How Well Do U Know

**nikita69** · 11-02-2003, 06:54 AM

Below is a sample of a simple "Test ur knowledge about computer security". Now surely the answers can be found on the net (or hidden in this post

), yet the purpose is for YOU to answer to urself, cos after all, YOU or YOUR PC could be at risk.
Understanding how a software or hardware product work is the least u could do to better ur PC experience. This test is the IT version, hopefully soon I'll post a more tricky test created by Hackers.

A network MAC address can be spoofed
1. True
2. False
Answer: A
MAC spoofing can be done easily with most PC network cards. The Ethernet specification indicates that it is required to be able to set the MAC address from software.This means that a malicious user, in the simplest scenerio, can run a config program, load net stacks, and simply change the MAC address their network card uses
A proprietary encryption algorithm is more likely to be secure than a standard algorithm, like DES or IDEA because its not publicly known
1. True
2. False
  Answer: B
  Cryptography is a difficult field in which no one is a perfect expert. Standard algorithms are reviewed and tested by professionals everywhere and improve over time, making them far less likely to be broken
If somebody spoofs their source IP address in a attack:
1. It cannot be traced because the source address has been overwritten, leaving no address to follow back to the source.
2. I may still be traced by checking each router, hops, log for the packet, following a search pattern back to the network it came from.
3. Can still be traced using the MAC address in the packets received at the destination hop.
  Answer: B
  A packet can still be traced through router logs using a search pattern from the destination to the source. Although this technique is often times consuming when tracing across the Internet, Backbone companies have on occasion performed this technique to deal with serious incidents
The biggest risk in using encryption is the standard algorithm I choose
1. True
2. False
  Answer: B
  The most common encryption related mistakes found in systems are in the implementation of the algorithm chosen rather than the algorithm itself. Although some standard algorithms may offer better security than others, correct implementation is more significant a risk than these differences
The reason Distributed Denial of Service Attacks are called what they are is because denial of service attacks are the only type of attack that can be distributed
1. True
2. False
  Answer: B
  Although we have seen a high amount of distributed attacks used for denial of service, many every day attacks, including attacks integrity and confidentiality attacks, theoretically and probably are used in a distributed fashion by attackers today
The Java security model most closely resembles
1. A Capability System Security Model
2. An ACL (Access Control List) System Model
3. A Browser-Centric System Security Model
  Answer: A
  A Capability System Security Model
The more NOPS (Null Operation) that fit and are used in a stack buffer overflow that inserts shell code before EIP
1. The higher the chances of the application will throw an exception
2. The lower the chances of the application will throw an exception
3. The higher the chances of the shell code being executed
4. The faster the buffer overflow will work
  Answer: C
  The higher the chances of the shell code being executed. This is because an attacker often times cannot predict what will be on the stack before their shell code at the time of the overflow. Therefore, the attacker takes the earliest address the shell code could be located (ESP) and add the number of nops they were able to fit. By doing this, they're shell code will execute if sum of things on the stack before their buffer is less than or equal to the number of nops they fit in size
The most popular technique used for Active OS fingerprinting is
1. Banner Reading
2. TCP Flags Comparison
3. IP Flags Comparison
4. TTL Comparison
  Answer: B
  TCP Flags are used by all of the popular Active OS fingerprinting tools, including NMAP and Queso. TCP flags reveal the most specific information about the operating system they originate from. In fact, these flags can often times even reveal the version of the platform they identify
The primary difference between a signature and a certificate
1. A certificate is encrypted when transferred securely to a recipient
2. A certificate always has legal non repudiation
3. A signature uses public key cryptography
4. A certificate can only be used by a trusted sender
5. A certificate may have more than one signature
6. A certificate is used in SSL
  Answer: E
  Certificates may have more than one signature. Certificates are often times used for this very feature in order to gain the trust of the certificates user by having a party trusted by the user sign their certificate. The user can then decide to trust the certificates owner, based on the trust they have gained and shown in the certificate by a party the user already trusts