Lockdown Enclosure Cissp

United States Patent and Trademark Office

This act separated investment and commercial banking activities

a 1946 law that spells out what kinds of marks (including brand names) can be protected and the exact method of protecting them. Watermarks

Family Educational Rights and Privacy Act

Federal law enacted in 1999 to control the ways that financial institutions deal with the private information of individuals

the largest library in the U.S., which was originally intended for use by Congressmen for research

Planned development of the Tennessee Valley region

Criminal and Civil Law

Final rules and regulations that have the force of the law

a law that gives citizens access to the government's files on them

United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA was signed into law part of the Electronic Government Act of 2002.

extend restrictions on government wire taps of telephone calls to include transmissions of electronic data

Restricts the interception or monitoring of oral and wire communications unless the interception or monitoring is undertaken for a business purpose or by consent Employers may monitor employees' emails and communications with some exemptions

law enforcement can wiretap from communication service provider if needed.

he goal of HITECH is not just to put computers into physician offices and on hospital wards, but rather to use them toward five goals for the US healthcare system: improve quality, safety and efficiency; engage patients in their care; increase coordination of care; improve the health status of the population;

aka decomposing the application, system, or environment. 1) trust boundaries 2) data flow paths 3) input points 4) privileged operations 5) details about security stance and approach

transfer personal data from the EU to the United States.

Media to be reused in a same sensitive environment.

Media to be reused in a lower sensitive environment.

Remove data from a system or media and ensure the data cannot be recovered by any means

A symmetric block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits. 16-round. Also Linux system use bcrypt are using a tool based on this.

Serpent is a symmetric key block cipher that was a finalist in the Advanced Encryption Standard (AES) contest, where it was ranked second to Rijndael. Serpent has a block size of 128 bits and supports a key size of 128, 192 or 256 bits.[2] The cipher is a 32-round substitution-permutation network operating on a block of four 32-bit words

AES is a Symmetic key algorithm which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits. Used by Bitlocker and MS Encryption File systems.

Symmetric Key Algorithm, Applies DES three times, 168-bit key (+24 for parity) Block size 64bits.

Symmetric Block cipher, key length 56 bit, block size 64 bits. Worst to best: ECB, CBC, CFB, OFB, CTR

A Symmetric cipher that has three key sizes (128,192, and 256 bit) and performs 20 rounds on each block.

A Symmetric block cipher that processes blocks of 64 bits.Key Length 8-128 bits. Default 64 bits.

move from SSL 3.0 to TLS because it allows attackers to easily access SSL encrypted message

worm aimed at the iranian nuclear program

earlier attacks against SSL

Notice, Purpose, Consent, Security, Disclosure, Access, Accountability

1. Lawfulness, fairness, and transparency 2. Purpose limitations 3. Data minimization 4. Accuracy 5. Storage limitation 6. Integrity and confidentiality 7. Accountability and compliance

Operators of commercial websites and services post a prominently displayed privacy policy if they collect personal information on California residents. No encryption is needed by this law.

is a Canadian privacy law

is part of the set of California codes that requires breach notification

A key-based encryption system for e-mail that uses a two-step verification process. Can also be used to encrypt files and entire disk drives.

a method of storing a private key detected and encrypted as the unique key. The key used for recovery is split into different parts and distributed to various individual is called key recovery operators. To use the recovery key a m number of the operators must be present with their part of the key

DSA, RSA and ECDSA

128; 160; 192; 224; 256. Also allows users to specify the number of rounds (3, 4, or 5) to be used to generate the hash.

The trusted computing base (TCB) of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security, in the sense that bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.

What is another name for a backdoor that was left in a product by the manufacturer by accident?

An access control model used to ensure integrity. It uses two primary rules: no read down and no write up. Compare to BellLaPadula model.Two security rules: the simple integrity axiom and the * integrity axiom

Hardware Security technique that stores an encryption key on a chip on the motherboard and prevents someone from access and encrypted drive by installing it in another computer.

Protection Profile (PP): a set of security requirements and objects for the type of product to be tested Security Target (ST): the documentation that describes the ToE and any security requirements Target of Evaluation (TOE):the system or product that is to be tested Evaluated System EAL: a rating level that is assigned to the product after the product has been tested.

functionally tested (Common Criteria)

structurally tested (Common Criteria)

Methodically checked and tested (Common Criteria)

methodically designed, tested, and reviewed (Common Criteria)

semiformally designed and tested. (Common Criteria)

Semiformally verified designed and tested (Common Criteria)

Formally verified designed and tested (Common Criteria)

secret keys are divided into 2 or more pieces, each of which is given to a 3rd party

Certified to handle data from different security classifications simultaneously by implementing protection mechanisms that segregate data appropriately

0 kernel 1 other os components 2 drivers and protocols 3 user level programs and applications; 0 - 2 are run in privileged mode and 3 is user mode. Use system calls to communicate with the CPU.

system assurance process provides an independent third-party evaluation of a system's controls that may be trusted by many different org.

mean time to repair/recover

Mean time to failure. The length of time you can expect a device to remain in operation before it fails. It is similar to MTBF, but the primary difference is that the MTBF metric indicates you can repair the device after it fails. The MTTF metric indicates that you will not be able to repair a device after it fails.

Mean Time Between Failure: a measure of availability often quoted by hardware manufacturers. For example 2.56 years between failures means that, on average, the hardware can be expected to last 2.56 years before it goes wrong.

Recovery Time Objective

Maximum Tolerable Outage - time

a dry chemical, potassium bicarbonate or potassium chloride used for electrical fires

contained pressurized water-used on combustible fires such as paper, cloth, and wood

contains carbon dioxide- used on gasoline, oil; paint, and cooking fat fires

Combustible metals

Side-band electromagnetic radiation emissions are present in and, with the proper equipment, can be captured from keyboards, computer displays, printers, and other electronic devices.

A fast interface between a host adapter and the CPU that can daisy chain as many as 7 or 15 devices on a single bus.

reduces or suppresses natural electromagnetic emanations.

