Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
375 Cards in this Set
- Front
- Back
|
Information warfare
|
can be defined as any action to deny, exploit, corrupt, or destroy the enemys information and its function, while at the same timeprotecting ones self against those same actions
|
|
|
Graphical user interface
|
(GUI)- front ends that only require a person to enter an
IP address or range, and click the start button |
|
|
Two tiered architecture
|
includes a line of web servers that provide customers with a web based interface and a back-end line of servers or databases that hold
data and process the requests. Either the two tiers are within a DMZ or theback-end database is protected by another firewall |
|
|
Structured query language
|
(SQL)- queries to remote resources using HTTP
|
|
|
Open database connectivity
|
(ODBC)- requests to the back-end database, and access secured, unpublished files
|
|
|
Top down approach
|
meaning that the initiation, support, and direction come from top management and work their way thorough middle management and then to staff members
|
|
|
Bottom up approach
|
refers to situation in which the IT department tries to develop a security program without getting proper management support and direction
|
|
|
Information owner
|
is usually a senior executive within the management group of
the company, or head of a specific department |
|
|
AIC triad
|
availability, integrity, confidentiality
|
|
|
Availability
|
ensures reliability and timely access to data and resources to
authorized individuals |
|
|
Integrity
|
is upheld when the assurance of accuracy and reliability of information
and systems is provided, and unauthorized modification is prevented |
|
|
Confidentiality
|
ensures that the necessary level of secrecy is enforced at each
junction of data processing and prevents unauthorized disclosure |
|
|
Shoulder surfing
|
is when a person looks over another persons shoulder and watches their keystrokes or views data as it appears on a computer screen
|
|
|
Social engineering
|
is when one person tricks another person into sharing confidential information by posing as someone authorized to have access to that
information |
|
|
Vulnerability
|
is a software, hardware, or procedural weakness that may provide an attacker the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment
|
|
|
Threat
|
is any potential danger to information or systems. The threat is that someone, or something, will identify a specific vulnerability and use it against the company or individual
|
|
|
Threat agent
|
a threat agent could be an intruder accessing the network through a
port of the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a files integrity |
|
|
Risk
|
is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact
|
|
|
Exposure
|
is an instance of being exposed to losses from a threat agent
|
|
|
Countermeasure
|
or safeguard, is put into place to mitigate the potential risk
|
|
|
Operational goals
|
a goal for yourself today or daily goals
|
|
|
Tactical goals
|
or midterm goals which take more time and effort
|
|
|
Strategic goals
|
look further into the future and are long term
|
|
|
Planning horizon
|
looking at operational goals, tactical, and strategic goals
|
|
|
Information risk management
|
(IRM)- is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level
|
|
|
Risk analysis
|
which is really a tool for risk management, is a method of identifying vulnerabilities and threats and assessing the possible damage to determine where to implement security safeguards
|
|
|
Cost/benefit comparison
|
compares the annualized cost of safeguards to the potential cost of loss
|
|
|
Loss potential
|
meaning what the company would lose if a threat agent were
actually to exploit a vulnerability |
|
|
Delayed loss
|
has a negative effects on a company after a vulnerability is initially
exploited |
|
|
Quantitative risk analysis
|
attempts to assign real and meaningful numbers to all elements of the risk analysis process. Quantitative analysis uses risk calculations that attempt to predict the level of monetary losses and the percentage of chance for each type of threat.
|
|
|
Single loss expectancy
|
(SLE)- is a dollar amount that is assigned to a single event that represents the companys potential loss amount if a specific threat were to take place
|
|
|
Asset value x exposure factor
|
(EF) = SLE
|
|
|
Exposure factor
|
(EF)- represents the percentage of loss realized threat could have
on a certain asset |
|
|
SLE x annualized rate of occurrence
|
(ARO) = ALE
|
|
|
Annualized rate of occurrence
|
(ARO)- is the value that represents the estimated frequency of a specific threat taking place within a one-year timeframe
|
|
|
Qualitative analysis
|
which does not assign numbers and monetary values to components and losses. Instead, qualitative methods walk through different scenarios of risk possibilities and rank the seriousness of the threats and the
validity of the different possible countermeasures |
|
|
Uncertainty
|
refers to the degree to which you lack confidence in an estimate
|
|
|
Delphi technique
|
is a group decision method used to ensure that each member gives an honest opinion of what he or she thinks the result to a particular threat will be
|
|
|
Residual risk
|
no system or environment is 100 percent secure, which means there
is always some risk left over to deal with |
|
|
Total risk
|
the risk a company faces if it chooses not to implement any type of
safeguard |
|
|
Threats x vulnerability x asset value
|
= total risk
|
|
|
(Threats x vulnerability x asset value) x control gap
|
= residual risk
|
|
|
Transfer the risk
|
if a company decides that the total or residual risk is too high to
gamble with , it can purchase insurance |
|
|
Reduces the risk
|
if the company implements countermeasures
|
|
|
Rejecting the risk
|
if a company is in denial about its risk or ignores it
|
|
|
Accept the risk
|
the company understands the level of risk it is faced with and the
potential cost of damage and decides to just live with it and not implement countermeasure |
|
|
Security policy
|
is an overall general statement produced by senior management
or a selected policy board or committee that dictates what role security plays within the organization |
|
|
Organizational security policy
|
management establishes how a security program will be set up, lays out the programs goals, assigns responsibilities, shows the
strategic and tactical value of security, and outlines how enforcement should be carried out |
|
|
Issue specific policy
|
also called a functional implementing policy, addresses
specific security issues that management feels need more detailed explanation and attention to make sure a comprehensive structure is built and all employees understand how they are to comply with these security issues |
|
|
System specific policy
|
presents the managements decisions that are specific to the actual computers, networks, applications, and data
|
|
|
Standards
|
refer to mandatory activities, actions, rules, or regulations. Standards
can give a policy its support and reinforcement in direction |
|
|
Baseline
|
can refer to a point in time that is used as a comparison for future
