Chapter 9- Security Vulnerabilities, Threats and Countermeasures Flashcards
- Explain Ultraviolet EPROMs (UVEPROMs):
UVEPROMs can be erased by light. After this is done, end users can burn new information into the UVEPROM as if it has never been programmed before.
- Explain Electronically Erasable Programmable Read-Only Memory (EEPROM).
Electronically Erasable Programmable Read-Only Memory (EEPROM) uses electronic voltages delivered to the pins of the chip to force erasure.
- Define Flash Memory
flash memory is a derivative concept from EEPROM.EEPROM must be fully erased to be rewritten whereas flash memory can be erased and written in blocks or pages.
- Explain Electronically Erasable Programmable Read-Only Memory (EEPROM).
Electronically Erasable Programmable Read-Only Memory (EEPROM) uses electronic voltages delivered to the pins of the chip to force erasure.
- Define Flash Memory
flash memory is a derivative concept from EEPROM.EEPROM must be fully erased to be rewritten whereas flash memory can be erased and written in blocks or pages
- Define Flash Memory
flash memory is a derivative concept from EEPROM.EEPROM must be fully erased to be rewritten whereas flash memory can be erased and written in blocks or pages
- A common type of flash is
NAND Flash.
- Uses of flash memory
Flash Memory is used in memory cards, thumb drives, mobile devices and SSD (Solid state drives)
- Explain Random Access Memory (RAM)
RAM is readable and writable memory that contains information a computer uses during processing. It I a temporary storage that losses data when powered off.
- Types of RAM
Real Memory, Cache RAM
- Explain Real Memory
Composed of a number of dynamic RAM chips, must be refreshed by the CPU on a periodic basis
- Explain Cache RAM
this involves the improvement of performance by taking data from slower devices and temporarily storing it on faster devices when repeated use is likely.
- Explain Real Memory
Composed of a number of dynamic RAM chips, must be refreshed by the CPU on a periodic basis
- Explain Cache RAM
this involves the improvement of performance by taking data from slower devices and temporarily storing it on faster devices when repeated use is likely.
- Explain Registers
this are limited amount of on board memory that are included on the CPU. It provides the CPU with directly accessible memory locations that the Arithmetic and Logical Unit (ALU) uses when performing calculations or processing instructions.
- Explain Memory Addressing
- Explain Memory Addressing: Memory Addressing occurs when using memory resources, the processor must have some means of referring to various locations in memory.
- List 5 addressing schemes
Memory Addressing Immediate Addressing Direct Addressing Indirect Register Addressing Base+Offset Addressing
- Define Register Addressing
when CPU needs information from one of its registers to complete an operation, it uses a register address
- Define immediate addressing
this is a way of referring to data that is supplied to the CPU as part of an instruction.
- Define Direct addressing
In Direct addressing the CPU is provided with an actual address of the memory location to access
- Define Indirect Addressing
For indirect addressing, memory address contains another memory address. The CPU reads the indirect address to learn the address where the desired data resides and then retrieves the actual operand from that address.
- Define Base+Offset Addressing
Base+Offset addressing uses a value stored in one of the CPU’s registers as the base location from which to begin counting.
- What is Secondary Memory:
Secondary Memory is a term commonly used to refer to magnetic, optical or flash-based media or other storage devices that contain data not immediately available to the CPU. It is cheap
- List some types of secondary memory
Hard disks Flash drives Optical media eg compact disks (CD) Digital Versatile Disks (DVD) Blu-ray Virtual Memory
- Explain Virtual Memory
Virtual Memory is a special type of memory that the OS manages to make look and act like real memory.
- The most common type of virtual memory is:
the pagefile
- Explain pagefile
Pagefile is a type of virtual memory. Most operating systems manage it as part of their memory management function
Explain Primary vs secondary storage
Primary memory means primary storage and refers to the RAM. Secondary storage consists of magnetic and optical media such as HDD, SSDs, flash drives, magnetic tapes, CDs, DVDs, flash memory cards, and the like.
- Explain the term volatility of memory
the volatility of storage refers to a measure of how likely it is to lose data when it is turned off. Devices designed to retain their data (such as magnetic media) are classified as non-volatile, whereas devices such as static or dynamic RAM modules, which are designed to lose their data, are classified as volatile.
