Domain 3 Flashcards

1
Q

Shared Responsibility Model
On-Prem
(How Responsibility is delegated)

A

You 100%
- Apps
- Data
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Shared Responsibility Model
IaaS
(How Responsibility is delegated)

A

You 50%
- Apps
- Data
- Runtime
- Middleware
- OS

Cloud Service Provider 50%
- Virtualization
- Servers
- Storage
- Networking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Shared Responsibility Model
PaaS
(How Responsibility is delegated)

A

You 25%
- Apps
- Data

Cloud Service Provider 75%
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Shared Responsibility Model
SaaS
(How Responsibility is delegated)

A

Cloud Service Provider 100%
- Apps
- Data
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Public Cloud
(Name the Pros)

A

Everything runs on CSP hardware

Scalable, Agile, pay-as-you-go, no maintenance, low skill

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Private Cloud
(Name the Pros)

A

A cloud env in your own data center

legacy support, control, compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hybrid Cloud
(Name the Pros)

A

Combines both Public / Private, allows you to run your apps in the right location

flexibility in legacy / compliance / scalability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cloud Access Security Broker (CASB)

A

Security policy enforcement solution that may be install On-prem or in the cloud

Shadow IT Prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Post-Quantum Cryptography

A

Developing new cryptographic approaches developed by normal computers to be resilient to Quantum computers

How well do current encryption hold up to Quant?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Post-Quantum Cryptography
Symmetric Encryption

A
  • Does better
  • Grovers Algorithm: Shows Quant computer halve key length
    • 256 bit key is as strong as a 128 bit to a normal computer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Post-Quantum Cryptography
Asymmetric Encryption

A
  • Does worse
  • Shor’s Algorithm: can easily break public key algos
    • RSA & Elliptic Curve is vulnerable
    • Lattice offers resilience
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Post-Quantum Cryptography
Lattice Algorithms

A

Based on shortest vector problem and closest vector problem
- potential to replace all current endangered schemes
- Lattice based schemes make up most publications on post-quant crypto

TIP: If a ?’s ask ab a “asymmetric encryption” that is “quant resilient”, answer is Lattice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cryptography
Code

A

Crypto system of symbols that operate on words or phrases and are sometimes secret but do NOT ensure confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cryptography
Cypher

A

Always meant to hide true meaning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Types of Cyphers
Stream

A

Symmetric key, plaintext combined with cypher digit stream ( key stream ) . Each plaintext digit is encrypted one at a time with the corresponding digit on keystream to produce cipher text stream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Types of Cyphers
Block

A

encrypts plain text in blocks at a time, like 64- bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Types of Cyphers
Substitution

A

replace each character with a different one. Ex ceasar cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Types of Cyphers
Transposition

A

Shuffle each digit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Initialization Vector (IV)

A

( Random Number ) a random string ( nonce ) that is XORed with message

used by ceasar, Vigenere, One time Pad
- main diff bt them is key length
- 1 char > word / sentence > one time pad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

One Time Pad

A

Type of substitution cypher where key stream is at least as long as the message.

Success needs:
- generated randomly
- at least as long as message
- protected from disclosure
- Pad used once then deleted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Zero Knowledge Proof

A

specific info is exchanged but no real data transferred, only with digital signatures and certs

Prove knowledge of a fact without revealing the fact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Split knowledge

A

The privilege required to do operation is divided among multiple users

  • no single person can comprimise security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Work Function (Work Factor)

A

Way to measure strength of crypto function by cost / time to decrypt message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Nonrepudiation

A

provide undeniable proof that sender actually authored it.

  • prevents sender from denying it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

DES Modes
Electronic Codebook Mode (ECB)

A

Least Secure, encrypts 64 bit blocks with the same key.

