Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

MINE > sth to rem > Flashcards

sth to rem Flashcards

(562 cards)

Start Studying
1
Q

Atomicity
Isolation
Consistency
Durability

A

Atomicity – Transaction must be rolled back if not complete (committed).
Isolation – One transaction must complete before other can modify the same data.
Consistency – Transactional changes must ensure that the DB is consistent to the rules (unique primary key etc.)
Durability – Transactions once committed must be durable. Backups such as transaction logs ensure durability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Concurrency
Lost Updates
Dirty Reads

A

Concurrency – enables users to lock the database to prevent changes by others during a transaction.
Lost Updates – two different processes make updates to the DB without being aware of each others transactions causing errors. Isolation solves this.
Dirty Reads – Process reads from a transaction that did not commit. Atomicity solves this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Polyinstantiation

A

Polyinstantiation –tuple’s having multiple values with identical primary keys based on Security Clearance, to prevent lower-level inference attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cell Suppression

A

Cell Suppression – Hide individual fields based on security clearance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Aggregation

A

Aggregation – Use access to multiple low-level database to gain information. Basically, person asks every question, receives every answer and thus gains information. (No deduction needed) (One DB has Employee ID and name, other has Employee ID and Salary. Aggregation allows to identify Salary of each employee)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Inference

A

Inference – speculation of information based on some information. (Weapon shipment increase in DB records can infer a possible mission)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Referential Integrity
Semantic Integrity
Entity Integrity

A

Referential Integrity – every foreign key matches a candidate key in the parent table.
Semantic Integrity – each column attribute value is consistent with the attribute data type. (Date in date column)
Entity Integrity – every tuple has a primary key which is unique and not NULL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Software Escrow Agreement

A

Software Escrow Agreement
Archive Source code with a third-party repository, to protect the customer in case the software vendor goes out of business..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Change Management Process

A

Request Control: Organized framework for users to request modifications, managers conduct cost/benefit analysis and developers prioritize tasks.
Change Control: Framework for multiple developers to develop and test a solution before rolling into production.
Quality Control restrictions
Documenting code changes
Restrict new code to minimize security
Develop tools for deployment of change.
Release Control: Review code before release. Review includes:
Remove any backdoors.
Approval of change
User Acceptance Testing
Configuration Control: Ensures that changes to software versions are made in accordance with change control and configuration management process.
Updates can only be made from authorized distributions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Configuration Management Process

A

Configuration Identification: Documentation of all software configuration within organization.
Configuration Control: Configuration changes follow change management.
Configuration Accounting: Track all authorized configuration changes.
Configuration Audit: Configuration documentation meets actual configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SEI SW-CMMI
Measures Software Development Maturity.
Required by US Agencies and Contractors

A

Initial: Processes are chaotic, unpredictable, poorly controlled, reactive.
Repeatable: Processes are characterized for projects but reactive. Basic lifecycle mgmt.
Defined: Processes are defined (written) and proactive.
Quantitatively Managed: Processes are defined and measured.
Optimizing: Processes are measured and improved.
Defect Prevention, Technology Change Management, Process Change Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SEI IDEAL

IDEAL model for software development and Change management.

A

Initiating: Business reasons behind change, approval/support, requirements in place.
Diagnosing(診斷): Engineers analyze current state and make recommendations.
Establishing: Recommendations are developed into plan of actions.
Acting: Develop, test, refine and implement solution.
Learning: Continuous analysis of desired goals, new plans for achieving goals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AGILE

A

Developed in response to rigid Development processes like Waterfall.
Individuals and interactions over processes and tools
Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Sashimi

A

Overlapping Waterfall Model.

Steps overlap, leading to faster-integrated development cycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

NIST SP 800-14

A 
Generally Accepted Principles and. Practices for Securing Information. Technology Systems
Initiation
Development/ Acquisition
Implementation
Operation / Maintenance
Disposal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SECURE SOFTWARE DESIGN

Fail-Open

A

Fail-Open: bypasses security at failure to allow operations to continue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

SECURE SOFTWARE DESIGN

Fail-Secure

A

Fail-Secure: puts system in high-security state at failure and does not allow operations until administrator diagnoses and resolves problems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Database Backup

Electronic Vaulting

A

Electronic Vaulting: Remote site database backup using bulk transfers. Smaller time to backup to remote site, then sending tape.
Significant delay to recover as backup has to be obtained from vault and then restored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Database Backup

Remote Journaling

A 
Remote Journaling: Transaction logs backed up remotely.
Some delay (ex.hourly), technicians retrieve logs transaction logs and apply to production DB.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Database Backup

Remote Mirroring

A

Remote Mirroring: Live Backup via copying any changes to the production database to the backup. (also called Shadowing)
No delay. Can be migrated as is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Recovery Types

Trusted Recovery

A

Trusted Recovery: System is as secure as before failure or crash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Recovery Types

Manual Recovery

A

Manual Recovery: If system does not fail in a secure state, an admin has to manually implement security before recovery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Recovery Types

Automated Recovery

A

Automated Recovery: System performs trusted recovery activities against failure. Ex: RAID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Recovery Types

