Mid-Term help

Ace your homework & exams now with Quizwiz!

d. OTP

All of the following can be broken mathematically EXCEPT____________. a. AES b. 3DES c. SHA d. OTP

Footprinting

Gathering information about the target. IP addresses, web presence, phone numbers, emails

[6.2] In 2000 the Aust. Privacy Act 1988 was amended to include what?

National Privacy Principles

Security Controls

defense mechanism to protect all components of IS -physical access and communication

TCP Intercepting Firewall

firewall sites between server and internet. Validates and connects to servers.

triage

identifying incident, investigating severity, setting priorities on how to deal with incident

Indirect Calorimetry

measure oxygen consumption and carbon dioxide production calculate heat production

Tracert

mega ping: return the route taken by the packet to the host.

block cipher

message divided into blocks of bits for encryption and decryption purposes

integrity

preventing modification of information to unauthorised individual or systems

SYN Cookies

prevents reservation of resources on initial request. Stores information with the client.

info security laws

seek to protect the civil rights of populations from abuses of info systems and the internet

Encrypted Virus

virus writers encrypt code. Every replication used new key. Decryption code never changes though.

Exploit

weakness or mistake in a program that malware can use.

NIS (Norton Internet Software) 2014

what is the best antivirus software?

Service Control Firewall Technique

what types of internet services that can be accessed. Filter by IP, port

Social Engineering

A means of gathering information for an attack by relying on the weakness of an individual.

Common Network Scanner Tools:

- Solar Winds - Lanhelper

Security Technologies: - Types of IDS:

- HIDS - NIDS

TLS steps

1. handshaking - exchange master secret key using asymmetric crypto 2. Key Derivation - master key used to generate a set of session keys. 3. Data transfer - data is broken into records for travel 4. Connection closure - special message is sent to ensure proper closer

Information Assets

A risk management strategy calls on information security professionals to know their organization's _____., Valuable or sensitive data is 'Information asset' • Examples - Confidential information about employees - Information about commercial contracts - Production information of factories • Categorize information assets - Highly valuable financially - Sensitive but not financially valuable • Reputation • Political • Identification of assets should be a relatively straightforward • Valuation of assets is more of a challenge.

Macro

A series of instructions that can be grouped together as a single command, often used to automate a complex set of tasks or a repeated series of tasks.

Protocol

A set of rules governing the exchange of data between two or more entities.

Energy Values in Poultry

AME (apparent metabolizable energy) -GE of feed -fecal, urinary (gas is negligible) -If corrected for nitrogen retention = AMEn TME (true Metabolizable energy) -GE -excreta energy -Test ingredient substituted for ingredient of known ME or Subtract excreta energy in fasted birds

Rootkid

Admin access to system

Email address spoofing

Altering the sender information on email to trick recipients into thinking the message if from another source.

Spidering

Automated mapping of websites or file system. Program that recursively follows all links in a HTML document. can reveal old insecure pages, backups, databases connected etc.

[5.6] Briefly define biometric

Automated method of verifying the identity or recognising someone based on physiological or behavioural characteristic.

In order to recover or prevent virus attacks:

Avoid potentially unreliable websites/emails. System Restore. Re-install operating system. Use and maintain anti-virus software.

Firewall

Barrier between trusted and untrusted networks. prevents unauthorised traffic from reaching the network.

____ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.

DR

____________________ components account for the management of information in all its states: transmission, processing, and storage.

Data

[4.4] Policy enforcement phase. Why is the order of steps important?

Doesn't make sense to check if subject authorised unless you are satisfied if request is made from right subject.

Phishing carried out what.

Email, instant messaging

Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.

False

Risk evaluation assigns a risk rating or score to each information asset.

False

If Everythingabovecangowrong

Need recovery contingency plan/policy

Salt

Random but not secret information, different for each user.

[5.8] How can you reduce FNMR?

Reduce threshold.

Encryption (E)

Transforming the plaintext into another form so that the meaning is not obvious, using an algorithm and some secret knowledge

[1.2] Data state of Jeep Cherokee?

Transmission (initially) of information related to Uconnect.

Lipid Types

Triglycerides -Fatty acid chain length and unsaturation -Trans fatty acids• Essential fatty acids •eicosanoids• -Biohydrogenationin the rumen -Conjugated Linoleic Acid (CLA) Phospholipids Steroids Fat Quality

Lipids

Triglycerides •Fatty acid chain length and unsaturation •Trans fatty acids Essential fatty acids •Eicosanoids -Biohydrogenationin the rumen -Conjugated Linoleic Acid (CLA) Phospholipids Steroids Fat Quality

Failing to prevent an attack all but invites an attack.

True

Using a secure logon and authentication process is one of the six steps used to prevent malware.

True

When the organization is pursuing an overall risk management program, it requires a(n) systematic report that enumerates the opportunities for controlling risk.

True

Which of these is a list of approved email senders?

Whitelist

full backup

all files in computer

role based access control

determine how subjects and object interact based on necessary operations and task a user needs to carry out to fulfill their responsibilities

Which of the following is NOT a motion detection method?

moisture Motion Detection Method: radio frequency magnetism infrared

motivation for hackers & types

theft, hijacking, cyber terrorism, "for fun" // types are white hat vs black hat authorized vs unauthorized

Stateful Firewall Filtering

track TCP connections. Only accepts packets on established connections. Negatives: requires more memory, not advanced, can't detect IP spoof, easy to misconfigure.

Wireshark

traffic monitor. Capture messages moving through network card. Can save and filter sessions.

risk transfer

transfer risk to third party

What is Social engineering?

• This involves the psychological manipulation of people in order to establish a level of trust that leads to the individual taking action - Divulging sensitive and private information, initiating funds disbursement request, etc. • The most common form is "phishing."

What's the impact of Call Forwarding?

• Your phone is compromised, your conversations may be accessed, and your identity may be stolen. • In the end, our client's assets may be stolen because the fraudster requested and authorized a transaction.

Energy Outline

•Concept in Nutrition •Partitioning or Distribution •Species differences •Energy Density •Predicting the requirement -Body weight -Growth -Temperature / activity effects •Effect of energy on feed intake •Feed efficiency •Regulation of feed intake

Types of threats

Natural Events Human action - Deliberate: fraud, sabotage, theft - Accidental: negligence, errors, omissions

Risk measure defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.

False

Spam is some act intended to deceive or trick the receiver, normally in email messages.

False

The anti-malware utility is one of the most popular backdoor tools in use today.

False

The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.

False

The main difference between a virus and a worm is that a virus does not need a host program to infect.

False

The term risk methodology refers to a list of identified risks that results from the risk-identification process.

False

Vishing is a type of wireless network attack.

False

Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).

False

Within best practices, the optimum standard is a subcategory of practices that are typically viewed as "the best of the best."

False

Within organizations, technical feasibility defines what can and cannot occur based on the consensus and relationships between the communities of interest.

False

You cannot use qualitative measures to rank values.

False

What compliance regulation applies specifically to the educational records maintained by schools about students?

Family Education Rights and Privacy Act (FERPA)

Establishing a competitive business model, method, or technique enabled an organization to provide a product or service that was superior and created a(n) competitive advantage.

True

Information Security 3 sectors

Internet: Geotagging and Hacking E-commerce: Privacy and security issues Telecommunications: information leakage and metadata collection

Which statement about data loss prevention (DLP) is NOT true?

It can only protect data while it is on the user's personal computer

Which statement about data loss prevention (DLP) is NOT true?

It can only protect data while it is on the users personal computer

Energy Distribution, Partitioning, Utilization

Net Energy = NEm+ Nep -Maintenance (NEm) •Heart rate (10%), kidney (7%), protein turnover (10), CNS activity (15), respiration (7), liver (7) •Ion balance (35) -Production (NEp) •Tissue (muscle, fat) •Lactation, egg production •Pregnancy' •Wool, hair, feathers •Work

Examples of exceptionally grave damage include armed hostilities against the United States or its allies and disruption of foreign relations vitally affecting the national security.

True

In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data.

True

Leaving unattended computers on is one of the top information security mistakes made by individuals.

True

One way to determine which information assets are critical is by evaluating how much of the organization's revenue depends on a particular asset.

True

Organizations should communicate with system users throughout the development of the security program, letting them know that change are coming.

True

Policies are documents that specify an organization's approach to security.

True

Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.

True

Risk control is the application of controls to reduce the risks to an organization's data and information systems.

True

Rootkits are malicious software programs designed to be hidden from normal methods of detection.

True

Security efforts that seek to provide a superior level of performance in the protection of information are referred to as best business practices.

True

Some argue that it is virtually impossible to determine the true value of information and information-bearing assets.

True

Spyware gathers information about a user through an Internet connection, without his or her knowledge.

True

The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems.

True

The amount of money spent to protect an asset is based in part on the value of the asset.

True

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

The general management of an organization must structure the IT and information security functions to defend the organization's information assets.

True

The mitigate control strategy attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.

True

The most common of the mitigation procedures is the disaster recovery plan.

True

The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.

True

The results from risk assessment activities can be delivered in a number of ways: a report on a systematic approach to risk control, a project-based risk assessment, or a topic-specific risk assessment.

True

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

True

The value of intellectual property influences asset valuation.

True

To determine if the risk is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.

True

When determining the relative importance of each asset, refer to the organization's mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts.

True

You should adopt naming standards that do not convey information to potential system attackers.

True

Derivatives of Cholesterol

Vitamin D3 Glucocorticoids (cortisol, corticosterone) Mineralocorticoids Bile salts (cholic acid, taurocholic, glycocholic, etc) Estrogen Progesterone Testosterone

[3.1] Relationship btwn threats, vulnerabilities and attacks

Vulnerabilities can be deliberately exploited by threats and results in an attack on the information asset.

b. Diffie-Hellman (DH)

Which of the following key exchanges uses the same keys each time? a. Diffie-Hellman Ephemeral (DHE) b. Diffie-Hellman (DH) c. Diffie-Hellman-RSA (DHRSA) d. Elliptic Curve Diffie-Hellman (ECDH)

d. Hardware Security Module (HSM)

Which of these has an onboard key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption, and can back up sensitive material in encrypted form? a. Trusted Platform Module (TPM) b. self-encrypting hard disk drives (HDDs) c. encrypted hardware-based USB drives d. Hardware Security Module (HSM)

a. risk loss

Which of these is NOT a basic security protection for information that cryptography can provide? a. risk loss b. integrity c. confidentiality d. authenticity

a. Collisions should be rare

Which of these is NOT a characteristic of a secure has algorithm? a. Collisions should be rare b. The results of a hash function should not be reversed. c. The hash should always be the same fixed size d. A message cannot be produced from a predefined hash

a. Advanced Encryption Standard

Which of these is the strongest symmetric cryptographic algorithm? a. Advanced Encryption Standard b. Data Encryption Standard c. Triple Data Encryption Standard d. Rivest Cipher (RC) 1

c. integrity

Which protection is provided by hashing? a. authenticity b. confidentiality c. integrity d. availability

Which of the following is not designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow.

barricade

black box

basic or no information is provided

PCs

bitlocker

smurf

broadcasting large number of ICMP packets with victim's spoofed source IP

A____ Can be used to secure a mobile device

cable lock

double encoding

can be used to bypass many text-based security filters. defense: filter dangerous characters, re-encode at every boundary

exposure

of an info resource is the harm, los or damage that can result if a threat compromises the resource

mandatory access control

operating system constrains ability of subject to access or perform operation on an object

Boot Sector Virus

original virus. Sits on a boot sector and activated on boot.

discretionary access control

owner of resource specify which subjects can access specific resources

Attack Vectors

parts of the application that can be reached by users. All attack vectors form the attack surface

object

passive entity that contains information or needed functionality

deterrent control

discourage potential attacker

network usage policy

document, agreement, or contract that defines acceptable and unacceptable uses of computer and network resources for a business or organization

redundancy

duplication of critical components/functions of system with intention of increasing reliability and availability of system

digital certificate

electronic document used to prove ownership of public key

For hardware devices, the ____________________ number is used by the network operating system to identify a specific network device.

electronic serial, MAC address, or hardware address

Network Security

is concerned with addressing vulnerabilities and threats in computer networks that may or may not be connected to the internet as long as there is a network connection there is an increased risk of unauthorized access. The primary challenge in securing a computer network is keeping user data private and accessible only by authorized persons

Malware

is short for "malicious software" and included any software designed to damage, corrupt, or illegally manipulate computer resources common forms include; viruses, worms, and spyware

exposure factor

percentage loss by realised threat

A typical configuration baseline would include each of the following Except.

performing a security risk assesment

Which of the following is NOT a characteristic of an alarmed carrier PDS?

periodic visual inspections

demilitarised zone

physical or logical subnetwork that contains and exposes organisation's external facing services to a larger and untrusted network

communication controls

network controls - secure the movement of data across networks: -firewalls -antimalware -white/black listing -encryption -VPNS -transport layer security -employee monitoring system

firewall

network hardware or software that examines data packets flowing in and sometimes out of a network or computer in order to filter out packets that are potentially dangerous

interior threats

network security threats that originate from within a network, typically from registered users

RATs (remote administration tool)

obtained through small files like online greeting cards, games, or free software what can they do? -log keystrokes -capture voice conversations -capture web camera -hijack computers

Which of the following is NOT an activity phase control

resource Control Activity Phase Control: compensating control detective control deterrent control

data custodian

responsible for maintaining and protecting data

data owner

responsible for protection and use of information

ransomware

restricts access to computer system until ransom is paid

firewall

restricts access to one network from another network

recovery control

return environment back to regular operation

security awareness training

teaches the knowledge and attitude members of organisation should posses regarding protection of physical and information assets of organisation

risk avoidance

terminating activity introducing the risk

Ping

test connection between hosts. Sends "are you there?" messages

War driving

the act of driving through neighborhoods with a wireless notebook or handheld computer looking for unsecured Wi-Fi networks

identification

mapping an unknown entity to a known identity as to make it known

hash

mapping of data of arbitrary length to data of fixed length

cipher (algorithm)

mathematical and logic rules used in cryptographic functions

steganography

method of hiding data in another media type to conceal it's existence

data-entry errors

mishandling of computer output

asset value

monetary value of asset

wiretapping

monitoring telephone and Internet conversation by a third party, by covert means

antivirus

software used to prevent, detect and remove malicious computer viruses

Software Patch

sometimes called a security patch, fixes software bugs and flaws and is typically distributed to software users through online software updates

worm

standalone malware that replicates itself and spreads to other computers

code review

systematic examination of source codw

Which of the following cannot be used along with fencing as a security parameter?

Vapor barrier

[5.6] Which is faster at returning results Verfication mode or identification mode? (biometrics)

Verification is faster. It only requires 1-to-1 comparison. Identification has to search entire database (n-to-1 comparison).

Entity Authentication

Verify claimed identity.

Data Origin Authentication

Verify source and integrity of message.

Authentication

Verifying a claimed identity or source of information.

Essential Fatty Acid Deficiency

Very Rare Difficult to induce on common diets Most common deficiency symptom is dermatitis or other skin problems. Benefits of increasing omega-3 over omega-6

What's the impact of phishing?

Victims of phishing may have malware installed on their computer systems or have their identity stolen.

vulnerability

weakness in design, implementation, operation or internal control of process that could expose system

log key strokes, capture voice conversations, capture web camera video sessions, hijack computers

what can RATs do?

in situations where the info being stored is confidential or valuable, and there is a possibility that your computer can be accessed by others

when is encryption useful?

Footprinting Tools

who.is, nslookup, social engineering

Code injection via Stack Smash

write payload into function then processor executes payload

HTTP Flood

zombie follow every link on each site recursively. Target consumes resources responding to zombies.

Spyware

§ A broad category of software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user § In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet § Spyware can collect many different types of information about a user: • Records the types of websites a user visits • Records what is typed by the user to intercept passwords or credit card numbers • Used to launch "pop up" advertisements § Many legitimate companies incorporate forms of spyware into their software for purposes of advertisement(Adware)

What does Malware look like?

§ Hostile, intrusive, or damaging software or program code ("malicious" + "software") • Examples of malware include viruses, worms, Trojan horses, ransomware, and spyware.

Nessus

- The Most Widely Used Vulnerability Scanner - A Commercial Tool that has Tens of Thousands of Documented Vulnerabilities in its Library - Works on: Linux, Windows, Routers

Other Security Technologies: - Data Loss Prevention (DLP)

- Monitor Outgoing Network Traffic to look for Key Files going out - It can also Monitor Data Storage of Sensitive Documents to Log when Data is Accessed

Troubleshooting Common Security Issues: - Common Configuration Issues (Filtering)

- Most Access Points offer some Level of Filtering - It should be Turned on and Configured

Steganography

- NOT cryptography - Used to hide information within a document or image so the presence of the message is not detected. - Some techniques make use of crypto

[4.3] Describe what is meant by need to know principle and separation of duties.

- Need to know = access restricted to those who need to know information to complete job. - Separation = break tasks into multiple components, each performed by different entity.

RATs

(Remote Administration Tool) obtained through small files like online greeting cards, games, or free software

Rootkit

* Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit. * May enable: - Easy access for the hacker (and others)into the enterprise - Keystroke logger * Eliminates evidence of break-in. * Modifies the operating system.

Adware

**Advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. **Adware is software integrated into or bundled with a program, typically as a way to recover programming development costs through advertising income

What's is Botnet

*A botnet is a number of compromised computers used to create and send spam viruses or flood a network with messages as a denial of service attack. *The compromised computers are called zombies.

How does viruses happen?

*A virus attaches itself to a program, file, or disk. *When the program is executed, the virus activates and replicates itself. *The virus may be benign or malignant but executes its payload at some point (often upon contact). -Viruses can cause computer crashes and loss of data.

RC4 Algorithm

- "Ron's Cipher #4" - Keystream generator for binary additive stream cipher - Input: key length up to 2048 bits - Output: pseudorandom binary sequence produced 8 bits - Only a few lines of code (~20) - Fast in software

Solar Winds

- A Commercial Network Scanner - Allow you to Select an IP Range, Subnet, or List of IP Addresses to scan and then start the scan - Will Produce a Map of your Network

Tcpdump

- A Common Packet Sniffer for Linux - Works from the Shell and is Relatively Easy to Use

Kerberos: - Basic Information

- Network Authentication Protocol - Developed at MIT in the mid 1980s - Available as Open Source or in Supported Commercial Software

Types of Authentication: - Federations

- A Federation is a Collection of Computer Networks that Agree on Standards of Operation, such as Security Standards - For Example, Instant Messaging Federation (IM): 1. Multiple IM Providers form Common Communication Standards, thus allowing Users on Different Platforms with Different Clients to Communicate Freely. This would Facilitate Communication between Employees in each of the Various Partners - Other Example, Microsoft Passport or Google Checkout: 1. Allows a User to have a Single Identity that they can use across Different Business Units and perhaps even Entirely Different Businesses

Wireshark

- Network Packet Sniffers - Penetration Tester use it Regularly - Provides a Convenient Graphical User Interface

Example of Denial of Receipt

- A customer orders an expensive product, but the vendor demands payment before shipment. - The customer pays, and the vendor ships the product. - The customer then asks the vendor when he will receive the product. - If the customer has already received the product, the question constitutes a denial of receipt attack. - The vendor can defend against this attack only by proving that the customer did, despite his denials, receive the product.

