Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
82 Cards in this Set
- Front
- Back
|
What are the two main models mentioned in class, regarding Systems Lifecycle? |
1: Systems Engineering Process - Lifecycle 2: System Development Life Cycle (NISTs) |
|
|
What is the SDLC? |
System Development Life Cycle - overall process of developing, implementing, and retiring information systems.
|
|
|
What is the practice of applying a method for describing structure and behavior for an organization's security processes, information security systems, personnel and organizational sub-units, so they align with core goals and strategic direction?
|
Security Architecture
|
|
|
Name 4 example architectural frameworks
|
1. DoDAF
2. TOGAF 3. Zachman 4. SABSA |
|
|
What is an Enterprise Security Architecture? |
Enterprise Security Architecture - a structured high level plan for an IT infrastructure to support a business need (SABSA is a best practice) - Unified vision for use of controls to plan/implement in a holistic manner. |
|
|
State Machine, Lattice Based, Matrix Based, Non-Interference and Information Flow are all types of ______________ |
formal Security Models |
|
|
Which Security model is based on objects and attributes? |
State Machine |
|
|
Which security model defines upper and lower bounds? (floors) |
Lattice Based |
|
|
Which security model is "if / then"? |
Matrix Based (RBAC or ACL) |
|
|
Which security model creates barriers between levels to prevent data leakage? |
Non-Interference Models |
|
|
Which security model controls and monitors data flow between objects at various security levels? |
Information Flow Models |
|
|
What was the idea within the State Machine Model that kept all computers performing single functions within a physical area? |
Keeping common tasks grouped was simple to understand and implement. Secure but inflexible. (driven by policy) |
|
|
What was the idea within the State Machine Model that allowed processing at various security levels, with the capability to perform multiple functions? |
Multi-state Machine (more flexible, less secure) |
|
|
What are the two main State Machine Model systems? |
Biba and Bell-LaPadula |
|
|
What was the first model for Integrity? It used levels for integrity. |
Biba System Integrity Model |
|
|
What is the security model that was first setup for Confidentiality? The model’s main goal was to prevent secret information from being accessed in an unauthorized manner. (funded by US Gov) |
Bell-LaPadula |
|
|
In Biba, what does No WURD mean? |
No Write Up No Read Down |
|
|
The Clark & Wilson model provided for? |
Integrity (Clark & WIlson), like Biba |
|
|
Clark Wilson provided for the 3 integrity goals. What are they?
|
1. Prevent unauthorized users making mods
2. Prevent authorized users from making bad changes. 3. Maintain Internal/external consistency (well-formed transactions) |
|
|
Why was the Brewer-Nash (Chinese Wall) model originated, and how did it perform that function? |
To prevent fraudulent modifications to objects. Through the use of dynamic rules. |
|
|
Which security model defined a set of basic rights a subject can use on an object? (eight protection rights)? |
Graham-Denning Model |
|
|
What is the first security model that changed from lattice-based to a matrix, or access control list? |
HRU or Harrison-Ruzzo-Ullman Model |
|
|
In the TCSEC (Trusted Computer System Evaluation Criteria) evaluation model, regarding the rainbow series, what is the assurance level book that is typically the correct answer on the exam? |
Orange book |
|
|
ISO produced a standard (15408) that provided the first international product evaluation criteria, called ____________ |
Common Criteria. |
|
|
In Common Criteria, What is the EAL? |
Evaluation Assurance Level (1-7, 7, formally verified, is best) EAL 2 - Structural EAL 1 - Functional |
|
|
What is the technical evaluation of the security components within a product? (Evaluating product) |
Certification
|
|
|
What is the formal acceptance of the product's overall security? (Accepting Risk) |
Accreditation |
|
|
What is defined at the total combination of protection mechanisms within a computer system? |
TCB - Trusted Computing Base |
|
|
In a State Machine Model, what is an activity that can alter the state? |
A State transition. (The idea is that you start with a secure system, ensure a secure state transition, then you still have a secure system) |
|
|
A system that employs the Bell-LaPadula model is called a __________________because users with different clearances use the system, and the system processes data at different classification levels. |
multilevel security system |
|
|
Three main rules are used and enforced in the Bell-LaPadula model: - The simple security rule - The *-property (star property) rule - The strong star property rule. What do they mean? |
• Simple security rule A subject cannot read data within an object thatresides at a higher security level (the “no read up” rule).
