|
-
June 19th, 2003, 01:03 PM
#1
Computer Security 101 - Lesson 3 Quiz
Rather than dragging up all of the old Computer Security 101 Tutorial threads I thought I would just create a new thread to let everyone know that the quiz for the lesson is now available.
Here is a link to the tutorial thread: Computer Security 101 - Lesson 3
Here is a link to the quiz for this lesson: Computer Security 101 - Lesson 3 Quiz
Have fun!
-
June 19th, 2003, 02:24 PM
#2
This questionnaire is extremely naive, its answers are wrong.
Question 4:
How many ports are there for TCP and UDP?
a) 1024 b) Unlimited
c) 32348 d) 65536
Correct answer: 65535, seeing as port 0 does not exist and cannot be used, however it isn't an option. (Update: port 0 does exist, but apparently still cannot be used as implementations do not allow it to be used. I have yet to find any document which states this officially. )
Question 10:
The standard port used for file transfers using the FTP protocol is?
a) 25 b) 80
c) 21 d) 110
Correct answer:
None of them, FTP never uses any of those four ports on the source or destination for transferring files (port 21 is the ftp control port, and is only used for sending commands and responses) Instead it uses its data connection, which *sometimes* originates from port 20, but can be dynamically assigned
Slarty
-
June 19th, 2003, 02:32 PM
#3
None of them, FTP never uses any of those four ports on the source or destination for transferring files (port 21 is the ftp control port, and is only used for sending commands and responses) Instead it uses its data connection, which *sometimes* originates from port 20, but can be dynamically assigned
You already updated the number of ports issue so I won't address that.
As for this one, I see your point and maybe I will change the wording to make the answer correct. The standard FTP port is 21 which is all I was trying to get at.
-
June 19th, 2003, 02:47 PM
#4
The TCP port 0 issue is a bit of a weird one.
In operating systems that use BSD sockets or a derivative of BSD sockets (for instance all Unix and Windows), the bind() function cannot bind a TCP or UDP socket to port 0. Therefore you can neither have a TCP socket listen on, nor attach a UDP socket to, port zero.
I assume however, that under operating systems that don't use BSD sockets (like there are any?), then binding a TCP socket to port zero works.
In principle I don't see any reason why you can't send traffic to port zero. It's just that the BSD sockets API does not allow applications to use TCP or UDP port zero.
On a search of the internet I found a snort rule which matches TCP port zero traffic and flags it as an intrusion; I can see why - nothing can use it hence it is malformed (in practice) - even though it may be valid in theory.
-
June 19th, 2003, 04:04 PM
#5
I like these little tut you give us, and you tell us when they come out, Have you ever thought about make a book? Maybe like "How To book" or what about the old logo "Hackers know the weakness in your system, Shouldn't you." Just a thought.
Cya
-
June 19th, 2003, 07:12 PM
#6
also, once you miss one, the answers to the following answers occasionally showed up light purple, signifying they were wrong.
i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.
-
June 19th, 2003, 07:16 PM
#7
also, once you miss one, the answers to the following answers occasionally showed up light purple, signifying they were wrong.
Pretty tricky. Don't give away secrets to help others cheat. :-)
-
June 19th, 2003, 07:53 PM
#8
Junior Member
No offence, but I didn't find any security related question!?! Why so often Security 101 is more like Networking 101? I don't know if it's me, but I think it's important to know networking *before* security and not learning networking *with* security.
-
June 19th, 2003, 07:58 PM
#9
No offence, but I didn't find any security related question!?! Why so often Security 101 is more like Networking 101?
Have you read any of the actual tutorials?
I would suggest you go look at the actual Computer Security 101 series to get a feel for where it is coming from.
You are right that there is more of a general networking and computer slant than security. That is by design. The series is designed to take a novice and give them an understanding for the technology and terminology behind it all. If you don't know what TCP or DNS are and you are totally confused when people say that you should "block a port" it is difficult for you to understand how or why you should secure it. The lessons get progressively more complicated, but even by the 10th lesson I will not have gone into steganography algorithms or anything so complex.
In the future I will post more quizzes that are more difficult and not related to this Computer Security 101 series. I think these quizzes fit well with the lessons they relate to though and are good for the intended audience.
-
June 19th, 2003, 08:18 PM
#10
Junior Member
I agreed that is *essential* to know networking before security. From my point of view, is not enough to have a crash course in networking to be proficient in security. But, I'm working in computer security for some time now and sometime I forgot that not all material are for professional or semi-professional.
I read some of the lessons, it's great for home users!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote