Course Notes Flashcards

Question

Virtualization

Answer 1

* Huge cost savings * Security must catch up to the speed of change * The control of physical objects is gone * Difficult to apply external security components * Requires additional insight * Harder to view intra-server communication * Take advantage of your logs * They’ll tell you much more than you can see

Answer 2

Good security has many layers • Firewall, DMZ, authentication, intrusion detection, VPN access, anti-virus and anti-malware software

Answer 3

• A layer of security between your internal network and the Internet • Protects external-facing services • Usually less trusted than the Internal network connection

Answer 4

Logically separate your switch ports into subnets • VLANs cannot communicate to each other without a router • The router/firewall becomes the gatekeeper • Control your organization’s traffic from within • Group users together by function • Be careful not to separate users too far from their resources • Is often integrated with the NAC • Move people automatically into their VLAN based on credentials

Answer 5

* No servers, no software, no maintenance team * No hardware of any kind * Someone else handles the platform, you handle the product * You don’t have control of the data, people, or infrastructure * SalesForce.com is an example of PaaS

Answer 6

* On-demand software, no local installation * Used for common business functions such as payroll services * Data and applications are centrally managed * Gmail and Google Docs is an example of SaaS

Answer 7

• Sometimes called Hardware as a Service (HaaS) • Equipment is outsourced • You are still responsible for the overall device and application management • You’re also responsible for the security • Your data is out there, but more within your control • Web hosting and email services would be an example of IaaS

Answer 8

* Private - A virtualized data center * Public - Available to everyone over the Internet * Hybrid - A mix of public and private * Community - Several organizations share the same resources

Answer 9

Connect to a shared storage device across the network • File-level access

Answer 10

Looks and feels like a local storage device • Block-level access

Answer 11

• Run Fiber Channel on Ethernet, not routable

Answer 12

• Encapsulate Fibre Channel frames into IP

Answer 13

Send SCSI commands over an IP network

Answer 14

tcp/20, tcp/21 File Transfer Protocol Sends and receives files between systems

Answer 15

tcp 22 Secure Shell Encrypted console login

Answer 16

tcp 22 Secure Copy Relatively simple file copy over SSH

Answer 17

Secure File Transfer Protocol SSH File Transfer with file management

Answer 18

tcp 23 Telecommunication network Remote console login to network devices

Answer 19

tcp 25 Simple mail transfer protocol Transfer email between mail servers

Answer 20

udp 53 tcp 53 domain name services Convert domain names to IP addresses

Answer 21

udp 69 Trivial File Transfer Protocol A very simple file transfer protocol

Answer 22

tcp 80 Hyper text transfer protocol Web server communication

Answer 23

tcp 110 Post Office Protocol version 3 Receive mail into a mail client

Answer 24

udp 137 NetBIOS Name service Register, remove find services by name

Answer 25

Udp 138 Connectionless data transfer

Answer 26

tcp 139 Connection-oriented data transer

Answer 27

tcp 143 Internet Message Access Protocol v4 A newer mail client protocol

Answer 28

udp 161 Simple Network Management Protocol Gather statistics and manage network devices

Answer 29

tcp 443 Hypertext Transfer Protocol Secure Web server communication with encryption

Answer 30

tcp 443 Transport Layer Security/Secure Sockets Layer Secure protocols for web browsing

Answer 31

Tcp 990, 989 File transfer protocol over secure sockets layer Adds security to FTP with TLS/SSL

Answer 32

Tcp 3389 Remote Desktop Protocol Graphical display of remote device

Answer 33

Internet control message protocol Send management messages between devices

Answer 34

Various Internet Protocol Security Authentication, Integrity, confidentiality, and encryption

Answer 35

Physical Signaling,cabling,connectors (cables,NICs,hubs)

Answer 36

Data Link Switching Layer The switching layer (frames, Mac addresses, EUI-48, EUI, 64, switches

Answer 37

Network - The routing Layer Ip addresses, routers, packets

Answer 38

Transport - post office layer TCP segements UDP datagrams

Answer 39

Session - communication between devices (control protocols, tunneling protocols

Answer 40

Presention - encoding and encryption SSL/TLS

Answer 41

Application - The layer we see Google mail, twitter, facebook

Answer 42

Physical, Data link, network, transport, session, presentation, application

Answer 43

EAP (Extensible Authentication Protocol) • An authentication framework • WPA and WPA2 use five EAP types as authentication mechanisms

Answer 44

Lightweight Extensible Authentication Protocol • Cisco proprietary • Uses passwords only • No detailed certificate management • Based on MS-CHAP (including MS-CHAP security shortcomings)

Answer 45

(Protected Extensible Authentication Protocol) • Created by Cisco, Microsoft, and RSA Security • Encapsulates EAP in a TLS tunnel • Only one certificate needed, on the server

Answer 46

* 64-bit or 128-bit key size * Cryptographic vulnerabilities found * WEP is no longer used

Answer 47

* Short-term workaround after WEP * Used RC4 cipher as a TKIP (Temporal Key Integrity Protocol) * TKIP has its own vulnerabilities

Answer 48

• Replaced TKIP with CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) • Replaced RC4 with AES (Advanced Encryption Standard) • WPA2 is the latest and most secure wireless encryption method

Answer 49

* WPA2-Enterprise adds 802.1x | * RADIUS server authentication

Answer 50

Authentication to a network • Common on wireless networks • Access table recognizes a lack of authentication • Redirects web access to a captive portal page • Username / password • And additional authentication factors • Once proper authentication is provided, the web session continues • Until the captive portal removes your access

Answer 51

* One of the most common * Included on most access points * Signal is evenly distributed on all sides * Omni=all * Good choice for most environments * You need coverage in all directions * No ability to focus the signal * A different antenna will be required

Answer 52

* Focus the signal - Increased distances * Send and receive in a single direction * Focused transmission and listening * Antenna performance is measured in dB * Double power every 3dB of gain * Yagi antenna - Very directional and high gain * Parabolic antenna * Focus the signal to a single point

Answer 53

``` Access is controlled through the physical hardware address • It’s easy to find a working MAC addresses with wireless LAN analysis • MAC addresses can be spoofed • Security through obscurity ```

Answer 54

• The SSID is the name of the wireless network • i.e., LINKSYS, DEFAULT, NETGEAR • Change the SSID to something appropriate for its use • The SSID broadcasts can be disabled • You can still determine the SSID through wireless network analysis • Security through obscurity

Answer 55

Temporal Key Integrity Protocol • Created when WEP was broken - we needed a stopgap • Mixed the keys - Combines the secret root key with the IV • Adds sequence counter - Prevents replay attacks • 64-bit Message Integrity Check - Protects against tampering • Used in WPA (Wi-Fi Protected Access) prior to the creation of WPA2

Answer 56

• Counter Mode with Cipher Block Chaining Message Authentication Code Protocol • Replaced TKIP when WPA2 was published • Based on AES and uses a 128-bit key and a 128-bit block size • Requires additional computing resources • Data confidentiality - Only authorized parties can access info • Authentication - Provides proof of genuineness of the user • Access control - Allow or disallow access to the network

Answer 57

Sample the existing wireless spectrum • Identify existing access points • Work around existing frequencies, plan for interference • Plan for ongoing site surveys - things will certainly change

Answer 58

Wireless from your local coffee shop - no encryption • Everyone around the coffee shop can see your traffic • Exceptionally easy to capture your data • Some of your data might be encrypted with HTTPS. Maybe. • Protect all of your traffic with a VPN tunnel

Answer 59

Technical security controls, Management security controls, Operational security controls

Answer 60

Access control, audit and accountability, identification and authentication, system and communications protection

Answer 61

Security assessment and authorization, planning, risk assessment, system and services acquisition, program management

Answer 62

Awareness and training, configuration management, contingency planning, incident response, maintenance, media protection, physical and environmental protection, personnel security, system and information integrity

Answer 63

A report that isn’t true - a false alarm or mistaken identity • IDS/IPS information - only as good as the signatures • Workstation anti-virus - False positives can remove legit files • Consider a second opinion - http://www.VirusTotal.com

Answer 64

A report missed identifying something - no notification • Malicious traffic got through your defenses • It’s difficult to know when this happens - It’s completely silent • Get catch/miss rates with industry tests - IPS, anti-virus

Answer 65

``` A set of policies that covers many areas of security • Human resource policies • Business policies • Certificate policies • Incident-response policies ```

Answer 66

• Annualized Rate of Occurrence (ARO) • How likely is it that a hurricane will hit? In Montana? In Florida? • SLE (Single Loss Expectancy) • What is the monetary loss if a single event occurs? • Laptop stolen = $1,000 • ALE (Annual Loss Expectancy) • ARO x SLE • 7 laptops stolen a year (ARO) x $1,000 (SLE) = $7,000 • The business impact can be more than monetary • Quantitative vs. qualitative

Answer 67

* Assign a dollar value to risk * Single Loss Expectancy (SLE) - How much loss for one event? * Annual Loss Expectancy * SLE x Annual Rate of Occurrence (ARO) * Often difficult to calculate without historical reference * How risky is a buffalo stampede?

