Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
488 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
"Confinement/ sandboxing"
|
"Allows a process to read from Android to only certain memory locations and resources"
|
|
|
|
"Bounds"
|
"Limits set on the memory addresses and resources a process can access "
|
|
|
|
"Isolation"
|
"The process that is confined through boundary enforcement and used to protect the operating environment, the kernel, and other independent apps. Prevent applications from accessing in–use memory or resources."
|
|
|
|
"Clearance"
|
"A subjects' attributes define its _______"
|
|
|
|
"Classification"
|
"An objects' attributes define its ______"
|
|
|
|
"Trusted system"
|
"A system in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure Computing environment"
|
|
|
|
"Security token"
|
"Separate object that is associated with the resource and describes it security attributes; access prior to requesting access to the actual object"
|
|
|
|
"Trusted Computing base"
|
"A combination of Hardware, software, and patrols that work together to form a trusted base to enforce your security policy"
|
|
|
|
"Reference monitor"
|
"The part of the PCB that validates access to every resource prior to granting access request"
|
|
|
|
"Security Kernel"
|
"The collection of components in the TCB that work together to implement reference monitor functions"
|
|
|
|
"Information flow model"
|
"A common Access Control security model, based on the state machine model, which prevents unauthorized information flows, whether within the same classification level or between classification."
|
|
|
|
"Non–interference model"
|
"A common access security model that is not concerned with information flows but rather concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security state."
|
|
|
|
"Take – Grant model"
|
"The common Access Control security model focused on confidentiality of objects and employs a directed graph to dictate how rights can be passed from one subject to another or from subject to object."
|
|
|
|
"Access Control Matrix"
|
"A common Access Control security model which has a table of subjects and objects that indicate the actions or functions that each subject can perform on each object."
|
|
|
|
"Capabilities list"
|
"In an access control Matrix each subject row of the Matrix is called a_________."
|
|
|
|
"An Access Control list (ACL)"
|
"In an access control Matrix each object column is called ______."
|
|
|
|
"Bell–Lapadula model"
|
"Which Access Control security model has subjects that have clearance levels; allows them to access only those objects with corresponding classifications; are focused on confidentiality of objects; are derived from dod's multi–level security policies; does not address Integrity or availability; prevents leaking or transfer of classified information to less secure clearance Levels by blocking lower classified subjects from accessing higher–level objects; and based on both state machine concept and information flow models."
|
|
|
|
"Simple security property"
|
"A basic property of the State machine that has no read up but allows read down"
|
|
|
|
"*star security property "
|
"A basic property of the state machine that has no right down but allows for right up."
|
|
|
|
"Discretionary security property"
|
"The basic property of the Bell–Lapadula state machine that uses an access matrix for discretionary Access Control enforcement."
|
|
|
|
"Assurance"
|
"The degree of confidence in satisfaction of security needs"
|
|
|
|
"Security perimeter"
|
"The imaginary boundary that separates the PCB from the rest of the system and ensures that note in Secure Communications occur between the PCB and other elements"
|
|
|
|
"Trusted paths"
|
"In a trusted Computing base, secure Communications are managed through _______."
|
|
|
|
"State Machine model"
|
"A common Access Control security model that describes a system that is always secure no matter what state it is in."
|
|
|
|
"What is a key difference in security between MAC and DAC?"
|
"In MAC, a user who can access a file cannot necessarily copy it"
|
|
|
|
"What DoD classification does MAC map to?"
|
"Level–B classification"
|
|
|
|
"What DoD classification does DAC map to?"
|
"Level–C classification"
|
|
|
|
"What does CHAP use for authentication?"
|
"hashing"
|
|
|
|
"What type of encryption is AES?"
|
"symmetric"
|
|
|
|
"What kind of algorithm is 3DES?"
|
"symmetric"
|
|
|
|
"What algorithm does AES use?"
|
"Rijndael"
|
|
|
|
"What two encryption standards is AES designed to replace?"
|
"DES and 3DES"
|
|
|
|
"What is the most effective way of enforcing security in a dialup network?"
|
"require callback"
|
|
|
|
"What port do DNS lookups use?"
|
"UDP port 53"
|
|
|
|
"What are the two types of symmetric algorithms?"
|
"block and stream"
|
|
|
|
"What is the main difference between S/MIME and PGP?"
|
"S/MIME relies upon a CA for public key distribution"
|
|
|
|
"What is the maximum throughput of 802.11a?"
|
"54 Mbps"
|
|
|
|
"What is the maximum throughput of 802.11g?"
|
"54 Mbps"
|
|
|
|
"What type of media access control does 802.11 use?"
|
"collision avoidance"
|
|
|
|
"What two bit strengths is SSL available in?"
|
"40–bit and 128–bit"
|
|
|
|
"What is the maximum capacity of QIC?"
|
"20 GB"
|
|
|
|
"What is the maximum capacity of 4mm DAT?"
|
"40 Gb"
|
|
|
|
"What is the maximum capacity of 8mm tapes?"
|
"50 Gb"
|
|
|
|
"What is the maximum capacity of Travan?"
|
"40 Gb"
|
|
|
|
"What is the maximum capacity of DLT?"
|
"220 Gb"
|
|
|
|
"With biometric scanning, what is rejecting a valid user called?"
|
"Type I error"
|
|
|
|
"With biometric scanning, what is accepting a user who should be rejected called?"
|
"Type II error"
|
|
|
|
"In biometric scanning, what is the crossover rate?"
|
"error percentage when Type I and II errors are equal"
|
|
|
|
"What mathematical fact does a birthday attack rely on?"
|
"it is much easier to find two datasets that share a hash than to find a dataset that shares a hash with a given dataset"
|
|
|
|
"What is OCSP?"
|
"Online Certificate Status Protocol– a replacement for CRL"
|
|
|
|
"What disadvantage does CRL have that OCSP addresses?"
|
"updates must be downloaded frequently to be accurate"
|
|
|
|
"What is the difference between S–HTTP and SSL?"
|
"S–HTTP is designed to send individual messages securely; SSL sets up a secure connection between two computers"
|
|
|
|
"What protocol is being pushed as an open standard for IM?"
|
"SIMPLE"
|
|
|
|
"What are the three components of AAA?"
|
"Authentication, Authorization, Access Control"
|
|
|
|
"What is an open relay?"
|
"an SMTP relay that does not restrict access to authenticated users"
|
|
|
|
"What encryption scheme does WEP use?"
|
"RC4"
|
|
|
|
"What are the two main types of firewalls?"
|
"application–level and network–level"
|
|
|
|
"What happens if an application–level protocol doesn't have a proxy program for a given protocol?"
|
"the protocol can't pass through the firewall"
|
|
|
|
"Which is faster, application–level or network–level firewalls?"
|
"network–level firewalls"
|
|
|
|
"Does DSS use symmetric or asymmetric keys?"
|
"asymmetric"
|
|
|
|
"What does PGP use in place of a CA?"
|
"a "web of trust""
|
|
|
|
"What is X.509 used for?"
|
"digital certificates"
|
|
|
|
"What type of network is extremely vulnerable to Man in the Middle attacks?"
|
"wireless"
|
|
|
|
"What port does the chargen exploit use?"
|
"TCP 19"
|
|
|
|
"What ports does FTP use?"
|
"ports 20 and 21"
|
|
|
|
"What port does SSH use?"
|
"port 22"
|
|
|
|
"What port does SMTP use?"
