-
Statement that outlines how entities acess each other, what they can carry out, what level of protection is required, and what actions should be taken if those requiremetns aren't met.
Security Policy
-
I/O Procedures
When the CPU sends data to a resource and polls for acceptance of more data is called ___________.
Programmable I/O
-
I/O Procedures
When the CPU sends data to an I/O device and the device returns an ackowledgement it is complete is called ___________.
Interrupt-Driven I/O
-
I/O Procedures
When a controller is used to send memory maping data directly to the I/O device for use without CPU consent is called ___________.
I/O using Direct Memory Access (DMA)
-
I/O Procedures
When the CPU trusts the I/O to physically read memory via DMA is called ___________.
Premapped I/O
-
I/O Procedures
When the CPU acts as a broker, sending logical memory addresses to I/O resources is called ___________.
Fullymapped I/O
-
Multi-level security policy providing confidentiality only
1. Simple Security rule
2. *-property rule
3. Strong Star Property rule
Bell-LaPadula Model
-
Security model addressing integrity only
Biba Model
-
Security model based on based on using well formed transactions and separation of duties
Clark-Wilson Model
-
Access decisions are made based on an objects Access Control List and subjects capability table
Access Control Matrix
-
Model states that commands and activities of one level should not impact or affect subjects or objects at a different level.
Noninference Model
-
Model allows for dynamically changing access controls that protect against confilcts of interest. AKA Chinese Wall
Brewer Nash Model
-
This model identifies the way subjects and objects should be created and deleted and how to assign specific access rights.
Graham-Denning Model
-
A security mode that can handle a single classification and requires all users have a clearance and a formal need to know about ALL data within a system.
Dedicated Security Mode
-
This mode requires all data within a system be of a single classification but all users do not have a need to know about all the data within a system.
System-High Security Mode
-
This mode requires ALL users to have a clearance level equal to or higher thatn the highest classification of data contained within the system.
Comparmented Security Mode
-
This mode permits two or more classification levels of information to be processed at the same time.
Multi-Level Security Mode
-
Orange Book Level providing discretionary access control only
C1
-
Orange Book Level providing auditing and a higher level of access control procedures (commercial applications)
C2
-
Orange Book Level based on Bella-LaPadula enforced through the use of labels
B
-
Orange Book Level requiring each object must contain a classification label, each subject must possess a clearance label
B1
-
Orange Book Level requiring no covert channels, trusted path during log on and authenticaiton
B2
-
Orange Book Level requiring system protection from startup to intiation through secure states
B3
-
Orange Book Level requiring formal methods used for design
A1
-
Common Criteria
7 Evaluation Assurance Levels
- 1. Functionaly Tested
- 2. Structurally Tested
- 3. Methodically Tested and checked
- 4. Methodically Designed, tested and reviewed
- 5. Semi-formally design and tested
- 6. Semi-formally verified design and tested
- 7. Formally verified design and tested
-
Security model addressing all three integrity goals
Clark-Wilson
-
Used to restrict access to one network from another
Firewalls
-
What generation is a Packet Filtering firewall
First generation
-
What generation is a Proxy Level Firewall
Second generation
-
Proxy Firewall required for every service
Application Level
- Proxy firewall that creates a circuit between application and clients
- Circuit Level
-
What generation is a Stateful Firewall
Third generation
-
What generation is a Dymnamic Port Filtering
Fourth generation
-
What generation is a Kernel Proxy
A fifth generation
-
A type of routing that discovers routes and builds routing tables
Dynamic Routing
-
A type of routing that requires an administrator to manually configure the route statements
Static Routing
-
A type of routing that makes decision on routes based on distance and direction
Distance Vector Routing
-
A type of routing that builds topology of networks to factor routes
Link-State
-
A type of routing protocol that is based on distance vector that calculates the shortest distance between two points
Routing Information Protocol (RIP)
-
A type of routing protocol that is based on Link-State allows hierachial routing
Open Shortest Path First (OSPF)
-
A type of Distance Vectoring routing protocol that is based on RIP on steroids and created by CISCO
Interior Gateway routing protocol (IGRP)
-
A combination of Distance Vectoring and Link State types of routing protocol
Border Gateway Protocol (BGP)
-
Wireless LAN authentication that requires you proves you know the the key
Open System Authentication (OSA)
-
Wireless LAN authenticaiton that uses a challenge response mechanism to prove you know the key
Shared Key Authentication (SKA)
-
Wireless authentication provides a way to prove to the AP the key is known and provides encryption too
Wired Equivalency Privacy (WEP)
-
A quality of service level offering no guarantee on throughput, delay or delivery (internet)
Best Effort
-
A quality of service level offering more bandwidth, shorter delays and fewer dropped frames
Differentiated Service
-
A quality of service level offering a specific throughput at a certain speed (voice)
Guaranteed Service
-
Capacity that allows a protocol to distinguish between classes of messages and establish priority
Quality of Service (QoS)
-
Type of Proxy firewall that has provides more intricate control but requires more processing per packet and is slower
Application Level Proxy
-
A type of proxy firewall that provides security for a wider range of protocols but not detailed access control
Cicuit Level Proxy
-
Firewall that maintains a high degree of security without the performance hit and is scalable and transparent to users by storing and updating the state and context of data within the packets.
