IA Test 1.txt

  1. spending to secure military, intellignece, and other agency computer networks is forecasted to rise 44% to 10.7 billipm in 2013 from 7.4 billion this year
    US Government
  2. spending will grow 7% to 8% annually, significiantly faster than IT which has increased about 4% a year in the past 5 yrs
    Security System
  3. General Chilton said this is as much a domain as air land or sea
  4. William Gibson came up with the term
  5. Hardware, Software, Storage Media, Data, Networks, People - What we are protecting
    Computing System
  6. Any available means, not necessarily obvious ways, not necessarily where defended, not necessarily how we expect
    Principle of Easiest Penetration
  7. Set of circumstances that can lead to loss or harm - rabid guard dog - hacker
  8. Weakness in the security system - weak spot in a fence
  9. countered by controls
  10. blocked by control of a vulnerability
  11. exploiting a vulnerability
  12. Interception, Interruption, Modification(changes), Fabrication(counterfeits)
  13. Interruption(DOS attack), Interception(Theft), Modification, Fabrication, Destruction - Laptops are a good example
    Hardware Vulnerabilities
  14. Fractional Rounding, Deletion, Modification, Theft
    Software Vulnerabilities
  15. A type of software vulnerabilities - including - logic bombs, viruses, trojan horses, back doors, keyloggers
  16. Interception, Destruction, CIA
    Data Vulnerabilities
  17. Protection equal to value - only until value is lost
    Principle of Adequate Protection
  18. Networks, Access(theft of service, malicious access, taking availability needed by legit users), People (social engineering)
    Vulnerabilities in Other Exposed Assets
  19. 3 things needed to attack - can by applied to hackers and burglers(3rd only for hackers)
    Method, Opportunity, Motive -- MOM
  20. CIA =??
    Confidentiality, Integrity, Availability aka security goals
  21. secrecy, privacy - who should access what?
  22. Precise, Accurate, Unmodified, Modified only by authorized ways/people/processes, consistent, meeaningful and usable
  23. Data and services, can get what we need - when we need it- in timely fashion, fault tolerance, concurrency issues
  24. another goal of security goals - can prove that you are you
  25. another goal of security goals - you cannot deny that it was you who sent or recieved a transaction
    non repudiation
  26. Essential for e-commerce
    Confidentiality, Integrity, Availability, Authenticity, Non-Repudiation
  27. Any crime involving a computer or aided by the use of a computer
    computer crime
  28. disgruntled employees, hackers(crackers/ Script Kiddies), Professionals, Terrorists
    Amateurs - computer criminals
  29. the possibility for harm to occur - likelihood, want to prevent, deter, deflect, detect, recover
  30. Never one single ____ or type of ____
  31. Mix Vendors so you have
    Defense in depth
  32. Jim is an example of
    Clear text
  33. L7x is an example of
  34. Internal program controls(DBMS access limitations), O/S and Network Controls( different users, different rights), Independednt Control Programs (virus scanners, password checkers), Development Controls(quality control to minimize software faults)
    Software Controls
  35. Hardware encryption devices, Identfication of user identities, firewalls, intrusion detection systems, storage media control
    Hardware Controls
  36. What is the difference between Policies and Procedures
    • Policy is broad statement
    • Procedures are specific actions taken
  37. locks, cables, secure rooms
    Physical controls
  38. Controls that are not used are not controls - efficient, easy to use, appropriate
    Principle of Effectiveness
  39. security is as strong as the weakest control
    Principle of Weakest Link
  40. S-
    • Sender
    • Transmission Medium
    • Recipient
    • Outsider(Interceptor)
  41. O prevents the message from reaching R
  42. O reads the message(confidentiality lost)
  43. O changes the message (integrity lost)
  44. O makes a message that looks like it came from S (integrity lost)
  45. encoding a message so its meaning is not obvious- turning plaintext into cyphertext
  46. Encryption is also known as
    encoding or enciphering
  47. transforming an encrypted message to plain text - also known as decoding or deciphering
  48. encrptys and decrypts
  49. Encryption and Decryption keys are the same
    Symmetric Encryption
  50. Encryption and Decryption keys are different
    Asymmetric encryption
  51. "security through obscurity" = doom
    this isn't really cryptology, just hiding things
