CISSP Notes 2 Flashcards
Are launched directly from an attacker (the client) to a listening service. The “Conficker” worm of 2008+ spread via a number of methods, including this method on TCP port 445, exploiting a weakness in the RPC service.
SMB Protocol
Behavioral biometric method, that’s inexpensive, not intrusive and often transparent to the user.
Keystroke pattern
The amount of time the biometric system requires to scan and approve or deny access.
Throughput Rate.
A method where user can register their own devices with the organization & associates them with the user account.
Device Fingerprinting.
3rd party tool to authenticate users own devices into the organization’s network.
SecurityAuth Identity Provider
XML-based language commonly used to exchange (AA) information between federated organizations.
Security Assertion Markup Language (SAML)
XML-framework designed for exchanging user information for federated identity SSO purposes that’s based on DSML.
Service Provisioning Markup Language (SPML)
Can display LDAP-based directory service information in an XML format.
Directory Service Markup Language (DSML)
Menus and shell, DB view and physical interfaces
Constrained User Interface
Declarative access control policy language implemented in XML and also a processing model, describes how to interpret security policies.
Extensible Access Control Markup Language (XACML)
A protocol specification for exchanging structured information in the implementation of web services and networked environments.
Simple Object Access Protocol (SOAP)
A type of IDS that uses if/then statements and expert system to allow for A.I characteristics
Rule-based IDS
A type of client/server technology that forces users to log onto a central server just to use the computer and access network resources.
Thin Clients
An attack method on smart cards when attackers have introduced computational errors into the card with the goal of uncovering the stored encryption keys.
Fault Generation
Attack against smart cards that uses needle-less and ultrasonic vibration to remove the outer protective material on the card’s circuit and tapping into the card’s ROM chips.
Micro-probing Attack
The process of identifying, understanding and categorizing a potential threat
Threat Modeling
IDaaS functionality that includes logging information and answering questions such as who accesses what and when.
Intelligence
IDaaS that includes the ability to provision identities held by service to target application.
Identity Governance and Administration (IGA)
In this model the user authenticates once and then has unconditional access to all resources.
Once In-Unlimited Access (OIUA)
If real SSO isn’t available, then the company compensate this software with _____ solution.
Script-based SSO
A set of IT-U guidelines for the exchange of email of Message Handling System (MHS)
X.400
Developed by telecommunication companies as a way to facilitate a standard method for developing electronic directories for use over telecom networks.
X.500 protocol suite
Outlawed malcode creators plus punishment
Computer Abuse Amendment Act
Guarantees the creators of “original work of authorship” protection against the unauthorized duplication of their works.
Digital Millennium Copyright Act (DMCA)
Privacy and security regulations for hospitals, physicians, insurance companies and other organizations that process or store Personal Health Information.
HIPAA
Greatly broadens the power of law enforcement organizations among many areas including when monitoring electronic communications.
Patriot Act of 2001
A standard for credit card companies to handle the private information of customer credit cards.
PCI-DSS
Integrated framework governance model used to help prevent fraud within a corporate environment
COSO
Framework of control objectives and allows for IT governance
COBIT
The standard for the establishment, implementation, control, and improvement of the information security management system.
ISO 27001
Set of best practices for IT service management
ITIL
Security and Privacy Control objectives for federal information systems and organizations.
NIST SP 800-53
Model and methodology for the development of enterprise architectures developed by the Open Group.
TOGAF
Decomposing the application to gain greater understanding of the logic of the product and its interaction with external elements
Reduction Analysis
Decomposition five key concepts
- Trust boundaries
- Data flow paths
- Input points
- Privileged operations
- Security stance and approach
Approach to identify threats
Focused on assets; focused on attacker; focused on software
Minimum level of security that every system must meet
Baseline
Compulsory requirements for user of hardware, software, technology and security control
Standard
Individual responsible for reviewing and verifying that the security policy is properly implemented
Auditor
individual responsible for implementing the prescribed protections in security policy
Data Custodian
Individual responsible for classifying information
Data Owner
Trained and experienced network, system and security engineer who is responsible for following directives by senior management
Security Professional (You)
Used to store a sample of biometrics
Reference Profile or Reference Template
Commercial classification system
- Confidential
- Private
- Sensitive
- Public
- Top secret
Military classification system
- Top secret
- Secret
- Confidential
- Sensitive but unclassified
- Unclassified
Storing something in out-of-the-way location
Seclusion
Risk Management Framework steps
- Categorize information
- Select security control
- Implement security control
- Assess security control
- Authorize information system
- Monitor security control
The collection of executives practicing the support, definition and direction of the security effort of the organization
Security governance
The system of oversight that may be mandated by law, regulations, industry standards, contractual agreements or licensing requirement.
