Security Principles Flashcards

Question

What is Vulnerability

Answer 1

Any weakness the asset has against potential threats. Vulnerabilities can be hardware, software, or human/organizational; likewise, they can represent errors or shortcomings in system design, or known trade-offs for desired features.

Answer 2

Malicious or unwanted software designed to steal data or impair your computer's performance. Malware is especially dangerous on Windows PCs and other computers that can run arbitrary software, but can be found on other systems as well.

Answer 3

Hackers, malicious software, and other automated attacks can try to access your computer over the network to steal data, or implant malware. When your data is passing over the network, attackers can also try to intercept it, modify it, or even impersonate someone else on the other end of a connection.

Answer 4

A malicious or even negligent user getting access to your account can do damage directly, or just weaken other security measures to make your data more vulnerable. Unauthorized users might physically log into your computer, or remotely gain access to either it or your online accounts. Intruders often rely on social engineering, con artist techniques used to trick legitimate users into trusting them and giving up access. Malicious employees within the organization are especially dangerous, since they already have some access.

Answer 5

Older hardware, software, and network protocols commonly have outdated security features or known vulnerabilities that make them unsafe against modern threats. Even newer technologies may simply not be designed for the security standards you need. If you must use these technologies, you should use extra controls to reduce risk.

Answer 6

Systems and software must be securely configured in order to minimize risk; many products with ample security features don't have them all enabled by default, and even secure settings might be changed during maintenance or user activity. Additionally, operating systems and other critical software must receive regular security updates to patch newly discovered vulnerabilities. Out of compliance systems are a major source of vulnerability.

Answer 7

Physical access to a computer, network, or storage device is a literal foot in the door to an intruder. Insecure physical environments let attackers bypass network-based access controls, implant malware directly, or simply make off with valuable equipment or data.

Answer 8

Humans are one of the big weak links in any security system. Insufficient training can lead users to take actions that harm assets directly or just create security vulnerabilities; even experienced users can get sloppy or just make mistakes. Malicious insiders are a big risk, but so are social engineers who trick well-meaning users into risky behavior.

Answer 9

Every aspect of cybersecurity relies on having security-related information at the ready, and without it you may never know you've got a security problem until it's too late. This includes training materials, configuration data, policies and procedures, and logs of user access and system activities. Security documentation must itself be secured, so it doesn't become a roadmap for an attacker.

Answer 10

Watching someone who is viewing or entering sensitive information, or eavesdropping on confidential conversations. It's easy to think of this as being literally over the shoulder, but people have been caught using binoculars or hidden cameras to steal passwords or ATM PINs. Shoulder surfing is especially a danger for employees doing work-related communications on mobile devices in public places.

Answer 11

Hunting for discarded documents and other media in a target's trash, looking for information. The most obvious target is confidential information that's valuable in itself, or security-related information that can be used to compromise the system, but it's not all that's valuable. Schedules, policy manuals, and personal information can also be used to launch further social engineering attacks.

Answer 12

Getting into a secure area by tagging along right behind someone who has legitimate access, with or without their knowledge. A tailgater might join a crowd of authorized people that aren't individually checked, or even get a careless but polite person to hold a locked door open after entering.

Answer 13

Impersonating an authority figure or another relevant person over the phone and requesting sensitive information. This can be done in person, but the phone makes it harder to verify identity or spot suspicious elements. Help desk workers and other customer-facing employees are especially vulnerable to this, since they're trained to be friendly and helpful but might not be trained about what not to reveal.

Answer 14

Sending unsolicited emails or other electronic messages, with undesired or malicious content. Spam can be harmless noise, commercial advertisement, fraud attempts, or a way of delivering malware. Malicious spam uses social engineering to get users to read and act on it, and even the least harmful varieties generate network traffic and distract users.

Answer 15

Using fake but official-looking messages to trick users into performing dangerous actions. Often phishing attacks are distributed via spam email: a common method is to claim to be a bank or legitimate online service, with a link to log into their website. The link actually leads to a fake page maintained by the attacker, even if it looks genuine at first glance. In truth, it either contains malware, or tricks users into entering their credentials or some other personal information.

