CISSP- Terms
Vendors complete Security Targets (STs)
To describe the controls that exist within their product.
Ping uses ICMP (Internet Control Message Protocol)
To determine whether a system responds and how many hops there are between the originating system and the remote system.
Synchronous communications
Use a timing or clock mechanism to control the data stream. This can permit very fast communication.
Key Risk Indicators (KRIs) (For future attack)
Are often used to monitor risk for organizations that establish an ongoing risk management program.
API keys, or application programming interface keys
Are passed to services and identify the program, developer, or user
Operational investigations
Are performed by internal teams to troubleshoot performance or other technical issues.
Data processors
Are systems used to process data.
Foreign keys
Are the mechanism used to enforce referential integrity.
The two major classifications of covert (סמוי) channels
Are timing and storage
Fuzzers
Are tools that are designed to provide invalid or unexpected input to applications, testing for vulnerabilities
Static program reviews
Are typically performed by an automated tool.
Turnstiles (קרוסלות)
Are unidirectional (חד כיווני) gates that prevent more than a single person from entering a facility at a time
Supervisory control and data acquisition (SCADA) systems
Are used to control and gather data from industrial processes
Relational Database
Contain two- dimensional tables, or relations, of related data. Relational databases require a unique value called the primary key in each tuple in a table
By using the CA's (certificate authority) public key
Individual receives a copy of a digital certificate, he or she verifies the authenticity of that certificate
An attribute (תכונה)-based access control (ABAC) system
Will allow you to specify details about subjects, objects, and access, allowing granular control.
A well-designed set of VLANs based on functional groupings
Will logically separate segments of the network.
Setting the Secure cookie
Will only allow cookies to be sent via HTTPS TLS or SSL sessions, preventing man-in-the-middle attacks that target cookies.
APIPA address (169.254)
Windows systems will assign themselves an APIPA address between 169.254.0.1 and 169.254.255.254 if they cannot contact a DHCP server.
Kerberos
Windows uses Kerberos for authentication
Ad hoc mode
Wireless network structure where devices can communicate directly with each other. (Like 2 laptops )
ITIL (IT infrastructure library)
Is a set of practices for IT service management, and is not typically used for auditing
Source code
Is computer programming language Instructions that are written in text that must be translated into machine code before execution by the CPU.
The final step of a quantitative risk analysis
Is conducting a cost/benefit analysis.
Semantic integrity means that each attribute (column) value
Is consistent with the attribute data type
Remnant data
Is data that is left after attempts have been made to remove or erase
Domain Keys Identified Mail (DKIM)
Is designed to allow assertions of domain identity to validate email
A Content Distribution Network (CDN)
Is designed to provide reliable, low-latency, geographically distributed content distribution.
Interference
Is electrical noise or other disruptions that corrupt the contents of packets.
PAP (Password Authentication Protocol)
Is insecure: a user enters a password and it is sent across the network in clear text.
The comparison of a factor to validate an identity
Is known as authentication.
Client-side input validation
Is not an effective control against any type of attack because the attacker can easily bypass the validation by altering the code on the client.
TCP (Transmission Control Protocol)
Is one of the bundles of Internet protocols commonly used to transmit data across a network
Reviewing security audit logs within an IT system
Is one of the easiest ways to verify that access control mechanisms are performing adequately (כראוי). Reviewing audit logs is primarily a detective control.
When sending attachments User awareness
Is one of the most important tools when dealing with attachments.
Temporal Key Integrity Protocol (TKIP)
Is only used as a means to encrypt transmissions and is not used for data at rest.
Regression Testing
Is performed after developers make changes to an application. It reruns a number of test cases and compares the results to baseline results.
Category 3 UTP cable (Cat 3)
Is primarily used for phone cables and was also used for early Ethernet networks where it provided 10 Mbps of throughput
Example of infrastructure as a service (Iaas)
Is providing servers on a vendor-managed virtualization platform.
Infrastructure as a service
Is providing servers on a vendor-managed virtualization platform.
The business or mission owner's role
Is responsible for making sure systems provide value.
Machine code, also called machine language
Is software that is executed directly by the central processing unit (CPU). it is a series of 1s and 0s that translate to instructions that are understood by the CPU
Closed-source software
Is software that is typically released in executable form, though the source code is kept confidential (Oracle and Microsoft Windows 10)
Personal Health Information (PHI)
Is specifically defined by HIPAA to include information about an individual's medical bills.
The Secure File Transfer Protocol (SFTP)
Is specifically designed for encrypted file transfer
The greatest risk when a device is lost or stolen
Is that sensitive data on the device will fall into the wrong hands. Confidentiality protects against this risk.
The law serves as the basis for privacy rights in the United States
Is the Fourth Amendment
Accreditation (יִפּוּי כֹּחַ)
Is the act of management formally accepting an evaluating system, not evaluating the system itself
The Single Loss Expectancy (SLE)
Is the amount of damage that a risk is expected to cause each time that it occurs
The recovery time objective (RTO)
Is the amount of time expected to return an IT service or component to operation after a failure.
Steganography
Is the art of using cryptographic techniques to embed (לְשַׁבֵּץ) secret messages within other content.
Steganography
Is the art of using cryptographic techniques to embed (להטמיע) secret messages within other content like photo.
XTACACS (Extended TACACS)
Is the authentication, authorization In addition to TACACS it support accounting and auditing
Security Assertion Markup Language (SAML)
Is the best choice for providing authentication and authorization information, particularly for browser-based SSO (Single Sign-on)
EOC (Emergency Operations Center)
Is the command post established during or just after an emergency event.
Assurance
Is the degree of confidence that an organization has that its security controls are correctly implemented.
The last step of the certificate creation process
Is the digital signature, the certificate authority signs the certificate using its own private key.
Deterrence (הרתעה)
Is the first functional goal of physical security mechanisms.
Hypervisor
It is the software that creates a virtual machine from a physical machine. (Called VMM- Virtual Machine Monitor)
The DevOps approach to technology management
Seeks to integrate software development, operations, and quality assurance in a cohesive (מגובש) effort.
Database Normalization
Seeks to make the data in a database table logically concise (תַמצִיתִי), organized, and consistent. Normalization removes redundant data and improves the integrity and availability of the database.
Segments (Transport layer-TCP)
Segment - Transport layer, only a part of a TCP (connection-oriented) connection stream.
TCP ACK
Sends a packet disguised (מְחוּפָּשׂ) as part of active control.
Xmas
Sends a packet with the FIN, PSH, and URG flags set
TCP SYN
Sends a request to open a new connection
The ping flood attack
Sends echo requests at a targeted system.
The parol (שחרור) evidence rule
States that when an agreement between two parties is put into written form, it is assumed to be the entire agreement unless amended (תיקון) in writing.
The parol evidence (ראיות שחרורים) rule
States that when an agreement between two parties is put into written form, it is assumed to be the entire agreement unless amended in writing.
The Simple Integrity Property
States that an individual may not read a file classified at a lower security level than the individual's security clearance.
Transaction identification problems caused by
A shared key are likely to involve a repudiation (דחייה) issue.
Types of structural coverage include
A statement, branch or decision coverage, loop coverage, path coverage, and data flow coverage.
Primary Rate Interface (PRI)
(Fast)Can use between 2 and 23 64 Kbps channels, with a maximum potential bandwidth of 1.544 Mbps
A key-value store is an example of
A NoSQL database, The main types are document, key-value, wide-column, and graph.
Factor to number type:
- A PIN: Type 1. - A token: Type 2. - A fingerprint: Type 3. - A password: Type 1. - A smart card: Type 2.
The three categories of data destruction are
- Clear (overwriting with nonsensitive data) - Purge (removing all data). - Destroy (physical destruction of the media).
The four canons of the (ISC)2 code of ethics are
- To protect society - The common good - Necessary public trust and confidence - The infrastructure
Ethernet uses
A bus topology.
Holistic approach
A concept based upon a balanced and integrated use of technology, people, and processes is the ultimate defensive approach against the complex cybersecurity challenges occurring in the world.
SOC 3 -Public Report
A general use report that reports on controls related to compliance and/or operations.
ASLR- Address Space Layout Randomization
A memory protection methodology that randomizes memory locations, which prevents attackers from using known address spaces.
Polyinstantiation
Allows the storage of multiple different pieces of information in a database at different classification levels to prevent attackers from conducting aggregation or inference attacks.
The Discretionary Security Property
Allows the use of a matrix to determine access permissions
Hashing (integrity control)
Allows you to computationally verify that a file has not been modified between hash evaluations
Tailgating
Also known as piggybacking,
NIPS (network-based intrusion prevention system)it is IPS
Alters the flow of network traffic. provides defense-in-depth protection in addition to a firewall
During software testing
Application programming interfaces (APIs), user interfaces (UIs), and physical interfaces are all important to test.
Data streams are associated with
Application, Presentation, and Session layers
FIdM/IDM (Federated identity management)
Applies SSO at a much wider scale: ranging from cross-organization to Internet scale. may use OpenID or SAML.
Context (הֶקשֵׁר)-dependent access control
Applies additional context before granting access. adds additional factors beyond username and password, such as the time of attempted access.
Mandatory access control (MAC)
Applies labels to subjects and objects and allows subjects to access objects when their labels match.
The information flow model
Applies state machines to the flow of information.
The Bell-LaPadula model
Applies to confidentiality
The Federal Information Security Management Act (FISMA)
Applies to federal government agencies and contractors, like Defense contractors.
Foreign keys
Are used to create relationships between tables in a database.
Congestion Window Reduced (CWR) and ECN-Echo (ECE)
Are used to manage transmission over congested links, and are rarely seen in modern TCP networks.
Mobile sites
Are veritable (מַמָשִׁי) datacenters on wheels in that they are towable trailers that contain racks of computer equipment, as well as HVAC, fire suppression, and physical security.
Vulnerability scanner has continued to incorrectly flag the system as vulnerable after installing a patch
Ask the information security team to flag the system as patched and not vulnerable.
Referential integrity means
Assuring that the connections between tables remain valid. Every foreign key in a secondary table matches a primary key in the parent table.
Organizations should train
At least two individuals on every business continuity plan task.
The three common threat modeling techniques are focused on:
Attackers, software, and assets.
TOC/TOU (Time of check/Time of use)
Attacks are also called race conditions
An audit kickoff meeting
Auditors should never approach an audit with any expectations about what they will discover/finding.
Network Access Control (NAC) systems can be used to
Authenticate users and then validate their system's compliance with a security standard before they are allowed to connect to the network.
EAP (Extensible Authentication Protocol)
Authentication framework, used in network and internet connection. Originally intended to be used on physically isolated network channels and did not include encryption
The three important factors in determining where a signal can be accessed and how usable it is, are:
Antenna placement, antenna design, and power level control.
Context-dependent control (Time-based controls)
Based on certain contextual parameters, such as location, time, sequence of responses, access history
Remediation (טיפול והוראה מתקנת) step of the incident response process
Because the root cause analysis output is necessary to fully remediate affected systems and processes
Closed circuit television (CCTV) systems act as a secondary verification mechanism for physical presence
Because they allow security officials to view the interior of the facility when a motion alarm sounds to determine the current occupants and their activities.
The Common Vulnerability Scoring System (CVSS)
Calculation tools for exploit ability, impact, how mature exploit code is, and how vulnerabilities can be re mediated, score vulnerabilities against users.
TCP headers
Can be 20 to 60 bytes long depending on options that are set
Security vulnerabilities
Can be created by misconfiguration, logical or functional design or implementation issues, or poor programming practices.
ORB (Object Request Brokers)
Can be used to locate objects because they act as object search engines. ORBs are middleware, which connects programs to programs.
RTM (requirements traceability matrix)
Can be used to map customers' requirements to the software testing plan. it traces the requirements and ensures that they are being met.
Buffer Overflows
Can occur when a programmer fails to perform bounds checking
Limiting request rates
Can prevent abuse of APIs.
External auditors
Can provide an unbiased and impartial (אוֹבּיֶקְטִיבִי) view of an organization's controls to third parties.
Decentralized access control
Can result in less consistency
DBMS (Database Management System)
Controls all access to the database and enforces the database security.
Heating, ventilation, and air conditioning (HVAC)
Controls keep the air at a reasonable temperature and humidity
Digital Rights Management (DRM) technology (Intellectual property)
Copyright protection for digital media. Limit use of the PDFs to paying customers.
Bits (Physical Layer)
Data in physical layer consists of stream of bits.
RAM (Random Access Memory)
Data in use is data that is in a temporary storage location while an application or process is using it.
Sanitization process fully ensures that
Data is not remnant (נשאר) on the system before it is reused.
Slack space
Data is stored in specific-sized chunks known as clusters, which are sometimes referred to as sectors or blocks
Transport layer
Datastream is converted into a segment (TCP) or a Datagram (UDP), it transitions from the Session layer to the Transport layer.
The Physical layer
Deals with the electrical impulses or optical pulses that are sent as bits to convey data.
