Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
149 Cards in this Set
- Front
- Back
Confidentiality (CIA triad) |
Keeping information and communications private and protecting them from unauthorized access. |
|
Integrity (CIA triad) |
Keeping organizational information accurate, free of error, and without unauthorized modifications. |
|
Availability (CIA triad) |
The fundamental principle of ensuring that systems operate continuously and that authorized persons can access the data they need. |
|
Authorization |
The process of determining what rights and privileges a particular entity has. |
|
Access Control |
The process of determining and assigning privileges to various resources, objects, or data. |
|
Accountability |
The process of determining who to hold responsible for a particular activity or event, such as a logon. |
|
Auditing/Accounting |
The process of tracking and recording system activities and resource data. |
|
Non-Repudiation |
Ensuring data remains associated with the party that creates it or sends a transmission with that data. Must be able to independently identify the sender and sender is responsible for message. |
|
Least Privilege |
Users and software only have minimal level of access that is necessary. |
|
Priviledge Bracketing |
Administrator uses this to allow privileges only when needed and then revoke them when user is done or need has passed. |
|
Risks |
Loss of device, power, network, or physical damage. Affects people, practices, and processes. |
|
Data Breaches |
When sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an unauthorized individual. Can be unintentional or intentional. |
|
Unauthorized Access |
Any type of network or data access that is not explicitly approved by an organization. |
|
Hackers and Attackers |
Individuals who have skills to gain access to computing devices through unauthorized means. |
|
White Hat |
A hacker who discovers and exposes security flaws in applications and operating systems so manufacturers can fix them. |
|
Black Hat |
Jack who exposes security vulnerabilities for financial or malicious gain. |
|
Security Controls |
Safeguards to avoid or counteract security risks. Physical: doors, locks, fire extinguishers. Procedural controls: processes, management oversight, security, awareness, training. Technical Controls: firewalls, logins, antivirus. Leg and regulatory: privacy laws, policies, clauses. |
|
Security Policies |
A formalized statement that defines how security will be implemented within a particular organization. |
|
Policy Statement |
Outlines the plan for the individual security component. |
|
Standards (Security Policy) |
Defines how to measure the level of adhereance to the policy. |
|
Guidelines (Security Policy) |
Suggestions, recommendations, or best practices for how to meet the policy standard. |
|
Procedures (Security Policy) |
Step by step instructions that detail how to implement components of the policy. |
|
Acceptable Use Policy |
Defines acceptable use of an organization's physical and intellectual resources. |
|
Audit Policy |
Details the requirements for risk assessment and audits of the organization's information and resources. |
|
Extranet Policy |
Sets the requirements for third-party entities that desire access to an organization's networks. |
|
Password Policy |
Defines standards for creating password complexity and what is defined as a weak password and protecting password safety. |
|
Wireless Standards Policy |
Defines what wireless devices can connect to an organization's network and how to use them in a safe manner. |
|
SANS |
SysAdmin, Audit, Networking and Security Institute has a defined list of standard policy types and templates. |
|
Windows Security Policies |
Configuration settings in Windows that control overall security behaviour of the system. Found in Computer Configuration \ Windows Settings \ Security Settings. |
|
Group Policy |
Centralized account management feature available for Active Directory on Windows Server Systems. |
|
Permissions |
Security setting that determines level of access a user or group account has to a particular resource. Ex. Printers, shared folders. |
|
NTFS Permissions |
Windows NT file systems |
|
Read NTFS |
Permits viewing and listing of files and subfolders and viewing or accessing of the files' contents. |
|
Write NTFS |
Permits adding of files and subfolders and writing to a file. |
|
Read & Execute NTFS |
Permits viewing and listing of files and subfolders, executing files, and viewing and accessing files' contents and executing the file. |
|
List Folder Contents NTFS |
Permits viewing and listing of files and subfolders as well as executing of files. |
|
Modify NTFS |
Permits reading and writing or deletion of files and subfolders. |
|
Full Control NTFS |
Permits reading, writing, changing, and deleting of files and subfolders. |
|
Special Permissions |
Permits specific actions that are part of other permissions to be performed on folders and files. |
|
r UNIX |
Read. View file contents and see what is in directory. |
|
w UNIX |
Write. Modify file contents and create and delete directory contents. |
|
x UNIX |
Execute. Run the file, move into directory (if it is executable and combined with read and can also see long listings of contents of directory) . |
|
Segmentation |
