IA Test 2

The flashcards below were created by user Anonymous on FreezingBlue Flashcards.

  1. Computers count in ___, we count in decimal
  2. Everything in a computer is a bunch of stuff that represents a 1 or a O and they can be sent around in
    parallel or serial (multi lane highway vs two lane road)
  3. _ bits make a byte
  4. American Standard Cod for information Interchange - Developed from telegraphi codes - most common character encoding scheme on the internet
  5. UTF-8, UTF-16, UTF - 32
  6. A CPU has a set of very basic instructions that it can perform, if you program directly at the level of bits and bytes, you are using machine code
    Instruction Sets
  7. If you program by using a few reserved words, you are writing code in
    assembly language
  8. Higher programming languages that we use like C, C+, Java, Python are ______ or _______ meaning there are several steps to turn our code into machine language(1's and 0's) that the intruction set can use
    compiled or interpreted
  9. The converstion from higher level languages to machine code introduces opportunities for ____ - ex buffer overflows
  10. There are a lot of programers, but there are very few who understand _____ ____ completely. Developers vs. Programers
    Machine Code
  11. has a bunch of stuff on it, may include video and audio and networking chips. It's the 'mainboard', runs the show
  12. runs intructions, has some really fast memory of its own to use
  13. RAM - no power, no data
    Random Access Memory
  14. ROM - not really this anymore
    Read-only memory
  15. The first thing your computer sees when it wakes
  16. When building a PC start with the trinity:
    Motherboard, CPU, memory
  17. a bunch of magnetric filings that represent a 1 or a 0 depdending on how they are oriented.
    Disk Storage
  18. are formated in clusters FAT(old) or NTFS(current)
  19. ____ written to a disk may not use all of the last cluster this is called ____ ____
    Data & Slack Space
  20. can include piece of old e-mails, etc. Can be used to hide data
    slack space
  21. joes cups are the clusters- writing to hard drive is like filling up cups and you only fill the last one up 1/4
  22. Same thing as FAT with shot glasses, the clusters are smaller but there are more of them
  23. In a disk drive this is not currently used by the operating system but still has your old stuff on it
    Unallocated Space
  24. When you delete a file, the Operating System just erases the entry in the _________ not the actual data
    Master File Table (MFT)
  25. 512 byte sector on a partitioned storage device, such as a hard drive(first sector)- tells us how the drive is partitioned, picks up after the BIOS for information on which drives has the operating system, has a unique signature - can be used to hide data, can be come infected
    Master Boot Record
  26. Why is a virus on the Master Boot Record probably the worst virus?
    you have to wipe the harddrive to get it off
  27. don't burn 1's and 0's instead burn pits and lans,
    optical disks
  28. We input data with our keyboard, mouse, touch screen-->the data goes to the RAM or the hard drive or optical disk-->the CPU takes the data from the RAM and ses it to execute instructions
    Computer Processes
  29. Data in a computer with 32 bit operating system runs along a
    32 lane highway
  30. Data on a network connection runs along a _____ meaning that data entering and leaving the computer get queued up in memory - temp file, swap file
    1 lane highway
  31. human misstep - inadvertant human errors, intentional, malicious flaws
  32. computer misstep, potential failure - a coding or design error, something the designer sees
  33. observable, enacted fault - system not performing as required, though it may be performing as specified, with wrong spevification, something the user sees
  34. search for faluts and patch them- Not good, narrow focus on fault and not context, fault may have non-obvious effects elsewhere, fixing one problem creates others, compromised fixes to not affect system performance
    penetrate and patch
  35. not working as intended
    program security flaw
  36. biggest problem in security - more numerous than cyber attacks, cause more damage
    human errors
  37. Security is fundamentaly ___ programs are huge, can only test for likely causes and it is easy to hide malicious code
  38. _____ advance faster than security techniques- we are mostly caught in reactive mode, rather than proactive
    programming techniques
  39. space in memory
  40. if I reserve 6 bytes in memory for my variable and can somehow push 8 bytes to that are, two bytes will overflow into the adjacent memory location - may affect user space or use code, may affect system data or system code
    buffer overflows
  41. if buffer overflow into ________ ,it is possible to gain control of the system - think of passing machine code into the instrcution set
    system space
  42. is a LIFO data structure that determines the order of subprocedure calls, overflow can redirect execution to a block of malicious code
    Stack Overflow
  43. unchecked data values, what happens when we enter odd values for parm1 and parm2? Can we crash the system?