X.509
Define standards for public-key certificates like those used with many smart cards.
NIST SP 800-137 outlines the process for organizations that are establishing, implementing, and maintaining an ISCM as define:
Define, establish, implement, analyze and report, respond, review, and update.
ISTQB (International Software Testing Qualifications Board)
Defines acceptance testing as "a formal testing with respect to user needs, requirements, and business
The waterfall model uses
Develops software , spending quite a bit of time up front on the development and documentation of requirements and design.
SQL injection
Directly attacks a database through a web application.
Callback
Disconnects a remote user after their initial connection and then calls them back at a preauthorized number.
Differential backups
Do not alter the archive bit on a file, whereas incremental and full backups reset the archive bit to 0 after the backup completes.
Hash functions
Do not require a cryptographic key.
VoIP call and VoIP phones are susceptible (רגישים) to
DoS and host OS attacks
Evidence in court
Does not need to be tangible
Reformatting a tape
Does not remove remnant data.
The team conduct a root cause analysis
During Remediation (תיקון) stage
WHOIS (In a penetration test)
During the information gathering and discovery, testers will gather information about the target. Whois can provide information about an organization, including IP ranges, physical addresses, and staff contacts.
Decentralized Access Control
Empowers people closer to the resources to control access but does not provide consistent control.
Cross-site request forgery (זיוף) (XSRF or CSRF) attacks
Exploit the trust that sites have in a user's browser by attempting to force the submission of authenticated requests to third-party sites
Metasploit
Exploitation framework. It is the Framework that modular penetration testing platform that enables you to write, test, and execute exploit code.
The Time of Check to Time of Use (TOC/TOU) attack
Exploits (לְהִשְׁתַמֵשׁ) timing differences between when a system verifies authorization and software uses that authorization to perform an action.
APIPA (Automatic Private IP Addressing) Begin with- 169.254.
Feature in operating systems that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn't reachable.
Fuzzing
Feeds invalid input to running software to test error and input handling. Part of dynamic analysis
The Computer Security Act of 1987
Gave the National Institute of Standards and Technology (NIST)
White noise
Generates false emanations that effectively "jam" the true emanations from electronic equipment.
Discretionary (שיקול דעת) access control
Gives owners the right to decide who has access to the objects they own
Business Associates Agreement (BAA)-HIPAA Compliant
HIPAA requires that anyone working with personal health information to compliant with BAA
Custodians
Handling day-to-day tasks by managing and overseeing how data is handled, stored, and protecte
Remediation (תיקון) phase of incident
Handling focuses on conducting a root cause analysis to identify the factors contributing to an incident and implementing new security controls, as needed.
"Bad" blocks/clusters/sectors
Hard disks routinely end up with sectors that cannot be read due to some physical defect.
In classification process
How much the data cost to create, is not a consideration during data classification.
IDE (Integrated Development Environment)
IDE forcing is not a type of code review.
AES (Advanced Encryption Standard)
Implemented in software and hardware throughout the world to encrypt sensitive data, also known by its original name Rijndael. The client in Kerberos logins uses AES to encrypt the username and password prior to sending it to the KDC (Key Distribution Center)
Packet (Network layer)
In the seven-layer OSI model of computer networking, packet strictly refers to a protocol data unit at layer 3, the network layer.
Brute-Force Attack
In this attack, the password is changing by one letter at each attempt.
During the Reporting phase
Incident responders assess their obligations under laws and regulations to report the incident to government agencies and other regulators.
Fagan inspection
Involve both the developer and a team to review the code using a formal process.
Active-passive cluster
Involves devices or systems that are already in place, configured, powered on, and ready to begin processing network traffic should a failure occur on the primary system.
Active-active cluster
Involves multiple systems, all of which are online and actively processing traffic or data
The advantage iris scans have over most other types of biometric factors
Irises don't change as much as other factors.
The maximum allowed length of a Cat 6 cable
Is 100 meters, or 328 feet
Retina scanner
Is a Type 3 factor.
IPT (Integrated Product Team)
Is a customer-focused group that focuses on the entire lifecycle of a project (Agile concept)
Electronic vaulting (Daily transferring)
Is a data backup task that is part of disaster recovery, not business continuity, efforts.
The tail number
Is a database field because it is stored in the database.
Sqlmap
Is a dedicated database vulnerability scanner
Latency
Is a delay in the delivery of packets from their source to their destination.
A Fraggle Attack
Is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast address within a network.
Biba uses a lattice to control access
Is a form of the mandatory access control (MAC) model
Biba (Integrity) Model
Is a formal state transition system of data security policies designed to express a set of access control rules in order to ensure data integrity
Fortran
Is a functional programming language.
Fortran
Is a functional programming language. Java, C++, and C# are all object-oriented languages.
Data Warehouse
Is a large collection of data
The waterfall model
Is a linear application development model that uses rigid (נוקשה) phases; when one phase ends, the next begins (does not allow developers to go back to previous steps)
OSPF (Open Shortest Path First)
Is a link state protocol.
A database journal
Is a log of all database transactions
The IP address 127.0.0.1
Is a loopback address and will resolve to the local machine
A worm virus
Is a malicious, self-replicating program that can spread in a network without human assistance.
XML (Extensible Markup Language)
Is a markup language designed as a standard way to encode documents and data. (SAML is an XML-based framework for exchanging security information, including authentication data).
An access control mechanism
Is a means of safeguarding the security by detecting and preventing unauthorized access (Phishing is not an attack against an access control mechanism)
A fault
Is a momentary loss of power
A fault
Is a momentary loss of power.
Spike
Is a momentary period of high voltage
IPS (Intrusion Prevention System)
Is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits
netcat
Is a network tool used to send or receive data.
Real user monitoring (RUM)
Is a passive monitoring technique that records user interaction with an application or system to ensure performance and proper application behavior.
Aggregation
Is a security issue that arises when a collection of facts has a higher classification than the classification of any of those facts standing alone.
SSID - Service Set Identifier
Is a sequence of characters that uniquely names a wireless local area network (WLAN)
A baseline
Is a set of security configurations that can be adopted and modified to fit an organization's security
IDS (Intrusion Detection System)
Is a software application or hardware appliance that monitors traffic moving on networks and through systems to search for suspicious activity and known threats, sending up alerts when it finds such items
Primary storage
Is a technical term used to refer to the memory that is directly available to the CPU.
A PBX (private branch exchange)
Is a telephone system within an enterprise that switches calls between enterprise users on local lines
Shoulder surfing (looking from behind)
Is a type of data theft where cybercriminals steal personal information or confidential information by peering over (מציץ) the target's shoulders.
RAID level 5
Is also known as disk striping with parity
Generational fuzzing (תעלול)
Is also known as intelligent fuzzing, bc it relies on the development of data models using an understanding of how the data is used by the program.
RADIUS (Remote Authentication Dial-In User Service) UDP
Is an AAA protocol used to provide authentication and authorization
Service Provisioning Markup Language (SPML)
Is an Extensible Markup Language (XML)-based language that facilitates (מקדם) the exchange of provisioning information among applications and organizations, corporations, or agencies
RSA- Is a public-key encryption technology
Is an asymmetric encryption algorithm that requires only two keys for each user.
Sabotage (חבלה)
Is an attack committed against an organization by an insider, such as an employee
OpenID Connect (adopted by cloud service)
Is an authentication layer that works with OAuth 2.0 as its underlying authorization framework.
Agile sprint phase
Is likely developing code based on user stories
Classified
Is not a level in the U.S. government classification scheme.
HTML (Hypertext Markup Language)
Is primarily used for web pages
The end goal of the disaster recovery process
Is restoring normal business operations in the primary facility.
Use case testing
Is testing for desired functionality
Packet loss
Is the disappearance of packets in transit that requires re-transmission.
EAL7 (Evaluation Assurance Level)
Is the highest level of assurance under the Common Criteria. It applies when a system has been formally verified, designed, and tested.
Enrollment, or registration
Is the initial creation of a user account in the provisioning process
The checklist review
Is the least disruptive type of disaster recovery test.
L2TP (Layer 2 Tunneling Protocol)
Is the only one of the four common VPN protocols that can natively support non-IP protocols
Nonrepudiation
Is the only possible with an asymmetric encryption algorithm. RSA is an asymmetric algorithm.
Tailoring
Is the process of matching a list of security controls to the mission of an organization
Scoping
Is the process of reviewing and selecting security controls based on the system that they will be applied to.
Static analysis
Is the process of reviewing code without running it.
Input validation, also known as data validation,
Is the proper testing of any input supplied by a user or application, as input parameters to an SQL query.
Modulo Function (mod)
Is the remainder value left over after an integer (שלם) division operation takes place
Cohesion (התלכדות)
Is the strength of the relationship between the purposes of methods within the same class.
The biggest threat to data at rest
Is typically a data breach.
XACML (Extensible Access Control Markup Language)
Is used for access control policy markup.
TACACS+ (TCP)
Is used for network devices that wants to log in remotely to AAA server
SSH (Secure Shell) (port 22)
Is used for secure command-line access
Extensible Access Control Markup Language (XACML)
Is used to describe access controls.
Security Assertion Markup Language (SAML)
Is used to exchange user authentication and authorization data.
SPML (Service Provisioning Markup Language)
Is used to exchange user information for SSO (Single sign on)
The Security Content Automation Protocol (SCAP)
Is used to handle vulnerability and security configuration information. The National Vulnerability Database provided by NIST uses SCAP
Data Mining
Is used to search for patterns. Commonly sought patterns include signs of fraud.
The Waiting state
Is used when a process is blocked waiting for an external event.
GFS (grandfather-father-son) backup
Is used with systems that use sequential (רציף) master files. is a common rotation scheme for backup media, in which there are three or more backup cycles, such as daily, weekly, and monthly.
Nikto
Is useful for vulnerability scanning web servers and applications and is the best choice listed for a web server (HTTP)
WEP's implementation of RC4
Is weakened by its use of a static common key and a limited number of initialization vectors.
Double NATing
Isn't possible with the same IP range; the same IP addresses cannot appear inside and outside of a NAT router.
The grant rule
It allows a subject to grant rights that it possesses (לְקַבֵּל בִּירוּשָׁה) on an object to another subject.
EAP-FAST, also known as Flexible Authentication via Secure Tunneling)
It is used in wireless networks and point-to-point connections to perform session authentication
In SOC Type I audits (audits occur in type 2)
It only covers a single point in time and is based upon management descriptions of controls.
Label all media
It prevents sensitive media from not being marked by mistake.
Disintegration (הִתפּוֹרְרוּת)
It's the best method to sanitize a solid-state drive (SSD). The results in very small fragments via a shredding process.
Unit testing
Low-level tests of software components, such as functions, procedures, or objects.
Redundant systems (ie, alternative systems)
Make entire systems available in case of failure of the primary system
The Electronic Communications Privacy Act (ECPA)
Makes it a crime to invade the electronic privacy of an individual.
Maximum Tolerable Downtime (MTD) is comprised of which two metrics
Recovery Time Objective (RTO) and Work Recovery Time (WRT)
RAID-5 array
Recovery control and intended to handle failure of a drive.
Keyboard dynamics
Refer to how hard a person presses each key and the rhythm in which the keys are pressed
The Children's Online Privacy Protection Act (COPPA)
Regulates websites that cater to children or knowingly collect information from children under the age of 13
Generational fuzzing
Relies on models for application input and conducts fuzzing attacks based on that information.
A constrained (מוגבל) user interface
Restricts what users can see or do based on their privileges
A constrained (מוגבל) user interface
Restricts what users can see or do based on their privileges.
Stealth (התגנבות) techniques
Result clean scan, such as intercepting (יירוט) read requests from the antivirus software and returning a correct-looking version of the infected file.
When the value of data changes due to legal, compliance, or business reasons:
Reviewing classifications and reclassifying the data is an appropriate response.
Pass around
Reviews are often done via email or using a central code review system, allowing developers to review code asynchronously.
The formula used to determine risk
Risk = Threat * Vulnerability.
Routing Protocols
Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Border Gateway Protocol (BGP)
Marging two (or more!) IT environments
Running vulnerability scans and performing a risk assessment are both common steps taken when preparing to merge two (or more!) IT environments.
The hypervisor (In Virtualization)
Runs within the virtualization platform and serves as the moderator (מַנחֶה) between virtual resources and physical resources.
PACs (Privilege Attribute Certificates)
SESAME (an SSO syste) uses PAC in place (במקום) of Kerberos' tickets
SOC 1, SOC 2, SOC 3
SOC 1- Provide financial control information SOC 2- Provide detail on the controls and any issues SOC 3- Public report
Egress (יְצִיאָה) filtering
Scans outbound traffic for potential security policy violations like Traffic with a destination address on an external network.
Hand geometry scanners (assess the physical dimensions)
Should not be implemented as the sole authentication factor for secure environments.
Everyone in the organization
Should receive a basic awareness training for the business continuity program.
