When a normal TCP connection starts, a destination host receives a SYN (synchronize/start)
packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The
destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is
established. This is referred to as the “TCP three-way handshake.” While waiting for the ACK to
the SYN ACK, a connection queue of finite size on the destination host keeps track of connections
waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive
a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching
TCP SYN attack?

Yancey is a network security administrator for a large electric company. This company provides
power for over 100,000 people in Las Vegas. Yancey has worked for his company for over 15
years and has become very successful. One day, Yancey comes in to work and finds out that the
company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and
decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down
the company once he has left. Yancey does not care if his actions land him in jail for 30 or more
years, he just wants the company to pay for what they are doing to him. What would Yancey be
considered?

You receive an e-mail like the one shown below. When you click on the link contained in the mail,
you are redirected to a website seeking you to download free Anti-Virus software.
Dear valued customers,
We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe
you with total security against the latest spyware, malware, viruses, Trojans and other online
threats. Simply visit the link below and enter your antivirus code:
Antivirus codE. 5014

http://www.juggyboy/virus/virus.html
Thank you for choosing us, the worldwide leader Antivirus solutions.
Mike Robertson
PDF Reader Support
Copyright Antivirus 2010 ?All rights reserved
If you want to stop receiving mail, please go to:
http://www.juggyboy.com
or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta
Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama
How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

Every company needs a formal written document which spells out to employees precisely what
they are allowed to use the company’s systems for, what is prohibited, and what will happen to
them if they break the rules. Two printed copies of the policy should be given to every employee
as soon as possible after they join the organization. The employee should be asked to sign one
copy, which should be safely filed by the company. No one should be allowed to use the
company’s computer systems until they have signed the policy in acceptance of its terms. What is
this document called?

Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

Which type of sniffing technique is generally referred as MiTM attack?

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical
ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different
source MAC addresses, by the attacker. Switches have a limited memory for mapping various
MAC addresses to physical ports. What happens when the CAM table becomes full?

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such
as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention
tools in your company’s network. You have configured the most secure policies and tightened
every device on your network. You are confident that hackers will never be able to gain access to
your network with complex security system in place. Your peer, Peter Smith who works at the
same department disagrees with you. He says even the best network security technologies cannot
prevent hackers gaining access to the network because of presence of “weakest link” in the
security chain. What is Peter Smith talking about?

How does a denial-of-service attack work?

You are trying to break into a highly classified top-secret mainframe computer with highest security
system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional
hacking doesn’t work in this case, because organizations such as banks are generally tight and
secure when it comes to protecting their systems. In other words you are trying to penetrate an
otherwise impenetrable system. How would you proceed?