IT Security

  1. 7-layers of the OSI Model are:
    • 7. Application Layer
    • 6. Presentation Layer
    • 5. Session Layer
    • 4. Transport Layer
    • 3. Network Layer
    • 2. Data-link Layer
    • 1. Physical Layer
  2. Physical Layer consists of?
    Physical Connection (wiring)
  3. Data-Link Layer consists of?
  4. Network Layer consists of?
  5. Transport Layer consists of?
    Packets/TCP or UDP
  6. Session Layer consists of?
  7. Application Layer consists of?
  8. What is impact?
    The result of a vulnerability being exploited by a threat, resulting in a loss.
  9. Incident Response?
    The process of responding to, containing, analyzing, and recovering from a computer-related incident.
  10. Information Security?
    Protection of the information that the system processes and stores, instead of on the hardware and software that constitute the system.
  11. Intangible Asset?
    An asset for which a monetary equivalent is difficult or impossible to determine (brand recognition & goodwill).
  12. Integrity?
    security principle that requires that information is not modified except by individuals authorized to do so.
  13. International Data Encryption Algorithm (IDEA)?
    A symmetric encryption algorithm used in a variety of systems for bulk encryption services.
  14. Internet Assigned Numbers Authority (IANA)?
    The central coordinator for the assignment of unique parameter values for Internet protocols.
  15. Internet Control Message Protocol (ICMP)?
    One of the core protocols of the TCP/IP protocol suite, used for error reporting and status messages.
  16. Internet Engineering Task Force (IETF)?
    Large international community of network designers, operators, vendors, and researchers, open to anyone concerned with the architecture & smooth operation of the Internet.
  17. Internet Message Access Protocol version 4 (IMAP4)
    One of two common Internet standard protocols for emails retrieval.
  18. Internet Protocol (IP)
    Network layer protocol used by the Internet for routing packets across a network
  19. Internet Protocol Security (IPsec)
    Protocol used to secure IP packets during transmission across a network.
  20. Internet Security Association and Key Management Protocol (ISAKMP)
    Protocol framework that defines the mechanics of implementing a key exchange protocol and negotiation of a security policy.
  21. Internet Service Provided (ISP)
    telecommunication firm that provides access to the Internet.
  22. Intrusion Detection System (IDS)?
    A system to identify suspicious, malicious, or undesirable activity that indicates a breach in computer security.
  23. Kerberos?
    in cryptography, a sequence of characters or bits used by an algorithm to encrypt or decrypt a message.
  24. key
    in cryptography, a sequence of characters or bits used by an algorithm to encrypt or decrypt a message.
  25. keyspace
    The entire set of all possible keys for a specific encryption algorithm.
  26. Lightweight Directory Access Protocol (LDAP)?
    An application protocol used to access directory services across a TCP/IP network.
  27. least privilege?
    A security principle in which a user is provided with the minimum set of rights and privileges that he or she needs to perform required functions. The goal is to limit the potential damage that any user can cause.
  28. Level Two Tunneling Protocol (L2TP)?
    A Cisco switching protocol that operates at the data-link layer.
  29. Local Area Network (LAN)
    A grouping of computers in a network structure confined to a limited area and using specific protocols, such as Ethernet for OSI layer 2 traffic addressing.
  30. Logic Bomb?
    A form of malicious code or software that is triggered by a specific event or condition.
  31. Time Bomb?
    Logic Bomb set to go off at a specific time.
  32. Mandatory Access Control (MAC)?
    An access control mechanism in which the security mechanism controls access to all objects (files), and individual subjects (processes or users) cannot change that access.
  33. Message digest?
    • The result of applying a hash function to data. 
    •      Also called:
    •      hash or hash value
  34. Metropolitan Area Network (MAN)?
    A collection of networks interconnected in a metropolitan area and usually connected to the Internet.
  35. Microsoft Challenge Handshake Authentication Protocol (MSCHAP)?
    A Microsoft developed variant of the Challenge Handshake Authentication Protocol (CHAP).
  36. mitigate
    Action taken to reduce the likelihood of a threat occurring.
  37. Network Access Control (NAC)?
    An approach to endpoint security that involves monitoring and remediating end point security issues before allowing an object to connect to a network.
  38. Network Access Protection (NAP)?
    A Microsoft approach to Network Access Control.
  39. Network Address Translation (NAT)?
    A method of readdressing packets in a network at a gateway point to enable the use of local non-routable IP addresses over a public network such as the Internet.
  40. Network-based intrusion detection system (NIDS)?
    A system for examining network traffic to identify suspicious, malicious, or undesirable behavior.
  41. Network-based intrusion prevention system (NIPS)?
    A system that examines network traffic and atomically responds to computer intrusions.
  42. Network operating system (NOS)?
    An operating system that includes additional functions and capabilities to assist in connecting computers and devices, such as printers, to a local area network.
  43. nonrepudiation
    Ability to verify that an operation has been performed by a particular person or account.  Prevents denial of involvement in the transaction.
  44. Oakley protocol
    A key exchange protocol that defines how to acquire authenticated keying material based on the Diffie-Hellman key exchange algorithm.