Individuals with specific business continuity roles
Should receive training on at least an annual basis
Gantt chart
Showing the proposed start and end dates for different activities.
nmap
Port scanning.
Allocated space
Portions of a disk partition that are marked as actively containing data.
Unallocated space
Portions of a disk partition that do not contain active data
Ports (Total 65,535)
Ports 0 through 1023 are defined as well-known ports Ports 1024 to 49151 are defined as Registered ports Ports 49152 to 65535 Private/Dynamic ports (IANA) Suggest this addresses.
Intrusion detection systems (IDSs)
Provide only passive responses, such as alerting administrators to a suspected attack.
The Common Platform Enumeration (CPE) component of SCAP
Provides a consistent way to refer to operating systems and other system components.
Vulnerabilities and Exposures (CVE) component
Provides a consistent way to refer to security vulnerabilities.
Request control
Provides a framework for user requests
Change control
Provides an organized framework within which multiple developers can create and test solutions prior to rolling them out into a production environment
Identity as a Service (IDaaS)
Provides capabilities such as account provisioning, management, authentication, authorization, reporting, and monitoring.
Remediation (תיקון)
Provides critical information for repairing systems so that the incident does not recur (לחזור)
RAID technology
Provides fault tolerance for hard drive failures and is an example of a business continuity action.
A full-knowledge test (also called crystal-box test)
Provides internal information to the penetration tester, including network diagrams, policies and procedures, and sometimes reports from previous penetration testers
802.1x authentication
Provides port-based authentication and can be used with technologies like EAP
OEP (Occupant Emergency Plan)
Provides the "response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property.
Group Policy
Provides the ability to monitor and apply settings in a security baseline
SOC 1, Type 2 - Financial results
Provides the risk of financial statement assertions and the service tests of the controls and the results.
Crystal box penetration testing, (called white-box penetration testing)
Provides the tester with information about networks, systems, and configurations, allowing highly effective testing
The change control process
Providing an organized framework when multiple developers can create and test.
Modification (שינוי) attacks
Occur when captured packets are modified and replayed to a system to attempt to perform an action.
Privilege escalation
Occurs during the attack phase of a penetration test
"Blue Screen of Death" (Blue screen on the computer)
Occurs when a Windows system experiences a dangerous failure and enters a fail secure state
Full disk encryption
Only protects data at rest.
For web applications in a well-designed environment
Passwords are never stored
Electronic discovery, or eDiscovery,
Pertains (שייך) to legal counsel gaining access to pertinent electronic information during the pretrial discovery phase of civil legal proceedings.
Operating Level Agreements (OLAs)
Specify (לפרט) the parameters of service that a vendor provides to a customer.
STRIDE is an acronym that stands for 6 categories of security risks:
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privileges.
Microsoft's STRIDE threat assessment model places threats into one of six categories:
Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege
Common types of structural coverage include
Statement, branch or decision coverage, loop coverage, path coverage, and data flow coverage.
Modification of audit logs
Will allow repudiation because the data cannot be trusted, and thus actions can be provably denied.
IEEE 802.11 (Used for Wi-Fi)
Wireless Ethernet standard for Wi-Fi. 802.11a - 5 GHZ 802.11b - 2.4 GHZ 802.11g- 2.4 GHZ 802.11n- 2.4/5 GHZ 802.11 ac - 5GHZ
aircrack-ng
Wireless encryption assessment.
Bytecode,
Such as Java bytecode, is also interpreted code
Aggregate functions
Summarize large amounts of data and provide only summary information as a result
TACACS, XTACACS, TACACS+ (Old to new triple AAA methods)
TACACS- Provide authentication and authorization XTACACS- Provide authentication, authorization accounting, and auditing. TACACS+ - Adds encryption & Administative control
Cross-site request forgery (XSRF)
The anti-forgery state token exchanged during OAuth sessions is intended to prevent cross-site request forgery (זיוף)
In a land attack,
The attacker sends a packet that has identical source and destination IP addresses in an attempt to crash systems that are not able to handle this out-of-specification traffic
Inference attack (הסקה/ להסיק)
The attacker uses several pieces of generic nonsensitive information to determine a specific sensitive value
When operating system patches are no longer available for mobile devices
The best option is typically to retire or replace the device
To monitor traffic between systems in a VMWare environment
The best way is to set up a virtual span port and capture data using a VM IDS.
If the (ISC)2 peer review board finds that a certified violated
The board may revoke their certification.
In the private cloud computing model,
The cloud computing environment is dedicated to a single organization.
Accreditation (יִפּוּי כֹּחַ)
The formal authorization by the accrediting (management) official for system operation and an explicit acceptance of risk.
Hierarchical databases form a tree
The global domain name service (DNS) servers form a global tree.
Recovery Time Objective (RTO)
The goal of business continuity planning exercises is to reduce the amount of time required to restore operations. This is done by minimizing the RTO.
De-encapsulation (in the OSI model)
The process of removing a header (and possibly a footer) from the data received from a previous layer in the OSI model is known as de-encapsulation.
BIA (Business Impact Analysis)
The process to establish business continuity requirements by identifying time-sensitive activities in an organization, based on the impact stemming from a disruption (שִׁבּוּשׁ)
Organization media downgraded
The purging (טיהור) process should be followed, and then the media should be relabeled.
Ticket-Granting Ticket (TGT)
Ticket Granting Ticket, It contains the session key, its expiration date, and the user's IP address.
The goal of the business continuity planning process is:
To ensure that your recovery time objectives (RTO)are all less than your maximum tolerable downtimes (MTD)
Key Risk Indicators (KRIs) are often used (Forward looking indicator)
To monitor risk for organizations that establish an ongoing risk management program
sqlmap is designed
To perform automated detection and testing of SQL injection flaws and does not provide OS detection.
The purpose of a digital certificate is
To provide the general public with an authenticated copy of the certificate subject's public key.
Kerberos uses realms (תחומים), and the proper type of trust
To set up for an Active Directory environment that needs to connect to a K5 domain is a realm trust.
The military classification scheme contains three major levels:
Top Secret, Secret, and Confidential. Unclassified is a default, and not a classification
Top Secret, Secret, Confidential, Unclassified
Top Secret- Could cause exceptionally grave harm. Secret- Could cause serious harm to national security. Confidential- could be expected to cause less harm. Unclassified- is not an actual classification (may be released to unclassified individuals)
Dynamic testing of software
Typically occurs in a black box environment where the tester does not have access to the source code.
Firewalls
Use rule-based access control.
Criminal investigations
Use the strictest standard of evidence of all investigations: beyond a reasonable doubt.
Degaussing
Used for destroying media with magnetic
The Point-to-Point Protocol (PPP)
Used for dial-up connections for modems, IDSN, Frame Relay, and other technologies.
Port Address Translation (PAT)
Used to allow a network to use any IP address set inside without causing a conflict with the public Internet.
Key performance indicators (KPIs)
Used to assess how an organization is performing
PSH is a TCP flag
Used to clear the buffer resulting in immediately sending data, and URG is the TCP urgent flag.
The DARPA TCP/IP model
Used to create and design the OSI model made sure to map the OSI model layers to it. (Application, Presentation, and Session.)
A watermark
Used to digitally label data and can be used to indicate (לְהַצְבִּיעַ) ownership
The RST flag (Reset)
Used to reset or disconnect a session.
Compensation controls are
Used when controls like the locks in this example are not sufficient (לא מספיק)
Database shadowing
Uses two or more identical databases that are updated simultaneously. The goal of database shadowing is to greatly reduce the recovery time for a database implementation.
Designing an assessment following NIST SP 800-53A
Using Specifications is generally include policies, procedures, requirements, and designs
If a business need requires messaging
Using a local messaging server is the best option.
Kerberos encrypts messages .
Using secret keys, providing protection for authentication traffic
Nikto
Web vulnerability scanning
SCADA devices- A computer system for gathering and analyzing real time data
Were never designed to be exposed to a network, and adding them to a potentially insecure network can create significant risks.
False Acceptance Rate (FAR), False Rejection Rate (FRR)
When FRR is higher than FAR it show that security is more important than usability to the organization.
What format does the Data link Layer use to format messages received from higher up the stack?
When a message reaches the Data Link layer, it is called a frame
Frame (Data layer)
When a message reaches the Data Link layer, it is called a frame.
TCP connect scan can be used.
When tester does not have raw packet creation privileges, such as when they have not escalated privileges on a compromised host.
Discretionary (לפי שיקול דעת) access control
When the owner of a file makes the decisions about who has rights or access privileges to it.
Nonrepudiation occurs
When the recipient of a message is able to demonstrate to a third party that the message came.
EAL2 (Evaluation Assurance Level) assurance applies
When the system has been structurally tested. It is the second-to-lowest level of assurance under the Common Criteria
Race conditions occur
When two or more processes need to access the same resource in the right order.
Excessive (מוּפרָז) privileges
When users have more rights than they need to accomplish their job
Passive scanning
can help identify rogue devices by capturing MAC address vendor IDs
Clipping part of methods of choosing records from a large pool
clipping uses threshold values to select those records that exceed a predefined threshold because they may be of most interest to analysts.
The United States Code (USC)
contains the text of all federal criminal and civil laws passed by the legislative branch and signed by the President
Database query languages have at least two subsets of commands:
data definition language (DDL) and data manipulation language (DML). DDL is used to create, modify, and delete tables, while DML is used to query and update data stored in the tables.
System logs (In windows)
include reboots, shutdowns, and service state changes.
COBIT
is an IT management framework developed by the ISACA to help businesses develop, organize and implement strategies around information management and governance.
Criminal forensic investigations
Typically have the highest standards for evidence.
The cable lengths:
1. Category 5e: B. 300 feet. 2. Coaxial (RG-58): A. 500 feet. 3. Fiber optic: C. 1+ Kilometers.
SW-CMM 5 stages
1. Initial 2. Repeatable (Basic life-cycle) 3. Defined 4. Managed 5. Optimizing
The Agile (זָרִיז/ קַל תְנוּעָה) approach to software development embraces (כולל) four principles.
1. It values individuals and interactions over processes and tools 2. Working software over comprehensive documentation 3. Customer collaboration over contract negotiation. 4. Responding to change over following a plan.
The three components of the DevOps model are
1. Software development 2. operations 3. quality assurance
Loopback address is
127.0.0.1
APIPA addresses are assigned between
169.254.0.0 to 169.254.255.254
GLBA Is (The Gramm-Leach-Bliley Act)
A U.S. law that requires covered financial institutions.
SOX (Sarbanes-Oxley Act)
A U.S. law that requires internal controls assessments including IT transaction flows for publicly traded companies.
Honeynet
A network set up with intentional vulnerabilities
Misuse (שימוש לרעה) case analysis
A process that tests code based on how it would perform if it was misused instead of used properly.
Cold site:
A rented space with power, cooling, and connectivity that can accept equipment as part of a recovery effort.
Cognitive Password
A series of questions that the user has previously provided the answer, and the user should knows the answers.
In order to fully test code
A white box test is required.
API keys
API developers commonly use API keys to limit access to authorized users and applications
Diameter (Is RADIUS' successor מַמשִׁיך דָרכּוֹ)
Designed to provide an improved AAA framework. Diameter, is more flexible than Radius.
Parity
Achieves data redundancy without incurring the same degree of cost as that of mirroring in terms of disk usage and write performance.
Mirroring in RAID
Achieves full data redundancy by writing the same data to multiple hard disks.
A rainbow table
Acts as a database that contains the precomputed hashed output for most or all possible passwords
Proportionality (מידתיות)
Additional discovery must be proportional to the additional costs that they will require
Content (תוֹכֶן)-dependent access control
Adds additional criteria beyond identification and authentication. They may be added as an additional control, typically to DAC systems
Nessus, OpenVAS, and SAINT
All examples of Vulnerability scanners tool
Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS) Orthogonal Frequency-Division Multiplexing (OFDM)
All use spread-spectrum techniques to transmit on more than one frequency at the same time
Repudiation (הכחשה) threats
Allow an attacker to deny having performed an action or activity without the other party being able to prove differently.
Repudiation threats
Allow an attacker to deny having performed an action or activity without the other party being able to prove differently.
Database query languages
Allow the creation of database tables, read/write access to those tables, and many other functions
Database replication mirrors a live database
Allowing simultaneous reads and writes to multiple replicated databases by clients.
Covert channel (ערוץ סמוי)
Allowing the transport of data between security zones. Cut and paste between virtual machines can cause Covert channel concerns.
XACML
An access control markup language used to describe and process access control policies in an XML format
The ping of death attack is most similar to
Buffer overflow
Netflow Records contain (In case of botnet)
An entry for every network communication session that took place on a network and can be compared to a list of known malicious hosts.
Psuedoflaw
An intentionally designed vulnerability used to lure (לפתות) in an attacker
Web applications communicate with web browsers via:
An interface (ממשק)
Service bureau
An organization that can provide onsite or offsite IT services in the event of a disaster
Telnet is (Port 23)
An unencrypted command-line and login protocol that use to access remote server.
