Exam Essentials - Chapter 9
Four Security Modes approved by the federal government for processing classified information
Dedicated Mode (requires all users have appropriate clearance, access permissions, and need to know for all info stored on a system); System high mode (removes the need to know requirement); Compartmented mode (removes the need to know and access permission requirement); Multilevel mode (removes all 3 requirements - can also be called controlled security mode. exposed to the highest kevel of risk).
Caching DNS Server Attack
any DNS system deployed to cache DNS information from other DNS servers. Attacks can occur without notice and for a significant period of time. ultimately affect clients (can poison clients DNS cache).
Covert Channels
any method that is used to pass information but that is not normally used for information. 2 types: covert timing channel (conveys information by altering the performance of a system component or modifying a resources timing in a predictable manner) and covert storage channel (conveys info by writing data to a common storage area where another process can read it). best defense: audit and analyze log files. Over channel are opposite of covert channel.
Local Caches
anything temporarily stored on the client for future reuse (address resolution protocol cache, domain name system cache, and internet files cache).
XML Injection
backend target is a XML application. Protection: input sanitization.
Buffer Overflows and Input Checking
buffer overflow occurs when programmer fails to check the size of input data prior to writing the data into a specific memory location. any failure to validate input data could lead to a security violation.
Common flaws to security architectures
buffer overflows, programmers leaving backdoor and privileged programs on a system after its deployed. Time of check to time of use attacks (TOCTOU). any state change could be a window of opportunity for an attacker to compromise a system.
Security risks posed by input/output devices
can be subject to eavesdropping and tapping, used to smuggle data out of an organization, or used to create unauthorized, insecure points of entry into an organization's systems and networks.
Trusted Recovery
ensures all security controls remain intact In the event of a crash. System ensures there are no opportunities for access to occur when security controls are disabled. Recovery phase runs with all controls intact.
process isolation
ensures that individual processes can access only their own data
SECaaS (Security as a Service)
A cloud provider concept in which security is provided to an organization through or by an online entity.
Parallel Data Systems or Parallel Computing
A computation system designed to perform numerous calculations simultaneously. Parallel data systems often include the concept of dividing up a large task into smaller elements and then distributing each subelement to a different processing subsystem for parallel computation. Parallel data processing can be accomplished by using distinct CPUs or multicore CPUs, using virtual systems or a combo of these. Large scale Parallel data systems must be concerned with performance, power consumption, and reliability/stability issues. Several divisions: asymmetric multiprocessing (AMP) vs symmetric multiprocessing (SMP). variation of AMP is massive Parallel processing (MPP) where numerous SMP are linked in order to work on a single primary task across multiple processes in multiple linked systems (commonly implemented on same chip). Large scale Parallel data management a key tool in managing big data and will often involve cloud computing, grid computing, or peer to peer computing.
Hosted Solution
A deployment concept where the organization must license software and then operates and maintains the software. Hosting provider owns, operates, and maintains hardware that supports orgs software.
Type I Hypervisor
A native or bare-metal hypervisor. In this configuration, there is no host OS; instead, the hypervisor installs directly onto the hardware where the host OS would normally reside.
BIOS (basic input/output system) and UEFI (Unified Extensible Firmware Interface)
BIOS contains OS independent primitive instructions that a computer needs to start and load the OS from disk - contained in a firmware device know as EEPROM chip for version updates aka "flashing the BIOS". Malicious code can embed itself into BIOS/firmware, "phlashing", malicious variation of BIOS installed and introduces remote control. BIOS replaced by UEFI (more advanced interface between hardware and OS).
BYOD (bring your own device)
BYOD policy allows employees to bring their personal mobile device and use them to connect to company network and business resources. May improve morale and job satisfaction among employees, but increases security risk to org. Related issues include: data ownership, support ownership, patch management, anti-virus management, forensics, privacy, on/off boarding, adherence to corporate policies, user acceptance, architecture/infrastructure considerations, legal concerns, acceptable use policies, an on board cameras/video.
