Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
60 Cards in this Set
- Front
- Back
What is CEP?
|
A propriatary protocol developed by Cisco that allows devices to acquire and utilize digital certificates from CAs used for the development of IPSEC VPNs
|
|
What is Fips?
|
includes standards issued by the US gov't for the evaluation of cryptography modules
|
|
What is Fips 140-2?
|
Associated with PKI, 4 levels of security
|
|
What is ISO 17799?
|
internationally recognized standards provides a comprehensive set of controls computing best practices in information security
|
|
What is the M of N?
|
relates to the concept of backing up the public and private keys across multiple systems
|
|
What is a mantrap?
|
a holding area between an entry point that gives security personnel time to view a person before allowing him into the building
|
|
What does social engineering rely on?
|
human emotions
|
|
What is reverse social engineering?
|
When an attacker provides information to the user that causes that user to believe the attacker is an authorized technical assistance
|
|
What is a Faraday cage?
|
a large well grounded metal box used to protect electronic equipment from eavesdropping
|
|
What is a technical control?
|
Using hardware and software technology to implement access control
|
|
What is CER?
|
Crossover error rate, the point at which FFR = FAR
|
|
Where is Kerberos normally used?
|
Win 2000+ & Sun Network File System
|
|
What is SESAME?
|
Secure European System and Applications in a mult-vendor environment, is a ticket based service that uses PKI, mD5 & CrC32
|
|
What is KryptoKnight?
|
another ticket based SSO authentication system
|
|
What is Bell La Padua?
|
No read up, no write down...addresses confidentiality
|
|
What is Biba?
|
First formal integrity model, lattice based. No read down, no write up, a subject at one level of integrity cannot invoke a subject at a higher level of integrity
|
|
What is Clark Wilson?
|
establishes a security framework for use in commercial activities such as the banking industry. Addresses integrity
|
|
What is 802.1
|
internetworking
|
|
What is 802.6?
|
metropolitan area network
|
|
What is 802.7?
|
Broadband technical advisory group
|
|
What is 802.8?
|
Fiber Optic technical advisory group
|
|
What is 802.9?
|
Integrated voice/data network
|
|
What is 802.10
|
network security
|
|
What is 802.12?
|
High speed network
|
|
What is the MAC layer responsible for?
|
performs error control, identifies hardware devic, controls media access
|
|
What is SLIP?
|
predecessor of PPP, developed to support TCP/IP network over low speed asynchronous
|
|
What is PPP?
|
Point-to-Point tunneling protocol, provides router-to-router and host-network connections over synchronous and asynchronous circuits
|
|
What is the network layer primarily responsible for?
|
routing
|
|
What are the two primary responsiblities of IP?
|
connectionless best effor delivery, fragmentation and reassembly of data grams
|
|
What is RARP?
|
reverse address resolution protocol maps MAC addresses to IP addresses
|
|
What is ICMP?
|
reports errors and other information back to the source reguarding the processing of transmittal of IP packets
|
|
What are the common ICMP messages?
|
destination unreachable, echo request/reply, redirect and time exceeded
|
|
What are the major functions of the transport layer?
|
flow control, multiplexing, vertical circuit mangement, error checking and recovery
|
|
What is TCP?
|
a full dupex, connection oriented protocol that provides reliable delivery of packets across a network
|
|
What is UDP?
|
a connectionless protocol that provides fast best effort delivery of datagrams across a network
|
|
What is SSL/TLS?
|
provides session-based encryption and authentication for secure communication between client and servers on the internet
|
|
What is SKIP?
|
similar to ssl but doens't require prior communication to establish a connection or exchange keys
|
|
What is the session layer responsible for?
|
establishng, coordinating and terminating communication session
|
|
What is the presentation layer responsible for?
|
coding and conversion functions
|
|
What is the application layer?
|
identifying and establishing availability of communication, determining resource availability, synchronizing communication
|
|
What is SET?
|
developed by Mastercard and Visa to provide secure e-commerce transactions
|
|
What is the difference between IPSEC transport and tunnel mode?
|
only the data is encrypted in transport mode and the entire packet is encyrpted in tunnel mode
|
|
What are the two main protocols in IPSEC?
|
authentication header (AH) and encapsulating security payload
|
|
What does AH provide in IPSEC?
|
integrity, authentication, & non-repudiation
|
|
What does ESP provide in IPSEC?
|
confidentiality and limited authentication
|
|
Which has a lower false alarm rate, behaviour based or knowledge based?
|
knowledge-based
|
|
What is a major disadvantage of knowledge based IDS?
|
signature files must be continually updated and unique attacks may not be caught
|
|
What type of encryption does CHAP use?
|
MD-5 1-way hash
|
|
What type of authentication mechanism does EAP support?
|
MD-5-challenge, S/Key, generic token card, digital certificate
|
|
What does TACAS+ provide that RADIUS does not?
|
authorization
|
|
What is the formula for risk?
|
Threat+vulnerability
|
|
What is the formula for ALE?
|
SLE X ARO = ALE
|
|
What are the three general remedies for risk
|
risk reduction, risk assignment, risk acceptance
|
|
What is an agent?
|
a component in a distributive system that performs a particular function
|
|
What is aggregation?
|
the process of combining low-sensitivity data items to produce a high sensitivity data item
|
|
What is fuzzy logic?
|
Breaks the factors or a decision an outcomes into components, evaluates each component to arrive at yes/no or true/false for the big question
|
|
What is system high mode?
|
refers toa system that operates at the highest level of classification
|
|
What is the difference between change and configuration management?
|
configuration mangement actually documents the how
|
|
What is heuristics?
|
AV software detects certain kinds of anomalous behavior
|
|
What is a psuedoflaw?
|
a special form of social engineering in which an attacker posing as a system or security admin or vendor tells a user that a security flaw has been detected on their system and they need to install a patch
|