• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/235

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

235 Cards in this Set

  • Front
  • Back

Information security

Focused on protecting electronicinformation of organizations and users

Information security managerial personnel

Administer andmanage plans, policies, and people

Information security technical personnel

Concerned withdesigning, configuring, installing, and maintaining technicalsecurity equipment

Chief Information Security Officer (CISO)

Reports directlyto CIO and responsible for assessing, managing, andimplementing security

Security manager

Reports to CISO and supervisestechnicians, administrators, and security staff

Security administrator

Manages daily operations of securitytechnology; has both technical knowledge and managerialskills

Security technician

Provide technical support to configuresecurity hardware, implement security software, and diagnoseand troubleshoot problems

CompTIA Security+

Certification that is widely recognized and highly respected vendor-neutral credential

Silver bullet

A specific and fail-safe solution that veryquickly and easily solves a serious problem

Confidentiality

Ensures only authorized parties can viewinformation

Integrity

Ensures information not altered

Availability

Ensures information accessible when needed toauthorized parties

Authentication

Ensures that the individual is who she claimsto be (the authentic or genuine person) and not an imposter

Authorization

Providing permission or approval to specifictechnology resources

Accounting

Provides tracking of events (e.g., who accessedthe web server, from what location, and at what specific time)

Securing Devices

Stored on computer hardware


Manipulated by software


Transmitted by communications

Vulnerability

A flaw or weakness that allows a threat agentto bypass security

Threat vector

Means by which an attack can occur

Threat likelihood

Probability that threat will come tofruition

Risk

Is a situation that involves exposure to some type ofdanger.

Risk avoidance

Making decision to not engage in the activity



Acceptance

Risk is acknowledged but no steps are taken toaddress it

Mitigation

Attempts to address the risks by making risks lessserious

Deterrence

Warning/Informing attacker of the harm thatmay come his way if he attacks an asset

Transference

Transfer the risk to a third party

Asset

Is an item that has value

Hacker

Older term referred to a person who used advancedcomputer skills to attack computers

Black hat hackers

Attackers who violated computer securityfor personal gain or to inflict malicious damage

White hat hackers

(Ethical attackers) Who receivedpermission to probe system for any weaknesses

Gray hat hackers

Attackers who would break into acomputer system without permission and then publiclydisclose vulnerability

Cybercriminals

Generic term describes individuals who launch attacks againstother users and their computer

Script Kiddies

Unskilled users with goal to break into computers to createdamage



40 percent (40%) of attacks performed by script kiddies

Brokers

Individuals who uncover vulnerabilities do not report it to thesoftware vendor but instead sell them to the highest bidder

Insiders

Employees, contractors, and business partners (a.k.a. insiders)who steal from employer

Cyberterrorists

Attackers who have ideological motivation

Hactivists

Hactivists (a combination of the words hack and activism) isanother group motivated by ideology




Unlike cyberterrorists who launch attacks against foreignnations to incite panic, hactivists generally not as well-defined.

State-Sponsored Attackers

Attackers supported by governments for launching computerattacks against their foes (e.g., Flame, Stuxnet)

Cyber Kill Chain (CKC)

An attacker who attempts to break into a web server orcomputer network actually follows these same steps

Defenses Against Attacks

1) Layering


2) Limiting


3) Diversity


4) Obscurity


5) Simplicity

Layering

Information security must be created in layers

Limiting

Limiting access to information reduces the threat against it

Diversity

Layers must be different (diverse)



If attackers penetrate one layer then same techniquesunsuccessful in breaking through other layers

Obscurity

Obscuring inside details to outsiders




Not revealing details:


> Type of computer


> Operating system version


> Brand of software used

Simplicity

Complex security systems can be hard to understand,troubleshoot, and even feel secure about

Malware (malicious software)

Software that enters acomputer system without the owners knowledge or consent

Oligomorphic malware

Changes its internal code to one of aset number of predefined mutations whenever executed

Polymorphic malware

Completely changes from its originalform whenever it is executed

Metamorphic malware

Can actually rewrite its own code andthus appears different each time it is executed

