Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
121 Cards in this Set
- Front
- Back
|
RAM and ROM with regards to loss of power
|
RAM loses integrity with loss of power, ROM does not.
|
|
|
Reference Monitor
|
OS - Mediates all access between subjects and objects
|
|
|
TCSEC
|
Trusted Computer System Evaluation Criteria (a.k.a. - the Orange Book)
Addresses Confidentiality, but not Integrity. |
|
|
What is the name for the security relevant portions of a computer system
|
Trusted Computing Base (TCB)
|
|
|
Virtualization
|
An interface between computer hardware and the operating system, allowing multiple guest operating systems to run on one host computer.
|
|
|
What is the basic goal of Security Architecture and Design?
|
Looks at logical hardware, operating system and software security components, and how they contribute to a secure computer system.
|
|
|
What are the 3 domains of Security Architecture and Design?
|
Part 1: Hardware and software
Part 2: Logical models required to keep the system secure. Part 3: Evaluation models that quantify how secure the system is. |
|
|
Layering
|
The separation of hardware and software into modular tiers.
When you change a drive out on a system, it has no affect on MS Word. |
|
|
IDE
|
Integrated Drive Electronics
|
|
|
SCSI
|
Small Computer System Interface
|
|
|
Generic List of 4 Security Architecture layers.
|
1) Hardware
2) Kernel and device drivers 3) Operating System 4) Applications |
|
|
Abstraction
|
Hides unnecessary details from the user. When a user presses play on MP3, music comes out (even though there are millions of calculations going on in the background).
|
|
|
Security Domain
|
A list of objects a subject is allowed to access.
|
|
|
What is the Ring Model?
|
A form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode). The innermost ring is most trusted, the outermost ring is less trusted.
|
|
|
What are the two domains of a kernel, and what are their basic meanings?
|
1) Kernel Mode (aka Supervisor mode) - the most trusted and powerful part of the system.
2) User Mode - Where user accounts and their processes live. |
|
|
System calls
|
The method that processes communicate with the kernel in hardware layering.
|
|
|
What is ring 0 in hardware layering?
|
Kernel
|
|
|
Hypervisor mode
|
Informally called ring 1... allows virtual guests to operate in ring 0.
|
|
|
Open vs. Closed Systems
|
An open system (such as an IBM compatible PC) uses various venor components. A closed system uses proprietary hardware or software.
|
|
|
PCI (with regards to a computer system)
|
Peripheral Component Interconnect slots. A keyboard would be an example.
|
|
|
Computer Bus
|
The primary communication channel on the computer.
|
|
|
What are the Northbridge and Southbridge and what are the other names they are called by?
|
Two different buses on some computers.
1) Northbridge (Memory Controller Hub) - Connects CPU to RAM and video memory. 2) Southbridge (I/O Controller Hub) - Connects input/output devices (keyboard, mouse, ports, etc.). |
|
|
Arithmetic Logic Unit
|
ALU - Performs mathematical equations.
|
|
|
Fetch and Execute
|
Also called Fetch, Decode, Execute (FDX) - The process of the computer getting the information, analyzing it , performing the computation and then saving it.
|
|
|
Pipelining
|
Allows a computer to perform several actions at one time.
|
|
|
Interrupts
|
When an asynchronous event occurs which stops the processing. The computer goes to the next task, and then goes back to complete the one with the interrupt.
|
|
|
Processes and Threads
|
A process is an executable program with it's data running in memory. If it is heavy weight, it may be called a task.
A thread is typically a child of a process. |
|
|
What is a zombie process?
|
A child process whose parent has been terminated.
|
|
|
Watchdog Timers
|
An internal timer which counts down while critical processes are running. It is often reset when all is normal, but if it does reach zero, then the PC reboots.
|
|
|
CISC and RISC
|
CISC - Complex Instruction Set Computer
RISK - Reduced Instruction Set Computer Two different ways to design a CPU (CISC is more complicated) |
|
|
Different types of memory
|
1) RAM
2) ROM 3) Real Memory (includes RAM) 4) Secondary Memory (includes disk based memory). 5) Cache - Fastest and most expensive memory |
|
|
What is a cold boot attack?
|
When a PC is cold booted, the PC retains small bits of RAM for minutes after, and therefore encryption keys can be stolen.
|
|
|
What is the difference between DRAM and SRAM
|
DRAM (Dynamic Random Access Memory) has to refresh frequently and is slower.
