Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
211 Cards in this Set
- Front
- Back
|
What is access controls
|
security features that control how users and systems communicate and interact with other systems and resources.
|
|
|
Define access
|
Access is the flow of information between a subject and an object.
|
|
|
What are subjects and objects
|
A subject is an active entity that requests access to an object or the data within an object and can be a user, program, or process.
An object is a passive entity that contains information. |
|
|
What are the three main security principles for any type of security control
|
• Confidentiality
• Integrity • Availability |
|
|
What is a race condition
|
A race condition occurs when two or more processes use the same resource and the sequences
of steps within the software can be carried out in an improper order, something which can drastically affect the output. So, an attacker can force the authorization step to take place before the authentication step and gain unauthorized access to a resource. |
|
|
What are the four steps for a subject to access an object
|
The Four steps that must happen for a subject to access an object are : identification, authentication,
authorization, and accountability. |
|
|
What is strong authentication /two factor authennication
|
Strong authentication contains two out of these three methods: something a person knows, has, or is. Using a biometric system by itself does not provide strong authentication because it provides only one out of the three methods. This is also referred to as two-factor authentication.
|
|
|
What is identity management
|
Identity management is a broad and loaded term that encompasses the use of different products to identify, authenticate, and authorize users through automated means. To many people, the term also includes user account management, access control, password management, single sign-on functionality, managing rights and permissions for user accounts, and auditing and monitoring of all of these items.
|
|
|
Define IAAA
|
Identification
• Subjects supplying identification information • Username, user ID, account number Authentication • Verifying the identification information • Passphrase, PIN value, biometric, one-time password, password Authorization • Using criteria to make a determination of operations that subjects can carry out on objects • “I know who you are, now what am I going to allow you to do?” Accountability • Audit logs and monitoring to track subject activities with objects |
|
|
What is a cognitive password
|
A cognitive password is based on a user’s opinion or life experience.
The password could be a mother’s maiden name, a favorite color, or a dog’s name. |
|
|
how are secure identities created
|
Creating or issuing secure identities should include three key aspects: uniqueness,
nondescriptive, and issuance. |
|
|
What is common about directories
|
Most directories follow a hierarchical database format, based on the X.500 standard, and a type of protocol, as
in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory. |
|
|
What is a directory service
|
The directory service allows an administrator to configure and manage how identification, authentication,
authorization, and access control take place within the network. |
|
|
What is a meta-directory
|
A meta-directory gathers the necessary information from multiple sources and stores them in one central directory. This provides a unified view of all users’ digital identity information throughout the enterprise. The meta-directory synchronizes itself with all of the identity stores periodically to ensure the most up-to-date information is being used by all applications and IdM components within the enterprise.
|
|
|
What is a virtual directory
|
A virtual directory plays the same role and can be used instead of a meta-directory. The difference between the two is that the meta-directory physically has the identity data in its directory, whereas a virtual directory does not and points to where the actual data resides.
|
|
|
When connected to a web server what security is provided by security context
|
Security context is the authorization level she is assigned based on her permissions, entitlements, and access rights. Once Kathy ends the session, the cookie is usually erased from the web browser’s memory and the web server no longer keeps this connection open or collects session state information on this user. The web server continually asks Kathy’s web browser to prove she has been authenticated, which the browser does by providing the cookie information. (The cookie information could include her password, account number, security level, browsing habits, and/or personalization information.)
|
|
|
What are the differences between session and permanent cookies
|
A cookie can be in the format of a text file stored on the user’s hard drive (permanent) or it can be only held in memory (session). If the cookie contains any type of sensitive information, then it should only be held in memory and be erased once the session has completed.
|
|
|
What are the three The most common password management approaches
|
• Password Synchronization Reduces the complexity of keeping up with different passwords for different systems.
• Self-Service Password Reset Reduces help-desk call volumes by allowing users to reset their own passwords. • Assisted Password Reset Reduces the resolution process for password issues for the help desk. This may include authentication with other types of authentication mechanisms (biometrics, tokens). |
|
|
What is user provisioning
|
User provisioning refers to the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes.
|
|
|
What is a federated identity
|
A federated identity is a portable identity, and its associated entitlements, that can be used across business boundaries. It allows a user to be authenticated across multiple IT systems and enterprises. Identity federation is based upon linking a user’s otherwise distinct identities at two or more locations without the need to synchronize or consolidate directory information.
|
|
|
What does The Organization for the Advancement of Structured Information Standards (OASIS) do
|
This organization develops and maintains the standards for how various aspects of web-based communication are built and maintained.
|
|
|
How does biometrics work
|
Biometrics verifies an individual’s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identification.
|
|
|
Biometrics is typically broken up into two different categories what are they
|
Physiological and behavioral
|
|
|
In biometrics what is a type I error
|
When a biometric system rejects an authorized individual, it is called a Type I error (false
rejection rate) |
|
|
In biometrics what is a type II error
|
When the system accepts impostors who should be rejected, it is called a Type II error (false acceptance rate).