During the Lessons Learned phase
Analysts close out an incident by conducting a review of the entire incident response process.
Implicit denial states (מצבי הכחשה משתמעים)
Any action that is not explicitly allowed (מותרת במפורש) is denied.
Software that released into the public domain
Anyone may use it for any purpose, without restriction
A hybrid attack
Appends(מוסיף), prepends (תלוי), or changes characters in words from a dictionary before hashing in order to attempt the fastest crack of complex passwords.replaces each letter "o" with the number "0
SQL injection attacks are
Application attacks
Sandboxing
Application developers may test the code in a virtualized environment
PEAP (Protected Extensible Authentication Protocol)
Authentication protocol used in wireless networks and Point-to-Point connections, provide more secure authentication for 802.11 WLANs. Encapsulate EAP in TLS tunnel
The Authentication Header provides
Authentication, integrity, and nonrepudiation for IPsec connections.
Electronic vaulting approach (Transferring data every day)
Automated technology moves database backups from the primary database server to a remote site on a scheduled basis
Bluesnarfing targets the data on Bluetooth-enabled devices.
Bluejacking occurs when attackers send unsolicited messages via Bluetooth.
In TLS (Transport Layer Security)
Both the server and the client first communicate using an ephemeral (ארעי) symmetric session key
BitLocker and Microsoft's Encrypting File System (EFS)
Both use AES (Advanced Encryption Standard), which is the NIST-approved replacement for DES (Data Encryption Standard).
Certificates may only be added to a Certificate Revocation List
By the certificate authority that created the digital certificate
CVE (Common Vulnerabilities and Exposures)
It is a public database list of the last cybersecurity vulnerabilities.
A database failure in the middle of a transaction
Causes the rollback of the entire transaction.
IP Addresses class
Class A- 1.0.0.1 to 126.255.255.254 Class B- 128.1.0.1 to 191.255.255.254 Class C- 192.0.1.1 to 223.255.254.254 Class D- 224.0.0.0 to 239.255.255.255
In a Mandatory Access Control (MAC) system
Classifications do not have to include rights to lower levels, This means that the only label we can be sure we have rights to is Secret.
Code review (Part of SDLC)
Code review may use a combination of manual and automated techniques, should be a peer-driven process, and complete the review of around 300 lines per hour, on average.
TCP Connect
Completes a three-way handshake
MITRE
Conducts research and development for the U.S. government.
The commercial classification scheme discussed by (ISC)2 includes four primary classification levels:
Confidential, private, sensitive, and public. Secret is a part of the military classification scheme.
Site survey
Determine wireless network is accessible in organization's
Certificate Revocation List (CRL)
It is a list of digital certificates that have been revoked by the issuing certificate authority (CA)
A foreign key (In SQL)
Create relationships between tables in a database
The Linux tool dd
Creates a bit-by-bit copy of the target drive that is well suited to forensic use.
The Linux tool dd
Creates a bit-by-bit copy of the target drive.
Encapsulation
Creates both the benefits and potential issues with multilayer protocols.
The TEMPEST program
Creates technology that is not susceptible to Van Eck (form of eavesdropping) phreaking (מפזר) attacks.
DNS, HTTPS, SSH, RDP, MSSQL Ports
DNS - UDP port 53 HTTPS -TCP port 443 SSH - TCP port 22 RDP - TCP port 3389 MSSQL - TCP port 1433
Digital Rights Management solution (DRM)
DRM solutions are designed to protect intellectual property.
Record retention policies
Describe how long the organization should retain data.
Record retention policies (מדיניות שמירת רשומות)
Describe how long the organization should retain data.
MOR (Minimum Operating Requirement)
Describe the minimum environmental and connectivity requirements in order to operate computer equipment.
Data remanence
Describes data that is still on media after an attempt has been made to remove it.
Data permanence (קביעות)
Describes how long data lasts
MTTR (mean time to repair)
Describes how long it will take to recover a specific failed system.
Wave pattern motion
Detectors transmit ultrasonic or microwave signals into the monitor area
NIDS (Network-based intrusion detection system) it is IDS
Detects malicious traffic on a network.
NIST SP 800-18 Describes system owner responsibilities that include
Helping to develop system security plans, maintaining the plan, ensuring training, and identifying.
Wireshark is a protocol analyzer and may be used to eavesdrop on network connections.
Eavesdropping is an attack against confidentiality.
The Online Certificate Status Protocol (OCSP)
Eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.
Code review process contains:
Email pass-around code reviews, Pair programming, Over-the-shoulder reviews
The best way to ensure email confidentiality in motion
Encrypt the email content.
Parameter checking, or input validation,
Ensure that input provided by users to an application matches the expected parameters for the application
BCP (Business Continuity Plan)
Ensure that the business will continue to operate before, throughout, and after a disaster event is experienced
Regression testing
Ensures proper functionality of an application or system after it has been changed.
Process isolation
Ensures that any behavior will affect only the memory and resources associated with a process, additionally ensures that the operating system allocates a separate area of memory for each process.
Configuration control
Ensures that changes to software versions are made in accordance (בהתאם) with the change control and configuration management process.
Configuration control
Ensures that changes to software versions are made in accordance with the change and configuration management policies
Record retention
Ensures that data is kept and maintained as long as it is needed and that it is purged (טיהור) when it is no longer necessary.
Atomicity (in the database ACID model)
Ensures that database transactions either execute completely or not at all
Integrity
Ensures that unauthorized changes are not made to data while stored or in transit.
NIST SP 800-137 outlines the process for organizations that are
Establishing, implementing, and maintaining an ISCM as define, establish, implement, analyze and report, respond, review, and update.
Carrier-Sense Multiple Access with Collision Detection (CSMA/CD) technology.
Ethernet networks use it. When a collision is detected and a jam signal is sent, hosts wait a random period of time before attempting re-transmission.
NIST SP800-53 describes three processes:
Examination, Interviews, Testing.
NIST SP800-53 describes three processes:
Examination, Interviews, Testing. (It is a baseline control)
NIST SP800-53 describes three processes:
Examination- which is reviewing or analyzing assessment objects like specifications, mechanisms, or activities Interviews- which are conducted with individuals or groups of individuals Testing- which involves evaluating activities or mechanisms for expected behavior when used or exercised
BC-5F-F4-7B-4B-7D
Example of MAC address, the network interface card's manufacturer
Photoelectric sensors work in a similar fashion,
Except that they contain an LED (light-emitting diode) and a photoelectric sensor that generates a small charge while receiving light
The Common Weaknesses Enumeration (CWE) component
Helps describe the root causes of software flaws (פגמים).
The Digital Millennium Copyright Act
Extends common carrier protection to Internet service providers.
FAR (false acceptance rate), FRR (false reject rate)
FARs (Type II errors) are worse than FRRs (Type I errors).
FTP, SSH, Telnet, SMTP
FTP (TCP port 21) SSH (Port 22) Telnet (TCP port 23) SMTP uses port 25
Cellular networks
Have the same issues that any public network have, Should use the same requirements as data transferring over any public network.
The log entries
Firewall log show the allow/deny status for inbound and outbound TCP and UDP sessions.
Network Forensics
Focus on gathering evidence via a process that will support admission into a court of law.
ISO/IEC-27031
Focuses on BCP (Business Continuity Plan)
DRP (Disaster Recovery Plan)
Focuses on efficiently attempting to mitigate the impact of a disaster by preparing the immediate response and recovery of critical IT systems
Misuse (שימוש לרעה) testing
Focuses on how code handles examples of misuse
Striping
Focuses on increasing read and write performance by spreading data across multiple hard disks.
AS serves (Authentication serve)
Forwards the username to the KDC (Key Distribution Center)
Sanitization process
Fully ensures that data is not remnant on the system before it is reused. (Removing hard drive from PC)
When an individual receives a copy of a digital certificate:
He or she verifies the authenticity of that certificate by using the CA's public key to validate the digital signature contained on the certificate.
Heuristic-based anti-malware software
Has a higher likelihood of detecting a zero-day exploit than signature-based methods
WEP (Wired Equivalent Privacy)
Has a very weak security model that relies on a single, predefined, shared static key.
The Sashimi Model (sashimi waterfall model)
Has highly overlapping steps.
Tables in Database
Have rows and columns; A row is a database record, called a tuple. A Column is called an attribute.
Administrators
Have the right to assign permissions to access and handle data.
Ephemeral (חוֹלֵף) symmetric session key.
In TLS, both the server and the client first communicate using an ephemeral symmetric session key.
In differential Backup scenario
In differential backup must achieve a system baseline (Full backup) then will do the last differential backup.
Types of structural coverage
Include a statement, branch or decision coverage, loop coverage, path coverage, and data flow coverage.
SDLC approaches (System Development Life Cycle)
Include steps to provide operational training for support staff as well as end-user training. The SDLC may use one of many development models, including the waterfall and spiral models.
PHI (Protected Health Information)
Includes a variety of data in multiple formats.
Release control
Includes acceptance testing to ensure that any alterations (שינויים) to end-user work tasks are understood and functional.
Release control
Includes acceptance testing to ensure that any alterations to end-user work tasks are understood and functional.
The Physical layer
Includes electrical specifications, protocols, and standards that allow control of throughput, handling line noise, and a variety of other electrical interface and signaling requirements
Project scope and planning phase of business continuity planning
Includes four actions: 1. A structured analysis of the organization. 2. The creation of a BCP team. 3. An assessment of available resources. 4. An analysis of the legal and regulatory landscape.
Data Subject
Individual human associate with a particular set of personally identifier information (PII)
Regression testing (בדיקות רגרסיה)
Intended to prevent the recurrence (הִשָׁנוּת) of issues
Encapsulation
It is a process that adds a header and possibly a footer to data received at each layer before hand-off to the next layer.
Risk transference
Insurance is a common example of Risk transference.
The DevOps approach to technology management seeks to
Integrate software development, operations, and quality assurance in a cohesive (מגובש) effort.
The Gramm-Leach-Bliley Act (GLBA)
It applies specifically to financial institutions. Provide customers a privacy notice on a yearly basis
Network Time Protocol (NTP)
It can ensure that systems are using the same time, allowing time sequencing for logs throughout a centralized logging infrastructure.
OpenID provider
It could allow a phishing attack by directing clients to a fake OpenID provider that can capture valid credentials.
HTTP TRACE or TRACK methods
It could be used to steal a user's cookies via cross-site scripting (XSS). Cross-site tracing (XST) leverages the HTTP TRACE or TRACK
A honeypot
It is a decoy (מַלכּוֹדֶת) computer system used to bait intruders into attacking.
Fagan testing
It is a detailed code review that steps through planning, overview, preparation, inspection, rework, and follow-up phases.
A network that supports IPv6 but needs to connect it to an IPv4 network
It is a gateway solution (NAT64) that can translate traffic between the networks.
KPI & KRI
KPI is a backward-looking indicator, and a KRI is a forward-looking indicator.
TGS (Ticket-Granting Service)
Kerberos service generates a new ticket and session keys and sends them to the client. Receives a TGT from the client.
KPI's (Key Performance Indicator) are (Backward looking indicator)
Key performance indicators, which are used to assess how an organization is performing.
RAID 1
Known as disk mirroring, systems contain two physical disks.Each disk contains copies of the same data.
Stateful packet inspection firewalls,
Known as dynamic packet filtering firewalls, track the state of a conversation and can allow a response from a remote system.
LEAP (The Lightweight Extensible Authentication Protocol)
LAN authentication, designed to handle problems with TKIP, has a feature of mutual authentication.
The disaster recovery test types, listed in order of their potential impact on the business from the least impactful to the most impactful, are as follows:
Least impactful (בר - השפעה): Checklist review Tabletop exercise Parallel (מקביל) test Most Impactful: Full interruption test
Discretionary (שיקול דעת) access control.
Linux filesystem allows the owners of objects to determine the access rights that subjects have to them.
Cross-site tracing (XST)
Leverages the HTTP TRACE or TRACK methods and could be used to steal a user's cookies via cross-site scripting (XSS).
MD5, SHA1, SHA2
MD5- 128-bit hash value SHA1- 160-bit hash (20 bytes) SHA2 (SHA 256)- 256-bits, or 64 hexadecimal digits
Release control
Manages the deployment of code into production
Resource-based access controls
Match permissions to resources like a storage volume. Common in cloud-based infrastructure.
A host-based intrusion detection system (HIDS)
May be able to detect unauthorized processes running on a system.
Anomaly (חריגה)-based intrusion detection systems
May identify a zero-day vulnerability because it deviates from normal patterns of activity
Spare sectors, bad sectors, and space provided for wear leveling on SSDs (overprovisioned space)
May may not be cleared, and will contain data, resulting in data remanence.
Non-IP protocols
May not be able to be filtered by firewall devices.
The contents of RAM are volatile (נָדִיף)
Meaning that they are only available while power is applied to the memory chips
Mutation (מוטציה) testing
Modifies a program in small ways and then tests that mutant to determine if it behaves as it should or if it fails.