"Time Of Check, Time Of Use--Altering a condition after it has been checked by the operating system but before it is used."

changing data before or during entry into a computer system in order to delete, alter, add, or incorrectly update key system data

malicious code embedded into BIOS or firmware -frequently used to remote control

attacking phone systems to obtain free phone line access, use phone lines to transmit malware, and to access, steal, and destroy data

One cryptanalysis method that is used to defeat a multi-step encryption process uses both the original clear text to work forward toward an intermediate value, and the ending cipher text to work backward toward an intermediate value so that the key space that is to be defeated is smaller and more computationally manageable. Which one of the following terms describes this method?

the attacker selects a ciphertext and is given the corresponding plaintext E.g., the attacker gains access to the decryption device but not the key

defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize.

Physical constraints used to prevent information from being compromised through signals emanated by a system, particularly electromagnetic radiation.

Promoted by the NSA. Skipjack uses an 80-bit key, supports the same four modes of operation as DES, and operates on 64-bit blocks of text. Skipjack provides cryptographic routines in support of Clipper and Capstone. Skipjack faced public opposition because it was developed so that the government could maintain information enabling legal authorities (with a search warrant or approval of the court) to reconstruct a Skipjack access key and decrypt private communications between affected parties.

Describes the behavior of a system as it moves between one state and another, from one moment to another. Allows or dnies access to objects at different intervals of time.

works like a laptop's touchpad or a phone's touchscreen. Uses electron movement to sense fingerprint patterns

does not remove the oxygen from the air. Chemical reaction and heat removal.

mixture of nitrogen, argon and carbon; alrernative to halon

Simple Security Property (no read up) * - Property (no write down) All about confidentiality

A Layer 2 WAN package switching technology that interconnects sites using private virtual circuits (PVC) provides a Committed Information Rate (CIR), which is a minimum bandwidth guarantee provided by the service provider to customers. Frame Relay requires a DTE/DCE at each connection point, with the DTE providing access to the frame relay network and a provider-supplied DCE, which transmits the data over the networks.

A legacy packet switching network technology developed in the 1970s to move data across less than reliable public carriers.

Connects two client

connect clients using a wireless access point, but not to a wired resources like a central network

connects endpoints to a central network, not directly to each other

use a wireless access point to link wireless clients to a wired network

reset

54 Mbps - 5 GHz, use OFDM

5GHz 1300mbps

Wireless networking standard that operates in the 2.4-GHz band with a theoretical maximum throughput of 54 Mbps and is backward compatible with 802.11b. use OFDM. Supports WEP,AES and TKIP. WPA use TKIP and WPA2 use AES with counter mode with CCMP.

Wireless networking standard that can operate in both the 2.4-GHz and 5-GHz bands and uses multiple in/multiple out (MIMO) to achieve a theoretical maximum throughput of 100+ Mbps. use OFDM

Telnet

SMTP

Internet Message Access Protocol (IMAP)

LPD (Printers)

POP3. Used by clients accessing e-mail on servers. Receiving.

SSH

6000-6063

FTP. Port 20 is used for transfer data, port 21 is to control commands.

TFTP

A simple version of FTP that uses UDP as the transport protocol, and does not require a logon to the remote host.

Used by Bluetooth. (Frequency-Hopping Spread Spectrum) Allows the participants in a communication to hop between predetermined frequencies. Security is enhanced, because the participants can predict the next frequency to be used while a third party cannot easily predict the next frequency. FHSS can also provision extra bandwidth by simultaneously using more than one frequency.

(Direct Sequence Spread Spectrum) Modulates data over an entire range of frequencies using a series symbols called chips . A chip is shorter in duration than a bit, meaning that chips are transmitted at a higher rate than the actual data. These chips not only represent encoded data to be transmitted, but also what appears to be random data. Because both parties involved in a DSSS communication know which chips represent actual data and which chips do not, if a third-party intercepted a DSSS transmission, it would be difficult for that party to eavesdrop on the data, because he would not easily know which chips represented valid bits. DSSS is more subject to environmental factors, as opposed to FHSS and OFDN, because it uses of an entire frequency spectrum.

(Orthogonal Frequency Division Multiplexing) While DSSS used a high modulation rate for the symbols it sends, OFDM uses a relatively slow modulation rate for symbols. This slower modulation rate, combined with the simultaneous transmission of data over 52 data streams, helps OFDM support high data rates while resisting crosstalk between the various data streams.

A form of radio transmission in which the signal is sent over more than one frequency to discourage eavesdropping.

A form of transmission that allows multiple signals to travel simultaneously over one medium.

Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.

Sniffing the ID of a Domain Name System (DNS, the "phone book" of the Internet that converts a domain, or website name, to an IP address) request and replying before the real DNS server.

uses false ARP replies to map any IP address to any MAC address

Secure/ Multipurpose Internet Mail Extensions. Used to secure e-mail. S/ MIME provides confidentiality, integrity, authentication, and non-repudiation. It can digitally sign and encrypt e-mail, including the encryption of e-mail at rest (stored on a drive) and in transit (data sent over the network). It uses RSA, with public and private keys for encryption and decryption, and depends on a PKI for certificates.

Internet Small Computer System Interface. A lower-cost alternative to traditional SANs. It supports sending traditional SCSI commands over an IP network. Cost less than fiber channel.

Multi-Protocol Label Switching. A technology use path labels instead of network address.

Private Branch Exchange. A telephone switch used to telephone calls.

The IEEE standard that defines port-based security for wireless network access control

The IEEE standard for Ethernet networking devices and data handling (using the CSMA/CD access method).

Bluetooth

Integrated services digital network. A single ISDN line carries data at 64 or 128 Kbps. Although video conferences are possible at slower speeds, ISDN is considered to be the minimum for acceptable-quality video transmission.

Primary Rate Interface. An Integrated Services Digital Network (ISDN) interface to primary rate access. Primary rate access consists of a single 64-kbps D channel plus 23 (T1) or 30 (E1) B channels for voice or data.up to 1.544Mbps

(Basic Rate Interface) A BRI circuit contains two 64-kbps B channels and one 16-kbps D channel. Although such a circuit can carry two simultaneous voice conversations, the two B channels can be logically bonded together into a single virtual circuit (by using PPP's multilink interface feature) to offer a 128-kbps data path.