  • if same block in plaintext, same ciphertext generated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

DES Modes
Cipher Block Chaining (CBC)

A

Plaintext XORed with Cipher text immediately preceding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

DES Modes
Cipher Feedback (CFB)

A

Streaming version of CBC, Works on data in real time, used memory buffers of same block size. When buffer fills, data is encrypted and transmitted. Uses chaining, so errors propagate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

DES Modes
Output Feedback (OFB)

A

Similar to CFB, XORs plaintext with seed value. No chaining so less propagated errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

DES Modes
Counter (CTR)

A

Uses incrementing counter rather than a seed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Key Clustering

A

Weakness where same ciphertext is generated from 2 different keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Asymmetric Key Types
Hash Function Requirements

A
  1. Inputs of any length
  2. Fixed length outputs
  3. Relatively easy to compute hash for any input
  4. Provide 1 way functionality
  5. Collision Free
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Asymmetric Key Types
Rainbow Tables

A

Pre-computed values to ID common passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Asymmetric Key Types
Salt

A

Random data added to hash input.
- salts reduce effectiveness of rainbow tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Asymmetric Key Types
Digital Signature Standard (DSS)

A

Uses SHA-1, SHA-2, SHA-3, message digest functions.

Works in conjunction with 1 of 3:
1. Digital Signature Algorithm (DSA)
2. Rivest, Shamir, Alderman (RSA)
3. Elliptic Curve DSA (ECDSA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Public Key Infrastructure (PKI)
Certificate Authorities (CA)

A

Body’s that generate Digital Certificates containing public keys of systems’ Users

  • Users distribute certs to who they want to talk to
  • Cert recipient verify a cert using CA’s public key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Securing Web Traffic
Email (Protocols)

A
  • S/MIME
  • Pretty Good Privacy (PGP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Securing Web Traffic
Web (Protocols)

A
  • HTTP over Transport Layer Security (TLS)

replacing SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Securing Web Traffic
Network

A

IPsec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Securing Web Traffic
IPsec

A

Architecture framework that supports secure communications over IP

  • Establishes a secure channel in either transport mode or tunnel mode
  • Can be used to establish direct comms between computers over VPN
  • Uses 2 Protocols
  1. Authentication Header (AH)
  2. Encapsulating Security Payload (ESP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Digital Rights Management (DRM)

A

Allow conent owners to enforce restriction on use of their content by others

  • Common in entertainment industry
  • Sometime protects sensitive info stored in docs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Top 3 Public Key Cryptosystems
RSA

A

Factoring product of prime numbers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Top 3 Public Key Cryptosystems
El Gamal

A

Modular arithmetic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Top 3 Public Key Cryptosystems
Elliptic Curve

A

Elliptic curve discrete logarithm problem and provides more security than the other 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Digital Signature

A

Rely on public key crypto / hashing

MUST use SHA-2+ hashing

Currently approved:
- DSA
- RSA
- Elliptic Curve DSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Security Model

A

Used to determine how security is implemented

  • Formalize security Policy
  • enforce CIA triad
  • models lay out broad guidelines
  • up to devs to decide how its functionally implemented

Top –> Down
- Security Policy
- Security Model
- Program Code
- OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

State Machine Model (SMM)

A

System is always secure, no matter what state it is in
- Based on FSM
- State - snapshot of a system
- if each state transition results in another secure state = SMM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Information Flow Model (IFM)

A

Based on SMM, focused on flow of information

  • Biba = Flow from low to hight security level
  • **Bell - LaPadula = prevent info from high to low
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Non-Interference Model

A

How actions f high level affect system state of action at a low level

  • ensures actions dont interfere with each other
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Lattice Based Models

A

Interactions between

  • objects - resources, computers, apps
  • subjects - users, groups, orgs

Used to ID levels of security for obj / subj

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

3 Properties for Models

A
  1. Simple - Rules for read
  2. Star - Rules for write
    3, Invocation - Rules for calls to subjects
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Security Models
Biba

A

Based on Integrity
No Read down, no write up

  • Lattice Based
  • Simple integrity = “no read down”
  • Star integrity = “no write up
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Security Models
Bell-LaPeluda