• *- property rule A subject cannot write to an object at a lower securitylevel (the “no write down” rule). • Strong star property rule For a subject to be able to read and write to anobject, the subject’s clearance and the object’s classification must be equal. |
|
|
Regarding mandatory access control (MAC) systems versus discretionary access control (DAC) systems, what do all Mac systems use? |
All MAC systems are based on the Bell-LaPadula model, because it allows for multilevel security to be integrated into the code. |
|
|
According to the Clark-Wilson Integrity Model, how are the following used? Users, TP, CDI, UDI, IVPs |
Users can modify Unconstrained Data Items (UDIs). To modify a Constrained Data Item (CDI), they utilize a Transformation Procedure (TP), which uses Integrity Verification Procedures (IVPs or rules) to ensure integrity remains intact.
|
|
|
In memory mapping, only _____________ can directly access RAM. |
Trusted processes. |
|
|
What is an abstract machine that controls the access subjects have to objects? |
Reference Monitor |
|
|
What is the component in the system that enforces and implements the rules of the reference monitor? |
Security Kernel |
|
|
Regarding the reference monitor, when a subject wants to access an object, what/who do they have to go through? |
Arbiter |
|
|
What is a TOC/TOU attack? |
Time of Check/Time of Use attack. Takes advantage of time between functions a system performs. Also known as a Race Condition, since attacker is racing against system functions. |
|
|
What errors occur with poorly written programs when the length of the data input is more than the processor buffers can handle, causing undesired effects? |
Buffer Overflow |
|
|
How can you mitigate Buffer Overflow attacks? |
By verifying input data. (or data validation) (also, good programming) |
|
|
Where is the best place to implement mitigation for buffer overflow attacks? |
- Both Server and Client is best answer - Next best is Server |
|
|
What is OWASP (Open Web Application Security Project.)? |
- Lists most critical web application security risks and their mitigation - SAMM (Software Assurance Maturity Model) framework for designing and implementing application security strategy |
|
|
What is web-based code that can be transmitted across a network, to be executed by a system or device on the other end, |
Mobile Code |
|
|
What are the following mobile code threats: applets, digital signatures, browser add-ins, Updates/patches, XML, SAML, Email |
- applets: platform independent programs from server to client. - digital signatures: can verify program creator/integrity - Browser add-ins: Have numerous vulnerabilities - updates/patches: need to be tested non-production - XML: common web database language - SAML: XML based framework for businesses - Email: many obvious threats |
|
|
What is it called when an attacker injects malicious script in Web pages? |
XSS (Cross Site Scripting) |
|
|
Cookies (text files placed by a server to track access), can be mined for data by malicious sites. What category of attack is this? |
Man-in-the-middle attack |
|
|
How else can man-in-the-middle attack be used? |
Forced or unauthorized authentication (pretending to be you through stolen credentials) |
|
|
Which systems are more secure (Open or closed)? e.g. Linux vs Windows |
Open systems are more secure |
|
|
Data exfiltration is the unauthorized transfer of data from a system or network (such as SSNs). What is a tool to help mitigate this problem? |
Data Leak (or Loss) Protection (DLP) |
|
|
What is a covert channel? What are the 2 types?
|
Sending information in an unauthorized manner using a medium in an unintended way to violate security policy.
