System sec
Although important, security auditing is not a key element in computer security. False Means are needed to generate and record a security audit trail and to review and analyze the audit trail to discover and investigate attacks and security compromises. True Event and audit trail analysis software, tools, and interfaces may be used to analyze collected data as well as for investigating data trends and anomalies. True All UNIX implementations will have the same variants of the syslog facility. False A _______ is conducted to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures. B. security auditA. security audit trailB. security auditC. user-level auditD. system-level audit trail The _________ is logic embedded into the software of the system that monitors system activity and detects security-related events that it has been configured to detect. A. event discriminatorA. event discriminatorB. audit analyzerC. archiveD. alarm processor Data items to capture for a security audit trail include: D. all of the aboveA. events related to the security mechanisms on the systemB. operating system accessC. remote accessD. all of the above With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffected. B. dynamically linked shared librariesA. statically linked shared librariesB. dynamically linked shared librariesC. system linked shared librariesD. all of the above
..
Basic Hardening Measures 1. White-list approved applications2. Patch third-party applications and operating systems vulnerabilities3. Restrict administrative privileges4. Create a defense in-depth system Basic steps used to secure an operating system -Install and patch the operating system-Harden and configure the operating system to adequately address the identified security needs of the system by: removing unnecessary services, applications, and protocols; configuring users, groups, and permissions; configuring resource controls-Install and configure additional security controls, such as anti-virus, host-based firewalls, and intrusion detection systems (IDS), if needed.-Test the security of the basic operating system to ensure that the steps taken adequately address its security needs Virtualization a technology that provides an abstraction of the computing resources used by some software, which thus runs in a simulated environment called a virtual machine (VM) White Listing a control that limits the programs that can execute on the system to just those in an explicit list Security concerns from the use of virtualized systems -Guest OS Isolation-Guest OS monitoring by the hypervisor-Virtualized environment security Application Virtualization allows applications written for one environment to execute on some other operation system Full Virtualization multiple full operating system instances execute in parallel Hypervisor or Virtual Machine Monitor (VMM) manages guest OSs by providing similar hardware interface as that seen by operating systems directly executing on the actual hardware Securing Virtualization Systems -Carefully plan the security of the virtualized system-Secure all elements of a full virtualization solution, including the hypervisor, guest OSs, and virtualized infrastructure, and maintain their security-Ensure that the hypervisor is properly secured.-Restrict and protect administrator access to the virtualization solution Hypervisor Security should be installed in an isolated environment, from known clean media, and updated to the latest patch level in order to minimize the number of vulnerabilities that may be present. Access should be limited to authorized administrators only.
..
IT security management has evolved considerably over the last few decades due to the rise in risks to networked systems. True The assignment of responsibilities relating to the management of IT security and the organizational infrastructure is not addressed in a corporate security policy. False A major disadvantage of the baseline risk assessment approach is the significant cost in time, resources, and expertise needed to perform the analysis. False Maintaining and improving the information security risk management process in response to incidents is part of the _________ step. A. actA. act B. planC. check D. do The advantages of the _________ approach are that it doesn't require the expenditure of additional resources in conducting a more formal risk assessment and that the same measures can be replicated over a range of systems. C. baselineA. combined B. informalC. baseline D. detailed _________ include management, operational, and technical processes and procedures that act to reduce the exposure of the organization to some risks by reducing the ability of a threat source to exploit some vulnerabilities. A. Security controlsA. Security controlsB. Risk appetiteC. Risk controlsD. None of the above
..
Logical security protects computer - based data from software-based andcommunication -based threats Physical security a.k.a Infrastructure security protects the information systems that contain data and the people who use, operate, and maintain the systems -- Must prevent any type of physical access or intrusion that can compromise logical security Physical Security Threats environmental threats, Technical threats, and Human-caused threats Effects of Dust and water on physical security primary danger is an electrical short, A pipe may burst from a fault in the line or from freezing, Sprinkler systems set off accidentally, Floodwater leaving a muddy residue and suspended material in the water -- Often overlooked,Rotating storage media and computer fans are the most vulnerable to damage, andCan block ventilation Technical Threats under-voltage - dips/brownouts/outages, interrupts service -- Over-voltage - surges/faults/lightening, can destroy chips -- Noise - on power lines, may interfere with device operation -- Electromagnetic interference (EMI) Human-Caused Threats less predictable and harder to deal with -- Include: Unauthorized physical access(Information assets are generally located in restricted areas)and (Can lead to other threats such as theft, vandalism or misuse), Theft of equipment/data (Eavesdropping and wiretapping fall into this category) and (Insider or an outsider who has gained unauthorized access), Vandalism of equipment/data, and Misuse of resources
..
Performing regular backups of data on a system is a critical control that assists with maintaining the integrity of the system and user data. T/F True The default configuration for many operating systems usually maximizes security. T/F False Each layer of code needs appropriate hardening measure in place to provide appropriate security services. T/F True A malicious driver can potentially bypass many security controls to install malware. T/F True It is possible for a system to be compromised during the installation process. T/F True _____ applications is a control that limits the programs that can execute on the system to just those in the explicit list. White-listing The most important changes needed to improve system security are to _____. 1. disable remotely accessible services that are not required2. ensure that applications and services that are needed are appropriately configured3. disable services and applications that are not required Security concerns that result from the use of virtualized systems include: 1. Guest OS violation.2. Guest OS monitoring by the hypervisor.3. Virtualized environment security. Once the system is appropriately built, secured and deployed, the process of maintaining security is _____. Continuous The first critical step in securing a system is to secure the _____. Base Operating System The first step in deploying new systems is _____. Planning The following step(s) should be used to secure an operating system: 1. Test the security of the base operating system.2. Remove unnecessary services.3. Install and patch the operating system. Which of the following need to be taken into consideration during the system security planning process 1. how users are authenticated2. the categories of users of the system3. what access the system has to information stored on other hosts Guest OSes are managed by a ________ , or VMM, that coordinates access between each of the guests and the actual physical hardware resources. Hypervisor, virtual machine monitor _______-is a reactive control that can only inform you about bad things that have already happened. Logging The three operating system security layers are: physical hardware, operating system kernel and _________ User Applications and Utilities __________ refers to a technology that provides an abstraction of the computing resources that run in a simulated environment. Virtualization The final step in the process of initially securing the base operating system is_________ security testing Hardening Make more secure Requirements of a TCB (trusted computing base) Isolation (tamper proof), Complete mediation, verifiable (correct) Hypervisor Manages guest OS, aka Virtual Machine Monitor Call Gates System calls used to transfer control between user and system How to isolate user processes from each other? OS uses hardware support and memory protection Memory Management Unit (MMU) Uses page tables to resolve virtual addresses to physical addresses User code cannot access physical resources. T/F True, only system mode's privileged instructions can Virtualization's 4 security layers Physical hardware, Hypervisor/VMM, Guest Os Kernel, User Apps
..
The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations. True Concerns about the extent to which personal privacy has been and may be compromised have led to a variety of legal and technical approaches to reinforcing privacy rights. True The Common Criteria specification is primarily concerned with theprivacy of personal information concerning the individual rather than the privacy of an individual with respect to that individual's use of computer resources. False Computer technology has involved the creation of new types of entities for which no agreed ethical rules have previously been formed. True The success of cybercriminals, and the relative lack of success of law enforcement, influence the behavior of _______. B. cybercrime victimsA. cyber thievesB. cybercrime victimsC. cybercrime actsD. cyber detectives Any intangible asset that consists of human knowledge and ideas is _______. C. intellectual propertyA. cyber propertyB. personal propertyC. intellectual propertyD. real property
..
The security requirements are confidentiality, integrity, availability, authenticity, and accountability The wireless environment consist of three components that provide point of attack wireless client, transmission medium, and wireless access point. A _________________ attack involves persuading a user and an access point to believe that they are talking to each other when in fact the communication is going through an intermediate attacking device man-in-the-middle A ______________________ attack occurs when an attacker continually bombards a wireless access point or some other accessible wireless port with various protocol messages designed to consume system resources denial-of-service (DoS) A __________________ attack targets wireless access points that are exposed to nonfiltered network traffic, such as routing protocol messages or network management messages network injection The principal threats to wireless transmission are disruption, eavesdropping, and altering or inserting messages. Like TKIP, CCMP provides two services message integrity and data confidentiality Two types of countermeasures are appropriate to deal with eavesdropping signal-hiding techniques and encryption The lowest layer of the IEEE 802 reference model is the physical layer The fields preceding the MSDU field are referred to as the MAC header The field following the MSDU field is referred to as the MAC trailer The two services involved with the distribution of messages within a DS are distribution and Integration The 802.11i RSN security specification defines the following services authentication, privacy with message integrity, and access control There are two types of keys pairwise keys used for communication between a STA and an AP and group keys used for multicast communication. pairwise keys used for communication between a STA and an AP group keys used for multicast communication At the top level of the group key hierarchy is the____________ key group master key (GMK),
..
True Misuse of the physical infrastructure includes vandalism, theft of equipment, theft by copying, theft of services, and unauthorized entry. dust A prevalent concern that is often overlooked is ________. False High humidity does not pose a threat to electrical and electronic equipment as long as the computer's temperature stays within the optimal range. Water sensors _______ should be located on the floor of computer rooms as well as under raised floors, and should cut off power automatically in the event of a flood. Human-caused _______ threats are specifically designed to overcome prevention measures and seek the most vulnerable point of attack. Biometrics ______ authentication is implemented by using a fingerprint or iris data object sent from the PIV card to the PACS. True Physical security must also prevent any type of physical access or intrusion that can compromise logical security. Theft Eavesdropping and wiretapping fall into the ________ category. limited A restricted area within close proximity of a security interest has a classification of ______. redundancy The most essential element of recovery from physical security breaches is ____. Vandalism ______ includes destruction of equipment and data. False The optimal temperature for computer systems is between 10 and 32 degrees Fahrenheit. Upgrade to remove ads Only $2.99/month unrestricted An area of a facility that has no security interest is classified as _________. Environmental ________ threats encompass conditions in the environment that can damage or interrupt the service of information systems and the data they contain.
..
What is included in a security policy? comprehensive statement What questions should you ask to determine security factors? is the computer located at a home or office, is there full internet access, is it a pc or laptop What is a security policy? collection of rules, guidelines and checklists What elements should be included in a security policy? define an acceptable computer, identify the people, identify the devices What are four interrelated aspects to physical security? access, data, infrastructure, computers How do you protect the network infrastructure? secured telecommunications rooms, wireless detection, hardware firewalls, and network management What products can be used to protect network devices? software firewalls, intrusion detection, application and OS patches What software applications are available to protect computers from unauthorized access by malicious computer code? virus protection spyware protection, adware protection, grayware protection What is the minimum security requirements for any organization? more than 1 What is hash encoding? ensures that messages are not corrupt or tampered with What are the most popular hashing algorithms? SHA, MD5 What is symmetric encryption? its able to code and decode data Upgrade to remove ads Only $2.99/month What is asymmetic encryption? a private key and public key When is the private key used? when writing messages When is VPN (virtual private network) used? with corrupt LAN What is two factor security? password and BioMetric What are physical security access control measures? lock, conduit, card key, video equipment, secured guard What are BioMetric devices? fingerprints and patterns What is packet filtering? set of rules that allow or deny traffic What tools are used to configure wireless security? WEP, WPA , MAC address filtering, SSID broadcasting, wireless antennae
..
Which of the following testing types is considered an active method of testing security?A. Vulnerability assessmentB. Penetration testC. LanGuardD. Risk assessment B. Penetration test Your company has created data-driven web applications over the last six months for internal use. These applications are designed to ensure that users are authenticated before allowing them to view or modify data in the application. What type of assessment would you recommend as a passive assessment?A. RiskB. ThreatC. Penetration testD. Code review D. Code review Your manager has asked you to assess the security of the network and is not willing to accept any kind of attacks against the production systems. What type of security assessment would you recommend?A. Penetration testB. Design reviewC. Vulnerability assessmentD. Code review C. Vulnerability assessment What type of assessment involves identifying the assets and the threats against those assets?A. Risk assessmentB. Code reviewC. Design reviewD. Penetration test A. Risk assessment Your manager has asked that you perform a penetration test against five servers. What is the first thing you should do after meeting with your manager to get an understanding of what types of attacks are acceptable?A. Crack the passwords.B. Have a legal document drafted.C. Test the plan.D. Buffer overflow attacks. B. Have a legal document drafted. Which of the following tools will help you identify what services are running on the system?A. HoneynetB. SnifferC. Port scannerD. Honeypot C. Port scanner You have configured a system to use as a honeypot and have ensured that you have configured the security on the system so that it is not too easy for a hacker to get in. What else should you configure on the honeypot?A. Have a blank password on the administrative account.B. Configure a Trojan virus.C. Open extra ports on the system.D. Enable logging. D. Enable logging. You wish to assess the passwords that are used on the network and see how easy it is to crack user passwords. What tool will you use?A. John the RipperB. nmapC. LanGuardD. Nessus A. John the Ripper Which of the following tools are considered passive tools?A. John the RipperB. nmapC. Cain & AbelD. Sniffer D. Sniffer Your manager has just heard of a new exploit against SQL Servers and would like to locate the SQL Servers on the 192.168.2.0 network. Which of the following would accomplish this goal?A. ping -t 192.168.2.0B. nmap -sS 192.168.2.0/24 -p 1433C. dig www.gleneclarke.comD. nmap -sS 192.168.2.0/24 -p 3389 B. nmap -sS 192.168.2.0/24 -p 1433 A vulnerability scan is considered a safe assessment method because it uses what type of testing?A. ActiveB. IntrusiveC. PassiveD. Pen-test C. Passive Which of the following tools can be used to crack passwords on a system when performing a penetration test?A. Cain & AbelB. digC. nmapD. nslookup A. Cain & Abel What is the term used for a group of systems that have been configured to lure the hacker away from production systems?A. HoneypotB. LANC. DMZD. Honeynet D. Honeynet Your manager has hired a consultant to perform a penetration test. She asks that you not give the tester any details of the company or the configuration. What type of test is she looking to have performed?A. White boxB. Black boxC. Gray boxD. Juke box B. Black box Which of the following is a penetration-testing toolset that has hacking tools preinstalled for your use during a penetration test?A. LanGuardB. NessusC. BackTrackD. MBSA C. BackTrack
..
wireless devices use collision ............. to avoid data errors avoidance 2 Wireless Networking Modes Ad-hoc mode (peer-to-peer mode)Infrastructure Mode ..................... mode uses one or more WAPs to connect wireless nodes to a wired network segment Infrastructure Mode The first thing you should do when setting up a wirelss router is to change the ........... ............ and the ........... ........... ................ Changedefault password on the WAPService Set Identifier (SSID) Driving around looking for unsecure wireless networks WAR driving / chalking Keys written in hex: 10 and 26 charactersis a characteristic of this type of encryption Wired Equivalent Privacy (WEP) The least effective form of encrytion is ...... WEP This encrytion uses TKIP encryption Wi-Fi Protected Access (WPA) Full security upgrade from WEP and WPA WPA2 (IEEE 802.11i ) Simple way to share data without adding any additional hardware or software. Uses the Infrared Data Association (IrDA) protocolLine-of-sight requiredNo authentication or encryption Infrared wireless networking An example of a Personal Area Networks (PANs) Bluetooth For a wirelss network to be back ward compatiable both networks have to be operating at the same ............ frequency Typical WAP uses an ........-.................. antenna omni-directional
..
To implement a physical security program an organization mustconduct a risk assessment to determine the amount of resources to devote tophysical security and the allocation of those resources against the variousthreats. True Physical security must also prevent any type of physical access or intrusion that can compromise logical security. True For information systems, the role of logical security is to protect the physical assets that support the storage and processing of information False Physical security must prevent misuse of the physical infrastructure that leads to the misuse or damage of the protected information. true Misuse of the physical infrastructure includes vandalism, theft of equipment, theft by copying, theft of services, and unauthorized entry. true Unauthorized physical access can lead to other threats. True Physical access control should address not just computers and other IS equipment but also locations of wiring used to connect systems, equipment and distribution systems, telephone and communications lines, backup media, and documents. True ________ security protects computer-based data from software-based and communication-based threats.A. Infrastructure B. PremisesC. PhysicalD. Logical Logical ________ security provides perimeter security, access control, smoke and fire detection, fire suppression, some environmental protection, and usually surveillance systems, alarms, and guards.A. Premises B. InfrastructureC. LogicalD. Physical Premises ________ includes data processing and storage equipment, transmission and networking facilities, and offline storage media.A. Supporting facilities B. Physical facilitiesC. Information system hardwareD. Infrastructure facilities Information system hardware _______ facilities include electrical power, communication services, and environmental controls such as heat and humidity.A. Supporting B. InformationC. PhysicalD. All of the above supporting Relative humidity should be maintained between ________ to avoid the threats from both low and high humidity.A. 20% and 80% B. 40% and 60%C. 50% and 50%D. 30% and 70% 40% and 60% Eavesdropping and wiretapping fall into the ________ category.A. theft B. vandalismC. misuse D. unauthorized physical access theft An area of a facility that has no security interest is classified as _________.A. unrestricted B. controlledC. limitedD. exclusion unrestricted A restricted area within close proximity of a security interest has a classification of ______.A. exclusion B. controlledC. limitedD. unrestricted limited _________ security, also called infrastructure security, protects the information systems that contain data and the people who use, operate, and maintain the systems. Physical Security Physical security threats are organized into three categories: environmental threats, human-caused threats, and _________ threats. Technical threats Tornados, tropical cyclones, earthquakes, blizzards, lightning, and floods are all types of________ disasters. Natural _________ threats encompass conditions in the environment that can damage or interrupt the service of information systems and the data they contain. Enviromental _______ threats encompass threats related to electrical power and electromagnetic emission. Technical ________ physical threats are more difficult to deal with than environmental and technical threats. Human Caused Human-caused threats can be grouped into the following categories: unauthorized physical access, theft, _________ and misuse. Vandalism Upgrade to remove ads Only $2.99/month A(n) __ ______ is a battery backup unit that can maintain power to processors, monitors, and other equipment and can also function as a surge protector, power noise filter, and an automatic shutdown device. Uninterruptible Power Supply (UPS) The most essential element of recovery from physical security breaches is __________. Redundancy
..
True or False? Although important, security auditing is not a key element in computer security. False True or False? The basic audit objective is to establish accountability for system entities that initiate or participate in security-relevant events and actions. True True or False? Means are needed to generate and record a security audit trail and to review and analyze the audit trail to discover and investigate attacks and security compromises. True True or False? Audit trails are different from audit logs. True True or False? The audit analyzer prepares human-readable security reports. False True or False? The security administrator must define the set of events that are subject to audit. True True or False? Event and audit trail analysis software, tools, and interfaces may be used to analyze collected data as well as for investigating data trends and anomalies. True True or False? According to ISO 27002, the person(s) carrying out the audit should be independent of the activities audited. True True or False? Data representing behavior that does not trigger an alarm cannot serve as input to intrusion detection analysis. False True or False? The first order of business in security audit trail design is the selection of data items to capture. True True or False? Protection of the audit trail involves both integrity and confidentiality. True True or False? The foundation of a security auditing facility is the initial capture of the audit data. True Upgrade to remove ads Only $2.99/month True or False? All UNIX implementations will have the same variants of the syslog facility. False True or False? Thresholding is a form of baseline analysis. True True or False? Applications, especially applications with a certain level of privilege, present security problems that may not be captured by system-level or user level auditing data True Security auditing can:A. Provide data that can be used to define anomalous behaviorB. Maintain a record useful in computer forensicsC. Generate data that can be used in after-the-fact analysis of an attackD. All of the above all of the above A _______ is conducted to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasuresA. Security audit trailB. Security auditC. User-level auditD. System-level audit trail security audit The _________ is logic embedded into the software of the system that monitors system activity and detects security-related events that it has been configured to detect.A. Event discriminatorB. Audit analyzerC. ArchiveD. Alarm processor event discriminator The ________ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trailA. Audit dispatcherB. Audit analyzerC. Audit trail collectorD. Audit provider Audit trail collector The ________ is a module that transmits the audit trail records from its local system to the centralized audit trail collectorA. Audit dispatcherB. Audit analyzerC. Audit trail collectorD. None of the above Audit dispatcher _________ identifies the level of auditing, enumerates the types of auditable events, and identifies the minimum set of audit-related information providedA. Event selectionB. Data generationC. Automatic responseD. Audit analysis Data generation Data items to capture for a security audit trail includeA. events related to the security mechanisms on the systemB. Operating system accessC. Remote accessD. All of the above All of the above _________ audit trails are generally used to monitor and optimize system performanceA. User-levelB. Physical-levelC. System-levelD. All of the above System-level _________ audit trails may be used to detect security violations within an application or to detect flaws in the application's interaction with the systemA. Application-levelB. System-levelC. User-levelD. None of the above Application-level Windows allows the system user to enable auditing in _______ different categoriesA. FiveB. SevenC. NineD. Eleven Nine Severe messages, such as immediate system shutdown, is a(n) _____ severityA. AlertB. EmergC. CritD. Warning Emerg System conditions requiring immediate attention is a(n) _______ severityA. AlertB. ErrC. NoticeD. Emert Alert With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffectedA. Statically linked shared librariesB. Dynamically linked shared librariesC. System linked shared librariesD. D. all of the above Dynamically linked shared libraries ______ is the identification of data that exceed a particular baseline valueA. Anomaly detectionB. Real-time analysisC. ThresholdingD. All of the above Thresholding ______ software is a centralized logging software package similar to, but much more complex than, syslogA. NetScanB. McAfeeC. IPConfigD. SIEM SIEM _________ is a form of auditing that focuses on the security of an organization's IS assets. security auditing A _________is a chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or event in a security-relevant transaction from inception to final results. security audit trail A _______ is an independent review and examination of a system's records and activities. security audit The ________ is an application or user who examines the audit trail and the audit archives for historical trends, for computer forensic purposes, and for other analysis. audit trail examiner The audit _______ are a permanent store of security-related events on a system. archives Monitoring areas suggested in ISO 27002 include: authorized access, all privileged operations, unauthorized access attempts, changes to (or attempts to change) system security settings and controls, and __________. system alerts/failures _______ audit trail traces the activity of individual users over time and can be used to hold a user accountable for his or her actions. user-level RFC 2196 (Site Security Handbook) lists three alternatives for storing audit records: read/write file on a host, write-once/read-many device, and ______. write only device Windows is equipped with three types of event logs: system event log, security event log, and ________ event log. application ______ is UNIX's general-purpose logging mechanism found on all UNIX variants and Linux. syslog Messages in the BSD syslog format consist of three parts: PRI, Header, and ___. Msg The ______ repository contains the auditing code to be inserted into an application. audit ______ is the process of defining normal versus unusual events and patterns. baselining ______ is detection of events within a given set of parameters, such as within a given time period or outside a given time period windowing SIEM software has two general configuration approaches: agentless and ______. agent-based
..