Stateful Inspection firewalls
-
Term used to describe a momentary loss of power
Fault
-
Term used to describe a momentary drop in voltage
Sag
-
A term used to describe a prolonged drop in voltage
Brownout
-
A term used to describe a momentary rush of power
Spike
-
A term used to describe a prolonged rush of power
Surge
-
Transponder
A type of smart card that transmits an interrogating signal causing the card to transmit an access code
-
Passive Card
A type of card that contains no battery but uses electromagnetic fields transmitted by the reader to transmit access information.
-
Field-Powered
A device that contain active electronics, an RF transmitter and apower supply
-
A type of alarm that is sounded on the local premises only
Local System
-
A type of alarm that is monitored and operated by a commercial entity connected to the protected site directly
Central Station System
-
A type of alarm that is monitored and operated on the local premises only
Proprietary Systems
-
A type of alarm that is sounded on the local premises and require a dedciated cicuit to transmit an alarm to the appropriate agency
Auxillary Station Systems
-
A type of alarm that makes a call to the local agency switchbox replaying a certain recording for a certain event
Remote Station Systems
-
Ping of Death
Oversized ICMP packets
-
TEARDROP
Malformed packets that can't be re-assembled
-
SLAMMING
Provider charges without consent
-
CRAMMING
Billed for services not requested
-
LOKI Attack
Writing data inside the ICMP packet
-
Post Office Protocol (POP)
Internet mail server protocol where all mail is sent at check in then deleted.
-
Term used to describe an action used to protect a symol, name, color or image used to identify a company from its competitors
Trade Mark
-
Term used to protect the expression of ideas instead of the ideas themselves
Copyright
-
Term used to grant ownership to a company or individual that enables the owner to exclude others from use
Patent
-
A type of law that covers standards of perfromance for companies, industries and officials
Administrative or Regulatory Law
-
Type of law that protects an individual or company. Breaking this type of law results in injuries or damages which result in financial restitution for punishment.
Civil Law
-
A type of law deals with an individual's conduct made to protect the public
Criminal law
-
Type of law derived from religious beliefs addressing an individuals religious responsibilities.
Religious Law
-
A legal system where two or more law systems are used
Mixed Law System
-
Type of law system that addresses personal conduct and uses religious traditions and customs as the foundation of laws. Customary Law System
-
Law system developed in England made of criminal, civil and adminstrative laws based on interpretations of laws using a judge, jury and lawyers
Common Law System
-
A law system that uses pre-written rules that are not based on precedent, lower courts are not compelled to follow higher decisions. This type is the most comon type in use today.
Civil Law System
-
Internet Messaging Access Protocol (IMAP)
Mail function where the user is able to choose what to read/delete at will
-
The ISO standard that identifies the security controls of best practices in INFOSEC and provides step by step guidance on how to setup and maintain a security program.
ISO 27002
-
The ISO standard for information security management measurements
ISO 27004
-
ISO standard that illustrates how to protect personal health information
ISO 27799
-
Standards that defines the goals for the controls that should be used to manage IT and ensure it maps to business needs
Open Standards for Control Objectives for Information and related Technology (COBIT)
-
The ISO standard that establishes, implements and controls the information security management system
ISO 27001
-
Determines liability in court with regards to acting responsibly reducing the potetnial of negligence and reducing risks.
Due Care
-
The act of investigating and understanding the risks a company faces.
Due Diligence
-
An email security program that provides integrity, encryption, authentication and key management that is compatible with PKCS
Privacy Enhanced Mail (PEM)
-
An email standard that indicates how multimedia and email are to be transferred and attachments are to be handled.