Single State Processors
Capable of operating at only one security level at a time. require use of policy mechanisms to manage information at different levels.
Input/Output devices
Monitors (technology known as TEMPEST can compromise security of data displayed on a monitor. Cathode Ray Tube (CRT) monitors (more prone to radiate) and liquid crystal display (LCD) monitors. biggest risk to monitors is shoulder surfing or telephoto lenses on cameras); printers; keyboards/mice (vulnerable to TEMPEST monitoring, keyboard vulnerable to bugging- keyboard logger, radio signals can be intercepted if wireless - including bluetooth); modems (outsider could bypass perimeter protections and access network resources. create alternate egress channel insiders could use to funnel data outside org. these vulnerabilities can only be exploited if modem is connected to an operational telephone landlines. know location of physical and logical modems on network and ensure they are configured correctly).
CASB (cloud access security broker)
a security policy enforcement solution that may be installed on premises or it may be cloud based.
Cloud Computing Concepts
Platform as a service (provides all aspects of a platform- OS and complete solution package. don't have to purchase and maintain hardware and software locally). Software as a Service (on demand online access to software apps or suites). Infrastructure as a service.
Cloud Service Deployment Options
Private: corporate network and isolated from internet. internal use only. Virtual private cloud. Public: cloud service accessible to public over a internet connection. Hybrid: mixture of private and public. Community: cloud environment maintained, used, and paid for by a group of users or organizations for their shares benefit (collaboration and data exchange).
Pros and Cons of Cloud Solutions
Pros: lower costs (maintenence and up front costs), vendor maintained security, scalable resources, high levels of uptime and availability. Cons: no control over OS and software for customer, such as updates and configuration changes. provide minimal customization, and often inaccessible without internet connection. Security policies of cloud vendor may not match that of the org.
Different types of memory used by a computer
ROM is nonvolatile and can't be written to by the end user. The end user can write data to PROM chips only once. EPROM/UVEPROM chips may be erased through the use of ultraviolet light and then can have new data written to them. EEPROM chips may be erased with electrical current and then have new data written to them. RAM chips are volatile and lose their contents when the computer is powered off.
Random vs Sequential Storage
Random access storage allows an OS to read (and sometimes write) immediately from any point within the device by using an Addressing system. Primary storage = Rand storage and secondary storage. Sequential requires you to read (or speed past) all data physically stored prior to the desired location. Ex: magnetic tape drive. slower, cheaper, and holds large amount of data.
Types of RAM
Real Memory (main/primary memory; largest RAM resource available. contains dynamic RAM chips and must be refreshed) and Cache Memory (processor contains an on board cache of fast memory to use can be referred to as L1, L2, L3, or L4 cache). Main types: Dynamic RAM (uses series of capacitators - CPU must spend time refreshing contents to ensure 1 bits don't unintentionally change to 0 bits altering memory contents) and Static RAM (uses a flip flop, on/off switch to change 0 to 1 or vice versa, maintains contents unaltered as long as power is supplied). Dynamic cheaper than static but static is faster.
Memory Addressing (processor must have means of referring to various locations in memory)
Register Addressing (see registers); Immediate Addressing (way of referring to data supplied to CPU as part of an instruction); Direct Addressing (CPU provided with actual address of memory location to access); Indirect Addressing (address given to CPU doesn't contain actual value for CPU to use as operand); Base+Offset Addressing (uses a value stored in one of the CPUs registers as base location from which to begin counting then adds offset).
multiprogramming
Similar to multitasking but takes place on mainframe systems and requires specific programming.
Mobile Device Application Security
The applications and functions used on a mobile device need to be secured. Related concepts include key management, credential management, authentication, geotagging, encryption, application whitelisting, and transitive trust/authentication.
Cloud Shared Responsibility Model
The concept that when an organization uses a cloud solution, there is a division of security and stability responsibility between the provider and the customer. SaaS places most of the burden on the provider while IaaS management leans more toward the customer.
