Security Plus Part 4

Ace your homework & exams now with Quizwiz!

Allows all of the subdomains to use the same public key certificate and have it displayed as valid.

Wildcard Certificate

A commercial disk editor

WinHex

Standard used PKI for digital certificates and contains the owner/users info and the certificate authority's information.

X.509

Each tap is used once per day for two weeks and then the entire set is reused.

10 Tape Rotation

People are more willing to comply with a request when they think its coming from someone in authority.

Authority

A digital forensics platform and graphical interface

Autopsy

Technique used by an attacker to find two different messages that have the same identical hash digest.

Birthday Attack

(Authentication Header) - Protocol used in IPSec that provides integrity and authentication.

AH

(Automated Indicator Sharing) - Used to share important threat data Uses STIX and TAXII

AIS

A technique where data is generalized to protect the individuals involved

Aggregation/Banding

Encryption algorithm where different keys are used to encrypt and decrypt the data.

Asymmetric Encryption (Public Key)

Public key cryptography and uses two key are using for each method. One key is to encrypt it and another is decrypt it.

Asymmetric encryption is also know as what?

Breaks the input into fixed-length blocks of data and performs the encryption on each block. used in software solutions

Block Cipher

A shared immutable ledger for recording transactions, tracking assets and building trust.

Blockchain

(Business Impact Analysis) - How do things impact our business.

BIA

(Business Partnership Agreement) - Two businesses that establishes the conditions of their relationship.

BPA

When a malicious individual leaves malware-infected removable media such as a USB drive or optical disc lying around in plain view.

Baiting

(Browser Exploration Framework)

BeEF

When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.

Diversion Theft

(Center for Internet Security) - Configuration guidelines for hardening benchmarks and sets of cybersecurity best practices

CIS

(Cyber Security Framework) - Made by NIST to hep organizations manage cybersecurity risks. 1. Identify 2. Protect 3. Detect 4. Respond 5. Recover

CSF what are the five category functions?

(Cyber Security Incident Response Team) - Is the single point of contact for security incidents.

CSIRT

(Certificate Signing Request) - Is submitted to the Certificate authority to request a digital certificate.

CSR

The entity that issues the certificate to a user

Certificate Authority

An online list of digital certificates that the certificate authority has revoked.

Certificate Revocation List (CRL)

Digitally-signed electronic documents that bind a public key with a users identity.

Certificates

The structured way of changing the state of a computer system, network or IT procedure.

Change Management Policy

Is an algorithm which performs the encryption or decryption.

Cipher

Removal of data with a certain amount of assurance that it cannot be reconstructed.

Clearing

Two or more servers working together to perform a particular job function.

Cluster

A site that has tables, chairs, bathrooms and possibly some technical items like phones and network cabling. Has no computers or servers yet.

Cold Site

Condition that occurs when two different files create the same hash digest.

Collision

Data that could affect the government if leaked out

Confidential Data

Highest classification level of data that could impact a company greatly if leaked out to the public.

Confidential Data

A protocol is tricked into using a lower quality version of itself instead of a higher quality version.

Downgrade Attack

Due Diligence - Ensuring IT infrastructure risks are known and managed properly. Due Care - Mitigation actions that an organization takes to defend against the risks that have been uncovered during due diligence.

Due Diligence And Due Care

protects citizens from the government and companies from lawsuits

Due Process

Is Asymmetric encryption Algorithm used for mobile devices and low-power computing devices.

ECC

The method and tools used to create forensically sound copy of data from a hard disk.

Data Acquisition

Responsible for handling the management of the system on which the data sets are stored.

Data Custondian

covering up of data so know one can read it.

Data Masking

A senior (executive) role with ultimate responsibility for maintaining the CIA of the information asset.

Data Owner

Focused on the quality of the data and associated metadata.

Data Stewart

Methods and technologies that remove identifying information from data before it is distributed.

Deidentification

Only conducts a backup of the contents of a drive that has changed since the last full backup. Take more time to create but less time to restore.

Differential Backup

A hash digest of a message encrypted with the senders private key to let the recipient know the document was created and sent by the person claiming to have sent it.

Digital Signature

Provides two independent zones with full access to the data (RAID 10)

Disaster-tolerant RAID

are short lived and used in key exchange for WPA3 to create perfect forward secrecy.