Automated Recovery with Undue Loss

A

Automated Recovery with Undue Loss: System performs trusted recovery activities against failure, but also protects specific objects against loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Recovery Types | Function Recovery
Function Recovery: Systems that can automatically recovery functions.
26
e-Discovery Reference Model
eDiscovery Reference Model 1. Identification :The identification phase locates relevant information but does not preserve it. 2. Preservation :During the preservation phase, the organization ensures that information related to the matter at hand is protected against intentional or unintentional alteration or deletion. 3. Collection :The collection phase occurs after preservation and gathers responsive information 4. Processing :The processing phase performs a rough cut of the collected information for relevance. 5. Review of the data to ensure it is relevant. 6. Analysis of the data for proper context. 7. Production of the final data set to those requesting it. 8. Presentation of the data to external audiences to prove or disprove a claim.
27
Real Evidence
Physical, can be brought to court. (Hard disks etc)
28
Documentary Evidence
Original / copies of business records, computer-generated/stored logs. Must comply with Hearsay rule
29
Circumstantial Evidence
Doesn’t directly prove, but makes reasonable inference. (Tickets to the opera infers person was at opera)
30
Direct Evidence
Oral / Written Testimonial evidence witnessed by a persons 5 senses.
31
Demonstrative Evidence
Aid understanding of case via Expert opinion or non-expert facts.
32
Secondary Evidence
A duplicate copy such as photocopy, tape backup, screenshot, logs
33
Best-evidence
Best-evidence: Original, unaltered, requires integrity. Computer-generated records. Hearsay-evidence: Inaccurate, unreliable, unable to prove integrity. Computer-stored records.
34
Hearsay-evidence
Best-evidence: Original, unaltered, requires integrity. Computer-generated records. Hearsay-evidence: Inaccurate, unreliable, unable to prove integrity. Computer-stored records.
35
Federal Rules of Evidence states if data stored on pc, or printout is demonstrated to be accurate and reliable, it is ??
it is Best Evidence.
36
Enticement
Make a crime more enticing. Criminal already has mindset to commit crime. E.g. He has already hacked in, so Honeypot can be used to contain, gain knowledge.
37
Best Evidence Rule
Best Evidence Rule: Admissability
38
Parol Evidence Rule
Parol Evidence Rule – Only written agreements acceptable.
39
Hearsay Rule
Hearsay Rule – Hearsay evidence only admitted if maker of the statements is able to testify in court.
40
Best Evidence Rule | Competent / Legally Permissible
Obtained through legal means, and not via: Illegal Search & Seizure: without warrant. Illegal Wiretap & Phonetaps Entrapment Coercion: force to testify.
41
INVESTIGATIONS | Administrative Investigation
Administrative Investigations: Operational investigations to internal IT system faults, functions & processes. No set guideline for evidence. Evidence is Voluntarily Surrendered to investigation personnel.
42
INVESTIGATIONS | Criminal Investigation
Criminal Investigation: Evidence must meet Beyond a reasonable doubt, investigated by law enforcement.
43
INVESTIGATIONS | Civil Investigation
Civil Investigation: Evidence meets More likely than not, investigated by employees and consultants.
44
INVESTIGATIONS | Regulatory Investigation
Regulatory Investigation: Evidence meets Standard of proof, investigated by government or regulatory bodies if companies are suspected of violating compliance or administrative laws.
45
INVESTIGATIONS | Compliance Assessment
Compliance Assessment: Evidence meets Proof of compliance, Periodic assessment to meet compliance standards, investigated by third-party auditors appointed by regulatory bodies.
46
Evidence gathered for Investigation must maintain their ???
Integrity
47
Honeypots
Honeypots Offer enticement to attackers, so that the attacker may spend time attacking the honeypot without gaining any information leading to discouragement.
48
Honeynet
Honeynet: Two or more networked honeypots to simulate a network.
49
PsuedoFlaws
PsuedoFlaws | False vulnerabilities or loopholes present in a system, enticing attacker to attack.
50
Padded Cell
Padded Cell | Detection of attack, attacker transmitted to virtual network with exact look and feel of real.
51
Security As A Service
Security As A Service: Managed Detection & Response, Vulnerability Assessment & Mitigation etc.
52
SYN Flood Attack
SYN Flood Attack | Sends multiple SYN packets, but does not respond to the SYN-ACK with an ACK.
53
Fraggle Attack
Fraggle Attack | Send UDP Port 7 and 19 traffic spoofing Victims IP as source. All hosts then send traffic to the victim.
54
Smurf Attack
Smurf Attack Sends ICMP echo packets spoofing the Victim’s IP as source to a broadcast network via directed broadcast in a router. RFC 2644 defaults to no directed broadcast.
55
Sabotage(破壞)
Sabotage | Criminal destruction or disruption against an organization by an employee.
56
Espionage
Espionage | Spy and steal secrets / intelligence.
57
INCIDENT RESPONSE MANAGEMENT
Detection First responders analyze to classify alarm as incident and Activate the CIRT. Reporting Response Investigate, Assess damage, collect evidence, determine the response (containment action) Mitigation Determine Cause that leads to RCA, take action to Contain incident and Eradicate to stop incident. Reporting Technical: Technical details of incident. Non-Technical: Seriousness of incident to management. Recovery Restore system to operational status (BU approves). Monitor for persistence. Recovery in off-peak hours. Remediation Long term mitigation. Prevent Recurrance. Root cause Analysis. Eg: Password was compromised, mitigation changes password. Remediation adds Multifactor authentication. Lessons Learned Final Incident Report. What could be done to prevent further incidents, response analysis, shortcomings, feedback.
58
INCIDENT RESPONSE MANAGEMENT | Root Cause Analysis
Determine what caused an incident: very critical to Mitigation, Recovery and Remediation. If root cause is not properly identified, an incident can persist for a longer time.
59
INCIDENT RESPONSE MANAGEMENT | CIRT
Computer Incident Response Team: Responsible for Investigation, Containment and Recovery.
60
NIST 800-61r2
Computer Security Handling Guide=>INCIDENT RESPONSE MANAGEMENT
61
Common Vulnerabilities and Exposures (CVE)
Standard convention to identify vulnerabilities among vendors. MITRE maintains the CVE database.
62
Change Review Board
Comprised of experts from different departments. Review and Approve/Reject a change.
63
CHANGE MANAGEMENT
``` Request Change Review Change(w/ Impact Analysis) Approve/Reject Test Implement Document ```
64
Types of Logs | Application Logs
Types of Logs Application Logs: Related to application events. Security Logs: Related to security events such as logon,lockout. System Logs: Related to system events such as hardware errors. Proxy Logs: Related to web events. Audit Logs: Related to admin actions.
65
Types of Logs | Security Logs
Types of Logs Application Logs: Related to application events. Security Logs: Related to security events such as logon,lockout. System Logs: Related to system events such as hardware errors. Proxy Logs: Related to web events. Audit Logs: Related to admin actions.
66
Types of Logs | System Logs
Types of Logs Application Logs: Related to application events. Security Logs: Related to security events such as logon,lockout. System Logs: Related to system events such as hardware errors. Proxy Logs: Related to web events. Audit Logs: Related to admin actions.
67
Types of Logs | Audit Logs
Types of Logs Application Logs: Related to application events. Security Logs: Related to security events such as logon,lockout. System Logs: Related to system events such as hardware errors. Proxy Logs: Related to web events. Audit Logs: Related to admin actions.
68
Duress
Duress: Duress(脅迫) systems for safety of personnel working alone or in remote area. (Signal to indicate hazard). Example: Code word for security guard if he is surrounded or in danger.
69
ADMINISTRATIVE SECURITY | Segregation of Duties
Segregation of Duties | No single person is completely responsible/assigned all functions of a process. Mandatory requirement of SOX compliance.
70
SOFTWARE TESTING Fuzzing Mutation Fuzzing
Fuzzing – Provides multiple invalid inputs to software to test it’s limits, in an attempt to produce crashes, vulnerabilities such as bounds, buffer overflows etc. Tools: zzuf Mutation Fuzzing: Takes valid input, alters it and sends to the application. Generational Fuzzing: Intelligent Fuzzing. Creates models based on the data types accepted by the program.
71
SOFTWARE TESTING Fuzzing Generational Fuzzing
Fuzzing – Provides multiple invalid inputs to software to test it’s limits, in an attempt to produce crashes, vulnerabilities such as bounds, buffer overflows etc. Tools: zzuf Mutation Fuzzing: Takes valid input, alters it and sends to the application. Generational Fuzzing: Intelligent Fuzzing. Creates models based on the data types accepted by the program.
72
SOFTWARE TESTING | Mutation(變異) Testing
Mutation(變異) Testing – Modifies a program in small ways and then tests the mutant to determine if it behaves as it should or fails. This is used to design new software tests and ensures the quality of the tests.
73
SOFTWARE TESTING | Interface Testing
Interface Testing – Tests the interfaces exposed by the application such as API, GUI for security vulnerabilities and proper handoff’s, data inputs.
74
Software Testing Levels | Acceptance Testing
Acceptance Testing: Software meets the customers / users requirements.
75
SOFTWARE TESTING LEVELS – COVERAGE ANALYSIS Coverage Analysis STRUCTURAL
STRUCTURAL Branch Coverage: every branch at a decision point is TRUE or FALSE. Condition Coverage: each Boolean expression is evaluated to both TRUE or FALSE. Function Coverage: every Function or Subrotation is called. Statement Coverage: every Statement is executed at least once. Loop Coverage: every loop in the code to verify loop initialization problems, repetition issues, capacity/performance bottlenecks.
76
SOFTWARE TESTING LEVELS – COVERAGE ANALYSIS Coverage Analysis Functional
Functional Normal Testing: Normal inputs (expected user behavior) are fed and results are tested with expected outcomes. Misuse Case Testing: Wrong or unexpected inputs sent to program for testing robustness.
77
CODE REVIEW | Fagan Inspections
``` Planning Overview Preparation Inspection Rework Follow-up ```
78
SOFTWARE TESTING: STATIC & DYNAMIC | Dynamic
Dynamic Testing tests code while executing i.e. functions it performs, actions it takes. Test code Actively. Organizations deploying third party software typically use this approach.
79
SOFTWARE TESTING: STATIC & DYNAMIC | Static
``` Static Testing reviews raw source code looks for known insecure practices, functions, libraries or characteristics. Test code passively. Walkthrough Syntax Checking Code Review Lexical Analysis Control flow graphs Data Flow analysis Can use automated tools to perform Static Testing. ```
80
Internal Audits
Internal Audits Performed by organization appointed auditors. Continual review of controls. Separate line of reporting to CEO/Business owners.
81
External Audits
External Audits | Performed by outside organizations. No conflict of interest. High validity. Big Four: E&Y, PwC, Deloitte, KPMG
82
Third Party Audits
Third Party Audits Performed on behalf or conducted by another organization, like a regulatory body. Scope decided by the Third Party. Example: PCI-DSS, SOX
83
Auditing Standards
Auditing Standards CoBIT – common security requirements for systems ISO 27002 – granular specifics information systems security control SSAE18 – SOC2 Type 1 – Point in time controls. Type II – Period of time controls, testing. More reliable and preferred, auditor opinion Soc3– Service Provider 3rd party audit.
84
NIST SCAP
NIST Security Content Automation Protocol (SCAP): interface with the NVD for vulnerability information exchange.
85
Common Vulnerabilities and Exposures (CVE) | Common Vulnerability Scoring System (CVSS)
Common Vulnerabilities and Exposures (CVE): naming system and describes vulnerabilities. Common Vulnerability Scoring System (CVSS): Scoring for Severity.
86
NIST SP800-53A
NIST SP800-53A – Assessing Security & Privacy Controls: Specifications: documents of system being audited, policies, requirements. Mechanisms: Controls used to meet specifications. Activities: Actions carried out by individuals, procedures and processes. Individuals: People who access the system and perform the activities.
87
Whaling
Whaling | SpearPhishing for VPs, CXOs.
88
Spear Phishing
Spear Phishing Targeted Phishing – specific users of an organization (RnD, Marketing). Considerable research before launching this attack. Involves exploits crafted for target. Awareness, Patching, reputation filtering.
89
DAC – Discretionary Access Control
DAC – Discretionary Access Control Security of object is at Data Owner’s Discretion. Access granted through ACL. Owner of Object decides permission. Identity based. Subject has no knowledge of the object’s sensitivity. Scalable and Flexible as each owner decides access.
90
MAC – Mandatory Access Control
MAC – Mandatory Access Control Data Owners cannot grant access. Security Labels of Subject and Object define decision. Access granted by Security Officer. Subject label must dominate Object Label. Subject has knowledge of the object’s sensitivity. Lattice-based Access control. Can be compartmented further for Label+Compartment for enforcement of Need to Know. 3 Types: Compartmented, Hierarchical, Hybrid.
91
RBAC– Role Based Access Control
RBAC– Role Based Access Control Group based Access Permissions. Non-discretionary. Each Role has a set of rights over objects as defined by the Data Owner. The Security Admin configures the rights. Subject focused.
92
RuBAC– Rule Based Access Control
RuBAC– Rule Based Access Control Rule based – Global focused rules that apply to all subjects. Called restrictions or filters. If/then statements (group=admin allow social-networking time:800)
93
Attributed Based Access Controls
Attributed Based Access Controls Policies that include multiple attributes for rules (memory=8gb, os=windows) SDNs use ABAC
94
RADIUS
RADIUS Authentication, Authorization, Accounting Ports: UDP 1812,1813 or 1645,1646(unofficial) Uses Attribute Value Pairs (AVPs) that can be used to enhance authentication and Authorization. 256 Pairs possible. Logs privileged access once logged in. Only encrypts the Password exchange. RADSEC enables RADIUS over TCP/TLS
95
TACACS+
TACACS+ Authentication, Authorization, Accounting Ports: TCP 49 TACACS+ enhancement allows Two-factor authentication. Separates AAA into different processes that can be implemented on multiple servers. Encrypts all authentication information. Better accountability compared to Radius.
96
Diameter
Diameter Supports wide range of protocols: IP, Mobile IP, VoIP. Better Reliability and Flexibility than RADIUS. Authentication, Authorization, Accounting Ports: TCP / SCTP 3868 Supports IPSec & TLS Encryption. Not backwards compatible with RADIUS Uses AVP’s and increases to use 32 bits i.e. billions of Pairs.
97
Security Association Markup Language (SAML)
Security Association Markup Language (SAML) Log-In to Federated sites via SSO. Enterprise websites and apps. Uses XML Components: Assertions: Authentication, Attribute, Authorization Protocols: HTTP, SMTP, SOAP, FTP Bindings: SAML over SOAP, SAML over HTTP Roles: Identity Provider (IdP): Validate user identity. Service Provider (SP): The Service Principal: User Circle of Trust between all parties before Assertions.
98
OAuth 2.0
OAuth 2.0 Provides Authorization to API’s such as GoogleID, LinkedIn, Facebook etc. Roles: OAuth Provider: Hosts the resource to be accessed. OAuth Consumer: Requesting the resource. End User: Granting access Example: Facebook App (Consumer) asking for permission from (End User) to grant access to your Facebook Profile (Provider) No Encryption – Relies on TLS for Session encryption.
99
OpenID
OpenID SAML based SSO, consumer websites and apps. Roles: OpenID Provider: Verifies End user. Resource Party: Wants to verify the user. End User: who wants access Example: Facebook App (Consumer) asking for permission from (End User) to grant access to your Facebook Profile (Provider) OpenID Connect(OIDC): Uses JSON Web Tokens (JWT) and REST to retrieve JWT. Can retrieve user profiles. Vulnerable to Phishing attacks.
100
Kerberos
Kerberos: Uses Symmetric encryption. Port: UDP 88 The Principal / client’s password is never transmitted on the network. Time Sensitive: All systems clocks need to be in sync. Single Point of Failure.
101
KERBEROS - COMPONENTS | Resource Server
Resource Server | The Target Service (TS) that the User/Principal needs access to.
102
KERBEROS - COMPONENTS Kerberos Key Distribution Center Kerberos Service that includes:
``` Authentication Server (AS) – Grants Ticket Granting Tickets (TGT) to access the TGS Ticket Granting Service (TGS) – Grants tickets to target services. ```
103
KERBEROS - COMPONENTS Session Key Ticket Granting Ticket (TGT) Service Ticket
Session Key – Encrypts communication for a session between client and KDC or TS Ticket Granting Ticket (TGT) – access to TGS. Service Ticket – access to Target Service.
104
Lightweight Directory Access Protocol & port
``` Lightweight Directory Access Protocol: Directory based on Subjects (users) and objects (resources) Ports: 389 – Plain LDAP 636 – LDAP-S over SSL 3268 – Global Catalog 3269 – Secure Global Catalog ```
105
IDaaS
IDaaS | Identity As A Service offering cloud based Identity services and management. Example: PingID, OneIdentity, Okta
106
BIOMETRICS Fingerprint: Retina: Iris:
Fingerprint: Widely used, scans minutae. Retina: Scans capillaries at back of eye. Most accurate, but intrusive. Health Risk and privacy issues. Iris: Second most accurate, passive.
107
BIOMETRICS Palm scan: Hand Geometry scan: Voice Print:
Palm scan: Scan’s the veins, establish unique identity without another factor. Hand Geometry scan: Scan’s the length, width and thickness of hand. Not reliable. Voice Print: Voice sampling. Vulnerable to capture and replay of voice.
108
BIOMETRICS Facial Scanning: Keyboard dynamics:
Facial Scanning: Scans facial features against DB. Passive. | Keyboard dynamics: typing style capture (how hard/fast). Change in behavior can cause FRRs.
109
Biometric Accuracy Type I Error Type II Error Crossover Error Rate: (CER)
Type I Error - False Reject Rate: (FRR)Valid authorized user is rejected. Type II Error - False Accept Rate: (FAR) Invalid Unauthorized user is accepted. Crossover Error Rate: (CER) When FRR and FAR are equal. If the CER of a biometric system is not acceptable: Evaluate other biometric systems.
110
SOMETHING YOU HAVE
Synchronous Dynamic Tokens ASynchronous Dynamic Tokens NIST SP800-63B recommends Push notifications over SMS.
111
SOMETHING YOU KNOW
Passwords Passphrases:“IamtheLordofDarkness” NIST SP 800-63B Recommends Compare user passwords against known weak passwords like “password” etc. Don’t enforce complex passwords or users will write it down. Salt passwords with random value and store as hash.
112
AUTHENTICATION FACTORS | TYPE I~IV
AUTHENTICATION FACTORS TYPE I – Something You Know Something that the user knows such as a Password, Passphrase PIN or Response. TYPE II – Something You Have Something that the user has such as a Token, Smartcard. TYPE III – Something You Are Biometric Authentication such as Fingerprint, Retina, Iris, Facial or Hand Geometry scans. TYPE IV – Some place you are GPS, Geolocation, Device
113
TYPES OF ACCESS CONTROL | Preventive
Preventive Prevent or stop unwanted activities from occuring. Ex: Encryption, mantrap, Firewall, security awareness
114
TYPES OF ACCESS CONTROL | Detective
Detective Detect unwanted / unauthorized activities. Ex: CCTV, IDS, EDR, Job rotation, mandatory vacations.
115
TYPES OF ACCESS CONTROL | Corrective
Corrective Restore or resolve problems after security incident. (Short-term recovery – damage isn’t extensive) Ex: AV Scan, Data Restore, IPS TCP Reset
116
TYPES OF ACCESS CONTROL | Deterrent
Deterrent Discourage people from making security violations. Ex: Fences, Guards, Warnings.
117
TYPES OF ACCESS CONTROL | Recovery
Recovery Long term recovery, if damage is extensive. Ex: Backup & restore (ransomware attack), RAID, Load-balancing, System re-imaging.
118
TYPES OF ACCESS CONTROL | Directive
Directive Direct and control user actions. Ex: Acceptable use policy, Exit signs, warnings, procedures.
119
TYPES OF ACCESS CONTROL | Compensating
Compensating Backup access control in case primary fails or not available. Ex: Smartcard – primary, temporary id – secondary.
120
DNP3
DNP3 – multi-layer TCP/IP Protocol that enables Industrial systems such as SCADA to intercommunicate. DNP3 is very good at communicating over low-bandwidth links, making it ideal for utilities, power grids and Oil and Gas management systems. DNP3 supports unsolicited messages that exposes Industrial systems to large remote attack surfaces. The Maroochy-Shire Sewage System attack
121
AirGap
``` AirGap Separation (ideally physical) of Protected systems and the internet. The idea is to prevent internet based attacks. ```
122
ICS Terms | OT – Operational Technology
ICS Terms OT – Operational Technology: computing systems that manage industrial systems. ICS – Industrial Control Systems: systems that are used to monitor and control industrial processes like conveyor belts, power consumption on electric grids. PLC – Programmable Logic Controllers: ruggedized device that manages an ICS. SCADA – Supervisory Control and Data Acquisition: Control and monitor Industrial facilities locally and remotely. MES – Manufacturing Execution Systems: track and document transformation of Raw material to finished goods.
123
ICS Terms | ICS – Industrial Control Systems
ICS Terms OT – Operational Technology: computing systems that manage industrial systems. ICS – Industrial Control Systems: systems that are used to monitor and control industrial processes like conveyor belts, power consumption on electric grids. PLC – Programmable Logic Controllers: ruggedized device that manages an ICS. SCADA – Supervisory Control and Data Acquisition: Control and monitor Industrial facilities locally and remotely. MES – Manufacturing Execution Systems: track and document transformation of Raw material to finished goods.
124
ICS Terms | PLC – Programmable Logic Controllers
ICS Terms OT – Operational Technology: computing systems that manage industrial systems. ICS – Industrial Control Systems: systems that are used to monitor and control industrial processes like conveyor belts, power consumption on electric grids. PLC – Programmable Logic Controllers: ruggedized device that manages an ICS. SCADA – Supervisory Control and Data Acquisition: Control and monitor Industrial facilities locally and remotely. MES – Manufacturing Execution Systems: track and document transformation of Raw material to finished goods.
125
ICS Terms
ICS Terms OT – Operational Technology: computing systems that manage industrial systems. ICS – Industrial Control Systems: systems that are used to monitor and control industrial processes like conveyor belts, power consumption on electric grids. PLC – Programmable Logic Controllers: ruggedized device that manages an ICS. SCADA – Supervisory Control and Data Acquisition: Control and monitor Industrial facilities locally and remotely. MES – Manufacturing Execution Systems: track and document transformation of Raw material to finished goods.
126
ICS Terms | SCADA – Supervisory Control and Data Acquisition
ICS Terms OT – Operational Technology: computing systems that manage industrial systems. ICS – Industrial Control Systems: systems that are used to monitor and control industrial processes like conveyor belts, power consumption on electric grids. PLC – Programmable Logic Controllers: ruggedized device that manages an ICS. SCADA – Supervisory Control and Data Acquisition: Control and monitor Industrial facilities locally and remotely. MES – Manufacturing Execution Systems: track and document transformation of Raw material to finished goods.
127
Phone Hackers are known as ??
Phreakers.
128
SIP (the registration protocol for VOIP)
SIP (the registration protocol for VOIP) uses clear text, if a hacker can capture these messages, that hacker is able to read subscribers' sensitive information such as their public and private identities, and use it to spoof the subscriber.
129
NETWORK SECURITY: EMAIL | SMTP over TLS
SMTP over TLS: encapsulate SMTP traffic between server transmissions to prevent eavesdroppers. Does not protect from the compromise of the server itself. Opportunistic: TLS connection forms if both servers are capable of TLS, or else reverts to Plain-Text. Mandatory: TLS Connection is required else connection is not established.
130
NETWORK SECURITY: EMAIL | DKIM
DKIM: Valid mail is sent by verification of the Domain Identity.
131
NETWORK SECURITY: EMAIL | S/MIME
S/MIME: Provides confidentiality and authentication by encrypting email messages and using Digital signatures to provide authentication of sender using the RSA asymmetric cryptosystem and PKCS (Public Key Cryptography)
132
NETWORK SECURITY: EMAIL | PGP
PGP: Provides confidentiality and authentication by using IDEA for encryption and RSA for Digital signatures and key distribution. Uses a decentralized Trust model.
133
WPA2: Wi-Fi Protected Access 2
WPA2: Wi-Fi Protected Access 2 Uses CCMP (based on AES) to encrypt communications from Client to AP. Used along with EAP to provide Enterprise grade security: EAP-TLS – Every client and Controller/AP has a unique certificate. Server-Client validation. Difficult to deploy and maintain, most secure. PEAP – Client Credentials (typically AD) and Controller certificate. Cert validated before client credentials are sent. Easy to deploy and maintain, good security. 802.11i – RSN (Robust network security)
134
WPA: Wi-Fi Protected Access
WPA: Wi-Fi Protected Access Uses TKIP with RC4 to improve security over WEP. Adds Key regeneration every 10000 packets, IV and key mixing. Limits of 30 users per SSID.
135
Captive Portal
Captive Portal Open network with a captive page ideally used to provide temporary access by hotspots (airport etc.) Open networks, are prone to sniffing, always use a VPN on them. Can be enhanced further by offering Self registration, Sponsor confirmation, billing and advertisements.
136
WEP
WEP Uses RC4, CRC32 for confidentiality and integrity with 24bit IV. Broken in 2001, not at all recommended.
137
Bastion Host
Bastion Host : is a hardened system exposed to the internet to securely expose services to the internet. A Reverse Proxy is also a Bastion Host. Also called Screened Host. Example: An Antivirus server has the same port for management and user updates. If directly exposed, it can lead to attacks on the mgmt. console. A Bastion Host securely exposes only user-updates service and restricts management access from the internet.
138
FIREWALLS | Packet Filter
Packet Filter: Checks an ACL and only the message header to determine access. Is not Stateful. Layer 4.
139
FIREWALLS | Stateful Inspection firewall
Stateful Inspection firewall: Verifies the state (connection originator) and allows access based on IP/Port combination in message header.. Layer 4. (example: A telnet on Port 80 will be allowed if Port 80 (HTTP) is allowed)
140
FIREWALLS | Application Layer Proxy
Application Layer Proxy: Filters Layer 7 content, like a web-filter or a VOIP gateway. Proxies connections on behalf of the client, improving confidentiality and preventing exposure of internal users to the internet.
141
FIREWALLS | Deep Inspection Firewalls
Deep Inspection Firewalls: Filter connections at Layer 7 and add services such as Malware protection, IPS etc.
142
FIREWALLS | Next Generation Firewalls
Next Generation Firewalls: As apps shifted to HTTP/S, firewalls shift focus from Port based to Application based, sampling traffic to determine the actual application (example: A telnet on Port 80 is now categorized as Telnet app)
143
DNS UDP? for ? TCP? for ?
DNS is a hierarchical database with a tree structure. Root -> TLD -> Domain -> Sub-domain. DNS uses UDP Port 53 for lookups, and TCP Port 53 for Zone Transfers.
144
SFTP & SCP port at ?
SFTP – TCP 22: Uses SSH for FTP to make it secure. | SCP – TCP 22: Secure Copy Protocol.
145
L4 UDP
UDP on the other hand is a Connection-less protocol and relies on Application Layer protocols for Reliability. Uses IP Protocol number 17. QUIC is a google protocol that uses UDP for Web traffic, aimed at faster transmission. Block UDP and only allow Apps needed.
146
L4 TCP
TCP is a connection oriented Protocol, that segments Payload/Data received from the higher layers, performs Error Detection and correction and performs the actual session setup. Reliability. TCP uses unique ports from 0-65535 for differentiating application data. Destination are well known ports (such as 80 for HTTP) and source ports are always random. URG – Packet contains Urgent Data. ACK – Acknowledge received Data PSH – Clear Buffer, Push Data to Application Layer. RST – Reset (Tear down) TCP Connection SYN – Synchronise a connection FIN – Graceful Tear down. CWR – Congestion Window Reduced ECE – Explicit Congestion Notification Echo. NS – Nonce Sum
147
L3 ICMP
ICMP: Internet Control Message Protocol is used for IP Investigations of Reachability. ICMPv6 is used for IPv6 ICMP has it’s own Transport layer protocol. IP Protocol number: 1 Important ICMP messages: ICMP Echo Request: Request a reply, check reachability. Type 8 message. ICMP Echo Reply: Reply to an Echo req. Type 0 message. ICMP Time Exceeded: Used in Traceroute to check distance. Destination Unreachable: Router reports that the Destination is unreachable. 0 – Network Unreachable 1 – Host Unreachable 2 – Protocol Unreachable 3 – Port Unreachable ICMP Redirect: Redirects Datagrams or Segments to the correct host.
148
L3 RFC 1918 Addresses Loopback Addresses APIPA Address
RFC 1918 Addresses: Private address, non routable: Class A – 10.0.0.0-10.255.255.255 Class B – 172.16.0.0-172.31.255.255 Class C – 192.168.0.0-192.168.255.255 Loopback Addresses: Test the local TCP/IP stack 127.0.0.1 ( although the whole 127.0.0.0/8 is reserved) APIPA Address: Used by Microsoft Windows, when DHCP IP is not received. 169.254.x.x
149
WAN TYPES | ISDN
ISDN– Digital voice, video, data. BRI – Two data and one control channels – 144kbps. PRI: T1- 23 Data and one control channels – 1.544 Mbps E1 – 30 Data and one Control channel – 2.048 Mbps T3 – 28 bundled T1s – 45 Mbps
150
WAN TYPES | SONET
SONET: Optical network that connects continents.
151
WAN TYPES | DSL
DSL: Digital subscriber Line, symmetric, same upload/download speed. ADSL – Asynchronous DSL, varying Upload and Download speed. VDSL – High bandwidth DSL
152
WAN TYPES | ATM
ATM – Circuit switched network. Each site needs dedicated circuits for connection.
153
WAN TYPES | Frame Relay
Frame Relay – Packet switched network. Frame Relay supports Virtual Circuits – One single physical link can support multiple Private Virtual Circuits to connect to sites.
154
WAN TYPES | MPLS
MPLS – Fast, label-switching WAN, establishes pre-defined routes. Can route to multiple sites over single link without a PVC via routing protocols such as MP-BGP. Adds Label headers and can forward IP and Non-IP Packets.
155
WAN TYPES | SD-WAN
SD-WAN – The cost of dedicated WAN such as MPLS has driven SD-WAN. SD-WAN enables an enterprise to create a WAN fabric across an underlying multi-wan network such as MPLS, Internet etc. SD-WAN enhances traffic delivery by adding auto-failover, congestion detection and application bandwidth optimization.
156
ETHERNET Media Types: 10Base2 – ? 10Base5 – ?