Each subsystem is placed in it's own area or zone. |
|
SCADA/ICS |
SCADA/ICS networks are in this segment. May be impractical to upgrade and will not have the latest security. |
|
Legacy Systems |
May be vulnerable so keeping them separate from rest of network will reduce risks. |
|
Private Networks |
All devices used by employees and all servers with data not for the public are kept in this segment. |
|
Public networks |
Devices used for public access are kept in this segment. |
|
Testing lab |
Devices that are used for testing applications, updates, and patches are in this segment. |
|
Honeynet |
Devices used as honeypots (device set to detect, deflect, or counteract attempts of unauthorized use) are in this segment. |
|
Wireless Security |
Any method of securing your WLAN to prevent unauthorized network access and network data theft. |
|
Site Survey |
Analysis technique that determines the coverage area of a wireless network. |
|
Disaster Recovery |
The administrative function of protecting people and resources while restoring a failed network or device as quickly as possible. |
|
Business Continuity |
A defined set of planning and preparatory activities to be used in case of disaster so can recover in short amount of time. |
|
Resilience |
Critical business functions and infrastructure are designed so they are materially unaffected by most disruptions. |
|
Recovery |
Arrangements are made to recover critical business functions that fail for some reason. |
|
Contingency |
Readiness to cope effectively with disasters. Last resort response when resilience and recovery arrangements are inadequate. |
|
Single point of failure |
If it fails it will stop entire network. |
|
Redundancy |
Added to network to avoid single point of failure. |
|
What is the difference between Windows security policies and group policy? |
Windows security policy apply to the device they reside in. Group policy resides in active directory on a windows server applied to any device in the domain. |
|
Three principles of the CIA triad |
Integrity, confidentiality, availability |
|
When would you perform a site survey? |
To help install and secure a WLAN. |
|
What is the concept of least privilege? |
End users should be given the minimal level of technological and physical access that is required to perform their jobs. |
|
Vulnerabilities |
Condition that leaves a device open to attacks. |
|
Vulnerabilities Examples |
-improperly installed hardware or software -bugs -misuse of software protocols -poorly designed networks -poor physical security -insecure passwords -design flaws in software -unchecked user input |
|
Internal Threats |
Disgruntled employees may be a source of physical sabotage. |
|
External |
Power failure, use a uninterruptible power supply to avoid this. |
|
Natural Threats |
Tornados, hurricanes, snow storms, floods |
|
Man-made |
Can be internal or external. Ex. Construction damages fibre optics. |
|
Environmental Threats |
Fire, hurricanes/tornadoes, flood, extreme temperatures, extreme humidity |
|
Unnecessary Running Services |
Services running on a device that are not necessary for it's intended purpose or operation. |
|
TCP |
Transmission control protocol |
|
UDP |
User datagram protocol |
|
FTP |
File transfer protocol |
|
Open port |
Is a TCP/UDP port number that is configured to accept packets. Needs to be unfiltered with application listening for incoming packets. |
|
Unpatched System |
Operating system without the latest security updates. |
|
Legacy System |
A device running older OS that is no longer supported. |
|
Unencrypted Channels |
Are connections in which the data being sent is not encrypted. |
|
Cleartext Credentials |
User passwords that are transmitted or stored unencrypted. |
|
Unsecure protocols |
Expose data or credentials in cleartext. |
|
Telnet |
Passes authentication and data using cleartext. |
|
HTTP |
Subject to eavesdropping and attackers can gain access to website accounts and sensitive information. |
|
SLIP |
Serial line internet protocol: passes authentication using cleartext. |
|
FTP |
All authentication and data is in cleartext |
|
TFTP |
Trivial file transfer protocol: even less secure that FTP because it forms not require an authentication to the remote host by the user. |
|
SNMP |
Simple Network Management Protocol: authentication is in cleartext. |
|
Radio Frequency Emanation |
Where electronic equipment can emit unintentional radio signals. |
|
What are three applicable forms of vulnerabilities? |
-Improperly configure software -misuse of communication protocols -poor physical security |
|
One of your workstations has been compromised by an external entity. What are some vulnerabilities you should check to see if they are allowing external connections? |
-open ports -unpatched system -unnecessary running services |
|
Attacks Types |
-physical security attacks -network based -Software based -social engineering based -web application based attacks |
|
Data theft |
Attacker uses unauthorized access to obtain protected network information. |
|
Social engineering attacks |
Uses deception to convince users to provide sensitive data or to violate security guidelines. |
|
Spoofing |
The goal is to pretend to be someone else so identity can be concealed. |
|
Impersonation |
Attacker pretends to be someone else. |
|
Phishing |