|
"port 25"
|
|
|
|
"What ports does DNS use?"
|
"TCP and UDP 53"
|
|
|
|
"What port does SNMP use?"
|
"port 161"
|
|
|
|
"What port does RADIUS use?"
|
"port 1812"
|
|
|
|
"What advantage does TACACS+ have over TACACS?"
|
"multi–factor authentication"
|
|
|
|
"What two protocols were combined to form L2TP?"
|
"Microsoft's PPTP and Cisco's L2F"
|
|
|
|
"What three utilities comprise SSH?"
|
"SSH, Slogon, SCP"
|
|
|
|
"What two services are provided by IPSec?"
|
"Authentication Header (AH) and Encapsulating Security Payload (ESP)"
|
|
|
|
"Who developed PGP?"
|
"Phillip R. Zimmerman"
|
|
|
|
"What two algorithm options exist for PGP?"
|
"RSA and Diffie–Hellman"
|
|
|
|
"What is TLS?"
|
"Transport–Layer Security– a successor to SSL"
|
|
|
|
"What type of encryption does SSL use?"
|
"RSA PKI"
|
|
|
|
"What two layers does TLS consist of?"
|
"TLS Record Protocol and TLS Handshake Protocol"
|
|
|
|
"What is HTTPS?"
|
"HTTP over SSL"
|
|
|
|
"What language is normally used to write CGI scripts?"
|
"Perl"
|
|
|
|
"What model is DEN based on?"
|
"Common Information Model (CIM)"
|
|
|
|
"What does S/FTP use for encryption?"
|
"SSL"
|
|
|
|
"What OS do most PBX's use?"
|
"UNIX"
|
|
|
|
"What four trust models do PKI's fall into?"
|
"heirarchical; network/mesh; trust list; key ring"
|
|
|
|
"Does PPTP require IP connectivity?"
|
"yes"
|
|
|
|
"What does IPSec use for authentication and key exchange?"
|
"Diffie–Hellman"
|
|
|
|
"What does IPSec use for encryption?"
|
"40–bit DES algorithm"
|
|
|
|
"What two methods are used to determine VLAN membership on a remote switch?"
|
"implicit, based on MAC address; explicit, where the first switch adds a tag"
|
|
|
|
"What is the top priority in computer forensics?"
|
"document each step taken"
|
|
|
|
"How does CHAP work?"
|
"server sends random value to client; client uses MD5 to create hash with ID, random value, and shared secret; client sends hash to server; server performs same function and compares values"
|
|
|
|
"Is L2TP usually implemented through hardware or software?"
|
"hardware"
|
|
|
|
"What port does L2TP use?"
|
"UDP 1701"
|
|
|
|
"What protocol does IPSec use to exchange keys?"
|
"Internet Key Exchange (IKE)"
|
|
|
|
"What advantage does TACACS+ have over RADIUS?"
|
"better security"
|
|
|
|
"What makes non–repudiation a stronger version of authentication?"
|
"non–repudiation comes from a third party"
|
|
|
|
"What is a teardrop attack?"
|
"a type of DoS attack using a false fragmentation offset value"
|
|
|
|
"From what does RSA derive its strength?"
|
"the difficulty of factoring large numbers"
|
|
|
|
"Is RSA a public– or private–key system?"
|
"public–key"
|
|
|
|
"What is the standard key length for IDEA?"
|
"128 bits"
|
|
|
|
"How are RSA and DES used together?"
|
"RSA is used to encrypt the key for transmission; DES is used for message encryption"
|
|
|
|
"What is IDEA?"
|
"International Data Encryption Algorithm– a 128–bit private–key encryption system"
|
|
|
|
"What size is an MD5 hash?"
|
"128 bits"
|
|
|
|
"Observing the timer value in the TCP stack makes what possible?"
|
"determining the OS in use, useful in planning attacks"
|
|
|
|
"What is the first step in risk analysis?"
|
"identifying assets"
|
|
|
|
"What are the seven stages in a certificate life cycle?"
|
"certificate enrollment; distribution; validation; revocation; renewal; destruction; auditing"
|
|
|
|
"What is port mirroring?"
|
"on switches, the ability to map the input and output of one or more ports to a single port"
|
|
|
|
"What security hole does RIPv1 pose?"
|
"RIPv1 does not allow router passwords"
|
|
|
|
"Which of the five router services do e–mail gateways provide?"
|
"application filtering"
|
|
|
|
"What are the three types of NAT?"
|
"static NAT; dynamic NAT; overloading NAT"
|
|
|
|
"How do the RADIUS client and server avoid sending their shared secret across the network?"
|
"shared secret is hashed and hash is sent"
|
|
|
|
"In MAC, of read–up, read–down, write–up, and write–down, which two are legal? Which two are illegal?"
|
""legal– read–down, write–up"
|
|
|
|
"What is an SIV?"
|
"System Integrity Verifier– IDS that monitors critical system files for modification"
|
|
|
|
"What language are most new smart card applications written in?"
|
"Java"
|
|
|
|
"What type of IDS will likely detect a potential attack first? Why?"
|
"Network–based IDS: runs in real–time"
|
|
|
|
"What drawback do heuristic–based IDS's have?"
|
"higher rate of false positives"
|
|
|
|
"What are the four layers of the TCP/IP suite? How do they map to the OSI model?"
|
""Application > Application–Session"
|
|
|
|
"What are the six steps to incident response?"
|
"Preparation; Identification; Containment; Eradication; Recovery; Follow–Up"
|
|
|
|
"What are most fire extinguishers loaded with?"
|
"FE–36"
|
|
|
|
"What is FE–13 used for?"
|
"explosion prevention"
|
|
|
|
"What is the maximum length of a valid IP datagram?"
|
"64K"
|
|
|
|
"What is the RFC–recommended size of an IP datagram?"
|
"576 bytes"
|
|
|
|
"What is IGMP used for?"
|
"multicasting"
|
|
|
|
"What is bytestream?"
|
"data from Application layer is segmented into datagrams that source and destination computers will support"
|
|
|
|
"What two pieces of information comprise a socket?"
|
"source IP address and source port"
|
|
|
|
"At the Network Interface layer, what is the packet of information placed on the wire known as?"
|
"a frame"
|
|
|
|
"What IP layer do man–in–the–middle attacks take place at?"
|
"internet layer"
|
|
|
|
"What IP layers do DoS attacks occur at?"
|
"any layer"
|
|
|
|
"What IP layer do SYN floods occur at?"
|
"transport layer"
|
|
|
|
"Which hashing algorithm is more secure, MD5 or SHA–1?"
|
"SHA–1"
|
|
|
|
"What is the key length for Blowfish?"
|
"variable length"
|
|
|
|
"How are digital signatures implemented?"
|
"a hash is created and encrypted with the creator's private key"
|
|
|
|
"How are asymmetric algorithms used for authentication?"
|
"authenticator sends a random number (nonce) to receiver, who encrypts it with their private key"
|
|
|
|
"In a bridge CA architecture, what is the CA that connects to a bridge CA called?"
|
"a principal CA"
|
|
|
|
"Who defines a certificate's life cycle?"
|
"the issuing CA"
|
|
|
|
"At what OSI layer (and above) must networked computers share a common protocol?"
|
"data link and above"
|
|
|
|
"What security hole does SPAP have?"
|
"remote server can be impersonated"
|
|
|
|
"What protocol does RADIUS use?"
