IS3220 FINAL STUDY GUIDE
1.) Know how NetWitness/Wireshark investigator work
Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform unprecedented free-form contextual analysis of raw network data captured and reconstructed
2.) Know what type of information can be detected from a packet header Control Information
3.) Know how TCP established a connection
To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to and listen at a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs: a. SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment's sequence number to a random value . b. SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number, and the sequence number that the server chooses for the packet is another random number. c. ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value, and the acknowledgement number is set to one more than the received sequence number
4.) Know what a connection oriented protocol is
A network communication mode in telecommunications and computer networking, where a communication session or a semi-permanent connection is established before any useful data can be transferred, and where a stream of data is delivered in the same order as it was sent
5.) Know what promiscuous mode is
Is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is intended to receive. This mode is normally used for packet sniffing that takes place on a router or on a computer connected to a hub (instead of a switch) or one being part of a WLAN.
6.) Know what availability, integrity, and confidentiality are in terms of network security Availability: when a system is useable for its intended purpose Integrity: the security service of preventing unauthorized changes to data. Confidentiality: the security service of preventing access to resources by unauthorized users, while supporting access to authorized users. 7.) Know the difference between a standard, a policy, a guideline, and a regulation Standard- defining the rules of communication among networked devices. Policy – a protocol to guide decisions and achieve rational outcomes Guideline- a general rule, principle.
Regulation- a rule or directive made and maintained
8.) Know what IT security staff are responsible for
Planning, Developing, Managing, Oversight
9.) Know what a firewall does and how it works
A part of computer system that is designed to block unauthorized access while permitting outward communication. It is basically a barrier to keep destructive forces away from your property.
10.) Know the purpose of designing a computer network
It allows computers to exchange data, in computer networks; networked computing devices pass data to each other along data connections.
11.) Know the hacking process
Reconnaissance means the act of inspecting or exploring and can also be called foot printing. Scanning is the activity of using various tools to confirm information learned during reconnaissance and discover new details. Enumeration is the hacker’s process of discovering sufficient details about a potential target to learn whether vulnerability exists that they can successfully attack. Attacking a successful attack based on solid research and preparation, can take just seconds. Post Attack activities in a successful attack; the...
Please join StudyMode to read the full document