• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/118

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

118 Cards in this Set

  • Front
  • Back
Asset
something that has value
Threat
An event or object that may defeat the security measures in place and result in loss
Threat agent
A person or thing that has the power to carry out a threat
Vulnerability
Weakness that allows a threat agent to bypass security (exploit)
Risk
- The likelihood that a threat agent will exploit a vulnerability
- Realistically, risk cannot ever be entirely eliminated
Characteristics of security
- Confidentiality
- Integrity
- Availability
- Authentication
Passive Attack
Attempts to learn or make use of information from the system but does not affect system resources
Active Attack
Attempts to alter system resources or affect their operations
Types of Passive Attacks
1) Release of message contents
2) Traffic analysis
Types of Active Attacks
1) Masquerade
2) Replay
3) Modification of messages
4) Denial of service
Masquerade
Takes place when one entity pretends to be a different entity
Replay
Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect
Modification of Messages
Some portion of a legitimate message is altered, or messages are delayed or reordered to produce an unauthorized effect
Denial of Service
Prevents or inhibits the normal use or management of communications facilities
Security Mechanism
A process that is designed to detect, protect, or recover from a security attack
- No single mechanism will support all services required
Security Services
A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. Intended to counter security attacks and make use of one or more security mechanisms.
X.800 Divisions of Security Services
1) Authentication
2) Access control
3) Data confidentiality
4) Data integrity
5) Non repudiation
Access Control
The process by which resources or services are granted or denied on a computer system or network
Typical Steps in Access Control
1) Identification - review of credentials
2) Authentication - validate credentials as genuine
3) Authorization - permission granted for admittance
4) Access - right given to access specific resources
Password Attack Methods
- Brute Force
- Dictionary attack
- Rainbow tables
Password Management Strategies
1. User education
2. Computer-generated passwords
3. Reactive password checking
4. Proactive password checking
Rainbow Tables
mypass - H - 821EB342 - R - frithy - H - A31D9E21 - R - ucnrez
- uses hash and reduction functions
Salted Hash
h(salt value|password)
Estimated Password Safe Time
- Applies only to brute force attacks
R = transmission rate (characters/second)
E = number of characters exchanged in a login attempt
L = length of the password
A = size of the alphabet
Time = (1/2) *(A^L)*(R*E)
Time-synchronized One-time Passwords (OTP)
- Most common one-time passwords (dynamic passwords that change frequently)
- Used in conjunction with a token
Cryptography
The science of transforming information into an unintelligible form while it is being transmitted or stored so that unauthorized users cannot access it
Steganography
- Hides the existence of the data
- What appears to be a harmless image can contain hidden data embedded within the image
- Can use image files, audio files, or even video files to contain hidden information
Plaintext
readable strings of characters
Ciphertext
Scrambled plaintext - not readable
Encryption
Encryption
Converting plaintext to ciphertext
Decryption
Converting ciphertext to plaintext
Encryption fundamentals
1) Substitution - replaces characters of plaintext with other characters
2) Transposition - permutes plaintext characters
Caesar Cipher
- Earliest known substitution cipher
- First used in military affairs
Polyalphabetic Cipher
Add alphabetic positions of aligned characters
Transposition Cipher
Rearrange the letter order by writing the message in a rectangle, row by row, and read the message, column by column but permute the order of the columns
Block Encryption
Breaks messages into blocks of a fixed length (64 or 128 bits)
- Considered more secure
- Cipher is reset to its original state after each block is processed
- Makes ciphertext more difficult to break
Steam Encryption
Encrypts a digital data stream one bit or one byte at a time
- Fast when plaintext is short
- Can consume a large amount of processing power
- Does not vary so may be easier to determine key
Symmetric Key Sharing
- Both parties must have same key
- Key distribution is critical
Number of Symmetric Keys Needed
If you have n parties with which you communicate with, you need
n(n-1)/2 keys
Symmetric Encryption Methods
- DES
- 3DES
- AES
DES
-Block cipher that encrypts data in 64-bit blocks
3DES
- Designed to replace DES
- Uses 3 rounds of encryption instead of just one
AES
- Approved as a replacement fr DES
- Performs three steps on every 128-bit block of plaintext
Categories of cryptographic algorithms
1) Symmetric encryption algorithms (2-way function)
2) Hashing algorithms (1-way function)
3) Asymmetric encryption algorithms (2-way function)
Characteristics of Hashing Algorithms
1) Ciphertext hash is a fixed size
2) Two different sets of data cannot produce the same hash (collision)