A

Based on Confidentiality
No read up, no write down

  • SMM enforces Confidentiality
  • Uses Mandatory Access Controls
  • Simple security policy “no read up”
  • Star property “no write down”
  • Lattice Based
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Security Models
Clark - Wilson

A

Integrity
Access Control Triple, uses security labels to access objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Security Models
Goguen- Meseguer

A

Integrity
Non-interference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Security Models
Sutherland

A

Integrity
Prevent interference, info flow / SMM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Security Models
Brewer + Nash

A

Confidentiality
“Chinese Wall”

Prevents conflict of interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Security Models
Take Grant

A

Confidentiality
uses “direct graph”

Supports 4 operations:
1. Take
2. Grant
3. Create
4. Revoke

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Security Model: Clark - Wilson
Constrained Data Item (CDI)

A

data item who integrity is protected by the security model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Security Model: Clark - Wilson
Unconstrained Data Item (UDI)

A

data item that is NOT controlled by security model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Security Model: Clark - Wilson
Integrity Verification Procedure (IVP)

A

a procedure that scans data items and confirms their integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Security Model: Clark - Wilson
Transformation Procedure (TP)

A

Only process allowed to modify a CDI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Security Model: Clark - Wilson
Access Control Triplet

A
  1. Authenticated Principal (User / Subjects)
  2. Programs (TPs)
  3. Data Items (UDIs + CDIs) (objects)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Security Models
Graham - Denning Model

A

Protection rules where each object has an owner and controller

  • focus on secure creation and deletion of both subject and object
  • 8 primary protection rules:
  1. Securely create object
  2. Securely create subject
  3. Securely delete object
  4. Securely delete subject
  5. Securely provide the read access
  6. Securely provide the grant access
  7. Securely provide the delete access
  8. Securely provide the transfer access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Symmetric Cryptography Algorithms Table

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Hash Algorithms Table

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Asymmetric Cryptography Algorithms Table

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Security Modes
Dedicated Mode

A

Security clearance that permits access to ALL info processed by system, approval for ALL info processed by system, and valid need-to-know for ALL info processed by system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Security Modes
Multilevel Mode

A

Can process info at different levels even when all system users do not have the required security clearance to access all info processed by the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Security Modes
System High Mode

A

Each user must have valid security clearance, access approval for ALL info processed by system, and valid need-to-know for at least SOME info on the system. Offers most granular control over resources and users of thew modes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Security Modes
Compartmented Mode

A

Goes one step further than system high mode

Each user must have a valid security clearance access approval for ALL INFO processed by system, but requires valie need-to-know for ALL INFO they will have access to on the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Trusted Computing Base

A

A combination of hardware, software and controls that work together to form a “trusted” base” to enforce your security policy.

  • Is a subset of the complete information system.
  • is the only portion that can be trusted to adhere to and enforce your security policy
  • TCB must create secure channels ( trusted paths ) to communicate withthe rest of the system
  • Protects subject from comprimise as a result of TCB interchange
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Trusted Computing Base
Security Perimeter

A

An imaginary boundary that separates TCB from the rest of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Trusted Computing Base
Reference Monitor

A

the logical part of the TCB that confirms whether a subject has the right to use a resource prior to granting access

Enforces access control

74
Q

Trusted Computing Base
Security Kernel

A

The collection of the TCB components that implement the functionality of the reference monitor.

Implements access control

75
Q

TCSEC, ITSEC, and CC
Common Criteria (CC, ISO-IEC 15408)

A

Enables and objective evaluation to validate that a particular product or system satisfies a defined set of security requirements

Has replaced TCSEC and ITSEC

76
Q

TCSEC, ITSEC, and CC
Tusted Computer System Evaluation Criteria ( TCSEC )

A

A structured set of criteria for evaluating computer security within products and systems

77
Q

TCSEC, ITSEC, and CC
Infomation Technology Security Evaluation Criteria (ITSEC)

A

Initial attempt to create a security eval criteria in Europe. Uses 2 scales to rate functionality and assurance