Answer 16

A variant of phishing that targets specific people, such as members of an organization or even individual users. Compared to a generic phishing message that could target almost anyone, a spear phishing attempt has personal or at least organizational information the attacker was able to gain beforehand and incorporate into the message. Spear phishing is an especially dangerous technique because those personal details can make even experienced users let their guard down and assume the attacker is a legitimate entity they should respond to.

Answer 17

Malware attached to an infected file, usually an executable program but possibly as a script inside a data file like an office document. The virus is harmless just sitting there on the drive, but when a user runs the program it becomes active. Then it can perform attacks, which very commonly include infecting other programs, corrupting data, or emailing itself to other users. Viruses were the first common malware, so sometimes "virus" gets used as a catch-all term.

Answer 18

Malware that spreads without any human interaction. By using system vulnerabilities it can replicate itself, spread to other systems, and run itself there. This makes worms capable of rapidly spreading through a network unassisted. Rapidly spreading worms can do damage just by the system resources they consume, but the most serious have malicious functions as well.

Answer 19

Malware that appears to be a harmless or useful program, like a game or even an anti-virus application. It doesn't reproduce, outside of just tricking unwary users into installing it normally. Once it's running, its malicious functions take over. It might still be invisible to the end user, causing nothing more than system slowdowns or hidden vulnerabilities. Frequently a trojan will be attached to an email, masquerading as a useful file, funny video, or some other harmless program.

Answer 20

In general, a backdoor is any hidden way into a system or application that bypasses normal authentication systems. Backdoors created by malware can be used to gather data, remotely control the computer, send spam email, or almost anything the computer itself can. They're frequently used with rogue servers that set up unauthorized network services on compromised systems.

Answer 21

Many backdoors aren't intended primarily to let an attacker log into the computer. Instead, they turn the computer into a zombie: part of a large network of computers that performs distributed network attacks or other processing tasks on behalf of the botnet's controller. To the computer's user, the zombie might appear normal or just be unusually slow.

Answer 22

Malware that compromises boot systems and core operating system functions in order to hide from most detection methods. In extreme cases, rootkits can infect device firmware, requiring specialized equipment to remove. Rootkits and similar features have even been used in commercial software: even if there's no malicious intent from the vendor, they can compromise security other ways.

Answer 23

A particularly intrusive sort of malware that attempts to extort money from the victim in order to undo or prevent further damage. One common type of ransomware encrypts user files to make them unreadable, then demands payment to the malware's distributor in exchange for the decryption key. Another type is a bogus "free antivirus" program claiming it's detected an infection but that you need the paid version to actually remove it.

Answer 24

Malware specifically designed to gather information about user and computer activities to send to other parties, often through a backdoor. Spyware can be used to track browser activity, redirect browser traffic, steal financial or user account information. Keyloggers which silently record all user input are a serious form of spyware. Sometimes tracking cookies used by web browsers are classified as spyware, though they tend to be more limited in capability.

Answer 25

Malware that delivers advertisements to the infected system, either as pop-ups or within browser or other application windows. Adware frequently has a spyware component, even if it's just to track user activities and choose targeted ads.

Answer 26

The attacker tries every possible password or key in a methodical order, until finding the right one. Brute force can crack any password in theory, but it's a very slow method. Short passwords are very vulnerable to brute force cracking, but long passwords are much safer.

Answer 27

The attacker uses a word list, such as a literal dictionary or a list of common passwords. This approach won't easily guess random character strings, but are very effective against passwords comprised of words or names. More sophisticated dictionary attacks check for words with appended numbers, common letter substitutions, and so on. Even long passwords can be vulnerable to dictionary attacks if they use recognizable words or patterns.

Answer 28

Many password-based authentication systems rely on cryptographic hashes generated from the password, rather than the password itself. Attackers can leverage this by pre-calculating hashes for all possible passwords, at least up to a certain length. While creating a hash table is slow, using a hash table to crack passwords is much faster. This makes them useful for attackers who want to crack a lot of passwords at once. Hash tables are very large; even for short passwords, they can be many gigabytes in size.

