The flashcards below were created by user usma1976 on FreezingBlue Flashcards.

  1. Transparency
    • does not negatively affect system performance and is therefore not noticeable to the user
    • means users know they are being tracked but not how
    • controls should not stand in the way of users doing their job
  2. XACML
    • extensible Access Control Markup Language - used to share identity, authorization and authentication between 2 companies with a trust relationship
    • implemented in XML
  3. XML
    • not used for security information
    • a method for electronically coding documents and representing data structures such as those in web services
    • more robust than HTML
  4. SPML
    Service Provisioning Markup Language - used to exchange user, resource, and service provisioning information
  5. GML
    • Generalized Markup Language - created by IB for formatting documents
    • describes a document in terms of its parts and their relationship
    • preceded SGML and HTML
  6. Scrubbing
    Deleting incriminating data within audit logs
  7. Types of IDS systems (4)
    State-based - uses rules that outline transition sequences; compares patterns to several activities at once; a type of signature based IDS

    • Anomaly-based - builds a profile over time of normal activities; compares future traffic to normal using complex statistical algorithms and scores each packet; 3 types:
    • - statistical
    • - protocol
    • - traffic

    Misuse-detection system = same as signature based IDS - uses signatures to detect; least effective on new malware; needs to be updated regularly

    Rule-based = using expert systems, a knowledge base and rule based programming; compares data to be analyzed to facts
  8. Identity theft (2)
    • True Name and Account takeover
    • True name = uses personal information to open NEW accounts in the stolen id's name

    Account takeover = uses personal information to take over existing accounts; will often change mailing address and rack up charges
  9. Capability table
    • Refers to the access rights of a SUBJECT
    • can be in the form of a token, ticket or key
    • corresponds to a ROW of a matrix

    contains a unique object identifier and the rights the subject has to that object where an object could be a file, array, memory segment or port

    Capability list or table DOES NOT equal an ACL
  10. ACL
    lists of subjects that are authorized to specific OBJECTS

    corresponds to the COLUMN of a matrix
  11. SPML
    • service provisioning markup language = used to exchange information on which users get access to which resources
    • does this through using XML
  12. Diameter
    • an authentication, authorization and auditing (AAA) protocol that provides the same functionality as RADIUS and TACACS+, but is
    • NEWER
    • multi-protocol
    • more fleible
    • can handle many types of devices including mobile, roaming etc.
  13. Constrained user interface
    • Restricts user's by not allowing access to certain functions
    • three major types:
    • - menus and shells
    • - database views
    • - physically constrained interfaces
  14. User provisioning
    refers to the creation, maintenance and deactivation of of user objects and attributes as they exist in one or more systems, directories or applications

    • user provisioning software may include:
    • - change propagation
    • - self service workflow
    • - consolidated user administration
    • - delegated user administration
    • - federated change control
  15. SESAME
    Secure European System for Applications in a MultiVendor Environment

    SSO technology that is similar to Kerberos but improved

    uses BOTH asymmetric and symmetric cryptography

    SESAME uses Privileged Attribute Certificates (PACs) while Kerberos uses Tickets

    a PAC contains subject's identity; access capabilities for an object; time period; and lifetime of the PAC

    PAC is digitally signed and comes from the PAS (privileged attribute server)
  16. Mandatory Access Control (MAC)
    • not as much freedom as DAC
    • based on data classification and security clearances (TS,S, C, etc.)

    decisions are based on clearance of the subject, classification of the data and security policy
  17. Counter synchronization
    • not based on time
    • user initiates with pushing a button on a token device to advance to the next authentication value

    this value and a base secret are hashed and displayed to the user
  18. Asynchronous token
    • not time based
    • authentication server sends the user a challenge (a random value called a NONCE)
    • user enters this into the token; encrypts it and sends to the server

    called challenge-response
  19. Race condition
    • A method for an attacker to use a process out of sequence
    • can happen if authentication and authorization steps are separated into 2 functions
  20. SAML, SOAP and HTTP
    • SAML = authentication data following an XML standard
    • SOAP = packages request and SAML and sends as a Web Service request (encapsulates but does not encrypt)
    • HTTP = transmits request
  21. RFID
    • low processing capabilities while encryption is processor intensive
    • vendor is responsible for integrating security into the product
    • data is not overly sensitive so industry hasn't spent time figuring out how to secure it
  22. Threat modeling
    A structured approach to identifying potential threats; considers who would most likely attack and how

    may assess probability; harm; and priority of attacks to help minimize or eradicate threats
  23. Common Criteria
    Combined strengths of TCSEC (Orange book) and Information Technology Security Evaluation Criteria (ITSEC)

    more flexible

    recognized globally

    helps with product evaluations
  24. Preemptive multitasking
    operating system controls how long a process can use a resource; can suspend a process

    badly behaving apps do not affect others

    as opposed to the older cooperative multitasking where apps had to voluntarily release resources
  25. Clark Wilson model
    subject can only access an object after going through some type of application or program that controls access

    subject is bound to an application

    • referred to as a "triple"
    • subject (user), program, and object
  26. Chinese Wall
    same as Brewer Nash model