Fake email wanted you to send valuable information. |
|
Vishing |
Over the phone attack trying to get information. |
|
Whaling |
Well researched attempts to get information from higher up individuals. |
|
Spam and spim |
Spam with malware in email. Spim through instant messaging. |
|
Hoax |
Incorrect misleading information |
|
Insider threats |
Malicious employee gains sensitive company information. |
|
Malware attacks |
Software attack that disables devices and gain information |
|
Virus |
Code that spreads from computers through files. Sending data back to attacker. |
|
Worm |
Can enable further attacks, transmit data, corrupt or erase files and spread itself. |
|
Trojan Horse |
Paves the way for other attacks. |
|
Logic bomb |
Sits dormant until triggers by special event. |
|
Rootkit |
Takes full or partial control of device. |
|
Bonet |
Set of devices infected by a control program called a bot. |
|
Grayware |
Not actually malicious in nature. Adware, spyware. Identifies as potentially unwanted programs. |
|
Boot sector virus |
Infects disk based media. |
|
Macro |
Application specific instructions that execute in specific application. |
|
Mailer and mass mailer |
Mailer virus sends itself to others through email. |
|
Polymorphic virus |
Change as it moves, acting different on different systems. |
|
Script virus |
Small program using windows scripting, visual basic, and javascript. |
|
Stealth |
Moves and attempts to conceal itself. |
|
Buffer Overflows |
Attack that causes system OS to crash or reboot. |
|
Evil twins |
Rogue access points that appear to be legitimate. |
|
Rogue access point |
Unauthorized wireless access point on a corporate or private network. |
|
War driving |
Searching for instances of wireless networks by using wireless tracking devices. |
|
War chalking |
Using symbols to mark off sidewalk or wall to indicate network internet access. |
|
Bliejacking |
Send out unwanted bluetooth signals. |
|
Bluesnarfing |
Gain wireless access by using bluetooth connection. |
|
IV attack |
Attacker predicts Initialization vector. |
|
Authentication by assertion |
Authentication based on a user name/password combination. |
|
Tokens |
Physical or virtual objects ex. Smart cards, ID badges, or data packets that store authentication information. Can store PINs. |
|
Mutual authenication |
Security mechanism that requires that each party in a communication verify each other's identity. |
|
SSO single sign on |
If user has multiple usernames and passwords can be organized into a federation. In federation user only needs to use a single account. |
|
EAP Extensible Authenication Protocol |
Enables systems to use hardware based identifiers, fingerprint scanner or card readers. |
|
Extensible authenication protocol over LAN (EAPOL) |
EAP over LAN as used in 802.1x implementations |
|
EAP transport later security (EAP TLS) |
Feature in wireless routers and cards and provides robust security. |
|
EAP MD5 |
Provides minimal security and is easily bypassed or hacked. |
|
Protected Extensible Authenication Protocol PEAP |
widely supported authenication method in EAP implementations. |
|
Kerberos |
Authenitcation service based on a time sensitive ticket granting system. |
|
Open system |
Authenication uses null authenication meaning user names and passwords are not used to authenticate user. |
|
Shared key |
Authenication method verifies the identity of a station by using a WEP key. |
|
802.1x and EAP |
EAP authenticates user and not the station. This is done with a radius server. |
|
Cryptograph |
The science of hiding information |
|
Hashing Encryption |
One way encryption that transforms cleartext into ciphertext that is not intended to be decrypted. Result is called hash, hash value, message digest. Two types: MD5, SHA |
|
Key based encryption |
Shared key/symmetric: the same key is used to encode and decode. Key pair/private key: known only to individual. Public key can encrypt, but private has to decrypt. |
|
Digital certificate |
Electronic document that associates credentials with a public key. |
|
Certificate Authority |
Issues certificates and the associated public/private keys. |
|
The encrypting file system ESF |
Available on windows that are formatted with NTFS. Encrypts file data by using digital certificates. |
|
PKI public key infrastructure |
Encryption system composed of CA, certificates, software, services, and other cryptographic components. |
|
TLS transport layer security |
Protects sensitive communication from being eavesdropped by using a secure, encrypted and authenticated channel over TCP/IP. |
|
WEP wired equivalent privacy |
Provides 64 bit, 128 bit, and 256 bit encryption using Rivest Cipher 4 algorithm. |
|
WPA wifi protected access |
Provides improved data encryption through temporal key integrity protocol TKIP. |
|
WPA2 |
Adds advanced encryption standard AES cipher based counter mode with cipher block chaining message authenication code protocol CCMP. |
|
WPA Personal |
WAP configured with preshared key used to encrypt data. |
|
WPA enterprise |
Designed for enterprise networks. Assigns unquie encryption key for every client when they log on to the network. |
|
What is the least secure wireless security protocol? |
WEP |
|
With key pair encryption, what type of key is used to decrypt the data? |
Private key |