Multipurpose Internet Mail Extension (MIME)
-
Provides mail encryption through the use of PKI
Secure MIME (S/MIME)
-
An encryption that is decrypted at each hop, routing information read, and re-encrypted prior to transfer
Link Encryption
-
A type of encrptyion that has the message payload encrypted but not the header information.
End-to-End Encryption
-
A function that applies a secret key to a hash routine to prevent tampering
Message Authentication Code (MAC)
-
A MAC that has the secret key concatonated to the mesage prior to hashing
Hash MAC
-
A type of MAC that provides data origin and integrity by sending the plaintext message in addition to the output of the final block
CBC MAC
-
A MAC which is derived from a variation of the CBC-MAC which is more secure using 3DES and AES
Cipher-based Message Authentication Code (CMAC)
-
Block Cipher that contains a parameterized block, key and round size
RC5
-
Stream cipher used in SSL and WEP with a variable key size
RC4
-
Block cipher with a 64 bit block ize, 32-448 bit key length and 16 rounds of computations
Blowfish
-
Patented block cipher operating on a 64 bit block size that is broken down into 16 smaller blocks with 8 rounds of computation and a 128 bit key
International Data Encryption Algorithm (IDEA)
-
A symmetric block cipher using the Rijndael Algorithm with the key and block sizes being the same, however, the rounds increase as key length goes up
Advanced Encryption Standard (AES)
-
A symmetric block cipher using a 64 bit block and key with 16 rounds of computation
Data Encryption Standard (DES)
-
DES mode that is the fastest and easiest encrypting all blocks with the same key and using only small amounts of data
Electronic Code Book (ECB)
-
DES Mode using the output of one block in the next block using an XOR with plaintext of next block prior to encrypting
Cipher Block Chaining (CBC) Mode
-
DES Mode using a combination of the block with an Initialization Vector and the key to produce a key stream
Cipher Feedback Mode (CFB)
-
Uses 16 bit block and key length but uses 48 rounds of encryption and is a perfromance hog
Triple DES (3DES)
-
DES Mode that reduces the errors in CFB
Output Feedback Mode (OFB)
-
DES Mode that increments the IV and can encypt blocks of data in parallel
Counter Mode (CTR)
-
A hashing algorithm producing a 160 bit message digest used in Digital Signature Architecture (DSA)
Secure hashing Algorithm (SHA)
-
Hashing algorithm that produces a variable length message digest based on MD5
HAVAL
-
Hashing algorithm that produces a 128 bit message digest but very slow
MD2
-
Hashing algorithm that produces a 128 bit message digest used for high speed encryption
MD4
-
Newer version of the MD4 hashing algorithm but is suceptible to B-days attacks
MD5
-
The act of performing a back up of ALL files and setting the Archive Bit to 0
Full Backup
-
Backs up changed files since last full backup and does not change the backup bit
Differential Backup
-
Backup that sets the archive bit to 0 to back up files that have changed since performing a full backup.
Incremental Backup
-
Distance for Alternate Sites
5, 15 and 50
-
An attack using User Datagram Protocol (UDP) to spoof user requests
FRAGGLE Attack
-
Continuous SYN with spoofed packets
SYN Flood
-
An attack that sends packets sithout them having any chance of being re-assembled
TEARDROP Attack
-
Type of antivirus protection that is fingerprint based and slow to respond.
Signature Based
-
Type of antivirus protection that is proactive through structure, code, data and packet analysis
Huerstic Detection
-
Type of antivirus protection that is based on actions and behaviors of known attacks
Behavior Based Antivirus
-
Capability Maturity Model Levels
- 1. Initial - development is adhoc
- 2. Repeatable - formal managaement, change control and quality assurance
- 3. Defined - quantitaive process improvement
- 4. Managed - fromal process to collect data and analyze the results
- 5. Optimizing - budgeted for continual improvement
-
Tasks assigned to assure the product meets specifications
VERIFICATION
-
Tasks assisgned that ensure the software meets the real world problem
VALIDATION
-
Database ACID Test
- 1. Atomicity - divides tranasctions into units of work where all commit or none commit
- 2. Consistency - integrity is followed, data is consistent across databases
- 3. Isolation - transactions execute in isolation w/out impacting other transactions
- 4. Durability - once verified as accurate, commit is issued
-
Listing of the three access control models
- Discretionary - data owners dictate access
- Mandatory - uses security labels
- Non-discretionary - role-based
|
|