Section 3: Security Architecture Principles Flashcards

1
Q

Transport layer protocols

A
  • Transmission Control Protocol (TCP)

- User Datagram Protocol (UDP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Application layer (Layer 7)

A

Mediates between software applications and other layers of network services.
Protocol Data Unity (PDU): Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Network layer protocols

A
  • Internet Control Message (ICMP)
  • Address Resolution Protocol (ARP)
  • Reverse Address Resolution Protocol (RARP)
  • Internet Protocol (IP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data link protocols

A
  • Ethernet
  • Fast Ethernet
  • FDDI
  • Token Ring
  • Point-to-point protocol (PPP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

OSI (Open Systems Interconnection) model

A

Is used to describe networking protocols. The OSI model defines groups of functionality required for network computer into layers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Layers of the OSI model

A
  1. Application
  2. Presentation
  3. Session
  4. Transport
  5. Network
  6. Data Link
  7. Physical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Physical layer (Layer 1)

A

Manages signals among network systems.

Protocol Data Unity (PDU): Bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data link layer (Layer 2)

A

Divides data into frames that can be transmitted by the physical layer. The data link layer is concerned with local delivery of frames between nodes on the same level of the network and it does not cross the boundaries of a local area network.
Protocol Data Unity (PDU): Frame

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Network layer (Layer 3)

A

Translates network addresses and routes data from sender to receiver.
Protocol Data Unity (PDU): Packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Transport layer (Layer 4)

A

Ensures that data are transferred reliably in the correct sequence.
Protocol Data Unity (PDU): Segment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Session layer (Layer 5)

A

Coordinates and manages user connections.

Protocol Data Unity (PDU): Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Presentation layer (Layer 6)

A

Formats, encrypts and compress data.

Protocol Data Unity (PDU): Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Internet Control Message (ICMP)

A

A supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Address Resolution Protocol (ARP)

A

A communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address.
In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Reverse Address Resolution Protocol (RARP)

A

An obsolete computer networking protocol used by a client computer to request its Internet Protocol (IPv4) address from a computer network, when all it has available is its link layer or hardware address, such as a MAC address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Internet Protocol (IP)

A

The principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
IP has the task of delivering packets from the source host to the destination host solely based on the IP addresses in the packet headers. For this purpose, IP defines packet structures that encapsulate the data to be delivered. It also defines addressing methods that are used to label the datagram with source and destination information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Transmission Control Protocol (TCP)

A

Provides a communication service at an intermediate level between an application program and the Internet Protocol. It provides host-to-host connectivity at the transport layer.
At the transport layer, TCP handles all handshaking and transmission details and presents an abstraction of the network connection to the application typically through a network socket interface.
At the lower levels of the protocol stack, due to network congestion, traffic load balancing, or unpredictable network behaviour, IP packets may be lost, duplicated, or delivered out of order. TCP detects these problems, requests re-transmission of lost data, rearranges out-of-order data and even helps minimize network congestion to reduce the occurrence of the other problems

18
Q

Ethernet

A

The original 10BASE5 Ethernet uses coaxial cable as a shared medium, while the newer Ethernet variants use twisted pair and fiber optic links in conjunction with switches. Ethernet data transfer rates have been increased from the original 2.94 megabits per second (Mbit/s)[2] to the latest 400 gigabits per second (Gbit/s).
Systems communicating over Ethernet divide a stream of data into shorter pieces called frames. Each frame contains source and destination addresses, and error-checking data so that damaged frames can be detected and discarded; most often, higher-layer protocols trigger retransmission of lost frames.

19
Q

TCP three-way handshake

A
  • SYN (Client to Server),
  • SYN/ACK (Server to Client)
  • ACK (Client) to Server)
20
Q

Disadvantages Packet filtering firewalls

A
  • Vulnerable to attacks from improperly configured filters
  • Vulnerable to attacks tunneled over permitted services
  • All private network systems vulnerable when a single packet filtering router is compromised
21
Q

Advantages Packet filtering firewalls

A
  • simplicity of one network “choke point”
  • minimal impact on network performance
  • inexpensive or free
22
Q

Disadvantage Application-level gateways

A

Poor performance and scalability as Internet usage grows

23
Q

Advantages of IPS

A
  • Protection at the application layer
  • Prevention of attacks rather than simply reacting to them
  • Defense in depth
  • Real-time event correlation
24
Q

Factors affecting cryptograpic system effectiveness

A
  • Algorithm strength
  • Secrecy and difficulty of compromising a key
  • Nonexistence of back doors by which an encrypted file can be decrypted without knowing the key
  • Inability to decrypt parts of a ciphertext message and prevent known plaintext attacks
  • Properties of the plaintext known by a perpetrator
25
Q

wo types of cryptographic systems

A
  • Symmetric Key Systems: These use single, secret, bidirectional keys that encrypt and decrypt.
  • Asymmetric Key Systems: These use pairs of unidirectional, complementary keys that only encrypt or decrypt. Typically, one of these keys is secret, and the other is publicly known.