SRAM (Static Random Access Memory) does not require refreshing and therefore is faster and more expensive. |
|
|
Name 4 common memory addressing modes, and explain the basics of memory addressing.
|
1) Direct
2) Indirect 3) Register Direct 4) Register Indirect PC may tell your info to store here (direct), or it may tell it to go there, only to be sent somewhere else (indirect) . |
|
|
Why is memory protection necessary.
|
Prevents one process from affecting the CIA of another process from a multitask or another user logged into the system.
|
|
|
What are 3 types of memory protection?
|
1) Process isolation
2) Hardware segmentation 3) Virtual memory |
|
|
What is relationship between virtual memory and swapping?
|
Virtual memory allows swapping, but also does other things.
|
|
|
Swapping
|
Uses virtual memory to copy info from primary memory to secondary memory. Storage is typically on a partitioned portion of the disk.
|
|
|
How is swapping different from paging?
|
Paging copies a block of memory, while swapping copies an entire process.
|
|
|
What is thrashing?
|
When the computer runs out of RAM and virtual memory and begins moving active processes. This will hang the system.
|
|
|
PROM, EPROM and EEPROM
|
Storage of firmware within ROM
PROM - Programmable Read Only Memory EPROM - Erasable Programmable Read Only Memory EEPROM - Electrically Erasable Programmable Read Only Memory |
|
|
PLD
|
Programmable Logic Device - A field programmable device such as a flash drive.
|
|
|
Flash Memory
|
A type of EEPROM - Does not use a disk for storage, and therefore is impervious to degaussing.
|
|
|
BIOS
|
Basic Input Output System - It loads first when the PC is started up, followed by the operating system
|
|
|
WORM Storage
|
Write Once Read Many
Most common types are CD-R and DVD-R. |
|
|
Monolithic Kernel
|
Compiled into one static executable and the entire kernel runs in supervisor mode. Would require a reboot to recompile kernel for newly inserted devices.
|
|
|
Microkernels
|
Modular. An example would be a small kernel that loads and is able to run a newly inserted drive.
|
|
|
Reference Monitor
|
A part of the kernel that mediates access between subjects and objects.
|
|
|
What are file permissions?
|
Levels of permission that control access to files. Examples include Read, Write, Execute. Full, etc.
|
|
|
Two basic virtualization types and their meanings.
|
Transparent Virtualization (sometimes called full virtualization) runs the operating system.
Paravirtualization runs specially modified operating systems. |
|
|
What are a few benefits of virtualization?
|
1) Lower hardware costs
2) Hardware consolidation 3) Lower power and cooling needs |
|
|
What is the enemy of security?
|
Complexity
|
|
|
What is one thing that can cause issues with virtualization security?
|
Complexity of the software
|
|
|
Diskless workstation
|
Could be a thin client, router, etc.
Contains CPU, memory and firmware, but no hard drive. |
|
|
Emanations
|
Energy that escape an electronic system (such as electromagnetic).
Can pose a security risk if the emanations can be read just like you were reading the device. |
|
|
Covert Channels
|
Any communication that violates the security policy. The opposite is an Overt Channel.
|
|
|
Covert Storage Channels
|
Communication that involves saving data or portions of data on a shared disk for the purpose of communicating illegally.
|
|
|
Covert Timing Channels
|
Inferring information based on the timing of events. Such as determining which are good and which are bad usernames based on delay in error message.
|
|
|
Buffer Overflows
|
You must account for information over what you need. If you need 20 characters and the user types in 50 characters, what happens to the remaining 30? Also referred to as Bounds Checking.
|
|
|
TOCTOU - What is another name for it and what is it?
|
Time of Check/Time of Use (also called Race Conditions)
An attacker can attempt to alter a condition after it has been check by the OS, but before it is used. |
|
|
Backdoors
|
A way to subnavigate a way into the system which bypasses security checks.
|
|
|
Maintenance Hooks
|
Programmed backdoors that allow programmers to circumvent security checks while programming. Can be a security risk if left in production.
|
|
|
Malware
|
Malicious Code
|
|
|
Viruses
|
Malware that does not spread automatically. They have to have a carrier.
|
|
|
5 Types of Viruses
|
1) Macro Virus - Written in macro language such as Microsoft Office.
