Wiley_08072017 Flashcards
This is necessary to obtain a Search Warrant
PROBABLE CAUSE
ISC Code of Ethics:
- Protect society, the commonwealth, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession.
Prudent Man Rule is from what guideline?
The Federal Sentencing Guidelines formalized the prudent man rule and applied it to information security
Christopher would like to send Renee a message using asymmetric encryption. What key should he use to encrypt the message? Renee’s public key is used to encrypt the message.
The sender of a message uses the recipient’s public key to encrypt it.
This is generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment
Common mode noise
A Security Label protects against
Tampering
Warm Sites take ___ hours to recover
12
Packet Switching has ______ delays.
Circuit Switching has _______ delays.
Packet = Variable Delays
Circuit = Fixed Delays
Replaced SSL
TLS
_______ _________ mechanisms are set in place to establish a means of verifying the correctness of detection systems and sensors
Secondary verification
Audit Report Requirements:
purpose
scope
results
A ______ is created through the assignment of an IP address and a subnet mask.
subnet
________ connects disparate networks rather than creating network segments
Router
Routers only manage traffic between ______
subnets
_________ is a networking device that can be used to create digital network segments (i.e., VLANs) that can be altered as needed by adjusting the settings internal to the device rather than on end-point devices
Switch
Spoofing Countermeasures
SPOOFING Countermeasures:
Patching
Source/Destination Verification on Routers
IDS
CPU _________ are the fastest form of memory..
registers
______ is a subset of sampling, which is a process of extracting data from a large body of information but with a specified cut-off point or threshold
Clipping
IDSs can detect attacks from:
1) external connection attempts,
2) execution of malicious code,
3) unauthorized access attempts to controlled objects.
The document Ethics and the Internet was issued as RFC 1087 by the ____ ____ ____
Internet Advisory Board
CESAR Cipher is a ________ CIPHER
SUBSTITUTION
Block Cipher: Operate on __________and apply the encryption algorithm to the __________message block.
CHUNKS, ENTIRE
Used by most modern encryption algorithms used BLOCK.
Substitution Cipher: Replace with a different ________.
Character
Stream Ciphers: Operate on ____ bit or character at a time.
ONE
ONE TIME Ciphers are ______CIPHERS…
STREAM
A _______ is a system that hides the true meaning of a message. This uses a variety of
techniques to alter and/or rearrange the characters or words of a message to achieve
confidentiality….
Cipher
CIPHER provides ____________
Confidentiality
CFB vs CBC: Cipher Feedback Mode (CFB) uses a _________ cipher, compared to CBC’s block cipher.
streaming
Cipher Feedback (CFB): A mode in which the DES algorithm is used to encrypt the
preceding block of cipher text. This block is then XORed with the _________block of plain text
to produce the next block of cipher text….C F B uses a STREAMING cipher..
Next
Hint CFB is “NEXT”
Cipher Block Chaining (CBC): A process in which each block of unencrypted text is
XORed with the block of cipher text immediately preceding it before it is encrypted using
the DES algorithm…
In Cipher Block Chaining (CBC) mode, each block of unencrypted text is XORed with the block of cipher text immediately __________it before it is encrypted using the DES algorithm.
preceding
TCP IP Handshake
SYN
SYN/ACK
ACK
Provides daily updates on fires
N I F C provides daily updates on fire
This attacks the three-way handshake process used by TCP/IP to initiate communication sessions
SYN Flood Attack
AGILE Software Development prefers being FLEXIBLE as opposed to following a _____
Plan
Auxiliary alarm systems facilitate local, remote, and centralized alarm systems by notifying external sources (police, fire, and medical) of signifying events…
AUXILARY ALARMS will notify ______Sources…
EXTERNAL
A _______ is a form of gate that prevents more than one person at a time from gaining entry and often restricts movement in one direction.
turnstile
RSA is an example of __________cryptography, which does not require a preexisting relationship to provide a secure mechanism for data exchange. Two individuals can begin communicating securely from the moment they start communicating…
asymmetric
RSA does not have a _________ relationship and can start communications quickly…
pre existing
3 Common forms of Governance:
1) IT …2) CORPORATE…3) SECURITY..