Spam over Internet Telephony. Caller ID spoofing.

The unauthorized access of information from a wireless device through a Bluetooth connection.

1) PPTP 2) L2F 3) L2TP 4) IPSec -operate at OSI 2 (data link)

Fiber Distributed Data Interface. Two rings.

Synchronous Optical Network Technologies. A multiplexing protocol used to transfer data over optical fiber.

Protected Extensible Authentication Protocol. PEAP provides an extra layer of protection for EAP. PEAP-TLS uses TLS to encrypt the authentication process by encapsulating and encrypting the EAP conversation in a Transport Layer Security (TLS) tunnel. Since TLS requires a certificate, PEAP-TLS requires a certification authority (CA) to issue certificates.

Lightweight Extensible Authentication Protocol. A modified version of the Challenge Handshake Authentication Protocol (CHAP) created by Cisco.

Not possible with the same IP range, i.e. same IP address cannot appear inside and outside a NAT router

steal long distance service by manipulating line voltages

simulate tones of coins being deposited into payphones

tone generators used to simulate the tones used for telephone networks

dual tone, multi frequency generator to control phone system

Bits

Frames. The second layer in the OSI model. This layer bridges the networking media with the Network layer. Its primary function is to divide the data it receives from the Network layer into frames that can then be transmitted by the Physical layer.

Packages. The third layer in the OSI model. Protocols in this layer translate network addresses into their physical counterparts and decide how to route data from the sender to the receiver.

Segments. The fourth layer of the OSI model. In this layer protocols ensure that data are transferred from point A to point B reliably and without errors. this layer services include flow control, acknowledgment, error correction, segmentation, reassembly, and sequencing.

An attack in which the attacker "breaks out" of a VM's normally isolated state and interacts directly with the hypervisor.

A leased-line connection capable of carrying data at 44,736,000 bps. Equal to 28 T1 lines

A type of data connection able to transmit a digital signal at 1.544 Mpbs. Circuit -switched WAN technology. T1 and T3 primarily used in US, Canada, Japan and SC. E1 and E3 are used else where.

Asynchronous Transfer Mode is a cell-switched WAN technology. fixed lengthen cell. 155 Mbps

fibre channel over ethernet - a networking protocol that is not routable at the IP layer and thus cannot work across large networks

Set all of the possible flags on a TCP packet

Layer 2 Tunneling Protocol. Tunneling protocol used with VPNs. L2TP is commonly used with IPsec (L2TP/ IPsec). L2TP uses port 1701. Use ESP (Encapsulating Security Payload) as encryption.

Point-to-Point Tunneling Protocol. Tunneling protocol used with VPNs. PPTP uses TCP port 1723. it sends the intial packets of a session in plaintext, potentially including usernames and hashed passwords. PPTP does support EAP and was designed to encapsulate PPP packets.

A protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.

A form of UTP that contains four wire pairs and can carry up to 10 Mbps, with a possible bandwidth of 16 MHz.

UTP capable of 100 Mbps. Four twisted wire pairs (eight wires). My be used for 10BaseT,10BaseT4, 10BaseT2, 100BaseTX and 1000BaseT Ethernet.

A UTP cable type that provides more than 1 Gb/s of throughput.

A secure and direct communications path to a legitimate receiver, such as a login screen

Used to get on the network. Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812[1] that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. By default, RADIUS use UDP and only encrypt password and NOT username. It does support TLS and TCP. Not the entire content.

service provisioning ML: uses Requesting Authorities to issue SPML requests to a Provisioning Service Point.

Simple Object Access Protocol: messaging protocol and could be used for any XML messaging

Commonly used by SDN. Extensible Access Control Markup Language A standard for an access control policy language using XML. Its goal is to create an attribute-based access control system that decouples the access decision from the application or the local machine. It provides for fine-grained control of activities

Google Account shared login to other sites

Lightweight Directory Access Protocol over TLS/SSL (LDAPS). Support Encryption.

Global Catalog: 3268 for LDAP and 3269 for LDAPS

Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol. Directory services.

Stores password in plain text. require pre-encryption.

False Negative

False Positive

an open, decentralized, free framework for user-centric digital identity. Allow user to use an account from another service with his application

What technology allows users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site?

Common Access Card

RESTful, Jason-based authentication protocol that when paired with OAuth, can provide identity verification and basic profiles information.

federated identity solution designed to allow web-based SSO

Open source project designed to provide users with control over release of their identity information.

Simple Authentication and Security Layer for LDAP provides support for a range of authentication types, including secure methods

Open protocol designed to replace RADIUS including support for additional commands and protocols, replacing UDP traffic with TCP, and providing for extensible commands, but does not preserve backward compatibility with RADIUS.

default port for SQL Server

server message block (SMB) over TCP/IP. This is a core means for communication on a Microsoft-based LAN.

Net bios / Net BT

Code is altered, tests are expected to fail; way to design new software tests and to ensure the quality of tests

HTTPS

Web vulnerability scanner

A tool that carries out static analysis without actually running the code

A type of tool that works by bombarding our applications with all manner of data and inputs from a wide variety of sources, in the hope that we can cause the application to fail or to perform in unexpected ways

Microsoft Baseline Security Analyzer. Closed Sourced

An open-source security tool for conducting port scanning, OS identification, and vulnerability assessments. A client computer (*nix or Windows) must connect to the server to perform the tests.

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans. Baseline. Disucusses security control baselines as a list of security controls.

A form of fuzzing that develops inputs based on models of expected inputs to perform the same task. This is also sometimes called intelligent fuzzing.

A form of fuzzing that modifies known inputs to generate synthetic inputs that may trigger unexpected behavior. Aka dumb fuzzing.

Network Time Protocol. Protocol used to synchronize computer times.

Threat Categorization: Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of Privilege

Security Content Automation Protocol. A method with automated vulnerability management, measurement, and policy compliance evaluation tools. Used by NVD.

