Chapter 7 Host, Data and Application Security Flashcards
Relational Database
pg.216
most common approach to database implementation. Technology allows data to be viewed in dynamic ways based on the users or administrator’s needs
One-Tier Model or Single-Tier environment
pg.216
database and the application exist on a single sytem
Two-Tier Model
pg.217
Two-tier Model the client workstation or system runs an application that communicates with the database that is running on a different server
Third-Tier Model
pg.217
effectively isolates the end user from the database by introducing a middle term/third-tier model. Accepts clients requests from clients, evaluates them, and sends them back
No SQL
pg.217
More servers on for database management. . Its relatively a new concept.
Big data
pg.218
organizations have to store extremely large amounts of data, often many terabytes
SAN
pg.218
storage are network as a separate network set up to appear as a server to the main organizational network
Fuzzing
pg.
the technique of providing unexpected values, numerical values as input to an application in order to make it crash
Secure Coding
pg.218
can best prevent many attack. Cross site scripting and SQL injection
OWASP
pg.219
Open Web Application Security Project is a voluntary group dedicated to forming secure coding practices for web based applications as well as mobile and client applications along the back end design issues. Organization has a range of coding standards, most fundamental is security validation
Cert Secure Coding Standards
pg.219
Computer Emergency Response Team (cert) at Carnage Mellon University also details standards for coding
Baselining
pg.219
involves comparing performance to a metric. Can be done with any metric such as a network performance or CPU usage as well as with applications
Metric
pg.219
a historical measure that you can point to and identify as coming before a configuration change
Hotfix
pg.220
an immediate and urgent patch. Applied to the system
Patch
pg.220
provides some additional functionality or a non urgent fix
Service Pack
pg.220
are a cumulative assortment of the hotfixes and patches to. Always tested first before being applied
Permissions
pg.220
the most basic aspect of security
Full control
pg.220
user can only read, execute and write and can also assign permissions to other uses
Modify
pg.221
Is the same as read and write. with delete added
Read and Execute
pg.221
not all files are documents so the read and execute programs
Read
pg.221
the user can read but not to modify the file
Write
pg.221
allows permission to modify the file
Anti-virus
pg.221
Access and Control, authentication and authorization should be installed on workstations and servers. Actively monitoring of incoming files, scans should be conducted regularly
Antispam filters
pg.221
are needed to keep the majority of this unwanted email from reaching the users
Firewall
pg,222
first line of defense against attackers and malware.
Security baseline
pg.226
defines the level of security that will be implemented and maintained for your organization
Performance baseline
pg.227
provides the input needed to design, implement and support a secure network
Filters
pg.228
allow you to limit the traffic to only that which is requested for your business can help ward off attacks
FTP services
pg.229
aren’t intended for high security applications because of their inherent weaknesses
Domain Name Service Denial of Service Attacks
pg.230
primarily aimed at DNS servers intended to disrupt the operations of servers making the system unusable
Foot printing
pg.230
the act of gathering data about a network int order to find ways that someone might intrude
Full Back up
pg.233
all changes to the data are archived
Differential Backup
pg.233
all changes since the last full back up are archived
Incremental Back up
pg.233
All changes since the last backup of any type are archived
Geo-Tagging
pg.236
allows GPS coordinates to accompany a file such as an image
Application White Listing
pg.236
are lists of those items that are allowed . Applications are approved and accepted on your network
Data Loss Prevention
pg.236
Monitors the content of systems to make sure that key content is not deleted or removed
Trusted Platform Module
pg.237
used to assist with hash key generation.assigned to a chip that can store cryptographic keys. passwords or certificates