What are some of the key factors contributing to higher security risks with WRLS networks comparied to wireline? + Channel -- wrls network typically broadcast signals; easier to tap and listen+ Mobility -- wrls devices are highly portable+ resources -- wrls devices have limited compute resources to be able to run continuous countermeasures+ Accessibility -- some wrls devices, such as sensors and robots are left unattended and increase risk to physical attacks Accidental Association (Wireless Network Threat) Wireless LANs or wireless access points to wired LANs in close proximity may create overlapping transmission ranges. A user intending to connect to one LAN may unintentionally lock on to a wireless access point from a neighboring network. Malicous Association (Wireless Network Threat) A wireless device is configured to appear to be a legitimate access point, enabling the operator to steal passwords from legit users and then penetrate a wired network through a legitimate wireless access point. Ad Hoc Networks (Wireless Network Threat) Peer-to-peer networks between wireless computers with no access point between them. Such networks can pose a security threat due to a lack of central point of control. Nontraditional Networks (Wireless Network Threat) (i.e. personal network Bluetooth devices, barcode readers, handheld PDAs) Pose a security risk both in terms of eavesdropping and spoofing Identity Theft (MAC Spoofing) (Wireless Network Threat) When an attack is able to eavesdrop on network traffic and identify the MAC address of a computer with network privileges. Man-in-the Middle Attacks (Wireless Network Threat) Involves persuading a user and an access point to believe that they are talking to each other when in fact the communication is going through an intermediate attacking device. Denial of Service (DoS) (Wireless Network Threat) When an attacker continually bombards a wireless access point or some other accessible wireless port with various protocol messages designed to consume system resources. Network Injection (Wireless Network Threat) Targets wireless access points that are exposed to non filtered network traffic, such as routing protocol messages or network management messages. (i.e. attack in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance) Dealing with: Wireless Transmissions, Wireless Access Points, and Wireless Networks Classification of wireless security measures Eavesdropping, Altering or Inserting Messages, Disruption. The principal threats to wireless transmission. Signal Hiding Techniques Make it more difficult for an attacker to locate your wireless access points by: turning off service set identifier (SSID) broadcasting by wireless access points, assigning cryptic names to SSIDs, reducing signal strength to the lowest level that still provides requisite coverage, and locating wireless access points in the interior of the building, away exterior window/walls. Unauthorized Access to the Network The main threat involving wireless access points. IEEE 802.1X Standard for port-based network access control. Provides an authentication mechanism for devices wishing to attach to a LAN or wireless network. Can prevent rogue access points and other unauthorized devices from becoming insecure backdoors. Wireless Network Security Techniques + Use Encryption.+ Use anti-virus and anti-spyware software and a firewall.+ Turn off identifier broadcasting.+ Change the identifier on your router from the default.+ Change your routers pre-set password for administration.+ Allow only specific computers to access your wireless network. Security Threats to Mobile Devices Lack of physical security controls, use of untrusted mobile devices, use of untrusted networks, use of applications created by unknown parties, interaction with other systems, use of untrusted content, use of location services Mobile Device Security Strategy Enable Auto-LockEnable password protectionAvoid auto-complete featuresEnable remote wipeEnsure SSL protection is enabledMake sure that software is up to dateInstall antivirus software Access Point Any entity that has a station functionality and provides access to the distribution system via the wireless medium for associated stations. Basic Service Set (BSS) A set of stations controlled by a single coordination function. Coordination Function The logical function that determines when a station operating within a BSS is permitted to transmit and may be able to receive PDUs. Distribution System (DS) A system used to interconnect a set of BSSs and integrated LANs to create an ESS. Extended Service Set (ESS) A set of one or more interconnected BSSs and integrated LANs that appear as a single BSS to the LLC layer at any station associated with one of these BSSs. MAC Protocol Data Unite (MCDU) The unit of data exchanged between two peer MAC entities using the services of the physical layer. MAC Service Data Unit (MSDU) Information that is delivered as a unit between MAC users. Station Any device that contains an IEEE 802.11 conformant MAC and physical layer. Physical Layer (IEEE 802 Protocol Architecture) Lowest layer of IEEE 802 reference model. Includes functions such as encoding/decoding signals and bit transmission/reception. Includes a specification of the transmission medium. Medium Access Control (MAC) Layer (IEEE 802 Protocol Architecture) A means of controlling access to the transmission medium. This layer receives data from a higher-layer protocol, in the form of a block of data known as the MAC service data unit and performs the following functions:- On transmission, assemble data into a frame known as MAC protocol data unit with address and error detection fields- On reception, disassemble frame, and perform address recognition and error detection- Govern access to the LAN transmission medium MAC Control (MPDU Format) Contains any protocol control information needed for the functioning of the MAC protocol (i.e. priority level) Destination MAC Address (MPDU Format) The destination physical address on the LAN for this MPDU. Source MAC Address (MPDU Format) The source physical address on the LAN for this MPDU. MAC Service Data Unit (MPDU Format) The data from the next higher layer. CRC (MPDU Format) Cyclic redundancy check field. Error-detecting code. IEEE 802.11 Services AssociationAuthenticationDeauthenticationDisassociationDistributionIntegrationMSDU DeliveryPrivacyReassociation Association Establishes an initial association between a station and an access point. Reassociation Enables an established association to be transferred from one access point to another, allowing mobile station to move from one BSS to another. Disassociation A notification from either a station or an access point that an existing association is terminated. Distribution (Distribution of messages within a DS) Primary service used by stations to exchange MCPDUs when the MPDU must traverse the DS to get from a station in one BSS to a station in another BSS. Integration (Distribution of messages within a DS) Enables transfer of data between a station on an IEEE 802.11 LAN and a station that is physically connected to the DS and whose stations may be logically connected to an IEEE 802.11 LAN via the integration service. Takes care of any address translation and media conversion logic required. 1. Discovery2. Authentication3. Key Management4. Protected Data Transfer5. Connection Termination The IEEE 802.11i phases of operation. Discovery Phase (1) An AP uses messages called beacons and probe responses to advertise its IEEE 802.11i security policy. The STA uses these to identify an AP for WLAN with which it wishes to communicate. The STA associated with the AP, which it uses to select the cipher suite and authentication mechanism when the Beacons and Probe Responses present a choice. Authentication Phase (2) The STA (wireless station) and AS prove their identities to each other. The AP blocks non-authentication traffic between the STA and AS until the transaction is successful. The AP does not participate in the authentication transaction other than forwarding traffic between the STA and AS. Key Management Phase (3) The AP and the STA perform several operations that cause cryptographic keys to be generated and placed on the AP and the STA. Frames are exchanged between the AP and STA only. Protected Data Transfer Phase (4) Frames are exchanged between the STA (wireless station) and the end station through the AP. As denoted by the shading and the encryption module icon, secure data transfer occurs between the STA and the AP only; security is not provided end-to-end. Connection Termination Phase (5) The AP and STA exchange frames. During this phase, the secure connection is torn down and the connection is restored to its original state. MPDU Exchange (Authentication Phase) Has Three Phases:1. Connect to AS: The STA sends a request to its AP for connection to the AS. The AP acknowledges this request and sends an access request to the AS.2. EAP Exchange: This exchange authenticates the STA and AS to each other.3. Secure Key Delivery: Once authentication is established, the AS generates a master session key (MSK), also know as the Authentication, Authorization, and Accounting (AAA) Key, and sends it to the STA. BSS (Basic Service Set) The smallest building block of an 802.11 WLAN. ESS (Extended Service Set) Consists of two or more basic service sets (BSS) interconnected by a distribution system. It appears as a single logical LAN to the logical link control (LLC) level. Three Things a Distribution System Can Be 1. Wired Network2. Wireless Network3. A Switch Security Areas addressed by IEEE 802.11 1. Authentication2. Key Management3. Data Transfer Privacy TKIP (Temporal Key Integrity Protocol) A security protocol created by the IEEE 802.11i. Designed to require only software changes to devices that are implemented with the older WLAN security approach (WEP).For message integrity, uses a message integrity code (MIC) to the 802.11 MAC frame after the data field. For data confidentiality, uses RC4 encryption. CCMP (Counter Mode CBC-MAC Protocol) Security protocol created by IEEE 802.11i intended for newer IEEE 802.11i devices that are equipped with the hardware to support it.For message integrity, uses the cipher block chaining message authentication code (CBC-MAC). For data confidentiality, uses CTR block cipher mode of operation with AES for encryption. What are the threats to wireless networks? + Accidental Association+ Malicious Association+ Ad Hoc Networks+ Nontraditional networks+ Identity theft (MAC Spoofing)+ Man in the Middle attacks+ Denial of Service (DoS)+ Network Injection Wired Equivalent Privacy (WEP) An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. WEP has significant vulnerabilities and is not considered secure. Wi-Fi Protected Access (WPA) The original set of protections from the Wi-Fi Alliance in 2003 designed to protect both present and future wireless devices.WPA is a set of security mechanisms that eliminates most 802.11 security issues and was based on the current state of the 802.11i standard Robust Security Network (RSN) A new 802.11i standard for security on wireless networks (2005). Mandated by the U.S. government to replace network equipment using the outdated and insecure WEP method of pre-shared encryption keys. RSN uses Extensible Authentication Protocol (EAP) with temporal keys and port-based access control. What are the 802.11i Services that are supported? + Authentication -- a protocol is used to define an exchange between a user and an AS (authentication server) that provides mutual authentication and generates temporary key between client and the AP over the wrls link+ Access Control -- this function enforces the use of the authentication function, routes the messages properly and facilities key exchange. It can work with a variety of authentication protocols+ Privacy with message integrity - MAC-level data are encrypted along with a message integrity code that ensures that the data have not been altered What are the five phases of RSN (802.11i)? + Discovery+ Authentication+ Key Management+ Protected Data Transfer+ Connection Termination MAC protocol data unit
..
What is cloud computing? A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. The cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models. What are the 5 essential characteristics of the cloud model? Broad network accessRapid elasticityMeasure serviceOn-demand self-serviceResource pooling What are the 3 service models of cloud computing? Infrastructure as a Service (IaaS)Platform as a Service (SaaS) What are the four deployment methods? PublicPrivateHybridCommunity What is board network access? An essential characteristic of cloud computing. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and tablets) as well as other traditional or cloud-based software services. What is rapid elasticity? An essential characteristic of cloud computing. Cloud computing gives you the ability to expand and reduce resources according to your specific service requirement. For example, you may need a large number of server resources for the duration of a specific task. You can then release these resources upon completion of the task. What is measure service? An essential characteristic of cloud computing. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. What is on-demand self service? An essential characteristic of cloud computing. A cloud service consumer (CSC) can unilaterally provision computing capabilities, such as server time and network storage, as needed, automatically, without requiring human interaction with each service provider. Because the service is on demand, the resources are not permanent parts of the consumer's IT infrastructure. What is resource pooling? An essential characteristic of cloud computing. The provider's computing resources are pooled to serve multiple CSCs using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a degree of location independence in that the CSC generally has no control or knowledge of the exact location of the provided resources, but may be able to specify location at a higher level of abstraction (e.g., country, state, or data center). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines (VMs). Even private clouds tend to pool resources between different parts of the same organization. What is software as a service? Software running on and accessible in the cloud. It consist of the application while data, runtime, middleware, OS, virtualization, servers, storage, and networking are managed by cloud provider. Ex. Gmail, Salesforce, GoToMeeting What is platform as a service? Provides customers a platform on which customer's applications can run on. It enables customers to deploy onto cloud infrastructure. It consist of the application and data while runtime, middleware, OS, virtualization, servers, storage, and networking are managed by cloud provider. Ex. Heroku, Microsoft Azure, AppEngine, etc. What is infrastructure as a service? The custimer has access and control of the resources of the underlying cloud infrastructure. It consist of the application, data, runtime, middleware and OS while virtualization, servers, storage, and networking are managed by cloud provider. Ex. AWS EC2, Azure services, etc. What are is a traditional IT/on-premise computing? The customer manages everything from the application to the networking. What are the four most prominent deployment methods? Public cloudPrivate cloudCommunityHybrid What is public cloud? The cloud infrastructure is made available to the general public or large industry group and is owned by an organization selling cloud services. The cloud provider is responsible for the cloud infrastructure and for the control of data and operations within the cloud. All major components are outside the enterprise firewall, located in a multitenant infrastructure where application and storage are made available over the internet via IP and can be free or offered at a pay-per-usage fee. What is a benefit of the public cloud? It is inexpensive and scales well to meet needs. What is a disadvantage of the public cloud? Provide no or lower service-level agreements and may not offer guarantees against data loss of corruption. Therefore principal concern is security. Also lower performance. What is private cloud? A cloud implemented within the internal IT environment of the organization. The cloud could be managed in house or by a third party, and the cloud servers and storage devices may exist on premise, off premise or both. Can deliver IaaS internally through intranet or internet via VPN as well as software or storage as a service. Examples include database on demand, email on demand and storage on demand. What are the benefits of the private cloud? Key motivation is the security as it allows tighter controls over the location of the data storage and other aspects. Other benefits include easy resource sharing and rapid deployment to organizational entities. What is community cloud? A cloud that shares characteristics of private and public clouds. It has restricted access but the cloud resources are shared among a number of independent organizations. The organizations usually have similar requirements and need to exchange data with each other. Ex. health care industry. The infrastructure may be managed by participating organizations or a third party and might exist on premise or off premise. In deploying, cost are spread over fewer users than a public but more than private. What is hybrid cloud? Cloud infrastructure consisting of two or more types of clouds that remain unique entities but are bound together by standardize technology. Can keep sensitive data in private area of cloud and less sensitive can take advantage of the public cloud. Good for smaller businesses as security concerns can be offloaded with cost savings without giving more sensitive data to the cloud. What are the pros and cons of community cloud? It is in the middle, so limited scalability but very secure and high performance and reliable. But somewhat costly. What is a disadvantage of private cloud? It is expensive and hard to scale. What are the pros and cons of hybrid? It can scale well and be very secure. Decent performance and pretty reliable with a medium cost. What is the cloud computing reference architecture? The requirements of what cloud services provide. Not how to design and implement. It is a tool for describing, discussing, and developing a system specific architecture using a command framework of reference. Why did NIST develop the reference architecture? To illustrate and understand the various cloud services in the context of an overall cloud computing conceptual model.To provide a technical reference for CSCs to understand, discuss, categorize, and compare cloud services.To facilitate the analysis of candidate standards for security, interoperability, and portability and reference implementations. What are the five major actors in NIST reference architecture? Cloud service consumer (CSC)Cloud service provider (CSP)Cloud auditorCloud brokerCloud carrier
..
1- Security Risk Assessment critical component of process -- Ideally examine every organizational asset (Not feasible in practice) 2- Baseline Approach goal is to implement agreed controls to provide protection against the most common threats -- Forms a good base for further security measures -- Generally recommended only for small organizations without the resources to implement more structured approaches 3- Informal Approach involves conducting an informal, pragmatic risk analysis on organization's IT systems -- Exploits knowledge and expertise of analyst --Fairly quick and cheap -- Judgments can be made about vulnerabilities and risks that baseline approach would not address -- Some risks may be incorrectly assessed -- Skewed by analyst's views, varies over time -- Suitable for small to medium sized organizations where IT systems are not necessarily essential 4- Detailed Risk Analysis most comprehensive approach -- Assess using formal structured process (Number of stages, Identify threats and vulnerabilities to assets, Identify likelihood of risk occurring and consequences) -- Significant cost in time, resources, expertise -- May be a legal requirement to use -- Suitable for large organizations with IT systems critical to their business objectives 5- Threat anything that might hinder or prevent an asset from providing appropriate levels of the key security services -- Identifiers: Integrity, Availability, Accountability, Authenticity, Reliability, Confidentiality, and Integrity 6- Sources of Threats natural "acts of God", Man-made, and Accidental or deliberate 7- Vulnerability Identification identify exploitable flaws or weaknesses in organization's IT systems or processes --Outcome should be a list of threats and vulnerabilities with brief descriptions of how and why they might occur 8- asset anything that has value to the organization 9- consequence indicates the impact on the organization should the particular threat in question actually eventuate. 10-control a means of managing risk, including policies, procedures, guidelines, practices, or organizational structures, which can be of administrative, technical, management, or legal nature. 10-IT security management a process used to achieve and maintain appropriate levels of confidentiality, integrity, availability, accountability, authenticity, and reliability. It ensures that critical assets are sufficiently protected in a cost-effective manner. 12- likelihood chance that each identified threat could occur and cause harm to some assets. Typically described qualitatively, using values and descriptions. 13- organizational security policy describes the objectives and strategies and the process used to achieve them. It could be either a large document or a set of related document. The intent of the ____ is to provide a clear overview of how an organization's IT infrastructure supports its overall business objectives in general and more specifically what security requirements must be provided in order to do this most effectively. 14- risk combination of the probability of an event and its consequence, being the potential that a given threat will exploit vulnerabilities of an assets to cause loss or damage to the assets. 15- risk appetite the level of risk the organization views as acceptable. This will depend very much on the type of organization and its management's attitude to how it conducts business. 16- risk assessment This process examines assets and the risks to those assets. Aim is to provide management with information necessary for them to make reasonable decisions on where available resources will be deployed. 17- risk register The results of the risk analysis process should be documented in a _______________. This includes the name of the asset, threat/vulnerability, existing controls, likelihood, consequence, level of risk, and risk priority. Risks are usually sorted in decreasing order. threat a potential cause of an unwanted incident, which may result in harm to a system or organization. vulnerability a weakness in an asset or group of assets that can be exploited by one or more threats. threat source where a threat comes from. Can be natural or human-made and may be accidental or deliberate. Natural ____include those referred to as acts of G-d such as damage caused by fire, flood, storm, earthquake. Could be human agent acting either directly or indirectly. level of risk risks with the highest _________ are those that need action most urgently. The _____is determined once the likelihood and consequence of each specific threat have been identified. plan establish security policy, objectives, processes, and procedures; perform risk assessement; develop risk treatment plan with appropriate selection of controls or acceptance of risk. Upgrade to remove ads Only $2.99/month Do implement the risk treatment plan Check monitor and maintain the risk treatment plan Act maintain and improve the informational security risk management process in response to incidents, review, or identified changes. Baseline Approach to risk assessment that aims to implement a basic general level of security controls on systems using baseline documents, codes of practice, and industry best practice. Doesn't require the expenditure of additional resources in conducting a more formal risk assessment. The same measures could be replicated over a range of systems. Informal Approach to risk assessment that involves some form of informal, pragmatic risk analysis for the organization's IT systems. It does not involve the use of a formal, structured process, but rather exploits the knowledge and expertise of the individuals performing the analysis. Detailed Approach to risk assessment that is the most comprehensive. It conducts a _____risk assessment of the organization's IT systems, using a formal structured process. This provides the greatest degree of assurance that all significant risks are identified and their implications considered. Risk Acceptance choosing to accept a risk level greater than normal for business reasons. Typically due to excessive cost or time needed to treat the risk. Must accept responsibility for the consequences to the org should the risk eventuate. Risk Avoidance Not proceeding with the activity or system that creates this risk. Usually results in loss of convenience or ability to perform some function that is useful to the organization. Loss of capability is traded off against reduced risk profile. Risk transfer Sharing responsbility for the risk with a third party. Typically achieved by taking out insurance against the risk occurring, by entering into contract with another organization, or by using partnership or joint venture structures to share the risks and costs should the risk eventuate. Reduce consequence Modifying the structure or use of the assets at risk to reduce the impact on the organization should the risk occur. Could be achieved by implementing controls to enable the organization to quickly recover should the risk occur. Upgrade to remove ads Only $2.99/month Reduce likelihood Implementing suitable controls to lower the chance of the vulnerability being exploited. These could include technical or administrative controls such as deploying firewalls and access tokens. What are the Steps in IT Security Management? + determine the organization's IT security objectives, strategies, and policies.+ performing an IT security risk assessment that analyzes security threats to IT assets within the organization, and determines the resulting risks+ selecting suitable controls to cost effectively protect the organizations IT assets+ writing plans and procedures to effectively implement the selected controls+ implementing the selected controls, including provision of a security awareness and training program+ monitoring the operation, and maintaining the effectiveness, of the selected controls.+ detecting and reacting to incidents Security Risk Management Process, what are the iterative steps? + Plan -- -- establish security policy, objectives, processes, and procedures; -- perform risk assessment -- develop risk treatment plan with appropriate selection of controls or acceptance of risk + Do -- -- Implement the risk treatment plan + Check -- -- Monitor and maintain the risk treatment plan + Act -- -- maintain and improve the information security risk management process in response to incidents, review, or identified changes What are ISO 13335 for approaches to identifying and mitigating risks to an organization's IT infrastructure? + baseline approach+ informal approach+ detailed risk approach+ combined approach risk index The recommended rating rating for a trusted computer system depends on the difference between the minimum user clearance and the maximum information classification.risk index = Max Info Sensitivity - Min User Clearance Risk Appetite The amount of risk a company is willing to accept to achieve its goals and objectives. To avoid undue risk, risk appetite must be in alignment with company strategy. Asset Identification Identify what needs to be protected. Threat Identification A threat is anything that might hinder or prevent an asset from providing appropriate levels of the key security services: confidentiality, integrity, availability, accountability, authenticity, and reliability. Analyze Risk Having identified key assets and the likely threats and vulnerabilities they are exposed to, the next step is to determine the level of risk each of these poses to the organizationRisk analysis involves first specifying the likelihood of occurrence of each identified threat to an asset, in the context of any existing controls. Next, the consequence to the organization is determined, should that threat eventuate.. Lastly, this information is combined to derive an overall risk rating for each threat.Risk = (Probability that threat occurs) X ( cost to organization)
..
A network is simple a group of tow or more computers linked together a newtwork allows users to share software applications and hardware devices Different types of networks transfer different types of data. A computer network can transfer a variety of data including text images video and audio files Different types of newtworks trnasfer different types of data. A computer network such as the PTSN, which stand for public switched telephone network the biggest network of all is the _______ the most profound change is in regard to internet, electronic mail. benfits of newtworks include: a. information charingB. collaborateive enviormentc. hardware sharingd.software sharinge.enchcnaced communication data security and the access is a primrary weakness with many netowrks the secuirty of a computer network is challanged everyday by compueter hackers and vunerabilityto unauthorized equiptment malfunctions virus attacks equiptment malfunctions and system failures are caused by a number of factors including:such as floods or storms, or electrical disturbances such as or black out matural disasters firesa bomb out are people who break into computer systems toservices andinformation such as credit card numbers test data ad even national secuirty information\They can also dataor create and other malicious software that can be shared files. hackers steal info passwords delete viruses the following are some of the other disadvantages of networks indiviual loss of antonmymalicious codenetowrk faultssetup and management costsemail is HRT nesessarily asystemis not vunerable to many of these risks since it does not share standaloneinterconnectionwith other computers the client is asuch as programinternet explorer the server is aand can be one of many types of servers such as a serveraserver, and FTP serverserver, or aserver. When you access the internet using a browser, the browser is theand is used to acess anyserverin the world. this s=access enables he server and the client toand other resources such asorstorage device hardware\maildatabase appwebclientaccessiblecomputershare filesprintersexternal are high-end programs designed to provide network and include special functions for connecting computers and othera network server operating systems control into three popular operating systems include:clinet access tot the can be throughcomputers,devicessystmes and other similar devices microsoft with apple macintosh and unix/linuxvarious or devices handheld game lan an area network most lans connectand other devices such asgeographic area such as an iffice building or a school or home personal comp.workstationprinters and scanners in a limited each device on a network is called a and shares such as a printer node resources.a data base. progrmas a WLAN is anetwork and must contain some type ofdevice such as a cardcard card and network adapter other built in wireless capability Variation wirelessnetwork flash PC USB a WAN covers a geographic area and containcommuncation links across or largemetropolitan regional national the largest WAN is the internet most wan consist of two or more and are connected by LANS Routers/ Upgrade to remove ads Only $2.99/month communcation channels include microwaves or any combination Telephone systems fiber optic satilites in a client/server network one or more computers on the network act as a server which manages netowkr resources a servermabages the printer. It is often on a high-speed computer with considerable space. all the computers on a netwirk are called they share the server resources and other periphal devices such as server network resources database clients hubs firewalls and routers. a hub is a small simple inexpensive that joins multipile computers together users access the server through a and home ,passowrd intranet is designed for the exclusive use of people within an organization extranet is allows specific users outside of the organization to acces internal info internet world wide system which are two of the most popular componets of the internet world web electronic mail in addition to the server and the client, two other catergories of network hardware include communication devicesdevices that connect the network what is a modem? what is its purpose? acronyn convert sugnals to digital what is a cable modem? what is its purpose? to send and recieve data what is a DSL? what is its purpose? internet connection tech, transfer of information what is T-1 line? what is its purpose? type of fiber optic telephone line. what is a WISP? what is its purpose? wireless internet service provides speeds 30 times faster the best way to protect data is the access to it. establishing malnations the most common form of restricting access to data is the use of company. these should be changed frequently so that people who no longer need access are lcoked out company frequently smart password includes Upper and lowers case letgters most password protection is broken by people who gain acess through a shared password or lostthan by anyone guessing your secret code. cheat sheet Never giver out your password other security measures include elec. indentificationfirewallsamti virus software proxy server. when planning for security, use the following guidleines institutereglaraly back up data.employ biometic security/measure what is wifi? wireless internet
..
