What type of attack has Cindy used to gain access tothe network through the mobile devices?
Cindy is a certified ethical hacker working on contract as an IT consultantfor Dewdrop Enterprises, a computer manufacturing company based in Dallas. Dewdrop has many sales people that travel all over the state using Blackberry devices and laptops. These mobile devices are the company’s main concern as far as network security. About a year ago, one of the company laptops was stolen from asales person and sensitive company information was stolen from it. Because of this, the company has hired on Cindy to ensure that all mobile devices used by employees are secure. Since many of the employees are now using new laptops withWindows Vista, Cindy has configured Bitlocker on those devices for hard disk encryption. Cindy then uses the BlackBerry Attack Toolkit along with BBProxy to check for vulnerabilities on the blackberry devices. As it turns out, these devices are vulnerable and she is able to gain access to the corporate network throug h the Blackberry devices. What type of attack has Cindy used to gain access tothe network through the mobile devices?
What other command could Michael use to attempt to freeze up the router?
Michael is an IT security consultant currently working under contract for alarge state agency in New York. Michael has been given permission to perform any tests necessary against the agency’s network. The agency’s network has come under many DoS attacks in recent months, so the agency’s IT team has tried to take precautions to prevent any future DoS attacks. To test this, Michael attemptsto gain unauthorized access or even overload one of the agency’s Cisco routers that is at IP address 192.168.254.97. Michael first creates a telnet session over port 23 to the router. He uses a random username and tries to input a very large password to see if that freezes up the router. This seems to have no affect on the router yet. What other command could Michael use to attempt to freeze up the router?
110, what HTTP request could Paulette use to see if that router is vulnerable?
Paulette is the systems administrator for Newton Technologies. Paulette holds certifications in both Microsoft areas as well as security such as the CEH. Paulette is currently performing the yearly security audit for the company’s entire network which includes two branch offices. Paulette travels to one of the branch offices to perform an internal audit at that location. She uses Send ICMP Nasty Garbage (SING) to find all the routers in the network. All network equipment at the home office and branch offices are Cisco equipment. Paulette wants to check for a particular arbitrary administrative access vulnerability known in Cisco equipment when certain HTTP requests are made to those routers. If one of the router’s IP addresses is 172.16.28.110, what HTTP request could Paulette use to see if that router is vulnerable?
Whathas Giles discovered on Tommy’s computer?
Giles is the network administrator for his company, a graphics design company based in Dallas. Most of the network is comprised of Windows servers and workstations, except for some designers that prefer to use MACs. These MAC users are running on the MAC OS X operating system. These MAC users also utilize iChatto talk between each other. Tommy, one of these MAC users, calls Giles and saysthat his computer is running very slow. Giles then gets more calls from the other MAC users saying they are receiving instant messages from Tommy even when hesays he is not on his computer. Giles immediately unplugs Tommy’s computer fromthe network to take a closer look. He opens iChat on Tommy’s computer and it says that it sent a file called latestpics.tgz to all the other MAC users. Tommy says he never sent those files. Giles also sees that many of the computer’s applications appear to be altered. The path where the files should be has an altered file and the original application is stored in the file’s resource fork. Whathas Giles discovered on Tommy’s computer?
What type of web application testing is Zane primarily focusing on?
Zane is a network security specialist working for Fameton Automotive, a custom car manufacturing company in San Francisco. Zane is responsible for ensuringthat the entire network is as secure as possible. Much of the company’s business is performed online by customers buying parts and entire cars through the company website. To streamline online purchases, the programming department has developed a new web application that will keep track of inventory and check items out online for customers. Since this application will be critical to the company, Zane wants to test it thoroughly for any security vulnerabilities. Zane primarily focuses on checking the time validity of session tokens, length of those tokens, and expiration of session tokens while translating from SSL to non-SSL resources. What type of web application testing is Zane primarily focusing on?
What type of initial analysis has Charlie performed to show the company which areas it needs improvements in?
Charlie is an IT security consultant that owns his own business in Denver.Charlie has recently been hired by Fleishman Robotics, a mechanical engineeringcompany also in Denver. After signing service level agreements and other contract papers, Charlie asks to look over the current company security policies. Based on these policies, Charlie compares the policies against what is actually inplace to secure the company’s network. From this information, Charlie is able to produce a report to give to company executives showing which areas the companyis lacking in. This report then becomes the basis for all of Charlie’s remaini ng tests. What type of initial analysis has Charlie performed to show the company which areas it needs improvements in?
Whattype of signature has Justine decided to implement?
Justine is the systems administrator for her company, an international shipping company with offices all over the world. Recent US regulations have forcedthe company to implement stronger and more secure means of communication. Justine and other administrators have been put in charge of securing the company’s digital communication lines. After implementing email encryption, Justine now needs to implement robust digital signatures to ensure data authenticity and reliability. Justine has decided to implement digital signatures which are a variantof DSA and that operate on elliptical curve groups. These signatures are more efficient than DSA and are not vulnerable to a number field sieve attacks. Whattype of signature has Justine decided to implement?
Under what right does this investigator have to ask for the encryption algorithms and keys?
Nathan is the senior network administrator for Undulating Innovations, a software development company in Los Angeles. Nathan’s company typically develops secure email programs for state and local agencies. These programs allow these agencies to send and receive encrypted email using proprietary encryption and signing methods. An employee at one of the state agencies has been arrested on suspicion of leaking sensitive government information to third world countries for profit. When the US federal government steps in, they seize the employee’s computer and attempt to read email he sent but are not able to because of the encryption software he used. Nathan receives a call from an investigator working forthe CIA on this particular case. The investigator tells Nathan that his companyhas to give up the encryption algorithms and keys to the government so they can read the email sent by the accused state employee. Under what right does this investigator have to ask for the encryption algorithms and keys?
What will this code accomplish?
Ursula is a network security analyst as well as a web developer working on contract for a marketing firm in St. Louis. Ursula has been hired on to help streamline the company’s website and ensure it meets accessibility laws for that state. After completing all the work that was asked, the marketing firm terminates Ursula’s service and does not pay the rest of the money that is owed to her.Right before she is asked to leave, Ursula writes a small application with the following code inserted into it.
What will this code accomplish?
What built-in technology used by FirewallInformer actively performs these exploit tests on network equipment?
Neville is a network security analyst working for Fenderson Biomedics, a medical research company based out of London. Neville has been tasked by his supervisor to ensure that the company is as secure as possible. Neville first examines and hardens the OS for all company clients and servers. Neville wants to check the performance and configuration of every firewall and network device to ensure they comply with company security policies. Neville has chosen to use Firewall Informer because it actively and safely tests devices with real-world exploits to determine their security state. What built-in technology used by FirewallInformer actively performs these exploit tests on network equipment?