Section 2 D430
What are Access control lists (ACL's)?
Access control lists (ACLs), often pronounced "ackles," are lists containing information about what kind of access certain parties are allowed to have to a given system. We often see ACLs implemented as part of application software or operating systems and in the firmware of some hardware appliances, such as network infrastructure devices.
What are Administrative controls?
Administrative controls are based on rules, laws, policies, procedures, guidelines, and other items that are "paper" in nature. Administrative controls dictate how the users of your environment should behave. You may have a simple rule such as "turn the coffee pot off at the end of the day," aimed at avoiding a physical security problem (burning your building down at night).
What is authorization and/or access controls?
Authorization is the process of determining exactly what an authenticated party can do. You typically implement authorization using access controls, which are the tools and systems you use to deny or allow access. You can base access controls on physical attributes, sets of rules, lists of individuals or systems, or other, more complex factors. When it comes to logical resources, you'll probably find simple access controls implemented in everyday applications and operating systems and elaborate, multilevel configurations in military or government environments.
What are flaws in biometric systems?
Biometric systems are prone to several common issues. As I mentioned when discussing circumvention, it's easy to forge some biometric identifiers.
Chapter 2
Chapter 2
Chapter 3
Chapter 3
What is Defense in Depth?
Defense in depth is a strategy common to both military maneuvers and information security. The basic concept is to formulate a multilayered defense that will allow you to still mount a successful resistance, should one or more of your defensive measures fail. At the least, you would want defenses at the external network, internal network, host, application, and data levels. The goal of defense in depth is to place enough defensive measures between your truly important assets and the attacker so that you'll notice that an attack is in progress and have enough time to prevent it.
What is denying access?
Denying access is the opposite of granting access. When you deny access, you are preventing a given party from accessing the resource in question. You might deny access to a person attempting to log onto a machine based on the time of day, or you might block unauthorized individuals from entering the lobby of your building beyond business hours. Many access control systems are set to deny by default.
What is "utility" in the Parkerian hexad?
Finally, the principle utility refers to how useful the data is to you. Utility is also the only principle of the Parkerian hexad that is not necessarily binary in nature; you can have a variety of degrees of utility, depending on the data and its format.
If you're using an eight-character password that contains only lowercase characters, would increasing the length to ten characters represent any significant increase in strength? Why or why not?
It would slightly increase it by adding more possibilities, but not as much as adding special characters and uppercase letters.
What is the "Post-Incident Activity" phase of the NIST Incident Response Process?
Like preparation, post-incident activity is easy to overlook, but you should ensure that you don't neglect it. In the post-incident activity phase, often referred to as a post-mortem (Latin for "after death"), you attempt to determine specifically what happened, why it happened, and what you can do to keep it from happening again. The purpose of this phase is not to point fingers or place blame (although this does sometimes happen) but to ultimately prevent or lessen the impact of future such incidents.
What is limiting access?
Limiting access is allowing only some degree of access to your resources. In a physical security scheme, you might have a master key that can open any door in the building, an intermediate key that can open only a few doors, and a low-level key that can open only one door. You might also implement limited access when you're using applications that may be exposed to attack-prone environments, like web browsers used on the internet.
What are six items that might be considered logical controls?
Logical controls can be called technical controls and protect systems, networks, and environments that process, transmit, and store your data; six items that might be considered logical controls are passwords, encryption, access controls, firewalls, and intrusion detection systems.
What are Media Access Control (MAC) addresses?
Media Access Control (MAC) address filtering is one of the simplest forms of network-oriented ACLs. Media Access Control addresses are unique identifiers hard-coded into each network interface in a given system.
If you develop a new policy for your environment that requires you to use complex and automatically generated passwords that are unique to each system and are a minimum of 30 characters in length, such as "!Qa4(j0nO$&xn1%2AL34ca#!Ps321$," what will be adversely impacted?
More secure passwords but many people will have issues forgetting their password and typing it in wrong.
