Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
91 Cards in this Set
- Front
- Back
|
•Users that require some level of special access or special privileges in order to perform a given task
•Management of is very important due to the fact that these entities often have the ability to bypass security controls |
Privileged Entities
|
|
|
What are the Privileged Entity Classes
|
•Operators
•Ordinary Users •System Administrators • Security Administrators •System Accounts |
|
|
•These are users typically found in data centers who have elevated privileges, but less than system administrators.
•They may have the ability to bypass security settings, depending on what processes they are running. •Because of their privileged access, these accounts should be monitored closely. •They pose a security risk and strict auditing needs to implemented to ensure policy violations do not occur with operator accounts. |
Operators
|
|
|
what are the Operators’ Functions
|
•Initiate system startup
•Monitor process execution on a system: respond to various events, interruptions, and job completion messages. •Can mount and dismount volumes: allows them access to the application and data. •Can control job processes and flow: can initiate, pause, or terminate programs. •Can rename and change the label on resources: can bypass security label information. •An example of operators in the Windows environment would be the Power Users group, which has elevated privileges, but cannot perform all of the operations of the Administrator group. |
|
|
• Ensure that a system or systems functions properly for users
•Perform maintenance and monitoring tasks •Require the ability to affect critical operations such as boot sequence, log files, and passwords •Manage hardware and software for workstations and servers •Provide oversight for the security operations of a system •Usually have fewer rights than system administrators •Ensure separation of duties is enforced •Provide a check and balance of power to system administrators •Ensure security policies are enforced |
System Administrators
|
|
|
note
Maintenance •Workstations must be configured to prevent unwanted modifications •Servers require more stringent security controls to protect things like databases, security policies, information, and necessary services •Network devices such as routers, firewalls, IDSs, must be maintained and patched as necessary •Proper clock settings ensure servers can properly communicate with each other and with workstations |
note
Monitoring •System logs are the primary tool used in monitoring for incidents and therefore must be protected against modification |
|
|
describe System Accounts
|
•Dedicated to providing a system service
•Usually run background services/daemons •Often assigned elevated privileges upon install of an operating system •Many are created by database installations System accounts are dedicated accounts used to run different services on a given system Examples would be the LPD account for UNIX printing. |
|
|
Note
Account Management Organizations must maintain strong control over the number and types of accounts used on systems. Account management involves the life-cycle process for every account in a system. There are primarily four types of accounts: •Root •Service •privileged user •ordinary user. |
Note
Account Management Organizations must maintain strong control over the number and types of accounts used on systems. Account management involves the life-cycle process for every account in a system. There are primarily four types of accounts: •Root •Service •privileged user •ordinary user. |
|
|
Root accounts description and security
|
are the all-powerful default administrative accounts used to manage a device or system. These accounts are generally shared by administrators for performing specialized administrative tasks. administrators should refrain from using these accounts, as a loss of accountability is possible when multiple individuals have access to an account password. These accounts should be renamed whenever possible and strictly controlled. Default passwords should be changed prior to adding the device or computer to the production network. Manual logs should be kept to record individual use of the root account and password. The manual logs should correlate with the system audit log regarding the account activity. It is best to have the administrators log in at the device console in an area with restricted access. Remote log-in with root accounts should only occur when the session can be encrypted. This prevents a compromise of the root password or session hijacking by a rogue node on the system.
|
|
|
Systems accounts description and security
|
typically use a variety of accounts to provide automated services, such as Web servers, e-mail servers, and database management systems. The services require accounts to perform actions on the local system. Services might also have multiple internal accounts. Database management systems, such as Oracle 8i, can have 10 or more internal default accounts at the initial installation. Depending on the use of the system, internal accounts not needed should be disabled or deleted. Services may also have internal root-type accounts that should be managed as mentioned above. Management of service accounts can become challenging in a distributed environment where administrators must perform administrative functions remotely. Passwords for service accounts must be strictly controlled to prevent a masquerading attack. Developing a strategy for changing service account passwords on a routine basis is necessary to provide continued integrity for the system.