78
Q

TCSEC, ITSEC, and CC
Common Criteria (ISO-IEC 15408)
Cycle

A

Assumptions & Security Policies
1. Description of Assets
2. ID of Threats

Safety Risk Analysis
3. Analysis & Rating of Threats

System & Environment Objectives
4. Determination of Security Objectives
5. Selection of Security Functional Requirements
6. Repeat

Two Flavors
1. community Protection Profile (cPP) = black box
2. Evaluation Assurance Level (EAL) = white box

79
Q

TCSEC, ITSEC, and CC
Comparison of security eval standards Table

A

Video 3:05:28

80
Q

Covert Channels

A

A method used to pass info over a path that is not normally used for comms.

  • It may not be protected by the system’s normal security controls

Two Types
1. Covert Timing - based on time it takes to access components: paging rate, transaction time
2. Covert Storage - Out of band storage used to convey a message: ICMP protocol uses extra storage in Ping packet to relay info

81
Q

Trusted Platform Module

A

A Chip that is on the motherboard of a device

  • Multi-purpose, like storage and mnmgt of keys used for full disk encryption (FDE) solutions
  • Provides OS with access to keys, but prevent drive removal and data access
82
Q

Types of Access Control
Mandatory Access Control (MAC)

A

Enforces an access policy that is determined by the system, not the object owner.

  • Relies on classification labels that are representative of security domains and realms

KEY POINT
- Every object and subject has one or more labels. These labels are predefined, and the system determines access based on assigned labels
- Refered to as lattice-based model

83
Q

Types of Access Control
Discretionary Access Control

A

Permits the owner or creator of an object to control and define its accessibility, because the owner has full control by default

determined by owner

84
Q

Types of Access Control
Non-discretionary Access Control

A

Enables the enforcement of system-wide restrictions that override object-specific access control.

System wide

85
Q

Types of Access Control
Rule-based Access Control

A

Defines specific functions for access to requested objects. Commonly found in firewall systems

Applies global rules that apply to all subjects. (restrictions or filters)

86
Q

Types of Access Control
Role-Based Access Control

A

Uses a well-defined collection of named job roles to endow each one with specific permissions, thereby seeking to ensure that users who occupy such roles can access what they need to get their jobs done.

87
Q

MAC Model Classifications
Hierarchical Environment

A

Various classification labels are assigned ina ordered structure from low to medium to high security

88
Q

MAC Model Classifications
Compartmentalized environment

A

Requires specific security clearances over compartments or domains instead of objects

89
Q

MAC Model Classifications
Hybrid environment

A

Contains level with compartments that are isolated from the rest of the security domain.

  • Combines hierarchical and compartmentalized environments so that security levels have submcompartments
90
Q

Security Models, Design, and Capabilities
Certification

A

Technical Evaluation of each part of a computer system to assess is in agreement with security standards

91
Q

Security Models, Design, and Capabilities
Accreditation

A

The process of formal acceptance of a certified config from a designated authority.

92
Q

Security Models, Design, and Capabilities
Open System

A

Are designed using industry standards and are usually easy to integrate with other open systems

93
Q

Security Models, Design, and Capabilities
Closed Systems

A

Are generally proprietary hardware and / or software.

  • The specifications are NOT normally published and they are usually harder to integrate with other systems
94
Q

Ensuring CIA Triad
Confinement

A

Restricts a process to reading from and writing to certain memory location

95
Q

Ensuring CIA Triad
Bounds

A

The limits of memory a process cannot exceed when reading or writing

96
Q

Ensuring CIA Triad
Isolation

A

The mode a process runs in when it is confined through the use of memory bounds

97
Q

Factors of Authentication

A

Something you:
- Know (pin / password)
- Have (trusted device)
- Are (biometric)

98
Q

Authentication (AuthN)

A

The process of proving that you are who you say you are

Identity control

99
Q

Authorization (AuthZ)

A

The act of granting an authenticated part permission to do something

Access control

100
Q

Multitasking

A

Simultaneous execution of more that one app on a computer and is managed byt the OS

101
Q

Multithreading

A

Permits multiple concurrent tasks to be performed within a single process.

