Exam 2 Flashcards
Access Control Approaches Rely on The Following Four Mechanisms
- Identification- I am a user of the system
- Authentication- I can prove I’m a user of the system
- Authorization- Here’s what I can do with the system
- Accountability- You can track and monitor my use on the system
Roles of the Communities of Interest
Evaluation of current and proposed risk controls
Determining which options are cost effective
Installing the needed controls
Ensuring that the controls stay effective
Three commonly used authentication factors
- Something you know
Relies on what the unverified user knows. Like password. - Something You Have
Relies on that an unverified user has and can produce when necessary. Like ID cards - Something That You Are or Can Produce
Relies on individual characteristics. Like fingerprints
MAC layer firewall
Designed to operate at the media access control sublayer at layer 2 of the network
Application layer proxy firewall
capable of functioning as both a firewall and an application layer proxy server
Packet-filtering firewall
Examines header information of data packets that enter a network.
Firewall
Combination of hardware/software that filters information moving between the inside/outside of a network
Encapsulation
The native protocol of the client is embedded within the frames of a protocol
Encryption
Keeps data private as it travels over the public network
Authentication
Ensures the identification of the remote user
Transport Mode
Data within an IP packet is encrypted, but the header information is not
Tunnel Mode
Establishes two perimeter tunnel servers to encrypt all traffic that will traverse an unsecured network
Proxy server
server that exists to intercept requests for information from external users to minimizing demand on internal servers
Reverse proxy
retrieves internal information to provide to requesting outside users
Clark-Wilson Integrity Model change control principles
- No changes by unauthorized users
- No unauthorized changes by authorized users
- Maintain internal and external consistency
IDPS Response Techniques
Terminating the user session or network connection
Blocking access to the target system or systems
Blocking all access to the targeted information asset
Reasons for an IDPS
Intrusion detection
Documentation- Logs data
Attack deterrence
Host based IDPS
Resides on a particular device and only monitors that system
Network based IDPS
Resides on a device connected to a segment of an organizations network and only monitors that segment
Attack protocol
Series of steps used by an attacker to launch an attack
Footprinting
Research of internet addresses owned by a target organization
Fingerprinting
Survey of all the target addresses collected during footprinting
Attack surface
Functions and features a system exposes to unauthenticated users
Port scanners
Tools used by both attacker and defenders to identify or fingerprint active computers on a network
Seven Major Sources of Physical Loss
- Extreme temperature: heat, cold
- Gases: humid or dry air
- Liquids: water, chemicals
- Living organisms: virus, people, animals
- Projectiles: Tangible objects in motion
- Movement: Collapse, vibration, slide
- Energy anomalies: electrical surge
Uninterruptible power supply
Ensures delivery of electrical power without interruption
Standby/Offline UPS
Backup battery that detects interruption in power and activates a transfer switch to provide power through batteries
TEMPEST
Government program to protect computers from electrical remote eavesdropping by reducing EMR emissions
Packet sniffer
Software or hardware that can intercept, copy, and interpret network traffic
Active vulnerability scanner
Application that scans networks for exposed usernames/groups
Passive vulnerability scanner
Scanner that listens in on a network and identifies vulnerable versions of both server and client software
Best Practices for Firewalls
All traffic from trusted networks is allowed out
Firewall devices are never to be directly accessible from the public network
SMTP data is allowed but is directed to a well configured gateway
All ICMP data should be denied
Static packet filtering
Filtering rules need to be developed with the firewall
Dynamic packet filtering
Can react to events and update or create rules to deal with an event
Stateful packet inspection (SPI)
Keep track of each network connection between internal and external systems
Kerberos
Uses symmetric key encryption to validate a user to network resources
Kerberos three interactive services
Authentication server- Kerberos server that authenticates clients and servers
Key Distribution Center- generates and issues session keys
Kerberos ticket granting service- provides tickets to valid clients who request services
VPN
A private secure network operated over a public network
Hybrid VPN
combination of trusted and secure VPN implementations
Secure VPN
uses security protocols to encrypt traffic transmitted across unsecure networks
Trusted VPN
VPN that uses leased circuits
Know yourself
Understand the current information in your organization
Know the enemy
Identify threats facing the organization
Risk appetite| tolerance
The quantity of risk that organizations are willing to accept
Residual risk
Risk to information that remains after current controls are applied
Attack success probability
number of successful attacks that are expected to occur within a specified time period
Likelihood
The probability that a vulnerability within an organization will be attacked
Risk control
Application of controls that reduce risk to an organizations assets
