IT223 Final Notes

Card Set Information

IT223 Final Notes
2012-05-14 17:27:58

Show Answers:

  1. Types of Independent Malware Programs
    Bacteria, Worms, Sometime Trojans
  2. Host-based Malware programs
    Trapdoor, logic bomb, Trojan horse, Virus
  3. Logic Bomb
    Condition built into program to cause some adverse action when condition(s) are met
  4. Trojan Horse
    Program fragment or independent program that appears interesting or useful, but includes malicious functionality
  5. OSI Model
    • Application Data
    • Presentation Data
    • Session Data
    • Transport Segments
    • Network Packets
    • Data Link Frames
    • Physical Bits
  6. Media examples
    twisted pair, coax
  7. Honeypot
    host designed to attract attackers
  8. Where should the CIO and Chief IT Security Officer sit in corporate hierarchy?
    CIO & Chief IT Security Officer should sit just below the CEO at or near the top. Should report to CEO. CISO generally reports to CIO or CSO.
  9. Most prestigious certification
    CISSP: Certified Info System Security Professional
  10. What is SBU/CUI data?
    • Personal info: sensitive but unclassified
    • controlled unclassified info
    • Birth dates, etc.
  11. FACTA (2003)
    Grants consumers right to request one free credit report from each national firm once a year
  12. PCI-DSS
    Protects cardholder data, prevents identity theft. !2 discrete requirements that force merchants to develop secure network. Backed by VISA, MC
  13. Difference between Ad and Spyware
    Adware is nuisance, Spyware is dangerous
  14. What are models?
    frameworks that structure tasks of managing particular set of activities or business functions
  15. Risk =
    Threat + Vulnerability
  16. Example types
    Voltages, 802.11b, etc.
  17. Most common data implementation
    TCP/IP suite
  18. Boundary Protection Mechanism
    Provides security specific to the interface between remote access and application servers
  19. First Internet
    ARPANET (1967)
  20. Origin of WWW
    CERN project in 1989
  21. Securing Networks
    Defining a boundary and protecting it
  22. Most common level of security
    Implemented at network layer
  23. VPN Technology
    IPSec, SSL
  24. Law
    • Binding custom or practice of a community
    • -mandate or prohibit action
    • -drawn from community's ethics
    • -compromise between individual rights and greater good
  25. Ethics
    • Set/System of principles or values.
    • -Determined collectively, enforced by a group or community
  26. Values
    An individual's principles for determining appropriate behavior
  27. Morals
    Used by individuals, derived from some external source
  28. Golden rule (of ethics)
    Treat others how you'd like to be treated
  29. Code of Conduct
    Published document used to enforce decisions about behavior, based on principles of organization
  30. When using company facilities, users have ____ expectation of privacy
  31. Copyright
    right to make copies of an original work
  32. Defense-in-Depth
    • Protect is not enough, we must
    • Protect, Detect, React
  33. 3 Elements of info assurance
    • People
    • Technology
    • Operations
  34. IA: People
    • Physical Security
    • Policies
    • Training
  35. IA: Technology
    • IA Architecture
    • Implementation
  36. IA: Operations
    Coordination of people and technology
  37. Info Sys Security Engineering (ISSE)
    • Art & Science of discovering users' info needs, then designing appropriate info systems
    • Art: Work is subjective, every situation is unique
    • Science: Well-defined process, consistent results
  38. 3 Principles of ISSE
    • 1. Always keep problem, solution separate
    • 2. Problem is defined by customer's mission/needs
    • 3. Engineer defines solution based on problem
  39. Systems Engineering (SE)
    • Foundation for ISSE
    • generic problem-based process
  40. Protection Needs Elicitation (PNE) Process
    Customer's requirements for protection are discovered
  41. Info Management Model
    Describes info domains, activities needed within each domain
  42. Information domain
    Set of users/rules/processes/information
  43. Least privilege concept
    Users of info systems have least amount of access privileges required to do their work
  44. 4 Types of Harm
    • Disclosure: Loss of confidentiality
    • Loss/Modification: Loss of Integrity
    • Denial of Service: Loss of Availability
    • Repudiation: Loss of Authentication
  45. Harm to Information (HTI)
    Estimating value of information and cost impact if info is lost (cost of replacing)
  46. PHE Rating (Potentially Harmful Event)
    Likelihood of an event
  47. Threat level
    Combination of HTI and PHE values
  48. Risk
    Someone/Something that creates/suggests a hazard
  49. Risk Management
    Process of identifying/controlling risks
  50. 3 Broad areas of knowledge (Risk Management)
    • Know yourself
    • Know your enemy
    • Know the communities of interest
  51. Risk ID Process
    • 1. Plan/organize process
    • 2. Categorize Components
    • 3. Categorize Assets
    • 4. Identify Threats
    • 5. Specify Vulnerable Assets
  52. Risk Control Strategies
    • Avoidance
    • Transference
    • Mitigation (Reducing likelihood and/or impact)
    • Acceptance
  53. Plan
    Formulation of program of action
  54. Policy
    Method of action that guides future decisions
  55. Standard
    rule, established by an authority
  56. Practice
    A repeated/usual way of doing something
  57. Procedure
    Particular way of doing something
  58. Guideline
    Outline of a policy
  59. Security policies are ____ expensive control to execute, but ____ difficult to implement
    Least expensive, Most difficult to implement
  60. Info Security is a _____ problem, not a _____ one
    Management problem, not at echnical one
  61. de facto
  62. de jure
    by law
  63. 3 Types of Policy
    • Program