102
Q

Multiprocessing

A

The use of more than one processor to increase computing power

103
Q

Multiprogramming

A

Similar to multitasking, but takes place on mainframe systems and requires specific programming

104
Q

Processor Operating Modes
User

A

Applications operate in a limited instruction set environment known as user mode

105
Q

Processor Operating Modes
Privileged

A

Controlled operation are performed in privileged mode, also known as system mode, kernel mode, and supervisory mode.

106
Q

Memory Types
Read-only Memory (ROM)

A

Read-only. Contents burned in at factory

107
Q

Memory Types
RAM

A

Static RAM (SRAM) uses flip flops, dynamic RAM (DRAM) uses capacitors

108
Q

Memory Types
PROM

A

Programmable chip similar to ROM, with several sub-types

109
Q

Memory Types
EPROM

A

Erasing, Clearing (overwriting with unclassified data)

Two Types:
1. Ultraviolet EPROM (UVEPROM): Chip have a small window tha4t, when illuminated with a special UV light, erases contents
2. Electronically Erasable PROM (EEPROM) Uses electric voltages delivered to the pins of the chip to force erasure. *more flexible alternative to UVEPROM)

110
Q

Memory Types
Flash Memory

A

Derivative concept from EEPROM. Nonvolatile can be electronically erased and rewritten

111
Q

Security Issues With Storage
Primary Storage

A

same as memory

112
Q

Security Issues With Storage
Secondary Storage

A

Consists of magnetic, flash, and optical media that mus be first read into primary memory before the CPU can use the data

113
Q

Security Issues With Storage
Random Access Storage Devices

A

can be read at any pointSecurity Issues With Storage

114
Q

Security Issues With Storage
Sequential Access Storage Devices

A

require scanning through all the data physically stored before the desired location

115
Q

Security Issues With Storage
3 Main Issues

A
  1. Removable media can be used to steal data
  2. Access controls and encryption must be applied to protect data
  3. Data can remain on the media even after file deletion or media formatting
116
Q

Security Risks of Input / Output Devices

A
  • Subject to eavesdropping and tapping
  • Used to smuggle data out of an org
  • Used to create unauthorized / insecure points of entry to a orgs system and networks
117
Q

Firmware

A

Software stored on a ROM chip, containing basic instructions needed to start a computer. Also used to provide operating instructions in peripheral devices such as printers

118
Q

Vulnerabilities, Threats, & Countermeasures
Process Isolation

A

ensures that individual processes can access only their own data

119
Q

Vulnerabilities, Threats, & Countermeasures
Layering

A

Creates different realms of security within a process and limits communication between them

120
Q

Vulnerabilities, Threats, & Countermeasures
Abstraction

A

Creates **black-box* interfaces for programmers to use without requiring knowledge of an algorithms or device inner workings

121
Q

Vulnerabilities, Threats, & Countermeasures
Data Hiding

A

Prevents information from being read from a different security level. Hardware segmentation enforces process isolation with physical controls.

122
Q

The Role of Security Policy

A

To inform and guide the design, development, implementation, testing, and maintenance of some particular system

123
Q

Hypervisor

A

Also known as Virtual Machine Monitor (VMM) is the component of virtualization that creates, manages, and operates the VMs

Two Types
1. Type I hypervisor: A native or bare-metal hypervisor. In this config, there is no host OS; instead the hypervisor installs directly onto the hardware where the host OS would normally reside
2. Type II hypervisor: A hosted hypervisor. in this config a standard regular OS is present on the hardware, and the hypervisor is then installed as another software application.