changes. Once risks have been mitigated, and security put in place, a baseline is formally reviewed and agreed upon, after which all further comparisons and development are measured against it |
|
|
Guidelines
|
are recommended actions and operational guides to users, IT staff,
operations staff, and others when a specific standard does not apply |
|
|
Procedures
|
are detailed step by step tasks that should be performed to achieve a
certain goal |
|
|
Due diligence
|
is the act of investigating and understanding the risks the company
faces |
|
|
Due care
|
shows that a company has taken responsibility for the activities that
take place within the corporation and has taken the necessary steps to help protect the company |
|
|
Data owner
|
information owner is usually a member of management, in charge of a specific business unit, and is ultimately responsible for the protection and use of a specific subset of information
|
|
|
Data custodian
|
information custodian is responsible for maintaining and
protecting the data. This role is usually filled by the IT department, and the duties include performing regular backups of the data, periodically validating the integrity of the data, restoring data from backup media, retaining records of activity, and fulfilling the requirements specified in the companys security policy, standards, and guidelines |
|
|
System owner
|
is responsible for one or more systems, each of which may hold
and process data owned by different data owners |
|
|
Security administrators
|
tasks include creating new system user accounts, implementing new security software, testing security patches and components, and issuing new passwords
|
|
|
Security analyst
|
helps to develop policies, standards, and guidelines and set various baselines
|
|
|
Application owner
|
usually the business unit managers, are responsible for dictating who can and cannot access their applications
|
|
|
Supervisor
|
also called user manager, is responsible for all user activity and any
assets created and owned by these users |
|
|
Change control analyst
|
is responsible for approving or rejecting requests to make
changes to the network, systems, or software |
|
|
Data analyst
|
is responsible for ensuring that data is stored in a way that makes
the most sense to the company and the individuals who need to access and work with it |
|
|
Process owner
|
is responsible for properly defining, improving upon, and monitoring processes
|
|
|
Solution provider
|
this role is called upon when a business has a problem or requires that a process be improved upon
|
|
|
User
|
is any individual who routinely uses the data for work related tasks
|
|
|
Product line manager
|
evaluates different products in the market, works with vendors, understands different options a company can take, and advises management and business units on the proper solutions that are needed to meet their goals
|
|
|
Collusion
|
means that at least two people are working together to cause some typeof destruction or fraud, which drastically reduces the probability of destruction or fraud occurring
|
|
|
Nondisclosure agreements
|
need to be developed and signed by new employees to protect the company and its sensitive information
|
|
|
Rotation of duties
|
is an important control to keep each department a healthy and productive part of the company
|
|
|
Split knowledge and dual control
|
in both cases two or more individuals are authorized and required to perform a duty or task
|
|
|
Access controls
|
are security features that control how users and systems communicate and interact with other systems and resources
|
|
|
Subject
|
is an active entity that requests access to an object or the data within an object
|
|
|
Object
|
is a passive entity that contains information
|
|
|
Identification
|
describes a method of ensuring that a subject (user, program, or process) is the entity it claims to be
|
|
|
Race condition
|
is when two or more processes use the same resource and the sequences of steps within software can be carried out in improper order, which can drastically affect the output
|
|
|
Logical access controlS
|
are tools used for identification, authentication, authorization, and accountability
|
|
|
Cognitive password
|
is based on a users opinion or life experience. The password could be a mothers maiden name, a favorite color, or dogs name
|
|
|
Strong authentication
|
contains two out of these three methods: something a person knows, has, or is
|
|
|
Two factor authentication
|
for strong authentication to be in process, it must include two out of the three categories of knows, has, or is
|
|
|
Identity management
|
is a broad term that encompasses the use of different products to identify, authenticate, and authorize users through automated means
|
|
|
Biometrics
|
verifies an individuals identity by analyzing a unique personal
attribute or behavior, which is one of the most effective and accurate methods of verifying identification |
|
|
Type I error
|
false rejection rate
|
|
|
Type II error
|
false acceptance rate
|
|
|
Crossover error rate
|
(CER)- this rating is stated as a percentage and represents the
point at which the false rejection rate equals the false acceptance rate. CER is also called equal error rate (EER) |
|
|
Minutiae
|
fingerprints are made up of ridge endings and bifurcations exhibited by
the friction ridges and other detailed characteristics |
|
|
Hand geometry
|
the shape of a persons hand defines hand geometry
|
|
|
Retina scan
|
a system that reads a persons retina scans the blood vessel pattern of
the retina on the backside of the eyeball |
|
|
Iris scan
|
the uniqueness of each of these characteristics within the iris is captured by a camera and compared with the information gathered during the enrollment
phase |
|
|
Signature dynamics
|
signing a signature produces electrical signals that can be captured by a biometric system
|
|
|
Keyboard dynamics
|
captures electrical signals when a person types a certain
phrase |
|
|
Voice print
|
a biometric system that is programmed to capture a voice print and compare it to the information captured in a reference file can differentiate one individual from another
|
|
|
Facial scan
|
a system that scans a persons face attributes and are captured during a facial scan and compared to an earlier captured scan held within a reference record
|
|
|
Hand topography
|
looks at the different peaks and valleys of the hand, along with
its overall shape and curvature |
|
|
Passwords
|
a password is a protected string of characters that is used to authenticate an individual. As stated previously, authentication factors are based on what a person knows, has, or is. A password is something the user knows
|
|
|
Cognitive passwords
|
are fact or opinion based information used to verify an individuals identity
|
|
|
One time password
|
also called a dynamic password. It is used for authentication
purposes and is only good once |
|
|
Token device
|
or password generator, is usually a handheld device that has an LCD display and possibly a keypad
|
|
|
Synchronous token device
|
synchronizes with the authentication service by using
time or a counter as the core piece of the authentication process |
|
|
Time based
|