S/MIME (Secure/Multipurpose Internet Mail Extension) A security enhancement to the MIME Internet e-mail format standard, based on technology from RSA data Security. Enveloped data This function consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients Signed data A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer.The content plus signature are then encoded using base64 encoding. A signed data message can only be viewed by a recipient with S/MIME capability. Clear-signed data As with signed data, a digital signature of the content is formed. Signed and enveloped data Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted. DomainKeys Identified Mail (DKIM) - A specification for cryptographically signing e-mail messages, permitting a signing domain to claim responsibility for a message in the mail stream.- Adopted by a range of e-mail providers, including corporations, government agencies, gmail, yahoo, and many Internet services providers (ISPs) Message User Agent (MUA) - Works on behalf of user actors and user applications.- Representative within the e-mail service Mai Submission Agent (MSA) - Accepts the message submitted by an MUA and enforces the policies of the hosting domain and the requirement of Internet standards.- Located together with MUA or as a separate functional model. Message Transfer Agent (MTA) - Replays mail for one application-level hop.- Packet switch or IP router- trace information to the message header.- SMTP is used between MTAs and between an MTA an MSA or MDA Mail Delivery Agent (MDA) Responsible for transferring the message from MHS to the MS. Message Store (MS) - An MUA can employ a longer-term MS.- located on a remote server or on the same machine as the MUA Administrative management domain (ADMD) an Internet email provider Domain name system (DNS) A directory lookup service that provides a mapping between the name of a host on the Internet and its numerical address. Transport Layer Security (TLS) - Designed to make use of TCP to provide a reliable end-to-end secure service.- Not a single protocol but rather two layers of protocols TLS Connection - a connection is a transport (in the OSI layering) that provides a suitable type of service.- connections are peer-to-peer relationship.- connection are transient.- every connection is associated with one session. TLS Session - an association between a client and a server- created by Handshake Protocol- define a set of cryptographic security parameters, which can be shared among multiple connections.- used to avoid the expensive negotiation of new security parameters for each connection. Record Protocol: Confidentiality The Handshake Protocol defines a shared secret key that is used for symmetric encryption of SSL payloads. Record Protocol: Message Integrity The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC) Change Cipher Spec Protocol - one of the four TLS-specific protocols that use the TLS Record Protocol- it is the simplest- consists of a single message, which consists of a single byte with the value 1.- cause the pending state to be copied into the current state, which updates the cipher suite to be used on this connection Alert Protocols - used to convey TLS-related alerts to the peer entity- alert message are compressed and encrypted- message consists two bytes- first byte takes the value warning (1) or fatal (2) to convey the severity of the message. Handshake Protocol - allow the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an TLS record- used before any application data are transmitted- consists of a series of messages exchanged by client and server. Handshake Protocol: Phase 1 - used to initiate a logical connection and to establish the security capabilities that will associated with it- exchange is initiated by the client, which sends a client_hello message- client waits for the server_hello message, which contains the same parameters as the client_hello message Handshake Protocol: Phase 2 - depends on the underlying public-key encryption scheme that is used.- server passes a certificate to the client, possibly additional key information, and a request for a certificate from the client.- final phase 2 message always required the server_done message which sent by the server to indicate the end of the server hello and associated messages. Handshake Protocol: Phase 3 - receipt of the server_done message- client verify server provided a valid certificate if required and check that that server_hello parameters are acceptable.- if satisfactory, client sends one or more message back to the server, depend on underlying public-key scheme Handshake Protocol: Phase 4 - completes setting up of a secure connection- client sends a change_cipher_spec message and copies the pending Cipherspec into the current CipherSpec HeartBeat Protocol A periodic signal generated by hardware or software to indicate normal operation or to synchronize other parts of a system.- used to monitor the availability of a protocol entity- serves two purpose:+ assures the sender that the recipient is still alive+ generates activity across the connection during idle periods, which avoids closure by a firewall HTTPS (HTTP over SSL) - combination of HTTP and SSL to implement secure communication between Web browner and a Web server.- capability is built into all modern Web browsers- normal HTTP connection uses port 80; HTTPS is specified used port 443, which invokes SSL. IP Security Overview - encompasses three functional areas:+ authentication: assures that a received packet was transmitted by the party identified as the source in the packet header.+ confidentiality: enables communicating nodes to encrypt messages to prevent eavesdropping by third party+ key management: is concerned with secure exchange of keys. Benefits of IPsec - provides strong security that can be applied to all traffic crossing the perimeter.- resistant to bypass if all traffic from the outside must use IP- there is no need to change software on a user or server system when IPsec is implemented in the firewall or router.- IPsec can be transparent to end users- IPsec can provide security for individual users if needed Security Associations (SA) One-way relationship between a sender and a receiver that affords security services to the traffic carried on it. Security parameter index (SPI) - a bit spring assigned to this SA and having local significance only- carried an ESP header to enable the receiving system to select the SA under which a received packet will be processed. IP destination address The address of the destination endpoint of the SA, which may be an end-user system or a network system such as a firewall or router Protocol identifier Outer IP header indicates whether the association is an AH or ESP security association Sequence number counter 32-bit value used to generate the Sequence Number field in AH or ESP header Sequence counter overflow A flag indicating whether overflow of the sequence number counter should generate an audit able event and prevent further transmission of packets on this SA Antireplay window Used to determine whether an inbound AH or ESP packet is a replay, by defining a sliding window within which the sequence number must fall AH information Authentication algorithm, keys, key lifetimes, and related parameters being used with AH ESP information Encryption and authentication algorithm, keys, initialization values, key lifetimes, and related parameters being used with ESP Lifetime of this security association A time interval or byte count after which an SA must be replaced with a new SA (and new SPI) or terminated, plus an indication of which of these actions should occur IPsec protocol mode Tunnel, transport, or wildcard (required for all implementations). Path MTU Any observed path maximum transmission unit (maximum size of a packet that can be transmitted without fragmentation) and aging variables (required for all implementations) Encapsulating Security Payload Provides confidentiality services, including confidentiality of message contents and limited traffic flow confidentiality. Transport Mode - provides protection primarily for upper layer protocols.- protection extends to the payload of an IP packet.- used for end-to-end communication between two hosts (e.g., a client and a server, or two workstations) Tunnel Mode - provides protection to the entire IP packet- used when one or both end of a security association are a security gateway, such as a firewall or router that implements IPsec
..
Security Audit an independent review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breachers in security services, and recommend any changes that are indicated for countermeasures -- Basic objectives are: to establish accountability for system entities that initiate or participate in security-relevant events and actions Security Audit Trail a chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or event in a security-relevant transaction from inception to final results Event Definition must define the set of things that are subject to audit -- Common criteria suggests: Introduction of objects , Deletion of objects, Distribution or revocation of access rights or capabilities, Changes to subject or object security attributes, Policy checks performed by the security software , Use of access rights to bypass a policy check, Use of identification and authentication functions, Security-related actions taken by an operator/user, and Import/export of data from/to removable media What to Collect in an Event events related to the use of the auditing software, Events related to the security mechanisms on the system, Events that are collected for use by the various security detection and prevention mechanisms, Events related to system management and operation, Operating system access, Application access for selected applications, andRemote access Physical Access Audit Trails generated by equipment that controls physical access (Card-key systems, alarm systems) -- Sent to central host for analysis and storage -- Data of interest: Date/time/location/user of access attempt, Both valid and invalid access attempts, Attempts to add/modify/delete physical access privileges, and May send violation messages to personnel Protecting Audit Trail Data read/write file on host (Easy, least resource intensive, instant accessand Vulnerable to attack by intruder - Example: File on a host) -- Write-once/read-many device (More secure but less convenient, Need steady supply of recordable media, and Access may be delayed and not available immediately - Example: CD-Rom) -- Write-only device (Provides paper trail, Impractical for capturing detailed audit data on large or networked systems, and Useful when a permanent, immediately available log is required) -- Must protect both integrity and confidentiality (Encryption, digital signatures, access controls) Windows Event Log an entity that describes some interesting occurrence -- Contains: A numeric identification code, A set of attributes, and Optional user-supplied data -- Three types: System: system related apps and drivers, Application: user-level apps, and Security: Windows (Local Security Authority)LSA Windows Event Categories account logon events: User authentication activity from the perspective of the system that validated the attempt -- Account management: Administrative activity related to the creation,management, and deletion of individual accounts and user groups -- Directory service access: User-level access to any Active Directory object that has a System Access Control List defined -- Logon events: User authentication activity, either to a local machine or overa network, from the system that originated the activity -- Object access: User-level access to file system and registry objects that have System Access Control Lists defined -- Policy changes: Administrative changes to the access policies, audit configuration,and other system-level settings -- Privilege use: Windows incorporates the concept of a user right, granular permissionto perform a particular task -- Process tracking: Generates detailed audit information when processesstart and finish, programs are activated, or objects are accessed indirectly -- System events: Records information on events that affect the availability and integrity of the system, including boot messages and the system shutdown message UNIX Syslog general-purpose logging mechanism -- Found in all of these system variants -- Elements syslog() : An application program interface (API) referenced by several standard system utilities and available to application programs -- logger: A ____ command used to add single-line entries to the system log -- /etc/syslog.conf: The configuration file used to control the logging and routing of system log events -- syslogd: The system daemon used to receive and route system log events from syslog() calls and logger commands. Logging at Application Level privileged ____________ present security issues (May not be captured by system/user-level audit data and Constitute a large percentage of reported vulnerabilities) -- Vulnerabilities exploited: (Lack of dynamic checks on input data, Errors in application logic, Buffer overflow, Format string vulnerability) Audit Trail Analysis must understand context of log entries (Relevant information may reside in other entries in the same logs, other logs, and nonlog sources) -- File formats contain mix of plain text and codes (Must decipher manually/automatically) -- Ideally regularly review entries to gain understanding of baseline Audit Review provides administrator with information from selected audit records(Actions of one or more users, Actions on a specific object or resource, All or a specified set of audited exceptions, and Actions on a specific system/security attribute) -- May be filtered by time/source/frequency -- Used to provide system activity baseline --Level of security related activity Basic alerting indicate interesting type of event has occurred Baselining define normal versus unusual events/patterns, Compare with new data to detect changes, and Thresholding is the identification of data that exceed a particular baseline value Windowing detection of events within a given set of parameters Correlation seeks relationships among events Computer Crime or Cybercrime criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity Computers as targets involves an attack on data integrity, system integrity, data confidentiality, privacy, or availability Computers as storage devices using the device to store stolen password lists, credit card or calling card numbers, proprietary corporate information, pornographic image files, or pirated commercial software Computers as communications tools crimes that are committed online, such as fraud, gambling, child pornography, and the illegal sale of prescription drugs, controlled substances, alcohol, or guns Cybercriminals difficult to profile -- Tend to be young and computer-savvy -- Range of behavioural characteristics is wide -- No cybercriminal databases exist that can point to likely suspect -- Lack of success in bringing them to justice has led to an increase in their numbers, boldness, and the global scale of their operations Copyright protects tangible or fixed expression of an idea but not the idea itself -- Creator can claim and file copyright at a national government copyright office if: (Proposed work is original andCreator has put original idea in concrete form) -- owner has these exclusive rights, protected against infringement: (Reproduction right, Modification right, Distribution right, Public-performance right, and Public-display right Upgrade to remove ads Only $2.99/month Patent grant a property right to the inventor -- "The right to exclude others from making, using, offering for sale, or selling" the invention -- Types: Utility - any new and useful process, machine, article of manufacture, or composition of matter, Design - new, original, and ornamental design for an article of manufacture, and Plant - discovers and reproduces any distinct and new variety of plant Trademark a word, name, symbol, or device -- Used in trade with goods -- Indicates source of goods -- Distinguishes them from goods of others -- Rights may be used to: Prevent others from using a confusingly similar mark - But not to prevent others from making the same goods or from selling the same goods or services under a clearly different mark Software programs produced by vendors of commercial software --Shareware -- Proprietary software created by an organization for internal use -- Software produced by individuals -- Example of Intellectual Property Relevant to Network and Computer Security Databases data that is collected and organized in such a fashion that it has potential commercial value -- Example of Intellectual Property Relevant to Network and Computer Security Digital content includes audio and video files, multimedia courseware, Web site content, and any other original digital work -- Example of Intellectual Property Relevant to Network and Computer Security Algorithms an example of a patentable algorithm is the RSA public-key cryptosystem -- Example of Intellectual Property Relevant to Network and Computer Security Digital Rights Management (DRM) systems and procedures that ensure that holders of these rights are clearly identified and receive stipulated payment for their works (May impose further restrictions such as inhibiting printing or prohibiting further distribution) -- No single standard or architecture -- Objective is to provide mechanisms for the complete content management life cycle -- Provide persistent content protection for a variety of digital content types/platforms/media Privacy and Data Surveillance demands of homeland security and counterterrorism have imposed new threats to personal privacy -- Law enforcement and intelligence agencies have become increasingly aggressive in using data surveillance techniques to fulfill their mission -- Private organizations to increase their ability to build detailed profiles of individuals use the trends of: Spread of the Internet, Increase in electronic payment methods, Near-universal use of cellular phone communications, and Sensor webs -- Both policy and technical approaches are needed to protect privacy when both government and nongovernment organizations seek to learn as much as possible about individuals Privacy Protection cryptographically protected interposed between a database and the access interface -- Analogous to a firewall or intrusion prevention device -- Verifies user access permissions and credentials -- Creates an audit log Ethical Issues Related to Computers and Information Systems repositories and processors of information: Unauthorize use of information stored in computers -- Producers of new forms and types of assets: Computer programs are entirely new type of assets -- Instruments of acts -- Symbols of intimidation and deception
..
With reference to the end systems supported, the Internet has gone through roughly four generations of deployment culminating in the IoT: Information technologyOperational technology (OT)Personal technologySensor/actuator technology Information technology PCs, servers, routers, firewalls, and so on, bought as IT devices by enterprise IT people, primarily using wired connectivity. Operational technology (OT) Machines/appliances with embedded IT built by non-IT companies, such as medical machinery, SCADA (supervisory control and data acquisition), process control, and kiosks, bought as appliances by enterprise OT people and primarily using wired connectivity. Personal technology Smartphones, tablets, and eBook readers bought as IT devices by consumers (employees), exclusively using wireless connectivity and often multiple forms of wireless connectivity. Sensor/actuator technology Single-purpose devices bought by consumers, IT, and OT people, exclusively using wireless connectivity, generally of a single form, as part of larger systems Components of IoT-enabled Things SensorActuatorMicrocontrollerTransceiverRadio-frequency Identification (RFID) Sensor A sensor measures some parameter of a physical, chemical, or biological entity and delivers an electronic signal proportional to the observed characteristic, either in the form of an analog voltage level or a digital signal. In both cases, the sensor output is typically input to a microcontroller or other management element. Actuator An actuator receives an electronic signal from a controller and responds by interacting with its environment to produce an effect on some parameter of a physical, chemical, or biological entity. Microcontroller The "smart" in a smart device is provided by a deeply embedded microcontroller. Transceiver A transceiver contains the electronics needed to transmit and receive data. Most IoT devices contain a wireless transceiver, capable of communication using Wi-Fi, ZigBee, or some other wireless scheme. Radio-frequency Identification (RFID) (RFID) technology, which uses radio waves to identify items, is increasingly becoming an enabling technology for IoT. The main elements of an RFID system are tags and readers. RFID tags are small programmable devices used for object, animal, and human tracking. They come in a variety of shapes, sizes, functionalities, and costs. RFID readers acquire and sometimes rewrite information stored on RFID tags that come within operating range (a few inches up to several feet). Readers are usually connected to a computer system that records and formats the acquired information for further uses. Edge At the edge of a typical enterprise network is a network of IoT-enabled devices, consisting of sensors and perhaps actuators. These devices may communicate with one another. For example, a cluster of sensors may all transmit their data to one sensor that aggregates the data to be collected by a higher-level entity. At this level, there may also be a number of gateways. A gateway interconnects the IoT-enabled devices with the higher-level communication networks. It performs the necessary translation between the protocols used in the communication networks and those used by devices. A gateway may also perform a basic data aggregation function. Fog In many IoT deployments, massive amounts of data may be generated by a distributed network of sensors. The purpose of what is sometimes referred to as the edge computing level is to convert network data flows into information that is suitable for storage and higher-level processing. Processing elements at these levels may deal with high volumes of data and perform data transformation operations, resulting in the storage of much lower volumes of data. The following are examples of fog computing operations:EvaluationFormattingExpanding/decodingAssessment Evaluation Evaluating data for criteria as to whether it should be processed at a higher level. Formatting Reformatting data for consistent higher-level processing. Expanding/decoding Handling cryptic data with additional context (such as the origin). Distillation/reduction Reducing and/or summarizing data to minimize the impact of data and traffic on the network and higher-level processing systems. Assessment Determining whether data represent a threshold or alert; this could include redirecting data to additional destinations. Core The core network, also referred to as a backbone network, connects geographically dispersed fog networks as well as provides access to other networks that are not part of the enterprise network Cloud The cloud network provides storage and processing capabilities for the massive amounts of aggregated data that originate in IoT-enabled devices at the edge. Cloud servers also host the applications that (1) interact with and manage the IoT devices, and (2) analyze the IoT-generated data. Table 13.4 compares cloud and fog computing The Patching Vulnerability The device manufacturers choose a chip based on price and features and do very little if anything to the chip software and firmware. Their focus is the functionality of the device itself. The end user may have no means of patching the system or, if so, little information about when and how to patch. The result is that the hundreds of millions of Internet-connected devices in the IoT are vulnerable to attack. IoT Security and Privacy Requirements Defined by ITU-T Communication securityData management securityService provision securityIntegration of security policies and techniquesMutual authentication and authorizationSecurity audit Communication security Secure, trusted, and privacy protected communication capability is required, so unauthorized access to the content of data can be prohibited, integrity of data can be guaranteed and privacy-related content of data can be protected during data transmission or transfer in IoT. Data management security Secure, trusted, and privacy protected data management capability is required, so unauthorized access to the content of data can be prohibited, integrity of data can be guaranteed, and privacy-related content of data can be protected when storing or processing data in IoT. Service provision security Secure, trusted, and privacy protected service provision capability is required, so unauthorized access to service and fraudulent service provision can be prohibited and privacy information related to IoT users can be protected. Integration of security policies and techniques The ability to integrate different security policies and techniques is required, so as to ensure a consistent security control over the variety of devices and user networks in IoT. Mutual authentication and authorization Before a device (or an IoT user) can access the IoT, mutual authentication and authorization between the device (or the IoT user) and IoT is required to be performed according to predefined security policies. Security audit Security audit is required to be supported in IoT. Any data access or attempt to access IoT applications are required to be fully transparent, traceable and reproducible according to appropriate regulation and laws. In particular, IoT is required to support security audit for data transmission, storage, processing, and application access. Details specific security functions that the gateway should implement, some of which are illustrated in Figure 13.11. These consist of the following: Support authentication with devices. Based on application requirements and device capabilities, it is required to support mutual or one-way authentication with devices. With one-way authentication, either the device authenticates itself to the gateway or the gateway authenticates itself to the device, but not both.Support mutual authentication with applications.Support the security of the data that are stored in devices and the gateway, or transferred between the gateway and devices, or transferred between the gateway and applications. Support the security of these data based on security levels.Support mechanisms to protect privacy for devices and the gateway. Support identification of each access to the connected devices.Support authentication with devices. Based on application requirements and device capabilities, it is required to support mutual or one-way authentication with devices. With one-way authentication, either the device authenticates itself to the gateway or the gateway authenticates itself to the device, but not both.Support mutual authentication with applications.Support the security of the data that are stored in devices and the gateway, or transferred between the gateway and devices, or transferred between the gateway and applications. Support the security of these data based on security levels.Support mechanisms to protect privacy for devices and the gateway. An IoT Security FrameworkThe IoT model is a simplified version of the World Forum IoT Reference Model. It consists of the following levels: Smart objects/embedded systemsFog/edge networkCore networkData center/cloud Smart objects/embedded systems Consists of sensors, actuators, and other embedded systems at the edge of the network. This is the most vulnerable part of an IoT. The devices may not be in a physically secure environment and may need to function for years. Availability is certainly an issue. Network managers also need to be concerned about the authenticity and integrity of the data generated by sensors and about protecting actuators and other smart devices from unauthorized use. Privacy and protection from eavesdropping may also be requirements. Fog/edge network This level is concerned with the wired and wireless interconnection of IoT devices. In addition, a certain amount of data processing and consolidation may be done at this level. A key issue of concern is the wide variety of network technologies and protocols used by the various IoT devices and the need to develop and enforce a uniform security policy Core network The core network level provides data paths between network center platforms and the IoT devices. The security issues here are those confronted in traditional core networks. However, the vast number of endpoints to interact with and manage creates a substantial security burden. Data center/cloud This level contains the application, data storage, and network management platforms. IoT does not introduce any new security issues at this level, other than the necessity of dealing with huge numbers of individual endpoints. Within this four-level architecture, the Cisco model defines four general security capabilities that span multiple levels: Role-based securityAnti-tamper and detectionData protection and confidentialityInternet protocol protection Role-based security RBAC systems assign access rights to roles instead of individual users. In turn, users are assigned to different roles, either statically or dynamically, according to their responsibilities. RBAC enjoys widespread commercial use in cloud and enterprise systems and is a well-understood tool that can be used to manage access to IoT devices and the data they generate. Anti-tamper and detection This function is particularly important at the device and fog network levels but also extends to the core network level. All of these levels may involve components that are physically outside the area of the enterprise that is protected by physical security measures. Data protection and confidentiality These functions extend to all level of the architecture. Internet protocol protection Protection of data in motion from eavesdropping and snooping is essential between all levels. A secure IoT framework that defines the components of a security facility for an IoT that encompasses all the levels, as shown in Figure 13.13. The four components are: AuthenticationAuthorizationNetwork enforced policySecure analytics, including visibility and control Authentication Encompasses the elements that initiate the determination of access by first identifying the IoT devices. In contrast to typical enterprise network devices, which may be identified by a human credential (e.g., username and password or token), the IoT endpoints must be fingerprinted by means that do not require human interaction. Such identifiers include RFID, x.509 certificates, or the MAC address of the endpoint. Authorization Controls a device's access throughout the network fabric. This element encompasses access control. Together with the authentication layer, it establishes the necessary parameters to enable the exchange of information between devices and between devices and application platforms and enables IoT-related services to be performed. Network enforced policy Encompasses all elements that route and transport endpoint traffic securely over the infrastructure, whether control, management, or actual data traffic. Secure analytics, including visibility and control This component includes all the functions required for central management of IoT devices. This involves, firstly, visibility of IoT devices, which simply means that central management services are securely aware of the distributed IoT device collection, including identity and attributes of each device. Building on this visibility is the ability to exert control, including configuration, patch updates, and threat countermeasures Cryptographic Algorithms SkipjackThe block cipher Skipjack It is one of the simplest and fastest block cipher algorithms, which is critical to embedded systems. A study of eight possible candidate algorithms for wireless security networks concluded that Skipjack was the best algorithm in terms of code memory, data memory, encryption/decryption efficiency, and key setup efficiency. Skipjack makes use of an 80-bit key. It was intended by NSA to provide a secure system once it became clear that DES, with only a 56-bit key, was vulnerable. The block cipher mode of operation chosen for MiniSec is the Offset Codebook (OCB) mode. As mentioned in Chapter 2, a mode of operation must be specified when a plaintext source consists of multiple blocks of data to be encrypted with the same encryption key. Operating Modes MiniSec has two operating modes: Unicast (MiniSec-U) and broadcast (MiniSec-B). Both schemes use OCB with a counter, known as a nonce, that is input along with the plaintext into the encryption algorithm. The least significant bits of the counter are also sent as plaintext to enable synchronization. For both modes, data are transmitted in packets. Each packet includes the encrypted data block, the OCB authentication tag, and the MiniSec counter. An Open-source IoT Security Module This section provides an overview of MiniSec, an open-source security module that is part of the TinyOS operating system. MiniSec has two operating modes, one tailored for single-source communication, and another tailored for multi-source broadcast communication. The latter does not require per-sender state for replay protection and thus scales to large networks. MiniSec is designed to meet the following requirements: Data authenticationConfidentialityReplay protectionFreshnessLow energy overheadResilient to lost messages Data authentication Enables a legitimate node to verify whether a message originated from another legitimate node (i.e., a node with which it shares a secret key) and was unchanged during transmission. Confidentiality A basic requirement for any secure communications system. Replay protection Prevents an attacker from successfully recording a packet and replaying it at a later time. Freshness Because sensor nodes often stream time-varying measurements, providing guarantee of message freshness is an important property. There are two types of freshness: Strong and weak. MiniSec provides a mechanism to guarantee weak freshness, where a receiver can determine a partial ordering over received messages without a local reference time point. Low energy overhead This is achieved by minimizing communication overhead and by using only symmetric encryption. Resilient to lost messages The relatively high occurrence of dropped packets in wireless sensor networks requires a design that can tolerate high message loss rates.
