Читаем CISSP Practice полностью

36. d. Server authentication is the most important for remote access methods where a user is manually establishing the remote access connections, such as typing a URL into a Web browser. A server is a host computer that provides one or more services for other hosts over a network as a primary function. Hence, the server, especially if it is a central server, provides a major entry point into the network. If the authentication method to the server is weak, it can affect the performance and security of the entire network negatively, and can become a single point of failure, resulting in major security risks. In terms of sequence of actions, the server authentication comes first, user authentication comes next or at the same as the server, and media (e.g., disk) and device (e.g., Phone, PDA, or PC) authentication comes last. Although the other choices are important in their own way, they are not as important as the server authentication in terms of potential security risks at the server.

37. Possible security threats inherent in a local-area network (LAN) environment include passive and active threats. Which of the following is a passive threat?

a. Denial of message service

b. Masquerading

c. Traffic analysis

d. Modification of message service

37. c. Passive threats do not alter any data in a system. They simply read information for the purpose of gaining some knowledge. Because there is no alteration of data and consequently no audit trail exists, passive threats are difficult to detect. Examples of passive threats include traffic analysis. If an attacker can read the packet header, then the source and destination of the message is known, even when the message is encrypted. Through traffic analysis, the attacker knows the total volume in the network and the amount of traffic entering and leaving selected nodes. Although encryption can limit the reading of header information and messages, traffic padding is also needed to counteract the traffic analysis. Traffic padding requires generating a continuous stream of random data or cipher text and padding the communication link so that the attacker would find it difficult to differentiate the useful data from the useless data. Padded data in traffic is useless.

The other three choices are incorrect because they are examples of active threats. Active threats generate or alter the data or control signals rather than to simply read the contents of those signals. A denial of message service results when an attacker destroys or delays most or all messages. Masquerading is an attempt to gain access to a computer system by posing as an authorized client or host. An attacker poses as an authentic host, switch, router, or similar device to communicate with a peer to acquire data or services. Modification of message service occurs when an attacker modifies, deletes, delays, reorders existing real messages, and adds fake messages.

38. In which of the following remote access methods is a pinholing scheme used to facilitate the network address translation (NAT) contact to occur with internal workstations?

a. Tunneling

b. Application portals

c. Remote desktop access

d. Direct application access

38. c. There are two major styles of remote desktop access: (i) direct between the telework client device (e.g., a consumer device such as a smartphone and PDA or PC used for performing telework) and the internal workstation, and (ii) indirect through a trusted intermediate system. However, direct access is often not possible because it is prevented by many firewalls. For example, if the internal workstation is behind a firewall performing network address translation (NAT), the telework client device cannot initiate contact with the internal workstation unless either the NAT enables such contact or the internal workstation initiates communications with the external telework client device (e.g., periodically checking with the client device to see if it wants to connect). A “pinholing” scheme can be used to facilitate the NAT contact to occur where particular ports are allocated to each internal workstation. The other three choices do not deal with the NAT.

Tunneling, which uses IPsec tunnel, SSL tunnel, or SSH tunnel with thick remote access client software, provides more control over the remote access environment. On the other hand, application portals, remote desktop access, and direct application access use thin remote access client software providing less control over the remote access environment. Because the remote desktop access method is less secure, it should be used only for exceptional cases after a careful analysis of the security risk.