|
|
|
What is the most dangerous type of error in the realm of biometrics
|
Type II errors are the most dangerous and thus the most important to avoid.
|
|
|
What is meant by crossover error rate (CER )/ equal error rate (EER)
1. What is meant by crossover error rate (CER )/ equal error rate (EER) |
The percent in which the False Rejection Rate equals the False Acceptance Rate.
|
|
|
Biometrics is the most expensive method of verifying a person’s identity, and it faces other barriers to becoming widely accepted what are the reasons for the lack of widespread use of biometrics.
|
-Enrolment time = The time it takes to initially ”register” with a system by providing samples
of the biometric characteristic to be evaluated. - Throughput rate = The rate at which individuals can be processed and identified or authenticated by a system. - Acceptability =Considerations of privacy, invasiveness and psychological and physical comfort when using the system. |
|
|
What is an acceptable rate for through put and enrollment time in biometric systems
|
-Acceptable 2 minutes per person for enrollment time
- Acceptable 10 people per minute throughput time |
|
|
In biometrics what does Fingerprints examine?
|
Are made up of ridge endings and bifurcations exhibited by the friction ridges and other detailed characteristics that are called minutiae.
|
|
|
In biometrics what does Retina Scans:
|
Scans of the blood-vessel pattern of the retina on the backside of the eyeball.
|
|
|
In biometrics what does Iris Scans examine:
|
Scan of the colored portion of the eye that surrounds the pupil.
|
|
|
In biometrics what does Facial Scans : examine
|
Takes attributes and characteristics like bone structures, nose ridges, eye widths, forehead sizes and chin shapes into account.
|
|
|
In biometrics what does Palm Scans : examine
|
The palm has creases, ridges and grooves throughout it that are unique to a specific person.
|
|
|
In biometrics what does Hand Geometry examine :
|
The shape of a person’s hand (the length and width of the hand and fingers) measures hand geometry.
|
|
|
In biometrics what does Voice Print examine :
|
Distinguishing differences in people’s speech sounds and patterns
|
|
|
In biometrics what does Signature Dynamics examine:
|
Electrical signals of speed and time that can be captured when a person writes a signature.
|
|
|
In biometrics what does Keyboard Dynamics examine :
|
Captures the electrical signals when a person types a certain phrase.
|
|
|
In biometrics what does Hand Topology examine:
|
Looks at the size and width of an individual’s hand and fingers.
|
|
|
What are some special consideration when using a iris scanning biometric solution
|
When using an iris pattern biometric system, the optical unit must be positioned so the sun does not shine into the aperture; thus, when implemented, it must have proper placement within the facility.
|
|
|
What are the most commonly used authentication mechanisms but are also considered one of the weakest security mechanisms available.
|
Passwords
|
|
|
Define Electronic monitoring
|
Listening to network traffic to capture information ,especially when a user is sending her password to an authentication server. The password can be copied and reused by the attacker at another time, which
is called a replay attack. |
|
|
Define Access the password file
|
Usually done on the authentication server. The password file contains many users’ passwords and, if compromised, can be the source of a lot of damage. This file should be protected with access control mechanisms and encryption.
|
|
|
Define Brute force attacks
|
Performed with tools that cycle through all possible character, number, and symbol combinations to uncover a password.
|
|
|
Define Dictionary attacks
|
Files of thousands of words are compared to the user’s password until a match is found.
|
|
|
Define Social engineering
|
An attacker falsely convinces an individual that she has the necessary authorization to access specific resources.
|
|
|
Define Rainbow table
|
a table that contains all possible passwords already in a hash format.
|
|
|
What is an example of a clipping level
|
An allowed number of failed logon attempts to happen before a user is locked
out. |
|
|
If a tool is used by a security professional to test the strength of a password. It is a called a what
|
Password checker
|
|
|
If a tool is used by a hacker to test the strength of a password. It is a called a what
|
password cracker
|
|
|
what is Password Aging
|
Expiration dates for passwords.
|
|
|
What is Limit Login Attempts
|
Threshold set to allow only a certain number of unsuccessful login attempts.
|
|
|
What are Cognitive password:
|
Fact– or opinion based information used to verify an individual’s identity.
|
|
|
What are One-time passwords / dynamic password:
|
After the password is used, it is no longer valid is considered unbreakable
|
|
|
Define Token Device:
|
Is a password generator and together with the authentication service it needs to be synchronized or use the same chanllenge-response scheme to be able to authenticate a user. is usually a handheld
device that has an LCD display and possibly a keypad |
|
|
Define Synchronous token device
|
Synchronizes with the authentication service by using time or a counter as the core piece of the authentication process.
|
|
|
Define Time based synchronous token device
|
The device and the authentication service must hold the exact same time within their internal clocks.
