CISSP all ISC2 chapters combined
what is covered under administrative physical security controls
1. facility construction and selection 2. site management 3. personnel controls 4. awareness training 5. emergency response and procedures
What is covered under physical security controls?
1. fencing 2. lighting 3. locks 4. construction materials 5. mantraps 6. dogs 7. guards
What are the four main propagation techniques used by viruses?
1. file infection 2. service injection 3. boot sector infection 4. micro infection
What are three main threat modeling approaches?
1. focused on assets - users asst valuation results and attempts to identify threats to the valuable assets 2. focused on attackers - some organizations identify potential attackers and identify the threats they represent based on the attackers goals 3. focused on software - if an organization develops software, it can consider potential threats against the software.
What are the three definitions of accreditation's that are outlined in the NIACAP process?
1. for a system accreditation, a major application or general support system is evaluated 2. for a site accreditation, the applications and systems at a specific, self-contained location are evaluated 3. for a type accreditation, an application or system that is distributed to a number of locations is evaluated
What are some security features of PEDs (portable electronic devices) ?
1. full device encryption 2. remote wiping 3. lockout 4. screen locks 5. GPS 6. Application control 7. storage segmentation 8. asset tracking 9. inventory control 10. mobile device management 11. device access control 12. removable storage 13. disabling of unused features
What are the four steps of phases that Fuzzy logic uses in an expert system?
1. fuzzification 2. inference 3. composition 4. defuzzification
What are two aspects of any intrusion detection and alarm system that can cause it to fail?
1. how it gets its power 2. how it communicates
What are the four overall steps involved in access control?
1. identify and authenticate users or other subjects attempting to access resources. 2. Determine whether the access is authorized 3. Grant or restrict access based on the subject's identity 4. monitor and record access attempts
What are three early key steps in a risk management process?
1. identifying assets 2. identifying threats 3. identifying vulnerabilites
What are the four primary stages of a fire?
1. incipient - only air ionization, no smoke 2. smoke - smoke is visible from the point of ignition 3. flame - flame can be seen with naked eye 4. heat - fire is considerably further down the timescale to where there is an intense heat build up.
What are the six main products that ISO issues?
1. international standards 2. technical reports 3. technical specifications 4. publicly available specifications 5. Technical Corrigenda 6. Guides
What are 4 critiques of the Biba model?
1. it addresses only integrity, not C,A 2. it focuses on protecting objects from external threats; it assumes internal threats are handled programmatically 3. it does not address access control management, and it doesn't provide a way to assign or change an objects or subjects classification level. 4. It doesn't prevent covert channels
What are some application and function security concepts for mobile devices?
1. key management 2. credential management 3. authentication 4. geotagging 5. encryption 6. application white-listing 7. transitive trust./authentication
What are two types of encryption techniques used to protect data traveling over networks?
1. link encryption 2. End-to-end encryption
What are the two sublayers of layer 2 (data link layer)?
1. logical link control (LLC) sublayer 2. MAC sublayer
What are the three categories of IT loss?
1. loss of confidentiality 2. loss of availability 3. loss of integrity
list the 6 generally classified computer crimes
1. military and intelligence attacks 2. business attacks 3. financial attacks 4. terrorist attacks 5. grudge attacks 6. thrill attacks
What are the terms used to describe the various computer mechanisms that allow multiple simultaneous activities?
1. multitasking, 2. multiprocessing, 3. multiprogramming, 4. multithreading, and 5. multistate processing.
What are some network hardware devices that function at layer 1 (the physical layer)
1. network interface cards (NIC's) 2. HUBS 3. Repeaters 4. concentrators 5. amplifiers
What are some techniques used to secure embedded and static systems?
1. network segmentation 2. security layers 3. application firewalls 4. manual updates 5. firmware version control 6. wrappers 7. control redundancy and diversity
What are 5 things that UDP does not offer?
1. no error detection or correction 2. does not use sequencing 3. does not use flow control mechanisms 4. does not use a preestablished session 5. considered unreliable
What are the four rating levels in the Red book in the rainbow series?
1. none 2. C1 (minimum) 3. C2 (fair) 4. B2 (Good)
What are the three main methods used to exchange secret symmetric keys securely?
1. offline distribution - hand a piece of paper to someone with they key 2. public key encryption - usually used to set up initial communications link 3. Diffie-Hellman key exchange algorithm
What three integrity issues was Biba designed to address?
1. prevent modification of objects by unauthorized subjects 2. prevent unauthorized modification of objects by authorized subjects. 3. protect internal and external object consistency
What are the three primary control types of access control?
1. preventive 2. detective 3. corrective
Name the three pairs of aspects or features used to describe storage
1. primary VS secondary 2. volatile VS nonvolatile 3. random VS sequential
What are the common threats to physical access controls?
1. propping open secured doors 2. bypassing locks or access controls 3. masquerading 4. piggybacking
What are the three responsibilities of the identity and access provisioning life cycle?
1. provisioning, account review, and account revocation
What are the three types of evidence that can be used in a court of law?
1. real evidence - aka object evidence - physical objects, murder weapon, computer equipment, DNA 2. documentary evidence - example would be a computer log that was collected, a sysadmin would have to testify how the log was collected ** 2.A. best evidence rule - when a document is used as evidence in a court proceeding, the original document must be introduced. ** 2.B. parol evidence rule - when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the sgreement and no verbal agreements may modify the written agreement 3. testimonial evidence - testimony of a witness
What are three key actions you should take during the restoration phase of incident recovery and remediation?
1. rebuild compromised systems, taking care to remediate any security vulnerabilities that may have contributed to the incident 2. Restore backup data, if necessary, to replace data of questionable integrity 3. supplement existing security controls, if necessary, to fill gaps identified during the incident analysis
What are the three main security issues surrounding secondary storage devices.
1. removable media can be used to steal data. 2. access controls and encryption must be applied to protect data. 3. data can remain on the media even after file deletion or media formatting
What are the four basic toplogies of the physical layout of a network?
1. ring 2. bus 3. star 4. mesh
List the four general categories of security incidents
1. scanning 2. compromises 3. malicious code 4. Denial of service
What are 3 new features of IPv6?
1. scoped addresses 2. autoconfiguration 3. Quality of Service (QOS) priority values
list the 5 unacceptable and unethical things RFC 1087 documents that you should not do
1. seeks to gain unauthorized access to the resources of the internet 2. disrupts the intended use of the internet 3. wastes resources (people, capacity, computer) through such actions 4. destroys the integrity of computer-based information 5. compromises the privacy of users
What is the message sent into the OSI protocol stack at the transport layer (layer 4) called?
1. segment (TCP protocols) or 2. a datagram (UDP protocols)
Name some vulnerabilities found in distributed architectures
1. sensitive data found on desktops/terminals/notebooks 2. lack of security understanding among users 3. greater risk of physical component theft 4. compromise of a client leading to the compromise of the whole network 5. greater risk from malware because of user-installed software 6. removable media
What are some of the protocols found within the data link layer of the OSI model (layer 2)?
1. serial line internet protocol (SLIP) 2. Point-to-Point protocol (PPP) 3. address resolution protocol (ARP) 4. Reverse address resolution protocol (RARP) 5. Layer 2 forwarding (L2F) 6. Layer 2 Tunneling protocol (L2TP) 7. Point-to-Point tunneling protocol (PPTP) 8. integrated services digital network (ISDN)
What are the four main types of remote access techniques?
1. service specific - give users the ability to remotely connect to and manipulate or interact with a single service such as e-mail 2. Remote control - grants a remote user the ability to fully control another system that is physically distant from them. The monitor and keyboard act as if they are directly connected to the remote system 3. screen scraper/scraping - --3.A - remote control, remote access, or remote desktop services (Virtual applications or virtual desktops) -- 3.B - allow an automated tool to interact with a human interface 4. Remote node operation - just another name of dial up connectivity
What are the three commonly recognized firewall deployment architectures?
1. single tier 2. two tier 3. three tier (also known as multi tier)
What is the purpose of firmware?
1. software stored on a ROM chip 2. It contains the basic instructions needed to start a computer 3. also used to provide operating instructions in peripheral devices such as printers
What are the four sections of the UDP header?
1. source port 2. destination port 3. message length 4. checksum
Name at least seven security models
1. state machine 2. information flow 3. noninterference 4. Take-Grant 5. access control matrix, 6. Bell-LaPadula, 7. Biba, 8. Clark-Wilson, 9. Brewer and Nash (aka Chinese Wall), 10. Goguen-Meseguer, 11. Sutherland 12. Graham-Denning.
What are the four basic types of firewalls?
1. static packet-filtering 2. application-level gateway firewalls 3. circuit-level gateway firewalls 4. stateful inspection firewalls
What are three commonly used tape rotation strategies for backups?
1. the Grandfather-Father-Son (GFS) strategy 2. the Tower of Hanoi strategy 3. the six cartridge weekly backup strategy
What data is contained in the physical layer (layer 1) of the OSI model?
1. the device drivers that tell the protocol how to employ the hardware for the transmission and reception of bits. 2. electrical specifications, protocols, and interface standards such as the following: -- EIA/TIA-232 and EIA/TIA-449 -- x.21 -- High Speed serial interface (HSSI) -- Synchronous Optical Network (SONET) -- V.24 and V.35
What are the three basic requirements for evidence to be introduced into a court of law to be considered admissible?
1. the evidence must be *relevant* to determining a fact 2. the fact that the evidence seeks to determine must be *material* (that is, related) to the case 3. the evidence must be *competent*, meaning it must have been obtained legally. Evidence that results from an illegal search would be inadmissible because it is not competent.
List the five steps of how Carrier-sense multiple access with collision detection (CSMA/CD) performs communications
1. the host listens to the LAN media to determine whether it is in use 2. if the lan media is not being used, the host transmits its communication 3. while transmitting, the host listens for collisions (in other words, two or more hosts transmitting simultaneously) 4. if a collision is detected, the host transmits a jam signal 5. if a jam signal is received, all hosts stop transmitting. Each host waits a random period of time and then starts over at step 1.
What are the five basic requirements for a cryptographic hash function?
1. the input can be any length 2. The output has a fixed length 3. relatively easy to compute for any input 4. one-way (meaning that it is extremely hard to determine the input when provided with the output) 5. collision free ( meaning that it is extremely hard to find two messages that produce the same hash value.
What are the two main components of every expert system?
1. the knowledge base - contains the rules known by an expert system. 2. the inference engine - analyzes information in the knowledge base to arrive at the appropriate decision. Expert systems consist of two main components: a knowledge base that contains a series of "if/ then" rules and an inference engine that uses that information to draw conclusions about other data.
What are three benefits of using Applets to both the remote server and the end user
1. the processing burden is shifted to the client, freeing up resources on the web server 2. The client is able to produce data using local resources rather than waiting for a response from the remote server. 3. in a properly programmed applet, the web server does not receive any data provided to the applet as input. This maintains security and privacy of the users data
What are the three steps that occur when a user authenticates with a hashed password?
1. the user enters credentials such as a username and password 2. The user's system hashes the password and sends the hash to the authenticating system 3. the authenticating system compares this hash to the hash stored in the password db file. If it matches, it indicates the user entered the correct password.
How do you design and configure secure work areas?
1. there should not be equal access to all locations withing a facility 2. areas that contain assets of higher value or importance should have restricted access. 3. Valuable and confidential assets shuold be located in the heart or center of protection provided by a facility 4. Centralized server or computer rooms need not be human compatible
What are four guidelines when seeking optimal antenna placement?
1. use a central location 2. avoid solid physical obstructions 3. avoid reflective or other flat metal surfaces 4. avoid electrical equipmnet
What are the steps of establishing a SSL connection?
1. users access a website, the browser retrieves the web servers cert and extracts the servers public key from it 2. The browser then creates a random symmetric key, uses the servers public key to encrypt it, and then sends the encrypted symmetric key to the server. 3. The server then decrypts the symmetric key using its own private key, and the two systems exchange all future messages using the symmetric encryption key
What are the three most common problems with twisted-pair cabling?
1. using the wrong category of twisted-pair cable for high-throughput networking 2. Deploying a twisted-pair cable longer than its maximum recommended length (in other words, 100 meters) 3. Using UTP in environments with significant interference
What are the 4 classes of TCSEC?
1. verified protection 2. mandatory protection 3. discretionary protection 4. minimal protection
What are the key elements in making a site selection and designing a facility for construction?
1. visibility 2. composition of the surrounding area 3. area visibility 4. the effects of natural disasters 5. understand the level of security needed by your organization and planning for it before construction begins
What are three basic methods to protect against eavesdropping and data theft?
1. you must maintain physical access control over all electronic equipment. 2. where physical access or proximity is still possible for unauthorized personnel, you must use shielded devices and media. 3. always transmit any sensitive data using secure encryption protocols.
what is the max speed, max distance, difficulty of installation and level of susceptible to EMI for 10base2
10 mbps, 185 meters, medium, medium
what is the speed of a Cable modem or cable routers?
10+ Mbps
What fire temperature can start damaging storage tapes?
100 Degrees F
What is the maximum run length for common copper-based twisted-pair cabling?
100 meters
How much throughput can 10 Gigabit Ethernet support?
10000 Mbps (10Gbps)
How much throughput can Gigabit Ethernet support?
1000Mbps (1GBs)
How much throughput can fast Ethernet support?
100Mbps
what is the max speed, max distance, difficulty of installation and level of susceptible to EMI for 100base-T/100base-TX cables
100mbs, 100 meters, low, high
What type of Ethernet speed does FCoE typically require to support the Fibre Channel protocol?
10GBS Ethernet
what is the max speed, max distance, difficulty of installation and level of susceptible to EMI for 10base-T (UTP)
10mbs, 100 meters, low, high
what is the max speed, max distance, difficulty of installation and level of susceptible to EMI for 10base5?
10mbs, 500 meters, high, low
What is the speed and frequency of 802.11b
11 mbps - 2.4 GHZ
What port is used for POP3?
1110
What port is used for NTP?
123
What addressing scheme does IPv5 use?
128 bits
What port is used for SQL server?
1433
What port is used for Oracle?
1521
what is the max speed, max distance, difficulty of installation and level of susceptible to EMI for STP cables
155mbs, 100 meters, medium, medium
How many hosts does a full class A subnet support?
16,777,214 hosts
What is the IP header protocol field value for UDP?
17 (0X11)
What port is used for H.323?
1720
What port is used for PPTP?
1723
What fire temperature can damage computer hardware? (CPU and RAM)
175 degrees F
What is the maximum distance and throughput of a thinnet coaxial cable?
185 meters and up to 10 mmbps (megabits per second)
what is the max speed, max distance, difficulty of installation and level of susceptible to EMI for 1000base-T cables?
1GBPS, 100 meters, low, high
What OS uses ports 1024 through 4999 by default?
(BSD) Berkeley software distribution
What is the IP header protocol field value for IGMP?
2 (0x02)
What is the de facto standard illumination distance for lighting used for perimeter protection?
2 candle feet
What is the speed and frequency of 802.11
2 mbps - 2.4 GHZ
what is the max speed, max distance, difficulty of installation and level of susceptible to EMI for Fiber-optic cables?
2+GBPS, 2+ kilometers, very high, none
How long (in bytes) is a TCP header?
20 to 60 bytes long
What is the speed and frequency of 802.11n
200+ mbps - 2.4 GHZ or 5 GHZ
What port is used for FTP?
21
What port is used for SSH?
22
What port is used for Telnet
23
What port is used for SMTP?
25
How many hosts does a full Class C subnet support?
254 hosts
What is a interrupt conflict?
3 things: a well-known pathology. occurs when two or more devices are assigned the same IRQ number best recognized by an inability to access all affected devices
What addressing scheme does IPv4 use?
32-bit
What port is used for RDP?
3389
What fire temperature can cause damage to paper products?
350 degrees (through warping and discoloration)
What is the frequency range of radio waves?
3hz and 300GHz
What are the eight primary protection rules or actions that define the the boundaries of certain secure actions in the Graham-Denning Model?
4 -> Securely create and delete an object and subject 4-> Securely provide the read, grant, delete, and transfer access right
What humidity level should be maintained in a server room?
40 to 60 percent
What key size is deployed with SSL?
40-bit or 128 bit key
What port is used for HTTPS?
443
What is the maximum distance and throughput of a thicknet coaxial cable?
500 meters and 10 mbps (megabits per second)
What port is used for DNS?
53
What is the speed and frequency of 802.11g
54 mbps - 2.4 GHZ
What is the speed and frequency of 802.11a
54 mbps - 5 GHZ
What is the key size used for DES encryption?
56 bits - the spec calls for 64 bits but only 56 are key info. the other 8 contains parity information
What is the IP header protocol field value for TCP?
6 (0X06)
What temperature should rooms intended to primarily house computers be?
60 to 75 degrees Fahrenheit (15 to 23 degrees Celsius)
How many hosts does a full class B subnet support?
65,534 hosts
How many phases are invloved in the Waterfall software development?
7
How long is a UDP header?
8 bytes (64 bits) long
What port is used for HTTP?
80
What is the standard for wireless network communications?
802.11 is the IEEE standard
What is an enterprise wireless authentication standard that is a port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place?
802.1X/EAP
What critical components should be included in your business continuity training plan?
? Come back to this ?
What is EUI-48 (extended unique identifier)?
A MAC addressing method that uses 48 bits.
What is an open SMTP relay?
A SMTP server that does not authenticate senders before accepting and relaying mail.
What is infrastructure as a service? (IaaS)
A cloud computing concept that can provide not just on‐demand operating solutions but complete outsourcing of IT infrastructure
What can be a stand-alone hardware device or a software service for translating protocols?
A gateway
What is a hierarchical data model?
A hierarchiaical data model combines records and fields that are related in a logical tree structures (think of an org chart) - one to many
What is HSSI (High Speed Serial Interface)
A layer 1 protocol used to connect routers and multiplexers to ATM or Frame Relay connection devices
What is elliptic curve cryptography? (ECC)
A new branch of public key cryptography that offers similar security to established public key cryptosystems at reduced key sizes
What is a system call?
A process by which an object in a less‐trusted protection ring requests access to resources or functionality by objects in more trusted protection rings.
What is known as misuse case testing or abuse case testing?
A process used by software testers to evaluate the vulnerability of their software to known risks. Testers first enumerate the known misuse cases and then attempt to exploit those use cases with manual and/or automated attack techniques. Aka abuse case testing
What must be deployed to prevent abuse, masquerading, and piggybacking in physical security?
A security guard or other monitoring systems
What is the Brewer and Nash Model (AKA Chinese Wall)
A security model designed to permit access controls to change dynamically based on a user's previous activity (making it a kind of state machine model as well)
What is the Graham-Denning Model?
A security model focused on the secure creation and deletion of both subjects and objects.
what is a memory page (or paging)
A single chunk of memory that can be moved to and from RAM and the paging file on a hard drive as part of a virtual memory system.
What is a time slice?
A single chunk or division of processing time.
What is a critical path analysis?
A systematic effort to identify relationships between mission‐critical applications, processes, and operations and all of the necessary supporting elements.
What is a buffer overflow attack?
A vulnerability that can cause a system to crash or allow the user to execute shell commands and gain access to the system. -- Buffer overflow vulnerabilities are especially prevalent in code developed rapidly for the Web using CGI or other languages that allow unskilled programmers to quickly create interactive web pages.
What encryption scheme is WPA2 based on?
AES
What encryption standard and bit key size does CCMP use ?
AES - 128 bit key
What symmetric encryption algorithms does S/MIME support?
AES and 3DES
What is a cipher?
ALWAYS meant to hide the true meaning of a message
What are administrative access controls?
Administrative access controls are the polices and procedures defined by an organizations security policy and other regulations or requirements.
What is ICMP?
(Internet control message protocol.) - Used to determine the health of a network or a specific link.
What is the PSH TCP header flag field bit designator used for?
(Push) Indicates need to push data immediately to application
What does ITSEC refer to any system being evaluated as?
(TOE) target of evaluation
What is the URG TCP header flag field bit designator used for?
(Urgent) indicates urgent data
What is the ACK TCP header flag field bit designator used for?
(acknowledgement) acknowledges synchronization or shutdown request
What is the CWR TCP header flag field bit designator used for?
(congestion Window Reduced) - used to manage transmission over congested links; see RFC 3168
What is secondary memory?
(hard drives, floppies, CD, DVDS) magnetic, optical, or flash based media or other storage devices that contain data not immediately available to the CPU.
What is the running state of system processing?
(problem state) The running process executes on the CPU and keeps going until: 1. it finishes 2. its time slice expires, 3. it is blocked for some reason (usually because it has generated an interrupt for access to a device or the network and it waiting for that interrupt to be serviced)
What is a software escrow arrangement?
(think of Jacada) - a unique tool used to protect a company against the failure of a software developer to provide adequate support for its products or against the possibility that the developer will go our of business.
What is virtual memory?
(think of the pagefile) a special type of secondary memory that the OS manages to make look and act like real memory
What are the key rights guaranteed to individuals under the European Unions directive on data privacy?
* Right to access the data * right to know the data's source * Right to correct inaccurate data * Right to withhold consent to process data in some situations * Right of legal action should these rights be violated
Explain the basic provisions of the major laws designed to protect society against computer crime
** CFAA ** The Computer Fraud and Abuse Act (as amended) protects computers used by the government or in interstate commerce from a variety of abuses. ** CSA ** The Computer Security Act outlines steps the government must take to protect its own systems from attack. ** GISRA ** The Government Information Security Reform Act further develops the federal government information security program.
What does CCMP stand for?
- "Counter mode" with "cipher block chaining" "message authentication code" protocol - created to replace WEP and TKIP/WPA - uses AES with a 128-bit key
What are the two types of SSID's?
- (ESSID) extended service set identifier - (BSSID) basic service set identifier
What protocols are used by e-mail clients to retrieve e-mail from their server-based inboxes
- (POP3) post office protocol version 3 - (IMAP) internet message access protocol
What is the throughput and notes for UTP category 7 (CAT 7) cables?
- 10 Gbps - Used on 10 gigabit-speed networks
What is the throughput and notes for UTP category 3 (CAT 3) cables?
- 10 mbps - primarily used in 10base-t Ethernet networks (offers only 4 mbps when used on token ring networks) and as telephone cables.
What are the Private IP addresses that are defined in RFC 1918?
- 10.0.0.0-10.255.255.255 (a full class A Range) - 172.16.0.0-172.31.255.255 (16 Class B ranges) - 192.168.0.0-192.168.255.255 (256 Class C ranges)
What is the throughput and notes for UTP category 5 (CAT 5) cables?
- 100 mbps - Used in 100Base-TX, FDDI, and ATM networks
What is the throughput and notes for UTP category 6 (CAT 6) cables?
- 1000 Mbps - used in high-speed networks
The Jones institue has six employees that uses a symmetric key encryption system to ensure confidentiality of communications. If each employee needs to communicate privately with every other employee, how many keys are necesssary? Question 58
- 15 - A separate key is required for each pair of users who want to communicate privately. In a group of six users, this would require a total of 15 secret keys.
What is the throughput and notes for UTP category 4 (CAT 4) cables?
- 16 mbps - Primarily used in Token Ring networks
How many asymmetric keys are necessary to allow any 2 people from a set of 10 to communicate privately with each other?
- 20 - Asymmetric cryptography requires 2*n keys to allow all parties to communicate.
What is the maximum key length supported by the advanced encryption standard's Rijndael encryption algorithm?
- 256 bits - The AES/Rijndael algorithm is capable of operating with 128-, 192-, or 256-bit keys. The algorithm uses a block size equal to the length of the key.
What is the throughput and notes for UTP category 2 (CAT 2) cables?
- 4 Mbps - not suitable for most networks - often employed for host-to-terminal connections on mainframes
What is the fixed-length cell size of ATM?
- 53 byte cells - The use of fixed-length cells allows ATM to be very efficient and offer high throughputs
What is the minimum size a packet can be to be used in a ping-of-death attack?
- 65,537 - The maximum allowed ping packet size is 65,536 bytes. To engage in a ping-of-death attack, an attacker must send a packet that exceeds this maximum. Therefore, the smallest packet that might result in a successful attack would be 65,537 bytes.
What are the most commonly used frequencies in wireless products?
- 900 MHz - 2.4 GHz - 5 GHZ
What is ATM (Asynchromous transfer mode)
- A cell‐switching technology rather than a packet‐ switching technology like Frame Relay. - ATM uses virtual circuits much like Frame Relay, but because it uses fixed‐size frames or cells, it can guarantee throughput. This makes ATM an excellent WAN technology for voice and videoconferencing.
What are SMDS? (switched multimegabit data service)
- A connectionless network communication service. - SMDS provides bandwidth on demand. - SMDS is a preferred connection mechanism for linking remote LANs that communicate infrequently
What are the differences between dedicated and non-dedicated lines?
- A dedicated line is always on and is reserved for a specific customer. - A nondedicated line requires a connection to be established before data transmission can occur. It can be used to connect with any remote system that uses the same type of nondedicated line.
What is extensible authentication protocol? (EAP)
- A framework for authentication instead of an actual protocol - EAP allows customized authentication security solutions, such as supporting smart cards, tokens, and biometrics
What is PPP (point-to-point protocol)
- A full‐duplex protocol used for the transmission of TCP/ IP packets over various non‐LAN connections, such as modems, ISDN, VPNs, Frame Relay, and so on. - PPP is widely supported and is the transport protocol of choice for dial‐up Internet connections.
What is SDLC? (Synchronous Data link control)
- A layer 2 protocol employed by networks with dedicated or leased lines. - SDLC was developed by IBM for remote communications with SNA systems. - SDLC is a bit‐oriented synchronous protocol
What is HDLC (High-level Data link control)
- A layer 2 protocol used to transmit data over synchronous communication lines. - HDLC is an ISO standard based on IBM's SDLC. - HDLC supports: 1. full‐duplex communications, 2. supports both point‐to‐point and multipoint connections, 3. offers flow control, and 4. includes error detection and correction
what is a registration authority? (RA)
- A read‐only version of a certificate authority -- able to distribute the CRL and perform certificate verification processes but is not able to create new certificates. -- used to share the workload of a CA.
What is Frame relay?
- A shared connection medium that uses packet‐switching technology to establish virtual circuits for customers. - Like x.25, frame relay is a packet-switching technology that also uses PVC's - supports multiple PVC's over a single WAN carrier service connection
What is password authentication protocol (PAP)?
- A standardized authentication protocol for PPP - PAP transmits usernames and passwords in the clear - Offers no form of encryption
What is VoIP?
- A technology that encapsulates audio into IP packets to support telephone calls over TCP/IP network connections
What is a (wireless) orthogonal frequency-division multiplexing (OFDM)
- A wireless technology that employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission - the modulated signals are perpendicular (orthogonal) and thus don't cause interference with each other.
What are the differences between an ACL and a capability table?
- ACLs are object focused and identify access granted to subjects for any specific object - Capability tables are subject focused and identify the objects that subjects can access
What is the IP range that APIPA assigns to each failed DHCP client request?
- APIPA assigns each failed DHCP client with an IP address form the range of 169.254.0.1-169.254.255.254 along with the default class B subnet mask of 255.255.0.0
What is End-to-end encryption
- An encryption algorithm that protects communications between two parties (in other words, a client and a server) and is performed independently of link encryption. - An example of this would be the use of Privacy Enhanced Mail (PEM) to pass a message between a sender and a receiver. This protects against an intruder who might be monitoring traffic on the secure side of an encrypted link or traffic sent over an unencrypted link.
What is the difference between an event and an incident?
- An event is any occurrence that takes place during a certain period of time. - Incidents are events that have negative outcomes affecting the confidentiality, integrity, or availability of your data.
What is x.25 WAN?
- An older WAN protocol that uses carrier switching to provide end‐to‐end connections over a shared network medium.
Describe the relationship between auditing and audit trails
- Auditing is a methodical examination or review of an environment and encompasses a wide variety of activities to ensure compliance with regulations and to detect abnormalities, unauthorized occurrences, or outright crimes. - Audit trails provide the data that supports such examination or review and essentially are what make auditing and subsequent detection of attacks and misbehavior possible.
What is IPSec's two primary components or functions?
- Authentication header (AH) - Encapsulating Security Payload (ESP)
What are the two standard classes, or formats of ISDN service?
- Basic Rate interface (BRI) - offers customers a connection with two B channels and one D channel. - Primary Rate interface (PRI) - offers consumers a connection with multiple 64 Kbps B channels (2 to 23 of them) and a single 64 Kbps D channel
What DES mode uses the exclusive OR function to combine each block of unencrypted text with the immediately preceding cipher-text block?
- CBC - in Cipher Block Chaining (CBC) mode, each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.
Name the LAN shared media access technologies and examples of their use, if known
- CSMA - CSMA/CA - used by 802.11 and appletalk - CSMA/CD - used by Ethernet - Token passing - used by token ring and FDDI/CDDI - polling - used by SDLC, HDLC, and some mainframe systems
What are the main differences between circuit switching and packet switching?
- Circuit switching is usually associated with physical connections. The link itself is physically established and then dismantled for the communication. Circuit switching offers known fixed delays, supports constant traffic, is connection oriented, is sensitive only to the loss of the connection rather than the communication, and was most often used for voice transmissions. - Packet switching is usually associated with logical connections because the link is just a logically defined path among possible paths. Within a packet-switching system, each system or link can be employed simultaneously by other circuits. Packet switching divides the communication into segments, and each segment traverses the circuit to the destination. Packet switching has variable delays because each segment could take a unique path, is usually employed for bursty traffic, is not physically connection oriented but often uses virtual circuits, is sensitive to the loss of data, and is used for any form of communication.
What is L2F?
- Cisco developed its own VPN protocol called layer 2 forwarding - is a mutual authentication tunneling mechanism - does not offer encryption
What is a DR cold site?
- Cold sites are standby facilities large enough to handle the processing load of an organization and equipped with appropriate electrical and environmental. - a cold site has no computing facilities (hardware or software) preinstalled and also has no active broadband communications links
Describe Discretionary access controls (DAC)
- DAC allows the owner, creator, or data custodian of an object to control and define access to that object. - its implemented using access control lists (ACLS) on objects.
What uses mathematical algorithms to analyze data, developing models that may be used to predict future activity?
- Data mining - Data mining uses mathematical approaches to analyze data, searching for patterns that predict future activity.
What is the default subnet mask and CIDR equivalent for a class A subnet?
- Default subnet mask - 255.0.0.0 - CIDR Equivalent - /8
What is the default subnet mask and CIDR equivalent for a class B subnet?