Example of Repudiation of origin

- A customer sends a letter to a vendor agreeing to pay a large amount of money for a product. - The vendor ships the product and then demands payment. - The customer denies having ordered the product - The customer has repudiated the origin of the letter. - If the vendor cannot prove that the letter came from the customer, the attack succeeds.

Mechanisms/Countermeasures

- A security mechanism is a method, tool, or procedure for enforcing a security policy. - Supporting mechanisms assumed to be working correctly - What concrete actions we should take under an attack or withstand threats?

policy

- A security policy is a statement of what is, and what is not, allowed. - This defines 'security' for the site/system/computer/data/information, etc. - It is about imposing rules to reduce risks to assets at an acceptable level - A security policy is a specification of what security requirements/goals the countermeasures are intend to achieve - "Perfect security" is not necessary and costly, even not possible - Secure against what, from whom, and when? - Unambiguously partition system states - Correctly capture security requirements - Composition of policies • If policies conflict, discrepancies may create security vulnerabilities

ARP (Address Resolution Protocol)

- ARP Protocol Maps IP Addresses to MAC Addresses

[3.3] What sort of information is included in AusCERT security bulletin?

- ASB or ESB (AusCERT or External) - ID number - [tag] with affected systems - Product name - Most sever impact if exploited.

Troubleshooting Common Security Issues

- Access Issues - Configuration Issues - Personnel Issues - Other Issues

Troubleshooting Common Security Issues: - Common Configuration Issues (Logging)

- Access Points typically offer Logging that must be Turned on and Configured

Benefit of combining MAC and DAC?

- No owner can make sensitive info available to unauthorised users - 'Need to know' can be applied to limit access that would otherwise be granted under mandatory rules

Processes need to consider

- Access control and privilege management - Backup of files & systems - Business of continuity plans - Communications - Checks and balances - Processes for staff leaving/joining - Software mngt processes and auditing

Principle of least privilege

- Access is generally restricted to the minimum resources and authorisations required for an entity to perform their day-to-day function. - Intended to limit lvl of damage if a security incident occurs.

netcat

- Not Part of OS - Free Download for Windows/Linux - Allows you to Read and Write to Network Connections using either TCP or UDP

nc mymail.server.net 25

- Open a Connection to a Mail Server on Port 25

Assets: Functionality, Information, Risks, Security ( One of the goals of security is about regulating access to assets)

- Access to information, or - Access to functionality. • Computer system provides two assets: functionality and information - Compute GPA (functionality) - GPA (information) • Functionality comes with certain risks - What are the risks of computing GPA? • Intentional incorrect computing of GPA • Information has also risks - Privacy • GPAleakage - Integrity of GPA • Modification of GPA) • Security is about identifying, managing, and minimizing risks.

Social Engineering

- Active attack Use social skills to convince people to reveal information or permit access to resources.

Vulnerability Scanners can be Classified as Either:

- Active or - Passive

Protocol Analyzer (Packet Sniffer)

- Allow us to View Traffic and Capture a Copy of the Traffic for Offline Analysis - Help you Incident Response, and Network Forensics

Digital Signature Algorithm (DSA)

- Also called Digital Signature Standard (DSS) - Based on discrete log problem

Other Security Technologies: - Unified Threat Management System (UTM)

- Also called USM (Unifies Security Management) System - Includes Combinations of all the other Devices: 1. Firewall, IDS, and Antivirus, as well as other Items, such as Load Balancing and VPN 2. A Single Place to Review Logs rather than having to Check Multiple Devices and System Logs

LanHelper

- An Inexpensive Network Mapper - You can Issue Statements Like: Scan Lan Scan IP Scan Workgroups

Wireless Scanners and Crackers

- The Network Scanners Mentioned above can be used for Wireless Networks, but There are also Tools specifically designed for WiFi that you can use - A Common WiFi Tool is Aircrack

Four Pilars of Information Security

-firewall -installing software patches -using security software -practicing safe cautious online behavior

attack

- Anattackisanytypeofoffensivemaneuverthattargetsinformationassets,computingassets, computer infrastructures, computer resources, etc. - Acyberattackcouldbeemployedbynations,states,individuals,groups,societyororganizations. - Acyberattackmayoriginatefromananonymoussource. - Anattackhasanimplicitconceptof"intent" - Routermis-configurationorservercrashcanalsocauselossofavailability,buttheyarenot attacks.

Phospholipids

-function in cell membranes, etc. -glycerol, 2 fatty acids, other

threat

- Athreatisapotentialviolationofsecuritymechanismsorundesirableeventthatmaybe malicious. - Athreatisanintentiontoinflictharm,damage,orotherhostile/unauthorizedactiononsomeone's assets - Apersonoranentityislikelytoposethreatstoassets.

What are the benefits of digital signatures?

- Authentication of message sender - Some assurance of message integrity - Non-repudiation (third party can decide if a specific party signed a message)

Non-repudiation for accountability

- Authorized users cannot deny actions (received a message, sent a message)

Vulnerability

- AvulnerabilityisaweaknessinthesystemswhichcanbeexploitedbyaThreatActor,suchasan attacker, to perform hostile/unauthorized actions such as attacks. - Toexploitavulnerability,anattackermusthaveatleastoneapplicabletoolortechniquethatcan be used.

Mixed Triglyceride:

-palmitate (16:0) -oleate (18:1) -stearate (18:0)

[9.1] Before encrypted messages can be sent, each communicating party must have a copy of the secret key. How can this key be distributed securely if asymmetric ciphers are NOT used?

- Over a different secure channel - Through a trusted 3rd party = role of key server

Iodine Value

= grams of Iodine absorbed per 100 g of oil.Measure of the # of double bonds.

Methods of DoS Attacks

- Overload the resource so it cannot respond to legitimate requests. - Damage the resource so it cannot be used. - Deliberately interrupt communications between users and resource so it cannot be accessed.

How bot net work?

- Botnets spread through viruses and worms • Once installed on the victim's computer, they use the internet to make contact with a controller computer • The infected computer (often called a zombie) will do nothing more except periodically check for instructions from the controller computer • Over time, more and more computers are recruited to the incipient botnet until it may contain tens of thousands of zombies, • These zombies don't raise suspicion as they appear to be doing nothing • The controller computer will issue a command for the botnet to wake up and begin doing something. • Often the people who created the botnet itself have either sold or rented the botnet to another group who want to use its capabilities.

Types of Authentication: - Multifactor Authentication

- Can Consist of Two, Three, Any Number of Factors - Example: An ID / Password and a Smartcard is a Two Factor Authentication

Ophcrack

- Can be Installed on a Bootable CD - If used in that Manner, you boot the System to the CD, thus Circumventing Windows Security, and proceed to Try to Crack the Passwords - Ophcrack offers a small Rainbow Table free of Charge

Defense against DDos

- Cloud hosting - Coordination with upstream providers.

tracert

- Command is tracert in Windows and traceroute in Linux - tracert or traceroute tells you how to get there

Ping

- Part of Both Windows and Linux - The Ping Utility is used to Find out if a Particular Website is Reachable - Ping Operates by Sending Internet Control Message Protocol (ICMP) Echo Request Packets to the Target Host and Waits for an ICMP Response

[1.2] Which of security goals are compromised if the attacks described in the article are performed on a Jeep?

- Confidentiality: cellular network traffic reveals vulnerable vehicle, track GPS, trace route over time, measure speed, monitor in car systems etc. - Integrity: changes made to firmware to insert the code that allows for the remote control. - Availability: can take control away from authorised user.

[4.6] Google drive etc. Does the system use discretionary, mandatory, or role-based access control, or a combination of these?

- DAC.

General Networking Tools

- Data Sanitization Tools - Backup Utilities - Banner Grabbing

Troubleshooting Common Security Issues: - Common Configuration Issues (Default Passwords)

- Default Passwords must be Changed Immediately

Disruption/Usurpation

- Denial of service • A long-term inhibition of service, is a form of usurpation, although it is often used with other mechanisms to deceive. • The attacker prevents a server from providing a service.

Troubleshooting Common Security Issues: - Digital Certificate Issues

- Digital Certificates also must be Configured and Implemented Properly - Issue Certificates in a Secure Manner (Use Proper Key Size, Key is Stored Securely) - It is better to have an Organizational Certificate Authority Issue Certificates

What are the major access control approaches?

- Discretionary Access Control (DAC) - Mandatory Access Control (MAC) - Role Based Access Control (RBAC) Can use a combination.

ARP Flags: -a

- Displays all of the Current arp entries

ARP Flags: -g

- Displays all the Current arp entries for all Interfaces. Same as -a

Troubleshooting Common Security Issues: - Other Issues

- Don't allow Unlicensed Software Installation - Comply with Copyright Laws - Restrict (SMS: Short Message Service, MMS: Multimedia Messages Service)

Kerberos: - Use Explained (2)

- Each Time the User Wishes to Access some Resource on the Network, the User's Computer presents KDC with the TGT - The TGT then Sends that User's Computer a Service Ticket, granting the User Access to that Service - Service Tickets are usually only good for up to 5 minutes - The User's Computer then sends the Service Ticket to the Server the User is trying to Access - As a Final Authentication Check, that Server then Communicates with the TGT to Confirm and Validate the Service Ticket

Process of decryption for Vernam OTP

- Each character = 8bit string - The decryption key = encryption key. - Decryption algorithm is XOR. - Each character has different 8 bit string (key portion) - For whole message, key length must = length of plaintext. RANDOMNESS is what provides the security

Asymmetric Ciphers (Public Key Cipher)

- Encryption key DOES NOT EQUAL decryption key - Computationally infeasible to derive one key from the other

Network Scanners Can:

- Enumerate everything on a Network - Detect Rogue Systems

[3.4] Name things attackers can do to multi-functional photocopiers.

- Execute unauthorised code. - DoS attacks Attacker requires remote unauthenticated access.

Other Security Technologies:

- File Integrity Checking - Application Whitelist - Unified Threat Management (UTM) System - Data Loss Prevention (DLP) Software - Data Execution Prevention (DEP)

[3.4] Describe a threat to multi-functional printers.

- Files sent to printer can be viewed, copied, redirected, modified and re-transmitted. - Confidentiality breach may occur - Integrity breach may occur. - Possible to cancel or delete files before printed.

nmap

- Free Download for Windows/Linux - It is a Port Scanner - It can Reveal what Services are Running - It Can Reveal Target Machine's OS - Can Scan: A Range of IP Addresses or A Single IP Address

Pwdump

- Get a Copy of the Local Password Hashes from the Windows SAM File - The SAM File, or Security Accounts Manager, is where Windows stores Hashes of Passwords. The Program Pwdump will extract the Password Hashes Form the SAM File

Active Attacks

- Goal is to modify, replicate of fabricate. - Can detect and try to recover e.g. phishing, DOS, Main-in-the-middle

Passive Attacks

- Goal is to obtain information - Difficult to detect e.g. eavesdropping, shoulder surfing.

Network Scanner (Network Mapper)

- Help you Find out what is on your Network

Security Technologies

- IDS - Antimalware - Firewalls - Other Systems

Identify and Access Management Concepts:

- Identification means finding out who Someone is - Authentication is a Mechanism of Verifying that Identification - Put another way, Identification is Claiming an Identity - Authentication is Proving it

[3.1] Difference between passive and active attacks

- Passive do not require an attacker, difficult to detect. - Active = attacker takes some action to interact with asset, if you monitor you can detect.

Macro Virus

A computer that is written in a script known as a macro.

Example of Masquerading or spoofing

- If a user tries to log into a computer across the Internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. - Similarly, if a user tries to read a file, but an attacker has arranged for the user to be given a different file, another spoof has taken place.

Program Virus

A computer virus that infects executable program files.

Summary: Fat in Animal Nutrition

"Fat" is usually referring to triglycerides•Fat is added to diets as an energy source, for palatability, to decrease dust Fat is energy dense Animals fed diets with added fat generally have greater carcass fat Feeding unsaturated fat to non-ruminants results in unsaturated fat being deposited in the carcas

Use Password Crackers on your Network:

- If you are able to Crack one or more Passwords - You are then Aware of this Security Vulnerability and can take Appropriate Steps to Remedy the Issue

Vulnerability Scanners: Passive Scanners

- Involves Methods to Search your Network that do not Directly Interact with the Network

Known Initialisation Vector (IV)**

- Is public - Prevents repetition of data

Troubleshooting Common Security Issues: - Common Configuration Issues (Failure to Patch Network)

- Items such as: Firewalls, Access Points, Switches, and Routers - All have OS that must be Patched, just as you Patch your Computers

Stream Ciphers

- Plaintext & ciphertext are streams of characters Process: - Plaintext encrypted one character at a time by combining with a keystream - Ciphertext decrypted one character at a time by combining with the same keystream used for encryption

Kerberos: - In Depth

- Kerberos Authentication uses a Key Distribution Center (KDC) to Orchestrate the Process - The KDC Authenticates the Principal (which can be a User, Program, or System) and Provides it with a Ticket - After this Ticket is issued, it can be used to Authenticate against other Principals - This process occurs automatically when another Principal performs a Request or Service

RSA Signatures

- Key generated same way as RSA encryption

[4.3] To what extent can mandatory access control (MAC) be used to implement the need to know principle?

- Limited ability to implement need to know. - Typical MAC rules use user clearances and object classification based on hierarchical levels. A user who fits such a rule will have access regardless of whether that user has a current need to access the data or not.

Other Security Technologies: - Application Whitelisting

- List of Applications that are Allowed on a Given Computer or Network - They Log Attempts to Install Unauthorized Applications - You are not Allowed to Install a Password Checker

nc -I -p 12345

- Listen on Port 12345

ARP Flags: -N

- Lists arp cache for a Specified Interface

MBSA (Microsoft Baseline Security Analyzer)

- MBSA is not the Most Robust Vulnerability Scanner - It is Free - It Finds Vulnerabilities and Configuration Issues - Very Easy to Use

SSH security properties

- Message confidentiality - Message integrity - Message Replay protection: money transfer example. - Peer Authentication.

CLA Applications in Non-ruminants (pigs, poultry, fish)

"Value-added"foods with human health benefit •Repartitioning effect •Health benefit to the animal

malware

"malicious software" & includes any software designed to damage, corrupt, or illegally manipulate computer resources

Other Security Technologies: - Data Execution Prevention (DEP)

- Microsoft Introduced this with Windows Vista - When an Application tries to Launch, the User must approve the Execution before it can Proceed - Some DEP Systems Log any time an Application tried to Execute, even if it was Blocked - Even if the Malware is Blocked, You would want to Know that there was an Attempt to Execute

Binary Additive One-time pad (Vernam OTP)

- Plaintext is a stream of bits - Key is a stream of bits - XOR of plaintext and key to produce ciphertext - XOR of ciphertext and key to recover plaintext - Can not reuse or repeat keys, each message requires a NEW random key.

Ipconfig (Windows) / Ifconfig (Linux)

- Provides Information about your Network Interfaces

OWASP Zap (Open Web Application Security Project Zap)

- Publish a List of the Top Vulnerabilities - Also Publish a Free Tool to Scan for Website Vulnerabilities - Easy to Use

Tools Commonly used for Password Cracking:

- Pwdump - Ophcrack

Remote Authentication Dial-in User Services (RADIUS)

- RADIUS allows Authentication of Remote and other Network Connections - A RADIUS Server can be managed centrally, and the Servers that allow access to a Network can Verify with a RADIUS Server whether an Incoming Caller is Authorized - In a Large Network, with many Connections, this Allows a Single Server to Perform all Authentications

Password checking strategies

- Reactive password checking - Proactive password checking (as they create it)

Advantages of Knowledge-based authentication mechanisms e.g. passwords

- Readily accepted by users - Low cost implementation

Troubleshooting Common Security Issues: - Access Issues

- Recommended Password Selection Policy - Password Storage Policy (done by OS) - Least Privilege - Use Good Protocols such as Kerberos - Strong Authentication

People need to consider

- Recruiting - Monitoring - Education

Ipconfig / Ifconfig Flags: /releas

- Releases any Dynamically Assigned IP Addresses

(Property) ICT hardware and software need to consider

- Reliability and robustness - Redundancy - Source of software : authorised, legit, supported - Testing - Configuration/misconfiguration - Unprotected com channels : wired/wireless

ElGamal Cryptosystem

- Relies on difficulty of discrete logarithms for security - Used for encryption Ciphertext is: - twice length of plaintext --> C = 2P - randomised = multiple encryptions of same plaintext to produce different ciphertexts

ARP Flags: -d

- Removes a Listing from the arp cache

Ipconfig / Ifconfig Flags: /renew

- Renews the Dynamically Assigned IP Addresses

Disadvantages of clock based

- Requires synchronization - Need to allow for network delays if for network usage = attacker could copy password then log in as user.

For effective access control what do you need to consider?

- Resources - Sensitivity - Who/what should have access to each resource? - Permissions (Authorisations) - How will access control decisions be made? - Policy implementation

Security Technologies: - Firewalls

- Review the Firewall Logs on a Regular Basis - Windows Firewall Log is located at: (%windir%\system32\logfiles\ firewall\) - Turn on Logging - Open the Windows Firewall Console: (wf.msc and choose Actions > Properties) - Click Logging

RSA Cryptosystem

- Rivest-Shamir-Adleman cryptosystem - Use for encryption and digital signature scheme - Based on factorising large integers

nmap 192.168.1

- Scan IP Address 192.168.1

nmap 192.168.1.1-20

- Scan a Range of IP Addresses

nmap -O -PT -T1 192.168.1.1

- Scan to Detect OS, use TCP Scan, and use Sneaky Speed

Ipconfig / Ifconfig Flags: /all

- Shows all Information for all Network Interfaces

Types of Authentication:

- Single Factor - Multifactor - Biometric - Federations

What is disclosure?

- Snooping • Is unauthorized access to or interception of information • The practice is similar to eavesdropping but is not limited to gaining access to data • Can be unauthorized observance of data that belongs to someone else. • The unauthorized interception of information, is a form of disclosure. • It is passive, suggesting simply that some entity is listening to (or reading) communications or browsing through files or system information. • Wiretapping, or passive wiretapping, is a form of snooping in which a network is monitored.

[1.2] How can you address the security problems of Jeep Cherokee example?

- Software patches to address the vulnerability - During dev. implement a policy re: separate critical vehicle systems from entertainment/phone systems. - Education/training/awareness

[1.3] Why is the continued use of Windows XP after April 2014 considered a vulnerability?

- Software will no longer be patched = no repair of code errors. - Flaws identified by criminals can be used to attack system.