Circulation

Some malware has primary trait of spreadingrapidly to other systems to impact large number users

Infection

Some malware has primary trait of infect or embeditself into that system

Concealment

Some malware has as its primary trait avoidingdetection by concealing its presence from scanners

Payload capabilities

When payload capabilities are theprimary focus of malware, the focus is on what nefariousaction(s) the malware performs

Computer virus

Malicious computer code that reproducesitself on the same computer

Program virus

Virus that infects an executable program file

Macro virus

One of most common data file viruses writtenin a script known as a macro (macro is series of instructionsthat can be grouped together as single command).

Appender infection

Virus appends itself to end of a file

Armored Viruses

Virus goes to great lengths to avoid detection




**** name tbh. Stealth virus makes far more ******* sense.

Swiss cheese infection

Encrypts virus code and then dividedecryption engine into different pieces and inject these piecesthroughout the infected program code

Split infection

Viruses split the malicious code itself intoseveral parts

Virus Actions

When infected program is launched it activates its maliciouspayload




> Cause a computer to crash repeatedly


> Erase files from or reformat hard drive


> Turn off computers security settings

Virus Carriers

Virus cannot automatically spread to another computer




Relies on user action to spread

Worm

Malicious program that uses a computer network to replicate

Trojan

Program that does something other than advertised

Rootkit (Concealment)

Software tools used by an attacker to hide actions or presenceof other types of malicious softwaress

Spyware

Software that gathers information without user consent

Keylogger

Software that captures userskeystrokes

Erik

Beastly

Adware

Program that delivers advertising content in mannerunexpected and unwanted by the user

Ransomware

Program that prevents a user’s device from properly operatinguntil a fee is paid

Logic Bomb

Computer code that lies dormant until triggered by a specificlogical event and then performs malicious activities

Backdoor

Software code that circumvents normal security to giveprogram access

Zombie

Infected robot (bot) computer

Botnet

Multiple zombie computers gathered into a logicalcomputer network

Bot herder

Attacker who controls bonet

Command and control

Instructions from thebot herders regarding which computers to attack and how

Social engineering

Means of gathering information fromindividuals by relying on their weaknesses

Social engineering (Psychology)

The mental and emotional approach in socialengineering attack

Impersonation

Masquerade as a real or fictitious characterand then play out the role of that person on a victim

Common Phishing Features –Phishing

Sending email or display web announcementclaiming to be from legitimate source

Common Phishing Features –Deceptive web links

Use variations of a legitimate address(e.g. www.ebay secure.com, www.e–bay.com,www.e-baynet.com)

Common Phishing Features –Logos

Include logo of vendor to make request look genuine

Pharming

Automatically redirects user to fraudulent website

Spear phishing

Email messages target specific users

Whaling

Going after the big fish by targeting wealthyindividuals

Vishing (voice phishing)

Attacker calls victim with recordedmessage with callback number, but number is actually toattacker

Spam

Unsolicited email

Spim

Targets instant messaging users

Image spam

Uses graphical images of text


Circumvents text-based filters


Often contains nonsense text

Hoaxes

False warning or claim

Typo squatting (URL hijacking)

Attacker registers fakelook-alike site to which user is automatically directed whenmakes a typing error when entering URL (Uniform ResourceLocator) address in a web browser (e.g. goggle.com orgoogle.net instead of google.com)

Watering hole attack

Directed toward smaller group ofspecific individuals, such as the major executives working for amanufacturing company

Physical Procedures

These attacks take advantage of user actions that can resultin compromised security

Dumpster Diving

Digging through trash to find usefulinformation

Tailgating

Following an authorized person entering througha door

Shoulder surfing

Casually observing user entering keypadcode

Network used to connect different _______ and ______ together

Network used to connect different clients and servers together

Clients and servers run an _________ _________

Clients and servers run an operating system

Operating system controls _____________

Operating system controls applications

Applications manipulate data

Applications manipulate _____

Threee things Application Attacks target:

operating system




applications




data

Server-Side Web Application Attacks

Exploit the dynamic content based on inputs from user

Zero day attacks

Exploit previously unknown vulnerabilitiesso victims have no time to prepare or defend