|
"UDP"
|
|
|
|
"What protocol does TACACS+ use?"
|
"TCP"
|
|
|
|
"What sort of devices normally use TACACS?"
|
"network infrastructure devices"
|
|
|
|
"What limitation does IPSec have?"
|
"only supports unicast transmissions"
|
|
|
|
"What does IPSec require to be scaleable?"
|
"a PKI"
|
|
|
|
"What are the three major components of SSH?"
|
"Transport Layer protocol (SSH–TRANS); User authentication protocol (SSH–USERAUTH); connection protocol (SSH–CONN)"
|
|
|
|
"What do BSS and ESS stand for?"
|
"Basic Service Set and Extended Service Set"
|
|
|
|
"What does ESS offer that BSS does not?"
|
"the ability to roam between AP's"
|
|
|
|
"What are the two parts of a Key Distribution Center?"
|
"An authentication server (AS) and a ticket–granting server (TGS)"
|
|
|
|
"What are the three major classification levels with MAC?"
|
"Top Secret; Confidential; Unclassified"
|
|
|
|
"What does echo do?"
|
"responds to packets on UDP port 7"
|
|
|
|
"What does chargen do?"
|
"responds to packets on UDP port 19 with random characters"
|
|
|
|
"What is an FTP bounce?"
|
"running scans against other computers through a vulnerable FTP server"
|
|
|
|
"What version of BIND allows for mutual authentication?"
|
"BINDv9"
|
|
|
|
"What ports are commonly used for NetBIOS names and sessions?"
|
"TCP/UDP 137, 138, 139"
|
|
|
|
"What ports do DHCP and BOOTP use?"
|
"TCP/UDP ports 67 and 68"
|
|
|
|
"What port does NNTP use?"
|
"TCP/UDP 119"
|
|
|
|
"What port does LDAP use?"
|
"TCP/UDP port 389"
|
|
|
|
"What port does LDAPS use?"
|
"TCP/UDP port 636"
|
|
|
|
"Why can hand geometry only be used for verification, rather than identification?"
|
"hand geometry is not unique"
|
|
|
|
"What advantages do hand geometry scans have over fingerprint scans?"
|
"they are faster, cleaner, and less invasive"
|
|
|
|
"What are the advantages and disadvantages of retinal scanning?"
|
"most reliable but most invasive"
|
|
|
|
"What disadvantage does speech recognition have?"
|
"easier to spoof than other biometric techniques"
|
|
|
|
"What are QIC tapes primarily used for?"
|
"backing up standalone computers"
|
|
|
|
"What are DAT drives primarily used for?"
|
"basic network backups"
|
|
|
|
"What three tape types offer high capacity and rapid data transfer?"
|
"8mm, DLT, and LTO"
|
|
|
|
"How does a host respond to a TCP connect scann if the scanned port is open? Closed?"
|
"open: SYN–ACK; closed: RST"
|
|
|
|
"What can be done to reduce the effects of half–open attacks?"
|
"reduce the time a port waits for a response"
|
|
|
|
"How does a host respond to a FIN packet if the scanned port is open? Closed?"
|
"open: packet discarded; closed: RST"
|
|
|
|
"How does an XMAS scan work?"
|
"a variety of TCP packets are sent to elicit a response"
|
|
|
|
"What TCP sequence number does an XMAS scan use?"
|
"0"
|
|
|
|
"What are two characteristics of a null scan?"
|
"TCP sequence number set to 0; no TCP flags set"
|
|
|
|
"What is a TCP ACK scan used for?"
|
"determining if a port is filtered by a firewall"
|
|
|
|
"What is a window scan?"
|
"a scan that attempts to determine the OS in use by its default TCP window size"
|
|
|
|
"What are the two basic types of DoS attacks?"
|
"flaw exploitation attacks and flooding attacks"
|
|
|
|
"What three basic router/firewall measures will reduce the effects of a DoS attack?"
|
"egress filtering, ingress filtering, and disabling IP–directed broadcasting"
|
|
|
|
"What is source routing?"
|
"Sender defines hops a packet must travel through"
|
|
|
|
"How is source routing used by attackers?"
|
"used to route packets around security devices"
|
|
|
|
"How can source routing be defended against?"
|
"routers can be configured to discard source–routed packets"
|
|
|
|
"What two methods do IDS's use to detect and analyze attacks?"
|
"misuse detection and anomoly detection"
|
|
|
|
"How does an 802.1x authenticator handle authentication traffic?"
|
"Passes it to a RADIUS server for authentication"
|
|
|
|
"Who developed SSL?"
|
"Netscape"
|
|
|
|
"What three protocols are routinely layered over TLS?"
|
"IMAP, POP3, and SMTP"
|
|
|
|
"What two types of certificates does S/MIME use?"
|
"PKCS #7 certificates for message content and X.509v3 for source authentication"
|
|
|
|
"What is the "hidden node" problem?"
|
"When a wireless client cannot see the network due to interference."
|
|
|
|
"What does WEP stand for?"
|
"Wired Equivalent Protection"
|
|
|
|
"In a 128–bit WEP key, how long is the actual secret key?"
|
"104 bits– the first 24 bits are used for the Initialization Vector (IV)"
|
|
|
|
"No Read Up, No Write Down describes what Security Model"
|
"Bell LaPadula"
|
|
|
|
"Biba, Clark Wilson, and Non–Interference models cover what aspect of security"
|
"Integrity"
|
|
|
|
"Execution and memory space assigned to each process is called a _______ _______"
|
"Protection Domain"
|
|
|
|
"The Boundary that separates the TCB from the rest of the system."
|
"Security Perimeter"
|
|
|
|
"Programming technique used to encapsulate methods and data in an object"
|
"Information Hiding"
|
|
|
|
"System component that manages and enforces access controls on objects"
|
"Reference Monitor"
|
|
|
|
"Operates at the highest level of information classification where all users must have clearances for the highest level"
|
"System High mode"
|
|
|
|
"Lack of parameter checking leaves a system vulnerable to this type of attack"
|
"Buffer overflow"
|
|
|
|
"Also called a maintenance hook"
|
"Trap door"
|
|
|
|
"Attack that exploits difference in time when a security control is applied and a service is used"
|
"TOC/TOU attack"
|
|
|
|
"This recovery mode permits access by only privileged users from privileged terminals"
|
"Maintenance mode"
|
|
|
|
"Design where a component failure allows the system to continue to function"
|
"Fault–tolerant"
|
|
|
|
"Design where a failure causes termination of processes to protect the system from compromise"
|
"Fail–safe"
|
|
|
|
"Design where a failure causes non–critical processes to terminate, and system runs in a degraded state"
|
"Fail–soft or Resilient"
|
|
|
|
"Design where a failure causes the system to use backup spare components to compensate for failed ones"
|
"Fail–over"
|
|
|
|
"This standard includes levels of assurance, from D (Least secure) to A (Most secure)"
|
"TCSEC (Trusted Computer Security Evaluation Criteria)"
|
|
|
|
"TCSEC Minimal Protection (one class)"
|
"D (Minimal Protection)"
|
|
|
|
"TCSEC Discretionary Protection (two classes)"
|
""C1 (User logon, Groups allowed)"
|
|
|
|
"TCSEC Mandatory Protection (three classes)"
|
""B1 (MAC)"
|
|
|
|
"TCSEC Verified Protection (one class)"
|
"A1 (Mathematical model must be proven)"
|
|
|
|
"European counterpart to TCSEC"
|
"ITSEC (Information Technology Security Evaluation Criteria)"
|
|
|
|
"ITSEC separately evaluates ____ and _____"
|
"Functionality and Assurance"
|
|
|
|
"The ITSEC subject of an evaluation is called the ___ __ _____"
|
"Target of Evaluation (TOE)"
|
|
|
|
"Combination of ITSEC, TCSEC, and Canada's CTCPEC"
|
"Common Criteria"
|
|
|
|
"Unit of evaluations levels in the Common Criteria"
|
""Evaluation Assurance Level"
|
|
|
|
"4 Phases of DITSCAP and NIACAP accreditation"
|
""1. Definition"
|
|
|
|
"This Access Control model specifies the rights that a subject can transfer to an object, or that a subject can take from another subject."