..
east privilege give each person the minimum access needed to do his or her job. The restricted access is both logical and physical. Separation of duties carefully separate duties so that people involved in checking for inappropriate use are not also capable of making such inappropriate use. Having all the security functions and audit responsbilities reside in the same person is dangerous. limited reliance no one in an organization should be irreplaceable. If org depends on a single employee, then the organization is at risk. security awareness explicitly required for all employees. Includes a general understanding of policies, procedures, and restrictions. Seeks to inform and focus an employee's attention on issues related to security within the organizaiton. training required for individuals who will be using IT systems and data and therefore need more detailed knowledge of IT security threats, vulnerabilities, and safeguards. Seeks to teach people the skills to perform their IS related tasks more securely. Teaches what people should do and how they should do it. education targeted at security professionals and those whose jobs require expertise in security. Normally included in employee career development programs. Often provided by outside sources such as college courses or specialized training programs. Employment contract should state employees' and organizaiton's responsibilities for information security. Agreement should also include a confidentiality and nondisclosure agreement spelling out tha the org's information assets are confidential unless classified otherwise and that the employee must protect that confidentiality. content ownership electronic communications, files, and data remain company property even when transferred to equipment not owned by the company. privacy employee have no expectation of _______ in their use o company-provided e-mail or Internet access, even if the communication is personal in nature. business use only company-provided e-mail and Internet access are to be used by employees only for the purpose of conducting company business. policy scope policy covers e-mail access, contents of e-mail messages, Internet and intranet communications, and records of e-mail, Internet, and intranet communications. termination security ensure that employees, contractors, and third party users exit organization or change employment in an orderly manner. The return of all equipment and the removal of all access rights. Remove name from all authorized access lists, inform guards, remove personal access codes, recover all assets, and notify by memo. computer security incident response team (CSIRT) responsible for rapidly detecting incidents, minimizing loss and destruction, mitigating weaknesses that were exploited, and restoring communication services. security incident any action that threatens one or more of the classic security services of confidentiality, integrity, availability, accountability, authenticity, and reliability in a system. Various forms include unauthorized access to a system and unauthorized modification of information on the system. artifact any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures. These can include, but are not limited to, computer viruses, trojan horse programs, worms, exploit scripts, and toolkits. triage the process of receiving, intial sorting, or prioritizing of information to facilitate its appropriate handling. constituency the group of users, sites, networks, or organizations served by the CSIRT. log analysis tools analyze the information collected in audit logs using some form of pattern recognition to identify potential security incidents. intrusion prevention systems augment an intrusion detection system with the ability to automatically block detected attacks. intrusion detection systems monitor and analyze network and host activity and usually compare this information with collection of attack signatures to identify potential security incidents. T 1. The legal and ethical aspects of computer security encompass a broad range of topics. F 2. Computer attacks are considered crimes but do not carry criminal sanctions. T 3. Computers as targets is a form of crime that involves an attack on data integrity, system integrity, data confidentiality, privacy, or availability. T 4. The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations. T 5. No cybercriminal databases exist that can point investigators to likely suspects. F 6. The successful use of law enforcement depends much more on technical skills than on people skills. F 7. Software is an example of real property. T 8. An example of a patent from the computer security realm is the RSA public-key cryptosystem. T 9. A servicemark is the same as a trademark except that it identifies and distinguishes the source of a service rather than a product. T 10. Concerns about the extent to which personal privacy has been and may be compromised have led to a variety of legal and technical approaches to reinforcing privacy rights. T 11. The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users. F 12. The Common Criteria specification is primarily concerned with the privacy of personal information concerning the individual rather than the privacy of an individual with respect to that individual's use of computer resources. T 13. Computer technology has involved the creation of new types of entities for which no agreed ethical rules have previously been formed. T 14. Anyone can join the Ad Hoc Committee on Responsible Computing. T 15. The first comprehensive privacy legislation adopted in the United States was the Privacy Act of 1974. A 1. _______ is a form of crime that targets a computer system to acquire information stored on that computer system, to control the target system without authorization or payment, or to alter the integrity of data or interfere with the availability of the computer or server.A. Computers as targets B. Computers as storage devicesC. Computers as mediums D. Computers as communication tools B 2. The success of cybercriminals, and the relative lack of success of law enforcement, influence the behavior of _______.A. cyber thieves B. cybercrime victimsC. cybercrime acts D. cyber detectives A 3. Land and things permanently attached to the land, such as trees, buildings, and stationary mobile homes are _______.A. real property B. cyber propertyC. personal property D. intellectual property C 4. Personal effects, moveable property and goods, such as cars, bank accounts, wages, securities, a small business, furniture, insurance policies, jewelry, patents, and pets are all examples of _________.A. intellectual property B. real propertyC. personal property D. cyber property C 5. Any intangible asset that consists of human knowledge and ideas is _______.A. cyber property B. personal propertyC. intellectual property D. real property D 6. _____ can be copyrighted.A. Dramatic works B. Architectural worksC. Software-related works D. All of the above D 7. The copyright owner has which exclusive right(s)?A. reproduction right B. distribution rightC. modification right D. all of the above A 8. A _______ for an invention is the grant of a property right to the inventor.A. patent B. copyrightC. trademark D. claim C 9. A ______ is a word, name, symbol, or device that is used in trade with goods to indicate the source of the goods and to distinguish them from the goods of others.A. copyright B. patentC. trademark D. all of the above B 10. _____ strengthens the protection of copyrighted materials in digital format.A. HIPPA B. DMCAC. WIPO D. DRM B 11. A ________ provides distribution channels, such as an online shop or a Web retailer.A. content provider B. distributorC. consumer D. clearinghouse D 12. ________ ensures that a user may make multiple uses of resources or services without others being able to link these uses together.A. Anonymity B. PseudonymityC. Unobservability D. Unlinkability A 13. ________ is a function that removes specific identifying information from query results, such as last name and telephone number, but creates some sort of unique identifier so that analysts can detect connections between queries.A. Anonymization B. Data transformationC. Immutable audit D. Selective revelation C 14. ______ is intended to permit others to perform, show, quote, copy, and otherwise distribute portions of the work for certain purposes.A. Reverse engineering B. Personal privacyC. Fair use D. Encryption research B 15. ________ is a method for minimizing exposure of individual information while enabling continuous analysis of potentially interconnected data.A. Immutable audit B. Selective revelationC. Associative memory D. Anonymization Computer crime 1. _______ or cybercrime, is a term used broadly to describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity. Convention on Cybercrime 2. The 2001 _________ is the first international treaty seeking to address Internet crimes by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. intellectual 3. The U.S. legal system distinguishes three primary types of property: real property, personal property, and _________ property. trademarks 4. The three main types of intellectual property for which legal protection is available are: copyrights, patents, and _______. infringement 5. The invasion of the rights secured by patents, copyrights, and trademarks is ________. IP owner 6. The right to seek civil recourse against anyone infringing his or her property is granted to the ________. plant patents 7. The three types of patents are: utility patents, design patents, and ________. utility patent 8. A(n) _________ may be granted to anyone who invents or discovers any new and useful process, machine, article of manufacture, or composition of matter, or any new and useful improvement thereof. Trademark 9. ________ rights may be used to prevent others from using a confusingly similar mark, but not to prevent others from making the same goods or from selling the same goods or services under a clearly different mark. clearinghouse 10. A ______ handles the financial transaction for issuing the digital license to the consumer and pays royalty fees to the content provider and distribution fees to the distributor accordingly. Children's Online Privacy Protection 11. The ___________ Act places restrictions on online organizations in the collection of data from children under the age of 13. pseudonymity 12. Privacy is broken down into four major areas: anonymity, unlinkability, unobservability, and _________. Ethics 13. _______ refers to a system of moral principles that relates to the benefits and harms of particular actions, and to the rightness and wrongness of motives and ends of those actions. Fair Credit Reporting Act 14. The _________ Act confers certain rights on individuals and obligations on credit reporting agencies. technical 15. Both policy and ________ approaches are needed to protect privacy when both government and nongovernment organization seek to learn as much as possible about individuals. Security Audit an independent review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breachers in security services, and recommend any changes that are indicated for countermeasures -- Basic objectives are: to establish accountability for system entities that initiate or participate in security-relevant events and actions Security Audit Trail a chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or event in a security-relevant transaction from inception to final results Event Definition must define the set of things that are subject to audit -- Common criteria suggests: Introduction of objects , Deletion of objects, Distribution or revocation of access rights or capabilities, Changes to subject or object security attributes, Policy checks performed by the security software , Use of access rights to bypass a policy check, Use of identification and authentication functions, Security-related actions taken by an operator/user, and Import/export of data from/to removable media What to Collect in an Event events related to the use of the auditing software, Events related to the security mechanisms on the system, Events that are collected for use by the various security detection and prevention mechanisms, Events related to system management and operation, Operating system access, Application access for selected applications, andRemote access Physical Access Audit Trails generated by equipment that controls physical access (Card-key systems, alarm systems) -- Sent to central host for analysis and storage -- Data of interest: Date/time/location/user of access attempt, Both valid and invalid access attempts, Attempts to add/modify/delete physical access privileges, and May send violation messages to personnel Protecting Audit Trail Data read/write file on host (Easy, least resource intensive, instant accessand Vulnerable to attack by intruder - Example: File on a host) -- Write-once/read-many device (More secure but less convenient, Need steady supply of recordable media, and Access may be delayed and not available immediately - Example: CD-Rom) -- Write-only device (Provides paper trail, Impractical for capturing detailed audit data on large or networked systems, and Useful when a permanent, immediately available log is required) -- Must protect both integrity and confidentiality (Encryption, digital signatures, access controls) Windows Event Log an entity that describes some interesting occurrence -- Contains: A numeric identification code, A set of attributes, and Optional user-supplied data -- Three types: System: system related apps and drivers, Application: user-level apps, and Security: Windows (Local Security Authority)LSA Windows Event Categories account logon events: User authentication activity from the perspective of the system that validated the attempt -- Account management: Administrative activity related to the creation,management, and deletion of individual accounts and user groups -- Directory service access: User-level access to any Active Directory object that has a System Access Control List defined -- Logon events: User authentication activity, either to a local machine or overa network, from the system that originated the activity -- Object access: User-level access to file system and registry objects that have System Access Control Lists defined -- Policy changes: Administrative changes to the access policies, audit configuration,and other system-level settings -- Privilege use: Windows incorporates the concept of a user right, granular permissionto perform a particular task -- Process tracking: Generates detailed audit information when processesstart and finish, programs are activated, or objects are accessed indirectly -- System events: Records information on events that affect the availability and integrity of the system, including boot messages and the system shutdown message UNIX Syslog general-purpose logging mechanism -- Found in all of these system variants -- Elements syslog() : An application program interface (API) referenced by several standard system utilities and available to application programs -- logger: A ____ command used to add single-line entries to the system log -- /etc/syslog.conf: The configuration file used to control the logging and routing of system log events -- syslogd: The system daemon used to receive and route system log events from syslog() calls and logger commands. Logging at Application Level privileged ____________ present security issues (May not be captured by system/user-level audit data and Constitute a large percentage of reported vulnerabilities) -- Vulnerabilities exploited: (Lack of dynamic checks on input data, Errors in application logic, Buffer overflow, Format string vulnerability) Audit Trail Analysis must understand context of log entries (Relevant information may reside in other entries in the same logs, other logs, and nonlog sources) -- File formats contain mix of plain text and codes (Must decipher manually/automatically) -- Ideally regularly review entries to gain understanding of baseline Audit Review provides administrator with information from selected audit records(Actions of one or more users, Actions on a specific object or resource, All or a specified set of audited exceptions, and Actions on a specific system/security attribute) -- May be filtered by time/source/frequency -- Used to provide system activity baseline --Level of security related activity Basic alerting indicate interesting type of event has occurred Baselining define normal versus unusual events/patterns, Compare with new data to detect changes, and Thresholding is the identification of data that exceed a particular baseline value Windowing detection of events within a given set of parameters Correlation seeks relationships among events Computer Crime or Cybercrime criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity Computers as targets involves an attack on data integrity, system integrity, data confidentiality, privacy, or availability Computers as storage devices using the device to store stolen password lists, credit card or calling card numbers, proprietary corporate information, pornographic image files, or pirated commercial software Computers as communications tools crimes that are committed online, such as fraud, gambling, child pornography, and the illegal sale of prescription drugs, controlled substances, alcohol, or guns Cybercriminals difficult to profile -- Tend to be young and computer-savvy -- Range of behavioural characteristics is wide -- No cybercriminal databases exist that can point to likely suspect -- Lack of success in bringing them to justice has led to an increase in their numbers, boldness, and the global scale of their operations Copyright protects tangible or fixed expression of an idea but not the idea itself -- Creator can claim and file copyright at a national government copyright office if: (Proposed work is original andCreator has put original idea in concrete form) -- owner has these exclusive rights, protected against infringement: (Reproduction right, Modification right, Distribution right, Public-performance right, and Public-display right Patent grant a property right to the inventor -- "The right to exclude others from making, using, offering for sale, or selling" the invention -- Types: Utility - any new and useful process, machine, article of manufacture, or composition of matter, Design - new, original, and ornamental design for an article of manufacture, and Plant - discovers and reproduces any distinct and new variety of plant Trademark a word, name, symbol, or device -- Used in trade with goods -- Indicates source of goods -- Distinguishes them from goods of others -- Rights may be used to: Prevent others from using a confusingly similar mark - But not to prevent others from making the same goods or from selling the same goods or services under a clearly different mark Software programs produced by vendors of commercial software --Shareware -- Proprietary software created by an organization for internal use -- Software produced by individuals -- Example of Intellectual Property Relevant to Network and Computer Security Databases data that is collected and organized in such a fashion that it has potential commercial value -- Example of Intellectual Property Relevant to Network and Computer Security Digital content includes audio and video files, multimedia courseware, Web site content, and any other original digital work -- Example of Intellectual Property Relevant to Network and Computer Security Algorithms an example of a patentable algorithm is the RSA public-key cryptosystem -- Example of Intellectual Property Relevant to Network and Computer Security Digital Rights Management (DRM) systems and procedures that ensure that holders of these rights are clearly identified and receive stipulated payment for their works (May impose further restrictions such as inhibiting printing or prohibiting further distribution) -- No single standard or architecture -- Objective is to provide mechanisms for the complete content management life cycle -- Provide persistent content protection for a variety of digital content types/platforms/media Privacy and Data Surveillance demands of homeland security and counterterrorism have imposed new threats to personal privacy -- Law enforcement and intelligence agencies have become increasingly aggressive in using data surveillance techniques to fulfill their mission -- Private organizations to increase their ability to build detailed profiles of individuals use the trends of: Spread of the Internet, Increase in electronic payment methods, Near-universal use of cellular phone communications, and Sensor webs -- Both policy and technical approaches are needed to protect privacy when both government and nongovernment organizations seek to learn as much as possible about individuals Privacy Protection cryptographically protected interposed between a database and the access interface -- Analogous to a firewall or intrusion prevention device -- Verifies user access permissions and credentials -- Creates an audit log Ethical Issues Related to Computers and Information Systems repositories and processors of information: Unauthorize use of information stored in computers -- Producers of new forms and types of assets: Computer programs are entirely new type of assets -- Instruments of acts -- Symbols of intimidation and deception • Improving employee behavior• Increasing the ability to hold employees accountable for their actions• Mitigating liability of the organization for an employee's behavior• Complying with regulations and contractual obligations 4 benefits of security awareness/training/education programs Employee Behavior A critical concern in ensuring the security of computer systems and information assets. Dumb employee behavior, intentional or not, causes considerable computer-related loss and security comprising. Accountability Security training programs can serve as a deterrent to these problems by increasing employees' knowledge of their __________ and of potential penalties. Liability Ongoing security awareness, training, and education programs are also important in limiting an organization's _________ Regulations and Contractual Obligations Security programs are also key to comply with ______________ in many cases. Security awareness, Security basics and literacy, roles and responsibilities relative to IT systems, education and experience 4 layers of security explicitly required for all employees, whereas security basics/literacy is required for those employees, including contractor employees, who are involved in any way with IT systems. Security awarness is a transitional stage between awareness and training. Provides the foundation for subsequent training by providing a universal baseline of key security terms and concepts. Security basics and literacy roles and responsibilities relative to IT systems After security basics/literacy, training becomes focused on providing the knowledge, skills, and abilities specific to an individual's _____________________This is the level where training recognizes the differences among beginning/intermediate/advanced skill requirements. education and experience level focuses on developing the ability and vision to perform complex, multidisciplinary activities and the skills needed to further the IT security profession and keep pace with threat and technology changes. security awareness program A ____________________ seeks to inform and focus an employee's attention on issues related to security within an organization. Programmers, developers, and system maintainers _________________________ require more specialized or advanced training. These people need to know how their systems/developments can be exploited. Management level ____________ training should teach development managers how to make trade-offs among risks, costs, and benefits involving security. The managers needs to understand the development life cycle and the use of security checkpoints and security evaluation techniques. Executive level _______________ training must explain the difference between software security/network security and the pervasiveness of software security issues. Done in relation to cost. Security education _____________ is the most in-depth program targeted at security professionals and those whose jobs require expertise in security. negligent hiring Employers need to be cognizant of the concept of___________that applies in some jurisdictions. In essence, an employer may be held liable for negligent hiring if an employee causes harm to a third party (individual or company) while acting as an employee. Ongoing awareness, training programs for all employees 2 essential elements of personnel security during employment Least privilege, separation of duties, limited reliance on key employees Principles of personnel security Least Privilege Give each person the minimum access necessary to do his or her job. Logical and physical. Separation of Duties Carefully separate duties so that people involved in checking for inappropriate use are not also capable of making such inappropriate use. Limited reliance on key employees No one in the organization should be irreplaceable. Have written policies/plans established for the unexpected. • Removing person's name from authorized list• Explicitly informing guards that ex-employee is no longer allowed• Removing personal access codes• Changing lock combinations/access card systems/physical locks• Recovering all assets (employee ID, disks, documents, etc.)• Notifying by memo or email appropriate departments so that they are aware Important actions when terminating employment Business use only Company-provided email and Internet access are to be used by employees only for the purpose of conducting company business. Policy scope Policy covers e-mail access; contents of email messages, Internet/intranet communications, records of email/Internet/intranet communications. Content ownership Electronic communications, files, and data remain company property even when transferred to equipment not owned by the company. privacy Employees have no expectation of privacy in their use of company-provided email/Internet access, even if communication is personal standard of conduct Employees are expected to use good judgment and act courteously and professionally when using email/Internet reasonable personal use Employees may make reasonable personal use of email/Internet as long as it doesn't hurt productivity/work/etc. unlawful activity prohibited Employees can't use email/Internet for illegal shit security policy Employees must follow security policy when using email/internet company policy Employees must follow all other company policies when using email/Internet. company rights Company may access/monitor/intercept/block access/inspect/copy/disclose/use/destroy/recover using computer forensics and/or retain any communications, files, or other data covered by this policy. Disciplinary action Violation of this policy may result in immediate termination/company determined discipline. computer security response team (CSIRT) For large and medium-sized organizations, a_____________________ is responsible for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services. security response policy CSIRT develops a Artifact Any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures. Can include, but are not limited to, computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits. Computer Security Incident Response Team (CSIRT) A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency; also called a computer incident response team (CIRT) or a CIRC (computer incident response center/capability) Constituency Group of users/sites/networks/organizations served by a CSIRT Incident A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. Triage The process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling Vulnerability A characteristic of a piece of technology which can be exploited to perpetrate a security incident. System integrity verification tools Scan critical system files, directories, and services to ensure they have not been changed without proper authorization. Log analysis tools Analyze the information collected in audit logs using some form of pattern recognition to identify potential security incidents. Network host intrusion detection systems (IDS) Monitor and analyze network and host activity and usually compare this information with a collection of attack signatures to identify potential security incidents. Intrusion prevention systems Augment an IDS with the ability to automatically block detected attacks. Such systems need to be used with care, because they can cause problems if they respond to a misidentified attack and reduce system functionality when not justified Triage Functions / Focal point The goal of _______________is to ensure that all information destined for the incident handling service is channeled through a single____________ regardless of the method by which Response procedures ______________________ must detail how to identify the cause of the incident. Incident Response Policies Include responses for DoS, malicious code, unauthorized access, inappropriate use, multiple-component incidents. Corporate Security used to refer to the practice of protecting a business' employees, physical property and information systems, a task often carried out by corporate security managers. Noise spurious signals that through the filtering circuity of the power supply can interfere with signals inside electronic devices, causing logical errors Physical Security Also called infrastructure security. Protects the information systems that contain data and the people who use, operate and maintain the systems. Physical security also must prevent any type of physical access or intrusion that can compromise logical security Environmental threats conditions in the environment that can damae or interrupt the service of information systems and the data that they maintain such as temperature and humidity, fire and smoke, Chemical radiological and biological hazards, dust, and infestation. overvoltage a surge of voltage that can be caused by a utility company supply anomoly or by some internal wiring fault, or by lightning, can destroy silicon based components, including processors and memories
..