Public key systems are asymmetric cryptographic systems. Most encrypted transactions over the Internet use a combination of private/ public keys, secret keys, hash functions (fixed values derived mathematically from a text message) and digital certificates (that prove ownership of a public encryption key) to achieve confidentiality, message integrity, authentication and nonrepudiation by either sender or recipient (also known as a public key infrastructure [PKI]). Essentially, keys and hash values are used to transform a string of characters into a shorter or fixed-length value or key that represents the original string. This encryption process allows data to be stored and transported with reduced exposure so data remains secure as it moves across the Internet or other networks.

26
Q

Wired equivalency protocol (WEP)

A

A scheme that is part of the IEEE 802.11 wireless networking standard to secure IEEE 802.11 wireless networks (also known as Wi-Fi networks). An increasing number of organizations and vendors are replacing this with 802.11i (WPA2) and Wi-Fi Protected Access (WPA), which use dynamic keys and an authentication server with credentials to increase protection against hackers.

27
Q

Wi-Fi protected access (WPA)

A

A class of systems used to secure wireless (Wi-Fi) computer networks. WPA was created in response to several serious weaknesses that researchers found in the previous system, Wired Equivalent Privacy (WEP).

28
Q

Packet filtering firewalls

A

A screening router examines the header of every packet of data traveling between the Internet and the corporate network. Packet headers contain information, including the IP address of the sender and receiver, along with the port numbers (application or service) authorized to use the information transmitted. Based on that information, the router knows what kind of Internet service (e.g., web-based service or FTP) is being used to send the data as well as the identities of the sender and receiver of the data

29
Q

Application firewalls

A

Allow information to flow between systems but do not allow the direct exchange of packets. Therefore, application firewall systems provide greater protection capabilities than packet filtering routers.

30
Q

Advantages Stateful Inspection Firewalls

A
  • Provide greater control over the flow of IP traffic

- Greater efficiency in comparison to CPU-intensive, full-time application firewall services

31
Q

Disadvantage Stateful Inspection Firewalls

A

Firewall complex to administer

32
Q

Change Management Lifecycle

A
Evaluate
Assess
Design
Implement
Manage change
33
Q

SDLC requirements

A
  • Business requirements containing descriptions of what a system should do
  • Functional requirements include the use of case models describing how users will interact with a system
  • Technical requirements include design specifications and coding specifications describing how the system will interact, conditions under which the system will operate and the information criteria that the system should meet
  • Risk mitigation and control requirements are incorporated to protect the integrity of the system, confidentiality of information stored, processed or communicated as well as adequate authentication and authorization mechanisms
34
Q

Advantage Application-level gateways

A
  • Provide security for commonly used protocols
  • Generally hide the network from outside untrusted networks
  • Ability to protect the entire network by limiting break-ins to the firewall itself
  • Ability to examine and secure program code
35
Q

Components of IDS

A
  • Sensors responsible for collecting data in the form of network packets, log files, system call traces, etc.
  • Analyzers that receive input from sensors and determine intrusive activity • An administration console
  • A user interface
36
Q

Firewalls

A

Defined as a system or combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment such as the Internet. It applies rules to control the type of networking traffic flowing in and out.

37
Q

Firewall features

A
  • Block access to particular sites on the Internet.
  • Limit traffic on an organization’s public services segment to relevant addresses and ports.
  • Prevent certain users from accessing certain servers or services.
  • Monitor and record communications between an internal and an external network.
  • Monitor and record communications between an internal network and the outside world to investigate network penetrations or detect internal subversion.
  • Encrypt packets that are sent between different physical locations within an organization by creating a VPN over the Internet (e.g., IP security [IPSec], VPN tunnels). The capabilities of some firewalls can be extended so they can also provide for protection against viruses and attacks directed to exploit known operating system vulnerabilities.
38
Q

Stateful Inspection Firewalls

A

Firewalls
A stateful inspection firewall, also referred to as dynamic packet filtering, tracks the destination IP address of each packet that leaves the organization’s internal network. Whenever a response to a packet is received, its record is referenced to ascertain whether the incoming message was made in response to a request that the organization sent out. This is done by mapping the source IP address of an incoming packet with the list of destination IP addresses that is maintained and updated. This approach prevents any attack initiated and originated by an outsider.

39
Q

Processes of the Systems Development Lifecycle (SDLC)

A
Planning
Analysis
Design
Implementation
Maintenance
40
Q

Systems Development Lifecycle (SDLC)

A

Lifecycle (SDLC)
The Systems Development Lifecycle (SDLC) describes the phases deployed in the development or acquisition of a software system. ____ is an approach used to plan, design, develop, test and implement an application system or a major modification to an application system. Typical phases of _____ include the feasibility study, requirements study, requirements definition, detailed design, programming, testing, installation and post-implementation review, but not the service delivery or benefits realization activities.