Domain 3 Flashcards

Question

Cryptographic Salts

Answer 1

A salt is random data that is used as an additional input to a one way function that hashes data, a password or passphrase Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks.

Answer 2

Digital Signature Standard The Digital Signature Standard uses the SHA-1, SHA-2, and SHA-3 message digest functions… ``` Works in conjunction with one of three encryption algorithms: -Digital Signature Algorithm (DSA) -Rivest, Shamir, Adleman (RSA) algorithm -Elliptic Curve DSA (ECDSA) algorithm. ```

Answer 3

generate digital certificates containing the public keys of system users. Users then distribute certificates to people with whom they want to communicate. Certificate recipients verify a certificate using the CA’s public key.

Answer 4

- S/MIME | - Pretty Good Privacy (PGP).

Answer 5

Transport Layer Security (TLS) | largely replacing the older SSL

Answer 6

IPsec protocol standard provides a common framework for encrypting network traffic and is built into many common operating systems.

Answer 7

A security architecture framework that supports secure communication over IP. Establishes a secure channel in 2 modes transport mode or tunnel mode. Can be used to establish direct communication between computers or over a VPN connection Uses two protocols: Authentication Header (AH) Encapsulating Security Payload (ESP)

Answer 8

exploits protocols that use two rounds of encryption.

Answer 9

an attempt to find collisions in hash functions.

Answer 10

an attempt to reuse authentication requests.

Answer 11

Digital Rights Management Commonly protect entertainment content, such as music, movies, and e-books

