hi D430 Final

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

example of symmetric key algorithm

DES, 3DES, AES

what is Nmap

a port scanner that can search for host on a network identify OS running, and detect the version of the services running in open ports.

Describe Honeypots

a system that can detect, monitor and tamper activities of an attacker used to lure in attackers

Explain Industry compliance

adherence to regulations that aren't mandated by law

Explain Regulatory compliance

adherence to the laws specific to the industry you're operating in .

what is Role based Access Control (RBAC)

allows access based on the role.

what is CIPA(Children's Internet Protection Act)

an Act requires schools and libraries to prevent children from, accessing obscene or harmful content over the web.

why is asymmetric key cryptography better than symmetric key cryptography?

because it uses two different keys. a public key to encrypt messages, and a private key to decrypt messages that never needs to be shared.

How is deterrence achieved?

by discouraging an action or event though fear of being caught

example of Deterrence

clock in time cards, Badge ins to avoid stealing work time.

What does system hardening do

decreses number of ways an attacker can reach you.

define SSL (Secure Sockets Layer)

protocol used to securing common internet traffic (Ex: web and email traffic)

Example of Nonrepudiation

read receipts, digital signatures of documents.

ways to harden software

remove unnecessary software remove unneeded services alter default accounts

Administrative control example

rules, laws, policies, procedures, guidelines

what is optical media sensitive too

scratches temperature

What is TLS used for?

securing common internet traffic

describe Casear cipher

shifting each letter of the message by a certain number of spaces.

what are magnetic media sensitive to?

strong magnetic fields

What does a substitution cipher do?

substitutes letters of the alphabet with a different one.

most used cryptographic algorithm?

symmetric key algorithm

What is POP (Post Office Protocol)?

the primary protocol behind email communication

Describe Block cipher

type of symmertric cryptography that takes binary digits or blocks and encrypts it.

describe stream cipher

type of symmetric cryptography that encrypts each bit in the plain text one bit at a time.

What is RAID (Redundant Array of Independent Disks)?

way of copying data to more than one storage device if one of the devices is destroyed

Symmetric Cryptography is also known as

Private Key cryptography

Describe a hash function

1. Keyless cryptography 2. uses hash instead of a key. 3. converts plaintext into a hash (unique and fixed-length value) 4. generates a unique value for every message

Describe AES

1. Uses 3 different ciphers, 128 bit key, 192 bit key, 256 bit key 2. faster than 3DES 3. longer than 3DES

Describe 3DES

1. Uses 3 rounds of DES 2. Is slower Than AES

Describe asymmetric cryptography

1. also know as public key cryptography 2. uses public and private key 3. public key is used to encrypt data and private key is used to decrypt data.

Block vs stream ciphers

1. block encrypts a block at a time, stream cipher encrypts one bit at a time 2.Block is currenlty used 3. block is faster. 4. Block is better used for know file sizes, cipher is better for unknown data size or continuous stream

describe symmetric cryptography

1. single key use 2. encrypts plaintext and decrypt ciphertext 3.Weakness is key exchange

Describe ECC (Elliptic curve cryptography)

1. uses short keys 2. fast and efficient

how many spaces does a ROT13 cipher move letters

13

How may bits used in a DES block cipher key

56 bits

What is a clickjacking attack?

A client side attack where a user can be tricked into clicking on something without realizing that they did

What are Access Control Models

A way of determining who should b allowed access to what resources.

most commonly used symmetric block cipher used in the US

AES

what is Attribute-Based Access Control (ABAC)?

Access based on specific attributes of a person, resource, or environment. (ex: CAPTCHA)

explain Multilevel Access Control

Access control combined across other models.

What is rule-based access control?

Allows access according to a set of rules defined by the system administrator

Authenticity

Allows you to say whether you've attributed the data in question to the proper owner or creator.

What is IMAP (Internet Message Access Protocol)?

An application layer protocol used to retrieve emails from a server

Give an example of a CSRF (Cross-site request forgery) attack

An attacker embedding a link on a webpage or email, executing additional commands the attacker embedded.

explain PCI DCS

An information security standard used to handle credit card payments.

What is a "Sandbox"

An isolated environment that protects a set of resources

what is granted after an an organization passes an audit.

Authority to Operate

Types of attacks in CIA categories

C-Interception I- Interruption, Modification, Fabrication A-Interruption, Modification, Fabrication

Describe CIA triad

Confidentiality, Integrity, Availability- A Security concept in infosec.

What is GDPR (General Data Protection Regulation)?

