ch2

Question 1

hacking

Answer 1

the act of deliberately accessing computer systems and networks without authorization

Question 2

hackers

Answer 2

individuals who attempt to gain unauthorized access to computer systems or networks.

Question 3

phreaking

Answer 3

refers to the hacking of the systems and computers used by telephone company to operate its telephone network

Question 4

goal of cybersecurity has been threefold (CIA of security)

Answer 4

1- confidentiality: to ensure that only those individuals who have the authority to view a piece of information may do
2- integrity: generation and modification of data for authorized people only
3- availability: ensure that the data or system itself is available for use when the authorized user want it

Question 5

As a result of the increased use of networks for commerce, two
additional security goals have been added to the original three in the
CIA of security:

Answer 5

** check p.5
1- Authentication: attempts to ensure that an individual is who they
claim to be.
2- Auditability: refers to whether a control can be verified to be
functioning properly.

Question 6

The Operational Model of Computer Security (OMCS)

Answer 6

** check p6 if the figure important or not.
security equation:
Protection = Prevention + (Detection + Response)

Question 7

Time-Based Security

Answer 7

protection > detection + response

Question 8

NIST Cybersecurity Framework Model

Answer 8

• risk-based approach for the
  implementation of cybersecurity activities in an enterprise.
• provides a common taxonomy of standards, guidelines,
  and practices that can be employed to strengthen cybersecurity efforts

Question 9

NIST Cybersecurity Framework Model is composed of five core function

Answer 9

** check p10
1- Identify,
2- Protect,
3- Detect,
4- Respond
5- Recover.

Question 10

NIST purpose is to complement and enhance risk management efforts
through the following actions:

Answer 10

1. Determining the current cybersecurity posture
2. Documenting the desired target state with respect to cybersecurity
3. Determining and prioritizing improvement and corrective actions
4. Measuring and monitoring progress toward goals
5. Creating a communication mechanism for coordination among stakeholders

Question 11

all models focus on “static” defenses that are enacted to act as a barrier to intruders except:

Answer 11

Active Defense Model

Question 12

why focus on “static” defenses that are
enacted to act as a barrier to intruders not sufficient?

Answer 12

because some intruders will succeed in getting into the
enterprise.

Question 13

Active defense

Answer 13

** check p 11
goes to the next level, the actual hunting of intruders inside
the enterprise. (respond at the same time)

Question 14

The three operational tenets found in secure deployments are:

Answer 14

1. session management
2. exception management
3. configuration management.

Question 15

Session management

Answer 15

** check p13
is the set of activities employed to establish a communication
channel between two parties, identifying each in a manner that allows future activity
without renewed authentication.

Question 16

Exception Management

Answer 16

Exceptions involve the invocation of conditions that fall outside the normal
sequence of operation. (anything up-normal)
– Exception management can also be nontechnical in nature: systems
or environments that cannot follow organizational security policy, for
example, must be documented, exceptions must be approved, and
mitigations must be put in place to lower the risk associated with
exceptions to policy.

Question 17

Configuration Management

Answer 17

is key to the proper operation of IT
systems refers to the design and operation of the elements to ensure the proper functional environment of a system.

Question 18

why we need Configuration management?

Answer 18

to ensure the proper functional environment of a system.

Question 19

organization can take multiple approaches to address the
protection of its networks:

Answer 19

** check p17
1. ignore security issues
2. provide host security
3. provide network-level security,
4. provide a combination of host security & network-level
security (mature organizations use both).

Question 20

Ignore Security Issues

Answer 20

• minimal amount of security that is provided with its workstations,
  servers, and devices.
• No additional security measures will be implemented.
• use default security

Question 21

Host Security

Answer 21

focusing on protecting each computer and device individually instead of addressing protection of the network as a whole.

Question 22

Network-Level Security

Answer 22

is placed on controlling access to
internal computers from external entities.
- This control can be through devices such as routers, firewalls,
authentication hardware and software, encryption, and intrusion
detection systems (IDSs).

Question 23

Security Principles

Answer 23

1. Least privilege
2. Separation of privilege
3. Fail-safe defaults
4. Economy of mechanisms
5. Complete mediation
6. Open design
7. Least common mechanism
8. Psychological acceptability
9. Defense in depth (layered security)
10. Diversity of defense

Question 24

Least privilege

Answer 24

Least privilege means that a subject (which may be a user, application, or process) should have only the necessary rights and privileges to perform its task, with no additional permissions.

Question 25

Separation of privilege

Answer 25

The principle of separation of privilege states that the protection mechanism should be constructed so that it uses more than one piece of information to make access decisions. ▪ Applying this principle to the people side, results in the concept of separation of duties.

Question 26

Fail-safe defaults

Answer 26

The concept of fail-safe defaults is that when something fails, it should do so to a safe state. ▪ This protection mechanism should deny access by default and should grant access only when explicit permission exists. This is sometimes called default deny, and the common operational term for this approach is implicit deny.

Question 27

Economy of mechanisms

Answer 27

The principle of economy of mechanism is described as always using simple solutions when available

Question 28

Complete mediation

Answer 28

The principle of complete mediation states that protection mechanisms should cover every access to every object and should never be bypassed

Question 29

Open design

Answer 29

The principle of open design states that protection mechanisms should not depend on the secrecy of the mechanism itself.

Question 30

Least common mechanism

Answer 30

The principle of least common mechanism states that the protection mechanisms should be shared to the least degree possible among users

Question 31

Psychological acceptability

Answer 31

The principle of psychological acceptability states that protection mechanisms should not impact users, but if they do, the impact should be minimal.

Question 32

Defense in depth (layered security)

Answer 32

The principle of defense in depth, or layered security, is that multiple layers of differing, overlapping controls should be employed

Question 33

Diversity of defense

Answer 33

Diversity of defense is a concept that complements the idea of various layers of security. It means to make the layers dissimilar so that if one layer is penetrated, the next layer can’t also be penetrated using the same method.