Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
235 Cards in this Set
- Front
- Back
Information security |
Focused on protecting electronicinformation of organizations and users |
|
Information security managerial personnel |
Administer andmanage plans, policies, and people |
|
Information security technical personnel |
Concerned withdesigning, configuring, installing, and maintaining technicalsecurity equipment |
|
Chief Information Security Officer (CISO) |
Reports directlyto CIO and responsible for assessing, managing, andimplementing security |
|
Security manager |
Reports to CISO and supervisestechnicians, administrators, and security staff |
|
Security administrator |
Manages daily operations of securitytechnology; has both technical knowledge and managerialskills |
|
Security technician |
Provide technical support to configuresecurity hardware, implement security software, and diagnoseand troubleshoot problems |
|
CompTIA Security+ |
Certification that is widely recognized and highly respected vendor-neutral credential
|
|
Silver bullet |
A specific and fail-safe solution that veryquickly and easily solves a serious problem |
|
Confidentiality |
Ensures only authorized parties can viewinformation |
|
Integrity |
Ensures information not altered |
|
Availability |
Ensures information accessible when needed toauthorized parties |
|
Authentication |
Ensures that the individual is who she claimsto be (the authentic or genuine person) and not an imposter |
|
Authorization |
Providing permission or approval to specifictechnology resources |
|
Accounting |
Provides tracking of events (e.g., who accessedthe web server, from what location, and at what specific time) |
|
Securing Devices |
Stored on computer hardware Manipulated by software Transmitted by communications |
|
Vulnerability |
A flaw or weakness that allows a threat agentto bypass security |
|
Threat vector |
Means by which an attack can occur |
|
Threat likelihood |
Probability that threat will come tofruition |
|
Risk |
Is a situation that involves exposure to some type ofdanger. |
|
Risk avoidance |
Making decision to not engage in the activity |
|
Acceptance |
Risk is acknowledged but no steps are taken toaddress it |
|
Mitigation |
Attempts to address the risks by making risks lessserious |
|
Deterrence |
Warning/Informing attacker of the harm thatmay come his way if he attacks an asset |
|
Transference |
Transfer the risk to a third party |
|
Asset |
Is an item that has value |
|
Hacker |
Older term referred to a person who used advancedcomputer skills to attack computers |
|
Black hat hackers |
Attackers who violated computer securityfor personal gain or to inflict malicious damage |
|
White hat hackers |
(Ethical attackers) Who receivedpermission to probe system for any weaknesses
|
|
Gray hat hackers |
Attackers who would break into acomputer system without permission and then publiclydisclose vulnerability |
|
Cybercriminals |
Generic term describes individuals who launch attacks againstother users and their computer |
|
Script Kiddies |
Unskilled users with goal to break into computers to createdamage
40 percent (40%) of attacks performed by script kiddies |
|
Brokers |
Individuals who uncover vulnerabilities do not report it to thesoftware vendor but instead sell them to the highest bidder |
|
Insiders |
Employees, contractors, and business partners (a.k.a. insiders)who steal from employer |
|
Cyberterrorists |
Attackers who have ideological motivation |
|
Hactivists |
Hactivists (a combination of the words hack and activism) isanother group motivated by ideology Unlike cyberterrorists who launch attacks against foreignnations to incite panic, hactivists generally not as well-defined. |
|
State-Sponsored Attackers |
Attackers supported by governments for launching computerattacks against their foes (e.g., Flame, Stuxnet) |
|
Cyber Kill Chain (CKC) |
An attacker who attempts to break into a web server orcomputer network actually follows these same steps |
|
Defenses Against Attacks |
1) Layering 2) Limiting 3) Diversity 4) Obscurity 5) Simplicity |
|
Layering |
Information security must be created in layers |
|
Limiting |
Limiting access to information reduces the threat against it |
|
Diversity |
Layers must be different (diverse)
If attackers penetrate one layer then same techniquesunsuccessful in breaking through other layers |
|
Obscurity |
Obscuring inside details to outsiders Not revealing details: > Type of computer > Operating system version > Brand of software used |
|
Simplicity |
Complex security systems can be hard to understand,troubleshoot, and even feel secure about |
|
Malware (malicious software) |
Software that enters acomputer system without the owners knowledge or consent |
|
Oligomorphic malware |
Changes its internal code to one of aset number of predefined mutations whenever executed |
|
Polymorphic malware |
Completely changes from its originalform whenever it is executed |
|
Metamorphic malware |
Can actually rewrite its own code andthus appears different each time it is executed |