Multitasking
The simultaneous execution of more than one application on a computer and is managed by the OS.
Multiprocessing
The use of more than one processor to increase computing power. two types: Symmetric Multiprocessing (SMP; a single computer contains multiple processors that are treated equally and controlled by a single OS) and massively parallel processing (MPP; house hundreds or thousands of processors, each of which has its own OS and memory/bus resources). SMP - adept at processing simple operations at high rates. MPP processes very large complex computationally intensive tasks.
Data Mining (database security)
allow analysts to comb through data warehouses and look for potentially correlated events. result in development of data models used to predict future activity. Activity of data mining produces Metadata. Metadata is stored in a more secure contained known as the data mart.
Client Based Systems
a client side or client focused attack is one where the client itself, or a process on the client, is the target. Ex: malicious website that transfers malicious mobile code (such as an applet) to a vulnerable browser running on the client. Client side attacks can occur over any communication protocol. Another vulnerability is client based is risk of poisoning of local caches.
Authorized DNS server attacks
aim at altering the primary record of a FQDN on its original host system, the primary authoritative DNS server (hosts the zone file or domain database). If original data set is altered then those changes propagate across internet. Attacks on authoritative DNS servers get noticed quickly so most attackers focus on DNS servers instead.
Temporary Internet Files
aka internet files cache; temporary storage of files downloaded from the internet sites (website content) that are being held by the client utility for current and future use. split response attack can cause client to download and store content in cache that was not intended element of web page. Mobile code scripting attacks can also be used to plant false content in cache. Once files have been poisoned in cache, even when a legit web document calls on a cached item, the malicious item will be activated.
Central Processing Unit (CPU)
aka processor or microprocessor; chips that governs all major operations and either directly performs or coordinates the complex calculations that allows a computer to perform its intended tasks. Responsibility of OS and compilers to translate high level programming languages used to design software into simple instructions that a CPU understands.
Hypervisors
aka virtual machine monitor (VMM), is the component of virtualization that creates, manages, and operates, the virtual machines.
ARP Cache Poisoning
caused by an attack responding to ARP broadcast queries in order to send back falsified replies. If the false reply is received by the client before the valid reply, then the false reply is used to populate ARP cache and valid reply is discarded as being outside an open query. Dynamic content in ARP cache will remain until a timeout (usually under 10 minutes). ARP used to resolve Internet Protocol address into appropriate MAC address to craft ethernet header for data transmission. A second form of ARP poisoning is used to create static ARP entries via the ARP command and must be done locally (through a script that executes on the client - Trojan horse, buffer overflow). Static entries are permanent, even across system reboots. One means of setting up MitM attack.
Metachatacters
characters that have been assigned special programmatic meaning. Examples: ' " [ ] \ ; & ^ $ . | ? * + { } ( ) Can be escaped with a backslash in front of th character (\&) to remove its programmatic meaning and treat the character as a normal character, like a number or letter.
IoT (Internet of Things)
class of devices connected to the internet in order to provide automation, remote control, or AI processing to traditional or new appliances in a home or office setting. Security issues : access and encryption. One possible secure implementation is deploy a distinct network for IoT equipment to isolate from primary network (known as three dumb routers).
Applets
code objects sent from a server to a client to perform an action - self contained miniature programs that execute independently of the server that sent them. Benefits: processing burden shifted to client, client can produce data using local resources, web server doesn't receive any data provided to the applet as input. Security Concerns: allow remote system to send code to local system for execution, ensure that code sent to systems is safe. Applet may contain Trojan horse. Ex: java applets and ActiveX controls.
