Domain 3 Flashcards

Question

*DES Modes* Electronic Codebook Mode (ECB)

Answer 1

**Least Secure**, encrypts 64 bit blocks with the same key. - if same block in plaintext, same ciphertext generated

Answer 2

Plaintext XORed with Cipher text **immediately preceding**

Answer 3

Streaming version of CBC, Works on data in real time, used memory buffers of same block size. When buffer fills, data is encrypted and transmitted. Uses **chaining**, so **errors propagate**.

Answer 4

Similar to CFB, XORs plaintext with seed value. **No chaining** so less propagated errors

Answer 5

Uses **incrementing counter** rather than a seed

Answer 6

**Weakness** where same ciphertext is generated from 2 different keys

Answer 7

1. Inputs of any length 2. **Fixed length** outputs 3. Relatively easy to **compute hash** for **any input** 4. Provide **1 way** functionality 5. **Collision Free**

Answer 8

Pre-computed values to ID common passwords

Answer 9

**Random data** added to hash input. - *salts reduce effectiveness of rainbow tables*

Answer 10

Uses SHA-1, SHA-2, SHA-3, **message digest** functions. *Works in conjunction with 1 of 3:* 1. Digital Signature Algorithm (DSA) 2. Rivest, Shamir, Alderman (RSA) 3. Elliptic Curve DSA (ECDSA)

Answer 11

Body's that generate **Digital Certificates** containing public keys of systems' Users - Users distribute certs to who they want to talk to - Cert recipient **verify a cert** using **CA's public key**

Answer 12

- S/MIME - Pretty Good Privacy (PGP)

Answer 13

- HTTP over Transport Layer Security (TLS) *replacing SSL*

Answer 14

Architecture framework that supports **secure communications** over **IP** - Establishes a secure channel in either **transport** mode or **tunnel** mode - Can be used to establish direct comms between computers over **VPN** - Uses 2 Protocols 1. Authentication Header (AH) 2. Encapsulating Security Payload (ESP)

Answer 15

Allow conent owners to enforce restriction on use of their content by others - Common in entertainment industry - Sometime protects sensitive info stored in docs

Answer 16

Factoring product of prime numbers

Answer 17

Modular arithmetic

Answer 18

Elliptic curve discrete logarithm problem and provides **more security** than the other 2

Answer 19

Rely on public key crypto / hashing **MUST use SHA-2+ hashing** Currently approved: - DSA - RSA - Elliptic Curve DSA

Answer 20

Used to determine how security is implemented - Formalize security Policy - enforce CIA triad - models lay out broad guidelines - up to devs to decide how its functionally implemented *Top --> Down* - Security Policy - Security Model - Program Code - OS

Answer 21

System is always secure, no matter what state it is in - Based on FSM - **State** - snapshot of a system - if each state transition results in another secure state = SMM

Answer 22

Based on SMM, focused on flow of information - **Biba** = Flow from low to hight security level - **Bell - LaPadula = prevent info from high to low

Answer 23

How actions f high level affect system state of action at a low level - ensures actions dont interfere with each other

Answer 24

Interactions between - **objects** - resources, computers, apps - **subjects** - users, groups, orgs *Used to ID levels of security for obj / subj*

Answer 25

1. **Simple** - Rules for read 2. **Star** - Rules for write 3, **Invocation** - Rules for calls to subjects

Answer 26

*Based on Integrity* No Read down, no write up - **Lattice Based** - **Simple** integrity = "no read down" - **Star** integrity = "no write up

Answer 27

*Based on Confidentiality* No read up, no write down - SMM enforces Confidentiality - Uses Mandatory Access Controls - **Simple** security policy "no read up" - **Star** property "no write down" - **Lattice Based**

Answer 28

*Integrity* Access Control Triple, uses security **labels** to access objects

Answer 29

*Integrity* Non-interference

Answer 30

*Integrity* Prevent interference, info flow / SMM

Answer 31

*Confidentiality* "Chinese Wall" Prevents conflict of interest

Answer 32

*Confidentiality* uses "direct graph" Supports 4 operations: 1. Take 2. Grant 3. Create 4. Revoke

Answer 33

data item who integrity is **protected** by the **security model**

Answer 34

data item that is `NOT` controlled by security model

Answer 35

a procedure that **scans** data items and **confirms** their **integrity**

Answer 36

Only process allowed to modify a CDI

Answer 37

1. Authenticated Principal (User / Subjects) 2. Programs (TPs) 3. Data Items (UDIs + CDIs) (objects)

Answer 38

Protection rules where each object has an owner and controller - focus on secure creation and deletion of both subject and object - 8 primary protection rules: 1. Securely **create object** 2. Securely **create subject** 3. Securely **delete object** 4. Securely **delete subject** 5. Securely provide the **read** access 6. Securely provide the **grant** access 7. Securely provide the **delete** access 8. Securely provide the **transfer** access