|
"Take–Grant model"
|
|
|
|
"TCSEC Level that addresses covert storage channels"
|
"B2"
|
|
|
|
"TCSEC level that addresses both covert storage and timing channels"
|
"B3, A1"
|
|
|
|
"Consolidation of power should not be allowed in a secure system, this is called"
|
"Separation (or segregation) of duties"
|
|
|
|
"Two operators are needed to perform a function. This is called"
|
"Dual Control"
|
|
|
|
"Two operators review and approve each other's work. This is called"
|
"Two–man control"
|
|
|
|
"Operators are given varying assignments for a time period, then their assignment changes. This is called"
|
"Rotation of duties"
|
|
|
|
"This type of recovery is required for only B3 and A1 TCSEC levels"
|
"Trusted Recovery"
|
|
|
|
"Operating system loaded without the front–end security enabled, is only done in this mode"
|
"Single–user mode"
|
|
|
|
"Required tracking of changes to a system under B2, B3, and A1 is called"
|
"Configuation Management"
|
|
|
|
"This refers to the data left on media after erasure"
|
"Data Remanence"
|
|
|
|
"Separation of duties, least privilege, personnel security, configuration control, Record retention, are examples of what type of controls?"
|
"Administrative Controls"
|
|
|
|
"Software controls, media controls, hardware controls, physical access controls are examples of what type of controls?"
|
"Operations Controls"
|
|
|
|
"A weakness in a system which might be exploited"
|
"Vulnerability"
|
|
|
|
"An event that can cause harm to a system and create a loss of C, I , A"
|
"Threat"
|
|
|
|
"EF"
|
"Exposure Factor"
|
|
|
|
"SLE"
|
"Single Loss Expectancy"
|
|
|
|
"ARO"
|
"Annualized Rate of Occurence"
|
|
|
|
"ALE"
|
"Annualized Loss Expectancy"
|
|
|
|
"RBAC"
|
"An access control method which states which subjects have clearance to access objects with a specific classification"
|
|
|
|
"Security token, capabilities list, security label"
|
"Three methods used to describe the security attributes for an object"
|
|
|
|
"Capabilities list"
|
"Maintains a row of security attributes for each controlled object"
|
|
|
|
"Security label"
|
"Generally a permanent part of the object to which it's attached. Once attached, cannot be altered; permanence provides another state guard but neither tokens Northeast provide."
|
|
|
|
"What is AES?"
|
"Advanced Encryption Standard– algorithm used by US government for sensitive but unclassified information"
|
|
|
|
"What port do DNS zone transfers use?"
|
"TCP port 53"
|
|
|
|
"Why do routers help limit the damage done by sniffing and MITM attacks?"
|
"They send data to a specific subnet only"
|
|
|
|
"What are the two advantages of block ciphers over stream ciphers?"
|
"they are faster and more secure"
|
|
|
|
"What frequency does 802.11b operate at?"
|
"2.4 GHz"
|
|
|
|
"What frequency does 802.11g operate at?"
|
"2.4 GHz"
|
|
|
|
"Is 802.11g backwards–compatible with 802.11a and 802.11b?"
|
"backwards–compatible with 802.11b only at 11 Mbps"
|
|
|
|
"What sort of attack does TACACS+'s lack of integrity checking make it vulnerable to?"
|
"replay attacks"
|
|
|
|
"What is CRL?"
|
"Certificate Revokation list– list of subscribers to a PKI and their certificate status"
|
|
|
|
"Does TLS use the same ports for encrypted and unencrypted data?"
|
"no"
|
|
|
|
"What is the primary limitation of symmetric cryptography?"
|
"key distribution"
|
|
|
|
"In relation to AAA, what is CIA?"
|
"Confidentiality, Integrity, Availability"
|
|
|
|
"Who created RC2 and RC4?"
|
"Rivest"
|
|
|
|
"How does an application–level firewall handle different protocols?"
|
"with a proxy program for each protocol"
|
|
|
|
"What limitation do application–level firewalls create for proprietary software?"
|
"proprietary software often uses proprietary protocols, which often can't pass the firewall"
|
|
|
|
"What are the two types of network–level firewalls?"
|
"packet filters and stateful packet inspection"
|
|
|
|
"What might be indicated by packets from an internal machine with an external source address in the header?"
|
"machine is being used in a DoS/DDoS attack"
|
|
|
|
"What is the DSS?"
|
"Digital Signature Standard– provides for non–repudiation of messages"
|
|
|
|
"What is PEM?"
|
"Privacy Enhanced Mail– public–key encryption similar to S/MIME"
|
|
|
|
"What type of encryption is Kerberos?"
|
"symmetric"
|
|
|
|
"What are tokens also known as?"
|
"One–time passwords"
|
|
|
|
"What is smurfing?"
|
"broadcasting echo requests with a falsified source address, overwhelming the owner of the address"
|
|
|
|
"What port does echo use?"
|
"port 7"
|
|
|
|
"What port does FTP use for data?"
|
"port 20"
|
|
|
|
"What port does Telnet use?"
|
"port 23"
|
|
|
|
"What port does TACACS use?"
|
"port 49"
|
|
|
|
"What port does POP3 use?"
|
"port 110"
|
|
|
|
"What port does HTTPS use?"
|
"TCP 443"
|
|
|
|
"What does 802.1x do?"
|
"provides an authentication framework for wired and wirelss networks"
|
|
|
|
"What is TACACS?"
|
"Terminal Access Controller Access Control System"
|
|
|
|
"What protocol is replacing PPTP?"
|
"L2TP"
|
|
|
|
"What are the two main components of L2TP?"
|
"L2TP Access Controller (LAC) and L2TP Network Server (LNS)"
|
|
|
|
"What encryption does S/MIME use?"
|
"RSA"
|
|
|
|
"What is PGP primarily used for?"
|
"email encryption"
|
|
|
|
"What type of encryption does PGP use?"
|
"PKI"
|
|
|
|
"Are SSL sessions stateful or stateless?"
|
"stateful"
|
|
|
|
"What two strengths does SSL come in?"
|
"40–bit and 128–bit"
|
|
|
|
"Are SSL and TLS compatible?"
|
"no"
|
|
|
|
"What kind of encryption does HTTPS use?"
|
"40–bit RC4"
|
|
|
|
"What is Authenticode?"
|
"a method of signing ActiveX controls"
|
|
|
|
"What is DEN?"
|
"Directory–Enabled Networking– specification for how to store network information in a central location"
|
|
|
|
"What security problem does FTP have?"
