Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/62

Click to flip

62 Cards in this Set

  • Front
  • Back
OSI model
Application - Presentation - Session - Transport - Network - Data - Physical
(All people should tell NMCI die please!)
SSL occurs in which layer
Presentation
What encryption does SSH use?
Blowfish, DES and IDEA
What encryption PGP uses?
Diffie-Hellman, RSA
Principle of least privilege
Security rule of thumb that states that users should be granted only the level of access needed for them to accomplish assigned work tasks and no more.
Privileges
A privilege is an avility or activity that a user account is granted premission to perform
Implicit deny
Implicit deny is the default security stance that if you are not specifically granted access or privileges over a resource, you are denied access by default
Separation of duties
Seperation of guties is the division of administrator or privileged tasks into distinct groupings, with each group in turn assigned to unique administrators.
Job rotation
Job rotation means there are multiple people who have the knowledge to perform each highly privileged task
Mandatory Access Control
A form of access control commonly employed by gov and military environments. MAC specifies that access is granted based on a set of rules rather than at the discertion of a user.
The rules that govern MAC are hierarchical in nature and are often called
sensitivity labels, security domains or classifications
What is the primary purpose of MAC
To prevent disclosure: the violation of security principle of configentiality
MAC works by assigning users
Clearance level and sensitivity label
What is an improvement to MAC
Including the Need To Know
Discretionary Access Control
A form of access control that is used in most commercial and home environment. DAC is user directed, controlled by the owner and creators of the object in the environment.
How is access granted in DAC
Access is granted or restricted by the owner's identity.
DAC uses what to control access?
ACL
Role Based Access Control
It may be grouped with non-discretionary access control methods along with MAC
What environment is suitable for RBAC?
Where there is a high level of employee turnover.
Common MAC hierarchies
Government uses: Unclass, sensitive but unclass, confidential, secret and top secret
Private sector: Public, sensitive, private, confidential
Centralized privilege management
In centralized privilege management, a single server (or set of servers) is responsible for managing, controlling and implementing all security control, access rights, and privileges. E.G. RADIUS authentication
Decentralized privilege management
In decentralized privilege management, each system is responsible for managing, controlling and implementing security control access rights and privileges.
ACL
Access control list is the collection of usernames and group names with specific permission allow/deny assignments embedded onto a resource object
Password policy
A password policy is both a set of rules writeen out as part of the organizational security policy that dictates the req of users and device passwords
Discretionary Access Control
A form of access control that is used in most commercial and home environment. DAC is user directed, controlled by the owner and creators of the object in the environment.
How is access granted in DAC
Access is granted or restricted by the owner's identity.
DAC uses what to control access?
ACL
Role Based Access Control
It may be grouped with non-discretionary access control methods along with MAC
What environment is suitable for RBAC?
Where there is a high level of employee turnover.
Common MAC hierarchies
Government uses: Unclass, sensitive but unclass, confidential, secret and top secret
Private sector: Public, sensitive, private, confidential
Centralized privilege management
In centralized privilege management, a single server (or set of servers) is responsible for managing, controlling and implementing all security control, access rights, and privileges. E.G. RADIUS authentication
Decentralized privilege management
In decentralized privilege management, each system is responsible for managing, controlling and implementing security control access rights and privileges.
ACL
Access control list is the collection of usernames and group names with specific permission allow/deny assignments embedded onto a resource object
Password policy
A password policy is both a set of rules writeen out as part of the organizational security policy that dictates the req of users and device passwords
Domain password policy
A domain password policy is the password policy wihtin a GPO
Single Sign-On
Single sign-on means that once a user is authenticated into a realm, they need not reauthenticate to access resources
Multi-factor authentication
Multi-factor authentication is the req that a user must provide 2 or more authentication factors
2-factor authentication
Authentication uses 2 factors
Authentication factors
Something you know
Something you have
Something you are
Kerberos
Kerberos is a trusted 3rd party authentication protocol. It uses encryption keys as tickets with time stamp to prove identity and grant access to resources. Kerberos is a SSO solution employing a KDC to manage its centralized authentication mechanism
CHAP
Challenge-Handshake Authentication Protocol and is primary used for dial-up connections. CHAP uses a one-way hash to protect passwords and periodically reauthenticates clients.
Passwords
The most popular but weakest form of protection
Tokens
Tokens are a "something you have" type of authentication factor.
Mutual authentication
Mutual authentication is two-way authentication. The subject authenticates to the object and the object authenticates back to the subject
Biometrics
Something you are
Physical access control
Physical acess control regers to mechanisms designed to manage and control enterance into a location
Physical barriers
Physical barriers are erected to control access into a location
Boundary-crossing devices
Doors and gates can be locked and controlled in such a way that only authorized personnel can unlock and enter through them. This could be lock and keys or biometrically controlled
Security guards
Someone watching over security boundary
Mantraps
A mantrap is a form of high-security barrier entrance device
Biometrics used for physical security
Locks are keyed to biometrics
Access control
Restricts users from accessing resources on a network
Authentication
Proves the identity of communication partners
Confidentiality
Prevents unauthorized disclosure of secured data
Data integrity
Prevents unwanted changes of data while in transit
Asymmetric encryption standards
RSA, Diffie-Hellman
PAP
Password Authentication Protocol. It is a weak authentication protocol with just user name and password in plaintext
LADP is a simpler implementation of what standard
X.500
ICS provides
NAT, IP addressing, name resolution
External motion dectors can use
Sound, Infrared, Ultrasound
What is TACACS
Terminal Access Controller Access Control System
Difference between Knowledge-based and Behavior-based IDS
Knowledge-based IDS solutions use known attack signatures to identify network attacks. Behavior-based IDS is incorrect because behavior-based IDS solutions measure access patterns against known baselines to identify attacks.