the token device and the authentication service must hold the same time within their internal clocks
|
|
|
Counter synchronization
|
the user will need to initiate the logon sequence on the computer and push a button on the token device. This causes the token device and the authentication service to advance to the next authentication value. This value and a base secret are hashed and displayed to the user. The user enters this resulting value along with a user ID to be authenticated
|
|
|
Asynchronous token generating
|
method uses a challenge/response scheme to
authenticate the user |
|
|
Digitally signing
|
a digital signature attached to a message proves that the
message originated from a specific source, and that the message itself was not changed while in transit |
|
|
Passphrase
|
is a sequence of characters that is longer than a password and , in
some cases, takes the place of a password during the authentication process |
|
|
Virtual password
|
making the passphrase the length and format that is required by
the application |
|
|
Memory card
|
holds information but cannot process information
|
|
|
Smart card
|
holds information and has the necessary hardware and software to actually process that information
|
|
|
Contact smart card
|
has a gold seal on the face of the card
|
|
|
Contactless smart card
|
has an antenna wire that surrounds the perimeter of the card
|
|
|
Side channel attacks
|
are nonintrusive and are used to uncover sensitive information about how a component works without trying to compromise any
type of flaw or weakness |
|
|
Electromagnetic analysis
|
examining the frequencies that are emitted
|
|
|
Microprobing
|
uses needles to remove the outer protective material on the cards
circuits, by using ultrasonic vibration |
|
|
Authorization creep
|
as employees work at a company over time and move from one department to another, they often are assigned more and more access rights and permissions
|
|
|
Need to know principle
|
it is based on the concept that individuals should be
given access only to information that they absolutely require to perform their job duties |
|
|
Single sign on
|
(SSO)- these capabilities would allow a user to enter credentials
one time and be able to access all resources in primary and secondary network domains |
|
|
Kerberos
|
is an authentication protocol in a client/server model and is based on
symmetric key cryptography |
|
|
Key distribution center
|
(KDC)- is the most important component within a Kerberos environment. The KDC holds all users and services secret keys
|
|
|
Principals
|
which can be users, applications, or network services
|
|
|
Secure European system for applications in a multi vendor environment
|
(SESAME)- SESAME uses symmetric and asymmetric cryptographic techniques to protect exchanges of data and to authenticate subjects to network resources
|
|
|
Privileged attribute certificates
|
(PACs)- which contain the subjects identity, access capabilities for the object, access time period, and lifetime of the PAC
|
|
|
Privileged attribute server
|
(PAS)- holds a similar role to that of the KDC within kerberos
|
|
|
Security domain
|
just builds upon the definition of domain by adding the fact that
resources within this logical structure are working uder the same security policy and managed by the same group |
|
|
Lightweight directory access protocol
|
(LDAP)- provide users access to network
resources transparently |
|
|
Access control model
|
is a framework that dictates how subjects access objects. It
uses access control technologies and security mechanisms to enforce the rules and objectives of the model |
|
|
Discretionary access control
|
(DAC)- enables the owner of the resource to specify which subjects can access specific resources
|
|
|
Mandatory access control
|
users and data owners do not have as much freedom to
determine who can access files |
|
|
Role based access control
|
(RBAC)- also called nodiscretionary access control,
uses a centrally administrated set of controls to determine how subjects and objects interact. This type of model allows access to resources to be based on the role the user holds within the company |
|
|
Rule based access control
|
uses specific rules that indicate what can and cannot happen between a subject and object it is based on the simple concept of if X then Y programming rules, which can be used to provided finer grained access control
to resources |
|
|
Shell
|
is a type of virtual environment within a system; it is the users interface to the operating system and works as a command interpreter
|
|
|
Database views
|
are mechanisms used to restrict user access to data that is contained in databases
|
|
|
Access control matrix
|
is a table of subjects and objects indicating what actions individual subjects can take upon individual objects
|
|
|
Capability table
|
specifies the access rights a certain subject possesses pertaining to specific objects. A capability table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL
|
|
|
Access control lists
|
(ACLs)- are used in several operating systems, applications,
and router configurations. They are lists of subjects that are authorized to access a specific object that they define what level of authorization is granted |
|
|
Content dependent access control
|
access to objects is determined by the content within the object
|
|
|
Context dependent access control
|
differs from content dependent in that it makes access decisions based on the context of a collection of information rather than on the sensitivity of the data
|
|
|
Centralized access control administration
|
method is basically what it sounds like:one entity (department or individual) is responsible for overseeing access to all corporate resources
|
|
|
Remote authentication dial in user service
|
(RADIUS)- is a client/server
authentication protocol that authenticates and authorizes remote users. The access server requests the remote users logon credentials and passes them back to a RADIUS server, which houses the user names and password values. The remote user is a client to the access server, and the access server is a client to the RADIUS server. |
|
|
Terminal access controller access control system
|
(TACACS)- combines its
authentication and authorization processes, XTACACS separates authentication, authorization, and auditing processes, and TACACS+ is XTACACS with extended two-factor user authentication. TACACS uses fixed passwords for the authentication and TACACS+ allows users to use dynamic one time passwords, with provides more protection |
|
|
TACACS+
|
provides the same functionality as RADIUS with a few differences in some of its characteristics. First TACACS+ uses TCP as its transport protocol, while RADIUS uses UDP. TACACS+ encrypts all of this data and thus does not
have the vulnerabilities that are inherent in the RADIUS protocol. TACACS+ uses a true AAA architecture, which separates the authentication, authorization,and accounting functionalities |
|
|
Watchdog timers
|
are commonly used to detect software faults, such as a process
ending abnormally or hanging |
|
|
Diameter
|