What is Multifactor Authentication?
Multifactor authentication uses one or more of the factors discussed in the preceding section. When you're using only two factors, this practice is also sometimes called two-factor authentication. Let's return to the ATM example because it illustrates multifactor authentication well. In this case, you use something you know (your PIN) and something you have (your ATM card). Your ATM card serves as both a factor for authentication and a form of identification.
What is Multilevel Access Control?
Multilevel access control models combine several of the access control models discussed in this section. They're used when the simpler access control models aren't considered robust enough to protect the information to which you're controlling access.
What is Mutual Authentication?
Mutual authentication is an authentication mechanism in which both parties in a transaction authenticate each other. In mutual authentication, not only does the client authenticate to the server, but the server authenticates to the client.
Considering the CIA triad and the Parkerian hexad, what are the advantages and disadvantages of each model?
One advantage of the CIA Triad is that it can discuss security issues in a specific fashion, and a disadvantage of it is that it can be more restrictive than needed. One advantage of the Pakerman Hexad is that it is more extensive and complex than the CIA Triad, but it isn't as well known.
What is the 1st step, "Identify Assets", in the Risk Management Process?
One of the first and, arguably, most important parts of the risk management process is identifying the assets you're protecting. If you can't enumerate your assets and evaluate the importance of each, protecting them can become a difficult task indeed.
What is a sandbox?
One way to limit access is by running sensitive applications in sandboxes, which are isolated environments containing a set of resources for a given purpose. We use sandboxes to prevent their contents from accessing files, memory, and other system resources with which they shouldn't be interacting. Sandboxes can be useful for containing things that you can't trust, such as code from public websites.
What are passwords?
People often describe certain passwords as being strong, but a better descriptive term might be complex. If you construct a password that uses lowercase letters only and is eight characters long, you can use a password-cracking utility to crack it quickly. Applications called password managers exist to help us manage all the logins and passwords we have for different accounts, some as locally installed software and others as web or mobile device applications.
What is blackholing?
Some organizations, such as those that operate web servers, mail servers, and other services exposed to the internet, apply large-scale filtering to block out known attacks, spammers, and other undesirable traffic. Such filtering might include dropping traffic from individual IP addresses, ranges of IP addresses, or the entire IP spaces of large organizations, internet service providers, or even entire countries. This practice is commonly called blackholing, because from the user's perspective, any traffic sent to filtered destinations appears to have vanished into a black hole
Name three reasons why an identity card alone might not make an ideal method of authentication.
Someone can steal it, you can lose it, someone can clone it.
What is the NIST Incident Response Process?
The NIST Incident Response Process contains four steps: Preparation. Detection and Analysis. Containment, Eradication, and Recovery. Post-Incident Activity
What is the Parkerian hexad model?
The Parkerian Hexad, a less well-known model named after Donn Parker and introduced in his book Fighting Computer Crime, provides a somewhat more complex variation of the classic CIA triad. Where the CIA triad consists only of confidentiality, integrity, and availability, the Parkerian hexad consists of these three principles as well as possession or control, authenticity, and utility,3 for a total of six principles,
What biometric factor describes how well a characteristic resists change over time?
The biometric factor that describes how well a characteristic resists change over time is Permanence. ( Biometric factors are defined by seven characteristics: universality, uniqueness, permanence, collectability, performance, acceptability, and circumvention.)
What is the "Containment, Eradication, and Recovery" phase of the NIST Incident Response Process?
The containment, eradication, and recovery phase is where most of the work to solve the incident takes place, at least in the short term. containment involves taking steps to ensure that the situation doesn't cause any more damage than it already has—or at least lessen any ongoing harm
What is the "Detection and Analysis" phase of the NIST Incident Response Process?
The detection and analysis phase is where the action begins. In this phase, you detect an issue, decide whether it's actually an incident, and respond to it appropriately. Most often, you'll detect the issue with a security tool or service, like an intrusion detection system (IDS), antivirus (AV) software, firewall logs, proxy logs, or alerts from a security information and event monitoring (SIEM) tool or managed security service provider (MSSP).