|
Circulation |
Some malware has primary trait of spreadingrapidly to other systems to impact large number users |
|
Infection |
Some malware has primary trait of infect or embeditself into that system |
|
Concealment |
Some malware has as its primary trait avoidingdetection by concealing its presence from scanners |
|
Payload capabilities |
When payload capabilities are theprimary focus of malware, the focus is on what nefariousaction(s) the malware performs |
|
Computer virus |
Malicious computer code that reproducesitself on the same computer |
|
Program virus |
Virus that infects an executable program file |
|
Macro virus |
One of most common data file viruses writtenin a script known as a macro (macro is series of instructionsthat can be grouped together as single command). |
|
Appender infection |
Virus appends itself to end of a file |
|
Armored Viruses |
Virus goes to great lengths to avoid detection **** name tbh. Stealth virus makes far more ******* sense. |
|
Swiss cheese infection |
Encrypts virus code and then dividedecryption engine into different pieces and inject these piecesthroughout the infected program code |
|
Split infection |
Viruses split the malicious code itself intoseveral parts |
|
Virus Actions |
When infected program is launched it activates its maliciouspayload > Cause a computer to crash repeatedly > Erase files from or reformat hard drive > Turn off computers security settings |
|
Virus Carriers |
Virus cannot automatically spread to another computer Relies on user action to spread |
|
Worm |
Malicious program that uses a computer network to replicate |
|
Trojan |
Program that does something other than advertised |
|
Rootkit (Concealment) |
Software tools used by an attacker to hide actions or presenceof other types of malicious softwaress |
|
Spyware |
Software that gathers information without user consent |
|
Keylogger |
Software that captures userskeystrokes |
|
Erik |
Beastly |
|
Adware |
Program that delivers advertising content in mannerunexpected and unwanted by the user |
|
Ransomware |
Program that prevents a user’s device from properly operatinguntil a fee is paid |
|
Logic Bomb |
Computer code that lies dormant until triggered by a specificlogical event and then performs malicious activities |
|
Backdoor |
Software code that circumvents normal security to giveprogram access |
|
Zombie |
Infected robot (bot) computer |
|
Botnet |
Multiple zombie computers gathered into a logicalcomputer network |
|
Bot herder |
Attacker who controls bonet |
|
Command and control |
Instructions from thebot herders regarding which computers to attack and how |
|
Social engineering |
Means of gathering information fromindividuals by relying on their weaknesses |
|
Social engineering (Psychology) |
The mental and emotional approach in socialengineering attack |
|
Impersonation |
Masquerade as a real or fictitious characterand then play out the role of that person on a victim |
|
Common Phishing Features –Phishing |
Sending email or display web announcementclaiming to be from legitimate source |
|
Common Phishing Features –Deceptive web links |
Use variations of a legitimate address(e.g. www.ebay secure.com, www.e–bay.com,www.e-baynet.com) |
|
Common Phishing Features –Logos |
Include logo of vendor to make request look genuine
|
|
Pharming |
Automatically redirects user to fraudulent website |
|
Spear phishing |
Email messages target specific users |
|
Whaling |
Going after the big fish by targeting wealthyindividuals |
|
Vishing (voice phishing) |
Attacker calls victim with recordedmessage with callback number, but number is actually toattacker |
|
Spam |
Unsolicited email |
|
Spim |
Targets instant messaging users |
|
Image spam |
Uses graphical images of text Circumvents text-based filters Often contains nonsense text |
|
Hoaxes |
False warning or claim |
|
Typo squatting (URL hijacking) |
Attacker registers fakelook-alike site to which user is automatically directed whenmakes a typing error when entering URL (Uniform ResourceLocator) address in a web browser (e.g. goggle.com orgoogle.net instead of google.com) |
|
Watering hole attack |
Directed toward smaller group ofspecific individuals, such as the major executives working for amanufacturing company |
|
Physical Procedures |
These attacks take advantage of user actions that can resultin compromised security |
|
Dumpster Diving |
Digging through trash to find usefulinformation |
|
Tailgating |
Following an authorized person entering througha door |
|
Shoulder surfing |
Casually observing user entering keypadcode |
|
Network used to connect different _______ and ______ together |
Network used to connect different clients and servers together |
|
Clients and servers run an _________ _________ |
Clients and servers run an operating system |
|
Operating system controls _____________ |
Operating system controls applications |
|
Applications manipulate data |
Applications manipulate _____ |
|
Threee things Application Attacks target: |