is a protocol that has been developed to build upon the functionality of RADIUS and overcome many of its limitations. Diameter is another AAA protocol that provides the same type of functionality as RADIUS and TACACS+ but also provides more flexibility and capabilities to meet the new demands of todays complex and diverse networks
|
|
|
Mobile IP
|
technology allows a user to move from one network to another and
still use the same IP address |
|
|
Roaming operations
|
(ROAMOPS)- allows PPP users to gain access to the internet
without the need of dialing into their home service provider |
|
|
Decentralized access control administration
|
method gives control of access to the people closer to the resources. The people who may better understand who should and should not have access to certain files, data, and resources
|
|
|
Administrative controls
|
work at the top layer of a hierarchical access control
model |
|
|
Security policy
|
is a high level plan that states managements intent pertaining to
how security should be practiced within an organization, what actions are acceptable, and what level of risk the company is willing to accept |
|
|
Collusion
|
which means that more than one person would need to commit fraud, and their efforts would need to be concerted
|
|
|
Rotation of duties
|
means that people rotate jobs so that they know how to fulfill the obligations of more than one position
|
|
|
Control zone
|
is physical control. It is a specific area that surrounds and protects
network devices that emit electrical signals |
|
|
Locks
|
are usually considered delay mechanisms because they only delay a determined intruder
|
|
|
Audit reduction tool
|
reduces the amount of information within an audit log
|
|
|
Variance detection tool
|
can monitor computer and resource usage trends and
detect variations |
|
|
Attack signature detection tool
|
is used, the application will have a database of information that has been known to indicate specific attacks
|
|
|
Keystroke monitoring
|
is a type of auditing that can review and record keystrokes entered by a user during an active session
|
|
|
Scrubbing
|
deleting specific incriminating data within audit logs
|
|
|
Object reuse
|
issues pertain to reassigning to a subject media that previously
contained one or more objects. This means before someone uses a hard drive, floppy disk, or tape, it should be cleared of any residual information that was on it previously |
|
|
Tempest
|
started out as a study carried out by the DoD and then turned into a
standard that outlines how to develop countermeasures that control spurious electrical signals that are emitted by electrical equipment |
|
|
Faraday cage
|
the devices (monitors, computers, printers etc) have an outer metal
coating |
|
|
White noise
|
is a uniform spectrum of random electrical signals. A countermeasure used to combat intruders from extracting information electrical
transmissions is white noise |
|
|
Intrusion detection systems
|
(IDSs)- is the process of detecting an unauthorized
use of, or attack upon, a computer, network, or telecommunications infrastructure. IDSs are designed to aid in mitigating the damage that can be caused by hacking, or breaking into sensitive computer and network systems |
|
|
Network based IDS
|
(NIDS)- monitor network communications. NIDS uses
sensors, which are either host computers with the necessary software installed or dedicated appliances, each with its network interface card NIC in promiscuous mode |
|
|
Host based IDS
|
(HIDS)- which can analyze the activity within a particular
computer system. Can be installed on individual workstations and/or servers and watch for inappropriate or anomalous activity |
|
|
Statistical anomaly based IDS
|
is a behavioral based system. Behavioral based IDS products do not use predefined signatures, but rather are put in a learning mode to build a profile of an environments normal activities
|
|
|
Protocol anomaly based filters
|
these types of IDSs have specific knowledge of each protocol that they will be monitoring. A protocol anomaly pertains to the format and behavior of a protocol
|
|
|
Traffic anomaly based IDS
|
most behavioral based IDSs have traffic anomaly filters, which detect changes in traffic patterns as in DoS attacks or a new service that appears on the network
|
|
|
Rule based IDS
|
takes a different approach than a signature based or statistical
based system. Rule based IDS is commonly associated with the use of an expert system. The knowledge of the system is written in rule based programming (if situtiation than action) |
|
|
State based IDS
|
scans for attack signatures in the context of a stream of activity
instead of just looking at individual packets. It can only identify known attacks and requires updates of its signatures |
|
|
Model based IDS
|
the product has several scenario models that represent how
specific attacks and intrusions take place. The models outline how the system would behave if it were under attack, the different steps that would be carried out by the attacker, and the evidence that would be available for analysis if specific intrusions took place |
|
|
Intrusion prevention system
|
(IPS)- the goal of an IPS is to detect this activity and not allow the traffic to gain access to the target in the first place. So an IPS is a preventative and proactive technology, whereas an IDS is a detective and after the fact technology
|
|
|
Honeypot
|
is a computer set up as a sacrificial lamb on the network. The system is not locked down and has open ports and services enabled. This is to entice a
would be attacker to this computer instead of attacking authentic production 21 systems on a network. The honeypot contains no real company information, and thus is not at risk |
|
|
Network sniffer
|
is a general term for programs or devices that are able to examine traffic on a LAN segment
|
|
|
Brute force attacks
|
they are attacks that continually try different inputs to achieve
a predefined goal. Brute force is defined as trying every possible combination until the correct one is identified |
|
|
Hybrid attack
|
which combines a dictionary attack and a brute force attack
|
|
|
Trusted path
|
is a communication link between the user and the kernel that cannot
be circumvented as described in the scenario of a fake logon screen |
|
|
Security policy
|
is a statement that outlines how entities access each other, what
operations different entities can carry out, what level of protection is required for a system or software product, and what actions should be taken when these requirements are not met |
|
|
Security model
|
outlines the requirements necessary to properly support and
implement a certain security policy |
|
|
Computer architecture
|
encompasses all of the parts of a computer system that are
necessary for it to function, including the operating system, memory chips, logic circuits, storage devices, input and output devices, security components, buses,and networking components |
|
|
Central processing units
|
(CPU)- is the brain of the computer. In the most general
description possible, it fetches instructions from memory and executes them |
|
|
Arithmetic logic unit
|
(ALU)- the ALU performs mathematical functions and
logical operations on data |
|
|
Control unit
|
manages and synchronizes the system while different applications
