CYSE FINAL HW #6-12 | with COMPLETE
SOLUTION
For what might we use the tool Kismet? Correct Answer: You use the kismet tool in order to
find and detect wireless devices.
Explain the concept of segmentation and why it might be done. Correct Answer: We divide a
network into multiple smaller networks each acting as its own small network called a subnet.
Here we can control the flow of traffic. We may do this to prevent unauthorized network traffic
or attacks from reaching portions of the network we would prefer to prevent access.
What risks might be present with a permissive BYOD policy in an enterprise? Correct Answer:
Having people bring their own device poses for some security vulnerabilities. With corporate
machines you can force employees to update the devices and patch them for vulnerabilities.
Allowing BYOD limits that because you have less control over their device. A way to solve this
is to meet somewhere in the middle allowing devices as well as implementing some security
measures in order to minimize the risks involved.
What are the three main types (protocols) of wireless encryption mentioned in the text? Correct
Answer: Wired Equivalent Privacy (WEP). Wifi Protected Access (WPA). Wifi protected access
version 2 (WPA2).
What tool mentioned in the text might we use to scan for devices on a network, to include
fingerprinting the operating system and detecting versions of services on open ports? Correct
Answer: The Nmap tool
Why would we use a honeypot Correct Answer: We would use a honeypot in order to lure out
an intruder. We do this by providing him with false information about vulnerabilities in the
system that he then takes as bait and then we can monitor what he/she does. This can be done to
provide an early warning system
Explain the difference between signature and anomaly detection in IDSes. Correct Answer:
Signature based IDSes works more like a usual antivirus system. It has a databse with signatures
of the more common types of attacks and can usually detect them. The drawback is if the threat
uses a new type of attack to bypass this IDS it can easily go by unnoticed.The anomaly based
IDSes measure the present state of the network traffic against the baseline traffic to detect
patterns that are not usually present with normal traffic. This can detect new attacks much easier.
We may also see more false positive
What technology mentioned in this chapter would we use if we needed to send sensitive data
over an untrusted network? Correct Answer: The Virtual Private Network (VPNs) is an
encrypted connection between two points. You would use a VPN client application that would
later connect over the internet to a VPN concentrator once the connection is established all traffic
through the connection will be encripted in this VPN "tunnel"
SOLUTION
For what might we use the tool Kismet? Correct Answer: You use the kismet tool in order to
find and detect wireless devices.
Explain the concept of segmentation and why it might be done. Correct Answer: We divide a
network into multiple smaller networks each acting as its own small network called a subnet.
Here we can control the flow of traffic. We may do this to prevent unauthorized network traffic
or attacks from reaching portions of the network we would prefer to prevent access.
What risks might be present with a permissive BYOD policy in an enterprise? Correct Answer:
Having people bring their own device poses for some security vulnerabilities. With corporate
machines you can force employees to update the devices and patch them for vulnerabilities.
Allowing BYOD limits that because you have less control over their device. A way to solve this
is to meet somewhere in the middle allowing devices as well as implementing some security
measures in order to minimize the risks involved.
What are the three main types (protocols) of wireless encryption mentioned in the text? Correct
Answer: Wired Equivalent Privacy (WEP). Wifi Protected Access (WPA). Wifi protected access
version 2 (WPA2).
What tool mentioned in the text might we use to scan for devices on a network, to include
fingerprinting the operating system and detecting versions of services on open ports? Correct
Answer: The Nmap tool
Why would we use a honeypot Correct Answer: We would use a honeypot in order to lure out
an intruder. We do this by providing him with false information about vulnerabilities in the
system that he then takes as bait and then we can monitor what he/she does. This can be done to
provide an early warning system
Explain the difference between signature and anomaly detection in IDSes. Correct Answer:
Signature based IDSes works more like a usual antivirus system. It has a databse with signatures
of the more common types of attacks and can usually detect them. The drawback is if the threat
uses a new type of attack to bypass this IDS it can easily go by unnoticed.The anomaly based
IDSes measure the present state of the network traffic against the baseline traffic to detect
patterns that are not usually present with normal traffic. This can detect new attacks much easier.
We may also see more false positive
What technology mentioned in this chapter would we use if we needed to send sensitive data
over an untrusted network? Correct Answer: The Virtual Private Network (VPNs) is an
encrypted connection between two points. You would use a VPN client application that would
later connect over the internet to a VPN concentrator once the connection is established all traffic
through the connection will be encripted in this VPN "tunnel"