Covert Storage and Covert Timing. |
|
|
What is a Rogue attack? |
unauthorized DHCP server or WAP |
|
|
what is DNS poisoning? |
Changing DNS resources, or changing good records for bogus ones. |
|
|
What is the system that has data-collecting devices that gather information from a physical region and feed it to embedded processing devices for analysis? |
Cyber Physical Systems (also term Internet of things (IoT) |
|
|
What is the primary reason for physical security is protecting _______. |
Protecting life (systems is secondary) |
|
|
Utilizing Intruder protection Concepts, What is DDDR? (used to minimize operational risk) |
Deter, Detect, Delay, Respond |
|
|
Regarding physical security, an 8 foot high fence with 3 strands of barbed wire is considered a.... |
deterrent (against a determined intruder) |
|
|
What is a fence with detective controls? |
PIDAS (Perimeter Intrusion Detection & Assessment System) |
|
|
What is a Bollard? |
A permanent or retractable post to control traffic and protect property (deterrent) |
|
|
In parking areas, employees should be able to ___________. |
Walk with 2 candles at least 8 feet high and feel safe...?????? |
|
|
What is CPTED (Crime Prevention Through Environmental Design)? |
Crime Prevention Through Environmental Design - proper design and effective use of the area's environment. |
|
|
What is Natural Surveillance? |
Good visibility, making intruders feel threat of detection
|
|
|
What is Natural Access Control? |
Limits opportunity for crime by taking steps to clearly identify between public and private space (like boulders and trees making a barrier) |
|
|
What is Territorial Reinforcement? |
Make users feel at home and they will try to aid in protecting the area. |
|
|
Regarding guards for physical security, what is the good and the bad? |
Can exercise discernment, but are expensive. |
|
|
T/F Adequate exterior light is necessary on a building (this helps people feel safe and acts as a deterrent) |
True! |
|
|
Doors are a__________ and should have the same fire rating as the ________. They also need ____ hinges, and should open (out/in?)_________ |
Deterrent, walls, 3, out |
|
|
What are the 3 primary lock types? |
Something you have (key) Something you know (passcode) Something you are (biometrics) |
|
|
What are the two biometric failure rates? |
Type 1: False negative Type 2: False positive (worse) |
|
|
What is the rating used to determine appropriate bio-metric device tolerance? The point at which Type I errors equal Type II. |
CER (Crossover Error Rate)
Note: Lower number is better |
|
|
What is it called when you can move from a less to more secure area? |
Progressive or Zoned security |
|
|
Cameras are considered what type of control? |
Detective (but can be deterrent) |
|
|
Data center shouldn't be on top floor, basement, or 1st floor. Why? |
Top - leaking from roof Basement - Flooding 1st Floor - control access |
|
|
What are the fire extinguishing clean agents? |
FM-200 Aero-K CO2 |
|
|
What are the following fire classes: A, B, C, D? |
A: Ordinary combustibles (wood/paper) B: Flammable r combustible liquids (gas) C: Electrical D: Combustible metals (magnesium) |
|
|
How far should a fire extinguisher be stored from electrical equipment?
|
50 feet |
|
|
Computer fires are Class ____. Fight them with_____. |
C, Carbon Dioxide (CO2) |
|
|
What are the sprinkler system types? Wet pipe, dry pipe, Preaction, Deluge |
- Wet Pipe: "dirty" water in pipes - Dry Pipe: only air until action is required, then water - Preaction: 2-step dry pipe. Filled if hazard exists, then released when verified. - Deluge: Lots of water floods area rapidly. |
|
|
What type of facility control has to do with construction, site management, personnel controls, awareness training, and emergency response? |
Administrative |
|
|
What type of facility control has to do with access controls, intrusion detection, alarms, CCTV, HVAC, power supply and fire detection/suppression?
|
Technical |
|
|
What type of facility control has to do with CPTED, fencing, lighting, locks, quality construction materials, bollards, etc.? |
Physical |
|
|
Hash with a shared secret is a ________? |
Message Authentication Code (MAC or HMAC) |
|
|
In digital signatures you encrypt the _____, not the ______. |
hash, file. |