Authentication Systems or Methods are Based on One or More of these Five Factors:

- Something you know, such as a Password or PIN (Type I) - Something you have, such as a Smartcard, Token, or Identification Device (Type II) - Something you are, such as your Fingerprints, or Retinal Pattern (Biometrics) (Type III) - Something you do, such as an Action you must take to complete Authentication - Somewhere you are (This is based on Geolocation)

Who is the Commonwealth Privacy Act 1988 NOT applied to?

- State or Northern Territory government agencies - Non-government organisations.

What are block ciphers?

- Symmetric ciphers - Encrypted/Decrypted one block at a time - Blocks commonly 64-bits or 128-bits

Common Types of Protocol Analyzers:

- Tcpdump - Wireshark

Aircrack

- The Most Popular Tool - Free to Download - There are a Few Tools in the Download: wzcook.exe (will try to extract wireless data including the password, from the local machine on which it is installed; it is a command line tool)

Risk control is the examination and documenting of the security posture of an organization's information technology and the risks it faces.

False

There are four stages in a worm attack:

- The first stage is when the worm probes other machines looking for a vulnerability that can be exploited to copy itself to - The second stage is to penetrate the vulnerable machine by performing the operations for exploiting the vulnerability. • For example, the worm might detect an open network connection, through which it can get the remote machine to execute arbitrary instructions. - In the third stage, the worm will download itself to the remote machine, and store itself there. This is often called the 'persist' stage. - In the fourth stage, the worm will propagate itself by picking new machines to attempt to probe.

Importance of Cyber Security

- The internet allows an attacker to work from anywhere on the planet. - Risks caused by poor security knowledge and practice: IdentityTheft MonetaryTheft Legal Ramifications (for yourself and your organization) Sanctions or termination if policies are not followed. - According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are: *WebBrowser *Instant Messaging (IM) Clients #Instant messaging (IM) technology is a type of online chat that offers real-time text transmission over the Internet #WhatsUp, Viber, etc. *WebApplications *ExcessiveUserRights *Socialmedia.

netstat

- The netstat Command is also a Part of Both Windows and Linux - Displays Current Network Connections

Netcraft.com

- This Provides Information about Websites including what OS they are running

Shodan.io

- This Site is a Vulnerability Search Engine - You can Search your own Network's Domain Name for Vulnerability

isc.sans.edu

- This is the SANS Institute Cyber Storm Center - Will Provide Information on Current Cyber Threats

Other Security Technologies: - File Integrity Checking

- Tripwire is a File and Directory Integrity Checker - Monitors a Designated Set of Files for any Changes - Used with System Files on a Regular Basis - Tripwire can Notify System Administrators of Corrupted or Tampered Files - Traditionally an Open Source Tool, but now is Commercial been Designed to be Free

Digital Signatures

- Unique to signer - Verifiable - Legally binding - Different for every document - Must be produced and verified by a machine Completely different to digitized signature

[4.3] Explain how role-based access control (RBAC) can be used to implement separation of duties.

- User can only take one role at a time. - Require users in 2 different roles to complete task, set access permissions of different roles to force separation.

Types of Authentication: - SFA (Single Factor Authentication)

- Username / Password Combination

Elliptic Curve Cryptography

- Uses algebraic group defined on a set of points on an elliptic curve

nslookup

- Verifying that the Machine can connect to the DNS Server - Then it Opens a Command Prompt wherein you can enter DNS-Related Commands - run: nslookup.exe, Is -d domain_name - A Zone Transfer is when you Attempt to get the DNS Server to Send you all of its Zone Information - A Properly Configured DNS Server will Refuse

[3.1] Difference vulnerabilities and threats

- Vulnerabilities = weaknesses in system protecting asset. - Threats = anything with potential to cause harm.

Vulnerability Scanners

- Vulnerability Scanners find and correct Vulnerabilities before an attacker finds them - Some Tools scan for General Vulnerabilities - Others Scan for WebPage Vulnerabilities, Configuration Vulnerabilities

Kerberos: - Use Explained (1)

- When using Kerberos, the User Authenticates to the KDC and is given a Ticket granting Ticket (TGT) - This Ticket is encrypted and has a Time Limit of Up to 10 Hours - The Ticket Lists the Privileges of that User (Much like a Token)

Vulnerability Scanners: Active Scanners

- Will Interact Directly with the Target Network - Nessus, MBSA, and OWASP ZAP

Troubleshooting Common Security Issues: - Common Configuration Issues (Limit Admin Access)

- Wireless Access Points have an Administrative Panel - This should be Accessible via a Physical Connection, not via Wireless

The majority of virus programs are designed to harm users, by

- corrupting their data or attacking the operating system itself, - providing an exploitable 'backdoor', giving attackers access to the computer.

Separation of duties (privileges)

- divide task up into series of steps - ensure steps performed by different entities - MOre than one entity is required to complete the task

Benefit of separation of duties

- no single entity is authorised to complete all steps in a critical task - Minimises error - harder for insiders to abuse

Possible access permissions that could be implemented?

- read (observe) - write (observe and alter) - execute (neither observe nor alter) - append (alter) - search

--------------------------------INCOMPLETE (slide 42)

----------------------------------------------

ASYMMETRIC---------------------------------------------

----------------------------------------------

Symmetric---------------------------------------------------------

--------------------------------------------------------------

Essential Nutrients

-All organisms require water. -Essential nutrients for animals are: •the energy sources •some of the amino acids •a subset of fatty acids •vitamins •certain minerals

Diethylstilbesterol -DES

-Synthetic estrogen used to prevent miscarriages in humans (1947) -found to be a carcinogen (1971) -Also used as a growth promotant in cattle (banned in 1979) -Human dose 1-5 mg/d -Beef tissue levels 10 ppb (10 μg / kg)

Cholesterol is a steroid

-critical for cell membranes -fat digestion-lipid transport -derivatives have essential functions in metabolism

Phishing: Counterfeit Email

. A seemingly trustworthy entity asks for sensitive information such as credit card numbers, login IDs, password, date of birth, via e-mail. • A criminal activity using social engineering techniques. • An attempt to acquire sensitive data, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. • Typically carried out using email or an instant message.

trust

. One party (trustor) is willing to rely on the actions of another party (trustee) • The trustor (voluntarily or forcedly) abandons control over the actions performed by the trustee. • As a consequence, the trustor is uncertain about the outcome of the other's actions • The uncertainty involves the risk of failure or harm to the trustor if the trustee will not behave as expected. • Trust means an act of faith; confidence and reliance in something that's expected to behave or deliver as promised. • It is a belief in the competence and expertise of others, such that you feel you can reasonably rely on them to care yours needs • We trust a system less if it gives us insufficient information about its expertise. • We trust a system less when we don't have much control over our assets.

Spoofing examples

. Spammers can attack a mail system by changing the information stored in email 'envelopes' which enclose the messages themselves. • This is known as 'spoofing' and allows a spammer to disguise their actual address by writing new addresses for the sender (such as replacing their own address with that of TrustedBank) and the destination for receipts. • Simple spoofing is now being challenged by technologies that allow genuine senders to authenticate messages which can be checked by the recipient's mail server, Internet service providers and companies have to buy far more bandwidth and storage than they will ever need for legitimate purposes.

Units

1 calorie (small "c")= heat to raise the temp. of 1 gram of water by 1°C. 1000 calories = 1 kilocalorie (kcal)(Calorie, large "C" = 1 kcal) Joule = -the energy transferred to an object when a force of one newton acts on that object through a distance of one meter (1 newton metreor N·m). -the energy dissipated as heat when an electric current of one ampere passes through a resistance of one ohm for one second.1 cal= 4.18 joules 1 joule = 0.239 cal BTU = the amount of heat required to raise the temperature of one pound of water through 1°F -(58.5°F -59.5°F) at sea level (30 inches of mercury)

3 Information security goals

1. Confidentiality 2. Integrity 3. Availability

Privacy Amendment (Enhancing Privacy Protection) Act 2012 has 13 Privacy Principles grouped into 5 parts. What are they?

1. Consideration of personal information privacy 2. Collection of personal information 3. Dealing with personal information 4. Integrity of personal information 5. Access to, and correction of, personal information

Remote SW attacks without User Action

1. DOS attack 2. DDOS attack

How do Asymmetric ciphers for confidentiality work?

1. Each user creates a public key / private key pair. 2. Public key shared with everyone. 3. Sender uses receivers public key to encrypt message. 4. Ciphertext sent to receiver. 5. Receiver decrypts ciphertext using their private key.

[5.1] Briefly describe the problems associated with reusable passwords.

1. Easy to share 2. Easy to forget 3. Users choose easy to guess passwords 4. Can't be written down 5. Don't provide non-repudiation

Types of Block ciphers

1. Electronic Code Book mode (ECB) a. Data Encryption Standard (DES) b. Advanced Encryption Standard (AES) 2. Cipher Block Chaining (CBC) 3. Output Feedback (OFB) 4. Cipher Feedback (CFB) 5. Galois Counter Mode (GCM) There are 12. We are concerned with ECB and CBC.

2 types of Authentication

1. Entity Authentication 2. Data origin authentication

Source of threats

1. External: unauthorized entities outside organisation. 2. Internal: authoris

Attacking the Network Methodology

1. Footprint 2. Scan 3. Enumerate 4. Penetrate 5. Attack 6. Cover Tracks 7. Install back doors

[4.4] Policy enforcement phase. Explain these three steps in the order they must occur.

1. Identification (requester claims an identity) 2. Authentication (verify requester) 3. Verification authorisation (check identity authorised)

What are the steps for implementing access control?

1. Identify the subject (who are you claiming to be?) 2. Authenticate the subject (evidence) 3. Verify that the subject is authorized for the requested mode of access before allowing access

What are the 3 sides of the Security Model? What is on each side?

1. Information States (top) . Transmission . Storage . Processing 2. Critical Information Security Services (left) . Confidentiality . Integrity . Availability 3. Security Measures (right) . Technology . Policy & Practices . Education, Training and Awareness

Authenticator Categories

1. Knowledge-Based (something yo know) 2. Object-based (something yo do) 3. ID-based (something yo are) 4. Location-based (somewhere yo are)

[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files. Explain what happens after the CryptoLocker malware is installed.

1. Malware contacts a control server which generates a 2048-bit RSA public/private key pair. 2. Control server sends public key to victims computer and keeps private key. 3. Malware encrypts files on computer using public key. 4. When enough files are encrypted it displays message asking user to pay ransom.

2 Types of Attacks

1. Passive 2. Active

[5.7] Describe the 3 practical aspects that need to be considered for implementing a biometric system.

1. Performance: accuracy + speed 2. Acceptability: extent people accept the use of the biometric identifier. 3. Circumvention: how easily system is fooled using fraudulent efforts.

Process of enctyption for Vernam OTP

1. Plaintext encrypted character by character. 2. t converted to ascii 8-bit binary string (encoding). 3. Encryption key for the first character is 8-bit secret string. Encryption algorithm is XOR. 8-bit ciphertext string also = ASCII symbol

What are the two phases of implementing access control?

1. Policy definition phase: where privilege is allocated and administered a) Authorise subject by defining the AC policy b) Distribute access credentials/token to subject c) Change/revoke authorisation whenever necessary 2. Policy enforcement (grant access) phase: where privilege is required to gain access a) Authenticate subject b) Grant access as authorised by policy c) Monitor access

3 Types of Countermeasures

1. Preventative controls 2. Detective controls 3. Corrective controls

Types of Assets

1. Property - Physical assets e.g. buildings and contents - Hardware - Software (OS, apps, support systems) - Data 2. People - Employees - Contractors - Customers/Clients 3. Procedures

How are public keys distributed?

1. Provided directly e.g. in email signature 2. On a website 3. Public keyserver

What are the most common digital signature schemes?

1. RSA 2. DSA 3. ECDSA

Two inputs used for most modern stream ciphers

1. Secret key 2. IV (Known Initialisation Vector)

[5.6] Describe 4 main biometric modules

1. Sensor module: capturs biometric signal e.g. fingerprint scanner. 2. Feature extraction module: processes signal and extracts discriminatory features e.g. position of ridges on fingers. 3. Matcher module: compares against stored templates to generated matching score. 4. System database module: used to store biometric templates.

What are the advantages of Elliptic Curve Cryptography over other asymmetric cryptographies?

1. Smaller key size and smaller ciphertext size than RSA 2. Provides same level of security with smaller keys

Asset States

1. Storage - electronic, physical, human 2. Transmission - physical or electronic 3. Processing (use) - physical or electronic

What does the security of asymmetric cryptographic system depend on?

1. Strength of the algorithm 2. Key Size 3. Confidentiality of the private key (K_priv)

Issues with Binary Additive Stream Ciphers

1. Synchronisation: encryption keystream must be synchronised with encryption keystream. 2. Bitflip error: one bit will be decrypted incorrectly 3. Inserted/deleted bit: loss of synchronisation = message can't be recovered from insertion/deletion point.

Why is access control used?

1. To prevent unauthorized users from gaining access to resources. 2. To prevent authorised users from misusing resources.

Attacks by Programmer Developing a System

1. Trojan horse: hide in other programs reveal when activated 2. back door or trap door, usually a password that allows u to bypass security 3. Logic Bomb: segment of computer code embedded and designed to activate at certain time

[5.7] In order to be used for biometrics a characteristic must meet 4 requirements.

1. Universality: each person should have the characteristic. 2. Distinctiveness: characteristic should be significantly different between each person. 3. Permanence: characteristic should be sufficiently invariant over a period of time. 4. Collectability: characteristic should be measured quantitatively.

[5.2] Explain how how authentication is performed for hashed passwords.

1. User sends UserID and password 2. Server computes hash value of received password 3. Look up record for that UserID, a. Compare computed hash value with stored hash value b. If they match, access is permitted

Remote SW attacks Requiring User Action

1. Virus: segment of code that performs malicious actions by attaching to another program 2. Worm: same as virus but can replicate itself without requiring another comp. program 3. Phishing Attack (and spear)

risk analysis steps

1. asses vale of each asset 2. estimate probability of each asset will be compromised 3. compare costs of asset being compromised to cost of protecting asset

Attacking a web server

1. identify all entry points 2. examine the structure of entry points 3. Are there non-HTTP ways of communicating with the server 4. identify server software 5. enumerate 6. research for known vulnerabilities

Risk mitigation

1. implement control to prevent identified threats from occuring 2. developing means of recovery methods: acceptance, limitation and transference

[9.1] How many keys are required for five people to communicate confidentially using a symmetric cipher, such that any two can communicate securely?

10. Person A needs 4 keys to communicate with the others. There are 5 people --> 5 x 4 = 20. But the key Person B uses to communicate with Person A is the same so --> 20/2 = 10.

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?

13

Unsaturated Fatty Acids -all "cis"

16 Carbons: -Palmitate 16:0 Melting Point 63 -Palmitoleic C 16:1 Melting Point 1.5 !8 Carbons Stearate 18:0 Melting Point 71.5 Oleic 18:1 Melting Point 16.3 Linoleic 18:2 Melting Point -5.0 Linolenic 18:3 Melting Point -11 20 Carbons Arachidic(eicosanoic) 20:0 Melting Point 75.5 Gadoleic 20:1 Melting Point 25 Arachidonic(eicosatetraenoic) 20:4 Melting Point -49.5 adding double bonds -decreases the melting point (solid → liquid)

Common Long Chain Fatty Acids

16:0 Palmitic acid 18:0 Stearic acid 18:1 n-9Oleic acid 18:2 n-6 Linoleic acid 18:3 n-3α-Linolenic acid Δ 9,12, 15 18:3 n-6γ-Linolenic acid Δ 6,9,12 20:4 n-6 Arachidonic acid 20:5 n-3Eicosapentaenoic acid (EPA) 22:6 n-3Docosahexaenoic acid (DHA

who are the individuals that are hit hard by ID theft?

18 & 19 year olds

Discovery of CLA

1961: First report that CLA was an intermediate in microbial biohydrogenation in the rumen. 1979: A compound in fresh and fried ground beef that was anti-mutagenic in the Ames test. 1985: The mutagenesis inhibitor was an anticarcinogen in mice. 1987: The anticarcinogen was CLA. 1990's: synthetic CLA produced. 1997+ Synthetic CLA reduced body fat in mice, rats, pigs, etc...

[7.2] What port is reserved for HTTP over TLS? What is the prefix for a URL that describes a resource accessible by HTTP over TLS?

443. https://

Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?

80

Whaling

A Phishing attack that targets only wealthy individuals.

What does Call forwarding look like?

A cybercriminal gets the phone company to forward our client's cell number to their cell phone so they can impersonate our client when we, or any other financial institution our client conducts business with, calls them back for verification before transferring funds or opening accounts.

b. verify the receiver

A digital signature can provide each of the following benefits EXCEPT _____________. a. prove the integrity of the message b. verify the receiver c. verify the sender d. enforce nonrepudiation

Hoax

A false warning designed to trick users into changing security settings on their computer.

unsaturated fatty acid

A fatty acid possessing one or more double bonds between the carbons in the hydrocarbon tail Typically methylene-interrupted 20:5 Δ 5, 8, 11, 14, 17 20:5 omega 3

Spyware

A general term used to describe software that spies on users by gathering information without consent.

[6.1] According to Section 6 of the Australian Privacy Act 1988, what is not a record?

A generally available publication or anything kept in library, art gallery, museum for purposes of reference, study or exhibition. Records in care of National Archives of Aust., documents in Aust. War Memorial collection, letters/articles in transmission by post.

Botnet

A logical computer network of zombies under the control of an attacker.

Watering Hole Attack

A malicious attack that is directed toward a small group of specific individuals who visit the same website.

Worm

A malicious program designed to enter a computer via a network to take advantage of a vulnerability in an application or an operating system.

Pharming

A phishing attack that automatically redirects the user to a fake site.

Spear Phishing

A phishing attack that targets only specific users.

Vishing

A phishing attack that uses a telephone calls instead of emails.

Rootkit

A set of software tools used by an attacker to hide the actions or presence of other types of malicious software.

Information Security Incident

A single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security.

Impersonation

A social engineering attack that involves masquerading as a real or fictions character and then playing out the role of that person on a victim.

Adware

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

Total Digestible Nutrients (TDN)

A standard evaluation of the nutritional merit of a particular feed for farm animals which includes all the digestible organic nutrients--protein, fiber, nitrogen-free extract, and lipids. "An outmoded method of expressing the energy value of a feed" used many in horse, beef, dairy nutrition. TDN = digestible Crude Protein + digestible NFE+ digestible Crude Fiber + 2.25 x digestible ether extract TDN is expressed as: -a percentage of the ration -or as lbs or kg of TDN (not as a caloric value)

Threat Model

A threat model is a diagram and description that tells a story of how an attacker could exploit the vulnerability. This is a narrative approach to the attack that should help guide the mitigation techniques that need to be put in place to protect the system at that point. It can define the security of an application and reduces the number of vulnerabilities. It also has the 2 steps of identifying and prioritizing the vulnerabilities. Assumption about the adversary • Capability of the adversary, the knowledge of the adversary... - Assumption about the legitimate users • Choose strong password, will not send their password in email,.... - Assumptions about the certificate authorities • They are trustworthy, perfectly secure...