- Define random access storage:
: the volatility of storage refers to a measure of how likely it is to lose data when it is turned off. Devices designed to retain their data (such as magnetic media) are classified as non-volatile, whereas devices such as static or dynamic RAM modules, which are designed to lose their data, are classified as volatile.
- Explain sequential storage devices
: the require that you read all the data physically stored prior to the desired location. E.g. magnetic tape, to provide access to the data stored in the middle of tape, the drive must physically scan through the entire tape until it reaches the desired point. It is slower than RAM, cheap and can hold massive data. Used for backup.
Explain Data Remanence:
data may remain on secondary storage devices even after it has been erased.
- Explain wear levelling
In SSDs wear levelling means that there are blocks of data that are not marked as live but that hold a copy the data when it was copied off to lower wear levelled blocks. Therefore traditional zero wipe is not effective for SSDs
- Disadvantage of secondary storage
Data may remain on the secondary storage
Secondary storage are prone to theft
Easy access to data
Unsure availability
Explain the risk posed to monitors
TEMPEST can compromise the security data displayed on a monitor. Cathode Ray Tube (CRT) monitors care prone to radiate significantly., Liquid Crystal Display (LCD) monitors leak much less
- Explain the compromise from TEMPEST
TEMPEST is a technology that allows the electronic emanations that every monitor produces (known as Van Eck radiation) to be read from a distance (this process is known as Van Eck phreaking) and even from another location. The technology is also used to protect against such activity
Explain Shoulder Surfing
Shoulder Surfing is a concept that someone can see what is on your screen with their eyes or video camera. It is a concern for desktop displays, notebook displays, tablets and mobile phones
- Explain the vulnerability around the use of printers
depending on physical security it may be possible to work out of a building with sensitive information
- How can you secure a printer
use of encrypted data transfer and authentication before printer interaction.
- Explain Keyboard/ Mice vulnerability
Keyboard and mice are vulnerable to TEMPEST monitoring, keyboards are vulnerable to less sophisticated bugging. A simple device can be placed inside a keyboard or along its connection cable to intercept all the keystrokes that take place and transmit them to a remote receiver using a radio signal. This has the same effect as TEMPEST monitoring but can be done with much less expensive gear. Additionally, if your keyboard and mouse are wireless, including Bluetooth, their radio signals can be intercepted
- Explain the vulnerability of using modems
Modems allow users to create uncontrolled access points into your network
- What is firmware
Firmware is a term that is used to describe the software that is stored in a ROM chip. This type of software hardly changes, and it drives the basic operation of a computing device.
- List 2 types of Firmware:
Firmware is a term that is used to describe the software that is stored in a ROM chip. This type of software hardly changes, and it drives the basic operation of a computing device.
- BIOS full name
Basic Input Output System
- What is BIOS
Basic Input Output System (BIOS) contains the operating system i.e. the independent primitive instructions that a computer needs to start up and load the operating system from disk. In most computers, BIOS is stored on the EEPROM chip to facilitate version updates
- Explain the term flashing the BIOS
this is the process of updating the BIOS.
What is phlashing
phlashing is an attack in which a malicious variation of official BIOS or firmware is installed that introduces remote control or other malicious features into a device
- What do you understand by UEFI
Unified Extensible Firmware Interface (UEFI) hav replaced traditional BIOS. It is a more advance interface between hardware and the operating system which maintains support for legacy BIOS services.
- What is client-based vulnerability
Client based vulnerability place the user, their data and their system at risk of compromise or destruction. A client-side or client-focused attack is one where the client itself, or a process on the client, is the target
- What are applets
Applets are code objects sent from server to client to perform some actions. They execute independently of the server that sent them
- Two types of applets are
Java applets and ActiveX Controls
- What are Java Applets
Java is a platform-independent programming language developed by Sun Microsystems (now owned by Oracle). Most programming languages use compilers that require the use of multiple compilers to produce different versions of a single application for each platform it must support. Java overcomes this limitation by inserting the Java Virtual Machine (JVM) into the picture.