|
|
|
Privileged user accounts description and security
|
are those assigned to system, security, database, and other application administrators. These types of accounts must be strictly controlled and not assigned to multiple individuals, so that adequate accountability exists. The number of privileged accounts ought to be kept to an absolute minimum to enforce the concept of separation of duties. Passwords for administrative accounts should be distributed in person. Administrators should acknowledge in writing receipt of their account and willingness to follow organizational usage policies for privileged accounts. Remove administrative accounts immediately from the system when individuals no longer require that level of access.
|
|
|
Ordinary user accounts description and security
|
are assigned to individuals requiring access to information technology resources. Reviews of account activity are necessary to determine the existence of inactive accounts. Those accounts found to be inactive due to the departure of an individual from the organization should be removed from the system. Accounts that are inactive due to extended leave or temporary duties should be disabled. Ideally, individuals or their supervisors would promptly report temporary or permanent departures of system users to the appropriate system or security administrator. However, this does not always occur, so the security practitioner must be vigilant in conducting periodic reviews of accounts for inactivity.
|
|
|
explain Resource Protection
|
Systems are comprised of a variety of resources. The principal resources available are facilities, network devices, software, data, and information. Facilities provide services for the entire network. Network devices enable the processing, distribution, and storage of data and information. The security practitioner seeks to ensure that all security services are properly employed, from the facility all the way down to individual data items. Each aforementioned resource is considered a special class that requires varying degrees of physical and logical security.
|
|
|
note
Facilities considerations Facilities require appropriate systems and controls to sustain the IT operation environment. Various utilities and systems are necessary to support operations and provide continuous protection. Fire detection and suppression systems are necessary for resource protection and worker safety. Heating, ventilation, and air conditioning systems provide appropriate temperature and humidity controls for user comfort and acceptable environmental operating ranges for equipment. Water and sewage systems are an integral part of any facility. IT systems cannot provide adequate availability without a reliable power supply and distribution system. Power should also be conditioned to remove spikes and fluctuations. Stable communications are a vital aspect of geographically distributed systems. Finally, an integrated facility access control and intrusion detection system forms the first line of defense regarding the IT operations security. |
Note
Hardware consideration System hardware requires appropriate physical security measures to maintain the desired confidentiality, integrity, and availability. Physical security measures should be implemented following the concept of least privilege. In this sense, individuals not authorized access to the equipment should be prevented from tampering with it. |
|
|
Note
Software consideration Original copies of licensed software must be controlled by the organization to prevent copyright infringement. Unscrupulous individuals within an organization may make illegal copies of software for their personal use. Security practitioners should assist their organizations in providing appropriate physical controls to prevent illegal duplication and distribution of licensed software. All software copies should be managed by the media librarian. Inventory scans of installed software should also be conducted by the organization to identify unauthorized installations or license violations. |
Note
Documentation consideration All documentation associated with a given system should be catalogued and controlled. Internal documentation regarding network design, vulnerabilities, proprietary methods, and source code requires special controls for hard and soft copies. Proprietary information in either softor hardcopy format requires the same level of physical and logical controls to prevent the unauthorized removal of the information from the organization's premises. Systems also require a copious number of management passwords for services, root accounts, and network devices, which are typically written down or saved to a file. These items should not reside on the network in an unencrypted file. Furthermore, access to the hard-copy documents containing these passwords should be limited to a minimum number of administrators. |
|
|
Note
Network Devices/Hardware •Should enforce the policy of least privilege •Servers should have restricted access with one or more access control mechanisms in place •Workstations should be restricted to only those individuals cleared to use them •Printers should be located near the individuals authorized to use them •Cables should be properly shielded and protected from tampering |
