Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
196 Cards in this Set
- Front
- Back
|
3 Basic components to system architecture:
|
CPU, Storage device and peripherals
|
|
|
an internationally recognized set of control tha tfouc on the best practices for info sec
|
ISO/IEC 17799:2005 "Code of Practice for ino sec managment
|
|
|
provides instruction on how to apply ISO 17799 to construct run, sustain and advance info sec mgmt
|
BS7799-2:2002 (Best practices)
|
|
|
ISO 17799 Address what 11 categories
|
1) Business continuity
2) Access Control 3) System devlopment, acquisition and maintenance 4) Physical/Environmental security 5) Compliance to laws,regulations 6) Human services security 7) Information security organization/3d parties 8) Commuincations and ops mgmt 9) Asset mgmt 10) Security Policy 11) Information security incident mgmt |
|
|
family of standards defning an information security mgmt system and creates a framework for design, implementation, mgmt and maintenance of IS process througout an org (crediation process)
|
ISO 27001
|
|
|
two types of thin client-application used to access storage mgmt s/w:
|
1) Application Service provider
2) Web-based data warehousing |
|
|
when data is stored in a remove server farm on the internet provided by the software provider
|
ASP (Application Service Provider)
|
|
|
Storage mgmt where a transmitter applet transmit data based on user-defined intervals..caches during internet outages
|
Web-based data warehousing
|
|
|
prevent memory access from less privileged to more
|
Privilege level controls
|
|
|
Mechanism managing transfers from a less privilege to more
|
control gates
|
|
|
high level ring used by the OS/Kernel
|
Ring 0
|
|
|
Rings where Applications run
|
Ring 3
|
|
|
Rings provide what features
|
layering, data hiding, abstraction
|
|
|
features mainframes provide
|
reliability, scalability, maintainability, lower tot cost of ownership and credible disaster recovery
|
|
|
desktop environment consist of:
|
client devices, applications, services and servers, OS s/w
|
|
|
two application integration solutions which deal with a heterogeneous env
|
Windows terminal services and Citrix MetaFrame
|
|
|
allows an unknown array of files to be stored, recognized and exchagned by any authorized user on the net
|
a Distributed file-sharing network (NFS)
|
|
|
what implements trust in a fully distribute system
|
PKI/digital signatures
|
|
|
OS switching from one process to another quickly to speed up processing
|
Multitasking
|
|
|
system w/ multiple processors
|
Multiprocessor
|
|
|
time slicing the thread for shared CPU time
|
multithreaded
|
|
|
memory or registers can both be known as
|
Primary Storage
|
|
|
Hard disk, CDs, DVDs
|
Secondary Storage
|
|
|
T/F computers function as though they have ulmitied RAM
|
true
|
|
|
a shared set of wires connecting all the computer devices and chips
|
Bus
|
|
|
software programs controlling input and output devices
|
drivers
|
|
|
boundary that separates trusted areas (on a network)
|
security perimeter
|
|
|
validates all access to every resource (subject to objects)
|
reference monitor
|
|
|
(3 types of programs
|
OS, programming languages, apps/middleware)
|
|
|
Who/what's main function is to provide access to system resources (h/w and processes)
|
system kernel
|
|
|
What load and runs binary programs, schedules the task swapping, allocates memory and tracks physical location of files
|
Kernel
|
|
|
The reference monitor concept is implemented and enforced by what?
|
The Security Kernel (h/w, firmware and s/w that fall within the TCB)
|
|
|
3 criteria for a reference monitor/Kernel
|
1) Always invoked to mediate all accessses
2) be protected from modification 3) be verifiable |
|
|
Two system CPU states
|
supervisor and problem
|
|
|
apps run the what state
|
Problem state (nonprivileged or user mode)
|
|
|
resources requested by processes are called
|
handles or descriptors
|
|
|
when a process requests resource, it creates one or more independent ___
|
threads
|
|
|
what happens when threads aren't running
|
context is saved
|
|
|
T/F threads shared address space
|
T
|
|
|
T/F processes share addyress space
|
False
|
|
|
two major disadvantages for using threads
|
Deadlocks and blocking
|
|
|
connectivity s/w that enables multiple processes running on one ore more machines to interact
|
Middleware (e.g workflow, messaging, Internet news channels)
|
|
|
store of program or instruction in ROM
|
Firmware
|
|
|
erasble/upgradeable storage firmware ist offen stored in
|
EEPROM
|
|
|
Orange book
|
Trusted Computer System Evaluation Criteria
|
|
|
What document defines the TCB
|
TCSEC
|
|
|
Combination of all h/w, firmware, and s/w responsible for enforcing the security policy
|
Trusted Computing Base
|
|
|
Ability of a TCB to correctly enfore a security policy depend on
|
mechanism w/in the TCB and the correct input of parameter by sysadmin personnel.