OriginalAlphabetical D 1. ________ security protects computer-based data from software-based and communication-based threats.A. InfrastructureB. PremisesC. PhysicalD. Logical A 2. ________ security provides perimeter security, access control, smoke and fire detection, fire suppression, some environmental protection, and usually surveillance systems, alarms, and guards.A. PremisesB. InfrastructureC. LogicalD. Physical C 3. ________ includes data processing and storage equipment, transmission and networking facilities, and offline storage media.A. Supporting facilitiesB. Physical facilitiesC. Information system hardwareD. Infrastructure facilities A 4. _______ facilities include electrical power, communication services, and environmental controls such as heat and humidity.A. SupportingB. InformationC. PhysicalD. All of the above B 5. Relative humidity should be maintained between ________ to avoid the threats from both low and high humidity.A. 20% and 80%B. 40% and 60%C. 50% and 50%D. 30% and 70% C 6. A prevalent concern that is often overlooked is ________.A. overvoltageB. undervoltageC. dustD. noise A 7. ________ threats are specifically designed to overcome prevention measures and seek the most vulnerable point of attack.A. Human-causedB. TechnicalC. EMID. Environmental A 8. Eavesdropping and wiretapping fall into the ________ category.A. theftB. vandalismC. misuseD. unauthorized physical access B 9. _______ includes destruction of equipment and data.A. MisuseB. VandalismC. TheftD. Unauthorized physical access C 10. _______ should be located on the floor of computer rooms as well as under raised floors, and should cut off power automatically in the event of a flood.A. Smoke detectorsB. UPSC. Water sensorsD. Equipment power off switches D 11. The ______ is an optional key that may be present on any PIV card, does not require PIN entry, and whose purpose is to authenticate the card and therefore its possessor.A. VISB. BIOC. CHUIDD. CAK D 12. The role of physical security is affected by the operating location of the information system, which can be characterized as ______ .A. staticB. portableC. mobileD. all of the above Upgrade to remove ads Only $2.99/month A 13. An area of a facility that has no security interest is classified as _________.A. unrestrictedB. controlledC. limitedD. exclusion C 14. A restricted area within close proximity of a security interest has a classification of ______.A. exclusionB. controlledC. limitedD. unrestricted B 15. The security classification for a restricted area containing a security interest is _____.A. controlledB. exclusionC. unrestrictedD. limited Physical 1. _________ security, also called infrastructure security, protects the information systems that contain data and the people who use, operate, and maintain the systems. technical 2. Physical security threats are organized into three categories: environmental threats, human-caused threats, and _________ threats. natural 3. Tornados, tropical cyclones, earthquakes, blizzards, lightning, and floods are all types of ________ disasters. Environmental 4. _________ threats encompass conditions in the environment that can damage or interrupt the service of information systems and the data they contain. Technical 5. _______ threats encompass threats related to electrical power and electromagnetic emission. noise 6. Power utility problems can be grouped into three categories: undervoltage, overvoltage, and ________. undervoltage 7. An _______ condition occurs when the IS equipment receives less voltage than is required for normal operation. Upgrade to remove ads Only $2.99/month Human-caused 8. ________ physical threats are more difficult to deal with than environmental and technical threats. vandalism 9. Human-caused threats can be grouped into the following categories: unauthorized physical access, theft, _________ and misuse. electromagnetic interference (EMI) 10. Noise along a power supply line, motors, fans, heavy equipment, microwave relay antennas, and other computers are all sources of _________. smoke detectors 11. To deal with the threat of smoke, the responsible manager should install _______ in every room that contains computer equipment as well as under raised floors and over suspended ceilings. uninterruptible power supply (UPS) 12. A(n) ________ is a battery backup unit that can maintain power to processors, monitors, and other equipment and can also function as a surge protector, power noise filter, and an automatic shutdown device. redundancy 13. The most essential element of recovery from physical security breaches is ____. Biometric (BIO) 14. ______ authentication is implemented by using a fingerprint or iris data object sent from the PIV card to the PACS. attended biometric (BIO-A) 15. The _______ authentication has an attendant supervise the use of the PIV card and the submission of the PIN and the sample biometric by the cardholder.
..
environmental threats conditions in the environment that can damage or interrupt the service of information systems and the data they contain. Off site, there may be severe damage to the public infrastructure and in the case of severe events like hurricanes, it may take days, weeks, or years to recover from the event. facilities security also called premises security or corporate security. Protects the people and property within an entire area, facility, or building (s), and is usually required by laws, regulations, and fiduciary obligations. Provides perimeter security, access control, smoke and fire detection, fire suppression, some environmental protection, and usually surveillance systems, alarms, and guards. infrastructure security also called physical security- Protects the information systems that contain data and the people who use, operate, and maintain the systems. Must prevent any type of physical access or intrusion that can compromise logical security. logical security protects computer-based data from software-based and communication-based threats. overvoltage surge of voltage which an be caused by a utility company supply anomaly, by some internal (to the building) wiring fault, or by lightning. Damage is a function of intensity and duration, and the effectiveness of any surge protectors between your equipment and the source of the surge. A sufficient surge could destroy silicon-based components, including processors and memories. technical threats threats related to electrical power and electromagnetic emission. undervoltage occurs when IS equipment receives less voltage than is required for normal operation. Events could range from temporary dips in the voltage supply, to brownouts (prolonged undervoltage), to power outages. infestation covers a broad range of living organisms, including mold, insects, and rodents. water damage primary danger is electrical short, pipe may burst from a fault in the line or from freezing, sprinkler systems set off accidentally brownouts prolonged power outages noise may interfere with signals inside electronic devices, causing logical errors. Motors, fans, heavy equipment, and other computers generate electrical ______that can cause intermittent problems with the computer you are using. It can be transmitted through space as well as through nearby power lines. dust equipment with moving parts, such as rotating storage media and computer fans, are the most vulnerable to damage from ____. ____ can also block ventilation and reduce radiational cooling. Upgrade to remove ads Only $2.99/month cloud computing General prevention measure. Reduced need for information system assets on the site and a substantial portion of data assets are not subject to on-site physical threats. uninterruptible power supply (UPS) battery backup unit that can maintain power to processors, monitors, and other equipment for a period of minutes. These units could also function as surge protectors, power noise filters, and automatic shutdown devices when the battery runs low.
..
job description a document that lists the major responsibilities and tasks of the job job analysis the process of determining the critical components of a job for purposes of selecting, training, and rewarding personnel. job specification a document that lists the knowledge, skills, abilities, and personal characteristics of a job holder must possess to perform effectively. recruiting sources include newspaper adsfuneral service colleges/programsads in professional publicationsstate and private employment agenciescontact colleaguesask supplier reps factors affecting recruitment and selection labor marketdemographicswages/benefitsidentity of the organizationsecurity and advancementenviornmental conditionsresponsibilitiesexperience requirements employment application should include... nameaddressphone #SSNemployment historyonly info that will aid in deciding whether or not the applicant is qualified to perform the job recent legislation and court rulings requiring equal employment opportunity and affirmative action (social justice) effectively prohibit inquires concerning an applicant's: race, sex, religion, age, colo, ancestry, or arrest and court record structured (formal) interview predetermined applicants, set of questions asked all unstructured (informal) interview questions proceeds, developed as the interview personal references often subjective and unreliable for critical evaluation most objective references come from former supervisors, work associates, customers in the event that the individuals contacted as a reference are reluctant to cooperate tell the person contacted that the applicant knows about the check and provided his/her name in advanceassure the strictest of confidence of all information recieved what will make or break a new hire? training good orientation programs can: reduce startup costsreduce anxietyreduce turnoversave employees timedevelop realistic job expectations, positive attitudes and job satisfaction what are the three reasons why orientation programs fail? program was not plannedemployee was not made aware of the job requirementsemployee did not feel welcome when is it legally acceptable to terminate the employee during the evaluation period? only if the evaluation period was clearly designed what does an "at will" employment statute state allows hiring and firing at will and without cause civil rights act of 1964 prohibits discrimination on the basis of race, color, religion, sex, pregnancy, or natural origin who does the civil rights act of 1964 affect? employers with 20 or more employees; unions with 25 or more members; employment agencies, federal, state and local governments equal pay act of 1963 outlaws discrimination in pay based on the sex of the worker. affects employers in interstate commerce and most employees of federal, state, and local governments rehabilitation act of 1973 outlaws discrimination based on handicaps of workers who, with reasonable accommodations, could do the job section 503 of the rehabilitation act of 1973 covers federal government contractors with contracts of $ 2,500 or more vietnam Era vetrans adjustment act of 1974 outlaws discrimination in employment against Vietnam era veterans Who does the vietnam era veterans adjustment act of 1974 cover? federal government contractors with contracts of $10,000 or more americans with disabilities act of 1990 prohibits discrimination against any qualified individual with a disability who does americans with disabilities act of 1990 cover? firms with 15 or more employees fair labor standard act (wage and hour law) outlaws discriminatory practices in pay; requires employers to pay a minimun wage to employees, and to pay a minimun of one and one-half times the regular rate for any hours beyond forty worked in a week who does the fair labor standard act cover? all businesses under federal and/or state legislation immigration reform act of 1987 outlaws non-documented persons from employment in the United States and covers all employers Bona Fide Occupational Qualification a qualification that is absolutely necessary for the job. It is an allowed and approved reason for discrimination. Approvals are to be sought and granted on a case-by-case basis what are the five most common factors in funeral home employee turnover lack of appreciationfailing to value the employeepaying a low or unfair salaryfailing to resolve personality conflictsassigning a heavy workload what are the five steps of maslow's hierarchy of needs? physiological, safety, love/belonging, esteem, self-actualization. theory X by Douglas McGregor says in part that people: don't like to work and will avoid itmust be threatened if they are to met their goals,don't want responsibility,place security above all in relation to work theory Y by Douglas Mcgregor says in part that people; enjoy working because it's naturalhave self-direction and self-controlaccept and even seek responsibilitycan make good decisions even if they are not in management Frederick Hertzberg's two-factor theory proposes that man has two different sets of needs one set is man's desire to avoid pain and satisfy basic needs,the higher set relates to a a unique human characteristic of being able to achieve and experience psychological growth. This includes the need to accomplish a difficult task obtain prestige, and receive recognition intrinsic factors called motivators include achievement, recongnition, the work itself, responsibility and advancement extrinsic facors are called hygienes company policy, supervision, salary, interpersonal relations with co-workers, working conditions what year : civil rights act 1964 what year: age discrimination in employment act 1967 what year: equal pay act 1963 what year: rehabilitation act 1973 what year: vietnam era vetrans readjustment act 1974 what year : americans with disabilities act 1990 what year: fair labor standard act (wage and hour law) amended by the equal pay act of 1963 what year: immigration reform act 1987
..
omputer crime (cybercrime) A term used to broadly describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity. (Cybercrime typically involves networks while computer crime may not.) Computers as Targets involves an attack on data integrity, system integrity, data confidentiality, privacy, or availability. (DOJ00, computer crime) Computers as storage devices Use of a computer to further unlawful activity by using a computer or a storage device as a passive storage medium. (DOJ00, computer crime) Computers as communications tools Traditional crimes that are committed online. (DOJ00, computer crime) Convention on Cybercrime An international consensus on what constitutes computer crime, or cybercrime, and what crimes are considered important. (e.g. Illegal access, illegal interception, data interference, system interference, misuse of devices, computer-related forgery, computer-related fraud, child pornography, copyright infringement, & aiding or abetting) True or false: The U.S. legal system, and legal systems generally, distinguish three primary types of property: real property, personal property, and intellectual property. True. Real property consists of land and things attached to the land such as trees, buildings, etc. Personal property deals with personal effects, cars, bank accounts, etc. Intellectual property is any intangible asset that consists of human knowledge and ideas. True or false: There are three main types of intellectual property for which legal protection is available: copyrights, trademarks, and patents. True Infringement An invasion of the rights secured by copyrights, trademarks, and patents. True or false: Copyright law protects the tangible or fixed expression of an idea, as well as the idea itself. False: Copyright law protects the tangible or fixed expression of an idea, not the idea itself. Items that may be copyrighted include... Literary works, musical works, dramatic works, pantomimes and choreographic works, pictorial graphic and sculptural works, motion pictures and other audiovisual works, sound recordings, architectural works, software-related works. A copyright owner has the following exclusive rights... Reproduction right, modification right, distribution right, public-performance right, & public display right. True or false: There are two types of patents: design patents and invention patents. False: There are three types of patents: utility patents, design patents, plant patents. Upgrade to remove ads Only $2.99/month True or false: The RSA public-key cryptosystem is an example of copyright. False: The RSA public-key cryptosystem is an example of a patent from the computer security realm. Trademark A word, name, symbol, or device that is used in trade with goods to indicate the source of the goods and to distinguish them from the goods of others. Servicemark Similar to a trademark except that it identifies and distinguishes the source of a service rather than a product. True or false: The Digital Millennium Copyright Act encourages to use technological measures to protect copyrighted works that fall into two categories: measures that prevent access to the work, and measures that prevent copying of the work. True Exemptions to DMCA and other copyright laws include... Fair use, reverse engineering, encryption research, security testing, & personal privacy Digital Rights Management (DRM) Refers to systems and procedures that ensure that holders of digital rights are clearly identified and receive the stipulated payment for their works. What are the components of a DRM? Content provider, distributor, clearinghouse, & customer. Rights holder Content providers who either created the content or have acquired rights to the content. Service providers provide services such as photo sharing, video sharing, online backup and storage. This includes distributors and clearinghouses. identity management Mechanisms to uniquely identify entities, such as parties and content. Upgrade to remove ads Only $2.99/month Content management Processes and functions needed to manage the content lifecycle. Rights management Processes and functions needed to manage rights, rights holders, and associated requirements. Anonymity Ensures that a user may use a resource or service without disclosing the user's identity. (i.e. other users or subjects are unable to determine the identity of a user bound to a subject or operation.) Unlinkability Ensures that a user may make multiple uses of resources or services without others being able to link these uses together. Unobservability Ensures that a user may use a resource or service without others, especially third parties, being able to observe that the resource or service is being used. Cybercrime Activities Illegal accessIllegal InterceptionData Interference (unauth Deletion alteration of data)System InterferenceMisuse of devicesComputer-related forgeryComputer-related fraudOffenses related to child pornographyInfringements of copyright and related rightsAttempt and aiding or abetting European Union Data Protection Directive Rules by which EU member states should create laws.1. Ensures that member states protect fundamental privacy rights when processing personal information2. prevents member states from restricting the free flow of personal information within the EU.Personal information directives are organized into the following categories.Notice, Consent, Consistency, Access, Security, Onward Transfer, and Enforcement. United States 1974 Privacy Act Privacy Initiative that1. Permit individuals to determine what records pertaining to them are collected, maintained, used, or disseminated.2. Permit individuals to forbid records obtained for one purpose to be used for another purpose without consent.3. Permit individuals to obtain access to records pertaining to them and to correct and amend such records as appropriate.4. Ensure that agencies collect, maintain, and use personal information in a manner that ensures that the information is current, adequate, relevant, and not excessive for its intended use.5. Create a private right of action for individuals whose personal information is not used in accordance with the Act. Banking and financial records Personal banking information is protected in certain ways by a number of laws, including the recent Financial Services Modernization Act Credit Reports The fair credit reporting act confers certain rights on individuals and obligations on credit reporting agencies Upgrade to remove ads Only $2.99/month HIPPA The health insurance portability and accountability act created new rights for patients to protect and access their own health information. Childrens Online Privacy Protection Act places restrictions on online organizations in collection of data from children under the age of 13 Electronic Commmunications Privacy Act Generally prohibits unauthorized and intentional interception of wire and electronic communications during the transmission phase and unauthorized accessing of electronically stored wire and electronic communications. Pseudonymity Ensures that a user may use a resource or service without disclosing its user identity, but can still be accountable for that use. Unobservability Ensures that a user may use a resource or service without others, especially third parties being able to observe that the resource or service is being used. Data transformation This function encodes or encrypts portions of the data so as to preserve privacy but still allow data analysis functions needed for effective use. Anonymization This function removes specific identifying information Selective Revelation This is a method for minimizing exposure of individual information while enabling continuous analysis of potentially interconnected data. Immutable audit A tamper-resistant method that identifies where data go and who has seen the data. Associative memory This is a software module that can recognize patterns and make connections between pieces of data that the human user may have missed or did not know existed. Upgrade to remove ads Only $2.99/month Real Property Land and everything permanently attached to it Personal Property All property not classified as real property intellectual property intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents Reproduction Right A copyright owner has the exclusive right to reproduce (or to license others to reproduce) the copyrighted work. What rights does the Copyright Owner have? + Reproduction Rights+ Modification Rights+ Distribution Right+ Public-Performance Right+ Public-Display Right What are the three types of Patents? + Utility Patent+ Design Patents+ Plant Patents Utility Patent May be granted to anyone who invents or discovers any new and useful process, machine, article of manufacture, or composition of matter, or any new and useful improvement thereof Design Patent Maybe e granted to anyone who invents a new, original, and ornamental design for an article of manufacture Plant Patent Patent that protects the invention or discovery of asexually reproduced varieties of plants for 20 years. What are the forms of Intellectual Property relevant to network and computer security? + Software+ Databases+ Digital Content+ Algorithms Upgrade to remove ads Only $2.99/month DMCA (Digital Millennium Copyright Act) signed into Law in 1998, is designed to implement World Intellectual Property Organization (WIPO) treaties, signed in 1996. In essence, DMCA strengthens the protection of copyrighted materials in digital format Digital Rights Management (DRM) technologies that let copyright owners control the level of access or use allowed for a copyrighted work, such as limiting the number of times a song can be copied.There is now DRM standard or architecture currently. DRM encompasses a variety of approaches to intellectural property management and enforcement What are the Objectives of a DRM system? + Provide persistent content protection against unauthorized access to the digital content, limiting access to only those with the proper authorization+ Support a variety of digital content types (i.e. music, files video , digital books, etc.)+ Support content use on a variety of platforms (i.e. pc, phone, tables, iPods, etc.)+ Support content distribution on a variety of media including (CD, DVD, portable USB, etc.) What are the general components of a DRM system? + Content Provider+ Distributor+ Consumer+ Clearinghouse (transactional processing)
..
