Information Security Flashcards
What is a firewall?
A firewall consists of hardware, or software, or both, that help detect security problems and enforce security policies on a computer system. Like a door with a lock for a computer system. There are multiple types, and levels, of firewalls.
Describe some characteristics of a “strong” (i.e., good) password.
At least eight characters long; uses both upper and lower case letters; uses at least one numeral; uses at least one special character; must be periodically changed.
Define “biometric controls.”
A physical characteristic is used to gain access instead of a password. Common choices for biometric controls include fingerprint or thumbprint, retina patterns, and voice print patterns. Biometric controls can be very reliable, but generally require special input equipment.
Why does multi-factor authentication increase control?
All authentication techniques may fail. Requiring multi-factor authentication procedures—the use of several separate authentication procedures at one time (e.g., user name, password, one-time password and fingerprint) enhances the authentication process.
Describe smart cards and identification badges.
These have identification information embedded on a magnetic strip on the card and require the use of additional hardware (a card reader) to read the data into the system. Depending on the system, the user may only need to swipe the card to log onto the system, or may need to key in other information in order to log on.
Describe the operation of “one-time” passwords.
The “one time” password derives from an algorithm which usually involves the date and time. The user enters this password along with their user name and personal password. Once received, the computer independently recalculates the “password.” If the entered value and computed value are the same, the computer then recognizes the individual.
List some examples of security tokens.
Includes (1) devices which provide “one-time” passwords that must be input by the user and (2) “smart cards” that contain additional user identification information and must be read by an input device.
Why are “one-time” passwords used by organizations?
They provide an additional level of authentication. Used to strengthen the standard password by requiring access to a physical device which displays a new “one-time password” every 30-60 seconds.
What are logical access controls?
Control electronic access to systems via internal and external networks.
Describe four electrical system risks.
- Failure (outage), 2. reduced voltage (brownout), 3. Sags, spikes, and surges, 4. Electromagnetic interference (EMI).
What purpose does setting file attributes serve?
This logically restricts the ability of the user to read, write, update, and/or delete records in a file.
Describe a good location site for a computer operations facility.
Climate controlled including air-conditioned; away from risks of natural disasters (fire, flood, humidity), away from windows. Not on a top floor or basement.
What purpose do file protection rings or locks serve?
Physically prevent the media from being overwritten.
Define “social engineering.”
A set of techniques used by attackers to fool employees into giving them access to information resources.
What considerations should be given by an organization regarding fire-suppression systems?
Such systems are required in IT operations. Need to be appropriate for electrical fires (not halon). Should be periodically inspected.
Define “external labels.”
A tag placed on data storage media (floppy disks, magnetic tape, CDs, etc.) designed to prevent inadvertent use of the wrong file.
Define “internal labels” (header and trailer labels).
Descriptive information stored at the beginning and end of a file that identifies the file, the number of records in the file, and provides data enabling detection of processing errors.
Define “encryption.”
The process of coding data so that it cannot be understood without the correct decryption algorithm.
Describe the use of secure electronic transactions (SET) protocols.
A protocol that is often used in credit card payments. Used by the merchant to securely transmit payment information and authenticate trading partner identity.
Identify the two internet protocols that are typically used for secure Internet transmission protocols.
Sensitive data sent via the internet is usually secured by one of two encryption protocols: SSL (Secure Sockets Layer) or S-HTTP (Secure Hypertext Transport Protocol).
Describe how digital certificates work.
Provides legally recognized electronic identification of the sender and verifies the integrity of message content. Based on public/private key technology (like the digital signature).
Describe how digital signatures work.
Uses public/private key pair technology to provide authentication of the sender and verification of the content of the message.
Describe asymmetric encryption (also called public/private-key encryption and private-key encryption).
Uses two paired encryption algorithms to encrypt and decrypt the text: if the public key encrypts, the private key decrypts. If the private key encrypts, the public key decrypts.
Define “ciphertext.”
Text that has been mathematically scrambled so that its meaning cannot be determined without the use of an algorithm and key.