    Incomplete mediation
  44. changes that occur between when access rights are checked and those rights are used- this is common exploit in client server environments, mostly sloppy programming
    Time of check to time of use
  45. need to be executed: setup programs, e-mal attachments, autorun, browser helper programs
  46. attach themselves to the front and/or end of an executable program, or integrate within the program
    appended viruses
  47. buried in the command portion of a document
    document viruses
  48. a virus can join with its target
    a virus can replace its target
    a virus can change the file system pointers to itself, instead of the target
    gaining control
  49. BIOS to boot sector to bootstrap loader, loader is larger than boot sector, each block of the bootstrap chains to the next block(directs the bootstrap program to the next place on the drive)
    Boot Sector Virus
  50. can attach to TSR programs(terminate and stay resident) can make registry entries for themselves(sneaky and hard to find/fix) can hide in macros, can hide in software libraries
  51. like the program that itnerprets your keyboard
    TSR -Terminate and Stay Resident
  52. a byte pattern specific to a particular virus
  53. program begins with a JUMP, fails checksum(hash), virus replaces part of the program making it non-function
    finding viruses/storage patterns
  54. hard to catch because the operating system allows them
    execution patterns(virus)
  55. any storage medium, address book, network, etc.
    Transmission Patterns(finding viruses)
  56. a sneaky virus, change their signature, encrypt themselves
    polymorphic viruses
  57. sneaky viruses - shut themselves off, delete themselves and all traces, reinstall themselves from boot or registry, watch system calls and intercept any that might reveal themselves
    Other sneaks
  58. use only commercial software acquired from a reliable source(ish), test all new software on an isolate computer, or a virtual machine, don't open strange attachemtns, make a disk image of your computer, make backups of your executable sytem files(stupid), use virus detectors
    Preventing infection
  59. T/F Only Windows gets infected
  60. T/F MACS are less infected only because they are less popular
    False, don't log in as adimin
  61. T/F Linux machines are less infected only because they are less popular
  62. T/F Viruses can appear in only certain types of files
  63. T/F You can get a virus from surfing the web
  64. T/F Viruses can infect hardware
    False, firmware not hardware
  65. Boot Sector Virus- and six other sectors marked faulty, trap interrupt 19, uses interrupt 6 - screens disk read calls so the boot sector corruption is not revealed, an early prototype virus
    Brain virus
  66. resource exhaustion goal, three techniques, crack password using its own file then your dictionary, overlow fingered programs, allowing shell access, use trapdoor in sendmail program, would send bootsstrap to new machine then grap the rest of itself
    internet worm
  67. exploited microsoft IIS, buffer overflow, different actions on different dates, rebooted machine after a time, leaving a trojan horse in place
    code red
  68. used in debugging, sometimes forgotten and left- sometimes left for maintenance - can be purposefully set for malicious use
  69. The whole penny shaving thing- sounds like a good way to do hard time
    salami attack
  70. rootkit discovered by Mark Russinovich - installed on autorun, prevented user from copying music CDs. killed many CD drives(process), hid all files beginning with $sys$ - without user consent, and in cooperation with antivirus vendors, uninstaller made mroe holes
    Sony XCP
  71. incercept calls, redirecting how the computer works while hiding itself
  72. change the hacker from a user to an admin
    privelege escalation
  73. fake address bars, fake displays, fake everything
    interface illusions
  74. capture all your keystorks, and random screenshots
    keystroke logging
  75. numbers less than the key take more time to process, the closer you get to the key, but then take a ton less time when you pass the key, so you can infer a reasonable keyspace, then brute force attack that limited area
    RSA hack - a timing attack
  76. think steganography, sending signals in the clear because folks aren't looking there
    Covert channels
  77. specifiy the system, design the system, implement the system, test the system, review the system, manage the system, maintain the system
  78. is a team process, must have separation of duties(SOX)
    system deveopment
  79. Good Code Uses
    Modularity, Encapsulation, Information hiding
  80. single purpose(each module performs one function), small(cognitively easy to digest), simple (cognitively easy to digest), Independent(peforms its own task, isolated from others)
  81. easy to maintain, easy to understand, reuse, easy to trace failure point, easy to test - don't exist as much as we like
    benefits of small modules
