• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/156

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

156 Cards in this Set

  • Front
  • Back

Encryption that uses two keys: if you encrypt with one you may decrypt with the other

Asymmetric encryption

one-way encryption using an algorithm and no key

Hash function

Allows multiple virtual operating system guests to run on one host

Hypervisor

Preventive physical control with two doors. Each door requires a separate form of authentication to open

Mantrap

Following an authorized person into a building without providing credentials

Tailgating

TCSEC


Trusted computer system evaluation criteria also known as the orange book

Encryption that uses one key to encrypt and decrypt

Symmetric encryption

Domain 3

Security engineering

What provides rules of the road for securely operating systems

Security models

Reading down and writing up

If a subject with secret clearance uncovered a plot of top-secret importance they are writing up

State Machine model

Every possible state of a system is evaluated and if they are all secure the system is proving to be secure

Belle - La Padula model

State Machine model focused on maintaining the confidentiality of objects.


Simple security property: no read up


Star Security property: no write down


The strong Tranquility property: states that security labels will not change while the system is operating


Weak Tranquility property:that security labels will not change any way that conflicts with defined security parameters


Allow security controls for complex environments. Subjects have a least upper bound LUB and greatest lower bound GLB access to the objects based on their position

Lattice based access controls

Confidentiality models versus Integrity models

Models such as Bell La Padula focus on confidentiality which is a primary concern with government entities while the Biba model focuses on integrity which is more desirable for businesses

Biba model

The opposite of the Bell La Padula model in the Biba model there are two rules:


the simple Integrity Axiom States no read down star Integrity Axiom States No wright up.


The focus of this model is integrity

Integrity model.


Requires that users are authorized to access and modifying data.


Requires data is modified in only authorized ways.


The concept of separation of Duties and transformation procedures within the system.

Clark - Wilson model



Information flow model

Both Bell lapadula and Biba use the information flow model

Designed to address the risks inherent with employing Consultants working with in banking and financial institutions and having to do with conflicts of interest COI

Chinese wall model. Also called Brewer-Nash.



Non-interference model

Data at different security domains remain separate from one another.


a covert channel is a policy violating communication that is hidden from the owners of a data system

Take- Grant protection model

A complex model that contains rules that govern the interactions between subjects and objects and permissions subjects can grant to other subjects rules include:


take, Grant, create, and remove

Access Control matrix model

Read, right, and execute Matrix

Zachman framework for Enterprise architecture model

A matrix of:


what, how, where, who, when, and why


map across rules including:


planner, owner, designer, Builder, programmer, and user.

A three-part model including objects, subject, and rules providing a granular approach for interactions between subjects and objects.There are 8 rules:


1.) Transfer access.


2.) Grant access.


3.) Delete access.


4.) Read object.


5.) Create object.


6.) Destroy object.


7.) Create subject.


8.) Destroy subject.

The Graham - Denning model


A variation of the Graham Denning model with six primitive operations and it differs by considering subjects to also be objects

Harrison - Ruzzo-Ullman model (HRU)

These are the four what?


1.) Dedicated.-system contains objects of all one classification label.


2.) System High.-the system contains mix labels and all subjects must possess a clearance equal to the system's highest object.


3.) Compartmented.-formal need to know access is granted on specific objects which are placed into compartments.


4.) Multi-level.-the reference monitor mediates access between subjects and objects.-the reference monitor mediates access between subjects and objects.

Modes of operation

The orange book, is the granddaddy of evaluation models it uses a letter number combination with D as the lowest Security and A is the highest

Trusted computer system evaluation criteria TCSEC

TNI the red book

Trusted Network interpretation brings tcsec Concepts to network systems

The first successful International evaluation model.

Information Technology security evaluation criteria (ITSEC)

An internationally agreed-upon standard for describing and testing the security of it products it is designed to avoid requirements beyond the current state-of-the-art

The international common criteria

Common criteria terms:


Target of evaluation

The system or product that is being evaluated

Common criteria terms:


Security Target

The documentation describing the target of evaluation including the security requirements and operational environment

Common criteria terms:


protection profile

An independent set of security requirements and objectives for a specific category of products or systems, such as firewalls or intrusion detection systems

Common criteria terms:


Evaluation assurance level EAL

The evaluation score of the tested product or system

Common criteria:


levels of evaluation

EAL 1: functionally tested.


EAL 2: structurally tested.


EAL 3: methodically tested and checked.


EAL 4: methodically designed, tested, and reviewed


EAL 5: send semi-formaly designed and tested


EAL 6: semi - formally verified, designed, and tested.


EAL 7: formally verified, designed, and tested.