``` ETHERNET Media Types: 10Base2 – Thinnet Coaxial, 2 Mbps 10Base5 – Thicknet Coaxial, 5 Mbps 10BaseT – UTP Cat 5, 10 Mbps, 100m 100BaseT – UTP Cat 5, 100 Mbps, 100m 100BaseFX – Fiber Optic 1000BaseT – UTP Cat 5e/6, 1Gbps, 100m 10GBaseT: Copper 10G on UTP, Cat 7 10GBase-SR/LR/ER: 10G fiber-optic. S = Short Range, L = Long range, E = Extended range. ```
157
ETHERNET Media Types: 10BaseT – ? 100BaseT – ?
``` ETHERNET Media Types: 10Base2 – Thinnet Coaxial, 2 Mbps 10Base5 – Thicknet Coaxial, 5 Mbps 10BaseT – UTP Cat 5, 10 Mbps, 100m 100BaseT – UTP Cat 5, 100 Mbps, 100m 100BaseFX – Fiber Optic 1000BaseT – UTP Cat 5e/6, 1Gbps, 100m 10GBaseT: Copper 10G on UTP, Cat 7 10GBase-SR/LR/ER: 10G fiber-optic. S = Short Range, L = Long range, E = Extended range. ```
158
ETHERNET Media Types: 100BaseFX – ? 1000BaseT – ?
``` ETHERNET Media Types: 10Base2 – Thinnet Coaxial, 2 Mbps 10Base5 – Thicknet Coaxial, 5 Mbps 10BaseT – UTP Cat 5, 10 Mbps, 100m 100BaseT – UTP Cat 5, 100 Mbps, 100m 100BaseFX – Fiber Optic 1000BaseT – UTP Cat 5e/6, 1Gbps, 100m 10GBaseT: Copper 10G on UTP, Cat 7 10GBase-SR/LR/ER: 10G fiber-optic. S = Short Range, L = Long range, E = Extended range. ```
159
ETHERNET Media Types: 10GBaseT: ? 10GBase-SR/LR/ER: ?
``` ETHERNET Media Types: 10Base2 – Thinnet Coaxial, 2 Mbps 10Base5 – Thicknet Coaxial, 5 Mbps 10BaseT – UTP Cat 5, 10 Mbps, 100m 100BaseT – UTP Cat 5, 100 Mbps, 100m 100BaseFX – Fiber Optic 1000BaseT – UTP Cat 5e/6, 1Gbps, 100m 10GBaseT: Copper 10G on UTP, Cat 7 10GBase-SR/LR/ER: 10G fiber-optic. S = Short Range, L = Long range, E = Extended range. ```
160
MAC Addresses
MAC Addresses Mac Addresses are typically 48 bits and burned in from factory. First 24 bits are called OUI – Organizational Unique Identifier and identify the manufacturer of the NIC card – such as Cisco, Juniper, Palo Alto etc. The last 24 bits are the serial number, and unique to each NIC. EUI-64 was created to increase the pool. The OUI is still 24 bits, but the serial number is now 40 bits. IPv6 autoconfiguration is compatible to both MAC Types. Modern OSes allow Mac Addresses to be changed via tools, thus allowing mac addresses to be spoofed. You can quickly look up the OUI of a MAC address for IP Spoofing. (Example: A rogue Cisco router has the same IP as your Sonicwall Firewall). An arp –a on a windows PC will give you clues!
161
Collision Domains
Collision Domains: Two devices send packets at the same time on a shared segment. A Hub is one collision domain, only one device can transmit at a time! A switch breaks collision domains. Every port on a switch is one collision domain.
162
Broadcast Domains
Broadcast Domains: The entire Layer 2 network. Routers break break broadcast domains, VLANs reduce broadcast domains.
163
OSI Payload
Payload is Encapsulated as it travels down from the Transport layer into Segments, Packets, Frames and Bits.
164
Sprinkler Systems: | Wet Pipes – ?
Sprinkler Systems: Wet Pipes – water right up to sprinkler head. Glass bulb melts / breaks at specific temperature. Each head independent. Dry Pipes – Water held back by valve, compressed air in pipe. As head opens, pressure drops and water released. Deluge – Sprinkler heads are always open and larger than dry pipers. Valve opens water flow via manual or fire alarm. Preaction – combination of two, opens via two separate triggers.
165
Sprinkler Systems: | Dry Pipes – ?
Sprinkler Systems: Wet Pipes – water right up to sprinkler head. Glass bulb melts / breaks at specific temperature. Each head independent. Dry Pipes – Water held back by valve, compressed air in pipe. As head opens, pressure drops and water released. Deluge – Sprinkler heads are always open and larger than dry pipers. Valve opens water flow via manual or fire alarm. Preaction – combination of two, opens via two separate triggers.
166
Sprinkler Systems: | Deluge – ?
Sprinkler Systems: Wet Pipes – water right up to sprinkler head. Glass bulb melts / breaks at specific temperature. Each head independent. Dry Pipes – Water held back by valve, compressed air in pipe. As head opens, pressure drops and water released. Deluge – Sprinkler heads are always open and larger than dry pipers. Valve opens water flow via manual or fire alarm. Preaction – combination of two, opens via two separate triggers.
167
Sprinkler Systems: | Preaction – ?
Sprinkler Systems: Wet Pipes – water right up to sprinkler head. Glass bulb melts / breaks at specific temperature. Each head independent. Dry Pipes – Water held back by valve, compressed air in pipe. As head opens, pressure drops and water released. Deluge – Sprinkler heads are always open and larger than dry pipers. Valve opens water flow via manual or fire alarm. Preaction – combination of two, opens via two separate triggers.
168
FIRE DEFENCE | Detection Systems:
Detection Systems: Fixed temperature Rate of rise – speed of temp changes. Flame actuated – infrared energy of flames. Smoke Actuated – photoelectric or radioactive
169
Fire class:A
Ordinary – wood, paper vs Water or Soda Acid
170
Fire class:B
Liquid – petrol etc. vs Halon, FM200, Soda Acid,CO2
171
Fire class:C
Electrical Equipment vs Halon, FM200, CO2
172
Fire class:D
Combustible Metals vs Dry Powder
173
Electricity Fault – ? Blackout – ?
``` Electricity Fault – temporary loss of power. Blackout – prolonged loss of power. Sag – temporary low voltage. Brownout – prolonged low voltage. Surge – prolonged high voltage Spike – temporary high voltage. ```
174
Electricity Sag – ? Brownout – ?
``` Electricity Fault – temporary loss of power. Blackout – prolonged loss of power. Sag – temporary low voltage. Brownout – prolonged low voltage. Surge – prolonged high voltage Spike – temporary high voltage. ```
175
Electricity Surge – ? Spike – ?
``` Electricity Fault – temporary loss of power. Blackout – prolonged loss of power. Sag – temporary low voltage. Brownout – prolonged low voltage. Surge – prolonged high voltage Spike – temporary high voltage. ```
176
Heat, Ventilation & Cooling Humidity – ? Temperature – ?
Heat, Ventilation & Cooling Humidity – 40-60% Temperature – 60-75F (15-23 C degrees) High Humidity – leads to corrosion Low Humidity – leads to Static Electricity. Prevent condensation with a positive drain system.
177
Heat, Ventilation & Cooling High Humidity – leads to ? Low Humidity – leads to ?
Heat, Ventilation & Cooling Humidity – 40-60% Temperature – 60-75F (15-23 C degrees) High Humidity – leads to corrosion Low Humidity – leads to Static Electricity. Prevent condensation with a positive drain system.
178
PHYSICAL SECURITY – ACCESS DEFENSES | Mantrap
Mantrap One door must close, before second opens. Two different authentication forms. Security guard’s may also verify authenticity for second door.
179
PHYSICAL SECURITY – ACCESS DEFENSES | TurnStile
TurnStile | One person per access. Revolving door concept. Authenticated via Smartcard or Security Guard
180
``` PHYSICAL SECURITY – PERIMETER DEFENSES Gates Class 1 – ? Class II – ? Class III – ? Class IV – ? ```
``` Gates Class 1 – Residential Class II – Commercial (parking) Class III – Industrial (loading dock) Class IV – Restricted Access (Airport / Prison) ```
181
``` PHYSICAL SECURITY – PERIMETER DEFENSES Fences 3 feet – ? 6 feet – ? 8 feet with barbed wire – ? ```
Fences 3 feet – Deterrent 6 feet – Deter most intruders. 8 feet with barbed wire – Preventive – deter most determined.
182
Data Diddling / Salami
Data Diddling / Salami – small random, incremental changes to a system or data.
183
Electromagnetic Radiation – TEMPEST
Electromagnetic Radiation – TEMPEST : monitors/keyboard/mice
184
SCADA Security<===protect
SCADA Security: Deploy separate network for SCADA. Deploy endpoint security on SCADA systems. Restrict Management interface access to SCADA / ICS devices. Implement AirGap design.
185
Trusted Paths
Trusted Paths protect data between a user and a security control, such as a login window. Defined by Common Criteria. Protects from attacks such as Login spoofing.
186
Trusted Channels
Trusted Channels protect data on a link or between communicating peers. Protects from attacks like Man in the Middle.
187
APPLETS
APPLETS Act like a program and execute code on user machine rather than on the server. Example: Cisco UCS Manager. Rules/templates config happens locally, only commands sent to server.
188
ACTIVE-X
``` ACTIVE-X Microsoft’s, runs in IE. Full access to system resources. Can perform privileged actions. Restrict Active-X in environment. ```
189
Address Space Layout Randomization
Address Space Layout Randomization Randomize executing memory space of programs. Example: Attacker develops an exploit on his pc for a memory address, won’t work on client as the process address changes due to ASLR.
190
Data Execution Prevention
Data Execution Prevention | Prevent processes from executing instructions in memory locations that are not predefined in the code.
191
MEMORY ADDRESSING | Register Addressing
Register Addressing: used by the CPU to access one of it’s registers to store/ access data in the register.
192
MEMORY ADDRESSING | Immediate(立即) Addressing
Immediate Addressing: Instructions supplied as part of a command that does not require the CPU to fetch anything.
193
MEMORY ADDRESSING | Direct Addressing
Direct Addressing: CPU is given the memory address to fetch instruction.
194
MEMORY ADDRESSING | Indirect Addressing
Indirect Addressing: CPU is given a memory address to another memory address that has the instruction.
195
MEMORY ADDRESSING | Base+Offset Addressing
Base+Offset Addressing: Use a value stored in a register as base, and begin counting using the offset.
196
Primary Memory:
Primary Memory: | Readily available information accessed by the CPU. Temporary. Ex. RAM
197
Volatile(易揮發的):
Volatile(易揮發的): | Temporary. Wiped after power loss. Ex. RAM
198
Random Access:
Random Access: | Info can be randomly accessed based on addresses. Ex. RAM, HDD, Flash
199
Secondary Memory:
Secondary Memory: | Long-term storage. Ex. HDD, SSD, Tape
200
Non-Volatile:
Non-Volatile: | Long-term. Retains data. Ex. HDD
201
Sequential Access:
Sequential Access: | Info has to be accessed in the written sequence. Ex. Tape
202
MEMORY | ROM – ?
ROM – Read-only, non-volatile memory. Content burned in at factory. Non-modifiable. PROM – Programmable Read-only memory: end user/oem burns in chips contents. Only allowed once. EEPROM – Electronically Erasable PROM: Can be erased and re-written via electronic voltages. Only full erase and write functions. Flash Memory – Uses NAND Flash. Can be written and erased in blocks. (single file write/deletes etc.)
203
MEMORY | PROM – ?
ROM – Read-only, non-volatile memory. Content burned in at factory. Non-modifiable. PROM – Programmable Read-only memory: end user/oem burns in chips contents. Only allowed once. EEPROM – Electronically Erasable PROM: Can be erased and re-written via electronic voltages. Only full erase and write functions. Flash Memory – Uses NAND Flash. Can be written and erased in blocks. (single file write/deletes etc.)
204
MEMORY EEPROM – Electronically Erasable PROM: Can be erased and re-written via electronic voltages. Only full erase and write functions. Flash Memory – Uses NAND Flash. Can be written and erased in blocks. (single file write/deletes etc.)
ROM – Read-only, non-volatile memory. Content burned in at factory. Non-modifiable. PROM – Programmable Read-only memory: end user/oem burns in chips contents. Only allowed once. EEPROM – Electronically Erasable PROM: Can be erased and re-written via electronic voltages. Only full erase and write functions. Flash Memory – Uses NAND Flash. Can be written and erased in blocks. (single file write/deletes etc.)
205
MEMORY | Flash Memory – ?
ROM – Read-only, non-volatile memory. Content burned in at factory. Non-modifiable. PROM – Programmable Read-only memory: end user/oem burns in chips contents. Only allowed once. EEPROM – Electronically Erasable PROM: Can be erased and re-written via electronic voltages. Only full erase and write functions. Flash Memory – Uses NAND Flash. Can be written and erased in blocks. (single file write/deletes etc.)
206
MEMORY | CACHE – ?
CACHE – volatile, used to store frequently accessed data. CPU’s have L1 and L2 cache which are registers that store information which the ALU executes. Registers – Any data ALU manipulates must be inside a register. Static RAM – Uses Flip-Flops to store volatile data, refreshed at power outage. Expensive. Dynamic RAM – Uses Registers to store volatile data, CPU must constantly refresh via electric voltages. Inexpensive. Flash Memory – Uses NAND Flash. Can be written and erased in blocks. (single file write/deletes etc.)
207
MEMORY | Registers – ?
CACHE – volatile, used to store frequently accessed data. CPU’s have L1 and L2 cache which are registers that store information which the ALU executes. Registers – Any data ALU manipulates must be inside a register. Static RAM – Uses Flip-Flops to store volatile data, refreshed at power outage. Expensive. Dynamic RAM – Uses Registers to store volatile data, CPU must constantly refresh via electric voltages. Inexpensive. Flash Memory – Uses NAND Flash. Can be written and erased in blocks. (single file write/deletes etc.)
208
MEMORY | Static RAM – ?
CACHE – volatile, used to store frequently accessed data. CPU’s have L1 and L2 cache which are registers that store information which the ALU executes. Registers – Any data ALU manipulates must be inside a register. Static RAM – Uses Flip-Flops to store volatile data, refreshed at power outage. Expensive. Dynamic RAM – Uses Registers to store volatile data, CPU must constantly refresh via electric voltages. Inexpensive. Flash Memory – Uses NAND Flash. Can be written and erased in blocks. (single file write/deletes etc.)
209
MEMORY | Dynamic RAM – ?
CACHE – volatile, used to store frequently accessed data. CPU’s have L1 and L2 cache which are registers that store information which the ALU executes. Registers – Any data ALU manipulates must be inside a register. Static RAM – Uses Flip-Flops to store volatile data, refreshed at power outage. Expensive. Dynamic RAM – Uses Registers to store volatile data, CPU must constantly refresh via electric voltages. Inexpensive. Flash Memory – Uses NAND Flash. Can be written and erased in blocks. (single file write/deletes etc.)
210
MEMORY | Flash Memory – ?
CACHE – volatile, used to store frequently accessed data. CPU’s have L1 and L2 cache which are registers that store information which the ALU executes. Registers – Any data ALU manipulates must be inside a register. Static RAM – Uses Flip-Flops to store volatile data, refreshed at power outage. Expensive. Dynamic RAM – Uses Registers to store volatile data, CPU must constantly refresh via electric voltages. Inexpensive. Flash Memory – Uses NAND Flash. Can be written and erased in blocks. (single file write/deletes etc.)
211
CPU States
Ready: Process is ready to begin processing, CPU is not available. Waiting: Process is waiting for device or access request (interrupt) to continue processing. Running: Process is executing, Problem state in which CPU is trying to solve problem until it’s solved, blocked or time-slice expires. Supervisory: Process requires greater privileges, any function not executing in Ring 3. Stopped: Process finishes or terminates.
212
Multi-tasking:
Multitasking handles multiple processes on a single processor by switching between them using the operating system. Multiprocessing uses multiple processors to perform multiple processes simultaneously. SMP: Symmetric Multiprocessing – single OS, multiple CPUs on shared memory and databus. MPP: Massively Parallel Processing – One OS per CPU, with software that coordinates activities and processing. Multiprogramming requires modifications to the underlying applications. Multithreading runs multiple threads within a single process.
213
Multi-threading:
Multitasking handles multiple processes on a single processor by switching between them using the operating system. Multiprocessing uses multiple processors to perform multiple processes simultaneously. SMP: Symmetric Multiprocessing – single OS, multiple CPUs on shared memory and databus. MPP: Massively Parallel Processing – One OS per CPU, with software that coordinates activities and processing. Multiprogramming requires modifications to the underlying applications. Multithreading runs multiple threads within a single process.
214
Multi-processing:
Multitasking handles multiple processes on a single processor by switching between them using the operating system. Multiprocessing uses multiple processors to perform multiple processes simultaneously. SMP: Symmetric Multiprocessing – single OS, multiple CPUs on shared memory and databus. MPP: Massively Parallel Processing – One OS per CPU, with software that coordinates activities and processing. Multiprogramming requires modifications to the underlying applications. Multithreading runs multiple threads within a single process.
215
Multi-Programming:
Multitasking handles multiple processes on a single processor by switching between them using the operating system. Multiprocessing uses multiple processors to perform multiple processes simultaneously. SMP: Symmetric Multiprocessing – single OS, multiple CPUs on shared memory and databus. MPP: Massively Parallel Processing – One OS per CPU, with software that coordinates activities and processing. Multiprogramming requires modifications to the underlying applications. Multithreading runs multiple threads within a single process.
216
TCB Security Perimeter Reference Monitor Security Kernel
TCB Security Perimeter Delineates the Trusted and the Untrusted components within a computer system. Isolates the TCB. Reference Monitor The reference monitor is an abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification. Security Kernel Enforces the Reference monitor concept. Must facilitate isolation of process. Enforces the rules defined by the Reference monitor.
217
Certification vs Accreditation?
Certification是一種技術評審,用於評估安全機制並評估其有效性。 | Accreditation是管理層對認證過程結果中的信息的正式接受。
218
Certification vs Accreditation? -2
Certified是對安全組件及其符合認證目的的合規性的全面技術評估。認證過程可以使用保障評估,風險分析,驗證,測試和審核技術來評估特定係統的適用性。 ACCREDITATION是管理層正式接受系統的整體安全性和功能性。 認證信息將提交給管理層或負責機構,由管理層提出問題,審核報告和調查結果,並決定是否接受產品以及是否需要採取任何糾正措施。
219
CERTIFICATION
CERTIFICATION Certified to meet security requirements of the Data Owner. Considers the system, security measures and the residual risk. (Certified by the manufacturer to state what the system does)
220
ASSURANCE
ASSURANCE Systems have designs accepted, development stages analyzed, reviewed, tested and evaluated. (Assurance is the analysis of how a system is made)
221
ACCREDITATION
ACCREDITATION | Data Owners acceptance of the certification and the residual risk before the system is put in production.
222
``` COMMON CRITERIA Target of Evaluation (ToE): Protection Profile: Security Target: Evaluation Assurance Level (EAL): ```
Target of Evaluation (ToE): System or product that is being evaluated. Protection Profile: Independent Set of objectives and requirements for a specific category of products or systems, such as encryption software or firewalls. Protection Profile is the “I want” from a customer perspective. Security Target: documentation describing the ToE, with the security requirements and operational environment. Security Target is the “What I can do” from the vendor’s perspective. Evaluation Assurance Level (EAL): The evaluation score of the tested product.
223
COMMON CRITERIA EAL1 – ? EAL2 – ?
EAL1 – Functionally Tested EAL2 – Structurally Tested EAL3 – Methodically Tested and Checked EAL4 – Methodically Designed, tested and reviewed. EAL5 – Semi-formally designed and tested EAL6 – Semi-formally verified, designed and tested EAL7 – Formally verified, designed and tested.
224
COMMON CRITERIA EAL3 – ? EAL4 – ?
EAL1 – Functionally Tested EAL2 – Structurally Tested EAL3 – Methodically Tested and Checked EAL4 – Methodically Designed, tested and reviewed. EAL5 – Semi-formally designed and tested EAL6 – Semi-formally verified, designed and tested EAL7 – Formally verified, designed and tested.
225
COMMON CRITERIA EAL5 – ? EAL6 – ?
EAL1 – Functionally Tested EAL2 – Structurally Tested EAL3 – Methodically Tested and Checked EAL4 – Methodically Designed, tested and reviewed. EAL5 – Semi-formally designed and tested EAL6 – Semi-formally verified, designed and tested EAL7 – Formally verified, designed and tested.
226
COMMON CRITERIA | EAL7 – ?
EAL1 – Functionally Tested EAL2 – Structurally Tested EAL3 – Methodically Tested and Checked EAL4 – Methodically Designed, tested and reviewed. EAL5 – Semi-formally designed and tested EAL6 – Semi-formally verified, designed and tested EAL7 – Formally verified, designed and tested.
227
TCSEC
``` TCSEC published in 1980, called the Orange Book, is made up of Divisions and Classes. Higher class number is better security. B3 is more secure than B1. Division D – Minimal Protection Division C – Discretion Security C1 – Discretionary Security Protection C2 – Controlled Access Protection Division B – Mandatory Protection B1 – Labeled Security Protection B2 – Structured Protection B3 – Security Domains Division A – Verified Protection A1 – Verified Design. TNI – Trusted Network, the Red Book, Interpretation applies TCSEC concepts to the network. ```
228
European ITSEC
European ITSEC is the first international evaluation model. Separates Functionality – F: how well a system works Assurance – Ability to evaluate. Assurance is measured by Effectiveness (Q) and Correctness (E) Class ratings are compared in a followup section. Additional functionality ratings include: F-IN – High Integrity Requirements AV – High Availability Requirements DI – High Integrity Requirements for networks. DC – High Confidentiality Requirements for networks DX – High integrity and confidentiality for networks.
229
Brewer-Nash
Brewer-Nash – Chinese Wall model. Used for designed to avoid conflicts of interest. Prohibits access to a subject (like a consultant) from accessing multiple conflict of interest categories.(防止監守自盜、球員兼裁判) Brewer Nash model requires Properly identified subjects One or more datasets Class definitions related to conflict of interest for all datasets.
230
Access Control Matrix ACL Capability table
Access Control Matrix: Table that defines access permissions between subjects and objects. Remember: ACL are Object focused and has a list of subjects who are granted access to the object. Capability table is Subject focused and has a list of actions that a subject can perform.
231
Clark-Wilson – focused on ?
Clark-Wilson – focused on Integrity Enforces security by using a three-part structure with Security Labels. Subject -> Interface -> Object (The Restricted Interface Model) Example: A Data entry user modifies the Database via the SAP Web Interface. Enforces Well formed transactions & Separation of Duties: Prevents Unauthorized subjects from making modifications. Prevents authorized subjects from making unauthorized modifications to objects. Separation of functions – different functions will be available to user based on class of user. Common model in Commercial Systems.
232
BIBA: Focused on ?
BIBA: Focused on Integrity. The idea behind is to ensure that Data is trustworthy. Simple Integrity Property=>No Read Down Subject cannot read lower than clearance. (so as not to read untrustworthy data) * Integrity Property=>No Write Up Subject cannot writer higher than clearance (so as to not input untrustworthy data.) Invocation Property=>No invoke Processes cannot call upon/request subjects at a higher clearance.
233
BELL-LAPADULA: Focused on ?
BELL-LAPADULA: Focused on Confidentiality. Simple Security Property=>No Read Up Subject cannot read higher than clearance but can read down. * Security Property=>No Write Down Subject cannot writer lower than clearance but can write up. (so as to not leak data writing to a lower level.) Can violate for Declassification Strong * Property=>No Read/Write Up or Down Subject with read/write cannot read/write above or below clearance. Only same clearance allowed.
234
``` Take-Grant model Take –? Grant – ? Create – ? Remove – ? ```
Take-Grant model Take – take control of an object Grant – grants rights to an object Create – allow subject to create new rights Remove – allow subject to remove rights it has
235
CRL – ? | OCSP – ?
CRL – Static list with Serial numbers of revoked certs. | OCSP – OCSP request to CA to verify validity.
236
HMAC
HMAC – Hashed Message Authentication Code Only guarantees Integrity of a message. Uses a Shared key – only communicators who know the shared key can create, or verify the digital signature. No Non-repudiation or authentication – as anybody with the key can generate the message.
237
DSS
DSS – Digital Signature Standard Provides Non-Repudiation, Authentication and Integrity. NIST Specified standard under FIPS-186-4 Specifies that Digital Signature algorithms MUST use SHA-3 for Hashing functions. Specifies the approved Encryption Algorithms: Digital Signature Algorithm (DSA) – FIPS 186-4 Rivest-Shamir-Adleman (RSA) – ANSI X9.31 Elliptic-Curve DSA (ECDSA) – ANSI X9.62
238
HAVAL
HAVAL – Hash of Variable Length Modification of MD5. Uses 1024-bit block size to produce 128, 160,192, 224 and 256bit message digests.
239
MD5
MD5 – Message Digest 5 Processes 512-bits blocks of messages with four different computations to produce 128-bits message digest. Insecure – Subject to collision attacks.
240
Diffie-Hellman
Diffie-Hellman – The Key Exchange Algorithm Used to exchange keys where there is no Public Key infrastructure or Offline Key distribution mechanism. Used by SSL and SSH, where only the Server has both a Public and Private key, but not the user.
241
Diffie-Hellman DH Group 1 ? bits DH Group 2 ? bits DH Group 5 ? bits
Diffie-Hellman DH Group 1 768 bits DH Group 2 1024 bits DH Group 5 1536 bits
242
RSA
RSA – based on Prime Number factorization. 2000 freely available in the public Domain. Each user of the cryptosystem generates a public and a private key. El Gamal – based on a Standard Discrete Logarithm problem. an extension of the Diffie-Hellman algorithm. Freely available to use. Doubles the length of any encrypted message, increases size.
243
El Gamal
RSA – based on Prime Number factorization. 2000 freely available in the public Domain. Each user of the cryptosystem generates a public and a private key. El Gamal – based on a Standard Discrete Logarithm problem. an extension of the Diffie-Hellman algorithm. Freely available to use. Doubles the length of any encrypted message, increases size.
244
IDEA
IDEA – International Data Encryption Algorithm Operates on 64bit blocks of plaintext/ciphertext. Uses 128 bit key. Broken into 52 16-bit subkeys. Operates on same modes as DES – EBC, CBC, CFB, OFB, CTR
245
BlowFish
BlowFish Allows variable length keys from 32 bits to 448 bits. Operates on 64bit blocks of plaintext/ciphertext. Faster than DES and IDEA
246
AES
NIST chose RJINDAEL as replacement for DES in 2001. FIPS 197 mandates the use of AES/RJINDAEL for encryption of all sensitive but unclassified data by the U.S. Government. RJINDAEL enables cryptographers to use a block size equal to the key length. 128-bit keys require 10 rounds of encryption 192-bit keys require 12 rounds of encryption 256-bit keys require 14 rounds of encryption
247
3DES
3DES stands for Triple DES. Performs 48 rounds of encryption. 3DES Modes EEE3 – Encrypts Plaintext using three different keys with a length of 168 bits : E(K1,E(K2,E(K3,P))) EDE3 – Encrypt Decrypt Encrypt operation with three keys: E(K1,D(K2,E(K3,P))) EEE2 – Encrypts using 2 Keys three times, with length of 112 bits: E(K1,E(K2,E(K1,P))) EDE2 – Encrypt Decrypt Encrypt operation with two keys: E(K1,D(K2,E(K1,P)))
248
DES | Electronic Code Book – ?
DES – Data Encryption Standard, based on 64 bit block size and 56 bit key. DES performs 16 rounds of encryption. Electronic Code Book – Least Secure. Encrypts a block with the secret key. If same block is found, same ciphertext is generated.
249
DES | Cipher Block Chaining Mode – ?
DES – Data Encryption Standard, based on 64 bit block size and 56 bit key. DES performs 16 rounds of encryption. Cipher Block Chaining Mode – Each block of Plaintext is XOR’ed with the preceding Ciphertext, and then encrypted by DES. The first block of text is XOR’ed with an IV and then encrypted, generating unique output every time. IV needs to be shared with the recipient. Errors propagate – if one block is corrupted, entire transmission is corrupted.
250
DES | Cipher Feedback Mode – ?
DES – Data Encryption Standard, based on 64 bit block size and 56 bit key. DES performs 16 rounds of encryption. Cipher Feedback Mode – uses memory buffer instead of blocks to perform streaming CBC. Errors propagate.
251
DES | Output Feedback Mode –?
DES – Data Encryption Standard, based on 64 bit block size and 56 bit key. DES performs 16 rounds of encryption. Output Feedback Mode – XOR’s plaintext with a seed value. No chaining functions, and transmission errors do not corrupt future blocks.
252
DES | Counter Mode –?
DES – Data Encryption Standard, based on 64 bit block size and 56 bit key. DES performs 16 rounds of encryption. Counter Mode – uses a counter that increments at each operation. Errors do not propagate. (suited for parallel computing as it breaks encryption & decryption operations into multiple independent steps.
253
Block Cipher
Block Cipher – Block ciphers operate on chunks of the message called blocks. Transposition ciphers are an example of Block Ciphers. Modern encryption algorithms work on Blocks (block size) Stream Cipher – Operates on one bit or character of the message at a time. Can also be block ciphers by using buffers. RC4 is a Stream Cipher. Example: Atbash or Onetime pads are examples of Stream cipher, as they work on each character at a time.
254
Stream Cipher
Block Cipher – Block ciphers operate on chunks of the message called blocks. Transposition ciphers are an example of Block Ciphers. Modern encryption algorithms work on Blocks (block size) Stream Cipher – Operates on one bit or character of the message at a time. Can also be block ciphers by using buffers. RC4 is a Stream Cipher. Example: Atbash or Onetime pads are examples of Stream cipher, as they work on each character at a time.
255
Split Knowledge | M of N control.
Split Knowledge – split the knowledge to access a system among two people. M of N control. M of N Control = (m)inimum agents required out of (n) to perform high-security tasks. Example: Ashish and Samir each knows 8 bits of a 16 bit key to open the ATM machine.
256
Kerchoff Principle
Kerchoff Principle – Everything about the system is public (algorithm, deciphering etc). The encryption is secure because key’s are unique. This enables a cryptographic system to be tested by the community and identify vulnerabilities.
257
Baselines
Baselines – NIST SP800-53 Ensure a minimum security standard and starting point for security controls. Example: Disable unsecure protocols Telnet and HTTP on routers provides a minimum access security configuration.
258
Scoping
Scoping – Reviewing baselines and selecting relevant controls to the system or organization. Rejected as not relevant. Example: A Router hardening baseline may require to you implement an access-list to deny access to the webserver on the router. However if your router does not have an embedded HTTP Server, you choose not implement this control.
259
Tailoring
Tailoring(裁縫) – Tailoring the baseline to fit the organizations requirements. Baseline rejected as unable to implement and a compensating control implemented. Example: The organization uses low-cost routers at remote branches which only have HTTP management capability, and this cannot deny access to the embedded HTTP Server. However the organization selects a compensating control such as allowing access to the HTTP server only from the IT Subnet.
260
Standards
Standards | Comply with standards relevant to the industry the organization operates in such as PCI DSS, GLBA, SOX, HIPAA, DPD etc.
261
Pseudonymization(?):
Pseudonymization(假名化): Use pseudonyms to represent data. Prevents data from being identified directly. GDPR refers to pseudonymization as replacing data with artificial identifiers. Pseudonymization & Tokenization is reversible, meaning that with another set of data the original data can still be identified.. Anonymization (Masking) is irreversible.