Abstraction
creates "black-box" interfaces for programmers to use without requiring knowledge of an algorithms or devices inner workings.
layering
creates different realms of security within a process and limits communication between them
Mitigating Local Cache Attacks
defense is more of a detective and preventative concern; keep OS and apps current with patches. install host-IDS and network-IDS tools to watch for abuses of these types. Review logs of DNS and DHCP systems, and local client system logs and firewall, switch, and router logs. Use a split-DNS system (aka split horizon DNS, split view DNS, and split brain DNS) deploying a DNS server for public use and one for internal use. External users are unable to access internal use server by blocking inbound port 53 for TCP (zone transfers) and UDP (queries - any non DNS system sending a query to a DNS server).
Directory Traversal/Command Injection
directory traversal enables an attacker to jump out of the web root directory structure and into any other part of the file system hosted by the web servers host OS. URL could include unicode equivalent of "change to parent directory" command (represented as ../ in ASCII, also uses metacharcter of %. Protections: metacharacter escaping or filtering.
Forms of Industry Control Systems (ICS)
distributed control systems (DCS) - found in industrial process plants. controls elements distributed across monitored environment such as manufacturing floor or production line; analog or digital. Programmable Logic controllers (PLCs) - single or focused purpose digital computers deployed for industrial electromechanical operations such as controlling systems on assembly line. Supervisory Control and data acquisition (SCADA) - can operate as stand alone device or be networked with other SCADA systems or traditional IT systems. designed with minimal human interfaces. Stuxnet first ever rootkit to a SCADA system. All are fairly resistant to compromise or modification - little security built in.
Embedded Systems and Static Environments
embedded system is designed around a limited set of specific functions in relation to the larger product of which it's a component. Static environments are applications, OSs, hardware sets, or networks configured for a specific need, capability, or function and then set to remain unaltered. Examples: cyber physical systems (offer computational means to control something in physical world - robotics, sensor networks) - prosthetics, collision avoidance in vehicles, air traffic control coordination, precision in robot surgery, energy conservation in vehicles, equipment, mobile devices, and buildings), and IoT.
Hardware Segmentation
enforces process isolation with physical controls
Injection Attacks
exploitation that allows attacker to submit code to a target system in order to modify its operations and/or poison and corrupt its data set. SQL injection riskier than XSS as targets of SQL injection are org assets, where XSS targets customers or visitors of a website. SQL injection attacks use unexpected input to alter or compromise a web app - use input to gain unauthorized access to an underlying database and related assets. Can allow an attacker to bypass authentication, reveal confidential data, change data, add new records to database, destroy tables or databases, gain command line like access. Protections: input validation and limit account privileges. also, escaping metacharcters (defensive coding).
HOSTS poisoning
file is static file found on TCP/IP supporting system that contains hard coded references for domain names and their associated IP addresses. Content can be added to the HOSTS file to set up a relationship between a FQDN and the IP of choice. When system boots contents of file, will be read into memory where they take precedence. Entries from HOSTS file are permanent.
LDAP Injection
focus is on back end of LDAP directory service. If a web server front end uses a script to craft LDAP statements based on input from a user, then LDAP injection is a threat. Protections: input sanitization and defensive coding.
Open Web Application Security Project (OWASP)
focuses on improving security for online and web based apps (better coding practices and secure deployment architectures). OWASP top 10 web attacks. A few top 10 web risks are injection (SQL injection, LDAP injection, XML injection, command injection, hypertext markup language (HTML) injection, code injection, file injection), XML exploitation, Cross site scripting (XSS), and cross site request forgery (XSRF).
Cross Site Scripting (XSS)
form of malicious code injection attack in which an attacker is able to compromise a web server and inject their own malicious code into content sent to other visitors. Commonly accomplished through common gateway interface (CGI) scripts, vulnerabilities, injection attacks, cookie hijacks, DNS redirects, frame exploitation. Defenses: patch web server, Web application firewall, Host intrusion detection system, auditing and input validation. Add-ons that only allow your script to be run.