  82. all the module parts belong there and make sense together- it is good for this to be high
  83. modules should be minimally dependent on other moduals as possible - low or loose is good
  84. The ocde in a module is not affected by other modules - except specifically in documented ways that we allow and plan for - classic object-oriented concept
  85. each module is a "black box" as viewed by other modules, they don't know what happens except that a module is asked to do something and it does the task
    Information hiding
  86. well written programs never assume that a program that it calls, or is called by is not corrupted- ex. rechecking or permissions, or a second concrrency control check
    mutual suspicion
  87. an operating system behavior - limit access to system resources for unknown programs
  88. never use single vendor, look at the falibility of the microsoft office suit, avoid tight integration
    Genetic Diversity
  89. peer reviews, hazard analysis, testing, good design, prediction, static analysis, configuration management, mistake analysis
    building solid software
  90. Review(is this what we want to do), Walk through(demonstrating the code/program), Inspection (formal process of deciding if the code/program is good to go)
    Peer Reviews
  91. What if, think of everything that can go wrong, weigh the likelihood of each possibility, address or fix or plan for disaster
    hazard analysis
  92. product quality is the goal
  93. testing the module alone
    unit testing
  94. is it working correctly?
    function test
  95. is it causing system slowdown
    performance test
  96. is the customer happy? or just not unhappy
    Acceptance test
  97. does it still work at implementation
    installation testing
  98. did we break anything? set of formal repetitive tasks on all functions
    regression testing
  99. does a given input give the expected output- code is hidden
    black box testing
  100. trying to break the code with specific inputs - code is shown
    clear box testing
  101. wait for the system to fail
    passive fault deteciton
  102. actively check data, build in redundancy
    active fault deteciton
  103. it will fail, we find ways to gracefully handle failures
    fault tolerance
  104. tools, languages, methodologies
  105. both in the code and external
    Documentation (Standards)
  106. peer revies, code audits
    Programming ( standards)
  107. independent testing, archive testing results
    Testing (standards)
  108. control access to, and ghanes of code - who changes the code and who has admin rights
    Configuration management(standards)
  109. access control, identity and credential management, information flow, audit and integrity protection
    O/S functions
  110. Early computers were designed for ___ - executive, simple passive uitility to assist programmers - multiple users required another kind of system - monitors, actively kept users' programs separate
    single-user use
  111. memory, shareable I/O devides(disks), serially reusable I/O devices(printers, tape drives), shareable programs and sub procedures, networks, shareable data
    shared resources needing protection
  112. physical(sepearte printers), temporal(different times), logical(allow only certain processes), cryptographic(processes conceal their data)
    separation - keeping users' objects appart
  113. Modes of sharing -do not protect
    different times
  114. Modes of sharing - processes have their own space
  115. Modes of sharing- share all or nothing
    public or private
  116. Modes of sharing -share with access limits
    users and objects
  117. Modes of sharing - rights are dynamic
    share by capabilities
  118. Modes of sharing - limit use
    granular permission
  119. unchangeable space for system
  120. variable space for system
    fence register
  121. only protected the system from the user not users from users- fence and fence register
    memory and address protection
  122. moving all memory address an equal distance - relocation factor as the starting address for a program
  123. memory and address protection -variable fence register - sets lower bound
    base register
  124. memory and address protection sets upper bound
    bounds register
  125. these registers change from one user's program to another(context switch) -protects users from users
    memory and address protection
  126. memory and address protection - can add another set of registers these proetect the user program space from
    the user data space
  127. every word or machine memory has one or more extra bit to identify access rights to that word- word is nominally 2 bytes - this is better than a ton of fences- old and uncommon
    tagged architecture
  128. program is broken into segments with unique name - code or data in the segment is identified with the segment name and the offset within the segment
  129. uses a segment address table for each process being executed
    operating system
  130. in the segment is identified with the segment name and the offset within the segment