code and operating system instructions are being executed |
|
|
General registers
|
are used to hold variables and temporary results as the ALU
works through its execution steps |
|
|
Special registers
|
(dedicated registers) hold information such as the program
counter, stack pointer, and program status word (PSW) |
|
|
Program counter register
|
contains the memory address of the next instruction that needs to be fetched
|
|
|
Stack
|
which is a memory segment that the process can read from and write to
|
|
|
Stack pointer
|
moves down to direct the CPU where the next piece of data is
located |
|
|
Program status word
|
holds different condition bits
|
|
|
Address bus
|
which is a hard wired connection to the RAM chips in the system and the individual input/output (I/O) devices
|
|
|
Data bus
|
the address bus is used by the CPU to indicate the location of the instructions that need to be processed, and the memory or I/O device responds by sending the data that resides that the memory location through the data bus
|
|
|
Symmetric mode
|
that the processors are handed work as needed
|
|
|
Asymmetric mode
|
this usually means that the computer has some type of time
sensitive application that needs its own personal processor |
|
|
Process
|
is a set of instructions actually running
|
|
|
Multi programming
|
means that more than one program or process can be loaded into memory at the same time
|
|
|
Cooperative multitasking
|
used in windows 3.1 and early macintosh systems, required the processes to voluntarily release resources that they were using
|
|
|
Preemptive multitasking
|
used in windows 9x, NT, 200, XP, and in Unix systems, the operating system controls how long a process can use a resource
|
|
|
Running state
|
CPU is executing its instructions and data
|
|
|
Ready state
|
waiting to send instructions to the CPU
|
|
|
Blocked state
|
waiting for input data, such as keystrokes from a user
|
|
|
Process table
|
which has one entry per process. The table contains each individual processs state, stack pointer, memory allocation, program counter, and status of open files in use
|
|
|
Thread
|
is made up of an individual instruction set and the data that needs to be worked on by the CPU
|
|
|
Multiprogramming
|
an operating system can load more than one program in memory at one time
|
|
|
Multitasking
|
an operating system can handle requests from several different
processes loaded into memory at the same time |
|
|
Multithreading
|
an application has the ability to run multiple threads simultaneously. An operating system can handle requests from several different threads at the same time
|
|
|
Multiprocessing
|
the computer has more than one CPU
|
|
|
Process isolation
|
is necessary to ensure that processes do not step on each others toes communicate in an insecure manner, or negatively affect each others productivity
|
|
|
Encapsulated
|
when a process is encapsulated, no other process understands or
interacts with its internal programming code |
|
|
Time multiplexing
|
is a technology that allows processes to use the same
resources |
|
|
Naming distinctions
|
just means that the different processes have their own name
or identification value |
|
|
Virtual mapping
|
is different from physical mapping of memory. The physical memory is the RAM chips in the system. The operating system chops up this memory and assigns portions of it to the requesting processes. Once the process is assigned its own memory space, then it can address this portion however it needs to, which is called virtual mapping
|
|
|
Abstraction
|
means that the details of something are hidden
|
|
|
Dynamic link library
|
(DLL)- a set of functions that applications can call upon to
carry out different types of procedures |
|
|
Base register
|
contains the beginning address that was assigned to the process
|
|
|
Limit register
|
contains the ending address
|
|
|
Random access memory
|
(RAM)- is a type of temporary storage facility where data and program instructions can temporarily be held and altered
|
|
|
Dynamic RAM
|
(DRAM)- the data being held in the RAM memory cells has to be
continually and dynamically refreshed, so that your bits do not magically disappear |
|
|
Static RAM
|
(SRAM)- holds bits in its memory cells without the use of capacitors, but it does require more transistors than DRAM. SRAM is faster but more expensive
|
|
|
Thrashing
|
when a computer spends more time moving data from one small
portion of memory to another and actually processing the data |
|
|
Read only memory
|
(ROM)- is a nonvolatile memory type, meaning that when a
computers power is turned off, the data is still held within the memory chips |
|
|
Programmable read only memory
|
(PROM)- is a form of ROM that can be modified after it has been manufactured
|
|
|
Erasable and programmable read only memory
|
(EPROM)- can be erased,
modified, and upgraded |
|
|
Electrically erasable programmable read only memory
|
(EEPROM)- is similar to EPROM, but its data storage can be erased and modified electrically by onboard programming circuitry and signals
|
|
|
Flash memory
|
is a special type of memory that is used in digital cameras, BIOS
chips, memory cards for laptops, and video game consoles. It is a solid state technology, meaning that it does not have moving parts and is used more as a type of a hard drive than memory |
|
|
Cache memory
|
is a type of memory that is used for high speed writing and
reading activities. When the system assumes that it will need to access specific information many times throughout its processing activities, it will sort the information in cache memory so that it is easily and quickly accessible |
|
|
Absolute addresses
|
physical memory addresses that the CPU uses
|
|
|
Logical addresses
|
memory addresses that software uses
|
|
|
Relative addresses
|
are based on a known address with an offset value applied
|
|
|
Garbage collector
|
a garbage collector is software that runs an algorithm to identify unused committed memory and then tells the operating system to mark that memory as available
|
|
|
Secondary storage
|
is considered nonvolatile storage media and includes such things as the computers hard drive, floppy disks, or CD-ROMs
|
|
|
Swap space
|
is the reserved hard drive space that is used to extend RAM capabilities
|
|
|
Protection rings
|
the rings provide strict boundaries and definitions for what the processes that work within each ring can access and what operations they can
successfully execute |
|
|
Monolithic operating system architecture
|
is commonly referred to as the big
mess because of its lack of structure. The operating system is mainly made up ofvarious procedures that can call upon each other in a haphazard manner |
|
|
Layered operating system
|
architecture separates system functionality into hierarchical layers
|
|
|
Data hiding
|
which means that instructions and data at the various layers do not have direct access to the instructions and data at any other layers
|
|
|
Microkernel
|
learner kernel in a client/server model
|
|
|
Subsystems
|
the server processes can be file system server, memory server, I/O server, or process server. These servers are commonly called subsystems
|
|
|
Domain
|