|
"authentication sent in cleartext"
|
|
|
|
"What are the four WAP layers?"
|
"Wireless Application Environment (WAE); Wireless Session Layer (WSL); Wireless Transport Layer Security (WTLS); Wireless Transport Layer (WTL)"
|
|
|
|
"What is WML?"
|
"Wireless Markup Language– used to create pages for WAP"
|
|
|
|
"What is hashing?"
|
"changing a character string into a shorter fixed–length value or key"
|
|
|
|
"What is unique about the network/mesh model of PKI?"
|
"multiple parties must be present before access to the token is granted"
|
|
|
|
"Does L2TP require IP connectivity?"
|
"no"
|
|
|
|
"What three methods are used to determine VLAN membership on the local switch?"
|
"port–based; MAC–based; protocol–based"
|
|
|
|
"Why is detecting statistical anomolies a good approach to intrusion detection?"
|
"don't have to understand the root cause of the anomolies"
|
|
|
|
"What type of access control do most commercial OS's use?"
|
"DAC"
|
|
|
|
"Is PPTP usually implemented through hardware or software?"
|
"software"
|
|
|
|
"What is compulsory tunneling?"
|
"situation where VPN server chooses the endpoint of a communication"
|
|
|
|
"What advantage does compulsory tunneling provide?"
|
"allows VPN connections to be concentrated over fewer high–capacity lines"
|
|
|
|
"What are the two encryption modes for IPSec?"
|
"Transport, where only the data is encrypted; and Tunneling, where the entire packet is encrypted"
|
|
|
|
"What is key escrow?"
|
"administration of a private key by a trusted third party"
|
|
|
|
"What advantage does RADIUS have over TACACS+?"
|
"better vendor support and implementation"
|
|
|
|
"Non–repudiation has been compared to what real–world version of authentication?"
|
"using a public notary"
|
|
|
|
"What is an AUP?"
|
"Acceptable Use Policy"
|
|
|
|
"What three people were involved in the creation of RSA?"
|
"Rivest, Shamir, Adleman"
|
|
|
|
"What is the standard key length for DES?"
|
"56 bits"
|
|
|
|
"What is the standard key length for 3DES?"
|
"168 bits"
|
|
|
|
"What kind of encryption does AES use?"
|
"private–key"
|
|
|
|
"What are the two most popular hashing routines in use today?"
|
"MD5 and SHA–1"
|
|
|
|
"What is MD5 designed for?"
|
"digital signatures"
|
|
|
|
"What are the three A's in computer forensics?"
|
"Acquire, Authenticate, Analyze"
|
|
|
|
"What type of network is CHAP primarily used on?"
|
"PPP"
|
|
|
|
"What security advantage do managed hubs provide over other hubs?"
|
"they can detect physical configuration changes and report them"
|
|
|
|
"What does an attacker need to conduct ARP cache poisoning?"
|
"physical connectivity to a local segment"
|
|
|
|
"What are the five main services provided by firewalls?"
|
"packet filtering; application filtering; proxy server; circuit–level; stateful inspection"
|
|
|
|
"What OSI layer do stateful firewalls reside at?"
|
"network layer"
|
|
|
|
"What security weakness does SPAP have?"
|
"does not protect against remote server impersonation"
|
|
|
|
"In MAC, what is read–up?"
|
"the ability of users in lower security categories to read information in higher categories"
|
|
|
|
"Do hashing algorithms protect files from unauthorized viewing?"
|
"no, only verify files have not been changed"
|
|
|
|
"Why are VLAN's considered broadcast domains?"
|
"all hosts on the VLAN can broadcast to all other hosts on the VLAN"
|
|
|
|
"What is a bastion host?"
|
"a gateway in a DMZ used to secure an internal network"
|
|
|
|
"What advantage does LEAP have over EAP?"
|
"LEAP allows for mutual authentication"
|
|
|
|
"What protocol does 802.1x use for authentication?"
|
"EAP"
|
|
|
|
"What standard is LDAP based on?"
|
"X500"
|
|
|
|
"What are the two main models mentioned in class, regarding Systems Lifecycle?"
|
"1: Systems Engineering Process – Lifecycle
|
|
|
|
"What is the SDLC?"
|
"System Development Life Cycle – overall process of developing, implementing, and retiring information systems."
|
|
|
|
"What is the practice of applying a method for describing structure and behavior for an organization's security processes, information security systems, personnel and organizational sub–units, so they align with core goals and strategic direction?"
|
"Security Architecture"
|
|
|
|
"Name 4 example architectural frameworks"
|
1. DoDAF
2. TOGAF 3. Zachman 4. SABSA" |
|
|
|
"What is an Enterprise Security Architecture?"
|
"Enterprise Security Architecture – a structured high level plan for an IT infrastructure to support a business need(SABSA is a best practice)– Unified vision for use of controls to plan/implement in a holistic manner."
|
|
|
|
"State Machine, Lattice Based, Matrix Based, Non–Interference and Information Flow are all types of ______________"
|
"formal Security Models"
|
|
|
|
"Which Security model is based on objects and attributes?"
|
"State Machine"
|
|
|
|
"Which security model defines upper and lower bounds? (floors)"
|
"Lattice Based"
|
|
|
|
"Which security model is "if / then"?"
|
"Matrix Based (RBAC or ACL)"
|
|
|
|
"Which security model creates barriers between levels to prevent data leakage?"
|
"Non–Interference Models"
|
|
|
|
"Which security model controls and monitors data flow between objects at various security levels?"
|
"Information Flow Models"
|
|
|
|
"What was the idea within the State Machine Model that kept all computers performing single functions within a physical area?"
|
"Keeping common tasks grouped was simple to understand and implement. Secure but inflexible. (driven by policy)"
|
|
|
|
"What was the idea within the State Machine Model that allowed processing at various security levels, with the capability to perform multiple functions?"
|
"Multi–state Machine (more flexible, less secure)"
|
|
|
|
"What are the two main State Machine Model systems?"
|
"Biba and Bell–LaPadula"
|
|
|
|
"What was the first model for Integrity? It used levels for integrity."
|
"Biba System Integrity Model"
|
|
|
|
"What is the security model that was first setup for Confidentiality? The model’s main goal was to prevent secret information from being accessed in an unauthorized manner. (funded by US Gov)"
|
"Bell–LaPadula"
|
|
|
|
"In Biba, what does No WURD mean?"
|
"No Write Up No Read Down"
|
|
|
|
"The Clark & Wilson model provided for?"
|
"Integrity (Clark & WIlson), like Biba"
|
|
|
|
"Clark Wilson provided for the 3 integrity goals. What are they?"
|
"1. Prevent unauthorized users making mods 2. Prevent authorized users from making bad changes. 3. Maintain Internal/external consistency (well–formed transactions) " |
|
|
|
"Why was the Brewer–Nash (Chinese Wall) model originated, and how did it perform that function?"
|
To prevent fraudulent modifications to objects.Through the use of dynamic rules.