Answer 29

A more popular variety of hash table that's designed to use less disk space. It doesn't crack passwords as quickly as a full hash table, but it's still a lot faster than brute force attacks, so it's an appealing compromise for many attackers. Like brute force and hash tables, rainbow tables are most effective against short passwords. Some authentication systems are designed to protect against them.

Answer 30

Denial of service attacks are designed to prevent legitimate users from accessing a network service or an entire network. The most common DoS technique attacks servers or routers with overwhelming or unusual traffic which consumes its resources and causes slowdowns or crashes. Other DoS methods include locking users out of accounts, or physically attacking hardware. Malware and forced access can also be used with DoS in mind.

Answer 31

Distributed denial of service is a type of DoS where a single target is flooded by traffic from many individual computers, often spread across the internet. The number of attackers, and their distribution on the network, make the attack harder to defend against. DDoS attacks commonly use botnets directed by the actual attacker, and can overwhelm even powerful networks.

Answer 32

Any attack that intercepts or observes private communications. Eavesdropping is common for social engineering attacks like shoulder surfing, but on the network it's most common where an attacker can get access to unencrypted network traffic, such as from an unprotected switch or an open Wi-Fi network.

Answer 33

A form of eavesdropping where an attacker intercepts and relays communications between two points, often impersonating each party in the eyes of the other. This is much more potent than ordinary eavesdropping because the MITM can also insert or modify information in real time before it reaches its destination. Some MITM techniques are even designed specifically to attack protocols which are secure against ordinary eavesdropping. This type of attack is often directed at online banking and e-commerce sites, allowing the attacker to capture login credentials and other sensitive data. Sometimes the attack itself is a malicious script within the user's browser, rather than out somewhere on the network.

Answer 34

A technique that falsifies the origin of network communications, either to redirect responses or to trick users into thinking it comes from a trustworthy source. Spoofing attacks can apply to almost any protocol that specifies both a destination and an origin address: IP addresses on the internet, MAC addresses on the LAN, or specific applications such as email addresses or caller ID. Usually spoofing isn't an attack in itself so much as a way to enable other attacks like DoS or social engineering.

Answer 35

An attacker giving false replies to DNS requests sent by a host, in order to redirect traffic to a malicious or fraudulent site. Sometimes called pharming. When you or an application try to access a named host, you actually connect to the attacker's site which may host malware, perform MITM attacks, or just trick you into divulging sensitive information. DNS hijacking can occur via compromised DNS servers on the network, or DHCP servers that give hosts incorrect DNS settings., Hosts themselves can also be targeted by installing malware, changing network settings, or altering the hosts file the operating system uses to help resolve names. Social engineering, threats, and vulnerabilities

Answer 36

Shoulder surfing

Answer 37

Ransomware

Answer 38

- Ensures that the information is viewable only by authorized users or systems - Ensures that the information is either inaccessible or unreadable to unauthorized users

Answer 39

- Ensures that the information remains accurate and complete over its entire lifetime - Ensures that the data in storage or transit can't be modified in an undetected manner

Answer 40

- Ensures that the information is always easily accessible to authorized users - Ensures that the information is always easily accessible to authorized users

Answer 41

The Sarbanes-Oxley Act of 2002 is a US federal law designed to prevent fraudulent accounting practices. It applies primarily to financial records managed by companies that do business in the United States.

Answer 42

The Health Insurance Portability and Accountability Act is a US law governing health insurance coverage, but from an IT perspective it protects the privacy of patient records. It applies to any organization that stores or handles protected data.

Answer 43

The General Data Protection Regulation is a newly enacted European Union regulation which protects the privacy of individual data related to EU residents. It applies not only to any organization in the EU which handles personal information, but specifically to foreign organizations that do business with or market to EU residents.