A modem (MOdulator/DEModulator)
Modulates between an analog carrier like a phone line and digital communications.
Capacitance motion Detectors
Monitor the electromagnetic field in a monitored area, sensing disturbances that correspond to motion
Security Controls Assessment (SCA)
Most often refers to a formal U.S. government
Deter fraud inside company
Most security professionals recommend at least one, and preferably two, weeks of vacation to.
The three common ways of categorizing the causes for disasters are derived from whether the threat agent is
Natural, human, or environmental in nature.
QualysGuard
Network vulnerability scanning.
RSA ((Rivest-Shamir-Adleman) is an asymmetric algorithm to encrypt and decrypt messages
Nonrepudiation is only possible with an asymmetric encryption algorithm.
The assignment of endpoint systems to VLAN's
Normally performed by a network switch.
The EU-U.S. Privacy Shield principles are
Notice Choice Accountability for Onward transfer Security Data Integrity and Purpose Limitation Access Recourse, Enforcement, and Liability
Directive (הוֹרָאָה) access controls
Notifications and procedures like the signs posted are examples of directive access controls
Directive access controls.
Notifications and procedures like the signs posted at the company.
Baseline configurations
Serve as the starting point for configuring secure systems and applications.
ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution Protocol)
Operate at the Data Link layer- Layer 2
TCP, UDP, and other transport layer protocols like SSL and TLS
Operate at the Transport layer
Separation-of-duties principle
Organizations divide critical tasks into discrete components and ensure that no one individual has the ability to perform both actions.
Sampling
Should be done randomly to avoid human bias
IP protocols
PPTP, L2F, and IPsec
VPN protocols
PPTP, L2F, and IPsec (support IP protocols) L2TP (support non-IP protocols)
PSH (PUSH flag) URG
PSH is a TCP flag used to clear the buffer, resulting in immediately sending data, and URG is the TCP urgent flag.
DNS (Port 53)
Performs translations between FQDNs and IP addresses. A fully qualified domain name (FQDN) is the complete domain name for a specific computer.
ARP
Performs translations between MAC addresses and IP addresses
Tapes that are leaving their normal storage facility
Should be handled according to the organization's classification schemes and handling requirements
Software Escrow agreements
Place a copy of the source code for a software package, It is also a protection against a software vendor going out of business.
Open-source software
Publishes source code publicly (Ubuntu Linux and the Apache web server)
Clearing describes
Preparing media for reuse
Open Web Application Security Project (OWASP)
Produces an annual list of the top ten web application security issues.
Mobile Device Management (MDM)
Products provide a consistent, centralized interface for applying security configuration settings to mobile devices.
The Digital Millennium Copyright Act (DMCA)
Prohibits attempts to circumvent (לעקוף) copyright protection mechanisms placed on a protected work.
Encrypting data on SSD drives
Protect against wear leveling (increase the lifetime of the memory)
IPSec (Internet Protocol Security)
Protect communications over Internet Protocol (IP) networks. Could be used to create a tunnel to transfer the data.
The Family Educational Rights and Privacy Act (FERPA)
Protects the privacy of students in any educational.
MTBF (Mean Time Between Failures)
Quantifies (לִקְבּוֹעַ כָּמוּת) how long a new or repaired system will run before failing
Quantitative and Qualitative risk assessment
Quantitative risk assessment excels at analyzing financial risk(tangible risks), while a qualitative risk assessment is a good tool for intangible risks
Application banner information
Recorded during Discovery penetration testing phase. Banner information is typically gathered as part of discovery to provide information about what version and type of service is being provided.
A commonly recommended set point temperature
Range for a data center is 68-77 F (20-25°C).
RAD (Rapid Application Development)
Rapidly develops software via the use of prototypes, "dummy" GUIs, back-end databases, and more. The goal of RAD is quickly meeting the business need of the system.
Patents
Require public disclosure and have expiration dates
Mandatory vacation programs
Require that employees take continuous periods of time off each year and revoke their system privileges during that time.
RAID 0 (disk striping)
Requires at least two disks to implement. It improves performance of the storage system but does not provide fault toleranc
The Communications Assistance to Law Enforcement Act (CALEA)
Requires that all communications carriers make wiretaps (האזנות סתר) possible for law enforcement officials who have an appropriate court order.
The California Online Privacy Protection Act
Requires that commercial websites that collect personal information from users in California conspicuously post a privacy policy
Durability (עמיד)
Requires that once a transaction is committed to the database it must be preserved.
Durability (עמידות)
Requires that once a transaction is committed to the database it must be preserved.
Isolation
Requires that transactions operate separately from each other.
Children's Online Privacy Protection Act (COPPA).
Requires that websites obtain advance parental consent for the collection of personal information from children under the age of 13.
SCP
Secure Copy is a secure file transfer method
Skip should use SCP
Secure Copy is a secure file transfer method
Forensic imaging
Should be used during the incident response process
Senior managers play several business continuity planning roles
Setting priorities, obtaining resources, and arbitrating (בורר) disputes among team members
A Shadow Databas
Shadow database mirrors all changes made to a primary database, but clients do not access the shadow
Annualized Loss Expectancy (ALE) =
Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO)
Web application firewalls (WAFs)
Sit in front of web applications and watch for potentially malicious web attacks, including cross-site scripting.
CAC (Common Access Card)
Smart card used by US Government.
Advanced Encryption Standard (AES)
Supports encryption with 128-bit keys, 192-bit keys, and 256-bit keys.
Frame Relay
Supports multiple private virtual circuits (PVCs), unlike X.25. A minimum bandwidth guarantee provided by the service provider to customers.
A Preaction fire
Suppression (דיכוי) system activates in two steps.
Active monitoring is also known as
Synthetic monitoring and relies on prerecorded or generated traffic to test systems for performance.
Syslog (Uses UDP port 514)
Syslog is a way for network devices to send event messages to a logging server - usually known as a Syslog server.
In a manual recovery approach,
System does not fail into a secure state, requires an administrator to manually restore operations.
Configuration management practices associated with
System security will involve tasks such as disabling unnecessary services; removing extraneous programs; enabling security capabilities such as firewalls, antivirus, and intrusion detection or prevention systems; and configuring security and audit logs.
Traditional private branch exchange (PBX)
Systems are vulnerable to eavesdropping (ציתות) because voice communications are carried directly over copper wires. Physically securing access to the lines
Data loss prevention (DLP)
Systems may identify sensitive information stored on endpoint systems or in transit over a network
TGS (Ticket-Granting Service)
TGS then issues a ticket and Kerberos service generates keys to the client.
During Kerberos process
TGT (Ticket Granting Tickets) sent to TGS (Ticket Granting Server)
Compilers (מְקַבֵּץ נְתוּנִים)
Take source code, such as C or Basic, and compile (לְלַקֵט) it into machine code.
Degaussing Tapes
Tapes can be erased by degaussing, but degaussing is not always fully effective, Data remanence is a becoming a concern.
Time of check to time of use (TOC/TOU) attacks
Target situations where there is a race condition, meaning that a dependence on the timing of actions allows impermissible actions to take place.
Mirai
Targeted "Internet of Things" devices
During a tabletop exercise
Team members come together and walk through a scenario without making any changes to information systems
During a Tabletop exercise
Team members come together and walk through a scenario without making any changes to information.
When Nikito flag the (/TEST) directory
Test directories often include scripts that may have poor protections or may have other data that can be misused.
Integration testing
Testing multiple software components as they are combined into a working system. Subsets may be tested, or Big Bang integration testing is used for all integrated software components.
Installation Testing
Testing software as it is installed and first operated.
Dynamic testing
Tests software in a running environment
Use case testing
Tests valid use cases
The *-Integrity Property states
That a subject cannot modify an object at a higher integrity level than that possessed by the subject.
Business impact analysis (BIA)
The BIA identifies critical business or mission requirements and includes elements such as Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs), but it doesn't identify solutions.
CMP (Crisis Management Plan)
The CMP is designed to provide effective coordination among the managers of the organization in the event of an emergency or disruptive event.
The law serves as the basis for privacy rights in the United States is:
The Fourth Amendment directly prohibits government agents from searching private property without a warrant and probable cause.
HITECH- Health Information Technology for Economic and Clinical Health Act
The HITECH Act was created to motivate the implementation of electronic health records (EHR) and supporting technology in the US.
System A should send an ACK to end the three-way handshake.
The TCP three-way handshake is SYN, SYN/ACK, ACK.
The U.S. Department of Commerce oversees Privacy Shield.
The U.S. government agency oversees compliance with the Privacy Shield framework for organizations wishing to use the personal data of EU citizens.
Fault Tolerance (סבלנות לתקלות)
The ability for a system to respond to unexpected failures or system crashes as the backup system immediately and automatically takes over with no loss of service.
Recovery Time Objective (RTO)
The length of time it will take to recover.
Baselines provide
The minimum level of security that every system throughout the organization must meet.
Scrum
The most common framework for Agile Development.
Initiation
The need for a system is expressed and the purpose of the system is documented.
The GDPR does include the need to collect information for specified, explicit, and legitimate purposes:
The need to ensure that collection is limited to the information necessary to achieve the stated purpose; and the need to protect data against accidental destruction.
After detection of a security incident
The next step in the process is responsd
After detection of a security incident
The next step in the process is response
Data Hiding
The object provides encapsulation, we do not know, from the outside, how the object performs its function.
Data loss prevention (DLP) systems
specialize in the identification of sensitive information
Disposal (הִפָּטְרוּת)
The secure decommission (פירוק) of a system
When using symmetric cryptography
The sender encrypts a message using a shared secret key and the recipient then decrypts the message with that same key.
When using symmetric cryptography,
The sender encrypts a message using a shared secret key and the recipient then decrypts the message with that same key.
Assurance
The software is free from vulnerabilities and functions in an intended manner (דרך מיועדת)
When the system owner that responsible for the system have significant change.
The system owner should update the system security plan
Linux system (During scanning)
The system shows X11, as well as login, shell, and nfs ports, all of which are more commonly found on Linux systems.
Dynamic Host Configuration Protocol (DHCP).
This protocol assigns a specific IP address to each device that is connected to the network.
During a parallel test
The team activates the disaster recovery site for testing but the primary site remains operational.
During a parallel test
The team actually activates the disaster recovery site for testing but the primary site remains operational.
During a parallel test:
The team actually activates the disaster recovery site for testing, but the primary site remains operational.
During a full interruption test
The team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations.
In a gray box test
The tester evaluates the software from a user perspective but has access to the source code as the test is conducted.
Self-service password reset tools
Typically have a significant impact on the number of password reset contacts that a help desk has.
EMI (electromagnetic interference)
This includes circuits, power cables, network cables, and many others.
Slack Space
This leftover space, it may contain old data, or it can be used intentionally by attackers to hide information.
Third-party organization that processes data (In the EU)
Under EU regulations, both the organization sharing data and the third-party data processor bear (לָשֵׂאת) responsibility for maintaining the privacy and security of personal information.
Abstraction (הפשטה)
Uses a black box approach to hide the implementation details of an object from the users of that object. Is the process of hiding the operational complexty of the system from te system user.
The meet-in-the-middle attack (2DES vulnerable)
Uses a known-plaintext message and uses both encryptions of the plaintext and decryption.
Skip
Use SCP—Secure Copy is a secure file transfer method.
Data at rest encryption
Use Symmetric encryption like AES
Authenticated scans
Use a read-only account to access configuration files, allowing more accurate testing of vulnerabilities
Class C fire extinguishers (מטף)
Use carbon dioxide or halon suppressants and are useful against electrical fires.
Class B fire extinguishers (liquid-based fires)
Use carbon dioxide, halon, or soda acid as their suppression material and are useful against liquid-based fires
Misuse case diagrams
Use language beyond typical use case diagrams, including threatens and mitigates.
Multipartite viruses
Use multiple propagation mechanisms to defeat system security controls but do not necessarily include techniques designed to hide the malware from antivirus software.
Multipartite (רב-חלקי) viruses
Use multiple propagation mechanisms to spread between systems.
PERT charts- Used to schedule, organize, and coordinate tasks within a project
Use nodes to represent milestones or deliverables and then show the estimated time to move between milestones.
Proximity card
Use of an eletcromagnetic coil inside the card
The Simple Integrity Property
User can't write data to a higher integrity level than their own
Before granting any user access to information, should verify:
User has an appropriate security clearance, as well as a business, need to know the information in question.
The *-Security Property
Users can't write data to a lower security level than their own
Verification
Validates security controls.
Once a vulnerability scanner identifies a potential problem
Validation is necessary to verify that the issue exists.
Statement coverage tests
Verify that every line of code was executed during the test
Identity proofing.
Verifying information that an individual should know about themselves using third-party factual information (a Type 1 authentication factor).
A master boot record (MBR)
Virus redirects the boot process to load malware during the operating system loading process.