Answer 12

``` AES Blowfish Twofish 3DES RC5 ```

Answer 13

Advanced Encryption Standard Symmetric Block Size: 128 bits Key Size: 128, 192, 256

Answer 14

Symmetric Block Size: 64 bits Key Size: 32 - 448 bit

Answer 15

Symmetric Block Size: 64 bits Key Size: 112 - 168 bit

Answer 16

Symmetric Block Size: 128 bits Key Size: 1 - 256 bit

Answer 17

Symmetric Block Size: 32, 64, 128 bits Key Size: 0-2,040 bit

Answer 18

-HAVAL -MD4, 5 - no longer in use due to collisions SHA-224 SHA-256 SHA-384 SHA-512

Answer 19

Hash algorithm Value length: 128, 160, 192, 224, 256

Answer 20

Secure Hash Algorithm Hash algorithm Used with digital signature standard (DSS) Value length: 160, 224, 256, 384, 512

Answer 21

Message Digest Hash algorithm No longer in use Value length: 128

Answer 22

RSA is the most famous public key cryptosystem; it was developed by Rivest, Shamir, and Adleman in 1977. It depends on the difficulty of factoring the product of prime numbers. El Gamal is an extension of the Diffie Hellman key exchange algorithm that depends on modular arithmetic. (ECC) Elliptic curve Algorithm depends on the elliptic curve discrete logarithm problem and provides more security than other algorithms when both are used with keys of the same length.

Answer 23

Rely on public key cryptography and hashing functions DS algorithms suitable for use in FIPS 186 4 (the Digital Signature Standard) must use SHA 2 hashing functions. Three currently approved encryption algorithms: Digital Signature Algorithm (DSA), as specified in FIPS 186 4 Rivest, Shamir, Adleman (RSA), specified in ANSI X9.31 Elliptic Curve DSA (ECDSA), specified in ANSI X9.62

Answer 24

Asymmetric Key Most common Size: 512

Answer 25

Asymmetric Key Replaced Diffie-Hellman

Answer 26

Asymmetric Key Elliptic Curve Size: Variable (smaller key size due to EC, 160 bit EC key = 1025 RSA)

Answer 27

- Biba: State machine model (SMM) - Clark-Wilson: Access control triple - Goguen-Meseguer: THE noninterference model - Sutherland: preventing interference (information flow and SMM)

Answer 28

- Bell-LaPadula: no read up, no write down - Brewer and Nash: Chinese Wall - Take Grant: employs a "directed graph"

Answer 29

State machine model enforces confidentiality Uses mandatory access control (mac) to enforce the DoD multilevel security policy Simple security property subject cannot read data at a higher level of classification. “no read up” Star * security property subject cannot write info to lower level of classification “no write

Answer 30

A lattice based model developed to address concerns of integrity. Simple integrity property subject at one level of integrity is not permitted to read an object of lower integrity. “no read down” Star * integrity property object at one level of integrity is not allowed to write to object of higher integrity. Invocation property prohibits a subject at one level of integrity from invoking a subject at a higher level of integrity. “no write up”

Answer 31

A lattice based model developed to address concerns of integrity. Simple integrity property subject at one level of integrity is not permitted to read an object of lower integrity. “no read down” Star * integrity property object at one level of integrity is not allowed to write to object of higher integrity. “no write up” Invocation property prohibits a subject at one level of integrity from invoking a subject at a higher level of integrity. Features the “ACCESS CONTROL" Triple

Answer 32

another confidentiality based model that supports four basic operations: take, grant, create, and revoke.

Answer 33

also called the ”Chinese Wall model”. It was developed to prevent conflict of interest (COI) problems. (confidentiality based)

Answer 34

This model uses a formal set of protection rules for which each object has an owner and a controller. ``` Eight primary protection rules: Securely create an object Securely create a subject Securely delete an object Securely delete a subject Securely provide the read access right. Securely provide the grant access right. Securely provide the delete access right. Securely provide the transfer access right ```

Answer 35

Dedicated Mode Multilevel Mode System High Mode Compartmented Mode

Answer 36

Security clearance that permits access to ALL info processed by system, approval for ALL info processed by system, valid need to know for ALL info processed by system.

Answer 37

Can process information at different levels even when all system users do not have the required security clearance to access all information processed by the system.

Answer 38

Each user must have valid security clearance, access approval for ALL info processed by system, and valid need to know for at least SOME info on the system. Offers most granular control over resources and users of these models.

Answer 39

Goes one step further than System High. Each user must have valid security clearance, access approval for ALL INFO processed by system, but requires valid need to know for ALL INFO they will have access to on the system.

Answer 40

Describes a system that is always secure no matter what state it is in. Based on the computer science definition of a finite state machine (FSM). A state is a snapshot of a system at a specific moment in time. All state transitions must be evaluated. If each possible state transition results in another secure state, the system can be called a secure state machine.

Answer 41

Focuses on the flow of information Information flow models are based on a state machine model Biba and Bell LaPadula are both information flow models Bell LaPadula preventing information flow from a high security level to a low security level Biba focuses on flow from low to high security level

Answer 42

is a combination of hardware, software and controls that work together to form a “trusted base” to enforce your security policy Includes reference monitor and security kernel

Answer 43

is the logical part of the TCB that confirms whether a subject has the right to use a resource prior to granting access. enforces access control

Answer 44

is the collection of the TCB components that implement the functionality of the reference monitor. implements access control

Answer 45

The Common Criteria enable an objective evaluation to validate that a particular product or system satisfies a defined set of security requirements. TWO FLAVORS community Protection Profile (cPP) black box Evaluation Assurance Level (EAL)white box CC Has replaced TCSEC and ITSEC!

Answer 46

A structured set of criteria for evaluating computer security within products and systems.

Answer 47

The ITSEC represents an initial attempt to create security evaluation criteria in Europe. TSEC uses two scales to rate functionality and assurance.

Answer 48

EAL0, EAL1 - Functionally Tested EAL2 - Structurally Tested EAL3 - Methodically Tested & Checked EAL4 - Methodically Designed, Tested, and Reviewed (labels) EAL5 - Semi Formally Designed and Tested EAL6 - Semi Formally Verified Design and Tested EAL7 - Formally Verified Design and Tested

