Chapter 9 Flashcards
an initiative by the DHS to facilitate the open and free exchange of IOCs and other cyberthreat information between the US fed and the private sector in an automated and timely manner
Automated indicator sharing (AIS)
an observable along with a hypothesis about a threat
indicator
an identified face of occurrence, such as the presence of a malicious file
observable
which organization manages AIS?
National Cybersecurity and Communications Integration Center (NCCIC)
6 technical mechanisms implemented via architecture
layering
abstraction
data hiding
trusted recovery
process isolation
hardware segmentation
the chip that governs all major operations; can perform a limited set of logical and computational operations
CPU
handling two or more tasks simultaneously; a single core CPU is still only executing a single process at a time but is able to “juggle” multiple tasks for the user.
multitasking
the CPU contains multiple independent execution cores that can operate simultaneously and independently
Multicore
harnessing the power of more than one processor to complete the execution of a multithreaded application
Multiprocessing
when multiprocessor systems assign or dedicate a process or execution threat to a specific CPU
affinity
when multiprocessor systems assign or dedicate a process or execution threat to a specific CPU
affinity
pseudo-simultaneous execution of two tasks on a single processor; batches or serializes multiple processes. This method delays each individual task, but across all processes in the batch total time is reduced.
multiprogramming
multiple concurrent tasks are performed within a single process; often used in applications where frequent context switching between active processes causes excessive overhead
multithreading
an OS model that organizes code and components in to concentric rings, where the deeper inside you go the higher privilege level is associated with the code
protection rings
the part of an OS that always remains resident in memory so that it can run on demand at any time
kernel
which ring does the kernel reside on?
Ring 0
which ring do somewhat privileged things like I/O drivers and system utilities?
Ring 2
where do applications and peripheral devices reside?
the outermost ring
which ring runs in user mode?
Ring 3 (outermost ring)
which rings run in supervisory or privileged mode?
Rings 0-2
5 process states
ready
running
waiting
supervisory
stopped
which process state is when the process executes on the CPU?
Running or problem
which state is when a process is ready to resume or being processing?
Ready
what state is when a process is ready for continued execution but is waiting for I/O to be serviced?
waiting
what state is when a process must perform an action that requires higher privileges?
supervisory mode
what state is when a process finishes or must be terminated?
stopped
the hardware component that is a storage bank for information that the computer needs to keep readily available
memory
memory the system can read but can’t change, contents are usually burned in at the factory
ROM - Read-Only Memory
which part of memory includes the POST series of diagnostics that run on boot?
ROM - Read Only Memory
this kind of ROM isn’t burnt in at the factory, but incorporates special functionality that allows an end user to burn in the chip’s content later. Afterwards it cannot be altered
PROM - Programmable Read-Only Memory
this kind of ROM can be programmed and erased with ultraviolet light
UVEPROM - UV Erasable Programmable Read-Only Memory
this kind of ROM can be programmed and erased with electronic volatage
EEPROM - electronically erasable programmable read-only memory
a nonvolatile form of storage media that can be electronically erased and rewritten in blocks or pages. widely used on memory cards, thumb drives, mobile devices, and SSDs
flash memory
readable and writable memory that is retained only when power is continuously supplied to it
RAM - Random Access Memory
the largest RAM storage resource made of a number of dynamic RAM chips, must be refreshed by the CPU on a periodic basis
Real memory, main memory, or primary memory
this type of RAM contains an onboard cache of extremely fast memory used to hold data on which it will operate
cache RAM
this kind of RAM uses a series of capacitors to hold either a charge (1) or no charge (0)
dynamic RAM
this kind of RAM uses a logical device known as a flip-flop, which is basically a switch that gets moved to the on/off position to represent 1 or 0. the CPU does not need to check this RAM to make sure the positions of these flip-flops do not change, so there is no CPU overhead.
Static RAM
memory onboard a CPU that provides it with directly accessible memory locations that the ALU uses when performing calculations
registers
the brain of the CPU
Arithmetic-logical unit (ALU)
this memory addressing scheme refers to one of the registers
register addressing
this scheme refers to data that is supplied to the CPU as part of an instruction - it is not really an addressing scheme since the information does not need to be retrieved from a memory location
Immediate Addressing
this type of addressing scheme is the actual address of the memory location
direct addressing
this addressing scheme directs the CPU to a memory address that contains another memory address.
Indirect Addressing
this addressing scheme uses a value stored in one of the CPU’s registers or pointers as the base location from which to begin counting
Base+Offset Addressing
this type of memory is magnetic, optical, or flash-based media that contain data not immediately available to the CPU
Secondary Memory
this type of memory is used to expand the addressable space of real memory
virtual memory
this kind of memory is used to store information that may by used by a computer any time after it’s written
data storage devices
the type of memory that will lose data quickly or when power is lost
volatile
an attack that freezes the memory chips to delay the decay of resident data when the system is turned off
cold boot attack
safeguards used to protect against emanation attakcs
TEMPEST
malicious code embedding itself into UEFI, BIOS, or firmware
phlashing
a single computer contains multiple processors that are threated equally and controlled by a single OS
symmetric multiprocessing (SMP)
a single computer contains multiple processors that are threated equally and controlled by a single OS
symmetric multiprocessing (SMP)
a computer having multiple processors that are operating independently of one another with its own OS, data bus, and memory resources
Asymmetric multiprocessing (AMP)
many AMP systems are linked together for computationally intensive tasks
massive parallel processing (MPP)
a form of parallel distributed processing that loosely groups a significant number of processing nodes into a grid
grid computing
what is the biggest security concern with grid computing?
grid computing projects are open to the world, so they are not able to maintain secrecy and protect private or proprietary data
networking and distributed application solutions that share tasks and workloads among peers
Peer-to-peer (P2P)
device that controls industrial processes and machines
industrial control system (ICS)
which committee is maintaining guidlelines for securing ICS?
ISA99 - integrated into the IEC
a collection of individual systems that work together to support a resource or provide a service
distributed system, distributed computing environment (DCE)
a collection or ledger of records, transactions, operations, or other events that are verified using hashing, timestamps, and transaction data. each time a new element is added the whole ledger is hashed again
blockchain
methods to secure DCE
homomorphic encryption
MFA
methods to secure DCE
homomorphic encryption
MFA
the concept that once information has been converted into a binary form and stored, it is subject to the laws of the country within which the storage device resides
data sovereignty
computing platforms designed to perform complex calculations at extremely high speeds
High performance computing (HPC)
data and the compute resources are located as close as possible in order to optimize bandwidth use while minimizing latency
edge computing
sensors, IoT devices, or edge devices collect data and transfer it back to a central location for processing. the processing location is in the LAN
fog computing
devices that offer a computational means to control something in the physical world
cyber-physical devices
the concept that a server never changes once it is deployed
immutable architecture
native or bare-metal hypervisor
type I
a hosted hypervisor
type II hypervisor
when an organization deploys numerous VMs without an orveraching IT management or security plan in place
VM sprawl
numerous underutilized servers are operating in the server room taking up space and electricity
server sprawl
eliminating the duplication of OS elements in a VM; each application is placed into a container that includes only the actual resources needed to support the enclosed application
containerization
the platform or server is managed by the cloud service provider (CSP)
serverless architecture
an attack in which attacker gains access to a system and makes small, random, changes to data during storage, processing, input, output or transaction rather than altering file contents
data diddling
