401/501 Study Guide Flashcards
What Port is DNS?
53
CIA Triad
C - Confidentiality
I - Integrity
A - Availability
**These three are EQUALLY as important
When information remains true to the creators intent
Integrity
What are some common network applications that use UDP?
- Domain Name System (DNS)
- Streaming media…like IPTV
- Voice over IP (VoIP)
- Trivial File Transfer Protocol (TFTP)
- Many online games
Information conforms to reality
Authenticity
According to 1000 Foot View, what are the core principles of IA?
Confidentiality, Availability, Authenticity, Authorized Use, Privacy, Non-Repudiation, Utilization, Possession, Integrity
When information is fit for a purpose and in a usable state
Utilization
Only authorized personnel may access cost incurring services
Ex.) toll-fraud prevention
Authorized Use
What are the Five DIACAP Activities?
- Initiate & Plan IA C&A
- Implement & Validate assigned IA Controls
- Make Certification Determination & Accreditation Decision
- Maintain Authorization to Operate & Conduct Reviews
- Decommission
When only authorized personnel may disclose or observe information
Confidentiality
When the originator of message or transaction may not later deny action
Non-Repudiation
What does DIACAP stand for?
Department of Defense Information Assurance Certification Accreditation Processes
What Port is HTTP?
80
What layer of the OSI Model Diagram provides end-to-end data transmission integrity?
Transport
Who invented the one-time password?
Gilbert Vernam
Called it the “Vernam Cipher”
1917
*a simpler message-based connectionless protocol
Communication is achieved by transmitting information in one direction from source to destination without verifying the readiness or state of the receiver
- connectionless protocols do not set up a dedicated end-to-end connection
User Datagram Protocol (UDP)
What layer of the OSI Model Diagram establishes, maintains and manages sessions?
For example~ the synchronization of data flow
Session
What is Port 110?
POP3
What does OSI stand for?
Open Systems Interconnection
What are the 7 levels of the OSI Model Diagram?
7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical
What layer of the OSI Model Diagram provides data representation between systems?
Presentation
What layer of the OSI Model Diagram provides transfer of information units to the other end of the physical link?
Data Link
What Port is HTTPS?
443
An attack in which the attacker sends a large number of connection or information requests to overwhelm and cripple a target
Denial-of-Service (DoS) attack
What Port is LDAP?
389
The process of using social skills to convince people to reveal access credentials or other valuable information to the attacker
Social engineering
When information is ready for use within stated operational parameters
Availability
The industry standard for computer security since the development of the mainframe.
Known as the Holy Trinity of IA
~based on 3 characteristics that describe the utility of information.
C.I.A. Triad
Based on confidentiality, integrity, and availability
A self-replicating computer program that uses a network to send copies of itself to other nodes, and it may do so without any user intervention. It does not need to attach itself to an existing program
Worm
What hackers do – The Five Phases of Hacking
Phase 1 - Reconnaissance Phase 2 - Scanning Phase 3 - Gaining Access Phase 4 - Maintaining Access Phase 5 - Covering Tracks
Methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits
Biometrics
Software designed to infiltrate a computer without the owner’s informed consent
Malware
-short for malicious software
An attack in which a coordinated stream of connection requests is launched against a target from many locations at the same time
ie. Black Friday, Cyber Monday, Super Bowl Sunday
Distributed Denial-of-Service (DDoS) attack
A bit pattern that defines which portion of the 32 bits represents a subnet address
Subnet Mask
What Port is FTP?
20, 21
This can provide a two-factor authentication method because the user may have to enter a PIN. This means the user must provide something she knows and something she has
Smart card
What is Port 143?
IMAP4
What are the Access Control Methods?
- Implicit deny
〰 First answer is no - Least privilege
〰 Only permissions they need - Separation of duties
〰 Avoid “collusion” - Job rotation
A protected string of characters that is used to authenticate an individual
Password
What layer of the OSI Model Diagram transmits bit stream on a physical medium?
Physical
What is Port 119?
NNTP
What are the Access Control Models?
Mandatory Access Control (MAC)
&
Discretionary Access Control (DAC)
Human readable text
Plaintext
What layer of the OSI Model Diagram switches & routes information units?
Network
What Port is SSH?
22
The three tenants of Authentication
⭐️ Something a person knows (password)
⭐️ Something a person has (smartcard)
⭐️ Something a person is (fingerprint)
⭐️⭐️⭐️any 2 of these = Strong Authentication
Malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user’s computer system
Trojan Horse
What is Port 25?
SMTP
Difference between MAC & DAC
〰MAC〰
⚡️ inflexible, predefined
⚡️ labor intensive
A program that searches out other programs & infects them by embedding a copy of itself. When the infected program executes, it is also executed, which begins the infection
Virus
Group policies, Password policies, User names & passwords, Time of day restrictions, Account expiration, ACLs and Logical tokens are all a part of what?
Logical Access Control
An authentication protocol that challenges the system to verify identity.
Also, it’s an improvement over PAP
CHAP
Challenge Handshake Authentication Protocol
In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet access provider.
CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network.
Microsoft has implemented a variant of the Challenge-handshake authentication protocol, called MS-CHAP, which does not require either peer to know the plaintext.
What Port is Kerberos?
88
Privilege escalation, Spyware, Weak passwords, Back doors, Adware, Default accounts and Rootkits are all different types of what?
Vulnerabilities & mitigations associated with network devices
⭐️ System Security Threats
What layer of the OSI Model Diagram provides specific services for applications, such as file transfer?