Explain the difference between a vulnerability and a threat.
The difference between a vulnerability and a threat is that a threat is something that has the potential to cause harm, a vulnerability is a weakness or hole threats can exploit to cause you harm.
What is Availability in the CIA Triad?
The final leg of the CIA triad is availability. Availability refers to the ability to access our data when we need it.
Based on the Parkerian hexad, what principles are affected if you lose a shipment of encrypted backup tapes that contain personal and payment information for your customers?
Using the Pakerian Hexad, possession will be affected if you lose a shipment of encrypted backup tapes.
What is a vulnerability in information security?
Vulnerabilities are weaknesses, or holes, that threats can exploit to cause you harm.
If the web servers in your environment are based on Microsoft's Internet Information Services (IIS) and a new worm is discovered that attacks Apache web servers, what do you not have?
We do not have a threat because the worm is for a different server system.
What is the 3rd step, "Assess Vulnerabilities", in the Risk Management Process?
When assessing vulnerabilities, you need to do so in the context of potential threats. Any given asset may have thousands or millions of threats that could impact it, but only a small fraction of these will be relevant.
What are sockets?
When you combine several attributes, you begin to arrive at a more secure technique. For example, it's common to use both an IP address and a port, a combination typically called a socket. Using sockets, you can allow or deny network traffic from one or more IP addresses with one or more applications on your network in a workable fashion.
What are access controls in a facility?
When you lock or unlock the doors of your house, you're using a form of physical access control, based on your keys. (Your keys are something you have, as discussed in Chapter 2; in this case, they function as methods of both authentication and authorization.) When you start your car, you're also likely to use a key. For some newer cars, your key may even include an extra layer of security with radio-frequency identification (RFID) tags, which are certificate-like identifiers stored on the key. Upon reaching your place of employment, you might use a badge (again, something you have) to enter the building. When you sit down in front of your computer at work and enter your password (something you know), you're authenticating yourself and using a logical access control system to access the resources for which you've been given permission.
What is identification and authentication?
When you're developing security measures, whether they're specific mechanisms or entire infrastructures, identification and authentication are key concepts. In short, identification makes a claim about what someone or something is, and authentication establishes whether this claim is true. One common example of an identification and authentication transaction is the use of payment cards that require a personal identification number (PIN).
What are capabilities with ACLs?
Whereas ACLs define permissions based on a given resource, an identity, and a set of permissions, all generally held in a file of some sort, you can also define permissions based on a user's token, or key, otherwise known as a capability. Although the token isn't a physical object in most cases, you can think of it as the badge you might use to open the door of a building. The building has one door, and many people have a token that will open it, but each person has a different level of access. In capability-based systems, the right to access a resource is based entirely on possession of the token, rather than who possesses it.
What do you call the process in which the client authenticates to the server and the server authenticates to the client?
You call the process in which the client authenticates to the server and the server authenticates to the client Mutual Authentication.
What types of attacks are there in the CIA Triad?
You can generally place attacks into one of four categories: interception, interruption, modification, and fabrication
A key would be described as which type of authentication factor?
A key would be described as the authentication factor something you have. (There are several approaches to authentication: something you know, something you are, something you have, something you do, and where you are. These approaches are known as factors. )
What are Hardware tokens and how do they work?
A standard hardware token (Figure 2-5) is a small device, typically in the general form factor (size and shape) of a credit card or keychain fob. The simplest hardware tokens look identical to universal serial bus (USB) flash drives and contain a certificate or unique identifier. They're often called dongles. Many hardware tokens contain an internal clock that generates a code based on the device's unique identifier, an input PIN or password, and other potential factors. Usually, the code is output to a display on the token and changes on a regular basis, often every 30 seconds.
