IST 323 Exam
Biometric Authentication
Authentication based on biological (bio) measurements Think finger prints, iris pattern, etc.
AAA
Authentication: Supplicant sends credentials to verifier to authenticate the supplicant Authorization: What permissions the authenticated user will have Auditing: Recording what people do in log files
Which must be a longer key to be secure (asymmetric or symmetric) and why
Asymmetric because the keys are being shared, they need to be longer and stronger
Chain of Attack
Attacker attacks through a chain of victim computers Victim can usually on find the source of the most recent attack computer, not where the attacker started the chain from
Wireless DoS
Attacker floods the AP with too many packets, victim cannot connect
Evil Twin Attack
Attacker uses a access point that is stronger than the once victim is trying to connect to, victim connects to evil AP, Evil twin intercepts, reads, then passes on all communication
Non-Repudiation
A service that provides proof of the integrity and origin of data Encrypting something with your own private key, having people decrypt it with your public key
Cipher Suite
A set of cryptographic algorithms
Two Way Trust
A trusts B and B trusts A
One Way Trust
A trusts B or B trusts A, not both
Wireless
A wireless internet connection, clients connect to access points using radio waves, the access point connects to the local wired ethernet network
Weakest Link Failure
A failure in any component will lead to the failure for the entire system
Public Key
A key shared with the world that everyone has Something encrypted with a public key can be decrypted with a private key
IPSec Associations
Agreement of encryption mechanisms to use between end points (similar to cipher suites is SSL/TLS) Must have an SA for each direction of communication Can be enforced by policy servers Companies can eliminate weaker security methods
CIA
Confidentiality, Integrity, Availability
Threat Environment
Consists of the types of attackers and attacks that companies face Need to know what threat to protect against
Access Token
Constantly changing password devices for one-time passwords
Compliance Laws + Regulations
Create requirements for corporate security Documentation Requirements are strong Identity management requirements tend to be strong
Encryption
Changing clear text to encrypted format, makes text not readable (or hearable, or viewable)
CSO/CISO/ISO
Chief Security Officer, Chief Information Security Officer, Information Security Officer Belong within and outside of IT
Codes vs. Cyphers
Ciphers encrypt any message expressed in binary Codes are more specialized, they sub one thing for another
Worms
Full programs that don't attach to other programs Can be spread by email, IM, or file transfer Can jump to other computers without human intervention Computer must have a vulnerability for direct propagation to work
SSL/TLS Gateway
Gateway authenticates to client using public key encryption, then authenticates to user (usually by username/password) Main feature is it establishes web based connections between the client and web server It translates the clients communication to and from web speak Transport is Host to Host VPN, Tunnel is site to site VPN (less expensive)
Malware
Generic name for evil software, bad stuff
Types of Threats
Employees/Ex Employees Malware Hackers Criminals Competitors Cyberwar/Cyberterror
Hashes vs Encryption
Hashes: running txt through an algorithm, no key, can't decrypt Encryption: Keys/Ciphers encrypting data to later be decrypted
Source IP address spoofing
Hides the attacker's identity Replies do not go to the attacker, so address spoofing cannot be used for all purposes
Reconnaissance Probes
IP address scans to identify possible victims Port scans to learn which services are open on each potential victim host
Transitive Trust
If A trusts B and B trusts C, then A trusts C automatically
Intransitive Trust
If A trusts B and B trusts C, this does NOT mean that A trusts C automatically
Firewall
Filters out traffic that consists of provable attack packet
Stateful Packet Inspection Firewall
Deeper inspection of packets than Static packet filtering Use different filtering rules Pervasive in market Nearly all firewalls are stateful
Default Deny vs. Default Allow
Default Deny: Block all packets by default, set specific rules to allow traffic Default Allow: Allow all packets by default, set specific rules to deny traffic
Comprehensive Security
Defenders must close all possible avenues of attack, for an attacker only needs one for an attack to succeed
Plan-Protect-Respond Cycle
Dominates security management thinking: prepare for attacks, protect against them, respond accordingly
Strategic Planning
Driving forces: threat environment, compliance laws and regulations, corporate structure changes such as mergers
Static Packet Filtering
Looks at each packet separately Makes a decision based on source/destination IP and/or port
DoS Attacks
Make a server or network unavailable to users by sending a flood of attack messages to the victim
The Criminal Era
Many cyber gangs are international, makes prosecution difficult Cyber criminals use black market forums Different Cyber Crimes committed
Why the end of passwords?
Many firms want to eliminate passwords because of their weaknesses Quite a few firms have already largely phased them out Two factor can be phished
Integrity
Means attackers cannot change or destroy information, either while it is on a computer or traveling across a network
Availability
Means people who are authorized to use information are not prevented from doing so
Confidentiality
People cannot access or view sensitive information, either on a computer or across a network
False Acceptance Rates (FARs)
Percentage of people who are identified or verified as matched to a template but should not be
False Rejection Rates (FRRs)
Percentage of people who should be identified or verified as matched to a template but are not
Trojan Horses
Program that replaces an existing system file, taking its name Remotely Access Trojans (control victims PC remotely) Downloaders (downloads larger Trojan horse after initial small download is completed)
Viruses
Programs that attach themselves to legitimate programs on the victim's machine Spread primarily by email, also by IM and File transfer
Password Policies
Regularly test the strength of internal passwords Not using the same password at multiple sites Use password management programs Password duration policies Shared password policies (makes auditing impossible) Disabling passwords that are no longer valid Password complexity
Types of Access Control
Individual: bases access rules on individual accounts Role-based access control (RBAC): Bases access rules on organizational roles (e.g., buyer, member of a team, etc.) Assigns individual accounts to roles to give them access to each role's resources Mandatory access control (MAC): No departmental or personal ability to alter access control rules set by higher authorities Discretionary access control (DAC): Departmental or personal ability to alter access control rules set by higher authorities
Ingress vs. Egress
Ingress packets come into a site. Egress packets go out from a site.