Answer 39

Security clearance that permits **access** to `ALL` info processed by system, **approval** for `ALL` info processed by system, and **valid need-to-know** for `ALL` info processed by system

Answer 40

Can process info at *different levels* even when all system users *do not have the required security clearance* to access all info processed by the system

Answer 41

Each user must have valid security clearance, **access approval for** `ALL` info processed by system, and valid *need-to-know* for at least `SOME` info on the system. Offers most granular control over resources and users of thew modes

Answer 42

*Goes one step further than system high mode* Each user must have a valid security clearance access approval for `ALL INFO` processed by system, but requires valie need-to-know for `ALL INFO` they will have access to on the system

Answer 43

A **combination of hardware, software and controls** that work together to form a "trusted" base" to enforce your security policy. - Is a subset of the complete information system. - is the only portion that can be trusted to adhere to and enforce your security policy - TCB must create secure channels ( *trusted paths* ) to communicate withthe rest of the system - Protects subject from comprimise as a result of TCB interchange

Answer 44

An **imaginary boundary** that separates TCB from the rest of the system.

Answer 45

the logical part of the TCB that confirms whether a subject has the **right to use a resource** prior to granting access `Enforces access control`

Answer 46

The collection of the TCB components that implement the functionality of the reference monitor. `Implements access control`

Answer 47

Enables and **objective evaluation** to validate that a particular product or system satisfies a defined set of security requirements `Has replaced TCSEC and ITSEC`

Answer 48

A structured set of criteria for evaluating computer security within products and systems

Answer 49

Initial attempt to create a security eval criteria in **Europe**. Uses 2 scales to rate functionality and assurance

Answer 50

**Assumptions & Security Policies** 1. Description of Assets 2. ID of Threats **Safety Risk Analysis** 3. Analysis & Rating of Threats **System & Environment Objectives** 4. Determination of Security Objectives 5. Selection of Security Functional Requirements 6. Repeat `Two Flavors` 1. community Protection Profile (cPP) = **black box** 2. Evaluation Assurance Level (EAL) = **white box**

Answer 51

Video 3:05:28

Answer 52

A method used to pass info over a path that is **not normally used** for comms. - It **may not be protected** by the system's normal security controls `Two Types` 1. Covert Timing - based on time it takes to access components: paging rate, transaction time 2. Covert Storage - Out of band storage used to convey a message: ICMP protocol uses extra storage in Ping packet to relay info

Answer 53

A **Chip** that is on the motherboard of a device - Multi-purpose, like storage and mnmgt of keys used for full disk encryption (FDE) solutions - Provides OS with **access to keys**, but prevent drive removal and data access

Answer 54

Enforces an access policy that is `determined by the system`, not the object owner. - Relies on **classification labels** that are representative of security domains and realms `KEY POINT` - Every object and subject has *one or more labels*. These labels are predefined, and the system determines access based on assigned labels - Refered to as **lattice-based** model

Answer 55

Permits the **owner or creator** of an object to *control and define* its accessibility, because the owner has full control by default `determined by owner`

Answer 56

*Enables* the enforcement of system-wide restrictions that override **object-specific** access control. `System wide`

Answer 57

Defines **specific functions** for access to requested objects. Commonly found in firewall systems Applies **global rules** that apply to **all subjects**. (restrictions or filters)

Answer 58

Uses a well-defined collection of `named job roles` to endow each one with *specific permissions*, thereby seeking to ensure that users who occupy such roles can access what they need to get their jobs done.

Answer 59

Various classification labels are assigned ina `ordered structure` from *low to medium to high security*

Answer 60

Requires specific **security clearances** over *compartments or domains* instead of objects

Answer 61

Contains level with compartments that are isolated from the rest of the security domain. - *Combines* **hierarchical and compartmentalized** environments so that security levels have submcompartments

Answer 62

**Technical Evaluation** of each part of a computer system to assess is in **agreement** with security standards

Answer 63

The **process of formal acceptance** of a certified config from a designated authority.