|
|
|
Define Event-synchronization
|
The user may need to initiate the logon sequence on the computer and push a button on the token device.
|
|
|
Define Asynchronous token device
|
Uses challenge-response scheme to communicate with the authentication service. Authentication using an asynchronous token device includes a workstation, token device, and authentication service.
|
|
|
What is a passphrase
|
Passphrase Is a sequence of characters that is longer than a password. The user enters this phrase into an application and the application transforms the value into a virtual password.
|
|
|
What is the act of encrypting a hash value with a private key called
|
digitally signing a message
|
|
|
what are the differences between smart cards and memory cards
|
Memory Card: A card that holds information, but does not process information. (ATM card)
Smart Card: A card that has the capability of processing information because it has a microprocessor and integrated circuits incorporated into the card itself. A smart card also provides a two-factor authentication method because the user has to enter a user ID and PIN to unlock the smart token. (CAC Card) |
|
|
what are the two general forms of smart cards
|
The contact smart card has a gold seal on the face of the card. When this card is fully inserted into a card reader, electrical fingers wipe against the card in the exact position that the chip contacts are located.
The contactless smart card has an antenna wire that surrounds the perimeter of the card. When this card comes within an electromagnetic field of the reader, the antenna within the card generates enough energy to power the internal chip. |
|
|
What are Salts
|
Unix type systems zest things up by using salts in this process. Salts are random values added to the encryption process to add more complexity. The more randomness entered into the encryption process, the harder it is for the bad guy to decrypt and uncover your password.
|
|
|
What is meant by fault generation when talking about smart cards
|
Changing input voltage, clock rate, temperature fluctuations. The attacker reviews the result of an encryption function after introducing an error to the card, and also reviews the correct result, which the card performs when no errors are introduced. Analysis of these different results may allow an attacker to reverse-engineer the encryption process, with the hope of uncovering the encryption key.
|
|
|
What is a side channel attack and name to types
|
Side-channel attacks are nonintrusive and are used to uncover sensitive information about how a component works, without trying to compromise any type of flaw or weakness.
differential power analysis (examining the power emissions released during processing) electromagnetic analysis (examining the frequencies emitted), and timing (how long a specific process takes to complete). |
|
|
What are software attacks in relation to smart cards
|
A smart card has software just like any other device that does data processing, and anywhere there is software there
is the possibility of software flaws that can be exploited. The main goal of this type of attack is to input instructions into the card that will allow the attacker to extract account information, which he can use to make fraudulent purchases. |
|
|
What is Time of day, or temporal isolation give an example
|
Time of day is another access control mechanism that can be used. If a security professional wants to ensure no one is accessing payroll files between the hours of 8:00 P.M. and 4:00 A.M., that configuration can be implemented to ensure access at these times is restricted.
|
|
|
What is Need to Know
|
It is based on the concept that individuals should be given access only to the information they absolutely
require in order to perform their job duties. |
|
|
When a access control mechanism fails it should default to what
|
No access or fail secure
|
|
|
What is authorization creep?
|
As employees work at a company over time and move from one department to another, they often are assigned more and more access rights and permissions. This is commonly referred to as authorization creep.
|
|
|
Define single sign on.
|
Single Sign-on are capabilities that would allow a user to enter credentials one time and be able to access all resources in primary and secondary network domains. SSO technologies come in different types. Each has its own advantages and disadvantages, shortcomings, and quality features. It is rare to see a real SSO environment; rather, you will see a cluster of computers and resources that accept the same credentials.
|
|
|
What are some examples of different single sign on solution available
|
Kerberos, security domain, SESAME , Thin client
|
|
|
What are the advantage and dis-advantages of SSO
|
Advantage: ability to use stronger passwords, easier administration, less time to access resources.
Disadvantage: once a key is compromised all resources can be accessed. |
|
|
What is Kerberos
|
A SSO solution that use tickets to authenticate users.
|
|
|
What kind of keys does Kerberos use
|
Uses symmetric key cryptography and provide end-to-end security meaning that information
being passed between a user and a service is protected without the need of an intermediate component. |
|
|
What does Kerberos provide in reference to the CIA TRIAD?
|
Kerberos addresses Confidentiality and integrity and authentication, not availability
|
|
|
What are common weakness of using Kerberos
|
The KDC is a single point of failure. The AS must be able to handle a huge amount of requests.