Application
What is Port 23?
Telnet
Role Based Access Control vs. Rule Based Access Control
✨ Role based access control
〰Job Function = Role(s)
〰Roles are assigned permissions
✨ Rule based access control
〰Ex : Allow * or Deny *
Authenticity is necessary to be able to do what?
To ensure that the users or objects (like documents) are genuine & that they have not been forged or fabricated
For example: Authentication breech can occur when a user’s login id and password is used by un-authorized users to send un-authorized information.
What class of network is 201.168.10.32?
Class C
This is also called a dynamic password. It is used for authentication purposes and is only good once
One-Time password
One-Time pad
When a hacker has a collection of these compromised systems, it is referred to as a __________.
Botnet
〰 a network of bots
Substitution Cipher
a method of encryption in which units of plaintext are replaced with ciphertext according to a regular system.
Transposition Cipher
a method of encryption by which the positions held by units of plaintext are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext
IA vs. IS
Information assurance is closely related to information security and the terms are sometimes used interchangeably.
IA is best thought of as a superset of information security
IA is interdisciplinary and draws from multiple fields, including accounting, fraud examination, forensic science, management science, systems engineering, security engineering, and criminology, in addition to computer science.
IA’s broader connotation also includes reliability and emphasizes strategic risk management over tools and tactics.
In addition to defending against malicious hackers and code (e.g., viruses)
IA includes other corporate governance issues such as privacy, compliance, audits, business continuity, and disaster recovery.
Differences between TCP & IP
☝️ TCP operates at a higher level
❗️concerned with only two-end systems
i.e. a Web browser and a Web Server
☝️ IP handles lower level transmissions from computer to computer as a message makes its way across the Internet
Protect personal privacy and adhere to relevant privacy compliance requirements
Privacy
Encrypted or machine readable text
Ciphertext
When information remains in the custody of authorized personnel
Possession
Who has access?
A cornerstone in the foundation of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. The controls that enforce access control can be technical, physical, or administrative in nature.
TCP/IP
Transmission Control Protocol - TCP
What are some ways you can identify & authenticate who is connecting?
RADIUS
(Remote Authentication Dial In User Service)
Firewall Terms
Firewall types
What Port is TFTP?
69
Kerberos
-the way that Windows operates
user requests access to service running on a different server
-KDC authenticates user and sends a ticket to be used between the user and the service on the server
-
UDP
A simpler message-based connectionless protocol (no handshake)
● Connectionless protocols do not set up a dedicated end-to-end connection
● Communication is achieved by transmitting information in one direction from
source to destination without verifying the readiness or state of the receiver
● Streaming videos, games
● Common network applications that use UDP include:
o Domain Name System (DNS)
o Streaming media applications such as IPTV o Voice over IP (VoIP)
Which of the following are capable of functioning as a Firewall? Choose two. Proxy Router PC Switch
Proxy service as well as the Router is both capable of Network Address translation (NAT) which is the basic function of a firewall.
Subnetting
using the subnet mask value to divide a network into smaller components. This gives you more networks but a smaller number of hosts available on each.
o Subnetting uses bits from the node portion of the host address to create the additional networks, and there are two primary reasons for using it:
1. To use IP addresses more effectively
2. To make the network more secure and manageable
• It accomplishes the latter by confining traffic to the network that it needs to be on, reducing overall network traffic and creating more broadcast domains, thus reducing the range of network-wide broadcast traffic.
Web security gateway
A web security gateway and a unified threat management appliance both combine multiple security controls into a single appliance. They can inspect data streams and often include URL filtering, malware inspection, and content inspection components.
Private IP Addresses
Class Beginning address Ending address Class A 10.0.0.0 10.255.255.255 Class B 172.16.0.0 172.31.255.255 Class C 192.168.0.0 192.168.255.2
Protocols
our agreedupon method of communication
Rules for communication
Often part of a protocol suite or framework Described by their functions and interactions Protocols need to talk to other protocols
Firewalls
Hardware-based network firewall inspects packets
–Can either accept or deny packet entry
–Usually located outside network security perimeter
Firewall actions on a packet
-Allow (let packet pass through)
–Block (drop packet)
–Prompt (ask what action to take)
Elements of a secure network design
-Demilitarized zones
–Subnetting
–Virtual LANs
–Remote access
Demilitarized Zone
~Separate network located outside secure network perimeter
•Untrusted outside users can access DMZ but not secure network
Subnetting
IP address may be split anywhere within its 32 bits
•Network can be divided into three parts
–Network
–Subnet
–Host
•Each network can contain several subnets
•Each subnet can contain multiple hosts
Port 7
Echo
❖ TCP or UDP
❖ Testing round trip times between hosts
Types of security hardware logs
NIDS, NIPS, DNS, proxy servers, and firewalls
Log analysis
-Log records events that occur
–Monitoring logs can be useful in determining how attack occurred
–System logs and security application logs
–Network security logs
Firewall log items to be examined
-IP addresses rejected and dropped –Probes to ports that have no application servers on them –Source-routed packets –Suspicious outbound connections –Unsuccessful logins
System events log record:
-Client requests and server responses
–Usage information
–Account information
–Operational information
Benefits of monitoring system logs:
-Identify security incidents, policy violations, fraudulent activity
–Provide information shortly after event occurs
–Provide information to help resolve problems
–Help identify operational trends and long-term problems
–Provide documentation of regulatory compliance