Answer 68

• Identify significant risk factors • Ask opinions about the significance • Display visually with traffic light grid or similar method

Answer 69

* Where are we vulnerable to threats? * OS, applications, 3rd-party connections, Internet * Constant vigilance * New threats discovered all the time * Old threats become popular again

Answer 70

``` Actively scan a network in search of vulnerabilities • Known vulnerabilities • Automated process • For unknown vulnerabilities, consider input validation/fuzzing • Can identify obvious and no-so-obvious vulnerabilities • Lack of application/OS patches • No anti-virus/anti-spyware • Weak passwords ```

Answer 71

• A flaw or weakness • A door with a broken lock • An operating system library that grants administrative access • This doesn’t mean your system has been breached • Someone first has to know about the vulnerability • Vulnerabilities were there, but previously unknown • This is why we patch • New vulnerabilities are identified all the time

Answer 72

``` The path that the threat takes to the target • Target: Your computer, mobile device, gaming system • Email: Embedded links, attached files • Web browser: Fake site, session hijack • Wireless hotspot: Rogue access point • Telephone: Social engineering • USB flash drive: Auto-executing malware • And many more… ```

Answer 73

• Identify actual and potential threats • Regardless of the probability • Identify as many vulnerabilities as possible • Check your OS, your services, and your applications • Nobody said this would be easy • Now you can calculate the likelihood of a successful exploit • There’s no official formula here • Different organizations will have different priorities

Answer 74

Risk avoidance, risk transference, risk acceptance, risk mitigation, risk deterrence.

Answer 75

stop participating in high-risk activity

Answer 76

Buy some insurance

Answer 77

A business decision; we’ll take the risk!

Answer 78

Decrease the risk level

Answer 79

Big dogs, security fences, warning signs

Answer 80

``` Control of data • Data in the cloud can potentially be accessed by anyone • Security is managed elsewhere • Your control mechanisms are in the hands of others • Server unavailability / Account lockout • Cloud computing doesn’t guarantee availability ```

Answer 81

* Compromising the virtualization layer puts all systems at risk * There is little control over VM to VM communication * Support for “virtual firewalls” is an emerging technology * Single physical host contains VMs that have different security profiles * Physical separation is no longer possible * There is potential for loss of separation of duties * System admin controls many servers on a single piece of hardware

Answer 82

Mean time to Restore (MTTR), Mean time to repair(MTTR), Mean time to failure, (MTTF), Mean time between failures(MTBF), Recovery time objective(RTO), Recovery point objectivces(RPO)

Answer 83

Mean time to restore (MTTR) | • Mean time to repair

Answer 84

Mean time to failure (MTTF) | • The expected lifetime of a product or system

Answer 85

* Mean time between failures (MTBF) | * Predict the time between failures

Answer 86

Recovery time objectives (RTO) • Get up and running quickly • Get back to a particular service level

Answer 87

* Recovery point objectives (RPO) * How much data loss is acceptable? * Bring the system back online; how far back does data go?

Answer 88

``` • Bring a new partner into the organization • This is more particular than hiring new staff • Many agreements will be in place • Legalities associated with business and security matters • Implement technical functions • Secure connections between partners • Usually as an IPsec tunnel or physical segmentation • Establish an authentication method • Provide access to shared resources • Audit all security controls • Properly share (and separate) data ```

Answer 89

``` This process should be pre-planned • You don’t want to decide how to do things at this point • How will the systems be dissolved? • What happens to the data? • When will the final connections be terminated? ```

Answer 90

Management of data • Social media data includes privacy concerns • Some of the data is extremely valuable • Your social media reputation • Someone else is tweeting for you • The tone is as important as the message • Account control is important • Social media accounts are shared by a large group • A mistake on one phone can be seen by many

Answer 91

Memorandum of Understanding(MOU), Service Level Agreement(SLA), Businesss Partners Agreement(BPA), Interconnection Security Agreement(ISA)

Answer 92

Memorandum of Understanding • Informal letter of intent;not a signed contract • Usually includes statements of confidentiality

Answer 93

* Service Level Agreement (SLA) * Minimum terms for services provided * Uptime, response time agreement, etc

Answer 94

Business Partners Agreement (BPA) | • Commonly seen between manufacturers and resellers

Answer 95

nterconnection Security Agreement (ISA) | • Used by US Federal Government to define security controls

Answer 96

Privacy of the individual • Both personal and professional • Legally mandated privacy laws in many European countries • An employer can’t track your personal computer use • Customer data often contains a aspect of privacy • Even benign data can be combined to violate privacy • Third-party agreements must consider privacy • The rules should be in place from the beginning

Answer 97

Data is everything • The most important asset in an organization • Without the data, there’s no company • The owner of the data has a responsibility • Protection, privacy • Technical / Logical controls • Physical controls • Who owns the data if the third-party agreement ends?

Answer 98

``` Combine two systems • Hopefully get a seamless technical integration • Security must be designed into the project • Usually designed by teams from both organizations • Everyone must be aware of the risks • Security policies must be examined for additional risks • Resources, business requirements, and risk must be balanced • Agreements must be in place • For example: Who does backups? Who gets access to the backups? How are the backups stored? ```

Answer 99

``` Who owns the data? • There’s more than one participant • Is there more than one owner? • What part of the data is owned by which partner? • Data ownership agreements can avoid some of the messy details • Where is the data stored? • Who owns the data when • the relationship is over? • How is data destroyed? ```

Answer 100

``` • Data shared between partners • Network connections may exist • Proper controls may not be in place • Data shared with others • Agreements are usually in place with the data owners • Data is sometimes shared with others without permission ```

Answer 101

* Backups are often overlooked * They contain everything * Data backups are often kept off-site * Yet-another third-party * Losing data from a backup is a very bad thing * Seems to happen more often than you might think * Not all backups are the same * Financial data, health care data, top secret data, etc.

Answer 102

The security policy is the weakest link • A badly implemented security policy puts data at risk • Protect information between vendors, partners, and customers • Avoid data modification, disclosure, damage, or destruction • Most of this language is contractual • Everybody understands their responsibilities • Security policies are constantly updated • The threat landscape is constantly changing

Answer 103

Third-party relationships add to the need for security compliance • Shared resources require additional oversight • Compliance can be technically challenging • Cloud-based services add additional complexity • Some compliance requirements are legally mandated • HIPAA - Health Insurance Portability and Accountability Act • PCI DSS - Payment Card Industry Data Security Standard • FISMA - Federal Information Security Management Act • Perform a gap analysis • Determine all gaps in security • Resolve the issues • Some issues can’t be easily resolved • A decision must be made regarding cost vs. benefit • Perform periodic audits • These audits may be involved and far-reaching • More coordination required with the third-party

Answer 104

• Upgrade software, change firewall configuration, modify switch ports • Occurs very frequently • The change management process is often overlooked or ignored • Clear policies are needed • Frequency, duration, installation process, fallback procedures

Answer 105

* Series of events that negatively affects the organization * Database hack, stolen laptop, water pipe burst * Who will be contacted when an incident occurs? * Who’s responsible for managing the incident response? * Technical steps for handling systems and preserving evidence * What goes on the report?

Answer 106

``` • Management sets the limits • Security team administers the limits • You must translate management requirements into technical access • Periodic audits are useful ```

Answer 107

* Does everyone have the correct permissions? * How are your resources used? * Are your systems and applications secure? * Are your disaster recovery plans going to work? * Can you contact the right people at the right time? * Document everything

Answer 108

``` Copy the contents of a disk • Bit-for-bit, byte-for-byte • Software imaging tools • Use a bootable device • Remove the physical drive • Use a hardware write-blocker • Get the backup tapes • These may already be available ```

Answer 109

* Involves process and procedure * Some of the most difficult data policies to implement * It’s very easy to carry large amounts of data around * There are both internal and external threats * You have to protect everywhere * This is a bigger threat every day

Answer 110

* On your computer - Data in use * On your network - Data in motion * On your server - Data at rest

Answer 111

``` Traffic logs • Firewalls log a lot of information • Switches and routers don’t usually log user-level information • Intrusion Detection/Prevention Systems • Raw network traffic data • Rebuild images, email messages, browser sessions, file transfers ```

Answer 112

``` • A moving record of the event • Gathers information external to the computer and network • Captures the status of the screen and other volatile information • Don’t forget security cameras • The video content must also be archived ```

Answer 113

• Windows: 64-bit time stamp • Number of 100-nanosecond intervals since January 1, 1601 00:00:00 GMT • This stops working in 58,000 years • Unix: 32-bit time stamp • Number of seconds since January 1, 1970 00:00:00 GMT • This stops working on Tuesday, January 19, 2038 at 3:14:07 GMT • Different file systems store timestamps differently • FAT: Time is stored in local time • NTFS: Time is stored in GMT • Record the time offset from the operating system • The Windows Registry • Many different values (daylight saving time, time change information, etc.)