is defined as a set of objects that a subject is able to access. This domain can be all the resources a user can access, all the files available to a program, the memory segments available to a process, or the services and processes available to an application
|
|
|
Execution domain
|
a process that resides in a privileged domain needs to be able to execute its instructions and process its data with the assurance that programs in a different domain cannot negatively affect its environment
|
|
|
Virtual machines
|
is a simulated environment
|
|
|
Java virtual machine
|
(JVM)- creates virtual machines called sandboxes in which
java applets run |
|
|
Trusting computing base
|
(TCB)- the TCB is defined as the total combination of protection mechanisms within a computer system. The TCB includes hardware,software, and firmware. These are part of the TCB because the system is sure that these components will enforce the security policy and not violate it
|
|
|
Trusted shell
|
means that someone who is working in that shell cannot bust out of it and other processes cannot bust into it
|
|
|
Process activation
|
deals with the activities that have to take place when a process is going to have its instructions and data processed by the CPU
|
|
|
Execution domain switching
|
takes place when a process needs to call upon a process in a higher protection ring
|
|
|
Security perimeter
|
is a boundary that divides the trusted from the untrusted
|
|
|
Reference monitor
|
is an abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification
|
|
|
Security kernel
|
is made up of hardware, software, and firmware components that fall within the TCB and implements and enforces the reference monitor concept
|
|
|
Multilevel security policies
|
these types of policies permit a subject to access an object only if the subjects security level is higher than or equal to the objects classification
|
|
|
Least privilege
|
only processes that need to carry out critical system functions
should be allowed to, and other, less privileged processes should call upon the more privileged processes to carry out these types of activities when necessary |
|
|
State machine models
|
all current permissions and all current instances of subjects
accessing objects must be captured. Maintaining the state of a system deals with each subjects association with objects |
|
|
Bell LaPadula model
|
it was the first mathematical model of a multilevel security
policy used to define the concept of a secure state machine and modes of access and outlined rules of access. The models main goal is to prevent secret information from being accessed in an unauthorized manner. It is a subject to object model |
|
|
Simple security rule
|
states that a subject at a given security level cannot read data
that resides at a higher security level |
|
|
* property
|
states that a subject in a given security level cannot write information to a lower security level
|
|
|
Strong star property rule
|
states that a subject that has read and write capabilities
can only perform those functions at the same security level, nothing higher and nothing lower |
|
|
Multilevel security system
|
users with different clearances use the system, and the system processes data with different classifications
|
|
|
Basic security theorem
|
which states that if a system initializes in a secure state
and all allowed state transitions are secure, then every subsequent state will be secure no matter what inputs occur |
|
|
Tranquility principle
|
means that subjects and objects cannot change their security
levels once they have been instantiated |
|
|
Biba model
|
it is a state machine model and is very similar to the Bell lapadula
model. Biba addresses the integrity of data within applications |
|
|
Well formed transaction
|
using TPs to modify CDIs
|
|
|
Information flow model
|
can deal with any kind of information flow, not only from one security level to another. In the information flow model, data is though of as being held in individual and discreet compartments. The model ensures that information cannot flow from one compartment to another in a way that threatens the confidentiality of the data
|
|
|
Covert channel
|
is a way for an entity to receive information in an unauthorized
manner |
|
|
Convert timing channel
|
one process relays information to another by modulating its use of system resources. The modulation of system resources may entail accessing the hard drive or using excessive CPU cycles
|
|
|
Covert storage channel
|
one process writes data to a storage location and another
process directly, or indirectly, reads it. The problem occurs when the processes are at different security levels and therefore are not supposed to be sharing sensitive data |
|
|
Noninterference
|
this concept is implemented to ensure that any actions that take
place at a higher security level do not affect, or interfere with, actions that take place at a lower level |
|
|
Inference attack
|
occurs when someone has access to some type of information and can infer or guess something that he does not have the clearance level or
authority to know |
|
|
Lattice model
|
a structure consisting of a finite partially ordered set together with
least upper and greatest lower bound operators on the set |
|
|
Brewer and Nash model-
|
also called the Chinese wall model, was created to provide access controls that can change dynamically depending upon a users 29 previous actions. The main goal of the model is to protect against conflicts of interest by users access attempts
|
|
|
Security evaluation
|
examines the security-relevant parts of a system, meaning the
TCB, access control mechanisms, reference monitor, kernel, and protection mechanisms |
|
|
Trusted computer system evaluation criteria
|
(TCSEC) (Orange Book)- is used to evaluate operating systems, applications, and different products. The orange book is used to evaluate whether the product is appropriate for a specific application orfunction
|
|
|
Trusted network interpretation
|
(TNI)- also called the red book addresses security evaluation topics for networks and network components. It addresses isolated local area networks and wide area internetwork systems
|
|
|
Information technoloty evaluation criteria
|
(ITSEC)- there are two main attributes of a systems protection mechanisms when they are evaluated under ITSEC:
functionality and assurance |
|
|
Common criteria
|
an evaluation is carried out on a product and is assigned an
evaluation assurance level (EAL). The common criteria has seven assurance levels |
|
|
Protection profiles
|
this is a mechanism that is used to describe a real-world need
of a product that is not currently on the market |
|
|
Certification
|
is the comprehensive technical evaluation of the security components and their compliance for the purpose of accreditation
|
|
|
Accreditation
|
is the formal acceptance of the adequacy of a systems overall
security and functionality by management |
|
|
Open systems
|
are built upon standards, protocols, and interfaces that have published specification, which enable third party vendors to develop add on components and devices
|
|
|
Closed systems
|
use an architecture that does not follow industry standards.