262
Anonymization(?):
Anonymization(匿名化): If personal data is not needed, anonymization removes relevant data to make it impossible to identify the original subject or person. GDPR no longer relevant for anonymized data. Masking is an effective anonymization method: Swaps data in individual data columns, no longer representing the actual data. Pseudonymization & Tokenization is reversible, meaning that with another set of data the original data can still be identified.. Anonymization (Masking) is irreversible.
263
Data Owner
Data Owner The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises. This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data owner approves access requests or may choose to delegate this function to business unit managers. And the data owner will deal with security violations pertaining to the data she is responsible for protecting. The data owner, who obviously has enough on her plate, delegates responsibility of the day-to-day maintenance of the data protection mechanisms to the data custodian.
264
Asset / System Owner
Asset / System Owner Owns the IT systems on which Data resides and is processed. E.g. Systems Manager Develops and maintains system security plan to ensure system is secured, and operated according to the security requirements. Ensures system users and support personnel receive appropriate training. Assists in identification, selection and assessment of security controls.
265
Mission / Business Owner
Mission / Business Owner Ensure that systems provide value to the organization. Owns the processes that use the systems. E.g. Sales teams using SAP. NIST 800-18 refers as Program Owner or Information Systems Owner. Responsible to ensure that security controls are not misguided or impacting business.
266
Data Custodian
Data Custodian The data custodian (information custodian) is responsible for maintaining and protecting the data. This role is usually filled by the IT or security department, and the duties include implementing and maintaining security controls; performing regular backups of the data; periodically validating the integrity of the data; restoring data from backup media; retaining records of activity; and fulfilling the requirements specified in the company’s security policy, standards, and guidelines that pertain to information security and data protection.
267
Data Processor
Data Processor An individual, system or organization that processes data on behalf of the Data Controller. E.g. Panauti Systems (Data Controller) outsources physical application form input to Eventman Technologies (Data Processor)
268
Data Controller
Data Controller Controls the use of Data Required Role for GDPR.
269
Erasing
Erasing: Performs delete operations on file, but does not delete actual data. Data can be recovered by recovery tools. Clearing: Overwrites deleted data with dummy bits (single character or patterns) to make data irrecoverable. However bad sectors and SSDs may retain data, making this technique less effective. Degaussing: Rewrites magnetic media with a heavy magnetic field. Works on backup tapes, hdd or floppy drives. Only Tapes can be reused, Destroys HDDs. Purging: Repeats the “clearing” process multiple times and may use another process (degaussing) to completely remove data. Degrading from Confidential to Unclassified requires Purging. Declassifying: Efforts required to secure and declassify media costs more than new media for a lower classification level, so many organizations choose not to declassify. Declassification requires Purging. Sanitization: Ensures that Data cannot be recovered by using a combination of processes – verifying purging, verifying any media is not present in a system before it is scrapped, verifying destruction of hdds etc. Destruction: destroying media via incineration, crushing, shredding, disintegration, dissolving.
270
Clearing
Erasing: Performs delete operations on file, but does not delete actual data. Data can be recovered by recovery tools. Clearing: Overwrites deleted data with dummy bits (single character or patterns) to make data irrecoverable. However bad sectors and SSDs may retain data, making this technique less effective. Degaussing: Rewrites magnetic media with a heavy magnetic field. Works on backup tapes, hdd or floppy drives. Only Tapes can be reused, Destroys HDDs. Purging: Repeats the “clearing” process multiple times and may use another process (degaussing) to completely remove data. Degrading from Confidential to Unclassified requires Purging. Declassifying: Efforts required to secure and declassify media costs more than new media for a lower classification level, so many organizations choose not to declassify. Declassification requires Purging. Sanitization: Ensures that Data cannot be recovered by using a combination of processes – verifying purging, verifying any media is not present in a system before it is scrapped, verifying destruction of hdds etc. Destruction: destroying media via incineration, crushing, shredding, disintegration, dissolving.
271
Degaussing
Erasing: Performs delete operations on file, but does not delete actual data. Data can be recovered by recovery tools. Clearing: Overwrites deleted data with dummy bits (single character or patterns) to make data irrecoverable. However bad sectors and SSDs may retain data, making this technique less effective. Degaussing: Rewrites magnetic media with a heavy magnetic field. Works on backup tapes, hdd or floppy drives. Only Tapes can be reused, Destroys HDDs. Purging: Repeats the “clearing” process multiple times and may use another process (degaussing) to completely remove data. Degrading from Confidential to Unclassified requires Purging. Declassifying: Efforts required to secure and declassify media costs more than new media for a lower classification level, so many organizations choose not to declassify. Declassification requires Purging. Sanitization: Ensures that Data cannot be recovered by using a combination of processes – verifying purging, verifying any media is not present in a system before it is scrapped, verifying destruction of hdds etc. Destruction: destroying media via incineration, crushing, shredding, disintegration, dissolving.
272
Purging
Erasing: Performs delete operations on file, but does not delete actual data. Data can be recovered by recovery tools. Clearing: Overwrites deleted data with dummy bits (single character or patterns) to make data irrecoverable. However bad sectors and SSDs may retain data, making this technique less effective. Degaussing: Rewrites magnetic media with a heavy magnetic field. Works on backup tapes, hdd or floppy drives. Only Tapes can be reused, Destroys HDDs. Purging: Repeats the “clearing” process multiple times and may use another process (degaussing) to completely remove data. Degrading from Confidential to Unclassified requires Purging. Declassifying: Efforts required to secure and declassify media costs more than new media for a lower classification level, so many organizations choose not to declassify. Declassification requires Purging. Sanitization: Ensures that Data cannot be recovered by using a combination of processes – verifying purging, verifying any media is not present in a system before it is scrapped, verifying destruction of hdds etc. Destruction: destroying media via incineration, crushing, shredding, disintegration, dissolving.
273
Declassifying
Erasing: Performs delete operations on file, but does not delete actual data. Data can be recovered by recovery tools. Clearing: Overwrites deleted data with dummy bits (single character or patterns) to make data irrecoverable. However bad sectors and SSDs may retain data, making this technique less effective. Degaussing: Rewrites magnetic media with a heavy magnetic field. Works on backup tapes, hdd or floppy drives. Only Tapes can be reused, Destroys HDDs. Purging: Repeats the “clearing” process multiple times and may use another process (degaussing) to completely remove data. Degrading from Confidential to Unclassified requires Purging. Declassifying: Efforts required to secure and declassify media costs more than new media for a lower classification level, so many organizations choose not to declassify. Declassification requires Purging. Sanitization: Ensures that Data cannot be recovered by using a combination of processes – verifying purging, verifying any media is not present in a system before it is scrapped, verifying destruction of hdds etc. Destruction: destroying media via incineration, crushing, shredding, disintegration, dissolving.
274
Sanitization
Erasing: Performs delete operations on file, but does not delete actual data. Data can be recovered by recovery tools. Clearing: Overwrites deleted data with dummy bits (single character or patterns) to make data irrecoverable. However bad sectors and SSDs may retain data, making this technique less effective. Degaussing: Rewrites magnetic media with a heavy magnetic field. Works on backup tapes, hdd or floppy drives. Only Tapes can be reused, Destroys HDDs. Purging: Repeats the “clearing” process multiple times and may use another process (degaussing) to completely remove data. Degrading from Confidential to Unclassified requires Purging. Declassifying: Efforts required to secure and declassify media costs more than new media for a lower classification level, so many organizations choose not to declassify. Declassification requires Purging. Sanitization: Ensures that Data cannot be recovered by using a combination of processes – verifying purging, verifying any media is not present in a system before it is scrapped, verifying destruction of hdds etc. Destruction: destroying media via incineration, crushing, shredding, disintegration, dissolving.
275
Destruction
Erasing: Performs delete operations on file, but does not delete actual data. Data can be recovered by recovery tools. Clearing: Overwrites deleted data with dummy bits (single character or patterns) to make data irrecoverable. However bad sectors and SSDs may retain data, making this technique less effective. Degaussing: Rewrites magnetic media with a heavy magnetic field. Works on backup tapes, hdd or floppy drives. Only Tapes can be reused, Destroys HDDs. Purging: Repeats the “clearing” process multiple times and may use another process (degaussing) to completely remove data. Degrading from Confidential to Unclassified requires Purging. Declassifying: Efforts required to secure and declassify media costs more than new media for a lower classification level, so many organizations choose not to declassify. Declassification requires Purging. Sanitization: Ensures that Data cannot be recovered by using a combination of processes – verifying purging, verifying any media is not present in a system before it is scrapped, verifying destruction of hdds etc. Destruction: destroying media via incineration, crushing, shredding, disintegration, dissolving.
276
PII
PII – Personally Identifiable Information – specified by NIST SP-800-122 information to identify or trace an individual such as name, social-security number, place and date of birth, mother’s maiden name, biometric records. Information that can be linked to an individual such as financial, work, health and educational.
277
PHI
PHI – Personal Health Information – specified by HIPAA Information created or received by a healthcare provider, health plan, public health authority, life insurer, healthcare clearing house, employer, school or university. Relates to past, present or future physical or mental health conditions of individual, or past, present and future payment to provision health care to an individual.
278
Government / Military Model
Top Secret Secret Confidential Unclassified
279
Corporate Model
Confidential / Propreitary Private Sensitive Public
280
Encryption Export Controls
Encryption Export Controls Limits US companies from exporting and selling high-security encryption technologies to countries suspected of terrorism, pose a nuclear threat or not agreeing to the WAASENAR agreement.
281
International Traffic in Arms Regulations (ITAR)
International Traffic in Arms Regulations (ITAR) | Controls export of military or Defence items, appearing on United States Munitions List (USML)
282
Digital Millennium Copy Right Act:
Literary, Musical, Dramatic, Pantomimes/Choreographic, Pictorial/Sculptural/Graphical, Motion Pictures/AV, Sound recordings and Architectural works. Computer software under literary works, protects actual source code. Not the idea or process. Exemption(豁免) from DMCA: Transmission must be initiated by person other than the Service Provider. Transmission, routing, provision of connections or copying must be carried out by an automated technical process without selection of material by the service provider. The Service provider must not determine the recipients of the material. Any intermediate copies (caching) must not ordinarily be accessible to any one other than the anticipated recipients and must not be retained for longer than reasonably necessary by the service provider. The material must be transmitted with no modification of the content.
283
INTELLECTUAL PROPERTY - DEFINITIONS | Copyright
Copyright - U.S. Copyright Office Protects works from unauthorized duplication. Applies to: Literary, musical, movie, pictorial, sound, architectural works. Software source codes and look and feel can be copyrighted – not the idea. Works are protected until 70 years after death of the author. 75 years for organizations. Copyrights are protected by the DMCA – Digital Millennium Copyright Act.
284
INTELLECTUAL PROPERTY - DEFINITIONS | Trade Mark
Trade Mark - US Patents and Trademarks Office. Trademarks protect words, slogans or logo’s that identify a Brand (a company and it’s services.) Trademarks are granted for 10 years but renewable indefinitely. Unregistered Trademarks have the TM symbol and the registered have ® symbol.
285
INTELLECTUAL PROPERTY - DEFINITIONS | Patents
Patents - US Patents and Trademarks Office. Protect intellectual property rights of inventors. Period of 20 years where the inventor has exclusive rights to his invention. Non-renewable, hence shortest duration.
286
INTELLECTUAL PROPERTY - DEFINITIONS | Trade Secret
Trade Secret Trade secrets are absolutely critical to business and leakage could destroy the business (McDonald’s secret sauce) Is not registered with anyone as it could lead to disclosure which could lead to copy. Companies must enforce their own protection of data to ensure it doesn’t get exposed. Trade secrets are protected by the Economic Espionage Act.(經濟間諜法)
287
INTELLECTUAL PROPERTY - DEFINITIONS | Licensing
Licensing | Protected by UCITA, making licensing terms are legal contracts, and opt-out capabilities.
288
EUROPEAN UNION – PRIVACY SHIELD
Notice – inform individuals about the purposes for which it collects and uses information about them. Also inform about rights. Choice – offer the user the choice to opt-out. Accountability of Onward Transfer – Organizations can only transfer data with other Organizations that comply to Notice and Choice principles. Security – Proper mechanisms to protect data loss, misuse and unauthorized disclosure to protect personal data. Data integrity and Purpose Limitation – Only collect data that is needed for processing purposes as identified in Notice. Organization also responsible to take reasonable steps to ensure data is accurate, complete and current. Access – Individuals must have access to any records containing their personal information. Also have the ability to correct, amend or delete information when it is inaccurate. Recourse, Enforcement and Liability– implement mechanisms to ensure compliance with principles and provide mechanisms to handle individual complaints with a response to any complaints within 45 days, agree to an appeal process including binding arbitration.
289
EUROPEAN UNION - GDPR
GDPR applies to all organizations that collect data from EU residents or process information on behalf of someone who collects it, even if the organization itself is not based in the EU: Data Breach notification to inform authorities of SERIOUS DATA BREACHES within 24 hours. Creation of Centralized data protection authorities in each EU Member state. Provisions that individuals will have access to their own data. Data Portability provisions that facilitate the transfer of PII between service providers at the individual’s request. Right to be forgotten – allows people to require companies to delete their information if it is no longer needed. Organizations need to appoint a Data Protection Officer who is responsible to oversee the data protection strategy and implementation compliance to GDPR requirements.
290
EUROPEAN UNION - GDPR | Data Controller
Data Controller Determines the purposes and means for collecting and processing of personal Data. Shall use processors that will meet GDPR regulation requirements to safeguard PII E.g: A bank collecting account information
291
EUROPEAN UNION - GDPR | Data Processor
Data Processor Processes data on behalf of the controller based on documented instruction of the controller. E.g: Organization that digitizes and archives data on behalf of the bank.
292
DATA BREACH NOTIFICATION LAWS | California SB 1386 - 2002
``` California SB 1386 - 2002 Unencrypted Data Exposure or Breach of: Social Security Number Drivers License State Identification Number Credit or Debit Card Number Bank Account Number with Access password/PIN Medical Records Health Insurance Information ```
293
US PRIVACY LAWS | 4th Amendment
4th Amendment | Prohibits Government agents from searching private property without a warrant and probable clause.
294
US PRIVACY LAWS | Privacy Act of 1974(Federal Privacy Act of 1974)
Privacy Act of 1974(Federal Privacy Act of 1974) Mandates that agencies maintain only records that are necessary for conducting business and they destroy those records when they are no longer needed for a legitimate Government function. Procedure for individuals to gain access to records that the Government maintains about them and a request to change incorrect records.
295
US PRIVACY LAWS | Electronics Communications Privacy Act of 1986
Electronics Communications Privacy Act of 1986 Prohibits interception or disclosure of electronic communication. Defines situations in which disclosure of such is legal. Protects against monitoring of email and voicemail communications and prevent those service providers (e.g. gmail) from making unauthorized disclosures of those contents. Makes it illegal to monitor telephone conversations.
296
US PRIVACY LAWS | USA PATRIOT 2001
USA PATRIOT 2001 - Terrorism Focused. Agencies can gain Wiretapping authorization – blanket authorization against a person to monitor all communications to and from that person. ISPs may voluntarily provide the government with information. Allows the government to obtain detailed info on user activity through a subpoena.
297
US PRIVACY LAWS | COPPA
Childrens Online Privacy Protection Act (COPPA) of 2000 | Age of consent 13 years – Parents must give consent for data collected of children below 13 years of age.
298
US PRIVACY LAWS | FERPA
FERPA | Applies to student records. Requires student consent for records disclosure
299
SSAE18: REPORTS | SOC-1
Based on ISAE 3402 International standard, supersedes SAS 70 Auditing Standard SOC-1 – Financial control information Only.
300
SSAE18: REPORTS | SOC-2
Based on ISAE 3402 International standard, supersedes SAS 70 Auditing Standard SOC-2 – Provide details on controls, procedures and issues. Released under NDA. Type-1 – Report of procedures or controls an organization has put in place as of at a point in time. Organization’s attestation. Example: What security measures are in place to protect data center as on today’s date? Type-2 – Period based audit report, how the organization operated it’s controls over the period of 6 months, actual testing to determine effectiveness, and auditors opinion based on description. More Reliable Report, preferred. Example: How was security for the data center operated and maintained?
301
SSAE18: REPORTS | SOC-3
Based on ISAE 3402 International standard, supersedes SAS 70 Auditing Standard SOC-3 – Report by a 3rd Party auditor on whether a Service Provider organization (typically cloud vendor) maintained effective controls over its systems – CIA. Typically used by Cloud vendors to assure customers of their controls, and avoid individual audits from customers. (Less detailed than SOC-2 Type 2 Reports)
302
PCI-DSS
PCI-DSS Payment Card Industry regulation – the Payment Card industry Self-regulates. Is not a Law, but a Data Security standard. All companies that accept, process, store or transmit credit-card information are subject to PCI-DSS Compliance. Requires disclosure by Merchants in case of Credit card data breach. Example: Eventman Technologies deliver a Solution Assessment Guideline service, where a consultant can be engaged to discuss and review a customer’s potential solution investment vs. market trends. A customer can choose to buy the service via the Eventman Tech website using their credit-card. Eventman uses the Panauti-Pay platform to process the credit-card transactions. In this case, both Eventman Technologies (Accept Credit Card) and Panauti-Pay (Process,Transmit) are thus required to conform to PCI-DSS at varying levels.
303
HIPAA-HITECH
HIPAA-HITECH Applies to any organization that processes or stores private medical information of individuals such as Health-care providers, health insurance providers etc. HITECH 2013, also modifies this act to cover Business Associates of healthcare industry who work on PHI data to also be covered under HIPAA via Business Associate Agreement. HITECH also enforces Data Breach Notifications, requiring HIPAA covered entities notify affected individuals in the event of a breach. Also notify Secretary of Health, and the media in case breach is higher than 500 individuals. Example: Eventman Technologies works with National Insurance – Kentucky, to process the scanned forms and input them into the CRM solution for National Insurance. In this case, National Insurance needs have a BAA with Eventman Technologies. Eventman Technologies would also be regulated by HIPAA and must follow the compliance requirements.
304
BAA
Business Associates who work on PHI require a BAA – Business Associates Agreement.
305
Sarbanes-Oxley Act
Sarbanes-Oxley Act – SOX 2002 Protects Shareholders and the General public from the fraudulent practices in enterprises and improve accuracy corporate disclosures. SOX applies to PRIVATE Companies IT Departments are responsible for creating and maintaining corporate records (Data Retention) Mandates Segregation of Duties: duties should be separated and the person should be assigned the least privileges to prevent fraud.
306
GRAMM-LEACH-BLILEY ACT - GLBA
Banking Industry Regulation, applies to Financial institutions. – CIVIL LAW GLBA compliance is mandatory; whether a financial institution discloses nonpublic information or not, there must be a policy in place to protect the information from foreseeable threats in security and data integrity. Financial Privacy Rule requires financial institutions to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter. The privacy notice must explain the information collected about the consumer, where that information is shared, how that information is used, and how that information is protected. The notice must also identify the consumer's right to opt out of the information being shared with unaffiliated parties pursuant to the provisions of the Fair Credit Reporting Act. Should the privacy policy change at any point in time, the consumer must be notified again for acceptance. The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients' nonpublic personal information.
307
NIST SP 800-53
NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations Federal computing systems and Agencies must comply with this standard. Commonly used as an Industry Cybersecurity benchmark. NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. Federal Contractors must comply with this standard. NIST CyberSecurity Framework (CSF): Voluntary risk-based framework for securing data and systems.
308
NIST SP 800-171
NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations Federal computing systems and Agencies must comply with this standard. Commonly used as an Industry Cybersecurity benchmark. NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. Federal Contractors must comply with this standard. NIST CyberSecurity Framework (CSF): Voluntary risk-based framework for securing data and systems.
309
NIST CyberSecurity Framework
NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations Federal computing systems and Agencies must comply with this standard. Commonly used as an Industry Cybersecurity benchmark. NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. Federal Contractors must comply with this standard. NIST CyberSecurity Framework (CSF): Voluntary risk-based framework for securing data and systems.
310
Computer Security Act 1987
Computer Security Act 1987 Gives National Institute of Standards and Technology the responsibility to develop standards and guidelines for Federal computer systems. NIST uses technical advice and assistance of National Security Agency (NSA) where appropriate. Provide enactment of such guidelines and standards. Require establishments of security plans by all operators of Federal computer systems that contain sensitive information. Mandatory periodic training and review for all people involved in management, use and operation of such systems. This act replaced the NSA with NIST for the responsibility to develop the standards. NIST produces 800 series of Publications related to Computer Security for Federal Systems. http://csrc.nist.gov/publications/PubsSPs.html
311
Gross Negligence
``` Gross Negligence(重大過失) – Opposite of Due care. For example: Despite the sensitivity of the data, the CEO of Eventman technologies refuses to implement any reasonable security control to prevent data loss. ```
312
BCP / DRP TESTING & MAINTENANCE | Read-Through / Checklist Test
``` BCP Testing should be conducted at least once annually Read-Through / Checklist Test All have copies of plans Make aware of responsibilities Knowledge refreshed Update the plan ```
313
BCP / DRP TESTING & MAINTENANCE | Structured-Walkthrough / TableTop Exercise
BCP Testing should be conducted at least once annually Structured-Walkthrough / TableTop Exercise Members ROLE-PLAY disaster scenarios. Discuss Appropriate responses.
314
BCP / DRP TESTING & MAINTENANCE | Simulation / Practical Test
BCP Testing should be conducted at least once annually Simulation / Practical Test Given scenario and have to develop response. Interruption of NON-CRITICAL Business Activity. Some Operational Personnel involved
315
BCP / DRP TESTING & MAINTENANCE | Parallel Test
BCP Testing should be conducted at least once annually Parallel Test Activate DR (Alternate Site) No interruption to Primary site.
316
BCP / DRP TESTING & MAINTENANCE | Full-Interruption Test
BCP Testing should be conducted at least once annually Full-Interruption Test Actual shutdown of primary site/operations. Activate DR (Alternate Site)
317
BUSINESS IMPACT ASSESSMENT
``` Identify Priorities Identify Risk Likelihood Assessment Impact Assessment Resource Prioritization ```
318
MTBF
MTBF – Mean Time Between Failure – Identifies the average time between failures. Example: We can expect the syslog server to fail once every week due to load.
319
WRT
WRT – Work Recovery Time – Maximum Time till verification of Data integrity and systems to resume production.
320
MTTR
MTTR – Mean Time to Restore – Time required to restore, repair or recover a system after failure.
321
Hot Site
Hot Site – Maintained in constant working condition with continuous/periodic Data Replication, IT equipment and systems equivalent to the Primary site pre-configured and ready to take over in the event of a disaster. Fastest to restore. Expensive. – Minutes to upto 6 hours recovery.
322
Cold Site
Cold Site – Only contains communications, power systems. IT Systems / Data have to be installed, configured and replicated to bring this site up. Slowest to Restore, Cheapest.
323
Warm Site
Warm Site – Contains all systems and applications pre-configured and up, doesn’t have any Data. Median between MTTR and cost. – 24 to 48 hours recovery.
324
DISASTER RECOVERY PROCESS
Respond:Initial responders will Assess whether it is a “disaster”. Activate:Initial responders will activate the DR Team via Secondary response procedures. Communicate:Disseminate recovery details with workers and the public. Assess:DR Team will assess the extent of the damage to determine proper steps to recover. Reconstitute / Recover:Recover critical Business operations at primary or secondary site.
325
FOUR PHASES OF BCP
Phase 1: Project Scoping and Planning Business analysis from crisis point of view Creation of the BCP Team with Approval from senior management Assessment of resources available to participate in continuity processes Legal and Regulatory requirements analysis Business Organizational Analysis Phase 2: Business Impact Analysis Phase 3: Continuity Planning - Recovery Strategies and Continuity Development Phase 4: Approval and Implementation Phase 5: Testing and Maintenance Exercise, Test, Drill and Maintain the BCP. Maintenance includes updating documentation as processes and controls change.
326
BCP vs DRP
BCP: Long Term Strategy Plan DRP: Short Term Tactical Plan BCP is more high-level than DRP. DRP falls under the umbrella of BCP.
327
RISK CHOICES
Risk Mitigation – Risk reduction or risk mitigation is implementation of safeguards and countermeasures to eliminate vulnerabilities or block threats. Lowering the risk to an acceptable level. In some cases, a specific risk can be eliminated completely. Risk Transfer – Transfer risk to another organization such as insurance or outsourcing. Risk Avoidance – Eliminating the Risk cause, to avoid a risk. E.g. System is open to HTTP attacks, if HTTP is not needed, the protocol can simply be disabled to avoid the risk. Risk Deterrence – Deter violators from violating security and polices by putting in warning messages, auditing etc. but allow the activity to continue. E.g. User’s browsing to File share websites are prompted a message saying they are being monitored. Risk Acceptance – Risk acceptance happens when the cost of the safeguard is higher than the risk or if the risk is deemed to low by the management. The management chooses to accept the consequences if the risk is realized. Acceptance of risk is determined on an organizations Risk tolerance. Risk acceptance involves proper documentation of risk and signoff that the risk is accepted. For example: An ecommerce organization won’t accept any downtime to it’s web applications as it’s their primary source of business. A Salon will accept their website being down for sometime as their business is direct/walk-in. Risk Rejection – Reject or ignore a risk. Unacceptable response. Denying a risk will not be realized is not prudent due-care response to risk.
328
Qualitative Risk Assessment
Qualitative Risk Assessment focuses on Likelihood and Impact Assessment. Likelihood: How likely is it that a threat will be realized? Example: It floods every year in Mumbai during the rains. The likelihood of Flooding is high. However, Earthquakes are unheard of. The likelihood is low. Impact: What will be the impact on the business? This can be monetary as well has having long term effects. Example: The impact of flooding would be that operations could be down or slowed due to less number of employees. Impact is Moderate. However in an Earthquake, the impact would be catastrophic.
329
QUANTITATIVE RISK ASSESSMENT