Spim

A variation of spam, which targets instant messaging users instead of email users.

How does heuristic detection detect a Virus

A virtualized environment is created and the code is executed in it

Armored Virus

A virus that goes to great lengths in order to avoid detection.

How does heuristic detection detect a virus?

A virutalised environment is created and the code is executed in it.

b. digest

A(n) ______________ is not decrypted but is only used for comparison purposes. a. stream b. digest c. algorithm d. key

What type of controls are the processes for developing and ensuring that policies and procedures are carried out?

Administrative controls

What type of controls are the processes for developing and insuring that policies and procedures are carried out?

Administrative controls

____ is simply how often you expect a specific type of attack to occur.

ARO

The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

Accept Control

Discretionary Access Control (DAC)

Access at the discretion of some individual, possibly the information asset owner. - Popular OS use DAC - Often implemented access control lists or matrices.

Which one of the following is the best example of an authorization control?

Access control lists

Blacklists

Access generally permitted unless expressly forbidden. - If your name is on the list you will be denied access. - the sites you are not permitted to visit

Whitelist

Access is generally forbidden unless expressly permitted. - if your name is on the list you will be granted access - the only sites you are permitted to visit.

Role-based access control (RBAC)

Access permissions based on the role of the individual rather than the subject's identity (user, admin, student etc.)

[1.2] Were the Jeep Cherokee attacks active or passive?

Active attacks: constructed code and deliberately inserted it into system.

Subjects

Active entities in the system (for example users, processes, other computers), that cause information to flow among objects or change the system state.

Internet (network) layer

Addressing and routing. Global. - IPv4, IPv6 - ICMP : control - IPsec : security

Transport Layer Security (TLS)

Adds encryption to application protocols. Used extensively on the web and is often referred to in privacy policies as a means of providing confidential web connections. Network security protocol.

[5.4] Describe one major advantage and one major disadvantage for hardware tokens, when compared to standard user-selected passwords.

Advantage: single use (one time) password is secure against password guessing or replay: reusable passwords are not. Disadvantage: problems if synchronisation between token and host is lost, also security issues around possible loss or theft of token.

[9.4] Alice wants to send a message and an associated digital signature to Bob. Alice has a public key K_(Apub) and the associated private key K_(Apriv). Similarly, Bob has a public key and associated private key. Explain the cryptographic steps necessary for Alice to generate her digital signature and for Bob to verify Alice's digital signature using hashing.

Alice's signature generation: i. Alice prepares message M (hashes the message). ii. Alice inputs the hashed message and Alice's private key to the signature creation algorithm to obtain SigA(M). iii. Alice sends SigA(M) and M to Bob Bob performing signature verification: i. Bob receives message M and claimed signature SigA(M). ii. Bob hashes message M iii. Bob inputs SigA(M), M' and Alice's public key into signature verification algorithm. iii. If output = Yes then SigA(M) = signature on message M formed by Alice. If hash function collision resistant then highly likely message same as sent by Alice. If output = No, then no assurance that the signature on the message was formed by Alice or that the hash was right.

[9.4] Alice wants to send a message and an associated digital signature to Bob. Alice has a public key K_(Apub) and the associated private key K_(Apriv). Similarly, Bob has a public key and associated private key. Explain the cryptographic steps necessary for Alice to generate her digital signature.

Alice's signature generation: i. Alice prepares message M (may include encoding the message). ii. Alice inputs the message and Alice's private key to the signature creation algorithm to obtain SigA(M). iii. Alice sends SigA(M) and M to Bob

Digital Certificate

Also called an SSL certificate, is a type of electronic business card that is attached to internet transaction data to verify the sender of data

[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files. According to the "Takedown and recovery of files" investigators were able to takeover the control servers of CryptoLocker and shut them down. How were users able to decrypt their files after that?

An IT security firm gained access to the database of RSA private keys that the CryptoLocker operators had stored, and made available a tool to help victims decrypt their files. (Note that this decryption service is no longer in operation.) For each file to be encrypted, one would generate a random AES key, encrypt the file using AES, encrypt the AES key using the RSA public key, and then delete the AES key. This would be much faster since the user's files are being encrypted using the faster AES encryption algorithm. Users would still be unable to decrypt their files since the AES key has been deleted and the only way to recover the AES key is to decrypt it using the RSA private key.

Bot Herder

An attacker who controls a botnet.

Intrusions

An attempt to gain unauthorised access to your system

Trojan Horse

An executable program that is advertised as performing one activity but which actually performs malicious activity.

Information Security Event

An identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant.

Zombie

An infected computer that is under the remote control of an attacker.

Cryptanalysis

Analysis of cryptographic systems, inputs and outputs to derive confidential information, usually without using secret knowledge.

Biochemical Basis

Animals Have: Δ -4, Δ -5, Δ -6, Δ -9 desaturase enzyme Stearate to oleate = Δ -9 desaturase Cats lack Δ -6 desaturase To make: Linoleic Acid (18:2 Δ 9,12), need Δ -12 desaturase Linoleic Acid (18:3 Δ 9,12,15), need Δ -12 and Δ -15 desaturase

Essential fatty acids conversion

Animals can insert double bonds after carbon # 4 -9 and they can add 2 carbon units. •Stearic can be made into oleic. •Linoleic can be made into arachidonic. •Cannot convert oleic to linoleic or linolenic. •Fatty acids always stay in the same family (omega-3 or omega-6)

Worms

Another type of self-replicating malware is the worm; like a virus it is designed to make copies of itself; • Unlike a virus, a worm is a standalone application • Worms spread through network connections, accessing uninfected machines and then hijacking their resources to transmit yet more copies across the network. Worms were invented as a curiosity and have even been suggested as ways of testing networks or distributing software patches across a network; • Even the most 'benign' worm consumes resources and can affect the performance of a computer system.

Hoe botnet is created?

Botnets are created using malware that gives an attacker control over a group of computers and commonly use them to gather information from the computers (e.g., usernames and passwords), Botnets spread through viruses and worms

[9.3] Alice wants to send a confidential message to Bob. They do not have an existing shared secret key. Suppose that Alice and Bob agree to use an asymmetric cipher (RSA). Bob has a public key K_(Bpub) and the associated private key K(Bpriv). What should Bob do with each of these keys to permit people to send confidential messages to him?

Bob should keep his private key K_(Bpriv) secret and make is public key K_(Bpub) public.

Benefits of CLA:

Anti-carcinogenic Anti-obesity Anti-atherogenic Immunomodulatory

Protecting Fat From Oxidative Damage

Antioxidants -Natural: (work in vivo) •Vitamin E •Vitamin A •Citric Acid •Ascorbic Acid Feed antioxidants (added to the feed or fat) •Ethoxyquin (Santoquin) •BHA (butylated hydroxyanisole) •BHT (butylated hydroxytoluene) •TBHQ (tertiary butlyatedhydroquinone) Antioxidants Added to Feed to Protect Against Oxidative Damage to Lipids

Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.

Appetite

Important actions of Eicosanoids

Arachidonic -> Eicosanoids -conversion blocked by aspirin, tylenol, NSAIDS etc.. -inhibit gastric acid secretion -involved in inflammation, pain, body temp -blood pressure, blood clotting -cause smooth muscle contraction --Lutalyse F2a ---induce parturition: sows ---synchronize estrous: cattle, horses

RELATIONSHIP OF CRUDE FIBER TO ENERGY LEVEL (TDN) IN FEED

As Crude Fiber or ADF increases, TDN Decreases

Certificate

Assertion by a trusted third party that a particular public key belongs to a particular entity.

You can assess the relative risk for each of the vulnerabilities by a process called risk ____________________.

Assessment

____________________ are defined as information and the systems that use, store, and transmit information.

Assets

Which is better for key distribution: Symmetric or Asymmetric ciphers?

Asymmetric ciphers. Anyone may know the public key and everyone has their own private key whereas there is only one shared key for symmetric ciphers.

Man-in-the-Middle Attack (MITM)

Attacker positions self between two entities.

Phishing

Attempts to gain credentials to enable access to other resources by masquerading as a legitimate organisation. Usually involves spoofing and social engineering.

[1.4] What is the full name of the organization known as AusCERT?

Australian Computer Emergency Response Team.

[6.1] Which organisations does the Australian Privacy Act 1988 apply to?

Australian Federal government agencies and ACT government agencies

Malware

Automated attacks designed to exploit common vulnerabilities

Cost ____________________ is the process of preventing the financial impact of an incident by implementing a control.

Avoidance

What criteria must the key of a Vernam OTP meet?

Must be: 1. TRULY Random 2. Same length as message 3. Used only once

Botnet is used for what?

Botnets are primarily used to launch attacks against other computers - flood the internet with spam messages - commit fraud against advertisers, and - perform so-called distributed denial of service attacks on companies and governments.

Omega-3 vs Omega-6

Both are polyunsaturated -Omega-6 is high in corn and soy oil -Omega-3 is high in flax (18:3) and fish oil (EPA and DHA). •Omega-3 are made into eicosanoids that are less inflammatory •Omega-3 are needed for brain development •Typical ω-6/ω-3 ratio in our diet is greater than 10 •Should be less than 3

Cipherspec message

Client must send to server. server must return to client. on client receipt, use the previously agreed ciphers and keys from then on

Clock-based tokens

Clock time used as input algorithm. Token and Host clock must be synced.

What does Credential Replay look like?

Cybercriminals hope to access a few accounts by using a large cache of stolen login credentials to access a firm's online accounts.

How do you insert a background image into a web page?

Background images are specified in the CSS style sheet. Choose your selector in the CSS designer panel and go to the background properties. There, you will be able to click the folder for the background-image property.

Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow?

Barricade

A(n) ____________________ is a "value or profile of a performance metric against which changes in the performance metric can be usefully compared."

Baseline

HTTP authentication methods

Basic: browser sends username+password using base64 encoding, security through obscurity. Digest: Hashes credentials with MD5, hashes password URI and timestamp. MD5 is a poor hash, vulnerable to dictionary attacks.

____________________ is the process of seeking out and studying the practices used in other organizations that produce results you would like to duplicate in your organization.

Benchmarking

What is an alternative to using Vername OTP?

Binary additive stream ciphers that don't use TRULY random binary sequence and instead use KEYSTREAM GENERATOR.

Which password attack is typically used specifically against password files that contain cryptographic hashes?

Birthday attacks

[9.4] Alice wants to send a message and an associated digital signature to Bob. Alice has a public key K_(Apub) and the associated private key K_(Apriv). Similarly, Bob has a public key and associated private key. Explain the cryptographic steps necessary for Bob to verify Alice's digital signature.

Bob performing signature verification: i. Bob receives message M and claimed signature SigA(M). ii. Bob inputs SigA(M), M and Alice's public key into signature verification algorithm. iii. If output = Yes then SigA(M) = signature on message M formed by Alice. If output = No, then no assurance that the signature on the message was formed by Alice.

Would you use Vernam OTP to ensure C,I or A?

Confidentiality. - attacker can try all possible keystreams to recover all possible plaintext but has no way to know which is correct.

[3.4] An organization sells their used photocopier at auction without first removing the stored data from the hard drive. Which information security goal will potentially be breached if this data is exposed?

Breach of confidentiality. The original assets are presumably retained by the company. The material on the hard drive is a copy of the originals, but if exposed the information is no longer confidential.

Nuke: Teardrop Attack

Breaks messages into fragments then send packet fragments can't be reconstructed. Target cannot rebuild messages, panics and dies.

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Business Continuity Plan (BCP)

Of the three types of mitigation plans, the _________________________ plan is the most strategic and long term.

Business Continuity or BC

Which of the following is not a characteristic of an alarmed carrier PDS?

Periodic visual inspections

biometric device

authenticates person's identity using personal characteristic... fingerprint, face

access controls

authentication and authorization

preventive control

avoid incident from occuring

C-R token systems

Challenge Response systems. - User request access - System sends challenge - User types challenge in device - User sends display response to host

A(n) ____________________ desk policy requires that employees secure all information in appropriate storage containers at the end of each day.

Clean

Overriding an employee's security ____________________ requires that the need-to-know standard be met.

Clearance

[7.1] Explain how SSH provides server-to-client authentication and client-to-server authentication.

Client authentication: - Public keys, harder to guess - Can associate several keys with single account/computers.

The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) ____.

CBA

Cross-site request forgery

CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf.

_______________ can be used to secure a mobile device.

Cable lock

CSS

Cascading Style Sheets

Measures of Fat Quality

Chain length -Saponification number -Fatty acid profile •Unsaturation -Melting point, titer, hardness (also influenced by chain length) -Iodine value -fatty acid profile: P/S, U/S ratio Stability -Peroxide value -TBARS (measure of rancidity) Moisture, Impurities, Unsaponifiables (MIU) Free fatty acid level

[5.4] Compare the two token-based methods (clock based or counter based). What is a possible advantage of each compared with the other?

Clock-based tokens do not require interaction with the host before authentication takes place. Challenged-based tokens do not require a synchronized clock.

Role

Collection of procedures or jobs that the subject performs.

Multi-factor authentication

Combines multiple authenticator categories

Who is the Commonwealth Privacy Act 1988 applied to?

Commonwealth and ACT government agencies

[1.2] Which information asset was targeted when researchers attacked Jeep Cherokee?

Communications between the cellular network, the car, the entertainment system software and the other control systems for the vehicle.

Uses of RC4

Communications: - SSL/TLS for internet traffic - Wireless networks - IEEE 802.11 Wired Equivalent Privacy (WEP) - IEEE 802.11i WiFi Protected Access (WPA & WPA2)

Logic Bomb

Computer code that lies dormant until it is triggered by a specific logic event.

Internet

Computer network with information and communication facilities of interconnected networks using standardized communication protocols

In order to recover or prevent worm attacks:

Computer with proper password policy Current security update Antivirus or security software Secured shares are protected from infections

Who is Cracker?

Computer-savvy programmer creates attack software

Energy: Outline

Concept in Nutrition Partitioning or Distribution Species differences Energy Density Predicting the requirement -Body weight -Growth -Temperature / activity effects Effect of energy on feed intake Feed efficiency Regulation of feed intake

In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.

Confidential

Securitypolicy - Goals/objectives

Confidentiality

Cryptography is used for which CIA?

Confidentiality Integrity Authenticity

[3.6] Employee finds USB in foyer and accesses it. Outline likely threats.

Content is potentially malicous

Risk ____ is the application of controls to reduce the risks to an organization's data and information systems.

Control

Access control

Controlloing or restricting the use of information assets and/or resouces.

Alert message

Conveys TLS related alerts to other parties. Two levels: Warning - notifies other party that connection may be unstable. Fatal - notifies other party pf unrecoverable error or compromise in security

What is phishing.

Cybercriminals pretend to be a trustworthy source in order to acquire sensitive personal information such as usernames, passwords, date of birth, passport details, and credit card details.

Major risk is a combined function of (1) a threat less the effect of threat-reducing safeguards, (2) a vulnerability less the effect of vulnerability reducing safeguards, and (3) an asset less the effect of asset value-reducing safeguards.

False

Metrics-based measures are generally less focused on numbers and more strategic than process-based measures.

False

There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security.

Dumpster Diving

Mutually exclusive means that all information assets must fit in the list somewhere.

False

Once the organizational threats have been identified, an assets identification process is undertaken.

False

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?

Evil twin

A single loss ____________________ is the calculation of the value associated with the most likely loss from an attack.

Expectancy

One problem with benchmarking is that there are many organizations that are identical.

False

"If you realize you do not know the enemy, you will gain an advantage in every battle." (Sun Tzu)

False

A best practice proposed for a small home office setting is appropriate to help design control strategies for a multinational company.

False

A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

False

A phishing attack "poisons" a domain name on a domain name server.

False

A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.

False

Program-specific policies address the specific implementations or applications of which users should be aware.

False

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

False

A(n) disaster recovery plan dictates the actions an organization can and perhaps should take while an incident is in progress.

False

ALE determines whether or not a particular control alternative is worth its cost.

False

An attacker uses exploit software when wardialing.

False

Protocols are activities performed within the organization to improve security.

False

Authorization controls include biometric devices.

False

CBAs cannot be calculated after controls have been functioning for a time.

False

Comprehensive means that an information asset should fit in only one category.

False

Qualitative-based measures are comparisons based on numerical standards, such as numbers of successful attacks.

False

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).

False

Each of the threats faced by an organization must be examined to assess its potential to endanger the organization and this examination is known as a threat profile.

False

Eliminating a threat is an impossible proposition.

False

Every organization should have the collective will and budget to manage every threat by applying controls.

False

Identifying human resources, documentation, and data information assets of an organization is less difficult than identifying hardware and software assets.

False

If every vulnerability identified in the organization is handled through mitigation, it may reflect an inability to conduct proactive security activities and an apathetic approach to security in general.

False

In information security, benchmarking is the comparison of security activities and events against the organization's future performance.

False

Information security managers and technicians are the creators of information.

False

Internal benchmarking can provide the foundation for baselining.

False

Criminals

Create & sell bots -> generate spam Sell credit card numbers, etc...

Non-repudiation

Create evidence that action has occurred, so user cannot falsely deny the action later.

Webpage spoofing

Creating a fake webpage that looks like the page for a legitimate business to trick users.

Hybrid Cryptosystems

Cryptosystems can be combined 1. Use asymmetric cipher to provide confidentiality for a particular short message: a randomly chosen shared secret key. 2. Symmetric cipher is uses shared secret key for encrypting the bulk data.

Human vulnerabilities

Cyber security training including social engineering, passwords, best practices, etc. We are vulnerable because our information technology is fragile and susceptible to a wide range of threats including: § Natural disasters. § Structural failures. § Cyber attacks. § Human errors. § Human attitude. § Technology failures. § Complex interactions. § Financial constraints. § Lack of expertise. § Out of control technologies and environments.

Know yourself means identifying, examining, and understanding the threats facing the organization.

False

Likelihood risk is the risk to the information asset that remains even after the application of controls.

False

Many corporations use a ____ to help secure the confidentiality and integrity of information.

Data Classification Scheme

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?

Data ownership

Information assets

Data, device or component that supports information related activities. Need to be protected from illicit access, use, disclosure, alteration, destruction and theft.

Which of these is not a state of data that DLP examines?

Data-In process

[9.3] Alice wants to send a confidential message to Bob. They do not have an existing shared secret key. Suppose that Alice and Bob agree to use an asymmetric cipher (RSA). Bob has a public key K_(Bpub) and the associated private key K(Bpriv). Outline the set of steps that Bob must follow to decrypt the ciphertext received from Alice.

Decrypt: 1. Receive ciphertext C 2. Decrypt ciphertext using agreed asymmetric cipher decryption algorithm (RSA) and the key K_(Bpriv) to recover message M where M=D(C, K_(Bpriv)) 3. Decode message (if necessary)

The ____ strategy attempts to prevent the exploitation of the vulnerability.

