Essential Knowledge Flashcards
OSI Layers
Application, Presentation, Session, Transport, Network, Datalink, Physical
Which OSI Layer? FTP,HTTP,SMTP
Application Layer
Which OSI Layer? AFP, NCP, MIME
Presentation Layer
Which OSI Layer? X.225, SCP, ZIP
Session Layer
Which OSI Layer? TCP, UDP
Transport Layer
Which OSI Layer? IP
Network Layer
Which OSI Layer? ARP, CDP, PPP
Data Link Layer
Which OSI Layer? USB Standards, Bluetooth
Physical Layer
PDU at the Application, Presentation, Session Layers?
Data
PDU at the Transport Layer?
Segment
PDU at the Network Layer?
Packet
PDU at the Physical Layer?
Bit
OSI Application, Presentation and Session layers map to which layer of the TCP/IP model?
Application Layer
OSI Transport layer maps to which layer of the TCP/IP model?
Transport Layer
OSI Network layer maps to which layer of the TCP/IP model?
Internet Layer
OSI Data Link and Physical layers map to which layer of the TCP/IP model?
Network Access Layer
TCP three-way handshake consists of?
SYN, SYN-ACK, and ACK segments
A UDP segment structure is called a?
Datagram
A demilitarized zone or DMZ is also called a?
Screened Subnet
A very restricted zone that strictly controls direct access from uncontrolled zones.
Production Network Zone
A controlled zone that has little to no heavy restrictions.
Intranet Zone
A highly secure zone with very strict policies.
Management Zone
A published standard used by organizations worldwide that provides a way to capture the principal characteristics of a vulnerability and produces a numerical score reflecting its severity. The score can be translated into low, medium, high or critical.
Common Vulnerability Scoring System (CVSS)
A method for using specific standards to enable the automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA compliance.
Security Content Automation Protocol (SCAP)
Categories of vulnerabilities.
Misconfiguration, Default Installations, Buffer Overflows, Missing Patches, Design Flaws, Operating System Flaws, Application Flaws, Open Services, Default Passwords
Example vulnerability management tools
Nessus, Qualsys, GFI Languard, Nikto, OpenVAS, Retina CS
Triangle model whereby an increase in one angle decreases the other two angles.
Security, Functionality and Usability Triangle.
Hack Value
Notion used by hackers to express that something is worth doing or is interesting. This is something that hackers often feel intuitively about a problem or solution. An aspect of hack value is performing feats for the sake of showing that they can be done, even if others think it is difficult.
Zero-day attack
An attack that exploits vulnerability of an application before it is publicly available and the developer releases a patch for that.
Vulnerability
It is an existence of a weakness, design or implementation error that can lead to an unexpected and undesirable event compromising the security of a system.
Payload
Malicious content that is acted upon and executed by a system.
Daisy-Chaining
Process where a hacker gains entry into a computer or network and then uses it to gain access to another.
Doxing
The process of searching for and publishing private information about a target (usually an individual) on the Internet, typically with malicious intent.
Threat Modeling
Consists of: Identify Security Objectives, Application Overview, Decompose Application, Identify Threats and Identify Vulnerabilities
Enterprise Information Security Architecture (EISA)
Collection of requirements and processes that help determine how an organization’s information systems are built and how they work.
Risk Management Approach
Mitigate, Eliminate or Accept
Risk Management Phases
Risk Identification, Risk Assessment, Risk Treatment, Risk Tracking and Risk Review
Security Control categories
Physical, Technical and Administrative
Security Control types
Preventive, detective, and corrective.
Business Impact Analysis should measure what?
Maximum tolerable downtime (MTD) which helps to prioritize the recovery of assets.
Business Impact Analysis should measure what?
An organized process to gauge the potential effects of an interruption to critical business operations as a result of disaster, accident or emergency. For example, part of the BIA can be calculating the Maximum tolerable downtime (MTD) which helps to prioritize the recovery of assets.
Disaster Recovery Plan
Addresses exactly what to do to recover any lost data or services.
Annualized Loss Expectancy
Measurement of the cost of an asset’s value to the organization and the monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO X SLE
Annualized Loss Expectancy (ALE)
Measurement of the cost of an asset’s value to the organization and the monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO X SLE
Annual Rate of Occurrence (ARO)
An estimate of the number of times during a year, a particular asset would be lost or experience downtime.
Single Loss Expectancy (SLE)
The monetary value expressed from the occurrence of a risk on an asset, Mathematically expressed as SLE = asset value (AV) X exposure factor (EF).
Exposure Factor (EF)
Percentage of asset loss. If an Asset’s Value (AV) is reduced by two thirds, the exposure factor is 0.66. If the asset is completely lost, the EF is 1.0.
User Behavior Analytics (UBA)
A process of tracking users behaviors and extrapolating those behaviors in light of malicious activity, attacks, and frauds. There exist behavior-based intrusion detection systems.
Security Trinity
CIA - Confidentiality, Integrity and Availability