3) It should be impossible to produce a data set that has a desired or predefined hash
4) Can be applied to a set of data of any size
5) It should be easy to compute a hash from a message
Secure Hash Algorithm (SHA)
SHA-1 - Patterned after MD4 but creates a hash that is 160 bits in length
SHA-2 - Comprised of four variations, considered a secure hash
Uses of Asymmetric Cryptographic Algorithms
- Authenticate sender
- Prevent the sender from disowning the message
- Prove the integrity of the message
Symmetric cryptography
Also called private key cryptography
Uses a single key to encrypt and decrypt a message
Asymmetric cryptography
Also called public key cryptography
Uses two keys instead of one
Advantages of Symmetric Encryption
- Computationally efficient
- Modern methods are quite secure
Disadvantages of Symmetric Encryption
- Requires sender and receiver to agree on a key before transmission of data
- Security lies only with the key
- Must have a key for every pair of correspondents
Advantages of Asymmetric Encryption
- Key management is relatively easy
- Don't have to create a key for every receiver
Disadvantages of Asymmetric Encryption
- Computationally more intensive
- Security of keys can be compromised when malicious users post phony keys
Message Integrity Techniques
- Hashing (MD5, SHA-1)
- Message authentication code (MAC)
Message Authentication Code (MAC)
- One-way function
- Requires a key
- Appends checksum to message
- A function of the message and a secret shared key
Probability of Collision
k = 1.117(sqrt(n)) yields a collision with probability of 50%
Equation for Encrypting M
C = M^e mod n
Equation for Decrypting C
M = C^d mod (fi)
Add Authentication to Messages
Encrypt with sender's private key
Add Confidentiality to Messages
Encrypt with recipient's public key
Add Integrity to Messages
Include a hash of the message
Digital Signature Schemes
- Senders include public key in each message
- Senders can store public keys on a site of their own that is readily accessible
- Public keys may be stored in one or more centrally managed directories
Digital Certificate
Associates a user's identity to a public key
- The user's public key that has itself been digitally signed a by a trustworthy source
Certificate Authority
- An entity that issues digital certificates for others
Class 1 Certificates
Designed for casual web browsing and secure email use
Certifies only the uniqueness of a name or email address
Class 2 Certificates
Requires third party of name, address, etc
Online registration
Class 3 Certificates
Must appear in person and present identification credentials
Class 4 Certificates
Issued only after the subject is thoroughly investigated
Certificate Revocation List (CRL)
A list of revoked certificates that is maintained by the certificate authority (CA)
Types of Certificates
1) Personal
2) Server certificates
3) Software publisher certificates
Web of Trust
- Decentralized trust model
- Alternative to the centralized trust model of PKI
- Flexible and leaves trust decisions in hands of users
Transport Layer Protocol
Layer 3 in OSI model
Sends data using TCP/IP
IP Security (IPSec)
A set of protocols developed to support the secure exchange of packets
Areas of Protection in IPSec
- Authentication
- Confidentiality
- Key management
Tunnel Mode
- Encrypts both the header and data portion of the IP packet
- Protects the entire IP packet (including IP header)
- Typically used for connecting secure gateways
Authentication Header (AH)
- Provides authentication but not confidentiality
- Adds extra field to traditional IP packet that is used to verify authenticity of the packet
Encapsulating Security Payload (ESP)
- Provides packet encryption and, optionally, authentication
- Content of IP packet is encrypted and encapsulated between header and trailer fields
Security Association (SA)
- Must be set up in order for pairs of hosts to communicate with each other
- Acts as a virtual connection
- Used in VPN establishment, low-cost remote access, and extranet connectivity
Transport mode
Encrypts only the data portion (payload) of each packet yet leaves the header unencrypted
SSL
- Provides web security services between TCP and applications that use TCP
- URLs start with "https"
- Provides confidentiality using symmetric encryption (DES, 3DES or RC4)
- Provides integrity using MAC
- Employed by all major browsers to secure Internet messages
SET
An open encryption and security specification designed to protect credit card transactions on the Internet
TLS
- IP version of SSL
SSL/TLS Counter Attacks
- Brute force search of key space
- Known plaintext dictionary attack
- Man in the middle attack
- Spoofing
Malicious software that need host programs
- Trapdoors
- Logic bombs
- Trojan horses
- Viruses
Malicious software that is independent
- Worm
- Zombie
Malicious software that replicates
- Viruses
- Worm
- Zombie
Virus
- Software that attaches itself to a program and propagates itself to other programs
- Carries code to make copies of itself
- As well as code to perform some covert task
Worm
- Program that propagates copies of itself to other computers
- Actively searches for other systems by examining host tables or similar repositories of remote addresses
