Chapter Five & Six Flashcards
Incident Response is…
Responding to a matter of organizational security following existing policy.
Disaster Recovery is…
Policies that define how to recover stole data, mitigate damage, reclaim compromised systems, etc.
Business Continuity is…
Continuing day-to-day business operations before, during, and after security breaches.
Remediation is
recovery from a compromise
Why do we not use
its native OS to analyze its content
This changes information on the hard drive
To handle magnetic data…
Reading data: We generate a current if a coil of wire moves past a magnet
Writing data: We magnetize a surface if it moves past a coil of wire containing a current
Data on a hard drive: What are sectors?
Each sector is an independent data block on the hard drive
– Typical drives have fixed-size sectors
* 512 bytes each, larger on some new drives
– Each sector has a unique address
* Drive may read or write each sector independently
– doesn’t affect other sectors
Moore’s Law:
-– Named for Gordon Moore of Intel
– Noted that, by the mid-1960s, integrated
circuits double size and performance yearly
– Later refined the estimate:
* Doubles every 18 months
True or false: The number of bits determines the maximum
size of any number
True
Signed integers…
– Can be both positive and negative
– Range from [-2147483648 to 2147483647]
– Use a “sign bit” (first bit of a string) as a flag to indicate positive or negative (magnitude)
Unsigned Integers…
– Can ONLY be positive
– Range from [0 to 4294967295]
– Do not have the capacity for negative sign flags to change internal binary interpretation
Clusters are..
Each cluster is a series of sectors treated as a single block of data by the file system
Parity bit…
binary flag which enforces
communication protocol between two computers
Cyclic Redundancy Checks (CRCs)
– Can detect a “burst” of errors
* A series of all 0s replacing the real data
– More sensitive to a change of order
* Simple checksum won’t detect swaps
Error Correcting Codes (ECC)
– Can detect larger-scale errors
– Can correct smaller errors
– Used on RAMs and DVDs
The binary address size
number of bits in the
binary number that holds the address
– We use k bits to store addresses up to size n
k = log2(n)
FAT… (file allocation table)
- A relatively simple and widely used file system
– Introduced in Microsoft’s MSDOS
– Supported in Windows, OS-X, Linux, etc.
– Used in digital products like cameras, medical
equipment, etc. - Supports many modern features
– Longer, mixed-case file names
– Hierarchical directories
– Individual files sized up to 4GB
Boot blocks…
– Contain bootstrap program on bootable drive
– Contains details of the volume format
True or False: FAT Locates free clusters and clusters in files
True
Can we delete a file’s data?
No.
– Sometimes we can retrieve the file’s data if:
* The file’s clusters were all stored in
sequence on the hard drive
* Another file hasn’t overwritten its clusters
– Application Programming Interface (API)
- A simple, standard way for programs to use I/O devices and files
Device Independence
Converts API operations into specific
commands for individual devices
File System
converts file operations into API
operations performed on the hard drive
A compromised system has…
had defenses
weakened, and possibly no other damage
Admissible evidence
This type only may be used in court proceedings
NFTS (New Technology File System)
NTFS is the default file system for modern versions of Windows
Support for larger file sizes, improved file system reliability, enhanced security features like file and folder permissions, encryption, and compression
The three authentication factors:
what you know,
you have, and you are
What are The Three Roadblocks in Modern Cybersecurity?
- Keyloggers
- Rainbow tables
- Social engineering
Keyloggers…
Previously discussed as programs which undermine all levels and orders of C.S policy
Rainbow tables…
Structures which contain computer hash
values for passwords up to {n…m} length
(precomputed hashes)
- Rainbow tables store hashed passwords as
entries in a database
– Simply look up the plaintext string and locate its hash value based on the security protocol - Storage isn’t typically an issue…
– An 8-character rainbow table can be up to 32 petabytes (2^50 bytes) of information!
Passwords in rainbow tables are not stored as plaintext in a system (T/F)
False
Defenses against rainbow tables…
– Key strengthening/lengthening
– Salts
– Nested encryption
– Innovative hashing algorithms
– and more!
Authentication factors examples…
- Something you know
– Password or PIN - Something you have
– Key or token - Something you are
– Personal trait
(T/F) Rainbow tables are Not feasible to store on end-user computers
True
Social engineering…
This is a technique used by attackers to manipulate individuals into divulging confidential information or performing actions that compromise security. It relies on psychological manipulation rather than technical exploits. For example, an attacker might impersonate a trusted authority figure or use pretexting to trick someone into revealing their password or other sensitive information
Range of threats
– Weak threat – authentication is effective
– Strong threat – authentication may work
– Extreme threat – authentication not effective
Search space…
– i.e., how many legal – or likely – passwords?
Two options
– Increase L – the length of passwords
– Increase A – the range of letters and other
characters in the password’s alphabet
dictionary attack…
– Uses a list of likely passwords as the
password space
– There are far fewer likely passwords than
possible passwords
Entropy…
in data indicates the likelihood that a
particular message may appear
– It considers the range of possible messages
and the likelihood of each one
Passive tokens
– Stores an unchanging credential
– Examples: Card keys for hotel rooms,
magnetic stripes on credit cards
Active Tokens…
the most secure
– Stores a secret that generates a different
credential for each login
– Examples: One-time password tokens,
smartphone authentication apps
Protocol…
A challenge response. An exchange of data to yield a shared result
False acceptance
incorrectly detects a
match with a credential and the database
False rejection
fails to detect a match
between a credential and the database