Third party governance
BCP Main Steps
- Project Scope and planning
- BIA
- Continuity planning
- Approval and Implementation
BCP resource requirements phase
- BCP development
- BCP testing, training and maintenance
- BCP implementation
BCP scope and planning requirements
- Structured analysis of business organization
- Creation of BCP team with senior management approval
- Assessment of availability of resources
- Analysis of legal and regulatory landscape
Business organization analysis and critical departments
- Operation department
- Critical support departments
- Senior executives
BCP team selection
- Representative from each core department
- Representative from each support dept
- Representative from IT
- Representative from legal dept
- Representative from senior management
BIA process steps
- Assets identification
- Risks identification
- Likelihood assessment
- Impact assessment
- Resource prioritization
Continuity planning sub-tasks
- Strategy development
- Provisions and processes
- Plan approval
- Plan implementation
- Training and education
BCP Statement of Importance
Reflects the criticality of the BCP, commonly takes the form of a letter to the employees stating the reason behind BCP efforts and request cooperation of all personnel in implementation phase.
BCP Statement of Priorities
Flows directly from the “identify priorities” phase of BIA and involves listing of the functions considered critical
Statement of organizational responsibility
Comes from senior level executives and echoes the sentiment that “business continuity is everybody’s responsibility”.
Statement of urgency and timing
Expresses the criticality of implementing BCP and outlines the implementation timetable.
Confinement
Allows a process to read from and write to only certain memory locations and resources. This is also known as sandboxing.
Mode Transition
When the CPU has to change from processing code in user mode to kernel mode. This is a protection measure but it causes a performance hit.
HSM
A crypto-processor used to manage/store digital encryption keys, accelerate cryptograhpic ops, and improve authentication. Often an add-on adapter or peripheral or can be TCP/IP network device.
Feedback
One system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then system B provides input to System A)
Memory Protection
Protection mechanism provided by operations systems that can be implemented as encapsulation, time multiplexing of shared resources, naming distinctions, and virtual memory mapping.
TPM
Both a specification for motherboard crypto-processor and general specification name. It is a chip used to store/process crypto keys for hardware and supported HDD crypto systems.
DLL
A set of subroutines that are shared by different applications and operating system processes.
Bound
The bound of a process consist of limits set on the memory addresses and resources it can access. It states the area within which a process is confined or contained.
Unconstrained Data Item (UDI)
Any data item that is not controlled by the security model. Any data that is to be input and hasn’t been validated, or any output.
Base register
Beginning of address space assigned to a process. Used to ensure a process does not make a request outside its assigned memory boundaries.
Package
An intermediate grouping of security requirement components that can be added or removed from a Target of Evaluation (TOE).
Data mining
Searches large amounts of data to determine patterns that would otherwise get “lost in the noise”.
Data Execution Prevention (DEP)
Memory protection mechanism used by some operating systems where segments may be marked as non-executable so that they cannot be misused by malicious software.
Take-Grant
A technology that employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object.
Security Perimeter
Imaginary boundary that separates the trusted computing base from the rest of the system.
PCI-DSS
Collection of requirements for improving security of electronic payment transactions.
Hybrid Microkernel Architecture
Combination of monolithic and microkernel architecture. The microkernel carries out critical operating system functionality, and the remaining functionality is carried out in a client/server model within kernel mode.
Interfaces
Implemented within an application to restrict what users can do or see based on their privileges. Users with full privileges have access to all the capabilities of the application.
Cascading
Input for one system comes from the output of another system.
TCB
A combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy.
Data Hiding
Use of segregation in design decisions to protect software components from negatively interacting with each other.
Common Criteria
A worldwide standards-setting group of reps from various international standards organizations. It defines standards for industrial and commercial equipment, S/W, protocols, and management, among others.
OWASP
Provides a huge number of free resources dedicated to improving an organization’s application security posture.
Tokens
Separate object that is associated with a resource and describes its security attributes. It can communicate security information about an object prior to requesting access to the actual object.
Instruction Set
Set of operations and commands that can be implemented by a particular CPU
Trusted System
Describes a system that is always secure no matter what it is in.
Chinese Wall
This model was created to permit access controls to change dynamically based on a user’s previous activity.
Process Isolation
One in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.
Micro-architecture
Specific design of a microprocessor, which includes physical components (registers, logic gates, ALU, cache, etc.) that support a specific instruction set.
Protection Profile
Specifications for a product that is to be evaluated; the security requirements and protections.
Constrained Data Interface (CDI)
Any data item whose integrity is protected by the security model.
Reference Model
The part of the trusted computing base that validates access to every resource prior to granting access requests.
Multilevel Security
A system is operating in multilevel security when it permits two or more classification levels to be processed at the same time (all that users don’t have the clearance or formal approval to access)
Rootkit
Malware that replaces portion of the kernel and/or operating system.
Interrupts
Software or hardware signal that indicates that system resources (i.e., CPU) are needed for instruction processing.
Graham-Denning Model
Focused on the secure creation and deletion of both subjects and objects. It is a collection of eight primary protection rules or actions that define the boundaries of certain secure actions.
Integrity Verification Procedures (IVP)
In Clark Wilson model, IVP is a procedure that scans data items and confirms their integrity.
Layered OS Architecture
Architecture that separates system functionality into hierarchical layers.
Security Target (ST)
Specify the claims of security from the vendor that is built into the Target Of Evaluation (TOE).
DREAD rating system components
- Damage Potential
- Reproductibility
- Exploitability
- Affected Users
- Discoverability