Virus Countermeasures
- Simple scanners
- Heuristic scanners - look for fragments of code often associated with viruses
- Activity traps - identify virus-type actions taking place
Logic Bomb
- Triggers action when specified condition occurs
- Code embedded in legitimate program
- When triggered it will typically damage system
Trojan Horse
- Program that contains unexpected additional functionality
- Program is usually superficially attractive
- When run performs some additional tasks
- Often used to propagate a virus/worm or install a backdoor
Trapdoors
- Secret entry point into a program
- Allows those who know access bypassing usual security procedures
- Have been commonly used by developers
- A threat when left in production programs allowing exploited by attackers
Zombie
- Program which secretly takes over another networked computer
- Uses that computer indirectly to launch attack
- Often used to launch DoS attacks
- Exploits known flaws in network systems
Buffer Overflow
Occurs when a process attempts to store data in RAM beyond the boundaries of a fixed length storage buffer
Firewall
- Forms a barrier through which traffic in both directions must pass
- Can be designed to work as a filter at the packet level or may operate at a higher protocol level
Types of Firewalls
1. Packet-filtering routers
2. Application-level gateways
3. Circuit-level gateways
Packet-filtering Router
- Operate mainly at network layer
- Applies a set of rules to each incoming and outgoing packet
- If there is a match to a rule, that rule is invoked to determine whether to forward or discard the packet
- Treat each packet individually
- Are "stateless" = no memory
Application-level Gateways
- Operate mainly at application layer
- Also called proxy server
- Acts as a relay of application-level traffic
- Traffic is funneled through small programs called proxies
- Internal computers communicate with proxies, which in turn communicate with the external network
Circuit-level Gateways
- Operate mainly at transport layer
- Also works as a proxy server, but just for TCP/IP (not applications)
- Maintains a table of valid connections
- TCP/IP packets arrive at circuit level gateway and go no further
- New TCP/IP packets are then created and sent to the destination
Stateful Inspection Firewalls
- Examine each IP packet in context
- Keeps track of client-server sessions
- Check each packet validly belongs to one of the current sessions
Advantages of Proxy Servers
- Higher security than packet filters
- Only need to scrutinize a few allowable applications
- Easy to log and audit all incoming traffic
Disadvantages of Proxy Servers
- Additional processing overhead on each connection (gateway as splice point)
Common Complex Firewall Configurations
1. Screened host firewall system (single-homed bastion host)
2. Screened host firewall system (dual-homed bastion host)
3. Screened subnet firewall system
Screened Host firewall System (single-homed bastion host)
- Two-part firewall (packet-filter & bastion host)
- Only packets from and to the bastion host are allowed to pass through the router
- Implements packet-level and application-level filtering
Screened Host Firewall System (dual-homed bastion host)
- Separate physical connections in and out of Bastion host to make sure it can't be bypassed if packet-filtering router is compromised
Screened-subnet Firewall System
- Most secure configuration
- Two packet-filtering routers are used
- Creation of an isolated sub-network (known as DMZ)
Advantages of Screened-subnet Firewall Systems
- Three levels of defense
- Outside router advertises only the existence of the screened subnet to the internet
- The inside router advertises only the existence of the screened subnet to the internal network
Honeypot
- Intended to trap or trick attackers
- Typically a computer located in a DMZ that is loaded with software and data files that appear to be authentic
Three primary purposes of a honeypot
1. Deflect attention
2. Early warnings of new attacks
3. Examine attackers techniques
Intrusion Detection Systems (IDS)
- Attempt to detect unusual patterns of activity or those known to correlate with intrusions
IDS Purposes
- Detect attacks
- Enforce policies
- Provide an audit trail
IDS Actions
- Configure the firewall to filter out the IP address of the intruder
- Save packets in a file for further analysis
- Send an entry to a system log file
- Send email, page, or a phone message to the network administrator
Anomaly-Based IDS
- One type of IDS that looks for suspicious patterns
- Compares new behavior against "normal" or "acceptable" behavior
Pros to Anomaly Based Detection
- Robust against new types of attacks
- No need to write rules
Cons to anomaly based attacks
- Prone to false alarms
- Computationally intensive
Rule Based IDS (Snort)
- Identify the exploit of interest
- Runt he exploit on a test network recording all traffic between the target and attack hosts
- Analyze the data for a unique signature
- Condense the signature into a rule
Pros of Rule Based Detection
- Good against known attacks
- Keep false positives low
- Less computation
Cons of Rule Based Detection
- Not good against unusual or novel attacks
- Writing rules can be tedious