    access controls can change dynamically

    subject can write to an object if and only if the subject can not read another object that is in another dataset
  27. Trusted Computing Base
    3 main components: hardware, software and firmware

    these components comprise the SECURITY KERNEL; core of the TCB is the security kernel

    the Security Kernel carries out the reference monitor concept (abstract machine) to ensure subjects have the appropriate authorization to access the objects they are requesting
  28. Execution domain switching
    takes place when a CPU needs to move between executing instructions for a highly trusted process to a less trusted process or vice versa

    process needs to cal upon a process in a higher protection ring

    CPU goes from executing instructions in user mode to privileged mode and back
  29. Zachman Architecture Framework
    NOT security oriented; it is a an architecture tool that provides a holistic way to understand the enterprise in a modular fashion

    structured and formal; two dimensional

    addresses what, how, where, who, when and why from six different perspectives: the planner, owner, architect, designer, builder and working system
  30. TOGAF
    The Open Group Architecture Framework (TOGAF) is vendor neutral for developing and implementing enterprise architectures

    uses meta models and service oriented architecture (SOA)

    meant to reduce fragmentation by aligning IT systems and business processes
  31. CMMI
    standard for software development process
  32. Common Criteria
    uses protection profiles in the evaluation process; describes a real world need

    • has 5 elements:
    • - evaluation assurance requirements (type and intensity of the evaluation)
    • - descriptive elements
    • - rationale
    • - functional requirements
    • - development assurance requirements
  33. Noninterference
    actions that take place at a higher level do not affect or interfere with actions at a lower level

    can help prevent an inference attack.....the ability to deduce too much information about the activities of the higher state
  34. Virtualization and patching
    makes operating system patching more complex because now there is the host and multiple OS's to patch

    virtualization can improve: secure platform (sandbox); fault and error containment (isolation); debugging (easy to set up and monitor)
  35. Graham Denning model
    addresses access rights between subjects and objects

    defines eight primitive protection rights or rules
  36. Brewer Nash model
    DYNAMIC access controls that change based on a user's previous actions

    designed to prevent CONFLICTS of INTEREST
  37. Clark Wilson Model
    Designed to protect the INTEGRITY of data and ensure properly formatted transactions

    • addresses all three integrity goals:
    • - prevent unauthorized users from making modifications
    • - prevent authorized users from making unauthorized modifications
    • - maintain internal and external consistency
  38. Encapsulation
    provides data hiding; integrity mechanism

    enforces modularity

    communicate through the interface without knowing the other process's code
  39. Memory Manager
    uses complex controls to ensure integrity and confidentiality when processes use the same shared memory segments

    limits processes to those segments assigned to them

    swaps contents from RAM to the hard drive as needed

    manages pointers to segments that have been moved

    5 responsibilities: relocation, protection, sharing, local organization, physical organization
  40. Garbage collector
    countermeasure against memory leaks

    runs an algorithm to identify unused committed memory and marks it as "available"
    PROM - can be programmed only one time; has fuses that are "burned in"

    EEPROM - electrically erasable; can be programmed multiple times; slow to erase (which is why flash memory is used now)

    EPROM - needs to be removed from the computer and erased with UV Light thru a quartz window
  42. ITIL
    5 books

    SERVICE STRATEGY is the core: overall planning of the intended IT services

    Service Design: designing IT processes according to agreed on business objectives

    Service Transition: Delivering services into operational use (includes change management)

    Service Operation: day to day support activities (Event, Problem, Incident etc.)
  43. CMMI
    5 levels:

    • Initial - chaotic; not organized
    • Repeatable - documented and repeatable
    • Defined - capable of producing their own software processes
    • Managed - able to monitor and control their own processes
    • Optimized - managed fr improvement
  44. Common Criteria
    • 1. Protection Profile: security requirements; and expected EAL
    • 2. Target of Evaluation: product manufactured to meet the profile
    • 3. Security Target: vendor's explanation of how the ToE meets the security requirements
    • 4. Evaluation
    • 5. Evaluation assurance level assigned - assigns the EAL
  45. Domain
    a set of objects that a subject is able to access

    all the resources a user can access, all the files available to a program, memory segments available to a process, or the services and processes available to an application
  46. Protection rings
    • Ring 0: operating system kernel
    • Ring 1: remaining parts of the operating system
    • Ring 2: I/O drivers and utilities
    • Ring 3: Applications and user activity
  47. Threads
    A process is a program in memory; all instructions and resources grouped together.

    A thread is the individual instruction set and data that must be worked on by the CPU. Threads are dynamically created and destroyed as needed.
  48. ISO/IEC 42010 Standard
    International standard for system architecture

    Allows for better quality, interoperability, extensibility, portability and security.

    Architecture takes place before design.
  49. C Programming language security concern
    Buffer overflows are a risk - commands allow for direct pointer manipulations to take place and possible access to low level memory addresses
  50. Data execution prevention (DEP)
    security feature in modern operating systems

    prevents a process from executing code from a nonexecutable memory region

    can help prevent exploits from a buffer overflow

    marks certain memory locations as "off limits"
Card Set:
2015-08-22 15:48:13

smaller set
Show Answers: