Card Set Information

2015-08-22 11:59:11

smaller set
Show Answers:

  1. Key exchange
    the symmetric session key is encrypted with an asymmetric key (the receiver's public key) and sent to the receiver
  2. Collision vs Key Clustering
    Collision - same HASHING algorithm hashes different messages yields the same message digest

    Key Clustering = same plaintext message encrypted with 2 different keys yields the same ciphertext
    standard for IPSEC is Internet Key Exchange which is a combination of both IASKMP and OAKLEY

    ISAKMP is the architecture framework and OAKLEY is is the protocol
  4. AH vs ESP
    both part of IPSEC

    • AH calculates an ICV value over the network header, transport header and data payload; will not work with NAT
    • AH provides authentication and integrity (AI) but not encryption

    • ESP calculates the ICV over the transport header and data payload
    • ESP provides authentication, integrity and confidentiality (IAC) (encryption); ESP is used for secure VPNs!
  5. Key Derivation Functions (KDFs)
    used to generate keys that are made up of random values

    can use specific hash, password or salt values through a number of rounds of mathematical functions
  6. DES (Data Encryption Standard)
    5 modes of block ciphers

    • ECB (electronic code book) = for short messages like PIN codes
    • CBC (cipher block chaining) = for longer messages/data, large chunks of data
    • CFB (cipher feedback) = combination of block cipher and stream cipher; good for terminal traffic
    • OFB (output feedback) = used to prevent propagating errors such as for real time audio/video
    • CTR (counter mode) = similar to OFB but uses a counter; used for ATM cells and for 802.11i
  7. PKI
    an ISO authentication framework that uses public key cryptography and the X.509 standard

    a hybrid system of symmetric and asymmetric keys
  8. Primary purpose of data classification
    Indicate the level of CIA protection that is required for each data set
  9. Ultimately responsible
  10. COBIT
    Control Objectives for Information and Related Technology

    framework and set of control objectives; defines goals for controls to manage IT and map IT to business needs

    • 4 domains:
    • Plan and Organize
    • Acquire and Implement
    • Deliver and Support
    • Monitor and Evaluate

    provides guidance for the purchase, installation, test, certification and accreditation of IT products

    34 control objectives
  11. ISO 27000
    also referred to as BS7799, ISO 17799

    • ISO 27000 = overview and vocabulary for ISMS
    • 27001 = ISMS requirements
    • 27002 = code of pratice
    • 27003 = guideline for implementation
    • 27004 = metrics
    • 27005 = risk
    • 27006 = audit
    • 27011 = telecommunications
    • 27031 = business continuity
    • 27033-1 = network security
    • 27799 = health

    Plan - DO - Check - Act
  12. OCTAVE
    Operationally Critical Threat, Asset, and Vulnerability Evaluation

    Carnegie Mellon

    very WIDE; assesses all systems, applications and business processes within an organization

    uses self-directed team of people working in information security to perform the risk assessment
  13. AS/NZS 4360
    New Zealand

    broad approach to risk management; includes a company's financial, capital, human safety, and business decisions risks
  14. Logical controls
    another word for technical controls; firewalls, etc.
  15. Mandatory vacation
    Administrative DETECTIVE control used to investigate fraudulent activities; see if anomalies stop
  16. user provisioning includes:
    • creation, maintenance and deactivation of user OBJECTS and attributes
    • includes one or more of the following:
    • change propagations
    • self-service workkflows
    • consolidated user administration
    • delegated user administration
    • federated change control
  17. Password synchronization versus single-sign-on
    Password synchronization = reduces the complexity of keeping up with different passwords for different systems

    Single sign-on = allows user to enter credentials one-time and pass those credentials automatically to other systems as needed
  18. Behavioral based IDS (3)
    • Statistical anomaly based = profile of normal
    • Protocol anomaly based = protocols outside of normal bounds
    • Traffic anomaly based = unusual activity
  19. Type 1 error
    biometric rejects an authorized individual (False Reject Rate ) FRR
  20. Type 2 error
    biometric accepts an imposter (false acceptance rate) FAR
  21. Attacks on passwords
    • Brute force = performed with tools that cycle through many possible character, number and symbol combinations
    • Dictionary attack = files of thousands of words are compared to the user's password until a match is found
    • Social engineering = attacker falsely convinces an individual that she has the necessary authorization to use specific resources
    • Rainbow table = attacker uses a table of all possible passwords already in a hash format
  22. Proper threshold for behavioral IDS
    threshold set too low = makes some good things look bad = false positives

    threshold set too high = lets bad things in without identifying = false negatives
  23. Markup languages
    HTML = came from SGML which came from GML = used to structure text and data sets

    XML = extensible markup language = universal, interoperable markup language

    • SPML = service provisioning markup language = exchanges provisioning data between organizations to automate user management
    • uses an RA (requesting authority); PSP (provisioning service provider); (PST) Provisioning Service Target

    SAML = security assertion markup language = XML standard that allows for the exchange of authentication and authorization data between security domains; part of federated identity management

    SOAP = basic messaging framework which may be used for the transmission of SAML data; encapsulated with HTTP headers

