Software Development Security Flashcards
What is threat modelling
process whereby potential threats are identified, categorised, and analysed.
Name some typical crossing points that can make up a total threat surface
TCP/IP ports
User login services
query fields on web pages
attachment points for removable media
devices
A popular threat model approach is called STRIDE which is a mnemonic for security threats in six categories
- Spoofing: Impersonating something or someone else.
- Tampering: Modifying something on disk, network, data, code or elsewhere.
- Repudiation: Claiming to have not performed an action.
- Information disclosure: Exposing information to someone not authorised to access it.
- Denial of Service: Exhaustion or degradation of services to users.
- Elevation of privilege: Gaining privileged capabilities without proper authorisation.
When creating a secure environment for an executable program, such as mobile code, it is important to
identify the resources the program needs and then provide limited access to these resources to protect against potential threats
Two control mechanisms can be used to limit the risk to the user in relation to mobile code:
Attempt to run code in a restricted environment where it cannot do harm, such as in a sandbox
Cryptographic authentication, via digital certificates and signatures on mobile code elements, can be used in an attempt to authenticate where the code is coming from
What was another name for first generation programming languages
machine language
What was another name for second generation programming languages
assembly language
What was another name for third generation programming languages
Higher order languages COBOL, FORTRAN, BASIC, Java and C
What was another name for fourth generation programming languages
very high-level languages e.g. include report generators and application generators.
Sometimes 5th generation languages are known as
constraint-based or logic programming languages - using expressions and arguments to program rather than traditional source code
Two principal security concerns are worth noting with regard to the widespread use of fourth generation languages today:
Almost all the “codeless programming” platforms and environments end up being substantially tailored by end-user organizations
By being created to make it simple for nonprogrammers to create programs, and in so many ways, millions of people with virtually no security training or awareness use them on a daily basis around the world. And almost all that usage is beyond any organizational security or configuration management purview.
This is a set of standards that addresses the need for interoperability between hardware and software products residing on different machines across a network.
CORBA
The CORBA security service supports four specific types of policies:
Access control
Data protection
Non-repudiation
Auditing
Is commercial-off-the-shelf (COTS) software more dangerous than bespoke software written in-house?
Yes, COTS increases the potential of security faults. Often the one-size-fits-all nature of COTS can mean that security is too generic or just doesn’t exist. Sometimes it can be considered, but only after thorough risk assessment.
A covert channel may be defined as a communication channel that allows processes to transfer information in such a way to
violate some security policy or requirement
Time of Check vs. Time of Use (sometimes written as TOCTOU or TOC/TOU) is seemingly a very common type of attack that occurs when
control information changes between the time the system security functions check the contents of variables and the time the variables actually are used during operations.
What is a race condition
this may exist when the output of a specific architecture is dependent on the timing of certain events, but somehow those events are not done in the proper sequence.
To avoid TOCTOU attacks, the operating system should use the concept of
Software locking
To protect against a race condition attack from taking place within a system, the security professional needs to ensure that
the architecture and design of the operating system and the programs that run on top of it are not allowing critical tasks to be split up for execution. To ensure this does not happen, the use of atomic operations needs to be enforced within the system.
What is the difference between a race condition and a TOCTOU attack
A race condition implies that two processes will be forced to execute out of sequence, allowing the attacker to control or manipulate the outcome.
While a TOCTOU attack may happen as a result of the attacker inserting themselves in between two processes as they are executing, causing a redirection of the second process in some way to control or manipulate the outcome.
What is a between the lines attack
This occurs when the telecommunication lines used by an authorized user are tapped into and data falsely inserted or injected.
How do you prevent a between the lines attack
the telecommunication lines should be physically secured so that they cannot be accessed by unauthorized individuals, and users should not leave telecommunication lines open when they finished with them and those lines are not being used anymore.
What is a trapdoor or backdoor
a hidden mechanism that bypasses access control measures.
Database attacks: Aggregation or inference
The ability to combine non-sensitive data from separate sources to create sensitive information is referred to as aggregation.
Being able to aggregate information may lead to inference possibilities. Inference is the ability to deduce more sensitive information than you should be allowed.