- What are ActiveX Controls
Active X controls are Microsoft’s answer to Sun’s java Applets. hey are implemented using a variety of languages, including Visual Basic, C, C++, and Java. There are two key distinctions between Java applets and ActiveX controls. First, ActiveX controls use proprietary Microsoft technology and, therefore, can execute only on systems running Microsoft browsers. Second, ActiveX controls are not subject to the sandbox restrictions placed on Java applets.
- What are local caches
Local cache is anything that is temporarily stored on the client for future reuse.
- List some local cache on a client
Address Resolution Protocol (ARP) cache, Domain Name System (DNS) cache, and internet files cache.
- What is ARP cache Poisoning
This is caused by an attack responding to Address Resolution Protocol (ARP) broadcast queries in order to send back falsified replies. If the false reply is received by the client before the valid reply, then the false reply is used to populate the ARP cache and the valid reply is discarded as being outside an open query.
- What is data flow
Data Flow is the movement of data between processes, devices, across a network or over communications channels
- List the advantages of management of data flows
efficient transmission with minimal delays or latency. Ensures reliable output using hashing and confidentiality protection with Encryption. Helps prevent overload of traffic that causes denial of service.
- What are load balancers used for
? Load balancers are used to spread or distribute network traffic load across several network links or network devices. It may be used to provide more control over data flow. To obtain more optimal infrastructure utilization, minimize response time, maximize throughput (output), reduce overloading and eliminate bottlenecks.
- Load Balancing techniques to perform load distribution are:
random choice, preferencing, round robin and load/utilization monitoring.
- Disadvantage of Data Load Balancing:
Denial of service attack is a severe detriment to data flow control.
- What is aggregation:
SQL provides a number of functions to combine records from one or more table to provide potentially useful information.
- Explain the security vulnerability of aggregation:
Aggregation attacks are used to collect numerous low level security items or low value items and combine them to create something of a high security level or value. For this reason, it’s especially important for database security administrators to strictly control access to aggregate functions and adequately assess the potential information they may reveal to unauthorized individuals.
- What is Inference
Inference attacks involve the combining of several pieces of non sensitive information to gain access to information that should be classified at a higher level. Inference makes use of the human mind’s deductive capacity rather than the raw mathematical ability of modern database platforms.
What is data dictionary
Data Dictionary is commonly used for storing critical information about data, including usage, type sources and relationships and format.
The Database Management System software reds the data dictionary to determine access rights for users attempting to access data.
- Explain Data Mining
Data Mining Techniques allow analysts to comb through data warehouses and look for potential correlated information. Data Mining techniques result in the development of data models that can be used to predict future activity.
- What is metadata
The activity of data mining produces metadata. Metadata is data about data or information about data. Metadata from a data mining operation is a concentration of data. It can also be a superset, a subset, or a representation of a larger dataset.
- What is an incident report
Incident report is metadata extracted from a data warehouse of audit logs through the use of a security auditing data mining tool.
- What is of a greater value or sensitivity (due to disclosure) than the bulk of the data in the warehouse?
Metadata
- What is data mart?
This a secure container used to store metadata.
- Define Data Analytics
Data Analytics is the science of raw data examination with the focus of extracting useful information out of the bulk information set.
- What is big data
Big Data refers to the collection of data that is so large that the traditional means of analysis or processing are ineffective, inefficient and insufficient
- List the challenges of big data
collection, storage, analysis, mining, transfer, distribution and results presentation
- What are parallel data systems or parallel computing
parallel data systems or parallel computing is a computation system designed to perform numerous calculations simultaneously.
- What is asymmetric multiprocessing
Asymmetric multiprocessing occurs when processors operate independently of each other.
- What is symmetric processing
symmetric multiprocessing occurs when the processors share a common OS and memory. The collective processors also work collectively on a single task, code or project
- What is Massive Parallel Processing (MPP):
Massive Parallel Processing (MPP) is a variation on AMP, where numerous Symmetric multiprocessing systems are linked together to work on a single primary task across multiple processes in multiple linked systems.
- What is distributed system
the concept of client-server network is also known as distributed system or distributed architecture