  45. object reuse
    assignment of a previously used medium to a subject.  Security implication is that the data from the previous user must be cleared.
  46. one-time pad
    An unbreakable encryption scheme in which a series of nonrepeating random bits are used once as a key to encrypt a message.
  47. usefulness of one-time pad
    Since each pad is used only once, no pattern can be established and traditional cryptanalysis techniques are not effective.
  48. Open vulnerability and Assessment Language (OVAL)?
    An XML-based standard for the communication of security information between tools and services.
  49. Operating system (OS)?
    The basic software that handles input, output, display memory management, and all the other highly detailed tasks required to support the user environment and associated applications.
  50. Password?
    A string of characters used to prove an individual's identity to a system or object. Used with user ID as most common form of authentication.
  51. Orange Book
    name commonly used to refer to the now outdated Department of Defense Trusted Computer Security Evaluation Criteria (TCSEC)?
  52. Password Authentication Protocol (PAP)?
    A simple protocol used to authenticate a user to a network access server.
  53. patch
    a replacement set of code designed to correct problems or vulnerabilities in existing software.
  54. peer-to-peer (P2P)
    A network connection methodology involving direct connection from peer to peer.
  55. penetration testing?
    • A security test in which an attempt is made to circumvent security controls in order to discover vulnerabilities and weaknesses. 
    • Also called:
    • Pen Test
  56. Permissions
    Authorized actions a subject can perform on an object.
  57. Personally Identifiable Information (PII)?
    Information that can be used to identify a single person.
  58. examples of PII are?
    • Full name (if not common)
    • Mailing and Home Address
    • Email address (if private from an association/club membership, etc.)
    • National identification numberIP address (in some cases)
    • Vehicle registration plate number
    • Driver's license number
    • Face,
    • fingerprints, or
    • handwriting
    • Credit card numbers
    • Digital identity
    • Date of birth
    • Birthplace
    • Genetic information
    • Telephone number
    • Login name,
    • screen name,
    • nickname, or handle
  59. phreaking
    Used in the media to refer to the hacking of computer systems and networks associated with the phone company.
  60. plaintext
    in cryptography, a piece of data that is not encrypted.
  61. Point-to-Point Protocol (PPP)?
    Internet standard for transmission of IP packets over a serial line, as in a dial-up connection to an ISP.
  62. Point-to-Point Extensible Authentication Protocol (PPP EAP)?
    EAP is a PPP extension that provides support the additional authentication methods within PPP.
  63. Point-to-Point Protocol Password Authentication Protocol (PPP PAP)?
    PAP is a PPP extension that provides support for password authentication methods over PPP.
  64. Pretty Good Privacy (PGP)?
    a popular encryption program that has the ability to encrypt and digitally sign email and files.
  65. preventative intrusion detection?
    system that detects hostile actions or network activity and prevents them from impacting information systems.
  66. privacy
    protecting an individual's personal information from those not authorized to see it.
  67. private branch exchange (PBX)?
    telephone exchange that serves a specific business or entity.
  68. privilege auditing?
    process of checking the rights and privileges assigned to a specific account or group of accounts.
  69. privilege management?
    process of restricting a user's ability to interact with the computer system.
  70. public key infrastructure (PKI)?
    infrastructure for binding a public key to a known user through a trusted intermediary, typically a certificate authority.
  71. qualitative risk assessment?
    process of subjectively determining the impact of an event that affects a project, program, or business.  Involves the use of expert judgment, experience, or group consensus to complete the assessment.
  72. quantitative risk assessment?
    process of objectively determining the impact of an event that affects a project, program, or business.  Involves the use of metrics and models to complete the assessment.
  73. RADIUS
    Remote Authenticated Dial-In User Service is a standard protocol for providing authentication services.  commonly used in dial-up, wireless, and PPP environments.
  74. Remote Access Service (RAS)?
    combination of hardware and software used to enable remote access to a network.
  75. RBAC?
    • rule-based access control or
    • role-based access control
  76. repudiation
    act of denying that a message was either sent or received.
  77. residual risk
    risks remaining after an iteration of risk management.
  78. risk
    possibility of suffering a loss
  79. risk assessment or risk analysis
    process of analyzing an environment to identify the threats, vulnerabilities, and mitigating actions to determine (either quantitatively or qualitatively) the impact of an event affecting a project, program, or business.
  80. risk management
    overall decision-making process of identifying threats and vulnerabilities and their potential impacts, determining the costs to migrate such events, and deciding what actions are cost effective to take to control these risks.
  81. role-based access control (RBAC)
    access control mechanism in which, users are roles which in turn roles are assigned access to objects
  82. safeguard
  83. Secure Hash Algorithm (SHA)
    hash algorithm used to hash block data.