Answer 114

MD5(Message Digest 5), CRC(Cycilical Redundancy Check)

Answer 115

Hashing algorithm 128 bits, displayed as hexadecimal

Answer 116

Hashing Algorithm . • 32 bits, displayed as hexadecimal

Answer 117

* Capture the state of the screen * Difficult to reproduce, even with a disk image * External capture * Use digital camera * Internal capture * PrintScreen key * Third-party utility

Answer 118

Who might have seen this? • Interview and document • Not all witness statements are 100% accurate • Humans are fallible

Answer 119

* Some incidents can use massive resources * May have an impact on the bottom line * May be required for restitution * Be as accurate as possible

Answer 120

``` Controlling and managing the evidence to maintain integrity • Document everyone who contacts the evidence • Use hashes with digital evidence • Label and catalog everything • Seal, sign, and store ```

Answer 121

* Large amounts of data, stored without structure * Incidents can create an enormous amount of data * Diverse log formats and data types * Collecting the data is only the first part * You must also be able to view it * Query the data * A structured language that applies to large scale data * Visualization tools can display the data in unique ways * Graphs * Statistical analysis * Tag clouds

Answer 122

• Communication methods - phones and contact info • Incident handling hardware and software • Laptops, removable media, forensic software, digital cameras • Incident analysis resources • Documentation, network diagrams,baselines, critical file hash values • Incident mitigation software • Clean OS and application images • Policies needed for incident handling • Everyone knows what to do

Answer 123

Risk assessments • Periodic analysis, prioritization of risk, disposition of risk • Host security • Harden the operating system, patches, and ongoing monitoring • Network security • Firewalls, VPNs, intrusion prevention systems • Malware prevention • Hosts, email and file servers, application clients • User awareness and training • Keep your users updated with the latest security techniques

Answer 124

Web server log - Vulnerability scanner in use • Exploit announcement • Monthly Microsoft patch release, Adobe Flash update • Direct threats - A hacking group doesn’t like you

Answer 125

An attack is underway or an exploit is successful • Buffer overflow attempt • Identified by an intrusion detection/prevention system • Anti-virus software identifies malware • Deletes from OS an notifies administrator • Host-based monitor detects a configuration change • Constantly monitors system files • Network traffic flows deviate from the norm • Requires constant monitoring

Answer 126

``` • Corporate / Organization • CIO / Head of Information Security / Internal Response Teams • Internal non-IT • Human resources, public affairs, legal department • External contacts • System owner, law enforcement • US-CERT (for U.S. Government agencies) ```

Answer 127

Notification is ongoing during an event • Status updates, wide-scale notifications • Consider in-band and out-of-band methods • Email, Web (intranet, external, etc.), Telephone calls, In-person updates, Voice mail recordings, Paper flyers, notices

Answer 128

* Potential damage and theft - prevent the destruction * Preserve the evidence * Gather as many details as possible * Maintain service availability * The organization must continue * Implementation resources and time * Every task requires resources * Effectiveness - amount of containment * Duration of the mitigation - Let’s get this over quickly

Answer 129

Generally a bad idea to let things run their course • An incident can spread quickly • Sandboxes • The attacker thinks they’re on a real system, but they’re not • Isolation can be sometimes be problematic • Malware or infections can monitor connectivity • When connectivity is lost, everything is deleted/encrypted/damaged

Answer 130

What happened, exactly? • Timestamp of the events • How did your incident plans work? • Did the process operate successfully? • What would you do differently next time? • Retrospective views provide context • Which indicators would you watch next time? • Different precursors may give you better alerts

Answer 131

A lot of information is created during an incident • Information should be objective and factual • Logbook - a pencil and paper is remarkable technology • Digital camera - a snapshot or movie of a device • Audio recorder - easier to say it and transcribe later • Laptop - capture terminal sessions and digital evidence

Answer 132

* Incident status * Summary information * Relationship between incidents * Actions taken by all parties * Chain of custody information * Contact information * Comments from incident handlers * Next steps to be taken

Answer 133

Eradicate the bug • Remove malware, disable breached user accounts, fix vulnerabilities • Recover the system • Restore from backups, rebuild from scratch, replace compromised files, tighten down the perimeter

Answer 134

* A phased approach - it’s difficult to fix everything at once * Recovery may take months * Large-scale incidents require a large amount work * The plan should be efficient * Start with quick, high-value security changes * Patches, firewall policy changes * Later phases involve much “heavier lifting” * Infrastructure changes, large-scale security rollouts

Answer 135

Very specific tasks for the first person on the scene • Objective is to contain the damage • Don’t disturb the environment • Get the right people in place before poking around • Follow the escalation policy

Answer 136

Try to determine the attacker • Useful for law enforcement and to stop future breaches • Security must be analyzed and secured • Change passwords, update firewalls • Even across systems that may not appear to be breached • Notify all affected people - customers, partners, employees • Personally Identifiable Information (PII) may require additional notifications • Credit monitoring requirements

Answer 137

Prevent the spread of damage • Needs to be part of the incident response policy • Virus infection may be handled differently than a DoS attack • Device removal - pull a device from the network • Disconnect the Internet • Every case is a bit different • What’s attacked or damaged? • Can you gather additional details if you leave it in place?

Answer 138

* All of your policy information is on the Intranet * Provide in-person mandatory training sessions * Train people on general security best practices * Define a company policy for visitors GUI configuration

Answer 139

* Part of your privacy policy * Not everyone realizes the importance of this data * It should become a normal part of security management

Answer 140

Unclassified (public) - no restrictions on viewing the data • Classified (private / restricted / internal use only) • Confidential (low) - highly sensitive, must be approved to view • Secret (medium) - viewing is severely restricted • Top-Secret (high) - highest level of classification

Answer 141

Data is usually saved for a very long time • Document and label everything • Some backups must be legally preserved • Trash and recycling can be a security concern

Answer 142

• Non-compliance has serious repercussions • Sarbanes-Oxley Act (SOX) - The Public Company Accounting Reform and Investor Protection Act of 2002 • The Health Insurance Portability and Accountability Act (HIPAA) • Extensive standards for storage, use, and transmission of health care information • The Gramm-Leach-Bliley Act of 1999 (GLBA) • Disclosure of privacy information from financial institutions

Answer 143

Promote good password behaviors • Document data handling processes • Define clean desk policies • Personally owned devices can be a challenge • Tailgating can allow unauthorized people to enter the building

Answer 144

``` • New viruses - thousands every week • Phishing attacks • Spyware • Learns personal info, captures keystrokes and browsing information • Zero-day exploits • Quick reaction is the only defense ```

Answer 145

* You become a file server * All of your content can be exposed * Social networks provide false sense of trust

Answer 146

Formative assessment • Constant monitoring, target areas that need work • Summative assessment • High-stakes, final exam, certification exam

Answer 147

Large-scale monitoring - automation is the key • Learning Management System (LMS) assessment software • Training delivery- video, text, quizzes • Score tracking - individual performance • Student feedback - communication path to the trainers

Answer 148

• Thermodynamics, fluid mechanics, and heat transfer • Not something you can properly design yourself • Must be integrated into the fire system • Data Center should be separate from the rest of the building • Overheating is a huge issue • Engineer for closed-loop recirculating and positive pressurization • Recycle internal air and air is pushed out

Answer 149

* Computers produce large amounts of EMI * Metal shielding inside of a computer case can minimize EMI * Appears as noise on video and analog audio

Answer 150

* Optimize your cooling infrastructure * Constantly monitor and log the environment * Many servers include internal temperature sensors * Portable or emergency cooling may be valuable

Answer 151

Hardware locks - Lock and key, deadbolt, electronic, tokenbased, biometric, multi-factor smart card • Mantraps - Multiple doors that only unlock one at a time • Video surveillance - closed-circuit television • Fencing - a perimeter • Proper lighting - deter crime and provide camera lighting • Signs - specific instructions, fire exits, warning signs • Guards - access lists, physical protection • Barricades - channel people through a particular access point • Protected Distribution System (PDS) - physically secured cabling • Alarms - circuit-based, motion detection

Answer 152

Technical - Controls implemented using systems • Administrative - Controls that determine how people act • Deterrent - Discourages an intrusion attempt • Preventive - Physically control access • Detective - Identifies and records any intrusion attempt • Compensating - Restores using other means

Answer 153

• What are your critical business functions? • Is there loss of revenue, legal requirements, or customer service? • How long will you be impacted? • What’s the impact to the bottom line?

Answer 154

Make a list of critical systems - this is an involved process • List business processes - Accounting systems, manufacturing application, VoIP call center, etc. • Associate tangible and intangible assets and resources with the business processes

Answer 155

People - employees, suppliers, visitors • Tangible assets • Buildings, furniture, equipment, data, paper documents • Intangible assets - Ideas, commercial reputation, brand • Procedures - Supply chains, critical procedures, standard operating procedures

Answer 156

* A single event can ruin your day * Network redundancy with multiple devices * Backup power, multiple cooling devices * Plan for additional people and other locations * There’s no practical way to remove all points of failure

Answer 157

* Assign a dollar value to risk * Single Loss Expectancy (SLE) * How much loss for one event? * Annual Loss Expectancy * SLE x Annual Rate of Occurrence (ARO)

Answer 158

* Identify significant risk factors * Ask opinions about the significance * Display visually with traffic light grid or similar method

Answer 159

• Business processes are interrelated • HR drives payroll, IT provides payroll system, accounting provides the money • Almost everything business-related relies on IT • Involve the entire company • It can be difficult to document the company operations

Answer 160

Plan for both small disasters and large disasters • Can be managed through a 3rd-party • Take advantage of geographically diverse areas • Many variables, the unknown can bite you

Answer 161

Develop the contingency planning policy statement • Conduct the business impact analysis • Identify preventive controls • Create contingency strategies • Develop an information system contingency plan • Ensure plan testing, training, and exercises • Ensure plan maintenance

Answer 162

* Manage the leadership of the company * A gap can cause a vacuum or financial impact * Management can leave the company, retire, die * Often a deputy who can assume the role * Travel restrictions may apply

Answer 163

Performing a full-scale disaster drill can be costly • Many of the logistics can be determined through analysis • You don’t physically have to go through a disaster or drill • Get key players together for a tabletop exercise • Talk through a simulated disaster

Answer 164

* Maintain uptime * The organization continues to function * No hardware failure - servers keep running * No software failure - services always available * No system failure - network performing optimally

Answer 165

Redundancy doesn’t always mean always available • HA (high availability) - always on, always available • May include many different components working together • Watch for single points of failure

Answer 166

* Cold spare - in the box, turned off * Warm spare * May be racked and powered, but not connected * Software and configurations may occasionally be updated * Hot spare - powered on, always updated

Answer 167

* Cold site - no hardware, no data, no people * Warm site - hardware is waiting, you bring the data * Hot site * An exact replica, stocked with hardware and software * Flip a switch and everything moves

Answer 168

Raid 0, 1, 5,

Answer 169

Striping without parity High performance no fault tolerance

Answer 170

Mirroring Duplicates data for fault tolerance, but requires twice the disk space

Answer 171

Striping with parity fault tolerant, only requires an additional disk for redundancy

Answer 172

* Certain information should only be known to certain people * Encryption - Encode messages so only certain people can read it * Access controls - Selectively restrict access to a resource * Steganography * Conceal information within another piece of information * Commonly associated with hiding information in an image

Answer 173

Data is stored and transferred as intended • Any modification to the data would be identified • Hashing • Map data of an arbitrary length to data of a fixed length • Digital signatures - Verify the integrity of data • Certificates • Combine with a digital signature to verify an individual • Non-repudiation - Provides proof of integrity

Answer 174

* Information is accessible to authorized users * Redundancy * Build services that will always be available * Fault tolerance * System will continue to run with failures * Patching - Stability, close security holes

Answer 175

* Fencing - Keep out the unwanted * Lighting - Protect assets, especially at night * Locks - Prevent access through doors * CCTV - Closed-circuit television - video monitoring * Escape plans and routes - Best way out of an area * Drills - Test and adjust * Testing controls * Test against physical and digital security

Answer 176

