IST 323 Exam

Biometric Authentication

Authentication based on biological (bio) measurements Think finger prints, iris pattern, etc.

AAA

Authentication: Supplicant sends credentials to verifier to authenticate the supplicant Authorization: What permissions the authenticated user will have Auditing: Recording what people do in log files

Which must be a longer key to be secure (asymmetric or symmetric) and why

Asymmetric because the keys are being shared, they need to be longer and stronger

Chain of Attack

Attacker attacks through a chain of victim computers Victim can usually on find the source of the most recent attack computer, not where the attacker started the chain from

Wireless DoS

Attacker floods the AP with too many packets, victim cannot connect

Evil Twin Attack

Attacker uses a access point that is stronger than the once victim is trying to connect to, victim connects to evil AP, Evil twin intercepts, reads, then passes on all communication

Non-Repudiation

A service that provides proof of the integrity and origin of data Encrypting something with your own private key, having people decrypt it with your public key

Cipher Suite

A set of cryptographic algorithms

Two Way Trust

A trusts B and B trusts A

One Way Trust

A trusts B or B trusts A, not both

Wireless

A wireless internet connection, clients connect to access points using radio waves, the access point connects to the local wired ethernet network

Weakest Link Failure

A failure in any component will lead to the failure for the entire system

Public Key

A key shared with the world that everyone has Something encrypted with a public key can be decrypted with a private key

IPSec Associations

Agreement of encryption mechanisms to use between end points (similar to cipher suites is SSL/TLS) Must have an SA for each direction of communication Can be enforced by policy servers Companies can eliminate weaker security methods

CIA

Confidentiality, Integrity, Availability

Threat Environment

Consists of the types of attackers and attacks that companies face Need to know what threat to protect against

Access Token

Constantly changing password devices for one-time passwords

Compliance Laws + Regulations

Create requirements for corporate security Documentation Requirements are strong Identity management requirements tend to be strong

Encryption

Changing clear text to encrypted format, makes text not readable (or hearable, or viewable)

CSO/CISO/ISO

Chief Security Officer, Chief Information Security Officer, Information Security Officer Belong within and outside of IT

Codes vs. Cyphers

Ciphers encrypt any message expressed in binary Codes are more specialized, they sub one thing for another

Worms

Full programs that don't attach to other programs Can be spread by email, IM, or file transfer Can jump to other computers without human intervention Computer must have a vulnerability for direct propagation to work

SSL/TLS Gateway

Gateway authenticates to client using public key encryption, then authenticates to user (usually by username/password) Main feature is it establishes web based connections between the client and web server It translates the clients communication to and from web speak Transport is Host to Host VPN, Tunnel is site to site VPN (less expensive)

Malware

Generic name for evil software, bad stuff

Types of Threats

Employees/Ex Employees Malware Hackers Criminals Competitors Cyberwar/Cyberterror

Hashes vs Encryption

Hashes: running txt through an algorithm, no key, can't decrypt Encryption: Keys/Ciphers encrypting data to later be decrypted

Source IP address spoofing

Hides the attacker's identity Replies do not go to the attacker, so address spoofing cannot be used for all purposes

Reconnaissance Probes

IP address scans to identify possible victims Port scans to learn which services are open on each potential victim host

Transitive Trust

If A trusts B and B trusts C, then A trusts C automatically

Intransitive Trust

If A trusts B and B trusts C, this does NOT mean that A trusts C automatically

Firewall

Filters out traffic that consists of provable attack packet

Stateful Packet Inspection Firewall

Deeper inspection of packets than Static packet filtering Use different filtering rules Pervasive in market Nearly all firewalls are stateful

Default Deny vs. Default Allow

Default Deny: Block all packets by default, set specific rules to allow traffic Default Allow: Allow all packets by default, set specific rules to deny traffic

Comprehensive Security

Defenders must close all possible avenues of attack, for an attacker only needs one for an attack to succeed

Plan-Protect-Respond Cycle

Dominates security management thinking: prepare for attacks, protect against them, respond accordingly

Strategic Planning

Driving forces: threat environment, compliance laws and regulations, corporate structure changes such as mergers

Static Packet Filtering

Looks at each packet separately Makes a decision based on source/destination IP and/or port

DoS Attacks

Make a server or network unavailable to users by sending a flood of attack messages to the victim

The Criminal Era

Many cyber gangs are international, makes prosecution difficult Cyber criminals use black market forums Different Cyber Crimes committed

Why the end of passwords?

Many firms want to eliminate passwords because of their weaknesses Quite a few firms have already largely phased them out Two factor can be phished

Integrity

Means attackers cannot change or destroy information, either while it is on a computer or traveling across a network

Availability

Means people who are authorized to use information are not prevented from doing so

Confidentiality

People cannot access or view sensitive information, either on a computer or across a network

False Acceptance Rates (FARs)

Percentage of people who are identified or verified as matched to a template but should not be

False Rejection Rates (FRRs)

Percentage of people who should be identified or verified as matched to a template but are not

Trojan Horses

Program that replaces an existing system file, taking its name Remotely Access Trojans (control victims PC remotely) Downloaders (downloads larger Trojan horse after initial small download is completed)

Viruses

Programs that attach themselves to legitimate programs on the victim's machine Spread primarily by email, also by IM and File transfer

Password Policies

Regularly test the strength of internal passwords Not using the same password at multiple sites Use password management programs Password duration policies Shared password policies (makes auditing impossible) Disabling passwords that are no longer valid Password complexity

Types of Access Control

Individual: bases access rules on individual accounts Role-based access control (RBAC): Bases access rules on organizational roles (e.g., buyer, member of a team, etc.) Assigns individual accounts to roles to give them access to each role's resources Mandatory access control (MAC): No departmental or personal ability to alter access control rules set by higher authorities Discretionary access control (DAC): Departmental or personal ability to alter access control rules set by higher authorities

Ingress vs. Egress

Ingress packets come into a site. Egress packets go out from a site.

