IS3110 CHAP 2 Flashcards
What is a security policy?
- A rigid set of rules that must be followed explicitly to be effective
- A technical control used to enforce security
- A physical control used to enforce security
- A document created by senior management that identifies the role of security in the organization
A document created by senior management that identifies the role of security in the organization
You want to ensure that users are granted only the rights to perform actions required for their jobs. What should you use?
- Principle of least privilege
- Principle of need to know
- Principle of limited rights
- Separation of duties
Principle of least privilege
You want to ensure that users are granted only the persuasions needed to access data required to perform their jobs. What should you use?
- Principle of least privilege
- Principle of need to know
- Principle of limited rights
- Principle of limited permissions
Principle of need to know
Which of the following security principles divides job responsibilities to reduce fraud?
- Need to know
- Least privilege
- Separation of duties
- Mandatory vacations
Separation of duties
What can you use to ensure that unauthorized changes are not made to systems?
- Input validation
- Patch management
- Version control
- Configuration management
Configuration management
What are two types of intrusion detection systems?
- Intentional and unintentional
- Natural and manmade
- Host-based and network-based
- Technical and physical
Host-based and network-based
A technical control prevents unauthorized personnel from having physical access to a secure area or secure system.
TRUE OR FALSE
FALSE
What allows an attacker to gain additional privileges on a system by sending unexpected code to the system?
- Buffer overflow
- MAC flood
- Input validation
- Spiders
Buffer overflow
What is hardening a server?
- Securing it from the default configuration
- Ensuring it cannot be powered down
- Locking it in a room that is hard to access
- Enabling necessary protocols and services
Securing it from the default configuration
Which of the following steps could be taken to harden a server?
- Removing unnecessary services and protocols
- Keeping the server up to date
- Changing defaults
- Enabling local firewalls
- All the above
All the above
Which government agency includes the Information Technology Laboratory and published SP 800-30?
- NIST
- DHS
- NCSD
- US-CERT
NIST
ITL and ITIL are different names for the same thing.
TRUE OR FALSE
FALSE
Which US government agency regularly publishes alerts and bulletins related to security threats?
- NIST
- FBI
- US-CERT
- The MITRE Corporation
US-CERT
The CVE list is maintained by ___?
The MITRE Corporation
What is the standard used to create Information Security Vulnerability names?
- CVE
- MITRE
- DISA
- CSI
CVE
The amount that can be attacked on a server. Every additional service or protocol running or enabled increased the surface. By disabling services or protocols that are not needed, you reduce the surface
ATTACK SURFACE
A common exploit used against public-facing servers. Buffer overflow can occur when an attacker sends more data or different data than is expected. Attackers can use it to gain additional privileges on the system
BUFFER OVERFLOW
Standards used to ensure that systems are configured similarly. Additionally, you can perform compliance auditing regularly to ensure that systems have not been improperly modified.
CONFIGURATION MANAGEMENT
A philosophy centered on the principle that security requires continuous effort. You put controls into place. Later, you perform checks and audits to ensure they are still working as expected.
CONTINUOUS MONITORING
A buffer zone separating the Internet from the internal network. A DMZ is often created with two separate firewalls. You then place public-facing servers such as Web servers or email servers in the DMZ
DEMILITARIZED ZONE (DMZ)
An attack designed to prevent a system from providing a service. This is launched from a single client.
DENIAL OF SERVICE (DoS)
A major department in the US government. It is charged with protecting the United States from threats and emergencies.
DEPARTMENT OF HOMELAND SECURITY (DHS)
A DoS attack launched from multiple clients at the same time. These attacks often include zombies controlled in a botnet.
DISTRIBUTED DENIAL OF SERVICE (DDoS)
The act of initiating a vulnerability. It occurs when a command or program is executed to take advantage of a weakness. Some examples are buffer overflows, DoS attacks and DDoS attacks.