If you're using an identity card as the basis for your authentication scheme, what steps might you add to the process to allow you to move to multifactor authentication?
A step I would add is implementing a PIN number to add the factor something you know and move it to multifactor authentication.
What is port filtering over a network?
A third way of filtering traffic is by the port used to communicate over the network. The network port is a numerical designation for one side of a connection between two devices, and we use them to identify the application to which traffic should be routed. For instance, FTP uses ports 20 and 21 to transfer files, Internet Message Access Protocol (IMAP) uses port 143 for managing email, and Secure Shell (SSH) uses port 22 to manage remote connections to systems. There are many more examples, since there are 65,535 ports in all.
What is the 2nd step, "Identify the Threats", in the Risk Management Process?
After enumerating your critical assets, you can then begin to identify the threats that might affect them. It's often useful to have a framework for discussing the nature of a given threat, and the CIA triad or Parkerian hexad discussed earlier in this chapter serves nicely for this purpose. For instance, let's apply the Parkerian hexad to examine the threats you might face against an application that processes credit card payments. - Confidentiality If you expose data inappropriately, you could potentially have a breach. - Integrity If data becomes corrupt, you may incorrectly process payments. - Availability If the system or application goes down, you won't be able to process payments. - Possession If you lose backup media, you could potentially have a breach. - Authenticity If you don't have authentic customer information, you may process a fraudulent transaction. - Utility If you collect invalid or incorrect data, that data will have limited utility.
What are Authorization and access controls?
After you've received a party's claim of identity and established whether that claim is valid, as discussed in Chapter 2, you have to decide whether to allow the party access to your resources. You can achieve this with two main concepts: authorization and access control.
What is allowing access?
Allowing access is giving a party access to a given resource. For example, you might want to give a user access to a file, or you may want to give an entire group of people access to all the files in a given directory. You might also allow someone physical access to a resource by giving your employees a key or badge to your facility.
What are Access Control Models?
An access control model is a way of determining who should be allowed access to what resources. There are quite a few different access control models out there. The most common ones, covered here, include discretionary access control, mandatory access control, rule-based access control, role-based access control, attribute-based access control, and multilevel access control.
What is the 4th step, "Assess Risks", in the Risk Management Process?
Assess Risks Once you've identified the threats and vulnerabilities for a given asset, you can assess the overall risk. As discussed earlier in this chapter, risk is the conjunction of a threat and a vulnerability.
What is Attribute-Based Access Control?
Attribute-based access control (ABAC) is based on the specific attributes of a person, resource, or environment. You can often find it implemented on infrastructure systems, such as those in network or telecommunications environments. Subject attributes belong to an individual. We could choose any number of attributes, such as height in the classic "you must be this tall to ride" access control in amusement park rides. Resource attributes belong to a resource, such as an operating system or application. You'll often see access controlled by resource attributes, although usually this is for technical reasons rather than security reasons; You can use environmental attributes to enable access controls based on environmental conditions. People commonly use time to control access to physical and logical resources.
What are the characteristics of biometrics?
Characteristics of Biometric Factors Biometric factors are defined by seven characteristics: universality, uniqueness, permanence, collectability, performance, acceptability, and circumvention. Universality means you should be able to find your chosen biometric characteristic in the majority of people you expect to enroll in the system. For instance, although you might be able to use a scar as an identifier, you can't guarantee that everyone will have a scar. Uniqueness is a measure of how unique a characteristic is among individuals. Permanence tests how well a characteristic resists change over time and with advancing age. If you choose a factor that can easily vary, such as height, weight, or hand geometry, you'll eventually find yourself unable to authenticate a legitimate user. Collectability measures how easy it is to acquire a characteristic. Most commonly used biometrics, such as fingerprints, are relatively easy to acquire, which is one reason they are common.On the other hand, a DNA sample is more difficult to acquire because the user must provide a genetic sample to enroll and to authenticate again later. Performance measures how well a given system functions based on factors such as speed, accuracy, and error rate. Acceptability is a measure of how acceptable the characteristic is to the users of the system. In general, systems that are slow, difficult to use, or awkward to use are less likely to be acceptable to the user.