    code or data
  131. separates physical memory location from lgoical memory location
  132. each address reference passes through the o/s can be checked for protection, process can only access a segment that is in its segment translation table, different classes of data item can have different levels of protection, access rights are granted to a segment, downside is a program can reference and offset beyond the end of a segment
    segmentation security
  133. Paging - program is divided into equal sized
  134. Paging - memory is divided into equal sized
    page frames
  135. like segmentation except: cannot address beyond the end of a page, changes to the program push all subsequent intructions to lower addresses, movying bytes from the end of one page to the next, this is a problem because access rights go to the page and there is no unity to the items on a page
  136. goal to check every access, enforce least privilege, verify acceptable usage- a user can be a person, a program, or another object
    object access control
  137. simply matches users and rights with objects, list can get huge, revocation of access can be a pain, pseudonyms
    file directory
  138. each object has its own directory - allows for default rights per object, easy to maintain, objects can be grouped, and rights assigned per group, or users can have specific group access by spficiying wild cards
    access control list
  139. an unforgeable token that gives the possessor rights to an object
  140. some objects can transfer or propagate capabilities to other objects - each process operates in a domain
    posixs capabilities
  141. the collection of objects that the process can access
  142. uses capabilities called tickets - secured with symmetric cryptography
  143. kerberos- authentication server(AS) ticket granting server(TGS)
    Key Distribution Center
  144. You authenticate to the AS and get a ticket. You want to use a printer. Your ticket goes to TGS, and you get two tickets back - one says you are authorized to use the printer, one is for you to give to the printer
  145. users can belong to groups, both can have permissions, requires some thinking before implementation, databases use this
    role-based access control
  146. all or none, files were by default, public - not a good idea, can't trust everyone, too coarse, can't handle sharing well, requires human intervention, all files can be listed
    file protection mechanisms
  147. persistent permission, temporary acquire permission-program, not the executing user, gets the owner's permission set, per-object and per-user protection
    individual permissions
  148. we have confidence in memory protection, file protection, general object access control, user authentication
    designing trusted o/s
  149. the software does and acts like it should
    functional correctness
  150. even when given bad or unauthorized commands, the data that the software touches is unaffected
    enforcement of integrity
  151. program accesses only the secure data that it nees and doesn't pass rights or data to untrusted objects
    limited privilege
  152. the trust we have in a program matches the sensitivity of the data and environment
    appropriate confidence level
  153. is or is not, property of the persenter, asserted based on the product, absolute, in all settings, a goal
  154. has degrees of trustworthiness, property of the receiver, judged on evidence and analysis, relative to the context of use, a characteristic
  155. a set of rules that lay out what is to be secured and why - a statement of the security we expect the system to enforce
  156. a representation of the policy that the o/s will enforce
  157. the implementation of the model and how it is to be implemented
  158. design
  159. features ensure all the functioanlity needed is present
  160. our belief that the o/s is implemented in a way that enforces the secuirty policy
  161. based on protecting classified information, secuirty levels are in hierarchy, need to know basis, projects are compartmentalized(may be in one or more sensitivity level) - Classification
    military security policy
  162. not like military - no formalized clearnances, internal data is internal data, rules are not well regulated, there is no dominance function
    commercial secuirty policies
  163. focus is on integrity and confidentiality, activities are done in a specific, documented sequence, with each person performing a step in the sequence being authenticated, includes separation of duty
    clark-wilson commercial security policy
  164. prevents conflict of interest(confidentiality), objects, company groups(aggregations of objects), conflict classes(highest level clusters for competing companies
    chinese wall secuirty policy
  165. test a policy for completeness and consistency, document a policy, conceptualize and design an implementation, chack if and implementation meets its requirements
    security models
  166. generalized model of secuirty, military model is this, some commercial models are as well, not every pair of elements need be comparable, allows for relational logic
