Damon Baker (15622970)

IS3220

June 24, 2015

dbaker158@email.itt-tech.edu

IS3220 FINAL STUDY GUIDE

1.) Know how NetWitness/Wireshark investigator work
Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform
unprecedented free-form contextual analysis of raw network data captured and reconstructed
2.) Know what type of information can be detected from a packet header Control Information
3.) Know how TCP established a connection
To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server
must first bind to and listen at a port to open it up for connections: this is called a passive open. Once the passive open is
established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs: a.
SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment's sequence
number to a random value . b. SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number
is set to one more than the received sequence number, and the sequence number that the server chooses for the packet
is another random number. c. ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the
received acknowledgement value, and the acknowledgement number is set to one more than the received sequence
number
4.) Know what a connection oriented protocol is
A network communication mode in telecommunications and computer networking, where a communication session or a
semi-permanent connection is established before any useful data can be transferred, and where a stream of data is
delivered in the same order as it was sent
5.) Know what promiscuous mode is
Is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the
controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the
controller is intended to receive. This mode is normallyused for packet sniffing that takes place on a router or on a
computer connected to a hub (instead of a switch) or one being part of a WLAN.
6.) Know what availability, integrity, and confidentiality are in terms of network security Availability: when a system is
useable for its intended purpose Integrity: the security service of preventing unauthorized changes to data. Confidentiality:
the security service of preventing access to resources by unauthorized users, while supporting access to authorized
users. 7.) Know the difference between a standard, a policy, a guideline, and a regulation Standard- defining the rules of
communication among networked devices. Policy a protocol to guide decisions and achieve rational outcomes
Guideline- a general rule, principle.
Regulation- a rule or directive made and maintained
8.) Know what IT security staff are responsible for
Planning, Developing, Managing, Oversight
9.) Know what a firewall does and how it works
A part of computer system that is designed to block unauthorized access while permitting outward communication. It is
basically a barrier to keep destructive forces away from your property.
10.) Know the purpose of designing a computer network
It allows computers to exchange data, in computer networks; networked computing devices pass data to each other along
data connections.
11.) Know the hacking process
Reconnaissance means the act of inspecting or exploring and can also be called foot printing. Scanning is the activity of
using various tools to confirm information learned during reconnaissance and discover new details. Enumeration is the
hackers process of discovering sufficient details about a potential target to learn whether vulnerability exists that they can
successfully attack. Attacking a successful attack based on solid research and preparation, can take just seconds. Post

Damon Baker (15622970)

IS3220

June 24, 2015

dbaker158@email.itt-tech.edu

Attack activities in asuccessful attack; the hacker usually has breached the targets security to gain some level of logical
access. Fall Back Activities are the other options for mayhem a hacker can deploy after unsuccessful breach attempts
against a target.
12.) Know the attacks a hacker might perpetrate and how a hacker might make money from the attacks Eavesdropping,
breaking and entering, social engineering, malicious code, session hijacking, man-in-the-middle attacks, wireless hacking,
SQL injections, web site attacks, and more.
13.) Know what in a organization is vulnerable to social engineering People are the vulnerability
14.) Know how a buffer overflow attack works
Is an anomaly where a program while writing data to a buffer, overruns the buffers boundary and overwrites adjacent
memory, this is a special case of violation of memory safety.
15.) Know what attack types: impersonation, reciprocity, and phishing fall under Social Engineering Attacks
16.) Know what happens in each of the 7 IT domains
User- defines the people who access an organizations information system. Workstation- the computer on your desk, this
can extend to other devices that provide access to computing resources. LAN- sub network that is made up of a group of
clients plus servers which are under the control of one central security. LAN-WAN- computing network technologies used
to transmit data over long distances between different LANs WAN- spans a large geographic area.
Systems/Applications- the critical infrastructure of server systems, applications, and data. Remote Access- accessing the
computing services from outside the boundary of the computing system.
17.) Know what a port scanner is and how it differs from a vulnerabilityscanner Port scanner- is a software application
designed to probe a server or host for open ports. A vulnerability scanner is a computer program designed to assess
computers. And port scanner is an application designed to probe a server or host.
18.) Know how data loss prevention works
Is a system that is designed to detect, potential data breach and prevent them by monitoring, detecting and blocking
sensitive data while in-use, in-motion, and at-rest.
19.) Know what can be determined through a network analysis
Network related activities
20.) Know where to place a firewall if you want it to filter inbound and outbound traffic
21.) Know how packet filtering can protect a computer network By inspecting the packets which transfer between
computers on the internet. If a packet matches the packet filters set of rules, the packet filter will drop the packet or reject
it.
22.) Know how a stateful firewall works
Keeps track of the state of network connections traveling across it.
23.) Know how a application proxy works
Acts as an intermediary for requests from clients seeking resources from other servers. 24.) Know the difference between
static and dynamic filtering Dynamic filtering means they keep the ports opening and closing for the arriving packet data
according to the rule of the site content and protocol. Static filtering they are used in very special cases with the help of
wizard, these filters are used to allow very specific traffic like mail or specific internet programs and not the whole array of
internet.
25.) Know where deny rules should be placed in an ACL