Note
Hardware •Should enforce the policy of least privilege, therefore users have no more access, than is necessary to perform task •Servers should have restricted access with one or more access control mechanisms in place •Workstations restricted to only individuals cleared to use them •Printers should be located near the individuals authorized to use them •Firewalls and IDSs positioned in such a way to provide adequate detection and response (if necessary) to potential intrusions •Cables properly shielded and protected from tampering •Wireless equipment should be properly secured to prevent eavesdropping |
|
|
Note
Software •Licensed software must be controlled by the organization to prevent copyright infringement •Operating systems must be patched and hardened to prevent compromise •Software must not allow access to data that circumvents physical access controls •Password files must be protected from compromise •Licensed software must be controlled by the organization to prevent copyright infringement •Operating systems must be patched and hardened to prevent compromise •Software must not allow access to data that circumvents physical access controls •Password files must be protected from compromise |
Note
Documentation •All documentation should have some form of controlled access •Internal network diagrams, phone lists, source code, backup/recovery procedures, or any other sensitive information should be protected •Printed documentation should have physical access controls in place to prevent theft •Digital documentation should be encrypted and have logical access controls in place •All documentation should have some form of controlled access •Internal network diagrams, phone lists, source code, backup/recovery procedures, or any other sensitive information should be protected •Printed documentation should have physical access controls in place to prevent theft •Digital documentation should be encrypted and have logical access controls in place |
|
|
Note
Threats to Operations Operations can be impacted by a variety of threat agents. These threats are caused by individuals and environmental factors. A security practitioner that is aware of the threat agents affecting the system will be more prepared to propose or implement controls to mitigate or limit the potential damage. |
note
example of Threats to Operations •Disclosure •Destruction •Interruption/Non Availability •Corruption/Modification •Theft •Espionage •Hackers / Crackers •Malicious Code |
|
|
Note
Clipping Level: admin can set operating parameters that allows a certain number of failed logon attempts to happen before a user is locked out |
Note
Disclosure: unauthorized release of information Destruction: malicious, unintentional, and uncontrollable damages Interruption / Non Availability: failure of equipment, services, and operational procedures Corruption / Modification: environmental factors and acts of individuals can cause damage to system sand data Theft: data and equipment can be stolen Espionage: lack of controls can result in a competitive disadvantage or even failure of the organization Hackers/Crackers: •Hackers are technology enthusiast with no malicious intent •Crackers are malicious users intent on waging an attack against a person or system; motivated by greed, power, or recognition Malicious Code: programs designed to steal information or cause damage to system operations |
|
|
Note Control Types
•Preventative •Detective •Corrective •Directive •Recovery •Deterrent •Compensating |
Note
Preventative: protect systems from intention or accidental compromise by denying unauthorized access – locks, encryption, access control lists |
|
|
note
Detective: identify an attack, reacts to changes that deviate from a normal or accepted pattern – IDS, vulnerability scans, audit logs |
note
Directive: policies, procedures, guidelines, and agreements are example – administrative items that should have consequences if they are not followed |
|
|
Note
Corrective: reacts to detected events by rectifying the violation and preventing its reoccurrence – rollback mechanisms and awareness training are examples |
Note
Compensating: augment or supplements existing control to address risk |
|
|
Note
Recovery: processes used to return the system to a secure state after a security event – backups and redundant systems |
Note
Deterrent: a control that causes an attacker or violator to reconsider actions – video cameras, IDS, auditing, penalties for misuse |
|
|
Note
Control Methods •Separation of Responsibilities •Principle of Least Privilege (POLP) •Job Rotation •Need to Know •Security Audits and Reviews •Supervision •IO Controls •Antivirus Management |
Note