Security Flaw and Security configuration

Introduction to Computer Security

The Business Continuity plan guidelines are defined

Guide to Integrating Forensic Techniques into Incident Response

Developed by CCTA. The Information Technology Infrastructure Library (ITIL) is a set of concepts and practices for Information Technology Services Management (ITSM), Information Technology (IT) development and IT operations. ITIL gives detailed descriptions of a number of important IT practices and provides comprehensive checklists, tasks and procedures that any IT organization can tailor to its needs. Not typically used for auditing. Five main tasks: Service strategy service design Service transition service operation Continual service improvement

statement on Standards for Attestation Engagements 16 -used for auditing

Information security continuous monitoring program

detailed code review that steps through planning, overview, preparation, inspection, rework, and follow-up phases

Printer

Scripted or recorded data

provides info on the functions, statements, branches, and conditions or other elements

Cloud computing

Building an IT Security Awareness and Training Program

use langugage beyond typical use case diagrams, including threatens and mitigates

Score based system Damage - how bad would an attack be? Reproducibility - how easy is it to reproduce the attack? Exploitability - how much work is it to launch the attack? Affected users - how many people will be impacted? Discoverability - how easy is it to discover the threat?

Attack trees are conceptual diagrams showing how an asset, or target, might be attacked.

International Standard on Assurance Engagements - what SSAE-16 is based on

1) write blocking- intercepts write command sent to the device and prevents them from modifying data on the device. 2) returning data requested by a read operation 3) returning access significant info from the device 4) reporting errors from the device back to the forensic host.

Computer Security Incident Response Team

Project Management Body of Knowledge

Enterprise architecture framework used to define and understand a business environment developed by The Open Group.

An agreement that directs the escrow agent regarding terms and conditions under which the deed or other instruments are to be delivered to the parties and the disposition of the deed or other instruments on default.

A DDoS attack type on a computer that floods the target system with a large amount of UDP echo traffic to IP broadcast addresses. Port 7 and port 19.

A subclass to access methods belonging to a superclass

Web Application Firewall

Atomicity, Consistency, Isolation, Durability

use multiple propagation mechanisms to defeat system security controls but do not necessarily include hide the malware

A virus that can change its own code or periodically rewrites itself to avoid detection

A problem that exists in database applications in which two users update the same data item, but only one of those changes is recorded in the data. Can be resolved using locking.

In transaction management, when a transaction reads data that is not yet committed.

A systematic way of testing all-pair combinations of variables using orthogonal arrays. It significantly reduces the number of all combinations of variables to test all pair combinations. See also combinatorial testing, n-wise testing, pairwise testing.

one transaction is using an aggregate function to summarize data stored in a database while a second transaction is making modifications to the database, causing the summary to include incorrect information

Use record from past software bugs to inform the analysis

develops a matrix of all possible inputs and outputs to inform the test plan

Higher likelihood of detecting a zero-day exploit however it comes with high false positive

an extremely destructive virus that attacks the master boot record (MBR) of a hard disk, resulting in hard disk failure.

Knowledge bank and inference engine

A model intended to ensure that higher-level security functions don't interfere with lower-level functions.

Aslo called Chinese wall model. Designed to prevent conflicts of interest; commonly used in industries that handle sensitive data. Three main resources classes are considered in this model: objects, company groups, and conflict classes

employs a directed graph to dictate how rights can be passed from one sub to another or from a sub to an obj. -i.e, a sub with the grant right can grant another sub or obj any other right they possess. -a sub with the take right can take a right from another sub -may adopt a create rule and remove rule to generate or delete rights

Real-world integrity model that protects integrity by having subjects access objects via programs. Also, it uses SoD to ensure that no single user alone can modify sensitive data

Take information from a higher layer and adds a header to it

Group of subjects that share similar privileges or management controls

hiding the operational complexity of a system from the system's user

Bolted to the wall, the floor, or some other large, immobile surface

also called a virtual machine monitor is a computer software/hardware platform virtualization software that allows multiple guest OS to run on host computer concurrently. Type 1 is on bare metal server, type 2 is application installed on host OS.

TCP 513, remote login. Not encrypted.

tcp/23 Telecommunication Network Insecure console access

Password Authentication Protocol. An older authentication protocol where passwords are sent across the network in clear text. Rarely used today.

A person or element that has the power to carry out a threat.

Challenge Handshake Authentication Protocol. Authentication mechanism where a server challenges a client. No password or ID is sent. Shared secure password. Hash the challenge and the secure password and send back to the server.

The means by which an attack could occur.

An IPv4-to-IPv6 transition method that runs both IPv4 and IPv6 on networking devices. A tunneling method, such as 4to6 tunneling must be implemented. IPv4 package is carried as the data payload of the IPv6 package.

The extent to which subsystems depend on each other. High coupling means low cohension.

1. Develop Policy 2. Conduct BIA 3. Identify Controls 4. Develop recovery strat 5. Develop IT contengency plan 6. Perform BCP training and testing 7. Perform BCP maintenance

used to remotely copy files in clear text

Remote Shell; port 514; good for use in scripts and making single commands. Clear text.

Another name for a table in a relational database

Rows in a relational database

Columns in a relational database

Security Association is a collection of security configuration parameters that each end point agrees to use. If either ESP or AH is used, ISAKMP must establish two SAs. If both, four, two in each direction.

Encrypted code book: Each block encrypted seperately. Maintains large scale patterns (can still see image). No IV.

Cipher block chaining mode. Previous block used to help decrypt next block. Mixes things up. Would be good, but difficult to implement. Chain encryption.

Cipher Feedback Mode (block cipher mode). Encrypt the IV, then XOR it with plaintext 1 to generate ciphertext 1. Then encrypt ciphertext 1 and XOR it with plaintext 2, etc. works in stream mode. stream mode is called feedback.

Output Feedback Mode. Can be used to construct a synchronous stream cipher from a block cipher. Encrypts the IV over and over, XORing the result with the plaintext at each iteration. Does not propagate encryption error.