Answer 64

Are designed using industry standards and are usually **easy to integrate** with other open systems

Answer 65

Are generally **proprietary hardware** and / or software. - The specifications are `NOT` **normally published** and they are usually **harder to integrate** with other systems

Answer 66

Restricts a process to reading from and writing to certain memory **location**

Answer 67

The **limits** of memory a process cannot exceed when reading or writing

Answer 68

The mode a process runs in when it is confined through the use of **memory bounds**

Answer 69

Something you: - Know (pin / password) - Have (trusted device) - Are (biometric)

Answer 70

The process of **proving** that you are who you say you are `Identity control`

Answer 71

The act of **granting** an authenticated part permission to do something `Access control`

Answer 72

Simultaneous execution of *more that one app* on a computer and is managed byt the OS

Answer 73

Permits *multiple concurrent tasks* to be performed within a single process.

Answer 74

The use of *more than one processor* to increase computing power

Answer 75

Similar to multi**tasking**, but takes place on *mainframe systems* and requires *specific programming*

Answer 76

Applications operate in a **limited instruction set** environment known as **user mode**

Answer 77

Controlled operation are performed in privileged mode, also known as **system** mode, **kernel** mode, and **supervisory** mode.

Answer 78

Read-only. Contents **burned in at factory**

Answer 79

Static RAM (SRAM) uses *flip flops*, dynamic RAM (DRAM) uses *capacitors*

Answer 80

Programmable chip similar to ROM, with several sub-types

Answer 81

**Erasing, Clearing** (overwriting with unclassified data) `Two Types:` 1. Ultraviolet EPROM (UVEPROM): Chip have a small window tha4t, when illuminated with a **special UV light, erases contents** 2. Electronically Erasable PROM (EEPROM) Uses electric voltages delivered to the pins of the chip to force erasure. *more flexible alternative to UVEPROM)

Answer 82

Derivative concept from EEPROM. **Nonvolatile** can be *electronically erased and rewritten*

Answer 83

same as **memory**

Answer 84

Consists of magnetic, flash, and optical media that mus be first **read into primary memory** before the CPU can use the data

Answer 85

can be read at **any point***Security Issues With Storage*

Answer 86

**require scanning** through all the data physically stored before the desired location

Answer 87

1. **Removable media** can be used to *steal data* 2. **Access controls and encryption** must be applied to protect data 3. Data can **remain on the media** even after file deletion or media formatting

Answer 88

- Subject to **eavesdropping and tapping** - Used to smuggle data out of an org - Used to create unauthorized / insecure points of entry to a orgs system and networks

Answer 89

Software stored on a ROM chip, containing basic **instructions** needed to start a computer. Also used to provide operating instructions in peripheral devices such as printers

Answer 90

ensures that individual processes can access **only their own data**

Answer 91

Creates different realms of security within a process and **limits communication** between them

Answer 92

Creates **black-box* interfaces for programmers to use without requiring knowledge of an algorithms or device inner workings

Answer 93

Prevents information **from being read** from a different security level. Hardware segmentation enforces process isolation with physical controls.

Answer 94

To inform and guide the **design, development, implementation, testing, and maintenance** of some particular system

Answer 95

Also known as Virtual Machine Monitor (VMM) is the component of virtualization that **creates, manages, and operates** the VMs `Two Types` 1. Type I hypervisor: A native or bare-metal hypervisor. In this config, there is no host OS; instead the hypervisor installs **directly** onto the hardware where the host OS would normally reside 2. Type II hypervisor: A **hosted** hypervisor. in this config a standard regular OS is present on the hardware, and the hypervisor is then installed as another software application.

Answer 96

A cloud provider concept in which security is provided to an org through or by an online entity

Answer 97

Mobile devices that offer customization options, typically thru **installing apps** and may use on-device or in-the-cloud AI processing

Answer 98

The range of potential security options or features that may be available for a mobile device. security features include full **device encryption, remote wiping, lockout, screen loicks, GPS, app control etc**

Answer 99

Typically designed around a limited set of **specific functions** in relation to the larger product of which its a *component* **needs security management**

Answer 100

applications, OSs, hardware sets, or networks that are configured for a specific need, capability, or function and then set to remain unaltered **needs security management**

Answer 101

Ensures that only a minimum number of processes are authorized to run in supervisory mode.

Answer 102

Increases the granularity of secure operations

Answer 103

Ensures that an *audit trail* exists to trace operations back to their source

Answer 104

Occurs when the programmer fails to **check the size of input data** prior to writing the data in a specific memory location.