_________ is the periodic examination and review of a network to ensure that it meets security and regulatory compliance..
Auditing
_________mode noise is generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment…next topic..
Common
REAL EVIDENCE – Tangible. Can be brought in to court. This is usually ________EVIDENCE..
Next topic…
CONCLUSIVE
DOCUMENTARY EVIDENCE – Written items to prove a ____. Must be authenticated.
fact
BEST EVIDENCE - must be the ______.
ORIGINAL
PAROLE EVIDENCE means evidence is _______and NOT verbal.
written
Static Packet Filtering Firewall - ..Layer ______, A static packet-filtering firewall filters traffic by examining data from a message header….
3,
Static Packet Filtering Firewall - .. Layer 3 (NETWORK). A static packet-filtering firewall filters traffic by examining data from a message _______.
header
Application Level Gateway Firewall - ..Layer 7, A K A Proxy..Filters traffic based on Internet Service OR Application..SLOW and considered ____ generation. Operates at Layer 7. ..
2nd
Circuit Level Gateway Firewall – Layer ___(Session). SOCKS (Socket Secure). 2nd generation. Manages based on Circuit as opposed to the content. Allows and Denies strictly on SOURCE/DESTINATION address and port. ..
5,
Circuit Level Gateway Firewall – Layer 5 (Session). SOCKS (Socket Secure). 2nd generation. Manages based on Circuit as opposed to the _______. Allows and Denies strictly on SOURCE/DESTINATION address and port. ..
content
2 Types of MULTIPROCESSING systems
SMP and MMP
used to create a UNIQUE CIPHER TEXT every time the same message is encrypted with the same key…
Initialization Vector
802.3 is Layer ___
2
An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique cipher text every time the same message is encrypted with the same key…
IV
SAML attacks are often focused on ______authentication…
web-based
What are the two VPN modes?
Tunnel and Transport
The Code of Federal Regulations (CFR) is an example of __________ law.
administrative
Who provides daily updates on wildfires occurring in the United States.
The National Interagency Fire Center
Macro viruses use scripting languages such as _____ ______ for Applications..
Visual Basic.. MACRO viruses use SCRIPTING.. Macro viruses use V B Script.. MACRO uses scripting.. MACRO uses scripting..
_________serve as operational guides for both security professionals and users. They are flexible, so they can be customized for each unique system or condition. This document states what should be done (in other words, what security mechanisms should be deployed) instead of prescribing a specific product or control and detailing configuration settings. These outline methodologies, include suggested actions, and are not compulsory…
Guidelines
IPX/SPX, AppleTalk, and NetBEUI are examples of __ ___ protocols.
non-IP protocols.
_______– Interrupts and Takes Over..
________ – RELAYS..
_________ – TARGETS 2 ROUND ENCRYPTION SUCH AS DOUBLE DES..
HIJACK – Interrupts and Takes Over..
MAN IN THE MIDDLE – RELAYS..
MEET IN THE MIDDLE – TARGETS 2 ROUND ENCRYPTION SUCH AS DOUBLE DES..
_________uses a “lock” feature to allow an authorized user to make changes and then “unlock” the data elements only after the changes are complete.
Concurrency
_______ model uses multiple iterations of the waterfall model, so it is considered a meta-mode..
This is a form of WATERFALL.
Spiral model uses multiple iterations of the waterfall model, so it is considered a meta-mode..
Spiral Model is a form of WATERFALL.
________is the process by which online activities of user accounts and processes are tracked and recorded..
Auditing
________is freedom from being observed, monitored, or examined without consent or knowledge..
PRIVACY
ECC-RSA ____-bit key is the equivalent of an RSA _____-bit key..
ECC RSA 160 bit = RSA 1024 bit..
ECC RSA 160 bit = RSA 1024 bit..
ECC RSA 160 bit = RSA 1024 bit..
____________access control operates on a set of defined rules or restrictions that filter actions and activities performed on the system. System wide restrictions that override object access..
Nondiscretionary
INTEGRITY and ________depend on Each Other..