Total Cost of Ownership (TCO) – The total cost of ownership is the total cost of a mitigating safeguard. The TCO combines one time expense and Annual cost of maintenance, operational cost etc. For example: Our GWC Safeguard solution of monitoring software and disk replacement costs $2000 annually and a $500 operational cost. Considering a 5 year technology refresh cycle, this amounts to $12500 for 5 years, and $2500 annually. TCO for the Storage Safeguard is $2500 annually. Return on Investment (RoI) – Amount of money saved by implementing a safeguard. If Annual TCO is less than the ACS than ROI is positive. ROI = ACS – TCO
330
QUANTITATIVE RISK ASSESMENT Asset Value Exposure Factor Single Loss Expectancy
``` Asset Value (AV)– A monetary figure for an Asset that not just includes the cost of the asset and it’s per year maintenance but the information residing on it. For example: An GWC NAS Storage unit may cost $100000 with a per year maintenance of $10000, but the data residing on that Asset is Confidential IP and is valued at $1 million. The total value of the Asset is $1.1+ Million. Exposure Factor (EF) – a % Value, the exposure or percentage of loss expected from a threat. For example: Multiple Disk failures can cause data loss stored in the Storage unit. 5 disk failures can cause 20% data loss. 7 disk failures can cause 30% data loss, and 10 disk failures can cause 50% data loss. The % figures are the Exposure factor. Single Loss Expectancy (SLE) – a monetary value from a one time loss. Calculated as SLE = AV * EF For example: 5 Disk failures – SLE = 1110000 * 20% = $222,000 7 Disk Failures – SLE = 1110000 * 30% = $333,000 10 Disk Failures – SLE = 1110000 * 50% = $555,000 ```
331
QUANTITATIVE RISK ASSESMENT Annual Rate of Occurrence Annual Loss Expectancy
Annual Rate of Occurrence (ARO)– The chance a particular threat can be realized in a single year. This data has to be supplemented by studies, fact-checks or third-party tests/certifications. For Example: GWC says there is a once in 3 years chance of a 5 disk failure, once in 5 years chance of a 7 disk failure and once in 10 year chance of a 10 disk failure. Annual Loss Expectancy (ALE) – The Amount of loss expected annually due to a threat. ALE = SLE * ARO For Example: ALE from a 5 disk failure = 222000 * 0.34 = $75,480 ALE from a 7 disk failure = 333000 * 0.2 = $66,600 ALE from a 10 disk failure = 555000 * 0.1 = $55,500
332
QUANTITATIVE RISK ASSESMENT Safeguard ALE with Safeguard Annual Cost Savings
Safeguard (SG)– Adding a safeguard can reduce the Exposure factor(EF) or reduce the Annualized Rate of Occurrence (ARO), reducing the overall risk assessment. For example: GWC says replacing disks at 80% duty cycle reduces chance of disk failures. This requires installing proprietary monitoring software and replacing disks, however GWC certifies that a 5 disk failure will only happen once in 8 years, a 7 disk failure once in 12 years and a 10 disk failure of once in 20 years. The Safeguard costs $2000 per year ALE with Safeguard – Safeguard assessment has to be calculated with the impact of its placement (the EF or the ALE) bringing down the total cost of the risk. ALE = SLE * ARO In our example, the Safeguard directly impacts the ARO, thus the calculations are: ALE Safeguard 5 disk failure: AV = 1110000; SLE = AV 1110000 * EF 20% = 222000 ALE = SLE 222000 * ARO 0.125 = 27,750 ALE Safeguard 7 disk failure: AV = 1110000; SLE = AV 1110000 * EF 30% = 333000 ALE = SLE 333000 * ARO 0.084 = 27,972 ALE Safeguard 10 disk failure: AV = 1110000; SLE = AV 1110000 * EF 50% =550000 ALE = SLE 550000 * ARO 0.05 = 27,500 Annual Cost Savings (ACS) - The benefits of a Safeguard can be calculated by subtracting the Post Safeguard-ALE from the Pre Safeguard-ALE. Pre-ALE – Post-ALE = ACS
333
THREAT MODELING | Key Performance Indicators (KPI)
Key Performance Indicators (KPI): Resolve open items or backlog items identified in past. Risk Assessment or audits. Key Risk Indication (KRI): provides predictive information for an organization risk exposure. Key Control Indicator (KCI): control an organization has over it’s environment and risk. Effectively a particular control is working.
334
THREAT MODELING | Key Risk Indication (KRI)
Key Performance Indicators (KPI): Resolve open items or backlog items identified in past. Risk Assessment or audits. Key Risk Indication (KRI): provides predictive information for an organization risk exposure. Key Control Indicator (KCI): control an organization has over it’s environment and risk. Effectively a particular control is working.
335
THREAT MODELING | Key Control Indicator (KCI)
Key Performance Indicators (KPI): Resolve open items or backlog items identified in past. Risk Assessment or audits. Key Risk Indication (KRI): provides predictive information for an organization risk exposure. Key Control Indicator (KCI): control an organization has over it’s environment and risk. Effectively a particular control is working.
336
THREAT MODELING | STRIDE
``` STRIDE Originated at Microsoft Spoofing Tampering Repudiation Information Disclosure Denial of Service (DoS) Elevation of Privilege ```
337
THREAT MODELING | DREAD
``` DREAD Rating Threats Damage Potential Reproducibility Exploitability Affected Users Discoverability ```
338
THREAT MODELING | PASTA
PASTA Stage 1: Definition of Objectives (DO) Stage II: Definition of Technical Scope (DTS) Stage III: Application Decomposition Analysis (ADA) Stage IV: Threat Analysis (TA) Stage V: Weakness and Vulnerability Analysis (WVA) Stage VI: Attack Modeling and Simulation (AMS) Stage VII: Risk Analysis and Management (RAM)
339
RISK MANAGEMENT PROCESS
1.System Characterization Determine Scope Choose Systems 2.Threat Identification Identify Threats to Systems and Processes 3.Vulnerability Identification Identify Vulnerabilities in Systems and Processes 4.Control Analysis Analyze Safeguards already in place to mitigate risk. 5.Likelihood Determination How likely is it that the threat will occur. 6.Impact Analysis Impact if the Threat Occurs 7.Risk Determination Determine Risk. 8.Controls Recommendation Safeguards to mitigate risk 9.Results Documentation Document the Results NIST SP-800-30 – Risk Management Guide for Technology Systems
340
NIST SP-800-30
NIST SP-800-30 – Risk Management Guide for Technology Systems
341
Residual Risk
Residual Risk – A result of the remaining risk after enabling a risk response or safeguard mechanism. Residual Risks are expected to remain, and generally accepted. Total Risk – Control’s Gap = Residual Risk. Response: Contingency Plan
342
Risk
Risk – Threat x Vulnerability = Risk. A Threat must connect with a vulnerability to form a risk. Example: A Web Application that has an input validation vulnerability that is not patched. A Hacker can exploit that vulnerability to steal information. This is a Risk. If the input validation vulnerability did not exist, a hacker would not be able to exploit it, leading to no Risk (at least from this specific aspect ;) )
343
Threat Agents use Vulnerabilities to exploit a system to cause Threats. An example is a Hacker using an SQL Injection vulnerability in the eCommerce Website to steal Credit Card data of its users. The Hacker is the ? The SQL Injection is the ? Stealing of Credit Card Data (Hacking) is the ? Loss of PII (Credit Card Data) is the ?
Threat Agents use Vulnerabilities to exploit a system to cause Threats. An example is a Hacker using an SQL Injection vulnerability in the eCommerce Website to steal Credit Card data of its users. The Hacker is the Threat Agent The SQL Injection is the vulnerability Stealing of Credit Card Data (Hacking) is the Threat. Loss of PII (Credit Card Data) is the Risk.
344
ISC2 CODE OF ETHICS | Code of Ethics Preamble:
Code of Ethics Preamble: The safety and welfare of society and the common good, duty to our principles, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this Code is a condition of certification.
345
ISC2 CODE OF ETHICS | Code of Ethics Canons:
Code of Ethics Canons: Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principles. Advance and protect the profession.
346
Internet Advisory Board (IAB): Released RFC 1087 that lists:
Internet Advisory Board (IAB): Released RFC 1087 that lists: Unauthorized access to resources. Disrupt intended use of internet. Waste resources. Destroys integrity of computer based information Compromises privacy of users.
347
PERSONNEL SECURITY | Background Checks
Background Checks: Perform criminal records checks, education, certification checks before hiring.
348
``` ISMS COMPONENTS Policy Standards Procedures Baselines Guidelines ```
Policy – Mandatory, High-level management directives. Contains – Purpose | Scope | Responsibilities | Compliance. Standards – Mandatory, Standardizes equipment or policy directives. Lowers TCO and supports DR. Specifics such as “Laptops should be from XYZ with 8 GB RAM, 128 GB SSD”. Procedures – Mandatory, Step by Step documents on how to perform an activity. “Adding a new Administrator” Baselines – Discretionary, Minimum Acceptable Security Configuration, starting point for security configuration. Guidelines – Discretionary, Best Practices. Example: “Recommended to deploy a WAF vs Required to deploy a WAF.”
349
SECURITY POLICY
Organizational Security Policy Mandatory High level policy mandated by Management Designed to support organization Strategic Goals. Legislation or Industry specific drivers (example Financial institution = GLBA) Assigns High Level responsibility e.g. Departmental NIST 800-12 policy types Program specific – Establishes an organizations Information Security Program System specific – aimed at protecting a system. Issue specific – focused on issues such as privacy or functions like email, acceptable use.
350
ISO STANDARDS
27001 – ISMS requirements - Plan, Do, Check, Act PDCA 27002 – Code of practice for information security management 27003 – Guideline for ISMS Implementation 27004 – Measure the success of ISMS with metrics framework. 27005 – Risk Management 27006 – Guidelines for audit and certification bodies of ISMS 27799 – Protect PHI
351
NIST SP-800-30
NIST SP-800-30 | Risk Management guide for Technology Systems
352
OCTAVE
OCTAVE 3 Step Risk Assessment ID Staff knowledge, assets & threats ID vulnerabilities and evaluate safeguards Conduct risk analysis, develop risk mitigation strategy
353
CoBIT
``` Control Objectives for Information and related Technology (COBIT) IT Management Controls a framework -------------------------------------- 1. Meeting stakeholder needs 2.Covering the enterprise end to end 3. Applying a single integrated framework 4. Enabling a holistic approach 5. Separating governance from management ```
354
COSO
``` Internal Control—Integrated Framework by Committee of Sponsoring Organizations (COSO) Fraudulent Financial Activities and Reporting. Control environment Risk Assessment Control activities Information Communication Monitoring ```
355
ITIL
ITIL IT Services Management Framework. Although ITIL has a component that deals with security, its focus is more toward internal SLAs between the IT department and the “customers” it serves. The customers are usually internal departments.
356
RISK MANAGEMENT FRAMEWORK
NIST SP800-37 Risk Management Framework Step 1 CATEGORIZE
357
NIST SP800-37
NIST SP800-37 | Risk Management Framework
358
Domain I
``` Domain I: Security & Risk Management Domain II: Asset Security Domain III: Security Architecture & Engineering Domain IV: Communications & Network Security Domain V: Identity & Access Management Domain VI: Security Assessment & Testing Domain VII: Security Operations Domain VIII: Software Development Security ```
359
Domain II
``` Domain I: Security & Risk Management Domain II: Asset Security Domain III: Security Architecture & Engineering Domain IV: Communications & Network Security Domain V: Identity & Access Management Domain VI: Security Assessment & Testing Domain VII: Security Operations Domain VIII: Software Development Security ```
360
Domain III
``` Domain I: Security & Risk Management Domain II: Asset Security Domain III: Security Architecture & Engineering Domain IV: Communications & Network Security Domain V: Identity & Access Management Domain VI: Security Assessment & Testing Domain VII: Security Operations Domain VIII: Software Development Security ```
361
Domain IV
``` Domain I: Security & Risk Management Domain II: Asset Security Domain III: Security Architecture & Engineering Domain IV: Communications & Network Security Domain V: Identity & Access Management Domain VI: Security Assessment & Testing Domain VII: Security Operations Domain VIII: Software Development Security ```
362
Domain V
``` Domain I: Security & Risk Management Domain II: Asset Security Domain III: Security Architecture & Engineering Domain IV: Communications & Network Security Domain V: Identity & Access Management Domain VI: Security Assessment & Testing Domain VII: Security Operations Domain VIII: Software Development Security ```
363
Domain VI
``` Domain I: Security & Risk Management Domain II: Asset Security Domain III: Security Architecture & Engineering Domain IV: Communications & Network Security Domain V: Identity & Access Management Domain VI: Security Assessment & Testing Domain VII: Security Operations Domain VIII: Software Development Security ```
364
Domain VII
``` Domain I: Security & Risk Management Domain II: Asset Security Domain III: Security Architecture & Engineering Domain IV: Communications & Network Security Domain V: Identity & Access Management Domain VI: Security Assessment & Testing Domain VII: Security Operations Domain VIII: Software Development Security ```
365
Domain VIII
``` Domain I: Security & Risk Management Domain II: Asset Security Domain III: Security Architecture & Engineering Domain IV: Communications & Network Security Domain V: Identity & Access Management Domain VI: Security Assessment & Testing Domain VII: Security Operations Domain VIII: Software Development Security ```
366
Industrial Control Systems(ICS)
Programmable Logic Controllers (PLC) Distributed Control System (DCS) Supervisory Control and Data Acquisition (SCADA)
367
The Federal Information Security Management Act (FISMA) of 2002
The Federal Information Security Management Act (FISMA) of 2002 is a U.S. law that requires every federal agency to create, document, and implement an agency-wide security program to provide protection for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. It explicitly emphasizes a “risk-based policy for cost-effective security.”
368
Department of Veterans Affairs Information Security Protection Act
Department of Veterans Affairs Information Security Protection Act 退伍軍人事務部信息安全保護法
369
Payment Card Industry Data Security Standard (PCI DSS | 12 requirements
1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. 3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data across open, public networks. 5. Use and regularly update anti-virus software or programs. 6. Develop and maintain secure systems and applications. 7. Restrict access to cardholder data by business need to know. 8. Assign a unique ID to each person with computer access. 9. Restrict physical access to cardholder data. 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. 12. Maintain a policy that addresses information security for employees and contractors.
370
Gramm-Leach-Bliley Act of 1999
GLBA applies to institutions that provide financial or insurance services. It requires that, upon identification of an incident of unauthorized access to sensitive customer information, the institution determine the likelihood that the information has or will be misused. If the institution determines that misuse occurred or is reasonably likely to occur, GLBA requires notification to federal regulators, law enforcement authorities, and affected customers.
371
Risk analysis has four main goals ?
Risk analysis has four main goals: • Identify assets and their value to the organization. • Determine the likelihood that a threat exploits a vulnerability. • Determine the business impact of these potential threats. • Provide an economic balance between the impact of the threat and the cost of the countermeasure.
372
The Delphi Technique
The Delphi Technique The Delphi technique is a group decision method used to ensure that each member gives an honest opinion of what he or she thinks the result of a particular threat will be. This avoids a group of individuals feeling pressured to go along with others’ thought processes and enables them to participate in an independent and anonymous way.
373
NIST outlines the following steps in SP 800-34, Revision 1, “Contingency Planning Guide for Federal Information Systems”:
NIST outlines the following steps in SP 800-34, Revision 1, “Contingency Planning Guide for Federal Information Systems”: 1. Develop the continuity planning policy statement. Write a policy that provides the guidance necessary to develop a BCP and that assigns authority to the necessary roles to carry out these tasks. 2. Conduct the business impact analysis (BIA). Identify critical functions and systems and allow the organization to prioritize them based on necessity. Identify vulnerabilities and threats, and calculate risks. 3. Identify preventive controls. Once threats are recognized, identify and implement controls and countermeasures to reduce the organization’s risk level in an economical manner. 4. Create contingency strategies. Formulate methods to ensure systems and critical functions can be brought online quickly. 5. Develop an information system contingency plan. Write procedures and guidelines for how the organization can still stay functional in a crippled state. 6. Ensure plan testing, training, and exercises. Test the plan to identify deficiencies in the BCP, and conduct training to properly prepare individuals on their expected tasks. 7. Ensure plan maintenance. Put in place steps to ensure the BCP is a living document that is updated regularly.
374
BCP Project Components
* Business units * Senior management * IT department * Security department * Communications department * Legal department
375
Information Life Cycle
four phases: acquisition, use, archival, and disposal.
376
NIST Special Publication 800-88
NIST Special Publication 800-88, Revision 1, “Guidelines for Media Sanitization”(December 2014), describes the best practices for combating data remanence.
377
OECD-Privacy Framework
OECD-Privacy Framework 1. Collection Limintation 2. Data Quality 3. Purpose Specification 4. Use Limitation 5. Security Safeguards 6. Openness 7. Individual Participation 8. Accountability
378
EU-U.S. Privacy Shield principles
``` The EU-U.S. Privacy Shield principles are : ■ Notice ■ Choice ■ Accountability for Onward Transfer ■ Security ■ Data Integrity and Purpose Limitation ■ Access ■ Recourse, Enforcement, and Liability ```
379
destroy (physical destruction of the media)=>Encryption
許多移動設備都採用這種方法來快速安全地使數據無法使用。前提是使用強密鑰以加密格式將數據存儲在介質上。為了使數據不可恢復,系統僅需要安全地刪除加密密鑰,這比刪除加密數據快許多倍。在這種情況下,恢復數據通常在計算上是不可行的。
380
destroy (physical destruction of the media)
對抗數據殘留的最佳方法也許就是簡單地破壞物理介質。破壞介質的兩種最常用方法是將其切碎或使其暴露於使它們無法使用的腐蝕性或腐蝕性化學物質中。另一種方法是焚化。 NIST SP 800-88r1 Guidelines for Media Sanitization
381
destroy (physical destruction of the media)=>overwriting with nonsensitive data
覆蓋數據需要用隨機的或固定的1和0模式替換存儲介質上代表數據的1和0,以使原始數據無法恢復。此操作至少應執行一次(例如,用1、0或其中的一種模式覆蓋媒體),但可能還需要做更多。多年來,美國國防部(DoD)標準5220.22-M要求將媒體覆蓋7次。此標準已被取代。現在必須對具有敏感信息的DoD系統進行消磁。
382
purge (removing all data,purging is an intense form of clearing used to ensure that data is removed and unrecoverable from media)=>Degaussing (uses magnetic fields to wipe media)
這是去除或減少常規磁盤驅動器或磁帶上磁場模式的過程。本質上,強大的磁力會施加到介質上,這會導致數據擦除,有時還會破壞驅動磁盤的電機。儘管仍然有可能恢復數據,但這樣做通常成本高昂。
383
RAID 0 is called ?
RAID 0 is called disk striping. RAID 1 is called disk mirroring. RAID level 5 is called disk striping with parity. RAID 10 is known as a stripe of mirrors.
384
RAID 1 is called ?
RAID 0 is called disk striping. RAID 1 is called disk mirroring. RAID level 5 is called disk striping with parity. RAID 10 is known as a stripe of mirrors.
385
RAID level 5 is called ?
RAID 0 is called disk striping. RAID 1 is called disk mirroring. RAID level 5 is called disk striping with parity. RAID 10 is known as a stripe of mirrors.
386
RAID 10 is known as ?
RAID 0 is called disk striping. RAID 1 is called disk mirroring. RAID level 5 is called disk striping with parity. RAID 10 is known as a stripe of mirrors.
387
NIST 800-12
NIST 800-12 is an introduction to computer security
388
NIST SP 800-30
NIST SP 800-30 Risk assessment guide for information security
389
800-34
800-34 covers contingency planning
390
NIST SP 800-53A
NIST SP 800-53A “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans,”
391
800-86
800-86 is the “Guide to Integrating Forensic Techniques into Incident Response.”
392
NIST SP 800-115
NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
393
NIST SP 800-137
NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
394
NIST SP 800-192
NIST SP 800-192, Verification and Test Methods for Access Control Policies/Models
395
Arithmetic logic unit (ALU)
The actual execution of the instructions is done by the arithmetic logic unit (ALU). The ALU performs mathematical functions and logical operations on data. The ALU can be thought of as the brain of the CPU, and the CPU as the brain of the computer.
396
A program is not considered a _____ until it is | loaded into _____ and activated by the _____
A program is not considered a process until it is | loaded into memory and activated by the operating system
397
When a _____ needs to send something to the _____ for _____, it generates a _____. A _____ is made up of an individual instruction set and the data that must be worked on by the _____.
When a process needs to send something to the CPU for processing, it generates a thread. A thread is made up of an individual instruction set and the data that must be worked on by the CPU.
398
The _____ is a collection of all the hardware, software, and firmware components within a system that provides some type of security and enforces the system’s security policy.
The trusted computing base (TCB) is a collection of all the hardware, software, and firmware components within a system that provides some type of security and enforces the system’s security policy.
399
A _____ is a communication channel between the | user, or program, and the TCB
A trusted path is a communication channel between the | user, or program, and the TCB
400
Bell-LaPadula model
* Simple security rule * *-property (star property) rule * Strong star property rule
401
Biba Model
• *-integrity axiom A subject cannot write data to an object at a higher integrity level (referred to as “no write up”). • Simple integrity axiom A subject cannot read data from a lower integrity level (referred to as “no read down”). • Invocation property A subject cannot request service (invoke) at a higher integrity.
402
Clark-Wilson Model
The Clark-Wilson model was developed after Biba and takes some different approaches to protecting the integrity of information. This model uses the following elements: • Users Active agents • Transformation procedures (TPs) Programmed abstract operations, such as read, write, and modify • Constrained data items (CDIs) Can be manipulated only by TPs • Unconstrained data items (UDIs) Can be manipulated by users via primitive read and write operations • Integrity verification procedures (IVPs) Check the consistency of CDIs with external reality
403
Brewer and Nash model
The Brewer and Nash model, also called the Chinese Wall model, states that a subject can write to an object if, and only if, the subject cannot read another object that is in a different dataset. It was created to provide access controls that can change dynamically depending upon a user’s previous actions. The main goal of the model is to protect against conflicts of interest by users’ access attempts.
404
Graham-Denning Model
* How to securely create an object * How to securely create a subject * How to securely delete an object * How to securely delete a subject * How to securely provide the read access right * How to securely provide the grant access right * How to securely provide the delete access right * How to securely provide transfer access rights
405
Different Components of the Common Criteria
• Protection profile (PP) Description of a needed security solution. 保護配置文件(PP)所需安全解決方案的描述。 • Target of evaluation (TOE) Product proposed to provide a needed security solution. 評估目標(TOE)建議提供所需安全解決方案的產品。 • Security target Vendor’s written explanation of the security functionality and assurance mechanisms that meet the needed security solution—in other words, “This is what our product does and how it does it.” 供應商對安全功能和保證機制的書面說明,以滿足所需的安全解決方案 • Security functional requirements Individual security functions that must be provided by a product. 必須由產品提供的個人安全功能 • Security assurance requirements Measures taken during development and evaluation of the product to assure compliance with the claimed security functionality. 在開發和評估產品期間採取的措施,以確保符合聲明的安全功能 • Packages—EALs Functional and assurance requirements are bundled into packages for reuse. This component describes what must be met to achieve specific EAL ratings. 功能和保證要求捆綁到包中以便重複使用。該組件描述了實現特定EAL評級必須滿足的要求。
406
ISO/IEC 15408
ISO/IEC 15408 is the international standard that is used as the basis for the evaluation of security properties of products under the CC framework. It actually has three main parts: • ISO/IEC 15408-1 Introduction and general model • ISO/IEC 15408-2 Security functional components • ISO/IEC 15408-3 Security assurance components
407
Aggregation
Aggregation is the act of combining information from separate sources. The combination of the data forms new information, which the subject does not have the necessary rights to access. The combined information has a sensitivity that is greater than that of the individual parts.
408
NIST Special Publication 800-82
NIST Special Publication 800-82, “Guide to Industrial Control Systems (ICS) Security.”
409
maintenance hooks
In the programming world, maintenance hooks are a type of back door.
410
The strength of an encryption method comes from the algorithm, the ____ of the key, the ____ of the key, the ____, and how they all work together within the cryptosystem.
The strength of an encryption method comes from the algorithm, the secrecy of the key, the length of the key, the initialization vectors, and how they all work together within the cryptosystem.
411
One-Time Pad Requirements
One-Time Pad Requirements For a one-time pad encryption scheme to be considered unbreakable, each pad in the scheme must be • Made up of truly random values • Used only one time • Securely distributed to its destination • Secured at sender’s and receiver’s sites • At least as long as the message
412
Symmetric Cryptography
* Data Encryption Standard (DES) * Triple-DES (3DES) * Blowfish * International Data Encryption Algorithm (IDEA) * RC4, RC5, and RC6 * Advanced Encryption Standard (AES)
413
Asymmetric Cryptography
* Rivest-Shamir-Adleman (RSA) * Elliptic curve cryptosystem (ECC) * Diffie-Hellman * El Gamal * Digital Signature Algorithm (DSA)
414
_______ are random values that are used with algorithms to ensure patterns are not created during the encryption process. They are used with keys and do not need to be encrypted when being sent to the destination.
Initialization vectors (IVs) are random values that are used with algorithms to ensure patterns are not created during the encryption process. They are used with keys and do not need to be encrypted when being sent to the destination.
415
DES Modes
``` DES Modes • Electronic Code Book (ECB) • Cipher Block Chaining (CBC) • Cipher Feedback (CFB) • Output Feedback (OFB) • Counter (CTR) ```
416
Cipher Feedback (CFB) Mode
Cipher Feedback (CFB) Mode can emulate a stream cipher using CFB to encrypt 8-bit blocks is very common
417
Counter (CTR) Mode Counter (CTR)
Counter (CTR) Mode Counter (CTR) this mode uses an IV counter that increments for each plaintext block that needs to be encrypted. which means no ciphertext is brought forward to encrypt the next block. CTR mode has been around for quite some time and is used in encrypting ATM cells for virtual circuits, in IPSec, and in the wireless security standard IEEE 802.11i. Since chaining is not involved, the destination can decrypt and begin processing the packets without having to wait for the full message to arrive and then decrypt all the data.
418
Advanced Encryption Standard
Advanced Encryption Standard a symmetric block cipher supporting key sizes of 128, 192, and 256 bits. Out of these contestants, Rijndael was chosen. The block sizes that Rijndael supports are 128, 192, and 256 bits. The number of rounds depends upon the size of the block and the key length: • If both the key and block size are 128 bits, there are 10 rounds. • If both the key and block size are 192 bits, there are 12 rounds. • If both the key and block size are 256 bits, there are 14 rounds. Rijndael was NIST’s choice to replace DES. It is now the algorithm required to protect sensitive but unclassified U.S. government information.
419
International Data Encryption Algorithm
International Data Encryption Algorithm (IDEA) is a block cipher and operates on 64-bit blocks of data. The key is 128 bits long, and IDEA is faster than DES when implemented in software. IDEA is used in PGP and other encryption software implementations. It was thought to replace DES, but it is patented, meaning that licensing fees would have to be paid to use it.
420
Blowfish
Blowfish is a block cipher that works on 64-bit blocks of data. The key length can be anywhere from 32 bits up to 448 bits, and the data blocks go through 16 rounds of cryptographic functions. Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone.
421
rc5-w/r/b or RC5-32/12/16. mean?
• w = Word size, in bits, which can be 16, 32, or 64 bits in length • r = Number of rounds, which can be 0 to 255 • b = Key size, in bytes So RC5-32/12/16 would mean the following: • 32-bit words, which means it encrypts 64-bit data blocks • Using 12 rounds • With a 16-byte (128-bit) key
422
The IEEE 802.11i wireless security standard outlines the use of ____ mode for the block cipher ___.
A newer block mode combines CTR mode and CBC-MAC and is called CCM. The goal of using this mode is to provide both data origin authentication and encryption through the use of the same key. One key value is used for the counter values for CTR mode encryption and the IV value for CBC-MAC operations. The IEEE 802.11i wireless security standard outlines the use of CCM mode for the block cipher AES.
423
NIST Special Publication 800-57
NIST Special Publication 800-57, Part 1 Revision 4: “Recommendation for Key Management, Part 1: General.”
424
CPTED
Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. It provides guidance in loss and crime prevention through proper facility construction and environmental components and procedures.
425
CPTED provides three main strategies to bring together the physical environment and social behavior to increase overall protection:
CPTED provides three main strategies to bring together the physical environment and social behavior to increase overall protection: natural access control natural surveillance natural territorial reinforcement
426
______ are short posts commonly used to prevent vehicular access and to protect a building or people walking on a sidewalk from vehicles. They can also be used to direct foot traffic.
Bollards are short posts commonly used to prevent vehicular access and to protect a building or people walking on a sidewalk from vehicles. They can also be used to direct foot traffic.
427
Power excess:
Power excess:功率過剩 • Spike Momentary high voltage • Surge Prolonged high voltage Power loss:功率流失 • Fault Momentary power outage • Blackout Prolonged, complete loss of electric power Power degradation:電力下降 • Sag/dip Momentary low-voltage condition, from one cycle to a few seconds • Brownout Prolonged power supply that is below normal voltage • In-rush current Initial surge of current required to start a load
428
Power loss:
Power excess:功率過剩 • Spike Momentary high voltage • Surge Prolonged high voltage Power loss:功率流失 • Fault Momentary power outage • Blackout Prolonged, complete loss of electric power Power degradation:電力下降 • Sag/dip Momentary low-voltage condition, from one cycle to a few seconds • Brownout Prolonged power supply that is below normal voltage • In-rush current Initial surge of current required to start a load