Damon Baker (15622970)

IS3220

June 24, 2015

dbaker158@email.itt-tech.edu

26.) Know how firewall log files should be kept and processed In binary or obfuscated form so that they are difficult for
external or unauthorized users to access. They require administrator to access the log contents through a firewall-log
reading interface.
27.) Know how a reverse proxy works
Reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers.
28.) Know how fragmentation can be used to bypass firewall rules Creates extremely small fragments and force the TCP
header information into a separate packet fragment. Designed to bypass the filtering rules that depend on TCP header
information.
29.) Know how VPN connections work
Is a connection between your VPC and data center, home network or co-location facility.
30.) Know the benefits of using a VPN connection
Cost saving and network scalability, and ease.
31.) Know what a cryptographic function is
Is a set of procedures that provide basic cryptographic functionality using various algorithms for key generation, random
number generation, encryption, decryption, and message digesting.
32.) Know how VPN tunnel mode works
Is the connection between complementary links, they are encrypted to the highest security standards.
33.) Know the advantages of a hardware VPN solution
They provide network load balancing which keeps network bottlenecks to a minimum and allows quality of service
control.
34.) Know what should be in an Acceptable Use Policy
Managing passwords, software licenses, and online intellectual property.
35.) Know how to harden a system
Securing a system by reducing its surface of vulnerability. A system has a larger vulnerability surface the more functions it
fulfills.
36.) Be able to identify different types of IP addresses
Static IP address
Dynamic IP address
37.) Know what encryption does
Converting data or information into code.
38.) Know the three As: Authentication, Authorization, and accounting Authentication- provides a way of identifying a user,
typically by having the user enter a valid user name and valid password before access is granted. Authorizationdetermines whether the user has the authority to issue such commands. Accounting which measures the resources a
user consumes during access.
39.) Know the three methods of authorization
40.) Know the primary purpose of monitoring log files
Used to identify, respond, and prevent operational problems, security incidents, policy violations, fraudulent activity;
optimize system and application performance.
41.) Know the advantages of configuring your own firewall solution It meets the needs to the client specifically

Damon Baker (15622970)

IS3220

June 24, 2015

dbaker158@email.itt-tech.edu

42.) Know the proper time to document your network

Anytime that you make any times of changes to it.
43.) Know what the tool SmokePing does
Allows you to probe a list of servers, store that data using RRDtool, andgenerate statistical charts.
44.) Know what is included in a security assessment
Introduction/background information, management summary, assessment scope, assumptions and limitations, methods
and assessment tools, security requirements, summary of findings and recommendations, vulnerability test results, risk
assessment results, and recommended safeguards.
45.) Know the incident response phases
Preparation
Identification
Containment
Eradication
Recovery
Lessons learned
46.) Be able to identify security management best practices
Identify critical information assets and key services that the messaging team supports, and define a classification system
for each. Undertake security risk assessment. Define document and implement a process by which maintenance of
physical and logical controls is carried out.