Читаем CISSP Practice полностью

QoP requires that overall performance of a system should be improved by prioritizing traffic and considering the rate of failure or average latency at the lower layer protocols.

QA is the planned systematic activities necessary to ensure that a component, module, or system conforms to established technical requirements. QC is the prevention of defective components, modules, and systems. DoQ results from not implementing the required QA methods and QC techniques for delivering messages, packets, and services.

DoS is the prevention of authorized access to resources or the delaying of time-critical operations. DoS results from DoQ. QoS is related to QoP and DoS which, in turn, relates to DoQ. Therefore, QoS, QoP, QA, QC, DoQ, and DoS are related to each other.

2. The first step toward securing the resources of a local-area network (LAN) is to verify the identities of system users. Organizations should consider which of the following prior to connecting their LANs to outside networks, particularly the Internet?

a. Plan for implementing locking mechanisms.

b. Plan for protecting the modem pools.

c. Plan for considering all authentication options.

d. Plan for providing the user with his account usage information.

2. c. The best thing is to consider all authentication options, not just using the traditional method of passwords. Proper password selection (striking a balance between being easy to remember for the user but difficult to guess for everyone else) has always been an issue. Password-only mechanisms, especially those that transmit the password in the clear (in an unencrypted form) are susceptible to being monitored and captured. This can become a serious problem if the local-area network (LAN) has any uncontrolled connections to outside networks such as the Internet. Because of the vulnerabilities that still exist with the use of password-only mechanisms, more robust mechanisms such as token-based authentication and use of biometrics should be considered.

Locking mechanisms for LAN devices, workstations, or PCs that require user authentication to unlock can be useful to users who must frequently leave their work areas (for a short period of time). These locks enable users to remain logged into the LAN and leave their work areas without exposing an entry point into the LAN.

Modems that provide users with LAN access may require additional protection. An intruder that can access the modem may gain access by successfully guessing a user password. The availability of modem use to legitimate users may also become an issue if an intruder is allowed continual access to the modem. A modem pool is a group of modems acting as a pool instead of individual modems on each workstation. Modem pools provide greater security in denying access to unauthorized users. Modem pools should not be configured for outgoing connections unless access can be carefully controlled.

Security mechanisms that provide a user with his account usage information may alert the user that the account was used in an abnormal manner (e.g., multiple login failures). These mechanisms include notification such as date, time, and location of the last successful login and the number of previous login failures.

3. Which of the following attacks take advantage of dynamic system actions and the ability to manipulate the timing of those actions?

a. Active attacks

b. Passive attacks

c. Asynchronous attacks

d. Tunneling attacks

3. c. Asynchronous attacks take advantage of dynamic system activity to get access. User requests are placed into a queue and are satisfied by a set of predetermined criteria. An attacker can penetrate the queue and modify the data that is waiting to be processed or printed. He might change a queue entry to replace someone else’s name or data with his own or to subvert that user’s data by replacing it. Here, the time variable is manipulated.

With an active attack, the intruder modifies the intercepted messages with the goal of message modification. An effective tool for protecting messages against both active and passive attacks is cryptography.

With a passive attack, an intruder intercepts messages to view the data. This intrusion is also known as eavesdropping.

Tunneling attacks use one data transfer method to carry data for another method. It may carry unauthorized data in legitimate data packets. It exploits a weakness in a system at a low level of abstraction.

4. Routers, which are network connectivity devices, use which of the following?

a. Sink tree and spanning tree