124
Q

Security-aaS

A

A cloud provider concept in which security is provided to an org through or by an online entity

125
Q

Smart Devices

A

Mobile devices that offer customization options, typically thru installing apps and may use on-device or in-the-cloud AI processing

126
Q

Mobile Device / App Security
Mobile Device Security

A

The range of potential security options or features that may be available for a mobile device. security features include full device encryption, remote wiping, lockout, screen loicks, GPS, app control etc

127
Q

Embedded Systems & Static Environments
Embedded System

A

Typically designed around a limited set of specific functions in relation to the larger product of which its a component

needs security management

128
Q

Embedded Systems & Static Environments
Static Environment

A

applications, OSs, hardware sets, or networks that are configured for a specific need, capability, or function and then set to remain unaltered

needs security management

129
Q

Privilege & Accountability
Principle of least privilege

A

Ensures that only a minimum number of processes are authorized to run in supervisory mode.

130
Q

Privilege & Accountability
Separation of privilege

A

Increases the granularity of secure operations

131
Q

Privilege & Accountability
Accountability

A

Ensures that an audit trail exists to trace operations back to their source

132
Q

Common Flaws & Vulnerabilities
Buffer Overflow

A

Occurs when the programmer fails to check the size of input data prior to writing the data in a specific memory location.

133
Q

Common Flaws & Vulnerabilities
(List 3 more)

A
  • leaving back doors
  • leaving privileged programs on a system after it is deployed.
  • Time-of-check-to-time-of-use (TOCTTOU) attacks: any state change presents an opportunity for an attacker to compromise a system
134
Q

Functional Order of Security Controls

A
  1. Deterrence - discourage any malicious actions
  2. Denial - Deny malicious action
  3. Detection - Detect and track activity
  4. Delay - Delay the progress
  5. Determine - the cause of the incident and figure out what is happening
  6. Decide - decide on the response to implement

If one fails move to next

135
Q

Physical Security Controls
Administrative

A

Include policies and procedures like
- site management
- personnell controls
- awareness training
- emergency response

136
Q

Physical Security Controls
Logical / Technical

A

Implemented through technology like
- access controls
- intrusion detection
- alarms
- CCTV
- monitoring
- HVAC
- power supplies
- Fire detection / suppression

137
Q

Physical Security Controls
Physical

A
  • Fencing
  • Lighting
  • Locks
  • Construction materials
  • Mantraps
  • Dogs
  • Guards
138
Q

Physical Security Controls
Fence Types

A

3-4 Feet: deters casual trespasser
6-7 ft: to hard to climb easy
8 ft (w/barbed wire) - will deter intruders

139
Q

Physical Security Controls
Temperature

A

Humidity: 40-60% ideal
Temps: for computers 60-75degF. Damage at 175degF. Manage storage devices damaged at 100F

140
Q

Physical Security Controls
Electrical impacts - Blackout

A

Prolonged loss of power

141
Q

Physical Security Controls
Electrical impacts - Brownout

A

Prolonged low voltage

142
Q

Physical Security Controls
Electrical impacts - Fault

A

short loss of power

143
Q

Physical Security Controls
Electrical impacts - Surge

A

Prolonged high voltage

144
Q

Physical Security Controls
Electrical impacts - Spike

A

Temporary high voltage

145
Q
A
146
Q

Physical Security Controls
Electrical impacts - Sag

A

Temporary low voltage

147
Q

Physical Security Controls
Lights

A

8 feet hight with 2 feet candle power

148
Q

Physical Security Controls
Humidity + Static Electricity

A

Too much humidity can cause corrosion. Too litte causes static electricity even on non-static carpet, low humidity can generate 20,000-volt static discharge!

149
Q

Fire / Suppression Agents
Class A (ASH)

A

Common combustibles such as wood, paper, etc. Shjould be extinguised with water or soda acid

150
Q

Fire / Suppression Agents
Class B (BOIL)

A

Buring alcohol, oil, other petroleum products such as gasoline. Extinguished with gas or soda acid

151
Q

Fire / Suppression Agents
Class C (CONDUCTIVE)

A

Electrical fires. Must be extinguished with non-conductive agaent like any type of gas

152
Q

Fire / Suppression Agents
Class D (DILYTHIUM)

A

Burning metals. Extinguished by dry powder

153
Q

Fire / Suppression Agents
Class K (KITCHEN)

A

Kitchen fires. Extinguished by wet chemicals

154
Q

Fire / Suppression Agents
3 Categories of Fire Detection

A
  1. Smoke sensing
  2. Flame sensing
  3. Heat sensing
155
Q

Voltage and Noise
Electromagnetic Interference - Common mode noise

A

Generated by the difference in power between the hot and ground wires of a power source.

