Principles of Information Security Chapter 4, 5, and 6

weighted factor analysis

Once the inventory and value assessment are complete, you can prioritize each asset using a straightforward process known as ________. In this process, each information asset is assigned a score for each set of assigned critical factor.

transport mode

In _________ the data within an IP packet is encrypted, but the header information is not.

systems-specific policies

________ address the particular use of certain systems. This could include firewall configuration policies, systems access policies, and other technical configuration areas.

Effective management

________ includes planning, organizing, leading, and controlling

Risk control

________ is the application of controls to reduce the risks to an organization's data and information systems.

SOCKS

________ is the protocol for handling TCP traffic via a proxy server.

incident damage assessment

________ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.

Managerial controls

_________ are security processes that are designed by strategic planners and implemented by the security administration of the organization.

incident response (IR)

__________ is therefore the set of activites taken to plan for, detect, and correct the impact of an incident on information assets.

Unclassified, Sensitive But Unclassified, Confidential, Secret, and Top Secret

the military five-level classification scheme.

hot swapped

meaning they can be replaced without taking the entire system down

Sensitive But Unclassified data (SBU)

"Any information or material of which the loss, misues, or unauthorized access to, or modification of might adversely affect U.S. national interests, the conduct of Department of Defense (DoD) programs, or the privacy of DoD personnel."

Confidential data

"Any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. Examples of damage could include the compromise of information that indicates strength of ground, air, and naval forces in the United States and overseas areas; technical information used for training, maintenance, and inspection of classified munitions of war; revelation of performance characteristics, test data, design, and production data on munitions of war.

Top Secret data

"Any information or material the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security. Examples of exceptionally grave damage include armed hostilities against the United States or its allies; disruption of foreign relations vitally affecting the national security; the compromise of vital national defense plans or complex cryptologic and communications intelligence systems; the revelation of sensitive intelligence operations; and the disclosure of scientific or technological developments vital to national security" This classification comes with the general expectation of "crib-to-grave" protection, meaning that any individual entrusted with top-secret information is expected to retain this level of confidence for his or her lifetime.

Secret data

"Any information or material the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security. Examples of serious damage include disruption of foreign relations significantly affecting the national security; significant impairment of a program or policy directly related to the national security; revelation of significant military plans or intelligence operations; compromise of significant military plans or intelligence operations; and compromise of significant scientific or technological developments relating to national security."

war dialer

A ____ is an automatic phone-dialing program that dials every number in a configured range and cheks to see if a person, answering machine, or modem picks up.

dynamic filtering firewall

A _____________ can react to an emergent event and update or create rules to deal with that event.

who can use the system what authorized users can access when authorized users can access the system where authorized users can access the system from

ACLs regulate the following:

alert roster

An ________ is a document containing contact information for the people to be notified in the event of an incident; note that it should name only those who must respond to the incident.

Enterprise information security policy (EISP)

An ________________ is also known as a general security policy, organizational security policy, IT security policy, or information security policy. The ___ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.

proxy server, proxy firewall

An alternative to firewall subnets or DMZs is a ______ or _____. It performs actions on behalf of another system. When deployed, it is configured to look like a Web server and is assigned the domain name that users would be expecting to find for the system and its services.

Port 53

Domain Name Services (DNS)

Port 7

Echo

Port 21

File Transfer [Control] (FTP)

Port 20

File Transfer [Default Data] (FTP)

packet-filtering firewalls, application gateways, circuit gateways, MAC Layer firewalls, and hybrids.

Firewalls fall into five major processing-mode categories:

risk equals

For the purpose of relative risk assessment, _____ likelihood of vulnerability occurence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.

Port 80

Hypertext Transfer Protocol (HTTP)

7

ICMP uses port __ to request a response to a query (e.g., "Are you there?")

redundancy

Implementing multiple types of technology and therby precluding that the failure of one system will compromise the security of information is referred to as _________. __________ can be implemted at a number of points throughout the security architecture, such as in firewalls, proxy servers, and access controls.

rating, filtering

In most common implementation models, the content filter has two components: ______ and _______

wireless access points (WAPs)

In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ______________

Unclassified data

Information that can generally be distributed to the public without any threat to U.S. national interests.

1. Authentication server (AS), which is a kerbos server that authenticates clients and servers. 2. Key Distribution Center (KDC), which generates and issues session keys. 3. Kerberos ticket granting service (TGS), which provides tickets to clients who request services.

Kerberos consists of three interacting services, all of which use a database library.

data classification scheme

Many corporations use a _______ to help secure the confidentiality and integrity of information.

Port 110

Post Office Protocol version 3 (POP3)

Port 25

Simple Mail Transfer Protocol (SMTP)

Port 161

Simple Network Management Protocol (SNMP)

sacrificial host

Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ________

electronic vaulting

The transfer of large batches of data to an offsite facility is called ________ This transfer is usually conducted through leased lines, or services provided for a fee.

Authentication factors

Something a supplicant knows Something a supplicant has Something a supplicant is

de facto standards

Standards may be informal or part of an organizational culture, as in ____________.

de jure standards

Standards may be published, scrutinized, and ratified by a group, as in formal or ____________

Port 23

Telnet

TCP port 23

Telnet protocol packets usually go to __________

CISO

The SETA program is the responsibility of the _______ and is a control measure designed to reduce the incidences of accidental security breaches by employees.