Separation of Duties: prevents a single individual from performing necessary steps requires to compromise security. Requires two or more people to perform a specific function Used to ensure that one person cannot act alone to compromise security Protects against collusion, an occurrence of negative activity by two or more individuals acting act together for fraud, theft, etc.The goal is to make it difficult to perform and/or hide fraudulent activities Organizations should have a complete list of roles with associated responsibilities Split knowledge and/or two-person controls reinforce separation of duties in the administration of a network |
|
|
Least Privilege:
users are given the minimum access necessary to perform their jobs The principle of least privilege will ensure that individuals know only that information required to do their assigned tasks |
Job Rotation:
prevents fraud (also mandatory vacations) |
|
|
Need to Know:
can prevent unauthorized disclosure or espionage |
Security Audits and Reviews:
typically performed by a third party, sometimes penetration tests •Internal: performed by someone without management responsibility for the system •External: outside entities perform the review •Clipping levels: baselines/thresholds |
|
|
Supervision:
can involve audit logs, screenshots, network activity |
Input/Output Controls:
input involve time stamps, authentication, and logging for accountability and validation. Output involves things like coversheets, etc… |
|
|
Note
Antivirus Management: requires continual updates and scheduled scanning |
Note
Media Types and Protection Methods •Soft-Copy •Hard-Copy •Secure Transportation •Secure Transmission •Secure Backups |
|
|
Note
•Soft-copy – magnetic, optical, and solid state media •Hard-copy – paper, fiche •Secure transportation involves the physical security necessary to protect information as well as logical protection (encryption) to ensure data is not compromised. •Secure transmission may involve dedicated leased lines and/or crypto. •Secure backups use encryption to ensure data is not available to a thief. |
note example of Object Reuse
•Degaussing •Overwrite Software •Media Destruction |
|
|
Note
Degaussing: involves using a magnetic field to wipe information on storage media such as hard disks. The coercivity level refers to the amount of energy required to wipe a disk. This energy level is often measured in Oersteds (Oe) |
note
Overwrite software: writes 0s and 1s to a disk repeatedly so as to make the original date unreadable. Examples include the DoD seven-pass wipe and the Gutmann 35-pass wipe. |
|
|
note
Media destruction: policies and procedures should be in place to handle the destruction of media after it has reached the end of its lifecycle. |
note
Purging = making data unrecoverable |
|
|
note
Zeroization = overwriting |
note
Degauzing = magnetic scrambling |
|
|
note
Destruction = burning, shredding, crushing |
note
Erasing = performing delete operation against a file |
|
|
note
Clearing = overwriting |
note
Sanitization = purging or degaussing |
|
|
note
Data remanence = residual data that is recoverable |
note
Sensitive Media Handling •Marking: all storage media should have a physical label identifying the sensitivity of the information contained within it •Handling: only designated personnel should have access to sensitive media. Policies and procedures should dictate who handles what media and those individuals should be required to undergo training in the proper use of said media. •Storing: all sensitive media should be protected by the proper physical access controls. •Destruction: policies and procedures should be in place dictating appropriate measure to take when destroying sensitive media. Records of all destruction should be kept. •Declassification: ensures that excessive control measures are not used for media that has had its sensitivity label downgraded. |
|
|
Note
Antivirus Management: requires continual updates and scheduled scanning |
Note
Media Types and Protection Methods •Soft-Copy •Hard-Copy •Secure Transportation •Secure Transmission •Secure Backups |
|
|
Note
•Soft-copy – magnetic, optical, and solid state media •Hard-copy – paper, fiche •Secure transportation involves the physical security necessary to protect information as well as logical protection (encryption) to ensure data is not compromised. •Secure transmission may involve dedicated leased lines and/or crypto. •Secure backups use encryption to ensure data is not available to a thief. |
note example of Object Reuse
•Degaussing •Overwrite Software •Media Destruction |
|
|
Note
Degaussing: involves using a magnetic field to wipe information on storage media such as hard disks. The coercivity level refers to the amount of energy required to wipe a disk. This energy level is often measured in Oersteds (Oe) |
note
Overwrite software: writes 0s and 1s to a disk repeatedly so as to make the original date unreadable. Examples include the DoD seven-pass wipe and the Gutmann 35-pass wipe. |
|
|
note
Media destruction: policies and procedures should be in place to handle the destruction of media after it has reached the end of its lifecycle. |
note
Purging = making data unrecoverable |
|
|
note
Zeroization = overwriting |
note
Degauzing = magnetic scrambling |
|
|
note
Destruction = burning, shredding, crushing |
note
Erasing = performing delete operation against a file |