|
|
|
What formally describes a security policy
|
security model
|
|
|
the role of asecurity policy is to
|
dcoument the security reqts of an org
|
|
|
to major policy on data sensitivity and data integrity
|
Bell-LaPadula, Clark-Wilson
|
|
|
Bell-LaPadula is focused on
|
confidentiality
|
|
|
Clark-Wilson is focused on
|
integrity
|
|
|
mechanism for encorcing one-way information flow, applied to either confidentiality or integrity (security labels attached to all objects)
|
Lattice model aka partial order set
|
|
|
access control model where high-level inputs do not determine lowl level outputs
|
noninterference model
|
|
|
state machine model that ensure confidentiality of an AIS (MAC)
|
Bell-LaPadula
|
|
|
what compareis the label and allow access in the model
|
reference monitor
|
|
|
simple security (read) property of BLP
|
No Read UP
|
|
|
*(star) property of BLP
|
No write down
|
|
|
Biba model ensure
|
integrity
|
|
|
This model address only address integrity by preventing unauthorized external users (1st integrity goal)
|
Bib integrity model
|
|
|
This model addresses all three integrity goals
|
Clark-wilson model
|
|
|
What is the second integrity goal?
|
no unauthorized changes by authorized users
|
|
|
what is the third integrity goal?
|
the maintenance of internal and external consistency
|
|
|
What is the clark-wilson tuple?
|
Subject-program-object
|
|
|
well formed transaction consists of?
|
idk
|
|
|
Procedure scanning data and confirming its integrity
|
Integrity Verification Procedure
|
|
|
procedures allow only to change a constrained data item
|
Transformation procedures
|
|
|
lists the users groups and roles down the left-hand and all the resources and functions across the top
|
Access Control Matrix
|
|
|
Security model in which there's analysis for covert channels
|
Information flow model
|
|
|
three parts of Graham-Denning Model
|
set of Objects, subjects and rights
|
|
|
what comprises subject in the Graham-Denning model
|
process and domain
|
|
|
t/f Subject can also be object in the Graham-denning model
|
true
|
|
|
Model that states policy for changing access rights, creating and deleting subject and objects
|
harrison-Ruzzo-Ullman
|
|
|
also known as Chinese Wall, separating access after one of the users access a given file
|
Brewer-Nash
|
|
|
Orange book
|
Trusted Computer Security Evaluation Criteria
|
|
|
levels in TCSEC
|
7
D,C1,C2,B1,B2,B3,A1 |
|
|
European eval criteria
|
ITSEC (Information Technology Security Evaluation Criteria)
|
|
|
Simple (read) property of Biba model
|
No read down
|
|
|
* (write) property of Biba model
|
No write up
|
|
|
Clark-Wilson triple
|
1) Principles (User, adversaries)
2) TP/Transformational Procedures (ie.g programs) 3) Data items/UDI/CDI (Unconstrained vs Constrained) |
|
|
model focused on change controls
|
Clark-wilson
|
|
|
3 goals of Clark-Wilson:
|
1) no changes by unauthorized subjects
2) no unauthorized changes by authorized subjects 3) maintenance of internal and external consistency |
|
|
do subject directly access objects in Clark-Wilson
|
No, Well-formed transactions/programs do
|
|
|
1. What is the name for an operating system that switches from one process to another process quickly to speed up processing?
|
b. Multitasking
|
|
|
2. What mode do applications run to limit their access to system data and hardware?
|
b. User mode
|
|
|
3. Should a reference monitor provide continuous monitoring of file privileges.?
|
No
|
|
|
4. In the Bell-LaPadula model, the simple security property addresses which of the following?
|
a. Reads
|
|
|
Which of the following does not provide a certification process?