    • Issue-Specific
    • System Specific
  64. Characteristics of policy
    • Supplemented (by standards/guidelines)
    • Visible
    • Supported by management
    • Consistent (with mission, ethics)
  65. Example of System-Specific Policy
    User access rights to objects (Access Matrix)
  66. Multi Level Security System (MLS)
    • Each object has a classification,
    • Each subject has clearance level
  67. Simple Security Property (SSP)
    No read up
  68. Star (*) Property
    No write down
  69. Living document
    changes from time to time
  70. Elements of living document
    • Version number
    • Date of Issue
    • Effective Date
    • Expiration Date (Sunset Clause)
  71. Common approach to info security
  72. Top-Down strategy
    • Framework developed
    • Strategies identified
    • Constraints identified
  73. Incident Response Plan (IRP)
    • 1st level response
    • Made for intended occasional events
  74. Disaster Recovery Plan (DRP)
    Approach to more serious events which shut down sites
  75. Business Continuity Plan (BCP)
    Contingency plan which ensures continuity of business ops, possibly moving to another site
  76. Business Impact Analysis
    • Activities of contingency planning
    • Potential Damage assessment
    • Subordinate plan classification
  77. Hardware
    Physical components of a system
  78. 7 Major sources of physical loss
    • Temperature
    • Gases
    • Liquids
    • Living organisms
    • Projectiles
    • Movement
    • Energy anomalies
  79. 3 Communities of Interest in Physical Security
    • Info Security
    • Info Technology
    • Organizational
  80. Access Control
    Barrier between asset and potential source of damage/loss
  81. Hardware token
    Device containing some unique data used to generate one-time values
  82. 2-Factor Authentication
    Posession of device AND knowledge of some information (password)
  83. Class C Fire
  84. How could an adversary disable your PC?
    How could you prevent this?
    • Cut Power; Use uninterruptible power supply
    • Unplug computer; Keep computer in secure case
  85. Software Faults (Bugs)
    Human error in programming
  86. Periodic Updates
    Collection of incremental patches
  87. Malware
    Software designed to deliberately cause problems
  88. Trap/Backdoor
    Program function which allows user to bypass standard security measures
  89. Time Bomb
    Logic bomb dependent on system clock
  90. Trojan Horse
    Program or program fragment that appears interesting but includes malicious functionality
  91. Software bacteria
    Programs which replicate exponentially, advertently or inadvertently causing harm to host machines
  92. Worm
    Designed to spread through/between systems, replicate and/or cause damage
  93. Macrovirus
    Exploits series of commands (macros) in common applications
  94. What actually happens when something is "deleted"
    File manager marks space of "Deleted" data as "available" to be overwritten
  95. Client-Server model
    Computer processsing distributed among computers
  96. Physical Layer of OSI Model
    Physically moves data
  97. Presentation Layer
  98. Most common implementation of layered artchitecture
    TCP/IP Protocol Suite
  99. VPN Virtual Private Network
    Using public network facilities and securing them to give the equivalent of private lines
  100. 2 Common VPN Technologies
    • IPSec
    • SSL
  101. IPSec protocols
    • Authentication Header: Provides authentication of origin, data integrity by adding message authentication code (MAC) to data from UCP/TCP
    • Encapsulating Security Payload (ESP): Provides confidentiality by encrypting data. Can be incorporated with AH
  102. IPSec modes
    • Transport: IPsec applied to the payload. Payload is protected but not header. Designed for end-to-end communication between hosts.
    • Tunnel: IPsec applied to entire packet (header and payload), entire packet becomes payload for a NEW packet with a new header.
    • Appropriate for intermediate devices in a communications path
  103. Secure Socket Layer (SSL) developed by Netscaped, also known as TLS (Transport Layer Security)
    • Authenticates web servers to browsers
    • Computer connects to organization's network via a gateway
    • Gateway sends computer public key
    • Computer sends gateway username/pass
    • Tunnel connection
  104. Firewall
    • Provides security between internal and external network by authorizing legitimate traffic, keeping out unauthorized traffic.
    • Does this by opening/closing ports, forwarding/blocking packets
  105. Stateful packet filter
    Makes decision about forwarding packets based on their context (not accepting responses that have no requests)
  106. Application Gateway
    Stateful packet filter operating at the application level
  107. DMZ
    Exists between trusted network and outside networks
  108. Relay
    Attackers use firewall to relay packets to another location outside the internal network
  109. Network Address Translation (NAT)
    Allows internal network to share an external IP address
  110. IPv4 has ___ security functionality (minus IPSec)
  111. Using an incorrect IP Address
  112. Replay attack
    Stealing and copying a legitimate packet, re-sending
  113. DoS
    • Attacks availability of target
    • Floods target with data traffic, more than it can handle
  114. Binary Sensor
    • 2-state:
    • Normal (Negative)
    • Abnormal (Positive)
  115. Threshold Sensor
    Used to mitigate false alarms
  116. IDS: False Positive
    Intrusion detects attempt that never happened
  117. IDS: False Negative
    IDS fails to detect intrusion
  118. Three types of IDS
    • Network-based
    • Host-based
    • Application-based
  119. Signature-based IDS
    Looks for patterns
  120. Anomaly-based
    Looks for out-of-place traffic patterns
  121. IDS Active responses
    • -Collect more data
    • -Change system
    • -Retaliate