- Default subnet mask - 255.255.0.0 - CIDR Equivalent - /16
What is the default subnet mask and CIDR equivalent for a class C subnet?
- Default subnet mask - 255.255.255.0 - CIDR Equivalent - /24
What steps can be taken to secure Direct inward system access (DISA)?
- Disable all features that are not required by the organization - Craft user codes/passwords that are complex and difficult to guess - Turn on auditing to keep watch on PBX activities
What type of evidence refers to written documents that are brought into court to prove a fact?
- Documentary evidence - written documents brought into court to prove the facts of a case are referred to as documentary evidence.
How is each phase of the development cycle controlled within the A1 (verified protection) system of TCSEC?
- Each phase of the development cycle is controlled using formal methods. -- Each phase of the design is documented, evaluated, and verified before the next step is taken.
What are some examples of dedicated and non dedicated lines?
- Examples of dedicated lines include T1, T3, E1, E3, and cable modems. - Standard modems, DSL, and ISDN are examples of nondedicated lines.
What law protects the privacy rights of students?
- FERPA - The family educational rights and privacy act (FERPA) protects the rights of students and the parents of minor students.
What are the three main concerns business have when considering adopting a mutual assistance agreement.
- First, the nature of an MAA often necessitates that the businesses be located in close geographical proximity. However, this requirement also increases the risk that the two businesses will fall victim to the same threat. - Second, MAAs are difficult to enforce in the middle of a crisis. If one of the organizations is affected by a disaster and the other isn't, the organization not affected could back out at the last minute, leaving the other organization out of luck. - Finally, confidentiality concerns (both legal and business related) often prevent businesses from trusting others with their sensitive operational data.
list and explain the three basic alternatives for confiscating evidence and when each one is appropriate
- First, the person who owns the evidence could voluntarily surrender it. - Second, a subpoena could be used to compel the subject to surrender the evidence. - Third, a search warrant is most useful when you need to confiscate evidence without giving the subject an opportunity to alter it.
What are fraggle attacks?
- Fraggle attacks are similar to smurk attacks. However instead of using ICMP, a fraggle attack uses UDP packets over UDP ports 7 and 19. - the fraggle attack will broadcast a UDP packet using the spoofed IP address of the victim. all systems on the network will then send trafic to the victim, just as with a smurf attack.
What is the problem with halon-based fire suppression technology?
- Halon degrades into toxic gases at 900 degrees Fahrenheit - not environmentally friendly (ozone depleting substance)
What type of attack occurs when malicious users position themselves betwen a client and server and then interrupt the session and take it over?
- Hijack - in a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is positioned between a client and server and then interrupts the session and takes it over.
Describe the primary types of intrusion detection systems
- Host or network based based on the detection methods (knowledge based or behavior based) and based on their response (passive or active) - knowledge based - uses a database of known attacks to detect intructions - behavior based ids starts with a baseline of normal activity and measures network activity against the baseline to identify abnormal activity
What protocol is utilized by attackers launching a smurf attack against a network?
- ICMP - The smurf attack depends on ping packets, which are implemented by the internet control message protocol (ICMP)
What should all multihomed firewalls have turned off?
- IP forwarding - this will force the filtering rules to control all traffic rather than a software-supported shortcut between one interface and another.
What is IPSec?
- IPSec is both a stand-alone VPN protocol and the security mechanism for L2TP. - it can be used only for IP traffic - IPSec works only on IP networks and provides for secured authentication as well as encrypted data transmission
Describe the differences between transport mode and tunnel mode of IPsec
- IPSec's transport mode is used for host-to-host links and encrypts only the payload, not the header. - IPSec's tunnel mode is used for host-to-LAN and LAN-to-LAN links and encrypts the entire original payload and header and then adds a link header.
What does Synchronous communications rely on to manage the transmission of data?
- IT relies on a timing or clocking mechanism based on either an independent clock or a time stamp embedded in the data stream. - Synchronous communications are typically able to support very high rates of data transfer
What is an ISA, interconnection security agreement?
- If two or more parties plan to transmit sensitive data, they can use an ISA to specify the technical requirements of the connection. - The ISA provides information on how the two parties establish, maintain, and disconnect the connection. It can also identify the minimum encryption methods used to secure the data.
What is the difference between packet switching and circuit switching?
- In circuit switching, a dedicated physical pathway is created between the two communicating parties. Packet switching occurs when the message or communication is broken up into small segments and sent across the intermediary networks to the destination. - Within packet-switching systems are two types of communication paths, or virtual circuits: permanent virtual circuits (PVCs) and switched virtual circuits (SVCs). Understand the
What is the difference between an interview and an interrogation?
- Interviews are conducted with the intention of gathering information from individuals to assist with your investigation. - Interrogations are conducted with the intent of gathering evidence from suspects to be used in a criminal prosecution.
How does an application-level gateway firewall (a proxy) filter traffic?
- It filters traffic based on the internet service (in other words the application) used to transmit or receive the data
What is the definition of a bastion host or a screened host?
- It is just a firewall system logically positioned between a private network and an untrusted network. - usually its located behind the router that connects the private network to the untrusted network.
What is the US law known as the Communications Assistance for Law Enforcement Act (CALEA)?
- It mandates that all telcos, regardless of the technologies involved, must make it possible to wiretap voice and data communications when a search warrant is presented - a Telco cannot provide customers with true end-to-end encryption
How does CHAP perform authentication?
- It performs authentication using a challenge-response dialogue that cannot be replayed. - It also periodically re-authenticates the remote system throughout an established communication session to verify a persistent identity of the remote client.
What is a Fiber Distributed Data interface (FDDI)?
- It's a high-speed token-passing technology that employs two rings with traffic flowing in opposite directions
What is a nondedicated line?
- Its a line that requires a connection to be established before data transmission can occur - Standard modems, DSL, and ISDN are examples of non dedicated lines
What is PPTP (Point-to-point tunneling protocol)?
- Its an encapsulation protocol developed from eh dial-up point-to-point protocol - PPTP creates a point-to-point tunnel between two systems and encapsulates PPP packets
What are three vulnerabilities of Peer-to-peer based IM?
- Its difficult to manage from a corporate perspective because its generally insecure - It has numerous vulnerabilities: packet sniffing - It lacks true native security capabilities - Provides no protection for privacy
What is the definition of identification?
- Its the process of a subject claiming, or professing, an identity.
What was L2F replaced by?
- L2TP -
What encryption algorithms does MOSS employ to provide authentication and encryption services?
- MD2 and MD5 algorithms - RSA (Rivest, Shamir, and Adelman) public key, - DES (data encryption standard)
what is a MOU? Memoradum of understanding
- MOU's document the intention of two entities to work together toward a common goal. - Although an MOU is similar to an SLA, it is less formal and doesn't include any monetary penalties if one of the parties doesn't meet its responsibilities.
What authentication protocols does PPTP offer?
- MS-CHAP microsoft challenge handshake authentication protocol - (CHAP) Challenge handshake authentication protocol - (PAP) password authentication protocol - (EAP) Extensible authentication procotol - (SPAP) Shiva Password authentication protocol
What are the two main differences between multiprogramming and multitasking?
- Multiprogramming usually takes place on large scale systems (Mainframes), whereas multitasking takes place on PC OS's (Windows, Linux) - Multitasking is coordinated by the OS, Multiprogramming requires software to coordinate its own activities and execution.
What are the two main categories of fuzz testing?
- Mutation (Dumb) Fuzzing - takes previous input values from actual operation of the software and manipulates (or mutates) it to create fuzzed input. - Generational (intelligent) fuzzing - Develops data models and creates new fuzzed input based on an understanding of the types of data used by the program
Define the difference between need to know and principle of least privilege
- Need to know focuses on permissions and the ability to access information, whereas the principle of least privilege focuses on privileges. - Privileges include both rights and permissions. Both limit the access of users and subjects to only what they need. Following these principles prevents and limits the scope of security incidents.
What is NAC?
- Network access control - a concept of controlling access to an environment through strict adherence to and implementation of security policy
How do Neural networks work?
- Neural networks simulate the functioning of the human mind to a limited extent by arranging a series of layered calculations to solve problems. - Neural networks require extensive training on a particular problem before they are able to offer solutions.
What are two newer examples of SSO used on the internet?
- OATH (open authentication) - an open standard designed to work with HTTP and it allows users to log on with one account. (think of accessing facebook or other sites with your google account) - OpenID - open standard, maintained by the OpenID foundation rather than as an IETF RFC standard. (can be used in conjunction with OAuth or on its own)
What is Challenge Handshake authentication protocol? (CHAP)
- One of the authentication protocols used over PPP links - CHAP encrypts username and passwords
What is used to secure communications over 802.11 wireless connections?
- PEAP - PEAP can be employed by Wi-Fi protect access (WPA) and WPA-2 connections
What protocol is preferred over Cisco's proprietary EAP (known as LEAP -lightweight extensible authentication protocol LEAP)?
- PEAP - LEAP is crackable using a variety of tools and techniques, including the exploit tool Asleap
How does Protected Extensible Authentication Protocol (PEAP) work?
- PEAP encapsulates EAP in a TLS tunnel. - PEAP is preferred to EAP because EAP assumes that the channel is already protected but PEAP imposes it's own security
Which electronic mail security program is based on building a web of trust?
- PGP - Phil Zimmerman's pretty good privacy (PGP) package relies on the construction of a web of truyst between system users.
What are programmable logic controllers (PLC's)?
- PLC units are effectively single-purpose or focused-purpose digital computers. - typically deployed for the management and automation of various industrial electro-mechanical operations. (controlling systems on an assembly line, large scale digital light displays such as giant display systems in stadiums or on a las vegas strip marquee)
What communication services does PPP include?
- PPP includes a wide range of communication services, including assignment and management of IP addresses, management of synchronous communications, standardized encapsulation, multiplexing, link configuration, link quality testing, error detection, and feature or option negotiation (such as compression).
What authentication was PPP originally designed to support?
- PPP was originally designed to support CHAP and PAP for authentication. However, recent versions of PPP also support MS-CHAP, EAP, and SPAP.
What are the four common VPN protocols?
- PPTP - L2F - L2TP - and IPSec (PPTP and IPSec are limited for use on IP networks, whereas L2F and L2TP can be used to encapsulate any LAN protocol.)
How are PVC and SVC's different?
- PVC is like a two-way radio or walkie talkie. Whenever communication is needed, you press the button and start talking; the radio reopens the predefined frequency automatically (that is, the virtual circuit) - an SVC is more like a shortwave or HAM radio. You must tune the transmitter and receiver to a new frequency every time you want to communicate with someone.
What are physical access controls?
- Physical access controls are items you can physically touch - they include physical mechanisms deployed to prevent, monitor, or detect direct contract with systems or areas within a facility.
What is PGP?
- Pretty good privacy - a public-private key system that uses a variety of encryption algorithms to encrypt files and e-mail messages. - PGP is not a standard but rather an independently developed product that has wide internet grassroots support
On a much smaller scale, _______ is deployed to repair or restore capability, functionality, or resources following a violation of security policy.
- Recovery access control - Recovery access control is deployed to repair or restore resources, functions, and capabilites after a violation of security polices.
What process provides a framework for cost/benefit analysis related to proposed changes?
- Request control - The request control process provides an organized framework within which users can request modifications mangers can conduct cost/benefit analysis, and developers can prioritize tasks.
What are the 3 basic risk elements?
- Risk is the possibility or likelihood that a threat can exploit a vulnerability and cause damage to assets. -Asset valuation identifies the value of assets, threat modeling identifies threats against these assets, and vulnerability analysis identifies weaknesses in an organization's valuable assets. - Access aggregation is a type of attack that combines, or aggregates, nonsensitive information to learn sensitive information and is used in reconnaissance attacks.
what are several protocols, services, and solutions to add security to e-mail?
- S/MIME - MOSS - PEM - PGP
Which of the following is not an aggregate function in SQL A - MAX () B- SUM () C - SELECT () D - AVG ()
- SELECT () - SELECT () is not an an aggregate function but an SQL command. - MAX is an aggregate function that selects the maximum value from a set - SUM is an aggregate function that adds values together - AVG is an aggregate function that determines the mathematical average of a series of values.
List the three primary cloud-based service models and identify the level of maintenance provided by the cloud service provider in each of the models.
- SaaS -CSP provides the most maintenance - PaaS - CSP provides less maintenance - IaaS - CSP provdies the least maintenance
What does semantic integrity do in a DB?
- Semantic integrity ensures that user actions don't violate any structural rules. - it also checks that all stored data types are within valid domain ranges, ensures that only logical values exist, and confirms that the system complies with any and all uniqueness constraints.
Whare the most common SMTP servers for UNIX and Windows?
- Sendmail - UNIX - Exchange - Windows
An amplification network is used to wage a DoS attack in which kind of attack?
- Smurf attack - a smurf attack occurs when an amplifying server or network is used to flood a victim with useless data
What are some network hardware devices that function at layer 2 (data link layer)
- Switches and bridges. These devices support MAC-based traffic routing. - routers and bridge routers (brouters)
What TCP ports does Diameter use?
- TCP 3868 or stream control transmission protocol (SCTP) port 3868. - this provides better reliability than UDP used by RADIUS - also supports IPSec and TLS for encryption
Describe the difference between TCP SYN scanning and TCP connect scanning
- TCP SYN scanning sends a single packet to each scanned port with the SYN flag set. This indicates a request to open a new connection. If the scanner receives a response that has the SYN and ACK flags set, this indicates that the system is moving to the second phase in the three-way TCP handshake and that the port is open. - TCP SYN scanning is also known as "half-open" scanning. - TCP connect scanning opens a full connection to the remote system on the specified port. This scan type is used when the user running the scan does not have the necessary permissions to run a half-open scan.
- What conatains data terminal equipment/data circuit-termination equipment (DTE/DCE), which provides the actual connection point for the LAN's router (the DTE) and the WAN carrier network's switch (the DCE)
- The CSU/DSU - The CSU/DSU acts as a translator, a store-and-forward device, and a link conditioner
What are the differences between PPP and SLIP?
- The Point-to-Point Protocol (PPP) is an encapsulation protocol designed to support the transmission of IP traffic over dial-up or point-to-point links. - PPP replaced Serial Line Internet Protocol (SLIP). - SLIP offered no authentication, supported only half-duplex communications, had no error-detection capabilities, and required manual link establishment and teardown
What is transparency?
- The characteristic of a service, security control, or access mechanism that ensures that it is unseen by users. - Transparency is often a desirable feature for security controls. The more transparent a security mechanism is, the less likely a user will be able to circumvent it or even be aware that it exists.
How is the control plane and data plane used in a software defined network (SDN)?
- The control plane uses protocols to decide where to send traffic, and the data plane includes rules that decides whether traffic will be forwarded.
What are the two distinct components of SQL?
- The data definition language (DDL) - allows for the creation and modification of the database's structure (known as the schema) - Data manipulation language (DML) - allows users to interact with the data contained within that schema.
What is a distributed data model?
- The distributed data model has data stored in more than one database, but those databases are logically connected. - each field can have numerous children as well as numerous parents, thus, the data mapping relationship for distributed databases is many-to-many.
How should you report an incident?
- The first step is to establish a working relationship with the corporate and law enforcement personnel with whom you will work to resolve an incident. - When you do have a need to report an incident, gather as much descriptive information as possible and make your report in a timely manner.
What is the definition of attenuation
- The loss of signal strength and integrity on a cable because of the length of the cable
What is port isolation or private ports in VLANS?
- These are private VLANS that are configured to use a dedicated or reserved uplink port. - the members of a private VLAN or a port-isolated VLAN can interact only with each other and over the predetermined exit port or uplink port. (think of Hotel internet setups)
How does a companion virus work?
- These are self-contained executable files that escape detection by using a filename similar to, but slightly different from, a legitimate operating system file. - example you have program call game.exe and the virus creates game.com. When you go to run game, game.com runs instead of game.exe
What are smurf and fraggle attacks?
- They are both DoS attacks. - a smurf attack is anther type of flood attack, but it floods the victim with internet control message protocol (ICMP) echo packets instead of with TCP SYN packets. - in a smurf attack the attacker sends the echo request out as a broadcast to all systems on the network and spoofs the source IP address. All these systems respond with echo replies to the spoofed IP address, flooding the victim with traffic
What is the definition of Role-based access control?
- They define a subject's ability to access an object based on the subject's role or assigned tasks. - Role-based access control(Role-BAC) is often implemented using groups.
How do digital communications work?
- They occur through the use of a discontinuous electrical signal and a state change or on-off pulse
How do circuit-level gateway firewalls permit or deny forwarding decisions?
- They permit or deny forwarding decisions based soley on the endpoint designations of the communication circuit - (in other words, the source and destination addresses and service port numbers)
Where do the distance limitations of conductor-based network cabling stem from?
- They stem from the resistance of the metal used as a conductor - (copper is the most popular and least expensive conductors. Its still resistant to the flow of electrons. It degrades the longer the length of the cable.
What are Phreakers Black Boxes used for?
- They're used to manipulate line voltages to steal long-distance services - Often custom-built circuit boards with a battery and wire clips
What are Phreaker blue boxes?
- They're used to simulate 2600 Hz tones to interact directly with telephone network trunk systems (backbones) - This could be a whistle, tape recorder, or a digital tone generator
What are Phreaker Red boxes used for?
- They're used to simulate tones of coins being deposited into a pay phone - They're usually just small tape recorders
What are wireless channels?
- Think of channels as lanes on the same highway - US has 11 channels - Europe has 13 - Japan has 17 - the differences stem from local laws regulating frequency management
What is simple key management for internet protocol? (SKIP)
- This is an encryption tool used to protect sessionless datagram protocols - Designed to integrate with IPSec - Functions at layer 3
What is simple key management for internet protocol? (SKIP)
- This is an encryption tool used to protect sessionless datagram protocols - Designed to integrate with IPSec - Functions at layer 3
What is a drive-by download?
- This is code downloaded and installed on a user's system without the user's knowledge. - Most drive-by downloads take advantage of vulnerabilities in in un-patched systems
What is Direct Inward system access (DISA)?
- This system is designed to help manage external access and external control of a PBX by assigning access codes to users. - Although great in concept, this system is being compromised and abused by phreakers. Once an outside phreaker learns the PBX access codes, they can often fuly control and abuse the companys telephone account rather than the phreakers phone
What communication protocol does Radius use and what does it encrypt?
- UDP (user datagram protocol) and encrypts only the exchange of the password
What kinds of potential issues can an emergency visit from the fire dept leave in its wake?
- Water damage - physical damage from firefighters using axes and such
What are some common questions that organizations should ask when considering outsourcing information storage, processing, or transmission?
- What types of sensitive information are stored, processed, or transmitted by the vendor? - What controls are in place to protect the organization's information? - How is our organization's information segregated from that of other clients? - If encryption is relied on as a security control, what encryption algorithms and key lengths are used? How is key management handled? - What types of security audits does the vendor perform and what access does the client have to those audits? - Does the vendor rely on any other third parties to store, process, or transmit data? How do the provisions of the contract related to security extend to those third parties? Where will data storage, processing, and transmission take place? If outside the home country of the client and/ or vendor, what implications does that have? - What is the vendor's incident response process and when will clients be notified of a potential security breach? - What provisions are in place to ensure the ongoing integrity and availability of client data?
List the details about each of the 5 access control models
- With discretionary access control models, all objects have owners and the owners can modify permissions. - Administrators centrally manage nondiscretionary controls. - Role-based access control models use task-based roles and users gain privileges when administrators place their accounts into a role. - Rule-based access control models use a set of rules, restrictions, or filters to determine access. - Mandatory access controls use labels to identify security domains. Subjects need matching labels to access objects.
What is extensible markup language (XML)?
- XML goes beyond describing how to display the data, by actually describing the data
What does the ZZ in the XXyyyyZZ syntax represent in cable most cable naming conventions?
- ZZ either represent the maximum distance the cable can be used or acts as shorthand to represent the technology of the cable - such as the approximately 200 meters for 10base2 (actually 185 meters, but its rounded up to 200) or T or TX for twisted pair in 10base-T
What is the Media Access control (MAC) Address?
- a 6-byte (48-bit) binary address written in hexadecimal notation (00-13-02-1F-58-F5)
Define LEAP (lightweight extensible authentication protocol)
- a Cisco proprietary alternative to TKIP for WPA
What is the primary software component in virtualization?
- a Hypervisor. - The hypervisor manages the VMs, virtual data storage, and virtual network components.
What is a KDC (key distribution center)
- a KDC is the trusted third party that provides authentication services - all clients and servers are registered with the KDC, and it maintains the secret keys for all network members.
What are the two Bio-metric factor error types?
- a Type 1 error occurs when a valid subject is not authenticated (this is also known as a false negative authentication) - a Type 2 error occurs when an invalid subject is authenticated. (this is also known as a false positive authentication)
What is a birthday attack?
- a birthday attack focuses on finding collisions - finding two passwords that have the same hash value.
What network topology connects each system to a trunk or backbone cable?
- a bus topology - all systems on the network hear the data that is transmitted from one machine
What is a directory service?
- a centralized databse that includes information about subjects and objects. Think active directory using LDAP
What is a Syn flood attack?
- a common dos attack - it disrupts the standard three-way handshake used by TCP to initiate communication sessions. - normally, a client sends a SYN (synchronize) packet to a server, the server responds with a SYN/ACK (synchronize/achnowledge) packet to the client, and the client then responds with an ACK (acknowledge) packet back to the server. in a SYN flood attack the attackers send multiple SYN pakcets but never complete the connection with an ACK.
What is a Compensation control?
- a compensation control provides an alternative when it isn't possible to use a primary control, or when necessary to increase the effectiveness of a primary control.
What is a corrective access control?
- a corrective control modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred. - corrective controls attempt to correct any problems that occurred as a result of a security incident.
What is an extranet?
- a cross between the internet and an intranet - a section of an organization's network that has been sectioned off so that it acts as an intranet for the private network but also serves information to the public internet.
What is a dedicated line (also called a lease line or point-to-point link)?
- a dedicated line connects two specific endpoints and only those two endpoints - its always on and waiting for traffic to be transmitted over it
How does circuit switching work?
- a dedicated physical pathway is created between the two communicating parties - once a call is established, the links between the two parties remain the same throughout the conversation
What is a detective access control?
- a detective control attempts to discover or detect unwanted or unauthorized activity. - detective controls operate after the fact and can discover the activity only after it has occurred. (Examples of detective access controls include security guards, motion detectors, recording and reviewing of events captured by security cameras or CCTV, job rotation policies, mandatory vacation policies, audit trails, honeypots or honeynets, intrusion detection systems, violation reports, supervision and reviews of users, and incident investigations.)
What is a deterrent control?
- a deterrent control attempts to discourage security policy violations - deterrent and preventive controls are similar, but deterrent controls often depend on individuals deciding not to take an unwanted action
What is a directive access control?
- a directive control attempts to direct, confine, or control the actions of subjects to force or encourage compliance with security policies. (Examples of directive access controls include security policy requirements or criteria, posted notifications, escape route exit signs, monitoring, supervision, and procedures.)
What sia foreign key in a relational database?
- a foreign key is used to enforce relationships between two tables, also known as referential integrity. - referential integrity ensures that if one table contains a foreign key, it corresponds to a still-existing primary key in the other table in the relationship.
what is a distributed control system (DCS)
- a form of ICS (industrial control system) - typically found in industrial process plants where the need to gather data and implement control over a large-scale environment from a single location is essential.
What is a TCP wrapper?
- a form of port-based access control an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs.
What is the Delphi technique?
- a form of qualitative risk analysis - the Delphi technique is a from of qualitative risk analysis that uses an anonymous feedback-and-response process to arrive at a group consensus.
What is a broadcast domain?
- a group of networked systems in which all other members receive a broadcast signal when one of the members of the group transmits it. - (any system outside a broadcast domain would not receive a broadcast from that broadcast domain)
What is a collision domain?
- a group of networked systems that could cause a collision if any two (or more) of the systems in that group transmitted simultaneously. - any system outside the collision domain cannot cause a collision with any member of that collision domain
What is 802.1X/EAP?
- a hand-off system that allows the wireless network to leverage the existing network infrastructures authentication services. -
What is a rainbow table attack?
- a large database of precomputed hashes.
What is the definition of frequency?
- a measurement of the number of wave oscillations within a specific time and identified using the unit Hertz (Hz), or oscillations per second
What is WPA2?
- a new encryption scheme known as the "Counter Mode Cipher Block Chaining Message Authentication Code Protocol" (CCMP)
What is service provisioning markup language (SPML)?
- a newer framework based on XML but specifically designed for exchanging user information for federated identity single sign-on purposes. - based on DSML (directory service markup language)
What is a darknet?
- a portion of allocated IP addresses within a network that are not used. - since the ip addresses are not used, the darknet does not have any other hosts and it should not have any traffic at all.
What is a preventive access control?
- a preventive control attempts to thwart or stop unwanted or unauthorized activity from occurring. - examples: Fences, locks, biometrics, mantraps, lighting, alarm systems, separation of duties policies, job rotation policies, data classifications, penetration testing,
What is a primary key in a relational database?
- a primary key is a selected from the set of candidate keys for a table to be used to uniquely identify the records in a table. - each table has only one primary key, selected by the database designer from the set of candidate keys.
What is a recovery access control?
- a recovery control attempts to repair or restore resources, functions, and capabilities after a security policy violation. - Recovery controls are an extension of corrective controls but have more advanced or complex abilities. (Examples of recovery access controls include backups and restores, fault-tolerant drive systems, system imaging, server clustering, antivirus software, and database or virtual machine shadowing.)
What is the definition of a right?
- a right primarily refers to the ability to take an action on an object. (example - a user might have the right to modify the system time on a computer or the right to restore backed-up data)
What is the definition of a risk
- a risk is the possibility or likelihood that a threat will exploit a vulnerability resulting in a loss such as harm to an asset.
What is a password salt?
- a salt is a group of random bits, added to a password before hashing it.
How does WAP comply with the communications assistance for law enforcement act (CALEA)?
- a secure link is established between the mobile device and the telco's main server using WAP/WTLS - the data is converted into its clear form before being re-encapsualted in SSL, TLS, IPSec, and so on -
What is a security boundary?
- a security boundary is the line of intersection between any two areas, subnets, or environments that have different security requirements or needs.
Where does a security policy fit in the concept of defense in depth?
- a security policy provides a layer of defense for assets by defining security requirements.
What does asynchronous communications rely on to manage the transmission of data?
- a stop and start delimiter bit to manage the transmission of data - best suited for smaller amounts of data - public switched telephone network (PSTN) modems are a good example
What is a subject?
- a subject is an active entity that accesses a passive object to receive information from, or data about , an object - Subjects can be users, programs, processes, computers, or anything else that can access a resource - when authorized subjects an modify objects
What is Identity as a service, or Identitiy and access as a service (IDaaS)?
- a third party service that provides identity and access management. - IDaaS effectively provides SSO for the cloud and is especiallly useful when internal clients access cloud-based software as a service applications.
What is a supervisory control and data acquisition (SCADA) system?
- a type of ICS (industrial control system) - minimal human interfaces. often use mechanical buttons and knobs or simple LCD screens.
What is a distributed reflective denial-of-service (DRDoS) attack?
- a variant of a DoS - it uses a reflected approach to an attack - it wont attack the victim directly, but instead manipulates traffic or a network service so that the attacks are reflected back to the victim from other sources.
What is APIPA (automatic Private IP addressing)?
- aka link-local address assignement (defined in RFC 3927) - assigns an IP address to a system in the event of a DHCP assignment failure - primarily a feature of windows
How can you protect against false DNS results caused by poisoning and spoofing?
- allow only authorzied changes to DNS - restricting zone transfers - logging all privileged DNS activity
What is the post-admission philosophy used with NAC?
- allows and denies access based on user activity, which is based on a predefined authorization matrix
What is a Gray box penetration test?
- also known as partial knowledge tests, these are sometimes chosen to balance the advantages and disadvantages of white and black box penetration tests.
what is Security assertion markup language (SAML)?
- an XML based language that is commonly used to exchange authentication and authorization (AA) information between federated organizations. - often used to provide SSO capabilities for browser access.
What is a kerberos ticket?
- an encrypted message that provides proof that a subject is authorized to access an object. - sometimes called a service ticket (ST)
What is Diameter?
- an enhanced version of RADIUS - supports a wide range of protocols, including traditional IP, Mobile IP, and Voice over IP (VOIP)
What is an object
- an object is a passive entity that provides information to active subjects. - files, databases, computers, programs, processes, printers, and storage media.
What cryptographic goal does the challenge-response protocol support?
- authentication - the challenge-response protocol is an authentication protocol that uses cryptographic techniques to allow parties to assure each other of their identity.
how many signals can baseband and broadband cables transmit simultaneously?
- baseband can transmit only a single signal at a time - broadband cables can transmit multiple signals simultaneously
What is level 2: Repeatable of the SW-CMM model (software capability maturity model)
- basic life cycle management processes are introduced. - reuse of code in an organized fashion begins to enter the picture, and repeatable results are expected from similar projects.
What is a BSSID?
- basic service set identifier - the name of a wireless network when in ad hoc or peer-to-peer mode (when a base station or WAP is not used)
What are the most common problems with coax cables?
- bending the coax cable past its maximum arc radius - deploying the coax cable in a length greater than its maximum recommended length - not properly terminating the ends of the coax cable with a 50 ohm resistor
How many single transmission destinations can Broadcast, multicast, and unicast support?
- broadcast supports communications to all possible recipients - multicast supports communications to multiple specific recipients - unicast supports only a single communication to a specific recipient
How does polling address collisions?
- by attempting to prevent them from using a permission system - polling is an inverse of CSMA/CA method - both use masters and slaves (or primary and secondary) but while CSMA/CA allows the slaves to request permissions, polling has the master offer permission. - polling can be configured to grant one (or more) system priority over other systems.
How does a static packet-filtering firewall filter traffic?
- by examining data from a message header. - usually the rules are concerned with source, destination, and port addresses
How are VLANS created?
- by switches - by default all ports on a switch are part of VLAN #1 - various ports can be grouped together and be distinct from other VLAN port designations
How can a static packet-filtering firewall be easily fooled?
- by using spoofed packets
Describe broadband technology
- can support multiple simultaneous signals - uses frequency modulation to support numerous channels, each supporting a distinct communication session - suitable for high throughput rates, especially when several channels are multiplexed - its a form of analog signal - cable television and modems are good examples
What is a modification attack?