Grid Computing
form of parallel distributed processing that loosely groups a high number of processing nodes to work toward a specific processing goal. Members of grid can enter/leave at random intervals. Security concerns: content of each work packet is potentially exposed to world, central servers could overload and go offline crashing grid, compromise of central grid servers.
Type II Hypervisor
hosted hypervisor; a standard regular OS is present on the hardware, and the hypervisor is then installed as another software application.
ActiveX Controls (Applet)
implemented using a variety of languages (Visual Basic, C, C++, and Java). use proprietary Microsoft technology and can only execute on systems running Microsoft browsers. Not subject to sandbox restrictions placed on Java applets.
Inference (Database Security)
involve combining several pieces of nonsensitive info to gain access to info that should be classified at a higher level. Defense: vigilance over permissions, intentional blurring of data, database partitioning.
Mobile Device Security
involves range of potential security options/features available for a mobile device. Not all portable electronics devices (PEDs) have good security features. PED security features include full device encryption, remote wiping, lockouts, screen locks, GPS, app control, storage segmentation, asset tracking, inventory control, MDM, device access control, removable storage, and the disabling of unused features.
Server Bases Systems
issue of data flow control; management of data flow ensures efficient transmission with minimal delays or latency and reliable throughput using hashing and confidentiality protection with encryption. Ensures receiving systems are not overloaded with traffic. when data overflow occurs, data can be lost or corrupted. Data flow control provided by networking devices (routers, switches), network applications and services, load balancer (performs load distribution through random choice, round robin, load utilization monitoring and preferencing). DoS attack detriment to data flow control.
Registers
limited amount of on board memory in CPUs that provide it with directly accessible memory locations that the brain of CPU, the arithmetic logical unit (ALU), uses when performing calculations or processing instructions. When the CPU needs information from one of its registers it uses a register address.
Embedded systems and static environments security concerns
limited or single purpose computing environments need security management. these techniques include: network segmentation, security layers, application and network firewalls, manual updates, firmware version control, wrappers, monitoring, and control redundancy and diversity.
Read Only Memory (ROM)
memory the PC can read but can't change. contents are burned in at the factory and end user cannot alter it. often contain "bootstrap" information that computer use to start up prior to loading an OS from disk. Include power on self test (POST) series of diagnostics.
Multicore
most CPUs are this; what was previously a single CPU or microprocessor chip is now a chip containing 2, 4, or 8 or dozens of independent execution cores that can operate simultaneously.
Multiprogramming vs Multitasking
multiprogramming usually takes place on large scale systems, like mainframes, where multitasking takes place on personal computer (PC) operating systems such as windows and linux. multitasking is coordinated by OS and multiprogramming requires specially written software that coordinates its own activities and execution through the OS.
Peer to Peer
networking and distributed application solutions that share tasks and workloads among peers. similar to grid computing; primary difference is no central management system and services provided are usually real time rather than as a collection of computational power. Examples: VoIP services (Skype), BitTorrent (for data/file distribution), and Spotify (for streaming audio/music distribution). Security concerns: pirate copyright materials, ability to eavesdrop on distributed content, lack of central control/management/oversight/filtering, and potential for services to consume all bandwidth.
Flash Memory
nonvolatile form of storage media that can be electronically erased and rewritten. can be erased and written in blocks or pages. most common type is NAND flash (used in SSDs, memory cards, thumb drives, and mobile devices).
Aggregation (Database Security)
number of functions provided by SQL to combine records from tables to produce useful info, collect numerous low level security items and combine them to create something of a higher security value. defenses: control access to aggregate functions and assess info they may reveal.
DNS query spoofing
occurs when hacker is able to eavesdrop on a client's query to a DNS server. The attacker then sends a reply with false info. If client accepts false reply, they will put that info in their local dns cache. when real reply arrives, it will be discarded.
Risks associated with cloud computing and virtualization
once sensitive, confidential, and proprietary data leaves the confines of the organization, it also leaves the protections imposed by the organizational security policy and resultant infrastructure. Cloud services and their personnel may not adhere to the same security standards as your organization.