Database attacks: Bypass Attacks
attackers may be able to find ways into the database without going through the query engine interface or its command line interpreter
Database attacks: Compromising database views used for access control
Attackers may try to modify a view with capabilities they have - a database view typically limits the data the user sees not the operations they may perform on the views
Database attacks: exploits agains alternative but not quite equivalent access routes
the layered model frequently used in database interface design may provide multiple alternative routes to the same data, not all of which may be adequately protected
Database attacks Data contamination
Attackers can attempt to use malformed inputs at the field, record, transaction, or file level, to disrupt the proper functioning of the system.
Database attacks Deadlocking
Simultaneous queries designed to deadlock records
What does a database model do
describes the relationship between the data entities within the database and provides a framework for organizing the data.
IT IS NOT A DATA MODEL
At minimum, any database model needs to provide the following requirements:
Transaction persistence
Fault tolerance and recovery
Sharing by multiple users
Security controls
What does the term ACID mean
Atomicity: A transaction is either completed in its entirety or not at all
Consistency: All integrity conditions in the database are maintained with each transaction
Isolation: Each transaction is isolated from other transactions
Durability: If a transaction is reported to user as complete, the changes to database survive hardware or software failures
What is the difference between a database model and a data model
Database models identify the specific organisation, structure, tools and architecture that the DBMS can provide to users
Data models describe specific types of data used by an organisation,
Give examples of database models
Hierarchical model
Network database model
Relational database model
How does a hierarchical database management model store data
This model stores data in a series of records that have field values attached to each record. It collects all the instances of a specific record together as a record type
To create links between the record types, the hierarchical model needs to use parent and child relationships through the use of tree structures.
What is an obvious weakness in the hierarchical database model
is only able to cope with a single tree and is not able to link between branches or over multiple layers.
How does a network database model store data
It stores data in the form of related records that form a network
The network database model is also known as
the CODASYL model (Conference on Data Systems Languages)
The network model finds two powerful applications in todays marketplaces
- High performance, high volume storage management
- Graph databases
What are the three SQL sublanguages
Data Definition Language DDL,
Data Manipulation Language DML
Data Control Language DCL
Many security professionals are concerned about the use of ActiveX Data Objects ADO because
there are no configurable restrictions on its access to the underlying system.
What does OWASP stand for
Open Web Application Security Project
True or False: According to Open Web Application Security Project (OWASP) 2017, the most common web vulnerability is injection.
TRUE
In regard to session management, Hypertext Transfer Protocol (HTTP) is a stateless technology. Therefore, periods of apparent attachment to the server are controlled by other technologies such as cookies or URL data. How should cookies be protected?
A. Encryption
B. Random and unique identifiers
C. Both A and B
D. None of the above
C (Both A and B)
What is the difference between a virus and a worm
a worm can propagate without user action. In other words, they do not rely on human involvement, instead they spread across networks of their own accord, primarily by exploiting known vulnerabilities in common software.
Which spread faster worms or viruses
The lack of requirement for user involvement means that worms have a significant speed advantage and therefore, can spread very rapidly and much faster than viruses. Some viruses have been able to spread to many hosts measured in days, whereas worms can travel worldwide in hours or even minutes.
What are hoaxes
Hoaxes generally carry an instruction to the user to forward the warning to all contacts available to the user.
What is a Trojan
A Trojan is a program that can be seemingly useful, but it also contains something unknown that will do something malicious.
Remote access Trojans
RAT The intent is to have easy access to the host remotely after the RAT has been installed on the remote host
DDOS Zombies
These computers in between the master and the target are sometimes called agents or clients but most often are referred to as zombie programs as they are not really aware that they are contributing to a DoS attack.
Logic bombs
Software programs set up to run in a dormant state until a specific condition or set of conditions exist and then activate their negative payload. The condition that a logic bomb waits for can be related to a certain date or time, or specific conditions related to system and architecture parameters.
Why are the terms spyware and adware often confused?
Companies involved with spyware and adware have been quite active in promoting the confusion of definitions and terms. Vendors and developers of anti-spyware programs have frequently found themselves targets of lawsuits alleging that the identification of programs as spyware is defamation.