- captured packets are altered and then played against a system - modified packets are designed to bypass the restrictions of improved authentication mechanisms and session sequencing
What are the two common categories of identity management?
- centralized - all authorization verification is performed by a single entity within a system - decentralized/distributed - various entities located throughout a system perform authorization verification
What is context-dependent control?
- context-dependent access controls require specific activity before granting users access. - could be data and time access restrictions as well (example, consider the data flow for a transaction selling digital products online. Users add products to a shopping cart and begin the checkout process. The first page in the checkout flow shows the products in the shopping cart, the next page collects credit card data, and the last page confirms the purchase and provides instructions for downloading the digital products. The system denies access to the download page if users don't go through the purchase process first.)
List four security traffic management functions of a VLAN
- control and restrict broadcast traffic. Black broadcasts between subnets and VLAN's - Isolate traffic between network segments. by default different VLANS do not have a route for communication with each other. - reduce a networks vulnerability to sniffers - protect against broadcast storms (floods of unwanted broadcast network traffic)
What are some drawbacks with security dogs?
- costly - require a high level of maintenance - impose serious insurance and liability requirements
What is remote journaling?
- data transfers still occur in a bulk transfer mode, but they occur on a more frequent basis, usually once every hour and sometimes more frequently.
What is electronic vaulting?
- database backups are moved to a remote site using bulk transfers
How can you take measures to fight ARP attacks?
- defining static ARP mappings for critical systems - monitoring ARP caches for MAC-to-I-address mappings - or using an IDS to detect anomalies in system traffic and changes in ARP traffic
what is the secure European system for applications in a multi-vendor environment (SESAME) authentication sysytem?
- developed to address weaknesses in Kerberos, however it failed and newer versions of Kerberos resolved its initial problems.
What is a black box penetration test?
- does not provide the attackers with any information prior to the attack.
What is bio-metric enrollment?
- during enrollment, a subjects biometric factor is sampled and stored in the devices database. This stored sample of a biometric factor is the reference profile (also known as a reference template)
How is cross-talk prevented in twisted pair cables?
- each wire pair within the cable is twisted at a different rate (in other words, twists per inch) - the signals traveling over one pair of wires cannot cross over onto another pair of wires (at least within the same cable) - the tighter the twist the more resistant the cable is to internal and external interference and crosstalk, and the capacity for throughput is greater.
What is a wireless frequency hopping spread spectrum (FHSS)?
- early implementation of the spread spectrum, but instead of sending data in a parallel fashon, it transmits data in a series while constantly changing the frequency in use. - the entire range of available frequencies is employed, but only one frequency at a time is used - as the sender changes from one frequency to the next, the receiver has to follow the same hopping pattern to pick up the signal.
How does emanation work?
- emanations occur whenever electrons move - movement of electrons creates a magnetic field - if you can read that magnetic field, you could re-create it elsewhere in order to reproduce the electron stream
Define PEAP (Protected Extensible authentication protocol)
- encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption -
What is the main goal of business continuity planning?
- ensure the continuous operation of the business in an emergency - bcp is designed to keep your business up and running in the face of an emergency
What is Dynamic software testing?
- evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else.
What is an ESSID?
- extended service set identififer - the name of a wireless network when a wireless base station or WAP is used. (infrastructure mode)
what is federated identity management?
- federated identity management is a form of SSO that meets the need for SSO over the internet - multiple organizations can join a federation, or group, where they agree on a method to share identities between them.
What is the first binary digit and decimal range of the first octet in a Class A subnet?
- first binary digits - 0 - Decimal range of first octet - 1-126
What is the first binary digit and decimal range of the first octet in a Class B subnet?
- first binary digits - 10 - Decimal range of first octet - 128-191
What is the first binary digit and decimal range of the first octet in a Class C subnet?
- first binary digits - 110 - Decimal range of first octet - 192-223
What is the first binary digit and decimal range of the first octet in a Class D subnet?
- first binary digits - 1110 - Decimal range of first octet - 224-239
What is the first binary digit and decimal range of the first octet in a Class E subnet?
- first binary digits - 1111 - Decimal range of first octet - 240-255
What is a fax encryptor?
- gives a fax machine the capability to use an encryption protocol to scramble the outgoing fax signal - this requires the receiving fax machine support the same encryption protocol so it can decrypt the documents
What is a synchronous dynamic password token?
- hardware tokens that are time-based and synchronize with an authentication server - they generate a new password periodically, such as every 60 seconds
How does identification work?
- identification is the process by which a subject professes an identity and accountability is initiated. - a subject must provide an identity to a system to start the process of authentication, authorization and accountability.
What is the first step of the business impact assessment process?
- identification of priorities - identification of priorites is the first step of the business impact assessment process.
What is the definition of a hacker
- in the 70's and 80's hackers were defined as technology enthusiasts with no malicious intent, now the media uses hacker in the black of cracker
How do DAC and role-BAC differ?
- in the DAC model, objects have owners and the owner determines who has access. - in role-BAC, admins determine subject privileges and assign appropriate privileges to roles or groups
What is used to increase the strenth of cryptography by creating a unique cipher text every time the same message is encrypted with the same key?
- initialization vector - an initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IV's are used to create a unique cipher text every time the same message is encrypted with the same key.
How does the spiral development model work?
- is allows for multiple iterations of a waterfall-style process (think of the spiral)
Define Wireless Application Protocol (WAP)
- is not a standard; instead, it is a functioning industry-driven protocol stack - users can connect to the company's network by connecting from their cell phone or PDA through the cell phone carrier network over the internt and through a gateway
Describe baseband technology
- it can support only a single communication channel - it uses a direct current applied to the cable - a current that is at a higher level represents the binary signal of 1 - a current that is at a lower level represents the binary signal of 0 - its a form of digital signal - Ethernet is a baseband technology
What is a MAC Hybrid Environment?
- it combines both hierarchical and compartmentalized concepts so that each hierarchical level may contain numerous subdivisions that are isolated from the rest of the security domain.
What does a twisted cable pair consist of internally?
- it consists of four pairs of wires that are twisted around each other and then sheathed in a PVC insulator. - (if there is a foil wrapper around the wires underneath the external sheath, the wire is known as shielded twisted-pair (STP)
How does L2TP (layer 2 tunneling protocol) work?
- it creates a point-to-point tunnel between communication endpoints. - it lacks a built-in encryption scheme, but it typically relies on IPSec as its security mechanism.
What is the 5-4-3 rule?
- it defines the number of repeaters/concentrators and segments that can be used in a network design. - it states that between any two nodes (any type of processing entitiy, such as a server, client, or router) there can only be a maximum of five segments connected by four repeaters/concentrators, and it states that only three of those five segments can be populated (This doesn't apply to switched networks or the use of bridges or routers)
How does a three-tier firewall deployment work?
- it deploys multiple subnets between the private network and the internet separated by firewalls
What is an asynchronous dynamic password token?
- it does not use a clock, instead the hardware token generates passwords based on an algorithm and an incrementing counter. - it creates a dynamic one-time password that stays the same until used for authentication.
What is a (wireless) direct sequence spread spectrum (DSSS)?
- it employs all the available frequencies simultaneously in parallel - uses a special encoding mechanism known as chipping code to allow a receiver to reconstruct data even if parts of the signal were distorted because of interference - (think of how RAID5 parity allows the data on a missing drive to be re-created
What is a ping-of-death attack?
- it employs an oversized ping packet - ping packets are normally 32 or 64 bytes, the ping-of-death attack changed the size of ping packets to over 64kb, which was bigger than many systems could handle
What is SDN (software-Defined Networking)
- it is effectively network virtualization - removes the traditional networking concepts of IP addressing ( based on the theory that the complexities of a traditional network with on-device configuration (routers and switches) often force an org to stick with a single device vendor and limit the flexibility of the network to respond to changing physical and business condition's. )
what is a proxy?
- it performs a function or requests a service on behalf of another system and connects network segments that use the same protocol - proxies server as mediators, filters, caching servers, and even NAT/PAT servers for a network
How do analog communications occur?
- it produces a wave shape - They occur with a continuous signal that varies in frequency, amplitude, phase, voltage, and so on
What does the encapsulating security payload (ESP) provide in IPSec?
- it provides encryption to protect the confidentiality of transmitted data, but it can also perform limited authentication.
What is Mandatory access control (MAC)?
- it relies on the user of classification labels - each classification label represents a security domain, or a realm of security (think of the lattice every object and every subject has a label) - its prohibitive rather than permissive., and uses an implicit deny philosophy (For example, a security domain could have the label Secret, and the MAC model would protect all objects with the Secret label in the same manner.)
What is process isolation?
- it requires that the OS provide separate memory spaces for each process's instructions and data - requires the OS to enforce reading or writing data that belongs to another process
What is TCP SYN scanning?
- it sends a single packet to each scanned port with a SYN flag set. This indicates a request to open a new connection. - if the scanner receives a response that has the SYN and ACK flags set, this indicates the system is moving ot the second phase in the three-way TCP handshake and that the port is open. - TCP SYN scanning is also known as half-open
How does Token Ring perform communications?
- it uses a digital token - possession of the token allows a host to transmit data - once transmission is complete, it releases the token to the next system
How does Polling perform communications?
- it uses a master-slave configuration - one system is labeled as the primary system, all other systems are labeled as secondary - The primary system polls or inquires of each secondary system in turn whether they have a need to transmit data - if a secondary system indicates a need, it is granted permission to transmit - once its transmission is complete, the primary system moves on to poll the next secondary system. - SDLC - synchronous data link control uses polling
What is a virtual circuit? (also called a communication path)
- its a logical pathway or circuit created over a packet-switched network between two specific endpoints.
What is a virtual application?
- its a software product deployed in such a way that it is fooled into believing it is interacting with a full host OS.
What is an access control matrix?
- its a table that includes subjects, objects, and assigned privileges. - When a subject attempts an action, the system checks the access control matrix to determine if the subject has the appropriate privileges to perform the action.
What is an attribute-based access control? (ABAC)
- its an advanced implementation of a rule-BAC - ABAC models use policies that include multiple attributes for rules. - many software defined networking applicaitons use ABAC models.
What is a captive portal?
- its an authentication technique that redirects a newly connected wireless web client to a portal access control page. - This is the web page you may see on a wireless network the first time that you log in. I may ask you for log on creds or payment info.
What is PEM (privacy enhanced mail)?
- its an e-mail encryption mechanism that provides authentication, integrity, confidentiality, and nonrepudiation. - PEM uses RSA, DES, and x.509
What is the major difference between discretionary and non discretionary access controls?
- its how they're managed - admins centrally administer non-discretionary access controls and can make changes that affect the entire environment - discretionary access controls models allow owners to make their own changes, and their changes don't affect other parts of the environment.
Define EAP (extensible authentication protocol)
- its not a specific mechanism of authentication, rather an authentication framework - allows for new authentication technologies to be compatible with existing wireless or point-to-point connection technologies
How does DNS poisoning occur?
- its occurs when an attacker alters the domain-name-to-IP-address mappings in a DNS system to redirect traffic to a rogue system or to simply perform a denial-of-service attack against a system
What is hyperlink spoofing?
- its similar to DNS spoofing in that it is used to redirect traffic to a rouge or imposter system or to simply divert traffic away from its intended destination
What is a WAN switch?
- its simply a specialized version of a LAN switch that is constructed with a built-in CSU/DSU for a specific type of carrier network.
What is a virtualized network or network virtualization?
- its the combination of hardware and software networking components into a single integrated entity.
What is a VLAN (Virtual LAN)?
- its used for hardware-imposed network segmentation - VLANS are used to logically segment a network without altering its physical topology
When attempting to impose accountability on users, what key issue must be addressed?
- legal defense/support of authentication. - to effectively hold users accountable, your security must be legally defensible. Primarily, you must be able to prove in a court that your authentication process cannot be easlity compromised. Thus your audit trails of actions can be then tied to a human.
What phase of a business impact assessment calculates the ARO for a given risk scenario?
- likelihood assessment - The annualized rate of occurrence (ARO) is a measure of how many times a risk might materialize in a typical year. It is a measure of risk likelihood
What are the two type of bus topologies?
- linear - employs a singe trunk line with all systems directly connected to it - tree - employs a single trunk line with branches that can support multiple systems.
What are some mechanisms that can be deployed to improve the security of faxes?
- link encryption - activity logs - encryption reports
What are logical/technical controls?
- logical access controls (also known as technical access controls), are the hardware or software mechanisms used to manage access and to provide protection for resources and systems. (Examples of logical or technical access controls include authentication methods (such as passwords, smartcards, and biometrics), encryption, constrained interfaces, access control lists, protocols, firewalls, routers, intrusion detection systems, and clipping levels.)
What is scripted access?
- logon scripts are stored on a device to automatically log a user on to a different device - usually stored in clear text.
What is the Transport layer (layer 4) responsible for?
- managing the integrity of a connection and controlling the session. - it accepts a PDU (variably spelled out as protocol date unit, packet data unit, or payload data unit - i.e. a container of information or data passed between network layers) from the session layer and converts it into a segment. - controls how devices on the network are addressed or referenced - establishes communication connections between nodes (also known as devices) - defines the rules of a session
What do most WAN technologies require for communication?
- most WAN technologies require a channel service unit/data service unit (CSU/DSU), sometimes called a WAN switch.
What is a certificate authority?
- neutral organizations that offer notarization services for digital certs.
________ operates on a set of defined rules or restrictions that filter actions and activities performed on the system.
- non discretionary access controls - Nondiscretionary access control enables the enforcement of system wide restrictions that override object-specific access control
What action usually closes the identification phase of incident response?
- notifying the incident response team - the identification phase usually concludes with the notification of the incident response team.
What is a read-through DR test?
- one of the simplest tests - you distribute copies of the DR plans to the members of the DR team for review.
What are some methods to prevent impersonation?
- one time pads - token authentication systems - using kerberos - using encryption to increase the difficulty of extracting authentication credentials.
what are the two different two-tier firewall deployments?
- one uses a firewall with three or more interfaces - the other uses two firewalls in a series (this allows for a DMZ or a publicly accessible extranet)
which elements should be considered when designing a DR training plan?
- orientation training for all new employees - initial training for employees taking on a new disaster recovery role for the first time - detailed refresher training for disaster recovery team members - brief awareness refreshers for all other employees (can be accomplished as part of other meetings and through a medium like e-mail newsletters sent to all employees)
What are the three versions of TACACS
- original TACACS - Extended TACACS (XTACACS) - TACACS+
How does packet switching work?
- packet switching occurs when the message or communication is broken up in to small segments (usually fixed-length packets depending on the protocols and technologies employed) and sent across the intermediary networks to the destination. - each segment of data has its own header that contains source and destination information. - the header is read by each intermediary system and is used to route each packet to its intended destination
What are the two types of virtual circuits?
- permanent virtual circuits (PVC's) -- PVC is like a dedicated leased line. the logical circuit always exists and is waiting for the customer to send data. - switched virtual circuits (SVC's) -- an SVC is more like a dial-up connection because a virtual circuit has to be created using the best paths currently available before it can be used and then dissembled after the transmission is complete
what are some vulnerabilities around using security guards?
- physical injury andillness - take vacations - can become distracted - vulnerable to social engineering - substance abuse - usually offer protection only up to the point of life endangerment - usually unaware of the scope of the operations within a facility and are therefore not thoroughly equipped to know how to respond to every situation - expensive
what evidence standard do most civil cases follow?
- preponderance of the evidence standard - Meeting this standard simply requires that the evidence demonstrate that the outcome of the case is more likely than not.
What are the goals of NAC?
- prevent/reduce zero day attacks - enforce security policy throughout the network - use identities to perform access control
Name at least three access control types
- preventive, detective, corrective, deterrent, recovery, directive, and compensation access controls. - They are implemented as administrative controls, logical/ technical controls, and/ or physical controls.
How does a single tier firewall deployment work?
- private network is behind firewall which is connected to a router to the internet
What is the definition of privileges?
- privileges are the combination of rights and privileges. (example - an admin for a computer will have full privileges, granting the administrator full rights and permissions on the computer)
What phase of the electronic Discovery Reference model performs a rough cut of irrelevant information?
- processing - Processing screens the collected information to perform a "rough cut" of irrelevant information, reducing the amount of information requiring detailed screening.
What does the twisting of the copper wires in a twisted pair provide protection for?
- protection from external radio frequencies, - electric and magnetic interference - reduces cross-talk between pairs.
what are AAA protocols?
- protocols that provide authentication, authorization, and accounting - these provide centralized access control with remote access systems such as virtual private networks (VPNs)
what is a white box penetration test?
- provides the attackers with detailed information about the systems they target
Explain the various types of evidence that may be used ina criminal or civil trial
- real evidence consists of actual objects that can be brought into the courtroom - documentary evidence consists of written documents that provide insight into the facts - testimonial evidence consists of verbal or written statements made by witnesses
What is a MAC hierarchical environment?
- relates various classification labels in an ordered structure from low security to medium to high.: confidential, secret, top secret. - each level or classification label in the structure is related. - clearance in one level grants the subject access to objects in that level as well as to all objects in lower levels but prohibits access to all objects in higher levels.
What are some basic issues around remote access security management?
- remote security access security management requires that security system designers address the hardware and software components of an implementation along with issues related to policy, work tasks, and encryption
What is the pre-admission philosophy used with NAC?
- requires a system to meet all current security requirements (such as patch application and antivirus updates) before it is allowed to communicate with the network.
What are some base security policies for systems?
- robust access controls, which may include multi-factor authentication and/or bio metrics to restrict access to desktops and to prevent unauthorized access to servers and services.
What does the internet protocol provide?
- route addressing for data packets - similar to UDP, IP is connectionless and is an unreliable datagram service
list some mechanisms found in the transport layer (layer 4)
- segmentation - sequencing - error checking - controlling the flow of data - error correction - multiplexing - network service optimization
What is a TCP ACK scan?
- sends a packet with the ACK flag set, indicating that it is part of an open connection
What is a Xmas Scan?
- sends a packet with the FIN, PSH, and URG flags set. - a packet with so many flags set is said to be "lit up like a Christmas tree"
What is a TCP reset attack?
- session are normally terminated with either the FIN (finish) or the RST (reset) packet. - attackers can spoof the source IP address ina RST packet and disconnect active sessions
What are the two types of messages that can be formed using S/MIME?
- signed messages -> provides integrity - secured enveloped messages -> provides integrity, sender authentication, and confidentiality
What is a padded cell?
- similar to a honeypot - The padded cell is a simulated environment that offers fake data to retain an intruder's interest, similar to a honeypot. However, the IDS transfers the intruder into a padded cell without informing the intruder that the change has occurred.
What is Task-based access control (TBAC)?
- similar to role role-BAC, but instead of being assigned to one or more roles, each user is assigned an array of tasks. - these items all relate to assigned work tasks for the person associated with a user account. - Under TBAC, the focus is on controlling access by assigned tasks rather than by user identity.
What form of testing stresses demands on the disaster recovery team to derive an appropriate response from a disaster scenario?
- simulation test - simulation tests are similar to teh structured walk-throughs. In simulation tests, disaster recovery team members are presented with a scenario and asked to develop an appropriate response.
list the possible contamination and damage that can be caused by a fire and suppression
- smoke - damaging to most storage devices - Heat - can damage any electronic or computer component - Suppression mediums - can cause short circuits, initiate corrosion, or otherwise render equipment useless
How does shared key authentication work? (SKA)
- some form of authentication must take place before network communications can occur. - 802.11 standard defines one optional technique for SKA known as (WEP) wired equivalent privacy
What are some things that a statefull inspection firewall examines?
- source and destination addresses - application usage - source of origin - relationship between current packets and the previous packets of the same session
What are the two modes that you can use NAT?
- static nat - use this when a specific internal client's IP address is assigned a permanent mapping to a specific external public IP address - dynamic nat - use this mode to grant multiple internal clients access to a few leased public ip addresses.
Which firewall type looks exclusively at the message header to determine whether to transmit or drop data?
- static packet filtering - a static packet-filtering firewall filters traffic by examining data from a message header.
What are the two categories of testing used specifically to evaluate application security?
- static testing - testing the actual code of the applicaion - Dynamic testing - evaluates the security of the software in a run-time environment and is often the only option for organizations deploying applications written by someone else.
What is a stealth virus?
- stealth viruses hide themselves by actually tampering with the operating system to foll antivirus packages into thinking that everything is functioning normally. - example a stealth boot sector virus might overwrite the systems MBR with malicious code but then also modify the OS file access functionality to cover its tracks. when the antivirus package requests a copy of the MBR, the modififed OS code provides it with exactly what the antivius package expects to see - a clean version of the MBR. However when the system boots, it reads the infected MBR and loads the virus into memory.
What are 3 attributes of the TCP protocol?
- supports full-duplex communications - connection oriented - employs reliable sessions
What are the two types of hardware tokens?
- synchronous dynamic password tokens - asynchronous dynamic password tokens
What is a Kerberos authentication server?
- the authentication server hosts the functions of the KDC (key distribution center): 1. a ticket-granting service (TGS) and 2. an authentication service (AC) - this verifies or rejects the authenticity and timeliness of tickets.
What is the border connection device device called in a WAN?
- the channel service unit/data service unit (CSU/DSU) - these devices convert LAN signals into the format used by the WAN carrier network and vice versa
How does DTE/DCE work with Frame relay?
- the customer owns the DTE, which acts like a router or a switch and provides the customers network with access to the Frame Realy network - The frame relay service provider owns the DCE, which performs the actual transmission of data over the Frame Relay as well as establishing and maintaining the virtual circuit for the customer.
Within the contect of the EU Data protection law, what is the responsibility of a data processor?
- the data processor should protect the data to prevent unauthorized disclosure and use the data only as directed by the data controller.
What two elements of the recovery process are adressed to implement a trusted solution?
- the first is failure preparation. this includes system resilience and fault-tolerant methods in addition to a reliable backup solution. - the second element is the process of system recovery. The system should be forced to reboot into a single-user, non privileged state.
what is a pretesting attack?
- the practice of obtaining your personal information under false pretenses
What is the ISC2 code of Ethics preamble?
- the safety and welfare of society and the common good, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. - Therefore, strict adherence to this code is a condition of certification
What domains are systems on either side of a switch operating at layer 2 a part of?
- the same broadcast domain but are in different collision domains
How does a bus network topology avoid collision?
- the system employs a collision avoidance mechanism that basically "listens" for any other currently occurring traffic. - If traffic is heard, the system waits a few moments and listens again.
How does wireless open system authentication work? (OSA)
- there is no real authentication required - as log as a radio signal can be transmitted between the client and WAP, communications are allowed. - all communication is usually in clear text
What is a MAC Compartmentalized Environment?
- there is no relationship between one security domain and another. - each domain represents a separate isolated compartment.
What are capability tables?
- they are another way to identify privileges assigned to subjects - they are different from ACL's in that a capability table is focused on subjects (such as users, groups, or roles)
What are differential backups?
- they store all files that have been modified since the time of th emost recent full backup. - only files tha have the archive bit turned on, enabled, or set to 1 are duplicated. However unlike full and incremental backups, the differential backup process does not change the archive bit
What are incremental backups?
- they store only those files that have been modified since the time of the most recent full or incremental backup -
What are Mutual assistance agreements (MAAs)? Also called reciprocal agreements
- they're popular in disaster recovery literature, but are rarely implemented. - under a MAA, two orgs pledge to assist each other in the event of a disaster by sharing computing facilities or other technological resources.
What is a time-of-check-to-time-of-use (TOCTTOU or TOC/TOU) vulnerability?
- this is a timing vulnerability that occurs when a program checks access permissions too far in advance of a resource request. - (example) if an OS builds a comprehensive list of access permissions for a user upon logon and then consults that list throughout the login session, a TOCTTOU vulnerability exists.
What is RAID-1?
- this is also called mirroring - it uses two disks, which both hold the same data. If one disk fails, the other disk includes the data so a system can continue to operate after a single disk fails.
What is RAID 0?
- this is also called striping - uses two or more disks and improves the disk subsystem performance but it does not provide fault tolerance
What is RAID-5?
- this is also called striping with parity - it uses three or more disks with the equivalent of one disk holding parity information. if any single disk fails, the RAID array will continue to operate, though it will be slower
What is RAID-10?
- this is also known as RAID 1+0 or a stripe of mirrors, and is configured as two or more mirrors (RAID-1) configured in a striped (RAID-0) configuration. - it uses at least four disks but can support more as long as an even number of disks are added.
What is terminal access controller access-control system (TACACS+)?
- this is an alternative to RADIUS - TACACS integrates the authentication and authorization processes. - TACACS+ improves XTACACS by adding two-factor authentication - TACACS+ is the most current and relevent version of this product line
What is the definition of automated recovery without undue loss?
- this is similar to automated recovery int hat a system can restore itself against at least one type of failure. - it includes mechanisms to ensure that objects are protected to prevent their loss
How does a store-and-forward network device work?
- this is usually a bridge that connects two different speed networks. - They use a buffer to store packets until they can be forwarded to the slower network.
What is a wireless spread spectrum?
- this means that communication occurs over multiple frequencies at the same time - a message is broken into pieces, and each piece is sent at the same time, but using a different frequency - this is a parallel communication rather than a serial communication
How does DNS spoofing occur?
- this occurs when an attacker sends false replies to a requesting system, beating the real reply from the valid DNS server. - this is also technically an exploitation of race conditions
What is TCP connect scanning?
- this opens a full connection to the remote system on the specified port. - this scan type is used when the user running the scan does not have the necessary permissions to run a half-open scan
What is a ticket granting ticket (TGT)?
- this provides proof that a subject has authenticated though a KDC and is authorized to request tickets to access other objects. - a TGT is encrypted and includes a symmetric key, an expiration time, and the users ip address. - subjects present the TGT when requesting tickets to access objects.
What is an Access aggregation attack?
- this refers to collecting multiple pieces of nonsensitive information and combing (i.e. aggregating) them to lean sensitive information. (in other words, a person or group may be able to collect multiple facts about a system and then use these facts to launch an attack.)
How can ARP mappings be attacked?
- through spoofing - spoofing provides false MAC addresses for requested IP-addressed systems to redirect traffic to alternate destinations
How can the goals of NAC be achieved?
- through the use of strong detailed security policies that define all aspects of: - security control - filtering - prevention - detection - response for every device from client to server and for every internal or external communication.
What is the KryptoKnight authentication system
- ticket based authentication system developed by IBM, it never took off and are no longer widely used. - similar to kerberos but uses peer-to-peer authentication instead of third party.
What is the goal of an access control?
- to provide access to authorized subjects and prevent unauthorized access attempts.
What is the purpose of a security test?
- to verify that a control is functioning properly - These tests include automated scans, tool-assisted penetration tests and manual attempts to undermine security
Describe the differences between transport mode and tunnel mode of ESP
- transport mode - the ip packet data is encrypted but the header of the packet is not - tunnel mode - the entire IP packet is encrypted and a new header is added to the packet to govern transmission through the tunnel
What is a Plenum cable?
- type of cabling sheathed with a special material that does not release toxic fumes when burned. - often has to be used to comply with building codes
What is RADIUS (Remote Authentication Dial-in user service)
- typically used when an organization has more than one network access server (or remote access server) - a user can connect to any network access server, which then passes on the users credentials to the RADIUS server to verify authentication and authorization and to track accounting.
What are two methods for blocking syn flood attacks?
- use SYN cookies - When the system recieves an ACK, it checks the SYN cookies and establishes a session. Firewalls often include mechanisms to check for SYN attacks, as do intrusion detection and intrusion prevention systems. - reduce the amount of time a server will wait for an ACK. it is typically three minutes by default, but in normal operation it rarely takes a legitimate system three minutes to send the ACK packet.
What is the easiest way to eliminate electromagnetic radiation interception?
- use cable shielding or conduit and block unauthorized personnel and devices from getting too close to equipment. through physical controls.
What is a constrained interface?
- used by applications to either hide or display greyed out functions in the application from users that don't have the proper privileges.
What are Phreaker White boxes?
- used to control the phone system - A dual-tone multifrequency (DTMF) generator (that is, a keypad) - Can be custom-built device or one of the pieces of equipment that most telephone repair personnel use.
What is Extensible access control markup language (XACML)?
- used to define access control policies within an XML format. - commonly implements role-based access controls.
What is rule-based access controls (rule-BAC)?
- uses a set of rules, restrictions, or filters to determine what can and cannot occur on a system - example is a firewall
What are some countermeasures to modification replay attacks?
- using digital signature verification's and packet checksum verification
What do Packet-switching technologies use instead of physical circuits?
- virtual circuits - a virtual circuit is created only when needed, which makes for efficient use of the transmission medium and is extremely cost-effective.
What is the throughput and notes for UTP category 1 (CAT 1) cables?
- voice only - not suitable for networks but usable by modems
Define TKIP (Temporal Key Integrity protocol)
- was designed as the replacement for WEP without requiring replacement of legacy wireless hardware. - Was implemented into 802.11 wireless networking under the name of WPA
How does a data collision take place?
- when two transmitted messages attempt to use the network medium at the same time - it causes one of both of the messages to be corrupted
How can you compare the overall quality of bio-metric devices?
- you can compare the overall quality of biometric devices with the Crossover error rate (CER) - IT shows the FRR (false rejection rate) and FAR (false acceptance rate) percentages when a device is set to different sensitivity levels. - The point where the FRR and FAR percentages are equal is the CER, and the CER is used as a standard assessment value
How can you prevent replay attacks?
- you can prevent replay attacks by using one-time authentication mechanisms and sequenced session identification
list the steps to verify the integrity of a data transmission
- you can use a checksum called a hash total 1. a hash function is performed on a message or a packet before it is sent over the communication pathway. 2. The hash total obtained is added to the end of the message and is called the message digest 3. Once the message is received , the hash function is performed by the destination system, and the result is compared to the original hash totoal 4. if the two hash totals match, then there is a high level of certainty that the message has not been altered or corrupted during transmission
What is Media cleansing in TCSEC?
-- (C2) any media that are reused by another user must first be thoroughly cleansed so that no remnant of the previous data remains available for inspection or use
what is the formula for finding the number of keys needed in a symmetric algorithm?
-- (n*(n-1))/2 -- n=number of participants
How long is the flags field?
-- 8 bits long
What is Pretty Good Privacy (PGP)?
