c. When an attacker causes users to not be able to access system, applications, or information, this is what is known as __________________.d. Code with the intent of disrupting computer operations or destroying information is known as __________________.e. If you can access a remote computer system without authenticating with that system, you are using __________________.f. You would use a __________________ to cover up an instruction and gain administrative access.g. __________________ is a typical process used in testing a network address to see if it is up and accepting requests and then increasing the packet size to the point that it causes the target computer to crash.h. Individuals who use scripts of others to target any computer system the encounter are called __________________.i. The __________________ controls what code the operating system will execute next once the current code is completed.j. Malicious code that appears to be useful program, but in reality is used to destroy the computer system of collect information about the system, is known as a __________________.Multiple Choice Quiz:1. Which of the following is the term most commonly associated with a person who breaks into computer or networked systems?a. Crackerb. Cyberpunkc. Hackerd. User2. Which is the most common motivation (động cơ) for hacker to break into computers?a. The challenge5 b. Greedc. Malicious intentd. Being dared3. File sharing via __________________ was used by some of the first hackers to gain access to information.a. NTFSb. FATc. SPXd. NFS4. Improper access to files can be prevented by __________________.a. Denying access to everyoneb. Using the default settings for any operating systemc. Property setting rules for access to the filesd. Not keeping files in electronic formats5. __________________ are still most common form of authentication in use on information systems.a. Smart cardsb. Locksc. Biometricsd. Passwords6. Short passwords will allow an attacker to use _________________ to break in.a. Brute-forceb. Social engineeringc. Virusesd. Spoofing7. The most powerful weapon (“vũ khí”) used by an attacker that involves having a kind voice and the ability to fie is __________________.a. A murf attackb. A virus attackc. Social engineeringd. Brute-force8. What cause buffer overflows?a. A programming flawb. A shell programc. A SYN floodd. A stack6 9. Most denial-of-service attacks originate (xuất phát) from _________________.a. Trojan horse programsb. Reconnaissancec. Legitimate systemsd. Spoofed addresses10.Which of the following is used to cause a switch to send traffic to a sniffer?a. IP spoofingb. IOS spoofingc. NIC spoofingd. DNS spoofing11.If a switch is no longer switching traffic (không chuyển “traffic” nữa), it is acting like a ________________.a. Stackb. Routerc. Hubd. Firewall12.Of the following, which is classified as malicious code?a. Vendor updates for commercial packagesb. Scripts used to update signature filesc. Worms sent over the Internetd. Logon scripts to map drives13.Of the following, which is a technique typically used by an untargeted hacker?a. Gathering (thu nhặt) information about a specific organization over along period of time.b. War-dialingc. Physical reconnaissance (sự thăm dò)d. Social engineering (kỹ năng xã hội)14.Targeted hackers usually __________________.a. Brag (khoác lác) about their conquest (sự chinh phục).b. Target just one system within an organization.c. Conduct a brute-force attack.d. Remove entire log files to cover up their tracks.15.Which of the following hacker techniques concerning log files is least likely to draw attention to the intruder’s presence?a. The attacker will completely remove log files.7 b. The attacker will not manipulate the log files to avoid the risk of detection.c. The attacker will manipulate the log files to remove entries they caused.d. The attacker will manipulate the log files to add entries to throw off the administrator.16.Dịch vụ nào sau đây không được xem là dịch vụ quản lý mạng:a. Xác thực truy cập qua đường dial-upb. Điều khiển lưu thôngc. Theo dõi Licensed. Phân tán cơ sở dữ liệu17.Sự an toàn (security) là điều cần quan tâm khi sử dụng các server truyền thông trên mạng, bởi vì:a. Các server truyền thông không cho phép sử dụng password khi sử dụng nób. Các server truyền thông cho phép các máy tính Dial-up vào mạng, do đó các mạng bị “phơi” ra với thế giới bên ngoàic. Các server truyền thông không chấp nhận truyền dữ liệu đã được mã hóa, nó yêu cầu user truyền dữ liệu nguyên bản đến/đi từ mạngd. Các server truyền thông thường khó cấu hình, nên các mạng thường sử dụng nó không đúng và có thể không an toàn 18.Chức năng chính của Router là gì?a. Xác định một đường dẫn tốt nhất để chuyển tiếp các gói tin (packet) đến đích của nób. Phân chia các nhóm thiết bị mạng thành các domain broadcast.c. Gửi các tín hệu broadcast đến tất cả các segment mạngd. Phục hồi các tín hiệu đã bị yếu đi khi đi qua đường truyền19.Sử dụng Switch có nhiều thuận lợi hơn so với Hub là vì:a. Switch có thể cung cấp thông tin quản lý mạngb. Switch có thể cảnh báo cho người quản trị mạng về sự xung đột có thể xảy ra trên mạngc. Switch có thể truyền dữ liệu hiệu quả hơn từ segment này đến segment khácd. Switch có thể gán các kênh (channel) riêng biệt đến các node khác, để việc truyền dữ liệu giữa nó được an toàn hơn20.Một máy tính A (host A) muốn gửi dữ liệu cho máy tính B (host B) thì trước hết dữ liệu phải được đóng gói bởi một quá trình được gọi là đóng gói (Encapsulation). Phát biểu nào sau đây là đúng về hoạt động đóng gói?a. Hoạt động đóng gói sẽ đóng gói các gói tin mà nó nhận được sau đó chuyển tiếp các gói tin8 b. Hoạt động đóng gói sẽ gói dữ liệu với các thông tin giao thức cần thiết trước khi chuyển đic. Hoạt động đóng gói phải tập hợp các mảnh của gói tin, trong trường hợp gói tin bị phân mảnh, thành gói tin ban đầu sau đó chuyển tiếp gói tind. Tất cả phát biểu trên đều sai.9 . Trường ĐH Khoa học Huế ĐỀ KIỂM TRA ĐỊNH KỲKhoa CNTT Môn: An Toàn MạngLớp: …..…- Th/gian: ……..Họ và tên SV:…………………………………………Lớp:……………………………...Phần. particular system.• Reconnaissance (thăm dò) for an untargeted hacker can take many forms.• Untargeted attackers will use a stealth scan to identity what systems