429
Power degradation:
Power excess:功率過剩 • Spike Momentary high voltage • Surge Prolonged high voltage Power loss:功率流失 • Fault Momentary power outage • Blackout Prolonged, complete loss of electric power Power degradation:電力下降 • Sag/dip Momentary low-voltage condition, from one cycle to a few seconds • Brownout Prolonged power supply that is below normal voltage • In-rush current Initial surge of current required to start a load
430
The OSI reference model, as described by ISO Standard _____
The OSI reference model, as described by ISO Standard 7498-1
431
The session layer protocol can enable communication between two applications to happen in three different modes: • _____ takes place in one direction, though in practice this is very seldom the case. • _____ Communication takes place in both directions, but only one application can send information at a time. • _____ Communication takes place in both directions, and both applications can send information at the same time.
The session layer protocol can enable communication between two applications to happen in three different modes: • Simplex Communication takes place in one direction, though in practice this is very seldom the case. • Half-duplex Communication takes place in both directions, but only one application can send information at a time. • Full-duplex Communication takes place in both directions, and both applications can send information at the same time.
432
The data link layer is divided into two functional sublayers: the _____ and the _____. The _____, which was originally defined in the IEEE 802.2 specification for Ethernet networks and is now also the ISO/IEC 8802-2 standard, communicates with the protocol immediately above it, the network layer. The _____ will have the appropriately loaded protocols to interface with the protocol requirements of the physical layer.
The data link layer is divided into two functional sublayers: the Logical Link Control (LLC) and the Media Access Control (MAC). The LLC, which was originally defined in the IEEE 802.2 specification for Ethernet networks and is now also the ISO/IEC 8802-2 standard, communicates with the protocol immediately above it, the network layer. The MAC will have the appropriately loaded protocols to interface with the protocol requirements of the physical layer.
433
The IEEE MAC specification for Ethernet is _____, Token Ring is _____, wireless LAN is _____, and so on. So when you see a reference to an IEEE standard, such as 802.11, 802.16, or 802.3, it refers to the protocol working at the MAC sublayer of the data link layer of a protocol stack.
The IEEE MAC specification for Ethernet is 802.3, Token Ring is 802.5, wireless LAN is 802.11, and so on. So when you see a reference to an IEEE standard, such as 802.11, 802.16, or 802.3, it refers to the protocol working at the MAC sublayer of the data link layer of a protocol stack.
434
Some of the protocols that work at the data link layer are the P____, A____, L____, F____, E____, and T____. Figure 4-8 shows the two sublayers that make up the data link layer.
Some of the protocols that work at the data link layer are the Point-to-Point Protocol (PPP), ATM, Layer 2 Tunneling Protocol (L2TP), FDDI, Ethernet, and Token Ring. Figure 4-8 shows the two sublayers that make up the data link layer.
435
Presentation The services of the presentation layer handle translation into standard formats, data compression and decompression, and data encryption and decryption. No protocols work at this layer, just services. The following lists some of the presentation layer standards:
Presentation The services of the presentation layer handle translation into standard formats, data compression and decompression, and data encryption and decryption. No protocols work at this layer, just services. The following lists some of the presentation layer standards: • American Standard Code for Information Interchange (ASCII) • Extended Binary-Coded Decimal Interchange Mode (EBCDIC) • Tagged Image File Format (TIFF) • Joint Photographic Experts Group (JPEG) • Motion Picture Experts Group (MPEG) • Musical Instrument Digital Interface (MIDI)
436
Session The session layer protocols set up connections between applications; maintain dialog control; and negotiate, establish, maintain, and tear down the communication channel. Some of the protocols that work at this layer include...
Session The session layer protocols set up connections between applications; maintain dialog control; and negotiate, establish, maintain, and tear down the communication channel. Some of the protocols that work at this layer include • Network Basic Input Output System (NetBIOS) • Password Authentication Protocol (PAP) • Point-to-Point Tunneling Protocol (PPTP) • Remote Procedure Call (RPC)
437
Data Link The protocols at the data link layer convert data into LAN or WAN frames for transmission and define how a computer accesses a network. This layer is divided into the Logical Link Control (LLC) and the Media Access Control (MAC) sublayers. Some protocols that work at this layer include the following:...?
``` Data Link The protocols at the data link layer convert data into LAN or WAN frames for transmission and define how a computer accesses a network. This layer is divided into the Logical Link Control (LLC) and the Media Access Control (MAC) sublayers. Some protocols that work at this layer include the following: • Address Resolution Protocol (ARP) • Reverse Address Resolution Protocol (RARP) • Point-to-Point Protocol (PPP) • Serial Line Internet Protocol (SLIP) • Ethernet (IEEE 802.3) • Token Ring (IEEE 802.5) • Wireless Ethernet (IEEE 802.11) ```
438
Distributed Network Protocol 3 The Distributed Network Protocol 3 (DNP3) is a communications protocol designed for use in _____ systems, particularly those within the power sector. It is not a general-purpose protocol like IP, nor does it incorporate routing functionality. _____ systems typically have a very flat hierarchical architecture in which sensors and actuators are connected to remote terminal units (RTUs). The RTUs aggregate data from one or more of these devices and relay it to the _____ master, which includes a human-machine interface (HMI) component. Control instructions and configuration changes are sent from the _____ master to the RTUs and then on to the sensors and actuators.
Distributed Network Protocol 3 The Distributed Network Protocol 3 (DNP3) is a communications protocol designed for use in SCADA systems, particularly those within the power sector. It is not a general-purpose protocol like IP, nor does it incorporate routing functionality. SCADA systems typically have a very flat hierarchical architecture in which sensors and actuators are connected to remote terminal units (RTUs). The RTUs aggregate data from one or more of these devices and relay it to the SCADA master, which includes a human-machine interface (HMI) component. Control instructions and configuration changes are sent from the SCADA master to the RTUs and then on to the sensors and actuators.
439
_____ ports are 1024 to 49151, which can be registered with the Internet Corporation for Assigned Names and Numbers (ICANN) for a particular use. Vendors _____ specific ports to map to their proprietary software. _____ ports are 49152 to 65535 and are available to be used by any application on an “as needed” basis.
Registered ports are 1024 to 49151, which can be registered with the Internet Corporation for Assigned Names and Numbers (ICANN) for a particular use. Vendors register specific ports to map to their proprietary software. Dynamic ports are 49152 to 65535 and are available to be used by any application on an “as needed” basis.
440
The cable types match with the maximum lengths as follows: 1. Category 5e: ____ feet. 2. Coaxial (RG-58): ____ feet. 3. Fiber optic: ____.
``` The cable types match with the maximum lengths as follows: 1. Category 5e: 300 feet. 2. Coaxial (RG-58): 500 feet. 3. Fiber optic: 1+ kilometers. #300 feet = 91.44 公尺 ```
441
The higher the frequency, the ____ data the signal can carry, but the higher the frequency, the ____ susceptible the signal is to atmospheric interference. Normally, a higher frequency can carry ____ data, but over a ____ distance.
The higher the frequency, the more data the signal can carry, but the higher the frequency, the more susceptible the signal is to atmospheric interference. Normally, a higher frequency can carry more data, but over a shorter distance.
442
The three core deficiencies with WEP are the use of ____, the ____, and the lack of ____. The WEP protocol uses the ____ algorithm, which is a stream-symmetric cipher. Symmetric means the sender and receiver must use the exact same key for encryption and decryption purposes. The 802.11 standard does not stipulate how to update these keys through an automated process, so in most environments, the ____ symmetric keys are never changed out.
The three core deficiencies with WEP are the use of static encryption keys, the ineffective use of initialization vectors, and the lack of packet integrity assurance. The WEP protocol uses the RC4 algorithm, which is a stream-symmetric cipher. Symmetric means the sender and receiver must use the exact same key for encryption and decryption purposes. The 802.11 standard does not stipulate how to update these keys through an automated process, so in most environments, the RC4 symmetric keys are never changed out.
443
In most WEP implementations, the ____ are used over and over again in this process, and since the same symmetric key (or shared secret) is generally used, there is no way to provide effective randomness in the key stream that is generated by the algorithm. The appearance of patterns allows attackers to reverse-engineer the process to uncover the original encryption key, which can then be used to decrypt future encrypted traffic.
In most WEP implementations, the same IV values are used over and over again in this process, and since the same symmetric key (or shared secret) is generally used, there is no way to provide effective randomness in the key stream that is generated by the algorithm. The appearance of patterns allows attackers to reverse-engineer the process to uncover the original encryption key, which can then be used to decrypt future encrypted traffic.
444
In WEP, there are certain circumstances in which the receiver cannot detect whether an alteration to the frame has taken place; thus, there is no true ____.
In WEP, there are certain circumstances in which the receiver cannot detect whether an alteration to the frame has taken place; thus, there is no true integrity assurance.
445
The full 802.11i (WPA2) has a major advantage over WPA by providing encryption protection with the use of the ____ algorithm in ____ mode with ____, which is referred to as the ____. ____ is a more appropriate algorithm for wireless than RC4 and provides a higher level of protection. WPA2 defaults to ____, but can switch down to TKIP and RC4 to provide backward compatibility with WPA devices and networks.
The full 802.11i (WPA2) has a major advantage over WPA by providing encryption protection with the use of the AES algorithm in counter mode with CBC-MAC (CCM), which is referred to as the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCM Protocol or CCMP). AES is a more appropriate algorithm for wireless than RC4 and provides a higher level of protection. WPA2 defaults to CCMP, but can switch down to TKIP and RC4 to provide backward compatibility with WPA devices and networks.
446
The 802.1X technology actually provides an ____ framework and a method of dynamically distributing encryption keys. The three main entities in this framework are the ____ (wireless device), the ____ (AP), and the ____ (usually a RADIUS server).
The 802.1X technology actually provides an authentication framework and a method of dynamically distributing encryption keys. The three main entities in this framework are the supplicant (wireless device), the authenticator (AP), and the authentication server (usually a RADIUS server).
447
A ____ is a LAN device used to connect LAN segments. It works at the ____ layer and therefore works with MAC addresses. If the MAC address is not on the local network segment, the ____ forwards the ____ to the necessary network segment. A translation ____ does what its name implies—it translates between the two network types.
A bridge is a LAN device used to connect LAN segments. It works at the data link layer and therefore works with MAC addresses. If the MAC address is not on the local network segment, the bridge forwards the frame to the necessary network segment. A translation bridge does what its name implies—it translates between the two network types.
448
Do not confuse ____ with ____. ____ work at the network layer and filter packets based on IP addresses, whereas ____ work at the data link layer and filter frames based on MAC addresses. ____ usually do not pass broadcast information, but ____ do pass broadcast information.
Do not confuse routers with bridges. Routers work at the network layer and filter packets based on IP addresses, whereas bridges work at the data link layer and filter frames based on MAC addresses. Routers usually do not pass broadcast information, but bridges do pass broadcast information.
449
____ are layer 3, or network layer, devices that are used to connect similar or different networks. It can filter traffic based on access control lists (ACLs), and it fragments packets when necessary.
Routers are layer 3, or network layer, devices that are used to connect similar or different networks. It can filter traffic based on access control lists (ACLs), and it fragments packets when necessary.
450
The IEEE standard that defines how VLANs are to be constructed and how tagging should take place to allow for interoperability is IEEE _____.
The IEEE standard that defines how VLANs are to be constructed and how tagging should take place to allow for interoperability is IEEE 802.1Q.
451
_____ is a general term for software running on a device that connects two different environments and that many times acts as a translator for them or somehow restricts their interactions. ex:IPX & FDDI
Gateway is a general term for software running on a device that connects two different environments and that many times acts as a translator for them or somehow restricts their interactions. ex:IPX & FDDI
452
``` Repeater work at _____ layer Bridge work at _____ layer Router work at _____ layer Switch work at _____ layer Gateway work at _____ layer ```
``` Repeater work at Physical layer Bridge work at Data link layer Router work at Network layer Switch work at Data link layer Gateway work at Application layer ```
453
A _____ is a private telephone switch that is located on a company’s property. This switch performs some of the same switching tasks that take place at the telephone company’s central office. The _____ has a dedicated connection to its local telephone company’s central office, where more intelligent switching takes place.
A Private Branch Exchange (PBX) is a private telephone switch that is located on a company’s property. This switch performs some of the same switching tasks that take place at the telephone company’s central office. The PBX has a dedicated connection to its local telephone company’s central office, where more intelligent switching takes place.
454
The types of firewalls we will review are? | We will then dive into the three main firewall architectures, which are?-AIO
``` The types of firewalls we will review are • Packet filtering-first generation • Stateful • Proxy • Dynamic packet filtering • Kernel proxy We will then dive into the three main firewall architectures, which are • Screened host • Multihome • Screened subnet ```
455
_____ is also known as _____ because the device does not understand the context that the packets are working within. This means that the device does not have the capability to understand the “full picture” of the communication that is taking place between two systems, but can only focus on individual packet characteristics.
Packet filtering is also known as stateless inspection because the device does not understand the context that the packets are working within. This means that the device does not have the capability to understand the “full picture” of the communication that is taking place between two systems, but can only focus on individual packet characteristics.
456
_____ firewalls understand and keep track of a full communication session, not just the individual packets that make it up. _____ firewalls make their decisions for each packet based solely on the data contained in that individual packet. _____ firewalls accumulate data about the packets they see and use that data in an attempt to match incoming and outgoing packets to determine which packets may be part of the same network communications session. By evaluating a packet in the larger context of a network communications session, a _____ firewall has much more complete information than a _____ firewall and can therefore more readily recognize and reject packets that may be part of a network protocol–based attack.
stateful firewalls understand and keep track of a full communication session, not just the individual packets that make it up. Stateless firewalls make their decisions for each packet based solely on the data contained in that individual packet. Stateful firewalls accumulate data about the packets they see and use that data in an attempt to match incoming and outgoing packets to determine which packets may be part of the same network communications session. By evaluating a packet in the larger context of a network communications session, a stateful firewall has much more complete information than a stateless firewall and can therefore more readily recognize and reject packets that may be part of a network protocol–based attack.
457
_____ Firewall Characteristics • Maintains a state table that tracks each and every communication session • Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce • Is scalable and transparent to users • Provides data for tracking connectionless protocols such as UDP and ICMP • Stores and updates the state and context of the data within the packets
Stateful-Inspection Firewall Characteristics • Maintains a state table that tracks each and every communication session • Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce • Is scalable and transparent to users • Provides data for tracking connectionless protocols such as UDP and ICMP • Stores and updates the state and context of the data within the packets
458
A _____ proxy creates a connection (circuit) between the two communicating systems. It works at the session layer of the OSI model and monitors traffic from a network-based view. This type of proxy cannot “look into” the contents of a packet; thus, it does not carry out deeppacket inspection.
A circuit-level proxy creates a connection (circuit) between the two communicating systems. It works at the session layer of the OSI model and monitors traffic from a network-based view. This type of proxy cannot “look into” the contents of a packet; thus, it does not carry out deeppacket inspection.
459
_____filtering work at network layer _____filtering work at network layer _____filtering work at application layer _____ filtering work at session layer
packet filtering work at network layer stateful filtering work at network layer application-level filtering work at application layer circuit-lecel filtering work at session layer
460
Sometimes a screened-host architecture is referred to as a single-tiered configuration and a screened subnet is referred to as a two-tiered configuration. If three firewalls create two separate DMZs, this may be called a three-tiered configuration. 重點的觀念是=>?
``` Sometimes a screened-host architecture is referred to as a single-tiered configuration and a screened subnet is referred to as a two-tiered configuration. If three firewalls create two separate DMZs, this may be called a three-tiered configuration. #幾tiered還是看他保護幾個區域,不是看有幾個防火牆 ```
461
Circuit switching: | Packet switching:
``` Circuit switching: • Connection-oriented virtual links. • Traffic travels in a predictable and constant manner. • Fixed delays. • Usually carries voice-oriented data. Packet switching: • Packets can use many different dynamic paths to get to the same destination. • Traffic is usually bursty in nature. • Variable delays. • Usually carries data-oriented data. ```
462
QoS allows a service provider to guarantee a level of service to its customers. Four different types of ATM QoS services (listed next) are available to customers. Each service maps to a specific type of data that will be transmitted. • Constant bit rate (CBR) • Variable bit rate (VBR) • Unspecified bit rate (UBR) • Available bit rate (ABR)
QoS allows a service provider to guarantee a level of service to its customers. Four different types of ATM QoS services (listed next) are available to customers. Each service maps to a specific type of data that will be transmitted. • Constant bit rate (CBR) A connection-oriented channel that provides a consistent data throughput for time-sensitive applications, such as voice and video applications. Customers specify the necessary bandwidth requirement at connection setup. • Variable bit rate (VBR) A connection-oriented channel best used for delay-insensitive applications because the data throughput flow is uneven. Customers specify their required peak and sustained rate of data throughput. • Unspecified bit rate (UBR) A connectionless channel that does not promise a specific data throughput rate. Customers cannot, and do not need to, control their traffic rate. • Available bit rate (ABR) A connection-oriented channel that allows the bit rate to be adjusted. Customers are given the bandwidth that remains after a guaranteed service rate has been met.
463
PPP carries out several functions, including the encapsulation of multiprotocol packets; it has a _____ that establishes, configures, and maintains the connection; _____ are used for network layer protocol configuration; and it provides user authentication capabilities through _____, _____, and _____.
PPP carries out several functions, including the encapsulation of multiprotocol packets; it has a Link Control Protocol (LCP) that establishes, configures, and maintains the connection; Network Control Protocols (NCPs) are used for network layer protocol configuration; and it provides user authentication capabilities through Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Extensible Authentication Protocol (EAP).
464
xDSL • Symmetric DSL (SDSL) • Asymmetric DSL (ADSL) • High-bit-rate DSL (HDSL) • Very High-Data-Rate Digital Subscriber Line (VDSL) • Rate-Adaptive Digital Subscriber Line (RADSL)
xDSL Many different flavors of DSL are available, each with its own characteristics and specific uses: • Symmetric DSL (SDSL) Data travels upstream and downstream at the same rate. Bandwidth can range between 192 Kbps and 1.1 Mbps. Used mainly for business applications that require high speeds in both directions. • Asymmetric DSL (ADSL) Data travels downstream faster than upstream. Upstream speeds are 128 Kbps to 384 Kbps, and downstream speeds can be as fast as 768 Kbps. Generally used by residential users. • High-bit-rate DSL (HDSL) Provides T1 (1.544 Mbps) speeds over regular copper phone wire without the use of repeaters. Requires two twisted pairs of wires, which many voice-grade UTP lines do not have. • Very High-Data-Rate Digital Subscriber Line (VDSL) VDSL is basically ADSL at much higher data rates (13 Mbps downstream and 2 Mbps upstream). It is capable of supporting high-bandwidth applications such as HDTV, telephone services (voice over IP), and general Internet access over a single connection. • Rate-Adaptive Digital Subscriber Line (RADSL) Rate-adaptive feature that will adjust the transmission speed to match the quality and the length of the line.
465
Internet Protocol Security IPSec is a suite of protocols that was developed to specifically protect IP traffic. IPv4 does not have any integrated security, so IPSec was developed to “bolt onto” IP and secure the data the protocol transmits. Where PPTP and L2TP work at the data link layer, IPSec works at the network layer of the OSI model. The main protocols that make up the IPSec suite and their basic functionality are as follows: • Authentication Header (AH) • Encapsulating Security Payload (ESP) • Internet Security Association and Key Management Protocol (ISAKMP) • Internet Key Exchange (IKE)
Internet Protocol Security IPSec is a suite of protocols that was developed to specifically protect IP traffic. IPv4 does not have any integrated security, so IPSec was developed to “bolt onto” IP and secure the data the protocol transmits. Where PPTP and L2TP work at the data link layer, IPSec works at the network layer of the OSI model. The main protocols that make up the IPSec suite and their basic functionality are as follows: • Authentication Header (AH) Provides data integrity, data-origin authentication, and protection from replay attacks • Encapsulating Security Payload (ESP) Provides confidentiality, data-origin authentication, and data integrity • Internet Security Association and Key Management Protocol (ISAKMP) Provides a framework for security association creation and key exchange • Internet Key Exchange (IKE) Provides authenticated keying material for use with ISAKMP
466
Point-to-Point Tunneling Protocol (PPTP): • Works in a _____ model • Extends and protects _____ connections • Works at the _____ layer • Transmits over IP networks _____
``` Point-to-Point Tunneling Protocol (PPTP): • Works in a client/server model • Extends and protects PPP connections • Works at the data link layer • Transmits over IP networks only ```
467
``` Layer 2 Tunneling Protocol (L2TP): • Hybrid of L2F and PPTP • Extends and protects PPP connections • Works at the _____ layer • Transmits over _____ types of networks, _____ IP • Combined with _____ for security ```
``` Layer 2 Tunneling Protocol (L2TP): • Hybrid of L2F and PPTP • Extends and protects PPP connections • Works at the data link layer • Transmits over multiple types of networks, not just IP • Combined with IPSec for security ```
468
IPSec: • Handles multiple VPN connections at the same time • Provides secure _____ and _____ • Supports _____ _____ networks • Focuses on _____ communication rather than _____ communication • Works at the _____ layer, and provides security on top of IP
IPSec: • Handles multiple VPN connections at the same time • Provides secure authentication and encryption • Supports only IP networks • Focuses on LAN-to-LAN communication rather than user-to-user communication • Works at the network layer, and provides security on top of IP
469
Transport Layer Security (TLS): • Works at the _____ layer and protects mainly web and e-mail traffic • Granular access control and configuration are available • Easy deployment since TLS is already embedded into web browsers • Can only protect a small number of protocol types, thus is not an infrastructure-level VPN solution
Transport Layer Security (TLS): • Works at the session layer and protects mainly web and e-mail traffic • Granular access control and configuration are available • Easy deployment since TLS is already embedded into web browsers • Can only protect a small number of protocol types, thus is not an infrastructure-level VPN solution
470
One VPN solution is not necessarily better than the other; they just have their own focused purposes: • PPTP is used when a _____ connection needs to be extended through an _____ network. • L2TP is used when a _____ connection needs to be extended through a _____ network. • IPSec is used to protect _____ traffic and is commonly used in _____ connections. • TLS VPN is used when a specific application layer traffic type needs protection.
One VPN solution is not necessarily better than the other; they just have their own focused purposes: • PPTP is used when a PPP connection needs to be extended through an IP-based network. • L2TP is used when a PPP connection needs to be extended through a non–IP-based network. • IPSec is used to protect IP-based traffic and is commonly used in gateway-to-gateway connections. • TLS VPN is used when a specific application layer traffic type needs protection.
471
Extensible Authentication Protocol (EAP) is also supported by PPP. Actually, EAP is not a specific authentication protocol as are PAP and CHAP. Instead, it provides a framework to enable many types of authentication techniques to be used when establishing network connections. As the name states, it extends the authentication possibilities from the norm (PAP and CHAP) to other methods, such as one-time passwords, token cards, biometrics, Kerberos, digital certificates, and future mechanisms. So when a user connects to an authentication server and both have EAP capabilities, they can negotiate between a longer list of possible authentication methods.
實際上,EAP不是PAP和CHAP的特定認證協議。相反,它提供了一個框架,可以在建立網絡連接時使用多種類型的身份驗證技術。顧名思義,它將身份驗證的可能性從標準(PAP和CHAP)擴展到其他方法,例如一次性密碼,令牌卡,生物識別,Kerberos,數字證書和未來機制。因此,當用戶連接到身份驗證服務器並且都具有EAP功能時,他們可以在更長的可能身份驗證方法列表之間進行協商。
472
Encryption at Different Layers In reality, encryption can happen at different layers of an operating system and network stack. The following are just a few examples: • End-to-end encryption happens within the applications. • TLS encryption takes place at the session layer. • PPTP encryption takes place at the data link layer. • Link encryption takes place at the data link and physical layers.
Encryption at Different Layers In reality, encryption can happen at different layers of an operating system and network stack. The following are just a few examples: • End-to-end encryption happens within the applications. • TLS encryption takes place at the session layer. • PPTP encryption takes place at the data link layer. • Link encryption takes place at the data link and physical layers.
473
PGP does not use a hierarchy of CAs, or any type of formal trust certificates, but instead relies on a “web of trust” in its key management approach. Each user generates and distributes his or her public key, and users sign each other’s public keys, which creates a community of users who trust each other.
PGP does not use a hierarchy of CAs, or any type of formal trust certificates, but instead relies on a “web of trust” in its key management approach. Each user generates and distributes his or her public key, and users sign each other’s public keys, which creates a community of users who trust each other.
474
1. Type 1 =>_____ 2. Type 2 =>_____ 3. Type 3 =>_____ 4. Type 4 =>_____ (type 5 => _____)
1. Type 1 =>Something you know 2. Type 2 =>Something you have 3. Type 3 =>Something you are 4. Type 4 =>Somewhere you are (type 5 => Something you do) https: //medium.com/@renansdias/the-5-factors-of-authentication-bcb79d354c13
475
retinal scan
視網膜掃描
476
Directories Most enterprises have some type of directory that contains information pertaining to the company’s network resources and users. Most directories follow a hierarchical database format, based on the _____ standard, and a type of protocol, as in _____, that allows subjects and applications to interact with the directory.
Directories Most enterprises have some type of directory that contains information pertaining to the company’s network resources and users. Most directories follow a hierarchical database format, based on the X.500 standard, and a type of protocol, as in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory.
477