What types of attacks are in Confidentiality in the CIA Triad?
Confidentiality Interception attacks allow unauthorized users to access your data, applications, or environments, and they are primarily attacks against confidentiality. Interception might take the form of unauthorized file viewing or copying, eavesdropping on phone conversations, or reading someone else's email, and you can conduct it against data at rest or in motion
What is Confidentiality in the CIA Triad?
Confidentiality refers to our ability to protect our data from those who are not authorized to view it. You could implement confidentiality at many levels of a process.
What is the False Acceptance Rate(FAR) in biometrics?
FAR measures how often you accept a user who should be rejected. This is also called a false positive You want to avoid both of these situations in excess. You should aim for a balance between the two error types, referred to as an equal error rate (EER). If you plot both the FAR and the FRR on a graph, the EER marks the point where the two lines intersect. We sometimes use EER as a measure of the accuracy of biometric systems.
What is the False Rejection Rate in biometrics?
FRR measures how often we reject a legitimate user and is sometimes called a false negative. You want to avoid both of these situations in excess. You should aim for a balance between the two error types, referred to as an equal error rate (EER). If you plot both the FAR and the FRR on a graph, the EER marks the point where the two lines intersect. We sometimes use EER as a measure of the accuracy of biometric systems.
What are File System ACL's
File System ACLs The ACLs in most file systems will have three types of permissions (the authorizations that allow access to specific resources in a specific manner): read, write, and execute. read, which allows a user to access the contents of a file or directory. write, which allows a user to write to a file or directory. execute, which allows a user to execute the contents of the file if that file contains either a program or a script capable of running on the system in question.
If you're developing a multifactor authentication system for an environment where you might find larger-than-average numbers of disabled or injured users, such as a hospital, which authentication factors might you want to use or avoid? Why?
I would avoid something you are because what they are could change and be injured, also something you know because they might forget.
What factors might you use when implementing a multifactor authentication scheme for users who are logging onto workstations that are in a secure environment and are used by more than one person?
I would implement Two factor authentication with an email or phone so the correct person gets the OTP.
What are some common identification and authentication methods?
I'll conclude this discussion by exploring three common identification and authentication methods in detail: passwords, biometrics, and hardware tokens.
What is the difference between verification and authentication of an identity?
Identification makes a claim about what someone or something is, and authentication establishes whether the claim is true. Verification is showing proof of identity but not authenticating.
What is identification?
Identification, as you just learned, is simply an assertion of who we are. This may include who we claim to be as people, who a system claims to be over the network, or who the originating party of an email claims to be.
What is Identity Verification?
Identity verification is a step beyond identification, but it's still a step short of authentication, When you're asked to show a driver's license, Social Security card, birth certificate, or other similar form of identification, this is generally for identity verification, not authentication. It's the rough equivalent of someone claiming the identity John Smith; you asking if the person is indeed John Smith and being satisfied with an answer of "Sure, I am" from the person (plus a little paperwork). The more than we trend toward verification and away from authentication, the weaker our controls are.
What does mutual Authentication protect from?
In cases where you don't perform mutual authentication, you leave yourself open to impersonation attacks, often referred to as man-in-the-middle attacks. In a man-in-the-middle attack, the attacker inserts himself between the client and the server.
What is Authentication?
In information security, authentication is the set of methods used to establish whether a claim of identity is true. Note that authentication does not decide what the party being authenticated is permitted to do; this is a separate task, known as authorization.
What are Network ACL's?
In network ACLs, you typically filter access based on identifiers used for network transactions, such as Internet Protocol (IP) addresses, Media Access Control addresses, and ports. You can see such ACLs at work in network infrastructure such as routers, switches, and firewall devices, as well as in software firewalls, websites like Facebook and Google, email, and other forms of software. Permissions in network ACLs tend to be binary in nature; rather than read, write, and execute, they generally either allow or deny some activity.