"Vanderpool" &


"Pacifica"

The names of Intel and AMD virtualization Technologies

CISC & RISC

Complex instruction set computer and reduced instruction set computer.


X86 vs ARM

Common modes of memory addressing

Direct, indirect, register direct, register indirect

This prevents one process from affecting the CIA of another it's a requirement for secure multi-user and multi-tasking systems

Memory protection

Techniques such as using virtual memory, object encapsulation, and time multiplexing to prevent interference attacks is called...

Process isolation

This takes process isolation one step further by mapping processes to specific memory locations

Hardware segmentation

What provides functions including multi-tasking, allowing multiple processes to access the same shared library in memory, and swapping

Virtual memory

BIOS

Firmware that runs post, then finds the boot sector, loads the kernel and Boots the operating system

WORM storage

Write once read many


CD-R/DVD-R, and some digital linear tape drives

A hardware chip on the motherboard that can do functions such as random number generation, symmetric, asymmetric, and hashing algorithms, storage of cryptographic keys and message Digest as well as ensuring boot integrity.

Trusted platform module TPM

What is the function of:


Data execution prevention DEP and address space location randomization ASLR

Both try to make it more difficult to perform exploits that try to corrupt the memory with system via stack or Heap based buffer overflow conditions

Monolithic kernel vs. microkernel

The monolithic kernel cannot add functionality while micro-kernel can add modules in user mode instead of supervisor mode.

What runs the reference Monitor and what are its functions?

A core function of the kernel is running the reference monitor which mediates all access between subjects and objects. The reference monitor is always enabled and cannot be bypassed.

Transparent virtualization vs paravirtualization

Transparent also called Full virtualization is what I normally run paravirtualization requires the guest operating systems to be changed to work

Type 1 hypervisor vs Type 2

Type 1 is a bare metal hypervisor like ESX type 2 is like VMware workstation

An attack that exploits the host OS the virtualized environment to gain access to other resources

VMEscape

Iaas

Infrastructure-as-a-service for example: Linux server hosting

Paas

Platform-as-a-service for example: web service hosting

Saas

Software-as-a-service for example: webmail

An approach of Distributed Computing that typically leverages spare CPU cycles of devices not currently needed

Grid computing

Large-scale parallel Data Systems

Increased performance through economies of scale with Integrity challenges

What control do you use to ensure you are receiving legitimate data through peer-to-peer Networks

Cryptographic hashes

The term for energy that escapes an electronic system which may be remotely monitored and protected by a government standard for shielding codename TEMPEST

Emanations

Definition of covert Channel and two specific types

Any communication that violates security policy.


Storage channels and timing channels

Using shared storage to relay a hidden message utilizing file size as the message.

Covert storage Channel

Using the system clock to infer sensitive information such as a possible good username by the delay of the system checking the cryptographic hash

Covert timing channel

A type of back door installed by designers and programmers to allow developers to bypass normal system checks

Maintenance hooks

5 Types of computer viruses

Macro virus,


boot sector virus,


stealth virus,


polymorphic virus,


multipartite virus

Packers

A type of malware used to shrink the size of an executable to evade signature-based malware detection

Remote file inclusion attack

Taking advantage of a back-end software such as PHP to have the server download of malicious file and run it by manipulating the URL

A collection of some of the best application security resources many of them free for improving organizations application security posture known for their top 10 security risks

The open web application security project (OWASP)

An attempt to reduce application architecture down to the function unit of a service. XML or JSON for the data structures, soap or rest for the connectivity and WSDL provides details on how to invoke

Service-oriented architecture (SOA)

SOAP

Simple object access protocol

REST

Representational State transfer

WSDL

Web services description language:. Provides details about how web services are to be invoked.

This mean the database will create two entries with the same primary key possibly one labeled​ secret and one labeled​ top secret

Poly instantiation

Asking every single question to a database so you can infer the answer you're looking for though you might not have clearance for that data. Controls for this include poly instantiation as well as query limiting

Inference and aggregation

Network access control NAC and network access protection NAP

Both verify current patches and or antivirus signatures. NAC is a Cisco product and NAP is an operating system based Solution by Microsoft

Cryptology, cryptoanalysis, and cryptography

Cryptography creates messages whose meaning is hidden,


cryptanalysis is the science of breaking encrypted messages, and


cryptology encompasses both it is the science of secure Communications

Diffusion

Means the order of the plaintext should be dispersed in the cipher text

Confusion

Means that the relationship between the plaintext and ciphertext should be as confused as possible

The father of information security

Claude Shannon with his paper: communication theory of secrecy systems, first defined the terms confusion and diffusion in 1949

Replacing one character for another providing confusion

Cryptographic substitution

Provides diffusion by rearranging the characters of the plaintext anagram style

Permutation, also called transposition

Describes how long will take to break a crypto system without the key

The work Factor

Monoalphabetic and polyalphabetic Ciphers

Monoalphabetic Cipher uses one alphabet this makes it susceptible to a frequency analysis. Polyalphabetic Cipher use a different alphabet each round

True if and only if one or the other is true not both. This is the basis of modern encryption.