Secret keys are temporarily stored on users’ workstations. Session keys are decrypted and reside on the users’ workstations. Is vulnerable to password guessing. Network traffic is not protected When a user changes his password, it changes the secret key and the KDS needs to be updated. |
|
|
What are the components of Kerberos
|
Kerberos is made up of a KDC, a realm of principals (users, services, applications, and devices), an authentication
service, tickets, and a ticket granting service. |
|
|
What is the function of the KDC
|
Holds all users’ and services’ cryptographic keys. It provides authentication services, as well
as key distribution functionality. The KDC provides security services to entities referred to as principals, that can be users, applications or services. A ticket is generated by the KDC and given to a principal when that principal needs to authenticate to another principal. |
|
|
What is the function of the AS / Authentication Service and TGS / Ticket Granting service
|
- Authentication Service: Is the part of the KDC that authenticates a principal
- Ticket Granting Service: Is the part of KDC that makes the tickets and hands them out to the principals |
|
|
What is a realm
|
The term realm indicates an authentication administrative domain. Its intention is to establish the boundaries within which an authentication server has the authority to authenticate a user, host or service .
|
|
|
What is critical for Kerberos to operate
|
Time synchronization
|
|
|
What is Secure European System for Applications in a Multi-vendor Environment (SESAME) and what is it vulnerable to
|
Sesame is a SSO solution that uses public key cryptography for the distribution of secret keys. developed to extend Kerberos functionality and improve upon its weaknesses. Uses a ticket for authorization which is called a Privilege Attribute Certificate.
|
|
|
What is (SESAME )and Kerberos vulnerable to
|
Is vulnerable to password guessing
|
|
|
What is a big difference between Kerberos and Sesame
|
Kerberos is a strictly symmetric key–based technology, whereas SESAME is based on both asymmetric and symmetric key cryptography.
|
|
|
What is Security domains
|
Resources working under the same security policy and managed by the same group
|
|
|
What is Thin clients
|
Terminals that rely upon a central server for access control, processing, and storage
|
|
|
What is a access control model
|
An access control model is a framework that dictates how subjects access objects.
|
|
|
What are some common Access control techniques
|
-Discretionary Access Control
-Mandatory Access Control -Lattice-based access control -Rule-based access control -Role-based access control -The use of access control lists |
|
|
What is DAC / Discretionary Access Control:
|
DAC Enables the owner of the resource to specify what subjects can access specific resources.
Access is restricted based on the authorization granted to the users. |
|
|
How is DAC most commonly implemented
|
Through the use of access control list
|
|
|
Explain how MAC / Mandatory Access Control works:
|
Users are given a security clearance and data is classified. users and data owners do not have as
much freedom to determine who can access files. The operating system makes the final decision and can override the users’ wishes. The classification is stored in the security labels of the resources. When the system makes a decision about fulfilling a request to access an object, it is based on the clearance of the subject and the classification of the object. |
|
|
What environments are more suited for MAC implementation
|
MAC is used in environments where information classification and confidentiality is of
utmost importance. |
|
|
What is the importance of Sensitivity label in a MAC model:
|
When MAC is used every subject and object must have a sensitivity label. It contains
classification and different categories. The classification indicates the sensitivity level and the categories indicate which objects take on the classification. |
|
|
What security model looks are identity of individuals
|
DAC systems grant or deny access based on the identity of the subject. The identity can be a user identity or a group membership. So, for example, a data owner can choose to allow Bob (user identity) and the Accounting group (group membership identity) to access his file.
|
|
|
What model is best for companies with a high turnover of employees
|
Role based
|
|
|
Define role based access control (RBAC)
|
A (RBAC) model, also called nondiscretionary access control, uses a centrally administrated set of controls to determine how subjects and objects interact. Allows access to resources based on the role the user holds within the company.
|
|
|
In a RBAC model what are decision based on when assigning access privileges
|
- Role-based access: Determined by the role the user has within the company.
- Task-based access: Determined by the task assigned to this user. - Lattice-based access: Determined by the sensitivity level assigned to the role. |
|
|
What is rule based access control
|
Rule-Based Access Control is based on specific rules that indicate what can and cannot happen to an object. Is a type of MAC because the administrator sets the rules and the users cannot modify these controls. Rule-based access controls affect all users across the board—no matter what their identity is.
|
|
|
What is a example of a rule based access control
|
rule-based example: a company may have a policy that dictates that e-mail attachments can only
be 5MB or smaller. This rule affects all users. If rule-based was identity-based, it would mean that Sue can accept attachments of 10MB and smaller, Bob can accept attachments 2MB and smaller, and Don can only accept attachments 1MB and smaller. This would be a mess and too confusing. |
|
|
Rule based access is not used in small companies why
|
These are not needed for small companies because everybody knows his role is trusted to some extend. However for larger organizations they provide a fine level of granularity. Disadvantages are: Time consuming - you have to figure out what everybody is allowed to do Maintainability - it becomes a complex list
|
|
|
What is a restricted interface?
|
Restrict users’ access abilities by not allowing them to request certain functions, information
or have access to specific system resources. |
|
|
What are the three major types of restricted interfaces and define each
|
-Menus and shells: Users are only given the options of the commands they can execute.
