Chapter 8 Flashcards
What is the idea of employing multiple layers of controls to avoid a single-point-of-failure?
Defense-In-Depth. Foir example - using not only firewalls but also multiple authentication methods (passwords, tokens, and biometircs)
ExplAin the time-based model of security
Implementing a combination of preventive, detective, and cocrective controls that protect information assets long enough to enbale an organization to recognize tht an attack is occuring and take steps to thwart it before any information is lost or compromised.
Explain the P > D+C model in time-based security
P = Time is takes an attacker to break through an organization’s preventive controls. D is the time it takes to detect that attack is in prgress. C is the time it takes to respont and take corrective action, if P> D + C, then we good
Basic steps used by criminals to attack system?
- Conduct reconnaisance (learn as much as possible to identify weknesses)
- Attempt social engineering (deception to gain unauthorizaed access to information.
- Scan and map the target (if socialk engineeing didnt work, do more recon ton find potential points of remtoe entry)
- Research - (once identified targets, conduct research to see what programs sued, then find weaknesses)
- Execute attack
- Cover the tracks (create “back dorrs” that can be sued to obtain access if initial attack is discovered
See table 8-1 p. 233 for a summary of predictive, detective, and corrective IS controls
See table 8-1 p. 233 for a summary of predictive, detective, and corrective IS controls
Examples of social engineering
over telephone (pretending to be an employee), spear phishing (sending e-mails as a relative and the employee opens a link to a virus), spreading USB’s around the driveway
NIC’s are
Network Interface Cards - Unique identifiers on printers, workstations, or any computing device. They connects to the organizations internal network.
A ___ ___ matrix is often used to implement authorization controls
Access control matrix - see figure 8-4 p 237. It should be updated regularly to reflect changes in job duties due to promotions or transfers, so a n employee wont accumulate rights and privileges not right for segregation
What is the compatibility test
matching user’s authentication credentials against the access control matrix to determine
Preventive Controls in regards to people?
Creation of a “securty-aware” culture
Training
a limit check would be a
corrective control
three types of credentials to uniquely identify users
- biometic indentifiers
- smart cards or ID badges
- PIN’s and Passwords
preventive controls from training people consists of
teaching people things like never divulging passwords, no piggybacking (letting people in), , teaching senior employees new things about teachnology. However, security training will only be effective if management clearly demonstrates that it supports employees who follow prescribed policies.
Multifactor authentication vs multimodal authentication
Multifactor - used two or more TYPES of authentication in conjunction.
Multimodal - use the same type to achieve a greater level of security
Authentication vs. Authorization
Authentication - Verifying the
identity of the person or device attempting to access the
system.
Authorization - the process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform.
efficiency.
Like authentication controls, authorization controls can and should be applied not only
to people but also to devices. For example:
“example, including MAC addresses or digital certificates in the access control matrix makes it possible to restrict access to the payroll system and payroll
master files to only payroll department employees and only when they log in from their desktop or assigned laptop computer.”
What is malware?
Malware (e.g., viruses, worms, keystroke logging software, etc.) is a major threat. Malware
can damage or destroy information or provide a means for unauthorized access.
What might one be able to do with physical access to workstations?
“a keystroke logging device that captures a user’s authentication credentials,
thereby enabling the attacker to subsequently obtain unauthorized access to the system by
impersonating a legitimate user. Someone with unsupervised physical access could also insert
special “boot” disks that provide direct access to every file on the computer and then copy
sensitive files to a portable device such as a USB drive or an iPod. Alternatively, an attacker
with unsupervised physical access could simply remove the hard drive or even steal the entire computer.”
Encryptions should be used for transmissions and ____ ___
data storage
Define “Change control and change management”
the formal process used to ensure that modifications to hardware, software,
or processes do not reduce
systems reliability.
Log analysis is the process of examining logs to idnetify evidence of possible attacks. It is especially important to analyze
failed attempys to log on / changes to the logs themsevles since they are not normally deleted or updated
Intrustion Detection Systems (IDS) are
a system that creates
logs of all network traffic that
was permitted to pass the firewall and then analyzes those logs for signs of attempted or
successful intrusions.
the team that deals with major security incidents are the
Computer Incident Response Team (CIRT)
- Recognition
- Containment
- Recovery
- Follow-up -
Steps may need to be taken to modify existing security policy and procedures to minimize the likelihood of a similar incident occurring in the future.
Describe the CISO
who should be independent of other information
systems functions and should report to either the chief operating officer (COO) or the chief
executive officer (CEO). The CISO must understand the company’s technology environment
and work with the chief information officer (CIO) to design, implement, and promote sound
security policies and procedures. The CISO should also be an impartial assessor and evaluator of the IT environment. Accordingly, the CISO should have responsibility for ensuring
that vulnerability and risk assessments are performed regularly and that security audits are
carried out periodically.
