System Security 11 Flashcards
What is the principle of least privilege
Dictates that users and software should only have the minimal level of access that is needed to perform their duties.
Name the four major factors to achieve security
Authorization. Process of determining what rights and privileges an entity has
Access control. Process of determining and assigning privileges to resources, objects or data
Accountability. Process of determining who to hold responsible for particular activities or events
Auditing. The process of tracking or recording system activities and resource access.
What is privilege bracketing
The network or security admin can allow privileges when needed and then revoke them when the task or need has passed
What is non-repudiation
The goal of ensuring that data remains associated with the party that creates it or sends a transmission with that data
Describe the CIA Triad
Information security address three specific principles: confidentiality, integrity and availability. If one is compromised the security of the organization is compromised.
Explain the CIA Triad principle of confidentiality
Principle of keeping info and communication private and protecting it from unauthorized access
Explain the CIA Triad principle of integrity
Principle of keeping organizational info accurate, free of errors and without unauthorized modifications.
Explain the CIA Triad principle of availability
Principle of ensuring that systems operate continuously and that authorized persons can access the data as they need
In computer security what is a threat
Any event or action that could potentially result in a violation of a security requirement, policy or procedure. Potential threats include:
Unintentional or unauthorized access or changes to data
Interruption of services and access to assets
Damage to hardware
Unauthorized access or damage to facilities.
In terms of computer security what is a vulnerability
Any condition that leaves a system open to an attack
Can include improperly configured or installed hardware or software
Bugs in software or OS
Misuse of software or communication protocols
Poorly designed networks
Poor physical security
Insecure passwords
Design flaws in software or OS
Unchecked user input
In computer security want is an attack
A technique used to exploit a vulnerability in any application on a computer system without the authorization to do so. Include: physical Network based Software based Social engineering Web applications based.
In computer security what is a risk
Exposure to the chance of damage or loss. Signifies the likelihood of a hazard or threat occurring.
Often associated with the loss of a system, power, or network, and other physical losses
The determining factor when looking at information systems security
What is unauthorized access
Any type of network or data access not explicitly approved by an organization
Can be deliberate by an outsider, a misuse of valid privileges by an authorized user or inadvertent.
Does not necessarily result in data loss or damage.
What is data theft
A type of attack resulting in unauthorized access used to obtain protected network information.
Attack can use stolen credentials to authenticate to a server and read data stored in files or can steal cars in transit on the network media by using a packet sniffer
Describe the terms hackers and attackers
Hacking used to be described as having technical skill and creativity now associated with illegal or malicious system intrusions. Attacker always represents malicious system intruder
What are white hat and black hat hackers
White hat is a hacker who discovers and exposes security flaws in applications and OSs so they manufacturers can fix them before becoming wide spread. Does this on a professional basis. Aka ethical hack
A black hat is a hacker who discovers and exposes security vulnerabilities for financial gain or a malicious purpose.
What is a permission
A security setting they determined the level of access a user or group account has to a particular resource
The three types of UNIX permissions
R-read. View file content. See in the directory
W-write. Modify file contents. Create and delete directory contents.
X-execute. Run the file. Move into the directory.
What are NTFS permissions
New Technology File System
On windows OSs. File level security is supported on drives formatted to use the NTFS. these permissions can be applied to folders or files.
What is a group policy in relation to system security
A centralized account management feature available for Active Directory on Windows Server systems
Used to control security feature such as limiting the desktop icons that get displayed, granting permission to access certain servers but not others or locking down a desktop
In terms of security what is authentication and the factors it is based on
The method of uniquely validating a particular entity or individuals credentials
Factors include
Something you know, are, have.
One of the most basic and widely used authentication schemes
User name/password authentication.
A system compares the users credentials against credentials stores in a database.
Not very secure.
Describe a strong password
A password that meets the complexity requirements set by a system admin and documents in a security policy
What is authentication by assertion
Authentication based entirely on a user name and password combo to assert its identify to obtain access to a resource
Describe tokens
Physical or virtual objects such as smart cards, I’d badges, or data packets, that store authentication information
What are smart cards
Common examples of token based authentication.
A plastic card containing a computer chip that stores electronic information
What are biometrics
Authentication schemes base on an individual’s physical characteristics.
Fingerprint scanner, retinal scanner, hand geometry or voice and facial recognition.
What is multi factor authentication
Any authentication scheme that requires validation of at least two authentication factors
What is mutual authentication
A security mechanism that requires each party in a communication verify each other’s identity.
Prevents a client from inadvertently submitting confidential info to a non secure server
What is SSO
Single Sign On
A single user authentication provides access to all the systems or applications where the user has permission.
Describe EAP
Extensible Authentication Protocol
Enables systems to use hardware based identifiers such as scanner and readers for authentication.
Allows for logon using different methods such as public key authentication, Kerberos, and certificates. Often used with RADIUS
List five other protocols used in EAP implementations
EAPOL. extensible authentication protocol over LAN
LEAP. lightweight extensible authentication protocol
EAP-TLS. EAP-Transport Layer Security
EAP-MD5 provides minimal security. Easily hacked.
PEAP. Protected Extensible Authentication Protocol.
What is the IEEE 802.1x standard
Also called port authentication. Is a standard for securing networks by implementing EAP as the authentication protocol over wired or wireless ethernet LAN.
Employs an authentication service to secure clients.
Describe Kerberos
An authentication serve based on a time sensitive ticket granting system. Uses SSO
User enters access credentials that are passed to the authentication server which contains an access list and permitted access credentials.