|
|
note
Clearing = overwriting |
note
Sanitization = purging or degaussing |
|
|
note
Data remanence = residual data that is recoverable |
note
Sensitive Media Handling •Marking: all storage media should have a physical label identifying the sensitivity of the information contained within it •Handling: only designated personnel should have access to sensitive media. Policies and procedures should dictate who handles what media and those individuals should be required to undergo training in the proper use of said media. •Storing: all sensitive media should be protected by the proper physical access controls. •Destruction: policies and procedures should be in place dictating appropriate measure to take when destroying sensitive media. Records of all destruction should be kept. •Declassification: ensures that excessive control measures are not used for media that has had its sensitivity label downgraded. |
|
|
physical facilities necessary to support the organization:
•Utilities •HVAC •Fire Detection and Suppression •Facility Access Control and Intrusion Detection |
Note
Note HVAC: provide appropriate temperature and humidity controls for user comfort and acceptable environmental operating ranges for equipment •Temperature : 60 to 75 °F (15 to 23 °C) •Humidity level: 40 to 60 % |
|
|
Note
Utilities: necessary to support operations and provide continuous protection; power should be conditioned to remove spikes and fluctuations |
Note
Fire Detection/Suppression: necessary for resource protection and worker safety |
|
|
Note
Facility Access Control and Intrusion Detection: forms the first line of defense regarding IT security |
Note
Media Management: •Tracking •Effectively implementing access controls •Tracking number and location of backup versions •Documenting the history of changes to media •Ensuring environmental conditions do not endanger media •Ensuring media integrity •Inventorying media on a scheduled basis •Carrying out secure disposal activities •Internal and external labeling |
|
|
Note
Media Handling •Misuse Prevention –Prevent fraud or theft –Prevent execution of unauthorized code from portable media –Data leakage •Record Retention –Backups –archives •Data leaks (breaches) most common cause is lack of discipline among employees •Most common forms of negligent data breaches occur to the inappropriate removal of information •Data breaches also occur by the negligent use of technology such as reassigning some type of media that has not been properly purged. |
Note
Continuity of Operations •Fault Tolerance •Software •Hardware •Communications •Facilities •Data Protection –RAID –Backups |
|
|
define Raid 0
|
Description: Striping
Strengths: Highest performance Weaknesses: No redundancy; 1 fail = all fail |
|
|
define Raid 1
|
Description:Mirroring
Strengths:Duplicates data on other disks Weaknesses:Expensive; double cost of storage |
|
|
define Raid 10
|
Description:Striping and Mirroring
Strengths:Highest performance, highest data protection (can tolerate multiple drive failures) Weaknesses:Expensive; double cost of storage |
|
|
define Raid 3/4
|
Description:Striped with dedicated parity
Strengths:Excellent performance; fault tolerance Weaknesses:Write requests suffer from same single parity-drive |
|
|
define Raid 5
|
Description:Block-level striping with distributed parity
Strengths: Best cost/performance for networks; high performance; high data protection Weaknesses: Write performance is slower than RAID 0 or RAID 1 |
|
|
The most popular RAID is.
|
RAID 5
|
|
|
Note
All of the RAID levels from RAID 3 to RAID 7 use parity. |
Note
RAID 0: writes files across multiple drives at once (striping). Provides no fault tolerance, but does provide increased performance for data read and writes. |
|
|
RAID 1: mirroring – duplicates all data from one disk to another. Provides redundancy for data and, optionally, for RAID controllers. Disk reads can also be improved with RAID 1 arrays.
|
RAID 5: stripes data and parity information across multiple drives, offering both performance and redundancy.
|
|
|
Note
RAID Level 7: enables the drive array to continue to operate if any disk or any path to any disk fails, because it adds caching. RAID 7 is based on concepts used in RAID levels 3 and 4, but adds caching. RAID 7 isn't an open industry standard; it is really a trademarked marketing term of Storage Computer Corporation used to describe their proprietary RAID design. |
Note
RAID 10: a combination of RAID 0 and RAID 1, sometimes called RAID 1+0 or RAID 0+1 |
|
|
Note
Backups •Full –Archive bit cleared (set to 0 after backup) –If the file is changed or created, then set to 1 •Incremental –Backs up changes since last incremental •Differential –Backs up since last full |
Electronic Vaulting
–Can be used as a mirror or backup mechanism –Real time or delayed |
|
|
Remote Journaling
–Provides redundancy for transactions |
Note
Electronic Vaulting: backing up system data over a network, usually to a separate geographical location. This is known as the vault site. |
|
|
Remote Journaling: the DBMS duplicates the journal entry to a remote location.
