An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be
seen by your IDS, as it may take action to stop him. What tool might he use to bypass the IDS?

Select the best answer.

What is the advantage in encrypting the communication between the agent and the monitor in an
Intrusion Detection System?

Study the following exploit code taken from a Linux machine and answer the questions below:
echo “ingreslock stream tcp nowait root /bin/sh sh –I” > /tmp/x;
/usr/sbin/inetd –s /tmp/x;
sleep 10;

/bin/ rm –f /tmp/x AAAA…AAA
In the above exploit code, the command “/bin/sh sh –I” is given.
What is the purpose, and why is ‘sh’ shown twice?

The programmers on your team are analyzing the free, open source software being used to run
FTP services on a server. They notice that there is an excessive number of fgets() and gets() on
the source code. These C++ functions do not check bounds.
What kind of attack is this program susceptible to?

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary
data storage area) then it was intended to hold.
What is the most common cause of buffer overflow in software today?

The following exploit code is extracted from what kind of attack?

StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft’s /GS
option use _____ defense against buffer overflow attacks.

Symmetric encryption algorithms are known to be fast but present great challenges on the key
management side. Asymmetric encryption algorithms are slow but allow communication with a
remote host without having to transfer a key out of band or in person. If we combine the strength
of both crypto systems where we use the symmetric algorithm to encrypt the bulk of the data and
then use the asymmetric encryption system to encrypt the symmetric key, what would this type of
usage be known as?

Steven the hacker realizes that the network administrator of XYZ is using syskey to protect
organization resources in the Windows 2000 Server. Syskey independently encrypts the hashes
so that physical access to the server, tapes, or ERDs is only first step to cracking the passwords.
Steven must break through the encryption used by syskey before he can attempt to brute force
dictionary attacks on the hashes. Steven runs a program called “SysCracker” targeting the
Windows 2000 Server machine in attempting to crack the hash used by Syskey. He needs to
configure the encryption level before he can launch attach.

How many bits does Syskey use for encryption?

In the context of using PKI, when Sven wishes to send a secret message to Bob, he looks up
Bob’s public key in a directory, uses it to encrypt the message before sending it off. Bob then uses
his private key to decrypt the message and reads it. No one listening on can decrypt the message.
Anyone can send an encrypted message to Bob but only Bob can read it. Thus, although many
people may know Bob’s public key and use it to verify Bob’s signature, they cannot discover Bob’s
private key and use it to forge digital signatures.
What does this principle refer to?