What is a botnet
a network of automated systems or processes (robots or for short, bots) performing a specific function together, usually malicious. Botnets have greatly magnified the power and speed of malicious operations because they all work together toward achieving a malicious goal, and they have allowed for tuning and directing of operations in a way that was not possible with malicious programs in the past.
There are three approaches to how antivirus software technology is able to work:
Known signature scanning
Activity monitoring
Change detection
Malware protection: Scanners
Also known as signature scanners they look for search strings whose presence is characteristic of a known virus. In other words, they look for known signatures of known viruses and malware
Malware protection: Heuristic Scanners
One of the latest technologies used for scanning is what is referred to as intelligent analysis of unknown code, currently referred to as heuristic scanning.
More closely associated with activity monitoring functions than signature scanning,
looks for suspicious sections of code that may try to modify code or change permissions
Malware protection: Activity monitors
An activity monitor performs a task very similar to an automated form of traditional auditing: it watches for and flags what may be suspicious activity.
Malware protection: Change detection
examines system or program files and configurations, stores the information, and compares it against the same program files and configurations on a regular basis to look for changes.
Malware protection: Reputation monitoring
Zero day and Zero hour exploits do not have signatures that can be picked up by scanners. Reputation monitoring boosts protection by assessing the reputation of websites for immediate and potential threats
Do IDS and IPS systems actively screen files for malware
No - the normally protect based on URLs URIs and IP addresses
Do IDS and IPS systems allow malware through
Yes, this is the only way that malware can be examined
Via the integration of continuous monitoring and endpoint data collection, ______ can be an effective endpoint security option.
Endpoint detection and response
Fast, Lean Development Methods: Reuse Model
In this model, an application is built from already existing and tested components.
Fast, Lean Development Methods: Spiral Method
A nested version of the original waterfall method, the development of each phase is carefully designed using the waterfall model, but the distinguishing feature of the spiral model is that in each phase we add four sub-stages, based on what is known as the Deming Cycle: Plan, Do, Check, Act (PDCA).
Fast, Lean Development Methods: Prototype
In prototyping, the objective is to build a simplified version of the entire application, release it for review, and use the feedback from the stakeholders to review to build a second, much better version.
Fast, Lean Development Methods: Modified Prototype Model
A refined form of the above prototyping methodology that is ideal for web application development, MPM allows for the basic functionality of a desired system or component to be formally deployed in a quick time frame. The maintenance phase is set to begin after the deployment. The goal is to have the process be flexible enough so that the application is not based on the state of the organization at any given time. As the organization grows and the environment changes, the application evolves with it rather than being frozen in time.
Fast, Lean Development Methods: Cleanroom
This methodology is focused on controlling and, at best, avoiding defects and bugs in the software. The emphasis is to write the code correctly the first time rather than trying to find the problems once they are already there and trying to address them later. Essentially, cleanroom software development focuses on defect prevention rather than defect removal.
Fast, Lean Development Methods: Extreme Programming
this model relies on simplicity of the process, communication between all involved stakeholders, including security, and feedback to ensure requirements are addressed properly.
Fast, Lean Development Methods: Agile Development
Agile development follows patterns of activities such as “scrum,” “sprint,” or “safe” to manage change and develop and deploy working, reliable, and verifiable function.
What is a companion virus
This is a virus that does not infect a file but makes use of operating system features to trigger before or instead of the target file. In MS-DOS, for example, when a command is given, the system checks first for internal commands, then .COM, .EXE, and .BAT files, in that order. .EXE files can be infected by writing a .COM file in the same directory with the same filename.
The term multipartite was originally used to indicate a virus that was able to _____
Current understanding and usage tends to mean a virus that
- to infect both boot sectors and program files at the same time.
- can infect more than one type of object or that infects or reproduces in more than one way.
What is STRIDE
A Popular threat modelling Mnemonic
Spoofing: Impersonating something or someone else.
Tampering: Modifying something on disk, network, data, code or elsewhere.
Repudiation: Claiming to have not performed an action.