EAP (Extensible Authentication Protocol)
Was originally intended to be used on physically isolated network channels and did not include encryption
The Rijndael block cipher
Was selected as the winner and is the cryptographic algorithm underlying the Advanced Encryption Standard (AES).
Directory traversal (מעבר) attack
Where the attacker attempts to force the web application to navigate up the file hierarchy and retrieve a file that should not normally be provided to a web user.
Rings 0-2 run in privileged mode
Whereas Ring 3 runs in user mode
Static analysis
Which analyzes non running code.
Static Analysis
Which analyzes non-running code.
Parameterization
Which can help avoid SQL injection
Penetration testers often use penetration testing tools,
Which include the open-source Metasploit, closed-source Core Impact, Immunity Canvas.
TDL (top level domain)
Which is part of the global DNS
Bridge
Workstation or other device is connected simultaneously to both a secure and a non-secure network like the Internet. Can cause bypassing.
Integrity verification software
Would protect against this attack by identifying unexpected changes in protected data.
Out-of-band identity proofing
Would use to contacting the user, like a text message or phone call, and password verification requires a password.
Directional antenna
Yagis, panel antennas, cantennas, and parabolic antennas are all types of
If the CER does not fit the needs of the organization
You should assess other biometric systems.
FIFO (first in, first out) (also called round robin)
You will use each tape in order and cycle back to the first tape.
RAID- Redundant (גודש) Array (מַעֲרָך) of Independent Disks
level 0 is also known as disk striping. RAID 1 is called disk mirroring. RAID 5 is called disk striping with parity (Redundancy (גודש) check). RAID 10 combines disk mirroring and disk striping to protect data
The formula for determining the number of encryption keys required by a symmetric algorithm
six users and would like to use symmetric: Encryption algorithm ((n*(n-1))/2). With six users, you will need ((6*5)/2), or 15 keys
Here is a summary of common circuits, T Carriers (United States) and E Carriers (Europe)
• A T1 is a dedicated 1.544-megabit circuit that carries 24.64 kbit/s DS0 (Digital Signal 0) channels. • A T3 is 28 bundled T1s, forming a 44.736-megabit circuit. • An E1 is a dedicated 2.048-megabit circuit that carries 30 channels. • An E3 is 16 bundled E1s, forming a 34.368-megabit circuit.
Recommended replacements for Halon:
• Argon • FE-13 • FM-200 • Inergen
The following are common types of electrical faults:
• Blackout: prolonged (מְמוּשָׁך) loss of power • Fault: short loss of power • Surge: prolonged high voltage • Spike: temporary high voltage • Sag: temporary low voltage • Brownout: prolonged low voltage
The five modes of DES are:
• Electronic Code Book (ECB) • Cipher Block Chaining (CBC) • Cipher Feedback (CFB) • Output Feedback (OFB) • Counter (CTR) Mode
The Time of Check to Time of Use (TOC/TOU) attack
Exploits timing differences between when a system verifies authorization and software uses that authorization to perform an action.
Kerberos
Relies on properly synchronized time on each end of a connection to function. out of sync if the local system time is more than five minutes.
Asynchronous communications
Rely on a built-in stop and start flag or bit.
Spoofing attacks
Rely on falsifying (זיוף) an identity like an IP address or hostname without credentials.
Pair programming
Requires two programmers to work together, with one writing code and the other reviewing and tracking progress.
Two-person control
Requiring simultaneous action by two separate authorized individuals to gain access to the encryption keys.
NIST SP 800-60 diagram
Security categorization and determine controls.
SSH (Secure Shell)
Is a secure command-line and login protocol,
WEP (Wired Equivalent Privacy)
Is a security algorithm for IEEE 802.11 wireless networks.
SSAE 18
Is a series of enhancements aimed to increase the usefulness and quality of SOC reports (Soc 1/2/3)
Firewalls type:
- Packet-filtering firewalls - Circuit-level gateways - Stateful inspection firewalls - Application-level gateways (a.k.a. proxy firewalls) - Next-gen firewalls - Software firewalls - Hardware firewalls - Cloud firewalls
Information share data, Internal business data, Trade secret data:
-Information shared data with customers it's public - An internal business could be sensitive or private - Trade secrets data are proprietary (קנייני)
Kerberos infrastructure contain
-Key distribution center (KDC) provides authentication services -Ticket-granting tickets (TGTs) provide proof that a subject has authenticated and can request tickets to access objects, -Authentication services (ASs) are part of the KDC
EU-U.S. Privacy Shield Principles
-Notice -Choice -Accountability for Onward Transfer -Security -Data Integrity and Purpose Limitation -Access -Recourse, Enforcement, and Liability
There are four types of passwords to consider when implementing access controls:
-Static passwords are reusable passwords that may or may not expire. -Passphrases (סיסמאות) are long static passwords, comprised of words in a phrase or sentence (replacing CISSP with "XYZZY") -One-time passwords may be used for a single authentication. - Dynamic passwords change at regular intervals (מרווחים) as Token.
Risks are the combination of a threat and a vulnerability.
-Threats are the external forces seeking to undermine security, such as the hacker in this case. -Vulnerabilities are the internal weaknesses that might allow a threat to succeed.
Incident Response Process
1. Preparation (training, writing incident response policies and procedures) 2. Detection (identification) 3. Response (containment) 4. Mitigation (eradication (עֲקִירָה)) 5. Reporting 6. Recovery 7. Remediation (תיקון) 8. Lessons learned (postincident activity, postmortem, or reporting)
The SDLC (Software Development Life Cycle) consists of seven phases , in the following order:
1. conceptual definition 2. functional requirements determination 3. control specifications development 4. design review, code review 5. system test review 6. maintenance 7. change management
Private IP address ranges
10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255
RFC 1918 addresses are in the ranges
10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, 192.168.0.0 to 192.168.255.255.
CSIRT
A Computer Security Incident Response Team
CWE (Common Weakness Enumeration)
A dictionary of software vulnerabilities by MITRE
Dictionary attacks use (Like Orange1, OrangeD5d, Orange 546, Orangecoun)
A dictionary or list of common passwords. This attack shows a variety of passwords based on a similar base word.
Expert systems have two components:
A knowledge bank that contains the collected wisdom of human experts and an inference engine that allows the expert systems to draw conclusions.
Darknet
A monitored network without any hosts.
Warm site
A site that relies shared storage and backups for recovery.
Hot site:
A site with dedicated storage and real-time data replication, often with shared equipment that allows restoration of service in a very short time.
Security baselines provide
A starting point to scope and tailor security controls to your organization's needs.
According to NIST SP 800-18
A system owner should update the system security plan when the system they are responsible for undergoes a significant change.
According to NIST SP 800-18, (System Owner)
A system owner should update the system security plan when the system they are responsible for undergoes a significant change.
Honeypot
A system set up with intentional (מכוון) vulnerabilities
Salt
A unique salt should be created for each user using a secure generation method and stored in that user's record.
Fiber Channel over Ethernet (FCoE)
Allows Fiber Channel communications over Ethernet networks, allowing existing high-speed networks to be used to carry storage traffic
Decentralized access control allows IT administration to occur closer to the mission and operations of the organization.
Allows IT administration to occur closer to the mission and operations of the organization.
Nonrepudiation
Allows a recipient to prove to a third party that a message came from a purported source.
Take rule
Allows a subject to take the rights belonging to another object.
OpenID
Allows a user to use a single account to log into multiple sites, and Google accounts are frequently.
The Brewer-Nash model
Allows access controls to change dynamically based upon a user's actions.
API (Application Programming Interface)
Allows an application to communicate with another application or an operating system, database, network, etc
An application programming interface (API)
Allows external users to directly call routines within code.
The Diffie-Hellman algorithm
Allows for the secure exchange of symmetric encryption keys over a public network
Expert opinion evidence in court
Allows individuals to offer their opinion based upon the facts in evidence and their personal knowledge.
Identity as a service (IDaaS), or cloud identity
Allows organizations to leverage cloud service for IdM (identity management)
Information that is modifiable between a client and a server in STRIDE threat assessment
Also means that it is accessible, pointing to both tampering (לְהִשׁתַמֵשׁ לְרָעָה) and information disclosure
Polymorphic viruses
Alter their code on each system they infect to defeat signature detection.
The Federal Information Security Management Act (FISMA)
Applies to federal government agencies and contractors.
Fair Cryptosystem
Approach to key escrow, the secret keys used in communications are divided into two or more pieces.
Smart cards
Are a Type II authentication factor and include both a microprocessor and at least one certificate
Smart cards
Are a Type II authentication factor and include both a microprocessor and at least one certificate.
Reciprocal (הֲדָדִי) agreements
Are a bidirectional (דו - כיווני) agreement between two organizations in which one organization promises another organization that it can move in and share space if it experiences a disaster.
Security assessments
Are a holistic approach to assessing the effectiveness of access control. security assessments have a broader scope
Replay attacks
Are a more specific type of masquerading (לְהַעֲמִיד פָּנִים) attack that relies on captured network traffic to reestablish authorized connections
Limit checks
Are a special form of input validation that ensure the value remains within an expected range
Subjects
Are active entities that can access a passive object to retrieve information from or about an object.
ISDN, cable modems, DSL
Are all examples of broadband (פס רחב) technology that can support multiple simultaneous signals.
Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP)
Are all routing protocols and are associated with routers.
Kerberos, KryptoKnight, and SESAME
Are all single sign-on, or SSO
Yagis, panel antennas, cantennas, and parabolic antennas
Are all types of directional antenna
Interviews, surveys, and audits
Are all useful for assessing awareness.
Usernames
Are an identification tool
Candidate keys
Are any attribute (column) in the table with unique values (SSN and name)
Electronic backups
Are archives that are stored electronically and can be retrieved in case of a disruptive event or disaster.
Mandatory access control systems
Are based on a lattice-based model. Lattice-based models use a matrix of classification labels to compartmentalize (למדר) data.
Trusted paths that secure network traffic from capture and link encryption
Are both ways to help prevent man-in-the-middle attacks
Fuzz testers
Are capable of automatically generating input sequences to test an application
Flows logging (also often called network flows)
Are captured to provide insight into network traffic for security, troubleshooting, and performance management.
UPS's (Uninterruptible (ללא הפרעה) Power System)
Are designed to protect against short-term power losses. UPS's have limited-life batteries and are not able to maintain sustained (ממושך) blackout.
Specifications (מפרט)
Are document-based artifacts (ממצאים) like policies or designs.
Machine languages
Are examples of first-generation programming languages
Machine languages
Are examples of first-generation programming languages.
Software tokens
Are flexible, with delivery options including mobile applications, SMS, and phone delivery.
Procedures
Are formal, mandatory documents that provide detailed, step-by-step actions required from individuals performing a task.
SMTP servers that don't authenticate users before relaying their messages
Are known as open relays
Macro viruses
Are most commonly found in office productivity documents such as Microsoft Word documents as .doc or .docx extension.
Business logic errors
Are most likely to be missed by automated functional testing.
Written works, such as website content.
Are normally protected by copyright law.
Erase commands in SSD (It is store and retrieve (לאחזר) data)
Are not consistently effective across multiple SSD brands.
Masquerading תחפושת(or impersonation) התחזות
Attacks use stolen or falsified credentials to bypass authentication mechanisms
Cross-Site Scripting (XSS) attacks
Attacks where the malicious user tricks the victim's web browser into executing a script through the use of a third-party site.
Session hijacking attacks
Attempt to steal previously authenticated sessions.
Neural (עצביים) networks
Attempt to use complex computational techniques to model the behavior of the human mind.
A disassembler
Attempts (לְנַסוֹת) to convert machine language into assembly
Root-cause analysis
Attempts to determine the underlying weakness or vulnerability that allowed the incident to be realized.
The Service Organizations Control
Audit program includes business continuity controls in a SOC 2
Requiring authentication
Can help provide accountability by ensuring that any action taken can be tracked back to a specific user.
CallerID
Can help with this but can be spoofed, making callback a better solution.
X.500
Is a series of standards defining directory services.
KRI- Key Risk Indicators
Can provide useful information for organizational planning and a deeper understanding of how organizations view risk, KRIs are not a great way to handle a real-time security response
A Captive Portal
Can require those who want to connect to and use Wi-Fi to provide an email address to connect.
Device fingerprinting via a web portal
Can require user authentication and can gather data like operating systems, versions, software information, that can uniquely identify systems.
Signature detection
It is the most effective technique to combat known malware.
Iris scans have a longer useful life than many other types of biometric factors:
Because they don't change throughout a person's lifespan (unless the eye itself is damaged.
Black box testing
Begins with no prior knowledge of the system
. Bind (In LDAP)
Bind operations are used to authenticate clients to the directory server, to establish an authorization identity
Retina scans
Can reveal additional information, including high blood pressure and pregnancy, causing privacy concerns.
Attribute-based information controls like those described in NIST SP 800-162
Can take many details about the user, actions, and objects into consideration before allowing access to occur.