    • v1 SHA1
    • v2 SHA256
    • v3 SHA384
    • v4 SHA512 (hash digest length)
  84. Secure/Multipurpose Internet Mail Extensions (S/MIME)
    an encrypted implementation of the MIME protocol specification.
  85. Secure Shell (SSH)
    set of protocols for establishing a secure remote connection to a computer.  This protocol requires a client on each end of the connection and can use a variety of encryption protocols.
  86. Secure Sockets Layer (SSL)
    encrypting layer between the session and transport layer of the OSI model designed to encrypt above the transport layer, enabling secure sessions between hosts.
  87. Rule-based access control (RBAC)?
    access control mechanism based on rules
  88. security association (SA)?
    instance of security policy and keying material applied to a specific data flow.  Both IKE and IPsec use SAs

    IPsec SAs are unidirectional and unique in each security protocol

    IKE SAs are bidirectional
  89. SAs are uniquely identified by?
    SAs are uniquely identified by destination (IPsec endpoint) address, security protocol (AH or ESP), and security parameter index (SPI).
  90. security baseline
    information system's security state
  91. segregation or separation of duties?
    basic control that prevents or detects errors and irregularities by assigning responsibilities to different individuals so that no single individual can commit fraudulent or malicious actions.
  92. service set identifier (SSID)
    Identifies specific 802.11 wireless network.  Transmits information about the access point to which the wireless client is connecting.
  93. signature database
    collection of activity patterns that have already been identified and categorized and that typically indicate suspicious or malicious activity.
  94. Simple Mail Transfer Protocol (SMTP)
    standard internet protocol used to transfer email between hosts.
  95. Single Loss Expectancy (SLE)?
    • monetary loss or impact of each occurrence of a threat. 
    • SLE = Asset Value * Exposure Factor
  96. Single sign-on (SSO)
    authentication process by which the user can enter a single user ID and password...then move from application to application or resource to resource without having to supply further authentication information.
  97. slack space
    unused space on a disk drive created when a file is smaller than the allocated unit of storage (such as a sector).
  98. sniffer
    software or hardware device used to observe network traffic as it passes through a network on a shared broadcast media.
  99. social engineering
    art of deceiving another person so that he or she reveals confidential information.  posing as an individual who should be entitled to have access to the information.
  100. spam
    • email that is not requested by the recipient and is typically of a commercial nature.
    • Also called:
    • unsolicited commercial email (UCE)
  101. spoofing
    making data appear to have originated from another source so as to hide the true origin from the recipient.
  102. symmetric encryption
    encryption that needs all parties to have a copy of the key, sometimes called a shared secret.  The single key is used for both encryption and decryption.
  103. tangible asset
    asset for which monetary equivalent can be determined.