``` Can gather information • Can capture your keystrokes • Often controlled over the ‘net • Can show you advertising • May install an OS backdoor ```

Answer 177

* Malware that can reproduce itself * It doesn’t need you to click anything * It needs you to execute a program * Reproduces through file systems or the network * Just running a program can spread a virus * Some viruses are invisible, some are annoying * Anti-virus software is very common * There are thousands of new viruses every week

Answer 178

Boot sector, Program, Script, Macro, Multipartite

Answer 179

Installs into the drive boot area

Answer 180

Part of a legitimate application

Answer 181

Operating system and browser-based

Answer 182

Common in Microsoft Office

Answer 183

Infects and spreads in multiple ways

Answer 184

• Self-replicates without human intervention • Uses the network as a transmission medium • Can infect many PCs very quickly • Firewalls and IDS/IPS can mitigate many worm infestations

Answer 185

Your computer shows you advertisements • May cause performance issues • May be included with other software installations • Be careful of software that claims to remove adware

Answer 186

Malware that spies on you • Advertising, identity theft, affiliate fraud • Can trick you into installing • Monitors your browser activity • Logs your keystrokes • Send this information back to a central server

Answer 187

Software that pretends to be something else • Replicating isn’t the primary requirement • Circumvents your existing security because you ran it yourself • Anti-virus may catch it when it runs • The better trojans are built to avoid and disable AV • Once it’s inside it has free reign • May then open the gates for other programs

Answer 188

Why go through normal authentication methods? Just walk in the back door • Often placed on your computer through malware • Some malware software can take advantage of backdoors created by other malware • Bad software can have a backdoor as part of the app

Answer 189

* Modifies core system files * May be part of the kernel * Designed to be invisible to the operating system * You won’t see it in Task Manager * Also invisible to traditional anti-virus utilities

Answer 190

``` Waits for a predefined event • Time bomb - Based on time or date • Logic bomb - Set off through a user event • Difficult to identify • Difficult to recover if it goes of ```

Answer 191

Robot networks • Once your machine is infected, it becomes a bot • You usually do not know that you’re a bot • May be installed as part of a malware • Waits around until receiving commands from the mothership

Answer 192

``` The bad guys want your money • They’ll take your data in the meantime • May be a “fake” ransom • Locks your computer “by the police” • The ransom may be avoided • A security professional can remove these kinds of malware ```

Answer 193

Changes itself to avoid signature detection • Every download is different • The attack code doesn’t change • Just everything around it • Encrypt the malware executable • Use a different key pair every time • Create signatures that look for a specific payload • One signature can stop many variants • Use heuristic detection systems • Be ready to use some additional resources

Answer 194

Virus writers don’t want their work to be discovered • Makes the anti-virus software look elsewhere • If found, make it difficult to deconstruct • Security researchers disassemble the virus code • The virus is usually obfuscated with unnecessary and nonsense code • The virus writer’s goal is to make it as painful as possible to identify and block • The longer the research, the more widespread the infection

Answer 195

* Redirects your traffic, then passes it on to the destination * You never know your traffic was redirected * ARP has no security, relies on security in the switch

Answer 196

Force a service to fail • Overload the service • Take advantage of a design failure or vulnerability • Cause a system to be unavailable • Can create a smokescreen for some other exploit • May be a precursor to a DNS spoofing attack • Not usually a very complicated attack • Turning off your power is an effective DoS

Answer 197

* Useful information is transmitted over the network * Network Tap is used to access to the raw network data * ARP poisoning can redirect traffic * Malware on the victim computer gathers information * Data is replayed to appear as someone else

Answer 198

Pretend to be something you aren’t • Fake web server, fake DNS server, etc. • Email address spoofing • The sending address of an email isn’t really the sender • Man-in-the-middle attacks • The person in the middle of the conversation pretends to be both endpoints • Caller ID spoofing • The incoming call information is completely fake

Answer 199

Modify the DNS server, modify the client host file | • Send a fake response to a valid DNS request

Answer 200

* Redirection to a bogus site * Combines farming with phishing * Farming - Harvest large groups of people * Phishing - Collect access credentials * Difficult for anti-malware software to stop * Everything appears legitimate to the user

Answer 201

* Unsolicited email, traditionally for advertising | * Can also be used to spread trojans/botnets

Answer 202

• Spam over IM - links in IM can be malicious

Answer 203

Spam over internet telephony | • VoIP providers have made this difficult to implement

Answer 204

* White list to only allow known senders * Black list to remove the bad senders * Bayesian filtering is based on certain words/phrases * Cloud-based spam services check email before it arrives

Answer 205

* Social engineering with a touch of spoofing * Often delivered by spam, IM, etc. * Don’t be fooled, check the URL * Vishing is done over the phone

Answer 206

More believable phishing with inside information | • Spear phishing the CEO is “whaling”

Answer 207

Send a carefully crafted packet to a host • URG, PUSH, and FIN are set - 00101001 • Lit up “like a Christmas tree” • May slow down the remote device (DoS) • Easy to see this attack with an IPS • Most modern devices will drop these packets

Answer 208

Gain higher-level access to a system • Exploit a vulnerability, might be a bug or design flaw • Higher-level access means more capabilities • This commonly is the highest-level access • These are high-priority vulnerability patches • You want to get these holes closed very quickly • Any user can be an administrator • Horizontal privilege escalation • User A can access user B resources

Answer 209

* Patch quickly - Fix the vulnerability * Updated anti-virus/anti-malware software * Data Execution Prevention * Address space randomization * Prevent a buffer overrun at a known memory address

Answer 210

* This is why we have the concept of least privilege * Insiders have more access than others * Lock away your documents * Harms your organization’s reputation * Can cause a critical system disruption * May include loss of confidential or proprietary info

Answer 211

* A trusts B, B trusts C, therefore A trusts C * Often the case in network security * Little control over the transitive * Common to trust nobody * Firewalls often separate business partners * Firewalls can only stop so many things * You can’t stop all access from your business partner

Answer 212

* Servers are more secure than ever * Attack the client - Bad programming makes it easier * Browsers, media players, office apps, email clients * A single insecurity can reveal all information * Keep operating system and applications updated * A single vulnerability can own a computer

Answer 213

* Brute force - Guess the password, calculate the hash * Dictionary attack - Use common words as passwords * Hybrid attack - Combine brute force and dictionary attacks * Birthday attack - The same hash value for two plaintexts * Rainbow tables - An optimized, pre-built set of hashes

Answer 214

Determine which website the victim group uses • Educated guess - Local coffee shop, industry-related sites • Infect one of these third-party sites • Site vulnerability, email attachments • Infect all visitors, even if you’re just looking for specific victims

Answer 215

``` Typosquatting / brandjacking • Take advantage of poor spelling • Outright misspelling • professormesser.com vs. professermesser.com • A typing error • professormeser.com • A different phrase • professormessers.com • Different top-level domain • professormesser.org ```

Answer 216

A threat that doesn’t actually exist, but SEEMS real • Still often consume lots of resources • Forwarded emails, printed memorandums, wasted time • Often an email or social network post • A hoax about a virus can waste as much time as a regular virus

Answer 217

t’s difficult to identify whaling with traditional security devices • Passes through the firewall and IPS • Difficult to train • Consider using practical exercises

Answer 218

* Constantly changing * You never know what they’ll use next * May involve multiple people and multiple organizations * There are ties connecting many organizations * May be in person or electronic * Phone calls from aggressive “customers” * Emailed funeral notifications of a friend or associate

Answer 219

A significant potential backdoor • Very easy to plug in a wireless AP • Schedule a periodic wireless survey • Consider using 802.1X (Network Access Control)

Answer 220

Buy a wireless access point • Configure it exactly the same way as an existing network • Same SSID and security settings • May not require the same physical location • Use HTTPS and a VPN to help mitigate

Answer 221

Radio waves can be disrupted • Intentional jamming or disruption of wireless signals is illegal in the United States (and elsewhere) • Degrades or completely denies service • May be used in conjunction with a wireless “evil twin”

Answer 222

Stop the offending station at the source • May require additional monitoring equipment • Boost the power of existing access points • Try different frequencies

Answer 223

Combine WiFi monitoring and a GPS • Gather a huge amount of intel in a short period of time • All of this is free with tools like Kismet, inSSIDer • You can also use warflying or warbiking

Answer 224