Protection Rings
organize code and components in OS (apps, utilities, or other code). Most modern OS use four ring model (0-3). Ring 0: OS Kernel/Memory (resident components; highest level of privilege) Ring 1: Other OS Components (parts of OS that come and go as various tasks are requested, operations performed etc.). Ring 2: Drivers, Protocols etc. (system utilities - able to access peripheral devices) Ring 3: user level programs and applications rings 0-2 run in supervisory or privileged mode and ring 3 runs in user mode. process with lowest ring # runs first. Mediated access model. processes may access objects directly only if they reside in their own ring or within some ring outside its current boundaries.
Multithreading
permits multiple concurrent tasks to be performed within a single process.
Data Hiding
prevents information from being read from a different security level
Characteristics of storage devices used by computers
primary storage is the same as memory. secondary storage consists of magnetic, flash, and optical media that must first be read into primary memory before the CPU can use the data. Random access storage devices can be read at any point, whereas sequential access devices require scanning through all the data physically stored before the desired location.
How principle of least privilege, separation of privilege, and accountability apply to computer architecture
principle of least privilege ensures that only a minimum number of processes are authorized to run in supervisory mode. separation of privilege increases the granularity of security operations. accountability ensures an audit trail exists to trace operations back to their source.
XML Exploitation
programming attack used to falsify info being sent to a visitor or cause their system to give up info without authorization. One area of concern is security associations markup language (SAML). SAML abuses are often focused on web based authentication and is an XML based convention for the org. and exchange of communication authentication and authorization details between security domains could allow attacker to falsify SAML communications or steal visitors access token to bypass authentication.
Smart Devices
range of mobile devices that offer the user a plethora of customization options, typically through installing apps, and may take advantage of on-device or in-the-cloud artificial intelligence (AI) processing.
Random Access Memory (RAM)
readable and writable memory that contains info a computer uses during processing. retains contents only when power is continuously supplied to it, when a computer is powered off all data stored in RAM disappears (unlike ROM). only useful for temp storage, should never store critical data.
Cloud Computing
refers to a concept of computing where processing and storage are performed elsewhere over a network connection rather than locally. Often thought of as Internet-based computing.
Security issues surrounding secondary storage devices
removable media can be used to steal data, access controls and encryption must be applied to protect data, and data can remain on the media even after file deletion or media formatting.
Security Policies
role is to inform and guide the design, development, implementation, testing, and maintenance of a particular system. Multi level security policies prevent information flow from higher security levels to lower levels. As a system is developed the security policy should be designed, built, and implemented and tested as it relates to all applicable Sytem components or elements, including: physical hardware, firmware, software, and how the org interacts with and uses the system.
Data Analytics (database security)
science of raw data examination with focus of extracting useful info out of the bulk info set. "big data"
DNS lookup address changing
sending an alternate IP address to the client to be used as the DNS server the client uses for resolving queries. can be performed through a script or by compromising DHCP (used to distribute DNS server address to clients). once client has wrong DNS server, queries will be sent to a hacker controlled DNS server, which will respond with poisoned results.
Java Applets
short programs written in Java code (no longer supported directly in most browsers; each system that supports Java code downloads the version of the Java Virtual Machine supported by its OS) transmitted over the internet to perform operations on a remote system. "sandbox" used to place privilege restrictions on Java code.
Multistate Processors
simultaneously operate at multiple security levels by using specialized security mechanisms ("protection mechanisms") - these mechanisms are designed to prevent information from crossing between security levels.
Firmware
software stored on a ROM chip. At the computer level, it contains the basic instructions needed to start a computer. Firmware is also used to provide operating instructions in peripheral devices such as printers.
Client/Server Model
users operate independent, fully functional desktop computers but also access services and resources on networked servers (new). aka distributed system or distributed architecture. - security must be addressed everywhere and not just at a single host. prone to different vulnerabilities; safeguards: technology solutions and controls to policies and procedures. Client computers may not have proper backups where servers do. Defense in Depth helps avoid monolithic security stance (belief a single mechanism provides sufficient security).