Defend Control

Denial of Service attacks (DoS)

Deny's authorised users access to the system. UDP Flood, TCP SYN Flood, ICMP Flood, Smurf IP attack. Nuke Attack: Tie computer up.

[CRYPTO] What type of measure if implemented to ensure message maintains integrity?

Detective. You can't prevent it being altered but can check if it has been.

Bomb Calorimeter

Determination of Gross energyof a feed, ingredient, fecal sample Principle: -A known amount of sample is combustedin the reaction chamber and the resultingheat (as measured by the increase in thetemperature in the water bath) is determined. 1 kcal = 1000 calories 1 gram carbohydrate = 4 kcal 1 gram lipid = 9 kcal 1 gram protein = 5-6 kcal 1 gram ethanol = 7 kcal

Energy Partitioning

Determination of Gross, Digestible, Metabolizable Energy is relatively simple -Analyze Feed, feces and urine. Determination of heat increment, heat production and components of net energy is more difficult.

Which is the first step in securing an operating system?

Develop security policy

Which is the first step in securing an operating system?

Develop the security policy

Shodan

Device search engines. Permits searching by IP address, open port, Active protocol, Vulnerability number

Energy Distribution, Partitioning, Utilization Metabolizable Energy (ME)

Digestible Energy (DE) Metabolizable Energy (ME) = digestible E -(urinary+gas energy) Urinary energy -breakdown products of metabolism -urea Gas Energy -methane, hydrogen -used in ruminants -ignored in non -ruminants Corn: DE = 3,451 kcal/kg (as fed) ME = 3,395 kcal/k

Energy Distribution, Partitioning, Utilization Net Energy

Digestible Energy (DE) MetabolizableEnergy (ME) Net Energy (NE) = metabolizableE -heat increment Heat increment = heat production associated with nutrient digestion and metabolismand the heat of fermentation .Heat increment is heat that is wasted or lost to the environment, but may also contribute to body temperature.] Corn:ME = 3,395 kcal/kgNE = 2,672 kcal/kg

Due ____________________ is the demonstration that the organization is diligent in ensuring that the implemented standards continue to provide the required level of protection.

Diligence

The concept of competitive ____ refers to falling behind the competition.

Disadvantage

The practice is similar to eavesdropping but is not limited to gaining access to data

Disclosure or snooping

Management of classified data includes its storage and ____.

Distribution, Destruction, and Portability

[6.1] According to Section 6 of the Australian Privacy Act 1988, what does 'record' mean?

Document or database or photograph or other pictorial representation of a person.

a. in-band key exchange

Elliptic Curve Diffie-Hellman (ECDH) is an example of ______________. a. in-band key exchange b. out-of-band key exchange c. SHA-1 key management d. AES key certification

Securitycountermeasures/mechanisms

Encrypt data • Use DES encryption

[9.3] Alice wants to send a confidential message to Bob. They do not have an existing shared secret key. Suppose that Alice and Bob agree to use an asymmetric cipher (RSA). Bob has a public key K_(Bpub) and the associated private key K(Bpriv). Outline the set of steps that Alice must follow to encrypt a message to send to Bob.

Encrypt: 1. Prepare message M - may include coding it as an integer 2. Encrypt message using agreed asymmetric cipher encryption algorithm (RSA) and the key K_(Bpub) to produce ciphertext C where C=E(M,K_(Bpub)) 3. Transmit ciphtertext C to Bob

Ciphertext (C)

Encrypted plaintext, transformed so the message is now 'hidden'

Caesar Cipher

Encryption = step forward n places in the alphabet. Decryption = step back n places in the alphabet. Secret key = n

Asymmetric Cryptography (Public Key)

Encryption and Decryption Keys are DIFFERENT. and disclosing one does not compromise the other.

Symmetric Cryptography (Secret Key)

Encryption and Decryption Keys are the SAME. Key (K) must be kept secret = has to be distributed or stored securely. Threat of confidentiality breach of key.

Symmetric Cipher (Secret Key Cipher)

Encryption key IS THE SAME AS decryption key (or one key can be easily deduced from the other)

Example of Preventative controls

Encryption of files

Is energy an essential nutrient?

Energy can come from CHO, AA or Fat. -CHO free diet ? -Fat free diet ? -Protein free diet? 25 lb pig -Eating 1.0 kg feed (corn / soy diet with 20% CP) -Gaining 0.5 kg per day

Availability

Ensure resources ACCESSIBLE when required by authorized user.

TCP (Transmission Control Protocol)

Ensure what sent arrives reliably and in order.

Penetration

Entering the system using information discovered up till now

Identification

Entity requesting access presents an identifier to the system

Recent security breaches

Equifax (2017) Wannacry (2017) Yahoo (2016, 2014, 2013)

XXS countermeasures

Escape untrusted data. validate output

Energy

Essential nutrient •Sources: CHO, lipid, protein •Definition: -ability to do work •Measured in terms of heat production

Transport layer

Establishes basic data channels for applications. Uses ports to distinguish between different applications on the same host.

HTTP security

Exposed to interception, no encryption. Poor integrated security.

[6.2] What was the purpose of amending (National Privacy Principles) the Aust. Privacy Act 1988?

Extend coverage of the Privacy Act to the private sector (with some exemptions)

All information that has been approved by management for public release has a(n) ____________________ classification.

External

A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.

FCO

Which type of attack involves the creation of some deception in order to trick unsuspecting users?

Fabrication

Which one of the following is an example of a direct cost that might result from a business disruption?

Facility repair

Operational ____________________ analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.

Feasibility

List the privacy legislation in Australia

Federal - Commonwealth Privacy Act 1988 - Privacy Ammendment (Private Sector) Act 2000 - Privacy Amendment (Enhancing Privacy Protection) Act 2012 State - Information Privacy Act 2009 (QLD)

Energy Utilization

Feed (gross energy) -fecal = Digestible Energy (DE) -Urinary (and gas) energy = Metabolizable (ME) -heat increment = Net energy (NE) -maintenance + production NEm + NEp

Energy Distribution, Partitioning, Utilization Digestible Energy

Feed= gross energy Feces = fecal energy Digestible Energy (DE) = Feed energy -fecal energy DE can be used to describe the diet or ingredients in the diet.Corn: GE = 3,933 kcal/kg (as fed)' DE = 3,451 kcal/kg

FTP

File Transfer Protocol

The military uses a ____-level classification scheme.

Five

Reconnaissance

Footprint, Scan and Enumerate. Aim is to find attack vectors

Why is access control important

Fundamental aspect of information security because unauthorised access to resources or authorised users misuing resources can compromise CIA (Confidentiality, Integrity, Availability).

The difference between an organization's measures and those of others is often referred to as a performance ____________________.

Gap

The ____ security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization.

General

Health Issues Related to Fatty Acid Chemistry

General: -Fat has 2.25x the calories of CHO or protein Saturated Fat: -Animal fats, hydrogenated plant oils -Solids at room temperature -Tend to raise serum cholesterol Unsaturated Fats: -Plant oils, fish oil -Liquids at room temperature -Tend to lower serum cholestol -Type of unsaturated is important •Monounsaturated (olive oil) •Trans fat •Omega-3 vs omega-6

Heats of Combustion for Various Nutrients

Glucose 3.74 Sucrose 3.94 Starch 4.18 Cellulose 4.18 Butter 9.1 Corn oil 9.4 Palmitate 9.4 Average Protein 5.65 Casein 5.90 Glycine 3.11 Tyrosine 5.90 Urea 2.52 Ethanol 7.11

Link Layer

Governs communication between adjacent nodes in a network. Knows how to pass a message to a MAC address

______ allows for a single configuration to be set and then deployed to many or all users.

Group policy

______________ allows for a single configuration to be sent and then deployed to many or all users.

Group policy

[5.2] List four basic properties of hash functions.

H1: The message can be any length but the hash value is always a fixed length. H2: H(M) is one-way - you can compute the hash value from the input message but you can't compute the input message from the hash value H3: H(M) is collision resistant - it's hard to find distinct messages with the same hash value H4: If you make a small change in the message the hash value majorly changes

[4.1] Resource Owners

Have responsibility for the resource objects, control them, give access privileges and implement access control mechanisms.

Heat Increment

Heat increment is highest for fiber (fermentation heat) Lowest for fat.

[5.8] Can you think of an example where it is more important that the false match rate must be very low?

High security where critical only authorized user allowed. Better to lock out authorized than allow unauthorized.

Gap time

How long between each key press

Dwell time

How long each key is pressed on keyboard

Behavior Control Firewall Technique

How services are used. Limits web. Filters spam.

Daily Energy Intake

Human: 2500 (2000-3000) kcal/day Pigs: -Typical diet = 3200-3400 kcal/kg -Growing pigs: 10 Mcal/d (3 kg feed/d) -Lactating sow: 20-40 Mcal/d (6-12 kg feed/d) Horse: -13-20 Mcal/d -Forage (1.8-2.1 kcal.kg) + Concentrate (3.0-3.4 Mcal/kg)

Essential Fatty Acid Requirements

Humans: -Some references indicate Linoleic Acid and Linolenic are essential -Others include archidonic acid -Some may also include EPA and DHA -Elongation/desaturation limited in infants (add ARA, DHA to formula) Primates: -DHA shown to be essential for nervous tissue and retina Cats: -Linoleic acid relieves many symptoms of EFA deficiency -Arachidonic acid needed to normalize reproduction in female cats -Diet should contain 0.5% Linoleic acid and 0.02% Arachidonic Horses: -There are no reports of EFA deficiencies -Recommend 0.5% Linoleic Acid Poultry: -No establish requirements for Linolenic Ruminants: -No direct measures of EFA requirements in ruminants -Evidence suggests that typical diets are adequate

HTML

Hypertext Markup Language

HTTP

Hypertext Transfer Protocol

Firewall Limitations

IP spoofing, each app needs special treatment, outside machines need to know about gateway, can't blacklist everything. Communication vs Security

The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the ____ plan.

IR

b. Alice's public key

If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? a. Alice's private key b. Alice's public key c. Bob's public key d. Bob's private key

FIN Scanning

If port is in LISTEN, no reply. If port is closed, responds with reset.

How many keys are required in asymmetric cryptography?

If there are n participants then you need a total of n key pairs.

Fatty Acid Profile

In non-ruminants, the tissue fatty acid profile reflects the diet the animal was fed.It is possible to significantly modify the type of fatty acid by changing diet.

Ciphers used for confidentiality

In storage: Microsoft's Encrypting File System, BitLocker Being transmitted: SSL/TLS, IPSec, WEP, WPA Processing: Crypto not good for hiding information when it is being processed.

[5.8] How can you reduce FMR?

Increase threshold.

Breach of Availability

Information assets are not accessible when required by an authorised entity.

Breach of Integrity

Information assets have been modified or destroyed by unauthorised entity.

Breach of Confidentiality

Information is disclosed to unauthorised entities.

[6.1] According to Section 6 of the Australian Privacy Act 1988, what does 'personal information' mean?

Information or an opinion, whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from information or opinion.

[6.1] What sort of privacy is the Australian Privacy Act 1988 concerned with?

Information or data privacy.

[6.1] According to Section 6 of the Australian Privacy Act 1988, what does 'sensitive information' mean?

Information or opinion about an individuals: - racial/ethnic origin - political opinion/membership - religion - philosophic beliefs - membership of trade union/professional assoc. - sexual preference - criminal record - health info - genetic info

Oral Contraceptives are Steroid Hormones

It is estimated that 11 million women in the US take oral contraceptives. Types: -Combination •Estragen+ Progestin ( levonorgestalor Norethindrone) -Progestin only -Levonorgestal: •Dose is 100-250 μg /day or 30μg/day depending on type•binding affinities at human steroid hormone receptors are: 323% that of progesterone at the progesterone receptor, 58% that of testosterone at the androgen receptor, 17% that of aldosterone at the mineralocorticoid receptor, 7.5% that of cortisol at the glucocorticoid receptor, and <0.02% that of estradiol at the estrogen receptor. -EthinylEstrogen 20-100 μg /day It would take the equivalent of 10,000 quarter pound burgers to provide the same dose per day.

[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files. It is likely that CryptoLocker used hybrid encryption. Explain how it may have done so and why.

It is likely CryptoLocker used RSA and AES together in a hybrid encryption, since RSA public key encryption is much slower than symmetric ciphers.

What is an ste file used for?

It is used to quickly open your site without having to specify your local site folder and remote publishing information each time you open DreamWeaver

Which statement about a man trap is true?

It monitors and controls two interlocking doors to a room

Which statement about mantrap is true?

It monitors and controls two interlocking doors to a room

Why would you not use Vernam OTP?

Key Management. - Same keystream is required to encrypt and decrypt and you can't reuse keys. Must be able to distribute and store key securely. If you can do this securely you may as well send/store the original message securely.

Is key distribution an issue for asymmetric cryptography?

Key distribution is not an issue. Anyone may know the public key and everyone has their own private key.

Which of the following is NOT a Microsoft Windows setting that can be configured through a security template?

Keyboard Mapping

Which of the following is not a Microsoft Windows setting that can be configured through a security template?

Keyboard mapping

The residential lock most often used for keeping out intruders is the _______________.

Keyed entry lock

[5.3] Which property of cryptographic hash functions is required in order for S/KEY to be secure?

Knowing any one-time password does not give away the next one-time password. The next password when hashed gives the current password. Hash function must satisfy the one-way property (difficulty inverting them).

Internet bot

Known as web robots, are automated internet applications controlled by software agents § These bots interact with network services intended for people, carrying out monotonous tasks and behaving in a humanlike manner (i.e., computer game bot) § Bots can gather information, reply to queries, provide entertainment, and serve commercial purposes. § Botnet - a network of "zombie" computers used to do automated tasks such as spamming or reversing spamming

[3.4] Is disposing of the used photocopier considered a threat, vulnerability or an attack?

Leaves organisation vulnerable. Threat that unauthorized person can access data. If they gain access then confidentiality breached and security incident occurs. Lack of knowledge and failure in policy of asset disposal = vulnerabilities.

____________________ is the probability that a specific vulnerability within an organization will be successfully attacked.

Likelihood

Essential Fatty Acids Linoleic and a-linolenic

Linoleic (ω-6) = C 18:2 Δ 9,12 -Can be made into Arachidonic •(ω-6)= C 20:4 Δ 5, 8,11, 14 α-Linolenic (ω-3)= C18:3 Δ 9, 12,15 -Can be made into: •EPA* (ω-3) 20:5 Δ5, 8, 11,14,17 •DHA* (ω-3) 22:6 Δ4, 7, 10, 13,16,19

Nomenclature

Linoleic Acid: CH3(CH2)4CH=CHCH2CH=CH(CH2)7COOH Delta: Δ (18:2 Δ 9,12) -count from carboxyl end Omega: ω (18:2 ω-6) or "n" (18:2 n-6) -count from methyl end Ex: Oleic Acid= C 18:1 cis-9, Δ-9, or ω -9

Conjugated Linoleic Acid

Linoleic acid (18:2, cis-9, cis-12) is an essential fatty acid and has a methylene-interrupted arrangement of double bonds (unconjugated). C9=C10-CH2-C12=C13- CLA is a mixture of positional (8/10, 9/11, 10/12, 11/13) and geometric (cis/trans, trans/cis, c/c, t/t) isomers of linoleic acid with double bonds in a conjugated diene arrangement. -CH2-C9=C10-C11=C12-C13-CH2-

Logic Bombs

Logic Bomb: Malware logic executes upon certain conditions. The program is often used for otherwise legitimate reasons. Examples: • Software which malfunctions if maintenance fee is not paid. • Employee triggers a database erase when he is fired.

Which type of denial of service attack exploits the existence of software flaws to disrupt a service?

Logic attack

____ addresses are sometimes called electronic serial numbers or hardware addresses.

MAC

MITM Fabrication

MITM creates information and sends it claiming to be someone else.

MITM Modification

MITM modifies the information then sends it.

Classes of Nutrients

Macronutrients: -Water -Carbohydrates (energy) -Lipids (energy) -Proteins / Amino Acids (energy) Micronutrients: -Minerals -Vitamins

Computer Virus

Malicious computer code that, like its biological counterpart, reproduces itself on the same computer.

Malware

Malicious software deliberately designed to breach security of computer based information systems. Can affect CIA depending on payload action.

How does Malware work?

Malicious software is created to damage/disable computer systems, steal data, or gain unauthorized access to networks or computing resources.

What's the impact of Malware?

Malware can delete files or directory information, or it may allow attackers to covertly gather personal data, including financial information, and usernames and passwords.

Polymorphic Malware

Malware code that completely changes from its original form whenever it is executed.

How does Malware happen?

Malware may be installed on a computer when a user clicks an unsafe link, opens an infected file, or visits a legitimate website that could contain adware/malware.

Oligomorphic Malware

Malware that changes its internal code to one of a set number of predefined mutations whenever it is executed.

Ransomware

Malware that encrypts users computer files and demands a payment to permit decryption e.g. Breaking Bad computer ransomware demanded $1000 to decrypt files it infects.

Ransomware

Malware that prevents a user's device from properly operating until a fee is paid.

Metamorphic Malware

Malware that rewrites its own code and thus appears different each time it is executed.

Network vulnerabilities

Man in the middle attacks, Router attacks, Ethernet traffic sniffing, DNS attacks

Spoofing

Masking the source of a communication (phone or email) to look like a reputable source (e.g. government, call within a company, etc.).

What is Spoofing?

Masking the source of a communication (phone or email) to look like a reputable source (e.g. government, call within a company, etc.).

Formulating Diets for Livestock and Poultry

Meeting the energy requirement: -Cattle: DE, TDN, NEG -Dairy: DE, NEL -Horses: DE, TDN -Pigs: DE,ME, NE -Poultry: ME, AME, TME

[9.4] Why is symmetric cryptography alone unable to provide non-repudiation?

Message authentication using a MAC only shows that one of the parties who knows the shared secret key formed the MAC (for example shopper and merchant), and a third party (judge) will not be able to decide which of those two parties performed the action.

Diffie-Hellman Key Agreement Algorithm

Method for securely exchanging cryptographic keys over a public channel. - Uses modular exponentiation - Relies on difficulty of discrete logarithms for security (g^b)^a = g^(ab) mod p (g^a)^b = g^(ab) mod p

Vulnerabilities

Mistakes in programs that allow bad things to happen Biggest vulnerability: USERS Cross site scripting, Cross site request forgery, cookie injection

The ____________________ control strategy attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.

Mitigation

[9.2] What sort of mathematics is required to perform Diffie-Hellman key agreement?

Modular exponentiation: integer exponentiation over a finite set of integers. The modulus is a prime number.

Which of the following is not a motion detection method?

