IS3220 FINAL STUDY GUIDE - 1694 Words

IS3220 FINAL STUDY GUIDE 1.) Know how NetWitness/Wireshark investigator work Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform unprecedented free-form contextual analysis of raw network data captured and reconstructed 2.) Know what type of information can be detected from a packet header Control Information 3.) Know how TCP established a connection To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to and listen at a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection,†¦show more content†¦12.) Know the attacks a hacker might perpetrate and how a hacker might make money from the attacks Eavesdropping, breaking and entering, social engineering, malicious code, session hijacking, man-in-the-middle attacks, wireless hacking, SQL injections, web site attacks, and more. 13.) Know what in a organization is vulnerable to social engineering People are the vulnerability 14.) Know how a buffer overflow attack works Is an anomaly where a program while writing data to a buffer, overruns the buffers boundary and overwrites adjacent memory, this is a special case of violation of memory safety. 15.) Know what attack types: impersonation, reciprocity, and phishing fall under Social Engineering Attacks 16.) Know what happens in each of the 7 IT domains User- defines the people who access an organizations information system. Workstation- the computer on your desk, this can extend to other devices that provide access to computing resources. LAN- sub network that is made up of a group of clients plus servers which are under the control of one central security. LAN-WAN- computing network technologies used to transmit data over long distances between different LANs WAN- spans a large geographic area. Systems/Applications- the critical infrastructure of server systems, applications, and data. Remote Access- accessing the computing services from outside the boundary of the computing