Principal of least permissions

Initially give people only the permissions a person absolutely needs to do his or her job If assignment is too narrow, additional permissions may be given If assignment is too broad, security issues can arise

Countermeasures

Tools used to negate the threats and stop attacks also called safeguards, protections, and controls Types: Preventative (prevents), Detective (detects), Corrective (corrects)

Transposition vs. Substitution

Trans = Text being shifted ex: HELLO to HOLLE Sub = Text being changed ex: HELLO to GRTTU

SSL/TLS

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communications security over a computer network (Layer 6 Transport Layer)

False Wireless Security

Turning off the Service Set Identifier (SSID) on an access point Need to know the SSID to access the AP, if it is off it can make access more difficult for ordinary users Becomes more efficient if WPA or WPA2 are applied

Two Factor/Multi Factor Authentication

Two Factor: Use two forms of authentication for defense in depth Multifactor: Two or more types

Internet Protocol Security (IPSec)

Uses cryptographic security services to protect communications over Internet Protocol (IP) networks

Virtual Private Network (VPN)

Using cryptography to make untrusted networks secure Essentially most wireless networks are VPNs

Enterprise Mode (Operates in 802.1x)

WEP: No WPA: Yes WPA2: Yes

Personal Mode (Operates in Pre-Shared Key)

WEP: No WPA: Yes WPA2: Yes

WEP/WPA/802.11i(WPA2)

WEP: RC4 with flawed implementation, no rekeying, back strength WPA: RC4 with 48 bit initialization vector (IV), Temporal key integrity protocol (TKIP), weak but no complete crack to date WPA2: AES with 128-bit key keys, AES-CCMP mode, very strong

Credentials

What you know (e.g., a password) What you have (e.g., an access card) What you are (e.g., your fingerprint) or What you do (e.g., speaking a passphrase)

Data Breach Notification Laws

What/who needs to be informed of when a breach occurs

Firewall Design Concerns

When speccing a firewall, be sure that: It can handle your traffic volume It will work at line speeds. (If you connect it to a 10G wire, it better be able to process 10G of data!) Just because the interface on the firewall is rated for a certain speed, doesn't mean it will process data at that rate! Checks the specs!!!

Exploit

Specific attack method that the attacker uses to break into the computer is called "the attacker's exploit" The act of implementing the exploit is called exploiting the host

Compromises

Successful attacks, things that cause harm to business Also know as incidents or breaches

Rootkits

Take control of the super user account (root, admin, etc.) Can hide themselves from file system detection Can hid malware from detection Very difficult to detect (regular antivirus programs find few rootkits)

Management Vs. Technology

Tech is concrete: can visualize devices and transmission lines, can understand device and software operation Management is abstract, yet is more important "security is a process, not a product"

Key

The "variable" put into the cipher that makes each encryption unique

Hash/Hashing

The act of running a clear text string through an algorithm Passwords are stored as hashes

Private Key

Your own personal key that is to be kept secret Something encrypted with a public key can be decrypted with a private key

Vision

Your understanding about your role with respect to your company, it's employees, and the outside world drives everything else

Network Address Translation (NAT)

an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic

Access Control

the policy-driven control of access to systems, data, and dialogues policies are implemented through technical means

How many bits in a strong symmetric key/asymmetric key

64 for Strong, 128 for "unbreakable" by bruteforce

Traditional Hackers

Motivated by thrill, skill, sense of power Wants to increase rep among community Do damage as a byproduct Engage in Petty Crime

Identity Management

The centralized policy-based management of all information required for access to corporate systems by a person, machine, program, or other resource.

Distributed Dos Attack

Bots flood the victim with attack packets, attacker controls the bots

Traffic Overload

Firewalls can only process so much data usually as a result of their processor and software When a firewall becomes "overloaded" it drops packets that it can't process

Application Proxy Firewall

Protections for Internal Clients against Malicious Webservers URL blacklists for known attack sites Protection against some or all scripts in webpages The disallowing of HTTP response messages with prohibited MIME types that indicate malware Protections against Misbehaving Internal Clients Disallowing the HTTP POST method, which can be use to send out sensitive files

Pros/Cons to different Major Symmetric Key Encryption Ciphers (RC4, DES, 3DES, AES)

RC4: Low processing/RAM requirements, very weak encryption DES: Moderate processing/RAM requirements, weak encryption (Made in 1970s) 3DES: High processing/RAM requirements, strong encryption (Applies DES 3 times over with 3 different keys) AES: Low processing/RAM requirements, very strong encryption (Gold Standard)

Symmetric Key vs. Asymmetric Key

Sym = both sides of the conversation share the same key Asym = Use key pairs, a public key and a private key

Cipher

The algorithm that changes the clear text to encrypted and back again

Cryptography

The use of mathematical operations to protect messages traveling between parties or stored on a computer