-- A public/private key system that uses the IDEA algorithm to encrypt files and email messages. -- its not a standard but rather an independently developed product that has wide Internet grassroots support. -- works out of the "web of trust"
List some of the format standards that exist within the presentation layer (layer 6)
-- ASCII - American standard code for information interchange -- EMCDICM - Extended Binary-Coded Decimal interchange mode -- TIFF - Tagged image file format -- JPEG - Joint photographic experts group -- MPEG - Moving picture experts group -- MIDI - Musical instrument digital interface
What is an ACL?
-- Access control list -- tied to an object -- lists valid actions each subject can perform
What is process confinement?
-- Allows a process to read from and write to only certain memory locations and resources -- also known as sandboxing
what is the MD4 hash algorithm?
-- An enhanced version of the MD2 algorithm -- released in 1990. -- pads the message to ensure that the message length is 64 bits smaller than a multiple of 512 bits. -- example: a 16-bit message would be padded with 432 additional bits of data to make it 448 bits, which is 64 bits smaller than a 512-bit message. -- no longer considered to be a secure hashing algorithm
What are the four layers of the TCP/IP model?
-- Application -- Transport (also known as host-to-host) -- internet (sometimes internetworking) -- link (although network interface and sometimes network access are used)
What is a frequency analysis attack?
-- Caesar ciphers or columnar transposition ciphers are weak to this attack. --attacker finds the most common letters in the encrypted text and experiments with the substitution of the letters to help determine the pattern.
What are two techniques to verify the authenticity of certificates and identify revoked certs?
-- Certificate revocation lists (CRLS) -- Online certificate status protocol (OCSP)
How do you verify a digital certificate?
-- Check the CA's digital signature using the CA's public key. -- Check to ensure the cert was not published on a certificate revocation list (CRL)
What are the two versions of PGP?
-- Commercial version. ** Uses RSA for key exchange, ** IDEA for encryption/decryption, ** MD5 for message digest production. -- Freeware version. based on openPGP, ** uses diffie-hellman key exchange, ** the Carlisle Adams/Stafford ravares (CAST) 128bit encryption/decryption algorithm, ** SHA-1 hashing function
What are two of the major technologies used to protect mass-distributed media?
-- Contect Scrambling system (CSS) -- Advanced Access Content System (AACS)
What are some common symmetric cryptosystems?
-- DES -- 3DES -- IDEA -- Blowfish -- SKipjack -- AES - Advance encryption standard
Describe the four security modes approved by the federal govt for processing classified information.
-- Dedicated systems require that all users have appropriate clearance, access permissions, and need to know for all information stored on the system. -- system high mode removes the need-to-know requirement. -- compartmented mode removes the need-to-know and access permission requirement. -- multilevel mode removes all three requirements.
What is the Green book of the rainbow seires?
-- DoD password management guidelines -- provides password creation and management guidelines
What does each bit of the flags field in a TCP header represent?
-- Each of the bit positions represents a single flag, or control setting. -- each bit position can be set with a 1 (on) or 0 (off)
What are the two methods to disconnect a TCP session when a communication session is complete?
-- FIN (finish) - most common -- RST (reset) flagged packet - causes an immediate and abrupt session termination
list some of the Halon replacements
-- FM-200 (HFC-227ea) -- CEA-410 or CEA-308 -- NAF-S-III (HCFC Blend A) -- FE-13 (HCFC-23) -- Argon (IG55) or Argonite (IG01) -- Inergen (IG51)
What are the two major approaches to key escrow
-- Fair cryptosystems: ** keys are divided into two or more pieces, each piece is given to an independent third party. ** each piece is useless on its own. -- Escrowed encryption standard ** provides govt with a technological means to decrypt ciphertext ** basis behind Skipjack
What is HMAC?
-- Hashed Message Authentication Code -- An algorithm that implements a partial digital signature -- it guarantees the integrity of a message during transmission, but it does not provide for nonrepudiation because it relies on a shared key -- can be combined with any standard message digest generation algorithm such as SHA-2 by using a shared key
What is the Content Scrambling system?
-- IT enforces playback and region restrictions on DVD's -- this encryption scheme was broken with the release of a tool known as DeCSS that enabled the playback of CSS-protected contect on Linux systems
What is IGMP?
-- Internet group management protocol -- Allows systems to support multicasting.
What is an embedded system?
-- It's typically designed around a limited set of specific functions in relation to the larger product of which its a component -- NEtwork attached printers, smart TV's, HVAC controls, etc
how does the reference monitor enforce access control or authorization?
-- Its based on the desired security model -- discretionary, mandatory, role-based, or some other form of access control.
What is the critical difference between link and end-to-end encryption?
-- Link encryption, all the data including the header, trailer, address, and routing data, is also encrypted -- each packet has to be decrypted and re-encrypted at each hop which can slow the routing -- end to end moved faster from point to point, but is more susceptibel to sniffers and eavesdroppers
what are some of the more common hashing algorithms in use today?
-- Message Digest 2 (MD2) -- Message Digets 5 (MD5) -- Secure Hash Algorithm (SHA-0, SHA-1, and SHA-2) -- Hashed Message Authentication code (HMAC)
What protocols operate within the session layer (layer 5) of the OSI model?
-- NFS - network file system -- SQL - structured query language -- RPC - Remote Procedure call
What is Advanced Encryption standard? (AES)
-- Novemeber of 2001 NIST released FIPS 197, which mandated the use of AES/Rijndail for the encryption of all sensitive but unclassified data by the US govt -- it can use 3 key strengths, 128, 192, and 256 bits. -- uses block sizes equal to the key length. -- the number of encryption rounds depends on the key length chosen: 128 bit keys require 10 rounds of encryption, 192 requires 12 rounds, 256 require 14 rounds.
What are some common permissions restricted by document DRM solutions?
-- Reading a file -- Modifying the contents of a file -- removing watermarks from a file -- downloading/saving a file -- printing a file -- taking screenshots of file content
What is SHA?
-- Secure Hash Algorithm -- govt standard hash functions developed by NIST -- specified in NIST Secure Hash Standard (SHS) (FIPS) 180
what is S/MIME
-- Secure Multipurpose internet mail extensions protocol. -- Relies on the use of x.509 certificates for exchanging cryptographic keys
What are the three different disciplines or control modes that communication sessions can operate in Layer 5 (session layer) of the OSI model?
-- Simplex - one way direction communication -- Half-Duplex - Two-way communication, but only one direction can send data at a time -- Full-Duplex - two-way communication, in which data can be sent in both directions simultaneously
what are the differences between symmetric and asymmetric cryptosystems?
-- Symmetric **rely on the use of a shared secret key ** much faster than asymmetric ** lack support for scalability, easy key distribution, and nonrepudiation. --Asymmetric ** uses public-private key pairs
What are the two primary transport layer protocols of TCP/IP?
-- TCP - a full-duplex connection-oriented protocol -- UDP - a simplex connectionless protocol
What protocols operate within the transport layer (layer 4)?
-- TCP - transmission control protocol -- UDP - User datagram protocol -- SPX - Sequenced packet exchange -- SSL - Secure sockets layer -- TLS - transport layer security
What are TCP sliding windows?
-- TCP is able to used different sizes of windows before sending an acknowledgment. -- Larger windows allow for faster data transmissions, but should be used only on reliable connections where lost or corrupted data is minimal -- Smaller windows should be used when the communication connection is unreliable
What are the three main evaluation models or classification criterias?
-- TCSEC -- ITSEC -- Common Criteria
Explain the rules involved with the take-grant model
-- Take rule - allows a subject to take rights over an object -- Grant Rule - allows a subject to grant rights to an object -- Create rule - allows a subject to create new rights -- remove rule - allows a subject to remove rights it has
What Security model is the category B's in TCSEC based on?
-- The Bell-LaPadula model -- Mandatory access is based on Security labels
What are some of the strengths of asymmetric key encryption?
-- The addition of new users requires the generation of only one public-private key pair. -- Users can be removed far more easily from asymmetric systems -- key regeneration is required only when a users private key is compromised -- it can provide integrity, authentication, and nonrepudiaiton -- key distribution is a simple process -- no preexisting communication link needs to exist
What is steganography?
-- The art of using cryptographic techniques to embed secret messages within another message.
what is the time of check to time of use attack? (also called race conditions)
-- The attacker is racing with the legitimate process to replace the object before it is used. A timing vulnerability that occurs when a program checks access permissions too far in advance of a resource request -- The difference between the TOC and TOU is sometimes large enough for an attacker to replace the original object with another object that suits their own needs.
what is contained in each encapsulation Header and footer layer of the OSI model?
-- The information removed by each layer contains instructions, checksums, and so on that can be understood only by the peer layer that originally added or created the information. -- This information is what creates the logical channel that enables peer layers on different computers to communicate
What is the most important security parameter that can be set at the discretion of the security administrator?
-- The length of the cryptographic key used in PKI -- this judgement can be made by weighing the difficulty of defeating a given key length (measured in the amount of processing time required to defeat the cryptosystem) against the importance of data
what is the revocation request grace period?
-- The maximum response time within which a CA will perorm any requested revocation. -- defined in the certificate practice statement(CPS)
What is key space?
-- The range of values that are valid for use as a key for a specific algorithm. -- defined by its bit size. the number of binary bits (0's and 1's) in the key -- its the range of numbers from 0 to 2n, n=bit size of the key
What two models is the Sutherland Model based on?
-- The state machine model -- information flow model ** it does not directly indicate specific mechanisms for for protection of integrity
What are the two layered operating modes used by most modern processors?
-- User Mode - User applications operate in a limited instruction set environment -- privileged mode - the OS performs controlled operations. (also known as system mode, kernel mode, or supervisory mode)
What two principles does the Clark-Wilson model use to protect integrity?
-- Well-formed transactions. (takes the form of programs) -- separation of duties
What is WEP?
-- Wired Equivalent privacy -- provides 64 and 128 bit encryption options to protect wireless LAN communication -- very easy to crack, never use
What is content distribution network (CDN) or content delivery network?
-- a collection of resource services deployed in numerous data centers across the internet in order to provide low latency, high performance, and high availability of the hosted content.
List some things involved with secure evidence storage
-- a dedicated storage system distinct from the production network -- potentially keeping the storage system offline when not actively having new datasets transferred to it -- blocking internet connectivity to and from the storage system -- tracking all activities on the evidence storage system -- calculating hashes for all datasets stored on the system -- limiting access to the security administrator and legal counsel -- encrypting all datasets stored on the system
What kind of security system is B1 in TCSEC?
-- a labeled security system. each subject and each object has a security label
What are three types of proximity readers?
-- a passive device - no active electronics, its just a small magnet with specific properties. (DVD anit-theft) -- a field-powered device - has electronics that activate when the device enters the electromagnetic field that the reader generates -- a transponder - self-powered and transmits a signal received by the reader. (like a garage door opener of car lock fob)
What is the online certificate status protocol? (OCSP)
-- a protocol that eliminates the latency inherent in the use of CRLS by providing a means for real-time certificate verification
What is cryptographic salt?
-- a random value that is added to the end of the password before the OS hashes the password. -- The salt is then stored in the password file along with the hash
What is the digital signature standard? (DSS)
-- a standard that specifies that all federally approved digital signature algorithms must use a secure hashing function. -- speicified that SHA-2 must be used
What is a state machine model?
-- a system that is always secure no matter what state it is in. -- based on the computer science definition of a finite state machine (FSM)
What is an access control matrix?
-- a table of subjects and objects that indicates the actions or functions that each subject can perform on each object.. -- each column of the matrix is an access control list (ACL) and each row is a capabilities list
What is columnar transposition?
-- a transposition cipher using a key -- take the letters of the keyword and number them in alphabetical order. 1,2,3,4 = A,A,A,D -- the sender enciphers the message by reading down each column and produces ciphertext -- recipient reconstructs the message using the key
What does infrastructure mode mean in wireless networks?
-- a wireless access point is required -- wireless NIC's on systems can't interact directly -- the restrictions of the wireless access point for wireless network access are enforced.
What is layer 3 (Network layer) responsible for?
-- adding routing and addressing information to the data. -- accepts the segment from the transport layer and adds information to it to create a packet. The packet includes the source and destination IP addresses -- manages error detection and node data traffic (traffic control)
What is an Analytic Attck?
-- algebraic manipulation -- attempts to reduce the complexity of the algorithm -- focuses on the logic of the algorithm itself
what is a running key cipher?
-- also known as a book cipher -- the encryption key is as long as the message itself and is often chosen from a common book
What is the birthday attack?
-- also known as a collision attack or reverse hash matching. -- Seeks to find flaws in the one-to-one nature of hashing functions
What are composition theories?
-- an information flow model -- built on the notion of how inputs and outputs between multiple systems relate to one another -- follows how information flows between systems rather than within an individual system
What is Blowfish?
-- another alternative to DES and IDEA -- operates on 64 bit blocks of text -- allows the use of variable-lenth keys ranging from 32 to 448 bits -- faster than IDEA and DES
what is Merkle-Hellman Knapsack?
-- another early asymmetric algorithm -- developed the year after RSA -- based on the difficulty of performing factoring operations -- relies on a component of set theory known as super-increasing sets rather than on large prime numbers -- proven ineffective when it was broke in 1984
What is Skipjack
-- approved for use by the US govt in FIPS 185, the Escrowed Encryption Standard (EES) -- operates on 64-bit blocks of text -- uses an 80 bit key -- supports the same four modes of operation supported by DES -- supports the escrow of encryption keys. 2 govt agencies., NIST and dept of treasury hold a portion of the information required to reconstruct a skipjack key
how can cryptosystems be used to achieve authentication goals?
-- auth provides assurances as to the identity of a user -- one possible scheme that uses authentication is the challenge-response protocol -- the remote user is asked to encrypt a message using a key known only to the communicating parties. -- authentication can be achieved with both symmetric and asymmetric cryptosystems
What is the El Gamel algorithm?
-- based on Diffie-Hellman -- released in to public domain -- it doubles the length of any message it encrypts, which is a major disadvantage
What is IPsec's greatest strengths?
-- being able to filter or manage communications on a per-SA basis. Clients or gateways can be rigorously managed in terms of what kinds of protocols or services can use an IPsec connection. -- without valid SA's defined, pairs of users or gateways cannot establish IPsec links
What are several best practice requirements when working with Public Key infrastructure (PKI)?
-- chose an encryption system with an algorithm in the public domain that has been thoroughly vetted by industry experts -- use a key length balances your security requirements with performance considerations. -- ensure that your key is truly random -- Keep your private key secret! -- retire keys once they've served a useful life. -- back up your keys
What roles do Confidentiality, integrity, and nonrepudiation play in cryptosystems?
-- confidentiality is one of the major goals. It protects the secrecy of data while it is both at rest and in transit -- integrity provides the recipient of a message with the assurance that data was not altered -- non repudiation provides undeniable proof that the sender of a message actually authored it.
What is involved when implementing an access control matrix model?
-- constructing an environment that can create and manage lists of subjects and objects -- Crafting a function that can return the type associated with whatever object is supplied to that function as an imput.
What does Part 3 (Security assurance) of the CC guidelines describe?
-- covers assurance requirements for TOE's in these 7 areas: 1. configuration managment 2. delivery and operation 3. development 4. guidance documents 5. life-cycle support 6. assurance tests 7. vulnerability assessments -- covers complete range of security assurance checks
What does Part 2 (Security functional requirements) of the CC guidelines describe?
-- covers the complete range of security functions as envisioned in the CC evaluation process. -- additional appendices (called annexes) explain each functional area
What is Twofish?
-- developed by Bruce Schneier -- block cipher -- operates on 128 bit blocks of data -- capable of using keys up to 256 bits in length -- uses two techniques not found in other algorithms: Prewhitening and postwhitening
What is the MD2 hash algorithm?
-- developed by Ronald Rivest in 1989 to provide a secure hash function for 8‐bit processors -- It pads a message so that its length is a multiple of 16 bytes -- it computes a 16 byte checksum and appends it to the end of the message -- a 128 bit message digest is then generated by using the entire original message along with the appended checksum -- proved that its not a one-way function and should no longer be used
What is the international data encryption algorithm (IDEA)?
-- developed in response to complaints about the insufficient key length of the DES algorithm. -- like DES it operates on 64 bit blocks of plain text/ciphertext -- it begins its operation with a 128 bit key -- they key is broken up in a series of operations into 52 16-bit sub keys. -- subkeys act on the input text using a combination of XOR and modulus operation to produce the encrypted/decrypted version of the input message -- capable of operation in the same five modes by DES
what is the take-Grant model?
-- employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object. -- simply put a subject with the grant or take right can grant or take another subject or another object any other right they possess. -- uses adopted authority
What is Triple DES DES-EEE3 mode?
-- encrypts the plain text three times, using three different keys: K1, K2, K3 -- has a key length of 168 bits
What is process isolation?
-- ensures that any behavior will affect only the memory and resources associated with the isolated process. -- used to protect the OS, operating environment
What is the session layer (layer 5) of the OSI model responsible for?
-- establishing, maintaining, and terminating communication sessions between two computers. -- manages dialoge discipline or dialogue control (Simplex, half-duplex, full duplex) -- establishes checkpoints for grouping and recovery -- retransmits PDUs that have failed or been lost since the last verified checkpoint.
What is a statistical attack?
-- exploits statistical weaknesses in a cryptosystem such as floating-point errors and inability to product truly random numbers -- attempts to find a vulnerability in the hardware or OS hosting the cryptography application
What is an implementation attack?
-- exploits the weakness in the implementation of a cryptography system -- focuses on exploiting the software code, not just the errors and flaws, but the methodology employed to program the encryption system
How do you digitally sign a message?
-- first use a hashing function to generate a message digets -- then encrypt the digest with your private key
What is an information flow model?
-- focuses on the flow of information -- based on a state machine model
What is the data link layer (layer 2) of the OSI model responsible for?
-- formatting the packet from the network layer into the proper format for transmission. -- The proper format is determined by the hardware and the technology of the network. (Ethernet is the common data link layer used today) -- Part of the processing performed on the data within the data link layer includes adding the hardware source and destination address to the frame (MAC addresses)
What is specified in session rules found in the transport layer (layer 4) of the OSI model?
-- how much data each segment can contain -- how to verify the integrity of the data transmitted -- how to determine whether data has been lost
What is Layer 7 (the application layer) responsible for?
-- interfacing user applications, network services, or the operating system with the protocl stack -- allows applications to communicate with the protocol stack. -- determines whether a remote communication partner is available and accessible. -- ensures that sufficient resources are available to support the requested communications.
What is the TCP/IP protocol suite?
-- it is a protocol stack comprising dozens of individual protocols.
What is the concept of zero-knowledge proof?
-- its a communication concept. -- a specific type of information is exchanged but no real data is transferred, as with digital signatures and certs
What is the HAVAL hashing algorithm?
-- its a modification of MD5 -- uses 1024 bit blocks -- produces 5 hash values: 128, 160, 192, 224, and 256 bits
What is the Bell-LaPadula Model?
-- its a multilevel access model -- subjects have a clearance level that allows them to access only those objects with the corresponding classification levels
what is the noninterference model concerned or modeled around?
-- its concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower level. -- The Actions of subject A (HIGH) should not affect the actions of subject B (LOW) or even be noticed by subject B
What are some weaknesses of Symmetric key encryption?
-- key distribution is a major problem -- symmetric key cryptography does not implement nonrepudiation --The algorithm is not salable -- Keys must be regenerated often
what is certificate path validation (CPV)?
-- means that each certificate in a certificate path from the original start or root of trust down to the server or client in question is valid and legitimate.
What are some best practices surrounding the storage of encryption keys
-- never store an encryption key on the same system where encrypted data resides -- for sensitive keys, consider providing two different individuals with half of the key. They then must collaborate to re-create the entire key -- When someone leaves or no longer permitted access to material protected with that key, they keys must be changed and all encrypted materials must reencrypted.
What are some ground rules for wiring closet security policies?
-- never use the wiring closet as a general storage area -- have adequate locks -- keep the area tidy -- do not store flammable items in the area -- set up video surveillance to monitor activity inside the wiring closet -- use a door open sensor to log entries -- do not give keys to anyone except the authorized administrator -- perform regular physical inspections of the wiring closets security and contents -- include the wiring closet in the organizations environmental management and monitoring
What is a vernam cipher?
-- one time pad ciphers -- created by Vernam of AT&T Bell labs
What is IPsec transport mode?
-- only the packet payload is encrypted -- designed for peer to peer communication
What are two things the Goguen-Meseguer model is based on?
-- predetermining the set or domain (a list of obects that a subject can access -- automation theory and domain separation
What is the advanced access content system (AACS)
-- protects the content stored on Blu Ray and HD DVD media -- Hackers have demonstrated attacks that reteived the AACS encryption keys and posted them online
What are Rainbow tables?
-- provides precomputed values for cryptographic hashes. -- commonly used for cracking passwords stored on a system in hashed form.
What is the MD5 hash algorithm?
-- released in 1991. -- processes 512‐bit blocks of the message, using four distinct rounds of computation to produce a digest of the same length as the MD2 and MD4 algorithms (128 bits). -- Generally has been replaced by SHA‐1 or other, more modern hashing algorithms.
What is M of N control?
-- requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks. -- M is always less than or equal to N
What is the Internet Protocol Security standard? (IPSEC)
-- security architecture framework that supports secure communications over IP. -- open and modular framework to allow many different vendors the ability to use it with each other
explain the basics of Lattice-Based Access Control
-- subjects are assigned positions in a lattice -- positions fall between defined security labels or classifications -- subjects can access only those objects that fall info the range between: 1. the least upper bound (the nearest security label or classification higher than their lattice position) and 2. the highest lower bound (the nearest security label or classification lower than their lattice position) of the labels or classifications for their lattice position
what is a triple or an access control triple?
-- subjects do not have direct access to objects, objects can only be accessed through programs. -- subject/program/object
What is Rivest Cipher 5 (RC5)
-- symmetric algorithm patented by RSA -- block cipher of variable block sizes (32, 64, or 128 bits) -- users key sizes between 0 and 2040 bits
How does SHA-1 work?
-- takes an input of virtually any length and produces a 160 bit message digest -- processes a message in 512 bit blocks -- if the message length is not a multiple of 512, it pads the message with additional data until the length reaches the next highest multiple of 512
What is the major hurdle preventing the widespread adoption of one-time pad cryptosystems to ensure data confidentiality?
-- the difficulty in creating and distributing the very lengthy keys on which the algorithm depends.
What is split knowledge?
-- the information or privilege required to perform an operation is divided among multiple users. this ensures that no single person has sufficient privileges to compromise the security of the environment.
what are the requirements for successful use of a one time pad?
-- the key must be generated randomly without any known pattern -- key must be at least as long as the message to be encrypted. -- pads must be protected against physical disclosure -- each pad must be used only one time then discarded
What are transformation procedures (TPs)?
-- the only procedures that are allowed to modify a CDI. The limited access to CDIs through through TP's form the backbone of the Clark-Wilson integrity model.
What is the Modulo function?
-- the remainder value left over after a division operation is performed -- represented by "mod" in equations -- 8 mod 6 = 2.___ 8 divided by 6 leaves a 2 remainder
What are key escrow and recovery?
-- these systems allow the govt, under limited circumstances such as a court order, to obtain the cryptographic key used for a particular communication from a central storage facility
What is the function of the flags field in a TCP header?
-- they indicate the function of the TCP packet and request that the recipient respond in a specific manner.
What is a Hash function?
-- they take a potentially long message and generate a unique output value derived from the content of the message -- This value is commonly referred to as the message digest
What is the "user" operating mode?
-- think of virtual machines -- its the basic mode used by the CPU when executing user applications. The CPU allows the execution of only a portion of its full instruction set.. -
What is a capability list?
-- tied to a subject -- lists valid actions that can be taken on each object
what is the Caesar cipher?
-- to encrypt a message, you simply shift each letter of the alphabet three places to the right. -- A becomes D, B would become E -- also known as the ROT3 (rotate 3)
What is the presentation layer (layer 6) of the OSI model responsible for?
-- transforming data received from the application layer into a format that any system following the OSI model can understand. -- It imposes common or standardized structure and formatting rules onto the data. -- encryption and compression -- it acts as an interface between the network and applications.
list some ways a data center can be Human incompatible
-- use Halotron, PuroGen, or other halon-substitute oxygen-displacement fire detection and extinguishing systems -- low temperatures -- little or no lighting -- equipment stacked with little room to maneuver.
What is a replay attack?
-- used against cryptographic algorithms that dont incorperate temporal protections. -- a malicious individual intercepts an encrypted message between two parties ( often a request for authentication) and then later "replays" the captured message to open a new session. --
What is Counter (CTR) mode in DES?
-- users a stream cipher cimilar to CFB and OFB -- creates its seed value by a simple counter that increments for each operation -- allows you to break an encryption or decryption operation into multiple independent steps.
How does the Clark-Wilson model enforce data integrity?
-- uses a multifaceted approach -- defines each data item and allows modifications through only a small set of programs
what is 3DES DES-EEE2 mode?
-- uses only two keys, K1 and K2 -- has an effective key length of 112 bits
What is Triple DES-EDE3 mode?
-- uses three keys but replaces second encryption operation with a decryption operation
What is 3DES DES-EDE2 mode
-- uses two keys but uses a decryption operation in the middle. -- has an effective key length of 112 bits
What identifying information is contained in a digital certificates - x.509?
-- version of x.509 to which the certificate conforms -- serial number (from the certificate creator) -- Signature algorithm identifier (specifies the technique used by the cert authority to digitally sign the contents of the cert -- issuer name -- validity period -- subjects name (contains the distinquished name or DN of the entity that owns the public key contained in the certificate. -- subjects public key (the meat of the cert-the actual public key the certificate owner used to set up secure communications)
How has Microsoft enabled support of NetBEUI on modern networks?
--by devising NetBIOS over TCP/IP (NBT) -- This in turn supports the Windows sharing protocol of server message block (SMB) also known as (CIFS) Common internet file system
What is data emanation?
-The transmission of data across electromagnetic signals. (almost all activities within a computer or across a network are performed using some form of data emanation.)
What is the definition of permissions ?
-permissions refer to the access granted for an object and determine what you can do with it.
What is a wireless stand-alone mode infrastructure?
-this occurs when there is a wireless access point connecting wireless clients to each other but not to any wired resources. - the wireless access point serves ass a wireless hub exclusively
What is the IP header protocol field value for ICMP?
1 (0X01)
What is the speed and frequency of 802.11ac
1 GPS - 5 GHZ
What are the four main techniques or methods for access control?
1. (DAC) discretionary access control 2. (MAC) mandatroy access control 3. (role-BAC) role-based access control 4. (rule-BAC) rule based access control
What are the three currently digital signature standard (DSS) approved encryption algorithms to support a digital signature infrastructure.
1. (DSA) The Digital Signature Algorithm as specified in FIPS 186-4 2. (RSA) The Rivest, Shamir, Adleman algorithm as specified in ANSI X9.31 3. (ECDSA) The Elliptic Curve DSA as specified in ANSI X9.62
list the routing protocols that are located at layer 3 (network layer) of the OSI model
1. (ICMP) internet control message protocol 2. (RIP) routing information protocol 3. (BGP) Border gateway protocol 4. (IGMP) internet group management protocol 5. (IP) internet protocol 6. (IPSEC) internet protocol security 7. (IPX) internetwork packet exchange 8. (NAT) Network address translation 9. (SKIP) simple key management for internet protocols
What two key elements is the Common Criteria process based on?
1. (PP's) protection profiles - The "I wants" for the customer - specifies the security requirements and protections 2. (ST's) Security Targets - The "I will provide" from the vendor - specifies the claims of security from the vendor that are built into a TOE.
What are two responsibilities of the physical layer (layer 1) of the OSI model?
1. Accepts the frame from the data link layer and converts the frame into bits for transmission over the physical connection medium. 2. receives bits from the physical connection medium and converting them into a frame to be used by the data link layer
What are two key distinctions between java applets and activeX controls?
1. ActiveX controls use proprietary Microsoft technology and therefore, can execute only on systems running Microsoft browsers. 2. ActiveX controls are not subject to the sandbox restrictions placed on JAVA applets. they have full access to the OS
What are the Six Major Elements of a quantitative risk analysis
1. Assign Asset Value (AV) 2. Calculate Exposure Factor (EF) 3. Calculate Single Loss Expectancy (SLE) 4. Assess the annualized rate of occurrence (ARO) 5. Derive the annualized loss expectancy (ALE) 6. Perform cost/benefit analysis of countermeasures
what are the four basic requirements for ISAKMP?
1. Authenticate communicating peers 2. Create and mange security associations 3. Provide key generation mechanisms 4. protect against threats - EX: replay and DOS attacks
What are five factors that contribute to QoS (Quality of Service)
1. Bandwidth - the network capacity available to carry communication 2. Latency - the time it takes a packet to travel from source to destination 3. Jitter - the variation in latency between different packets 4. Packet loss - some packets may be lost between source and destination, requiring re-transmission 5. Interference - Electrical noise, faulty equipment, and other factors may corrupt the contents of packets.
What does aggregation refer to in the context of least privilege?
Aggregation refers to the amount of privileges that users collect over time.
what are the legal and regulatory requirements that face business continuity planners
1. Business leaders must exercise due diligence to ensure that shareholders' interests are protected in the event disaster strikes. 2. Some industries are also subject to federal, state, and local regulations that mandate specific BCP procedures. 3. Many businesses also have contractual obligations to their clients that must be met, before and after a disaster.
List 5 issues or vulnerabilities of VoIP
1. Caller ID can be falsified easily using any number of VoIP tools, so hackers can perform vishing (VoIP phishing) or spam over Internet Telephony (SPIT) attacks 2. The call manager systems and the VoIP phones themselves might be vulnerable to host OS attacks and DoS attacks. IF a devices or software's host OS or firmware has vulnerabilities, hacker exploits are often not far off 3. Hackers might be able to perform man-in-the middle attacks by spoofing call managers or endpoint connection negotiations and/or repsonses 4. Depending on the deployment, there are also risks associated with deploying VoIP phones off the same switches as desktop and server systems. This could allow for 802.11X authentication falsification as well as VLAN and VOIP hopping 5. Since VoIP traffic is just network traffic, it is often possible to listen in on VoIP communications by decoding the VoIP traffic when it isn't encrypted.
What are the steps of the RSA algorithm?
1. Choose two large prime numbers (approximately 200 digits each), labeled p and q. 2. Compute the product of those two numbers: n = p * q. 3. Select a number, e, that satisfies the following two requirements: ---a. e is less than n. ---b. e and (n - 1)( q - 1) are relatively prime— that is, the two numbers have no common factors other than 1. 4.Find a number, d, such that (ed - 1) mod (p - 1)( q - 1) = 0. 5. Distribute e and n as the public key to all cryptosystem users. Keep d secret as the private key.