    examples:  buildings, inventory, cash, hardware, software, ....
  104. Tempest
    US military's name for the field associated with electromagnetic eavesdropping on signals emitted by electronic equipment.
  105. Van Eck phenomenon
    electromagnetic eavesdropping through the interception of electronic signals emitted by electrical equipment
  106. Temporal Key Integrity Protocol (TKIP)
    security protocol used in 802.11 wireless networks
  107. threat
    circumstance or event with the potential to cause harm to an asset.
  108. time bomb
    form of logic bomb in which the triggering event is a date or specific time.
  109. token
    hardware device that can be used in a challenge-response authentication process
  110. Transmission Control Protocol (TCP)
    transport layer protocol for use on the Internet that allows packet-level tracking of a conversation.
  111. Transport Layer Security (TLS)
    newer form of SSL being proposed as an Internet standard
  112. trapdoor
  113. Trojan horse
    form of malicious code that appears to provide one service but that also hides another purpose.  The hidden purpose often has a malicious intent.
  114. Trusted Platform Module (TPM)
    hardware chip to enable trusted computing platform operations
  115. Uninterruptible Power Supply (UPS)
    source of power (generally a battery) designed to provide uninterrupted power to a computer system in the event of a temporary loss of power.
  116. Usage Auditing
    process of recording who did what and when on an information system.
  117. User Datagram Protocol (UDP)
    protocol in the TCP/IP protocol suite for the transport layer that does not sequence packets
  118. user id
    unique alphanumeric identifier that identifies individual when logging in or accessing a system
  119. vampire taps
    tap that connects to a network line without cutting the connection.
  120. Van Eck phenomenon
    electromagnetic eavesdropping through the interception of electronic signals emitted by electrical equipment
  121. virtual local area network (VLAN)
    broadcast domain inside a switched system
  122. virtual private network (VPN)
    encrypted network connection across another network, offering a private communication channel across a public medium.
  123. virus
    form of malicious code or software that attaches itself to other pieces of code in order to replicate.
  124. vulnerability
    weakness in an asset that can be exploited by a threat to cause harm.
  125. Wireless Application Protocol (WAP)
    protocol for transmitting data to small handheld devices such as cellular phones
  126. wide area network (WAN)
    network that spans a large geographic region
  127. Wi-Fi Protected Access (WPA/WPA2)
    protocol to secure wireless communications using a subset of 802.11i standard
  128. Wired Equivalent Privacy (WEP)
    encryption scheme used to attempt to provide confidentiality and data integrity on 802.11 networks
  129. Wireless Transport Layer Security (WTLS)
    encryption protocol used on WAP networks
  130. worm
    independent piece of malicious code or software that self-replicates.  Does not need to be attached to another piece of code.
  131. How does a worm replicate?
    a worm replicates by breaking into another system and making a copy of itself on the new system.
  132. X.509
    standard format for digital certificates
  133. XOR
    bitwise exclusive OR, an operation commonly used in cryptography
  134. 3DES
    Triple DES encryption--three rounds of DES encryption used to improve security
  135. 802.11
    family of standards that describe network protocols for wireless devices.
  136. 802.1x
    IEEE standard for performing authentication over networks.
  137. acceptable use policy (AUP)
    policy that communicates to users what specific uses of computer resources is permitted
  138. access
    subject's ability to perform specific operations on an object, such as a file.  Typical access levels include read, write, execute, and delete.
  139. access control
    mechanisms or methods used to determine what access permissions subjects (users) have for specific objects (files).
  140. access control lists (ACL)
    list associated with an object (file) that identifies what level of access each subject (user) has ....what they can do to the object (read, write, execute)
  141. Active Directory
    directory service portion of the Windows operating system that stores information about network-based entities (application, files, printers, people) and provides a structured, consistent way to name, describe, locate, access, and manage these resources.
  142. Active X
    Microsoft technology that facilitates rich Internet applications, and therefore extends and enhances the functionality of Microsoft Internet Explorer.

    When ActiveX-aware browser encounters a web page that includes an unsupported feature, it can automatically install the appropriate application so the feature can be used.
  143. Address Resolution Protocol (ARP)
    protocol in the TCP/IP suite specification used to map an IP address to a Media Access Control (MAC) address
  144. adware
    advertising-supported software that automatically plays, displays, or downloads advertisements after the software is installed or while the application is being used.
  145. algorithm
    step-by-step procedure...typically an established computation for solving a problem within a set number of steps.
  146. annualized loss expectancy (ALE)
    How much an event is expected to cost the business per year, given the dollar cost of the loss and how often it is likely to occur. 

    ALE = Single Loss Expectancy * Annualized Rate of Occurence
  147. Annualized Rate of Occurrence (ARO)
    frequency with which an event is expected to occur on an annualized basis.
  148. anomaly
    something that does not fit into an expected pattern
  149. asset
    resources and information an organization needs to conduct its business
  150. asymmetric encryption
    public key cryptography

    • system for encrypting data that uses two mathematically derived keys to encrypt and decrypt a message....
    • public key, available to everyone, and
    • a private key, available only to the owner of the key.
  151. audit trail
    set of records events, generally organized chronologically, that record what activity has occurred on a system. 