operating system applications data |
|
Server-Side Web Application Attacks |
Exploit the dynamic content based on inputs from user |
|
Zero day attacks |
Exploit previously unknown vulnerabilitiesso victims have no time to prepare or defend |
|
Cross-Site Scripting (XSS) |
Injects scripts into webapplication server to direct attacks at unsuspecting clients Cross-site scripting attacks occur when attacker takesadvantage of web applications that accept user input withoutvalidation and then present back to user |
|
SQL (Structured Query Language) |
Used to manipulate datastored in relational database |
|
SQL Injection |
Targets SQL servers by introducing maliciouscommands |
|
Markup language |
Method for adding annotations to text |
|
Hypertext Markup Language (HTML) |
Uses tags surrounded by brackets (i.e., < >)
Instructs browser to display text in specific format |
|
Extensible Markup Language (XML) |
Carries data instead of indicating how to display it Users define their own tags |
|
XML Injection |
1) Attacker discovers Web site that does not filter user data 2) Injects XML tags and data into the database |
|
Directory traversal |
Uses malformed input or takes advantageof vulnerability to move from root directory to restricteddirectories |
|
Command injection |
Attacker enters commands to executeon server or view confidential files |
|
Client-side attacks |
Target vulnerabilities in client applications > Interacting with a compromised server > Client initiates connection with server, which could result in anattack One example of a client-side attack is drive-by download |
|
Drive-By Download |
Client computer compromised simply by viewing a Web page |
|
Common client-side attacks include: |
> Header manipulation > Cookies > Attachments > Session hijacking > Malicious add-ons |
|
HTTP header |
Consists of fields that characterize data beingtransmitted |
|
HTTP header manipulation |
Attack modifies HTTP headers Not actual attack but rathervehicle through which other attacks like (XSS) can belaunched |
|
Referer |
Can bypass security by modifying Referer field tohide fact came from another site |
|
Accept-Language |
Because some web applications passcontents of field directly to database, attacker can inject SQLcommand by modifying header |
|
Response splitting |
Inserting a CRLF (Enter Key) in an HTTP header cangive attackers control of the remaining HTTP headers andbody of the response |
|
Cookies |
Store user-specific information on user’s localcomputer |
|
First-party cookie |
Cookie created by Web site user currentlyvisiting |
|
Third-party cookie |
Site advertisers (third parties) placecookie to record user preferences |
|
Session cookie |
Stored in RAM and expires when browser isclosed |
|
Persistent cookie |
Recorded on computer’s hard drive anddoes not expire when browser closes |
|
Session token |
Verification through which random stringassigned to interaction between user and web applicationcurrently being accessed (session) 1) Web application server assigns a unique session token 2) Each subsequent request from user’s web browser to webapplication contains session token verifying user identity |
|
Session hijacking |
Attacker attempts to impersonate the userby using her session token |
|
Plug-in |
Third-party library that attaches toweb browser and can be embedded inside a webpage butaffects only specific page (e.g., Java, Adobe Flash player, Apple QuickTime, Adobe Acrobat Reader) |
|
Add-ons or extensions |
Tools that add functionality to theweb browser itself (e.g., Create additional web browsertoolbars, Change browser menus, etc.) |
|
ActiveX |
Set of rules for how applications under theMicrosoft Windows operating system should share information |
|
ActiveX controls (add-ons) |
Specific way of implementingActiveX and are sometimes called ActiveX applications |
|
Impartial Overflow Attacks |
Some attacks are impartial in that they can target eitherserver or client |
|
Buffer Overflow Attack |
Process attempts to store data inRAM beyond boundaries of fixed-length storage buffer |
|
Integer Overflow Attack |
Condition occurs when result of arithmeticoperation (addition or multiplication) exceeds the maximumsize of the integer type used to store it When overflow occurs, the interpreted value then wrapsaround from maximum value to minimum value |
|
Heap spray |
Targeted to insert data only in certain parts ofmemory |
|
Arbitrary/remote code execution |
Allows attacker to runprograms and execute commands on different computer |
|
Networking-Based Attacks |
Exploiting single vulnerability may expose hundreds orthousands of devices to an attacker |
|
Denial of service (DoS) |
Attempts to prevent system fromperforming normal functions |
|
Distributed denial of service (DDoS) |
Uses thousands zombiecomputers in botnet |
|
Ping flood attack |
Ping utility used to send large number ofecho request messages and overwhelms server |
|
Smurf attack |
Ping request with originating address changed(spoofing) and appears as if target computer is asking forresponse from all computers on the network |