EXPLOIT
The day after Patch Tuesday. After patches are released, attackers attempt to reverse-engineer the patches to learn the vulnerabilities. They then create attacks to expo it the vulnerabilities before the patches are widely applied.
EXPLOIT WEDNESDAY
The act of making server more secure from the default. Defaults are changed. The attack surface is reduced. The system is kept up to date
HARDENING A SERVER
Acts that are hostile to the organization. Intentional threats come from criminals, vandals, disgruntled employees, hackers, and others.
INTENTIONAL THREATS
A system that can monitor a network and send an alert if an intrusion is detected. Both host-based ___ and network-based IDS (NIDS) systems are commonly used. A passive IDS logs and alerts on events. An active IDS can block a detected attack.
INTRUSION DETECTION SYSTEM (IDS)
A division of the Department of Homeland Security. NCSD and Department of Homeland Security work together with private, public, and international parties to secure cyberspace. They particularly focus on America’s cyber assets.
NATIONAL CYBER SECURITY DIVISION (NCSD)
A division of the US Department of Commerce. Its mission is to promote US innovation and industrial competitiveness. The information Technology Laboratory (ITL) is within ___. ITL publishes special publications that are widely used in IT risk management.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST)
Ensuring that patches are deployed when needed. Software regularly develops busts. When that happens, vendors release patches to correct the problems. ___ ensures that appropriate patches are deployed. Many bugs present serious security risks, so if the patches are’t deployed, the systems become vulnerable.
PATCH MANAGEMENT
The day that Microsoft released patches for Microsoft products. ___ is the second Tuesday of every month.
PATCH TUESDAY
Controls that restrict physical access to areas or systems. Examples include locked rooms, guards, and cameras.
PHYSICAL CONTROLS
A security principle that grants users only the minimum rights and permissions needed to perform their job. This is similar to the need to know principle. however, the need to know principle focuses only on permissions for data, not rights.
PRINCIPLE OF LEAST PRIVILEGE
A security principle that grants users access only to the data they need to perform their job. This is similar to the least-privilege principle. However, the least-privilege principle includes rights and permissions, while the need to know principle focuses only on permissions for data.
PRINCIPLE OF NEED TO KNOW
An attacker without much knowledge about programming and the potential harm it may cause. The idea is that some hacking tools are so easy to use, a kid can use them.
SCRIPT KIDDIE
A written policy created by senior management. it identifies resources and plans to implement security in the organization. It will usually includes individual policies such as a password policy, and acceptable use policy, and a firewall policy.
SECURITY POLICY
A principle that ensures that a single person does not control all the functions of a critical process. It is designed to prevent fraud, theft, and errors.
SEPARATION OF DUTIES
An attack on a Web site that accesses a database. The attacker uses Structured Query Language (SQL) code to retrieve or modify data in the database. You can prevent SQL injection attacks with sound development practices.
SQL INJECTION ATTACK
A common DoS attack, where the attacker withholds the third packet in a three-way handshake. When the attacker does this repeatedly in a short time period, the server’s resources are consumed and the server can crash.
SYN FLOOD ATTACK
Controls that use technology to reduce vulnerabilities. Examples include anti-virus software, intrusion detection systems, access controls, and firewalls.
TECHNICAL CONTROLS
When a threat expo its a vulnerability, this results in a harmful event or a loss.
THREAT/VULNERABILITY PAIR
Threats that don;t have a perpetrator. They include threats in the following categories: environmental, human, accidents, and failures.
UNINTENTIONAL THREATS
Part of the National Cyber Security Division. The US-CERT provides response support and defense against cyber attackers. Their focus is on the protection of federal government resources. They also collaborate and share information with state and local governments, and other public and private sectors.
UNITED STATES COMPUTER EMERGENCY READINESS TEAM (US-CERT)
A process that ensures that changes to files are controlled and tracked. Version control is often used with application development. Programmers check out a module or file, make their changes, and then check the file back in.
VERSION CONTROL