Counter Mode. Generates a key stream independently of the data. Increments IV for each block, encrypts that IV, and XORs it with the plaintext. Faster

Both confidentially and integrity Combo of biba & Lapadula

A security model focused on the secure creation and deletion of both subjects and objects. Access control matrix. Row is subject, column is object, cell is right.

Extend of Graham-Denning, including a right integrity protection system that prevents a subject from being created if that subject or object already exist in ACM.

monitors traffic that's passing through other ports on a switch, sometimes called Switched Port Analyzer ports or mirror ports.

Fishing law enforcement

The act of registering a domain name that is the same as, or confusingly similar to, the trademark of another and then offering to sell that domain name back to the trademark owner.

a problem that occurs when someone registers purposely misspelled variations of well-known domain names

The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance, which combines function and assurance requirements A. Verified Protection B. Mandatory Protection C. Discretionary Protection D. Minimal Protection

The flame sensor sends an electrical signal to a central controller. Visual.

DNS cache poisoning attacks that attempts to modify a DNS cache by providing invalid information to a DNS server.

Domain Name System Security Extensions. A suite of specifications used to protect the integrity of DNS records and prevent DNS poisoning attacks.

Device has more than one network connection

A random number used once during a cryptographic process. Can be added to URL to mitigate XSRF.

Cryptanalysis attack where the attacker is assumed to have access to sets of corresponding plaintext and ciphertext.

Using statistical tools to attempt to discover a pattern in ciphertexts; also called ciphertext only attack.

Cryptanalysis attack where the attacker can choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts.

Serial Line Internet Protocol. lower overhead. bare-bone layer 2 protocol. Support encapsulation only IP traffic. Doesn't provide CIA.

Point-to-Point Protocol. A protocol that provides router-to-router and host-to-network connections over synchronous point-to-point and asynchronous point-to-point circuits. Can transmit more than IP. Layer 2 protocol. provides CIA. use PAP, CHAP and EAP for authentication. Use PPTP or L2TP for confidentiality. Support synchronous links, such as T1 lines or asynchronous links, such as dial-up modems.

Structured walkthrough

a method of encrypting text by applying a series of Caesar ciphers based on the letters of a keyword. square matrix.

Use well known text to encrypt and decrypt

Substitution cipher that creates keystream values, commonly from agreed-upon text passages, to be used for encryption purposes.

refer to the use of human-readable security attributes.

Simple Network Management Protocol. Used to collect system information from a remote computer. used to manage network devices. V1 and V2 dont use encryption, V3 does.

A channel that conveys information by writing data to a common storage area where another process can read it.

A channel that conveys information by altering the performance of a system component or modifying a resource's timing in a predictable manner.

use aliases or artificial identifier to represent other data

The act of permanently and completely removing personal identifiers from data, such as converting personally identifiable information (PII) into aggregated data.

technique of swapping fixed length block of memory to disk

The process of moving data from one entire running application out of RAM and into virtual memory.

short period of low voltage

Prolonged (more than a minute) undervoltage

a short period of power loss

master device to coordinate data transmission by slave devices, typically used in mainframe

Type 2 Authentication - Something You Have; like a token or a smartcard

The partial or full duplication of data from a source database to one or more destination databases.

copy data from a table to another table in the same database

Copies data from a live database to a read only copy. The database shadow is an offline backup, which is only made available in instances when the primary database is 'incapacitated'.

Remote Procedure Call. Executing what looks like a normal procedure call (or method invocation) by sending network packets to some remote host. Layer 5

HTTP, FTP, TFTP, DHCP, DNS, SMTP, POP3, Telnet, SSH

GIF, JPEG, MPEG, QuickTime

PAP, RPC

UDP, TCP

A photoelectric or ionization device that reacts to the presence of smoke. Electrical Charge

a fire detection system that works by detecting the infrared or ultraviolet light produced by an open flame

• A trusted third-party holds the keys • Allows access the data if the need arises

OOP concept that enables data to be processed differently based on the data type when objects are instantiated from other objects.

the process of developing one object from another object, but with different values in the new object. Allows the storage of multiple different pieces of information in a database at different classification levels.

pretending to be another person online. Another name for spoofing.

A substantive rule of contracts under which a court will not receive into evidence the parties' prior negotiations, prior agreements, or contemporaneous oral agreements if that evidence contradicts or varies the terms of the parties' written contract.

A file setting that indicates whether a file should be backed up. Full or incremental backup resets the archive bit.

trifouromethane, alrernative to halon. Safest in electrical environment. Can be breathed up to 30%. FM-200 is 15%.

International Association of Computer Investigative Specialists. Offer certificates specifially designed for digital forensics investigators.

Message Digest 5. A hashing function used to provide integrity. MD5 uses 128 bits. BGP, OSPF, RIPv2 (not v1), EIGRP (Enhanced Interior Gateway Routing protocol), IS-IS (Intermediate System to Intermediate system) all support MD5.

HTTPS requires use of symmetric and asymmetric; S-HTTP can be used with only symmetric keys, but does support asymmetric. S-HTTP send over port 80 while HTTP send over port 443. S-HTTP encrypt all but HTTP header on application layer with DES or RC2 while HTTPS encrypt the entire message at the transport layer using SSL/TLS. S-HTTP defined by RFC2660. HTTPS defined by RFC2818.

100 mbps, 2000m, MMF

A Gigabit Ethernet standard using multimode fiber cabling, with a 220- to 500-m maximum cable distance.

RIP Routing information protocol, OSPF open shortest path first, IGRP, EIGRP, BGP border gateway protocol

An Ethernet LAN designed to run on fiber-optic cabling. Runs at 100 Mbps and uses baseband signaling. Maximum cable length is 400 m for half-duplex and 2 km for full-duplex.

as long as you are legally required to do so

The comparison of past security activities and events against the organization's current performance

Common Vulnerability Scoring System; Open protocol for scoring new vulnerabilities. Influence by three metric groups: Base metrics (severity, set by vendor, largest influence), temporal metrics (urgency, set by vendor, can change, second score calculation) and environmental metrics (optional, set by end user, final score).

1024 through 49151

49152 through 65535

A key agreement protocol, does not provide any security services nor digital signature. Use discrete logarithms. DH and El Gamal are asymmetric encryption.