Moisture

Fat Quality

Moisture, Impurities, Unsaponifiables -(MIU index) -Has little direct effect on nutritional value of fat -Collectively, they dilute the energy Moisture: -high level can accelerate oxidation and rancidity Impurities: -Dirt, hair, protein Unsaponifiables: -Sterols, other hydrocarbons that are not saponified -Usually not digestible Free Fatty Acid (FFA, %) -Measures fatty acids not esterified to glycerol -Heat and moisture increase [FFA] -May also come from soapstock added back to feed (cottonseed, soybean oil processing) -FFA have reduced digestibility Total Fatty Acids (TFA): -Typical triglyceride is 10% glycerol and 90% fatty acid

Layered Security

Most sensitive information is accessed by the least number of people. Internal access controls are placed on data. Cheaper and simpler than perimeter security. Widely used in business

Distributed Denial of Service (DDoS)

Multiple compromised machines sends too many legitimate requests for computer to handle. Attacking machine completes three way handshake. No IP spoofing. Attacker uses zombies to make many legitimate requests. Master is the attackers machine. Handlers are zombies that have 1000 agents. Agents perform the DDos itself.

What is NOT a commonly used endpoint security technique?

Network firewall

[9.2] One problem with Diffie-Hellman key agreement is that each entity has no assurance about the identity of the entity they are communicating with. What sort of attack is possible as a result of this problem and what impact does this have on the security of subsequent communications?

No authentication means Man-In-the-Middle (MIM) attack is possible. - MIM can establish keys with sender and receiver and send messages pretending to be either of them. - Communications aren't really secure: Attacker can view and modify communications so Confidentiality and Integrity can be breached.

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

No technology infrastructure

Conversion of Dietary Fat to Body Fat

Non-ruminants: (pig, chicken, dog, cat, human, horse, fish) -"You are what you eat" -Feeding unsaturated fat in the diet results in unsaturated fat in body tissues Ruminants: (cattle, sheep, deer) -Biohydrogenationconverts UNSAT to SAT -Difficult to change the fatty acid profile of meat and milk from ruminants

What is P = D(C,Kpriv)?

Notation for asymmetric decryption. Plaintext = Decryption (Ciphertext, Private Key)

What is C = E(P,Kpub)?

Notation for asymmetric encryption. Ciphertext = Encryption (Plaintext, Public Key)

Perimeter Security

Nothing leaves unless explicitly authorized. All information is checked at perimeter. Used in contexts where any leaked information is bad. Government, Military. Expensive and complex.

SSL (Secure Sockets Layer)

Now called TLS (Transport Layer Security)

Denial of Service (DoS) Attack

Objective is to make an information asset or resource unavailable to authorised user.

Attacks

Occur when vulnerabilities are deliberately exploited.

[9.1] How many keys are required for two people to communicate confidentially using symmetric cipher?

One shared key is required.

____ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.

Operational

Behavioral feasibility is also known as _________________________.

Operational Feasibility

Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?

Opportunity cost

Transmission Control Protocol (TCP)

Optimized for reliability. Connection oriented protocol. Make two way channel between hosts. Handshaking protocol to secure connection.

User Datagram Protocol (UDP)

Optimized for speed

Plaintext (P)

Original message or data

What's the impact of Credential Replay?

Our client's account is compromised, and the cybercriminal can quickly re-use their credentials to access other accounts, and steal additional funds and confidential data before detection.

Security Concepts

Owners, usefulness, availability, assets, Risk, threat, vulnerability, exploit, countermeasures, attackers

Physiological Fuel Values (PFV)

PFV = ME values -CHO = 4 kcal/g -Fat = 9 kcal/g -Protein = 4 kcal/g •Used on food labels for calculation of Calories

c. non-repudiation

Proving that a user sent an email message is known as ______________. a. repudiation b. integrity c. non-repudiation d. availability

personal identification number

PIN

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?

Parallel test

Objects

Passive entities in the system that contain or receive information. Objects are repositories of information such as disks, files and datasets. Objects are the resources being accessed.

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?

Payment Card Industry Data Security Standard (PCI DSS)

Which one is not a typical baseline configuration?

Performing a security risk assessment

Attacker

Person who deliberately attempts to exploit a vulnerability to gain unauthorized access or perform unauthorized actions.

What is the most common form of Social Engineering

Phishing

Link layer

Physical communication layer. Local. Protocol operations: - Ethernet - WLAN (WEP) - ADSL - 3G etc.

Tokens

Physical key, swipe card, ID badge etc. Can generate sequence of one-time passwords.

Binary Additive Stream Cipher

Plaintext, keystream and ciphertext are all streams of bits, combining operation is just XOR (addition modulo 2). - Do NOT provide integrity protection

[7.1] What TCP port is reserved for SSH connections?

Port 22

Information security

Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.

Confidentiality

Prevent unauthorized DISCLOSURE of information.

Integrity

Prevent unauthorized MODIFICATION or DESTRUCTION of information.

[CRYPTO] What type of measure is implemented to ensure message is confidential?

Preventative

Need to know principle

Principle of least privilege in the case that the resource is information : only given info you need to perform your job.

privacy

Privacy - Individual or organization cannot be identified with sensitive information. - 25, Bank street, Doha (Public) - Address of Khaled is: 25, Bank street, Doha (Privacy issue) - Anonymity is related to privacy. 16

How do Asymmetric ciphers for integrity work?

Private key = digital signature for a particular message or file. Public key used to verify digital signature on message: - Provides authentication of sender - Since only signer knows private key they are only one who can generate digital signature

Productivity Improvements

Productivity improvements in plant and animal agriculture were done by simple selection for the better producing animals.

The ____ security policy is a planning document that outlines the process of implementing security in the organization.

Program

Trojan horses

Programs with known desirable properties and hidden undesirable property.

Viruses

Programs with the ability to replicate. Spreads by copying itself into other files (infecting) and is activated when these files are open or executables are run.

Worms

Programs with the ability to self replicate. Spread from computer to computer without human interaction.

Amphipathic Lipids

Property whereby regions of a molecule are hydrophobic and regions are hydrophillic. •Types of Amphipathic Lipids -Phospholipids -Free Fatty acids -Free Cholesterol

IP Security (IPsec) - Internet layer

Provides security services at the IP level and is used to provide Virtual Private Network (VPN) services. Network security protocol.

WiFi security (WEP, WPA) - Link layer

Provides security services at the link layer for wireless communication. Network security protocol.

d. perfect forward secrecy

Public key systems that generate random public keys that are different for each session are called __________________. a. Public Key Exchange (PKE) b. Elliptic Curve Diffie-Hellman (ECDH) c. Diffie-Hellman (DH) d. perfect forward secrecy

What folder do you publish to in your astro account

Public_html

Handshaking Protocol

Purpose 1. server authentication 2. negotiation 3. key establishment 4. client authentication (maybe)

[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files. Why does the design of the system make it impossible for users to decrypt the files on their own?

RSA public key was generated by the control server and the RSA private key was never copied to the user's computer, so the user does not have access to the private key to decrypt the files.

[5.8] What does False Match Rate (FMR) mean?

Rate at which biometric measurements from two different persons are incorrectly declared to be from the same person.

[5.8] What does False Non-Match Rate (FNMR) mean?

Rate at which two biometric measurements from the same person are incorrectly declared to be from two different persons.

What are Stream ciphers used for?

Real-time applications where time delays are unacceptable. (They are fast) E.g. 1. Communications, including internet traffic - RC4 2. Mobile telephony - A5/1 and A5/2 in GSM standard 3. Video (pay TV) - Digital Video Broadcasting (DVB) uses Common Scrambling Algorithm

Which group is the most likely target of a social engineering attack?

Receptionists and administrative assistants

Typo Squatting

Redirecting a user to fictitious website based on a misspelling of a URL. also called URL hijacking.

URL hijacking

Redirecting a user to fictitious website based on a misspelling of a URL. also called typo squatting.

Botnet

Refers to a collection of computers autonomously or automatically working together toward some goal; these are often zombie computers that are synchronized to perform illegal activities on the internet ex. money

Information Theft

Refers to the access of information by an unauthorized person for financial gain or benefit

Internet Security

Refers to unique threats and defenses associated with computers connected to the internet

Improving DDos

Reflection attacks and Amplification attacks

Which of the following is NOT an activity phase control?

Resource control

Example of Corrective controls

Restore apps to last known good image to bring corrupted system back online.

Relationship of Intake to Energy Retention

Retained energy = protein and lipid deposition Determined using comparative slaughter technique. Can also be milk production in dairy

[9.4] What is non-repudiation?

Security service that ensures that users cannot falsely deny an action has occurred.

Metamorphic Virus

Rewrites itself into a logically equivalent form. entire virus is rewritten on every infection. Works in a different way, but same results.

Polymorphic Virus

Rewrites itself into a semantically equivalent form. randomly mutates decryption routine. No consistent signature for AV to look for.

____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.

Risk

Which formula is typically used to describe the components of information security risks?

Risk = Threat X Vulnerability

The first phase of risk management is ____.

Risk Identification

____________________ involves three major undertakings: risk identification, risk assessment, and risk control.

Risk Management

____________________ is the process of identifying risk, as represented by vulnerabilities, to an organization's information assets and infrastructure, and taking steps to reduce this risk to an acceptable level.

Risk Management

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?

Risk Management Guide for Information Technology Systems (NIST SP800-30)

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?

Risk survey results

SANS

SANS is one of the he most trusted sources for information security training, certification, and research.

Alien SW

SW running on a comp that users are unaware of and use of valuable system resources and can track your web surfing and other personal behaviors -adware -spramware -cookies

What is NOT one of the three tenets of information security?

Safety

Synchronisation

Same keystream used in same position with respect to plaintext/ciphertext

Unsaturation

Saturated -no double bonds Monounsaturated = 1 double bond Polyunsaturated = 2 or more double bonds Usually in "cis" configuration -"trans" configuration found in rumen microorganisms and in chemical hydrogenation. Position of bonds is important

Cryptographic Key (K)

Secret knowledge

Secure Socket Layer (SSL)

Secure communication method which protects web traffic

Sneaky manipulation of TCP

Send TCP FIN packet, if the port is in LISTEN, no reply. if the port is in CLOSED, responds with reset. no connection attempt made. Send a SYN packet, if port is open, responds with SYN/ACK. You return RESET, no connection.

TCP / UDP

Send data between applications. Both use logical ports tied to an application / protocol. Port 80 is an example

Internet Protocol (IP)

Send data between hosts. Header contains: Source host, Destination Host. IP body contains TCP/UDP data, Application data.

POST DoS

Send many POST requests to server with large content length headers. Send the body of the POST 1 character every 10 to 100 seconds. Server hits active connection limit.

Phishing

Sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.

Record Protocol

Sending: gets application message, breaks it up, encrypts data, transmits in TCP segment. Receiving: decrypted, reassembled then passed to application.

Intrusion Detection System

Senors distributed through network, looking for suspicious activity.

Firewall

Separates trusted and untrusted networks. isolate organizations network from internet. Prevents DoS and only authorized access into network. Limit propagation post infection.

Keylogger

Software or a hardware device that captures and stores each keystroke that a user types on the computers keyboard.

Malware

Software that enters a computer system without the users knowledge or consent and then performs an unwanted and usually harmful action.

[1.4] One of the services provided by AusCERT is a Security Bulletins Service. What sort of information assets do the Security Bulletins relate to?

Software. There are descriptions of vulnerabilities in particular software, sometimes reports that these have been exploited 'in the wild', and some bulletins advise on control measures available.

Threats

Set of circumstances with potential to cause harm to an information asset by compromising stated information security goals.

[7.2] Briefly explain the purpose of the TLS Handshake protocol.

Set up communication

What's the impact of Spoofing?

Similar to the other cyberattacks we've discussed, our client's money is stolen, and they become the victim of fraud and/or identity theft.

Classification

Simple: -Fats and oils: •Esters of fatty acids with glycerol = triglycerides •Fats (solid at room temp), oils (liquid at room temp) -Waxes •Esters of fatty acids with high MW alcohols Complex: -Phospholipids -Glycolipids and other complex lipids Precursor and Derived: -Fatty acids, glycerol, steroids, ketone bodies

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

Simulation test

Macro

Sits on an application with scripting capabilities and opens on run.

What is the technique used for phishing

Social engineering

Backdoor

Software code that gives access to a program or a service that circumvents normal security protections.

Internal Source

Source of threat lies within the organisation. Authorized to use information system.

External Source

Source that lies outside the organisation. Not authorized to use information system.

Trans Fatty Acids

Sources:-Hydrogenated fats Soy oil(liquid) to Crisco(solid) done through Hydrogenation, Heat, and catalyst, H2 Meat and milk from ruminants -Biohydrogenation produces some trans fatty acids

When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____.

Standard of Due Care

AS/NZS 27002:2006 Clause 7 Asset management: 7.1 Responsibility of Assets.

Standard. 7.1.1 Inventory of assets - type, format, location, backup info, license info and business value of all assets 7.1.2 Ownership of assets 7.1.3 Acceptable use of assets - rules for email + internet use, guidelines for use of mobile devices.

AS/NZS 27002:2006 Clause 7 Asset management: 7.2 Information Classification

Standard. 7.2.1 Classification guidelines - classify based on value, legal reqs., sensitivity, criticality - need for sharing/restricted info and assoc. business impact. - classification varies over time = review + reclassify. 7.2.2 Information handling and labelling - procedures for info labelling particularly of sensitive and critical material.

(Property) Physical assets require

Suitable location Physical security mechanisms (gate etc.) Maintenance Monitoring and logging

Which is faster: Symmetric or Asymmetric ciphers?

Symmetric ciphers are much faster because they are less computationally expensive.

Identifying Security Compromises

Symptoms: Antivirus software detects a problem. Disk space disappears unexpectedly. Pop-ups suddenly appear, sometimes selling security software. Files or transactions appear that should not be there. The computer slows down to a crawl. Unusual messages, sounds, or displays on your monitor. Stolen laptop: 1 stolen every 53 seconds; 97% never recovered. The mouse pointer moves by itself. The computer spontaneously shuts down or reboots. Often unrecognized or ignored problems.

Mandatory access control (MAC)

System wide set of rules applied. Central authority assigns attributes to objects and to subjects. - Subjects assigned clearance levels - Objects assigned classification levels

____ policies address the particular use of certain systems.

Systems-specific

Energy Values: Species Differences

Tables of nutrient composition -Amino acids, minerals, vitamins in ingredients are similar for all species. -Amino acid digestibility may differ by species. -Energy values are species specific

[1.2] What do researchers claim to be able to do to the Jeep Cherokee?

Take over the vehicle remotely, control entertainment system, climate control, driving controls via wireless connection.

Examples of Feed Fats

Tallow Choice White Grease Yellow Grease Poultry Fat Animal / Vegetable Blend Quality Criteria: -Moisture, Impurities, Unsaponifiables (< 1-2%) -Titre (melting point, related to Unsat / Sat FA) -Free Fatty Acids (< 2-5%) -Total fatty acids (90% minimum)

Targeted spear phishing email

Target at specific individual, may have background research etc. so know a Douglas a lecturer in info sec and pretend to be looking for a Phd supervisor.

Security ____________________ are the technical implementations of the policies defined by the organization.

Technologies

[3.6] Employee finds USB in foyer and accesses it. Vulnerabilities?

Technology: may not be effective AVS. People: lack education or process for handling unknown usb Process: process for handling or lost property?

b. encrypts the key and the message

The Hashed Message Authentication Code (HMAC) __________. a. encrypts only the key b. encrypts the key and the message c. encrypts only the message d. encrypts the DHE key only

d. provides cryptographic services in hardware instead of software.

The Trusted Platform Module (TPM) ____________. a. allows the user to boot a corrupted disk and repair it b. is available only on Windows computers running BitLocker. c. includes a pseudorandom number generator (PRNG) d. provides cryptographic services in hardware instead of software.

Dumpster Diving

The act of digging through trash receptacles to find information that can be useful in an attack.

b. in the directory structure of the file system

The areas of a file in which steganography can hide data include all of the following EXCEPT_________. a. in data that is used to describe the content or structure of the actual data b. in the directory structure of the file system c. in the file header fields that describe the file d. in areas that contain the content data itself.

Other Security Objectives to Identify Threats/Attacks

There are more "security" objectives - Traceability and Auditing - Monitoring and Surveillance - Security Assurance - that the security goals are met • "information assurance"

Domain Name System Protocol (DNS)

Ties web addresses and IP addresses together. Application protocol that ties domain names and IP addresses together. System creates a DNS request, routed to the DNS server, DNS server returns the IP address of the website.

TOTP

Time-based One-Time Password. Clock based token.

Keystream

Time-varying function of a key.

[5.3] Explain the basic operation of S/KEY in terms of what is computed and stored on the server side.

To authenticate the first time, the client sends Hn-1(w). The server computes the hash of this value and compares it with the stored Hn(w). If it matches, authentication of the client is complete.

[5.3] Explain the basic operation of S/KEY in terms of what is computed and stored on the client side.

To set up the system, begin with the secret w (key) and apply the hash function repeatedly. After the setup Hn(w) is stored on the server.

Heat production

Total heat production = -Heat increment -Net energy for maintenance HP = HI + NEm Determination -Calorimetry •Direct -measure temperature change in chamber •Indirect -measure O2 and CO2, calculate HP

The ____ strategy attempts to shift risk to other assets, other processes, or other organizations.

Transfer Control

Encoding

Transforming data from one form to another using an encoding algorithm. (NO secret key)

Encryption

Transforming data from one form to another using an encryption algorithm and secret key.

Cryptography

Transforming messages into an unintelligible from and recovering them using secret knowledge

Decryption (D)

Transforming the ciphertext back to the original plaintext, using an algorithm and key

Benefit is the value that an organization realizes by using controls to prevent losses associated with a specific vulnerability.

True

Best business practices are often called recommended practices.

True

Replay attack

Valid data transmission is recorded and retransmitted at a later date.

What is Call forwarding?

The cybercriminal has arranged, either through the phone company or a compromised phone, for all calls to our client's home and/or cell phone number to be forwarded to their phone.

call forwarding

The cybercriminal has arranged, either through the phone company or a compromised phone, for all calls to our client's home and/or cell phone number to be forwarded to their phone.

Pharming - Counterfeit Web Pages

The fraudulent practice of directing users to a bogus website in order to obtain personal information

[5.2] Explain the problem with stored hash values that can be addressed by including a random but known salt value.

The limitation with using straight hash values is that where the passwords are the same, the hash values will be also. Using salted hashes, where the salt is a random number and different for every user, is a better option because it disguises the repetition.

risk analysis

The process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it.

Enumeration

The process of identifying low hanging fruit and user accounts. Scanning shows you the doors, enumeration identifies how to get through them safely.

[5.3] Explain the basic operation of S/KEY in terms of what is sent each time the protocol is run.

The server then discards Hn(w) and stores Hn-1(w).

Command and Control (C&C or C2)

The structure by which a bot herder gives instructions to zombies in a botnet.

Defense and control : Example Security Technologies

These technologies may be provided by the infrastructure/platform an application builds on, - Networking infrastructure • which may use SSL - Operating system or database system • providing e.g. access control - Programming platform • for instance Java or .NET sandboxing

Attackers

Those who execute attacks, or cause them to be executed, are called attackers

After identifying and performing the preliminary classification of an organization's information assets, the analysis phase moves on to an examination of the ____________________ facing the organization.