What is "possession or control" in the Parkerian hexad?
In the Parkerian hexad, possession or control refers to the physical disposition of the media on which the data is stored. This enables you to discuss your loss of the data in its physical medium without involving other factors such as availability.
What are Discretionary Access Controls?
In the discretionary access control (DAC) model, the owner of the resource determines who gets access to it and exactly what level of access they can have. You can see DAC implemented in most operating systems; if you decide to create a network share in a Microsoft operating system, for instance, you're in charge of people's access to it.
What are Mandatory Access Controls?
In the mandatory access control (MAC) model, the owner of the resource doesn't get to decide who gets to access it. Instead, a separate group or individual has the authority to set access to resources. You can often find MAC implemented in government organizations, where access to a given resource is largely dictated by the sensitivity label applied to it (secret or top secret, for example), by the level of sensitive information the individual is allowed to access (perhaps only secret), and by whether the individual actually has a need to access the resource (a concept called the principle of least privilege, discussed in the box).
What is Information Security?
Information security is defined as - "protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction
What types of attacks go on in both Integrity and Availability within the CIA Triad?
Integrity and Availability 1. Interruption attacks make your assets unusable or unavailable to you on a temporary or permanent basis. These attacks often affect availability but can affect integrity, as well. You would classify a DoS attack on a mail server as an availability attack. 2. Modification attacks involve tampering with an asset. Such attacks might primarily be considered attacks on integrity but could also represent attacks on availability. 3. Fabrication attacks involve generating data, processes, communications, or other similar material with a system
What is Integrity in the CIA Triad?
Integrity is the ability to prevent people from changing your data in an unauthorized or undesirable manner.
Which category of attack is an attack against confidentiality?
Interception attack
What is revoking access?
Revoking access is taking access away from a party after you've granted it. Being able to revoke access is vital to the security of your system.
What is a risk in information security?
Risk is the likelihood that something bad will happen. For you to have a risk in an environment, you need to have both a threat and a vulnerability that the threat could exploit.
What is the Risk Management Process in order?
Risk management processes compensate for risks in your environment.
What is the Rule-based Access Control model?
Rule-based access control allows access according to a set of rules defined by the system administrator. If the rule is matched, access to the resource will be granted or denied accordingly. A good example of rule-based access control is an ACL used by a router. You might see a rule specifying that traffic coming from source A to destination B on port C is allowed. Any other traffic between the two devices would be denied.
What does some organizations, such as the NSA, add ad a factor to the threat/vulnerability/and risk equation?
Some organizations, such as the US National Security Agency (NSA), add a factor to the threat/vulnerability/risk equation called impact. Impact takes into account the value of the asset being threatened and uses it to calculate risk
What are Subject Attributes, Resource Attributes, and Environmental Attributes from the Attribute-Based Access Control (ABAC) model.
Subject attributes belong to an individual. We could choose any number of attributes, such as height in the classic "you must be this tall to ride" access control in amusement park rides. Resource attributes belong to a resource, such as an operating system or application. You'll often see access controlled by resource attributes, although usually this is for technical reasons rather than security reasons; You can use environmental attributes to enable access controls based on environmental conditions. People commonly use time to control access to physical and logical resources.
Chapter 2 Summary
Summary Identification is an assertion of the identity of some party, whether it be a person, process, system, or other entity. Identification is only a claim of identity; it doesn't say anything about any privileges that might be associated with the identity. Authentication is the process used to validate whether the claim of identity is correct. It's different from verification, which is a much weaker way of testing someone's identity. When you perform authentication, you can use several factors. The main factors are something you know, something you are, something you have, something you do, and where you are. An authentication mechanism that includes more than one factor is known as multifactor authentication. Using multiple factors gives you a much stronger authentication mechanism than you might otherwise have. The common set of tools used for authentication includes passwords, tokens, and biometric identifiers. Each of these has its own set of unique challenges that you will need to deal with when you are implementing them as part of your set of security controls. In the next chapter, I'll discuss the steps that take place after identification and authentication: authorization and access control.