Change dynamically depending upon user's previous actions. Protect against conflict of interest |
|
|
|
"Which security model defined a set of basic rights a subject can use on an object? (eight protection rights)?"
|
"Graham–Denning Model"
|
|
|
|
"What is the first security model that changed from lattice–based to a matrix, or access control list?"
|
"HRU or Harrison–Ruzzo–Ullman Model"
|
|
|
|
"In the TCSEC (Trusted Computer System Evaluation Criteria) evaluation model, regarding the rainbow series, what is the assurance level book that is typically the correct answer on the exam?"
|
"Orange book"
|
|
|
|
"ISO produced a standard (15408) that provided the first international product evaluation criteria, called ____________"
|
"Common Criteria."
|
|
|
|
"In Common Criteria, What is the EAL?"
|
"Evaluation Assurance Level (1–7, 7, formally verified, is best)
EAL 2 – Structural EAL 1 – Functional" |
|
|
|
"What is the technical evaluation of the security components within a product? (Evaluating product)"
|
"Certification"
|
|
|
|
"What is the formal acceptance of the product's overall security? (Accepting Risk)"
|
"Accreditation"
|
|
|
|
"What is defined at the total combination of protection mechanisms within a computer system?"
|
"TCB – Trusted Computing Base"
|
|
|
|
"In a State Machine Model, what is an activity that can alter the state?"
|
"A State transition. (The idea is that you start with a secure system, ensure a secure state transition, then you still have a secure system)"
|
|
|
|
"A system that employs the Bell–LaPadula model is called a __________________because users with different clearances use the system, and the system processes data at different classification levels."
|
"multilevel security system"
|
|
|
|
"Three main rules are used and enforced in the Bell–LaPadula model:
|
– The simple security rule – The *–property (star property) rule – The strong star property rule. |
|
|
|
What do they mean?"
|
"• Simple security rule A subject cannot read data within an object thatresides at a higher security level (the “no read up” rule).
• *– property rule A subject cannot write to an object at a lower securitylevel (the “no write down” rule). • Strong star property rule For a subject to be able to read and write to anobject, the subject’s clearance and the object’s classification must be equal." |
|
|
|
"According to the Clark–Wilson Integrity Model, how are the following used?Users, TP, CDI, UDI, IVPs"
|
"Users can modify Unconstrained Data Items (UDIs). To modify a Constrained Data Item (CDI), they utilize a Transformation Procedure (TP), which uses Integrity Verification Procedures (IVPs or rules) to ensure integrity remains intact." |
|
|
|
"In memory mapping, only _____________ can directly access RAM."
|
"Trusted processes."
|
|
|
|
"What is an abstract machine that controls the access subjects have to objects?"
|
"Reference Monitor"
|
|
|
|
"What is the component in the system that enforces and implements the rules of the reference monitor?"
|
"Security Kernel"
|
|
|
|
"Regarding the reference monitor, when a subject wants to access an object, what/who do they have to go through?"
|
"Arbiter"
|
|
|
|
"What is a TOC/TOU attack?"
|
"Time of Check/Time of Use attack. Takes advantage of time between functions a system performs.Also known as a Race Condition, since attacker is racing against system functions."
|
|
|
|
"What errors occur with poorly written programs when the length of the data input is more than the processor buffers can handle, causing undesired effects?"
|
"Buffer Overflow"
|
|
|
|
"How can you mitigate Buffer Overflow attacks?"
|
"By verifying input data. (or data validation) (also, good programming)"
|
|
|
|
"Where is the best place to implement mitigation for buffer overflow attacks?"
|
"– Both Server and Client is best answer
– Next best is Server" |
|
|
|
"What is OWASP (Open Web Application Security Project.)?"
|
"– Lists most critical web application security risks and their mitigation
– SAMM (Software Assurance Maturity Model) framework for designing and implementing application security strategy" |
|
|
|
"What is web–based code that can be transmitted across a network, to be executed by a system or device on the other end,"
|
"Mobile Code"
|
|
|
|
"What are the following mobile code threats:
applets, digital signatures, browser add–ins, Updates/patches, XML, SAML, Email" |
"– applets: platform independent programs from server to client. – digital signatures: can verify program creator/integrity – Browser add–ins: Have numerous vulnerabilities – updates/patches: need to be tested non–production – XML: common web database language – SAML: XML based framework for businesses – Email: many obvious threats" |
|
|
|
"What is it called when an attacker injects malicious script in Web pages?"
|
"XSS (Cross Site Scripting)"
|
|
|
|
"Cookies (text files placed by a server to track access), can be mined for data by malicious sites. What category of attack is this?"
|
"Man–in–the–middle attack"
|
|
|
|
"How else can man–in–the–middle attack be used?"
|
"Forced or unauthorized authentication (pretending to be you through stolen credentials)"
|
|
|
|
"Which systems are more secure (Open or closed)? e.g. Linux vs Windows"
|
"Open systems are more secure"
|
|
|
|
"Data exfiltration is the unauthorized transfer of data from a system or network (such as SSNs). What is a tool to help mitigate this problem?"
|
"Data Leak (or Loss) Protection (DLP)"
|
|
|
|
"What is a covert channel? What are the 2 types?
|
"Sending information in an unauthorized manner using a medium in an unintended way to violate security policy.Covert Storage and Covert Timing." |
|
|
|
"What is a Rogue attack?"
|
"unauthorized DHCP server or WAP"
|
|
|
|
"what is DNS poisoning?"
|
"Changing DNS resources, or changing good records for bogus ones."
|
|
|
|
"What is the system that has data–collecting devices that gather information from a physical region and feed it to embedded processing devices for analysis?"
|
"Cyber Physical Systems (also term Internet of things (IoT)"
|
|
|
|
"What is the primary reason for physical security is protecting _______."
|
"Protecting life(systems is secondary)"
|
|
|
|
"Utilizing Intruder protection Concepts, What is DDDR? (used to minimize operational risk)"
|
"Deter, Detect, Delay, Respond"
|
|
|
|
"Regarding physical security, an 8 foot high fence with 3 strands of barbed wire is considered a...."
|
"deterrent (against a determined intruder)"
|
|
|
|
"What is a fence with detective controls?"
|
"PIDAS (Perimeter Intrusion Detection & Assessment System)"
|
|
|
|
"What is a Bollard?"
|
"A permanent or retractable post to control traffic and protect property (deterrent)"
|
"//fce-study.netdna-ssl.com/2/images/upload-flashcards/32/31/34/14323134_m.jpg"
|
|
|
"In parking areas, employees should be able to ___________."
|
"Walk with 2 candles at least 8 feet high and feel safe...??????"
|
|
|
|
"What is CPTED (Crime Prevention Through Environmental Design)?"
|
"Crime Prevention Through Environmental Design – proper design and effective use of the area's environment."
|
|
|
|
"What is Natural Surveillance?"
|
"Good visibility, making intruders feel threat of detection
|
|
|
|
"What is Natural Access Control?"
|
"Limits opportunity for crime by taking steps to clearly identify between public and private space (like boulders and trees making a barrier)"
|
|
|
|
"What is Territorial Reinforcement?"
|
"Make users feel at home and they will try to aid in protecting the area."
|
|
|
|
"Regarding guards for physical security, what is the good and the bad?"
|
"Can exercise discernment, but are expensive."
|
|
|
|
"T/F Adequate exterior light is necessary on a building (this helps people feel safe and acts as a deterrent)"
|
"True!"
|
|
|
|
"Doors are a__________ and should have the same fire rating as the ________. They also need ____ hinges, and should open (out/in?)_________"
|
"Deterrent, walls, 3, out"
|
|
|
|
"What are the 3 primary lock types?"
|
"Something you have (key)
Something you know (passcode) Something you are (biometrics)" |
|
|
|
"What are the two biometric failure rates?"
