Chapter 11 - Controls For Information Security Flashcards
What is the time-based model of information security?
P > D + R, where P = the time it takes an attacker to break through the various controls that protect the organization’s information assets, D = the time it takes for the organization to detect that an attack is in progress, and R = the time it takes to respond to and stop the attack.
What is defense-in-depth?
Employing multiple layers of control to avoid a single point-of-failure.
What is multifactor authentication?
The use of two or more types of authentication credentials in conjunction.
What is multimodal authentication?
The use of multiple authentication credentials of the same type.
What is the access control matrix?
A table used to implement authorization controls.
What is a compatibility test?
Matching the user’s authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action.
What is a border router?
A device that connects an organization’s information system to the Internet.
What is a firewall?
A special-purpose hardware device or software running on a general-purpose computer that controls both inbound and outbound communication between the system behind the firewall and other networks.
What is the demilitarized zone?
A separate network located outside the organization’s internal information system that permits controlled access from the internet.
What is a router?
A special purpose device designed to read the source and destination address fields in IP packet headers to decide where to send the packet next.
What are action control lists?
Sets of if-then rules used to determine what to do with arriving packets.
What is packet filtering?
A process that uses various fields in a packet’s IP and TCP headers to decide what to do with the packet.
What is deep packet inspection?
A process that examines the data in the body of a TCP packet to control traffic, rather than looking only at the information in the IP and TCP headers.
What are intrusion prevention systems?
Software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks.
What are endpoints?
Collective term for the workstations, servers, printers, and other devices that comprise and organization’s network.