• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/45

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

45 Cards in this Set

  • Front
  • Back

What is RAND R-609

Written by William H. Ware, it attempted to define the multiple controls and mechanisms necessary for protection of a computerized data processing system

What is CIA? What does each word mean?

Confidentiality – protected from disclosure to unauthorized individuals




Integrity – Describes how data is whole, complete, and uncorrupted




Availability – Data is accessible and correctly formatted for use without obstruction

Who invented the Internet?

Dr. Larry Roberts

Is technological obsolesce good or bad in regard to security? Why/Why Not?

When new products come out making old products obsolete. Like blackberries getting replaced by other Smartphones. Or house phone replaced by cellphone.




Can have people make up laptops with different chargers, so reusing tech is lower, meaning more spending and waste of utility and resources

Password Strength: Length or Complexity is better? What is the formula for possible passwords.

different combinations = number of possible characters ^password length




Longer is better

What is the difference between phishing and pharming?

Phishing - defrauding an online account holder of financial information by posing as a legitimate company.




Pharming - directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.

Computer Fraud and Abuse Act of 1986

Made hacking “illegal”; cornerstone to many computer-related federal laws

USA PATRIOT ACT of 2001

Allowed the Government the ability to monitor activity when investigating terrorism

Computer Security Act of 1987

Requires systems to have acceptable security practices

Health Insurance Portability and Accountability Act

Mandates industry-wide standards for health care information on electronic billing

Sarbanes–Oxley Act of 2002

Established accountability for executives at publicly traded companies

Children’s Internet Protection Act

Requires K-12 schools and libraries to use Internet filters



Calculating Risk

(Likelyhood % * Attack Success %)




*


(Asset Value * Probably Loss %)




+


Uncertainty

Learn the OSI Model

Physical, Data Link, Network, Transmission, Session, Presentation, Application

Cost Benefit Analysis (CBA)

ALE(prior) – ALE(post) – Annualized Cost of Safeguard(ACS)

Annualized Loss Expectancy (ALE)

SLE * Annual Rate of Occurrence (ARO)

Single Loss Expectancy (SLE)

Exposure Factor (EF) * Asset Value (AV)

How does Kerberos work?

1) Computer lets Kerberos know that its a PC




2) Kerberos acknowledges it




3) Computer asks for a ticket




4) kerberos grants ticket




5) computer tries to use ticket




6) kerberos checks to see that the ticket is good




7) server takes out the document/performs task




8) server checks with kerberos that the actions were done right




9) Kerberos acknowledges




10) process granted back to the computer

The difference between identification,authentication, authorization, andaccountability

Identification - when a user claims to have some form of identity




Authentification - provides a way of identifying a user via name or password




Authorization - after logging in the user may try to issue commands. authorization determines whether you have the ability to issue commands.




Accountability - Logs the user's actions to make sure they didnt use too many resources that they don't have

What is the purpose of NAT? (Not what does itdo, why?)

Think of a receptionist at an office. NAT operated on a router, usually connecting two networks together, and translates the private addresses in the internal network into legal address.

What are some examples of Firewalls? How dothey work?

Can be software or hardware




Hardware can be a dedicated server designed to catch weird OP connections and time them out.




Software is the piece that regulates which websites you can access and what can reach you on your PC online.

What does Lightweight Directory AccessProtocol (LDAP) do?

directory service protocol that runs on a layer above IT stack. provides a mechanism used to connect to internet.

What are honeypots and how do padded cellsystems utilize them?

Honeypot - is a deception trap designed to entice an attacker into attempting to compromise the information. Dummy info.




Padded Cells are honeypots that are hard to crack. Hardened Honey Pot



What is Snort an example of?

Snort is a free and open source network intrusion prevention system

What vulnerability does the DROWN attack exploit?

cross-protocol security bug that attacks servers supporting modern protocol suites making them obsolete.




Drowning a security guard. If they control security you snuff them out

Be able to translate using the Vigenère and XORCiphers

Viginere: Make a graph, with ABC going X and Y. In the center write out the alphabet in the center.




use key under the code.:




Codecodecodecode


keykeykeykeykeyke




and top line is code. left is key. find middle letter that crosses the x and y and use that. repeat






XoR. Take your phrase as number. Place key under it. Add them up.




If its 1 + 1 = 0




if its 0 + 0 = 0




if its 1 and 0 = 1




If its same its 0. if its different its a 1


done

What is a shifting substitution cipher?

if the number is 3 then:




ABCDEFGHI


XYZABCDEF




scoots the number over a bit by the given number

What is DES based off? What is DES’s successor?

Data Encryption Sandbar. gotten at IBM. alhorith at National Bureau of Standards.




Replaced by AES (advanced Encryption Standard)

What is the difference between brute-force,dictionary, and rainbow table attacks?

Brute Force - try all the possible combinations




Dictionary - guessing attack using precompiled list of options, using options that are likely to work




Rainbow - optimized for hashes and passwords with great space optimization while maintaining look-up speed. In essence a specific dictionary

Why is WEP considered less effective than WPA?

WEP uses statick IP





What is steganography?

practice of concealing messages or information within other nonsecret text of data

What fire extinguisher classes should be in the event ofan electrical fire? Flammable liquid/gas?

Dry Powder against Flamable liquid / gas




Probably same for electrical fire

What is are the different classes and their mnemonic? (When covering Fire Extinguishers)

A - Ash


B - Barrel


C - Current


D - Dynamite


K - Kitchen



What is the importance of UPS?

making sure power doesnt go out completely destroying the machine or the files in it

Janitors are often required to have access tosensitive areas, what policies/procedures can beused to ensure safety of information?

track their cards and make them a different identification than most

What are the different types of locks? How doeseach one differ?

electro magnetic - accepts variety of input as keys




fail safe- auto releases when power goes out




mechanical - physical lock that requires a key




fail secure - locks when power goes out

What is change culture? What is the LewinChange Model?

unlock the system. change the components. lock it down so no editing can happen

What are deliverables? Milestones

deliverable is a tangible outcome of a project




milestone is the expected milestone

Why are job rotation, separation of duties, andleast privilege considered good securitypractices?

evereyone can do a bit of everything. not give one person all the power. provides split responsibility rather than relying on one person

Be able to explain why Misha Glenny says “Hirethe hackers” (specifically why he says it

because hackers know how to break things, so use that knowledge in terms of how to fix the breaks

Be able to explain the different steps ofemployment (from interview to termination)

-job description


-interview


-background checks


-contracts


-orientation


-on-site security trininig


-termination


---exit interviews


--hostile vs friendly department

What is SQL Injection? How did you extract passwords from thedatabase?Could you do it again? (Hint hint)

injecting different commands to extract information from a file that uses SQL injection

What is the HOSTS file for?

allows you to define domain names from DNS servers. IP is the number. domain name is the site name



What are the different types of account policy controls that can beapplied to passwords?

age max and min


history


length


complexity


how long it lasts


lock out time


lock out period

Difference between telnet and SSH? Remote desktop?

Telnet is unencrypted text only connection to a remote computer using command shell




SSH is encrypted cousin of Telnet




Remote Desktop is an encrypted connection to a Windows machine that allows you to run the full Windows interface remotely