|
"Type 1: False negativ
Type 2: False positive (worse)" |
|
|
|
"What is the rating used to determine appropriate bio–metric device tolerance? The point at which Type I errors equal Type II."
|
"CER (Crossover Error Rate)
Note: Lower number is better |
|
|
|
"What is it called when you can move from a less to more secure area?"
|
"Progressive or Zoned security"
|
|
|
|
"Cameras are considered what type of control?"
|
"Detective (but can be deterrent)"
|
|
|
|
"Data center shouldn't be on top floor, basement, or 1st floor. Why?"
|
"Top – leaking from roof
Basement – Flooding 1st Floor – control access" |
|
|
|
"What are the fire extinguishing clean agents?"
|
"FM–200
Aero–K CO2" |
|
|
|
"What are the following fire classes:
A, B, C, D?" |
"A: Ordinary combustibles (wood/paper) B: Flammable r combustible liquids (gas) C: Electrical D: Combustible metals (magnesium)" |
|
|
|
"How far should a fire extinguisher be stored from electrical equipment?"
|
"50 feet" |
|
|
|
"Computer fires are Class ____. Fight them with_____."
|
"C, Carbon Dioxide (CO2)"
|
|
|
|
"What are the sprinkler system types?Wet pipe, dry pipe, Preaction, Deluge"
|
"– Wet Pipe: "dirty" water in pipes – Dry Pipe: only air until action is required, then water – Preaction: 2–step dry pipe. Filled if hazard exists, then released when verified. – Deluge: Lots of water floods area rapidly." |
|
|
|
"What type of facility control has to do with construction, site management, personnel controls, awareness training, and emergency response?"
|
"Administrative"
|
|
|
|
"What type of facility control has to do with access controls, intrusion detection, alarms, CCTV, HVAC, power supply and fire detection/suppression?"
|
"Technical"
|
|
|
|
"What type of facility control has to do with CPTED, fencing, lighting, locks, quality construction materials, bollards, etc.?"
|
"Physical"
|
|
|
|
"Hash with a shared secret is a ________?"
|
"Message Authentication Code (MAC or HMAC)"
|
|
|
|
"In digital signatures you encrypt the _____, not the ______."
|
"hash, file."
|
|
|
|
"In digital signatures you encrypt the _____, not the ______."
|
"hash, file."
|
|
|
|
Running Key Cipher |
Key does not require electronic algorithm and bit alteration. e.g. book page |
|
|
|
Concealment cipher |
Message within a message e.g. third word in every sentence |
|
|
|
Steganography |
Hiding data in another media type Carrier Stegomedium Payload in jpeg , least significant bit |
|
|
|
What is the 2 basic type of Symmetric encryption |
Substitution Cipher - replace bits / characters / or blocks Transposition Cipher - moves the value around |
|
|
|
What is Registration Authority (RA) |
RA verifies Identity and pass the cert request to CA |
|
|
|
Cross certification |
establish trust relationship with each other's digital certificate and public keys. |
|
|
|
One-way hash |
Take in variable length of string and produces a fixed length value called a hash value |
|
|
|
Birthday Attack |
produce the same hashing value using two distinct message. Attacker will force a collision |
|
|
|
Digital signature |
Originator using own private key to digest the message, while the receiver using the originator's public key to decode and digest. Both value has to be the same for the plain-text message to verify
|
|
|
|
Electronic Codebook (ECB) mode decryption |
|
|
|
|
Cipher Block Chaining (CBC) mode encryption |
|
|
|
|
Cipher Feedback (CFB) mode encryption |
|
|
|
|
Output Feedback (OFB) mode encryption |
|
|
|
|
Counter ( CTR) mode encryptio |
|
|
|
|
Counter ( CTR) mode encryptio |
|
|
|
|
TPM binding and Sealing |
Binding - binding hard drive , the decryption key can decrypt the data store in the drive Sealing - sealing the system stat to a particular hardware and software configuration |
|
|
|
out-of-band communicaiton |
communicate through some other type of communication channel. Communication data is being sent through a channel that is different from the encrypted data that is traveling |
|
|
|
Key Clustering |
Two different keys generate the same ciphertext from the same plaintext |
|
|
|
Cross-site scripting |
Vulnerability is found on a website that allows an attacker to inject malicious code into web application Nonpersistent XSS- trick victim into processing URL. The HTTP URL contains malicious code Persistent XSS - Attacked posted text contains malicious code on website, when visitor view the posts, browser render the page and execute the attacker's javascript DOM(Document Object Model) - attak payload is executed as a result of modifying the DOM "environment" in the vitim's browser used by the original client side script |
|
|
|
Maintenance Hooks |
A type of Back Door. Only developer knows about and can invoke. Give developer easy access to the code Using specific sequence of keystrokes. |
|
|
|
Time of-check/ time of-use (TOC/TOU) |
race condition by changes in a system between the checking of a condition and the use of the results of that check Solution : Atomic operation - does not allow change of process between two tasks. |
|
|
|
Confusion ( Substitution) |
Complex substitution functions so that the hacker cannot figure how to substitute the right values and come up with the original plantext |
|
|
|
Diffusion (Permutation) |
single plaintext bit has influence over several of the ciphertext bits. Changing plaintext value should change many ciphertext value, not just one. |
|
|
|
Stream cipher |
Key in steam cipher is randomize. Stream of bits that is XORed to the plaintext is as random as possible. One time pad |
|
|
|
Rules for Key Management |
1. Key length should be long enough to provide the necessary level of protection 2. Keys should be stored and transmitted by secure means. 3. Keys should be extremely random, and the algorithm should use the full spectrum of the keyspace 4. The key's lifetime should correspond with the sensitivity of the data it's protecting 5. The more the kkey is used, the shorter its lifetime should be 6. key should be backed up or escrowed in case of emergency 7. Keys should be properly destroyed when their lifetime comes to an end |
|
|
|
Key Escrow |
Process or entity that can recover lost or corrupted cryptography Multiparty key recovery - dual control, two or more people involved in the critical task |
|
|
|
non repudiation |
Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. |
|
|
|
Non Symmetric keys type |
Riverst Shamir Adleman (RSA) Elliptic curve cryptosystem (ECC) Diffie-hellman El Gamal Digital Signature Algorithm (DSA) Merkle-Hellman Knapsack |
|
|
|
Non Symmetric keys usage |
Digital signature, Secure Key distribution and Encryption |
|
|
|
RSA |
Ron Rivest factoring large number into its prime number. Both private and public keys consist of large prime number. Key exchange protocol to encrypt session key / symmetric key One way function |
|
|
|
Deffie-Hellman algorithm |
Man in the middle attack. Counter measure, authentication is required |
|
|
|
One way function |
Easier to compute in one direction than the other direction Trapdoor - knowledge of how to put together- private key |
|
|
|
Elliptical Curve Cryptography - ECC |
"Elliptical Curve Cryptography– public–key cryptographic method which generates smaller, faster, and more secure keys" Same level of protection for both long and short key |
|
|
|
Key Derivation Function (KDF) |
Generate key that are made up of random value Master key commonly created, symmetric key are generated from it |
|
|
|
Antivirus Detection Method |
Signature based detection (static analysis) Heuristic Detection - Collect information about the code and assess the likelihood of being malicious ( dynamic analysis) |
|
|
|
Sandbox / Virtual Machine |
Allow some of the logic within the suspected code to execute in the protected environment. |
|
|
|
security through obscurity |
The reliance on the secrecy of the design or implementation as the main method of providing security for a system or component of a system. |
|
|
|
Steganography |
hiding data in another media type so the data is conceal |
|
|
|
Mantrap |