B. Penetration test Which of the following testing types is considered an active method of testing security?A. Vulnerability assessmentB. Penetration testC. LanGuardD. Risk assessment D. Code review Your company has created data-driven web applications over the last six months for internal use. These applications are designed to ensure that users are authenticated before allowing them to view or modify data in the application. What type of assessment would you recommend as a passive assessment?A. Risk assessmentB. Threat assessmentC. Penetration testD. Code review C. Vulnerability assessment Your manager has asked you to assess the security of the network and is not willing to accept any kind of attacks against the production systems. What type of security assessment would you recommend?A. Penetration testB. Design reviewC. Vulnerability assessmentD. Code review A. Risk assessment What type of assessment involves identifying the assets and the threats against those assets?A. Risk assessmentB. Code reviewC. Design reviewD. Penetration test B. Have a legal document drafted. You manager has asked you to perform a penetration test against five servers. What is the first thing you should do after meeting with your manager to get an understanding of what types of attacks are acceptable?A. Crack the passwords.B. Have a legal document drafted.C. Test the plan.D. Buffer overflow attacks. C. Port scanner Which of the following tools will help you identify what services are running on the system?A. HoneynetB. SnifferC. Port scannerD. Honepot D. Enable logging You have configured a system to use a honeypot and have ensured that you have configured the security on the system so that it is not too easy for a hacker to get in. What else should you configure on the honeypot?A. Have a blank password on the administrative account.B. Configure a Trojan virus.C. Open extra ports on the system.D. Enable logging. A. John the Ripper You wish to assess the passwords that are used on the network and see how easy it is to crack users passwords. What tool will you use?A. John the Ripper.B. nmapC. LanGuardD. Nessus B. nmap Which of the following tools are considered to passive tools?A. John the Ripper.B. nmapC. Cain & AbelD. Sniffer B. nmap -sS 192.168.2.0/24 -p 1433 Your manager has just heard of a new exploit against SQL Servers and would like to locate the SQL Servers on the 192.168.2.0 network. Which of the following would accomplish this goal?A. ping -t 192.168.2.0B. nmap -sS 192.168.2.0/24 -p 1433C. dig www.gleneclarke.comD. nmap -sS 192.168.2.0/24 -p 3389 C. Passive A vulnerability scan is considered a safe assessment method because it uses what type of testing?A. ActiveB. IntrusiveC. PassiveD. Pen-test A. Cain & Abel Which of the following tools can be used to crack passwords on a system when performing a penetration test?A. Cain & AbelB. digC. nmapD. nslookup D. Honeynet What is the term used for a group of systems that have been configured to lure the hacker away from production systems?A. HoneypotB. LANC. DMZD. Honeynet B. Black box Your manager has hired a consultant to perform a penetration test. She asks that you not give the tester any details of the company or the configuration. What type of test is she looking to have performed.A. White boxB. Black boxC. Gray boxD. Juke box C. BackTrack Which of the following is a penetration-testing toolset that has hacking tools preinstalled for your use during a penetration test. B. PassiveE. Non-intrusiveF. Identify Misconfiguration Choose the characteristics that are affiliated with a vulnerability scan. (Choose three)A. IntrusiveB. PassiveC. Bypass Security ControlsD. ActiveE. Non-intrusiveF. Identify Misconfiguration A. IntrusiveC. Bypass Security ControlsD. Active Choose the characteristics that are affiliated with a penetration test. (Choose three)A. IntrusiveB. PassiveC. Bypass Security ControlsD. ActiveE. Non-intrusiveF. Identify Misconfiguration A. Protocol analyzerB, C, and D are incorrect. Port scanners identify running services on a host. For example, a running web server might show TCP port 80 as being open. Vulnerability scanners test network devices and hosts for weaknesses and will often generate reports and should be used only after proper authorization has been granted. Password crackers use repeated attempts to guess a password and are often automated. As part of your security audit, you would like to see what type of network traffic is being transmitted on the network. Which type of tool should you use?A. Protocol analyzerB. Port scannerC. Vulnerability scannerD. Password cracker C. Vulnerability scannerA, B, and D are incorrect. Protocol analyzers capture network traffic. Port scanners list some or all open ports on one or more hosts. Password crackers repeatedly attempt to determine a password. Although port scanners and password crackers could be used to test system security, avulnerability scanner provides much more data about computer security, including open ports and vulnerable password settings. A network consists of 250 computers. You must determine which machines are secure and which are not. Which type of tool should you use?A. Protocol analyzerB. Port scannerC. Vulnerability scannerD. Password cracker B. HoneypotA, C, and D are incorrect. The question stated activity tracking on a single host, not a network of hosts. There is no such thing as a DMZ tracker. Web servers are not tools to track malicious activity; web servers deliver content to web browsers. You would like to focus and track malicious activity to a particular host in your DMZ. What should youconfigure?A. HoneynetB. HoneypotC. DMZ trackerD. Web server D. Port scannerA, B, and C are incorrect. Vulnerability scanners can detect open ports as well as many more items; if all that is required is a list of open TCP and UDP ports, a port scanner is a better (and faster) choice. Packet sniffers capture network traffic, and from that captured traffic you can see port numbers in the TCP and UDP packet headers, but you cannot identify exactly which ports are open on a host. Performance Monitor is a Windows tool used to measure and monitor performance metrics of a Windows computer; it does not scan for open ports. Which of the following would you employ to determine which TCP and UDP ports on a host are open?A. Vulnerability scannerB. Packet snifferC. Performance MonitorD. Port scanner A. Risk analysisB, C, and D are incorrect. Vulnerability assessments identify and prioritize potential threats and are performed during a risk analysis. Port scanning identifies open TCP and UDP ports; the impact of the open ports is not determined. Network mapping refers to the process of creating a map of the network layout, its configuration, and its computer systems. Threats are not identified. Which procedure identifies assets, threats, and risks and also determines methods to minimize theimpact of these threats?A. Risk analysisB. Vulnerability assessmentC. Port scanningD. Network mapper Upgrade to remove ads Only $2.99/month B. Baseline analysisA, C, and D are incorrect. Trend analysis refers to the collection of data in hopes of identifying a pattern. Performance Monitor is a tool for Windows computers that measures performance metrics such as CPU and memory utilization. Risk analysis identifies assets and related risks along with methods to minimize business disruption. A technician must identify deviations from normal network activity. Which task must she first perform?A. Trend analysisB. Baseline analysisC. Performance monitoringD. Risk analysis D. Code reviewA, B, and C are incorrect. Although risk assessment might involve code review, risk management also includes identifying assets and threat mitigation. Patch management involves the orderly application of software updates to hosts. Debugging implies the developer is aware of a specific problem with the code; analyzing code for errors would occur before debugging. A developer analyzes source code to ensure there are no errors or potential security risks. Which termbest identifies this activity?A. Risk assessmentB. Patch managementC. DebuggingD. Code review B. The computer has a large attack surface.A, C, and D are incorrect. The question asks about security, not faster performance. Computers generally run faster with patches applied and fewer services running. Because unnecessary services have not been disabled, the machine has a larger attack surface than it otherwise should. In addition, the computer might be performing slower because extra unnecessary services may be running. A Windows computer has not been patched and the unnecessary services have not been disabled.Which of the following statements is true regarding security?A. The computer will perform faster.B. The computer has a large attack surface.C. The computer has a small attack surface.D. The computer will perform slower. C. Penetration testingA, B, and D are incorrect. Vulnerability analysis identifies and classifies potential threats and is considered passive, or non-intrusive, since it does not attempt to exploit weaknesses. Network mapping plots the network layout using a discovery tool. Risk assessment does not simulatenetwork attacks; it is used to identify business threats and how to mitigate them. A network security auditor simulates various network attacks against a corporate network. Which term best defines this procedure?A. Vulnerability analysisB. Network mappingC. Penetration testingD. Risk assessment A. HoneynetB, C, and D are incorrect. The question stated a collection of hosts, not a single (honeypot) host. Firewalls and proxy servers should never be left intentionally vulnerable. Your manager asks you to configure a collection of purposely vulnerable hosts in a DMZ for the purpose of tracking hacking attempts. What term best describes what you are configuring?A. HoneynetB. HoneypotC. FirewallD. Proxy server A. File and Print SharingB, C, and D are incorrect. Web servers typically use TCP port 80 (clear text) or 443 (SSL). Mail servers use a variety of ports depending on their type and role. For example, Simple Mail Transfer Protocol (SMTP) servers listen on TCP port 25. Remote Desktop Protocol uses TCP port 3389. You run a vulnerability scan on subnet 192.168.1.0/24. The results state TCP ports 135 through 139 are open on most hosts. What does this refer to?A. File and Print SharingB. Web serverC. Mail serverD. Remote Desktop Protocol C. Design reviewA, B, and D are incorrect. Penetration testing simulates attacks against hosts or networks to test their security. Risk assessment determines which assets need protection from risks and how to minimize the threat impact. A code review refers to the analysis of computer source code to ensurethat it functions as intended and does not contain errors or security holes. You are a network consultant in charge of creating a wireless network infrastructure for a hotel. Toward the end of the implementation, your team evaluates the project to ensure that it meets the original stated requirements. What is this called?A. Penetration testingB. Risk assessmentC. Design reviewD. Code review B. Use WPA2 PSK.A, C, and D are incorrect. WPA2 Enterprise requires a central authentication server; the average user will not have one at home. Disabling the Service Set Identifier (SSID) suppresses the WLAN name from appearing in Wi-Fi beacon packets, but this is easily circumvented with freely available tools. Changing the SSID name may make it difficult for a hacker to identify what he is breaking into, but WPA2 PSK is a much more secure solution. After careful log examination, you realize somebody has hacked into your WEP-secured home wireless network. What can you do to further secure wireless traffic?A. Use WPA2 Enterprise.B. Use WPA2 PSK.C. Disable SSID broadcasting.D. Change the SSID name. C. Periodically test network security controls.A, B, and D are incorrect. Patching an operating system, updating the BIOS, and upgrading Microsoft Office are all important for a single host's security, but the question asks about network security; therefore, C is the best answer. What should be done to ensure that your network security is effective?A. Patch all operating systems.B. Update the BIOS on all systems.C. Periodically test network security controls.D. Upgrade to the latest version of Microsoft Office. A. Capturing network trafficB, C, and D are incorrect. Brute-force password attacks, disk decryption, and OS fingerprinting all must interact directly with a computer system and might affect the performance or normal operation of that host. Which of the following is considered passive security testing?A. Capturing network trafficB. Brute-force password attackC. Dictionary-based disk decryptionD. OS fingerprinting A. A domain administrative account is used as a service account.B, C, and D are incorrect. Some services run on Windows domain controller computers and must use an Active Directory account. Using Windows Server Update Services (WSUS) to update client workstations is considered ideal; this is not a security misconfiguration. The Windows Guestaccount is disabled by default in newer Windows versions. It should not be enabled in the interest of security and user auditing. From the following list, identify the security misconfiguration:A. A domain administrative account is used as a service account.B. An Active Directory account is used as a service account.C. Windows stations receive updates from a Windows Server Update Services (WSUS) server instead of the Internet.D. The Windows Guest account is disabled. A. Black boxB, C, and D are incorrect. White-box testing means the testers have been given details regarding the item they are testing, such as software source code or network diagrams. Testers have a minimal knowledge of the internals of software or network configuration when conducting gray-box testing. This enables testers to make better informed testing decisions. Blue-box testing does not exist; in the past, a blue box was a device used to make free long-distance telephone calls. A security-auditing team has been hired to conduct network penetration tests against a network. The team has not been given any data related to the network or its layout. What type of testing will the team perform?A. Black boxB. White boxC. Gray boxD. Blue box D. Port scannerA, B, and C are incorrect. A packet sniffer captures transmitted network traffic, but it cannot determine whether RDP is available on 192.168.17.45. Virus scanners look for malicious code; they do not test for open ports on remote hosts. Wireless scanners list wireless networks within range;they do not perform port scans. You are having trouble pinging host 192.168.17.45; there are no replies. One of your users must use the Remote Desktop Protocol (RDP) against the host to run an application. You cannot test RDP for the user, because you are currently logged on locally to a Linux server with only a command line. What can you use to determine quickly whether RDP is running on 192.168.17.45?A. Packet snifferB. Virus scannerC. Wireless scannerD. Port scanner C. WPA2A, B, and D are incorrect. WEP encryption is easily broken, sometimes within seconds with freely available tools, and the same goes for WPA. WPA supersedes WEP, but WPA2 is superior to WPA. WPA3 does not exist (yet). After conducting a security audit, you inform the network owner that you discovered two unencrypted wireless networks. Your client asks how best to secure wireless traffic. Which of the following is the most secure wireless network encryption?A. WEPB. WPAC. WPA2D. WPA3 A. Network mapperB, C, and D are incorrect. Protocol analyzers capture only transmitted network traffic; they do not scan for network hosts or network configuration. Port scanners identify listening ports. Virus scanners protect against malicious software on a host; they do not scan entire networks. A security auditor must determine what types of servers are running on a network. Which type of tool should be used?A. Network mapperB. Protocol analyzerC. Port scannerD. Virus scanner A. 802.1xB, C, and D are incorrect. WEP encryption is easily defeated with freely available tools, so it is not a secure choice. WPA PSK is more secure than WEP, but WPA2 PSK would be a more secure choice if it were listed. Disabling the SSID broadcast will stop only very inexperienced wirelesshackers. 802.1x is the most secure option from the presented list. A security auditor discovers open wireless networks. She must recommend a secure solution. Which of the following is the most secure wireless solution?A. 802.1xB. WEPC. WPA PSKD. Disabling SSID broadcast D. Price of server licensingA, B, and C are incorrect. Locked server rooms, wireless encryption, and patching status are all valid considerations during a security audit because they directly impact how secure data systems are. Other best practices include a clean desk policy to prevent the disclosure of sensitiveinformation, and encrypted backups stored both off site and on-premises in locked cabinets. Backups can be used to restore configurations and data in the event of data loss. Which of the following would not be considered during a security audit?A. Locked server roomsB. Wireless encryption in useC. Patch status of all hostsD. Price of server licensing A. If account lockout is enabled, administrative accounts could be locked out as a result of repeated password attempts.B. If account lockout is not enabled, administrative accounts could be subjected to password attacks.C and D are incorrect. Account lockout impedes the success of password attacks by locking the account for a time after a small number of successive incorrect passwords. Not configuring account lockout means password-cracking tools such as John the Ripper could run against admin accounts incessantly; through persistence, attackers would most likely crack account passwords. While auditing a Windows Active Directory environment, you discover that administrative accounts do not have configured account lockout policies. Which of the following are security concerns? (Choose two.)A. If account lockout is enabled, administrative accounts could be locked out as a result of repeated password attempts.B. If account lockout is not enabled, administrative accounts could be subjected to password attacks.C. If account lockout is enabled, administrative accounts could be subjected to password attacks.D. If account lockout is not enabled, administrative accounts could be locked out as a result of repeated password attempts. A. White boxB, C, and D are incorrect. Black-box testing provides no information at all to system testers. Gray-box testing provides some, but not detailed, information to testers, which enables a more informed testing environment. Blue-box testing does not exist in this context. Which type of security testing provides network configuration information to testers?A. White boxB. Black boxC. Gray boxD. Blue box B. Vulnerability scannerA, C, and D are incorrect. Packet sniffers such as the UNIX-based tcpdump or the Windows- and Linux-based Wireshark are not designed to look for vulnerabilities; they simply capture transmitted network packets. There is no such thing as a risk scanner. Port scanners do not identify security threats; they list open TCP and UDP ports. Which type of tool scans for known security threats on a group of computers?A. Packet snifferB. Vulnerability scannerC. Risk scannerD. Port scanner C. HoneypotA, B, and D are incorrect. Patch servers ensure that software on network hosts is kept up to date. Honeynets are a collection of two or more honeypots; the question specifically states a single host. Virus scanners would not detect zero-day exploits. A zero-day exploit is a vulnerability that has not yet been made known to the software author or virus scanner. You would like an unused host to log zero-day exploit activity. What should you configure?A. Patch serverB. HoneynetC. HoneypotD. Virus scanner A. Remote Authentication Dial-In User Service (RADIUS)B, C, and D are incorrect. WEP is not a centralized authentication mechanism; it must be configured on each access point and client station. WPA2 PSK must also be configured on each access point and client. Temporal Key Integrity Protocol (TKIP) uses key mixing and packetssequence counters to enhance security. Temporal Key Integrity Protocol (TKIP) is used with WPA to address the lack of security offered by WEP. A large wireless network currently uses WPA PSK. As part of your network audit findings, yourecommend a centralized wireless authentication option. What should you recommend?A. Remote Authentication Dial-In User Service (RADIUS)B. WEPC. WPA2 PSKD. Temporal Key Integrity Protocol (TKIP) C. Banner grabA, B, and D are incorrect. Denial-of-service attacks render a network service unavailable for legitimate use; in this case, we have nothing more than information gathering. Port scanning returns ports in use on a host; in this example, we already know that port 25 is in a listening state. Mail grabis not a legitimate term. You are performing a network penetration test for a client. From a command prompt, you issue thecommand telnet smtp1.acme.com 25 to see what information is returned. Which term refers to whatyou have done?A. Denial of serviceB. Port scanC. Banner grabD. Mail grab A. Design reviewB, C, and D are incorrect. Application security architecture review is focused on a particular application and not a network VPN implementation. VPN and network review do not describe the scenario as well as design review. Your company hired a consultant to implement a secure VPN solution using PKI certificates andsmartcard authentication. Mark, your boss, has asked you to evaluate the implementation to ensure that the solution addresses the original need. Which term best describes what you will be doing?A. Design reviewB. Application security architecture reviewC. VPN reviewD. Network review D. The consultant ran a credentialed scan.A, B, and C are incorrect. The subnet mask and IP address are correct and can be verified on a Windows host using ipconfig and on a Linux host using ifconfig or ip addr show. The consultant did not run a noncredentialed scan; he ran a credentialed scan. Tribbles Inc. recently hired a security consulting firm to perform a security audit of its network at itsVulcan, Alberta, location. An excerpt of the audit findings is listed here:Date: March 6, 2013 4:53am ESTTask performed: Network vulnerability scanPerformed by: Lennard KneemoyIP Subnet: 14.65.0.0 / 16Credential used: Tribbles\AdministratorResults: We were able to connect to most hosts without specifying a password.Recommendation: Harden network hosts.What is wrong with the audit findings?A. The subnet mask is incorrect.B. The IP address range is incorrect.C. The consultant ran a noncredentialed scan.D. The consultant ran a credentialed scan. A. The e-mail messages in question are generating false positives.B, C, and D are incorrect. False positives and negatives do not generate e-mail messages, but the opposite is possible. False negatives are described as problematic security occurrences that did not generate some type of alert. A user complains that legitimate e-mail messages from some customers are incorrectly flagged as spam by the corporate mail server. How might you explain what is happening to your user?A. The e-mail messages in question are generating false positives.B. The false positives are generating e-mail messages.C. The e-mail message in question are generating false negatives.D. The false negatives are generating e-mail messages. B. 192.168.1.0 is a reserved private network address.A, C, and D are incorrect. The access-list value does not have to be 55. Cisco routers use the binary reverse subnet mask, so a /24 bit subnet mask (255.255.255.0) is expressed as 0.0.0.255; this is correct in this scenario. Rebooting a router after configuring access lists is not required. Acme Inc. uses the 199.126.129.0/24 network address range in its DMZ. You are configuring the firewall separating the DMZ from the private network so that traffic from DMZ hosts is allowed into the private network. You issue the command router(config)#access-list 45 permit 192.168.1.0 0.0.0.255. What is the problem with this configuration?A. Access-list 55 must be used.B. 192.168.1.0 is a reserved private network address.C. The subnet mask in the router command is incorrect.D. The router needs to be rebooted. A. Set a CMOS password.B, C, and D are incorrect. Disk mirroring duplicates all disk writes to a separate disk; this is considered high availability, not hardening. File hashes are unique values for files that change in any way. This is useful for ensuring a file has not changed or been tampered with, but it does not make sense for traveling user laptops. Verbose logging is helpful when troubleshooting, but it does not secure a laptop. Employee laptops must be secured when employees travel for business purposes. What can you do to harden user laptops?A. Set a CMOS password.B. Configure disk mirroring.C. Generate file hashes for all hard disk files.D. Enable verbose logging. D. When comparing normal activity with current activityA, B, and C are incorrect. Penetration testing involves security technicians first gathering information through reconnaissance techniques and then issuing common attacks against networks and hosts to identify threats. To mimic malicious user techniques, security technicians will often use exploitation framework tools such as The Browser Exploitation Framework to test system security. After taking advantage of initial weaknesses such as gaining network access, technicians can further exploit additional vulnerabilities such as hosts unprotected by firewalls. This technique is called pivoting. Hardening hosts is unrelated to baseline reporting. When is baseline reporting useful?A. When conducting a penetration testB. When hardening DNS serversC. When hardening HTTPS serversD. When comparing normal activity with current activity B. They could degrade network performance.A, C, and D are incorrect. Penetration tests are supposed to identify security threats; this is a good thing. Generating excessive logging and pen test costs are not as good a reason to skip a penetration test as the danger involved. Why are penetration tests sometimes not recommended?A. They can identify security threats.B. They could degrade network performance.C. They could generate too much logging data.D. They are expensive. D. nslookupA, B, C, and E are incorrect. The netstat command is used to display TCP, UDP, IP and ICMP protocol statistics for both IPv4 and IPv6 on modern operating systems such as Windows 10. The address resolution protocol (arp) command is used to view and manage configurations related to IP address to MAC address mappings. The ping and tracert commands use ICMP to test whether or not a network host responds to ping echo requests. Take note that many modern firewalls block ICMP traffic. You need to verify whether DNS servers allow DNS zone transfers to all hosts. Which built-in operating system command should you use?A. netstatB. arpC. pingD. nslookupE. tracert
..
Need-to-know principle The release-of-information principle based on the minimum necessary standard that means that only the information needed by a specific individual to perform a specific task should be released; key word, access information Least Privilege Principle A subject should be given only those privileges necessary to complete its task; includes both data permissions and rights to perform tasks on systems Entitlement The amount of privileges granted to users typically when first provisioning an account Aggregation Privileges that a user collects over time; ex. If user moves from one department to another over time Transitive trust Trust relationship between two security domains; allows subjects in one domain to access objects in the other domain Separation of duties and responsibilities Ensures no single person has total control over a critical function or system Separation of privileges Provide mechanisms that separate the privileges used for one purpose from those used for another; grants specific processes only the privileges necessary to perform certain functions; requires the use of granular rights and permissions Segregation of Duties Similar to separation of duties and responsibilities policy, but also combines principle of least privilege; goal is to ensure individuals do not have excessive system access that may result in conflict of interest; **conflict of interest** Two-person control (or Two-man rule) Requires the approval of two individuals for critical tasks; ensures peer review and reduces the likelihood of collusion and fraud Split knowledge Combines concepts of separation of duties and two person control into a single solution; no single person has privileges to compromise the entire environment Protecting physical assets Locate sensitive physical assets toward the center of building Job rotation (cross training) training that requires an individual to learn several different jobs in a work unit or department and perform each job for a specified time period; provides peer review, reduces fraud, and enables cross training Mandatory Vacations When an organization requires that an employee take a certain amount of days of vacation consecutively; provides peer review, and helps detect fraud and collusion; if an employee commits fraud, the person taking over responsibilities can discover it Info lifecycle CCS-UADCreation/Capture (can be created by users, systems, or captured by downloads)Classification (do this as soon as possible)Storage (primarily disk drives, encrypted, on site and off site)Usage (in use or in transit)Archive (to comply with laws/regs, or to backup valuable data)Destruction or Purging (not just deleting the files) Service Level Agreement (SLA) A negotiated agreement between the customer and the vendor. The SLA may specify the levels of availability, serviceability, performance, operation, or other commitment requirements. Dures Useful when personnel are working alone; a button that sends a distress call; code phrase can be used to indicate that everything is ok; MOU Less formal than an SLA, and doesn't include monetary penalties if one of the parties doesn't meet its responsibilities Hypervisor Manages the VMs, virtual data storage, and virtual network components Software Licensing Ensure license keys aren't leaked outside the organization; also, ensure that systems don't have unauthorized software installed Travel considerations Sensitive data should NOT be stored on devicesMalware and monitoring devices can be installed if you don't maintain physical control of a systemFree WiFi, don't use itUse VPN to crest a secure connection Hardware inventories Barcode or RFID method... sanitize equipment to remove all data before disposing of equipment, removes all data to ensure unauthorized personnel do not gain access to info Cloud Service Provider (CSP) A company that provides cloud computing services. Security Impact Analysis Experts evaluate changes to ID any security impacts before personnel deploy changes Virtual Machines Guest OS hosted on physical servers VDI (Virtual Desktop Infrastructure) Is a virtualization technology that hosts a desktop operating system on a centralized server in a data center. SDN (Software Defined Networking) aims at separating the infrastructure (hardware) layer from the control layer-directly programmable from a central location, flexible, vendor neutral, based on open standards.-basically just "network virtualization"- allows data transmission paths, comm decision trees, flow control to be virtualized Virtual Storage Area Network (VSAN) Dedicated high speed network that hosts multiple storage devices; often used with servers that need high speed access to data Hypervisor Security Risk As an additional layer of software, it represents an additional attack surface; if an attacker can gain physical access, it can access all the virtual systems***many of the same security requirements apply to virtualization Software as a Service (SaaS) delivers applications over the cloud using a pay-per-use revenue model***CSP is responsible for ALL maintenance Platform as a Service (PaaS) supports the deployment of entire systems including hardware, networking, and applications using a pay-per-use revenue model***CSP is responsible for maintenance of the host and underlying cloud infrastructure; consumers manage their apps Infrastructure as a Service (IaaS) delivers hardware networking capabilities, including the use of servers, networking, and storage, over the cloud using a pay-per-use revenue model***consumers install operating systems and apps and perform all Mx on OS and apps; CSP maintains infrastructure Public Cloud promotes massive, global, and industrywide applications offered to the general public Sponsored by Protect the Promise Don't mess with Medicare Take action to protect Medicare drug benefits for America's most vulnerable populations. See More Private Cloud serves only one customer or organization and can be located on the customer's premises or off the customer's premises community cloud Two or more organizations Hybrid Cloud includes two or more private, public, or community clouds, but each cloud remains separate and is only linked by technology that enables data and application portabilityMaintenance responsibilities rest with who is hosting the assets Tape media Used to store backups; highly susceptible to loss due to corruption; magnetic fields can erase and corrupt data-best practice: orgs keep two copies of backups (one on site and one off site)-keep clean storage area-do not expose to magnetic fields (elevator motors and some printers)-avoid heat, dust, environment, appropriate security based on classification Choose Your Own Device (CYOD) Employees choose from a limited selection of approved devices but the employee pays the upfront cost of the device while the business owns the contract. Mobile Device Management (MDM) remotely controls smart phones and tablets, ensuring data securityAdministrators register employee devices with an MDM system- encryption- screen lock- GPS- Remote Wipe Mean time to failure (MTTF) The average amount of time expected until the first failure of a piece of equipment.Usually calculated for items that won't be repaired when they fail***Once backup media has reached its ____ , it should be destroyed (either bulk shredder or incinerator)***most orgs simply destroy SSDs Baseline Within context of config management, this is the starting point for a system; can be done with checklists, but prone to human error; it's better to use scripts and automated operating system tools to implementExample is Microsoft Group Policy Using Images for Baselining 1) admin installs OS, apps, and relevant security settings to meet needs of org2) admin captures an image of the system using imaging software and stores it on a server3) personnel deploy the image to systems as needed Change management Helps reduce unanticipated outages caused by unauthorized changes***primary goal is to ensure that changes don't cause outages Change Management Process 1 - Request Change2 - Review Change3 - approve/reject change4 - test the change5 - schedule and implement the change6 - document the change Versioning saving previous or incremental versions of programs or files; software or configuration managementFirst version 1.0First minor update 1.1First major update 2.0 Patch Management the process of regularly applying patches and updates to softwareStepsEvaluate patchesTest patchesApprove patchesDeploy patchesVerify patches are deployed Vulnerability Management (2 elements) The cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.1-vulnerability scans2-vulnerability assessments Vulnerability Scans Automated tools designed to identify whether a given system possesses any well-known vulnerabilities.Database is used for known security issuesNessus is popular vulnerability scanner Vulnerability Assessments Include vulnerability scans, but does more; done as part of risk analysis or risk assessment to ID vulnerabilities at a point in time Common Vulnerabilities and Exposures (CVE) A dictionary of publicly known security vulnerabilities and exposures.
..