When a biometric system rejects an authorized individual, it is called a Type I error (_____). When the system accepts impostors who should be rejected, it is called a Type II error (_____). The goal is to obtain low numbers for each type of error, but Type II errors are the most dangerous and thus the most important to avoid. When comparing different biometric systems, many different variables are used, but one of the most important metrics is the _____. This rating is stated as a percentage and represents the point at which the false rejection rate equals the false acceptance rate. This rating is the most important measurement when determining the system’s accuracy. A biometric system that delivers a CER of 3 will be more accurate than a system that delivers a CER of 4.
When a biometric system rejects an authorized individual, it is called a Type I error (false rejection rate [FRR]). When the system accepts impostors who should be rejected, it is called a Type II error (false acceptance rate [FAR]). The goal is to obtain low numbers for each type of error, but Type II errors are the most dangerous and thus the most important to avoid. When comparing different biometric systems, many different variables are used, but one of the most important metrics is the crossover error rate (CER). This rating is stated as a percentage and represents the point at which the false rejection rate equals the false acceptance rate. This rating is the most important measurement when determining the system’s accuracy. A biometric system that delivers a CER of 3 will be more accurate than a system that delivers a CER of 4.
478
The main difference between memory cards and smart cards is their capacity to _____ information. A memory card holds information _____ _____ process information. A smart card holds information _____ has the necessary hardware and software to actually _____ that information.
The main difference between memory cards and smart cards is their capacity to process information. A memory card holds information but cannot process information. A smart card holds information and has the necessary hardware and software to actually process that information.
479
In the industry today, lack of interoperability is a big problem. An ISO/IEC standard, _____, outlines the following items for smart card standardization
In the industry today, lack of interoperability is a big problem. An ISO/IEC standard, 14443, outlines the following items for smart card standardization
480
The _____ principle is similar to the least-privilege principle. It is based on the concept that individuals should be given access only to the information they absolutely require in order to perform their job duties.
The need-to-know principle is similar to the least-privilege principle. It is based on the concept that individuals should be given access only to the information they absolutely require in order to perform their job duties.
481
Kerberos is an _____, meaning that vendors can manipulate it to work properly within their products and environments. The industry has different “flavors” of Kerberos, since various vendors require different functionality.
Kerberos is an open protocol, meaning that vendors can manipulate it to work properly within their products and environments. The industry has different “flavors” of Kerberos, since various vendors require different functionality.
482
``` Single Sign-On Technologies: A Summary • Kerberos • Security domains • Directory services • Thin clients ```
Single Sign-On Technologies: A Summary • Kerberos Authentication protocol that uses a KDC and tickets, and is based on symmetric key cryptography • Security domains Resources working under the same security policy and managed by the same group • Directory services Technology that allows resources to be named in a standardized manner and access control to be maintained centrally • Thin clients Terminals that rely upon a central server for access control, processing, and storage
483
A _____ is a portable identity, and its associated entitlements, that can be used across business boundaries. It allows a user to be authenticated across multiple IT systems and enterprises. _____ is based upon linking a user’s otherwise distinct identities at two or more locations without the need to synchronize or consolidate directory information. _____ offers businesses and consumers a more convenient way of accessing distributed resources and is a key component of _____.
A federated identity is a portable identity, and its associated entitlements, that can be used across business boundaries. It allows a user to be authenticated across multiple IT systems and enterprises. Identity federation is based upon linking a user’s otherwise distinct identities at two or more locations without the need to synchronize or consolidate directory information. Federated identity offers businesses and consumers a more convenient way of accessing distributed resources and is a key component of e-commerce.
484
_____ allows for the automation of user management (account creation, amendments, revocation) and access entitlement configuration related to electronically published services across multiple provisioning systems.
SPML allows for the automation of user management (account creation, amendments, revocation) and access entitlement configuration related to electronically published services across multiple provisioning systems.
485
_____ is made up of three main entities: the _____, which is the entity that is making the request to set up a new account or make changes to an existing account; the _____, which is the software that responds to the account requests; and the _____, which is the entity that carries out the provisioning activities on the requested system.
SPML is made up of three main entities: the Requesting Authority (RA), which is the entity that is making the request to set up a new account or make changes to an existing account; the Provisioning Service Provider (PSP), which is the software that responds to the account requests; and the Provisioning Service Target (PST), which is the entity that carries out the provisioning activities on the requested system.
486
When there is a need to allow a user to log in one time and gain access to different and separate web-based applications, the actual authentication data has to be shared between the systems maintaining those web applications securely and in a standardized manner. This is the role that the _____ plays. It is an _____ standard that allows the exchange of _____ and _____ data to be shared between security domains. _____ provides the _____ pieces to federated identity management systems to allow business-to-business (B2B) and business-to-consumer (B2C) transactions.
When there is a need to allow a user to log in one time and gain access to different and separate web-based applications, the actual authentication data has to be shared between the systems maintaining those web applications securely and in a standardized manner. This is the role that the Security Assertion Markup Language (SAML) plays. It is an XML standard that allows the exchange of authentication and authorization data to be shared between security domains. SAML provides the authentication pieces to federated identity management systems to allow business-to-business (B2B) and business-to-consumer (B2C) transactions.
487
XML-based standard we will look at is _____. _____ is used to express security policies and access rights to assets provided through web services and other enterprise applications. SAML is just a way to send around your authentication information, as in a password, key, or digital certificate, in a standard format. _____ is both an access control policy language and a processing model that allows for policies to be interpreted and enforced in a standard manner.
XML-based standard we will look at is Extensible Access Control Markup Language (XACML). XACML is used to express security policies and access rights to assets provided through web services and other enterprise applications. SAML is just a way to send around your authentication information, as in a password, key, or digital certificate, in a standard format. XACML is both an access control policy language and a processing model that allows for policies to be interpreted and enforced in a standard manner.
488
OpenID, currently in version 1.0, defines three roles: • End user • Relying party • OpenID provider
OpenID, currently in version 1.0, defines three roles: • End user The user who wants to be authenticated in order to use a resource • Relying party The server that owns the resource that the end user is trying to access • OpenID provider The IdP (e.g., Google) in which the end user already has an account and which will authenticate the user to the relying party
489
``` The latest version of OAuth, which is version 2.0, is defined in Request for Comments (RFC) 6749. It defines four roles as described here: • Client • Resource server • Authorization server • Resource owner ```
The latest version of OAuth, which is version 2.0, is defined in Request for Comments (RFC) 6749. It defines four roles as described here: • Client A process that requests access to a protected resource. It is worth noting that this term describes the relationship of an entity with a resource provider in a client/server architecture. This means the “client” could actually be a web service (e.g., LinkedIn) that makes requests from another web service (e.g., Google). • Resource server The server that controls the resource that the client is trying to access. • Authorization server The system that keeps track of which clients are allowed to use which resources, and issues access tokens to those clients. • Resource owner Whoever owns a protected resource and is able to grant permissions for others to use it. These permissions are usually granted through a consent dialog box. The resource owner is typically an end user, but could be an application or service.
490
OpenID Connect(OIDC)
OpenID SAML based SSO, consumer websites and apps. Roles: OpenID Provider: Verifies End user. Resource Party: Wants to verify the user. End User: who wants access Example: Facebook App (Consumer) asking for permission from (End User) to grant access to your Facebook Profile (Provider) OpenID Connect(OIDC): OpenID Connect (OIDC) is an authentication layer built on the OAuth 2.0 protocol. It allows transparent authentication and authorization of client resource requests Uses JSON Web Tokens (JWT) and REST to retrieve JWT. Can retrieve user profiles. Vulnerable to Phishing attacks.
491
_____ is a _____ protocol that provides client/server authentication and authorization, and audits remote users. A network may have access servers, a modem pool, DSL, ISDN, or a T1 line dedicated for remote users to communicate through. The access server and customer’s software negotiate through a handshake procedure and agree upon an authentication protocol (PAP, CHAP, or EAP). _____ was developed by Livingston Enterprises for its network access server product series, but was then published as a set of standards (RFC 2865 and RFC 2866). This means it is an open protocol that any vendor can use and manipulate so it will work within its individual products.
Remote Authentication Dial-In User Service (RADIUS) is a network protocol that provides client/server authentication and authorization, and audits remote users. A network may have access servers, a modem pool, DSL, ISDN, or a T1 line dedicated for remote users to communicate through. The access server and customer’s software negotiate through a handshake procedure and agree upon an authentication protocol (PAP, CHAP, or EAP). RADIUS was developed by Livingston Enterprises for its network access server product series, but was then published as a set of standards (RFC 2865 and RFC 2866). This means it is an open protocol that any vendor can use and manipulate so it will work within its individual products.
492
_____ has been through three generations: _____, Extended _____ (X_____), and _____+. _____ combines its authentication and authorization processes; _____ separates authentication, authorization, and auditing processes; and _____+ is _____ with extended two-factor user authentication. _____ uses fixed passwords for authentication, while _____+ allows users to employ dynamic (onetime) passwords, which provides more protection. _____+ is really not a new generation of _____ and _____; it is a distinct protocol that provides similar functionality and shares the same naming scheme. Because it is a totally different protocol, it is not backward-compatible with _____ or _____.
TACACS has been through three generations: TACACS, Extended TACACS (XTACACS), and TACACS+. TACACS combines its authentication and authorization processes; XTACACS separates authentication, authorization, and auditing processes; and TACACS+ is XTACACS with extended two-factor user authentication. TACACS uses fixed passwords for authentication, while TACACS+ allows users to employ dynamic (onetime) passwords, which provides more protection. TACACS+ is really not a new generation of TACACS and XTACACS; it is a distinct protocol that provides similar functionality and shares the same naming scheme. Because it is a totally different protocol, it is not backward-compatible with TACACS or XTACACS.
493
_____ is another AAA protocol that provides the same type of functionality as RADIUS and TACACS+ but also provides more flexibility and capabilities to meet the new demands of today’s complex and diverse networks. Today, we want our wireless devices and smartphones to be able to authenticate themselves to our networks, and we use roaming protocols, _____, Ethernet over PPP, _____ (_____), and other crazy stuff that the traditional AAA protocols cannot keep up with.
Diameter is another AAA protocol that provides the same type of functionality as RADIUS and TACACS+ but also provides more flexibility and capabilities to meet the new demands of today’s complex and diverse networks. Today, we want our wireless devices and smartphones to be able to authenticate themselves to our networks, and we use roaming protocols, Mobile IP, Ethernet over PPP, Voice over IP (VoIP), and other crazy stuff that the traditional AAA protocols cannot keep up with.
494
An _____ is a _____ of _____ and _____ indicating what actions individual _____ can take upon individual _____. Matrices are data structures that programmers implement as table lookups that will be used and enforced by the operating system. This type of access control is usually an attribute of _____ models. The access rights can be assigned directly to the _____ (_____) or to the _____ (_____).
An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects. Matrices are data structures that programmers implement as table lookups that will be used and enforced by the operating system. This type of access control is usually an attribute of DAC models. The access rights can be assigned directly to the subjects (capabilities) or to the objects (ACLs).
495
_____ A capability table specifies the access rights a certain subject possesses pertaining to specific objects. A _____ is different from an _____ because the _____ is bound to the _____, whereas the _____ is bound to the _____. An example of a _____ system is Kerberos. In this environment, the user is given a ticket, which is his _____.
Capability Table A capability table specifies the access rights a certain subject possesses pertaining to specific objects. A capability table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL. An example of a capability-based system is Kerberos. In this environment, the user is given a ticket, which is his capability table.
496
_____ (_____) are used in several operating systems, applications, and router configurations. They are lists of subjects that are authorized to access a specific _____, and they define what level of authorization is granted. Authorization can be specific to an individual, group, or role.
Access Control Lists Access control lists (ACLs) are used in several operating systems, applications, and router configurations. They are lists of subjects that are authorized to access a specific object, and they define what level of authorization is granted. Authorization can be specific to an individual, group, or role.
497
_____ started out as a study carried out by the DoD and then turned into a standard that outlines how to develop countermeasures that control spurious _____ by _____.
TEMPEST started out as a study carried out by the DoD and then turned into a standard that outlines how to develop countermeasures that control spurious electrical signals emitted by electrical equipment.
498
Just to make life a little more confusing, HIDS and NIDS can be one of the types, as listed next. Signature-based: Anomaly-based:
``` Just to make life a little more confusing, HIDS and NIDS can be one of the types, as listed next. Signature-based: • Pattern matching • Stateful matching Anomaly-based: • Statistical anomaly–based • Protocol anomaly–based • Traffic anomaly–based • Rule- or heuristic-based ```
499
When performing a penetration test, the team goes through a five-step process:
When performing a penetration test, the team goes through a five-step process: 1. Discovery Footprinting and gathering information about the target 2. Enumeration Performing port scans and resource identification methods 3. Vulnerability mapping Identifying vulnerabilities in identified systems and resources 4. Exploitation Attempting to gain unauthorized access by exploiting vulnerabilities 5. Report to management Delivering to management documentation of test findings along with suggested countermeasures
500
_____ allows attackers and administrators to dial large blocks of phone numbers in search of available modems
War dialing allows attackers and administrators to dial large blocks of phone numbers in search of available modems
501
_____ is a passive way to monitor the interactions of real users with a web application or system. It uses agents to capture metrics such as delay, jitter, and errors from the user’s perspective. _____ differs from _____ in that it uses real people instead of scripted commands.
Real user monitoring (RUM) is a passive way to monitor the interactions of real users with a web application or system. It uses agents to capture metrics such as delay, jitter, and errors from the user’s perspective. RUM differs from synthetic transactions in that it uses real people instead of scripted commands.
502
_____ are very predictable and can be very regular, because their behaviors are scripted. They can also detect rare occurrences more reliably than waiting for a user to actually trigger that behavior. _____ also have the advantage of not having to wait for a user to become dissatisfied or encounter a problem, which makes them a more proactive approach.
Synthetic transactions are very predictable and can be very regular, because their behaviors are scripted. They can also detect rare occurrences more reliably than waiting for a user to actually trigger that behavior. Synthetic transactions also have the advantage of not having to wait for a user to become dissatisfied or encounter a problem, which makes them a more proactive(主動的) approach.
503
_____ testing is a detailed code review that steps through planning, overview, preparation, inspection, rework, and follow-up phases.
Fagan testing is a detailed code review that steps through planning, overview, preparation, inspection, rework, and follow-up phases.
504
_____ is a best practice that all software development operations should adopt. In a nutshell, it means that as you develop or review the code, you are constantly looking for opportunities for things to go badly. Perhaps the best example of defensive programming is the practice of treating all inputs, whether they come from a keyboard, a file, or the network, as untrusted until proven otherwise.
Defensive programming is a best practice that all software development operations should adopt. In a nutshell, it means that as you develop or review the code, you are constantly looking for opportunities for things to go badly. Perhaps the best example of defensive programming is the practice of treating all inputs, whether they come from a keyboard, a file, or the network, as untrusted until proven otherwise.
505
First, all new users should be required to read through and acknowledge they understand (typically by signing) all policies that apply to them. At a minimum, every organization should have (and every user should sign) an _____ that specifies what the organization considers acceptable use of the information systems that are made available to the employee.
First, all new users should be required to read through and acknowledge they understand (typically by signing) all policies that apply to them. At a minimum, every organization should have (and every user should sign) an acceptable use policy (AUP) that specifies what the organization considers acceptable use of the information systems that are made available to the employee.
506
_____ In this type of test, copies of the DRP or BCP are distributed to the different departments and functional areas for review. This enables each functional manager to review the plan and indicate if anything has been left out or if some approaches should be modified or deleted. This method ensures that nothing is taken for granted or omitted, as might be the case in a single-department review. Once the departments have reviewed their copies and made suggestions, the planning team then integrates those changes into the master plan. The _____ is also called the _____.
Checklist Test In this type of test, copies of the DRP or BCP are distributed to the different departments and functional areas for review. This enables each functional manager to review the plan and indicate if anything has been left out or if some approaches should be modified or deleted. This method ensures that nothing is taken for granted or omitted, as might be the case in a single-department review. Once the departments have reviewed their copies and made suggestions, the planning team then integrates those changes into the master plan. The checklist test is also called the desk check test.
507
_____ Test In this test, representatives from each department or functional area come together and go over the plan to ensure its accuracy. The group reviews the objectives of the plan; discusses the scope and assumptions of the plan; reviews the organization and reporting structure; and evaluates the testing, maintenance, and training requirements described. This gives the people responsible for making sure a disaster recovery happens effectively and efficiently a chance to review what has been decided upon and what is expected of them. The group walks through different scenarios of the plan from beginning to end to make sure nothing was left out. This also raises the awareness of team members about the recovery procedures.
Structured Walk-Through Test In this test, representatives from each department or functional area come together and go over the plan to ensure its accuracy. The group reviews the objectives of the plan; discusses the scope and assumptions of the plan; reviews the organization and reporting structure; and evaluates the testing, maintenance, and training requirements described. This gives the people responsible for making sure a disaster recovery happens effectively and efficiently a chance to review what has been decided upon and what is expected of them. The group walks through different scenarios of the plan from beginning to end to make sure nothing was left out. This also raises the awareness of team members about the recovery procedures.
508
_____ exercises (_____) may or may not happen at a tabletop, but they do not involve a technical control infrastructure. _____ can happen at an executive level (e.g., CEO, CIO, CFO) or at a team level (e.g., security operations center [SOC]), or anywhere in between. The idea is usually to test out procedures and ensure they actually do what they’re intended to and that everyone knows their role in responding to an event. _____ require relatively few resources apart from deliberate planning by qualified individuals and the undisturbed time and attention of the participants.
Tabletop Exercises Tabletop exercises (TTXs) may or may not happen at a tabletop, but they do not involve a technical control infrastructure. TTXs can happen at an executive level (e.g., CEO, CIO, CFO) or at a team level (e.g., security operations center [SOC]), or anywhere in between. The idea is usually to test out procedures and ensure they actually do what they’re intended to and that everyone knows their role in responding to an event. TTXs require relatively few resources apart from deliberate planning by qualified individuals and the undisturbed time and attention of the participants.
509
_____ Test This type of test takes a lot more planning and people. In this situation, all employees who participate in operational and support functions, or their representatives, come together to practice executing the disaster recovery plan based on a specific scenario. The scenario is used to test the reaction of each operational and support representative. Again, this is done to ensure specific steps were not left out and that certain threats were not overlooked. It raises the awareness of the people involved. The drill includes only those materials that will be available in an actual disaster to portray a more realistic environment. The simulation test continues up to the point of actual relocation to an offsite facility and actual shipment of replacement equipment.
Simulation Test This type of test takes a lot more planning and people. In this situation, all employees who participate in operational and support functions, or their representatives, come together to practice executing the disaster recovery plan based on a specific scenario. The scenario is used to test the reaction of each operational and support representative. Again, this is done to ensure specific steps were not left out and that certain threats were not overlooked. It raises the awareness of the people involved. The drill includes only those materials that will be available in an actual disaster to portray a more realistic environment. The simulation test continues up to the point of actual relocation to an offsite facility and actual shipment of replacement equipment.
510
_____ Test In a parallel test, some systems are moved to the alternate site and processing takes place. The results are compared with the regular processing that is done at the original site. This ensures that the specific systems can actually perform adequately at the alternate offsite facility, and points out any tweaking or reconfiguring that is necessary.
Parallel Test In a parallel test, some systems are moved to the alternate site and processing takes place. The results are compared with the regular processing that is done at the original site. This ensures that the specific systems can actually perform adequately at the alternate offsite facility, and points out any tweaking or reconfiguring that is necessary.
511
Security _____ is the process of teaching a skill or set of skills that will allow people to perform specific functions better. Security _____ training, on the other hand, is the process of exposing people to security issues so that they may be able to recognize them and better respond to them. Security _____ is typically provided to security personnel, while security _____ training should be provided to every member of the organization.
Security training is the process of teaching a skill or set of skills that will allow people to perform specific functions better. Security awareness training, on the other hand, is the process of exposing people to security issues so that they may be able to recognize them and better respond to them. Security training is typically provided to security personnel, while security awareness training should be provided to every member of the organization.
512
The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised. This baseline is referred to as a _____. Once this _____ has been exceeded, further violations are recorded for review. The goal of using _____, auditing, and monitoring is to discover problems before major damage occurs and, at times, to be alerted if a possible attack is underway within the network.
The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised. This baseline is referred to as a clipping level. Once this clipping level has been exceeded, further violations are recorded for review. The goal of using clipping levels, auditing, and monitoring is to discover problems before major damage occurs and, at times, to be alerted if a possible attack is underway within the network.
513
``` The risk analysis results will also help indicate what height of fencing the organization should implement. Fences come in varying heights, and each height provides a different level of security: • Fences _____ feet high only deter casual trespassers. • Fences _____ feet high are considered too high to climb easily. • Fences _____ feet high (possibly with strands of barbed or razor wire at the top) means you are serious about protecting your property. They often deter the more determined intruder. #Critical areas should have fences at least _____ feet high to provide the proper level of protection. ```
``` The risk analysis results will also help indicate what height of fencing the organization should implement. Fences come in varying heights, and each height provides a different level of security: • Fences three to four feet high only deter casual trespassers. • Fences six to seven feet high are considered too high to climb easily. • Fences eight feet high (possibly with strands of barbed or razor wire at the top) means you are serious about protecting your property. They often deter the more determined intruder. #Critical areas should have fences at least eight feet high to provide the proper level of protection. ```
514
Two main types of lenses are used in CCTV: fixed focal length and zoom (varifocal). The focal length of a lens defines its effectiveness in viewing objects from a horizontal and vertical view. The focal length value relates to the angle of view that can be achieved. _____ focal length lenses provide wider-angle views, while _____ focal length lenses provide a narrower view.
Two main types of lenses are used in CCTV: fixed focal length and zoom (varifocal). The focal length of a lens defines its effectiveness in viewing objects from a horizontal and vertical view. The focal length value relates to the angle of view that can be achieved. Short focal length lenses provide wider-angle views, while long focal length lenses provide a narrower view.
515
Provisioning is only one part of a cyclical asset management process that can be divided into four phases: _____, _____, _____, and _____.
Provisioning is only one part of a cyclical asset management process that can be divided into four phases: business case, acquisition, operation and maintenance (O&M), and retirement.
516
``` Change Control Process • Request for a change to take place • Approval of the change • Documentation of the change • Tested and presented • Implementation ```
Change Control Process • Request for a change to take place Requests should be presented to an individual or group that is responsible for approving changes and overseeing the activities of changes that take place within an environment. • Approval of the change The individual requesting the change must justify the reasons and clearly show the benefits and possible pitfalls of (that is, risk introduced by) the change. Sometimes the requester is asked to conduct more research and provide more information before the change is approved. • Documentation of the change Once the change is approved, it should be entered into a change log. The log should be updated as the process continues toward completion. Denied requests must also be documented, so that there is a record of the rationale for not making the change. • Tested and presented The change must be fully tested to uncover any unforeseen results. Regardless of how well we test, there is always a chance that the change will cause an unacceptable loss or outage, so every change request should also have a rollback plan that restores the system to the last known-good configuration. Depending on the severity of the change and the company’s organization, the change and implementation may need to be presented to a change control committee. This helps show different sides to the purpose and outcome of the change and the possible ramifications. • Implementation Once the change is fully tested and approved, a schedule should be developed that outlines the projected phases of the change being implemented and the necessary milestones. These steps should be fully documented and progress should be monitored.