Answer 49

TCSEC ITSEC D F-D+E0 Minimal/no protection C1 F-C1+E1 C2 F-C2+E2 B1 F-B1+E3 Labeled security protection B2 F-B2+E4 B3 F-B3+E5 A1 F-B3+E6 Verified security design

Answer 50

Two types: covert timing channel covert storage channel A method that is used to pass information over a path that is not normally used for communication. Because it’s not normally used, it may not be protected by the system’s normal security controls.

Answer 51

Trusted Platform Module A chip that resides on the motherboard of the device. Multi purpose, like storage and management of keys used for full disk encryption (FDE) solutions. Provides the operating system with access to keys, but prevents drive removal and data access

Answer 52

Enforces an access policy that is determined by the system, not the object owner. Relies on classification labels that are representative of security domains and realms.

Answer 53

Permits the owner or creator of an object to control and define its accessibility, because the owner has full control by default.

Answer 54

Enables the enforcement of system | wide restrictions that override object specific access control.

Answer 55

Defines specific functions for access to requested objects. Commonly found in firewall systems.

Answer 56

Uses a well defined collection of named job roles to endow each one with specific permissions, thereby seeking to ensure that users who occupy such roles can access what they need to get their jobs done.

Answer 57

The technical evaluation of each part of a | computer system to assess its concordance with security standards

Answer 58

The process of formal acceptance of a certified configuration from a designated authority.

Answer 59

are designed using industry standards and are usually easy to integrate with other open systems

Answer 60

are generally proprietary hardware and/or software. Their specifications are not normally published, and they are usually harder to integrate with other systems.

Answer 61

restricts a process to reading from and | writing to certain memory locations.

Answer 62

are the limits of memory a process cannot | exceed when reading or writing.

Answer 63

is the mode a process runs in when it is | confined through the use of memory bounds.

Answer 64

Something you know (pin or password) Something you have (trusted device) Something you are (biometric)

Answer 65

Authentication (AuthN) is the process of proving that you are who you say you are. Identity Authentication can be achieved with both symmetric and asymmetric cryptosystems.

Answer 66

Authorization (AuthZ) is the act of granting an authenticated party permission to do something. Access Permissions, rights , and privileges are then granted to users based on their proven identity. If user has rights to a resource, they are granted authorization.

Answer 67

simultaneous execution of more than one | application on a computer and is managed by the operating system.

Answer 68

Permits multiple concurrent tasks to be | performed within a single process.

Answer 69

The use of more than one processor to | increase computing power.

Answer 70

Similar to multitasking but takes place on mainframe systems and requires specific programming.

Answer 71

Single state processors are capable of operating at only one security level at a time, whereas multistate can simultaneously operate at multiple security levels.

Answer 72

Controlled operations are performed in privileged mode, also known as system mode, kernel mode, and supervisory mode.

Answer 73

Applications operate in a limited instruction set environment known as user mode

Answer 74

- ROM. Read only. Contents burned in at factory. - RAM. Static RAM (SRAM) uses flip flops, dynamic RAM (DRAM) uses capacitors - PROM. Programmable chip similar to - EPROM. Erasing, Clearing (overwriting w/ unclassified data) . - EEPROM. Have a small window that, when illuminated with special ultraviolet light, erases content of chip - Flash Memory. Derivative concept from EEPROM. nonvolatile, can be electronically erased and rewritten.

Answer 75

-Primary storage is the same as memory. -Secondary storage consists of magnetic, flash, and optical media that must be first read into primary memory before the CPU can use the data. -Random access storage devices can be read at any point -Sequential access storage -devices require scanning through all the data physically stored before the desired

Answer 76

Software stored on a ROM chip, containing basic instructions needed to start a computer. Also used to provide operating instructions in peripheral devices such as printers

Answer 77

ensures that individual processes can access only their own data.

Answer 78

creates different realms of security within a process and limits communication between them.

Answer 79

creates “black box” interfaces for programmers to use without requiring knowledge of an algorithms or device’s inner workings.

Answer 80

prevents information from being read from a different security level. Hardware segmentation enforces process isolation with physical controls.

Answer 81

The hypervisor, also known as a virtual machine monitor (VMM), is the component of virtualization that creates, manages, and operates the virtual machines (VMs).

Answer 82

A native or bare metal hypervisor. In this configuration, there is no host OS; instead, the hypervisor installs directly onto the hardware where the host OS would normally reside.

Answer 83

A hosted hypervisor. In this configuration, a standard regular OS is present on the hardware, and the hypervisor is then installed as another software application.

Answer 84

A cloud access security broker (CASB) is a security policy enforcement solution that may be installed on premises or in the cloud. Shadow IT

Answer 85

occurs when the programmer fails to check the size of input data prior to writing the data into a specific memory location.

Answer 86

Deterrence Denial Detection Delay

Answer 87

Administrative also known as management controls and include policies and procedures, like site management, personnel controls, awareness training, and emergency response and procedures Logical also known as technical controls and are implemented through technology like access controls, intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies, and fire detection and suppression. Physical use physical means to protect objects and includes fencing, lighting, locks, construction materials, mantraps, dogs and guards

Answer 88

- access controls - intrusion detection - alarms - CCTV and monitoring - HVAC - power supplies - fire detection and suppression

Answer 89

- facility construction - facility selection - site management - personnel controls - awareness training - emergency response - emergency procedure

Answer 90

- fencing - lighting - locks - construction materials - mantraps - dogs - guards

Answer 91