Ephemeral keys

Requires each agency to develop document and implement an agency wide information systems security program to protect their data.

FISMA

Are popular Forensic Tools

FTK and EnCase

A secondary server can take over the function when the primary one fails.

Failover Cluster

Protects against the loss of the array's data if a single disk fails (RAID 1 and RAID 5)

Fault-resistant RAID

Protects against the loss of the array's data if a single component fails (RAID 1, RAID 5, RAID 6)

Fault-tolerant RAID

The use of threats or demands to intimidate someone into helping you.

Fear

All the contents of a drive are backed up.

Full Backup

(Gramm-Leach-Bliley Act) - Affects, banks, mortgage companies, loan offices, insurance companies, investment companies and credit card providers.

GLBA

(GNU Privacy Guard) - A newer and updated version of the PGP encryption suite that uses AES for its symmetric encryption functions.

GPG

Three sets of backup tapes are defined as the son (daily), the father (weekly), and the grandfather (monthly).

Grandfather-Father-Son

Provides regulations that govern the security of information during the election and voting process.

HAVA of 2002

A one-way cryptographic function which takes an input and produces a unique message digest.

Hashing

An attempt at deceiving people into believing something that is false when it is true or vice versa.

Hoax

An encryption method that allows calculations to be performed on data without decrypting it first. used in cloud

Homomorphic Encryption

A near duplicate of the original site of the organization that can be up and running within minutes.

Hot Site

Utilizes asymmetric encryption to securely transfer a private key that can then be used with symmetric encryption.

Hybrid implementation

A TCP/IP protocol that authenticates and encrypts IP packets and effectively securing communications between computers and devices using this protocol. Uses IKE to create a secure tunnel by encrypting the connection between authenticated peers.

IPSec

(Interconnection Security Agreement) - An agreement for the owners of two IT systems to document what technical requirements each organization must meet.

ISA

1. Informations systems 2. The controls to protect those systems 3. Adding privacy on top of everything

ISO 27001 ISO 27002 ISO 27701

Os is the de facto standard for IT service management

ITIL

Only conducts a backup of the contents of a drive that have changed since the last full or incremental backup.

Incremental Backup

Taking data about someone and using it against them. Can be used for Hybrid Warfare

Influence Campaign

Servers are clustered in order to share resources such as CPU, RAM and hard disks.

Load-balancing Cluster

A scam in which a person is tricked into paying or for a fake invoice for a service or product that they did not order.

Invoice Scam

A Linux command line utility for querying and displaying logs from journald, the systemd loggin service on Linux

Journalctl

Occurs when a secure copy of a user's private key is held in case a user accidentally loses their key.

Key Escrow

Refers to how an organization will generate, exchange, store, and use encryption keys.

Key Management

A specialized type of software that allows the restoration of a lost corrupted key to be performed.

Key Recovery Agent

A technique that is used to mitigate a weaker key by increasing the time needed to crack it.

Key Stretching

(Layer 2 Tunneling Protocol) - A connection between two or more computers or devices that are not on the same private network. HAS NO Encryption and is paired with IPSec to provide security. Port 1701

L2TP What Port does it use?

The business or organizations legal counsel responsible for mitigating risk from civil lawsuits.

Legal

A person in your company with legal knowledge that works directly with law enforcement

Liaison

A technique the social engineer attempts to find common ground and shared interests with their target.

Likability

(Message Digest 5) - Algorithm that creates a fixed length 128 bit hash value.

MD5

(Memorandum of Understanding) - A non biding agreement between two or more organizations to detail an intended common line of action.

MOU

(Maximum Tolerable Downtime) - the longest period of time a business can be inoperable without going out of business.

MTD

The time between System Failure to System Failure.

Mean Time Between Failures

Time of a system running and then failing

Mean Time of Failure (MTTF)

Time from failure to repair

Mean Time to Repair (MTTR

Data describing other data

Metadata

(Non-Disclosure Agreement) - Agreement between two parties that defines what data is confidential and cannot be share outside of the relationship.

NDA

a vulnerability scanner used to scan computers or networks for vulnerabilities

Nessus

(Online Certifcate Status Protocol) - A protocol that allows you to determine the revocation status of a digital certificate using its serial number.