Steps for a security evaluation/web security assessment
starts with reconnaissance (viewing hosted web pages, discovering automation tech in use, info that shouldn't have been posted, configuration and security leaks). Followed by assessment of sites configuration management (file handling, extensions in use, backups, looking for sensitive data in client side code), and evaluating sites transmission security (SSL/TLS version support, assess cipher suites, cookie/session ID/ token management, susceptibility to forged requests). Next evaluate authentication and session management followed by evaluating cryptography of site and data sanitization and validation methods. Check for DoS defenses, evaluate risk responses, and test error handling.
Data Warehousing (database security)
store large amounts of info from a variety of databases for use with specialized analysis techniques often contain historical info.
TEMPEST
technology that allows the electronic emanations that every monitor produces (known as Van Eck radiation) to be read from a distance (process known as Van Eck phreaking) and even from another location. Protective controls: copper.
security issues surrounding memory components
the fact that data may remain on the chip after power is removed and the control of access to memory in a multiuser system. Attack that freezes memory chips to delay decay of resident data when system is powered off and RAM is pulled out of motherboard (cold boot attack). attacks on memory image dumps or system crash dumps to extract encryption keys.
How a security policy drives system design, implementation, testing, and deployment
the role of the security policy is to inform and guide the design, development, implementation, testing, and maintenance of a particular system.
Cross-Site Request Forgery (XSRF)
tricks the user or the users browser into performing actions they had not intended. Attack is focused on users browser more than website being visited. Example of exploit that uses XSRF is Zues. Defenses: confirmations/reauthentication whenever sensitive action is required, add a randomization string to URL request (nonce) and session management, check client HTTP request header referrer for spoofing. End users should run anti malware scanners, using HIDS, running firewall, avoid non mainstream websites, log off sites when done, keep browsers patched, and clear out temporary files and cached cookies regularly.
Erasable Programmable Read Only Memory (EPROM)
two main subcategories: Ultraviolet EPROM (UVEPROM) (can be erased with a light and end users can burn new info as if it has never been programmed before) and EEPROM (erasable PROM) (uses electric voltages delivered to the pins of the chip to force erasure).
Programmable Read Only Memory (PROM)
type of ROM that may be altered. contents aren't burned in at a factory. instead uses special functionality that allows an end user to burn in the chips content later. once data is written to a PROM chip no further changes are possible. commonly used for hardware apps.
DNS Cache Poisoning
used to perform MitM attack; client receives response from DNS to be used for future use. False information can be fed into DNS cache to misdirect communications. Means of performing DNS cache poisoning: HOSTS poisoning, authorized DNS server attacks, caching DNS server attacks, DNS lookup address changing, and DNS query spoofing. For all 5 attacks, false entries will be in local DNS cache of client allowing MitM attack.
Protection Mechanisms
used to protect the integrity of the OS itself, and to manage which users are allowed to access specific types of data. protection rings, operational states, security modes
Two layered operating modes used by most modern processors
user applications operate in a limited instruction set environment known as user mode. The OS performs controlled operations in privileged mode aka system mode, kernel mode, and supervisory mode.
Host/Terminal Model
users could be physically distributed but a functions, activity and data and resources reside on a single centralized system (old).
Process States aka Operational States
various forms of execution in which a process may run. For OS can be in problem state - user or supervisor state- all access mode. process scheduler selects highest priority process for execution. For whether a process is running can run in 4 states: Ready, waiting, running (aka problem state z runs until time slice expires or blocked), supervisory, stopped.
Volatile vs Nonvatile Storage
volatility is a measure of how likely it is to lose data when power is turned off. Devices designed to retain their data (i.e. magnetic media) are nonvolatile. Static or Dynamic RAM, which are designed to lose their data, are volatile.