Internet Engineering Task Force (IETF)

The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the _____________, and while the group endorses no specific information security architecture, one of its requests for comment (RFC), RFC 2196: Site Security Handbook, provides a good functional discussion of important security issues.

defend control strategy

The _______ attempts to prevent the exploitation of the vulnerability

transfer control strategy

The _______ attempts to shift risk to other assets, other processes, or other organizations.

general security policy

The _______ is an executive-level document that outlines the organization's approach and attitude toward information security and relates the strategic value of information security within the organization. This document, typically created by the CIO in conjunction with the CEO and CISO, sets the tone for all subsequent security activities.

program security policy

The ________ is a planning document that outlines the process of implementing security in the organization. This policy is the blueprint for the analysis, design, and implementation of security.

security blueprint

The ________ is the basis for the design, selection, and implementation of all security program elements including policy implementation, ongoing policy management, risk management programs, education and training programs, technological controls, and maintenance of the security program.

application gateway, application-level firewall or application firewall

The ________, also known as an ____________ or ________, is frequently installed on a dedicated computer, separate from the filtering router, but is commonly used in conjunction with a filtering router.

packet-filtering firewall

The ________, also simply called a filtering firewall, examines the header information of data packets that come into a network. __________s examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.

accept control strategy

The __________ is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation

incident response (IR) plan

The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the _________ an _______ addresses the identification, classification, response, and recovery from an incident.

subnet firewall

The dominant architecture used today is the _________

business impact analysis (BIA)

The first phase in the development of the contigency planning process is the _______. A ______ is an investigation and assessment of the impact that various attacks can have on the organization.

IP source and destination address Direction (inbound or outbound) Protocol (for firewalls capable of examining the IP protocol layer) Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source and destination port requests (for firewalls capable of examing the TCP/UPD layer

The restrictions most commonly implemented in packet-filtering, firewalls are based on a combination of the following:

security framework

The security bluprint is a detailed version of the ______, which is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.

ISO/IEC 27002

The stated purpose of ________ is to "give recommendations for information security managment for use by those who are responsible for initiating, implementating or maintaining security in their organization.

TACACS, Extended TACACS, and TACACS+

There are three versions of TACACS:

Network-based IDPs

_______ look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.

Mac layer firewalls

While not as well known or widely referenced as the firewall approaches above, _________ are designed to operate at the media access control sublayer of the data link layer (Layer 2) of the OSI Network model.

security domains

Within security perimeters the organization can establish ______, or areas of trust within which users can freely communicate.

SysSP

___ often function as standards or procedures to be used when configuring or maintaining systems. For example a ____ might describe the configuration and operation of a network firewall.

ISA

_____ can use the Point-to-Point Tunneling Protocol (PPTP), L2TP, or IPSec technologies.

Media access control (MAC) addresses

______ are sometimes called electronic serial numbers or hardware addresses.

Host-based IDPs

______ are usually installed on the machines they protect to monitor the status of various files stored on those machines.

Kerberos

______ uses symmetric key encryption to validate an individual user to various network resources.

Operational controls

_______ address personnel security, physical security, and the protection of production inputs and outputs.

SESAME

_______ is similar to Kerberos in that the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server (instead of a ticket granting service as in Kerberos) as proof of identity to gain a privilege attribute certificate (PAC)

Risk assessment

_______ is the determination of the extent to which the organization's information assets are exposed or at risk.

Risk identification

_______ is the examination and documentation of the security posture of an organization's information technology and the risks it faces.

Access control lists (ACLs)

____________ consist of the user access lists, matricies, and capability tables that govern the rights and privileges of users. ___ can control access to file storage systems, software components, or network communications devices.

RADIUS and TACACS

______________ are systems that authenticate the credentials of users who are trying to access an organization's network via a dial up connection.

Disaster Recovery (DR) Plan

______________ usually include all preparations for the recovery process, strategies to limit losses and during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.

Stateful inspection firewalls, also called stateful firewalls

______________, keep track of each network connection between internal and external systems using a state table.

firewall

a ____ is a device that selectively discriminates against information flowing into or out of an organization. A ________ is usually a computing device or a specially configured computer that allows or prevents access to a defined area based on a set of rules. _________ are usually placed on the security perimeter, just behind or as part of a gateway router.

cold site

a _____ provides only rudimentary services and facilities. No computer hardware or peripherals are provided. All communications services must be installed after the site is occupied. Basically it is an empty room with heating, air conditioning, and electricity.

demilitarized zone (DMZ)

a buffer against outside attacks is frequently referred to as a __________. It is a no-man's-land between the inside and outside networks; it is also where some organizations place Web servers. These servers provide access to organizational Web pages, without allowing Web requests to enter the interior networks.

dumpster diving

a practice in which individuals search trash and recycling bins to retrieve information that could embarrass a company or compromise information security.

field change order (FCO)

an authorization issued by an organization for the repair, modification, or update of a piece of equipment.

VPN

defines a _____ as "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.

Competitive disadvantage

falling behind the competition-has emerged. Effective IT-enabled organizations quickly absorb emerging technologies now, not to gain or maintain competitive advantage, but to avoid loss of market share resulting from an inability to maintain the highly responsive services required in today's marketplace.

Generally Accepted Principles and Practices for Securing Information Technology Systems

provides best practices and security principles that can direct the security team in the development of a security blueprint.

management of classified data includes

storage, distribution, portability, and destruction

vision

the ____ of an organization is a written statement about the organization's goals.

mission

the ____ of an organization is a written statement of an organization's purpose.

the spheres of security

the foundation of the security framework. Generally speaking, ______ illustrate how information is under attack from a variety of sources.