Page 818 - StudyBook.pdf
P. 818

802    Appendix • Self Test Appendix


              C. PGP is an e-mail and file encryption that uses asymmetric encryption to secure contents of
                 e-mail.
              Answer A is incorrect because while IPSec is used for encryption, its primary role is to secure
                 information in transit. PGP can secure the e-mail even while it is in the sender’s or receiver’s e-
                 mail account.Answer B is incorrect because SMTP is used for e-mail but is not secure.Answer
                 D is incorrect because SSL is application independent, but would primarily be used for Web
                 mail and would not protect non-Web-based e-mail.

             12. Your company has decided to outsource part of its DNS services. Since the old DNS servers
                 will no longer need to be replicated to those outside the firewall, they would like you to lock
                 down the potential hole.What port and protocol should be blocked on the firewall?
                  A. UDP 53
                  B. TCP 79
                  C. TCP 110
                  D. 53 TCP
              D.TCP port 53 is used for zone transfers. Remember that DNS stores name information about
                 one or more DNS domains. Each DNS domain name included in a zone contains a wealth of
                 information that an attacker would find useful.While simply having port 53 open does not
                 mean an attack is possible, it is best to practice the principle of least privilege.
              Answer A is incorrect because UDP port 53 is used DNS lookups. Having this port blocked
                 would make DNS resolution impossible.
              Answer B in incorrect because port 79 is used for the Linux Finger service.Answer C is incor-
                 rect because TCP port 110 is used for POP3 services.

             13. Monday morning has brought news that your company’s e-mail has been blacklisted by many
                 ISP’s. Somehow your e-mail servers were used to spread spam.What most likely went wrong?
                  A. An insecure email account was hacked
                  B. Sendmail vulnerability
                  C. Open mail relay
                  D. Port 25 was left open
              C.The most likely cause of this is that an open mail relay was discovered by the spammers.An
                 open mail relay is one that is configured in such a way that anyone can send mail through that
                 company’s mail servers.
              Answer A is incorrect because this type of situation is typically caused by open mail relays.
                 Once a company’s mail server is used by a spammer’s ISP, providers will typically block all mail
                 being sent through them.The company will be added to one or more blacklists.
              Answer B is incorrect because a Sendmail vulnerability would most likely be used to take con-
                 trol of local host.Answer D is incorrect because port 25 should be open for mail to be sent and
                 received.






          www.syngress.com
   813   814   815   816   817   818   819   820   821   822   823