Answer 44

The Payment Card Industry Data Security Standard isn't a law; instead, it's a set of shared rules developed by the world's major credit card companies and administered by the PCI Council. PCI DSS compliance is part of the contract an organization must sign before it is permitted to process payment cards.

Answer 45

Personally identifiable information is information that can be used to uniquely identify an individual person, either on its own or in conjunction with other information. It can also mean information that specifically relates to an individual person. PII is a focus of many privacy regulations and the target of various attacks; since it is a legal term rather than a technical one, its definition varies by jurisdiction. PII examples include contact information like name and address, personal attributes such as age or gender, and other life details like grades or workplace.

Answer 46

Protected health information is PII which can be connected to an individual's health status, medical treatments, and health care payments. PHI is defined by HIPAA, and must be protected by any organization under the jurisdiction of that law. Similar laws apply to health care data in other countries, and there are corresponding laws for other industries like education.

Answer 47

The GDPR itself is a broad set of privacy laws intended to make sure that businesses which make sure consumers are aware of what PII businesses collect about them, and to give them more control over what is collected and how long it is kept. It most visibly has come to apply to websites and online services which collect user data, but it affects other companies as well. Any collected PII related to EU consumers is covered by the GDPR.

Answer 48

PCI-DSS regulations apply to any information regarding payment cards issued by major credit card vendors, and the customers that pay using those cards. They are designed both to guarantee interoperability among various payment card systems, but also to make sure both payment card data and the systems which process them are safe against fraudulent purchases and identity theft. Any systems which store or handle such data must be PCI-DSS compliant.

Answer 49

Uses the same key for both encryption and decryption. Also known as private key cryptography since the key must be kept secret for security to be affected. Symmetric algorithms are used primarily for encrypting bulk data, such as secure network communications and storage devices. They include AES, 3DES, RC4, Blowfish, and Twofish.

Answer 50

Uses two mathematically related keys. Data encrypted with the first key can only be decrypted with the second, and vice-versa. Also known as public key cryptography, since typically only one key is kept private and the other is public knowledge. Asymmetric algorithms can be used to encrypt arbitrary data, but since that's more computationally expensive they're more often used to prove identity or securely exchange symmetric keys. They include RSA, DSA, ECC, and Diffie-Hellman.

Answer 51

Converts data a unique signature called a hash. Hashes don't contain the original data and can't be reliably reversed. However, since any change to data changes its hash, data can be compared to a stored hash to verify its integrity. Hashes are important in data preservation, authentication, and system integrity checking. Common algorithms include MD5, SHA-1, and the SHA-2 family.

Answer 52

Positive identification of a person or system wishing to initiate communications, for example via a username/password or an ID card.

Answer 53

Specifying the exact resources a given authorized user is allowed to access, such as file permissions on a hard drive.

Answer 54

Auditing and logging the actions of an authenticated user for later review, such as operating system logs tracking logins and accessed files.

Answer 55

Something you know, like a password, PIN, or answer to a challenge question.

Answer 56

Something you possess, like a physical key, ID badge, or smart card. Traditionally, this includes any form of digital data a human can't be expected to memorize.

Answer 57

Something you are; that is, a unique physical or behavioral characteristics, like a fingerprint, voice print, or signature. Inherence elements that are based on personal physical characteristics are called biometrics.

Answer 58

ny physical property intrinsic to an individual human body, ranging from fingerprints to DNA to scent. Usually distinguished from behavioral characteristics like signatures and typing patterns. Contrary to some popular belief, biometric authentication isn't necessarily more reliable or harder to fool than any other type, but it's still useful.

Answer 59

A file created and signed using special cryptographic algorithms. The holder has both a public certificate which can be shared freely, and a secret encryption key which is never shared. Sample data encrypted with the secret key can be decrypted with the public certificate, proving the person or system presenting the certificate also holds the key. The authentication system can store certificates for allowed users, or submit a newly presented certificate to a trusted third party such as a certificate authority to verify its owner's identity. One common application of digital certificates is the one assigned to each secure website in order to prove its identity to visiting browsers.