Exclusive or (XOR)

Truecrypt and PGP

Two common forms of whole disk encryption for encrypting data at rest

Protocol governance

The process of selecting the right method(Cypher), and implementation for the right job. Factors such as speed, strength, cost, complexity should be weighed.

Spartan scytale

Strip of parchment wrapped around a rod then written on downwards unraveled and sent to someone with a similar rod

Caesar Cipher

Monoalphabetic rotation Cipher used by Gaius Julius Caesar

Vigenere Cypher

A polyalphabetic Cipher consisting of grid of the alphabet across the top and a rotating alphabet down and the repeating key for look up.

Cipher desk

Can be monoalphabetic or polyalphabetic. Two parties agree on a fixed offset and if polyalphabetic encryption is desired they also agree on when they turn the inner disc.

Jefferson discs

The Cipher wheel had 36 wooden discs each with 26 letters in random order along the edge like The Ridges of a coin. Must be decrypted with an identical set of discs

Book Cipher

Use this whole words from a well-known text agreed upon ahead of time. It would it be in Cryptid by using page, column, offset.

Running key Cipher

Uses modulus math to add letters to each other from an agreed-upon text.

Cipher for telegraphic correspondence

Used by General Joseph Hooker during United States Civil War. each word in the code book has two code names the president was Adam or Asia the secretary of state was able or Austria

One-time pad

Identical paired pads of random characters that use modular addition for encrypting and subtraction for decrypting. The only encryption method that's mathematically proven to be secure.

Vernam Cipher

First known use of one-time pad an employee of AT&T Bell Laboratories in 1917 Gilbert Vernam

Hebern machines

Rotor machines such as enigma and sigaba. Enigma was critical in World War II and sigaba was never broken also called electronic code machine or ECM

Purple

A stepping switch device used by Japanese Axis powers during World War II. Successfully decrypting purple was responsible for a victory at the Battle of Midway Island.

COCOM the wassenaar arrangement

The Coordinating Committee for multilateral export controls restricted the export of cryptography to Iron Curtain countries during the Cold War; the wassenaar arrangement relaxed these restrictions

The three types of cryptography

Symmetric, asymmetric, hashing

Stream and block ciphers

Stream ciphers encrypt each bit individually. Block ciphers encrypt blocks of data each round. For example: 64 bits for DES

Initialization vectors and chaining

A message to prevent patterns do to letterhead in symmetric ciphers. Chaining is called feedback and stream modes and seeds the previous and encrypted block into the next block.

DES

The data encryption standard which actually describes the data encryption algorithm or DEA. 64 bit block size and 56 bit key.

The five modes of DES

Electronic code book (ECB)


Cipher block chaining (CBC)


Cipher feedback (CFB)


Output feedback (OFB)


Counter mode (CTR)

Electronic codebook (ECB)

The first and weakest form of Des it uses no initialization vector or chaining. Two plain texts with partial identical portions will have the same ciphertext portions

Cipher block chaining (CBC)

A form of Des that XORs the previous encrypted block of ciphertext to the next block of plain text. It uses random data for an initiation vector but the chaining causes an encryption error to Cascade and destroy the integrity

Cipher feedback CFB

Like Cipher block chaining but in stream mode using feedback (AKA chaining in stream mode)

Output feedback OFB

Similar to Cipher feedback but changes the way the feedback Works to not propagate errors

Counter mode CTR

Similar to output feedback but the feedback uses a counter which can be done in parallel.

Triple Des

Single Des 3 times per block. Slow and complex compared to newer symmetric algorithms such as AES or twofish. double Des is susceptible to meet in the middle attack

Triple Des encryption order and keying options

Encrypt decrypt encrypted EDE


Basically this just described using one key to keys or three keys three keys being the most secure effective strength of 112 bits due to a partial meet in the middle attack

International data encryption algorithm IDEA​

128 bit key 64-bit block size; patented and slow speed compared to AES


Advanced encryption standard AES

Symmetric block Cipher


128-bit keys 10 rounds


192 bit with 12


256-bit with 14


128-bit blocks of data.