    lattice model
  167. employs both mandatory and discretionary access control mechanisms when implementing its two basic security principles - simple secuirty property
    Bell-LaPadula Confidentiality Model
  168. no subject can read information from an object with a security classification higher than that po sssessed by the subject itself - no read up rule
    simple security property
  169. part of the bell-lapadula model - a subject may write to an object only if its security classification is less than or equal to the object's secuirty clissification - counterintuitive but designed for confidentiatliy not integrity
  170. simple intergity rule and integrity * property
    biba integrity model
  171. users must not view content below their own integrity level no read down
    simple integrity rule
  172. users may not create content above their own integrity level no write up
    Integrity * -Property
  173. formal system of protection rules
    graham denning model
  174. can be used to decide if a given subject in a system can ever obtain particular rights to an object, proves the if commands can execute multiple operations the above may not hold true
  175. proves that we can decide if a given subject can share an object with anther- proves we can decide if a given subject can steal access to an object from another subject
    take-grant system
  176. A trusted system design element- least privelge
    for users and programs
  177. A trusted system design element- protection system should adhere to KISS
    economy of mechanism
  178. A trusted system design element- protection mechanism should not assume attackers are ignorant
    open design
  179. A trusted system design element- every access attempt must be checked
    complete mediation
  180. A trusted system design element-default condition should be denial of access
    permission based
  181. A trusted system design element- access should depend on more than one condition
    separation of privilege
  182. A trusted system design element- the less sharing of objects the better
    least common mechanism
  183. A trusted system design element- protection systems that are hard to use won't be used
    ease of use
  184. user authentication, memory protection, file and i/o device access control, allocation and access control to general objects, enforced sharing, guaranteed fair service, interprocess conmmunication and synchronization, protected operation system protection data,Identification and authenciation, MAC, and DAC, object reuse protection, complete mediation, trusted path, audit logs, audit log reduction, intrustion detection,
    security features of ordinary o/s
  185. central authority decides who accesses what, military secuirty clearnaces
    mandatory access control
  186. users can give and remove acces to their objects(where they are the owners)
    discretionary access control
  187. like disk space is it cleaned after use - magnetric remeance
    object reuse protection
  188. all accesses are checked without exception
    complete mediation
  189. direct communication to a ligitamate receiver
    trusted path
  190. who did what when
    audit logs
  191. how much to capture
    audit log reduction
  192. actively detecting secuirty threats
    intrusion detection
  193. assuaracne in trusted o/s secuirty kernel access to every protected object must pass through the secuirty kernel
  194. assuaracne in trusted o/s secuirty kernel- easier to protect the security mechanisms from o/s and user penetration
  195. assuaracne in trusted o/s secuirty kernel- all secuirty systems are performed by a single set of code
  196. assuaracne in trusted o/s secuirty kernel changes to the security code are easier to make and test
  197. assuaracne in trusted o/s secuirty kernel- performs one function so it is typically small
  198. assuaracne in trusted o/s secuirty kernel- because it is small can be analyzed rigorously
  199. collection of access controls, must be tamper proof, unable to be bypasssed, analyzable, window nt line has one
    assuaracne in trusted o/s refernece monitor-
  200. everything in the trusted operating system necessary to enforce the secuirty policy - monitors: process activiation, execution domain switching, memory protection, I/O operation, because of domain switching
    assurance in trusted o/s trusted computing base
  201. combined secuirty kernel/operating system. separate security kernel
    assurance in trusted o/s TCB implementation
  202. each user gets a virtual operating system
    assurance in trusted o/s virtual machines
  203. user interaction, ambiguity(isolation vs sharing) incomplete mediation, generality
    known vulnerabilities -o/s
  204. hci falls outside of secuirty kernel, code is typically very complex, security may be bypassed in the interest of speed
    known vulnerabilities- user interaction
  205. Testing, Penetration Testing(aka tiger time analysis, ethical hacking), formal verification, validation