Cloud Computing A model for enabling ubiquitous, convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services)that can be rapidly provisioned and released with minimal management effort or service provider interaction. Broad network access Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Rapid Elasticity computing resources can be rapidly provisioned, increased, or decreased to meet changing user demand Measured Service Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service on demand self service A cloud service consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. Resource pooling The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. Cloud Service Models software as a service (SaaS)platform as a service (Paas)Infrastructure as a service (IaaS) SaaS (Software as a Service) provides service to customer in the form of software, specifically application software, running on and accessible in the cloud (EX: google, gmail, microsoft 365, salesforce, citrix) Platform as a service (PaaS) A cloud provides service to customers in the form of a platform on which the customer's applications can run.Enables the customer to deploy onto the cloud infrastructure customer created or accquired applications.A cloud provides useful software building blocks, plus a number of development tools, suchas programming language tools, runtime environments, and other tools that assist in deploying new applications.It is useful for an organization thatwants to develop new or tailoredapplications while paying for theneeded computing resources only asneeded, and only for as long asneeded Infrastructure as a service (IaaS) the customer has access to the resources of the underlying cloud infrastructure.The cloud service user does not manage or control the resources of the underlying cloud infrastructure, but has control over operating systems, deployed applications, and possibly limited control of select networking components. Provides virtual machines and other virtualized hardware and operating systems.Offers the customer processing, storage, networks, and other fundamental computing resources so the customer is able to deploy and run arbitrary software, which can include operating systems and applications.Example: Amazon elastic compute cloud, microsoft windows azure, google compute engine and rackspace. the four most prominent deployment models for cloud computing are public cloud, community cloud, private cloud, hybrid cloud. Public Cloud A public cloud infrastructure is made available to the general public or a large industry group, and is owned by an organization selling cloud services.A public cloud may be owned, managed, and operated by a business, academic, or government organization, or some combination of them.Applications and storage are made available over the internet via secured IP, and can be free or offered a pay per usage fee.The principal concern is security. Private cloud A private cloud is implemented within the internal IT environment of the organization.The organization may choose to manage the cloud in house or contract the management function to a third party.The cloud servers and storage devices may exist on premise or off premise.Private clouds can deliver IaaS internally to employees or business units through an intranet or the Internet via a virtual private network (VPN), as well as software or storage as services to its branch offices.Examples of services delivered through the private cloud include database on demand, email on demand, and storage on demand.A key motivation for opting for a this cloud is security. Community cloud This cloud share characteristic of private and public clouds. Has restricted access like a private cloud.The organization that share the community cloud have similar requirements and, typically a need to exchange with each other. An example would be the health care industry.The cloud infrastructure may be managed by the participating organizations or a third party, and may exist on premise or off premise. Hybrid cloud This cloud infrastructure is a composition of two or more clouds(private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.With this cloud solution, sensitive information can be placed in a private area of the cloud, and less sensitive data can take advantage of benefits of the public cloud.In this public/private cloud solution can be particularly attractive for smaller business.Many applications for which security concerns are less can be offloaded at considerable cost savings without committing the organization to moving more sensitive data and applications to the public cloud. security issues security is a major consideration when augmenting or replacing on-premises systems with cloud services.Allaying security concerns is frequently a prerequisite for further discussions about migrating part or all of an organization's computing architecture to the cloud.availability is another major concern..Business should perform due diligence on security threats both from outside and inside the cloud. cloud users are responsible for application level security. cloud vendors are responsible for physical security and some software security. Abuse and nefarious use of cloud computing. Counter measure include: Stricter initial registration and validation processes. Enhanced credit card fraud monitoring and coordination. comprehensive inspection of customer network traffic. Monitoring public blacklists for one's own network blocks. Insecure interfaces and APIs Counter measure include: Analyzing that strong authentication and access controls are implemented in concert with encrypted transmission. Understanding the dependency chain associated with the API. Malicious insiders • Countermeasures include:• Enforce strict supply chain management and conduct acomprehensive supplier assessment• Specify human resource requirements as part of legal contract• Require transparency into overall information security andmanagement practices, as well as compliance reporting• Determine security breach notification processes Shared technology issues Countermeasures include:• Implement security best practices for installation/configuration• Monitor environment for unauthorized changes/activity• Promote strong authentication and access control foradministrative access and operations• Enforce SLAs for patching and vulnerability remediation• Conduct vulnerability scanning and configuration audits Data loss or leakage Countermeasures include:• Implement strong API access control• Encrypt and protect integrity of data in transit and at rest• Analyze data protection at both design and run time• Implement strong key generation, storage and management, anddestruction practices Account or service hijacking Countermeasures include:• Prohibit the sharing of account credentials between users andservices• Leverage strong two-factor authentication techniques where possible• Employ proactive monitoring to detect unauthorized activity• Understand CSP security policies and SLAs Cloud Security •Identity and access management• Data loss prevention• Web security• E-mail security• Security assessments• Intrusion management• Security information and event management• Encryption• Business continuity and disaster recovery• Network security The Internet of Things (IoT) IoT is a term that refers to the expanding interconnection of smart devices, ranging fromappliances to tiny sensors. A dominant theme is the embedding of short-range mobile transceivers into a wide array of gadgets and everyday items, enabling new forms of communication between people and things, and between things themselves. The Internet supports the interconnectivity usually through cloud systems Internet of thing primarily driven low-bandwidth, low-repetition data capture, and low bandwidth data-usage appliances that communicate with each other and provide data via user interfaces. Internet of thing primarily driven Embedded appliances, such as high-resolution video security cameras, video VoIP phones, and a handful of others, require high-bandwidth streaming capabilities. Information Technology (IT) Any computer-based tool that people use to work with information and support the information and information-processing needs of an organization Operational technology (OT) Machines/appliances with embedded IT built by non-IT companies, such as medical machinery, SCADA, process control, and kiosks, bought as appliances by enterprise OT people, primarily using wired connectivity. Personal Technology Smartphones, tablets, and eBook readers bought as IT devices by consumers (employees) exclusively using wireless connectivity and often multiple forms of wireless connectivity. Sensor/actuator technology Single-purpose devices bought by consumers, IT and OT people exclusively using wireless connectivity, generally of a single form, as part of larger systems Privacy Requirement • Communication security• Data management security• Service provision security• Integration of security policies and techniques• Mutual authentication and authorization• Security audit
..
Te primary purpose for ___________________ practices is to safeguard information assets that reside on the system. security operations What are the 2 standard principles in any secure IT system? Need to know and least privilege The ____________ principle imposes the requirement to grant users access only to data or resources they need to perform assigned work tasks. The primary purpose of this is to keep information secret. need to know The ______________ states that subjects are granted only the privileges necessary to perform assigned work tasks and no more. Applies to subjects, applications, and processes. principle of least privilege ___________________ refers to the amount of privileges granted to users, typically when provisioning an account. Entitlement ______________ in the context of least privilege refers to the amount of privileges that users collect over time. Aggregation A ____________ exists between 2 security domains, which could be within the same organization or between different organizations. It allows subjects in one domain to access objects in the other domain. nontransitive trust _____________ extends the trust relationship between the two security domains to all of their subdomain. Transitive trust _____________ ensures that no single person has control over a critical function or system. Forces people to collude if they want to do something illegal/fraudulent. Separation of duties/responsibilities _______________ requires the use of granular rights and permissions. Separation of privilege ____________ is similar to a separation of duties and responsibilities policy, but it also combines the principle of least privilege. The goal is to ensure that individuals do not have excessive system access that may result in a conflict of interest. Segregation of duties What law specifically requires companies to abide by a segregation of duties policy? Sarbanes-Oxley Act of 2002 (SOX) The ________________ is similar to segregation of duties. It requires the approval of two individuals for critical tasks. two-person control/two man rule ______________ combines the concepts of separation of duties and two-person control into a single solution. The basic idea is that the information or privilege required to perform an operation be divided among two or more users. This ensures that no single person has sufficient privileges to compromise the security of the environment. Split knowledge _____________ means simply that employees are rotated through jobs, or at least some of the job responsibilities are rotated to different employees. It is both a deterrent and detective mechanism. Job rotation/rotation of duties _____________ provide a form of peer review and helps detect fraud and collusion. A deterrent and detection mechanism. Mandatory vacations _____________ are activities that require special access or elevated rights and permissions to perform many administrative and sensitive job tasks. Examples of these operations/tasks include creating new accounts, adding new routes to the router table, altering the firewall configurations, accessing audit logs, changing system time, etc. Special privileges operations Accounts granted elevated privileges are often referred to as ________________ that have access to special, higher-order capabilities inaccessible to normal users. privileged entities ____________ data ensures that personnel can easily recognize the data's value. This includes systems that process that data. Marking ____________ data primarily refers to transporting data, and the key is to provide the same level of protection for the data during transport as it has when it is stored. Handling ____________ data requires that storage locations protect against losses. Physical security matching the level of data importance should exist on both used copies and backups. Storing __________ data requires that when data is no longer needed, it should be destroyed in a way that is not readable. Destroying A _______________ is an agreement between an organization and an outside entity, such as a vendor. It stipulates performance expectations and often includes penalties if the vendor doesn't meet those expectations. Service-level agreement (SLA) _____________ document the intention of two entities to work together towards a common goal. Similar to an SLA, but less formal and doesn't include monetary penalties. Memorandum of understanding (MOUs) _______________ can be used if two or more parties plan to transmit sensitive data. This agreement provides information on how the two parties establish, maintain, and disconnect the connection. It can also identify the minimum encryption methods used to secure the data. Interconnection service agreements (ISAs) _______________ are useful when personnel are working alone. They allow someone working alone to send a distress call in the event of an emergency. Duress systems _______________ are databases/applications that keep track of hardware assets through the entire equipment life cycle. This can be done with bar codes/scans, RFID tags, or more ways. Hardware inventories Before disposing of equipment, personnel must __________ it, removing all data to ensure that unauthorized personnel do not gain access to sensitive information. Using checklists to ensure this process is done correctly is often done. Sanitize ______________ assets include the building and its contents. Controls to protect these include fences, barricades, locked doors, guards, CCTV, and more. Physical assets Virtualization extends beyond servers. _______________refers to a trent of replacing hardware with software using virtualization. Software-defined everything (SDx) _________________ run as guest operating systems on physical servers. The physical servers include extra processing power, memory, and disk storage. Virtual machines ___________________ decouple the control plane from the data plane (or forwarding plane). This kind of virtual network controller handles traffic-routing using simpler network devices that accept instructions from the controller, eliminating some of the complexity related to traditional networking protocols. Does this in place of traditional routers and switches. Software-Defined Networks The ____________ of a software-defined network uses protocols to decide where to send traffic. control plane The ___________ of a software-defined network includes rules that decide whether traffic will be forwarded. data plane _____________ are virtualized, dedicated high-speed networks that host multiple storage devices. Virtual Storage Area Networks (VSANs) The primary software component in virtualization is a _______________. This component manages the VMs, virtual data storage, and virtual network components. This component also increases the attack surfaces heavily considering its function. hypervisor ____________ assets include any resources that an organization accesses using cloud computing. Cloud-based ___________ refers to on-demand access to computing resources available from almost anywhere, and they are highly available and easily scalable. But since these resources are hosted outside of the direct control of the organization, their risk is more difficult to manage. Cloud computing Someone offering cloud computing services is known as a ___________________. In some cases, this person/organization is responsible for maintaining the assets, ensuring they remain functional, and keeping the system and applications up-to-date with patches and updates. cloud service provider What are the 3 kinds of cloud services as defined in NIST SP 800 -145? Software as a Service, Infrastructure as a Service, and Platform as a Service ________________ models provide fully functional applications typically accessible via a web browser. Things like Gmail. Software as a Service (SaaS) ______________ models provide consumers with a computing platform, including hardware, an OS, and applications. Consumers manage their applications and possibly some configuration settings on the host. Platform as a Service (PaaS) _______________ models provide basic computing resources to consumers, including servers, storage, and in some cases, networking resources. Consumers install OS's and applications. Infrastructure as a Service (IaaS) What are the 3 cloud deployment models that affect the breakdown of responsibilities of cloud-based assets? Public, private, community (and hybrid) A ___________ cloud model includes assets available for any consumer to rent or lease and is hosted by an external CSP. SLAs can be effective at ensuring the CSP provides the cloud-based services at an acceptable level to the organization. public The __________ cloud model includes cloud-based assets for a single organization. Organizations can create and host private clouds using their own resources. If they do this, the organization is responsible for all maintenance. However, organizations can also rent resources from a third party and split maintenance requirements based on the service model (SaaS, PasS, IaaS). private A ____________ cloud model provides cloud-based assets to two or more organizations. Maintenance responsibilities are shared based on who is hosting the assets and the service models. community _____________ cloud models include a combination of two or more clouds. Similar to a community cloud model, maintenance responsibilities are shared based on who is hosting the assets and the service models in use. Hybrid _______________ refers to the steps taken to protect media and data stored on media. It can also include technical controls to restrict devices access from computer systems. Media management _____________ is anything that can hold data, including tapes, CDs, DVDs, portable USB or FireWire drives, external SATA drives, internal hard drives, solid state drives, and USB flash drives. Media Reusable media is subject to a __________________ that is sometimes represented in the number of times it can be reused or the number of years you can expect to keep it. Once backup media has reached this time, it should be destroyed. mean time to failure (MTTF) _______________ helps ensure that systems are deployed in a secure consistent state, and maintain that state throughout their lifetime. Configuration management A ______________ is a starting point, typically the starting configuration for a system. Baseline Many organizations use ____________ for baselining in a 3 step process. images What is the primary goal of change management? To ensure that changes do not cause outages. The ______________ documents contain 5 core publications addressing the overall life cycle of systems. It is a common guide to many change management policies. Information Technology Infrastructure Library (ITIL) A change management process ensures that personnel can perform a ________________. security impact analysis. Change management is a mandatory element for some __________________ in the ISO common criteria. security assurance requirements (SARs) _______________ typically refers to version control used in software configuration management. It differentiates between different software sets and configurations across multiple machines or at different points in time on a single machine. Versioning ________________ identifies the current configuration of systems and who is responsible for the system and the purpose of the system, and lists the changes applied to the baseline. Configuration documentation ____________ is a blanket term for any type of code written to correct a bug or vulnerability or improve the performance of existing software. This includes operating systems or applications. Also called updates, quick fixes, and hot fixes. Patch ______________ are collections of patches that bring a system up-to-date with current patches. Service packs An effective _______________ program ensures that systems are kept up-to-date with current patches. Patch management ______________ refers to regularly identifying vulnerabilities, evaluating them, and taking steps to mitigate risks associated with them. Vulnerability management _____________ are software tools used to test systems and networks for known security issues. Vulnerability scanners A _______________ analyzes all of the vulnerability scan reports over a period of time to determine if the organization is addressing vulnerabilities. Vulnerability assessment Vulnerabilities are commonly referred to using the _______________________ dictionary. It provides a standard convention used to identify vulnerabilities. It is maintained by MITRE. Commonly used by patch management and vulnerability management tools. Common Vulnerabilities and Exposures (CVE)
..
Computer Crime / cybercrime Computer network is a tool or target for criminal activity Cybercrime Activities Illegal accessIllegal InterceptionData Interference (unauth Deletion alteration of data)System InterferenceMisuse of devicesComputer-related forgeryComputer-related fraudOffenses related to child pornographyInfringements of copyright and related rightsAttempt and aiding or abetting European Union Data Protection Directive Rules by which EU member states should create laws.1. Ensures that member states protect fundamental privacy rights when processing personal information2. prevents member states from restricting the free flow of personal information within the EU.Personal information directives are organized into the following categories.Notice, Consent, Consistency, Access, Security, Onward Transfer, and Enforcement. United States 1974 Privacy Act Privacy Initiative that1. Permit individuals to determine what records pertaining to them are collected, maintained, used, or disseminated.2. Permit individuals to forbid records obtained for one purpose to be used for another purpose without consent.3. Permit individuals to obtain access to records pertaining to them and to correct and amend such records as appropriate.4. Ensure that agencies collect, maintain, and use personal information in a manner that ensures that the information is current, adequate, relevant, and not excessive for its intended use.5. Create a private right of action for individuals whose personal information is not used in accordance with the Act. Banking and financial records Personal banking information is protected in certain ways by a number of laws, including the recent Financial Services Modernization Act Credit Reports The fair credit reporting act confers certain rights on individuals and obligations on credit reporting agencies HIPPA The health insurance portability and accountability act created new rights for patients to protect and access their own health information. Childrens Online Privacy Protection Act places restrictions on online organizations in collection of data from children under the age of 13 Electronic Commmunications Privacy Act Generally prohibits unauthorized and intentional interception of wire and electronic communications during the transmission phase and unauthorized accessing of electronically stored wire and electronic communications. Anonymity Ensures that a user may use a resource or service without disclosing the users identity Pseudonymity Ensures that a user may use a resource or service without disclosing its user identity, but can still be accountable for that use. Unlinkability Ensures that a user may make multiple uses of resources or services without others being able to link these uses together Upgrade to remove ads Only $2.99/month Unobservability Ensures that a user may use a resource or service without others, especially third parties being able to observe that the resource or service is being used. Data transformation This function encodes or encrypts portions of the data so as to preserve privacy but still allow data analysis functions needed for effective use. Anonymization This function removes specific identifying information Selective Revelation This is a method for minimizing exposure of individual information while enabling continuous analysis of potentially interconnected data. Immutable audit A tamper-resistant method that identifies where data go and who has seen the data. Associative memory This is a software module that can recognize patterns and make connections between pieces of data that the human user may have missed or did not know existed.
..
T 1. Complying with regulations and contractual obligations is a benefit of security awareness, training, and education programs. F 2. Employee behavior is not a critical concern in ensuring the security of computer systems. T 3. Employees cannot be expected to follow policies and procedures of which they are unaware. T 4. Security awareness, training, and education programs may be needed to comply with regulations and contractual obligations. F 5. The education and experience learning level provides the foundation for subsequent training by providing a universal baseline of key security terms and concepts. T 6. Security basics and literacy is required for those employees, including contractor employees, who are involved in any way with IT systems. F 7. Awareness only communicates information security policies and procedures that need to be followed and does not provide the foundation for any sanctions or disciplinary actions imposed for noncompliance. T 8. Awareness is used to explain the rules of behavior for using anagency's information systems and information and establishes a level of expectation on the acceptable use of the information and information systems. T 9. To emphasize the importance of security awareness, an organization should have a security awareness policy document that is provided to all employees. F 10. Programmers, developers, and system maintainers require less advanced security training than other employees. T 11. Security education is most often taught by outside sources. F 12. An employer cannot be held liable for negligent hiring if an employee causes harm to a third party while acting as an employee. Upgrade to remove ads Only $2.99/month T 13. As part of their contractual obligation, employees should agree and sign the terms and conditions of their employment contract, which should state their and the organization's responsibilities for information security. F 14. Having all of the security functions and audit responsibilities reside in the same person is a wise decision on the part of the organization. T 15. Many companies incorporate specific e-mail and Internet use policies into the organization's security policy document. D 1. _______ is a benefit of security awareness, training, and education programs to organizations.A. Improving employee behaviorB. Increasing the ability to hold employees accountable for their actionsC. Mitigating liability of the organization for an employee's behaviorD. All of the above B 2. Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees' knowledge of their ________ and of potential penalties.A. regulationsB. accountabilityC. liabilityD. incidents B 3. The _______ category is a transitional stage between awareness and training.A. roles and responsibilities relative to IT systemsB. security basics and literacyC. education and experienceD. security awareness A 4. ________ is explicitly required for all employees.A. Security awarenessB. Education and experienceC. Security basics and literacyD. Roles and responsibilities relative to IT systems C 5. The _________ level focuses on developing the ability and vision to perform complex, multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.A. security basics and literacyB. roles and responsibilities relative to IT systemsC. education and experienceD. security awareness D 6. _______ are ways for an awareness program to promote the security message to employees.A. Posters B. NewslettersC. Workshops and training sessionsD. All of the above A 7. ________ need training on the development of risk management goals, means of measurement, and the need to lead by example in the area of security awareness.A. ExecutivesB. AnalystsC. ManagersD. Trainers Upgrade to remove ads Only $2.99/month D 8. From a security point of view, which of the following actions should be done upon the termination of an employee?A. remove the person's name from all lists of authorized accessB. recover all assets, including employee ID, disks, documents and equipmentC. remove all personal access codesD. all of the above B 9. ________ is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling.A. IncidentB. TriageC. ConstituencyD. Handling C 10. CERT stands for ___________.A. Computer Error Response TeamB. Compliance Error Repair TechnologyC. Computer Emergency Response TeamD. Compliance Emergency Response Technology A 11. ________ can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkit.A. ArtifactsB. VulnerabilitiesC. CSIRTD. Constituencies 12. A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency is called a ______.A. CIRTB. CIRCC. CSIRTD. all of the above D B 13. ___________ scan critical system files, directories, and services to ensure they have not been changed without proper authorization.A. Intrusion prevention systemsB. System integrity verification toolsC. Log analysis toolsD. Network and host intrusion detection systems C 14. A _______ policy states that the company may access, monitor, intercept, block access, inspect, copy, disclose, use, destroy, or recover using computer forensics any data covered by this policy.A. standard of conductB. unlawful activity prohibitedC. company rightsD. business use only A 15. A _______ policy states that violation of this policy may result in immediate termination of employment or other discipline deemed appropriate by the company.A. disciplinary actionB. company rightsC. policy scopeD. business use only fraud 1. The principal problems associated with employee behavior are errors and omissions, _______, and actions by disgruntled employees. awareness 2. There is a need for a continuum of learning programs that starts with _______, builds to training, and evolves into education. education and experience 3. The four layers of the learning continuum as summarized by NIST SP 800-16 are: security awareness, security basics and literacy, roles and responsibilities relative to IT systems, and the _________ level. roles and responsibilities 4. After security basics and literacy, training becomes focused on providing the knowledge, skills, and abilities specific to an individual's _______ relative to IT systems. security awareness 5. In general, a(n) ________ program seeks to inform and focus an employee's attention on issues related to security within the organization. least privilage 6. The principles that should be followed for personnel security are: limited reliance on key employees, separation of duties, and _______. CSIRT 7. In large and medium-sized organizations, a(n) _________ is responsible for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services. incident 8. Any action that threatens one or more of the classic security services of confidentiality, integrity, availability, accountability, authenticity, and reliability in a system constitutes a(n) ________. Vulnerability 10. A(n) _______ is a characteristic of a piece of technology that can be exploited to perpetrate a security incident. Intrusion Detection System (IDS) 11. Network and host __________ monitor and analyze network and host activity and usually compare this information with a collection of attack signatures to identify potential security incidents. triage 12. The goal of the _______ function is to ensure that all information destined for the incident handling service is channeled through a single focal point regardless of the method by which it arrives for appropriate redistribution and handling within the service. artifact 13. A(n) ________ is any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures. constituency 14. The group of users, sites, networks, or organizations served by the CSIRT is a(n) _______. privacy 15. Employees have no expectation of ______ in their use of company-provided e-mail or Internet access, even if the communication is personal in nature.
..