Vincent Rijmen and Joan Daemen

AES functions

Subbites, shiftrows, mixcolumns, and addroundkey provide confusion, diffusion, and XOR encryption to the state

Blowfish and twofish

Symmetric block ciphers created by teams led by Bruce schneier. GloFish uses 32 to 448 bit keys to encrypt 64 bits of data. Two fish was an AES finalist encrypting 128-bit blocks using 128 through 256-bit keys

Rc5 and rc6

Symmetric block ciphers by RSA Laboratories. Rc6 encrypt 128-bit blocks using 128, 192, or 256-bit keys. Rc6 was an AES finalists

Asymmetric methods-One Way functions

Factoring prime numbers.


Discrete logarithm.


Diffie Hellman key agreement protocol which uses discrete logarithm.


Elliptic curve cryptography ECC which also uses discrete logarithms.

Hash functions

Provide integrity


Sha - 1 create a 160 bit hash


Message digest 5 md5 creates a 128-bit hash

Collisions

Because the possible plaintexts are far larger than the possible hash more than one document could have the same hash

Secure hash algorithm sha-1 + sha-2

Sha - 1 creates a 160 bit hash value


Sha - 2 create 224, 256, 384 , and 512

Hash of variable length HAVAL

128, 160, 192, 224, or 256 Beth using three, four, or five rounds. Faster than md5

The term for having some information about a key to reduce number of characters to try to break the key

Known key

An attack that works on double Des to effectively make the number of attempts 2^57 and reducing the strength of the 168 bit triple DES to 112 Beth

Meet in the middle attack

Finding the difference between related plaintext that are encrypted and analyzing signs of non randomness

Differential Crypt analysis

Using large amounts of plain text flashlight for text Paris created with the same key

Linear cryptanalysis

Using physical data to break a crypto system such as monitoring CPU Cycles or power consumption used while encrypting or decrypting

Side Channel attacks

Exploiting a mistake in the implementation of an application such as plain text or keys left in virtual memory

Implementation attack

A probability-based attack for finding any input that creates a colliding hash with any other input

Birthday attack

When two symmetric Keys applied to the same plaintext produce the same ciphertext

Key clustering

A cryptographic algorithm

Cipher

What provides authentication and integrity Forming non-repudiation but not providing confidentiality

Digital signature

A hash function that uses a key

Message application code Mac

HMAC

Hashed message application code.


Using a pre-shared key along with hashing to provide non-repudiation

The standard digital certificate format for pki

X. 509

Nist special publication 800 - 15 describes five components of pki

Certificate authorities


Organizational registration authorities


Certificate holders


Clients that validate digital signatures


Repositories that store certificates and certificate revocation lists

Who authenticates the identity of an entity requesting a certificate

Organizational registration authorities ORA

The two primary Protocols of IPSEC

Authentication header AH.Encapsulating security payload ESP


Encapsulating security payload ESP

ISAKMP

Internet Security Association and Key Management protocol

IKE

Internet key exchange

Provides authentication and integrity for ipsec traffic

Authentication header AH

Provides confidentiality for ipsec traffic

Encapsulating security payload ESP

The protocol that manages the SA creation process

ISAKMP


The Internet Security Association and Key Management protocol

Tunnel mode vs transport mode

Tunnel mode encrypts the header and data, whereas transport mode encrypts only the data. Transport mode is often used with AH

The algorithm selection process for an ipsec tunnel

Internet key exchange IKE

Asymmetric encryption for the masses which uses a web of trust instead of a central certificate Authority

Pretty good privacy PGP

Provide the standard way to format email including characters sets and attachments

Multipurpose internet mail extension (S/MIME)

When a third party organization hold the copy of a public / private key pair

Escrowed encryption

An abandoned technology used in the escrowed​ encryption standard using the skipjack algorithm symmetric Cipher with an 80 bit key

Clipper chip

The act of hiding that communication is taking place at all such as Within a pictures pixels

Steganography

Strong post designed to stop a car

Bollard

The term for one Lumen per square meter

Lux

The type of light originally used in lighthouses

Fresnell

Class A fire

Wood paper rubber plastic.


Extinguished with water or soda acid

Class B fire flammable liquids, in the US this includes flammable gases in Europe flammable gases are Class C

Extinguished with Halon substitute CO2 or soda acid

Class C fire electrical equipment,. Class E in Europe

Halon substitute or CO2

Class D combustible metals

Extinguished with dry powder

Class K in US or F in Europe

Kitchen oil or fat fires extinguished​ with wet chemicals

Halon substitutes

Argon


FE-13


FM-200


Inergen

The PASS method to extinguish a fire with a portable fire extinguisher

Pull the pin.


Aim low.


Squeeze the pin.


sweep the fire.