CONFIDENTIALITY
________attack, the attacker is racing with the legitimate process to replace the object before it is used..
tries to be beat the legitimate process before it is used..
TOC/TOU
_________, removes but does not repair..Removal of a virus, removes but does not repair..
_________,removes virus and repairs damage..
Removal, removes but does not repair..Removal of a virus, removes but does not repair..
Clean removes virus and repairs damage..
_________,removes virus and repairs damage..
Clean removes virus and repairs damage..
When audit trails legally prove accountability, then you also reap the benefit of _______..
nonrepudiation
______ ______ ______ are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security..
Information flow models
Databases: The event that occurs when two or more rows in the same table appear to have identical primary key elements but contain different data for use at differing Classification levels. This is often used as a defense against some types of inference attacks.
Polyinstantiation
Database transactions must be _____—that is, they must be an “all‐or‐nothing” affair..
Atomic
DSA: The Digital Signature Algorithm (as specified in FIPS 186-2) supports true digital signatures, providing integrity verification and .
nonrepudiation
Biba and Clark Wilson provide ______
Integrity
3DES effective key length ___ Bit..
3DES effective key length 168bit..
______ ________ attack may be used on encrypted messages..
Frequency Analysis
A ____ _____ maintains a row of security attributes for each controlled object. This is also a row of an access control matrix.
capabilities list
A _____ ______ is closely associated with the access control matrix..
capabilities list
IPSEC needs ______in order to be secure on a dialup
L2TP
In a _______security mode system, there is no requirement that all users have appropriate clearances to access all the information processed by the system…
Multilevel
_________ model allows the development process to return only to the immediately preceding phase of development at any given time.
Waterfall
______ ______ and Job Rotation support peer auditing..
Mandatory vacations
2 examples of Peer Auditing
Mandatory vacations and Job Rotation
The __________phase usually concludes with the notification of the incident response team.
identification phase
This type of system houses hundreds or thousands of CPU’s that have their own operation system.
MMP Massively Parallel Processing
M M P used for large, complex tasks.
implement multithreading techniques at the operating system level…Single..Operating System level..S M P used for simple operations..This system is the O S level..
SMP Symmetric multiprocessing systems
S M P sends threads to available processor for simultaneous execution..
A _____ ______ is any method that is used to secretly pass data and that is not normally used for communication. Covert Channeling can be difficult to detect. Need to AUDIT and ANALYZE logs.
Covert channel
How to mitigate Covert Channel
Audit, Monitor, Analyze
Two types of Covert Channels: 1) Covert TIMING Channel – Alters system performance or timing in a _____ manner…2) Covert STORAGE Channel – Writes data to common ______area so another process can read it.
Predictable
Storage
When an intruder is detected by an I D S, they are transferred to a ____ ______. The transfer of the intruder into a padded cell is performed automatically, without informing the intruder that the change has occurred. The padded cell is unknown to the intruder before the attack, so it cannot serve as an enticement or entrapment. Padded cells are used to detain intruders, not to detect vulnerabilities….
padded cell
One of the most common vulnerabilities and hardest to protect against is the occurrence of ______ and _______ …
occurrence of errors and omissions
types of FIREWALLS (4):
Static
Application
Circuit
Stateful..
Name this Firewall: Layer 3 (Network) and 4 (Transport), 3rd generation. Looks at source/destination ports, addresses and applications.
Stateful Inspection Firewall – A K A DYNAMIC.
Two Firewall Modes
Transport Mode: In transport mode, only the IP packet data is encrypted, but the header of the packet is not..
Tunnel Mode: Tunnel mode, HEADER AND PACKET DATA IS ENCYRPTED. The source and destination IP addresses are encrypted and an ESP header is added followed by a new IP header…When IPSec is used in tunnel mode, entire packets, rather than just the payload, are encrypted. This mode is designed for use in gateway-to-gateway TUNNEL IS MORE SECURE.
Which Firewall mode only encrypts IP Packet Data and NOT Header
Transport
Which of the two FW modes are more secure and why.
Tunnel is more secure because Header and Packet are Encrypted.