    Lemon Juice is Keyless
    Keyless Cipher
  52. From the greek kryptos meaning hidden and graphos meaning written
  53. sutdies encryption and encrypted messages
  54. works for a legitimate sender
  55. research into and story of encryption and decryption - includes both cryptography and cryptanalysis
  56. 1. break a single message
    2. Find patterns to develop a decryption algorithm
    3. Infer meaning without breaking encryption
    4. deduce the key
    5. find the weaknesses in the implementation or environment or use of encryption
    6. find general weaknesses in the algorithm without necessarily intercepting messages
  57. goal is to read the message - not necessarily know the algorithm - faster computers change things
    breakable encryption
  58. substituting one character/symbol for each character of the message - monoalphabetic cipher, simple substitution, a shift cipher is a form of this
    substitution cipher
  59. is a shift or substitiution cipher - adding ay to the end of workds and shifting the first letter
    pig latin
  60. the ciphertext for a given plaintext letter p is obtained by adding a shift of 3 giving us the ciphertext letter c a=d etc
    Caesar Cipher
  61. Ceaser Cipher weaknesses?
    retains spacing betweens words and reveals double letters
  62. characteristics of pairs of adjacent letters in a cipher
  63. characteristics of 3 adjacent letters in a cipher
  64. combining two or more ciphers
    product cipher
  65. discovered in 1500s, attributed to vignere in the 1900s - decipher with a prearranged chart called a vigenere tableau - relies on a key - creates a different shift for each letter of the alphabet
    Vignere Tableau
  66. instead of a random string, we agree on a book or poem to use at some page, paragraph - beale cipher is a form of this
    book cipher
  67. a precurser to the one time pad - developed by Gilbert Vernam of ATT in 1917 for use with teletypers- used a paper tape key of random numbers - both the receiver and the sender have the same paper tape key = shared secrect
    vernam cipher
  68. the remainder after a division process
  69. perfect encryption - we each get a duplicate pad of random large, non repeating keys - works just liek vernam cipher except a duplicate pad of sheets filled with random numbers is owned by both the sender and receiver
    one time pads
  70. logistics of sharing pads, danger of sharing pads, synchronizing what page on the pad to use, securley destroying used sheets/pads - not necessarily random
    problems with one time pads
  71. have been around a long time- only viable using a one time pad or some other shared secret
    substition ciphers
  72. rearranging the symbols(letters) of a message into blocks - also known as columnar transpositions
  73. generally speaking trranspostitions increase_____ because things are more jubled up, spaes and word/letter patterns disappear
  74. downsides of _____ - one mistake corrupts the rest of the message, requires a lot of space that grows with the size of the message- need n=entire message to decode
  75. According to ____ ___ a good cipher =
    amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption
    set of keys and the enciphering algorith should be free from complexity
    implementation of the process should be as simple as possible
    errors in ciphering should not propagate and cause corruption of further information in the message
    the size of the enciphered text should be no larger than the text of the original message
    claude shannon
  76. founded information theory, digital computer theory and digital circuit thery
  77. based on sound mathematics, analyzed by competent experts, withstood the "test of time"
    trustworth encryption systems
  78. O should not be able to predict what will happen to the ciphertext by changing one character in the plaintext
  79. the cipher should spread the info from the plaintext over the entire cyphertext
  80. convert one symbol of plaintext immediately into one symbol of ciphertext - Pros:fast, few errors Cons: low diffusion, can be corrupted if one character of the key is missiong or wrong, insertion and modification(if break code, can swap letters around)
    strem ciphers
  81. encrypts group of plaintext symbos as one block -Pro: high diffusion, free from insertion -Con:slow, error propagation
    block ciphers
  82. probabilities, distributions, characteristics of the ciphertext, context
    ciphertext only analysis
  83. we have ciphertext and plaintext from a message 0 we try and break E(encryption algorithm)
    known plaintext analysis
Card Set
IA Test 1.txt
IA Test 1