Testout Security Pro Flashcards
3DES
Triple DES
AAA
Authentication, Authorization, Accounting
Access Control
The ability to permit or deny the privileges that users have when accessing resources on a network or computer.
Access Control Auditing (or Access Control Accounting)
Maintaining a record of a subject’s activity within the information system.
Access Control Authentication
The process of validating a subject’s identity. It includes the identification process, the user providing input to prove identity, and the system accepting that input as valid.
Access Control Authorization
The granting or denying a subject’s access to an object based on the level of permissions or the actions allowed on the object.
Access Control Identification
Identifies the subject. Examples include a username or a user ID number.
Access Control Matrix
Provide an interface for implementing an ACL
Access Control Object
Data, applications, systems, networks and physical space.
Access Control Policy
Defines the steps & measures that are taken to control access to objects by subjects.
Access Control Subjects
Users, applications or processes that need access to an object.
Access Control System
The access control system includes the policies, procedures, and technologies, that’re implemented to control a subject’s access to an object.
Account Lockout Threshold
Number of incorrect logon attempts that are allowed before the account is locked
Account Locout
Disables a user account after a specified number of incorrect logon attempts
Account Policies
Control the composition and use of passwords
Account Restrictions
Allow login only during certain days/hours, only from specific computers
Accounting
Maintaining a record of a subject’s activity
activation mechanism
The virus only replicates when the activation mechanism is triggered.
Active Directory
A directory service that uses a hierarchical database to store user accounts.
Active Directory Object Attributes
Every active directory object has attributes that’re populated with values.
AD Domain
Objects are grouped together into a domain, usually denoted by a triangle. Domains are identified by their DNS Namespace.
Administrative Control
Policies that describe accepted practices
Administrive Access Control
Policies that describe accepted practices.
AES
Advanced Encryption Standard
Algorithm
Process or formula used to convert a message into its meaning
Analytic Attack
Exploits a structural weakness in the algorithms
Application (Layer 7)
Integrates network functionality into OS. (For example: proxy firewall, gateway services, etc)
ARM
Advanced RISC Machine
Auditing
Maintaining a record of a subject’s activity
Authentication
Users must prove that they are who they say they are
Authentication
Validating a subject identity
Authorization
Granting or denying a subject access
Authorization
Process of controlling access to resources
Authorization Table
Matrix of access control objects, subjects, and their associated rights
Basic Encoding Rules (BER)
Original rules for encoding abstract info into a concrete data stream. Specifies a set of self-identifying & self-delimiting schemes which allow each data value to be identified, extracted & decoded individually.
BER
Basic Encoding Rules
Birthday Attack
A brute force attack where the attacked hashes messages until one with the same hash is found.
Block cipher
Encrypts by transposing plain text in chunks (block-by-block).
Brewer-Nash
Prevent conflicts of interest by dynamically adjusting access based on current activity
Brute Force Attack
Attacker tries every known key combination
Cat5
cable specifications
Category 1 Active Directory Objects
Resources. (They can represent network resources, like printers.)
Category 2 Active Directory Objects
Security Principals, including users, computers and groups.
CBC
Cipher Block Chaining
CFB
Cipher Feedback
Cipher Text
Unreadable message
Clark-Wilson
Controlled intermediary access applications that prevent direct access to the back-end database
Class A
1.0.0.0 to 126.255.255.255
Class B
128.0.0.0 to 191.255.255.255
Class C
192.0.0.0 to 223.255.255.255
Class D
224.0.0.0 to 239.225.225.225
Class E
240.0.0.0 to 255.255.255.255
Clipping level of 9
Account will be locked after 9 incorrect attempts
Code Substitution
Hidden words with unrelated terms
Collision
Two different messages produce the same hash value.
Collision Resistance
A hash algorithm’s ability to avoid the same output from two guessed inputs.
Compensative Access Control
Alternatives to primary access controls
Computer Policies also called?
Machine Policies
Confidentiality
Keep secrets a secret
Connection-oriented
Reliable data transmissions
Containment Rules
What types of objects can reside within other objects?
Content Dependent Access Control
CDAC
Context-based Access Control
CBAC
Corrective
Implement short-term repairs to restore basic functionality following an attack
Corrective Access Control
Implement short-term repairs to restore basic functionality following an attack
Creeping privileges
Escalation of privilege
Cryptanalysis Goal:
Retrieve as much info as possible
Cryptography
Process of counseling messages
Cryptology
Study of cryptography and cryptanalysis
Cryptosystem
Associated items of cryptographic
Cumulative Permissions
Access to more than one entity
Cyptanalysis
Recovering original data that has been encrypted w/o key
Cyptographer
Person who develops a converting plan
DAC
Discretionary Access Control
Data Link (Layer 2)
Defines rules and procedures for hosts as they access the Physical layer, including how multiple nodes share and coordinate the use of the same physical segment of the network.
Decryption
Procedure used to convert data from cipher text into plain text
Defense in Depth
Layered defenses at each level.
Define Content Dependent Access Control
Protects databases that contains sensitive information from a breach of privacy
Define Context-based Access Control
Mostly used to expand the decision-making capabilities of a firewall application
Define Discretionary Access Control
Assigns access directly to subject based on decision of the owner. Manages access using identity
Define Discretionary Access Control List
Implementation of discretionary access control
Define Federated Access Control
Arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all enterprises in the group
Define Mandatory Access Control
Labels or attributes for subjects and objects
Define Role-Based Access Control
Allows access based on a role in an organization
Define Rule Set-Based Access Control
Characteristics of objects or subjects along with rules, to restrict access
Define System Access Control List
Used by Microsoft for auditing to identify past actions performed by users on an object
Define Task-Based Access Control
Individual work tasks assign privileges
Define Temporal Role-Based Access
Allows for role-based access control rules to only be in effect fora certain time period
Define View-based Access Control
Type of constrained user interface used to control a subject’s access
Deny Permissions
Always override Allow permissions
DES
Data Encryption Standard
Detective
Search for details about the attack or the attacker
Detective Access Control
Search for details about the attack or the attacker
Deterrent
Discourage continued or escalations of attacks during an attack
Deterrent Access Control
Discourage continued or escalations of attacks during an attack