    XACML (extensible access control markup language) = both an access control policy language AND a processing model to interpret policies; enforces consistency between Subject, Resource element and Action element
  24. Diameter
    extends the RADIUS protocol to allow for various types of authentication to take place with a variety of technologies (including PPP, VOIP, ethernet etc.); has extensive flexibility and allows for centralized administration of access control
  25. Capability based
    a row in an access matrix (subjects are rows, objects are colums, access rights are at the intersection)

    binds a Subject to an object (file, array, memory, port) through a capability (token, ticket or key)

    Kerberos is an example!

    subjects (capabilities)


    • access control list:
    • the column in an access matrix

    binds the object to the subject; lists of subjects that are authorizes to use a specific object

    object (ACL)
  26. Mandatory Access Control
    expensive, specialized, reduce user functionality; usually used in government or military
  27. Digital Signatures
    requires a PKI
  28. Single sign-on (2)
    • Kerberos = default authentication model for most OS's
    • uses symmetric keys with shared secret keys
    • AS, KDC, TGS, TGT = creates a session key
    • does not need a PKI

    • SESAME = extends Kerberos
    • uses both symmetric and asymmetric keys
    • PAC (privileged attribute certificates), PAS (privileged attribute server),
    • PAC is digitally signed so requires a PKI
  29. SPML versus SAML
    SPML is used for internal (mostly) provisioning across multiple systems

    SAML is used for authentication and authorization across multiple Domains for WEB based applications
  30. Temporal isolation
    • Time of day access control
    • Restricts access to a specific time of day
  31. Processes and domain
    Processes are assigned their own variables, system resources and memory segments which makes up their domain

    so they do not corrupt each other's data or processing activities
  32. Covert channel
    a channel used for COMMUNICATION purposes that was not its intended use
  33. Bell-LaPadula
    • STATE model
    • FIRST mathematical model of a multilevel security policy used to define the concept of a secure state machine and modes of access
  34. Addresses
    • CPU = absolute addresses
    • Application = logical addresses
    • Relative address = known address plus an offset
  35. ISO/IEC 42010:2007
    Architectural description / standards for systems and software engineering

    • Includes:
    • architecture
    • architectural description
    • stakeholder
    • view
    • viewpoint
  36. ISO Models
    • 27005 = risk assessment and analysis
    • 15408 = Common Criteria
    • 270004:0009 = Security governance
    • 14443 = Smart cards
    • 27034 = software development
    • 42010:2007 = system and software engineering
  37. Processor and addressing
    • Processor SENDS a memory address and a read request down an address bus
    • reads from that memory address
    • puts the requested data on the data bus
  38. Asymmetric vs. symmetric multiprocessing
    Asymmetric and Symmetric are Multiple CPUs

    Asymmetric = capability of assigning specific capabilities to one CPU so they do not have to share with other CPUs; INCREASING performance; dedicated processor; good for a time sensitive application

    Symmetric = load balancing
  39. Cooperative multitasking vs. preemptive
    • OSs started as cooperative
    • programmer needs to write code properly to release resources when done

    preemptive multitasking = operating system controls how long a process can use a resource; system can suspend a process so one application does not negatively affect another
  40. Interrupts
    Maskable = means that the CPU can ignore the interrupt temporarily

    Nonmaskable = means the CPU must immediately carry out the instruction
  41. Hybrid Microkernel
    all kernel processes work within kernel mode to reduce the number of MODE transitions; REDUCED MODE TRANSITIONS

    improves performance because there is fewer switching from user mode to kernel mode
  42. Types of OS architectures (4)
    • Monolithic = all OS processes run in kernel mode
    • Layered = all OS processes run in kernel mode in a hierarchical fashion
    • Microkernel = core operating system processes run in kernel mode; others run in user mode
    • Hybrid microkernel = all OS processes run in kernel mode; core processes run in kernel mode; others run in client/server model
  43. Common criteria and assurance levels (7)
    • lowest is:
    • EAL 1 = functionally tested
    • EAL 2 = structurally tested
    • EAL 3 = METHODICALLY tested
    • EAL 4 = Methodically designed, tested and reviewed
    • EAL 5 = SEMIFORMALLY designed and tested
    • EAL 6 = semiformally VERIFIED design and tested
    • EAL 7 - FORMALLY VERIFIED design and tested
  44. Device drivers
    Ring 0

    Security kernel
  45. Address space layout randomization and data execution protection
    Memory protection aproaches

    used to prevent malicious code from executing in memory sections that could be dangerous
  46. Manual iris lenses
    Has a ring around the CCTV lens

    Best used in fixed lighting, such as inside, because the iris can not self adjust; not good for outside where the light will change
  47. Physical security program controls (5)
    • Deterrence
    • Delaying
    • Detection
    • Assessment
    • Response
  48. Proximity identification devices (2)
    • User activated and
    • System sensing (transponder)
  49. Cipher lock
    • also known as programmable locks
    • use keypads
    • can require a swipe card and a specific combination
  50. Warded versus tumbler locks
    Warded has metal guards; is cheapest and easiest to pick

    • Tumbler has more pieces and parts; cylinder that raises pins to the correct height
    • - pin tumbler
    • - wafer tumbler
    • - lever tumbler
  51. Core components of a BIA
    • Identify the company's key functions and business requirements
    • Identify critical systems that support the company's operations
    • Estimating the potential loss and impact the company would face based on how long the outage lasted