Midterm # 2 Flashcards Preview

Information Security > Midterm # 2 > Flashcards

Flashcards in Midterm # 2 Deck (145)
Loading flashcards...
1

Authentication is?

The process of determining whether a user should be allowed access to a system.

2

Authentication question?

are you who you say you are?

3

authorization

are you allowed to do that?

4

The three authentication methods?

Something you know
Something you have
Something you are

5

How to prevent forward search attack

To prevent a forward search attack on a public key encryption we append random bits to the message before encrypting it

6

Salt?

Appending a non secret random value known as salt to each password before hashing it.

7

What is a salt?

a non secret value that causes identical password to hash to different values

8

What is a two factor authentication?

any authentication method that requires two out of the three "somethings" is known as a two factor authentication

9

what is the common criteria?

EAL1 through EAL7

10

what is EAL1

functionally tested

11

what is EAL2

Structurally Tested

12

What is EAL3

Methodically Tested and Checked

13

What is EAL4

Methodically Designed, Tested, and Reviewed

14

What is EAL5

Semiformally Designed and Tested

15

What is EAL6

Semiformally Verified Design and Tested

16

What is EAL7

Formally Verified Design and Tested

17

What are ACL's?

Access control lists, columns

18

What is C-lists?

Capabilities, rows, subject trying to perform an operation

19

What are the advantages of capabilities?

with capabilities the association between users and files is built into the system. Capabilities are more complex to implement, and have higher overhead

20

what are the advantages of ACL

ACL based system, which is a separate method for associating users to files is required.

21

what is the confused deputy?

the confused deputy is a classic security problem. fooled by some other party into misusing its authority. the compiler is acting on Alice's behalf.

22

Classification applies to...

Objects

23

Clearances apply to...

Subjects

24

Classification and Clearances order?

Top Secret
Secret
Confidential
Unclassified

25

what is BLP

Bella-LaPadula

26

What is Bella-LaPadula

is to capture the minimal requirements with respect to confidentiality, that any MLS system must satisfy

27

BLP consists of two statments

Simple Security Condition,
Property

28

What is Simple Security Condition

Subject S can read object O if and only if L(O) <= L(S)

29

What is Property

Star property, Subject S can write objects O if and only if L(S) <= L(O)

30

what is the point of compartments?

to further restrict information flow "across" security level, compartments enforce he need to know principle.