Security Fundamentals Flashcards
Data
This is a general term that relates to the information assets of a person, customer, or organization. In a computer system, the files are the data.
Three primary goals of information security.
Prevention, Detection, and Recovery
Risk
A concept that indicates exposure to the chance of damage or loss.
Potential threats to computer and network security include:
- Unintentional or unauthorized access or chances to data.
- The interruption of services.
- The interruption of access to assets.
- Damage to hardware.
- Unauthorized access or damage to facilities.
Vunlnerability
Any condition that leaves a system open to harm.
Vulnerabilities can come in a wide variety of forms, including:
- Improperly configured or installed hardware or software.
- Untested software and firmware patches.
- Bugs in software or operating systems.
- The misuse of software or communication protocols.
- Poorly physical security.
- Insecure passwords.
- Design flaws in software or operating systems.
- Unchecked user input.
Intrusions
- Physical intrusions
- Host-based intrusions
- Network-based intrusions
Attacks on a computer systems and network security include:
- Physical security attacks.
- Network-based attacks, included wireless networks.
- Software-based attacks.
- Social engineering attacks.
- Web application-based attacks.
Controls are broadly classified as
prevention, detection, and correction controls.
Prevention controls
These help to prevent a threat or attack from exposing a vulnerability in the computer system.
Detection controls
These help to discover if a threat or vulnerability has entered into the computer system.
Corrections controls
These help to mitigate the consequences of a threat or attack from adversely affecting the computer systems.
The Security Management Process
- Identify security controls
- Implement security controls
- Monitor security controls
CIA Triad
- Confidentially - Keeping information and communication private and protecting them from unauthorized access.
- Integrity - Keeping organization information accurate, free of errors, and without unauthorized modification.
- Availability - ensuring that systems operate continuously and that authorized persons can access the data that they need.
Non-repudiation
The goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data. Non-repudiation is one way to determine accountability.
Identification
A method that ensures that an entity requesting access to resources by using a certain set of credentials is the true owner of the credentials.
Authentication
Is the method of validating a particular entity or individual’s unique credentials.
Authentication Factors
Something you are Something you have Something you know Somewhere you are or are not Something you do
Authorization
The process of determining what rights and privileges a particular entity has.
Access control
The process of determining and assigning privileges to various resources, objects, or data.
Access Controls Models
Mandatory Access controls (MAC)
Discretionary Access Control (DAC)
Role-Based Access Control (RBAC)
Rule-Based Access Control
Mandatory Access Control (MAC)
In this model, access is controlled by comparing an object’s security designation and a user’s security clearance. Objects, such as files and other resources, are assigned security labels, depending on the object’s sensitivity.
Discretionary Access Control (DAC)
In this model, access to each object is controlled on a customized basis, which is based on on a user’s identity.
Role-Based Access Control (RBAC)
In this model, users are assigned to predefined roles, and network object are configured to allow access only to specific roles.
Rule-Based Access Control
This is a non-discretionary technique that is based on a set of operational rules or restrictions.
Accounting
The process of tracking and recording system activities and resource access.
Auditing
Is the part of accounting in which a security professional examines logs of what was recorded.
Implicit Deny
Dictates that everything that is not explicitly allowed is denied.
Least Privilege
Dictates that users and software should only have the minimal level of access that is necessary for them to perform the duties required of them.
Privilege Bracketing
Used when privileges are given out when needed, the revoked as soon as the task is finished or the need has passed.
Separation of Duty
States that no one person should have too much power or responsibility.
Job Rotation
No one person stays in a vital job role for too long.
Mandatory Vacation
Provides an opportunity to review employees activities.
Time of Day Restrictions
Are controls that restrict the periods of time when users are allowed to access systems, which can be set using a group policy.
Orphaned Accounts
Are users accounts that remain active even after the employees have left the organization.
Privilege Management
The use of authentication and authorization mechanisms to provide centralize or decentralize administration of user and group access control.
Single sign on (SSO)
Can offer privilege management capabilities by providing users with one-time authentication for browsing resources such as multiple servers or sites.
Privilege Management Infrastructure (PMI)
The purpose of a PMI is to issue specific permissions and rights to users within the infrastructure.
Tokens
Are physical or virtual objects, such as smart cards, ID badges, or data packets, that store authentication information.
Smart cards
Are common examples of token-based authentication. A smart card is a plastic card containing an embedded computer chip that can store different types of electronic information.
Biometrics
Are authentication schemes based on the identification of individuals by their physical characteristics.
Geolocation
Provides an extra level for authentication.
Keystroke Authentication
Is a type of authentication that relies on detailed information that describes exactly when a keyboard key is pressed and released as someone types information into a computer or other electronic device.
Multi-factor Authentication
Is any authentication scheme that requires validation of two or more authentication factors.
Mutual Authentication
Is a security mechanism that requires that each party in a communication verifies each other’s identity.
Cryptography
Is the science of hiding information.
Encryption
Is a cryptographic technique that converts data from plaintext, or cleartext form, into coded or ciphertext form.
Decryption
Is the companion technique that converts ciphertext back to cleartext.
Quantum Cryptography
Is an experimental method of data encryption based upon quantum communication and computation.
Qubit
Is a unit of data that is encrypted by entangling data with a photon or electron that has a particular spin cycle which can be read using a polarization filter that controls spin.
Cipher
Is an algorithm used to encrypt or decrypt data.
Deciphering
The reverse process of translating ciphertext to cleartext.
Stream Cipher
A type of encryption that encrypts data one bit at a time.
Block Cipher
This cipher encrypts data one block at a time, often in 64-bits blocks.
Some common modes of block cipher encryption are:
Electronic Code Book (ECB) encryption Cipher Block Chaining (CBC) Encryption Propagating or plaintext Cipher Block Chaining (PCBC) Encryption Cipher Feedback Mode (CFB) encryption Output Feedback Mode (OFB) encryption Counter Mode (CTR)
Steganography
Is an alternative cipher process that hides information by enclosing it in another file such as a graphic, movie, or sound file.
Encryption Key
Is a specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption.
Keys can be Static or Ephemeral
Static Keys are intended to be used for a relatively long time and for many instances within a key-establishment.
Ephemeral keys are generated for each individual communication segment or session.
One-Time Pad
Is an encryption algorithm that was developed under the assumption that if a key was used once, was completed random, and was kept totally secret, then it constituted the perfect method of encryption.
Hashing Encryption
Is one-way encryption that transforms cleartext into ciphertext that is not intended to be be decrypted.
Hashing has several uses:
- Hashing issued in a number of password authentication schemes. Encrypted password data is called a hash of the password.
- A hash value can be embedded in an electronic message to support data integrity and non-repudiation.
- A hash of a file can be used to verify the integrity of that file after transfer.
Message Digest 5 (MD5)
This algorithm produces a 128-bit message digest.
Secure Hash Algorithm (SHA)
This algorithm is modeled after MD5 and is considered the stronger of the two.
SHA-160, which produces a 160 bit hash value
SHA-256, SHA-384, and SHA-512 produce 256-bit
384-bit and 512 bit digest
NT LAN Manager (NTLM#)
NTLMv1 is an authentication protocol for use in its products and released in early versions of window NT. NTLMv2 in later versions of Windows NT.