``` • Historical footnote to 802.11 wireless networking • Created in June 2002, publicized by Matt Jones • If you find a node, let someone else know • By the time this was a big problem, it wasn’t a problem anymore ```

Answer 225

Sending of unsolicited messages to another device via Bluetooth • Typical functional distance is about 10 meters • Bluejack with an address book object, instead of contact name a message is written • “You are Bluejacked! Add to contacts?” • Third-party software may also be used

Answer 226

* A rare attack that takes advantage of a vulnerability * Access a Bluetooth-enabled device and transfer data * Exploited through security weaknesses * Must be fixed with a patch * Download a file without authentication

Answer 227

• IV is an extra bit of data thrown in to change the encryption stream • The IV changes each time data is sent (ideally) • With 802.11 WEP, the IV is sent with the encrypted data • The other side reverses the process

Answer 228

• No key management, everyone usually has the same key • The WEP IV is 24-bits long - relatively small • 16,777,216 possible RC4 cypher streams for a given WEP key • IV values eventually are reused • Some “weak” IVs don’t properly provide for good encryption, and makes it easy to discover the key • The bad guys will inject frames to intentionally duplicate IVs and make key identification easier

Answer 229

Most information over the network is “in the clear” • Relatively difficult to capture data over wired networks • Wireless networks are incredibly easy to monitor • Some network drivers won’t capture wireless information • Free capture software - http://www.wireshark.org

Answer 230

* Use WPA2 encryption on your wireless access point * Use encryption for authentication * Use end-to-end VPN * Use encrypted proxy services and virtual tunnel networks

Answer 231

* Two-way wireless communication * Payment systems, i.e., Google wallet and MasterCard * Bootstrap for other wireless * NFC helps with Bluetooth pairing * Access token, identity “card” * Short range with encryption

Answer 232

Remote capture - It’s a wireless network • Frequency jamming - Denial of service • Relay attack - Man in the middle • Loss of RFC device control - Stolen/lost phone

Answer 233

* WPA-Personal / WPA-PSK * WPA with a pre-shared key * Everyone uses the same 256-bit key * The only way in is a brute force / dictionary attack * Some cloud-based services already have the hashes * Use a complex set of letters and numbers / Avoid words * WPA-Enterprise / WPA-802.1X * Authenticates users individually with an auth server * No practical attacks

Answer 234

• PIN is an eight-digit number • Really seven digits and a checksum • Seven digits, 10,000,000 possible combinations • The WPS process validates each half of the PIN • First half, 4 digits. Second half, 3 digits. • First half, 10,000 possibilities. Second half, 1,000 possibilities • It takes about four hours to go through all of them • Most devices never considered a lockout function

Answer 235

Called cross-site because of browser security flaws • Information from one site can be shared with another • One of the most common vulnerabilities • Used by malware that uses JavaScript vulnerabilities

Answer 236

Web site allows scripts to run in user input /search box • Bad guy may email a link • Email link runs a script that sends credentials/session IDs/cookies to the bad guy • Script embedded in URL executes in the victim’s browser, as if it came from the server • Bad guys use credentials/session IDs/cookies to steal victim’s information without their knowledge

Answer 237

• Bad guy posts a message to a social network that includes a malicious payload (it’s now “persistent”) • Everyone gets the payload • No specific target • For social networking, this can spread quickly • Everyone who views the message can have it posted to their page, where someone else can view it and

Answer 238

Be careful when clicking untrusted links • Consider disabling or controlling JavaScript • Keep your browser and applications updated • Keep your web server applications updated

Answer 239

``` • Adding information into a data stream • Applications should be developed to properly handle input and output • Used with many different data types • HTML, SQL, XML, LDAP, etc. ```

Answer 240

• The most common relational database management system language • SQL Injection modifies SQL requests in the browser • The application should be written to prevent this

Answer 241

• XML - Extensible Markup Language • XML injection modifies XML requests • A good application will validate all input • LDAP - Lightweight Directory Access Protocol • LDAP injection modifies LDAP requests to manipulate application results

Answer 242

Many applications have undiscovered vulnerabilities • Someone is working hard to find the next big vulnerability • A zero-day vulnerability has not been detected or published • Zero-day exploits are increasingly common • Common Vulnerabilities and Exposures (CVE) • http://cve.mitre.org/

Answer 243

* A misconfigured server allows inappropriate access * Command injection can be dangerous when this happens * Run unauthorized commands from your browser * Combine with directory traversal for really scary results

Answer 244

* Overwriting a buffer of memory * Spills over into other memory areas * Developers need to perform bounds checking * The bad guys spend a lot of time looking for openings * A really useful buffer overflow is repeatable

Answer 245

* Usually has a fixed boundary * Vulnerable software may allow an integer to go out of bounds * This integer may allocate a memory location for a buffer * The buffer will now be too small, and overflow may occur

Answer 246

Cookies contain browser information stored on your computer • Used for tracking, personalization, session management • Not executable, not generally a security risk • Could be considered be a privacy risk • Session IDs are often stored in the cookie • Used with cookies to masquerade as another person

Answer 247

Also called Flash Cookies • Used by Adobe Flash Player to store data • Information is saved on the user’s computer • On by default • Applies to all browsers • Data is stored in a common directory • Can only be read by the domain that created the LSO • www.example.com can only be read by www.example.com • Unless specifically passed to another domain

Answer 248

You can store anything in the Flash cookie • Many web sites use Flash cookies • Class-action suits have been filed regarding LSOs • Personal information has been given to third-parties • Some countries require knowledge and consen

Answer 249

* Attachments may be files sent via email * All attachments should be considered a security risk * Add-ons extend your browser functionality * Add-ons tend to be more trusted

Answer 250

Arbitrary code execution - The attacker runs whatever they want • An attacker takes over a process • The original executable is vulnerable to this attack • No elevated rights needed for many attacks • Infect with malware or adware • Remote code execution - Attack a machine from a remote device • Extremely dangerous vulnerability

Answer 251

Media Access Control - The physical address of your interface • Collect and filter the MAC address of all devices • MAC addresses are easily spoofed • Don’t rely on this for security

Answer 252

Huge source of detailed network information • Routers, switches, firewalls, IDS/IPS, anti-virus scanners, applications, authentications, etc. • Contain data on servers, applications, security

Answer 253

Details of normal activity • Not remarkably useful in the moment, very useful after the fact • Huge storage requirements • Logs from everything - Servers, routers, switches, firewalls

Answer 254

Changes must be controlled • Can recognize legitimate activity • Firewall policy change, file permission update • Can recognize unapproved activity, unapproved changes • Not as many logs as event log, but perhaps more important

Answer 255

Many different instances of access • Files, VPN connection, partners, customers • Many different formats - Servers, application logs, etc. • Important to know who’s coming in and out, and who is failing • Automation can limit the attack vector • Very useful when rebuilding after an attack

Answer 256

• Focused on security-related events • Very specific events • Not necessarily useful to the rest of the organization • Many diverse devices • Firewall, VPN concentrator, IPS, content filter, authentication server, router, switch, email gateway, anti-virus manager, etc. • Often requires it’s own logging strategy

Answer 257

Increase the security of your operating system • Constant maintenance to patch vulnerabilities • One configuration error can create an opening • Plan a regular preventive maintenance cycle

Answer 258

``` This is a good best-practice • Requires additional maintenance and constant vigilance • Plan on periodic reviews using the switch management console ```

Answer 259

• Find devices that should not be on the network and remove them • Visual audit - Check ports and switches for incursion • Network mapping • Automated functions for finding devices • Wireless audits • Walk around and find rogue access points • Network Access Control (NAC) • Require authentication before gaining access to the network

Answer 260

• Initial Baseline Configuration • Determine the minimum level of protection required • Continuous Security Monitoring • New threats are announced every day • Systems are constantly modified and updated • Remediation network • Access may be based on the missing security • Access allowed once the device is back to full security posture

Answer 261

* Every device contains information * Define metrics to monitor * Throughput, authentications, etc. * Define thresholds per metric * Up/down, Percentage, Exact value * Disposition - Email, SMS

Answer 262

Identify details that would be otherwise invisible • Monitoring intervals and reporting timeframes • You’re collecting a LOT of data - age it out as you go • Focus on security metrics • Malware activity, patch failures, increase in bandwidth, etc.