Threats

Asset ____________________ is the process of assigning financial value or worth to each information asset.

Valuation

Trojan Horses

Trojan Horse: Masquerades as a benign program while quietly destroying data or damaging your system. example . Download a game: It may be fun but contains hidden code that gathers personal information without your knowledge. A Trojan disguises itself as an entirely legitimate program (such as a screensaver), but behind the scenes it is causing damage such as, - Allowing someone else to gain control of the computer, - Copying personal information, deleting information, monitoring keystrokes - Using email software to pass itself on to other computers. Unlike viruses and worms, Trojans are not self-replicating, they rely on their apparent usefulness to spread between computers. • SomeTrojansworkinisolation. • Some rely on networks, either to transmit stolen information - such as passwords, bank account details or credit card numbers - or to act as back doors to compromised computers. • Theyallowattackerstobypasstheoperatingsystem'ssecurityfeatures and gain access to data or even control the machine over a network.

A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.

True

A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.

True

A certificate authority should actually be categorized as a software security component.

True

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.

True

A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.

True

A surge protector is an example of a preventative component of a disaster recovery plan (DRP).

True

A(n) exposure factor is the expected percentage of loss that would occur from a particular attack.

True

A(n) qualitative assessment is based on characteristics that do not use numerical measures.

True

An alteration threat violates information integrity.

True

Authentication controls include passwords and personal identification numbers (PINs).

True

Essential Fatty Acids

Typically: -Linoleic (ω-6) = C 18:2 Δ 9,12 -Alpha-Linolenic(ω-3)= C18:3 Δ 9, 12,15 Others: -Arachidonic (ω-6)= C 20:4 Δ 5, 8,11, 14 Can be synthesized from 18:2 -EPA* (ω-3) 20:5 Δ5, 8, 11,14,17 -DHA* (ω-3) 22:6 Δ4, 7, 10, 13,16,19 *Can be synthesized from 18:3, but conversion is inefficient

fraggle attack

UDP variant of smurf attack

MITM Interception

Unauthorized MITM observes the info and transmits it.

MITM Interruption

Unauthorized MITM prevents transmission.

URL

Uniform Resource Locator

IP Address

Unique identifier for a host.

MAC Address

Unique identifier of a networked device

Spam

Unsolicited emails

Who's Script Kiddies:?

Unsophisticated computer users who know how to execute programs

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?

Urgency

Example of Detective controls

Use checksum/MAC to detect data corruption.

[5.3] Give an example of a situation in which S/KEY could be used.

Use for authenticating to a system from an untrusted public computer (Internet café?). Don't want to use a reusable password which may be captured and replayed later.

Secure Shell (SSH)

Used for remote login, file transfer and limited VPN service. Provides public key authentication of servers and clients and encrypted communication.

Anabolic Steroids

Used in cattle to improve growth rate and feed efficiency. •Increase protein deposition, decrease fat. •Rate of return $15:1. •Typically get greater response in steers than heifers. •Not used in dairy, pork, poultry

Address Resolution Protocol (ARP)

Used to associate IP and MAC addresses. Link layer protocol used to associate IP and MAC addresses. See if computer knows IP. If not, broadcast "who is this IP?" Then store IP.

Dynamic Host Configuration Protocol (DHCP)

Used to tell computers where networks are. New machine broadcasts DCHP discovery packet, DNS server returns first hop router. Application layer protocol for managing the network. When you turn your laptop on, DCHP gives your MAC address an IP to use, name and IP of DNS server and IP address for the 'first hop'' router.

[9.4] Why is non-repudiation important for e-commerce?

Useful for resolving a dispute about some action that has occurred. Example: whether a contract was signed or a transaction authorised. Digital signatures provide authentication of the message sender, integrity and non-repudiation, so that is useful for e-commerce.

Which of the following is not an advantage to an automated patch update service?

Users can disable or circumvent updates just as they can if their computer is configure to use vendor's online update service

Which of the following is NOT an advantage to an automated patch update service!

Users can disable or circumvent updates just as they can if their computer is configured to use the vendors online update service!

Shoulder Surfing

Watching an authorized user enter a security code on a keypad.

What does Spoofing look like?

We receive an email from a cybercriminal who impersonates one of our clients and confirms a fraudulent wire transfer request.

Vulnerabilities

Weaknesses in a system that could cause harm to information assets.

Once the inventory and value assessment are complete, you can prioritize each asset using a straightforward process known as ____________________ analysis.

Weighted Factor

In a(n) ____, each information asset is assigned a score for each of a set of assigned critical factor.

Weighted Factor Analysis

a. plaintext

What is data called that is to be encrypted by inputting it into a cryptographic algorithm? a. plaintext b. cleartext c. opentext d. ciphertext

b. SHA-3

What is the latest version of the Secure Hash Algorithm? a. SHA-2 b. SHA-3 c. SHA-4 d. SHA-5

Footprinting questions

What software is the target based on? What language does the target use? How can you communicate with the target?

Tailgating

When an unauthorized individual enters a restricted-access building by following an authorized user.

Masquerade/Spoofing

Where one entity pretends to be another in order to deceive others.

c. RSA

Which asymmetric cryptographic algorithm is the most secure? a. SHA-2 b. BTC-2 c. RSA d. ME-14

d. RSA

Which asymmetric encryption algorithm uses prime numbers? a. EFS b. quantum computing c. ECC d. RSA

Which of these is a list of approved email senders?

White list

Transport Layer Security (TLS)

Widely used security protocol, available to any TCP application. Sits between the TCP/IP layer and the application layer. Requirements: send byte stream and interactive data, set of secret keys for entire connection, exchange certificates as part of protocol

If you use Diffie-Hellman Key Agreement alg. do you have to worry about an attack?

Yes. An attacker can still eavesdrop because their is no authentication. When they establish the key they don't have assurances of who they are communicating with.

OWASP ZAP

Zed attack proxy. Intercept and edit HTTP requests.

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?

Zero-day attack

How can you recover from loss of synchronization?

[RECEIVER] Try keystream offsets or request retransmission

spoofing attack (man-in-the-middle)

a person or program masquerades as another by falsifying data

Conjugated Linoleic Acid (CLA)

a polyunsaturated fatty acid in which the position of the double bonds has moved so that a single bond alternates with two double bonds c-9, t-11 isomer(natural form) has anti-carcinogenic properties.t-10 c-12 isomer found in synthetic forms has anti-obesity effects. Highest in meat and milk from ruminants

data backup

a process in which copies of important computer files are stored in a safe place to guard against data loss

authentication

a security process in which the identity of a person is verified

Nutrient

a substance used by an organism to survive, grow, and reproduce

firewall

a system that prevents a specific type of info from moving between untrusted networks such as the internet and private networks

Cyber crime

a) Technology is the target e.g. hacking, computer viruses, DOS. b) Technology used as tools to enable the offence e.g. Phishing, identity theft, spam.

subject

active entity that requests access to an object or data within an object

proxy server

acts as an intermediary for requests from clients seeking resources from other resources

white box

all background and system information is provided

information security

all processes and procedures designed to protect organizations IS form unauthorized access

Antivirus Software

also known as virus scan software, uses serval techniques to find viruses, worms, and spyware on a computer system; remove them if possible; and keep additional viruses, worms, and spyware from infecting the system

hacker

an individual who subverts computer security without authorization

Hacker

an individual who subverts computer security without authorization tools examples: key logging, packet sniffing, wireless network scanning, social engineering, phishing hacks

something you have

an item such as an ID card, smart card, keychain

heuristic detection

analyse overall structure of code, evaluates coded instruction and logic functions, and looks at type of data within virus or worm

static program analysis

analyse software without actually executing program

conficker worm

another worm with around 10 million infections

threat

any danger to which a system may be exposed

asset

any data, device, or other component of the environment that supports information-related activities

untrusted network

any network external to your organization; wireless is inherently nonsecure

Trusted Network

any network within organization

threat

any potential danger associated with exploitation of vulnerability

malware

any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems

storm worm

anywhere from 1-10 million systems mainly through trickery

administrative control

approved written policies, procedures, standards and guidelines

backup

archived copy of data used to restore original after incident occurs

Interior threats

are networks security security threats that originate from within a network, typically from registered users college students are amongst the most wanted IDs, Why? -bc they have clean credit and more damage can be done because most college students don't check their credit

Polyunsaturated fatty acids:

are susceptible to oxidative damage

SYN flood

attack exploiting vulnerabilities of TCP 3 way handshaking mechanism

phishing

attack method with goal of obtaining personal information, login data, credit card number, or financial data

TLS data transfer problem

attacker can capture and reorder records. solution is to hash sequence number into MAC

Directory Traversal

attacker exploits anything that takes a file path. can use ..\ to access files outside the scope of the program. easily prevented, filter strings. www.example.com..\..\webConf\settings.conf

TLS connection closure problem

attacker forges TCP close segment, one or both parties think there is less data than there actually is. solution is to use record types, type 0: data, type 1: closure.

Network DOS attack

attacker spoof IP.

Nuke attacks

attempt to crash service through exploit in OS.

information security auditing

audit on level of information security in organisation

Biometrics

authenticated person's identity using personal characteristics and retina scans are common dangers and problems of using biometrics

Worm

can replicate itself but does not need a host file moves from system to system through networks rather than by files can be used to delete files, encrypted files, bog down networks, take over computer often move fast: storm worm, con-flicker worm

worm

can replicate itself but does not need a host file. it moves from system to system through networks rather than by files. often moves fast

Nuke: Echo/Chargen loop

character generator protocol: port 19 that sends arbitrary characters to the connecting host. Echo protocol: port 7 that sends back whatever it receives.

What is the name of your local folder

cisweb2

Backdoor / Trapdoor

code designed to make a system simpler to penetrate for a future attack.

Logic/time bomb

code that executes when certain conditions are met

logic bomb

code that would set off a malicious function when specified conditions are met

Malware

code written to cause undesired effects in programs caused by an agent intent on damage. Written with the intent to cause harm

botnet

collection of Internet-connected programs communicating with other similar programs to launch DDoS attack

Phishing Scam

combines both fraudulent e-mail and web sites in order to trick a person into providing private information that can be used for identity theft hard to detect

phishing scam

combines both fraudulent e-mail and websites in order to trick a person into providing private info that can be used for identity theft

viruses, worms, spyware

common forms of malware

hypertext transfer protocol secure

communication protocol for secure communication over computer network

zombie

computer connected to Internet that has been compromised by a hacker and used to perform malicious task

sniffer

computer program or hardware that can intercept and log traffic passing over network

attack tree

conceptual diagram showing how an asset or target might be attacked

network security

concerned with addressing vulnerabilities and threats in computer networks that may or may not be connected to the internet

compliance

conforming to a set of requirements

Wabbit

continually replicating program that aims to exhaust resources

Direction Control Firewall Technique

controls direction of traffic in and out of network. Ingress monitoring and Egress monitoring.

control

countermeasure put into place to mitigate potential risk

internet fraud

crime of deliberately deceiving a person over the internet in order to damage them or obtain property or services unlawfully

identity theft

criminal act of stealing information about a person to assume that person's identity in order to commit fraud or other crimes

Which of these is NOT a state of data that DLP examines

data in-process Data that DLP examines: data in-use data in-transit data at-rest

configuration management database

data repository for information technology organisations

A lock that extends a solid metal bar into the door frame for extra security is the

deadbolt lock

Random Drops

dealing with non spoofed DDoS attacks. Assumes real user will reconnect but zombies won't.

Denial of Service attacks (DOS)

deny resources for legitimate users. Takes up resources until non left for OS.

procedures

detailed step by step tasks that should be performed to achieve a certain goal

stress test

determine stability of a given system or entity

tracking

determine whether source of incident was internal or external

Scanning

determines which of the systems are net accessible . which IP addresses are accessible, any obvious open doors. At its most basic, ping and address to see if its alive, scan the ports to see if they are open. Google the port numbers to get application, google the applications to get vulnerabilities

hacking

devising superficial fixes which are nothing more than auxiliary workarounds for problems

software testing

investigation to provide stakeholders with information about the quality and security of product/service under test

Cross Site Scripting (XSS)

enables attackers to inject client side scripts into web pages viewed by other users. Two main types, stored and reflected. Malicious script stored in the server. Reflected, script is embedded in a URL

cryptography

enables entity to store and transmit data in a form only available only to intended individuals

URL encoding

encodes URL with reserved characters

digital signature

encrypted hash value by sender's private key

tunneling

encrypts each data packet to be sent and places each encrypted packet inside another packet

non-repudiation

enforce someone cannot deny what he/she has done

security administrator

ensure security of environment is performed

certification authority

entity that issues digital certificates

physical control

environmental control of workplace and computing facilities

Online safety practices (experts/non experts)

experts: install software updates, use unique passwords, use two-factor authentication, use strong passwords, use a password manager non experts: use anti software, use strong passwords, change passwords frequently, only visit websites familiar with, don't share personal information

security assessment

explicit study to locate security vulnerabilities and risks

session hijacking

exploitation of valid computer to gain unauthorised access to information or service in computer system

Billion Laughs

exponential attack. XML parser trying to parse 3 gb.

cyber terrorism

extends traditional forms of terrorism to the internet and the web

cyber warfare

extends traditional forms of warfare to the internet and the web

Cyber warfare

extends traditional forms of warfare to the internet and the web, including espionage, psychological warfare, and attacks cyberterrorism

mac

filevault for?

Application Gateways

filter based on application data not just headers. Can see viruses, intrusions and policy violations.

Stateless Filter Firewall

filters packet by packet. Just looks at headers.

regression test

finding defects after a major code change

four pillars of information security

firewall, installing software patches, using security software, & practicing safe, cautious online behavior

corrective control

fixes problems after incident has occurred

software patch

fixes software bugs and flaws and is typically distributed to software users through online software updates

5 page properties you can set up when creating your CSS style sheet

font-family, color, background-color, background-image, text-align, margin, height, padding

CVSS

free and open industry standard for assessing severity of computer system security vulnerabilities

3 types of data backup

full backup: all files in computer selective backup: select which files to backup Three generation backup: preserves three copies of important files incase of system failure or corrupted files restore filed by copying to original location Mac-Time machine Windows- 8-file history

unauthorized access

gaining access to a computer, network, file or other resource without permission; often done with war driving

Unauthorized access

gaining access to a computer, network, file, or other resource without permission

piggybacking

gaining entry to restricted area by "tagging along" with authorised person

security policy

general statement produced by senior management that dictates what role security plays within the organisation

User Control Firewall Technique

gives access to users. Typically, users inside firewall.

need to know

giving access only to information absolutely required to perform job duty

Trojan Horse

greeks vs. trojans seems harmless but carries destructive payload cannot self replicate payload can contain viruses, worms, spyware, backdoors also has RATs

Network Usage Policy

is a document, agreement, or contract that defines acceptable and unacceptable uses of computer and network resourced for a business of organization

Examples of Unauthorized access

hacking into wifi connections, often done in conjunction with war driving interception of communications motivation for hackingL threat, hijacking computers, cyberterrorism, for fun (authorized v. unauthorized hackers and white hat vs. black hat hackers)

Saponification

heating a fat under alkaline conditions -soap making (lard + lye) The Saponification Numberof a fat or oil is defined as the number of milligrams of KOH needed to saponify 1g of fat. Fats with long chain length fatty acids will have a lower number.

A ____ addresses a specific customer situation and often may not be distributed outside that customers organization.

hotfix

A ________________ addresses a specific customer situation and often may not be distributed outside that customer's organization?

hotfix

Webpage address

https://astro.temple.edu/~tuj22891/

What is the full name of my home page?

https://astro.temple.edu/~tuj22891/index.html All About Me, Chandler

[5.4] Briefly explain the operation of a token-based challenge-response system.

i. A challenge is sent in response to an access request. The challenge is generally a number. ii. A legitimate user can respond to the challenge by performing a task which requires use of information only available to the user (and possibly the host). • The response is computed as a cryptographic one-way function of challenge and other info such as key and PIN. iii. User sends the response to the host. If the response is as expected by host, then access is granted.

[5.4] The synchronised one-time password generator is one method to provide user authentication. Describe the operation of the synchronised password generator method using clock-based tokens.

i. The user enters PIN which is used together with clock on token to produce the current value. ii. The value changes for each time period. The user sends the current value to the host. iii. The host computes the same value using the algorithm with inputs: user's ID, PIN and clock value. iv. The host compares the received value with the computed value

risk management

identification, assessment, and prioritisation of risk followed by coordinated and economical application of resources to minimise, monitor, and control the risk

detective control

identify an incident's activities and potentially an intruder

risk management

identify control and minimize impact of threats 1. risk analysis 2. risk mitigation 3. control evaluation

Weaknesses of Dos/DDoS

if flood stops, attack stops. Fix zombies, stop the attack. Attacker's machine can be exposed if not careful.

SYN Scanning

if port is open, responds with SYN/ACK. you return RESET, no connection established.

least privilege

implementation to ensure individuals only accesses need to know resources

improper installation & setup of computer systems

inadequate planning for & control of environment difficulties

errors in computer programming

inadequate planning for & control of equipment malfunctions

accountability

individual must be identifiable and must be held responsible for their action

Covering Tracks

inexperienced attacker leaves evidence. Turn off event logging, clearing event logs, hide malicious files left behind.

File virus

infects some executable and activated on run

something you know

info such as a password or PIN

availability

information must be available to authorised entity

Laws

information security laws seek to protect the civil rights of populations from abuses of information systems and the internet

cross site scripting

inject client-side script into web pages viewed by other users

SQL Injection

injection attack where an attacker can execute malicious SQL statements that control a web applications database.

Trojan Horse

innocent code with malicious code hidden inside. Social engineering since can't spread. Used to escalate privileges.

SQL injection

insert SQL code and run into database server

Spam Injection

inserts spam links into web server. Can divert revenue away from business.

exposure

instance of being exposed to loss

Application Attacks

instead of OS, attack application. Send legitimate traffic maliciously that is guaranteed to get through firewall.