L2TP (Layer 2 Tunneling Protocol)
Can use IPsec to provide encryption of traffic, ensuring confidentiality of the traffic carried via an L2TP VPN
Ionization-based smoke detectors
Contain a small radioactive source that creates a small electric charge.
Hybrid cloud and local authentication system
Can ensure that Internet or server outages are handled, allowing authentication to work regardless to the employee location.
Supply chain management
Can help ensure the security of hardware, software, and services that an organization acquires.
Unencrypted sessions to websites
Can be easily captured with a packet sniffer.
Network Access Control (NAC) systems
Can be used to authenticate users and then validate their system's compliance with a security standard before they are allowed to connect to the network.
Centralized access control
Can be used to provide single sign-on (SSO). where a subject may authenticate once, then access multiple systems.
Patents and trade secrets
Can both protect intellectual property in the form of a process. Trade secrets remain in force for as long as they remain secret.
Bluetooth active scans
Can determine both the strength of the PIN and what security mode the device is operating in
SOC 1, Type 1 -Financial statements
Contain financial statements and the opinion on the presentation of the service organization's system
Stand-alone mode,
Connects clients using a wireless access point but not to wired resources like a central network
Infrastructure mode
Connects endpoints (Like laptops) to a central network (Router), not directly to each other (2 laptops).
Object-based storage
Considered IaaS because it is a core infrastructure service, especially when the vendor providing it.
Warm sites
Contain the hardware necessary to restore operations but do not have a current copy of data.
Netflow data
Contains information on the source, destination, and size of all network communications.
Each incremental backup
Contains only the information changed since the most recent full or incremental backup.
Backup tape rotation scheme
Contains the Grandfather/Father/Son, Tower of Hanoi, and Six Cartridge Weekly schemes
The certificate revocation list
Contains the serial numbers of digital certificates issued
The Code of Federal Regulations (CFR)
Contains the text of all administrative laws promulgated by federal agencies.
NIST SP 800-34 (For business continuity and disaster recovery)
Contingency (חירום) Planning Guide for Federal Information System
In SOC Type II audits (audits occur in type 2)
Cover a period of time and do include an assessment of operating effectiveness.
Change management
Typically requires sign-off from a manager or supervisor before changes are made.
Someplace/somwhre you are
Describes location-based access control using technologies such as the global positioning system (GPS), IP address-based geolocation, or the physical location
Disclosure
Describes the actions taken by a security researcher after discovering a software vulnerability
Throughput (תפוקה)
Describes the process of authenticating to a biometric system.
X.509
Defines standards for public key certificates like those used with many smart cards.
System Center Configuration Manager (SCCM)
Designed to allow administrators to evaluate the configuration status of Windows workstations and servers.
A Security Information and Event Management (SIEM)
Designed to centralize logs from many locations in many formats and to ensure that logs are read and analyzed despite differences between different systems and devices.
LEAP, the Lightweight Extensible Authentication Protocol
Designed to handle problems with TKIP. Any modern hardware should support WPA2 and technologies like PEAP or EAP-TLS
BRP (Business recovery plan)/ Business Resumption Plan
Details the steps required to restore normal business operations after recovering from a disruptive event.
Incipient (התחלתי) stage (In case of fire)
During this stage, air ionization takes place, and specialized incipient fire detection systems can identify these changes to provide early warning of a fire.
The exposure factor calculated
Dy dividing the amount of damage by the asset value. For instance: $750,000 in damage divided by the $2 million facility value, or 37.5%.
PEAP (Protected Extensible Authentication Protocol)
Encapsulates EAP in a TLS tunnel, providing strong encryption.
Minimum security requirements for email
Encrypt sensitive email should be the focus of the organization's efforts for minimum security.
An individual creates a digital signature by
Encrypting the message digest with his or her own private key.
ESP's Transport mode
Encrypts IP packet data but leaves the packet header unencrypted
ESP's Transport mode
Encrypts IP packet data but leaves the packet header unencrypted.
All stateful inspection firewalls
Enforce an implicit deny (הכחשה מרומזת) rule as the final rule of the rulebase.
Group Policy
Enforced by Active Directory can ensure consistent logging settings and can provide regular enforcement of policy on systems
Fagan inspections
Follow a rigorous (קפדני), highly structured process to perform code review, using a planning, overview, preparation, inspection, rework, and follow-up cycle
When an individual receives a copy of a digital certificate
He or she verifies the authenticity of that certificate by using the CA's public key to validate the digital signature contained on the certificate.
System owner responsibilities that include
Helping to develop system security plans, maintaining the plan, ensuring training, and identifying.
Load balancing
Helps to ensure that a failed server will not take a website or service offline.
The U.S. Trusted Foundry program
Helps to protect the supply chain for components and devices by ensuring that the companies that produce and supply them are secure.
MAC (Mandatory access control) systems can be
Hierarchical- each domain is ordered and related to other domains above and below it. Compartmentalized (מחולק)- where there is no relationship between each domain. Hybrid- where both hierarchy and compartments are used
The recovery point objective (RPO)
Identifies the maximum amount of data, measured in time, that may be lost during a recovery effort.
Test or code coverage analysis
Identify the degree to which code testing applies to the entire application. The goal is to ensure that there are no significant gaps where a lack of testing.
Federation links
Identity information between multiple organizations
Biometric systems can face major usability challenges
If the time to enroll is long (over a couple of minutes) and if the speed at which the biometric system is able to scan and accept or reject the user is too slow.
Windows systems will assign themselves an APIPA address between 169.254.0.1 and 169.254.255.254
If they cannot contact a DHCP server (automatically provides and assigns IP addresses, default gateways and other network parameters to client devices.)
Static code analysis
Involves reviewing the code itself for flaws rather than testing the live software.
Segregation (הַפרָדָה) of Duties (SOD)
Is a basic building block of sustainable risk management and internal controls for a business
Fuzzing
Is a black-box testing method that does not require access to source code.
Combinatorial software testing
Is a black-box testing method that seeks to identify and test all unique combinations of software inputs
Lightweight Directory Access Protocol (LDAP)
Is a client/server protocol used to access and manage directory information.
Privilege creep
Is a common problem when employees change roles over time and their privileges and permissions are not properly modified to reflect their new roles.
SMTP (Simple Mail Transfer Protocol)
Is a communication protocol for electronic mail transmission, (Uses Port 25 TCP)
Software-Defined Networking (SDN)
Is a converged protocol that allows virtualization concepts and practices to be applied to networks
Radio Frequency IDentification (RFID) technology
Is a cost-effective way to track items around a facility
Meet-in-the-middle
Is a cryptographic attack against 2DES encryption
Coupling (צימוד)
Is a description of the level of interaction between objects.
The Smurf attack
Is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets.
Pseudoflaws
Is a false vulnerability in a system that may attract an attack
A pseudo flaw
Is a false vulnerability in a system that may attract an attacker
Fagan inspection
Is a highly formalized review and testing process that uses planning, overview, preparation, inspection, rework, and follow-up steps
Fagan inspection
Is a highly formalized review and testing process that uses planning, overview, preparation, inspection, rework, and follow-up steps.
A foreign key
Is a key in a related database table that matches a primary key in a parent database table.
Assembly language
Is a low-level computer programming language. Assembly language instructions are short mnemonics (זִכרוֹנִיוּת), such as "ADD," "SUB" (subtract), and "JMP" (jump), An assembler converts assembly language into machine language.
A Power spike
Is a momentary period of high voltage.
TLS (Transport Layer Security)
Is a network encryption protocol that may be used to protect sensitive information,
Wireshark
Is a network monitoring tool that can capture and replay communications sent over a data network, including Voice over IP (VoIP) communications.
Encapsulation
Is a process that adds a header and possibly a footer to data received at each layer before handoff to the next layer
Encapsulation
Is a process that adds a header and possibly a footer to data received at each layer before handoff to the next layer.
The spiral model
Is a software development model designed to control risk. The spiral model repeats steps of a project, starting with modest goals, and expanding outwards in ever-wider spirals called rounds.
Loopback address 127.0. 0.1
Is a special IP number (127.0.0.1) primarily used to validate that the locally connected physical network card is working properly and the TCP/IP stack installed.
AES (Advanced Encryption Standard)
Is a strong symmetric cipher that is appropriate for use with data at rest (As USB)
Blowfish
Is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA.
3 DES, officially the Triple Data Encryption Algorithm,
Is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block
SLDC (Systems Development Life Cycle)
Is a system development model, SDLC is used across the IT industry.
A security audit
Is a test against a published standard, as PCI DSS standard.
Kerberos
Is a third-party authentication service that may be used to support SSO.
Jitter
Is a variation (שִׁנוּי) in the latency for different packets
Jitter
Is a variation in the latency for different packets
Vulnerability scanning
Is a way to discover poor configurations and missing patches in an environment.
OpenID
Is a widely supported standard that allows a user to use a single account to log into multiple sites, and Google accounts are frequently used with OpenID.
Active monitoring
Is also known as synthetic monitoring and relies on prerecorded or generated traffic to test systems for performance and other issues.
Service Provisioning Markup Language (SPML)
Is an OASIS developed markup language designed to provide service, user, and resource provisioning between organizations.
SAMPL
Is an algebraic modeling language
Clipping
Is an analysis technique that only reports alerts after they exceed (חורגים) a set threshold ( סף מוגדר ).
CHAP (Challenge-Handshake Authentication Protocol)
Is an authentication scheme used by Point-to-Point Protocol (PPP) servers to validate the identity of remote clients.
TKIP (Temporal Key Integrity Protocol)
Is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs, (replace WEP )
A redundant site
Is an exact production duplicate of a system that has the capability to seamlessly operate all necessary IT operations without loss of services to the end user of the system.
A callback to a landline phone number
Is an example of a "somewhere you are" factor bc of the fixed physical location of a wired phone.
The Low Orbit Ion Cannon (LOIC) attack
Is an example of a distributed denial-of-service attack.
Awareness training
Is an example of an administrative control
The Gramm Leach Bliley Act (GLBA)
Is an example of civil law.
Confinement (כליאה, Sand box)
Is an example of the use of a sandbox, the system restricts the access of a process to limit its ability to affect other processes running on the same system.
Metasploit -
Is an exploitation package that is designed to assist penetration testers. A tester using Metasploit can exploit (exploit) known vulnerabilities for which an exploit has been created or can create their own exploits using the tool
Developing a business impact assessment
Is an integral part of the business continuity planning effort.
ISO 27002
Is an international standard focused on information security, recommends security controls based on the industry best practices.
JavaScript
Is an interpreted (מפורש) language so the code is not compiled prior to execution, allowing owner to inspect the contents of the code.
OpenVAS (Can use it remotely)
Is an open source vulnerability scanning tool that will provide a report of the vulnerabilities that it can identify from a remote.
SAML - Security Assertion Markup Language(pronounced SAM-el)
Is an open standard for exchanging authentication and authorization data between parties.
Hardcopy data
Is any data that are accessed through reading or writing on paper rather than processing through a computer system.
A disaster
Is any event that can disrupt normal IT operations and can be either natural or man-made. Including Hacking, terrorism,flooding and fire.
An input validation attack
Is any malicious action against a computer system that involves manually entering strange information into a normal user input field.
Bcrypt
Is based on Blowfish , it is a replacement for the DES. Blowfish is a symmetric block cipher that uses a variable-length key, from 32 bits to 448 bits
The stored sample of a biometric factor
Is called a reference profile or a reference template.
Interpreted (פירוש) languages
Is compiled on the fly each time the program is run.
Test coverage
Is computed using the formula test coverage = number of use cases tested/total number of use cases.
The use of a probability/impact matrix
Is the hallmark (סימן ההיכר) of a qualitative risk assessment
SDD- Solid State Drive
Is the hardware component in a computer that stores data. (replace Hard Disk Drives (HDD)) In terms of destroying SSD, there is a problem with the built-in erase commands are not completely effective on some SSDs.
A cluster
Is the minimum size that can be allocated by a file system.
TEMPEST (a U.S. National Security Agency referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals)
Is the name for a program aimed at capturing data from electronic emissions (פליטות אלקטרוניות)
The annualized rate of occurrence (ARO)
Is the number of times that risk analysts expect a risk to happen in any given year. Once every 200 years (1/200 years= 0.005%)
L2TP
Is the only one of the four common VPN protocols that can natively support non-IP protocols
The exposure (חשיפה) factor
Is the percentage of the facility that risk managers expect will be damaged if a risk materializes. (Dividing the amount of damage by the asset value)
Watermarking
Is the process of hiding digital information in a carrier signal.
The goal of the business continuity planning process
Is to ensure that your recovery time objectives are less than maximum tolerable downtimes (RTO<MTD)
The goal of a redundant array of inexpensive disks (RAID)
Is to help mitigate the risk associated with hard disk failures
Port Address Translation (PAT)
Is used to allow a network to use any IP address set inside without causing a conflict with the public Internet.
SDLC Waterfall
It is a sequential (רצף) model that divides software development into pre-defined phases.