Information disclosure:
Exposing information to someone not authorized to access it.Denial
What are the two types of policy
Administrative policies and technical policies
Which hashing algorithms should not be used
SHA-1 and Md5
Is Oauth 1.0a Secure
OAuth 1.0a is the most secure of the three common protocols. The protocol uses a cryptographic signature that is usually HMAC-SHA1 value that combines the token secret, nonce, and other request-based security information. The great advantage of OAuth 1 is that the token secret is never sent across the wire, which completely eliminates the possibility of anyone seeing the password while in transit.
True or false OAuth 2’s current specification removes signatures so there is no requirement to use cryptographic algorithms to create, generate, and validate signatures.
true
What are the benefits of using code libraries?
- Increased dependability (software patches)
- Reduced process risk (if the software exists we immediately know the cost of the software)
- Effective use of specialists (genuine experts develop the specialist components)
- Standards compliance (e.g. user interface)
- Accelerated development
Source Code Analysis Tools: What does Static application security testing (SAST) do
Analyzes the source code to look for common programming errors, compliance with programming guidelines and templates, and other potential sources of errors that are visible in the source code.
It does not actually test the code by executing it, so it’s a bit of a misnomer to call it a “security testing” approach.
Source Code Analysis Tools: What does Dynamic application security testing (DAST) do
Sometimes called “fuzz testing,” this approach can run tens of thousands of test cases (or more) against an app
Source Code Analysis Tools: What does Interactive application security testing (IAST) do
IAST works with agents incorporated into the software being tested, and this enables the IAST engine to look through the application’s logic down into the library routines it calls, checking them for proper use.
Source Code Analysis Tools: Runtime application security protection (RASP)
is more of a security protection tool for use during testing. Unlike the other tools, RASP’s agents and instrumentation in the code being tested can be used to terminate execution of that code if a potential security violation is encountered.
Application programming interfaces (APIs) are the connectors that allow many things to communicate such as Internet of Things (IoT) and other devices like electronic health wristbands. What is the overarching security framework that allows for the structured and controlled development and deployment of APIs?
Data governance
The Software Engineering Institute’s Capability Maturity Model (CMM) Integration focuses on
Process management
The trusted computing base (TCB) is
he collection of all the hardware, software, and firmware components within an architecture that are specifically responsible for security. The TCB is a term that is usually associated with security kernels and the reference monitor.
Again, if designed and developed properly, the TCB can contain
a trusted path (secure methods to gain access) and
a trusted shell (the environment supporting the security is secure).
The TCB is responsible for providing the protection mechanisms necessary to ensure that the trusted path cannot be compromised in any way.
What are view based access controls
View-based access control allows the database to be logically divided into pieces that allow certain sensitive data to be hidden from users that are not authorized to see or manipulate it.
How can the “Grant and Revoke” access controls be subverted
where the possibility exists of a user being granted access but not grant authority could make a complete copy of the relation and subvert the system. Because the user, who is not the owner, created a copy, the user is now considered by the system to be the owner of the copy and therefore, could provide grant authority over the copy to other users.
To ensure the integrity of data, there are two types of controls that can be used.
These are input and output controls.
Data contamination controls: Give some examples of input controls
hash totals, error detection, error correction, resubmission, self-check digits, and control totals
Data contamination controls: Give some examples of output controls
validation of transactions through reconciliation, physical-handling procedures, authorization controls, verification with expected results, and audit trails.
At its heart,__________ and or ___________ is intended to eliminate the confusion and error brought about by the existence of different versions of artifacts.
configuration and or change management
True or False: The reference monitor is a physical machine that mediates, or controls, all access that subjects (users) have to objects (data or resources).
The correct answer is False.
The reference monitor is considered to be an abstract machine, not a physical machine, that mediates, or controls, all access that subjects (users) have to objects (data or resources).
A property that ensures only valid or legal transactions that do not violate any user-defined integrity constraints in DBMS technologies is known as:
A. Durability
B. Isolation
C. Consistency
D. Atomicity
C. Consistency
Change management and control must first decide
at what level of granularity will the elements of the system be defined, enumerated, managed, and controlled.