De facto asymmetric algorithm used for encryption, digital signatures, and key exchange. Based upon the difficulty of factoring large numbers into their original prime numbers. Susceptible to chosen cipher text attack.

An algorithm that uses elliptic curves instead of prime numbers to compute keys.

Content Delivery Network - a system of distributed servers (network) that deliver webpages and other Web content to a user based on the geographic locations of the user, the origin of the webpage and a content delivery server.

Application-level proxy layer 7 circuit-level layer 5 packet filter layer 3 and 4 stateful layer 3 and 4, more secure than packet filter.

Trusted Network Interpretation book, DoD standard that describes security evaluation criteria for networked system, supplement to the orange book, since orange book doesn't define access control in network.

A single copper wire surrounded by layers of plastic insulation and sheathing; used mainly in cable television and cable Internet service.

Contains control unit and ALU. Also known as brains of the computer.

The CPU is connected to the RAM via this bridge. Is an integrated circuit that is responsible for communications between the CPU interface and the memory.

Point to Point Encryption solution. Prevents merchants from performing key management. encrypt cardholder information as soon as it's swiped.

Active Directory standard. Mostly replaced by SMTP.

Robust Security Network, also called WPA2

Channel service unit/data service unit. A device that is required to connect to a data terminal equipment (DTE) device, such as a router, to a digital circuit, such as a T1 line.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. Feature of WPA2, used by AES. Create a message integrity code (MIC) that can be use for validation.

Frame Check Sequence; checksum in a frame header. Used by Ethernet.

Contains a 7 byte field of alternating bits. This pattern enables bit-level synchronization between the frame sender and the frame receiver.

The most common cryptographic work function is a representation of the time and effort required to perform a successful brute-force attack. The work function should be greater in value than the time value of the asset being protected.

Computer Forensics Tool Testing. Created by NIST.

Secure European System for Applications in a Multivendor Environment. Improves on Kerberos by using public keys.

CPU to speed processing by switching between processes

Allows different parts of a single program to run concurrently.

Supports running a program on more than one CPU.

Technique that allows the CPU to work on more than one instruction at a time

Sherwood Applied Business Security Architecture Traceability An enterprise security architecture framework that is similar to the Zachman framework. It uses the six communication questions (what, where, when, why, who, and how) that intersect with six layers (operational, component, physical, logical, conceptual, and contextual). It is a risk-driven architecture, a model for guiding the creation and design of a security architecture. It attempts to enhance the communication process between stakeholders.

a methodology and set of resources for developing an enterprise architecture. Four domains, business, application, data and technology. use business requirement as a central point of comparison for every phase of the development.

provides six frameworks for providing information security, asking what, how, where, who, when, and why, and mapping those frameworks across rules including planner, owner, designer, builder, programmer, and user, but it does not create a chain of traceability.

Baselining, Patch-management, Vulnerability management

application (7,6,5), transport (4), internet (3), network access (2, 1)

1. Pad is made up of truly random values 2. Used once 3. Securely distributed to destination 4. Secured at sender's and receiver's sites 5. At least as long as the message

Process for Attack Simulation and Threat Analysis. Risk-based threat-modeling methodology that contains 7 stages

risk-based threat-modeling that allows security audits to be performed consistently, reliably, and repeatably.

buffer overflow protection mechnism that forces an application fail immediately if a pointer is freed incorrectly.

Address Layout Space Randomization. A buffer overflow protection mechanism that places executables into random memory addresses at boot time.

Data Execution Prevention. A security feature in modern operating systems that monitors applications to make sure they use system memory safely. In Microsoft environment, DEP is defined as a set of hardware and software technologies that perform additional checks on memory to help protect against malicious code exploits. If a program tries to execute code from memory in a an incorrect way, DEP closes the program.

A buffer overflow protection mechanism that applies an exclusive or XOR random value with pointers, encoding the pointer value.

Fire suppression system that consists of closed sprinklers attached to piping system that contains air under pressure

A fire suppression sprinkler system that keeps all individual sprinkler heads open and applies water to all areas when activated.

A connectionless transfer unit created with User Datagram Protocol designed for quick transfers over a packet-switched network. Layer 4.

A short-term increase in electrical power availability, also known as a swell.

A long period of high voltage

Can never be vulnerable to specific kinds of threats. Restrict the ways data can be used.

Gathering outside information by watching how it behaves with the goal of uncovering the encryption key

The process of supplying the PIN and handprint that the entity needs to authenticate the individual. Throughput can be measured by the amount of time the authentication process takes.

HTTP accepts both decimal and hexdecimal

searching for unlinked content on a webserver

Defines NAT.

Attacker carries out a known-plaintext attack on several different messages encrypted with the same key, identifying specific output combination allows him to assign probability values to different keys, resulting on key display a pattern

Allows the operating system to provide well-defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule. Each process is allocated time slot(s)

Space on a hard disk or other storage device that simulates random access memory. Enable multitasking by sharing libraries between applications.

The Synchronous Data Link Control (SDLC) protocol was developed in the mid-1970s for use in Systems Network Architecture (SNA) environments. SDLC is unique in that it was the first synchronous, link layer, bit-oriented protocol. The ISO modified SDLC to create the High-Level Data Link Control (HDLC) protocol and release it as a standard.

A specific way of implementing ActiveX that runs through the web browser and functions like a miniature application. Primarily use DS as a security control. Support only on MS platform browsers.

A Java program designed to be embedded into an HTML document, transferred over the Web, and executed in a browser. Primarily use sandbox as security control.

Dynamic Random Access Memory - A type of random-access memory that stores each bit of data in a separate capacitor within an integrated circuit. slowest and cheapest. Smaller hardware requirement.

Static Random Access Memory; the type of memory that does not need to be refreshed and that cache memory is made out of. Use flip flops.