List 11 key points to keep in mind when designing a PBX security solution
1. Consider replacing remote access or long-distance calling through the PBX with a credit card or calling card system 2. Restrict dial-in and dial-out features to authorized individuals who require such functionality for their work tasks. 3. For your dial-in modems, use unpublished phone numbers that are outside the prefix block range of your voice numbers. 4. Block or disable any unassigned access codes or accounts. 5. Define an acceptable use policy and train users on how to properly use the system. 6. Log and audit all activities on the PBX and review the audit trails for security and use violations. 7. Disable maintenance modems (i.e., remote access modems used by the vendor to remotely manage, update, and tune a deployed product) and accounts. 8. Change all default configurations, especially passwords and capabilities related to administrative or privileged features. 9. Block remote calling (that is, allowing a remote caller to dial in to your PBX and then dial out again, thus directing all toll charges to the PBX host). 10. Deploy Direct Inward System Access (DISA) technologies to reduce PBX fraud by external parties. (But be sure to configure it properly; see the sidebar "DISA: A Disease and the Cure.") 11. Keep the system current with vendor/ service provider updates.
What are the various types of software license agreements?
1. Contractual license agreements are written agreements between a software vendor and user. 2. Shrink-wrap agreements are written on software packaging and take effect when a user opens the package. 3. Click-wrap agreements are included in a package but require the user to accept the terms during the software installation process.
what are the differences among copyrights, trademarks, patents, and trade secrets?
1. Copyrights protect original works of authorship, such as books, articles, poems, and songs. 2. Trademarks are names, slogans, and logos that identify a company, product, or service. 3. Patents provide protection to the creators of new inventions. 4. Trade secret law protects the operating secrets of a firm.
What is the differences between criminal law, civil law, an administrative law?
1. Criminal law protects society against acts that violate the basic principles we believe in. Violations of criminal law are prosecuted by federal and state governments. 2. Civil law provides the framework for the transaction of business between people and organizations. Violations of civil law are brought to the court and argued by the two affected parties. 3. Administrative law is used by government agencies to effectively carry out their day-to-day business.
What are the seven incidence response steps listed in the CISSP? (Disaster Recovery Make Reporting Really Really Long)
1. Detection - can come from automated tools or from employee observations 2. response - personnel investigate alerts to determine if an actual incident has occurred 3. Mitigation - if an incident has really occurred. 4. reporting - 5. recovery - 6. remediation - root cause analysis 7. lessons learned
What are the three requirements for users of dedicated systems?
1. Each user must have a security clearance that permits access to all information processed by the system 2. must have access approval for all information processed by the system 3. and must have a valid need to know for all information process by the system
What are the three requirements for system high mode?
1. Each user must have a valid security clearance that permits access to all information process by the system 2. access approval for all information processed by the system 3. have a valid need to know for some information processed by the system but NOT necessarily all information processed by the system.
What are the three requirements of a compartmented mode system?
1. Each user must have a valid security clearance that permits access to all information processed by the system 2. access approval for any information they will have access to on the system 3. a valid need to know for all information they will have access to on the system
What are the five modes of DES operation?
1. Electronic Codebook (ECB) mode - least secure, used only for short messages 2. Cipher Block Chaining (CBC) 3. Cipher Feedback (CFB) mode 4. Output Feedback (OFB) mode 5. Counter (CTR) mode
list the three types of environments within a MAC model
1. Hierarchical Environment 2. compartmentalized environment 3. Hybrid Environment
What are the three most recognized non-ip protocols?
1. IPX 2. AppleTalk 3. NetBEUI
What are some of the most important differences between TCSEC and ITSEC?
1. ITSEC addresses loss of CIA, TCSEC only address C 2. ITSEC doesn't rely on a TCB 3. ITSEC doesn't require a system to be re-evaluated after a change.
What is the definition of the software capability maturity model? (SW-CMM)
All organizations engaged in software development move through a variety of maturity phases in sequential fashion
list the nine steps that the electronic discovery reference model standard describes for conducting e Discovery
1. Information Governance - ensures that information is well organized for future eDiscovery efforts 2. Identification - locates the information that may be responsive to a discovery request when the organization believes that litigation is likely. 3. Preservation - ensures that potentially discoverable information is protected against alteration or deletion. 4. Collection - gathers the responsive information centrally for use in the eDiscovery process 5. - Processing screens the collected information to perform a "rough cut" of irrelevant information, reducing the amount of information requiring detailed screening. 6. Review - examines the remaining information to determine what information is responsive to the request and removing any information protected by attorney-client privilege. 7. Analysis - performs deeper inspection of the content and context of remaining information. 8. Production - places the information into a format that may be shared with others. 9. Presentation - displays the information to witnesses, the court and other parties.
Name three problems with cabling and the methods to counteract those issues
1. Length of cable (attenuation)- the longer the cable the more degradation - user repeaters or dont violate distance recommendations 2. using the wrong CAT cable. - Check the cable specifications against throughput requirements and err on the side of caution. 3. crosstalk - use shielded cables, place cables in sperate conduits, or use cables of different twists per inch) 4. cable breaks - avoid running cables in locations where movement occurs 5. interference - use cable shielding, use cables with higher twists per inch, or switch to fiber-optic cables) 6. eavesdropping - maintain physical security over all cable runs or switch to fiber-optic cables
What are three simple filtering rules that can eliminate the vast majority of IP spoofing attacks and greatly enhance the security of a network?
1. Packets with internal source IP addresses don't enter the network from the outside. 2. Packets with external source IP addresses don't exit the network from the inside. 3. Packets with private IP addresses don't pass through the router in either direction (unless specifically allowed as part of an intranet configuration).
Describe the different characteristics of storage devices used by computers
1. Primary storage is the same as memory 2. Secondary storage consists of magnetic and optical media that must be first read into primary memory before the CPU can use the data. 3. Random access storage devices can be read at any point., whereas sequential access devices require scanning through all the data physically stored before the desired location.
What are three common router protocols?
1. RIP 2. OSPF 3. BGP
What are come common example of distance vector routing protocols?
1. RIP - routing information protocol 2. IGRP - interior gateway routing protocl 3. BGP - border gateway protocol
What are two modifications that attackers can make to enhance the effectiveness of a brute-force attack?
1. Rainbow Tables 2. Salt tables??
What are the four variants of SHA-2
1. SHA-256 produces a 256-bit message digest using a 512-bit block size. 2. SHA-224 uses a truncated version of the SHA-256 hash to produce a 224-bit message digest using a 512-bit block size. 3. SHA-512 produces a 512-bit message digest using a 1,024-bit block size. 4. SHA-384 uses a truncated version of the SHA-512 hash to produce a 384-bit digest using a 1,024-bit block size.
list some means of implementing secure media storage facilites:
1. Store media in a locked cabinet or safe 2. have a librarian or custodian who manages access to the locked media cabinet 3. use a check-in/check-out process to track who retrieves, uses, and returns media storage 4. For reusable media, when the dive is returned, run a secure drive sanitation or zeroization
List 5 features of SSL and TLS
1. Supports secure client-server communications across an insecure network while preventing tampering, spoofing, and eavesdropping 2. Suports one-way authentication 3. Support two-way authentication using digital certificates 4. Often implemented as the initial payload of a TCP package, allowing it to encapsulate all higher-layer protocol payloads 5. Can be implemented at lower layers, such as layer 3 (network) to operate as a VPN. (OpenVPN)
memorize this encapsulation/decapsulation workflow
1. The Application layer creates a message. 2. The Application layer passes the message to the Presentation layer. 3. The Presentation layer encapsulates the message by adding information to it. Information is usually added only at the beginning of the message (called a header); however, some layers also add material at the end of the message (called a footer), as shown in Figure 11.2. 4. The process of passing the message down and adding layer-specific information continues until the message reaches the Physical layer. 5. At the Physical layer, the message is converted into electrical impulses that represent bits and is transmitted over the physical connection. 6. The receiving computer captures the bits from the physical connection and re-creates the message in the Physical layer. 7. The Physical layer converts the message from bits into a Data Link frame and sends the message up to the Data Link layer. 8. The Data Link layer strips its information and sends the message up to the Network layer. 9. This process of deencapsulation is performed until the message reaches the Application layer. 0. When the message reaches the Application layer, the data in the message is sent to the intended software recipient.
What are the basic properties or axioms of the Biba model state machine?
1. The Simple Integrity Property - a subject cannot read an object at a lower integrity level (no read down) 2. The *(star) integrity property - a subject cannot modify an object at a higher integrity level (no write-up)
What are three basic properties of a Bell-LaPudula state machine?
1. The Simple Security Property - subject may not read information at a higher sensitivity level - (no read up) 2. *(star) Security Property - subject may not write information to an object at a lower sensitivity level (no write down) - also know as confinement property 3. The Discretionary Security Property - system uses an access matrix to enforce discretionary access control
What are the two main components of IPsec security associations
1. The authentication Header (AH) -- provides assurances of message integrity and nonrepudiation. -- provides authentication, access control, and prevents replay attacks 2. The encapsulating security payload (ESP) -- provides confidentiality and integrity of packet contents -- provides encryption, limited authentication and prevents replay attacks
Describe the TCP protocol three-way handshake process
1. The client sends a SYN (synchronize) flagged packet to the server 2. The server responds with a SYN/ACK (synchronize and acknowledge) flagged packet back to the client 3. The client responds with an ACK (acknowledge) flagged packet back to the server
list the 6 steps that are involved when a client wants to access an object, such as a resource hosted on the network.
1. The client sends its TGT back to the KDC with a request for access to the resource. 2. The KDC verifies that the TGT is valid and checks its access control matrix to verify that the user has sufficient privileges to access the requested resource. 3. The KDC generates a service ticket and sends it to the client. 4. The client sends the ticket to the server or service hosting the resource. 5. The server or service hosting the resource verifies the validity of the ticket with the KDC. 6. Once identity and authorization is verified, Kerberos activity is complete. The server or service host then opens a session with the client and begins communications or data transmission.
How does the Diffie-Hellman key exchange algorithm work?
1. The communicating parties (we'll call them Richard and Sue) agree on two large numbers: p (which is a prime number) and g (which is an integer) such that 1 < g < p. 2. Richard chooses a random large integer r and performs the following calculation: R = gr mod p 3. Sue chooses a random large integer s and performs the following calculation: S = gs mod p 4. Richard sends R to Sue and Sue sends S to Richard. 5. Richard then performs the following calculation: K = Sr mod p 6. Sue then performs the following calculation: K = Rs mod p At this point, Richard and Sue both have the same value, K, and can use this for secret key communication between the two parties.
list the six steps of how Carrier-sense multiple access with collision avoidance (CSMA/CA) performs communications
1. The host has two connections to the LAN media: inbound and outbound. The host listens on the inbound connection to determine whether the LAN media is in use 2. If the LAN media is not being used, the host request permission to transmit 3. if permission is not granted after a time-out period, the host starts over at step 1 4. if permission is granted, the host transmits its communication over the outbound connection 5. The host waits for an acknowledgment 6. if no acknowledgement is received after a time-out period, the host starts over at step 1 - (appletalk and 802.11 wireless networking are examples of networks that employ CSMA/CA technologies. CSMA/CA attempts to avoid collisions by granting only a single permission to communicate at any given time. This system requires designation of a master or primary system, which responds to the requests and grants permission to send data transmissions)
list the four steps of how LAN media access technology Carrier-sense multiple access (CSMA) performs communications
1. The host listens to the LAN media to determine whether it is in use 2. If the LAN media is not being used, the host transmits its communication 3. The host waits for an acknowledgment 4. if no acknowledgement is received after a time-out period, the host start over at step 1. - ( CSMA does not directly address collisions. If a collision occurs, the communication would not have been successful, and thus an acknowledgement would not be received. This causes the sending system to re transmit the data and perform the CSMA process again.)
list the 6 steps of how the Kerberos logon process works
1. The user types a username and password into the client. 2. The client encrypts the username with AES for transmission to the KDC. 3. The KDC verifies the username against a database of known credentials. 4. The KDC generates a symmetric key that will be used by the client and the Kerberos server. It encrypts this with a hash of the user's password. The KDC also generates an encrypted time-stamped TGT. 5. The KDC then transmits the encrypted symmetric key and the encrypted time-stamped TGT to the client. 6. The client installs the TGT for use until it expires. The client also decrypts the symmetric key using a hash of the user's password
What are the 10 commandments of computer ethics as created by the computer ethics institute?
1. Thou shalt not use a computer to harm other people. 2. Thou shalt not interfere with other people's computer work. 3. Thou shalt not snoop around in other people's computer files. 4. Thou shalt not use a computer to steal. 5. Thou shalt not use a computer to bear false witness. 6. Thou shalt not copy proprietary software for which you have not paid. 7. Thou shalt not use other people's computer resources without authorization or proper compensation. 8. Thou shalt not appropriate other people's intellectual output. 9. Thou shalt think about the social consequences of the program you are writing or the system you are designing. 10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.
What are the two main types of wireless security?
1. WEP 2. WPA
What is (SAML) Security Association Markup Language
An XML‐based convention for communication authentication and authorization details between security domains, often over web protocols. - SAML is often used to provide a web‐based SSO solution.
What is Bluesnarfing?
An attack that allows hackers to connect with your Bluetooth devices without your knowledge and extract information from them. This form of attack can offer attackers access to your contact lists, your data, and even your conversations
What is SSL?
An encryption protocol developed by Netscape to protect the communications between a web server and a web browser
What is the definition of an incident?
An incident is any event that has a negative effect on the confidentiality, integrity, or availability of organization's assets.
What is the Goguen-Meseguer model?
An integrity model based on predetermining the set or domain of objects that a subject can access
What is the Sutherland Model?
An integrity model that focuses on preventing interference in support of integrity.
list the six principles to guide digital evidence technicians as they perform media analysis, network analysis, and software analysis in the pursuit of forensically recovered evidence.
1. When dealing with digital evidence, all of the general forensic and procedural principles must be applied. 2. Upon seizing digital evidence, actions taken should not change that evidence. 3. When it is necessary for a person to access original digital evidence, that person should be trained for the purpose 4. All activity relating to the seizure, access, storage, or transfer of digital evidence must be fully documented, preserved, and available for review. 5. An individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in their possession. 6. Any agency that is responsible for seizing, accessing, storing, or transferring digital evidence is responsible for compliance with these principles.
What were 3 key improvements with TKIP?
1. a key-mixing function that combines the initialization vevtor (IV) (I.e. a random number) with the secret root key before using that key with RC4 to perform encryption 2. a sequence counter is used to prevent packet replay attacks 3. a strong integrity check named Michael is used
What are the four main types of water suppression systems?
1. a wet pipe system - (closed head system) always full of water. water discharges immediately when suppression is triggered 2. a dry pipe system - contains compressed air. once triggered the air escapes,opening a water valve that in turn causes the pipes to fill and discharge water 3. a deluge system - a form of dry pipe system that uses larger pipe and therefore delivers a significantly larger volume of water. (don't use in environments that contain electronics and computers) 4. a preaction system - combination dry pipe/wet pipe system. The system exists as a dry pipe until the initla stages of a fire (smoke, heat, and so on) are detected, and then the pipes are filled with water. The water is released only after the sprinkler head activation triggers are melted by sufficient heat.
list 5 things that need to be met in an e-mail security policy
1. acceptable use policy for e-mail 2. access control 3. privacy 4. email management 5. email backup and retention policies
What is covered under Technical physical security controls?
1. access controls 2. intrusion detection 3. alarms 4. closed-circuit television (CCTV) 5. monitoring 6. heating 7. ventilating 8. AC (HVAC) 9 power supplies 10. fire detection and suppression
What are the six objectives of the CC guidelines?
1. add to buyers confidence in the security of evaluated, rated IT products 2. to eliminate duplicate evaluations 3. keep making security evaluations and the cert process more cost effective and efficiant 4. evaluations of IT products adhere to high adhere to high and consistent standards. 5. promote evaluation and increase availability of evaluated, rated IT products 6. to evaluate the functionality ( what the system does) and assurance ( how much you trust the system) of the TOE
What are the three groups that physical security can be divided into?
1. administrative 2. technical 3. physical
What are other phrases or terms that smartcards are known as?
1. an identity token containing integrated circuits (ICs) 2. a processor IC card 3. an IS card with an ISO 7816 interface
What are the two goals of a digital signature?
1. assures the recipient that the message truly came from the claimed sender (nonrepudiation) 2. assures the recipient that the message was not altered while in transit
What are the four required characteristics of a database transaction? (known as the ACID model)
1. atomicity - db transactions must be atomic-all or nothing affair. 2. consistency - All transactions must begin operating in an environment that is consistent with all of the databases rules (all records have a unique primary key). -no other transaction should ever be able to use any inconsistent data that might be generated during the execution of another transaction. 3. isolation - requires that transactions operate separately from each other. if a database receives two sql transactions that modify the same data, one transaction must be completed in its entirety before the other transaction is allowed to modify the same data. 4. durability - once they are committed to the db, they must be preserved. db's ensure durability through the use of backup mechanisms, such as transaction logs.
what are some common flaws to security architecture?
1. buffer overflows 2. back doors 3. check-to-time-of-use (TOCTOTOU) attacks. 4. any state changes could be a potential window of opportunity for an attacker to compromise a system
list 9 security issues related to VOIP
1. caller ID spoofing, 2. vishing, 3. SPIT, 4. call manager software/ firmware attacks, 5. phone hardware attacks, 6. DoS, 7. MitM, 8. spoofing, and 9. switch hopping.
What are the security risks that input and output devices can pose?
1. can be subject to eavesdropping and tapping 2. used to smuggle data out of an organization 3. used to create unauthorized, insecure points of entry into an organizations systems and networks.
What are the three recognized types of composition theories?
1. cascading - input for one system comes from the output of another system 2. Feedback - one system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then system B provides input to system A) 3. Hookup - one system sends input to another system but also sends input to external entities
list the 10 general steps or procedures to Securely setup a wireless network
1. change the default admin password 2. Disable the SSID broadcast 3. change the SSID to something unique 4. enable MAC filtering if the pool of wireless clients is relatively small (usually less than 20) and static 5. consider using static IP addresses, or configure DHCP with reservations (applicable only for small deployments 6. Turn on the highest form of authentication and encryption supported. If WPA2 is not available, WPA and WEP provide very limited protection but are better than an un-encrypted network. 7. Treat wireless as remote access, and manage access using 802.1X 8. Treat wireless as external access, and separate the WAP from the wired network using a firewall 9. Treat wireless as an entry point for attackers, and monitor all WAP-to-wired-network communications with an IDS 10. Require all transmissions between wireless clients and WAPs to be encrypted, in other words, require a VPN link.
What three things does the red book in the rainbow series address?
1. communications integrity 2. denial of service protection 3. comrpromise
What are the four main components of configuration management?
1. configuration identification - administrators document the configuration of covered software products throughout the organization. 2. configuration control - the configuration control process ensures that changes to software versions are made in accordance with the change control and configuration management policies. updates can be made only from authorized distributions in accordance with those policies. 3. Configuration status accounting: formalized procedures are used to keep track of all authorized changes that take place. 4. configuration audit: a periodic configuration audit should be conducted to ensure that the actual production environment is consistent with the accounting records and that no unauthorized configuration changes have taken place.
What are three drawbacks of multilayer protocols?
1. covert channels are allowed 2. filters can be bypassed 3. logically imposed network segment boundaries can be overstepped
What are the three main security issues that surrounds memory components?
1. data may remain on the chip after power is removed 2. highly pilferable 3. control of access to memory in a multi-user system.
What are some security issues related to BYOD devices?
1. data ownership 2. support ownership 3. patch management 4. anti-virus management 5. forensics 6. privacy 7. on-boarding/off boarding 8. adherence to corporate policies 9. user acceptance 10. architecture/infrastructure considerations 11. legal concerns 12. acceptable use policies 13. on-board cameras/video
What are three main concerns when it comes to the security of secondary storage?
1. data remanence - data can be pulled from drives even after being erased if not properly sanitized 2. SSD wear leveling - often blocks of data that are not marked as live but but that hold a copy of the data when it was copied off to a lower wear leveled blocks. A traditional zero wipe is ineffective 3. Theft - need to encrypt the whole drive to help protect it
What are the four security modes for systems processing classified information?
1. dedicated 2. system high 3. compartmented 4. multilevel
what are the three phases of the incident response process?
1. detection and identification 2. response and reporting 3. recovery and remediation
what is the three-step incident response process that most organizations use?
1. detection and identification 2. response and reporting 3. recovery and remediation
What are three goals a penetration test?
1. determine how well a system can tolerate an attack 2. identify employee's ability to detect and respond to attacks in real time 3. identify additional controls that can be implemented to reduce risk.
What are the four primary responsibilities of a compuer incident response team (CIRTs)
1. determine the amount and scope of damage caused by the incident 2. determine whether any confidential information was compromised during the incident 3. implement any necessary recovery procedures to restore security and recover from incident-related damages. 4. supervise the implementation of any additional security measures necessary to improve security and prevent recurrence of the incident
What is the functional order in which physical security controls should be used?
1. deterrence 2. denial 3. detection 4. delay
What are some base security policies for e-mail?
1. e-mail must be screened so that it cannot become a vector for infection by malicious software. 2. email should be subject to polices that govern appropriate use and limit potential liability
What layer of the TCP/IP model corresponds to layers 5, 6, and 7 of the OSI model?
Application layer
What is a static environment?
Applications, OSs, hardware sets, or networks that are configured for a specific need, capability, or function, and then set to remain unaltered
What is phase 5:Learning of the IDEAL software development model?
As with any quality improvement process, the organization must continuously analyze its efforts to determine whether it has achieved the desired goals and, when necessary, propose new actions to put the organization back on course.
What provides a comprehensive record of system activity and can help detect a wide variety of security violations, software flaws, and performance problems?
Audit trails
Define availability in the CIA triad
Availability is the principle that authorized subjects are granted timely and uninterrupted access to objects.
What does the B channel support in the BRI ISDN standard class?
B channels support a throughput of 64 Kbps and are used for data transmission
what are two types of firmware?
BIOS on a motherboard and general internal and external device firmware
What model was the Biba model designed after?
Bell-LaPadula
What security model addresses data confidentiality?
Bell-LaPadula
What does black-box software testing examine?
Black-box testing examines the program from a user perspective by providing a wide variety of input scenarios and inspecting the output. - black-box testes do not have access to the internal code. - final acceptance testing that occurs prior to system delivery is a common example of black-box testing
out of statistical and non-statistical sampling mechanisms, which one is more reliable and mathematically defensible.
Both statistical and non-statistical sampling are valid mechanisms to create summaries or overviews of large bodies of audit data. However, statistical sampling is more reliable and mathematically defensible.
What is a buffer overflow vulnerability?
Buffer overflow vulnerabilities exist when a developer does not properly validate user input to ensure that it is of an appropriate size.
how are broadcast domains divided?
By using any layer 3 or higher device
What is the formula for encrypting using RSA PKI
C=Pe mod n If Alice wants to send an encrypted message to Bob, she generates the ciphertext (C) from the plain text (P) using the following formula (where e is Bob's public key and n is the product of p and q created during the key generation process)
What are common access cards (CAC's) or Personal Identity verification (PIV) cards?
CACs and PIV cards are smartcards that include pictures and other identifying information about the owner. - personnel within the US government use these
what is the TCP Header flag field order?
CEUAPRSF (Can Even Unskilled Attackers pester real security folk?)
Which security protocol automatically performs re-authenticaion of the client system throughout the connected session in order to detect session hijacking?
CHAP - CHAP is a security protocol that automatically performs reauthentication of the client system throughout the connected session in order to detect session hijacking.
What is Classless Inter-Domain Routing (CIDR) notation?
CIDR uses mask bits rather than a full dotted-decimal notation subnet mask. instead fo 255.255.0.0 a CIDR is added to the ip address after a slash as in 172.16.1.1/16
what suppresses the oxygen in a fire?
CO2
What are the notification requirements placed on organizations that experience a data breach?
California's SB 1386 implemented the first statewide requirement to notify individuals of a breach of their personal information. All but three states eventually followed suit with similar laws. Currently, federal law only requires the notification of individuals when a HIPAA-covered entity breaches their protected health information.
What are the four major categories of TCSEC
Category A - verified protection. The highest level of security Category B - Mandatory protection Category C - Discretionary protection Category D - Minimal protection. Reserved for systems that have been evaluated but do not meet requirements to belong to any other category
What is cell suppression in a db?
Cell suppression is the concept of hiding individual database fields or cells or imposing more security restrictions on them.
memorize this circuit switching table VS packet switching
Circuit Switching - Packet switching * constant trafic * bursty traffic * fixed known delays *Variable delays *connection oriented *connectionless * sensitive to connection loss * sensitive to data loss
memorize this table
Class Type Suppression material A -Common combustibles -water, soda acid (dry powder or liquid chemical) B - liquids -CO2, halon, soda acid C - electrical -CO2, halon D -Metal -Dry powder
What the tiers of lattice-based access control called?
Classification levels used by the security policy of the organization.
How does non-statistical sampling work?
Clipping is a form of non-statistical sampling that records only events that exceed a threshold
Explain the importance of fully documenting an organization's business continuity plan
Committing the plan to writing provides the organization with a written record of the procedures to follow when disaster strikes. It prevents the "it's in my head" syndrome and ensures the orderly progress of events in an emergency.
What are the two types of electromagnetic interference? (EMI)
Common and traverse mode
identify common authorization mechanisms
Common authorization mechanisms include: - implicit deny, access control lists, access control matrix's, capability tables, constrained interfaces, content-dependent controls, and context-dependent controls. - These mechanisms enforce security principles such as the need-to-know, the principle of least privilege, and separation of duties. (Authorization ensures that the requested activity or object access is possible, given the privileges assigned to the authenticated identity. For example, it ensures that users with appropriate privileges can access files and other resources. )
what is the connection type and speed of a European digital transmission format 1 dedicated line?
Connection type: E1 Speed: 2..108 Mbps
what is the connection type and speed of a European digital transmission format 3 dedicated line?
Connection type: E3 Speed: 34.368 Mbps
what is the connection type and speed of a digital signal level 0 (DS-0) dedicated line?
Connection type: Partial T1 Speed: 64 Kbps up to 1.544 Mbps
what is the connection type and speed of a digital signal level 1 (DS-1) dedicated line?
Connection type: T1 Speed: 1.54 Mbps
what is the connection type and speed of a digital signal level 3 (DS-3) dedicated line?
Connection type: T3 Speed: 44.736 Mbps
what is anther name for multilevel security mode?
Controlled security mode
what is the second form of ARP cache poisoning?
Create static ARP entries. done via the ARP command and must be done locally. (done via Trojan horse, buffer overflow, or social engineering attacks)
What is DES Output feedback mode (OFB)?
DES operates in almost the same fashion as it does in CFB mode. instead of XORing an encrypted version of the previous block of ciphertext, DES XORS the plain text with a seed value.
How many rounds of encryption take place when the data encryption standard (DES) is used?
DES utilizes 16 rounds of exclusive OR (XOR) operations to encrypt or decrypt a single block of each message encountered
What is Direct Memory access (DMA)
DMA works as a channel with two signal lines. -- one line is a DMA request line (DMQ) -- one line is a DMA acknowledgment (DACK)
What language contains the commands used by databse users to interact with data?
DML - the data manipulation language is a subset of SQL containing the commands used to interact with data
what is the importance of data classifications
Data Owners are responsible for defining data classifications and ensuring systems and data are properly marked Data owners define requirements to protect data at different classifications such as encrypting sensitive data at rest and in transit data classifications are typically defined withing security policies or data policies
what is data integrity protection dependent on in the Biba model?
Data classification
what are the difference between roles in Security and IT?
Data owner - person responsible for classifying, labeling, and protecting data System owners - responsible for the systems that process the data Business and mission owners own the processes and ensure the systems provide value to the organizatoin Data processors - typically third party entities that process data for an organization. Administrators - gran access to data based on guidlines provided by the data owners. user - access data in the course of performing work tasks custodian - day to day responsibilities for protecting and storing data
What is a data object passed from teh transport layer to the network layer called when it reaches the network layer?
Datagram - a data object is called a datagram or a packet in the network layer. IT is called a PDU in layers 5 through 7. It is called a segment in the transport layer and a frame in the data link layer.
What is delegation in object-oriented programming?
Delegation is the forwarding of a request by an object to another object or delegate. an object delegates if it does not have a method to handle the message.
what is an open system?
Designed using agreed-upon industry standards. easier to integrate with systems from different manufactures
What is the function of ICMP type field value 3?
Destination unreachable
What is the second phase of the IDEAL software development model?
Diagnosing
What is DAC?
Discretionary access controls -- allows a subject to define a list of objects to access as needed
What are the two broad categories of routing protocols?
Distance vector and link state
What is the DNP3 protocol?
Distributed network protocol -- primarily used in the electric and water utility and management industries -- its a multilayer protocol that functions similarly to that of TCP/IP, in that it has link, transport, and transportation layers
What is the top basic layer used on a TCP/IP network?
Domain name - a temporary human-friendly convention assigned over or onto the ip address.
What is DKIM?
Domainkeys identifed mail - DKIM is a means to asset that valid mail is sent by an organization through verification of domain name identity - see http:// www.dkim.org.
What are some base security policies for file encryption?
Drive level encryption, USB drive encryption, etc...
What is Ring 2 of the protection rings?
Drivers, Protocols, etc. I/O drivers and system utilities reside here. these are able to access peripheral devices, special files and so forth that applications and other programs cannot themselves access directly
What is phase 2: Diagnosing of the IDEAL software development model?
During the diagnosing phase, engineers analyze the current state of the organization and make general recommendations for change
What are the two main types of RAM?
Dynamic and static RAM
Name the first 7 EAL's in the CC guidelines
EAL1 - Functionally tested EAL2 - Structurally tested EAL3 - Methodically tested and checked EAL4 - Methodically designed, tested, and reviewed EAL5 - Semi-formally designed and tested EAL6 - Semi-formally verified, designed, and tested EAL7 - Formally verified, designed, and tested
What provides a method for comparing vendor systems that is more standardized in the Common Criteria process?
EALs (evaluation assurance levels)
What is the ECE TCP header flag field bit designator used for?