Principal of least permissions
Initially give people only the permissions a person absolutely needs to do his or her job If assignment is too narrow, additional permissions may be given If assignment is too broad, security issues can arise
Countermeasures
Tools used to negate the threats and stop attacks also called safeguards, protections, and controls Types: Preventative (prevents), Detective (detects), Corrective (corrects)
Transposition vs. Substitution
Trans = Text being shifted ex: HELLO to HOLLE Sub = Text being changed ex: HELLO to GRTTU
SSL/TLS
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communications security over a computer network (Layer 6 Transport Layer)
False Wireless Security
Turning off the Service Set Identifier (SSID) on an access point Need to know the SSID to access the AP, if it is off it can make access more difficult for ordinary users Becomes more efficient if WPA or WPA2 are applied
Two Factor/Multi Factor Authentication
Two Factor: Use two forms of authentication for defense in depth Multifactor: Two or more types
Internet Protocol Security (IPSec)
Uses cryptographic security services to protect communications over Internet Protocol (IP) networks
Virtual Private Network (VPN)
Using cryptography to make untrusted networks secure Essentially most wireless networks are VPNs
Enterprise Mode (Operates in 802.1x)
WEP: No WPA: Yes WPA2: Yes
Personal Mode (Operates in Pre-Shared Key)
WEP: No WPA: Yes WPA2: Yes
WEP/WPA/802.11i(WPA2)
WEP: RC4 with flawed implementation, no rekeying, back strength WPA: RC4 with 48 bit initialization vector (IV), Temporal key integrity protocol (TKIP), weak but no complete crack to date WPA2: AES with 128-bit key keys, AES-CCMP mode, very strong
Credentials
What you know (e.g., a password) What you have (e.g., an access card) What you are (e.g., your fingerprint) or What you do (e.g., speaking a passphrase)
Data Breach Notification Laws
What/who needs to be informed of when a breach occurs
Firewall Design Concerns
When speccing a firewall, be sure that: It can handle your traffic volume It will work at line speeds. (If you connect it to a 10G wire, it better be able to process 10G of data!) Just because the interface on the firewall is rated for a certain speed, doesn't mean it will process data at that rate! Checks the specs!!!
Exploit
Specific attack method that the attacker uses to break into the computer is called "the attacker's exploit" The act of implementing the exploit is called exploiting the host
Compromises
Successful attacks, things that cause harm to business Also know as incidents or breaches
Rootkits
Take control of the super user account (root, admin, etc.) Can hide themselves from file system detection Can hid malware from detection Very difficult to detect (regular antivirus programs find few rootkits)
Management Vs. Technology
Tech is concrete: can visualize devices and transmission lines, can understand device and software operation Management is abstract, yet is more important "security is a process, not a product"
Key
The "variable" put into the cipher that makes each encryption unique
Hash/Hashing
The act of running a clear text string through an algorithm Passwords are stored as hashes
Private Key
Your own personal key that is to be kept secret Something encrypted with a public key can be decrypted with a private key
Vision
Your understanding about your role with respect to your company, it's employees, and the outside world drives everything else
Network Address Translation (NAT)
an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic
Access Control
the policy-driven control of access to systems, data, and dialogues policies are implemented through technical means
How many bits in a strong symmetric key/asymmetric key
64 for Strong, 128 for "unbreakable" by bruteforce
Traditional Hackers
Motivated by thrill, skill, sense of power Wants to increase rep among community Do damage as a byproduct Engage in Petty Crime
Identity Management
The centralized policy-based management of all information required for access to corporate systems by a person, machine, program, or other resource.
Distributed Dos Attack
Bots flood the victim with attack packets, attacker controls the bots
Traffic Overload
Firewalls can only process so much data usually as a result of their processor and software When a firewall becomes "overloaded" it drops packets that it can't process
Application Proxy Firewall
Protections for Internal Clients against Malicious Webservers URL blacklists for known attack sites Protection against some or all scripts in webpages The disallowing of HTTP response messages with prohibited MIME types that indicate malware Protections against Misbehaving Internal Clients Disallowing the HTTP POST method, which can be use to send out sensitive files
Pros/Cons to different Major Symmetric Key Encryption Ciphers (RC4, DES, 3DES, AES)
RC4: Low processing/RAM requirements, very weak encryption DES: Moderate processing/RAM requirements, weak encryption (Made in 1970s) 3DES: High processing/RAM requirements, strong encryption (Applies DES 3 times over with 3 different keys) AES: Low processing/RAM requirements, very strong encryption (Gold Standard)
Symmetric Key vs. Asymmetric Key
Sym = both sides of the conversation share the same key Asym = Use key pairs, a public key and a private key
Cipher
The algorithm that changes the clear text to encrypted and back again
Cryptography
The use of mathematical operations to protect messages traveling between parties or stored on a computer