Interoperability and standard interfaces are not employed, to enable easy communication between different types of systems and add on features |
|
|
Maintenance hooks
|
are a type of backdoor. They are instructions within software that only the developer knows about and can invoke
|
|
|
Time of check/time of use attack
|
(TOC/TOU)- deals with the sequence of steps that a system uses to complete a task. This type of attack takes advantage of the dependency on the timing of events that take place in a multitasking operating system. This type of attack is also referred to as a asynchronous attack
|
|
|
Race condition
|
is when two different processes need to carry out their tasks on
one resource |
|
|
Buffer overflow
|
takes place when too much data is accepted as input to an
application or operating system. A buffer is an allocated segment of memory. A buffer can be overflowed arbitrarily with too much data, but for it to be an any use to an attacker, the code that is inserted into the buffer must be of a specific length followed up by commands the attacker wants to be executed |
|
|
Bounds checking
|
to ensure that the inputted data is of an acceptable length
|
|
|
Physical security
|
concerned with how people can physically enter an environment and cause an array of damages
|
|
|
Life safety
|
looking at how to protect human life above all else
|
|
|
Layered defense model
|
which means that physical controls should work together
in a tiered architecture |
|
|
Crime prevention through environmental design
|
(CPTED)- is a discipline that
outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior |
|
|
Target hardening
|
focuses on denying access through physical and artificial
barriers (alarms, locks, fences, and so on) |
|
|
Natural access control
|
is the guidance of people entering and leaving a space by the placement of doors, fences, lighting, and even landscaping
|
|
|
Security zones
|
an environments space should be divided into zones with different security levels, depending upon who needs to be in that zone and the associated risk
|
|
|
Natural surveillance
|
is to make criminals feel uncomfortable, by providing many ways that observers could potentially see them, and make all other people feel safe and comfortable, by providing an open and well designed environment
|
|
|
Territorial reinforcement
|
which creates physical designs that emphasize or extend the companys physical sphere of influence so that legitimate users feel a sense of ownership of that space
|
|
|
Facility safety officer
|
whose main job is to understand all the components that make up the facility and what the company needs to do to protect its assets and stay within compliance
|
|
|
Light frame construction material
|
provides the least amount of protection against fire and forcible entry attempts
|
|
|
Heavy timber construction material
|
is commonly used for office buildings
|
|
|
Incombustible material
|
such as steel, which provides a higher level of fire protection than the previously mentioned materials but loses its strength under extreme temperatures
|
|
|
Fire resistant material
|
the construction material is fire retardant and has steel rods
encased inside of concrete walls and support beams |
|
|
Mantrap
|
is a small room with two doors
|
|
|
Fail secure
|
configuration means that the doors default to being locked if there are
any problems with the power |
|
|
Standard glass
|
windows are commonly used in residential home and are easily
broken |
|
|
Tempered glass
|
is made by heating the glass and then suddenly cooling it. This
increases its mechanical strength, which means that it can handle more stress and is harder to break |
|
|
Acrylic glass
|
can be made out of polycarbonate acrylic, which is stronger than standard glass but produces toxic fumes if burned. It is resistant to a wide range of threats fire chemical breakage but it is more expensive
|
|
|
Embedded wires
|
there are actually two sheets of glass, with the wiring in between. The wires help reduce the likelihood of the window being broken or shattering
|
|
|
Laminated glass
|
has two sheets of glass with a plastic film in between them
|
|
|
Solar window film
|
provides extra security by being tinted and extra strength through the films material
|
|
|
Security film
|
transparent film is applied to the glass to increase its strength
|
|
|
Internal partitions
|
are used to create barriers between one area and another. These partitions can be used to segment separate work areas, but should never be used in protected areas that house sensitive systems and devices
|
|
|
Passive relocking function
|
is when a safe can detect when someone attempts to tamper with the safe, in which case extra internal bolts will fall into place to ensure that it cannot be compromised
|
|
|
Thermal relocking function
|
is when a safe when a certain temperature is met possibly from drilling, an extra lock is implemented to ensure that the valuables are properly protected
|
|
|
Online UPS systems
|
use AC line voltage to charge a bank of batteries
|
|
|
Standby UPS
|
devices stay inactive until a power line fails
|
|
|
Electromagnetic interference
|
(EMI)- can be created by the difference between three wires: hot, neutral, and ground , and the magnetic field that they create
|
|
|
Radio frequency interference
|
(RFI)- can be caused by anything that creates radio waves. Fluorescent lighting is one of the main causes of RFI
|
|
|
Positive drains
|
their contents flow out instead of in
|
|
|
Hygrometer
|
usually used to monitor humidity
|
|
|
Fire prevention
|
includes training employees on how to react properly when faced
with a fire, supplying the right equipment and ensuring that it is in working order, making sure there is an easily reachable fire suppression supply, and storing combustible elements in the proper manner |
|
|
Fire suppression
|
is the use of a suppression agent to put out a fire
|
|
|
Photoelectric device
|
also referred to as an optical detector, detects the variation
in light intensity. The detector produces a beam of light across a protected area, and if the beam is obstructed, the alarm sounds |
|
|
Plunum areas
|
the space above drop down ceilings, the space in wall cavities, and the space under raised floors for wiring and cables
|
|
|
Halon
|
is a gas that was widely used in the past to suppress fires because it interferes with the chemical combustion of the elements within a fire. It is now federally restricted because it is harmful to the ozone
|
|
|
Water pipe systems
|
always contain water in the pipes and are usually discharged by temperature control level sensors
|
|
|
Dry pipe systems
|
the water is not actually held in the pipes. The water is contained in a holding tank until it is released
|
|
|
Preaction systems
|
are similar to dry pipe systems in that the water is not held in the pipes but is released when the pressurized air within the pipes is reduced
|
|
|
Deluge system
|
has its sprinkler heads wide open to allow a larger volume of water to be released in a shorter period
|
|
|
Warded lock
|
is the basic padlock
|
|
|
Pin tumbler lock
|
is the most commonly used tumbler lock. The key has to have
just the right grooves to put all the spring loaded pins in the right position so that the lock can be locked or unlocked |
|
|
Wager tumbler
|
also called disc tumbler locks are small, round locks that you usually see on file cabinets