3 types of web page links

internal, external, email

Installing back doors

intruder installs back door to make intrusions easier

Firewall

is a network hardware or software that examines data packets flowing in and sometimes out of a network or computer in order to filter out packets that are potentially dangerous using a firewall is one of the four pillars of information security

Data Backup

is a process in which copies of important computer files are stored in a safe place to guard against data loss data may be lost due to hardware failure, human error, software corruption, hackers, malware, or natural disasters

Authentication

is a security process in which the identity of a person is verified

Encryption

is a security technique that uses high-level mathematical functions and computer algorithms to encode data so that is is unintelligible to all but the intended recipient useful in situations where the information you are storing is confidential or valuable, and there is a possibility that your computer can be accessed by other, lost, or stolen ex. Mac (FileVault) Windows (BitLocker) you can purchase encrypted flash drives

Social Engineering

is an attack in which the perpetrator uses social skills to trick or manipulate a legit employee into providing confidential company info - impersonation - tailgating - shoulder surfing

standard

mandatory activities, actions or rules

Internet fraud

is the crime of deliberately deceiving a person over the internet in order to damage them or to obtain property or services unlawfully

possessed object

item that you must carry to gain access to a computer or facility often used with number password called personal identification number (PIN) 2 step verification

possessed object

item that you must carry to gain access to computer or facility... often used with PIN

Defending against DoS

keep the following updated, AV, OS, software. Firewall set up right. Protocol modification for SYN cookies and random drops. Provide excess bandwidth. Replicated servers. Limit rate of traffic. TCP intercepting firewalls. DDoS scrubbing service.

hacker tools

key-logging, packet-sniffing, wireless network scanning, port-scanning, social engineering

the residential lock most often used for keeping out intruders is the

keyed entry lock

non disclosure agreement

legal contract outlining confidential material, knowledge, or information share between parties that wished to restrict access by third parties

risk

likelihood of a threat agent exploiting a vulnerability and corresponding business impact

Whitelisting

list of acceptable websites/resources/rules. Assumes evil.

Blacklisting

list of banned websites/resources/rules for firewall to reject.

Password choice

longer passwords provide greater security keep passwords secret do not write it down change it frequently

Anti Virus Behavior Blocking

look for suspicious behavior and stops it.

Connection Table

maintained by firewall of list of active TCP connections.

trojan horse

malware that disguises as another program

Virus

piece of self-replicating software program that infects a computer without the user knowledge or permission attaches to a host can be downloaded, emailed, and picked up by removable storage devices (flash drives) embeds itself intro programs, files, and devices used to destroy data or keep systems from working

virus

piece of self-replicating software program, that attaches to a host, that infects a computer w/o the users knowledge or permission. it is used to destroy data or keep systems from working

ICMP Flood

ping flood. Solved by disallow ICMP packets from outside the network.

Buffer Overflows

poorly written programs that kills servers, return error messages to attackers and allows attackers to run own code on machine.

NMap

port scanning software. Gets information of the machine

vulnerability

possibility the system will be harmed by a threat

information security

practice of defending information from unauthorised access, use, disclosure, disruption, modification, perusal inspection, recording or destruction

three-generation backup

preserves three copies of important files

confidentiality

preventing disclosure of information to unauthorised individuals or systems

risk

probability a threat well impact an info resource

authentication

process of confirming the truth of an attribute of a datum or entity

screening

process of disqualifying candidates using detailed examinations

risk analysis

process of understanding impact and criticality of risk

authorisation

process of verifying that a particular identity is permitted to perform a particular action

Worm

program that copies itself through a network. Standalone program that doesn't attach to other files. Operates through networks. Have to be caught early. Slow down traffic to halt worm.

fuzzer

providing invalid, unexpected, or random data as input for a computer program

reverse proxy

proxy server that appears to be ordinary server to clients

guidelines

recommended actions and operational guides when specific standard does not apply

3 image map hotspot tools

rectangle, circle, polygon

risk mitigation

reduce risk to acceptable level to continue conducting business

botnet

refers to a collection of computers autonomously or automatically working together toward some goal

Uniform Resource Locator (URL)

refers to a resource, can also pass data to server. consists of protocol, domain, path, query string

Machine Level Security

refers to actions taken to protect information on a computer that may or may not be connected to a computer network or the internet

machine-level security

refers to actions taken to protect information on a computer that may or may not be connected to a computer network or the internet

permissions

refers to specific access privileges afforded to each network user and each system resource in terms of which files, folder, and drives each user can read, write, & execute

information theft

refers to the access of information by an unauthorized person for financial gain or other benefit

information security

refers to the protection of information systems and the information they manage against unauthorized access, use, manipulation, or destruction, and against the denial of service to authorized users

Information Security

refers to the protection of information systems and the information they manage against unauthorized access, use, manipulation, or destruction, and against the denial of service to authorized users Symantec video states

Permissions

refers to the specific access privileges afforded to each network user and each system resource in terms of which files, folders, and drives each user can read, write, and execute

internet security

refers to the unique threats and defenses associated with computers connected to the internet

wireless security

refers to the unique threats and defenses associated with wireless computer networks war driving

Eicosanoids

regulatory molecules that can be synthesized from omega-3 and omega-6 fatty acids Essential fatty acids are Converted to Eicosanoids

residual risk

remaining risk after placing a control

virus

replicates by inserting copies of itself into other computer programs, data files, or boot sector of hard drive

feasibility study

research activities to verify project worth

user

routinely uses data for work-related tasks

port scanning

searching for open ports of server or host

waredriving

searching for wireless network by person in moving vehicle

Backdoor

secret entry into system

virtual private network

secure, private connection through untrusted network

system hardening

securing a system by reducing surface of vulnerability

black hat

security profession with hacking background

white hat

security professional with info sec skill and knowledge but know hacking background

Wi-fi protected access

security protocol and security certification programs to secure wireless computer networks

log

security relevant chronological record that provide documentary evidence of sequence of activities of an operation, procedure, or event

encryption

security technique that uses high-level mathematical functions and computer algorithms to encode data so that it is unintelligible to all but intended person

trojan horse

seems harmless but carries a destructive payload, cannot self replicate, payload can contain viruses, worms, spyware, backdoors. have RATs

How to import an ste file and what to do when the dialog box pops up asking for a local root folder

select site than manage site and then import the ste file (make sure u have ste file and then select it from your flash drive, double click on your ste file) If pop ups come up you have to navigate to flashdrive find website folder and select your ste and click done,

selective backup

select which files to backup

Virus

self replicating program that installs itself without your consent. Modifies other files. Spread through any medium. Have infection mechanism. Trigger that causes payload to happen. Payload is something bad to happen. Life cycle: Dormancy when virus sits in memory/storage and waits. Propagation when virus replicates. Triggering when a condition is met. Execution is when payload is dropped. Three component models of a Virus - wild component is how much the virus already exists. Damage component is how much damage it could do. Distribution is how quickly it can spread.

Nuke: Land attacks

send a packet with target as both the source and destination. Ties into knot trying to connect with itself.

teardrop attack

send malformed fragments that once reassembled destabilise victim's system

Smurf attack

send many echoes to many smurfs with the source IP as the target. All smurfs send replies packets to target.

ping of death

sending malicious or malformed ping

bluejacking

sending unsolicited messages over Bluethooth or Bluetooth-enabled devices to another Bluetooth-enabled device

Flooding attacks

sends too many packets for targets to handle. Exhausts resources replying to packets.

TLS Weakness

server certificate can be spoofed. NSA has access. TCP/IP not encrypted

CSRF preventions

server should check request headers. anti-CSRF tokens

cryptosystem

set of algorithm required to implement cryptography

public key infrastructure

set of roles, policies, and procedures need to create, manage, distribute, use, store, and revoke digital certificates

7 form components used to collect information online using Google Forms

short answer, multiple choice, drop down, paragraph, check boxes, linear scale, multiple choice grid

DNS poisoning

situation in which DNS server resolves a host name into an incorrect IP address

critical software flaws

software bugs in operating systems can create what?

rootkit

software designed to hide existence of certain process/programs from normal methods of detection

Attacking

the attacker accomplishes their goal

Password problems

the average person has between 7 and 25 accounts they log into every day people report authenticating about 15 times in a typical work day on average 70% of people do not use a unique password for each website around 82% of people have forgotten a password used many don't pick strong passwords

A lock that extends a solid metal bar into the door frame for extra security is the ____________.

the dead bolt lock

security

the degree of protection against criminal activity danger damage and or loss

TLS and SSL

transport layer security and secure socket layer used for credit card purchases and online banking - indicated by HTTPS -form of encryption

honeypot

trap set to detect or deflect attempts at unauthorised use of information systems

digital certificate

type of electronic business card that is attached to internet transaction data to verify the sender of the data

firewalking

ultilises traceroute techniques and TTL values to determine gateway ACL filter and map network

risk acceptance

understand level of risk and not implementing a countermeasure

zero-day vulnerability

undisclosed computer-software vulnerability

something about you

unique physical characteristics such as fingerprints, retinal patters, & facial features

Virus/Trojan/Worm Prevention

update, harden system to only allow some to access, malware awareness.

technical control (logical)

use of software and data to monitor and control access

Redirect

used by routers to tell hosts 'send messages meant for 1.2.3.4 IP to 5.6.7.8"

What is a thumbnail used for in relation to an image gallery?

used to create a uniform and clean look that is a preview for the actual image once u click on the thumbnail (thumbnail size 85)

Ipconfig

used to obtain local information about network IP addresses, MAC address, gateways, DHCP hosts, ect.

antivirus software

uses several techniques to find viruses, worms, & spyware on a computer system; remove them if possible

Unauthorized use

using a computer for unauthorized activities

unauthorized use

using a computer for unauthorized activities

Dorking

using advanced google searches to reveal vulnerable websites

google hacking

using google applications to find security holes in configuration and computer code that websites use

key

value that comprises a large sequence of random bits/numbers/characters

which of the following cannot be used along with fencing as a security perimeter?

vapor barrier

VPNS

virtual private network integrate global connectrivy of internet with security of private network - use encryption to enhance privacy - use tunnelling

Anti virus Sandboxing

virus must decrypt on execution. Run program in virtual environment.

What does Social engineering look like?

• A cybercriminal befriends one of our clients and builds trust over time, until they are able to solicit sensitive information from them. • That information can then be used to commit fraud.

What is Viruses?

• A virus is a piece of software that has been written to insert copies of itself into applications and data and onto crucial parts of a computer's hard disk. • Even where no harm is intended, viruses consume memory, disk space and processing power.

What does phishing look like?

• An email, phone call or text message from a seemingly legitimate email address or number instructs you to click on a link to take action (e.g., "validate your account," "confirm your identity," "access your tax refund", "reset your paswwrod," etc.) • The link brings you to a website requiring you to enter your personal/sensetive/secret information.

Privacy Amendment (Enhancing Privacy Protection) Act 2012 applies to:

• Australian federal government agencies, • ACT and Norfolk Island government agencies, • Private-‐sector businesses with annual turnover > $3million • Private sector health service providers

Authenticity Attack - Fabrication

• Authentication - Information really came from the right person we think it came from - Verification of the identity of the person. • Authenticityattack - Unauthorized assumption of other's identity - Generate and distribute objects under this identity.

Implementing Security Objectives? AAAA

• Authentication - Who are you? - Prove what you claim you are. • Authorization/Access control - Control who is allowed to do what to the information assets - Are you allowed to do this and that? Under which condition(s)? • Auditing - Check if anything went wrong • Action - If so, take action to rectify the 'wrong.'

Access Control to Assets

• Authentication (Prove what you claim you are.) - Submit credentials to access an asset (function, information) • e.g., password, fingerprint, identification card • Authorization (Prove you have permission to do this) - Must be authorized to gain access to specific data, other computing resources. • e.g., file systems, firewalls, application authorization model • Various levels of granularity

Sources of Software Vulnerabilities

• Bugs in the application or its infrastructure - Doesn't do what it should do • access flag can be modified by user input • Inappropriate features in the infrastructure - Does something that it shouldn't do • functionality winning over security • a search function that can display other users info • Inappropriate use of features provided by the infrastructure • Main causes: - Complexity of these features • functionality winning over security, again - Ignorance of developers

Spyware Symptoms

• Changes to your browser homepage/start page. • Ending up on a strange site when conducting a search. • System-based firewall is turned off automatically. • Lots of network activity while not particularly active. • Excessive pop-up windows. • New icons, programs, favorites which you did not add. • Frequent firewall alerts about unknown programs when trying to access the Internet. • Poor system performance.

Security Objectives: CIA Triad

• Confidentiality (or secrecy) - Unauthorized users cannot read information - Ensuring information is disclosed to, and reviewed exclusively by intended recipients / authorized individuals - Authenticity of the user. • Integrity - Ensuring the accuracy and completeness of information and processing methods - Unauthorized users cannot alter/tamper information • Availability - Authorized users can always access to their computing assets (information and functions) - Ensuring that information and associated assets are accessible, whenever necessary, by authorized individuals

Defense and control: Non-IT Related Countermeasures

• Countermeasures can be non-IT related - Physical security of building and computers - Screening of personnel - Legal framework to deter criminals - Training employee.

How does Call forwarding happen?

• Cybercriminals scam the phone company into forwarding phone calls. • They may also use scanners, eavesdrop, clone our client's phone identity, and sell bogus ringtones or other gadgets to access our client's phone.

Attack on Availability

• Destroy hardware (cutting fiber) or software • Modify software in a subtle way • Corrupt packets in transit • Blatant denial of service (DoS): - Crashing the server - Overwhelm the server (use up its resource)

Defense and control : Example Security Technologies (mechanisms/countermeasures)

• Encryption - To ensure confidentiality and integrity - To ensure secure communication and storage. • Access control - To withstand threats related to misbehaving users - Role-based access control (RBAC) - Attribute-based access control (ABAC), etc. • Language-based security - To defeat threats related to misbehaving programs • Memory-safety • Sandboxing - Java, .NET/C#

Computer Defense Today

• Encryption • Multiple controls: - System Perimeter: Defines „inside/outside" - Preemption: Attacker scared away - Deterrence: Attacker could not overcome defenses - Faux Environment (e.g. honeypot, sandbox): attack deflected towards a worthless target (but the attacker doesn't know about it!) - Layered Defense * Multilevel defense * Defense in depth (ideal!): a concept in which multiple layers of security controls are placed through redundancy • Software controls • Hardware controls • Policies and procedures • Physical controls.

How does Credential Replay happen?

• If the cybercriminal is not stealing these credentials themselves, they can easily purchase large numbers of stolen login credentials from the dark web. • These large volumes of credentials typically come from data breaches (e.g. Yahoo, Verizon, LinkedIn, etc.).

What is Credential Replay

• Most people re-use passwords and usernames (aka 'credentials'). • Cybercriminals obtain these login credentials, test them in large numbers against financial institutions' websites to find matches, and then request fraudulent fund transfers. • Alternatively, they may resell this information to other cybercriminals to make a profit. • Those cybercriminals may then use this information to commit fraud.

How does Social engineering happen?

• Often cybercriminals contact victims by phone, email, or through social media.

Methods of Defense

• Prevention - Measures to stop breaches of security goals - Prevent attackers from violating security policy • Detection - measures to detect breaches of security goals - Detect attackers' violation of security policy • Deter attack - Make attack harder (can't make it impossibleL) • Deflect attack - Make another target more attractive than this target • Reaction - measures to recover assets, repair damage, and persecute (and deter) offenders - Continue to function correctly even if attack succeeds • Good prevention does not make detection & reaction redundant - Breaking into any house with windows is made impossible - Despite this prevention, detection (CCTV) & reaction (Alarm) still deter burglars.

Public vs. privacy

• Public - Already a matter of public record or knowledge - Freely distributed and accessible by anyone. • Privacy - Personal information (often called PII - personally identifiable information) - Information that can NOT be used on its own or with other information to identif contact, or locate an individual, or to identify an individual in context. - Privacy is strongly related to confidentiality, but these two are not same. - Identity information, financial records, healthcare records, etc. - Internal plans and other operating information that should not be made public

security evaluation

• Security Capability Maturity Model • The Orange Book • Common Criteria Standard • NICE • The Rainbow Series

What is NOT a Security Issue

• Software may crash • Networks may go down • Hardware components may fail • Human operator may make mistake • Any failures not attributed to some deliberate human actions • Accidental failures would count as reliability issue • Operating mistakes might be a usability issue • Security is concerned with intentional failures • It is a people problem, cannot be solved by technology alone.

Spam

• Spamming is the abuse of electronic messaging systems to send unsolicited, undesired bulk messages • Spam media includes: • e-mail spam (most widely recognized form) • Instant messaging spam • Usenet newsgroup spam • Web search engine spam • Spam in blogs • Mobile phone messaging spam

. Stakeholders • Assets • Stakeholders own assets • Threats to assets • Attack to assets • Mechanisms/Countermeasures • Vulnerability

• Stakeholders - owners, individual, companies,... • Assets - data, functionality, service, software,... • Stakeholders own assets - medical data is owned by patient • Threats to assets - intention to erase, steal, modify,... • Attack to assets - already erased, stolen, modified,... • Attackers who pose threats or launched attacks to assets - employees, clients, script kiddies, criminals, anyone,... • Mechanisms/Countermeasures to protect assets - encryption, password,... • Vulnerability is the weakness in the mechanisms/countermeasures - weak password,...

Integrity Attack - Tampering With Messages

• Stop the flow of the message • Delay and optionally modify the message • Release the message again

What's the impact of Social engineering?

• The criminal commits fraud, steals our client's money, and then they disappear.

How does phishing happen?

• The cybercriminal masquerades as a legitimate source (e.g., financial institution employee, client, banker) • You believe the request is from a trusted source and you unwittingly oblige when they ask you for your personal information.

How does Spoofing happen?

• There are easy tools available to cybercriminals that help to mask the source/sender. • For example, the cybercriminal can create an email address nearly identical to our client's email address (i.e., off by a character), so that, at-a-glance, the email address appears legitimate. • The cybercriminal is relying on our lack of attention to detail in order to commit the fraud.

Purpose of Botnets

• These botnet attacks might be sending spam emails, or flooding a website with so many requests for content that the server cannot cope, which is known as a denial-of- service attack. • A single piece of malware can cause enormous damage, but when thousands, or even millions of computers run the same program, their effects can be devastating. - The effects of a coordinated attack can mean websites struggle to remain online while the botnet targets their computers. • There are also a number of harmless botnets used for such purposes as the Internet Relay Chat (IRC) text messaging program, but the vast majority are created by malware.

Eavesdropping - Message Interception (Attack on Confidentiality)

• Unauthorized access to information • Illicit copying of files and programs • Packet sniffers and wire tappers - A packet analyzer (also known as a packet sniffer) is an act that can intercept and log traffic that passes over a network. - Packet sniffer is the process of intercepting and logging traffic. - As data streams flow across the network, the sniffer captures each packet - The sniffer decodes the packet's raw data, finding the values of various fields in the packet - The sniffer also analyzes data content of the packet to understand the values of information. - This can be with specific objective or without any objective.

Unsaturated Fatty acids: Essential Fatty acids (EFA)

•Definition of an essential nutrient: -Cannot be synthesized in sufficient amounts to support normal growth or life -It or a derivative of it must have some essential biological function. •Essential fatty acids are essential because: -Animals cannot insert the double bonds in the right location -EFA are metabolized to a group of compounds called eicosanoids that have essential biological functions. -EFA are also important in cell membrane structure as part of phospholipids


Related study sets

politics of climate change final exam

View Set

Chapter 8: Appendicular Skeleton

View Set

Soft Tissue Chronic/ Overuse Injuries

View Set

Chapter 2: The Founding & The Constitution

View Set

Lights, Camera, Business Unit 1 Review

View Set

Chapter 23 - Nursing Assessment: Integumentary System

View Set