2) Boot Sector Virus - Starts on system startup 3) Stealth Virus - Hides itself from the OS and antivirus software. 4) Polymorphic Virus - Changes it's signature after it infects a system. 5) Multipartite Virus - Spreads via multiple vectors. |
|
|
Worms
|
Spread automatically across a system or network.
|
|
|
Trojan
|
Malware that performs two functions (one benign and one malicious).
|
|
|
Rootkit
|
Malware that replaces portions of the kernel and/or OS.
|
|
|
Packer
|
Compresses part of good executables and prepends malware to run before or during run of the exe.
|
|
|
Logic Bombs
|
If then statements that trigger the malware after a logical condition is met (e.g. a certain number of conditions is met, a specific date is reached (Time Bomb). Malware such as worms often contain logic bombs.
|
|
|
Two types of anti-virus software
|
Signature Based - Looks for known signatures of malware.
Heuristic Based - Looks for behavioral characteristics of malware |
|
|
What is the difference between Server-Side Attacks and Service-Side Attacks?
|
They are the same. Service-Side attacks is just a name that more accurately reflects the attack affecting either a server or a PC.
|
|
|
Server Side Attack
|
Exploit vulnerabilities in installed services.
|
|
|
Cient-Side Attacks
|
Comes from a user downloading malware from the attacker.
|
|
|
Web Application Attacks
|
Hack into good code on the web such as through PHP code to install backdoors, etc.
|
|
|
XML
|
Extensible Markup Language - A standard way to encode documents and data.
|
|
|
SAML
|
Security Assertion Markup Language
A way to exchange secure information (such as authentication info) via XML |
|
|
Applet
|
Small pieces of mobile code that are embedded in other software (such as a web browser)
|
|
|
Java
|
Used both to write beneficial code and malware. Java applets run in the sandbox.
|
|
|
Sandbox
|
A self contained environment that does not rely on the OS
|
|
|
ActiveX
|
Functional equivalents of Java, but is specific to Microsoft. They are more closely tied to the OS than Java
|
|
|
How can a USB spread malware in a network?
|
When it is installed into a connected PC, it can run an autorun that spreads the malware.
|
|
|
What are some technical controls to protect a system against a USB malware?
|
1) Disable "autorun" from the OS.
2) Require authentication 3) Verification of signatures |
|
|
Polyinstantiation
|
Allows two different objects to have the same name. In a database, this would mean that two rows would have the same primary key, but different data.
|
|
|
Inference
|
Uses information from lower levels to infer information at a higher level (Pentagon Pizza Inference - Dessert Storm)
|
|
|
Aggregation
|
A mathematical process that helps with Inference. It is different b/c you ask every possible question, and therefore you are relying more on odds than assumption.
|
|
|
Data Mining
|
Searches large amounts of data to determine patterns that would otherwise be lost in the noise.
|
|
|
How might an insurance company use data mining?
|
Look for purchases of alcohol and tobacco and deny coverage to those individuals.
|
|
|
Bell-LaPudula Model
|
A Mandatory Access Control model that utilizes Reading Down and Writing Up. Utilizes Simple Security (low level clearance) and * Security Properties (high level clearance). Focused on the confidentiality of objects.
|
|
|
How is Reading Down and Writing Up related to Confidentiality and Integrity
|
It promotes Confidentiality and can hurt Integrity
|
|
|
Writing Down
|
Typically not done. You cannot send an email from a * Security to a group of Simple Security users.
|
|
|
State Machine Model
|
A mathematical model which looks at all possible system occurrences of a machine (States) and determines if they are secure or not.
|
|
|
Strong and Weak Tranquility Property
|
Part of the Bell-LaPadula access control model. Strong Tranquility states that security labels will not change while the system is operating. Weak tranquility says that labels will not change in a way that conflicts with defined security properties.
|
|
|
Lattice-Based Access Controls
|
Security controls for complex environments. Subjects are assigned a Least Upper Bound (LUB) and a Greatest Lower Bound (GLB) for the objects.
|
|
|
Biba Model
|
Puts the highest priority on Integrity. Has a Simple Integrity Axiom which has "no read down". Also has a * Integrity Axiom which is "no write up". Biba is the exact opposite of Bell LaPadula.
|
|
|
Clark-Wilson
|
Handles data integrity by ensuring that objects are only accessed via applications. The applications effectively limit use of data.
|
|
|
Clark-Wilson two parts
|
1) Well-Formed Transactions - The control that the Clark-Wilson has over applications (to control objects).