|
|
|
Combination locks
|
require the correct combination of numbers to unlock them. These locks have internal wheels that have to line up properly before being unlocked
|
|
|
Cipher locks
|
also known as programmable locks, are keyless and use keypads to control access into an area or facility. The lock requires a specific combination to be entered into the keypad and possibly a swipe card
|
|
|
Tension wrench
|
is a tool that is shaped like an L and is used to apply tension to the internal cylinder of a lock
|
|
|
Raking
|
circumvent a pin tumbler lock, a lock pick is pushed to the back of the
lock and quickly slid out while providing upward pressure |
|
|
System sensing access control readers
|
also called proximity devices or
transponders, recognize the presence of an approaching object within a specific area |
|
|
Electronic access control tokens
|
(EAC)-is a generic term that is used to describe proximity authentication devices, which can be proximity readers,programmable locks, or biometric systems, which identify and authenticate users before allowing them entrance into physically controlled areas
|
|
|
Perimeter intrusion detection and assessment system
|
(PIDAS)- is a type of fencing that has sensors on the wire mesh and at the base of the fence
|
|
|
Bollards
|
usually look like small concrete pillars outside a building
|
|
|
Glare protection
|
lighting should be pointed at gates or exterior access points, and the guard locations should be more in the shadows, or under a lower amount of illumination
|
|
|
Continuous lighting
|
an array of lights that provides an even amount of illumination across an area
|
|
|
Responsive area illumination
|
takes place when an IDS detects suspicious activities and turns on the lights within a specific area
|
|
|
Closed circuit TV
|
(CCTV)- is a commonly used monitoring device in most organizations. CCTV's are made up of cameras, transmitters, receivers, a recording system, and a monitor
|
|
|
Charged coupled devices
|
(CCDs)- is an electrical circuit that receives input light from the lens and converts it into an electronic signal, which is then displayed on the monitor
|
|
|
Focal length
|
of a lens describes its effectiveness in viewing objects from a horizontal and vertical view
|
|
|
Depth of field
|
refers to the portion of the environment that is in focus when shown on the monitor
|
|
|
Manual iris lenses
|
have a ring around the CCTV lens that can be manually turned
and controlled |
|
|
Fixed mounting
|
or a mounting that allows the camera to move when necessary
|
|
|
PTZ capabilities
|
can pan, tilt, or zoom as necessary
|
|
|
Electro mechanical systems
|
work by detecting a change or break in a circuit
|
|
|
Photoelectric system
|
detects the change in a light beam and thus can be used only in windowless rooms
|
|
|
Passive infrared system
|
(PIR)- identifies the changes of heat waves in an area it is configured to monitor
|
|
|
Acoustical detection system
|
uses microphones that are installed on floors, walls, or ceilings
|
|
|
Vibration sensors
|
are implemented to detect forced entry
|
|
|
Wave pattern motion detectors
|
range in the frequency of waves that they monitor
|
|
|
Proximity detector
|
also called a capacitance detector, emits a measurable magnetic field. The detector monitors this magnetic field, and an alarm sounds if the field is disrupted
|
|
|
Telecommunications
|
is the electrical transmission of data among systems, whether through analog, digital, or wireless transmission types
|
|
|
Protocol
|
is a standard set of rules that determines how systems will communicate across networks
|
|
|
Open network architecture
|
is one that no vendor owns, that is not proprietary,and that can easily integrate various technologies and vendor implementations of those technologies
|
|
|
Encapsulation
|
a message is constructed within a program on one computer and
passed down through the protocols stack. A protocol at each layer adds its own information to the message. The message is then sent to the destination computer, and the encapsulation is reversed by taking the packet apart through the same steps used by the source computer that encapsulated it |
|
|
Application layer
|
layer 7, works closest to the user and provides file transmissions, message exchanges, terminal sessions, and much more
|
|
|
Presentation layer
|
layer 6, receives information from the application layer protocols and puts it in a format that all computers following the OSI model can understand
|
|
|
Session layer
|
layer 5, is responsible for establishing a connection between the two applications, maintaining it during the transfer of data, and controlling the
release of this connection |
|
|
Transport later
|
layer 4.when two computers are going to communicate through a
connection-oriented protocol, they will first agree on how much information each computer will send at a time, how to verify the integrity of the data once it is received, and how to determine whether a packet was lost along the way. The two computers agree on these parameters through a handshaking process at the transport layer |
|
|
Network layer
|
layer 3, main responsibilities of the network layer are to insert information into the packets header so that it can be properly addressed and routed, and then to actually route the packets to their proper destination
|
|
|
Data link layer
|
layer 2, is where the network stack knows what format the data frame must be in to transmit properly over token ring, Ethernet, ATM, or fiber
distributed data interface (FDDI) networks |
|
|
Physical Layer
|
layer 1, converts bits into voltage for transmission
|
|
|
TCP/IP
|
is a suite of protocols that governs the way that data travels from one device to another
|
|
|
IP
|
is a connectionless protocol that provides the addressing and routing
capabilities for each package of data. It is the mechanism that enables the network to read IP addresses and implement proper routing functions |
|
|
TCP
|
is a reliable and connection oriented protocol, which means that it ensures
that packets are delivered to the destination computer |
|
|
UDP
|
is a best effort and connectionless protocol. It has neither packet
sequencing nor flow and congestion control, and the destination does not acknowledge every packet it receives |
|
|
Socket
|
when a TCP or UDP message is formed, a source and destination port are contained within the header information along with the source and destination addresses, this makes up a socket
|
|
|
Message
|
when an application formats data to be transmitted over the network the
data is called a message |
|
|
Segment
|
when the message is sent to the transport layer, where TCP does its
magic on the data that bundle of data is now a segment |
|
|
Datagram
|
the network layer adds routing and addressing, and now the bundle is
called a datagram |
|
|
Frame
|
the network layer passes off the datagram to the data link layer which
frames the datagram with a header and a trailer, and now it si called a frame |
|
|
Analog transmission signals
|
are continuously varying electromagnetic waves that
can be carried over air, water, twisted-pair cable, coaxial cable, or fiber-optic cable |
|
|
Modulation
|
data is combined with a carrier signal of a specific frequency
|
|
|
Amplitude
|
height of a signal
|
|
|
Frequency
|
number of waves in a defined period of time
|