- Uses only one wire pair with a digital signal running in both directions on the wire - Uses the CSMA/CD protocol to help prevent collisions and to permit retransmitting if one occurs - If a hub is attached to a switch, it must operate in half-duplex mode because the end stations must be able to detect collisions - The network can only run half-duplex, and if two hosts communicate at the same time there will be a collision - Half-duplex Ethernet is only about 30 to 40 percent efficient because a large 100Base-T network will usually only give you 30 to 40 Mbps, at most, due to overhead

accounts for all personnel after an evacuation.

Safety wardens may also be known as safety officers, fire wardens, or building, floor or area wardens. Responsible for ensuring that everyone safely evacuates the building.

renaming classes, fields, and methods, replacing them with new identifiers that lack intuitive meaning.

modify data and data structure in order to hide what the data is used for or what the structure do.

making an application harder to understand or to decompile

make code obsecure to computers.

side-channel attack works by denying a smartcard enough power to operate correctly.

directly connecting to pins and attempting to translate power fluctuations.

end-to-end encryption. Data is decrypted each step along the path

A private electronic network that links a company with its suppliers and customers

0:0:0:0:0:0:0:1, also expressed as ::1

0:0:0:0:0:0:0:0 or ::, indicate the absence of IPv6

all have the prefix FF01::1

Create a table for each related attribute, give each a primary key, ensure data is atomic

All non-key columns must depend on the entire primary key.

Move non-key dependencies to another table

Three layers: Delivery header GRE header payload

12 bit field that follows the checksum n a GFE header.

If included, must be set as 0. included in the GFE header only if the checksum field is present

0 if no, 1 if yes.

A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network.

Vampire connector. used to connect a transceiver to a coaxial cable n a Thicknet network.

49152 and above

A communications path, such as the Internet, authorized for data transmission within a computer system or network.

Creates security contexts for faster message exchanges.

network segment where collision can occur when frames are sent among the devices on that network segment. A switch creates a seperate collision domain on each port.

Testing, either functional or non-functional, without reference to the internal structure of the component or system. Such as fuzz testing, pairewise testing and combinatorial testing

Form of combinatorial software testing that tests unique pairs of inputs. A form of combinatorial testing. Test more than one component at a time. faster.

A means to identify a suitable subset of test combinations to achieve a predetermined level of coverage when testing an object with multiple parameters and where those parameters themselves each have several values, which gives rise to more combinations than are feasible to test in the time allowed. See also classification tree method, n-wise testing, pairwise testing, orthogonal array testing.

A black box test design technique in which test cases are designed to execute all possible discrete combinations of any set of n input parameters. See also combinatorial testing, orthogonal array testing, pairwise testing.

A 2-dimensional array constructed with special mathematical properties, such that choosing any two columns in the array provides every pair combination of each number in the array.

A black-box test design technique in which test cases, described by means of a classification tree, are designed to execute combinations of representatives of input and/or output domains

Preventive device that requires a key to be turned through channels (called wards) to unlock.

Three types: register file (fastest), L1 and L2 (outside of CPU).

identify vulnerability, maintain the CVE database

MS vulnerabilities managed by MS

Secure development metrics rank security issue in order to quantify risk.

A(n) ____________ is a measure of program size based on the number and complexity of inputs, outputs, queries, files, and program interfaces.

metrics that estimate the size of an application by the number of executable lines of source code

The number of defects identified in a component or system divided by the size of the component or system (expressed in standard measurement terms, e.g. lines-of-code, number of classes or function points). Does not gauge overall security.

Online Certificate Status Protocol. An alternative to using a CRL. It allows entities to query a CA with the serial number of a certificate. The CA answers with good, revoked, or unknown.

program that hides in a computer and allows someone from a remote location to take full control of the computer

If anything is changed on an already-tested module, regression testing is done to be sure that this change has not introduced a new error into code that was previously correct.

An interface identifier in EUI-64 format is created by taking the first half of the host's MAC address, add FFFE, then the second half. The seventh bit is 00 if address is local unique, 02 if global unique. 2000::/3 is global unique. An IPv4-compatible IPv6 address is written by using zeros for the first 96 bits and then use IPv4 address as the last 32 bits.

mutual assistance agreement: 1. require close proximity 2. cost effective

Write Once Read Many

A security mechanism that requires that each party in a communication verify its identity.

hierarchical model that defines layer of privilege. Subjects in a lattice-based model are assigned to layers and are allowed to access objects reside in the same layer. layers typical dont talk to each other.

Personal Area Network. used to connect and share data among devices that located within a very close proximity, such as a bluetooth network.

Maintains activities at different security levels to separate these levels from each other. Also called encapsulation.

(Careful, prepare)minimum level of information protection that an organization must achieve. Is a means by which an entity can ensure that its business practices are practices that any reasonable individual would consider prudent and appropriate.

(Legally & professionally, act)requires an organization to continually review its practices to ensure that protection requirements are met. Due diligence typically follows due care. more specific.

data collected by an organization that monitors its employee be used for a specific, explicit and legitimate purpose.

week 24 bit IV and sent in clear text. Also susceptible to bit-flipping attack, which exploit a weakness in ICV. it can provide either 64 bit or 128 bit encryption, but with IV added. It support only static, preshared keys.

examines the veins in the hands of the user. The position and diameter of the veins within the hands are compared to known samples in the database. more accurate than fingerprint.

Substitution cipher using multiple alphabets. Vigenere cipher, running-key cipher and cipher disk (can be both)

a substitution cipher which is done uniformly (e.g: every occurrence of x is replaced with y). Caeser cipher.

Transmit the journal or transaction log offsite to a backup location. Typically more frequent than E-Vault

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. No fix.

System component that enforces access controls on an object.

Open Shortest Path First; Link-state routing protocol. learns the entire topology for the area. Use cost, based on bandwidth of the link, as a metric. typically faster. Send update only when topology changes, and only the changed portion is sent.

Routing Information Protocol (RIP), only aware of directly connected neighbour routers. Use hop count as metric. Send routing table to neighbour routers every 30 seconds.

Kerberos

Internet Key Exchange (IKE) (used with IPSec)

Layer 2 Tunneling Protocol (L2TP). it actually operates on layer 5.

FE80::/10. used for unicast link-local address.