a. ISO/IEC 17799:2005 b. BS 7799:2 c. ISO 27001 d. ISO 15408 |
a. ISO/IEC 17799:2005
|
|
|
6. Data hiding is a required TCSEC criterion of module development for systems beginning at what
criterion level? |
b. B3
|
|
|
7 Which of the following security models addresses three goals of integrity?
|
c. Clark-Wilson
|
|
|
8. ITSEC added which of the following requirements that TCSEC did not address?
|
c. Availability and integrity
|
|
|
Which of the following is not a usual integrity goal?
a. Prevent unauthorized users from making modifications b. Prevent authorized users from making improper modifications c. Maintain conflict-of-interest protections Maintain internal and external d. consistency |
c. Maintain conflict-of-interest protections
|
|
|
10. Which model establishes a system of subject-program-object bindings such that the subject no
longer has direct access to the object, but instead this is done through a program? |
c. Clark-Wilson
|
|
|
11. The Biba integrity * (star) property ensures:
|
a. No write up
|
|
|
12. Which model fails to address the fact that because all subjects that have an appropriateclearance may not need access, the system owner must still allow access by providing the need-to-know decision?
|
b. Bell-LaPadula
|
|
|
13. Which model helps ensure that high-level actions (inputs) do not determine what low-level users
can see (outputs)? |
a. Noninterference model
|
|
|
14. Which access control model has three parts — a set of objects, a set of subjects, and a set of rights — as well as defining eight primitive rights?
|
d. Graham-Denning model
|
|
|
15. What is the name for the collections of distributed software that are present between the application running on the operating system and the network services that reside on a network node?
|
b. Middleware
|
|
|
16. Which model assigns access rights to subjects for their accesses to objects?
|
b. Access control matrix
|
|
|
17. Which model describes a partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound?
|
a. Lattice-based model
|
|
|
18. What are typically trusted areas that are separated from untrusted areas by an imaginary boundary sometimes referred to as the security perimeter?
|
c. Network partitions
|
|
|
19. The Common Criteria uses which designations for evaluation?
|
c. EAL1, EAL2, EAL3, EAL4, EAL5, EAL6, EAL7
|
|
|
A holistic lifecycle for developing security architecture that begins with assesin buiness reqts and subsequing creating a chain of tracability through phases of strategy, concept, design, impmentation, and metrics is characteristec of which of the following?
|
SABSA
|
|
|
which of the following component of ITIL's service portfolio is primarily focused on translating designs into operational services through a standard project mgmt std?
|
Service transition
|
|
|
Without proper def iof security reqts , systesm fail. Which of the followin can be used to capture detaile security reqts?
|
Threat modeling, data classification, and risk assessments
|
|
|
Formerly known as ISO 17799, which of the following security standards is universally recognized as the standards for sound security principles and is focused on sht standardization and certification of an org's information security mgt system (ISMS)
|
ISO 27001
|
|
|
Which of the following describe the rules that need to be implementeed to ensure that the security reqts are met?
|
Security policy
|
|
|
A two dimensional grouping of individual subjects into groups or roles and grantin access to groups to objects is an example of which of the folloowing types of models?
|
Matrix-based
|
|
|
The * propertiy of which model says the subject can only write UP
|
Bell-LaPadula
|
|
|
Which of the following is unique to the Biba integrity model
|
Invocation property (considers a situation where corruption may occur b/c a less trustworthy subject was allowed to invoke the powers of a subject with more trust
|
|
|
Which of the following models must be considered in a share data hosting environment so that the dat of one customer is not disclosed to a competitor or other customers share that hosted environment
|
Brewer-Nash (Chinese wall)
|
|
|
Which of the followin is the secuiryt model that is primary concerned with how the subject and object are ceated and how subject are assigned rights or privileges?
|
Graham-Denning (3 parts: set of objects, set of subjects, set of rights)
|
|
|
What ISO standard provides the evaluation criteria the can be used to evaluate security requirements of different vendor produces
|
ISO/IEC 15408 (Common Criteria) first truly int'l product evaluation criteria
|
|
|
In the Common Criteria (ISO 15408), the common set of functional and assurance reqts for a category of vendor products deployed in a particular type of environment is known as...