Configuration management terms: Configuration Identification
Setting and maintaining the information system Configuration Items (CI) that are divided into four categories: hardware, software, interfaces and documentation. The CIs comprise the baseline and the System Owner determines the level of granularity deemed necessary for tracking and reporting.
Configuration management terms: Configuration control
To ensure all changes to the baseline of an information system are performed with the knowledge, evaluation and consent of management
Configuration management terms: Configuration Status Accounting
Configuration Status Accounting is the process of recording and reporting configuration item descriptions (e.g. hardware, software, firmware, etc.) and all changes made since the baseline was established. In the event of a suspected problem, the verification of the baseline configuration and approved changes can be quickly determined.
Configuration management terms: Configuration Audit
An assessment (internal audit) is a systematic process of collecting and analyzing artifacts and activities to determine the current, historical, or projected status of a system. Through a physical viewing and evaluation of these artifacts, along with the aid of checklists, interviews, and observation, audit team will provide the System Owner with an insight into areas of improvement for CM processes and procedures documented in CM Plans.
The four most commonly used types of software systems security risk assessment are:
- Certification and accreditation
- Risk management frameworks
- Software process capabilities maturity models (or CMMs)
- Software quality assurance, or software assurance
First promulgated by Carnegie-Mellon’s Software Engineering Institute, these models characterize overall business processes end-to-end in terms of their reliability, repeatability, and achievement of outcomes that meet or exceed specified quality metrics.
Capability Maturity Model
Certification and accreditation is sometimes referred to as
“Security Authorization.”
Certification and accreditation is sometimes referred to as “Security Authorization.” Certification is defined as
the formal process of evaluating the security capabilities of the software or system against a predetermined set of security standards or policies
Certification and accreditation is sometimes referred to as “Security Authorization.” accreditation is defined as
the formal management decision regarding the results of certification, which is sometimes used as the authorization to move the system into operational (or production) use
In software authorisation Does certification always lead to accreditation?
No, management and owners may choose to accredit a system that has failed certification or may refuse to accredit a system even if it has been certified as meeting the requirements.
The four phases of software assurance during acquisition are:
Planning
Contracting
Monitoring, acceptance and deployment
Ongoing use and support
Using visualization to identify patterns of information within a database is known as:
A) Data mining in databases
B) Data discovery in databases
C) Knowledge discovery in databases
D) Data extrapolation in databases
The correct answer is C. While data mining is the process of
trawling through the data contained within a database, knowledge
discovery in databases uses mathematical, statistical and
visualization to produce usable information which in turn helps
drive business decisions.
Which of the following is used to prevent inferences being drawn in OOP?
A) Inheritance
B) Encapsulation
C) Polymorphism
D) Polyinstantiation
The correct answer is D. By creating new versions of an object,
containing different values, the different versions of the same
information can exist at different classification levels.
What is a “between-the-lines” attack?
A) A hidden mechanism used to bypass access control protection
B) A condition where the output of an operation is dependent upon the timing of uncontrolled events
C) A condition that occurs where temporary storage is subjected to excess data input
D) A condition in which telecommunication lines are tapped and false data is inserted into a transmission
The correct answer is D. Answer A is an example of a backdoor attack. Answer B is an example of a race condition failure. Answer C is an example of a buffer overflow attack.
Name the attack: A hidden mechanism used to bypass access control protection
Back door attack
Name the attack: A condition where the output of an operation is dependent upon the timing of uncontrolled events
Race condition failure
How long does microtraining last
less than a minute
Does Solid-state drive (SSD) use magnetism
No it uses flash memory. Flash technology
uses electrons that change the electronic
“charge” in a “flash” to represent the
information. That is why it is called “flash”
technology.