T The approach taken by Kerberos is using authentication software tied to a secure authentication server. T The overall scheme of Kerberos is that of a trusted third-party authentication service. F Kerberos is designed to counter only one specific threat to the security of a client/server dialogue. T An obvious security risk is that of impersonation. T The authentication server shares a unique secret key with each server. T The ticket-granting ticket is encrypted with a secret key known only to the AS and the TGS. F The ticket-granting ticket is not reusable. F Kerberos does not support interrealm authentication. T X.509 provides a format for use in revoking a key before it expires. T Because serial numbers are unique within a CA, the serial number is sufficient to identify the certificate. F The principal objective for developing a PKI is to enable secure, convenient, and efficient acquisition of private keys. F Initialization begins the process of enrolling in a PKI. Upgrade to remove ads Only $2.99/month F Update is not required when the certificate lifetime expires or as a result of certificate revocation. T CMP, defined in RFC 2510, is designed to be a flexible protocol able to accommodate a variety of technical, operational, and business models. T Federated identity management makes use of a number of standards that provide the building blocks for secure identity information exchange across different domains or heterogeneous systems. T In Kerberos, each human user has a master key shared with the authentication server, and the key is usually derived from the user's password. T In Kerberos, the purpose of using ticket-granting-ticket (TGT) is to minimize the exposure of a user's master key. A One of the earliest and most widely used services is _________.A. Kerberos B. FIMC. PKI D. X.509 B _______ is important as part of the directory service that it supports and is also a basic building block used in other standards.A. PKI B. X.509C. Kerberos D. FIM B ________ requires that a user prove his or her identity for each service invoked and, optionally, requires servers to prove their identity to clients.A. FIM B. KerberosC. X.509 D. PKI C 4. Kerberos uses the _______ encryption algorithm.A. AES B. PKIC. DES D. TGS A 5. _______ certificates are used in most network security applications, including IP security, secure sockets layer, secure electronic transactions, and S/MIME.A. X.509 B. PKIC. FIM D. SCA B 6. The _______ consists of two dates: the first and last on which the certificate is valid.A. version B. period of validityC. extension D. unique identifier D 7. An integer value unique within the issuing CA that is unambiguously associated with the certificate is the ________.A. issuer name B. subject's public-key informationC. issuer unique identifier D. serial number C 8. A _______ is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities.A. RA B. registrationC. repository D. CA A 9. _______ is the process in which a CA issues a certificate for a user's public key and returns that certificate to the user's client system and/or posts that certificate in a repository.A. Certification B. RegistrationC. Initialization D. Authorization B 10. _______ is the process whereby a user first makes itself known to a CA prior to that CA issuing a certificate or certificates for that user.A. Authorization B. RegistrationC. Certification D. Initialization D 11. ________ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, reducing the number of authentications needed by the user.A. Integration B. RegistrationC. Synchronization D. Federation A 12. _______ is a minimal set of conventions for invoking code using XML over HTTP that enables applications to request services from one another with XML-based requests and receive responses as data formatted with XML.A. SOAP B. SAMLC. HTML D. WS-Security C 13. _____ is a markup language that uses sets of embedded tags or labels to characterize text elements within a document so as to indicate their appearance, function, meaning, or context.A. HML B. HTTPC. XML D. SOAP D 14. A principal element of an identity management system is _______.A. workflow automation B. delegated administrationC. authentication D. all of the above B 15. _______ is movement of data in a business process.A. Provisioning B. Workflow automationC. Revocation D. Initialization D 16. The DSS makes use of the _______ and presents a new digital signature technique, the Digital Signature Algorithm (DSA).A. HMAC B. XORC. RSA D. SHA-1 Biometric 1. _______ systems are automated methods of verifying or recognizing identity on the basis of some physiological or behavioral characteristic. Kerberos 2. A software utility initially developed at MIT and available both in the public domain and in commercially supported versions, ________ is the defacto standard for remote authentication. authentication server (AS) 3. An alternative to each server being required to confirm identities of clients who request service is to use an _______ that knows the passwords of all users and stores them in a centralized database. realm 4. A full-service Kerberos environment consisting of a Kerberos server that has the user ID and password of all participating users in its database and shares a secret key with each server, all users and servers being registered with the Kerberos server, is referred to as a Kerberos ______. issuer unique identifier 5. The _________ is an optional bit string field used to identify uniquely the issuing CA in the event the X.500 name has been reused for different entities. Public-key infrastructure (PKI) 6. ______ is the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography. authority (CA) 7. The certification _________ is the issuer of certificates and certificate revocation lists. Key pair recovery 8. ________ allows end entities to restore their encryption/decryption key pair from an authorized key backup facility. identity management 9. The focus of _________ is defining an identity for each user, associating attributes with the identity, and enforcing a means by which a user can verify identity. principal 10. In a generic identity management architecture a ________ is an identity holder. data consumers 11. In a generic identity management architecture _______ are entities that obtain and employ data maintained and provided by identity and attribute providers, often to support authorization decisions and to collect audit information. Security Assertion Markup Language (SAML) 12. _______ is an XML-based language for the exchange of security information between online business partners. WS-security 13. ________ is a set of SOAP extensions for implementing message integrity and confidentiality in Web services. ticket granting server (TGS) 14. In Kerberos, the ___________ decrypts the ticket and authenticator, verifies the request, and creates ticket for requested server. timestamp 15. The ticket contains the user's ID, the server's ID, a __________, a lifetime after which the ticket is invalid, and a copy of the same session key sent in the outer message to the client.
..
One of the most important decisions a small business owner make is ......... the hiring of the first and then successive employees In order to facilitate the recruitment process you must be able to... 1. define the positions to be filled and2. State the qualifications needed to perform them successfully. HRM Issues for Small Business 1. High cost of finding competent workers2. cost of motivating workers3. Retention of new employees4. defending against charges or discrimination _____ is the foundation on which all other human resource activities are based. Job Analysis Purpose of a job analysis is.... 1. indicate what is done, how, who, and to what degree2. ensure equal employment opportunity Steps to Completing a Job Analysis 1. gain the support and cooperation of employees2. Identify the jobs to be analyzed3. Choose a job analysis technique A _______ is the most commonly used technique in job analysis questionnaire Job Analysis Questionnaires Include the following information Identification factsSkill RequirementsJob ResponsibilitiesEffort DemandedWorking Conditions Although no formal job-analysis technique has been endorsed by the courts or the EEOC....., some cases require information from a job analysis be used to ensure equal opportunity employment Job Description A written description of a non-management position that covers the title, duties, and responsibilities involved for the job. Elements of a Job Description are Job Identification SectionJob summaryEssential DutiesList of Tasks for Each dutyTask Statements Job identification includes job title,location/dept within the company,job code,salary range,pay classification Job summary Outlines jobholders responsibilitiesScope of authoritySuperiors in command List of Essential Duties may contain both essential and non-essential dutiesADA requires each duty identified clearly,duties listed in order of importance Task Statement Details the logical steps or activitiess needed to complete the overall duties.helps in identifying Bona Fide Occupational Qualification The very limited right to hire on the basis of gender, religion, or national origin if a job has special requirements that make such discrimination necessary Job Specifications indicate the skills, abilities, knowledge, experience, and other personal requirements a worker needs to successfully perform the job 6 major sources for recruiting employees Advertising for EmployeesEmployment AgenciesInternet Job SitesExecutive Recruiters (headhunters)Employee ReferralsRelatives and Friends Advantages to advertising for employees: generates large number of responsesHelps ensure EEOC complianceAds reach a wider, more diverse audience Disadvantages to advertising for employees: The quality of applications is not equal to that generated by other sources Employment Agencies allow you to obtain screened applications at no cost, however the quality of applications not equal to those generated by employee referrals Internet Job Sites Access to millions of potential employeesCharges to list jobs by geographic location, industry, and the package selected. Executive Recruiters Useful in finding key personnel, but can be expensive Advantages to Employee Referrals Low cost and generates qualified, highly motivated employees as long as current employee morale is high and workforce is large and diversified Disadvantages to Employee Referrals may perpetuate minority under representation or create employee cliquesreferring employee may become resentful if referral is not hired Four commonly used tools for selecting employees are.... application formthe resumeselection interviewtesting ____ is considered by many employers to be the most critical step in the selection process Interviewing Purpose of application forms and resumes 1. provide a record of the applicant's desire to obtain the position2. provide a profile of the applicant to be used during the interview3. provide a basic personnel record4. serve as a means of measuring the effectiveness of the selection process Common Selection Tools Application form and resumeSelection interviewsTesting To conduct an effective interview you should: Be preparedSet stage for the interviewUse structured interview formatUse variety of questioning techniquesAsk only nondiscriminatory, job-related quesKeep records, including notes- interview ______, can be done, according to the Supreme Court and EEOC, through statistical or job-content analysis. Testing Commonly used testing options are Achievement TestsPerformance (Ability) TestsPhysical ExaminationsDrug TestsHonesty Tests According to American Council for Drug Education.... 1. 10 times more likely to miss work2. 3.6 times likely on-the-job accidents- 5 times more likely to hurt themselves3. 33% less productive 1988 Employee Polygraph Protection Act ...... outlawed the use of voice stress analyzers and other devices in most business situations. Result is pencil and paper tests Employee Orientation The process of helping new employees become familiar with an organization, their job, and the people they will work with Five general purposes of orientation 1. Introduce the company2. Get the employee excited about working for you.3. Provide mechanisms to ease adjustment4. Define job expectations5. Discuss employee policies and benefits Employee Training A planned effort to teach employees more about their job so as to improve their performance and motivation Employee Development A planned effort to provide employees with the knowledge, skills, and abilities needed to accept new and more challenging job assignments within the company _______ involves increasing the employee's knowledge and skills to meet and specific job or company objectives Training Advantages afforded by training and development are: 1.assures a place in tomorrow's competitive environment2. prevents boredom which increases retention rates3. overall employee morale is increased Most common methods of training: OJT,lecture,conferencesprogrammed learningrole-playingjob rotationcorrespondence courses The most familiar types of OJT are: 1. Coaching2. Mentoring Lecturing involves one or more individual communicating instructions or ideas to others, low cost, speed info covered, # of individuals accommodated per session Conferences aka....discussion groups similar to lecture method except that employees actively involved n learningproduces more ideas than lecturing, more time, less participants than lecturing Programmed Learning Instruction achieved through use of computer or printed text,employee receives feedback/learns at their own speed, works well for almost any type of training, however materials need be purchased,learner need be self directed/ motivated to be effective Role-Playing 1. employees take on new roles w/in company, acting out the situation as realistically as possible, If videotaped it provides for feedback, some employees find this technique threatening, not all business situations lend to this type Job Rotation Provides variety of job skills and knowledge,provide trained replacements in case of employee departure,does not generally provide in-depth specialized training Correspondence courses, Internet classes, and Webinars Especially useful for updating current knowledge and acquiring new information, allows for specialized training w/out having to leave work to attend, employee must be motivated to learn/costs may be high Determining Wage Rates Hourly wagesAll-salaried EmployeesPiecework RatesCommission Incentive Pay Programs include: BonusesProfit Sharing Exempt employees are paid ___ not ____. Salary, not hourly All-Salaried Employees This type of compensation plan moves the perceived inequity between the two " classes" of employees and fosters a greater Esprit de corps Piecework Rates Pay-for-performance plan, employer pays set amount for each unit produced Commission Pay-for-performance plan, employees may be afforded the opportunity to draw against future earnings in case sales fluctuate Bonus A one-time reward provided to an employee for exceeding a performance standard. A reward system that ties performance to compensation. Incentive-pay Program Profit-sharing Plan A plan in which employees receive additional compensation based on the profitability of the entire business A bonus used for motivation requires: 1. Bonus must be tied to a specific measure of performance2. Paid separately from pay check to reinforce Benefit Part of an employee's compensation in addition to wages and salaries According to the 2010 Employee Job Satisfaction survey report....... job security and benefits are the top two concerns providing job satisfaction, opportunity to use skills and abilities, and the work itself were next of the list Benefits may take the form of: health and life insurance, paid vacation time, pension, education plans, discounts on company product Benefits Required by Law Time off for voting, jury duty, and military serviceWorkers compensationSocial Security (FICA)State short-term disability insurance programsFMLA- 50 or more employees Benefits Not Required Retirement PlansHealth PlansDental or vision plansLife Insurance plansPaid time off (vacations, Flexible Benefit Packages aka, cafeteria plan, allows each employee to select the benefits that best suit financial needs and lifestyle needs Health Insurance- SHOP Small Business Health Options Program Individual Retirement Accounts allow employees to make tax-exempt contributions to a retirement account Simplified Employee Pension Plans plan available only to people who are self-employed or who work for small businesses 401k Plans plan that allows more tax benefits than IRA/ investment earnings and amount invested only taxed up retirement 412 i Plan Plan designed for small business owner with 10 or fewer employees planning to retire within 10 years Purpose of discipline is to: ensure that company rules and regulations are consistently followed for the well-being of both the company and the employees. A fair and just disciplinary procedure Comprehensive set of rules/regulationsWell-designed performance AppraisalProgressive Approach to DisciplineAppeal Process Employee handbook Written rules and regulations informing employees of their rights and responsibilities in the employment relationship Elements of an Employee Handbook Contract of employment disclaimerEmployment PoliciesBenefitsEmployee ConductGlossaryOrganization Chart Performance Appraisal A process of evaluatng an employee's job-related achievements Progressive Approach Discipline that is applied to employees in appropriately incremental and increasingly forceful measures. Steps in Progressive Discipline Determine the need for disciplineHave clear goals to discuss Talk in PrivateKeep your coolWatch the timing of meetingsPrepare Opening RemarksGet to the pointAllow two-way communicationEstablish follow-up planEnd on a positive note At-Will Doctrine the legal restrictions on an employer's ability to discharge an employee without just cause Restrictions on At-Will Discharges Implied contractGood faith and fair dealingPublic policy exceptionProviding just cause Establishing Just Cause 1 Cite rule, and employees prior knowledge of the rule, ie... signed employee handbook2. show rule was a business necessity3. Investigate/Allow them tell their story4. Document that employee had opportunity to improve or modify performance Good Faith and Fair Dealing exception that hold that an employee can not be fired because they are about the be vested in the firm
..
Channel, Mobility, Resources, Accessibility Some of the key factors contributing to the higher security risk of wireless networks compared to wired networks Accidental Association (Wireless Network Threat) Wireless LANs or wireless access points to wired LANs in close proximity may create overlapping transmission ranges. A user intending to connect to one LAN may unintentionally lock on to a wireless access point from a neighboring network. Malicous Association (Wireless Network Threat) A wireless device is configured to appear to be a legitimate access point, enabling the operator to steal passwords from legit users and then penetrate a wired network through a legitimate wireless access point. Ad Hoc Networks (Wireless Network Threat) Peer-to-peer networks between wireless computers with no access point between them. Such networks can pose a security threat due to a lack of central point of control. Nontraditional Networks (Wireless Network Threat) (i.e. personal network Bluetooth devices, barcode readers, handheld PDAs) Pose a security risk both in terms of eavesdropping and spoofing Identity Theft (MAC Spoofing) (Wireless Network Threat) When an attack is able to eavesdrop on network traffic and identify the MAC address of a computer with network privileges. Man-in-the Middle Attacks (Wireless Network Threat) Involves persuading a user and an access point to believe that they are talking to each other when in fact the communication is going through an intermediate attacking device. Denial of Service (DoS) (Wireless Network Threat) When an attacker continually bombards a wireless access point or some other accessible wireless port with various protocol messages designed to consume system resources. Network Injection (Wireless Network Threat) Targets wireless access points that are exposed to non filtered network traffic, such as routing protocol messages or network management messages. (i.e. attack in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance) Dealing with: Wireless Transmissions, Wireless Access Points, and Wireless Networks Classification of wireless security measures Eavesdropping, Altering or Inserting Messages, Disruption. The principal threats to wireless transmission. Signal Hiding Techniques Make it more difficult for an attacker to locate your wireless access points by: turning off service set identifier (SSID) broadcasting by wireless access points, assigning cryptic names to SSIDs, reducing signal strength to the lowest level that still provides requisite coverage, and locating wireless access points in the interior of the building, away exterior window/walls. Unauthorized Access to the Network The main threat involving wireless access points. IEEE 802.1X Standard for port-based network access control. Provides an authentication mechanism for devices wishing to attach to a LAN or wireless network. Can prevent rogue access points and other unauthorized devices from becoming insecure backdoors. Wireless Network Security Techniques Use Encryption.Use anti-virus and anti-spyware software and a firewall.Turn off identifier broadcasting.Change the identifier on your router from the default.Change your routers pre-set password for administration.Allow only specific computers to access your wireless network. Security Threats to Mobile Devices Lack of physical security controls, use of untrusted mobile devices, use of untrusted networks, use of applications created by unknown parties, interaction with other systems, use of untrusted content, use of location services Mobile Device Security Strategy Enable Auto-LockEnable password protectionAvoid auto-complete featuresEnable remote wipeEnsure SSL protection is enabledMake sure that software is up to dateInstall antivirus software Access Point Any entity that has a station functionality and provides access to the distribution system via the wireless medium for associated stations. Basic Service Set (BSS) A set of stations controlled by a single coordination function. Coordination Function The logical function that determines when a station operating within a BSS is permitted to transmit and may be able to receive PDUs. Distribution System (DS) A system used to interconnect a set of BSSs and integrated LANs to create an ESS. Extended Service Set (ESS) A set of one or more interconnected BSSs and integrated LANs that appear as a single BSS to the LLC layer at any station associated with one of these BSSs. MAC Protocol Data Unite (MCDU) The unit of data exchanged between two peer MAC entities using the services of the physical layer. MAC Service Data Unit (MSDU) Information that is delivered as a unit between MAC users. Station Any device that contains an IEEE 802.11 conformant MAC and physical layer. Physical Layer (IEEE 802 Protocol Architecture) Lowest layer of IEEE 802 reference model. Includes functions such as encoding/decoding signals and bit transmission/reception. Includes a specification of the transmission medium. Medium Access Control (MAC) Layer (IEEE 802 Protocol Architecture) A means of controlling access to the transmission medium. This layer receives data from a higher-layer protocol, in the form of a block of data known as the MAC service data unit and performs the following functions:- On transmission, assemble data into a frame known as MAC protocol data unit with address and error detection fields- On reception, disassemble frame, and perform address recognition and error detection- Govern access to the LAN transmission medium MAC Control (MPDU Format) Contains any protocol control information needed for the functioning of the MAC protocol (i.e. priority level) Destination MAC Address (MPDU Format) The destination physical address on the LAN for this MPDU. Source MAC Address (MPDU Format) The source physical address on the LAN for this MPDU. MAC Service Data Unit (MPDU Format) The data from the next higher layer. CRC (MPDU Format) Cyclic redundancy check field. Error-detecting code. IEEE 802.11 Services AssociationAuthenticationDeauthenticationDisassociationDistributionIntegrationMSDU DeliveryPrivacyReassociation Association Establishes an initial association between a station and an access point. Reassociation Enables an established association to be transferred from one access point to another, allowing mobile station to move from one BSS to another. Disassociation A notification from either a station or an access point that an existing association is terminated. Distribution (Distribution of messages within a DS) Primary service used by stations to exchange MCPDUs when the MPDU must traverse the DS to get from a station in one BSS to a station in another BSS. Integration (Distribution of messages within a DS) Enables transfer of data between a station on an IEEE 802.11 LAN and a station that is physically connected to the DS and whose stations may be logically connected to an IEEE 802.11 LAN via the integration service. Takes care of any address translation and media conversion logic required. 1. Discovery2. Authentication3. Key Management4. Protected Data Transfer5. Connection Termination The IEEE 802.11i phases of operation. Discovery Phase (1) An AP uses messages called beacons and probe responses to advertise its IEEE 802.11i security policy. The STA uses these to identify an AP for WLAN with which it wishes to communicate. The STA associated with the AP, which it uses to select the cipher suite and authentication mechanism when the Beacons and Probe Responses present a choice. Authentication Phase (2) The STA (wireless station) and AS prove their identities to each other. The AP blocks non-authentication traffic between the STA and AS until the transaction is successful. The AP does not participate in the authentication transaction other than forwarding traffic between the STA and AS. Key Management Phase (3) The AP and the STA perform several operations that cause cryptographic keys to be generated and placed on the AP and the STA. Frames are exchanged between the AP and STA only. Protected Data Transfer Phase (4) Frames are exchanged between the STA (wireless station) and the end station through the AP. As denoted by the shading and the encryption module icon, secure data transfer occurs between the STA and the AP only; security is not provided end-to-end. Connection Termination Phase (5) The AP and STA exchange frames. During this phase, the secure connection is torn down and the connection is restored to its original state. MPDU Exchange (Authentication Phase) Has Three Phases:1. Connect to AS: The STA sends a request to its AP for connection to the AS. The AP acknowledges this request and sends an access request to the AS.2. EAP Exchange: This exchange authenticates the STA and AS to each other.3. Secure Key Delivery: Once authentication is established, the AS generates a master session key (MSK), also know as the Authentication, Authorization, and Accounting (AAA) Key, and sends it to the STA. BSS (Basic Service Set) The smallest building block of an 802.11 WLAN. ESS (Extended Service Set) Consists of two or more basic service sets (BSS) interconnected by a distribution system. It appears as a single logical LAN to the logical link control (LLC) level. Three Things a Distribution System Can Be 1. Wired Network2. Wireless Network3. A Switch Security Areas addressed by IEEE 802.11 1. Authentication2. Key Management3. Data Transfer Privacy TKIP (Temporal Key Integrity Protocol) A security protocol created by the IEEE 802.11i. Designed to require only software changes to devices that are implemented with the older WLAN security approach (WEP).For message integrity, uses a message integrity code (MIC) to the 802.11 MAC frame after the data field. For data confidentiality, uses RC4 encryption. CCMP (Counter Mode CBC-MAC Protocol) Security protocol created by IEEE 802.11i intended for newer IEEE 802.11i devices that are equipped with the hardware to support it.For message integrity, uses the cipher block chaining message authentication code (CBC-MAC). For data confidentiality, uses CTR block cipher mode of operation with AES for encryption.
..
Computer security incident A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. ____ is responsible for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services. Computer security incident response team (CSIRT) Suggested set of policies for E-mail and internet use policy: Business use only, policy scope, content ownership, privacy, standard of conduct, reasonable personal use, unlawful activity prohibited, security policy, company policy, company rights, & disciplinary action. Incident handling The planning, coordination, communications, and planning functions that are needed in order to resolve an incident in an efficient manner. Incident response The initial response to a computer-related event that seeks to verify an incident, triage the incident, and gather necessary evidence while minimizing data and evidence loss. ISO 27002 Lists the following security objective of the hiring process: to ensure that employees, contractors, and third-party users understand their responsibilities and are suitable for the roles for which they are considered, and to reduce the risk of theft, fraud, or misuse of facilities. Security awareness, training, and education programs provide four major benefits to organizations: Improving employee behavior, increasing the ability to hold employees accountable for their actions, mitigating liability of the organization for an employee's behavior, & complying with regulations and contractual obligations. The _____ category is a transitional stage between awareness and training. It provides the foundation for subsequent training by providing a universal baseline of key security terms and concepts. Security basics and literacy The most in-depth program is ____. This is targeted at security professionals and those whose jobs require expertise in security. Security education Security training A security training program is designed to teach people the skills to perform their IT related tasks more securely. Training teaches what people should do and how they should do it. Ongoing security awareness, training, and education programs are also important to in limiting and organization's ______ Liability _____ training must explain the difference between software security and network security and, in particular, the pervasiveness of software security issues. Executive-level ____ training should teach development managers how to make trade-offs, costs, and benefits involving security. Management-level Threats from internal users include the following: Gaining unauthorized access, or enabling others to gain unauthorized access, altering data, deleting production and backup data, crashing systems, destroying systems, misusing systems for personal gain or to damage the organization, holding data hostage, stealing strategic or customer data for corporate espionage or fraud schemes In addition to enforcing the security policy in a fair and consistent manner, there are certain principles that should be followed for personnel security: Least privilege, separation of duties, & limited reliance on key employees The termination process is complex and depends on the nature of the organization, the status of the employee in the organization, and the reason for departure. From a security point of view, the following actions are important: Removing the person's name from all lists of authorized access, explicitly informing guards that the ex-employee is not allowed into the building without special authorization by named employees, removing all personal access codes, & changing lock combinations, reprogramming access card systems, etc. Computer Security Incident Response Team (CSIRT) A capability set up for the purposes of assisting in responding to computer security-related incidents that involve sites within a defined constituency; also called a computer incident response team (CIRT) or a computer incident response center (CIRC) Constituency The group of users, sites, networks, or organizations served by the CSIRT Triage The process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling. Artifact Any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures.
..