ECN-Echo (explicit congestion notification) - used to manage transmission over congested links; see RFC 3168
What is the primary difference between EEPROM memory and flash?
EEPROM must be fully erased to be rewritten and flash can be erased and written in blocks or pages
What are the two types of SSID's?
ESSID - Extended service set identifier BSSID - basic service set identifier
What is an elliptic curve group?
Each elliptic curve has a corresponding elliptic curve group made up of the points on the elliptic curve along with the point O, located at infinity. Two points within the same elliptic curve group (P and Q) can be added together with an elliptic curve addition algorithm
How does a FIN (finish) flagged packet disconnect a TCP communication session?
Each side of a conversation will transmit a FIN flagged packet once all of its data is transmitted, triggering the opposing side to confirm with an ACK flagged packet. -- it takes four packets to gracefully tear down a TCP session
What is the function of ICMP type field value 0?
Echo reply
What is the function of ICMP type field 8?
Echo request
What is EEPROM
Electronically erasable programmable read-only memory
What is ESP?
Encapsulating Security payload. -- used with IPsec -- provides confidentiality and integrity of packet contents -- provides encryption, limited authentication and prevents replay attacks
What is EPROM?
Erasable programmable read-only memory
What are the "big four" audit firms?
Ernst & Young, Deloitte & Touche, PricewaterhouseCoopers, KPMG
What are the three main types of LAN technologies?
Ethernet, Token Ring, and FDDI
What are EALs in the Common Criteria process?
Evaluation assurance levels for currently available systems.
what functionality ratings in ITSEC have no corresponding ratings in TCSEC?
F7-F10
What is DNS cache poisoning?
False information being fed in to the cache of a system after a DNS query from a client.
What is (FCoE)?
Fibre Channel over Ethernet a form of network data-storage solution (SAN) or network-attached storage (NAS) that allows for high-speed file transfers at upward of 16gbs.
What is the goal of financial attacks?
Financial attacks are carries out to unlawfully obtain money or services.
What is the FIN TCP header flag field bit designator used for?
Finish - Requests graceful shutdown of TCP session
What do the three corners of the fire triangle represent?
Fire, heat, oxygen. The center of the triangle represents the chemical reaction among these three elements.
What are individual units of Ethernet data called?
Frames
What are class E subnets used for?
Future use
What is a base security policy for graphical user interface mechanisms?
GUI's mechanisms and db management systems should be installed, and their user required, to restrict and manage access to critical information
What is an access control?
Generally, an access control is any hardware, software, or administrative policy or procedure that controls access to resources
When would government agencies conduct regulatory investigations?
Government agencies may conduct regulatory investigations when they believe that an individual or corporation has violated administrative law
What does gray-box software testing examine?
Gray-box testing combines white-box and black-box testing and is popular for software validation. - testers examine the software from a user perspective, analyzing inputs and outputs. they have access to the source code and use it to help design their tests.
What interferes with the chemistry of combustion and/or suppresses the oxygen supply in a fire?
Halon substitutes and other nonflamable gases
What is a HSM?
Hardware Security Model - 3 things: 1. cryptoprocessor used to manage/store digital encryption keys, 2. accelerate crypto operations, 3. improve authentication
what should you do if your e-mail message must maintain integrity?
Hash the message
What type of data model does the Domain name system (DNS) use?
Hierarchical - DNS uses a hierarchical model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.
What IEEE standard is Ethernet based on?
IEEE 802.3
What is used by IP hosts to register their dynamic multicast group membership?
IGMP
What is used by routers to discover multicast groups?
IGMP
What is the most commonly used VPN protocol?
IPSec
How is a star network toplogy deployed?
IT employs a centralized connection device. (hub, switch, etc)
What is the principle of separation of privilege?
IT requires the use of granular access permissions: different permissions for each type of privileged operation.
How does a wave pattern motion detector work?
IT transmits a consistent low ultrasonic or high microwave frequency signal into a monitored area and monitors for significant or meaningful changes or disturbances in the reflected pattern
What does the ITSEC guidelines use to evaluate the functionality and assurance of a system?
IT uses separate ratings for each category
What is Program Evaluation Review technique in software development? (PERT)
ITS a project-scheduling tool used to judge the size of a software product in development and calculate the standard deviation (SD) for risk assessment.
What is memory addressing?
ITs the processors means of referring to various locations in memory.
what is Security association (SA)
In an IPSec session, the representation of the communication session and process of recording any configuration and status information about the connection.
What is phase 4:Acting of the IDEAL software development model?
In the acting phase, it's time to stop "talking the talk" and "walk the walk." The organization develops solutions and then tests, refines, and implements them.
How do you perform the business organization analysis?
In the business organization analysis, the individuals responsible for leading the BCP process determine which departments and individuals have a stake in the business continuity plan. This analysis is used as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development.
What is phase 3: Establishing of the IDEAL software development model?
In the establishing phase, the organization takes the general recommendations from the diagnosing phase and develops a specific plan of action that helps achieve those changes.
What is phase 1: Initiating of the IDEAL software development model?
In the initiating phase of the IDEAL model, the business reasons behind the change are outlined, support is built for the initiative, and the appropriate infrastructure is put in place.
who are the common members of an incident response team?
Incident response teams normally include: - representatives from senior management, - information security professionals, - legal representatives, - public affairs/ communications representatives, - technical engineers.
What does the ITSEC evaluation model stand for
Information Technology Security Evaluation Criteria
What does ISDN stand for?
Integrated services digital network. - its a fully digital telephone network that supports both voice and high speed data communications.
what is ISAKMP?
Internet Security Association and Key Management Protocol. A protocol that provides background security support services for IPSec.
What is iSCSI?
Internet Small Computer system interface. - a networking storage standard based on IP - often viewed as a low-cost alternative to Fibre Channel
What TCP/IP layer corresponds to layer 3 of the OSI model?
Internet layer
What is IPX
Internetwork packet exchange -- is part of the IPX/SPX protocol suite commonly used (although not strictly required) on Novell NetWare networks in the 1990's
What are logical bounds?
It bounds segment logical areas of memory for each process to use. its the OS responsibility to enforce these logical bounds and dissalow access to other processes
What is a network bridge used for?
It connects two networks together-even networks of different topologies, cabling types, and speeds - in order to connect network segments segments that use the same protcol
What does the type field in the ICMP header define?
It defines the type or purpose of the message contained within the ICMP payload.
How does a macro virus work?
It embeds malicious scripts or macros in documents such as Word
How does the transport layer (layer 4) ensure data delivery?
It establishes a logical connection between two devices and provides end-to-end transport services
What is software IP encryption (swIPe)?
It provides authentication, integrity, and confidentiality using an encapsulation protocol
What is Moore's Law?
It suggests that computing power doubles approximately every 18 months.
How does Static RAM store data?
It uses a logical device known as a flip-flop Its simply an on/off switch that must be moved from one position to another to change a 0 or 1 or vice versa.
how was L2TP derived?
It was derived by combining elements from both PPTP and L2F
How long will the dynamic content of ARP cache remain on a system?
It will remain in a cache until a timeout occurs (which is usually under 10 minutes)
What is immediate memory addressing?
It's a way of referring to data that is supplied to the CPU as part of an instruction
What is sampling or data exttraction?
It's the process of extracting elements from a large body of data to construct a meaninful representation of summary of the whole
What is a LAN extender?
It's used as a remote access, multi layer switch used to connect distant networks over WAN links
What is database concurrency, or edit control?
Its a preventive security mechanism that endeavors to make certain that the information stored in the db is always correct or at least has its integrity and availability protected.
What is the major strength of public key encryption?
Its ability to facilitate communication between parties previously unknown to each other.
What is the loopback address?
Its purely a software entity. It is an IP addres used to create a software interface that connects to itself via TCP/IP
What is annualized loss expectancy and how do you calculate it?
Its the monetary loss that the business expects to occur as a result of the risk harming the asset over the course of a year. ALE = SLE X ARO
What are two common applet types?
Java Applets and ActiveX controls
What does the Java applet use to run on machines?
Java virtual machine (JVM)
What wireless protocol was developed to address deficiencies in TKIP before the 802.11i/WPA2 system was ratified as a standard?
LEAP (lightweight extensible authentication protocol)
What cryptosystems is WPA based on?
LEAP and TKIP
What OSI Layer is EIA/TIA-232 found in?
Layer 1 (physical)
What OSI Layer is EIA/TIA-449 found in?
Layer 1 (physical)
What OSI Layer is HSSI found in?
Layer 1 (physical)
What OSI Layer is SONET found in?
Layer 1 (physical)
What OSI Layer is V.24 found in?
Layer 1 (physical)
What OSI Layer is V.35 found in?
Layer 1 (physical)
What OSI Layer is x.21 found in?
Layer 1 (physical)
What OSI Layer does HSSI operate at?
Layer 1 (the physical layer)
What OSI model do switches primarily operate at?
Layer 2
What OSI Layer is ARP found in?
Layer 2 (data)
What OSI Layer is FDDI found in?
Layer 2 (data)
What OSI Layer is ISDN found in?
Layer 2 (data)
What OSI Layer is L2F found in?
Layer 2 (data)
What OSI Layer is L2TP found in?
Layer 2 (data)
What OSI Layer is PPP found in?
Layer 2 (data)
What OSI Layer is PPTP found in?
Layer 2 (data)
What OSI Layer is RARP found in?
Layer 2 (data)
What OSI Layer is SLIP found in?
Layer 2 (data)
What OSI layer does Frame Relay operate at?
Layer 2 (the Data link layer) as a connection-oriented packet-switching transmission technology
What OSI layer do routers operate at?
Layer 3
What TCP/IP layer does SKIP function in?
Layer 3
What TCP/IP layer does swIPe function in/.
Layer 3
What OSI Layer is BGP found in?
Layer 3 (network)
What OSI Layer is ICMP found in?
Layer 3 (network)
What OSI Layer is IGMP found in?
Layer 3 (network)
What OSI Layer is IP found in?
Layer 3 (network)
What OSI Layer is IPSec found in?
Layer 3 (network)
What OSI Layer is IPX found in?
Layer 3 (network)
What OSI Layer is NAT found in?
Layer 3 (network)
What OSI Layer is OSPF found in?
Layer 3 (network)
What OSI Layer is RIP found in?
Layer 3 (network)
What OSI Layer is SKIP found in?
Layer 3 (network)
What OSI layer do Firewalls operate at?
Layer 3 (the network layer)
What layer of the OSI model does Transmission control protocol (TCP) operate at?
Layer 4 (the transport layer)
What OSI layer does UDP operate at?
Layer 4 (transport layer)
What OSI Layer is SPX found in?
Layer 4 (transport)
What OSI Layer is SSL found in?
Layer 4 (transport)
What OSI Layer is TCP found in?
Layer 4 (transport)
What OSI Layer is TLS found in?
Layer 4 (transport)
What OSI Layer is UDP found in?
Layer 4 (transport)
What OSI Layer is NFS found in?
Layer 5 (session)
What OSI Layer is RPC found in?
Layer 5 (session)
What OSI Layer is SQL found in?
Layer 5 (session)
What OSI layer do circuit-level gateway firewalls operate at?
Layer 5 (session)
What OSI Layer is ASCII found in?
Layer 6 (presentation)
What OSI Layer is EBCDISM found in?
Layer 6 (presentation)
What OSI Layer is Encryption protocols and format types found in?
Layer 6 (presentation)
What OSI Layer is JPEG found in?
Layer 6 (presentation)
What OSI Layer is MIDI found in?
Layer 6 (presentation)
What OSI Layer is MPEG found in?
Layer 6 (presentation)
What OSI Layer is TIFF found in?
Layer 6 (presentation)
What layer of the OSI Model allows various applications to interact over a network by ensuring that the data formats are supported by both systems?
Layer 6 the presentation layer
What layer of the OSI model do most file or data formats operate within?
Layer 6 the presentation layer
What OSI layer do gateways operate at?
Layer 7 (Application)
What layer of the OSI model are the protocols and services required to transmit files, exchange messages, connect to remote terminals, and so on are found?
Layer 7 (The application layer) *Note that the application is not located within this layer
What OSI Layer is the HTTP protcol found in?
Layer 7 (application layer)
What OSI layer do application-level gateways operate at?
Layer 7 (application)
Memorize the OSI model table (All presidents since Truman never did pot)
Layer 7 Application Layer 6 Presentation Layer 5 Session Layer 4 transport Layer 3 network Layer 2 Data link Layer 1 Physical
Memorize the chart on OSI model data names. This is the names given to the messages at each layer of the OSI model
Layer 7 Application -- Data stream Layer 6 Presentation - Data stream Layer 5 Session ------ Data Stream Layer 4 Transport ---- Segment (TCP)/Datagram (UDP) Layer 3 Network ----- Packet Layer 2 Data link ----- Frame Layer 1 Physical ------ Bits
What OSI layer is the EDI (Electronic data interchange) protocol found in?
Layer 7 application
What OSI layer is the FTP protocol found it?
Layer 7 application
What OSI layer is the IMAP (internet message access protocol ) protocol found in?
Layer 7 application
What OSI layer is the LPD (line print daimon) found in?
Layer 7 application
What OSI layer is the NNTP (network news transport protocol) protocol found in?
Layer 7 application
What OSI layer is the POP3 - post office protocol version 3 protocol found in?
Layer 7 application
What OSI layer is the S-RPC (secure remote procedure call) protocol found in?
Layer 7 application
What OSI layer is the SET (secure electronic transaction) protocol found in?
Layer 7 application
What OSI layer is the SMTP ( simple mail transfer protocol) found in?
Layer 7 application
What OSI layer is the SNMP (simple network management protocol) found in?
Layer 7 application
What OSI layer is the TFTP (trivial file transfer protocol) found in?
Layer 7 application
What OSI layer is the Telnet protocol found in?
Layer 7 application
What TCP/IP layer corresponds to layers 1 and 2 from the OSI model?
Link layer
What is a distinguishing factor between MAC and rule-based access controls?
MAC controls have labels whereas the rule-based access controls do not use labels
what is MOSS (MIME object Security services)?
MIME object security services can provide authentication, confidentiality, integrity, and nonrepudiation for e-mail messages
Name the common methods used to manage sensitive information
Managing sensitive information includes properly marking, handling, storing, and destroying it based on its classification
What is MAC?
Mandatory access control
What OS is known to use ports 32768 to 61000
Many Linux kernels
What is electromagnetic radiation (EM)?
Many computer hardware devices emit electromagnetic radiation during the process of communicating with other machines or peripheral equipment.
What is the definition of marking data?
Marking (or labeling) data ensures that personnel can easily recognize the data's value.
What is MPP in computer processing?
Massively parallel processing. Technology used to house hundreds or even thousands of processors, each of which has its own operating system and memory/bus resources.
What is MTBF?
Mean time between failures. - an estimation of the time between the first and any subsequent failures.
What is MTTF
Mean time to failure. - The expected typical functional lifetime of the device given a specific operating environment
What is MTTR?
Mean time to repair. the average length of time required to perform a repair on the device
What OS is known to use ports 1025 to 5000?
Microsoft, up to and including server 2003
What are activeX controls?
Microsofts answer to Sun's JAVA applets
APT's are most closely related to what type of attack category?
Military attacks
memorize the security modes chart-----> Clearance is Same if all users must have the same security clearances, Different if otherwise. Need to Know is None if it does not apply and is not used or if it is used but all users have the need to know all data present on the system, Yes if access is limited by need-to-know restrictions. PDMCL applies if and when CMW implementations are used (Yes); otherwise, PDMCL is None.
Mode Clearance Need to know PDMCL Dedicated Same None None System high Same Yes None Compartmented Same Yes Yes Multilevel different Yes Yes
What is a dedicated mode system?
Mode in which the system is authorized to process only a specific classification level at a time. All system users must have clearance and a need to know that information.
What is the importance of a well-rounded compliance program?
Most organizations are subject to a wide variety of legal and regulatory requirements related to information security. Building a compliance program ensures that you become and remain compliant with these often overlapping requirements.
What is MPLS?
Multi-protocol label switching - high throughput high performance network technology that that directs data across a network based on short path labels rather than longer network addresses
What kind of protcol can encryption be incorporated at various layers?
Multilayer protocols
What are security policies called that prevent information flow from higher security levels to lower security levels?
Multilevel security policies
explain the differences between multitasking, multi-threading, multiprocessing, and multi-programming
Multitasking - simultaneous execution of more than one application on a computer and is managed by the OS Multi-threading - permits multiple concurrent tasks to be performed within a single process Multi-processing - the use of more than one processor to increase computing power Multi-programming - takes place on mainframe systems and requires specific programming
What is NetBEUI (aka NetBios Frame protocol, or NBF)?
NetBIOS Extended User Interface -- is most widely known as a Microsoft protocol developed in 1985 to support file and printer sharing
who developed SSL and why
Netscape to provide client/server encryption for web traffic
What OSI layers do stateful inspection firewalls operate at?
Network (layer 3) and transport (layer 4)
What layer or OSI layer does FCoE operate at?
Network layer (layer 3)
What is Ring 0 of the protection rings?
OS Kernal/Memory (Resident Components) highest level of privilege and can basically access any resource, file, or memory location
What are the two IEEE 802.11 standards defined that wireless clients can use to authenticate to WAPS before normal network communications can occur across the wireless link?
OSA - open system authentication SKA - Shared key authentication
What is a common example of a link state routing protocol?
OSPF - open shortest path first
What is the definition of an operational investigation?
Operational investigations examine issues related to the organizations computing infrastructure and have the primary goal of resolving operational issues
What is Ring 1 of the protection rings?
Other OS Components parts of the OS that come and go as various tasks are requested, operations performed, processes switched, and so forth
What is another term for client-based CDN?
P2P (peer-to-peer) BitTorrent
Define Peer-to-Peer (P2P) technology
P2P are networking and distributed application solutions that share tasks and workloads among peers. (Skype, bit torrent, spotify)
What is the formula for decryption using RSA PKI
P=Cd mod n
What is PII and PHI?
PII - Personally identifiable information - any information that can identify an individual. PHI - Protected health information - any health-related information that can be related to a specific person many laws mandate the protection of this data
What are the three areas that common criteria is divided into?
Part 1 - introduction and general model Part 2 - security functional requirements Part 3 - Security assurance
What are the four phases of the RMF and CNSS certification and accreditation standards?
Phase 1: Definition - 3 things - 1. involves the assignment of the appropriate project personnel - 2. documentation of the mission need - 3. registration, negotiation, and creation of a (SSAA) system security authorization agreement Phase 2: Verification - 3 things - 1. refinement of the SSAA - 2. systems development activites - 3. certification analysis Phase 3: Validation: - 4 things - 1. further refinement of SSAA - 2. certification evaluation of the integrated system - 3. development of a recommendation to the DAA - 4. DAA's accreditation decision Phase 4: Post Accreditation - 4 things - 1. maintenance of the SSAA - 2. system operation - 3. change management - 4. Compliance validation
What is db polyinstantiation?
Polyinstantiation occurs when two or more rows in the same relational database table appear to have identical primary key elements but contain different data for use at differing classifications levels. - it is often used as a defense against some types of inference attacks
What are plymorphic viruses?
Polymorphic viruses modify their own code as they travel from system to system making it more difficult for ant-virus signatures to be updated and stop the virus.
What is a PED?
Portable electronic device
What prevents an application from accessing the memory or resources of another application, whether for good or ill?
Process isolation
What type of ROM may be altered by altered by administrator to some extent?
Programmable read-only memory (PROM)
what is a Brownout?
Prolonged low voltage
What are secure communication protocols?
Protocls that provide security services for application-specific communication channels
What are the three cloud based models?
Public, private, and hybrid
What are some common AAA protocols?
RADIUS, TACACS+, and Diameter
What encryption cipher does WEP use?
RC4 - Rivest Cipher 4
What are the two current governments standards for the certification and accreditation of computing systems?
RMF - Risk Management Framework CNSS - committee on National Security Systems - policy (CNSSP)
Describe the different types of memory used by a computer
ROM - nonvolatile and cant be written to by the end use PROM - end user can write data to PROM chips only once EPROM - may be erased through the use of ultraviolet light then have new data written to them EEPROM - may be erased with electrical current and then have new data written to them RAM - volatile and lose their contents when the computer is powered off
What encryption algorithm does S/MIME use?
RSA
What is RFI?
Radio frequency interference. a source of noise and interference that can affect many of the same systems as EMI. (flourescent lights, electrical cables, space heaters, computers)
What is RAM?
Random access memory. Readable and writable memory that contains information a computer uses during processing
What is the implied meaning of the simple property of Biba?
Read up
What is ROM?
Ready only memory. its memory the PC can read but cant change (no writes allowed)
What is the function of ICMP type field 5?
Redirect
What is a replay attack?
Replay attacks attempt to reestablish a communication session by replaying captured traffic against a system.
What is the RST TCP header flag field bit designator used for?
Reset Causes immediate disconnect of TCP session
What is the Rijndael cipher algorithm?
Rijndael is the block cipher algorithm recently chosen by the National Institute of Science and Technology (NIST) as the Advanced Encryption Standard (AES). It supersedes the Data Encryption Standard (DES). -- variable block size -- 128, 192, and 256 key sizes
What is Risk?
Risk is the likelihood that any specific threat will exploit a specific vulnerability to cause harm to an asset.
What encryption methods are used with SET?
Rivest, Shamir, and Adelman (RSA) and Data encryption standard (DES)
Who created RSA Public key Cryptosystem?
Ronald Rivest, Adi Shamir, and Leonard Adleman
What is the function of ICMP type field 9?
Router Advertisement
What is the function of ICMP type field 10?
Router solicitation
How do routers guide the transmission of packets?
Routers use the destination IP address
What are three specialized protocols used with some WAN technologies?
SDLC, HDLC, and HSSI
What network design offers direct programmablity from a central location, is flexible, is vendor neutral, and is open-standards based?
SDN - Software-defined networking
What is the aim of Software-Defined networking (SDN)?
SDN aims at separating the infrastructure layer (i.e. hardware and hardware-based settings) from the control layer (i.e. network services of data transmission management)
What was the SKIP encryption tool replaced with?
SKIP was replaced by internet key exchange (IKE) in 1998
What is a common implementation of a circuit-level gateway firewall?
SOCKS (from socket secure, as in TCP/IP ports)
What can be used to encrypt UDP and Session initiation protocol (SIP) connections?
SSL and TLS
What are synthetic transactions?
Scripted transactions with known expected results. The testers run the synthetic transactions against the tested code and then compare the output of the transactions to the expected state. Any deviations between the actual and expected results represent possible flaws in the code and must be further investigated.
What is S/MIME
Secure Multipurpose internet Mail extension - an e-mail security standard that offers authentication and confidentiality to e-mail through public key encryption and digital signatures.
what is a trusted path
Secure channels for the TCB to communicate with the rest of the system.
what does the Clark Wilson Model use to grant access to objects?
Security Labels, but only through transformation procedures and a restricted interface model
What is a single state system?
Security admins approve a processor and system to handle only one security level at a time.
What is a security assessment?
Security assessments are comprehensive reviews of the security of a system, application, or other tested environment.
What are some base security policies for desktop users?
Security awareness training
what is the basic terminology of cryptography?
Sender wants to transmit a private message to a recipient --> Sender takes the plaintext message and encrypts it using an algorithm and a key --> This produces a ciphertext message that is transmitted to the recipient --> recipient uses a similar algorithm and key to decrypt the ciphertext and re-create the original plaintext message.
What is a tool used to prevent conflicts of interest in the assignment of access privileges and work tasks?
Separation of Duty
What does the term SSID stand for?
Service set identifier - this is typically misused to indicate the name of a wireless network
What are the two properties of the Bell-LaPadula and Biba models are are inverse of each other?
Simple and *(star) Simple is always about reading and star is always about writing. What is not prevented or disallowed is supported or allowed.
What are the differences between single state and multistage processors?
Single state processors are capable of operating at only one security level at a time, whereas multi state processors can simultaneously operate at multiple security levels.
memorize this TCP Header construction table
Size (in bits) field 16 Source port 16 Destination 32 Sequence number 4 Data offset 4 reserved for future use 8 flags 16 window size 16 checksum 16 Urgent pointer variable various options must be a multiple of 32 bits
How does a Smurf attack work?
Smurf attacks generate enormous amounts of traffic on a target network by spoofing broadcast pings. ping floods are a basic DOS attack relying on consuming all of the bandwidth that a target has available
What suppresses the fuel supply in a fire?
Soda acid and other dry powders
What is a test coverage analysis?
Software testing professionals often conduct a test cover analysis to estimate the degree of testing conducted against new software.
What are the various technologies employed by wireless devices to maximize their use of the available radio frequencies?
Some of the frequency spectrum-use technologies are: - spread spectrum - frequency hopping spread spectrum (FHSS) - Direct sequencing spread spectrum (DSSS) - Orthogonoal Frequency-Division Multiplexing (OFDM)
What is the Biba model built on?
State machine concept, information flow, and is a multilevel model.
memorize this static voltage and damage table
Static Voltage Possible damage -- 40 -- Destruction of sensitive circuits and other electronic components -- 1000 -- scrambling of monitor displays -- 1500 -- Destruction of data stored on hard drives -- 2000 -- abrupt system shutdown -- 4000 -- Printer jam or component damage -- 17000 -- permanent circuit damage
What kind if key cryptography does Kerberos 5 use?
Symmetric-key crypto using AES symmetric encryption protocol.
What is the SYN TCP header flag field bit designator used for?
Synchronization - Request synchronization with new sequencing numbers
What are the two segments that many modern OS's break memory into?
System level access (rings 0-2) Kernal or Privileged mode User level programs and apps (ring 3) user mode
What must you employ on IP to gain reliable and controlled communication sessions?
TCP
What port does Post office protocol (POP3) use and what is it used for?
TCP 110 - a protocol used to pull email messages from an inbox on an email server down to an e-mail client
What port does internet message access protocol use (IMAP) and what is it used for?
TCP 143 - used to pull email messages from an inbox on an email server down to an email client. -- a more secure version of POP3
What port does Network file system (NFS) protocol use and what is it used for?
TCP 2049 - a network service used to support file sharing between dissimilar systems
What port does Telnet use?
TCP 23
What port does SMTP (simple mail transfer protocol) use and what is it used for?
TCP 25 - a protocl used to transmit email messages from a client to an email server and from one email server to another
what ports are used for SSL (Secure sockets layer)
TCP 443 - http encryption
What ports are used for Line Print Daemon (LPD) and what is it used for?
TCP 515 - network service that is used to spool print jobs and to send print jobs to printers
What ports are used for X Window and what is it used for?
TCP 6000 - 6063 - This is a GUI API for command-line operating systems.
What port does HTTP (hypertext transport protocol) use and what is it used for?
TCP 80 - used to transmit web page elements from a web server to a web browser
What port does (FTP) use?
TCP ports 20 and 21
What evaluation model was designed to be used when evaluating vendor products or by vendors to ensure that they build all necessary functionality and security assurance in to new products?
TCSEC
What are the types of countermeasures and safeguards used to protect against emanation attacks known as?
TEMPEST countermeasures
What is TLS?
TLS funtion in the same general manner as SSL, but uses stronger authentication and encryption
What element of security control includes access contols, alarms, CCTV, and monitoring?
Technical physical security control
What must the B2 (structured protection) in TCSEC ensure?
That no covert channels exist
List the necessary members of the business continuity planning team.
The BCP team should contain, at a minimum, 1. representatives from each of the operational and support departments; 2. technical experts from the IT department; 3. security personnel with BCP skills; 4. legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; 5. and representatives from senior management. Additional team members depend on the structure and nature of the organization.
What is the wireless BSSID when operating in infrastructure mode?
The BSSID is the MAC address of the base station hosting the ESSID in order to differentiate the multiple base stations supporting a single extended wireless network.
What is considered to be the biggest flaw in programming?
The Buffer overflow
What are the basic provisions of the digital Millennium Copyright Act of 1998?
The Digital Millennium Copyright Act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.
what are the basic provisions of the Economic Espionage Act of 1996?
The Economic Espionage Act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government.
Explain the four propagation methods used by robert tappan morris's internet worm
The Internet worm used four propagation techniques. - First, it exploited a bug in the Sendmail utility that allowed it to spread itself by sending a specially crafted email message that contained its code to the Sendmail program on a remote system. - Second, it used a dictionary-based password attack to attempt to gain access to remote systems by utilizing the username and password of a valid system user. - Third, it exploited a buffer overflow vulnerability in the Finger program to infect systems. - Fourth, it analyzed any existing trust relationships with other systems on the network and attempted to spread itself to those systems through the trusted path.
What is Kerberos's single point of failure?
The KDC - If the KDC is compromised, the secret key for every system on the network is also compromised.
What is the third, or bottom basic layer used on a TCP/IP network?
The MAC address, or hardware address, is a permanent physical address.
What Rainbow series book deals with networking issues?
The Red Book
What is a platform independent protocol that is based on open standards?
The TCP/IP protocol suite
What is the project in which US government has been researching emanation security since the 1950's?
The TEMPEST project
What is the impact of the uniform Computer Information Transactions Act on Software licensing?
The Uniform Computer Information Transactions Act provides a framework for the enforcement of shrink-wrap and click-wrap agreements by federal and state governments.
What are the major laws that govern privacy of personal information in both the United States and the European Union
The United States has a number of privacy laws that affect the government's use of information as well as the use of information by specific industries, such as financial services companies and health-care organizations that handle sensitive information. The EU has a more comprehensive directive on data privacy that regulates the use and exchange of personal information.
What is one significant benefit of CIDR over traditional subnet-masking techniques?
The ability to combine multiple non contiguous sets of addresses into a single subnet (example: it is possible to combine several Class C subnets into a single larger subnet grouping)
What is Data diddling?
The act of making small changes to data, typically malicious in intent.
What is bit flipping?
The activity of changing a bit to its opposite value. A technique commonly used in fuzzing to slightly modify input data
what is a Central station alarm system?
The alarm is usually silent locally, but offsite monitoring agents are notified so they can respond to the security breach. (ADT)
CY - What is the definition of residual Risk?
The amount of Risk left over after a risk response that is accepted by senior management
What is Frame Relay's cost based on?
The amount of data transferred
What is a chosen ciphertext attack?
The attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion of the message to discover the key.
What is a chosen plaintext attack?
The attacker has the ability to encrypt plaintext message of of their chosing and can then analyze the ciphertext output of the encryption algorithm
Where is the single point of failure in a Bus network topology?
The central trunk line
What is a security Kernel?