- Database views: Are mechanisms used for restricting user access to data that is contained in databases. - Physically constrained interfaces: Can be implemented by only providing certain keys on a keypad or touch buttons on a screen. |
|
|
What is a Access Control Matrix:
|
Is a table of subjects and objects indicating what actions individual subjects can take upon individual objects. It Is usually an attribute of DAC models and the access rights can be assigned directly to the subjects (capabilities) or to the objects (ACLs).
|
|
|
What is a capability table
|
Capability Table are Bound to a subject and indicates what objects that subject can access A capability table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.
|
|
|
What is an access control list
|
Access Control Lists are Bound to an object and indicates what subjects can access it Authorization can be specified to an individual, role or group.
|
|
|
What is Content-Dependent Access Control:
|
Bases access decisions on the sensitivity of the data, not solely on subject identity. For instance Company could have this in place to control web surfing—where filtering is done to look for specific words before allowing surfing.
|
|
|
What is Context-dependent access control
|
Bases access decisions on the state of the situation, not solely on identity or content sensitivity For example, firewalls make context-based access decisions when they collect state information on a packet before allowing it into the network.
|
|
|
1. What are the two types of Access control administration
|
centralized and decentralized.
|
|
|
What is Centralized access control:
|
One entity (department or individual) is responsible for granting all users access to resources. Provides a consistent and uniform method of controlling users’ access rights.
|
|
|
Give some example of centralized access control administration
|
RADIUS , DIAMETER, TACACS, XTACACS, TACACS+
|
|
|
Define RADIUS , DIAMETER, TACACS, XTACACS, TACACS+
|
- Radius Is an authentication protocol that authenticates and authorizes users usually dial-up users over a UDP connection.
- TACACS Is a client/server protocol that provides the same type of functionality as Radius uses TCP. Three generations - * TACACS - Combines authentication and authorization. * XTACACS - Separates authentication, authorization and accounting processes. * TACACS+ - Separates authentication, authorization and accounting processes, with extended two-factor user authentication. |
|
|
How is encryption handle in RADUIUS and TACACS
|
RADIUS encrypts the user’s password only as it is being transmitted from the RADIUS client to the RADIUS server. Other information, as in the username, accounting, and authorized services, is passed in cleartext.
TACACS+ encrypts all of this data between the client and server and thus does not have the vulnerabilities inherent in the RADIUS protocol. |
|
|
Why is TACACS+ considered a true authenticator and not RADIUS
|
The RADIUS protocol combines the authentication and authorization functionality. TACACS+ uses a true Authentication, Authorization, and Accounting/Audit (AAA) architecture, which separates the authentication, authorization, and accounting functionalities.
|
|
|
What is a Diameter
|
a protocol that has been developed to build upon the functionality of RADIUS and overcome many of its limitations.
another AAA protocol that provides the same type of functionality as RADIUS and TACACS+ but also provides more flexibility and capabilities to meet the new demands of today’s complex and diverse networks. |
|
|
What is Decentralized and Distributed Access Administration:
|
Gives control of access to the people closer to the resources. Does not provide uniformity and fairness across the organizations.
|
|
|
What is a examples of decentralized access control administration techniques.
|
Security Domain
|
|
|
Describe a security domain
|
Can be described as a realm of trust. All subjects and objects share common security policies, procedures and rules and they are managed by the same management system.
|
|
|
What are the challenges facing administering security domains
|
Each security domain is different because different policies and management govern it.
|
|
|
What are the three access control methods
|
Administrative Controls, Physical Controls, Techno- Logical Controls
|
|
|
Name 5 components that fall under Administrative Controls
|
• Policy and procedures
• Personnel controls • Supervisory structure • Security-awareness training • Testing |
|
|
Name 7 components that fall under Physical Controls
|
• Network segregation
• Perimeter security • Computer controls • Work area separation • Data backups • Cabling • Control zone |
|
|
Name 5 components that fall under Technical Controls
|
• System access
• Network architecture • Network access • Encryption and protocols • Auditing |
|
|
Under administrative controls define Policy and Procedures
|
Is a high level plan stating management’s intent pertaining to how security should be practiced within an organization, what actions are acceptable and what level of risk the company is willing to accept. Senior management will decide if DAC, MAC or RBAC access methodology should be used and if it should be administered via centralization or decentralization.
|
|
|
Under administrative controls define the importance of Personnel Controls
|
Indicate how employees are expected to interact with security mechanisms and noncompliance issues pertaining to these expectations.
|
|
|
What are examples of personnel control mechanisms
|
- Separation of duties: Not one individual can carry out a critical task alone
- Collusion: More than one person would need to commit fraud . - Rotation of duties: People know how to fulfil the obligations of more than one position. |
|
|
Under administrative controls define the importance of Supervisory Structure
|
Each employee has a superior to report to and that superior in return is responsible for that employee’s actions.