Answer 263

Vulnerabilities are identified every day • National Vulnerability Database (http://nvd.nist.gov/) • Applications, operating systems, services • Scan a device to determine susceptibility to a known vulnerability • Can be quite invasive • Scan general OS, web servers, application, database servers

Answer 264

• Scanners aren’t perfect • Network-level challenges with firewalls • Device-level challenges with OS changes, patch updates, application versions

Answer 265

``` Passive tools • No interaction • Gather information external to the device • Packet captures • Active tools • The device can see you looking • Vulnerability scanners, honeypots, port scanners, banner grabbing ```

Answer 266

* Capture and display network traffic, Packet by packet * Wireshark, a popular open-source option * Valuable vulnerability recon - Encrypt your traffic

Answer 267

Application scanners identify vulnerabilities in web servers, database servers, etc. • OS scanners identify operating system vulnerabilities for Windows, Linux, Mac OS, etc

Answer 268

* Attract the bad guys and trap them there * Makes for interesting recon * Honeypots * Single-use/single-system traps * Honeynets * More than one honeypot on a network

Answer 269

dentify open ports on a system • Identify firewalls and packet filters • Identify operating systems and services • Based on simple packet requests and responses • Identify applications without authenticating

Answer 270

* Applications can be chatty * The banner is always there * Capture it with telnet or an automated tool

Answer 271

* Baseline Reporting * Determine risk * Determine which metrics and resources to monitor * Changes might indicate security concern * The baseline is constantly changing

Answer 272

Simulate an attack • Similar to vulnerability scanning, except we actually try to exploit the vulnerabilities

Answer 273

• Try to break into the system • This might cause a denial of service or loss of data • Buffer overflows can cause instability • You may need to try many different vulnerability types • Password brute-force • Social engineering • Database injections • Buffer overflows • You’ll only be sure you’re vulnerable if you can successfully exploit a system • If you can get through, the bad guys can get through

Answer 274

* Black box - A “blind” test * The pentester knows nothing about the systems * White box * Full disclosure - The pentester knows everything * Grey box * A mix of black and white * Focus on certain systems or applications

Answer 275

* A passive test, unlike a penetration test * May include port scanning * Test from both the outside and inside * Gather as much information as possible

Answer 276

* Non-intrusive scans * Gather information, don’t try to exploit a vulnerability * Intrusive scans * You’ll try out the vulnerability to see if it works * Non-credentialed scans * The scanner can’t login to the remote device * Credentialed scan * You’re a normal user, emulates an insider attack

Answer 277

* Many results can be identified: * Lack of security controls * No firewall * No anti-virus, no anti-spyware * Misconfigurations * Open shares * Guest access * Real vulnerabilities

Answer 278

• Send random input to an application • Fault-injecting, robustness testing, syntax testing, etc. • Looking for something out of the ordinary, such as an application crash, server error, exception • Many different fuzzing utilities and options • Fuzzing is time and resource heavy • Many fuzzing engines use high-probability tests

Answer 279

There’s a balance between time and quality • Programming with security in mind is often secondary • The Quality Assurance (QA) process tests applications • Vulnerabilities will eventually be found

Answer 280

Validate actual input and expected output • Document all input methods (forms, fields, type) • The fuzzers will find what you missed

Answer 281

``` Cross-site scripting (XSS) • Check the input for embedded scripts • Validate the input prior to storing • Cross-site request forgery (XSRF) • One-click attack / session riding • Authentications should be protected and/or encrypted ```

Answer 282

• What happens when an error occurs? • Network connection fails, server hangs, database unavailable • Think of every possible problem • Mishandled exceptions can allow execution of code

Answer 283

Update the operating system • Apply security patches and service packs • Update application software • Restrict user accounts to “least privilege” access • Restrict additional software installations

Answer 284

* Keep important information centralized * In a format that allows for easy retrieval * Relational Database Management Systems (RDBMS) * Data is stored in a table * Each table has records/rows * Each table is like a big spreadsheet * Structured Query Language (SQL) * Standard programming language for database interaction * Very common method of storing data

Answer 285

Not Only SQL • Not SQL, not relational • A good choice for large datasets • Scales very large • Can analyze very large unstructured data sets • Big data • Grab as much data as you can and put it into a database • There might be relationships between the data, or perhaps not • The database needs to be able to handle anything

Answer 286

Key-value store • Relies on a hash table to locate and represent data • Column family store • Large data stores can reference multiple columns with a single key • Document database • Similar to key-value stores • Contains documents that are collections of other key-value collections • Graph database • Instead of a spreadsheet, use nodes, node properties, and the relationship between the nodes

Answer 287

* Attack an application through the user input * Provide data the application isn’t expecting * Unexpected results may occur * SQL injection * Gain access to the database * Filenames * Traverse the file system * Perform extensive tests before releasing app * Fuzzing or random input testing

Answer 288

Server-side validation • All checks occur on the server • Helps protect against malicious users • Bad guys may not even be using your interface • Client-side validation • The end-user’s app makes the validation decisions • Can filter legitimate input from genuine users • May provide additional speed to the user • Use both • But especially server-side validation

Answer 289

Manage company-owned and user-owned mobile devices • BYOD - Bring Your Own Device • Centralized management of the mobile devices • Specialized functionality • Set policies on apps, data, camera, etc. • Control the remote device • The entire device or a “partition” • Manage access control • Force screen locks and PINs on these single user devices

Answer 290

``` Scramble all of the data on the mobile device • Even if you lose it, the contents are safe • Devices handle this in different ways • Strongest/stronger/strong ? • Encryption isn’t trival • Uses a lot of CPU cycles • Don’t lose or forget your password! • There’s no recovery ```

Answer 291

• An MDM can control exactly what’s loaded • Only approved corporate applications • Unapproved applications are restricted or removed • The MDM has complete control • Some MDM software segments corporate data • A separate area of the mobile device • Run personal and corporate without conflict • Some devices support removable storage • Control where organization’s data is stored • Individual and unused features can also be disabled • Bluetooth, video camera, etc.

Answer 292

Encrypted data is important to mobile devices • Keep your information safe as it moves around • Is information encrypted when stored on the device? • Every application does this differently • Data across the network • Use the device APIs to send traffic via SSL • SSL requires a stored group of trusted Certificate Authorities (CA) • Locally-created CA certificates can be added through an MDM

Answer 293

Post-attack actions • What forensic processes are followed? • With a desktop, the entire device is quarantined • The organization may not own the mobile device • The mobile device contains personal data • The forensics process may need to look at all information • Does the organization have a legal right to the device/data? • Does the user have a legal requirement of privacy to their data?

Answer 294

Protect against others on the network • Can restrict access to your personal computer • Protect wherever you go • Important for laptops and mobile devices • Restricts by application and network port numbers

Answer 295

``` Started as a separate application • Now integrated into many “endpoint” products • Protect based on signatures • Constantly growing database • Protect based on activity • Why are you modifying that file? ```

Answer 296

Temporary security • Connect your hardware to something solid • Cable works almost anywhere, useful when mobile • Most devices have a standard connector • Reinforced notch • Not designed for long-term protection • Those cables are pretty thin

Answer 297

Every guest is self-contained in a single file • Virtual hosts can be versioned • Take snapshots at any point, revert instantly • Store multiple snapshots • Easy to recover to a specific date and time • Historical analysis - determine when a vulnerability was exploited

Answer 298

Elasticity • Provide resources when demand requires it • Scale down when things are slow • Host availability • New server deployed with a few mouse clicks • Virtualization integrates a layer of orchestration • Automate the deployment and movement of virtual hosts • Servers can be added or moved to other data centers • All of the management systems follow the servers

Answer 299

``` • Virtualized hosts are perfect for spinning up a custom host • Network scans, vulnerability scanning, penetration testing • Sandboxing • Don’t click that link! Don’t launch that attachment! • Unless you’re in a sandbox • Individual sandboxes • Or centralized sandboxes for everyone ```

Answer 300

The network is the SAN • You’re in one place, the data is in another • Physically secure SAN • Restricted physical access • Protected data center • Self-encrypting drives • Encrypt data when it leaves the protected area • Network-to-network (switch-to-switch) • Backup tapes • Plan for encryption overhead in CPU and network use

Answer 301

Massive datasets • Normal access controls may not apply • Doesn’t fit a “need to know” principle • You don’t even know what’s in there • An important part of big data is hunting for patterns • Consider removing Personally Identifiable Information (PII) • Difficult to completely remove an individual’s identification • Difficult to audit every bit of information accessed • Log just the queries • Implement Data Loss Prevention (DLP) techniques

Answer 302

* Serious data protection - Every bit and byte is encrypted * Perfect for mobile devices - But not exclusive to laptops * Built-in protection - BitLocker * Commercial and open-source options - PGP, TrueCrypt * Key management is incredibly important * Lose the key, lose your data

Answer 303

Relatively impractical to encrypt an entire database • Huge files, lots of access • Encryption based on the Database Management System (DBMS) • Different capabilities across different software platforms • Individual columns/fields are usually encrypted • Don’t encrypt your key fields!

Answer 304

* Many different options * Built-in to the OS * 3rd-party applications * Some files are encrypted others are not * Pick and choose your security * And your resource management * Many of those still require key management * Backup your keys, protect your keys

Answer 305

``` Big concern • Where’s my USB drive? • Administrative controls over removable media • Require encryption • Again with the key management • This can be automated in many operating systems • No USB storage at all • An extreme case ```

Answer 306

* Practically all mobile devices encrypt user data * The key is on the device * Apps using “Data Protection” are encrypted in iOS * The key is based on the passcode * Even if stolen, you can get the data * Some information may not be encrypted in iOS * On Android, configure encryption in Settings > Security * Full-disk encryption, the key is based on the passcode

Answer 307

Trusted Platform Module A specification for cryptographic functions • Cryptographic processor with random number generator, key generators • Persistent memory • Comes with unique keys burned in during production • Versatile memory • Storage keys, hardware configuration information • Password protected

Answer 308

Hardware Security Module * High-end cryptographic hardware * Plug-in card or separate hardware device * Key backup in secured storage * Cryptographic accelerators for offloading CPU overhead * Used in large environments

Answer 309

Hardware-based AES encryption as part of the drive • Includes trusted browser, identity software • Can be used as secure tokens with two-factor authentication and single sign-on • Remote management included to reset remotely

Answer 310

Encrypt storage drive data with hardware • Integrate with USB key • Cleartext goes in, cipher comes out • High speed, strong encryption