The collection of components in the TCB that work together to implement reference monitor functions
What is abstraction?
The collection of similar elements into groups, classes, or roles for the assignment of security controls, restrictions, or permissions as a collective
What was the TCSEC and ITSEC evaluation models replaced by?
The common Criteria
What is transitive trust?
The concept that if A trust B and B trusts C, then A inherits trust of C through the transitive property
Who is responsible for the day-to-day maintenance of objects?
The data custodian. A custodian is someone who has been assigned to or delegated the day-to-day responsibility of proper storage and protection of objects.
What OSI layer does PPTP operate at?
The data link layer (layer 2) and is used on IP networks.
What layer of the OSI model does PPTP, L2F, and L2TP and IPSEC operate at?
The data lynk layer (layer 2)
What is the message sent into the protocol stack at the application layer (layer 7) called?
The data stream. IT retains the label of data stream until it reaches the transport layer (layer 4) where it is called a segment. (TCP protocols) or a datagram (UDP protocols) in the network layer (layer 3) it is called a packet
what is the most fatal flaw of all DRM schemes in use today?
The device used to access the content must have access to the decryption key.
What is certification and accreditation used to asses?
The effectiveness of application security as well as OS system and hardware security
What subnet class was set aside for the loopback address?
The entire Class A network of 127 (although only a single address is actually needed for that purpose
What IPsec tunnel mode?
The entire packet, including the header is encrypted. -- designed for gateway to gateway communication.
What is one of the most critical parts of assessing a computer system?
The environment of the system. a system can be more or less secure depending on its surroundings.
How do you incorporate security into the procurement and vendor governance process?
The expanded use of cloud services by many organizations requires added attention to conducting reviews of information security controls during the vendor selection process and as part of ongoing vendor governance.
Once the BCP team is selected, what should be the first item placed on the team's agenda?
The first task of the BCP team should be the review and validation of the business organization analysis initially performed by those individuals responsible for spearheading the BCP effort. This ensures that the initial effort, undertaken by a small group of individuals, reflects the beliefs of the entire BCP team.
Explain the steps of the business impact assessment process.
The five steps of the business impact assessment process are *I risk like I resource* 1. identification of priorities, 2. risk identification, 3. likelihood assessment, 4. impact assessment, and 5. resource prioritization.
What does part 1 (introduction and general model) of the CC guidelines describe?
The general concepts and underlying model used to evaluate IT security and what's involved in specifying TOE
What is committed information rate (CIR) in Frame Relay?
The guaranteed minimum bandwidth a service provider grants to its customers. - it is usually significantly less than the actual macimum capability of the provider network.
What security policy safeguards does TCSEC not address?
The kinds of personnel, physical, and procedural policy safeguards that must be exercised to fully implement security policy
What is a known plaintext attack? (KPA)
The known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext). These can be used to reveal further secret information such as secret keys and code books. The term "crib" originated at Bletchley Park, the British World War II decryption operation.
define What the protocol field value in TCP/IP
The label or flag found in the header of every IP packet that tells the receiving system what type of packet it is. (think of it as like the label on a mystery-meat package wrapped in butcher paper you pull out of the freezer. Without the label, you would have to open it and inspect it to figure out what it was)
How does DNS poisoning work when the DNS IP Address is changed on the local machine?
The local machine will do DNS queries against a malicious DNS server.
What are the major categories of computer crime?
The major categories of computer crime are military/ intelligence attacks, business attacks, financial attacks, terrorist attacks, grudge attacks, and thrill attacks.
What BIA metric can be used to express the longest time a business function can be unavailable without causing irreparab1e ham to the organization?
The maximum tolerable downtime (MTD) represents the longest period a business function can be unavailable before causing irreparab1e ham to the business. This figure is useful when determining the level of business continuity resources to assign to a particular function.
What is the most formal code review process and list six steps?
The most formal code review process is know as Fagan inspections 1. planning 2. Overview 3. preperation 4. inspection 5. Rework 6. Follow-up
What does autoconfiguration remove in IPv6?
The need for both DHCP and NAT
What is a TCP transmission window?
The number of packets transmitted before an acknowledge packet is sent.
What is the cardinality and the degree in a relational database?
The number of rows in the relation is referred to as cardinality, and the number of columns is the degree. - To remember the concept of cardinality, think of a deck of cards on a desk, with each card (the first four letters of cardinality) being a row. To remember the concept of degree, think of a wall thermometer as a column (in other words, the temperature in degrees as measured on a thermometer).
How does the Common Criteria model indicate what kind of testing and confirmation has been performed on a system?
The number of the level indicates what kind of testing and confirmation has been performed
On manual review systems, failure recongnition is whose primary responsibility?
The observer or auditor or a manual review system is directly responsible for recognizing failure of that system.
What is the overall result in using a content distribution network?
The overall result is lower-latency and higher-quality throughput.
What is a major drawback of virtual memory?
The paging operations that occur when data is exchanged between primary and secondary memory are relatively slow. and consume significant computer overhead.
What is a kernel?
The part of an operating system that always remains resident in memory. (so it can run on demand at any time)
What is a reference monitor?
The part of the TCB that validates access to every resource prior to granting access It stands between every subject and object verifying that a requesting subjects credentials meet the object's access requirements before any requests are allowed to proceed.
What principle does the Brewer and NAsh model use within each conflict class to keep users out of potential conflict-of-interest situations?
The principle of data isolation
Why is the TCSEC evaluation models call the rainbow series?
The publication of these models from the DoD where identified by the color of their covers
What are the TCP/UDP ports 49152 to 65535 known as?
The random, dynamic, or ephemeral ports because they're often used randomly and temporarily by clients as a source port..
How is the false rejection rate (FRR) calculated?
The ratio of Type 1 errors to valid authentications is known as the false rejection rate (FRR)
How is the false acceptance rate (FAR) for Type 2 bio-metric errors calculated?
The ratio of Type 2 errors to valid authentications is called the false acceptance rate (FAR)
What is a reasonableness check when software testing?
The reasonableness check ensures that values returned by software match specified criteria that are within reasonable bounds.
if you want to encrypt a plain text message, which key should you use?
The recipients public key
what is the access control enforcer for the TCB?
The reference monitor
What is an object in control access?
The resource a user or process wants to access
what is a behavior in object-oriented programming?
The results or output exhibited by an object is a behavior. behaviors are the results of a message being processed through a method
CY- What is the definition of total risk?
The risk that exists before any control is implemented
How does a security policy drive system design, implementation, testing, and deployment?
The role of security policy is to inform and guide the design, development, implementation, testing, and maintenance of some particular system.
What key should you use if you want to verify the signature on a message sent by someone else?
The senders public key
What is a problem state?
The state in which a process is actively executing.
What is a supervisor state?
The state in which a process is operating in a privileged, all‐access mode.
What is the ready state of system processing?
The state in which a process is ready to execute but is waiting for its turn on the CPU
What is the definition of automated recovery?
The system is able to perform trusted recovery activities to restore itself against at least one type of failure.
what is the throughput rate in bio-metric scanning?
The throughput rate is the amount of time the system requires to scan a subject and approve or deny access.
what is "time of use" (TOU)?
The time at which the decision is made by a subject to access an object.
What are the two primary rules or principles of the Bell-LaPadula security model? Also, what are the two rules of Biba?
The two primary rules of Bell-LaPadula are the simple rule of no read-up and the star rule of no write-down. The two rules of Biba are the simple rule of no read-down and the star rule of no write up
What is a subject in control access?
The user or process that makes a request to access a resource
What does the first 3 bytes (24 bits) of a MAC address denote?
The vendor or manufacturer of the physical network interface -- This is known as the (OUI) Organizationally Unique Identifier. OUI's are registered with IEEE, chich controls their issuance.
What are protection mechanisms?
The ways in which running computers implement and handle security at runtime
What are the first 1024 TCP/UDP ports called?
The well known ports or the service ports
What are the four steps of the business Continuity Planning process?
There are 4 distinct phases. *Poor Business Continuity seeks Approval* 1. Project Scope and planning 2. Business impact assessment 3. Continuity planning 4. Approval and implementation
What is nonvolatile memory?
These are devices designed to retain their data ( such as magnetic media)
What is sequential storage?
These storage devices require that you read (or speed past) all the data physically stored prior to the desired location. (TAPE DRIVES)
What is the greatest security threat posed by RAM chips?
They are highly pilfer able and quite often stolen
Why is it important to include legal representatives on your business continuity planning team?
They are intimately familiar with the legal, regulatory, and contractual obligations that apply to your organization and can help your team implement a plan that meets those requirements while ensuring the continued viability of the organization to the benefit of all— employees, shareholders, suppliers, and customers alike.
What are the two ways that a router can function?
They can function using statically defined routing tables, or they can employ a dynamic routing system
How do stateful inspection firewalls work?
They evaluate the state or the context of network traffic
What are scoped addresses in IPv6?
They give administrators the ability to group and then block or allow access to network services, such as file servers or printing.
How do circuit-level gateway firewalls, also knon as circuit proxies, manage communications?
They manage communication based on the circuit, not the content of traffic.
What domains are systems on either side of a gateway a part of?
They're a part of different broadcast domains and different collision domains.
What are pseudo flaws?
They're false vulnerabilities or apparent loopholes intentionally implanted in a system in an attempt to tempt attackers
Where are internet protocol security (IPSec) used?
They're used to establish VPN's
Where are layer 2 tunneling protocols (L2TP) used?
They're used to establish VPN's
Where are point-to-point tunneling protocols (PPTP) used?
They're used to establish VPNs
What was commonly used to connect systems to backbone trunks of thicknet cabling?
Thinnet coaxial cables (also known as 10base2)
What is wrong with the "seat-of-the-pants" approach to business continuity planning?
This "seat-of-the-pants" attitude is one of the most common arguments against committing resources to BCP. In many organizations, the attitude that the business has always survived and the key leaders will figure something out in the event of a disaster pervades corporate thinking. If you encounter this objection, you might want to point out to management the costs that will be incurred by the business (both direct costs and the indirect cost of lost opportunities) for each day that the business is down. Then ask them to consider how long a "seat-of-the-pants" recovery might take when compared to an orderly, planned continuity of operations.
what is split knowledge?
This combines the concepts of separation of duties and two-person control into a single solution
what is PPP (point to point protocol)?
This is a full duplex protocol used for transmitting TCP/IP packets over various non-lan connections, such as modems.
CY - what is the Facilitated Risk Analysis Process (FRAP) method of Risk analysis?
This is a qualitative analysis used to determine whether or not to proceed with a quantitative analysis. - if impact is too low, the quantitative analysis is foregone.
What is secure electronic transaction (SET)?
This is a security protocol for the transmission of transactions over the internet.
What is Secure Remote Procedure Call (S-RPC)?
This is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems
what is SLIP (Serial line internet protocol)?
This is an older technology developed to support TCP/IP communications over asynchronous serial connections, such as serial cables or modem dial up
CY - What is NIST 800-30?
This is the Risk Management Guide for information technology systems
What is RADIUS?
This is used to centralize the authentication of remote dial-up connections. (or other devices such as linux, routers, or firewalls)
What does user Entitlement refer to?
This refers to the amount of privileges granted to the users, typically when first provisioning an account.
What are the primary components of TCB
Three things: 1. the hardware and software elements used to enforce the security policy (these elements are called the TCB), 2. the security perimeter distinguishing and separating TCB components from non-TCB components, 3. the reference monitor that serves as an access control device across the security perimeter.
How is privacy provided in S/MIME?
Through the use of public key cryptography standard (PKCS) encryption
What is the function of ICMP type field 11?
Time Exceeded
memorize this table for the IDEAL and SW-CMM development models
To help you remember the initial letters of each of the 10 level names of the SW-CMM and IDEAL models (II DR ED AM LO), imagine yourself sitting on the couch in a psychiatrist's office saying, "I... I, Dr. Ed, am lo( w)." If you can remember that phrase, then you can extract the 10 initial letters of the level names. If you write the letters out into two columns, you can reconstruct the level names in order of the two systems. The left column is the IDEAL model, and the right represents the levels of the SW-CMM. Initiating Initiating Diagnosing Repeatable Establishing Defined Acting Managed Learning Optimized
What TCP/IP layer corresponds to layer 4 of the OSI model?
Transport layer
What does TCSEC stand for?
Trusted Computer System Evaluation Criteria
What is a TPM?
Trusted Platform Module - both a specification for a cryptoprocessor chip on a mainboard and the general name for implementation of the specification
What is trusted recovery?
Trusted recovery provides assurances that after a failure or crash, the system is just as secure as it was before the crash failure or crash occurred.
What is Tunneling?
Tunneling is the network communications process that protects the contents of protocol packets by encapsulating them in packet of another protocol.
What are the two things that ITSEC uses to rate systems?
Two scales: functionality and assurance 1. functionality is rated from F-D through F-B3 (There is no F-A1) 2. Assurance is rated from E0 through E6.
What are the three basic methods of authentication or types or factors?
Type 1 - something you know - password Type 2 - something you have - token Type 3 - something you are or do - fingerprints, retina, etc
What port is used for Simple Network Management protocol (SNMP) and what is it used for?
UDP 161 (UDP 162 for trap messages) - network service used to collect network health and status information by polling monitoring devices from a central monitoring station
What port does Dynamic host configuration protocol (DHCP) use and what is it used for?
UDP 67 and 68 - 67 is used for server point-to-point response - 68 is used for client request broadcasts assigns TCP/IP configuration settings to systems upon bootup.
What ports are used for the Bootstrap Protocl (BootP)/Dynamic host configuration protocl (DHCP)? and what is it used for?
UDP 67 and 68 -used to connect diskless workstations to a network through auto assignment of ip configuration and download of basic OS elements
What port does the Trivial file transfer protocol use? (TFTP)
UDP port 69
What federal agency provides detailed data that can assist with assessing earthquake risk?
USGS - The US Geological survey provides detailed earthwuare risk data for locations in the united states-
What does UEFI stand for?
Unified extensible firmware interface
What modes does ring 3 run in?
User mode
What is Ring 3 of the protection rings?
User-Level Programs and Applications
How does C2 (Controlled access) provide protection to objects in TCSEC?
Users must be identified individually to gain access to objects.
The VPN protocols PPTP, L2F, and L2TP primarily function at what layer of the OSI model?
VPN protocols - specifically PPTP, L2F, and L2TP - function at the data link layer (layer 2)
What is VoIP?
Voice over IP - a tunneling mechanism used to transport voice and/or data over a TCP/IP network.
What was CCMP created to replace?
WEP and TKIP/WPA
What was TKIP and WPA officially replaced by in 2004?
WPA2
How does 802.11i (WPA2) bring best-to-date encryption and security wireless communications?
WPA2 implements concepts similar to IPSec
What suppresses temperature in a fire?
Water
How is a system accredited?
When management decides the certification of the system satisfies their needs.
CY - What is the definition of Secondary Risk?
When one risk response triggers another risk event
When do network switches normally operate at OSI layer 3?
When they have additional features, such as routing between vlans
What does white-box software testing examine?
White-box testing examines the internal logical structures of a program and steps through the codes line by line, analyzing the program for potential errors.
What is WPA?
WiFi protected access -- improves on wep encryption by implemting the temporal key integrity protocol (TKIP) -- WPA2 adds AES cryptography and secure algorithms appropriate for use on modern wireless networks
What is WEP?
Wired Equivalent Privacy - defined by the IEEE 802.11 standard - designed to provide the same level of security and encryption on wireless networks as is found on wired or cabled networks. - easily crackable and worthless today
What standard is used by many internet-compatible email systems for addressing and message handling?
X.400
What does S/MIME rely on for exchanging cryptographic keys?
X.509 certificates
What key should you use if you want to decrypt a message sent to you?
Your private key
what key should you use if you want to digitally sign a message you're sending to someone else?
Your private key
What is DES encryption?
a 64 bit block cipher that has five modes of operation. The process is repeated 16 times for each encryption/decryption operation
what is the Adobe Digital Experience Protection Technology? (ADEPT)
a DRM technology for e-books
What is a faraday cage?
a box, mobile room, or entire building designed with an external metal skin. often a wire mesh that fully surrounds an area on all sides and acts as an EMI absorbing capacitor
What is a broadcast?
a broadcast occurs when a single system transmits data to all possible recipients.
What are Transposition Ciphers?
a cipher that uses an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext
What is PCI-DSS?
a collection of requirements for improving the security of electronic payment transactions
What is a class in object-oriented programming?
a collection of the common methods from a set of objects that defines the behavior of those objects is a class
What encryption technology does ADEPT use for DRM?
a combination of AES to encrypt the media content and RSA to protect the AES key.
What is a trusted computing base (TCB)
a combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy.
What is defense in depth?
a common security strategy used to provide a protective multi layer barrier against various forms of attack.
What is a blackout?
a complete loss of power
What are parallel data systems? (parallel computing)
a computation system designed to perform numerous calculations simultaneously.
What is metadata in terms of data mining?
a concentration of data. It can also be a superset, a subset, or a representation of a larger dataset.
What uses acess rules to limit the access of a subject to an object?
a control
What is a Brouter?
a device that attempts to route first, but if that fails, it defaults to bridging.
What is traverse mode noise?
a difference in power between the hot and neutral wires of a power source or operating electrical equipment.
What is a fail-open system?
a fail-open system will fail in an open state, granting all access
What is a fail-secure system?
a fail-secure system will default to a secure state in the event of a failure, blocking all access
What kind of device helps to define an organization's perimeter and also servers to deter casual trespassing?
a fence
What is an example of an applet?
a financal web server that offers a mortage calculator. Instead of processing this data and returning the results to the client system, the remote web server might send to the local system an applet that enables it to perform those calculations itself.
What is an industrial control system (ICS)?
a form of computer-managment device that controls industrial processes and machines.
What is grid computing?
a form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal.
What is a XML exploitation?
a form or programming attack that is used to either falsify information being sent to a visitor or cause their system to give up information without authorization.
What is the best definition of a security model?
a framework to implement a security policy
What is a ciphertext only attack?
a frequency analysis attack counting the number of times each letter appears in the ciphertext.
what is a Gantt Chart?
a gantt chart is a type of bar chart that shows the interrelationships over time between projects and schedules.
What is TEMPEST
a general study of monitoring emanations and preventing their interception.
What is used in WEP to verify that received packets weren't modified or corrupted while in transit?
a hash value
what is an overt channel?
a known, expected, authorized, designed, monitored, and controlled method of communication.
What is a data warehouse?
a large database to store large amounts of information from a variety of databases for use with specialized analysis techniques.
What are memory registers?
a limited amount of onboard memory included in the CPU
What is the Red book in the rainbow series restricted to?
a limited class of networks that are labled as "centralized networks with a single accreditation authority"
What is a wireless MAC filter?
a list of authorized wireless client interface MAC addresses that is used by a wireless access point to block access to all non-authorized devices.
What is a man in the middle attack?
a malicious individual sites between two communicating parties and intercepts all communications.
What is a common example of a client-side attack?
a malicious website that transfers malicious mobile code (such as an applet) to a vulnerable browser running on the client)
What does Volatility mean when referring to memory?
a measure of how likely it is to lose its data when power is turned off.
What is a NAT?
a mechanism for converting the internal IP addresses for transmission over the internet.
What is a Security Control?
a mechanism that limits access to an object
What is a message in object-oriented programming?
a message is a communication to or input of an object
What is a method in object-oriented programming?
a method is internal code that defines the actions an object performs in response to a message
what is a covert Channel?
a method used to pass information over a path that is not normally used for communication.
What is a fault?
a momentary loss of power
what is a data mart?
a more secure container for metadata storage
What is TFTP used for?
a network application that supports an exchange of files that does not require authentication
What is a dead Zone network?
a network segment using an alternative Network layer protocol instead of IP
What is OWASP?
a nonprofit security project focusing on improving security of online or web-based applications.
what is a side-channel attack?
a passive, noninvasive attack intended to observer the operation of a device.
What is polymorphism in object-oriented programming?
a polymorhpism is the characteristic of an object that allows it to respond with different behaviors to the same message or method because of changes in external conditions.
What is used in WEP to encrypt packets before they're transmitted?
a predefined shared secret key
what is an integrity verification procedure (IVP)?
a procedure that scans data items and confirms their integrity. used in Clark-Wilson
What is another name for an application-level Gateway firewall?
a proxy
What is a tuple in a relational database?
a record represented by a row in the table
What is crime prevention through environmental design (CPTED)?
a school of thought on "secure architecture" -- The guiding idea is to structure the physical environment and surrounding to influence individual decisions that potential offenders make before committing any criminal acts.
What is a thread in computing?
a self-contained sequence of instructions that can execute in parallel with other threads that are partof the same parent process.
what is a security token?
a separate object that is associated with a resource and describes its security attributes.
What is the "Trustworthy Computing initiative?
a series of design philosophy changes intended to beef up the often questionable standing of Microsoft's OS's and applications when viewed from a security perspective
What is a cognitive password?
a series of questions about facts or predefined responses that only the subject should know
What is a service Bureau?
a service Bureau is a company that leases computer time. - service bureaus owns large server farms and often fields of workstations.
what is a protocol?
a set of rules and restrictions that define how data is transmitted over a network medium (e.g. twisted-pair cable, wireles, etc)
what is transient power
a short duration of line noise disturbance
What is a virtual machine?
a simulated environment created by the OS to provide a safe and efficient place for programs to execute.
What is a state?
a snapshot of a system at a specific moment in time.
What is a faraday case?
a special enclosures that acts as an EM capacitor. -- no EM signals can enter or leave the enclosed area.
What is power noise?
a steady interfering power disturbance or fluctuation
What is AppleTalk?
a suite of protocols developed by Apple for networking of Mac systems, originally released in 1984 -- removed from the Apple OS as of OS X v10 in 2009
What is a Salami attack?
a systematic whittling at assets in accounts or other records with financial value, where very small amounts are deducted from balances regularly and routinely. (Think about Office Space) The name comes form an employee stealing a small slice of Salami every time they cut some of a client.
What is data mining?
a technique that allows analysts to comb through data warehouses and look for potential correlated information these techniques result in the development of data models that can be used to predict future activity.
What is Memory-Mapped I/O
a technique used to manage input/output.
what is the definition of a threat?
a threat is a potential occurrence that can result in an undesirable outcome.
What is a transitive trust?
a transitive trust extends the trust relationship between the two security domains to all of their sub domains.
What does the security kernel use to communicate with subjects?
a trusted path
What is an an exception in the Bell-LaPadula model?
a trusted subject is not constrained by the * Security Property. The Trusted subject is allowed to violate the * Security Property and perform a write-down
What is a drive-by download?
a type of malware that installs itself without the users's knowledge when the user visits a website
What does the last 3 bytes (24 bits) represent of a MAC address?
a unique number assigned to that interface by the manufacturer. No two devices can have the same MAC address in the same local ethernet broadcast domain.
what is vishing?
a variant of phishing that uses the phone system or VoIP
What is the major difference between a virus and a worm?
a virus infects a single computer whereas a work will propigate itself automaticaly across many systems.
What is multiprogramming?
a way to batch or serialize multiple processes so that when one process stops to wait on a peripheral, its state is saved and the next process in line begins to process. --obsolete technology and rarely found in use today
What is an interrupt (IRQ)
abbreviation for interrupt request, a technique for assigning specific signal lines to specific devices through special interrupt controller.
What are classes (or object groups) when talking about abstraction in object-oriented programming
access controls and operation rights are assigned to groups of objects rather than on a per-object basis. You can control security rights on a class level for multiple users or objects
Identification is the first step toward what ultimate goal?
accountability
What is considered db noise and perturbation?
administrators can insert false or misleading data in a DBMS in order to redirect or thwart information confidentiality attacks.
What is a trusted system?
all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.
What is an Advanced Persistent threat? (APT)
an APT refers to a group of attackers who are working together and are highly motivated, skilled, and patient.
What is a MAU (multistation access unit)?
an MAU allows for the network cable segments to be deployed as a start while internally the device makes logical ring connections
How is data communicated through a TCP session periodically verified?
an acknowledgement is sent by the receiver back to the sender by setting the TCP header's acknowledgement sequence value to the last sequence number received from the sender within the transmission window
What is a code in the ICMP header?
an additional data parameter offering more detail about the function or purpose of the ICMP message payload example: when an attempt is made to connect to a udp service port when that service and port are not actually in use on the target server.
what is phlashing?
an attack in which a malicious variation of official BIOS or firmware is installed that introduces remote control or other malicious features into a device
What is ARP cache poisoning cased by?
an attack responding to ARP broadcast queries in order to send back falsified replies. if the false reply is received by the client before the valid reply, then the false reply is used to populate the ARP cache and the valid reply is discarded as being out an open query
What is a split-response attack?
an attack that can cause the client to download content and store it in the cache that was not an intended element of a requested web page.
What is Bluebugging?
an attack that grants hackers remote control over the feature and functions of a Bluetooth device
what is a teardrop attack?
an attacker fragments traffic in such a way that a system is unable to put data packets back together.
What is ARP cache poisoning?
an attacker inserts bogus information into the ARP cache.
What is a field in a relational database?
an attribute in the table
What is a security label?
an attribute storage which is generally a permanent part of the object to which its attached. -- once its set it usually cannot be altered
what is the distance that a local alarm system must be able to broadcast?
an audible (up to 120 secibel [db] alarm signal that can be easily heard up to 400 feet away.
What is Halon?
an effective fire suppression compound that starves a fire of oxygen by disrupting the chemical reaction between oxygen and combustible materials. banned in 1994 by the EPA because its an ozone depleting substance
What is the definition of computer architecture?
an engineering discipline concerned with the design and construction of computing systems at a logical level.
What has to be defined if multiple base stations or wireless access points are involved in the same wireless network?
an extended station set identifier (ESSID). (its similar to the name of a network workgroup)
What is the security perimeter?
an imaginary boundary that separates the TCB from the rest of the system.
What does the ITSEC represent?
an initial attempt to create security evaluation criteria in Europe.
what is a inrush?
an initial surge of power usually associated with connecting to a power source, whether primary or alternate/secondary
Define a package in the common criteria process
an intermediate grouping of security requirement components that can be added or removed from a TOW ( Like new car packages)
What is a DNS caching server?
any DNS system deployed to cache DNS information from other DNS server.
What is an unconstrained data item (UDI)?
any data item that is not controlled by the security model. Example: any data that is to be input and hasn't been validated, or any output. used in Clark-Wilson
What is a constrained data item (CDI)?
any data item whose integrity is protected by the security model. used in Clark-Wilson
What is white noise?
any random sounds, signal, or process that can drown out meaningful information. (audible frequencies to inaudible electronic transmissions)
What does ad hoc mode mean in wireless networks?
any two wireless networking devices, including two wireless NIC's, can communicate without a centralized control authority.
what is the definition of a vulnerability?
any type of weakness. It can bve due to a flaw or limitation in hardware or software, or the absence of security control.
what is a local cache?
anything that is temporarily stored on the client for future reuse, including ARP cache, DNS cache, and internet file cache
What is the macimum distance a DSL line cab be from a central office? (that is, a specific type of distribution node of the telephone network)
approcimately 1000 meters
What is the ALU?
arithmetic-logical unit
What are application assurance procedures?
assurance procedures are simply formalized processes by which trust is built into the life cycle of a system.
What is a Brute Force attack?
attempts every possible valid combination for a key or password
What does the Authentication header (AH) provide in IPSec?
authentication, integrity, and non-repudiation.
How does a flame-actuated system trigger fire suppression?
based on the infrared energy of the flames
What do the C1 and C2 systems provide in TCSEC?
basic controls and complete documentation for system installation and configuration
What is a BSSID?
basic service set identifier - the name of a wireless network when in ad hoc or peer-to-peer mode (when a base station or WAP is not used) ** when operating in infrastructure mode, the BSSID is the MAC address of the base station hosting the ESSID in order to differentiate multiple base stations supporting a single extended wireless network **
When was the Multics OS designed and built?
between 1963 and 1969 through the collaboration of Bell Labs, MIT, and General Electric.
Why cant Oxygen suppression be used on metal fires?
burning metal produces its own oxygen
How is the configuration and management of hardware controlled in a software-defined networking design?
by a centralized management interface. -- additionally, the settings applied to the hardware can be changed and adjusted dynamically as needed.
How does the B3 (security Domains) provide more secure functionality?
by further increasing the separation and isolation of unrelated processes
how does ISAKMP provide background security support services for IPsec?
by negotiating, establishing, modifying, and deleting security associations (SA)
How is metadata generated?
by performing data mining
How does a ping of death attempt to crash a computer?
by sending malformed pings larger than 65,535 bytes (larger than the maximum IPv4 packet size)
How does the information flow model address covert channels?
by specifically excluding all nondefined flow pathways
how does MAC and DAC limit the access to objects?
by subjects
How does the C1 (Discretionary security) controal access in TCSEC?
by user ID's and/ or grops
How are collision domains divided?
by using any layer 2 or higher device
How does ARP and RARP function?
by using caching and broadcasting If the ARP cache does not contain the necessary information, an ARP request in the form of a broadcast is transmitted
What is Cache RAM?
caches that improve performance by taking data from slower devices and temp storing it in faster devices when repeated use is likely.
What is the D channel used for in the BRI ISDN standard class?
call establishment, management, and teardown and has a bandwidth of 16 Kbps.
What are the two phases for evaluating how well a system meets your security needs?
certifications and evaluation
What are "agents" when talking about computer processing?
code objects sent from a users system to query and process data stored on remote systems.
What are applets?
codes objects that are sent from a server to a client to perform some action. applets are actually self-contained miniature programs that execute independently of the server that sent them.
what is cohesion in object-oriented programming?
cohesion describes the strength of the relationship between the purposes of the methods within the same class
What does the Red book rate in the rainbow series?
confidentiality and integrity
Define confidentiality in the CIA triad
confidentiality is the principle that objects are not disclosed to unauthorized subjects
What is content-dependent control?
content-dependent access controls restrict access to data based on content within an object. (think of virtual DB tables - It creates a view that only displays specific table columns.)
What is coupling in object-oriented programming?
coupling is the level of interaction between objects. lower coupling means less interaction. Lower coupling provides better software design because objects are more independent. lower coupling is easier to troubleshoot and update
What is process abstraction?
creates "black-box" interfaces for programmers to use without requiring knowledge of an algorithm's or device's inner workings.