|
|
|
Under administrative controls define the importance of Security Awareness Training
|
People are usually the weakest link and cause the most security breaches and compromises
|
|
|
Under administrative controls define the importance of Testing
|
All security controls and mechanisms need to be tested on a periodic basis to ensure they properly support the security policy, goals and objectives set for them.
|
|
|
Under administrative controls define Network Segregation -
|
Can be carried out through physical and logical means.
|
|
|
Under Physical controls define Perimeter Security
|
Mechanisms that provide physical access control by providing protection for individuals,
facilities and the components within facilities. |
|
|
Under Physical controls define the Computer Control
|
Physical controls installed and configured.
|
|
|
Under Physical controls define Work Area Separation
|
Controls that are used to support access control and the overall security policy of the company.
|
|
|
Under Physical controls define the importance of Data Backups
|
Ensure access to information in case of an emergency or a disruption of the network or a system
|
|
|
Under Physical controls define the importance of Cabling
|
All cables need to be routed throughout the facility in a manner that is not in people’s way or that could be exposed to any danger of being cut, burnt, crimped or eavesdropped upon.
|
|
|
Under Techno-Logical controls define System Access
|
A technical control that can enforce access control objectives.
|
|
|
Under Techno-Logical controls define Network Architecture
|
Can be constructed and enforced through several logical controls to provide segregation and
protection of an environment. Can be segregated physically and logically |
|
|
Under Techno-Logical controls define Network Access -
|
Access to different network segments should be granular in nature. Routers and switches can
be used to ensure that only certain types of traffic get through to each segment. |
|
|
Under Techno-Logical controls define Encryption and protocols -
|
Works as technical controls to protect information as it passes throughout a network and
resides on computers. |
|
|
Under Techno-Logical controls define Control Zone
|
Is a specific area that surrounds and protects network devices that emit electrical signals. The front lobby could be considered a public area, the product development area could be considered top secret, and the executive offices could be considered secret. it should be understood that some areas are more sensitive than others, which will require different access control based on the needed protection level.
|
|
|
Under Techno-Logical controls define Auditing
|
Technical controls that track activity within a network, on a network device or on a specific
computer. |
|
|
What are the seven different access control functionalities/categories
|
• Deterrent Intended to discourage a potential attacker
• Preventive Intended to keep an incident from occurring • Corrective Fixes components or systems after an incident has occurred • Recovery Intended to bring controls back to regular operations • Detective Helps identify an incident’s activities • Compensating Controls that provide for an alternative measure of control • Directive Mandatory controls that have been put in place due to regulations or environmental requirements |
|
|
Preventive Controls are used to deter and avoid undesirable events from taking place.: they can be enforced by administrative, physical or techno-logical means give example of each.
|
P - Fences, Locks, Badge System, Security guard, Biometric system, Mantrap door, Lighting, CCTV, Alarms
A - Security policy, Monitoring and supervising, Separation of duties, Job rotation, Information Classification, Personnel procedures, Testing, Security awareness training. T - ACLs, Routers, Encryption, IDS, Antivirus software, Firewalls, Smart cards, Dial-up call-back systems. |
|
|
Detective: Controls used to identify undesirable events that have occurred. they can be enforced by administrative, physical or techno-logical means give example of each.
|
P - Security guard, Biometric system, Motion detectors, CCTV, Alarms, Backups.
A - Monitoring and supervising, Job rotation, Personnel procedures, Investigations, Security awareness training. T - Audit logs, IDS, Antivirus software, Firewalls. |
|
|
Corrective: Controls used to correct undesirable events that have occurred. they can be enforced by administrative, physical or techno-logical means give example of each.
|
P - Fences, Locks, Badge System, Security guard, Biometric system, Mantrap door, Lighting, CCTV, Alarms
A - Security policy. T - IDS, Antivirus software. |
|
|
Deterrent: Controls used to discourage security violations. they can be enforced by administrative, physical or techno-logical means give example of each.
|
P - Backups
A - Monitoring and supervising, Separation of duties, Personnel procedures. T - Encryption, IDS, Firewalls. |
|
|
Recovery: Controls used to restore resources and capabilities. they can be enforced by administrative, physical or techno-logical means give example of each.
|
P - Fences, Locks, Security guard, Mantrap door, Lighting, Alarms, Backups
A - T - Antivirus software. |
|
|
Compensation: Controls used to provide alternatives to other controls. they can be enforced by administrative, physical or techno-logical means give example of each.
|
P -
A - Monitoring and supervising, Personnel procedures. T – |
|
|
When dealing with audit logs what are examples of good practice
|
• Store the audits securely.
