What is the MITRE Organization?
Mitre is a non-profit organization which manages USA government funded research.
With respect to Cybersecurity Mitre is providing large databases of structured data like Common Vulnerabilities and Exposures (CVEs) and Common Wearkness Enumerations (CWEs).
What does CVE stand for?
A Common Vulnerability and Exposure (CVE) is an existing vulnerability or exposure in a specific software or hardware version/ revision.
What does CWE stand for?
A Common Weakness Enumeration (CWE) is a potential weakness in software or hard ware.
What is vulnerability reporting and what strategies can be distinguished?
Vulnerability reporting is the process of reporting a vulnerability found in a specific software or hardware version. At the moment this process can be distinguished into two strategies:
• full disclosure
• coordinated disclosure (responsible disclosure)
What does the full disclosure strategy encompass?
Within the full disclosure process the finder of a vulnerability publishes all the information about the vulnerability to everyone as soon as possible. The advantages of this process are:
• users can request patches from vendors
• users can provide an informed risk assessment
• because of user intervention reduced time of exploitation
What does the coordinated disclosure approach consist of?
The coordinated disclosure processes is a structured way to report vulnerabilities. The person discovering a vulnerability informs a coordination authority. This authority in forms the vendor, tracks the vendors progress in fixing the vulnerability, and organizes the publication of the vulnerability after the vendor successfully fixed it. The advantages of this process are:
• only vendor knows about vulnerability
• vendors have enough time to fix it
• structured way to report
Responsible disclosure is an alternative name for coordinated disclosure, but the term is more ambiguous
Describe CIA in the context of network security.
What were the basich security measures?
authentication, authoriza tion, backup, cryptographic signing, encryption, and redundancy.
What is layered defense?
The network infrastructure like switches, routers, firewalls are responsible for enforcing
Authentication, Authorization, Redundancy, Signing, and Encryption
from the physical layer up to the network layer. In general the infrastructure requires backup of configu ration data but does not provide it itself.
Applications or services running on the network’s application layer are responsible for their own set of basic measures.
Together they form a layered defense against intruders.
How can authentification be circumvented?
No Authentication
No authentication supports that everyone can access the network who may get physical access or get in range of the Wi-Fi access point. It allows full access to all information travelling through the network.
Default Password
Spoofing Spoofing is a sophisticated method to circumvent certain authentication methods or, more specific, identification methods. In computer networks the authentication, the proof of the identity, of devices or users is not very widespread. In many cases adminis trators just rely on some kind of identity (MAC,IP etc).
ARP Spoofing
DNS poisoning
MITM
Privilege escalation?
No Authorization
Authorization on the network layer is still not the default in most networks. Therefore, if a user or device has access to a network all other devices are accessible. Without System Security, access to stored information would also be possible.
Proxy Server
Proxy Server support the relaying of protocols through an intermediate service. Typical protocols are HTTP and FTP. Wrongly configured proxy servers allow access from the outside of a network to the inside or from different internal network areas to other ones.
DOS
sehr uncool
Zuletzt geändertvor einem Monat