What is clearing a device
Clearing the device or system, which
usually involves writing multiple patterns
of random values throughout all storage
media (such as main memory, registers,
and fixed disks)
How would you destroy magnetic or optical disks
Magnetic or optical disks and
some flash drive technologies may require
being mechanically shredded, chopped,
or broken up, etched in acid, or burned
What is purging
Purging a device, typically refers to the process of securely erasing all data from a device so that it cannot be recovered by any means - sometimes the device is made unusable
An example of end-to-end encryption is
VPN
Describe end to end encryption
Generally performed by the end user within an
organisation. The data are encrypted at
the start of the communications channel
or before and remain encrypted until
decrypted at the remote end. Routing information stays visible
Link Encryption
In general it is performed by service providers, such as a data communications provider. It also encrypts routing data which means that communications nodes need to decrypt the data to continue routing. The data packet is decrypted and re-encrypted at each point in the communications channel
Does Link encryption provide better traffic confidentiality than end-to-end encryption?
Yes - no inferences can be made about traffic between nodes. Note that this is only traffic confidentiality not full confidentiality - end-to-end does not need to be decrupyed
At which point of its lifecycle is data most vulnerable
Data in use
What three types of controls are used to help reduce risks
Administrative controls
Technical/logical controls
Physical controls
Sensitive data transmitted over
email must be secured using
cryptographically strong email
encryption tools such as PGP
or S/MIME
The purpose of the USGCB
initiative is to
create security configuration
baselines for IT products widely deployed
across the federal agencies
ISKE is an information security standard developed
for
Estonian public sector
“Zeroizing” a device or system is an example of which data destruction method?
Clearing
Which of the following are issues to consider about retention requirements?
A Understand where data resides
B Classify and define data
C Archive and manage data
All of them
What is the correct set of phases or activities in the IT asset management lifecycle phases?
The IT asset management lifecycle starts either with plan (for new assets) or identify (for existing ones); it then focuses on various activities, which are often executed in different orders based on organizational needs. Ultimately, the last step would be retirement of the asset.
Are CPU (Central Processing Unit) registers a source of data remnance
Yes
Is RAM a source of data remnance
Yes
Which form of data destruction reduces the chances of the recovery of data remanence?
Formatting
Purging
Clearing
Destruction
The correct answer is ‘purging’. Currently, purging reduces the chances of the recovery of data remanence, but that might change with future improvements in forensic techniques. Neither ‘clearing’ nor ‘formatting’ really offer significant protection from a forensic investigation. ‘Destruction’ doesn’t reduce the chance; if done correctly, it eliminates it totally.
A baseline that requires the use of strong passwords, strong encryption, watermarks and real-time monitoring would be an example of what classification level?
Medium
Moderate
High
Low
High
What category of security control is designed to function when a primary control fails?
Compensating
What is a directive control
establishes correct or required behaviors or actions and restricts actions
Which of the following is not an objective of baseline security control use in protecting assets?
- Minimum levels of security controls
- Specific steps that must be executed
- Association with specific architecture and systems
- A consistent reference point
Specific steps that must be executed are examples of procedures, not baselines. A baseline is the minimum level of security that must be achieved so that it can be consistently referenced and may be specific to certain architectures and systems.
Is software traditionally considered a tangible asset?
No
Which of the following addresses an organization’s ability to reliably and confidently use its own information, knowing that it is free from interference by others?
Information categorization
Information ownership
Information management
Information classification
Information Classification
Which of the following is an example of third-party baseline catalogs that can guide organisations in producing their baseline requirements?
Industry sector standards or recommendations
Other companies, preferably with similar business objectives and of comparable size
International and national standards organisations
What are the weaknesses of the Rijndael algorithm
At this time there are no known weaknesses
Rijndael’s key
length is variable, meaning that
It can be set to any value of 128, 192, or256 bits.
It must be set specifically to one of these
three lengths and not anything arbitrary.
What function does the RA serve in a Public Key Infrastructure (PKI)?
A It is used to collect the information for inclusion into the certificate.
B It tracks certificate revocations.
C It creates and signs a certificate.
D It validates the identification information supplied by the requestor of a certificate.
The Registration Authority
D It validates the identification information supplied by the requestor of a certificate.
The ___________ signs the certificate owner’s public key with its private key.
Certificate Authority (CA)
The _____________ verifies the requestor’s information
Registration Authority (RA)
Revoked certificates are tracked via a
Certificate Revocation List (CRL).
Which version of the X.500 family of standards is the most commonly used standard today, used to verify that a public key belongs to the certificate owner?
X.509 v3
The act of encrypting the message digest with the
sender’s private key produces
the digital signature.
There are two
types of digests
keyed
and non-keyed
Non-keyed message digests are made
without a secret key and are called
Message Integrity Codes (MICs)
Most asymmetric key digital signature schemes
use (keyed or non-keyed) message digests.
non-keyed
Keyed message digests, known as _________,combine a
message digest and a secret key.
Message
Authentication Codes (MACs)
MACs require the sender and the receiver to
share a secret key ahead of time to be
able to address integrity properly
When a digest is keyed does this mean that the message digest is signed
No it means that the digest is
encrypted with a secret symmetric key
What is the difference between a digest being keyed and being signed
When it is signed it encrypted with a private key. When it is keyed it is encrypted with a secret symmetric key
What is a message digest?
A message digest is a small representation of a larger message produced by hashing algorithm
What does a message digest do - and not do
It is used to ensure the integrity of data but it does not address the confidentiality of the message
What is a MAC
Message Authentication Code
Also known as a cryptographic checksum it is a small block of data that is generated using a secret key and then appended to the message. When the message is received the recipient can generate their own MAC using the using the secret key and thereby know that the message has not changed either accidentally or in transit.
What kind of algorithms does hashed MACing implement
Freely available algorithms like SHA1 or MD5 in legacy systems. SHa3 in more modern systems.
What cryptographic strength does the HMAC operation provide?
Similar to a hashing algorithm except with the protection of a secret key
T/F The Pretty Good Privacy (PGP) encryption system can provide integrity, security, authenticity, and on-repudiation
False - it does not provide authenticity
What are the vulnerabilities of embedded systems
● Limited function design does not include all full monitoring and security control implementation.
● Limited access controls.
● Limited ability to update, vendor support often time-limited
Mitigations for embedded systems
● Limit access to devices.
● Limit communications to devices.
● Disable unnecessary/unneeded components / features / communications.
● Isolate on dedicated networks, if connected.
● Monitor external communications with exterior sensors (e.g., network taps, sensors).
● Apply vendor updates when available
These attempt to force the system into an error
state to gain erroneous results By forcing an error,
gaining the results and comparing it with known
good results, an attacker may learn clues about
the secret key and the algorithm
Fault analysis attacks
These attempt to watch the circuitry surrounding
the cryptographic module in the hope that the
other components of the architecture will disclose
information about the key or the algorithm
Probing attacks
These are often referred to as Vernam
ciphers after the work of Gilbert Vernam
One time pad
Stream ciphers may be,
in some cases, equated to
one-time pads
What kind of attack is it when the attacker has access to both the ciphertext and the plaintext versions of
the same message
Known Plaintext
the attacker knows the algorithm used for
the encryption, or even better, may have
access to the cryptosystem used to do
the encryption and is trying to determine
the key.
Chosen Plaintext
This is a known plaintext attack and uses a linear
approximation to try and describe the behavior
of the block cipher
Linear Cryptanalysis. given sufficient pairs of plaintext
and corresponding ciphertext, bits
of information about the key can be
obtained,
The attacker makes minor changes in
the chosen plaintext to see if there are
corresponding minor changes in the
resulting ciphertext. The idea is to obtain
bits of clues regarding the key itself
Differential Cryptanalysis
A system user is sending numerous files. The instruction tells the user to save the files. What is happening?
A Teardrop attack
B A normal process of SFTP
C Replay attack
D Anvil attack
C Replay attack
Replay attack is meant to disrupt and damage processing by the attacker, through the resending of repeated files or input to the host. If there are no checks such as timestamping, use of one-time tokens, or sequence verification codes in the receiving software or architecture, the system might process duplicate files or input, allowing access.
Which encryption algorithm was used in Wired Equivalency Protocol (WEP)?
A Twofish
B RFC6
C RC4
D RC5
The Rivest Cipher 4 (RC4) is a stream-based cipher, encrypting bit-by-bit or byte-by-byte, and was widely deployed in WEP and SSL (Secure Socket Layer) security. All of the others are examples of block mode encryption systems.