    assurance methods
  206. tiger team analysis, ethical hacking
    penetration testing
  207. uses mathematical models to test securit properties
    formal verification
  208. making sure the software is being built to specification, implementation checks
  209. something the user knows, has, is - a combo of these is best(multifator)
    User Authentication
  210. a password, kids' names, birth dates, birth places, hobbies
    what a user knows
  211. a card(ATM, smart card), a key(physical or electronic)
    what a user has
  212. biometrics- eyes, voice, fingerprints, dna problems and privacy
    what a user is
  213. shines certain wavelength of light into eyes, blood vessels absorb more light than the surrounding area, making them easy to identify, affected by diabetes, glaucoma, bloodthinning, and alcohol - has to be done at a close rance, your clone has the same retinal image
    retinal scan
  214. take a picture of the iris using ultraviolet light, converted into a digital templace(mathematical representation) not even your clone has the same one(randomly determinted during gestation) can be done a couple meters away
    iris scan
  215. guess likely passwords for that user, search the system, search the environment, dictionary attack, rainbow tables
    cracking passwords
  216. all the possible combinations
  217. forcing users to create an 8 character password with at least one upper case character and one number ______ the key space
  218. in a database we store the ___ not the password.
  219. to make attacks more difficult we ____ the password by pre-pending a random string to the password and storing the resulting hash - rules out dictionary attacks, can be too long for dictionary attacks store this hash and this in the database
  220. windows lan manager hash for passwords, used exclusively through windows ME, default for XP for backward cimpatibility, No SALT, challaenge:crack two 7 byte hashes- trivial
    LM Hash(prevista)
  221. much stronger in client- server authentication, still leaves a 32 byte hash on the local computer, harder to crack but not weak with passwords
    NTLM Hash (Vista)
  222. LM and NTLM hashes are stored in
    • SAM database(Security Accounts Admin)
    • Active directory
  223. PWDump, Rainbow Crack, John the Ripper, Cain and Abel, OPHcrack
    Cracking LM/NTLM hashes
  224. piggybacking and should surfing, dumpster diving, installing unauthorized hardware and software, access by non-employees, social engineering, reverse social engineering
    human attacks-getting info
  225. the tactic of closely following a person who has just used an access card or pin to gain physical access to a room or building
  226. a procedure in which attackers position themsleves in such a way as to be able to observe the authorized user entering the correct access code
    shoulder surfing
  227. attackers need some information before launching an attack, a common place to find this info is to go through the target's trash,
    dumpster diving
  228. if the attackers are lucky and the target's secuirty procedures are very poor attackers may find userids and passwords, manuals of hardware or software purchased may also provide a clue as to waht vulnerabilities might be present on the target's computer systems and networks
    dumpster diving
  229. "The best way to prepare to write a programs, and to study great programs that other people have written. In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating systems."Who said it?
    Bill Gates
  230. Organizations should have a policy to restrict normal users from installing ____ and ___ on their systems. communication software and a modem may allow individuals to connect to their machines at work using a modem from home, this creates a backdoor into the network and can circumvent all the other security mechanisms
    software and hardware
  231. If an attacker gains access to a facility, there are chances of obtaining enough information to penetrate
    computer systems and networks
  232. the attaacker deceives to obtain privleged information, convince the target to do something that they normally would not
    social engineering
  233. is successful because of the basic human nature to be helpful and that individuals normally seek to avoid confrontation and trouble
    social engineering
  234. the attacker hopes to convince the target to initate contact, the attack may be successful because of this and because they might not have to convince target of authenticity
    reverse social engineering
  235. methods of social engineering
    spoofed e-mails, notice or bogus website, new software or hardware
  236. people are not only the biggest problem and secuirty risk but also the best tool to defend against these attacks
    paradox of social engineering
  237. organizations must fight social engineering attacks by establishing ____ that define rolds and responsibilities for all users and not jsut security personnel
    policies and procedures
Card Set
IA Test 2
IA Test 2
Show Answers