329. d. The firewall administrator must analyze and evaluate each new release of the firewall software to determine whether an upgrade is required. Prior to upgrade, the firewall administrator must verify with the vendor that an upgrade is required. The most important step occurs after an upgrade; the firewall must be tested to ensure proper functioning prior to making it fully operational.
330. A virtual private network (VPN) creates a secure, private network over the Internet through all the following except:
a. Authentication
b. Encryption
c. Packet tunneling
d. Firewalls
330. a. VPNs enable an organization to create a secure, private network over a public network such as the Internet. They can be created using software, hardware, or a combination to create a secure link between peers over a public network. The secure link is built through encryption, firewalls, and packet tunneling. Authentication is done outside the network.
331. What is an attack that attempts to exploit a weakness in a system at a level below the developers’ design level (such as through operating system code versus application code) called?
a. Technical attack
b. Tunneling attack
c. NAK attack
d. Active attack
331. b. A tunneling attack attempts to exploit a weakness in a system that exists at a level of abstraction lower than that used by the developer to design the system. For example, an attacker might discover a way to modify the microcode of a processor that is used when encrypting data, rather than attempting to break the system’s encryption algorithm. Preventing a tunneling attack can be costly.
A technical attack is perpetrated by circumventing or nullifying hardware and software protection mechanisms, rather than by subverting system personnel or other users.
A NAK attack capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus leaves the system in an unprotected state during such interrupts. An active attack alters data by bypassing security controls on a computer system.
332. In a distributed computing environment, system security takes on an important role. Two types of network attacks exist: passive and active attacks. Which of the following is the best definition of active attack?
1. Nonpreventable
2. Preventable
3. Detectable
4. Correctable
a. 1 only
b. 3 only
c. 1 and 3
d. 2, 3, and 4
332. c. Data communication channels are often insecure, subjecting messages transmitted over the channels to passive and active threats or attacks. An active attack is where the threat makes an overt change or modification to the system in an attempt to take advantage of vulnerability. Active attacks are nonpreventable and detectable.
A passive attack occurs when the threat merely watches information move across the system and when information is siphoned off the network. Passive attacks are preventable but difficult to detect because no modification is done to the information, and audit trails do not exist. All attacks are correctable with varying degrees of effort and cost.
333. What is an attacker connecting a covert computer terminal to a data communication line between the authorized terminal and the computer called?
a. Tunneling attack
b. Salami attack
c. Session hijacking attack
d. Asynchronous attack
333. c. The attacker waits until the authorized terminal is online but not in use and then switches control to the covert terminal. The computer thinks it is still connected to the authorized user, and the attacker has access to the same files as the authorized user. Because a session was hijacked in the middle, it is called a session hijacking attack.
