Operations Security Flashcards
zero day exploit
existence of exploit code for a vulnerability that has yet to be patched
differential backup
backs up files changed since last full back up; quicker than full, but gets longer over time to backup
RAID levels
0 - Striped set 1 - mirrored set 3 - byte-level striping with dedicated parity 4 - block-level striping with dedicated parity 5 - block-level striping with distributed parity 6 - block-level striping with double distributed parity
RAID 2
hamming code: not commercially viable for hard disks; cost prohibitive
mirroring
complete duplication of data to another disk, used by some levels of RAID; used to achieve full data reduncy by writing to multiple hard disks
active-passive
backup systems only begin processing when a failure state is detected
full backup
contain all of the allocated data on the hard disk; quick recover; long backup
sniffing
potentially able to insert a malicious system in the middle of a connection
recovery
cautiously restoring the system or systems to operational status
macro virus
malicious code that infects microsoft office documents
lessons learned
most likely step to be neglected
SYN flood
DOS; resource exhaustion; lots of SYN, but never acknowledge SYN/ACK
teardrop
DOS; malformed packet; targest issues with systems fragmentation reassembly
RAID 5
striped set w/ distributed parity: performance gains; data redundancy; can lose 1 disk and still function
ping of death
DOS; malformed packet; sends malformed ICMP echo request (ping) that is larger than maximum size of an IP packet
remanence
data that might persist after removal attempts
spoofing
masquerading as another endpoint
RAID 6
striped set w/ dual distributed parity: can accommodate loss of 2 drives and still function
preparation
steps taken before incident occurs; includes training, writing incident response policies/procedures, providing tools
incremental backup
only archive files that have changed since last backup of any kind performed; quick backup; long recovery
need to know
clearance level alone is insufficient when dealing with most sensitive information
account lockouts
used to prevent an atttacker from being able to simply guess the right password by attempting a large number of potential passwords
NDA
non-disclosure agreement: work-related contractual agreement that ensures people will maintain confidentiality of data
DNS reflection
DOS; attacker has poorly configured 3rd paty DSN server query an attacker-controlled DNS server
striping
spreading data writes across multiple disks to achieve performance gains; used by some levels of RAID; performance increase and no data redundancy
trojan horse
defined by how they are concealed and are most often associated with providing an attacker with persistentbackdoor access