• The right audit tools will keep the size of the logs under control. • The logs must be protected from any unauthorized changes in order to safeguard data. • Train the right people to review the data in the right manner. • Make sure the ability to delete logs is only available to administrators. • Logs should contain activities of all high-privileged accounts (root,administrator). |
|
|
What is audit reduction
|
Audit reduction reduces the amount of information within an audit log.
|
|
|
Deleting specific incriminating data within audit logs is called what
|
Scrubbing
|
|
|
What are Variance-detection tool
|
Monitor computer and resource usage trends and detect variations.
|
|
|
What are Attack signature-detection tool
|
The application will have a database of information that has been known to indicate specific attacks.
|
|
|
What is object reuse
|
means before someone uses a hard drive, USB drive, or tape, it should be cleared of any residual information still on it. This concept also applies to objects reused by computer processes, such as memory locations, variables, and registers. Any sensitive information that may be left by a process should be securely cleared before allowing another process the opportunity to access the object. This ensures that information not intended for this individual or any other subject is not disclosed.
|
|
|
What is the standardized technology that suppresses signal emanations with shielding material technology refer to?
|
TEMPEST
|
|
|
What is a Faraday cage
|
The protective metal that shields metal with the necessary depth to ensure only a certain amount of radiation is released. In devices that are TEMPEST rated, other components are also modified, especially the power supply, to help reduce the amount of electricity used.
|
|
|
What is white noise
|
A countermeasure used to keep intruders from extracting information from electrical transmissions is white noise. White noise is a uniform spectrum of random electrical signals. It is distributed over the full spectrum so the bandwidth is constant and an intruder is not able to decipher real information from random noise or random information.
|
|
|
What are the IDS three common components
|
sensors, analyzers, and administrator interfaces.
|
|
|
IDSs come in two main types what are they
|
Network-based - Monitors a network or a segment of the network.
Host-based - Monitors a particular system. |
|
|
In most environments, HIDS products are installed only on critical servers, not on every system on the network why
|
because of the resource overhead and the administration nightmare that such an installation would cause
|
|
|
HIDS and NIDS detect in one of two ways which is what
|
Signature-based or Anomaly-based
|
|
|
The most popular IDS products today are Signature-based IDSs but their effectiveness depends upon?
|
regular updating the software with new signatures they are not good at discovering new attacks
|
|
|
what are signature based IDS weak against
|
This type of IDS is weak against new types of attacks because it can recognize only the ones that have been previously identified and have had signatures written for them.
|
|
|
What is the difference between a ZOO and Wild viruses
|
Attacks or viruses discovered in production environments are referred to as being “in the wild.” Attacks and viruses that exist but that have not been released are referred to as being “in the zoo.”
|
|
|
Define Knowledge-based / signature-based
|
Models of how the attacks are carried out are developed.
|
|
|
Define Behaviour-based / Statistical
|
Observes and detects deviation from expected behaviour of users and systems.
|
|
|
In a signature based IDS has two types Pattern matching and Stateful matching define each
|
• Pattern matching Compares packets to signatures
• Stateful matching Compares patterns to several activities at once |
|
|
What is a Anomaly-based IDS
|
• Behavioral-based system that learns the “normal” activities of an environment
• Can detect new attacks • Also called behavior- or heuristic-based |
|
|
When dealing with audit logs what are examples of good practice
|
• Store the audits securely.
• The right audit tools will keep the size of the logs under control. • The logs must be protected from any unauthorized changes in order to safeguard data. • Train the right people to review the data in the right manner. • Make sure the ability to delete logs is only available to administrators. • Logs should contain activities of all high-privileged accounts (root,administrator). |
|
|
What is audit reduction
|
Audit reduction reduces the amount of information within an audit log.
|
|
|
Deleting specific incriminating data within audit logs is called what
|
Scrubbing
|
|
|
What are Variance-detection tool
|
Monitor computer and resource usage trends and detect variations.
|
|
|
What are Attack signature-detection tool
|
The application will have a database of information that has been known to indicate specific attacks.
|
|
|
What is object reuse
|
means before someone uses a hard drive, USB drive, or tape, it should be cleared of any residual information still on it. This concept also applies to objects reused by computer processes, such as memory locations, variables, and registers. Any sensitive information that may be left by a process should be securely cleared before allowing another process the opportunity to access the object. This ensures that information not intended for this individual or any other subject is not disclosed.
|
|
|
What is the standardized technology that suppresses signal emanations with shielding material technology refer to?
|
TEMPEST
|
|
|
What is a Faraday cage
|
The protective metal that shields metal with the necessary depth to ensure only a certain amount of radiation is released. In devices that are TEMPEST rated, other components are also modified, especially the power supply, to help reduce the amount of electricity used.
|
|
|
What is white noise
|
A countermeasure used to keep intruders from extracting information from electrical transmissions is white noise. White noise is a uniform spectrum of random electrical signals. It is distributed over the full spectrum so the bandwidth is constant and an intruder is not able to decipher real information from random noise or random information.
|
|
|
What are the IDS three common components
|
sensors, analyzers, and administrator interfaces.
|
|
|
IDSs come in two main types what are they
|
Network-based - Monitors a network or a segment of the network.