Answer 311

Data transmitted over the network • Also called data in-motion • Not much protection as it travels • Many different switches, routers, devices • Provide transport encryption • TLS (Transport Layer Security), IPsec (Internet Protocol Security)

Answer 312

The data is on a storage device • Encrypt the data • Whole disk encryption, database encryption • File- or folder-level encryption • Apply permissions • Access control lists - Only authorized users can access the data

Answer 313

The data is in memory • System RAM, CPU registers and cache • The data is almost always decrypted • Otherwise, you couldn’t do anything with it • The bad guys can pick the decrypted information out of RAM

Answer 314

ACLs • Permissions associated with an object • Used in file systems, network devices, operating systems, and more • List the permissions • Bob can read files • Fred can access the network • James can access network 192.168.1.0/24 using • tcp ports 80, 443, and 8088 • Many operating systems use ACLs to provide access to files • A trustee and the access rights allowed

Answer 315

• Some information cannot be disposed of • Legal requirements for maintaining information • Some information is destroyed to make room for more • Archived data, especially with high storage costs • Personal data may have a very short life • Only store for however long as is necessary • Sensitive information may be destroyed to control distribution • Keep the information out of the hands of others

Answer 316

User can’t change very much, unlike a PC • Very useful for security - Easier to protect and defend • Embedded systems • A computing system designed to perform a specific, dedicated function • Intravenous drip-rate meter, water treatment plant controls • Even static environments can be updated • Firmware upgrades are common

Answer 317

• Supervisory Control and Data Acquisition System • Large-scale, multi-site Industrial Control Systems (ICS) • Runs on normal PCs, manages equipment • Power generation, refining, manufacturing equipment • Traditionally not built with security in mind • This has obviously been a problem these days • Huge emphasis in securing all SCADA systems • Enormous improvements in a short time

Answer 318

* All-in-one or multifunction devices (MFD) * Everything you need in one single device * No longer a simple printer * Very sophisticated firmware * Some images are stored locally on the device * Can be retrieved externally * Logs are stored on the device * Contain communication and fax details

Answer 319

* Legacy systems - Proprietary operating systems * Still used for large-scale applications * Bulk data, transaction processing * Very reliable and redundant * Can run interrupted for decades * Not many mainframe-specific attacks exist * A unique OS with relatively few installations * Attacks tend to be from the inside * Very specialized, attacking specific data sources

Answer 320

• Layered security • Defense-in-depth - You need more than just one type of security • The security controls should be diverse • If you get over one hurdle, there’s another one to stop you • Avoid any single points of failure • Security also needs redundancy • Multiple firewalls, multiple IPS, multiple management systems

Answer 321

Separate logical sections of the organization • Internet, DMZ, storage, management, corporate, etc. • Physical separation • Completely different infrastructure • Logical separation • Firewall rules, based on zones or IP address ranges • Specific policies for types of data per zone • No PII in the DMZ, no credit card information on the Interne

Answer 322

• TCP Wrapper • Puts a wrapper between the network and the service • Used ACLs to filter access to services • A very early form of application control • Application firewalls - Filters traffic based on the application • Can provide very detailed application control • Can protect specialized applications

Answer 323

(Remote Authentication Dial-in User Service) • Authentication protocol for almost everything • A very common AAA service • Modems, routers, switches, firewalls, etc. • A common authentication method for 802.1X • Secure authentication - sends passwords as a hash

Answer 324

(Terminal Access Controller Access-Control System) • Remote authentication protocol, RFC 1492 • Created to control access to dial-up lines to ARPANET • XTACACS (Extended TACACS) • A Cisco-created (proprietary) version of TACACS • Additional support for accounting and auditing • TACACS+ • The latest Cisco proprietary version of TACACS • Not backwards compatible • More authentication requests and response codes

Answer 325

(Lightweight Directory Access Protocol) tcp and udp 389 * Protocol for reading and writing directories over an IP network * X.500 specification was written by the International Telecommunications Union (ITU) * LDAP is lightweight, and uses TCP/IP (tcp/389 and udp/389) * LDAP is the protocol used to query and update an X.500 directory * Used in Windows Active Directory, Apple OpenDirectory, Novell eDirectory, etc.

Answer 326

* LDAP User Access and Security * Simple Authentication and Security Layer (SASL) in LDAP v3 * Usually two levels of access - Read-only (query) and read-write (update)

Answer 327

LDAP over SSL - Encrypt with SSL/TLS | • Commonly configured in Microsoft environments - Active Directory uses TCP port 636

Answer 328

Authentication Step 1: • Send Authentication Service (AS) a logon request • Encrypt the data and time on the local computer • User’s password hash is the key Authentication Step 2: • AS sends Ticket Granting Ticket (TGT) and Ticket Granting Service (TGS) Session Key ``` Client Service Authentication Step 1: • Sends TGS a copy of the TGT and the name the application server • Time stamped client ID, encrypted with TGS key ``` Client Service Authentication Step 2: • Sends the application server the encrypted service ticket and another time-stamped authenticator ``` Client Service Authentication Step 3: • App server decrypts the service ticket to confirm an untampered message • App server decrypts authenticator with service session key • App server may respond with a timestamp to allow client to verify no man-in-the-middle. ```