    May be used to detect possible intruders.
  152. auditing
    actions or processes used to verify the assigned privileges and rights of a user, or any capabilities used to create and maintain a record showing who accessed a particular system and what actions they performed.
  153. authentication
    verify a user identification
  154. Authentication, authorization, Accounting (AAA)
    3 common functions performed upon system login.
  155. Authentication Header (AH)
    portion of the IPsec security protocol that provides authentication services and replay-detection ability.

    AH can be used solo or with ESP
  156. availability
    object is there and works when required
  157. backdoor
    hidden method used to gain access to a computer system, network or application. 

    often used by software developers to ensure unrestricted access to the systems they create
  158. backup
    copying & storing data at a secondary location
  159. baseline
    system or software as it is built and functioning at a specific point in time.  Serves as a foundation for comparison or measurement, providing the necessary visibility to control change.
  160. biometrics
    verify an individual's identity to the system or network using something unique about the individual.

    • examples:
    • fingerprints
    • retinal scans
    • hand geometry
    • facial geometry
    • voice analysis
  161. BIOS
    part of the operating system that links specific hardware devices to the operating system software.
  162. Blowfish
    free implementation of a symmetric block cipher developed by Bruce Schneier as a drop-in replacement for DES and IDEA.

    has a variable bit-length scheme from 32 to 448 bits, resulting in varying levels of security.
  163. bluebugging
    use of a Bluetooth-enabled device to eavesdrop on another person's conversation using that person's Bluetooth phone as a transmitter.
  164. bluejacking
    sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs, or laptops.
  165. bluesnarfing
    unauthorized access of information from a Bluetooth-enabled device through Bluetooth connection
  166. Border Gateway Protocol (BGP)
    interdomain routing protocol implemented in internet protocol (IP) networks to enable routing between autonomous systems.
  167. botnet
    term for a collection of software robots, or bots, that run autonomously and automatically and commonly invisibly in the background.
  168. buffer overflow
    specific type of software coding errors that enables user input to overflow the allocated storage area and corrupt a running program
  169. Bureau of Industry and Security (BIS)
    within US Dept of Commerce, the department responsible for export administration regulations that cover encryption technology in the US.
  170. cache
    temporary storage of information before use, typically used to speed up systems.

    stored info from websites on local PC or web server
  171. Why is cache used in Internet context?
    helps minimize download time and preserve bandwidth for frequently accessed websites

    also reduces load on the web server
  172. Capability Maturity Model (CMM)
    structured methodology helping organizations improve the maturity of their software processes by providing an evolutionary path from ad hoc processes to disciplined software management processes.
  173. centralized management
    type of privilege management that brings the authority and responsibility for managing and maintaining rights and privileges into a single group, location, or area
  174. certificate
    cryptographically signed object that contains an identity and a public key associated with this identity.
  175. Certificate Revocation List (CRL)
    digitally signed object that lists all the current but revoked certificates issued by a given certification authority. 

    This allows users to verify whether a certificate is currently valid even if it has not expired. 

    Is similar to a list of stolen credit card numbers
  176. Certification Authority (CA)
    entity responsible for issuing and revoking certificates.
  177. chain of custody
    rules for documenting, handling, and safeguarding evidence to ensure no unanticipated changes are made to the evidence
  178. Challenge Handshake Authentication Protocol (CHAP)
    Used to provide authentication across point-to-point links using the Point-to-Point (PPP).
  179. change (configuration) management
    standard methodology for performing and recording changes during software development and operation.
  180. change control board (CCB)
    body that oversees the change management process and enables management to oversee and coordinate projects.
  181. cipher
    cryptographic system that accepts plaintext input and then outputs cipher-text according to its internal algorithm and key.
  182. ciphertext
    used to denote the output of an encryption algorithm
  183. cold site
    inexpensive form of backup site that does not include a current set of data at all times
  184. collisions
    used in the analysis of hashing cryptography, it is the property by which an algorithm will produce the same hash from two different sets of data.
  185. Computer Emergency Response Team (CERT)
    group responsible for investigating and responding to security breaches, viruses, and other potentially catastrophic incidents.
  186. computer security
    methods, techniques and tools used to ensure that a computer system is secure
  187. confidentiality
    information should not be disclosed to unauthorized individuals
  188. configuration auditing
    process of verifying that configuration items built and maintained according to requirements, standards, or contractual agreements
  189. configuration control
    process of controlling changes to items that have been baselined
  190. configuration identification
    process of identifying which assets need to e managed and controlled
  191. configuration item
    assets that are identified and managed as part of the software change management process
  192. configuration status accounting
    procedures for tracking and maintaining data relative to each configuration item in the baseline
  193. control
    measure taken to detect, prevent, or mitigate the risk associated with a threat
  194. cookie
    information stored on a user's computer by a web server to maintain the state of the connection to the web server.