Cross-Site Scripting (XSS)

Injects scripts into webapplication server to direct attacks at unsuspecting clients




Cross-site scripting attacks occur when attacker takesadvantage of web applications that accept user input withoutvalidation and then present back to user

SQL (Structured Query Language)

Used to manipulate datastored in relational database

SQL Injection

Targets SQL servers by introducing maliciouscommands

Markup language

Method for adding annotations to text

Hypertext Markup Language (HTML)

Uses tags surrounded by brackets (i.e., < >)



Instructs browser to display text in specific format

Extensible Markup Language (XML)

Carries data instead of indicating how to display it




Users define their own tags

XML Injection

1) Attacker discovers Web site that does not filter user data




2) Injects XML tags and data into the database





Directory traversal

Uses malformed input or takes advantageof vulnerability to move from root directory to restricteddirectories

Command injection

Attacker enters commands to executeon server or view confidential files

Client-side attacks

Target vulnerabilities in client applications


> Interacting with a compromised server


> Client initiates connection with server, which could result in anattack




One example of a client-side attack is drive-by download

Drive-By Download

Client computer compromised simply by viewing a Web page

Common client-side attacks include:

> Header manipulation


> Cookies


> Attachments


> Session hijacking


> Malicious add-ons

HTTP header

Consists of fields that characterize data beingtransmitted

HTTP header manipulation

Attack modifies HTTP headers




Not actual attack but rathervehicle through which other attacks like (XSS) can belaunched

Referer

Can bypass security by modifying Referer field tohide fact came from another site

Accept-Language

Because some web applications passcontents of field directly to database, attacker can inject SQLcommand by modifying header

Response splitting

Inserting a CRLF (Enter Key) in an HTTP header cangive attackers control of the remaining HTTP headers andbody of the response

Cookies

Store user-specific information on user’s localcomputer

First-party cookie

Cookie created by Web site user currentlyvisiting

Third-party cookie

Site advertisers (third parties) placecookie to record user preferences

Session cookie

Stored in RAM and expires when browser isclosed

Persistent cookie

Recorded on computer’s hard drive anddoes not expire when browser closes

Session token

Verification through which random stringassigned to interaction between user and web applicationcurrently being accessed (session)






1) Web application server assigns a unique session token




2) Each subsequent request from user’s web browser to webapplication contains session token verifying user identity

Session hijacking

Attacker attempts to impersonate the userby using her session token

Plug-in

Third-party library that attaches toweb browser and can be embedded inside a webpage butaffects only specific page




(e.g., Java, Adobe Flash player, Apple QuickTime, Adobe Acrobat Reader)

Add-ons or extensions

Tools that add functionality to theweb browser itself




(e.g., Create additional web browsertoolbars, Change browser menus, etc.)

ActiveX

Set of rules for how applications under theMicrosoft Windows operating system should share information

ActiveX controls (add-ons)

Specific way of implementingActiveX and are sometimes called ActiveX applications

Impartial Overflow Attacks

Some attacks are impartial in that they can target eitherserver or client

Buffer Overflow Attack

Process attempts to store data inRAM beyond boundaries of fixed-length storage buffer

Integer Overflow Attack

Condition occurs when result of arithmeticoperation (addition or multiplication) exceeds the maximumsize of the integer type used to store it




When overflow occurs, the interpreted value then wrapsaround from maximum value to minimum value

Heap spray

Targeted to insert data only in certain parts ofmemory

Arbitrary/remote code execution

Allows attacker to runprograms and execute commands on different computer

Networking-Based Attacks

Exploiting single vulnerability may expose hundreds orthousands of devices to an attacker

Denial of service (DoS)

Attempts to prevent system fromperforming normal functions

Distributed denial of service (DDoS)

Uses thousands zombiecomputers in botnet

Ping flood attack

Ping utility used to send large number ofecho request messages and overwhelms server

Smurf attack

Ping request with originating address changed(spoofing) and appears as if target computer is asking forresponse from all computers on the network

SYN flood attack

Takes advantage of procedures forestablishing connection

Man-in-the-middle Attack

Makes it appear that two entities arecommunicating with each other, when actually they aresending and receiving data with a third part between them




Man-in-the-middle attack can be passive or active.