|
Note
Note Problem Management •System component failure •Power failure •Telecommunications failure •Physical break-in •Tampering •Production delay •Input/output errors •The process of responding to events forms the basis of process management |
|
|
Note
System Recovery •Application restart •Warm reboot •Cold reboot •Emergency restart •The process of responding to events forms the basis of process management |
Note
Intrusion Detection System •Real time or near real time monitoring •Three types: –Host based –Network based –Misuse detection •Hybrid model that looks for violations of policy •The process of responding to events forms the basis of process management |
|
|
Vulnerability Scanning
•Conducted against network, host system, and application resources •Identify policy and security configuration vulnerabilities •The process of responding to events forms the basis of process management |
Note
Configuration Management •Make •Model •MAC address •Serial •OS / firmware version •Location •BIOS password •IP address •Bar code/label |
|
|
Configuration Management Documentation
•Should be protected from casual observers to prevent password theft and to help prevent potential attackers from gaining information that might be useful in an attack. •Proper configuration management ensures that all hardware and software in an organization are tracked and helps to identify potential security problems. |
note
Change Control/Management •Configuration/change management controls provide a process by which all system changes are tracked, audited, controlled, identified, and approved. •Requires rigorous testing prior to being deployed in a production environment •Requires documentation and allows for training of users |
|
|
Note
Change Control Process •Changes are always controlled •Formalized testing process •Ability to reverse changes •Users informed of impending changes •Change effects are analyzed •Minimizes negative impact of changes Change in a secure environment can introduce loopholes or oversights that can lead to new vulnerabilities. This is the reason patch management is critical; in order to protect information systems the patches must be tested prior to implementing them. They can cause problems in other areas. Ensure any change does not lead to reduced or compromised security, making it possible to roll back any change to a previous secured state. |
Note
Configuration of change management has several goals and requirements: •Implement changes in a monitored and orderly manner; changes are always controlled. •A formalized testing process is included to verify a change produces expected results. •All changes can be reversed •Users are informed of changes before they occur to prevent loss of productivity. •The effects of changes on capabilities, functionality, and performance is minimized. |
|
|
Note
Parallel run – process is performed simultaneously on each system to ensure the new system supports all functionality the old system supported or provided |
Note
Change Control •Requests •Impact Assessment •Approval / Disapproval •Build and test •Notification •Implementation •Validation •Documentation |
|
|
Note
Change Control: •Maintains system integrity through structured and control changes. •Change decisions should be made by a committee of people from many groups within the organization. •Proper steps should be taken to ensure that changes to a system do not lower its security |
Note
The ISCs recommendations for change control include the following: Request: formal request for a change are presented in writing Impact Assessment: impacts to operations are considered Approval/Disapproval: change requests are officially answered Build and Test: changes are tested on nonproduction equipment that may require a separate network and resources Notification: system users are notified of the change and when it will be deployed Implementation: when possible, changes are applied incrementally and monitored thoroughly Validation: changes to systems are reviewed and security scans are performed to ensure no unintended changes are made or that the security level of a system has been lowered Documentation: all changes are recorded, along with problems and/or solutions |
|
|
Note
Patch Management •Critical part of change control management involving security updates •The patch management process must be formal, documented, and done with management’s approval to provide the best possible strategy for change •The process of responding to events forms the basis of process management |
Note
1.Request for a change to take place 2.Approval of the change 3.Documentation of the change 4.Tested and presented 5.Implementation 6.Report change to management |
|
|
Define Operations security
|
pertains to everything that takes place to keep networks, computer systems, applications, and environments up and running in a secure and protected manner. It consists of ensuring that people, applications, and servers have the proper access privileges to only the resources they are entitled to and that oversight is implemented via monitoring, auditing, and reporting controls. Operations take place after the network is developed and implemented.
|
|
|
What is the job of the Control Group
|
Obtains and validates information obtained from analysts, administrators, and users and passes it on to various user groups.
|
|
|
What is the job of the Systems Analyst
|
Designs data flow of systems based on operational and user requirements.
