Security Architecture and Design Flashcards

1
Q

Linux/Unix File Permissions (3)

A
  • Read (r)
  • Write (w)
  • Execute (x)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NTFS Permissions (5)

A
  • Read
  • write
  • Read & Execute
  • Modify
  • Full Control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

*nix Privileged Programs

A
  • setuid (set User ID) : Makes an executable run with the premissions of the file’s owner and NOT the running user.
  • setgid (set Group ID): programs run iwth the permissions of the file’s group.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

passwd

A

This *nix program runs as root allowing users to change their passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define “Virtualization”

A

Virtulization adds a software layer between an OS and the underlying computer hardware. This allows mulitple “guest” operating systems to run simultaneously one one physical “how” computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Types of Virtualization (2)

A
  • Transparent Virtualization (Full Virtualization) - Runs on stock OS (e.g. Windows, Ubuntu) as virtual guest. No changes to the OS are required.
  • Paravirtualization - Requires changing the guest OS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hypervisor

A

Virtualization Security - controls access between virtual guests and host hardware.

  • Type 1 hypervisor (bare metal) - is part of an OS that runs directly on host hardware.
  • Type 2 hypervisor - runs as an application on a normal OS.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

VMEscape

A

The risk of virtualization escape - where an attacker exploits the host OS or a guest from aonther guest.

Many network-based security tools (e.g. NIDS) can be blinded by virtualization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Three common Cloud Service levels

A
  • Infrastructure as a Service (IaaS)
  • Platorm as a Service (Paas)
  • Software as a Service (SaaS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Thin Client

Thin Client Applications

A

Thin clients are system which rely on central servers for OS, kernel, applications, etc. May be a diskless workstation

A Thin Client Application run a system with full OS but use a web browser as a universal client providing access to application downloaded from the thin client server. Typically use TCP port 80 (http) and 443 (https)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

TEMPEST

A

NSA standards for shielding electromagnetic emanations from computer equipment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Buffer Overflow

A

These occur when a programmer fails to perform “bounds checking”. That is, if a given input excedes the prescribed length, then excess input may overwrite the memor buffer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TOCTOU/Race Conditions

A

Time of Check, Time of Use attacks. An attacker attempts to alter a condition AFTER it has been checked by the OS but BEFORE it is used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Backdoors

A

A shortcut in a system that allows a user to bypass security checks to log in. Attackers may install a backdoor after gaining access to a system.

A maintenance hook is a type of backdoor using by system designers and programmers during development.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Malware

A

Malicious Code

A generic term for any type of software that attacks an application or system. Includes viruses, worms, trojans and logic bombs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Computer Virus

A

Viruses require a carrier to infect a system. Often introduced via human contact.

17
Q

Worms

A

Malware that self-propagates. Typically cause damage in two ways.

  • First, from the malware they deliver to a system
  • Secondly, from the loss of network availability they cause from aggressive self-propagation
18
Q

Trojan

A

Malware that performs TWO functions

  • One is begnin (the carrier program), such as a free computer game
  • One is malicious - often launched from the begnin program
19
Q

Rootkits

A

Malware that replaces protions of the kernel and/or OS. A user-mode rootkit operates in ring 3 on most systems. commonly rooted binaries include the “ls” or “ps” commands. Also “dir” or “tasklist”

A kernel-mode rootkit replaces the kernel or loads malicious loadable kernel modules. Operates in ring 0.

20
Q

Packers

A

Provide runtime compression of executables. The original exe is compressed and a small executable decompresser is prepended.

Many types of malware use packers to evade signature-based malware detection.

21
Q

Logic Bomb

A

A malware program that is triggered when a specific condition is met. For example, a set number of transactions, a specific date and time, etc.

22
Q

Server-side Attack

A

Attacks launched directly from an attacker to a listening service. For example, the Conficker worm attacked TCP port 445.

Server-side attach exploit vulnerabilties in installed services.

23
Q

Client-side Attach

A

Attacks that occur when a user downloads malware. Client-side attacks initiate from the victim who downloads content from the attacker.

24
Q

Java

A

An object-oriented language. Platform independent, interpreted by the Javal Virtual Machine (JVM). Java applets run in a sandbox - which segregates the code from the OS.

25
Q

ActiveX

A

Applets, like JAVA. A Microsoft technology available only on Windows OS. Uses digital certificates instead of a sandbox to provide security.

26
Q

Polyinstantiation

A

Allows two different objects to have the same name (databases).

27
Q

Inference and Aggregation

A

Inference requires dedution. Based are “clues” a conclusion may be inferred.

Aggregation asks every questions and receives every answers. Phone directory example - performing every lookup and reverse lookup t aggregate the entire phonebook.

28
Q

Bell-LaPadual Model

A

Data protection model - focuses on maintaining the confidentiality of objects. Operates using two rules.

  1. Simple Security Property - there is no READ UP.
  2. *Security Property - There is no WRITE DOWN. SIPR system cannot send email to NIPR system.
29
Q

Biba Model

A

Business version of Bell-LaPadula. Focuses on integrity instead of confidentiality. Two simple rules:

  1. Simple Integrity Axiom - No Read Down
  2. *Integrity Axiom - No Write Up
30
Q

Clark-Wilson Model

A

Another integrity model. Uses two concepts to ensure security policy is enforced.

  1. Well Formed Transactions
  2. Separation of Duties
31
Q

Orange Book

A

National Computer Security Center (NIST) and NSA,

Trusted Computer System Evaluation Criteria (TCSC)

Provides defined computer security standards and definitions for systems. Classes A - C

  • D: Minimal Protection
  • C: Discretionary Protections (DAC)
  • B: Mandatory Protection (MAC)
  • A: Verified Protection
32
Q

Red Book

A

Trusted Network Intrepretations (TNI)

Security standards for networks.

33
Q

PCI-DSS

A

Payment Card Industry Data Security Standard

Security standards for payment cards

Core Principals:

  • Build and maintains secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an INFOSEC policy
34
Q

What type of memory is used often for CPU registers?

A
35
Q

Cloud Computing - Services

A
  • Infrastructure as a Service (IaaS) - Hosted OS
  • Platform as a Service (Paas) - Web service hosting
  • Software as a Service (SaaS) - Webmail
36
Q

Layering

A

Secure Software Design Concept

Separates hardware and softward functionality into modular tiers.

  • Hardware
  • Kernel and device drivers
  • OS
  • Applications
37
Q

Abstraction

A

Secure System Design Concepts

Hides unnecessary details from the user. The users does not see the details of a “click” or action.

38
Q

The Ring Model

A

CPU hardware layering model

  • Ring 0 - Kernel
  • Ring 1 - OS components
  • Ring 2 - Device drivers
  • Ring 3 - User applications
39
Q

Multitasking & Multiprocessing

A
  • Multitasking - Multiple tasks run simultaneously on ONE cpu
  • Multithreading - Running multiple threads on ONE cpu
  • Multiprocessing - Runing multiple processes on multiple cpu’s.