|
SYN flood attack |
Takes advantage of procedures forestablishing connection |
|
Man-in-the-middle Attack |
Makes it appear that two entities arecommunicating with each other, when actually they aresending and receiving data with a third part between them Man-in-the-middle attack can be passive or active. |
|
Replay Attack |
Replay makes a copy of the transmission before sending it tothe recipient for use at a later time (the man-in-the-middlereplays it) |
|
ARP Poisoning |
Attacker modifies MAC address in ARP cache to point todifferent computer (see Table 3-4) |
|
Domain Name System (DNS) |
Current basis for nameresolution to IP address |
|
DNS poisoning |
Substitutes DNS addresses to redirectcomputer to another device |
|
Vertical privilege escalation |
User with lower privilege usesprivilege escalation to grant self access functions reserved forhigher-privilege users |
|
Horizontal privilege escalation |
User with restricted privilegesaccesses the different restricted functions of a similar user |
|
Host |
Can be either a server or a client on a network,runs applications that process, save, or transport data |
|
Security control |
Any device or process used to reduce risk |
|
Administrative controls |
Processes for developing andensuring that policies and procedures are carried out |
|
Technical controls |
Processes carried out or managed bydevices |
|
Deterrent control |
Attempts to discourage security violationsbefore they occur |
|
Preventive controls |
Works to prevent the threat fromcoming into contact with the vulnerability |
|
Detective controls |
Designed to identify any threat that hasreached the system |
|
Compensating controls |
Controls that provide alternative tonormal controls that for some reason cannot be used |
|
Corrective controls |
Controls intended to mitigate or lessenthe damage caused by the incident |
|
External Perimeter Defenses examples |
Barriers, Guards, Motiondetection devices |
|
Internal Physical Access Security examples |
Hardware locks,Proximity readers, Access lists, Mantraps, ProtectedDistribution Systems |
|
Hardware security |
Cable lock, Safe or Locking cabinet |
|
Fencing |
Tall, permanent structure to keep out individualsfor maintaining security |
|
Sign |
– Explains the area is restricted |
|
Lighting |
Area can be viewed after dark |
|
Anticlib Paint |
Non dry paint, hard to climb |
|
Anti Climb collar |
Spikes on a pole |
|
Roller Barrier |
Indepedent rolling bar on top of fence |
|
Rotating Spikes` |
Top of walls, gates or fences. Roller Barrier + Spikes |
|
Barricade |
Generally designed to block passage of traffic |
|
Guards |
Humanguards are considered active security elements Unlike passive devices, guard can differentiate between anintruder and non-intruder (e.g., someone looking a lost pet) |
|
Video surveillance |
– Uses video cameras to transmit a signa |
|
Closed circuit television (CCTV) |
Video signal to a specificand limited set of receivers |
|
CCTV options: |
Fixed in single position (pointed at door or hallway) Movable in 360 degrees for a full panoramic view Motion-tracking (will automatically follow any movement) |
|
Motion detection |
Determining object’s change in position inrelation to surroundings
Usually generates an audible alarm to warn guardof an intruder |
|
Deadbolt lock |
Extends solid metal bar into door frame forextra security Much more difficult to defeat than keyed entry locks |
|
Cipher lock |
Combination sequence necessary to open door Can be programmed to allow individual’s code to give accessat only certain days or times Records when door is opened and by which code |
|
Proximity Readers |
user canuse an object (physical token) for identification Later ID badges were magnetic stripe cards that were swipedor contained barcode identifier scanned to identify user |
|
Proximity reader |
Device that receives the badge signal |
|
Access list |
Record of individuals who have permission toenter secure area |
|
Mantrap |
Separates a secured from a non-secured area |
|
Protected distribution system (PDS) |
System of cableconduits used to protect classified information beingtransmitted between two secure areas |
|
Hardened carrier PDS |
Data cables installed in conduitconstructed of special electrical metallic tubing or similarmaterial |
|
Alarmed carrier PDS |
Carrier system deployed withspecialized optical fibers in the conduit Can sense acoustic vibrations and trigger alarm when intruderattempts to gain access |
|
Hardware security |
Physical security protecting host systemhardware |
|
Cable lock |
inserted into slot and secured to device |
|
Securing the Operating System Software: Security through configuration |
Properly configure operatingsystem after it has been installed to fortify it |
|
Securing the Operating System Software: Security through design |
Tighten security during initial designand coding of operating system. |
|
A security policy |
A document or a series of documents thatclearly defines the defense mechanisms an organization willemploy in order to keep information secure