Preventive measure small room with two door, to avoid piggybacking. |
|
|
|
What is fail safe and fail secure? |
In the event of power disruption fail safe - door default to be unlocked fail secure - door default being l |
|
|
|
What is EMI and RFI |
Electromagnetic interference and Radio frequency interference - (RFI - Fluorescent light , EMI - Motor ) |
|
|
|
Spike |
Momentary high voltage |
|
|
|
Surge |
Prolonged high voltage |
|
|
|
Fault |
Momentary power outrage |
|
|
|
Blackout |
Prolonged Complete loss of electric power |
|
|
|
Sap / dip |
momentary low voltage condition |
|
|
|
Brownout |
Prolonged power supply that is below normal voltage |
|
|
|
In rush current |
Initial surge of current required to start a load |
|
|
|
Protecting power can be done in which 3 ways |
UPS Powerline conditioners Backup source |
|
|
|
Voltage regulators / Line conditioners |
Capability to absorb extra current if there is spike, and to store energy to add current to the line if there is a sag. Keep current steady |
|
|
|
Smart Grid |
Self healing, resistant to physical and cyber attack, bidirectional communication capabilities, increased efficiency, better integration of renewable energy source cons: could be more attack vector because most pieces will have some type of technology embedded End point difficult to secure |
|
|
|
Fire type |
|
|
|
|
Natural access control |
guidance of people entering and leaving a space by placement of door, fences , lighting and landscaping |
|
|
|
Crime Prevention through Environmental Design (CPTED) |
Proper design of physical environmental can reduce crime by directing human behaviour |
|
|
|
Natural Surveillance |
Physical environmental features, personnel walkways, and activity areas in way that maximize visibility. |
|
|
|
Natural Territorial Reinforcement |
Physical design that emphasize or extend the company's physical sphere of influence so legitimate users feel a sense of ownership of that space - wall, landscaping, light fixture, flags, etc |
|
|
|
Power line monitors |
Detect frequency and voltage amplitude changes |
|
|
|
Surge protector |
Move excess voltage to ground when a surge occurs |
|
|
|
Shielded cable |
for long cable run in building with fluorescent lighting or other interference mechanism |
|
|
|
Layered defense model |
physical controls should work together in tiered architecture. If one layer fails, other layer will protect the valuable asset |
|
|
|
Steps for effective physical security program |
1. Risk Analysis 2. Acceptable risk level 3. Baselines of performance 4. implemented countermeasures |
|
|
|
Monolithic OS |
All of the OS processes work in kernel mode Cons: Not modular in nature, difficult to add and subtract functionality |
|
|
|
Layered OS |
Full OS still in kernel mode Layered of OS Pro: Data Hiding, Modularity, security and access control on each layer Cons: performance, complexity, security |
|
|
|
Microkernel |
Smaller subset of critical kernel processess, which focus mainly on memory management and interprocess communication Cons: mode transition between kernel and user mode |
|
|
|
Hybrid microkernel architecture |
All operating system processes run in kernel mode. Core processes run within microkernel and others run in a client\server model |
|
|
|
Address space layout randomization (ASLR) |
Operating system keep changing addresses continuously. Reduce the risk of hacker access to the memory addres |
|
|
|
Data execution prevention |
Ensure execution code does not function within memory segment that could be dangerous prevent code from executing in a nonexecutable memory region |
|
|
|
ISO/IEC 42010 |
System and software engineering- architecture description internationally standardize how system architecture should take place - Quality, interoperability,extensibility, portability, security |
|
|
|
Shoulder surfing |
it's a type of browsing attack. Attacker look over the user's shoulder to see items on the person's monitor of what being type |
|
|
|
Ring of protection |
Ring 0 : Operating system kernel Ring 1 : Remaining part of the OS Ring 2 : I/O drivers and utilities Ring 3 : Applications and user activity Execution domain for processes Intermediate layer between processes, and are used for access control when process tries to access other process or interact with system resource |
|
|
|
Trusted Computing Base (TCB) |
Collection of all the hardware, software, and firmware components within system provide security and enforce security policy |
|
|
|
Trusted path |
communication channel between user, or program and the TCB |
|
|
|
Trusted shell |
Someone who is working in that shell cannot "bust out of it" and other processes cannot ""bust into it" |
|
|
|
Security Perimeter |
Boundary that divides the trusted from the untrusted. For the system to stay in secure and trusted state |
|
|
|
Reference monitor |
abstract machine that mediate all access subjects have to objects. It's a control concept not physical component, thus called "reference monitor " |
|
|
|
Security Kernel |
made up of hardware, software, and firmware components that fall within TCB, implements and enforces reference monitor concept. Core of the TCB 3 requirement 1. isolation of process 2. cannot circumvent 3. small enough to test for complete and comprehensive manner |
|
|
|
Interference attack |
someone has access to some type of information and can infer something that he does not have the clearance level or auhtority to know
|
|
|
|
Bell Lapadula model |
Confidentiality Model No Read Up, No Write Down |
|
|
|
Biba Model |
Integrity model Protects data at higher integrity level from being corrupted by data at a lower integrity level "dirty" data shouldn't be read Applied to process too |
|
|
|
Noninterference model
|
Whatever commands user executes or whichever resources he/she interacts with should not affect another user's experience of working with the mainframe in any way |
|
|
|
Clark-Wilson Model |
Integrity of information Users cannot modify critical data (CDI) directly. The user must be authenticated to a piece of software, and the software procedures(TPs) will carry out the operation on behalf of the user |
|
|
|
Common Criteria |
Functionality, assurance EAL1 to EAL7 |
|
|
|
Protection profiles for Common Criteria |
Document used as part of the certification process, consist of 1. Description elements 2. Rationale 3. Functional requirements 4. Development assurance requirement 5. Evaluation assurance requirement |
|
|
|
Common Criteria process |
|
|
|
|
Encapsulation of objects |
interface for internal code/data hiding no other process understands or interacts with its internal programming code |
|
|
|
Time Multiplexing |
allow processes to use the same resources |
|
|
|
Naming distinctions |
Process have their own name or identification value PID |
|
|
|
Virtual address memory mapping |
no process improperly interact with another process' memory Integrity and confidentiality |
|
|
|
Graham-Denning Model
|
Addresses how access rights between subjects and objects are defined, developed, and integrated. 8 primitive protection rights such as . how to securely create an object . how to security provide the transfer access right. etc |
|
|
|
Well-formed transactions |
Operations that are carried out to transfer data from one consistent state to another Using TPs to modify CD is well-formed transaction |
|
|
|
What is the 3 goals of Clark Wilson model |
Integrity - access triple (Subject, Software (TP), Object) Separation of duties auditing |
|
|
|
Side-Channel Attack |
nonintrusive and are used to uncover sensitive information on how a component works. e.g. differential power analysis eletromagnetic analysis - for smart card and encryption processor |
|
|
|
Information Technology Security Evaluation Criteria (ITSEC) |
first attempt at establishing single standard for evaluating security attributes of computer system for product in many european countries Separate functional and assurance |
|
|
|
Trusted Computer System Evaluation Criteria (TCSEC) |
Bundles functionality and assurance into one rating |
|