Replay Attack

Replay makes a copy of the transmission before sending it tothe recipient for use at a later time (the man-in-the-middlereplays it)

ARP Poisoning

Attacker modifies MAC address in ARP cache to point todifferent computer (see Table 3-4)

Domain Name System (DNS)

Current basis for nameresolution to IP address

DNS poisoning

Substitutes DNS addresses to redirectcomputer to another device

Vertical privilege escalation

User with lower privilege usesprivilege escalation to grant self access functions reserved forhigher-privilege users

Horizontal privilege escalation

User with restricted privilegesaccesses the different restricted functions of a similar user

Host

Can be either a server or a client on a network,runs applications that process, save, or transport data

Security control

Any device or process used to reduce risk

Administrative controls

Processes for developing andensuring that policies and procedures are carried out

Technical controls

Processes carried out or managed bydevices

Deterrent control

Attempts to discourage security violationsbefore they occur

Preventive controls

Works to prevent the threat fromcoming into contact with the vulnerability

Detective controls

Designed to identify any threat that hasreached the system

Compensating controls

Controls that provide alternative tonormal controls that for some reason cannot be used

Corrective controls

Controls intended to mitigate or lessenthe damage caused by the incident

External Perimeter Defenses examples

Barriers, Guards, Motiondetection devices

Internal Physical Access Security examples

Hardware locks,Proximity readers, Access lists, Mantraps, ProtectedDistribution Systems

Hardware security

Cable lock, Safe or Locking cabinet

Fencing

Tall, permanent structure to keep out individualsfor maintaining security

Sign

– Explains the area is restricted

Lighting

Area can be viewed after dark

Anticlib Paint

Non dry paint, hard to climb

Anti Climb collar

Spikes on a pole

Roller Barrier

Indepedent rolling bar on top of fence

Rotating Spikes`

Top of walls, gates or fences.




Roller Barrier + Spikes

Barricade

Generally designed to block passage of traffic

Guards

Humanguards are considered active security elements




Unlike passive devices, guard can differentiate between anintruder and non-intruder (e.g., someone looking a lost pet)

Video surveillance

– Uses video cameras to transmit a signa

Closed circuit television (CCTV)

Video signal to a specificand limited set of receivers

CCTV options:

Fixed in single position (pointed at door or hallway)




Movable in 360 degrees for a full panoramic view




Motion-tracking (will automatically follow any movement)

Motion detection

Determining object’s change in position inrelation to surroundings



Usually generates an audible alarm to warn guardof an intruder

Deadbolt lock

Extends solid metal bar into door frame forextra security




Much more difficult to defeat than keyed entry locks

Cipher lock

Combination sequence necessary to open door




Can be programmed to allow individual’s code to give accessat only certain days or times




Records when door is opened and by which code



Proximity Readers

user canuse an object (physical token) for identification






Later ID badges were magnetic stripe cards that were swipedor contained barcode identifier scanned to identify user

Proximity reader

Device that receives the badge signal

Access list

Record of individuals who have permission toenter secure area

Mantrap

Separates a secured from a non-secured area

Protected distribution system (PDS)

System of cableconduits used to protect classified information beingtransmitted between two secure areas

Hardened carrier PDS

Data cables installed in conduitconstructed of special electrical metallic tubing or similarmaterial

Alarmed carrier PDS

Carrier system deployed withspecialized optical fibers in the conduit




Can sense acoustic vibrations and trigger alarm when intruderattempts to gain access

Hardware security

Physical security protecting host systemhardware

Cable lock

inserted into slot and secured to device

Securing the Operating System Software:




Security through configuration

Properly configure operatingsystem after it has been installed to fortify it

Securing the Operating System Software:




Security through design

Tighten security during initial designand coding of operating system.