OCSP

A stream cipher that encrypts plaintext information with a secret random key that is the same length as the plaintext input.

One-Time Pad

Are the steps an analyst should follow when collecting evidence.

Order of volatility

Signals that are sent between two parties or two devices that uses a different path or method from the primary communication.

Out of band communication

(Pretty Good Privacy) - An encryption program used for signing, encrypting, and decrypting emails. Uses the IDEA algorithm

PGP

An entire system of hardware, software, policies, procedures and people that is based on asymmetric encryption.

PKI

(Point to Point Tunneling Protocol) - A protocol that encapsulates PPP packets and ultimately sends data as encrypted traffic. Port 1723 uses CHAP based authentication making it vulnerable to attacks.

PPTP What Port is it on?

(Pseudo Random Number Generator) - A simulated random number stream generated by a computer that is used in cryptography, video games and more.

PRNG

A technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LM hash instead of requiring the plaintext password.

Pass the Hash

Generic Specific

Policies are what? and Procedures are what?

A new kind of cryptographic algorithm that is impervious to attacks from quantum computers.

Post Quantum Cryptography

A technical method of social engineering that tricks users into entering their usernames and passwords by adding an invisible string before the weblink they click.

Prepending

Affects U.S. government computer systems that collect, stores, uses or disseminates PII

Privacy Act of 1974

Responsible for the oversight of any PII/SPI/PHI assets managed by the company.

Privacy Officer

Contains data that should only be used within the orginization.

Private Data

Has no impact to the company if released and is often posted in the open source enviroment.

Public Data

Allows an HTTPS website to resist impersonation attacks by presenting a set of trusted public keys to the users web browser as part of the HTTP header.

Public Key Pinning

A record keeping system that maintains participants identities in secure and anonymous form.

Public Ledger

Used to manage negative publicity from a serious incident.

Public Relations

A communications network that relies on qbits made up of photons (light) to send multiple combinations of 1s and 0s

Quantum Communication

A computer that uses quantum mechanics to generate and manipulate quantum bits in order access enormous processing power.

Quantum Computing

Creates a 160 bit fixed output

RIPEMD

(RMF) - Is made by NIST and is used in Federal government systems

RMF

(Recovery Point Objective) - Longest period of time that an organization can tolerate lost data being unrecoverable.

RPO

(Recovery Time Objective) - Length of time it takes after an event to resume normal business operations and activities.

RTO

An enclosure that provides two or more power supplies.

Redundant Power Supply

Used to verify info about a user prior to requesting that a certificate authority issue the certificate.

Registration Authority

Governmental organizations that oversee the compliance with specific regulations and laws.

Regulatory Bodies

(Secure/Multipurpose Internet Mail Extensions) - A standard that provides cryptographic security for electronic messaging.

S/MIME

(Security Association) - Establishment of secure connections and shared security info using certificates or cryptographic keys.

SA

(Subject Alternative Name) - Allows a certificate owner to specify additional domains and IP addresses to be supported.

SAN

Requires any business in California to disclose a breach to the customers.

SB 1386

(Secure Hash Algorithm) - Algorithm that creates a fixed-length 160 bit hash value. Uses a 160 bit output

SHA - 1

Family of algorithms uses 256 bit output

SHA - 2

(Service Level Agreement) - An agreement covering the level of services to be delivered.

SLA

A suite of reports produced during an audit. Trusted Services Criteria Addresses the operational effectiveness of the specified controls over a period of time.

SOC SOC 2 Type 2

(Sarbanes-Oxley) - Affects publicly traded U.S. corporations and requires certain accounting methods and financial reporting.

SOX

Used to create an exploitation website that can perform open port scans in a stealthy manner.

Scanless

Technique that relies on the fear of missing out on a good deal that is only offered in limited quantities or a limited time.

Scarcity

Data that could damage national security.

Secret Data

Executives and managers who are responsible for business operations and functional areas.

Senior Leadership

Data that wouldn't hurt national security if released but could impact those whose data is contained in it.

Sensitive But Unclassified

Might have a minimal impact on the company if released.

Sensitive Data

Single Sided - Only require the server to be validated. Dual Sided - Requires both the server and the user to be validated.