Used to manage access control to several servers using one centralized authentication server.
Describe the Kerberos authentication process
User logs on to the domain
User request a TGT from the authenticating server
Which responds with a time stamped TGT ticket granting ticket
User presents the TGT back to the authenticating server and requests a service ticket to access a specific resource
The authenticating server responds with a service ticket
The user presents the service ticket to the resource
Resource authenticates the user and allows access
List the three wireless authentication methods
Open system. User names and passwords are not used to authenticate a user. The default for many APs and stations.
Shared key. Verifies the identity of a station by using WEP key. The station and the AP must be configured to use data encryption and the same WEP key
802.1x and EAP. EAP authentication method authenticates a user and not the station. Done with a RADIUS server.
What is encryption
A cryptographic technique that converts data from plain or cleartext into coded or ciphertext form.
Describe cryptography
The science of hiding information.
What are ciphers
A specific set of actions used to encrypt data.
Enciphering is applying a cipher to plaintext, unencoded data. The obscured data is called ciphertext. The reverse process of translating ciphertext to cleartext is deciphering.
Describe now encryption promotes security goals
Encryption enables confidentiality by protecting data from unauthorized access. Supports integrity because it’s difficult to decipher encrypted data and support non repudiation because only parties they know about the confidential encryption scheme can encrypt or decrypt data.
What is an encryption algorithm
The rule, system or mechanism used to encrypt data. In electronic cryptography they are complex mathematical functions
The two main categories of key based encryption
Shared key or symmetric encryption systems
The same key is used to encode and decode the message. The secret key must be communicated securely between the two parties involved
In key pair os asymmetric encryption systems
Each party has two keys. A public key and a private key
What is WEP
Wired Equivalent Privacy
A protocol the provides 64 bit, 128 bit, 256 bit encryption using the Rivest Cipher 4, RC4, algorithm for wireless communication that uses the 802.11a and b protocols.
Attackers can generate there own keys using a wireless network capture tool and get as much as 10 Mbps of data transferred through the air
What is WPA/WPA2
Wi-FI Protected Access
A security protocol to designed to overcome WEP security flaws. Provides for dynamic reassignment of keys to prevent the key attack vulnerabilities of WEP. provides improved data encryption through TKIP, Temporal Key Integrity Protocol.
There are two modes of WPA. WPA-Personal and WPA-Enterprise. Explain both
Personal. The WAP is configured with a ore shared key used to encrypt the data. WPA-PSK
Enterprise. Assigns a unique encryption key for every client as the log on to the network. Regularly updated to prevent decoding. Uses a RADIUS server for authentication. EAP provides authentication
What is a digital certificate
An electronic document that associates credentials with a public key. Both users and devices can hold certificates.
A server called the Certificate Authority, CA, issues the certificates and the associated key pairs
Describe what an encryption key is
A specific piece of info used in conjunction with an algorithm to perform encryption and decryption
Lists the steps in the certificate encryption process
A security principal obtains a certificate and a public/private key pair from a CA
the party that encrypts the data obtains the users public key from the user or from the CAs certificate repository
The encrypting party uses the public key to encrypt the data and sends it to the other user
The other user uses the private key to decrypt the data
Describe the encrypting file system, EFS
A file encryption tool on windows systems that have partitions formatted with the NTFS. EFS Encrypts file data by using digital certificates. If CA not available the local system can issue self assigned encryption certificates.
Can keep data secure even if NTFS security is breached
What is PKI
Public Key Infrastructure
An encryption system that is composed of CA certificates, software, services, and other cryptographic components. Used to verify data authenticity and validate data and entities.
List the PKI components
Digital certificates to verify the identity of entities
CAs to issuer digital certificates
A Registration Authority, RA, responsible for verifying users identities and approving or denying requests for digital certificates
A certificate repository database to store the digital certificates
A certificate management system to provide tools to perform the day to day functions of the PKI
What is certificate authentication
The process of identifying users in a transaction by carrying out a series of steps before confirming the identity of the users
What is a digital signature
A message digest or hash that has been encrypted with a users private key. Asymmetric encryption algorithms can be used with hashing algorithms to create digital signatures
Supports integrity through hash values
Supports nonrepudiation through hash value being unique to a sender
What Is hash encryption
One way encryption that transforms cleartext into ciphertext not intended to be decrypted. The result of the hashing process is called hash, hash value or message digest. The hash length is fixed.
What is DES
Data Encryption Standard
A shared key encryption standard that is based on a 56 bit encryption key that includes an additional 8 parity bits. Applies the encryption key to each 64 bit block of the message.
Triple DES Or 3DES is more secure and uses three separate DES keys to repeatedly encode the message
What is an encryption device
Encryption, decryption, and access control are enforced by a cryptographic module called a hardware security module HSM Do not allow the execution of external programs
What is SSL
Secure Sockets Layer
A security protocol that combines digital certificates for authentication with a public key data encryption. Is a server driven process
Describe the encryption process using SSL
A client requests a session from a server
The server responds by sending its digital certificate and public key to the client
The server and client then negotiate an encryption level
The client generates and encrypts a session key using the servers public key and returns it to the server
The client and server use the session key for data encryption
What is TLS
Transport Layer Security
A security protocol that protects sensitive communication from being eavesdropped and tampered. Uses certificates and public key cryptography for mutual authentication and data encryption using negotiated keys