A security policy

A document or a series of documents thatclearly defines the defense mechanisms an organization willemploy in order to keep information secure

A baseline

Is the standard or checklist against which systemcan be evaluated and audited for their level of security
a security template
a collection ofsecurity configuration settings
Group Policy
Provides centralized management andconfiguration of computers and remote users who are usingspecific Microsoft directory services known as Active Directory
Security patch

General software update to cover discoveredvulnerabilities

Hotfix

Addresses specific customer situation

Service pack

Accumulates patches, hotfixes, and additionalfeatures

Automated patch update service

Manage patches locallyinstead using vendor’s online update service

OS hardening

Necessary to tighten security during designand coding of OS

Trusted OS

Operating system that has been designedthrough OS hardening

Antivirus (AV)

Software that examines computer forinfections

Static analysis

Scan files by attempting to match knownvirus patterns against potentially infected files

Dynamic heuristic detection

Uses variety of techniques tospot characteristics of virus instead of attempting to makematches

Code emulation

Virtual environment is created thatsimulates the central processing unit (CPU) and memory ofthe computer

Bayesian filtering

Analyzes every word in each email anddetermines how frequently a word occurs in spam pilecompared to not-spam pile

Blacklist

Allow everything in unless it appears on the list

White list

List of approved senders

Pop-up

Small window appearing over web-page usuallycreated by advertisers

Pop-up blocker

Separate program as part of antispywarepackage incorporated within browser that allows user to limitor block most pop-ups

Firewall (packet filter)

Designed prevent malicious packetsfrom entering/leaving

Host-based application firewall

Software firewall runs onlocal system

Static environment

Types of devices with microprocessorsnot designed to be updated

Embedded system

Computer system with a dedicatedfunction within a larger electrical or mechanical system

Game consoles

Many consumer game consoles containadaptations of general-purpose operating systems and maycontain some of same vulnerabilities

Smartphone

Includes an operating system that allows it torun third-party applications but operating systems havevulnerabilities that attackers can exploit

Mainframe

Very large computing systems that havesignificant processing capabilities

In-vehicle computer systems

Automobile functions that arecontrolled by microprocessors

SCADA (supervisory control and data acquisition)

Large-scale industrial-control systems found in militaryinstallations, oil pipeline control systems, manufacturingenvironments, and nuclear power plants

Application development security

Security for applications must be considered through allphases of the software life cycle (i.e., design, developmenmt,testing, deployment, and maintenance)

Application Configuration Baselines

standard environment settings inapplication development can stablish a secure baseline

Secure Coding Concepts

Coding standards increase applications’ consistency, reliability,and security

Errors (exceptions)

Faults that occur while application isrunning

Fuzz testing (fuzzing)

Software testing technique thatdeliberately provides invalid, unexpected, or random data asinputs to computer program

Cross-site request forgery (XSRF)

Attack uses the user’s webbrowser settings to impersonate the user

Input validation

Verifies a user’s input to an application andis performed after data entered but before destination isknown (i.e., suitable for handling trusted data, rather thaninjection attacks)

Server-side validation

Input validation generally uses theserver to perform the validation

Client-side validation

Client perform the validation

NoSQL

New nonrelational databases that are better tunedfor accessing large data sets

NoSQL databases vs. SQL database

Argument over whichdatabase technology is better

Exe file attack

Modifying or creating exe files on a computer

System Tampering

Use vulnerablity to modify senitive areas of the OS.

Process spawning control

Trick the vulnerable app into creating exe on the system.

Data loss prevention (DLP)

System of security tools used torecognize and identify critical data and ensure it is protected

Data in-use

Data actions being performed by endpointdevices

Data in-transit

Actions that transmit the data across anetwork

Data at-rest

Stored on electronic media

Content inspection

Security analysis of transaction andtakes context into account

DLP network sensors

Installed on perimeter of network toprotect data in-transit by monitoring all network traffic

DLP agent sensors

Sensors are installed on each host device(desktop, laptop, tablet, etc.) and protect data in-use (seeFigure 4-9)