156
Q

Voltage and Noise
Electromagnetic Interference - Traverse mode noise

A

Generated by a difference in power in the hot and neutral wires of a power source

157
Q

Voltage and Noise
Radio Frequency Interference (RFI)

A

The source of interference that is generated by electrical appliances, light sources, electrical cables and circuits etc

158
Q

Damage from Fire and Fire Suppression - What do these things damage?
Smoke

A

Storage devices

159
Q

Damage from Fire and Fire Suppression - What do these things damage?
Heat

A

Any electronic or computer component

160
Q

Damage from Fire and Fire Suppression - What do these things damage?
Suppression mediums

A

Cause short circuits, initiate corrosion, or otherwise render equipment useless

161
Q

Water Suppression Systems
Preaction Systems

A

Good for areas with people and computers

Use closed sprinkler heads and the pipe is charged with compressed air instead of water. The water is held in check by an electrically operated sprinkler valve and the compressed air

162
Q

Water Suppression Systems
Wet Pipe Systems

A

Filled with water.

163
Q

Water Suppression Systems
Dry pipe systems

A

have closed sprinkler heads. filled with compressed air. The water us held back by a valve that remains closed as long as sufficient air pressure remains in the pipes

used where water is likely to freeze

164
Q

Water Suppression Systems
Deluge Systems

A

Similar to dry pipes, except the sprinkler heads are open and larger than dry pipe heads. The pipes empty at normal air pressure, the water is held back by a deluge valve

165
Q

Gas Discharge Systems

A

More effective than water discharge systems but should not be used where people are because it removes oxygen from the air

Halon effective but bad for the environment (ozone-depleting), turns to toxic gas at 900F.

166
Q

Lock Types
Electronic Combination Locks

A

(Cipher lock) Something you Know

167
Q

Lock Types
Key Card Systems

A

Something you have

168
Q

Lock Types
Biometric Systems

A

Something you are

169
Q

Lock Types
Conventional Locks

A

Easily picked / bumped and keys easily duplicated

170
Q

Lock Types
Pick and bump resistant Locks

A

Expensive, harder to pick, & Keys not easily duplicated

171
Q

Site Selection
(Important considerations)

A
  • Visibility
  • Composition of the surrounding area,
  • area accessibility
  • effects of natural disasters
172
Q

Facility Design
(Important considerations)

A
  • Understanding level of security needed by your orgs and planning for it before construction begins
173
Q

How to design / configure secure work areas

A
  • should NOT be equal access to all locations
  • Valuable and confidential assets should be located in the center of protection
  • Centralized server / computer rooms do not need to be human compatible
174
Q

Threats to Physical Access Controls
Abuses

A

Propping open secured doors and bypassing locks or access controls

175
Q

Threats to Physical Access Controls
Masquerading

A

Using someone elses ID badge to get in

176
Q

Threats to Physical Access Controls
Piggybacking

A

Following someone through a secured door without swiping your badge

177
Q

Security concerns of a wiring closet

A
  • prevent physical unauthorized access
178
Q

How to handle visitors in a secure facility

A
  • escort assigned to visitor
  • Tracking actions
179
Q

Protections for evidence storage

A
  • locked cabinets / safes
  • dedicated / isolated storage facilities
  • offline storage
  • access restrictions / activity tracking
  • hash management and encryption
180
Q

Uninteruptable Power Supply (UPS)

A

Type of self charging battery that can be used to :
- supply consisten and clean power
- supply power in the event of a power failure

181
Q

Access Control Models
Attribute Based Access Control

A

Uses rules that can include multiple attributes.
- Allows it to be more flexible than rule based model that applies rules to all subjects equally
- Often used by Software Defined Networks (SDNs)