Answer 60

A one-time password that is valid for a single session, so it can't be stolen and reused. The OTP still has to be known to both the user and the authenticator somehow, so it's a challenge to accurately create one. An OTP can be generated independently on both ends by a sequential or time-based algorithm, or it can be generated by the authenticator and transmitted to the user out-of-band, such as to an email address or phone number.

Answer 61

Broadly speaking, any physical device used to aid authentication by containing secret information. A hardware token might have an LCD display to generate OTPs you can type in, or it might be a digital certificate securely stored on a USB key, RFID key fob, or scannable card.

Answer 62

A stored file that serves similar purposes to a hardware token. The term is a little flexible: usually it's applied to applications that allow a smartphone or other computer to serve as a hardware token, but it's sometimes used to describe temporary authentication and authorization data stored on and exchanged between computers in single sign-on environments.

Answer 63

A traditional machine-readable card, such as a bank or transit card, with a magnetic stripe to store user data. They've been around a very long time, and while they're useful they're not secure. They don't store very much data, and they're easy to clone. Magnetic stripe cards can still be used in multi-factor authentication, but they're not a very strong method on their own.

Answer 64

An authentication card with an integrated circuit built in. At the least, a smart card's chip holds basic identifying information like a magnetic stripe would; it can also hold digital certificates, store temporary data, or even perform cryptographic processing functions to keep its data secure. Smart cards don't generally contain batteries, but instead receive power from the reader.

Answer 65

Members of this group have full control of the computer, and they can assign user rights and access control permissions to users as necessary. The Administrator account is a default member of this group. Administrators can't actually do literally everything on the computer, since some privileges are reserved to specialized system accounts and should never be performed directly by users. However, they can perform administrative tasks such as installing applications and hardware drivers, creating and deleting user accounts, or changing sensitive operating system settings. Adding an account to this group makes it very powerful, and a potential security risk.

Answer 66

Only found on Domain accounts. Members of this group have full control of computers throughout the domain. The Administrator account is joined to this group when a domain is formed. Privileges on an individual computer are similar to that of Administrators group members.

Answer 67

Members of this group can perform common tasks and run most applications. However, they can't share folders, install printers, or generally change any system-wide settings that can affect other users or put system security at risk. Most newly created accounts are simply Users. In general, administrators as well as other privileged users also belong to the Users group, so a privilege added to this group applies to everyone.

Answer 68

In older versions of Windows, members of this group had privileges beyond that of an ordinary user, but less than that of an administrator. In modern versions of Windows this group exists but has no special privileges. It can still be customized to make a general set of "privileged user" permissions.

Answer 69

Members of this group have much more limited permissions than Users. They can't customize settings, install software, or even change their own passwords. Guest accounts aren't protected by passwords and use a temporary profile that's deleted at logoff. Windows versions that include a Guest account generally disable it by default.

Answer 70

Members of this group can back up and restore files from anywhere on the computer, regardless of individual file and folder permissions. While the Backup Operator privilege overrides any normal file system permissions, members of this group have no special power to change security settings.

Answer 71

Members of this group can log onto the computer remotely through Remote Desktop Services. This provides an easy way to control which accounts are allowed to use remote access, and which must be physically at the computer.

Answer 72

Members of this group are authorized to perform cryptographic operations.

Answer 73

Members of this group are allowed to start, activate, and use DCOM objects on a computer.

Answer 74

This is a built-in group that is used by Internet Information Services (IIS).

Answer 75

Members of this group can make changes to TCP/IP settings, and they can renew and release TCP/IP addresses. This group has no default members.

Answer 76

Members of this group can manage performance counters, logs, and alerts on a computer—both locally and from remote clients.

Answer 77

Members of this group can monitor performance counters on a computer—locally and from remote clients.

Answer 78

This group supports replication functions. The only member of the Replicator group should be a domain user account that is used to log on to the Replicator services of a domain controller.

Answer 79

Members of this group can offer Remote Assistance to the users of this computer.

Answer 80

Biometric lock