The Trusted Computing Base (TCB)
It is a small subset of the system contained within the kernel that carries out critical system activities
Fiber Distributed Data Interface (FDDI)
It is a token-passing network that uses a pair of rings with traffic flowing in opposite directions.
A Mantrap
It is a type of preventive access control, although its implementation is a physical control.
Service Provisioning Markup Language (SPML)
It is an XML-based language designed to allow platforms to generate and respond to provisioning requests.
SSAE-18 (Service Organizations (often referred to SOC)
It is an attestation (תְעוּדָה) standard, used for external audits, and forms part of the underlying framework for SOC 1, 2, and 3 reports
During developing an object-oriented model
It is desirable to have high cohesion and low coupling
Write blocker
It is forensic drive controller.
Declassification rarely chosen as an option for media reuse
It is more expensive than new media and may still fail
Entity integrity
Means each tuple has a unique primary key that is not null.
Dynamic signatures
Measure the process by which someone signs his/her name.
B. The five COBIT principles are:
Meeting stakeholder needs, covering the enterprise end-to-end, applying a single integrated framework, enabling a holistic approach, and separating governance from management.
The five COBIT (IT management framework) principles are:
Meeting stakeholder needs. Covering the enterprise end-to-end. Applying a single integrated framework. Enabling a holistic approach. Separating governance from management.
Crosstalk
Occurs when data transmitted on one set of wires is picked up on another set of wires.
The feedback model of composition theory
Occurs when one system provides input for a second system and then the second system provides input for the first system.
Privilege creep
Occurs when users retain from roles they held previously rights they do not need to accomplish their current job.
Credential management systems
Offer features like password management, multifactor authentication to retrieve passwords, logging, audit, and password rotation capabilities
Test directories
Often include scripts that may have poor protections or may have other data that can be misused
Network-enabled printers (Ports 515 and 9100)
Often provided services via TCP 515 and 9100, and have both nonsecure and secure web-enabled management interfaces on TCP 80 and 443.
In a zero-knowledge proof:
One individual demonstrates to another that they can achieve a result that requires sensitive information without actually disclosing the sensitive information.
The analysis of application logs is
One of the core tasks of software analysis.
Embedded (משובץ) Device Forensics
One of the greatest challenges facing the field of digital forensics is the proliferation (הִתרַבּוּת) of consumer-grade electronic hardware and embedded devices.
General Data Protection Regulation (GDPR)
Organizations only exchange personal information with other organizations bound by the EU.
On every business continuity plan task:
Organizations should train at least two individuals.
Parameterization
Prevent SQL inquiry attack.
Polyinstantiation
Prevent attackers from conducting aggregation or inference attacks.
The Simple Security Property
Prevents an individual from reading information at a higher security level than his or her clearance allows
The Simple Security Property (In Bell-LaPadula mode)
Prevents an individual from reading information at a higher security level than his or her clearance allows.
The Bell-LaPadula model
Prevents an individual from reading information that is classified at a level higher than the individual's security clearance
The two important risk elements that should weigh most heavily in your analysis of risk are
Probability and impact
Electronic signatures
Prove that the signature was provided by the intended signer.
Supervisory Control and Data Acquisition Systems (SCADA)
Provide a graphical interface to monitor industrial control systems (ICS)
Guidelines
Provide advice based on best practices developed throughout industry and organizations, but they are not compulsory. Compliance with guidelines is optional
Maintenance hooks
Provide developers with easy access to a system, but it is known as a backdoor bypassing normal security controls.
Credential management systems
Provide features designed to make using and storing credentials in a secure and controllable way.
Discretionary (שיקול דעת) Access Control (DAC)
Provide scalability by leveraging many administrators, and those administrators can add flexibility by making decisions about access to their objects.
The Transport layer
Provides logical connections between devices, including end-to-end transport services to ensure that data is delivered. Transport layer protocols include TCP, UDP, SSL, and TLS.
SOC 2- Technical audit, Controls assurance of customers data
Provides predefined, standard benchmarks for controls involving confidentiality, availability, integrity.
CHAP (The challenge-handshake authentication protocol)
Provides protection against playback attacks. It uses a central location that challenges remote users. used by Point-to-Point Protocol (PPP) servers to validate the identity of remote clients.
DMCA (Digital Millennium Copyright Act)
Provides safe harbor protection for the operators of Internet service providers
(SASL) The Simple Authentication and Security Layer for LDAP
Provides support for a range of authentication types, including secure methods.
BCI (Business Continuity Institute)
Published a six step Good Practice Guidelines (GPG). They represent current global thinking in good Business Continuity (BC) practice.
Mission owner's role
Responsible for making sure systems provide value.
Ring 0,1,2,3
Ring 0 is the kernel, rings 1 and 2 are used for device drivers, and ring 3 is user application space.
Data center humidity
Should be maintained between 40% and 60%
Input validation
Should be performed on the web application server. Ensures that the data provided to a program as input matches the expected parameters.
Self-signed digital certificates
Should be used only for internal-facing applications, where the user base trusts the internally generated digital certificate.
An organization pursuing a vital (חיוני) records management program
Should begin by identifying all of the documentation that qualifies as a vital (חיוני) business record.
Sending logs to a secure log server
Sometimes called a bastion(חוֹמַת מָגֵן) host, is the most effective way to ensure that logs survive a breach.
Protection Profiles (PPs)
Specify the security requirements and protections that must be in place for a product to be accepted under the Common Criteria.
The Open Vulnerability and Assessment Language (OVAL)
Standardizes steps of the vulnerability assessment process.
Layer 6 - Presentation Layer
Standards like JPEG, ASCII, and MIDI are used at the Presentation layer for data
OpenLDAP
Stores the user Password attribute (תכונה) in the clear.
The due care principle states
That an individual should react in a situation using the same level of care that would be expected from any reasonable person.
XP )is an Agile development method)
That uses pairs of programmers who work off a detailed specification
When a system is configured to use shadowed passwords.
The /etc/passwd file contains only the character x in the place of a password.
False Acceptance Rate (FAR)
The Method to deal with FAR is adding a second factor.
IaaS (Infrastructure as a Service)
The core capabilities of Iaas is providing servers on a vendor-managed virtualization platform.
In an IaaS server environment
The customer retains responsibility for most server security operations.
In a Paas (Platform as a Service Solution)
The customer supplies application code that the vendor then executes on its own infrastructure
In a platform as a service solution (Paas)
The customer supplies application code that the vendor then executes on its own infrastructure
Port 636
The default port for LDAP-S provides LDAP over SSL or TLS. The server supports encrypted connections
The last step of the certificate creation process is
The digital signature. The certificate authority signs the certificate using its own private key.
XOR is a binary operation (1's and 0's), it stands for "exclusive or"
The exclusive or (XOR) operation is true when one and only one of the input values is true.
During the preservation (אַכְסָנָה) phase
The organization ensures that information related to the matter at hand is protected against intentional or unintentional alteration (שינוי) or deletion (מחיקה)
Remote journaling urly
Transfers transaction logs to a remote site on a more frequent basis than electronic vaulting, hourly.
Remote Journaling (Transferring Data every hour)
Transfers transaction logs to a remote site on a more frequent basis than electronic vaulting, typically hourly.
Layer 6 -Presentation layer
Transforms data from the Application layer into formats that other systems can understand by formatting and standardizing the data
Network Address Translation (NAT)
Translates the IP addresses of computers in a local network to a single IP address.
TCP
Transports data over a network in a connection-oriented fashion
UDP
Transports data over a network in a connectionless fashion.
In reduction analysis, the security professional breaks the system down into five key elements:
Trust boundaries, data flow paths, input points, privileged operations, and details about security controls
In the community cloud computing model
Two or more organizations pool their resources to create a cloud environment that they then share
Type 1/2/3 authentication
Type 1 authentication (something you know) Type 2 (something you have) Type 3 (something you are)
Type 1 and Type 2 Errors
Type 1 errors occur when a valid subject is not authenticated. Type 2 errors occur when an invalid subject is incorrectly authenticated.
Team reviews
Typically done in a group
Asynchronous tokens
Use a challenge/response process in which the system sends a challenge and the user responds with a PIN and a calculated response to the challenge
Interface testing
Used to ensure that software modules properly meet interface specifications and thus will properly exchange data
Encryption is often
Used to protect traffic. Like bank transactions from sniffing.
The Waiting state
Used when a process is blocked waiting for an external event.
Compensation controls
Used when controls like the locks are not sufficient (מספיק)
War dialing
Uses a modem to dial a series of phone numbers, looking for an answering modem carrier tone. The penetration tester then attempts to access the answering system.
Passive monitoring
Uses a network tap or span (Switched Port Analyzer) port to capture traffic to analyze it without impacting the network or devices that it is used to monitor.
Direct inward (פְּנִימִי) system access (DISA)
Uses access codes assigned to users to add a control layer for external access and control of the PBX
Redundant Array of Independent Disks (RAID)
Uses additional hard drives to protect the server against the failure of a single device.
OOP (Object Oriented Programming)
Uses an object metaphor to design and write computer programs. An object is a "black box" that is able to perform functions
Manual testing
Uses human understanding of business logic to assess program flow and responses.
A high-availability cluster (also called a failover cluster)
Uses multiple systems that are already installed, configured, and plugged in, so that if a failure causes one of the systems to fail, another can be seamlessly leveraged to maintain the availability of the service or application being provided.
Multiprotocol Label Switching (MPLS)
Uses path labels instead of network addresses
Computer-aided software engineering (CASE)
Uses programs to assist in the creation and maintenance of other computer programs.
An application-level gateway firewall
Uses proxies for each service it filters
An application-level gateway firewall
Uses proxies for each service it filters.
Proactive monitoring, aka synthetic monitoring
Uses recorded or generated traffic to test systems and software
Proactive monitoring, aka synthetic monitoring.
Uses recorded or generated traffic to test systems and software.
Pattern testing
Uses records of past software bugs to inform the analysis.
Cross-site scripting
Uses reflected input to trick a user's browser into executing untrusted code from a trusted site.
Static code analysis
Uses techniques like control flow graphs, lexical analysis, and data flow analysis to assess code without running it.
The PGP email system
Uses the "web of trust" approach to secure email. It used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions.
The S/MIME secure email format
Uses the P7S format for encrypted email message.
The S/MIME secure email format
Uses the P7S format for encrypted email messages.
The whitelist approach
Uses the reverse philosophy and only allows approved software.
Provisioned
When a user's role changes, they should be provisioned based on their role and other access entitlements.
DNS poisoning occurs
When an attacker changes the domain name to IP address mappings of a system to redirect traffic to alternate systems.
Type 2 errors occur in biometric systems
When an invalid subject is incorrectly authenticated as a valid user.
Top Secret (The U.S. government's highest classification)
When data is stored in a mixed classification environment, it is typically classified based on the highest classification of data included.
Datagrams (Transport layer-UDP).
When data reaches the Transport layer, it is sent as segments (TCP) or datagrams (UDP)
Dirty reads occur
When one transaction reads a value from a database that was written by another transaction that did not commit.
Lost updates occur
When one transaction writes a value to the database that overwrites a value, causing those transactions to read an incorrect value
Regression testing
Which is a type of functional or unit testing, tests to ensure that changes have not introduced new issues.
Mantrap
Which is composed of a pair of doors with an access mechanism that allows only one door to open at a time
ESI (electronically stored information)
Which is typically acquired via a forensic investigation.
Call Tree/ Crisis Communications Plan
Which is used to quickly communicate news throughout an organization without overburdening any specific person.
Both TCP and UDP port numbers are a 16-digit binary number
Which means there can be 216 ports, or 65,536 ports, numbered from 0 to 65,535
Passive monitoring
Which uses a network tap or span port to capture traffic to analyze it without impacting the network or devices that it is used to monitor.
Here are the four classes of gates:
• Class I: Residential (home use) • Class II: Commercial/General Access (parking garage) • Class III: Industrial/Limited Access (loading dock for 18-wheeler trucks) • Class IV: Restricted Access (airport or prison)
The Common Criteria levels are:
• EAL1: Functionally tested • EAL2: Structurally tested • EAL3: Methodically tested and checked • EAL4: Methodically designed, tested, and reviewed • * EAL5: Semiformally designed, and tested • EAL6: Semiformally verified, designed, and tested • EAL7: Formally verified, designed, and tested
Agile software development evolved (התפתח) as a reaction to rigid (נוקשה) software development models such as the waterfall model (scrum and XP).
• Individuals and interactions over processes and tools • Working software over comprehensive documentation • Customer collaboration over contract negotiation • Responding to change over following a plan
Kerberos has the following components:
• Principal: Client (user) or service. • Realm (תְחוּם): A logical Kerberos network. • Ticket: Data that authenticates a principal's identity. • Credentials: A ticket and a service key. • KDC: Key Distribution Center, which authenticates principals. • TGS: Ticket Granting Service. • TGT: Ticket Granting Ticket. • C/S: Client Server, regarding communications between the two.