|
Protection Profiles
|
|
|
Which of the following evaluation assurance level that is formally verified, designed and tested is expected for high risk situation?
|
EAL 7 (formally verified, designed, and tested)
|
|
|
Formal acceptance of a an evaluationsystem by management is known as
|
Acccredidation
|
|
|
which stage of the CMM is characterized by having organizational processes that are proactive
|
Defined
|
|
|
Which of the following providces am ethod of quantifyin risks associated w/ IT in addition to e=helping with validating the abilities of new security controls and t countermeasures to address the identified risks?
|
Threat/risk assessment
|
|
|
The use of the proxies to protect more trusted assests from less sensitive ones is an example of which of the folloowing types of security services?
|
Boundary controll
|
|
|
which of the following is sthe main reason for security concerns in mobile computing devies?
|
Lower processing power
|
|
|
Device drivers that enable the OS to control and communicate with hardware need to be securely designed, developed and deployed because
|
They are typically installed by end users and granted access to supervisor state to help them run faster
|
|
|
A sys Admin grants group rights to a group of individuals called "accounting" instead of grantin individual rights to each individual. This is an example of which of the following security mechanism?
|
Layering (hierarchical)
|
|
|
two-dimensional framework (rows-specific, col-models of abstraction) not specific to security arch. provies a logical structure for integrating the varius perspectives such as the plan, design, and build aspects
|
Zachman Framework
|
|
|
holistic life cycle for developing security architecture that begins w/ assessing business reqts and subsequently creating a a chain of traceability through phases (strategy, concept, design, implmentation and metrics)
|
Sherweood Applied Business Security Architecture (SABSA) Framework
|
|
|
Developed by the Open Group. provides a common set of terms, and arch development method (ADM) that describes step-by-step for common building blocks
|
The Open Group Architecture Framework (TOGAF)
|
|
|
devleop by CCTA/british govt as a collection of best practices for IT governance. Dfines the org structure, and skill reqts of an IT org, set of ops procedures and practices
|
ITIL (IT INfrastructure Library)
|
|
|
part of ITIL that addresses new business needs by describing the range of services that are or will be deployed
|
Service Strategy
|
|
|
part of ITIL's Service Stragey that includes all of the services that are provided by IT
|
service portfolio
|
|
|
part of ITIL that focuses on creating the services described within the server portfolio
|
Service Design
|
|
|
part of ITIL that is pimrarily concerned with trnslating designs into operational services through a standard project management structure
|
Service transition
|
|
|
part of ITIL involving service delivery and metrics caputre
|
Service operations
|
|
|
part of ITIL where each servier is validate against their individual key performance indicators and service levels. provides feedback
|
Continual Service improvement
|
|
|
International standard focusing on security governance, establishing standards and certification of an org's ISMS. COMPLIANCE!
|
ISO 27001 (former second part of BS7799)
|
|
|
International "code of practice" recommending security control objectives/control according to best-practice. More of a guideline
|
ISO 27002 (former first part of BS7799 -> ISO 17799)
|
|
|
Strong * property
|
subject's ability to read or write to objects
|
|
|
addition to OSI model address secure comm
|
ISO 7498-2
|
|
|
address the acitivities of the creation, analysis and sustainment of architectures of s/w intensive systems
|
ISO 42010
|
|
|
what does it mean if the masked bit is off:
|
the channel is assigned (non-interrupt able)
|
|
|
Ring 0
|
kERNEl
|
|
|
ring 1
|
I/O
|
|
|
Ring 2
|
Utilities
|
|
|
Ring 3
|
User apps
|
|
|
TCSEC D1
|
minimal protection
|
|
|
TCSEC C1:
|
DAC, Identification & Authentication
|
|
|
TCSEC C2:
|
C1 + Protected Audit Trail, object reuse protection
|
|
|
TCSEC B1:
|
C2 + MAC, Labeling protection
|
|
|
TCSEC B2:
|
B1 + Trusted path, covert storage channel analysis
|
|
|
TCSEC B3:
|
B2 + Trusted Recovery, Covert Timing Channel Analysis (DAT hiding)
|
|
|
TCSEC A1:
|
B3 + Formal design verification
|
|
|
two components of trusted path
|
1) tamper-resistents
2) assured authentication of endpoints |
|
|
Name for ISO 15408
|
Common Criteria
|
|
|
ITSEC evaluates into what two ratings
|
Assurance (E) and Functionality (F)
|
|
|
IN order to create virtual memory on a computer, what 2 memory are combined
|
Primary storage (RAM) and Secondary Storage
|
|
|
what helps ensures lack of data leakages/protection from modification
|
process isolation
|
|
|
What is the main purpose of Common Criteria (ISO 15408)
|
To independently measure how well a company's product meets its claim
|
|
|
The totality of protection mechanism w/in a computer system is called the
|
Trusted Computing Base
|
|
|
How can a process be restircted from accessing data that it should not be able to see?
