• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/33

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

33 Cards in this Set

  • Front
  • Back
Confidentiality
Prevents uauthorized dsclosure of sensitive data
Integrity
Guarantees that data and resources are accurate and reliable.
Availability
Timely and reliable access to data and resources by authorized users
Separation of duties
Dividing tasks between different people to complete business process or work function.
Mandatory Access Control (MAC)
A model that bases access decisions on rules and security labels. Used in highly classified environments
Rule-based model
An access control model in which rules determine an individual or group's ability to access data and systems.
Discretionary Access Control(DAC)
A model that bases access decisions on who owns that data.
Access Control Matrix
Displays access held by users to an object. Displayed in columns or rows.
Non-discretionary Access Control
A model that bases access decisions on a user's position and job function. A/K/A - Role-Based Access Control (RBAC)
Role-Based Model
An access control model in which job roles determine an individual or group's ability to access data.
What are the 4 password types?
One-Time(dynamic) - highest level of security
Static - same password for eac login, minimal level of security.
Passphrase - longer than passwords, supports all types of characters and spaces
Tokens - i.e. RSA or Smart cards
6 Types of Biometric Devices
Voice Recognition
Retina scan - most invasive
Iris scan - most efficient
Palm scan - most common
Fngerprint scan
Hand geomtery scan
Biometric Error Types
Type I - False Rejection Rate(FRR) when authorized individual is falsely rejected.
Type II - False Acceptance Rate(FAR) unathorized individual is falsely accepted
Crossover Error Rate(CER)
To measure the accuracy of a biometric system's sensitivity. Where the FRR and FAR equal each other.
3 Single Sign-On Methods
Kerberos - protects confidentiality, uses KDC and TGS
SESAME - Protects confidentiality and Integrity, uses PAC and PAS
Scripts - runs in the background
Steps to Access Control Process
Identification, Authentication, then Authorization
3 Different Domains
Centralized - single point of control, bottleneck
Decentralized - distributes access control administration across several entities
Hybrid - combines centralized and decentralized, most common
RADIUS
Remote Authentication Dial-In User Service - used to authenticate and authorize dial-in users. Provides centralized access control administration
TACACS
Terminal Access Controller Access Control System A/K/A EAP. Cisco proprietary authentication equivalent to RADIUS
Diameter
Authentication protocol allowing for a variety of connection types, including wireless. equivalent to RADIUS and TACACS with more options
Brute Force Attack
trial and error process, slow process
Dictionary Attack
A variation of brute force attack that relies a standrad dictionary to match user's passwords
Denial of Service (DoS)
Intention to cripple the victim's resources by overwhelming system resources and force a shutdown.
Smurfing
A form of a DoS attack. Causes severe congestoin with ICMP ping responses.
Spoofing
To masquerade as a trusted user, network resource, or file.
Intrusion Detection System (IDS)
A method of montoring networks that attempts to detect an attack. Focuses on detection not prevention.
Host-based Intrusion Detection Systems (HIDS)
Reside on a single computer and monitor audit logs to determine an intrusion.
Network-based Intrusion Detection Systems (NIDS)
Monitor real-time activity of the network. Looks for patterns and detects DoS attacks
Signature-based Intrusion Dectection Systems
Used to detect attacks based on the signature of a previously known attack method.
Anomaly-based Intrusion Detection Systems
Used to detect variations from expected patterns of behavior on the network.
Passive or reactive Intrusion Detection Systems
Passive - monitors network activity.
Reactive - take specific action to prevent loss of data or damage to a system once an intrusion is detected.
What are the 5 steps to Penetration Testing
1. Discovery - gather information about the target system.
2. Enumerate - scan ports, monitor network transmissions, trace internet paths.
3. Vulnerabiltiy mapping - identify software and hardware vulnerabilities
4. Exploitation - Gain user and admin access
5. Management Reporting - document test findings.
What are the 3 levels of knowledge that a Penetration Test may be?
1. Zero knowledge (Black box) - team has no knowledge of target system.
2. Partial knowledge
3. Full knowledge(White Box)