|
|
|
What is the job of the Application Programmer
|
Develops and maintains production software.
|
|
|
What is the job of the Help Desk/Support
|
Resolves end-user and system technical or operations problems.
|
|
|
What is the job of the IT Engineer
|
Performs the day-to-day operational duties on systems and applications.
|
|
|
What is the job of the Database Administrator
|
Creates new database tables and manages the database.
|
|
|
What is the job of the Network Administrator
|
Installs and maintains the LAN/WAN environment.
|
|
|
What is the job of the Security Administrator
|
Defines, configures, and maintains the security mechanisms protecting the organization.
|
|
|
What is the job of the Tape Librarian
|
Receives, records, releases, and protects system and application files backed up on media such as tapes or disks.
|
|
|
What is the job of the Quality Assurance
|
Can consist of both Quality Assurance (QA) and Quality Control(QC). QA ensures that activities meet the prescribed standards regarding supporting documentation and nomenclature. QC ensures that the activities, services, equipment, and personnel operate within the accepted standards.
|
|
|
What is Least privilege
|
means an individual should have just enough permissions and rights to fulfill his role in the company and no more.
|
|
|
What is job rotation
|
means that, over time, more than one person fulfills the tasks of one position within the company. This enables the company to have more than one person who understands the tasks and responsibilities of a specific job title, which provides backup and redundancy if a person leaves the company or is absent. Job rotation also helps identify fraudulent activities, and therefore can be considered a detective type of control.
|
|
|
What are Mandatory vacations
|
another type of administrative control, though the name may sound a bit odd at first. used to discover fraud
|
|
|
What is clipping level
|
The threshold for violation activities that may be normal for a user to commit before alarms are raised. The goal of using clipping levels, auditing, and monitoring is to discover problems before major damage occurs and, at times, to be alerted if a possible attack is underway within the network.
|
|
|
What is Life-cycle assurance give examples
|
pertains to how the product was developed and maintained. Each stage of the product’s life cycle has standards and expectations it must fulfill before it can be deemed a highly trusted product. Examples of life-cycle assurance standards are
• design specifications, • clipping-level configurations, • unit and integration testing, • configuration management • trusted distribution. |
|
|
What is Operational assurance give examples
|
concentrates on the product’s architecture, embedded features, and functionality that enable a customer to continually obtain the necessary level of protection when using the product. Examples of operational assurances examined in the evaluation process are
• access control mechanisms, • separation of privileged • user program code, • auditing and monitoring capabilities, • covert channel analysis, • trusted recovery when the product experiences unexpected circumstances. |
|
|
What is Event management
|
means that a product is being used to collect various logs throughout the network. The product identifies patterns and
potentially malicious activities that a human would most likely miss because of the amount of data in the various logs. |
|
|
What is Trusted Recovery
|
When an operating system or application crashes or freezes, it should not put the system in any type of insecure state. The usual reason for a system crash in the first place is that it encountered something it perceived as insecure or did not understand and decided
it was safer to freeze, shut down, or reboot than to perform the current activity. |
|
|
An operating system’s response to a type of failure can be classified as one of the following
|
• System reboot
• Emergency system restart • System cold start |
|
|
What is a system reboot
|
takes place after the system shuts itself down in a controlled manner in response to a kernel (trusted computing base) failure. If the system finds inconsistent object data structures or if there is not enough space in some critical tables, a system reboot may take place.
|
|
|
What is An emergency system restart
|
takes place after a system failure happens in an uncontrolled manner. This could be a kernel or media failure caused by lower-privileged user processes attempting to access memory segments that are restricted.
|
|
|
What is A system cold start
|
takes place when an unexpected kernel or media failure happens and the regular recovery procedure cannot recover the system to a more consistent state. The system, kernel, and user objects may remain in an inconsistent state while the system attempts to recover itself, and intervention may be required by the user or administrator to restore the system.
|
|
|
What are Locked down systems are referred to as
|
bastion hosts
|
|
|
In common criteria three hierarchical recovery types
|
- Manual recovery
- Automated recovery - Automated recovery without undue Loss |