Address Prefix of 2000::/3

FC00::/7

utility that rearranges files to be stored in contiguous clusters

rely on a built-in stop and start flag or bit. It's less efficient than synchronous communication

synchronous communications, the stream of data to be transferred is encoded as fluctuating voltage levels in one wire (the 'DATA'), and a periodic pulse of voltage on a separate wire (called the "CLOCK" or "STROBE") which tells the receiver "the current DATA bit is 'valid' at this moment in time".

an AP that requires users to agree to some condition before that can use the network / internet

SYN, SYN/ACK, ACK

clear the buffer, send data immediately

End a connection

exit; opening for going out; act of going out; OP. ingress

entrance

links identity information between multiple organizations.

An Internet connection such as DSL or cable modem that offers higher bandwidth, and therefore faster transmission speed, than standard modem connections. Cable modems, ISDN. analog

A transmission technique in which digital signaling is used to send data over a single transmission medium using the entire bandwidth of that medium. Ethernet. Digital.

Maximum Tolerable Downtime

pretending to be another person online, relies on stolen or falsified authentication credentials.

doctrine whereby the original, or best available evidence should be presented in court

A variable that belongs to the class, and is not specific to any particular object, indicated by the word "static", of which only a single copy exists, regardless of how many instances of the class exist.

variables only available to members of certain class

Law designed to improve copyright protection for media companies, and make it illegal to bypass copy protection systems such as DRM. protecting ISP.

Guide for Developing Security Plans for Information Technology Systems. System owner should update the system security plan when a significant change occurs.

Electronic discovery reference model. A suggested model for the procedures in electronic discovery. Information management, Identification, Preservation, Collection, Processing, Review, Analysis, production, presentation

vulnerability scanning tool. Propitiatory.

Sniffers. A suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.

A password cracking tool which utilizes a dictionary attack method

system for cross domain identity management.

The variability of latency over time across a network. Different for different packets.

TS dont need to be public and dont have expiration.

National Vulnerability Database; Connects to CVE and others

Network Access Control. used to authenticate users, and then validate their system's compliance with a security standard before they are allowed to connect to the network.

-statement -branch (or decision coverage) -loop coverage -path coverage -data flow coverage

often contain scripts that can be misused.

List of files within the system. Typically turned on due to misconfig.

Cross-site tracing leverages HTTP race or track methods, and could be used to steal a user's cookies via cross-site scripting.

Encrypt the message but not the header.

Software Capability Maturity Model. initial no kpas. repeatable defined (peer review, intergroup coordination, training programs ) managed (software quality mgmt, quantitative mgmt) optimized (defect prevention, process/tech change management).

Requires a user to answer a question to verify their identity; commonly used as a form of secondary access

A type of antenna that concentrates the signal beam in a single direction. Yagis, panel, cantennas and parabolic antennas.

permissions include both the access and action you can take on an object, rights usually refer to the ability to take action on an object, and don't include the access to it. privilege is a combination of those two.

inform a receiving station that certain data within a segment is urgent and should be prioritized

Congestion window reduced and ECN-Echo. used to manage transimission over congested links and are rarely seen in modern days.

(Dynamic Host Configuration Protocol) A set of rules that allow network client computers to find and use the Internet address that corresponds to a domain name. Windows will assign themselves an APIPA address between 169.254.0.1 and 169.254.255.254 if they cannot contact the server. Use UDP. DORA. Discover, offer, request, acknowledge.

DHCP Client

DHCP server

making sure the system is making profit. also referred as mission owner.

CVE numbering authority

A type of coaxial cable. Often used as a network's backbone. 10Base5 has a maximum span of 500 meters with maximum throughput of 10 Mbps. Also called thicknet.

Ethernet LAN designed to run on twisted pair cabling. 10BaseT runs at 10 Mbps. The maximum length for the cabling between the NIC and the switch (or hub, repeater, etc.) is 100 meters. It uses baseband signaling. No industry-standard naming convention exists, so sometimes it's written 10BASE-T or 10Base-T.

Low orbit ion cannon. example of DDoS and botnet.

Certificates can be invalidated by the trusted third party that originally issued the certificate. What is the name of the mechanism that is used to distribute information about invalid certificates?

Backups are automatically transmitted over the Internet on a continuous basis to an off-site server maintained by a third party. Typically daily.

Syslog

Preparation Detection Response Mitigation Reporting Recovery Remediation: root cause analysis Lessons Learned

number of use cases tested / total number of use cases.

Code coverage is a measurement of how many lines/blocks/arcs of your code are executed while the automated tests are running. Code coverage is collected by using a specialized tool to instrument the binaries to add tracing calls and run a full set of automated tests against the instrumented product. A good tool will give you not only the percentage of the code that is executed, but also will allow you to drill into the data and see exactly which lines of code were executed during a particular test.

includes mechanisms to ensure that specific objects are protected to prevent their loss

Foreign Key

man in the middle attack.

Bound to a subject and list what objects it can access

A two-dimensional table that allows for individual subjects and objects to be related to each other with the permission. capability table doens't come with permission.

also called network flows, are captured to provide insight into network traffic for security, troubleshooting and performance management

used in troubleshooting specific software packages as they perform their functions.

This type of scan connects to the target port and completes the connection (3 way handshake) and can be easily detected by the target system, but it's the most reliable. It's the fastest, but not the stealthiest. Do not need privileged permission

Half open scan (not 3 way) | Stealthy design to evade IDS systems, but most now detect it; OPEN PORTS: Reply SYN/ACK; CLOSED PORTS: Return RST/ACK. Need elevated access.

help identify rogue devices

A security scanner is granted authenticated read‐only access to the servers being scanned - typically via a user account - and can use this access to read configuration information from the target system and use that information when analyzing vulnerability testing results.

The transaction property that requires all parts of a transaction to be treated as a single, indivisible, logical unit of work. All parts of a transaction must be completed or the entire transaction is aborted.

once a transaction is committed to the database it must be preserved.

a graphical network model that depicts a project's tasks and the relationships between them. notes to represent milestones and the testimated time to move between milestones.

the input of one user can be seen by another user on a website