``` 3-4 feet deters casual trespasser 6-7 feet too hard to climb easily 8 feet (w/ barbed wire) will deter intruders ```

Answer 92

Humidity: 40% 60% ideal Temps: for computers 60-75F (15 23C), damage at 175F. Manage storage devices damaged at 100F Too much humidity can cause corrosion. Too little humidity causes static electricity. Even on nonstatic carpet, low humidity can generate 20,000 volt static discharg!

Answer 93

``` Blackout: prolonged loss of power Brownout: prolonged low voltage Fault: short loss of power Surge: prolonged high voltage Spike: temporary high voltage Sag: temporary low voltage ```

Answer 94

8 feet high with 2 feet candle power

Answer 95

smoke sensing flame sensing heat sensing

Answer 96

``` A - common combustibles - water, soda acid B - liquids - CO2, halon, soda acid C - electrical - CO2, halon D - metals - Dry powder K - kitchen - wet chemicals ```

Answer 97

-Common mode noise. Generated by the difference in power between the hot and ground wires of a power source operating electrical equipment -Traverse mode noise. Generated by a difference in power in the hot and neutral wires of a power source operating electrical

Answer 98

is the source of interference that is generated by electrical appliances, light sources, electrical cables and circuits, and so on.

Answer 99

- Smoke is damaging to most storage devices. - Heat can damage any electronic or computer component. - Suppression mediums can cause short circuits, initiate corrosion, or otherwise render equipment useless.

Answer 100

-Preaction systems. use closed sprinkler heads, and the pipe is charged with compressed air instead of water. The water is held in check by an electrically operated sprinkler valve and the compressed air. -Wet pipe systems. are filled with water. Dry pipe systems contain compressed air until fire suppression systems are triggered, and then the pipe is filled with water; and flame activated sprinklers trigger when a predefined temperature is reached. -Dry pipe systems. also have closed sprinkler heads: the difference is the pipes are filled with compressed air. The water is held back by a valve that remains closed as long as sufficient air pressure remains in the pipes. Often used in areas where water may freeze, such as parking garages. -Deluge systems. are similar to dry pipes, except the sprinkler heads are open and larger than dry pipe heads. The pipes are empty at normal air pressure; the water is held back by a deluge valve.

Answer 101

is effective, but bad for environment (ozone depleting), turns to toxic gas at 900F. ``` Suitable replacements •FM 200 (HFC 227ea) •CEA 410 or CEA 308 •NAF S III (HCFC Blend A) •FE 13 (HCFC 23) •Argon (IG55) or Argonite (IG01) •Inergen (IG541) •Aero K ```

Answer 102

Electronic Combination Locks (aka Cipher lock) Something you know Key Card Systems Something you have Biometric Systems Something you are Conventional Locks Easily picked / bumped & keys easily duplicated Pick-and-Bump Resistant Locks Expensive, harder to pick & keys not easily duplicated.

Answer 103

- Abuses of physical access control include propping open secured doors and bypassing locks or access controls. - Masquerading is using someone else’s security ID to gain entry to a facility. -Piggybacking is following someone through a secured gate or doorway without being identified or authorized personally.

Answer 104

- locked cabinets or safes - using a librarian/custodian - implementing a check-in/check-out process - using media sanitization

Answer 105

- locked cabinets or safes - dedicated/isolated storage facilities - offline storage - access restrictions and activity tracking - hash management and encryption