    Used for preferences or previously used information can be recalled on future request to the server
  195. countermeasure
  196. cracking
    malicious hacking....attempt to gain unauthorized access to computer systems or networks
  197. cryptanalysis
    process of attempting to break a cryptographic system
  198. cryptography
    art of secret writing that enables an individual to hid the contents of a message or file from all but the intended recipient
  199. Cyclic Redundancy Check (CRC)
    error detection technique that uses a series of two, 8-bit block check characters to represent an entire block of data. 

    The block check characters are incorporated into the transmission frame and then checked at the receiving end
  200. Data Encryption Standard (DES)
    private key encryption algorithm adopted by the government as a standard for the protection of sensitive but unclassified information.
  201. datagram
    packet of data that can be transmitted over a packet-switched system in a connectionless mode
  202. decision tree
    data structure in which each element in the structure is attached to one or more structures directly beneath it
  203. demilitarized zone (DMZ)
    network segment that exists in a semi-protected zone between the internet and the inner secure trusted network
  204. denial-of-service (DoS) attack
    attack in which actions are taken to deprive authorized individuals from accessing a system, its resources, the data it stores or processes, or the network to which it is connected
    protocol intendedd to provide an authentication, authorization, and accounting (AAA) framework for applications such as network access or IP mobility.
  206. Diffie-Hellman
    cryptographic method of establishing a shared key over an insecure medium in a secure fashion
  207. digital signature
    cryptography-based artifact that is a key component of a public key infrastructure (PKI) implementation.

    can be used to prove identity
  208. direct-sequence spread spectrum (DSSS)
    method of distributing a communication over multiple frequencies to avoid interference and detection
  209. disaster recovery plan
    written plan developed to address how an organization will react to a natural or manmade disaster in order to ensure business continuity.
  210. discretionary access control (DAC)
    access control mechanism in which the owner of an object can decide which other subjects may have access to the object, and what access these objects can have.
  211. distributed denial-of-service (DDoS) attack
    special type of DoS attack in which the attacker elicits the generally unwilling support of other systems to launch a many-against-one attack.
  212. diversity of defense
    approach of creating dissimilar security layers so that on intruder who is able to breach one layer will be faced with an entirely different set of defenses at the next layer
  213. Domain Name Service (DNS)
    service that translates an Internet domain name into IP addresses
  214. dumpster diving
    practice of searching through trash to discover material that has been thrown away that is sensitive, yet not destroyed or shredded
  215. Dynamic Host Configuration Protocol (DHCP)
    Internet Engineering Task Force (IETF) Internet Protocol (IP) specification for automatically allocating IP address and other configuration information based on network adapter addresses.
  216. DHCP is used to....
    enable address pooling & allocation simplifying TCP/IP installation and adminstration
  217. Elliptic Curve Cryptograpy (ECC)
    method of public-key cryptography based on the algebraic structure of elliptic curves over finite fields
  218. encapsulating Security Payload (ESP)
    portion of the IPsec implementation that provides for data confidentiality with optional authentication and replay-detection services.
  219. escalation auditing
    process of looking for an increase in privileges
  220. evidence
    documents, verbal statements, and material objects admissible in a court of law
  221. exposure factor
    measure of the magnitude of loss of an asset
  222. Extensible Authentication Protocol (EAP)
    universal authentication framework used in wireless networks and Point-to-Point connections
  223. false positive
    used when a security system makes an error and incorrectly reports the existence of a searched-for object.
  224. File Transfer Protocol (FTP)
    application level protocol used to transfer files over a network connection
  225. firewall
    network device used to segregate traffic based on rules
  226. forensics
    preservation, identification, documentation and interpretation of computer data for use in legal proceedings.
  227. free space
    sectors on a storage medium that are available for the operating system to use
  228. frequency-hoppy spread spectrum (FHSS)
    method of distributing a communication over multiple frequencies over time to avoid interference and detection
  229. generic routing encapsulation (GRE)
    tunneling protocol designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
  230. hacking
    process of gaining unauthorized access to computer systems and networks
  231. hash
    encryption that creates a digest of the data put into the algorithm.