2) Separation of Duties |
|
|
Information Flow Model
|
Describes how information flows in a secure system.
|
|
|
Chinese Wall Model
|
Prevents users (especially consultants) from accessing objects with competing categories of interest.
|
|
|
Which model keeps data within one domain separate from another domain.
|
Noninterference model. It helps prevent covert channels.
|
|
|
Take-Grant Protection Model
|
Has rules which govern how taking, granting, creating and removing is done with regard to objects.
|
|
|
Access Control Matrix
|
Lists users and their access permissions so that a system can reference the user permissions as needed.
|
|
|
Zachman Framework for Enterprise Architecture
|
Produces a matrix based on What, How, Where, Who, When and Why.
|
|
|
Graham-Denning Model (8 rules)
|
Uses 8 rules for access control
R1: Transfer Access R2: Grant Access R3: Delete Access R4: Read Object R5: Create Object R6: Destroy Object R7: Create Subject R8: Destroy Subject |
|
|
Harrison-Ruzzo-Ullman Model (HRU) -- Including it's 6 parts
|
A derivative of Graham-Denning. Considers subjects to also be objects. Has 6 primitive operations.
-Create Object -Create Subject -Destroy Subject -Destroy Object -Enter right into access matrix -Delete right from access matrix |
|
|
What does the Mode of Operation help you determine?
|
Helps determine the access control and technical requirements that the system has.
|
|
|
Four Modes of Operation
|
1) Dedicated
2) System High 3) Compartmented 4) Multilevel |
|
|
Dedicated Mode of Operation
|
The system has information containing only one classification label (e.g. Secret).
|
|
|
System High Mode of Operation
|
The system has objects of mixed labels. All subjects must have clearance equal to or greater than the highest label.
|
|
|
Compartmented Mode of Operation
|
Uses technical controls to enforce proper clearance for the compartmented data it contains.
|
|
|
Multilevel Mode of Operation
|
The reference monitor mediates access between subjects and objects.
|
|
|
What is the TCSEC and it's common name?
|
Trusted Computer System Evaluation Criteria (The Orange Book)
|
|
|
The Orange Book
|
The "Granddaddy" of Evaluation Models. Developed by DOD and NSA. Uses letters and numbers to denote divisions levels. Not used much anymore
|
|
|
TCSEC Levels
|
D: MINIMAL PROTECTION
C: DISCRETIONARY PROTECTION C1: Discretionary Security Protection C2: Controlled Access Protection B: MANDATORY PROTECTION B1: Labeled Security Protection B2: Structured Protection B3: Security Domains A:VERIFIED PROTECTION A1: Verified Design |
|
|
TNI/Red Book
|
Trusted Network Interpretation brings TCSEC concepts to network systems.
|
|
|
ITSEC
|
The European Information Technology Security Evaluation Criteria. The first successful International model.
It refers to TCSEC, separating functionality (F) from assurance (effectiveness (Q) and Correctness (E)). |
|
|
International Common Criteria
|
An internationally agreed upon standard for describing and testing the security of IT products. It eliminates known vulnerabilities of the target for testing.
It is the second International effort to adapt TCSEC. |
|
|
Four Common Criteria Terms
|
1) Target of Evaluation (ToE) - The system or product being tested.
2) Security Target (ST) - The documentation describing the ToE, including the security requirements and operational envirionment. 3) Protection Profile (PP) - An independent set of security requirements and objectives for a specific category of products or systems 4) Evaluation Assurance Level (EAL) - The evaluation score of the tested product or system |
|
|
Seven EALs for the Common Criteria Model
|
EAL1: Functionally tested
EAL2: Structurally tested EAL3: Methodically tested and checked EAL4: Methodically designed, tested and reviewed EAL5: Semi-formally designed and tested EAL6: Semi-formally verified, designed and tested EAL7: Formally verified, designed and tested |
|
|
PCI-DSS - What is it and what are it's 6 core principals?
|
Payment Card Industry Data Security Standard
1) Build and Maintain a Secure Network 2) Protect Cardholder Data 3) Maintain a Vulnerability Management Program 4) Implement Strong Access Control Measures 5) Regularly Monitor and Test Networks 6) Maintain an Information Security Policy |
|
|
Certification and Accreditation
|
Certification attests that the system has been assessed had security measures taken to protect, and lists the residual risks.
Accreditation is the data owner sign-off of that certification |