517
An operating system’s response to a type of failure can be classified as one of the following?
An operating system’s response to a type of failure can be classified as one of the following: • System reboot • Emergency system restart • System cold start
518
A _____ takes place after the system shuts itself down in a controlled manner in response to a kernel failure. If the system finds inconsistent data structures or if there is not enough space in some critical tables, a _____ may take place. This releases resources and returns the system to a more stable and safe state.
A system reboot takes place after the system shuts itself down in a controlled manner in response to a kernel failure. If the system finds inconsistent data structures or if there is not enough space in some critical tables, a system reboot may take place. This releases resources and returns the system to a more stable and safe state.
519
An _____ takes place after a system failure happens in an uncontrolled manner. This could be a kernel or media failure caused by lower-privileged user processes attempting to access memory segments that are restricted. The system sees this as an insecure activity that it cannot properly recover from without rebooting. The kernel and user objects could be in an inconsistent state, and data could be lost or corrupted. The system thus goes into a maintenance mode and recovers from the actions taken. Then it is brought back up in a consistent and stable state.
An emergency system restart takes place after a system failure happens in an uncontrolled manner. This could be a kernel or media failure caused by lower-privileged user processes attempting to access memory segments that are restricted. The system sees this as an insecure activity that it cannot properly recover from without rebooting. The kernel and user objects could be in an inconsistent state, and data could be lost or corrupted. The system thus goes into a maintenance mode and recovers from the actions taken. Then it is brought back up in a consistent and stable state.
520
A _____ takes place when an unexpected kernel or media failure happens and the regular recovery procedure cannot recover the system to a more consistent state. The system, kernel, and user objects may remain in an inconsistent state while the system attempts to recover itself, and intervention may be required by the user or administrator to restore the system.
A system cold start takes place when an unexpected kernel or media failure happens and the regular recovery procedure cannot recover the system to a more consistent state. The system, kernel, and user objects may remain in an inconsistent state while the system attempts to recover itself, and intervention may be required by the user or administrator to restore the system.
521
Companies should have an _____, which indicates what software users can install and informs users that the environment will be surveyed from time to time to verify compliance.
Companies should have an acceptable use policy (AUP), which indicates what software users can install and informs users that the environment will be surveyed from time to time to verify compliance.
522
``` _____ is a measure of how long we expect a piece of equipment to operate reliably. #_____ implies that the device or component is repairable. If it isn’t, then we use the term _____. ```
``` Mean time between failures (MTBF) is a measure of how long we expect a piece of equipment to operate reliably. #MTBF implies that the device or component is repairable. If it isn’t, then we use the term mean time to failure (MTTF). ```
523
repairable is the expected amount of time it will take to get a device fixed and back into production after its failure.
Mean time to repair (MTTR) is the expected amount of time it will take to get a device fixed and back into production after its failure.
524
_____ addresses how to keep the organization in business after a disaster takes place. It is about the survivability of the organization and making sure that critical functions can still take place even after a disaster. _____ address how to deal with small incidents that do not qualify as disasters, as in power outages, server failures, a down communication link to the Internet, or the corruption of software. It is important that
BCP addresses how to keep the organization in business after a disaster takes place. It is about the survivability of the organization and making sure that critical functions can still take place even after a disaster. Contingency plans address how to deal with small incidents that do not qualify as disasters, as in power outages, server failures, a down communication link to the Internet, or the corruption of software. It is important that
525
NIST Special Publication 800-137, “_____,” defines ...?
NIST Special Publication 800-137, “Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations,” defines information security continuous monitoring as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.”
526
There is a distinction here between logging, monitoring, and continuous monitoring. Your _____ policies should be pretty permissive. Data storage is cheap and you want to capture as much data as you can in case you ever need it. _____ is more limited because it typically requires a human to personally do it, or at least to deal with the reports (such as SIEM alerts) that come out of it.
There is a distinction here between logging, monitoring, and continuous monitoring. Your logging policies should be pretty permissive. Data storage is cheap and you want to capture as much data as you can in case you ever need it. Monitoring is more limited because it typically requires a human to personally do it, or at least to deal with the reports (such as SIEM alerts) that come out of it.
527
_____ Management According to NIST Special Publication 800-40, Revision 3, “Guide to Enterprise _____ Management Technologies,” _____ management is “the process for identifying, acquiring, installing, and verifying _____ for products and systems.” _____ are software updates intended to remove a vulnerability or defect in the software, or to provide new features or functionality for it. _____ management is, at least in a basic way, an established part of organizations’ IT or security operations already.
Patch Management According to NIST Special Publication 800-40, Revision 3, “Guide to Enterprise Patch Management Technologies,” patch management is “the process for identifying, acquiring, installing, and verifying patches for products and systems.” Patches are software updates intended to remove a vulnerability or defect in the software, or to provide new features or functionality for it. Patch management is, at least in a basic way, an established part of organizations’ IT or security operations already.
528
(ISC) 2 has broken out these four basic actions and prescribes seven phases in the incident management process: ? An _____ is any occurrence that can be observed, verified, and documented, whereas an _____ is one or more related events that negatively affect the company and/or impact its security posture.
(ISC) 2 has broken out these four basic actions and prescribes seven phases in the incident management process: detect, respond, mitigate, report, recover, remediate, and learn. An event is any occurrence that can be observed, verified, and documented, whereas an incident is one or more related events that negatively affect the company and/or impact its security posture.
529
The Cyber Kill Chain 1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. Installation 6. Command and Control (C&C) 7. Actions on the Objective
The Cyber Kill Chain 1. Reconnaissance The adversary has developed an interest in your organization as a target and begins a deliberate information-gathering effort to find vulnerabilities. 2. Weaponization Armed with detailed-enough information, the adversary determines the best way into your systems and begins preparing and testing the weapons to be used against you. 3. Delivery In this phase, the cyber weapon is delivered into your system. In over 95 percent of the published cases, this delivery happens via e-mail and usually in the form of a link to a malicious website. 4. Exploitation The malicious software is executing on a CPU within your network. This may have launched when the target user clicked a link, opened an attachment, visited a website, or plugged in a USB thumb drive. It could also (in somewhat rare cases) be the result of a remote exploit. One way or another, the attacker’s software is now running in your systems. 5. Installation Most malicious software is delivered in stages. First, there is the exploit that compromised the system in the prior step. Then, some other software is installed in the target system to ensure persistence, ideally with a good measure of stealth. 6. Command and Control (C&C) Once the first two stages of the software (exploit and persistence) have been executed, most malware will “phone home” to the attackers to let them know the attack was successful and to request updates and instructions. 7. Actions on the Objective Finally, the malware is ready to do whatever it is it was designed to do. Perhaps the intent is to steal intellectual property and send it to an overseas server. Or perhaps this particular effort is an early phase in a grander attack, so the malware will pivot off the compromised system. Whatever the case, the attacker has won at this point.
530
According to NIST Special Publication 800-61, Revision 2, “??”
According to NIST Special Publication 800-61, Revision 2, “Computer Security Incident Handling Guide,” the following information should be reported for each incident: • Summary of the incident • Indicators • Related incidents • Actions taken • Chain of custody for all evidence (if applicable) • Impact assessment • Identity and comments of incident handlers • Next steps to be taken
531
The Forensic Investigation Process ?
``` The Forensic Investigation Process • Identification • Preservation • Collection • Examination • Analysis • Presentation • Decision ```
532
A ______ is a history that shows how evidence was collected, analyzed, transported, and preserved in order to be presented in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy.
A chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to be presented in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy.
533
The ______ is the remainder of the overall MTD value after the RTO has passed. RTO usually deals with getting the infrastructure and systems back up and running, and ______ deals with restoring data, testing processes, and then making everything “live” for production purposes.
The work recovery time (WRT) is the remainder of the overall MTD value after the RTO has passed. RTO usually deals with getting the infrastructure and systems back up and running, and WRT deals with restoring data, testing processes, and then making everything “live” for production purposes.
534
Disruptions, in BCP terms, are of three main types: ______, ______, and ______. A ______ is a disruption in service that has significant but limited impact on the conduct of business processes at a facility. The solution could include hardware, software, or file restoration. A ______ is an event that causes the entire facility to be unusable for a day or longer. This usually requires the use of an alternate processing facility and restoration of software and data from offsite copies. The alternate site must be available to the company until its main facility is repaired and usable. A ______ is a major disruption that destroys the facility altogether. This requires both a short-term solution, which would be an offsite facility, and a long-term solution, which may require rebuilding the original facility. ______ and ______ are rare compared to nondisasters, thank goodness.
Disruptions, in BCP terms, are of three main types: nondisasters, disasters, and catastrophes. A nondisaster is a disruption in service that has significant but limited impact on the conduct of business processes at a facility. The solution could include hardware, software, or file restoration. A disaster is an event that causes the entire facility to be unusable for a day or longer. This usually requires the use of an alternate processing facility and restoration of software and data from offsite copies. The alternate site must be available to the company until its main facility is repaired and usable. A catastrophe is a major disruption that destroys the facility altogether. This requires both a short-term solution, which would be an offsite facility, and a long-term solution, which may require rebuilding the original facility. Disasters and catastrophes are rare compared to nondisasters, thank goodness.
535
Hot Site Advantages: Hot Site Disadvantages: Warm and Cold Site Advantages: Warm and Cold Site Disadvantages:
Hot Site Advantages: • Ready within hours for operation • Highly available • Usually used for short-term solutions, but available for longer stays • Annual testing available Hot Site Disadvantages: • Very expensive • Limited on hardware and software choices Warm and Cold Site Advantages: • Less expensive • Available for longer timeframes because of the reduced costs • Practical for proprietary hardware or software use Warm and Cold Site Disadvantages: • Operational testing not usually available • Resources for operations not immediately available
536
Most companies choose to combine a full backup with a differential or incremental backup. A ______ process backs up the files that have been modified since the last full backup. When the data needs to be restored, the full backup is laid down first, and then the most recent ______ backup is put down on top of it. The ______ process does not change the archive bit value.
Most companies choose to combine a full backup with a differential or incremental backup. A differential process backs up the files that have been modified since the last full backup. When the data needs to be restored, the full backup is laid down first, and then the most recent differential backup is put down on top of it. The differential process does not change the archive bit value.
537
Most companies choose to combine a full backup with a differential or incremental backup. An ______ process backs up all the files that have changed since the last full or ______ backup and sets the archive bit to 0. When the data needs to be restored, the full backup data is laid down, and then each ______ backup is laid down on top of it in the proper order.
Most companies choose to combine a full backup with a differential or incremental backup. An incremental process backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0. When the data needs to be restored, the full backup data is laid down, and then each incremental backup is laid down on top of it in the proper order.
538
The first step is to do a ______ backup, which is just what it sounds like—all data is backed up and saved to some type of storage media. During a ______ backup, the archive bit is cleared, which means that it is set to 0. A company can choose to do ______ backups only, in which case the restoration process is just one step, but the backup and restore processes could take a long time.
The first step is to do a full backup, which is just what it sounds like—all data is backed up and saved to some type of storage media. During a full backup, the archive bit is cleared, which means that it is set to 0. A company can choose to do full backups only, in which case the restoration process is just one step, but the backup and restore processes could take a long time.
539
Whatever the organization chooses, it is important to not mix differential and incremental backups. This overlap could cause files to be missed, since the ______ backup changes the archive bit and the ______ backup does not.
Whatever the organization chooses, it is important to not mix differential and incremental backups. This overlap could cause files to be missed, since the incremental backup changes the archive bit and the differential backup does not.
540
The Safeguards Rule in the ______ requires financial institutions to have information security programs that protect consumers’ personal financial information from anticipated threats and/or unauthorized access.
The Safeguards Rule in the Gramm-Leach-Bliley Act (GLBA) requires financial institutions to have information security programs that protect consumers’ personal financial information from anticipated threats and/or unauthorized access.
541
NIST Special Publication 800-34, Revision 1,
NIST Special Publication 800-34, Revision 1, “Contingency Planning Guide for Federal Information Systems,”
542
``` Software development life cycle (SDLC) models: • Requirements gathering • Design • Development • Testing • Operations and maintenance ```
There have been several software development life cycle (SDLC) models developed over the years, which we will cover later in this section, but the crux of each model deals with the following phases: • Requirements gathering Determine why to create this software, what the software will do, and for whom the software will be created • Design Deals with how the software will accomplish the goals identified, which are encapsulated into a functional design • Development Programming software code to meet specifications laid out in the design phase and integrating that code with existing systems and/or libraries • Testing Verifying and validating software to ensure that the software works as planned and that goals are met • Operations and maintenance Deploying the software and then ensuring that it is properly configured, patched, and monitored
543
PMBOK® Guide Concept of the Project Life Cycle | 5 Phase
``` PMBOK® Guide Concept of the Project Life Cycle Phase 1: Project Initiation Phase 2: Project Planning Phase 3: Project Execution Phase 4: Project Performance/Monitoring Phase 5: Project Closure ```
544
The term _____ is generally reserved for automated tools that assist analysts and developers, whereas manual inspection by humans is generally referred to as _____. However, it must be remembered that _____ can never reveal logical errors and design flaws, and therefore must be used in conjunction with manual code review to ensure thorough evaluation.
The term static analysis is generally reserved for automated tools that assist analysts and developers, whereas manual inspection by humans is generally referred to as code review. However, it must be remembered that static code analysis can never reveal logical errors and design flaws, and therefore must be used in conjunction with manual code review to ensure thorough evaluation.
545
The following are some of the most common testing approaches: • Unit testing Testing individual components in a controlled environment where programmers validate data structure, logic, and boundary conditions • Integration testing Verifying that components work together as outlined in design specifications • Acceptance testing Ensuring that the code meets customer requirements • Regression testing After a change to a system takes place, retesting to ensure functionality, performance, and protection
The following are some of the most common testing approaches: • Unit testing Testing individual components in a controlled environment where programmers validate data structure, logic, and boundary conditions • Integration testing Verifying that components work together as outlined in design specifications • Acceptance testing Ensuring that the code meets customer requirements • Regression testing After a change to a system takes place, retesting to ensure functionality, performance, and protection
546
Verification vs. Validation _____ determines if the product accurately represents and meets the specifications. After all, a product can be developed that does not match the original specifications, so this step ensures the specifications are being properly met. It answers the question: Did we build the product right? _____ determines if the product provides the necessary solution for the intended real world problem. In large projects, it is easy to lose sight of the overall goal. This exercise ensures that the main goal of the project is met. It answers the question: Did we build the right product?
Verification vs. Validation Verification determines if the product accurately represents and meets the specifications. After all, a product can be developed that does not match the original specifications, so this step ensures the specifications are being properly met. It answers the question: Did we build the product right? Validation determines if the product provides the necessary solution for the intended real world problem. In large projects, it is easy to lose sight of the overall goal. This exercise ensures that the main goal of the project is met. It answers the question: Did we build the right product?
547
``` SDLC and Security The main phases of a software development life cycle are shown here with some specific security tasks. Requirements gathering: Design: Development: Testing: Operations and maintenance: ```
``` SDLC and Security The main phases of a software development life cycle are shown here with some specific security tasks. Requirements gathering: • Security risk assessment • Privacy risk assessment • Risk-level acceptance • Informational, functional, and behavioral requirements Design: • Attack surface analysis • Threat modeling Development: • Automated CASE tools • Static analysis Testing: • Dynamic analysis • Fuzzing • Manual testing • Unit, integration, acceptance, and regression testing Operations and maintenance: • Final security review ```
548
``` Agile methodology ______ over processes and tools ______ over comprehensive documentation ______ over contract negotiation ______ over following a plan ```
Agile methodology Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan
549
Review of Development Methodologies • ______ Very rigid, sequential approach that requires each phase to complete before the next one can begin. Difficult to integrate changes. Inflexible methodology. • ______ Emphasizes verification and validation at each phase and testing to take place throughout the project, not just at the end. • ______ Creating a sample or model of the code for proof-of-concept purposes. • ______ Multiple development cycles are carried out on a piece of software throughout its development stages. Each phase provides a usable version of software. • ______ approach that emphasizes risk analysis per iteration. Allows for customer feedback to be integrated through a flexible evolutionary approach. • ______ Combines prototyping and iterative development procedures with the goal of accelerating the software development process. • ______ Iterative and incremental development processes that encourage team-based collaboration. Flexibility and adaptability are used instead of a strict process structure.
Review of Development Methodologies • Waterfall Very rigid, sequential approach that requires each phase to complete before the next one can begin. Difficult to integrate changes. Inflexible methodology. • V-shaped Emphasizes verification and validation at each phase and testing to take place throughout the project, not just at the end. • Prototyping Creating a sample or model of the code for proof-of-concept purposes. • Incremental Multiple development cycles are carried out on a piece of software throughout its development stages. Each phase provides a usable version of software. • Spiral Iterative approach that emphasizes risk analysis per iteration. Allows for customer feedback to be integrated through a flexible evolutionary approach. • Rapid Application Development Combines prototyping and iterative development procedures with the goal of accelerating the software development process. • Agile Iterative and incremental development processes that encourage team-based collaboration. Flexibility and adaptability are used instead of a strict process structure.
550
______ is the practice of incorporating ______, ______, and ______ staff into software development projects to align their incentives and enable frequent, efficient, and reliable releases of software products.
DevOps is the practice of incorporating development, IT, and quality assurance (QA) staff into software development projects to align their incentives and enable frequent, efficient, and reliable releases of software products.
551
``` The five maturity levels of the CMMI model are • Initial • Repeatable • Defined • Managed • Optimizing ```
The five maturity levels of the CMMI model are • Initial Development process is ad hoc or even chaotic. The company does not use effective management procedures and plans. There is no assurance of consistency, and quality is unpredictable. Success is usually the result of individual heroics. • Repeatable A formal management structure, change control, and quality assurance are in place. The company can properly repeat processes throughout each project. The company does not have formal process models defined. • Defined Formal procedures are in place that outline and define processes carried out in each project. The organization has a way to allow for quantitative process improvement. • Managed The company has formal processes in place to collect and analyze quantitative data, and metrics are defined and fed into the process-improvement program. • Optimizing The company has budgeted and integrated plans for continuous process improvement.
552
``` 5. IDEAL 模型 SEI 為軟件開發確立了 IDEAL 模型 , 這種模型實現了許多 SWαm 屬性。 IDEAL 模型具有下列 5 個階段 : 1 :啟動 2: 診斷 3: 建立 4 :行動 5: 學習 ```
5. IDEAL 模型 SEI 為軟件開發確立了 IDEAL 模型 , 這種模型實現了許多 SWαm 屬性。 IDEAL 模型具有下列 5 個階段 : 1 :啟動 在 IDEAL 模型 的啟 動階段, 概述更改的業務原因 , 為舉措提供支持, 以及準備好恰當的基礎設施 。 2: 診斷 在診斷階段, 工程師分析組織的當前狀態 , 並且為更改給 出一般性建議 。 3: 建立 在建立階段, 組織採用診斷階段的一般建議, 並且開發幫助實現這些更改的具體動作計劃。 4 :行動 在行動階段, 停止 "討論" 開始 "執行"。組織開發解決方案, 隨後測試、 改進和實現解決方案。 5: 學習 與任何質量改進過程一樣, 組織必須不斷分析其努力的結果, 從而確定是否 己實現期望的 目標 , 必要時建議採取新 的行動 ,使組織重返正軌。
553
The following are some necessary steps for a change control process: 1. Make a formal request for a change. 2. Analyze the request. 3. Record the change request. 4. Submit the change request for approval. 5. Develop the change. 6. Report results to management.
The following are some necessary steps for a change control process: 1. Make a formal request for a change. 2. Analyze the request. a. Develop the implementation strategy. b. Calculate the costs of this implementation. c. Review security implications. 3. Record the change request. 4. Submit the change request for approval. 5. Develop the change. a. Recode segments of the product and add or subtract functionality. b. Link these changes in the code to the formal change control request. c. Submit software for testing and quality control. d. Repeat until quality is adequate. e. Make version changes. 6. Report results to management.
554
OWASP Top 10 2017
``` OWASP Top 10 2017 • A1: Injection • A2: Broken Authentication • A3: Sensitive Data Exposure • A4: XML External Entities • A5: Broken Access Control • A6: Security Misconfiguration • A7: Cross-Site Scripting (XSS) • A8: Insecure Deserialization • A9: Using Components with Known Vulnerabilities • A10: Insufficient Logging & Monitoring ```
555
``` The following lists the basic software programming language generations: • Generation one ______ language • Generation two ______ language • Generation three ______ language • Generation four ______ language • Generation five ______ language ```
The following lists the basic software programming language generations: • Generation one Machine language • Generation two Assembly language • Generation three High-level language • Generation four Very high-level language • Generation five Natural language
556
Data hiding is provided by ______, which protects an object’s private data from outside access. No object should be allowed to, or have the need to, access another object’s internal data or processes.
Data hiding is provided by encapsulation, which protects an object’s private data from outside access. No object should be allowed to, or have the need to, access another object’s internal data or processes.
557
Objects should be self-contained and perform a single logical function, which is high ______. Objects should not drastically affect each other, which is low ______.
Objects should be self-contained and perform a single logical function, which is high cohesion. Objects should not drastically affect each other, which is low coupling.
558
______ is an open object-oriented standard architecture developed by the Object Management Group (OMG). It provides interoperability among the vast array of software, platforms, and hardware in environments today. which enables applications to communicate with one another no matter where the applications are located or who developed them.
Common Object Request Broker Architecture (CORBA) is an open object-oriented standard architecture developed by the Object Management Group (OMG). It provides interoperability among the vast array of software, platforms, and hardware in environments today. CORBA enables applications to communicate with one another no matter where the applications are located or who developed them.
559
Mobile Code Code that can be transmitted across a network, to be executed by a system or device on the other end, is called mobile code. ______ ______ is an object-oriented, platform-independent programming language. It is employed as a fullfledged programming language and is used to write complete programs and small components, called ______, which commonly run in a user’s web browser. ______ is a Microsoft technology composed of a set of OOP technologies and tools based on ______ and ______. A programmer uses these tools to create ______ controls, which are self-sufficient programs (similar to ______) that can be executed in the Windows environment.
Mobile Code Code that can be transmitted across a network, to be executed by a system or device on the other end, is called mobile code. Java Applets Java is an object-oriented, platform-independent programming language. It is employed as a fullfledged programming language and is used to write complete programs and small components, called applets, which commonly run in a user’s web browser. ActiveX is a Microsoft technology composed of a set of OOP technologies and tools based on COM and DCOM. A programmer uses these tools to create ActiveX controls, which are self-sufficient programs (similar to Java applets) that can be executed in the Windows environment.
560
Databases come in several types of models, as listed next:?
``` Databases come in several types of models, as listed next: • Relational • Hierarchical • Network • Object-oriented • Object-relational ```
561
The most commonly used implementation of the ______ model is in the Lightweight Directory Access Protocol (LDAP) model.
The most commonly used implementation of the hierarchical model is in the Lightweight Directory Access Protocol (LDAP) model.
562
______ is a process of interactively producing more detailed versions of objects by populating variables with different values or other variables. It is often used to prevent inference attacks.
Polyinstantiation is a process of interactively producing more detailed versions of objects by populating variables with different values or other variables. It is often used to prevent inference attacks.

MINE (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions