Stuff from Exams I don't know Flashcards
Types of MAC Mandatory Access Control environments:
Hierarchical
Compartmentalized
Hybrid
Generational Fuzzing AKA Intelligent Fuzzing
A form of fuzzing that develops inputs based on models of expected inputs to perform the same task. This is also sometimes called intelligent fuzzing. A form of fuzzing that modifies known inputs to generate synthetic inputs that may trigger unexpected behavior.
Regression Testing
testing software functions based on prior test scenarios to ensure that a change has not negatively impacted the software
SCAP Protocol - NIST
The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA (Federal Information Security Management Act, 2002) compliance. The National Vulnerability Database (NVD) is the U.S. government content repository for SCAP. An example of an implementation of SCAP is OpenSCAP.
zzuf
Input fuzzing tool
Data Diddling
Changing data with malicious intent before or during input to the system. The act of making small changes to data, typically malicious in intent.
XST Attack
Method to steal Cookies:
A Cross-Site Tracing (XST) attack involves the use of Cross-site Scripting (XSS) and the TRACE or TRACK HTTP methods. According to RFC 2616, “TRACE allows the client to see what is being received at the other end of the request chain and use that data for testing or diagnostic information.”, the TRACK method works in the same way but is specific to Microsoft’s IIS web server. XST could be used as a method to steal user’s cookies via Cross-site Scripting (XSS) even if the cookie has the “HttpOnly” flag set or exposes the user’s Authorization header
CPTED - Crime prevention through environmental design 5 strategies
Strategies: Natural Surveillance, Natural Access Control, Territorial Reinforcement, activity support, Maintenance.
XDRF
E-Discovery reference model steps
Identification. …
Preservation. …
Collection. …
Processing. …
Review. …
Analysis. …
Production.
Forensic Disk Controller
Performs four functions,
write blocking,
returning data requested by a read operation,
access-significant information from the device,
reporting errors from the device back to the forensic host
Limit Check
Type of input control:
An input control text that assesses the value of a data field to determine whether values fall within set limits.
Dry pipe, vs wet pipe, vs pre-action
Calculation of SYMMETRIC keys needed in a large group for all to communicated securely.
(n(n-1))/2
Calculation of ASYMMETRIC keys needed in a large group for all to communicated securely.
2 times people
Output Encoding - AKA Encoding
Defensive technique against injection attack:
involves translating special characters into some different but equivalent form that is no longer dangerous in the target interpreter, for example translating the < character into the < string when writing to an HTML page.
Escaping
Injection Attack defensive technique:
Escaping involves adding a special character before the character/string to avoid it being misinterpreted, for example, adding a \ character before a “ (double quote) character so that it is interpreted as text and not as closing a string.
Type 1 error
False Positive
Remember - in Biometrics it is better to FAIL SAFE. So a False Positive = False Rejection
Type 2 Error
False Negative
In biometrics this is a FALSE ACCEPT. This is Negative, and failing open.
NOT GOOD
Real evidence
Real physical object
Documentary Evidence
Documentation, logs.
Testimonial evidence
Witness interview on stand
Primary Evidence
Original copies/objects
Secondary Evidence
Certified copies
Hearsay Evidence
He said she said sort of situations. Second hand accounts of an event. Not admissable.
Direct Evidence
Primary evidence, i.e. Security camera footage showing a person breaking into a store and stealing items;
Corroborative Evidences
Supports the validity of another piece of evidence. “Paints the picture” of a situation.
If you swear before a judge that you saw a suspect in front of a convenience store at a certain time, the store’s security video might be corroborating evidence for your testimony. If you accuse your neighbor of denting the door of your car, a corresponding dent in her bumper could be corroborating evidence.
Conclusive evidence
Conclusive – so good, that we can adjourn court after it.
Evidence that must, as a matter of law, be taken to establish some fact in issue and that cannot be disputed. For example, the certificate of incorporation of a company is conclusive evidence of its incorporation.
Best Evidence Rule
Original evidence is best - not copies.
Parol Evidence Rule
Parol – Written signed agreements can only be amended by written signed agreements (not parol evidence)
Hearsay Evidence rule
States that hearsay evidence shall not be permitted
SPML
Provisioning protocol
Service Provisioning Markup Language is an XML-based framework, being developed by OASIS, for exchanging user, resource and service provisioning information between cooperating organizations.
COPPA - The Children’s Online Privacy Protection Act of 1998
COPPA - The Children’s Online Privacy Protection Act of 1998
If you own or operate a website, you’re probably already familiar with the Children’s Online Privacy Protection Act (COPPA). This law, passed in 1998, requires that the operators of websites used by children under the age of 13 take precautionary measures to ensure the privacy of those children. After 15 years of existence, the Federal Trade Commission (FTC) recently announced new COPPA compliance rules that will go into effect beginning on July 1, 2013.
Land Attack
A LAND Attack is a Layer 4 Denial of Service (DoS) attack in which, the attacker sets the source and destination information of a TCP segment to be the same. A vulnerable machine will crash or freeze due to the packet being repeatedly processed by the TCP stack.
FISMA
The Federal Information Security Management Act (FISMA) was originally passed in 2002 as part of the Electronic Government Act. FISMA defines a framework of guidelines and security standards to protect government information and operations.
FERPA
The Family Educational Rights and Privacy Act of 1974 is a United States federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments
Take-Grant Model
The Take-Grant model is another confidentiality-based model that supports four basic operations: take, grant, create, and revoke.
This model allows subjects with the take right to remove take rights from other subjects. Subjects possessing the grant right can grant this right to other subjects.
The create and revoke operations work in the same manner: Someone with the create right can give the create right to others and those with the revoke right can remove that right from others.
What does Accountability rely on?
Authorization, identification, audit trails
XTACACS
Extended TACACS
An alternative to RADIUS. TACACS is available in three versions: original TACACS, XTACACS (extended TACACS), and TACACS+. TACACS integrates the authentication and authorization processes. XTACACS keeps the authentication, authorization, and accounting processes separate. TACACS+ improves XTACACS by adding two-factor authentication.
XACML - Extensible Access Control Markup Language
XACML is a standard language for access control that allows for communication between the access control system and implementation, even if they are from a different vendor
Does a router perform IPv4 to IPv6 translations?
TECHNICALLY - no. A gateway does.
In reality - yes.
Clipping (in log sampling)
Form of non-statistical sampling that reduces the amount of logs in the database, based off of thresholds.
COBIT - Control Objectives for Information Technology
Framework for evaluating controls in an organization. Can be used for architecting the environment AND for auditing.
The COBIT framework specifically manages control variables within IT and how they align with business practices.