|
Layering and data hiding
|
|
|
The common criteria was created for which of the following purposes
|
Establishing a common evaluation basis to be used internationally to measure product secuirty
|
|
|
Which security model intro'd the access triple
|
Clark-wilson
|
|
|
Which security model introduces the idea of mutual exclusivity
|
Brewer-Nash (Chinese wall)
|
|
|
A key mgmt philosophy is to ID the business probleem and then find a solution for it. Which architecture formalized this:
|
SABSA
|
|
|
Which of the following models was the first model to fully address all thee integrity goals
|
Clark-wilson
|
|
|
Data reminance is left after
|
erasure
|
|
|
A system running in a privileged stat is:
|
able to execute high level utilities
|
|
|
what is a key benefit of an enterprise wide security architecture?
|
Better able to support security management
|
|
|
Of the followign which is the least important concert when conifugring audit logs?
Value of the assest Volume of expected entries Vulns of the system sensitivity of the assess |
value of the assest
|
|
|
* star property address
|
writing
|
|
|
simple security property address
|
reading
|
|
|
Architecture is primarily concerned with
|
Effective Design of a system or network
|
|
|
FW must be chosen only after careful consideration of what
|
security policy needs
|
|
|
3 Integirty rules
|
unauthorized user should make no changes
authorized should make no unauth'd changes int/ext consistency |
|
|
traditional (old) system as opposed to modern system exhibited which type of environment
|
closed
|
|
|
what is the main reason why an application would be developed using the brewer nash model
|
to ensure conflicts of interestes are minimized through dynamic access control
|
|
|
What is the evaluation process used when using the TCSEC criterion?
|
Trusted Products Evaluation Program (TPEP)
|
|
|
Operating systems that provide MLS and MAC are based on
|
Bell-LaPadula
|
|
|
Which security model enforces the principle that the security levels of an object should never change and is known as the "strong tranquility" model?
|
Bell-LaPadula
|
|
|
which of the following provides the highest level of security when it comes to memory?
|
Hardware segmentation
|
|
|
process of storing data on the HD when the main memory fills up
|
Page Fault
|
|
|
Which of the following computer components dictates when data is processed by the system's processor?
|
Control unit
|
|
|
Is the TCSEC suited for comm industry
|
no
|
|
|
Products that pass the TPEP are published in what
|
List of evaluated products
|
|
|
A multithreading computer can do what
|
run and process multiple requests at a time (not just mulitple processes)
|
|
|
Multithreading
|
process mor than one request at a time
|
|
|
Multitasking
|
process more than one task, process at one time
|
|
|
Multiprocessing
|
Has multiple CPUs and can process separate instructions in parallel
|
|
|
Basic Security theorem
|
if a system starts in a secured state, all future states remain secure and the system shuts down securely, then the system will alwasys be in a secure state
|
|
|
The common criteria uses what to describe specific security solution needs`
|
Protection Profiles
|
|
|
What model addresses more granular activities, as in how subject and object should be created securely?
|
Harrison-Ruzzo-Ullman
|
|
|
Property unique to Biba integrity model
|
Invocation property (corruption may occur due to a less trusthwory subject invoing the power of a more trusted entity)
|
|
|
What makes up the totality of protective mechanisms within a system?
|
The Trusted Computing Base
|
|
|
Functional EAL level of testing
|
EAL 1
|
|
|
Structural EAL level of testing
|
EAL 2
|
|
|
Methodological EAL level of testing
|
EAL 3,4
|
|
|
Semi-Formal EAL level of testing
|
EAL 5,6
|
|
|
Formal EAL level of testing
|
EAL 7
|