What is the summary of Chapter 1?
Summary When discussing issues pertaining to information security, such as attacks and controls, it's helpful to have a model by which to do so. This chapter discussed two potential models: the CIA triad, composed of confidentiality, integrity, and availability; and the Parkerian hexad, composed of confidentiality, integrity, availability, possession or control, authenticity, and utility. As you look toward preventing attacks, it is also helpful to understand the general categories of damage that you might see occur in the event of an attack. Attacks may impact environments through interception, interruption, modification, or fabrication. Each of these effects would impact particular areas of the CIA triad. When discussing specific threats you might face, it's important to understand the concept of risk. You only face risk from an attack when a threat is present and you have a vulnerability that threat can exploit. To mitigate risk, you use three main types of controls: physical, logical, and administrative. Finally, this chapter covered defense in depth, a particularly important concept in the world of information security. To build defensive measures using this concept, you put in place multiple layers of defense
What are weaknesses of Access Control List (ACL) systems?
Systems that use ACLs to manage permissions are vulnerable to a type of attack called the confused deputy problem. This problem occurs when the software with access to a resource (the deputy) has a greater level of permission to access the resource than the user who is controlling the software. If you can trick the software into misusing its greater level of authority, you can potentially carry out an attack. Two of the more common attacks that exploit the confused deputy problem are cross-site request forgery (CSRF) and clickjacking. CSRF is an attack that misuses the authority of the browser on the user's computer. If the attacker knows of, or can guess, a website that has already authenticated the user—perhaps a common site such as Amazon.com—the attacker can embed a link in a web page or HTML-based email, generally to an image hosted from a site controlled by the attacker. When the target's browser attempts to retrieve the image in the link, it also executes the additional commands the attacker has embedded in it, often in a fashion completely invisible to the target. Clickjacking, also known as user interface redressing, is a particularly sneaky and effective client-side attack that takes advantage of some of the page rendering features that are available in newer web browsers. To carry out a clickjacking attack, the attacker must legitimately control or have taken control of some portion of a website. The attacker constructs or modifies the site by placing an invisible layer over something the client would normally click. This causes the client to execute a command that's different than the one they think they're performing.
What is the CIA Triad?
The Confidentiality, Integrity, and Availability Triad - Three of the primary concepts in information security are confidentiality, integrity, and availability, commonly known as the confidentiality, integrity, and availability (CIA) triad, The CIA triad is a model by which you can think about and discuss security concepts. It's also sometimes written as CAI or expressed in its negative form as disclosure, alteration, and denial (DAD).
What is the "Preparation" phase of the NIST Incident Response Process?
The preparation phase of incident response consists of all the activities you can perform ahead of time to better handle an incident. This typically involves creating policies and procedures that govern incident response and handling, conducting training and education for both incident handlers and those who are expected to report incidents, and developing and maintaining documentation. The time to determine what needs to be done, who needs to do it, and how to do it is not when you're faced with an emergency.
What is "authenticity" in the Parkerian hexad?
The principle of authenticity allows you to say whether you've attributed the data in question to the proper owner or creator. For example, if you send an email message that is altered so that it appears to have come from a different email address than the one from which it was actually sent, you would be violating the authenticity of the email Authenticity can be enforced using digital signatures. A similar, but reversed, concept to this is nonrepudiation, which prevents people from taking an action, such as sending an email and then later denying that they have done so.
What is the Role-Based Access Control model?
The role-based access control (RBAC) model allows access based on the role of the individual being granted access. For example, if you have an employee whose only role is to enter data into an application, RBAC would mandate that you allow the employee access to only that application.
What term might you use to describe the usefulness of data?