    one-way algorithms so no feasible way to decrypt what has been encrypted
  232. hash value
    message digest
  233. honeypot
    computer system or portion of a network that has been set up to attract potential intruders, in the hope that they will leave the other systems alone.
  234. host-based intrusion detection system (HIDS)
    system that looks for computer intrusions by monitoring activity on one or more individual PCs or servers
  235. host-based intrusion prevention systems (HIPS)
    system that automatically responds to computer intrusions by monitoring activity on one or more individual PCs or servers and with the response being based on a rule set.
  236. hot site
    backup site that is fully configured with equipment and data and is ready to immediately accept transfer of operational processing in the event of failure on operational system
  237. Hypertext Transfer Protocol (HTTP)
    protocol for transfer of material across the Internet that contains links to additional material
  238. prevention examples
    • access controls
    • firewalls
    • encryption
  239. Detection examples
    • audit logs
    • intrusion detection systems
    • honeypots
  240. Response examples
    • backups
    • incident response teams
    • computer forensics
  241. implicit deny
    if not covered by another rule, access should be denied
  242. host security examples
    • audit logs
    • access controls
  243. network security examples
    • firewall
    • intrusion detection systems
  244. Which access control mechanism provides the owner of an object the opportunity to determine the access control permissions for other subjects?
    Discretionary access control
  245. What is the most common form of authentication used?
  246. Primary reason for using job rotation
    no single individual alone can perform security operations and having more employees understand the issues related to security
  247. What is essential to implement Mandatory Access Controls?
  248. Security through obscurity
    relies on attackers not being able to discover the mechanisms being used in the belief that if it is confusing or obscure enough it will remain safe.
  249. What is a problem with security through obscurity?
    once the confusing or obscure technique is discovered, the security of the system and data can be compromised
  250. operational process consists of 4 steps:
    • 1.  Plan
    • 2.  Implement the plans
    • 3.  Monitor the implementations
    • 4.  Evaluate the effectiveness
  251. Phishing
    a type of social engineering in which an individual attempts to obtain sensitive information from a user by masquerading as a trusted entity in an email or instant message sent to the user.
  252. Vishing
    a variation of phishing that uses voice communication technology to obtain the information the attacker is seeking
  253. shoulder surfing
    attacker directly observing the target entering sensitive information
  254. hoaxes
    causes users to take some sort of action that weakens security
  255. why should a company have a policy of mandatory vacations?
    employees who are involved in illicit activities generally do not want to take vacations
  256. Electronic Communications Privacy Act (ECPA)
    was passed by congress in 1986 to address a myriad of legal privacy issues that resulted from the increasing use of computers and other technology
  257. Computer Fraud and Abuse Act 1986
    foundation for criminalizing unauthorized access to computer systems
  258. Patriot Act 2001
    related to privacy
  259. Gramm-Leach-Bliley Act (GLB)
    privacy provisions for individuals
  260. The VP wants to monitor user actions on the company internet.  What is the best method of obtaining the proper permissions?
    A consent banner displayed upon login
  261. breaking into another computer system in the US, even if you do not cause damage is regulated by what laws?
    The Patriot Act of 2001 made computer trespass a felony
  262. Export of commercial encryption products are administered by which law?
    Bureau of Industry and Security (BIS) in the US Dept of Commerce
  263. Publication of flaws in encryption used for copy protection is a potential violation of?
    Digital Millennium Copyright Act of 1998
  264. on which port does ftp run?
  265. port for ssh?
  266. port for telnet
  267. port for smtp
  268. port for http?
  269. port for pop?
  270. second port for pop?
  271. port for ident
  272. port for imap2
  273. port for exec
  274. port for login
  275. port for shell
  276. port for smtp-stats
  277. unknown ports
    587 783 940 & 946/tcp
  278. what is:
    Access-List 201 deny icmp any ?
    a typical access-list entry
Card Set
IT Security
General IT Security questions