Host-based - Monitors a particular system. |
|
|
In most environments, HIDS products are installed only on critical servers, not on every system on the network why
|
because of the resource overhead and the administration nightmare that such an installation would cause
|
|
|
HIDS and NIDS detect in one of two ways which is what
|
Signature-based or Anomaly-based
|
|
|
The most popular IDS products today are Signature-based IDSs but their effectiveness depends upon?
|
regular updating the software with new signatures they are not good at discovering new attacks
|
|
|
what are signature based IDS weak against
|
This type of IDS is weak against new types of attacks because it can recognize only the ones that have been previously identified and have had signatures written for them.
|
|
|
What is the difference between a ZOO and Wild viruses
|
Attacks or viruses discovered in production environments are referred to as being “in the wild.” Attacks and viruses that exist but that have not been released are referred to as being “in the zoo.”
|
|
|
Define Knowledge-based / signature-based
|
Models of how the attacks are carried out are developed.
|
|
|
Define Behaviour-based / Statistical
|
Observes and detects deviation from expected behaviour of users and systems.
|
|
|
In a signature based IDS has two types Pattern matching and Stateful matching define each
|
• Pattern matching Compares packets to signatures
• Stateful matching Compares patterns to several activities at once |
|
|
What is a Anomaly-based IDS
|
• Behavioral-based system that learns the “normal” activities of an environment
• Can detect new attacks • Also called behavior- or heuristic-based |
|
|
1. What are the three types of anomaly based IDS define each and its function
|
• Statistical anomaly–based Creates a profile of “normal” and compares activities to this profile can detect 0 day attacks
• Protocol anomaly–based Identifies protocols used outside of their common bounds • Traffic anomaly–based Identifies unusual activity in network traffic |
|
|
What is a Rule-based IDS
|
• Use of IF/THEN rule-based programming within expert systems
• Use of an expert system allows for artificial intelligence characteristics • The more complex the rules, the more demands on software and hardware processing requirements • Cannot detect new attacks |
|
|
In a switched environment what is a major concern when deploying IDS systems?
|
Where to locate the sensor switched environment cause concerns for IDS.
|
|
|
What is a honey pot
|
A ”fake” system that is not locked down and has open ports and services enabled within the network.
|
|
|
What is Network sniffers
|
Is a type of wiretap that plugs into a network for the purpose of eavesdropping on network traffic.
|
|
|
What is intrusion prevention system (IPS) and how is it different from IDS
|
IPS is a preventative and proactive technology, whereas an IDS is a detective and after-the-fact technology. The traditional IDS only detects that something bad may be taking place and sends an alert. The goal of an IPS is to detect this activity and not allow the traffic to gain access to the target in the first place.
|
|
|
Why are Sniffers dangerous
|
because they are very hard to detect and their activities are difficult to audit.
|
|
|
What are Dictionary Attacks
|
Programs that enable an attacker to identify user credentials. The program is fed lists of commonly used words or combinations of characters, and the program applies these values to a logon prompt
|
|
|
What are Brute Force Attack:
|
An attack that continually tries different inputs to achieve a predefined goal. Are also used in wardialing efforts.
|
|
|
What is Spoofing at Login:
|
A program that presents a fake login screen, to obtain user credentials.
|
|
|
What is Phishing
|
a type of social engineering with the goal of obtaining personal information, credentials, credit card number, or financial data.
|
|
|
What is pharming and how is it conducted
|
In this type of attack, the attacker carries out something called DNS poisoning, in which a DNS server resolves a host name into an incorrect IP address.
|
|
|
The HR database is usually considered the authoritative source for user identities why
|
because that is where user identities is first developed and properly maintained.
|
|
|
A peer-to-peer working group is a example of what type of administration
|
decentralized administration
|
|
|
Examples of administrative controls are
|
security policy, personnel controls, supervisory structure, security-awareness training,and testing.
|
|
|
Examples of physical controls are
|
network segregation, perimeter security, computer controls, work area separation, data backups, and cable
|
|
|
Examples of technical controls are
|
system access, network architecture, network access, encryption and protocols, and auditing.
|
|
|
Define how Kerberos works
|
Kerberos user receives a ticket granting ticket (TGT), which allows him to request access to resources through the ticket granting service (TGS). The TGS generates a new ticket with the session keys.
|
|
|
What are some access control attacks
|
denial of service, spoofing, dictionary, brute force, and war dialing.
|
|
|
Object reuse can unintentionally disclose information what is a good rule to remember is
|
remeber that Just removing pointers to files is not always enough protection for proper object reuse.
|
|
|
Information can be obtained via electrical signals in airwaves. How can this be combated
|
TEMPEST, white noise, and control zones
|
|
|
Degaussing is a safeguard against disclosure why
|
because it returns media back to its original state.
|