Answer 105

- leaving **back doors** - leaving **privileged programs** on a system after it is deployed. - **Time-of-check-to-time-of-use (TOCTTOU)** attacks: any state change presents an opportunity for an attacker to compromise a system

Answer 106

1. Deterrence - discourage any malicious actions 2. Denial - Deny malicious action 3. Detection - Detect and track activity 4. Delay - Delay the progress 5. Determine - the cause of the incident and figure out what is happening 6. Decide - decide on the response to implement *If one fails move to next*

Answer 107

Include policies and procedures like - site management - personnell controls - awareness training - emergency response

Answer 108

Implemented through technology like - access controls - intrusion detection - alarms - CCTV - monitoring - HVAC - power supplies - Fire detection / suppression

Answer 109

- Fencing - Lighting - Locks - Construction materials - Mantraps - Dogs - Guards

Answer 110

3-4 Feet: deters casual trespasser 6-7 ft: to hard to climb easy 8 ft (w/barbed wire) - will deter intruders

Answer 111

Humidity: 40-60% ideal Temps: for computers 60-75degF. Damage at 175degF. Manage storage devices damaged at 100F

Answer 112

Prolonged loss of power

Answer 113

Prolonged low voltage

Answer 114

short loss of power

Answer 115

Prolonged high voltage

Answer 116

Temporary high voltage

Answer 117

Temporary low voltage

Answer 118

8 feet hight with 2 feet candle power

Answer 119

Too much humidity can cause **corrosion**. Too litte causes **static electricity** even on non-static carpet, low humidity can generate 20,000-volt static discharge!

Answer 120

**Common combustibles** such as wood, paper, etc. Shjould be extinguised with water or soda acid

Answer 121

**Buring alcohol, oil, other petroleum products** such as gasoline. Extinguished with **gas or soda acid**

Answer 122

**Electrical fires**. Must be extinguished with non-conductive agaent like **any type of gas**

Answer 123

**Burning metals**. Extinguished by **dry powder**

Answer 124

**Kitchen fires**. Extinguished by **wet chemicals**

Answer 125

1. Smoke sensing 2. Flame sensing 3. Heat sensing

Answer 126

Generated by the difference in power between the **hot and ground** wires of a power source.

Answer 127

Generated by a difference in power in the **hot and neutral** wires of a power source

Answer 128

The source of interference that is generated by electrical appliances, light sources, electrical cables and circuits etc

Answer 129

Storage devices

Answer 130

Any electronic or computer component

Answer 131

Cause short circuits, initiate corrosion, or otherwise render equipment useless

Answer 132

**Good for areas with people and computers** **Use closed sprinkler heads** and the pipe is charged with compressed air instead of water. The water is held in check by an electrically operated sprinkler valve and the compressed air

Answer 133

**Filled with water**.

Answer 134

have **closed sprinkler heads**. filled with **compressed air**. The water us held back by a valve that remains closed as long as sufficient air pressure remains in the pipes *used where water is likely to freeze*

Answer 135

Similar to dry pipes, except the **sprinkler heads are open** and larger than dry pipe heads. The pipes empty at normal air pressure, the water is held back by a deluge valve

Answer 136

**More effective than water discharge systems** but should not be used where people are because it removes oxygen from the air **Halon** effective but bad for the environment (ozone-depleting), **turns to toxic gas at 900F**.

Answer 137

(Cipher lock) Something you **Know**

Answer 138

Something you **have**

Answer 139

Something you **are**

Answer 140

Easily picked / bumped and keys easily duplicated

Answer 141

Expensive, harder to pick, & Keys not easily duplicated

Answer 142

- Visibility - Composition of the surrounding area, - area accessibility - effects of **natural disasters**

Answer 143

- Understanding level of **security needed** by your orgs and planning for it before construction begins

Answer 144

- should `NOT` be **equal access** to all locations - **Valuable and confidential assets** should be located in the center of protection - Centralized server / computer rooms do not need to be human compatible

Answer 145

Propping open secured doors and bypassing locks or access controls

Answer 146

Using someone elses ID badge to get in

Answer 147

Following someone through a secured door without swiping your badge

Answer 148

- prevent physical unauthorized access

Answer 149

- escort assigned to visitor - Tracking actions

Answer 150

- locked cabinets / safes - dedicated / isolated storage facilities - offline storage - access restrictions / activity tracking - hash management and encryption

Answer 151

Type of self charging battery that can be used to : - supply consisten and clean power - supply power in the event of a power failure

Answer 152

Uses rules that can include **multiple attributes**. - Allows it to be **more flexible** than rule based model that applies rules to all subjects equally - Often used by Software Defined Networks (SDNs)

Domain 3 Flashcards

(181 cards)