|
|
A baseline |
Is the standard or checklist against which systemcan be evaluated and audited for their level of security
|
|
a security template
|
a collection ofsecurity configuration settings
|
|
Group Policy
|
Provides centralized management andconfiguration of computers and remote users who are usingspecific Microsoft directory services known as Active Directory
|
|
Security patch
|
General software update to cover discoveredvulnerabilities |
|
Hotfix |
Addresses specific customer situation |
|
Service pack |
Accumulates patches, hotfixes, and additionalfeatures |
|
Automated patch update service |
Manage patches locallyinstead using vendor’s online update service |
|
OS hardening |
Necessary to tighten security during designand coding of OS |
|
Trusted OS |
Operating system that has been designedthrough OS hardening |
|
Antivirus (AV) |
Software that examines computer forinfections |
|
Static analysis |
Scan files by attempting to match knownvirus patterns against potentially infected files |
|
Dynamic heuristic detection |
Uses variety of techniques tospot characteristics of virus instead of attempting to makematches |
|
Code emulation |
Virtual environment is created thatsimulates the central processing unit (CPU) and memory ofthe computer |
|
Bayesian filtering |
Analyzes every word in each email anddetermines how frequently a word occurs in spam pilecompared to not-spam pile |
|
Blacklist |
Allow everything in unless it appears on the list |
|
White list |
List of approved senders |
|
Pop-up |
Small window appearing over web-page usuallycreated by advertisers |
|
Pop-up blocker |
Separate program as part of antispywarepackage incorporated within browser that allows user to limitor block most pop-ups |
|
Firewall (packet filter) |
Designed prevent malicious packetsfrom entering/leaving |
|
Host-based application firewall |
Software firewall runs onlocal system |
|
Static environment |
Types of devices with microprocessorsnot designed to be updated |
|
Embedded system |
Computer system with a dedicatedfunction within a larger electrical or mechanical system |
|
Game consoles |
Many consumer game consoles containadaptations of general-purpose operating systems and maycontain some of same vulnerabilities |
|
Smartphone |
Includes an operating system that allows it torun third-party applications but operating systems havevulnerabilities that attackers can exploit |
|
Mainframe |
Very large computing systems that havesignificant processing capabilities |
|
In-vehicle computer systems |
Automobile functions that arecontrolled by microprocessors |
|
SCADA (supervisory control and data acquisition) |
Large-scale industrial-control systems found in militaryinstallations, oil pipeline control systems, manufacturingenvironments, and nuclear power plants |
|
Application development security |
Security for applications must be considered through allphases of the software life cycle (i.e., design, developmenmt,testing, deployment, and maintenance) |
|
Application Configuration Baselines |
standard environment settings inapplication development can stablish a secure baseline |
|
Secure Coding Concepts |
Coding standards increase applications’ consistency, reliability,and security |
|
Errors (exceptions) |
Faults that occur while application isrunning |
|
Fuzz testing (fuzzing) |
Software testing technique thatdeliberately provides invalid, unexpected, or random data asinputs to computer program |
|
Cross-site request forgery (XSRF) |
Attack uses the user’s webbrowser settings to impersonate the user |
|
Input validation |
Verifies a user’s input to an application andis performed after data entered but before destination isknown (i.e., suitable for handling trusted data, rather thaninjection attacks) |
|
Server-side validation |
Input validation generally uses theserver to perform the validation |
|
Client-side validation |
Client perform the validation |
|
NoSQL |
New nonrelational databases that are better tunedfor accessing large data sets |
|
NoSQL databases vs. SQL database |
Argument over whichdatabase technology is better |
|
Exe file attack |
Modifying or creating exe files on a computer |
|
System Tampering |
Use vulnerablity to modify senitive areas of the OS. |
|
Process spawning control |
Trick the vulnerable app into creating exe on the system. |
|
Data loss prevention (DLP) |
System of security tools used torecognize and identify critical data and ensure it is protected |
|
Data in-use |
Data actions being performed by endpointdevices |
|
Data in-transit |
Actions that transmit the data across anetwork |
|
Data at-rest |
Stored on electronic media |
|
Content inspection |
Security analysis of transaction andtakes context into account |
|
DLP network sensors |
Installed on perimeter of network toprotect data in-transit by monitoring all network traffic |
|
DLP agent sensors |
Sensors are installed on each host device(desktop, laptop, tablet, etc.) and protect data in-use (seeFigure 4-9) |