Single Sided and Dual Sided Certificates

Type of backup primarily used to capture the entire operating system image including all applications and data. Used for virtualized systems

Snapshot Backup

People are more likely to click on a link through social media or based on seeing others have already clicked on it.

Social Proof

The science and art of hiding messages within other messages.

Steganography

Uses a keystream generator to encrypt data bit by bit using a mathematical XOR function to create the ciphertext. used in hardware solutions

Stream Cipher

Encryption algorithm in which both the sender and the receiver must know the same secret using a privately held key. Are 100-1000x faster than asymmetric

Symmetric Algorithm (Private Key)

A tool that shows the sequence of file system events within a source image in a graphical format.

Timeline

Data that could gravely damange national security.

Top Secret Data

Three sets of backup tapes (like the (grandfather-father-son) that are rated in a more complex system.

Towers of Hanoi

Tracert - Windows Traceroute - Linux shows you all the hops it takes to get to the ipaddress you put in.

Tracert/Traceroute

Occurs when X trusts Y and Y trusts Z therefore X can trust Z

Transitive Trust

Can be released to the public

Unclassified Data

People are usually in a rush these days and urgency takes advantage of this fact.

Urgency

Phishing users over the phone

Vishing

(Work Recovery Time) - Length of time in addition to the RTO of individual systems to perform reintegration and testing of restored or upgraded system following an event.

WRT

A site that has computers, phones and severs but they might require some configuration before the users can start working

Warm Site

1. Diffie-Hellman 2. RSA 3. ECC

What are the Asymmetric Algorithms?

1. Identification - Ensure the scene is safe, secure the scene to prevent evidence contamination, and identify the scope of evidence to be collected. 2. Collection - Ensure authorization to collect the evidence and then document and prove the integrity of the evidence. 3. Analysis - Create a copy of evidence for analysis and use repeatable methods and tools during analysis. 4. Reporting - Create a report of the methods and tools used in the investigation and present detailed findings and conclusions on the analysis.

What are the Forensic Procedures?

1. DES 2. 3DES 3. IDEA 4. AES 5. Blowfish 6. Twofish 7. RC4 8.RC5 9.RC6

What are the Symmetric ciphers?

1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned

What are the steps of incident response?

RC4

What is a stream cipher?

Uses BER, CER and DER BER - has the ability to multiple encoding types. CER - Restricted version of BER Only allows the use of one encoding type. DER - Restricted version of BER Only allows one encoding type and is used in X.509.

X.690

used for viewing and modifying the local ARP cache on a host or server.

arp

a sandbox enviroment

cuckoo

a command line tool used to transfer data to or from a server using a ton of different protocols.

curl

used to copy disk images

dd command

used for DNS enumeration to locate DNS servers and DNS entities

dnsenum

a python script used to gather information

harvester

linux commands for outputting the first ten lines of a file. Tail - outputs the last ten lines

head and tail

An opensource packet assembler and analyzer for TCP/IP protocol that tests firewalls and networks

hping

used to add messages to the Var/log/syslog file

logger

used for reading from and writing to network connections using TCP or UDP. Can be used for remote shell connections

netcat

A network protocol system created by Cisco that collects IP network traffic as it flows in or out.

netflow

is used to prevent password reuse.

nonce

used to identify the ip address of a DNS name

nslookup/dig

A mulit-platform open source tool that is similar to rsyslog or syslog -ng

nxlog

A quantum bit composed of electrons or photons that can represent numerous combinations of 1s and 0s

qubit

used to view and manipulate the IP routing table on a host or server.

route

used to capture some packets but not all to get an idea of whats going on in the network.

sflow

an automated scanner used to scan for vulnerabilities

sn1per

a command that allows you to capture and analyze network traffic Allows you to edit and replay captured network traffic.

tcpdump and tcpreplay

When a unique token is substituted in for real data.

tokenization


Related study sets

ch. 13 Palliative and End of Life Care

View Set

Unit 3 - Incorrect (Types of Debt Securities)

View Set

PrepU Query Quiz: Perfusion: Preeclampsia

View Set

Hematology Rosh Review/Smarty Pance (in progress question 8 on rosh review first heme assigned)

View Set

Apologia Biology Module 8 Study Guide

View Set