Rivest Cipher 4 (RC4) is a stream-based cipher, encrypting bit-by-bit or byte-by-byte, and was widely deployed in
WEP and SSL
Which type of hypervisor is also referred to as a bare metal hypervisor?
Type 1 Hypervisor
All the following are roles of the hypervisor, except which one?
A Control the host processor and resources
B Facilitate automation
C Ensure that there are no crashes
D Allow multiple operating systems to share a single hardware host
B Facilitate automation he facilitation of automation is a characteristic of virtualization.
Which type of hypervisor significantly reduces the attack surface
Type I hypervisors significantly reduce the attack surface over Type II. There are no Type III hypervisors.
What is another name for Crime Prevention through environmental design
CPTED SepTed
This security model focuses on preventing conflict
of interest when a given subject has access
to objects with sensitive information
associated with two competing parties
Brewer and Nash
Why is the Brewer and Nash model unusual
access control rules change based on subject behavior. If you see the data of one client you cannot see the data of a competitor
What type of extinguishers are used on flammable metals
Class D
True or False:
Halon is an older type of water-type fire protection system and is mostly no longer in use.
True
NIST SP800-160 addresses
the engineering-driven actions necessary to develop more secure and survivable systems
ISO/IEC 17788 provides
an overview of cloud computing
ISO/IEC 17789 specifies
the cloud computing reference architecture
In Industrial control systems what are ruggedized controllers that use specialized components to provide real-time control
Programmable logic controllers (PLC) use specialized hardware, firmware, and software to provide real-time control and monitoring of their attached equipment.
Discrete logarithms in a finite field are examples of
Trapdoor functions
When using Elliptic Curve Cryptography (ECC), what key size has been certified as acceptable for use with top-secret messages and would require an RSA key size of 7680 bits to achieve the same level of protection?
384 bits
A formal, structured hand-over of the finished software system to the customer organisation, typically involves test, analysis and assessment activities
Acceptance
Members of the organization who codify work-related knowledge, insights, and ideas into varying degrees of reusable software-like forms, often using extensibility features found in most commercial software apps. The very ad hoc nature of these pieces of functionality is extremely difficult to manage, control, verify, or assess.
Citizen Programmers
Prevents one software unit from reading or altering the source, intermediate, or executable code of another software unit
Code Protection or Logic Hiding
What is the difference between configuration control and configuration management
- Configuration control refers to the process of managing the creation and changes to a system’s configuration items (CIs)
- configuration management encompasses a broader set of activities aimed at effectively managing the configuration of a system throughout its entire lifecycle.
A decision-making technique that is based on a series of analytical techniques taken from the fields of mathematics, statistics, cybernetics, and genetics.
Data Mining
Restricts or prevents one software unit from reading or altering the private data of another software unit.
Data Protection or Data Hiding
A methodology and framework for focusing on the authorized movement, locations, execution, input and output of data within, from, and into a system. These correspond with the security concepts of protecting data in transit, at rest (or in storage), and use, and provides a focus for carrying out the security decisions already made as the organization classifies and categorizes its data. See NIST SP 800-154.
Data-centric Threat Modeling
Provides for a merger of phased review (as in the waterfall SDLC) with the DevOps method, so as to incorporate the needs for security, safety, resilience, or other emerging properties in the final system, at each turn of the cycle of development.
DevSecOps
emerging properties
The unexpected or unintended behaviors or characteristics that arise from the interaction of various components or elements within a system. These properties are not explicitly designed or intended but emerge as a result of the system’s complexity and interactions between its components.
A management technique that simultaneously integrates all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing, and supportability processes.
Integrated Product and Process Development (IPPD)
Knowledge Discovery in Database (KDD)
A mathematical, statistical, and visualization method of identifying valid and useful patterns in data.
“Living Off- the Land” Attack
An attack on a system in which illicit access to a system is then used to misuse systems capabilities in the pursuit of the attacker’s agenda. The attacker does not use malware in such attacks, hence anti-malware defenses will not detect and prevent it.
Does RASP use in code agents
Yes