What is process layering?
creates different reals of security within a process and limits communication between them.
what are codes?
cryptographic systems of symbols that operate on words or phrases and are sometimes secret but don't always provide confidentiality
What is metadata?
data about data or information about data
What are the seven safe harbor principles?
data integrity enforcement access Notice security onward transfer choice
What happens when a data overflow occurs?
data may be lost or corrupted or may trigger a need for re transmission
How do you verify a digital signature?
decrypt the signature with the senders public key and compare the message digest to the one you generate yourself
What is a closed system?
designed to work well with a narrow range of other systems, generally all from the same manufacturer
What are the two main goals of the incident identification process?
detecting security incidents and notifying appropriate personnel.
What are security dogs extremely effective at?
detection and deterrent
What is volatile memory?
devices such as static or dynamic RAM module, which are designed to lose their data.
What does cyber-physical systems refer to?
devices that offer a computational means to control something in the physical world. these are essentially key elements in robotics and sensor networks
When must the Secure state of a B3 (security domains) system be addressed in TCSEC?
during the initial boot process
What is DES cipher block chaining mode?
each blcok of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm.
What is DES Electronic Codebook mode (ECB)
each time the algorithm processes a 64-bit block, it simply encrypts the block using the chosen secret key
What are emanations?
electrical signals that emanate or radiate from devices that can be intercepted by unauthorized individuals (wireless networking equipment and mobile phones) (monitors, modems, internal or external media drives)
What is the primary means by which fax communications can be made secure?
encryption
What is link encryption?
encryption technique that protects entire communications circuits by creating a secure tunnel between two points using either a hardware or software solution. all traffic encrypted entering one end of the tunnel and decrypted at the other end of the tunnel -- this usually happens at the lower OSI layers
what type of encryption technique is SSH?
end-to-end encryption
What is hardware segmentation?
enforces process isolation with physical controls
What is the primary goal of controls?
ensure the confidentiality and integrity of data by disallowing unauthorized access by authorized or unauthorized subjects
What is the only way to do away with buffer overflows?
ensure the proper data validation is being performed
What are maintenance hooks?
entry points into a system that are known only by the developer of the system (also called back doors)
What is an ESSID?
extended service set identifier - the name of a wireless netowkr when a wireless base station or WAP is used (infrastructure mode)
What was CAT5e designed to protect against?
far-end cross-talk
What kind of cables was FCoE orignally designed for?
fiber-optic cables, support for copper cables was added later to offer less-expensive options.
How does Bell-LaPdula prevent information flow?
from a high security level to a low security level
How does Biba prevent information flow?
from a low security level to a high security level
What guidelines did the TCSEC evaluation model establish?
guidelines to be used when evaluating a stand-alone computer from the Security perspective
What technology can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public internet conceptions?
iSCSI.
What are the four primary access conrol elements?
identification, authentication, authorization, and accountability.
When can a system be called a secure state machine?
if each possible state transition results in another secure state. -- always boots into a secure state -- maintains a secure state across all transitions -- allows subjects to access resources only in a secure manner compliant with the security policy.
How do processes line up for execution in an OS?
in a processing queue, where they will be scheduled to run as a processor becomes available
Where are the specific abilities or permissions defined of a subject over a set of objects in the Graham-Denning Model?
in an access matrix (AKA access control matrix)
What is level 5: Optimizing of the SW-CMM model (software capability maturity model)
in the optimized organization, a process of continuous improvement occurs. - sophisticated software development processes are in place that ensure that feedback from one phase reaches to the previous phase to improve future results.
What is level 4: Managed of the SW-CMM model (software capability maturity model)
in this phase, management of the software process proceeds to the next level. - Quantitative measures are utilized to gain a detailed understanding of the development process.
What is level 3: Defined of the SW-CMM model (software capability maturity model)
in this phase, software developers operate according to a set of formal, documented software development processes. - all development projects take place within the constraints of the new standardized management model.
What is level 1: initial of the SW-CMM model (software capability maturity model)
in this phase, you'll often find hardworking people charging ahead in a disorganized fashion. There is usually little or no defined software development process.
What security models are Bell-LaPadula and Biba?
information flow models
What is inheritance in object-oriented programming?
inheritance occurs when methods from a class (parent or super lass) are inherited by another subclass (child)
What parts of the Security CIA does the Biba model address?
integrity
Define integrity in the CIA triad
integrity is the principle that objects retain their veracity and are intentionally modified by only authorized subjects.
What aspects of security does the Bell-LaPudula access model not address?>
integrity or availability
What does ISO stand for?
international organization for standardization
What are parallel DR tests?
involve relocating personnel to the alternate recovery site and implementing site activation procedures.
What is postwhitening in Twofish?
involves XORIng the plain text with a seperate subkey after the 16th round of encryption
What is Prewhitening in Twofish?
involves XORing the plain text with a separate subkey before the first round of encryption.
What is work function (work factor)
is a way to measure the strength of a cryptography system by measuring the effort in terms of cost and/or time to decrypt messages.
How does a a RST (reset) flagged packet disconnect a TCP communication session?
it causes an immediate and abrupt session termination
What is service-oriented architecture? (SOA)
it constructs new applications or functions out of existing but separate and distinct software services.
What is a covert timing channel?
it conveys information by altering the performance of a system component or modifying a resources timing in a predictable manner.
What is a covert storage channel?
it conveys information by writing data to a common storage area where another process can read it.
what doesn't TCSEC exercise control over
it doesn't exercise control over what users do with the information once access is granted. -- can be a problem in military and commercial applications alike
What is trusted recovery in terms of systems crashing?
it ensures that all controls remain intact in the event of a crash.
what is Data hiding?
it ensures that data existing at one level of security is not visible to processes running at different security levels.
What is the principle of least privilege in terms of OS processes?
it ensures that only a minimum number of processes are authorized to run in supervisory mode. The greater the number of processes that execute in privileged mode, the higher the number of potential vulnerabilities.
What is an inference attack?
it involves combining several pieces of nonsensitive information to gain access to information that should be classified at a higher level. (sue figures out how much someone makes by taking the total salary spent per day, and compares it to the day a specific employee was hired)
What is an un-shielded twisted pair? (UTP)
it is twisted pair cabling without the foil wrapper under the external sheath.
What is a capabilities list?
it maintains a row of security attributes for each controlled object.
what is the technical definition of privacy?
it means protecting personal information from disclosure to any unauthorized individual or entity
How does cross-talk between twisted pair cables occur?
it occurs when data transmitted over one set of wires is picket up by another set of wires due to radiating electromagnetic fields product by the electrical current.
What is meant by a layering process?
it puts the most sensitive functions of a process at the core, surrounded by a series of increasingly larger concentric circles. innermost layer or bottom level is most sensitive
How does Transmission logging work?
it records the particulars about source, transmission status, number of packets, size of message, and so on. - the pieces of information may be useful in troubleshooting problems and tracking down unauthorized communications
What is an application layer gateway?
it serves as a protocol translation tool. (example: IP-to-IPX gateway takes inbound communications from TCP/IP and translates them over to IPX/SPX for outbound transmission. (application layer firewalls)
why can water not be used on class b fires?
it splashes the burning liquids and such liquids usually float on water.
How does a fixed-temperature detection system work?
it triggers suppression when a specific temperature is reached. (usually a metal or plastic component in the sprinkler head that melts at a specific temperature)
How does dynamic RAM store data?
it uses a series of capacitors, tiny electrical devices that hold a charge. The capacitors either hold a charge (1) or do not (0) The CPU must spend time refreshing the contents of dynamic RAM to ensure that 1 bits don't unintentionally change to 0 bits
What is Digital Rights Management (DRM) software?
it uses encrryption to enforce copyright restrictions on digital media.
How does the spiral system development model work?
it uses several iterations of the waterfall model to produce a number of fully specified and test prototypes.
What is a candidate key in a relational database?
it's a subset of attributes that can be used to uniquely identify any record in a table. - no two records in the same table will ever contain the same values for all attributes composing a candidate key. - each table may have one or more canidate keys, which are chosen from column headings
What is Single Loss expectancy and how do you calculate it
it's the monetary loss that is expected each time the risk materializes. You can compute the SLE using the following formula: SLE = AV × EF
what is a decision support system (DSS)?
its a knowledge-based application that analyzes business data and presents it in such a way as to make business decisions easier for users.
What is an electronic access control lock (EAC)?
its a lock that incorporates three elements. 1. an electromagnet to keep the door closed 2. a credential reader to authenticate subjects and to disable the electromagnet 3. a sensor to reengage the electromagnet when the door is closed
How does the waterfall system development model work?
its a sequential development process that results in the development of a finished product - developers may step back only one phase in the process if errors are discovered.
What is common mode noise?
its generated by a difference in power between the hot and ground wires of a power source or operating electrical equipment.
What is the main work product of a security assessment?
its normally an assessment report addressed to management that contains the results of the assessment in nontechnical language and concludes with specific recommendations for improving the security of the tested environment.
what is DES Cipher feedback (CFB) mode?
its the streaming cipher version of CBC. CFB operates against data produced in real time
What is Technology convergence?
its the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time.
What is multicasting?
its the transmission of data to multiple specific recipients (RFC 1112 discusses the requirements to perform IGMP multicasting)
What is a common example of the sutherland model?
its use to prevent a covert channel from being used to influence the outcome of a process or activity
What is an occupant emergency plan (OEP)?
its used to guide and assist with sustaining personnel safety in the wake of a disaster. - it provides guidance on how to minimize threats to life, prevent injury, manage duress, handle travel, provide for safety monitoring, and protect property from damage in the event of a destructive physical event
How is RARP used in Layer 2 (data link layer) of the OSI model?
its used to resolve MAC addresses into IP addresses
What is the supervisory state of system processing?
its used when the process must perform an action that requires privileges that are greater than the problem state's set of privileges,. (installing device drivers, or modifying security settings).
What are the most common and inexpensive forms of physical access control devices?
key locks
what is one of the primary goals of an effective incident response?
limit the effect or scope of an incident
What are process bounds?
limits set on the memory addresses and resources it can access.
how does a passive audio motion detector work?
listens for abnormal sounds in the monitored area
What are logic bombs?
logic bombs are malicious code objects that infect a system and lie dormant until they are triggered by the occurrence of one or more conditions such as time, program launch, website logon, and so on.
What are memory cards?
machine-readable ID cards with a magnetic strip. (credit cards)
What is the best defese against inference attacks?
maintain constant vigilance over the permissions granted to individual users
What are crackers?
malicious individuals intent on waging an attack against a person or system. - they attempt to crack the security of a system to exploit it, motivated by greed, power, or recognition
What is a program executive also known as the process scheduler?
manages processes awaiting execution in the ready and waiting states decides what happens to running processes when they transition into another state.
How should you manage sensitive information?
marking, handling, storing, and destroying sensitive information.
What is a structured walk-through DR test? (table top exercise)
members of the DR team gather in a large conference room and role-play a Disaster scenario
What is indirect memory addressing?
memory address supplied to the CPU as part of the instruction doesn't contain the actual value that the CPU is to use as an operand. the memory address contains another memory address (perhaps located on a different page)
what is a power spike?
momentary high voltage
What is a sag?
momentary low voltage
What is a potential security risk that exists when non-IP protocols are in use in a private network?
most firewalls are unable to perform packet header, address, or payload content filtering on those protocols. -- a firwall typically must either block all or allow.
What are class D subnets used for?
multicasting
What kind of protocol provides a wide range of protocols that can be used at higher layers?
multilayer protocols
what kind of protocol is flexibility and resiliency in complex network structures supported?
multilayer protocols
What is a multipartite virus?
multipartitie viruses uses more than one propagation technique in an attempt to penetrate systems that defend against only one method or the other. - Example is the Mazia virus. it infects critical COM and EXE files, most notably the command.com system file by adding 2048 bytes if malicious code to each file (infector virus) then two hours later it writes malicious code to the systems master boot record (boot sector virus)
list the six principles to guide digital evidence technicians as they perform media analysis
network analysis, and software analysis in the pursuit of forensically recovered evidence.,1. When dealing with digital evidence, all of the general forensic and procedural principles must be applied. 2. Upon seizing digital evidence, actions taken should not change that evidence. 3. When it is necessary for a person to access original digital evidence, that person should be trained for the purpose 4. All activity relating to the seizure, access, storage, or transfer of digital evidence must be fully documented, preserved, and available for review. 5. An individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in their possession. 6. Any agency that is responsible for seizing, accessing, storing, or transferring digital evidence is responsible for compliance with these principles.
What OSI layer does ESP operate at?
network layer (layer 3), and can be used in transport mode or tunnel mode.
what is clean power
nonfluctuating pure power
What is flash memory?
nonvolatile form of storage media that can be electronically erased and rewritten
What are instances in object-oriented programming?
objects are instances of or examples of classes that contain their methods
Where is BIOS or a device firmware normally stored?
on a EEPROM device so it can be updated as necessary
What is a restricted interface model?
one subject at one classification level will see one set of data and have access to one set of functions. another subject at a different classifaction level will see a different set of data and have access to a different set of functions.
What should the walls of your server room have?
one-hour minimum fire rating
What parts of the Security CIA does Bell-LaPadula address?
only confidentiality
When should UDP be used?
only when the delivery of data is not essential. -- its often employed by real-time or streaming communications for audio and/or video
What are full-interruption DR tests?
operate like parallel tests, but actually involve bringing down the production site.
How are most fires in data centers caused?
overloaded electrical distribution outlets
the
pages
What is multithreading?
permits multiple concurrent tasks to be performed within a single process (think of a single word processor application opening multiple documents. Each Document is its own separate thread)
What is another term used for a wiring closet?
premises wire distribution room
What is data hiding?
prevents information from being read from a different security level
What OSI layers can brouters operate at?
primarily layer 3 but can operate at layer 2 when necessary.
What is a power surge?
prolonged high voltage
What are Non-IP protocols?
protocols that serve as an alternative to IP at the OSI Network Layer (3)
What are security control baselines?
provide a listing of controls that an organization can apply as a baseline.
What is IEEE 802.1x?
provides a flexible framework for authentication and key management in wired and wireless networks.
What is Software as a service? (SaaS)
provides on-demand online access to specific software applications or suites without the need for local installation
What is the difference between quantitative and qualitative risk assessment?
quantitative analysis is the act of assigning a quantity to risk— in other words, placing a dollar figure on each asset and threat. Qualitative assigns subjective and intangible values to the loss of an asset. - Qualitative risk analysis is more scenario based than it is calculator based. Rather than assigning exact dollar figures to possible losses, you rank threats on a scale to evaluate their risks, costs, and effects.
What is the most effective means of preventing SQL injection attacks?
removing the single quote characters (') from the input
What are physical bounds?
require each bounded process to run in an area of memory that is physically separated from the other bounded processes. not just logically bounded in the same space
What are the three major components of a security assessment program?
security tests security assessments security audits
How does a photoelectronic motion detector work?
sense changes in visible light levels for the monitored area. - usually deployed in internal rooms that have no windows and are kept dark
How does a capacitance motion detector work?
senses changes in the electrical or magnetic field surrounding a monitored object
What does SSID stand for?
service set identifier
What are JAVA applets?
short JAVA programs transmitted over the internet to perform operations on a remote system
What is a simulation DR test?
similiar to the structured walk-throughs, DR team members are presented with a scenario and asked to develop an appropriate response.
Why should download/upload policies be created?
so that incoming and outgoing data is screened and suspect materials blocked
What is firmware? (also known as microcode in some circles)
software that is stored in a ROM chip
What is the goal of a business attack?
solely to extract confidential information
What is a wrapper?
something used to enclose or contain something else, think of Trojan Horses
What determines the permissibility of access when using MAC?
static attributes of the subject and the object
How does statistical sampling work?
statistical sampling uses precise mathematical functions to extract meaningful information from a large volume of data
What is Random Access storage?
storage that allows an OS to read (or write) immediately from any point within the device by using some type of addressing system.
What is a data dictionary commonly used for?
storing critical information about data: usage, type, sources, relationships, and formats
Which task of BCP bridges the gap between the business impact assessment and the continuity planning phases?
strategy development The strategy development task bridges the gap between business impact assessment and continuity planning by analyzing the prioritized list of risks developed during the BIA and determining which risks will be addressed by the BCP
What is rule-based access control? (RBAC)
subject A is granted access to object B if the security system can find a rule that allows a subject with subject A's clearance to access an object with object B's classification.
What classification levels can information flows be between?
subjects and objects at the same AND different classification models.
what is a message digest?
summaries of a message's content produced by a hashing algorithm
Where does any function not occuring in the user mode (ring 3) or problem state take place in?
supervisory mode
What mode does rings 0-2 run in?
supervisory or privileged mode
What is SMP in computer processing?
symmetric multiprocessing. - a single computer contains multiple processors that are treated equally and controlled by a single OS
What is a multistate system?
systems that are certified to handle multiple security levels simultaneously by using specialized security mechanisms.
What do HSM's include to prevent their misuse even if physical access is gained by an attacker?
tamper protection
What is the TEMPEST technology?
technology that allows the electronic emanations that every monitor produces to be read from a distance. (Also known as VAn Eck phreaking)
What idea is parallel data systems (or parallel computing) based off of?
that some problems can be solved efficiently if broken into smaller tasks that can be worked on concurrently
What is direct memory addressing?
the CPU is provided with an actual address of the memory location to access. The address must be located on the same memory page as the instruction being executed.
What is the second, or middle basic layer used on a TCP/IP network?
the IP address - its a temporary logical address assigned over or onto the MAC address
How does the master boot record (MBR) virus work?
the MBR virus will store the majority of its codes on antoerh portion of the storage media. When the system reads the MBR, the virus instruct it to read and execute the malicious code in the alternate location.
How does dynamic NAT'ing work?
the NAT system maintains a database of mappings sot hat all response traffic from internet services is properly routed to the original internal requesting client.
Who defines the standards for PCI-DSS
the PCI Security standards council members, who are primarily credit card banks and financial institutions
What is the definition of fault tolerance?
the ability of a system to suffer a fault but continue to operate.
what is fault tolerance?
the ability of a system to suffere a fault but continue ot operate
What is the primary benefit of converged protocols?
the ability to use existing TCP/IP supporting network infrastructure to host special or proprietary services without the need for unique deployments of alternate networking hardware.
What is packet sniffing?
the act of capturing packets from the network in hopes of extracting useful information from the packet contents
What is the definition of impersonation/masquerading?
the act of pretending to be someone or something you are not to gain unauthorized access to a system
What is encapsulation?
the addition of a header, and possibly a footer, to the data received by each layer from the layer above before it's handed off to the layer below.
How do you calculate Exposure factor?
the amount of damage that the risk poses to the asset, expressed as a percentage of the asset's value.
What is a wireless cell?
the areas within a physical environment where a wireless device can connect to a wireless access point
What does the yyyy in the XXyyyyZZ syntax represent in cable most cable naming conventions?
the baseband or broadbad aspect of the cable, such as a baseband for a 10base2 cable.
What is the single point of failure in a star network?
the centralized connection device (hub, switch)
What is Platform as a service? (Paas)
the concept of providing a computing platform and software solution stack as a virtual or cloud-based service.
What is the biggest security concern with grid computing?
the content of each work packet is potentially exposed to the world
What is assurance?
the degree of confidence in satisfaction of security needs.
What was Stuxnet?
the first-ever rootkit that as delivered to a SCADA system in a nuclear facility
What is the definition of system accreditation?
the formal declaration by the DAA (designated approving authority) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
what is a control zone?
the implementation of either a faraday cage or white noise generation or both to protect a specific area in an environment:, the rest of the environment is not affected
What model is used to establish a relationship between two versions or states of the same object when those two versions or states exist at different points in time?
the information flow model
what model is the noninterference model loosely based on?
the information flow model
What is account provisioning?
the initial step in identity management is the creation of new accounts and provisioning them with appropriate privileges.
what is the arc radius of a network cable?
the maximum distance the cable can be bent before damaging the internal conductors
What does the XX in the XXyyyyZZ syntax represent in cable most cable naming conventions?
the maximum speed the cable type offers, such as 10 mbs for a 10base2 cable
What are Converged protocols?
the merging of specialty or proprietary protocols with standard protocols such as those from the TCP/IP suite
which flow model can be imposed to provide a form of protection against damage caused by malicious programs such as Trojan Horses?
the noninterference model
Why cant water be used on class C fires?
the potential for electrocution
What is the waiting state of system processing?
the process is ready for continued execution but is waiting for a device or access request.
What is a wireless site survey?
the process of investigating the presence, strength, and reach of wireless access points deployed in an environment.
What are the TCP/UDP ports 1024 to 49151 known as?
the registered software ports. Theses are ports that have one or more networking software products specifically registered with the international assigned numbers authority (IANA)
What does data remnants refer to?
the remaining data elements left on a storage device after a standard deletion or formatting process.
What is the definition of data analytics?
the science of raw data examination with the focus of extracting useful information out of the bulk information set.
What is the definition of system certification?
the technical evaluation of each part of a computer system to assess its concordance with security standards
What is the time of check (TOC)?
the time at which the subject checks on the status of the object.
What is the downfall of WPA?
the use of a single static passphrase
What is fax link encryption
the use of an encrypted communication path, like a VPN link or a secured telephone link, to transmit the fax.
What is Ground power?
the wire in an electrical circuit that is grounded
What are fifth-generation programming languages? (5GL)
these allow programmers to create code using visual interfaces
What are fourth-generation programming languages? (4GL)
these attempt to approximate natural languages and include SQL, which is used by databases
How do authorized DNS server attacks work?
they aim at altering the primary record of a FQDN on its original host system.
How does QoS priority values work in IPv6?
they allow traffic management based on prioritized content
What are state attacks?
they attack timing, data flow control, and transition between one system state to another.
How do firewalls filter traffic?
they filter traffic based on a defined set of rules, also called filters or access control lists
How does Distance vector routing protocols work?
they maintain a list of destination networks along with the metrics of direction and distance as measured in hops (the number of routers to cross to reach the destination)
How does Link State routing protocols work?
they maintain a topography map of all connected networks and use this map to determine the shortest path to the destination.
How does steganographic algorithms work?
they make alterations to the least significant bits of the many bits that make up image files.
How does a heat-based motion detector work?
they monitor for significant or meaningful changes in the heat levels and patterns in a monitored area
How does infrared motion detectors work?
they monitor for significant or meaningful changes in the infrared lighting pattern of a monitored area
What are protection rings?
they organize code and components in an OS into concentric rings. The deeper inside the circle you go, the higher the privilege level associated with the code that occupies a specific ring Most Modern OS's use a four-ring model (numbered 0 through 3)
What are digital certificates?
they provide communicating parties with the assurance that the people they're communicating with truly are who they claim to be.
What domains are systems a part of on either side of a router?
they're a part of different broadcast domains and different collision domains.
What domains are systems on either side of a switch operating at layer 3 a part of?
they're a part of different broadcast domains and different collision domains.
what domains are systems on either side of a brouter at layer 3 a part of?
they're a part of different broadcast domains and different collision domains.
what domains are systems on either side of a brouter at layer 2 a part of?
they're a part of the same broadcast domain but are in different collision domains
What is usually the motivation behind a military and intelligence attack?
they're launched primarily to obtain secret and restricted information from law enforcement or military and technological research sources
What is an aggregation attack?
they're used to collect numerous low-leval security items or low-value items and combine them to create something of a higher security level or value.
What are the two main types of coaxial cables?
thinnet and thicknet
in software development what is fail-open state?
this allows users to bypass failed security controls, erring on the side of permissiveness.
What is DNS query spoofing?
this attack occurs when the hacker is able to eavesdrop on a client's query to a DNS server. The attacker then sends back a false reply.
What are second-generation programming languages? (2GL)
this includes all assembly languages
What are third-generation programming languages? (3GL)
this includes all compiled languages
What are first-generation programming languages? (1GL)
this includes all machine languages
CY - What is an OCTAVE Risk assessment?
this is an approach where analysts identify assets and their criticality, identify vulnerabilities and threats , and base the protection strategy to reduce risk.
What is a wireless, bridge mode infrastructure?
this occurs when a wireless connection is used to link two wired networks
What is a wireless, bridge mode infrastructure?
this occurs when a wireless connection is used to link two wired networks - often uses dedicated wireless bridges and is used when wired bridges are inconvenient, such as when linking networks between floors or buildings
What is a state transition?
this occurs when accepting input or producing output.. a transition always results in a new state. -- all state transitions must be evaluated
what is a wireless, enterprise extended mode infrastructure?
this occurs when multiple wireless access points (WAPs) are used to connect a large physical area to the same wired network. Mutliple WAPs with the same ESSID, wireless clients can roam the area while maintaining network connectivity
What is a land attack?
this occurs when the attacker sends spoofed SYN packets to a victim using the victims IP address as both the source and destination IP address. This tricks the system into constantly replying to itself and can cause it to freeze, crash, or reboot.
What is a wireless, wired extension mode infrastructure?
this occurs when the wireless access point acts as a connection point to link the wireless clients to the wired network.
in software development what is fail-secure failure state?
this puts the system into a high level of security (and possibly even disables it entirely) until an administrator can diagnose the problem and restore the system to normal operation.
What is "Big Data"
this refers to collections of data that have become so large that traditional means of analysis or processing are ineffective, inefficient, and insufficient.
What is threat modeling?
this refers to the process of identifying, understanding, and categorizing potential threats
What is the main motivation behind a thrill attack?
thrill attacks are motivated by individuals seeking to achieve the "high" associated with successfully breaking into a computer system.
How was MPLS designed to handle a wide range of protocols?
through encapsulation. --This enables the use of many other networking technologies including T1/E1, ATM, Frame Relay, SONET, and DSL
How does IGMP work?
through the use of IGMP multicasting, a server can initially transmit a single data signal for the entire group rather than a separate initial data signal for each intended recipient.
How is integrity maintained and interference prohibited using the Sutherland Model?
through the use of three predetermined secure states: 1. System states 2. initial states 3. state transitions
How does communication take place between application security layers?
through the use of well-defined, specific interfaces to provide necessary security. All inbound requests from outer (less sensitive) layers are subject to stringent authentication and authorization checks.
What is the basic requirements for evidence to be admissible in a court of law?
to be admissible, evidence must be relevant to a fact at issue in the case, the fact must be material to the case, and the evidence must be competent or legally collected.
What are the three basic requirements that evidence must meet in order to be admissible in court?
to be admissible, evidence must be reliable, competent, and material to the case
What is the goal of SSL?
to create secure communications channels that remain open for an entire web browsing session
What is the purpose of a terrorist attack?
to disrupt normal life and instill fear
Why was the OSI model created?
to establish a common communication structure or standard for all computer systems
What is the point of the fire triangle?
to illustrate that if you can remove any one of the four items from the fire triangle, the fire can be extinguished.
What was the Red Book in the rainbow series developed for?
to interpet the TCSEC in a networking context
What is the purpose of a constrained interface?
to limit or restrict the actions of both authorized and unauthorized users.
What is DMA most commonly used for?
to permit disk drives, optical drives, display cards, and multimedia cards to manage large-scale data transfers to and from real memory.
What is the goal of the restoration process during incident recovery and remediation
to remediate any damage that may have occurred to the organization and limit the damage incurred by similar incidents in the future.
How is ARP used in Layer 2 (data link layer) of the OSI model?
to resolve IP addresses into MAC addresses.
What is DNS used for?
to resolve a human-friendly domain name into its IP Address equivalent.
What is ARP used for?
to resolve an IP address into the appropriate MAC address in order to craft the Ethernet header for data transmission.
What is a TPM chip used for?
to store and process cryptographic keys for the purpose of a hardware supported/implemented hard drive encryption system.
What is a gateway responsible for?
transferring traffic from one network to another by transforming the format of that traffic into a form compatible with the protocol or transport method used by each network.
what two modes can IPSEC operate in?
transport or tunnel mode
What is Real memory (main memory or primary memory)
typically the largest RAM storage resource available to a computer.
What are information flow models designed to prevent?
unauthorized, insecure, or restricted information flow, often between different levels of security often referred to as multilevel models
fill
up
What is a meet in the middle attack>?
used to defeat encryption algorithms that use two rounds of encryption.
What is the major difference between the compartmented mode system and high mode system?
users of a compartmented mode system do not necessarily have access approval for all the information on the system.
What are compartmented mode workstations (CMWs)
users with the necessary clearances can process multiple compartments of data at the same time.
What is base+offset memory addressing?
uses a value stored in one of the CPU's registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to that base address and retrieves the operand from that computed memory location.
what are substitution ciphers?
uses an encryption algorithm to replace each character or bit of the plaintext message with a different character
How does smoke-actuated systems trigger fire suppression?
uses photoelectric or radioactive ionization sensors as triggers
What is masquerading?
using someone elses security id to gain entry to a facility
What are process states (or operating states)
various forms of execution in which a process may run
what is layer 3 (network layer) NOT responsible for?
verifying guaranteed delivery (that is the responsibility of the transport layer)
How does each layer of the OSI communicate?
via a logical channel with its peer layer on another computer
What are service injection viruses?
viruses that inject themselves into trusted runtime processes of the OS such as svhost.exe, winlogin.exe, and explorer.exe
What is aggregation?
when SQL combines records from one or more tables to produce potentially useful information.
What is multiprocessing?
when a multiprocessor computing system harnesses the power of more than one processor to complete the execution of a single application.
When must you re-certify a computer system?
when a specific time period elapses or when you make any configuration changes.
when is a state considered secure?
when all aspects of a state meet the requirements of the security policy
What is a mediated-access model?
when processes that run in higher-numbered rings must generally ask a handler or a driver in a lower-numbered ring for services they need.
what is memory register addressing?
when the CPU needs information from one of its registers to complete an operation, it uses a register address (example register 1)
What is an auxiliary alarm station?
when the security perimeter is breached, emergency services are notified to respond to the incident and arrive at the location
How does a rate-of-rise detection system trigger fire suppression?
when the speed at which the temperature changes reaches a specific level
When does a collision occur?
when two systems transmit data at the same time onto a connection medium that supports only a single transition path
How is authentication provided in S/MIME?
x.509 digital certificates
How do you complete the certification phase when assessing a computer system?
you complete the certification phase when you have evaluated all factors and determined the level of security for the system.
How can you guarantee the CIA of data?
you must ensure that all components that have access to data are secure and well behaved
what is enrollment in the digital cert process?
you must first prove your identity to the CA in some manner before obtaining a cert
What should you do if your e-mail message needs authentication, integrity and/or nonrepudiation?
you should digitally sign the message
what should you do if your e-mail message requires confidentiality, integrity, authentication, and nonrepudiation?
you should encrypt and digitally sign the message