The term utility could be used to describe the usefulness of data or the ability to utilize it.
How do you implement access controls
The two main methods of implementing access controls are with access control lists and capabilities. Both of these methods have strengths and weaknesses, as well as different ways of carrying out the four basic tasks we covered earlier.
How do you measure biometric systems performance with FAR and FRR?
There are many ways to measure the performance of a biometric system, but a few primary metrics are particularly important. The false acceptance rate (FAR) and false rejection rate (FRR) are two of these.
What are Authentication Factors?
There are several approaches to authentication: something you know, something you are, something you have, something you do, and where you are. These approaches are known as factors. When you're attempting to authenticate a claim of identity, you'll want to use as many factors as possible. Something you are is a factor based on the relatively unique physical attributes of an individual, often referred to as biometrics. Something you do, sometimes considered a variation of something you are, is a factor based on the actions or behaviors of an individual. This may include an analysis of the individual's gait or handwriting or of the time delay between keystrokes as he or she types a passphrase. Something you are and something you do - They do, however, have the potential to incorrectly reject legitimate users at a higher rate than some of the other factors.
What are IP Addessses?
Unfortunately, the software settings in most operating systems can override a network interface's Media Access Control address. Changing this address is easy, so it's not a good choice for a unique identifier of a device on the network. You could use IP addresses instead. Theoretically, an IP address is a unique address assigned to each device on any network that uses the Internet Protocol for communication..
What is the 5th step, "Mitigate Risks", in the Risk Management Process?
To mitigate risks, you can put measures in place to account for each threat. These measures are called controls. Controls are divided into three categories: physical, logical, and administrative. Physical controls protect the physical environment in which your systems sit, or where your data is stored. Such controls also control access in and out of such environments. Physical controls include fences, gates, locks, bollards, guards, and cameras, but also systems that maintain the physical environment, such as heating and air-conditioning systems, fire suppression systems, and backup power generators. Logical controls, sometimes called technical controls, protect the systems, networks, and environments that process, transmit, and store your data. Logical controls can include items such as passwords, encryption, access controls, firewalls, and intrusion detection systems. Logical controls enable you to prevent unauthorized activities; if your logical controls are implemented properly and are successful, an attacker or unauthorized user can't access your applications and data without subverting the controls.
What is a threat in information security?
Ultimately, a threat is something that has the potential to cause harm.
What are biometrics?
You can use biometric systems in two ways. You can use them to verify the identity claim someone has put forth, as discussed earlier, or you can reverse the process and use biometrics as a method of identification. This process is commonly used by law enforcement agencies to identify the owner of fingerprints left on various objects. To use a biometric system in either manner, you need to put the user through some sort of enrollment process. Enrollment involves recording the user's chosen biometric characteristic—for instance, making a copy of a fingerprint—and saving it in a system. Processing the characteristic may also include noting elements that appear at certain parts of the image, known as minutiae
How do you measure the rate at which you fail to authenticate legitimate users in a biometric system?
You measure the rate at which you failed to authenticate legitimate users in a biometric system by using the false rejection rate (FRR).
Using the concept of defense in depth, what layers might you use to secure yourself against someone removing confidential data from your environment on a USB flash drive?
You would put physical security measures in place like fences, gates, locks, bollards, guards, and cameras, but also systems that maintain the physical environment, such as heating and air-conditioning systems, fire suppression systems, and backup power generators, and also put logical and administrative controls in place to not allow them to access things the person shouldnt be able to access.
What would you use access controls for?
You'll probably want to use access controls to carry out four basic tasks: allowing access, denying access, limiting access, and revoking access.
How do you know at what point you can consider your environment to be secure?
Your environment can never be fully secure within it, but you can consider an environment secure when you formulate multilayered defenses that will allow you to have a successful resistance, should one or more of your defenses fail.
What are Logical Assets?
logical assets (assets that exist as data or intellectual property
What are Physical Assets?
physical assets (those that are tangible objects or materials)