Answer 329

``` You need access to resources on a service provider • You can authenticate through a third-party • Service provider • You need access to this web server • Client • The user that needs access, often from a browser • Identity Provider • The owner of the identities and credentials ```

Answer 330

* Identification associates a user with an action * Authentication proves a user is who it claims to be * The access control process * Prove a user is who they say they are (authorization) * Prove a user performed an action (non-repudiation)

Answer 331

* Proves a user or process is who it claims to be * Provide a username and a secret passphrase * Many different authentication types

Answer 332

Now you’re identified • What rights and permissions do you have? • Policy definition • What rights and permissions should apply? • Policy enforcement • Only authorized rights are exercised • Allow and deny based on defined policies

Answer 333

Authorization • Ensure only authorized rights are exercised (policy enforcement) • The process of determining rights (policy definition

Answer 334

* Discretionary access control (DAC) * The owner is in full control * Very flexible but very weak security

Answer 335

Role-based access control Access is based on the role of the user • Rights are gained implicitly instead of explicitly • Windows Groups can provide role-based access control

Answer 336

Based on security clearance levels • Every object gets a label • Labeling of objects uses predefined rules

Answer 337

Rule-based access control • A generic term for following the rules • Access is determined through system-enforced rules • Implicit Deny • Unless otherwise stated, there’s no access of any kind • Time of Day Restrictions • Access control changes depending on the time of day

Answer 338

* Something you know - Password, PIN * Something you have - Smart card, token * Something you are - Fingerprint, iris scan

Answer 339

More than one factor • Something you are - Biometrics • Something you have - Smart card, USB token, phone text • Something you know - Password, PIN, screen pattern • Somewhere you are - GPS information, IP address • Something you do • Handwriting analysis, typing technique

Answer 340

• HOTP - HMAC-based One-Time Password, • TOTP - Time-based One-Time Password

Answer 341

Time-based One-Time Password • Use a secret key and the time of day • Secret key is configured ahead of time • Timestamps are synchronized via NTP • Timestamp usually increments every 30 seconds • Put in your username, password, and TOTP code • One of the more common OTP methods • Used by Google, Facebook, Microsoft, etc.

Answer 342

* The keys are based on a secret key and a counter * Token-based authentication * The hash is different every time * Hardware and software tokens available * You’ll need additional technology to make this work

Answer 343

Password Authentication Protocol) • PAP is clear-text authentication • Unsophisticated, insecure

Answer 344

(Challenge-Handshake Authentication Protocol) • Encrypted challenge sent over the network • Three-way handshake • After link is established, server sends a challenge message • Client responds with a password hash • Server compares received hash with stored hash

Answer 345

Single Sign-on (SSO) • Authenticate one time • Kerberos authentication and authorization • 3rd-party options

Answer 346

* Authenticate one time * No constant username and password input * Not everything is Kerberos-friendly

Answer 347

• Provide network access to others - Not just employees • Third-parties can establish a federated network • Authenticate and authorize between the two organizations • Login with your Facebook credentials • The third-parties much establish a trust relationship • And the degree of the trust

Answer 348

Authentication details for one account is known by more than one person • Sharing accounts makes auditing very difficult, • Breaks non-repudiation • Activities on a shared account can be challenged • The account credentials are more likely to be compromised • Changing the password will involve many people

Answer 349

Apply security and admin settings across many PCs • Different than NTFS or Share permissions • Control the use of the operating system • Linked to Active Directory administrative boundaries • Sites, domains, organization units (OUs) • Define by groups, locations, etc.

Answer 350

* Administrative policies * Remove Add or Remove Programs * Prohibit changing sounds * Allow font downloads * Only allow approved domains to use * ActiveX controls without prompt * Security policies * Specify minimum password length * Require smart card * Maximum security log size * Enforce user login restrictions

Answer 351

An unencrypted message (in the clear)

Answer 352

An encrypted message

Answer 353

The algoithm used to encrypt and/or decrypt

Answer 354

Substitute one letter with another - ROT13 • “Uryyb Jbeyq” is “Hello World” • Transposition Cipher • Keep the letters, change the order - “HLOOLELWRD” • Hack these ciphers with a frequency analysis

Answer 355

A single, shared key • Encrypt with the key, decrypt with the same key • If the key is found, all data can be decrypted • Very fast to use, not a lot of overhead • Often combined with asymmetric encryption

Answer 356

Public key cryptography • Private key - keep this private • Public key - give to everyone • The private key is the only key that can decrypt data encrypted with the public key • You can’t derive the private key from the public key

Answer 357

Don’t send the symmetric key over the ‘net | • Telephone, courier, in-person, etc.

Answer 358

• It’s on the network • Protect the key with additional encryption • Often uses asymmetric encryption to deliver a symmetric key

Answer 359

There’s a need for fast security • Without compromising the security part • Share a symmetric session key using asymmetric encryption • Client encrypts a random (symmetric) key with a server’s public key • The server decrypts this shared key and uses it to encrypt data • This is the session key • Implement session keys carefully • Need to be changed often (ephemeral keys) • Need to be unpredictable

Answer 360

• Used in symmetric encryption • Not used in asymmetric encryption • Encrypt fixed-length groups (blocks) • Often 64-bit or 128-bit blocks • Pad added to short blocks to fill the block size • Confusion • The key-to-ciphertext relationship should be very complicated • You can’t determine the key based on the ciphertext • Diffusion • Output should depend on the input in a complex way • If you change one bit of the input, at least 50% of the output should be different

Answer 361

Also used with symmetric encryption • Encryption is done one bit or byte at a time • High speed, low hardware complexity • The starting state should never be the same twice • Key is often combined with an initialization vector (IV)

Answer 362

Proof of integrity • Proof of origin, with high assurance of authenticity • Used for digital signatures • Digitally “sign” your files/messages with your private key • Others check with your public key

Answer 363

* A trusted third-party holds the keys | * Allows for recovery of encrypted data

Answer 364

• Symmetric encryption - Hide a key in a safe • Asymmetric encryption - Add an additional private decryption key • The process is just as important as the key • When do you get the key? Who has access? Is there more than one key?

Answer 365

Elliptic curve cryptography (ECC) • Asymmetric encryption • Need large integers composed of two or more large prime factors • Instead of numbers, use curves! • Smaller storage and transmission requirements • Perfect for mobile devices

Answer 366

* Use quantum physics to provide cryptographic references * Quantum key distribution (QKD) * Used to communicate a shared key between two users * If a third-party tries to get in the middle, the data is disturbed

Answer 367

Perfect Forward Secrecy (PFS) • Don’t use the server’s RSA key pair • Use Elliptic curve, Diffie-Hellman ephemeral • The keys aren’t kept around • You can’t recover the key, so you can’t decrypt • PFS requires more computing power - Not all servers use PFS • The browser must support PFS • Check your SSL/TLS information for details

Answer 368

• First published: April 1992 • Replaced MD4 • 128-bit hash value • 1996: Vulnerabilities found - not collision resistant • December 2008: Researchers created CA certificate that appeared legitimate when MD5 is checked

Answer 369

Secure Hash Algorithm (SHA) • Developed by the National Security Agency (NSA) • A US Federal Information Processing Standard • SHA-1 • Widely used • 160-bit digest • 2005: Collision attacks published • SHA-2 • The preferred SHA variant • Up to 512-bit digests • SHA-1 is now retired for most US Government use

Answer 370

• A family of message digest algorithms • RACE Integrity Primitives Evaluation Message Digest • RACE - Research and Development in Advanced Communications Technologies in Europe • Original RIPEMD was found to have collision issues (2004) • Effectively replaced with RIPEMD-160 (no known collision issues) • Based upon MD4 design but performs similar to SHA-1 • RIPEMD-128, RIPEMD-256, RIPEMD-320

Answer 371

Hash-based Message Authentication Code • Combine a hash with a secret key • e.g., HMAC-MD5, HMAC-SH1 • • Verify data integrity and authenticity • No fancy asymmetric encryption required • • Used in network encryption protocols • IPsec, TLS

Answer 372

Rivest Cipher 4 - Ron Rivest (Ron’s Code 4) • RC4 has “biased output” • If the third byte of the original state is zero and the second byte is not equal to two, then the second output byte is always zero • Not common to see RC4 these days Symmetric

Answer 373

* Data Encryption Standard - DES and Triple DES * One of the Federal Information Processing Standards (FIPS) * 64-bit block cipher * 56-bit key (very small in modern terms) * 3DES - Use the DES algorithm three times * Three keys, two keys, or the same key three times * Superseded by AES (Advanced Encryption Standard)

Answer 374

* US Federal Government Standard * 128-bit block cipher - 128-, 192-, and 256-bit keys * Used in WPA2 - Powerful wireless encryption

Answer 375

Designed in 1993 by Bruce Schneier • 64-bit block cipher, variable length key • 1 to 448 bits • No known way to break the full 16 rounds of encryption • One of the first secure ciphers not limited by patents

Answer 376

Successor to Blowfish • 128-bit block size, key sizes up to 256 • No patent, public domain

Answer 377

Ron Rivest, Adi Shamir, and Leonard Adelman (1977) • Public-key cryptography system • Based on the product of two large prime numbers • You must know the factors to decode • Now released into the public domain • Used extensively for web site encryption and DRM

Answer 378

• A key exchange method over an insecure communications channel, published in 1976 • Witfield Diffie and Martin Hellman (and Ralph Merkle) • DH does not itself encrypt or authenticate • It’s an anonymous key-agreement protocol • Used for Perfect Forward Secrecy • Ephemeral Diffie-Hellman (EDH or DHE) • Combine with elliptic curve cryptography for ECDHE

Answer 379

• 1917 - Built to encrypt teletype communication • Mixed a paper tape (message) with another paper tape (key) • The “pad” is a pad of paper • Very simple encryption and decryption process • Very secure encryption • Unbreakable when used correctly

Answer 380

• The key is the same size as the plaintext • The number of letters should be exactly the same • The key is truly random - no pseudo-random computer functions • The key should only be used once - destroy after use • There are only two copies of the key • One for the sender, one for the receiver

Answer 381

LAN Manager (LANMAN) • Microsoft and 3Com network operating system • Hash challenge, similar to CHAP • Somewhat insecure • All uppercase ASCII, password is 14-characters max • Passwords over 7 characters are split and encrypted separately • Passwords are not salted

Answer 382

• Some Windows password databases contain LM hash versions of the passwords • NTLM is vulnerable to a credentials forwarding attack

Answer 383

(NT LAN Manager) • Used in early versions of Windows NT • Password is Unicode and up to 127 characters long • Stored as a 128-bit MD4 hash • NTLMv2 was first seen on Windows NT SP4 • New password response • MD4 password hash (same as NTLMv1) • HMAC-MD5 hash of username and server name • Variable-length challenge of timestamp, random data, domain nam

Answer 384

(Secure Sockets Layer) • Developed by Netscape in 1996 • TLS (Transport Layer Security) - Derived from SSL • HTTPS uses SSL/TLS to encrypt web server communication

Answer 385

• Practically everything can be brute forced • Strong algorithms have been around for a while • That’s part of the reason that they are strong • Wired Equivalent Privacy (WEP) was found to have design flaws • Strong algorithms - PGP, AES • Weak algorithms - DES (56-bit keys), WEP (design flaw)

Answer 386

A weak key is a weak key - by itself, it’s not very secure • Make a weak key stronger by performing multiple processes • Hash a password. Hash the hash of the password. And continue… • Brute force attacks would require reversing each of those hashes • The attacker has to spend much more time, even though the key is small

Answer 387

``` • bcrypt • Generates hashes from passwords • An extension to the UNIX crypt library • Uses Blowfish cipher to perform multiple rounds of hashing • Password-Based Key Derivation Function 2 (PBKDF2) • Part of RSA public key cryptography standards (PKCS #5, RFC 2898) ```

Answer 388

``` Built-in to your browser • Purchase your web site certificate • It will be trusted by everyone’s browser • Create a key pair, send the public key to the CA to be signed • A certificate signing request (CSR) • May provide different levels of trust and additional features • Add a new “tag” to your web site ```

Answer 389

• You are your own CA - build it in-house • Needed for medium-to-large organizations • Implement as part of your overall computing strategy • Windows Certificate Services • OpenCA

Answer 390

* Certificate Revocation List (CRL) | * Maintained by the Certificate Authority (CA)

Answer 391

* OCSP (Online Certificate Status Protocol) * The browser can check certificate revocation * Messages usually sent to an OCSP responder via HTTP * Not all browsers support OCSP * Early Internet Explorer versions did not support OCSP

Answer 392

You manage your own certificates • You must find others to sign your certificate, and those people must be trusted by others • Plan to revoke your key with a revocation certificate • You can also enable others to create revocation certs for your key

Answer 393

Public Key Infrastructure (PKI) • Policies, procedures, hardware, software, people to manage digital certificates • Create, distribute, manage, store, revoke • Requires extensive planning • Also refers to the binding of public keys to people

Answer 394

``` • Key generation • Create a key with the requested strength using the proper cipher • Certificate generation • Allocate a key to a user • Distribution • Makes the key available to the user • Storage • Secure storage and protection against unauthorized use • Revocation • Manage keys that have been compromised • Expiration • A certificate may only have a certain “shelf life” ```

Answer 395

* Your private key is valuable * Backup and store private keys * Use “M of N” control to restrict access * Built-in to Windows Server CA and other 3rd-party CAs

Answer 396

Sign with the private key • The message doesn’t need to be encrypted • Verify with the public key • Any change in the message will invalidate the signature

Answer 397

The Registration Authority (RA) provides the PKI role that ensures the public key is bound to the individual • Important for non-repudiation • This can range from a casual verification to a formal, multi-step verification • Federal Public Key Infrastructure Policy Authority X.509 Certificate Policy for the U.S. Federal Government

Course Notes Flashcards

(421 cards)