Covers data protection and privacy for all individuals in the EU.

explain FISMA (Federal Information Security Management Act)

Defines security standards for many federal agencies in the U.S. Mandates government agencies to protect information systems. regulates federal departments in the United States.

How do you protect data at rest

Encryption

what is FISMA (Federal Risk and Authorization Management Program).

Established in 2011 defines rules for government agencies contracting with cloud computers.

explain HIPAA

For organizations that set a standard to protect sensitive healthcare and patient records

What are two acts that regulate heath care in the United States?

HIPAA HITECH

This law was mandated for the use of electronic Health records.

HITECH

Utility

How useful the data is to you.

whats does Wireshark do?

Monitor web traffic

Packet Sniffer

Network/protocol analyzer. can intercept (sniff) traffic on a network/

Confidentiality

Our ability to protect our data from those who are not authorized to view it.

name protocols based on asymmetric cryptography

PGP (Pretty Good Privacy) SSL TLS (Transport Layer Security) VoIP(VoIP)

Types of control

Physical, Logical/Technical, and Administrative control

what type of scanner exist?

Port Scanners and Vulnerability Scanner

Describe Parkerian Hexad

Possession/control, Authenticity, and Utility, Confidentiality, Integrity, Availability.

Incident Response process

Preparation, Detection and analysis, Containment, Eradication, Recover, Post-incident activity.

what does Sox (Sarbanes-Oxley Act) do?

Regulates financial data, operations and assets for publicly held companies. Sets requirements on organizations electronic record keeping and methods of storing electronic communications. regulates reporting of publicly traded companies?.

What are the types of compliance

Regulatory compliance and Industry compliance

what are the 6 main access control modes.

Role-based access control, Rule-based access control (RBAC), Discretionary access control (DAC), Mandatory access control (MAC), and Attribute-based control (ABAC), Multilevel Access Control

How do you protect data in motion

SSL (Secure Socket Layer), TLS (Transport Layer Security) IMAP (Internet Message Access Protocol) POP (Post Office Protocol) HTTP (Hypertext Transfer Protocol) VoIP (Voice over Internet Protocol)

example of Mandatory access control

Secret or Top secret clearance.

describe key exchange

Sharing the key between the sender and receiver

examples of (RBAC) attributes

Subject attribute: "You must be this tall to ride this ride"; Resource attribute: CAPTCHA Environmental attributes: Business Hours, VPN time limits

name list of Sniffers

Tcpdump WinDump Wireshark Kismet

Availability

The ability to access our data when we need it.

Integrity

The ability to prevent people from changing your data in an unauthorized or desirable manner.

Describe DAC (DISCRECTIONary access control)

The owner of the resource determines who gets access to it and to what levels. (Under owners discretion)

Possession/Control

The physical disposition of the media on which the data is stored

What is HTTP (HyperText Transfer Protocol)?

The protocol used to communicate between web browsers and servers.

For Clickjacking, the attacker must take control of ________ or a portion of ________ to place an invisible layer over something the client would normally click on.

The website, the website

What is an objective for performing an audit?

To ensure compliance and detect misuse.

What is SSH (Secure Shell) used for?

To manage remote connections to systems

What is FTP (File Transfer Protocol) used for?

Used to transfer files

How do you protect an Internet connection.

VPN (Virtual Private Network)

What is a DMZ (Demilitarized Zone)?

a layer of protection that separates a device from the rest of a network

example of Role-Based Access Control

employee having access only to complete a certain task.

what are flash media sensitive to?

extreme temperatures

physical control example

fences, gates, locks, guard

What are scanners used for?

hardware or software tools that enable you to interrogate devices and networks for info. to discover networks and systems in environment

What is IMAP (Internet Message Access Protocol) used for?

managing email.

What is Defense in depth

multilayered defense

Explain Nonrepudiation

not being able to deny an action due to evidence that an act has taken place.

Logical/Technical control example

passwords, encryption, firewalls, access controls, IDS

what port does IMAP use

port 143

How ports does FTP use

port 20 & 21

What port does SSH use?

port 22

what is GLBA (Gramm-Leach-Billey Act) for?

protects PII and financial data of a customers of financial institution. regulates customer privacy in the finance industry

What is FERPA (Family Education Rights and Privacy Act of 1974)?

protects students records regulates the United Sates department of education

What is COPPA (Children's Online Privacy Protection Act)?

protects the privacy of minors younger than 13 by restricting organizations from collecting their PII.


Kaugnay na mga set ng pag-aaral

Finding the area of irregular shapes

View Set

Microbiology ASCP MLT medialab exams

View Set

Econ development final exam review

View Set

Studying History : World History A

View Set