Term
|
Definition
an entire set of
software, hardware, data, people, procedures,
and networks necessary to use information as
a resource in the organization |
|
|
Term
| Critical Characteristics of Information |
|
Definition
| Confidentiality, Integrity, Availability, Authenticity, Accuracy, Utility, Possession |
|
|
Term
|
Definition
| bitwise identical to the original |
|
|
Term
|
Definition
| Free from mistakes and errors |
|
|
Term
| Necessary Tools for InfoSec |
|
Definition
| policy, awareness, training, education, technology |
|
|
Term
| Balancing Info Sec and Access |
|
Definition
- Impossible to obtain perfect security
- It is a process not an absolute
- Considered a balance between protection and availabilty
- To achieve balance, level of security must allow reasonable access, yet protect against threats |
|
|
Term
|
Definition
- Began immediately after first mainframes were developed
- Groups developing code-breaking computations during WWII created the first modern computers |
|
|
Term
|
Definition
| byte stream number of first byte in segment's data |
|
|
Term
|
Definition
| Sequence number of next byte expected from other side |
|
|
Term
|
Definition
User Datagram Protocol
- best effort service
- connectionless
- small segment header |
|
|
Term
|
Definition
| DNS uses UDP for name lookups because it is faster than forming a TCP connection. Loss is not significant in this case because the entity performing the query can simply send the request again |
|
|
Term
|
Definition
| SNMP uses UDP as its transport protocol because it has no need for the overhead of TCP. Reliability is not required because each request generates a response. If the SNMP application does not receive a response, it simply reissues the request. Sequencing is not needed because each request and each response travels as a single datagram. |
|
|
Term
|
Definition
Internet Control Message Protocol
- communicate network-level information
- runs over IP
- Message Format:
- type, code, first 8 byted of IP datagram causing the error |
|
|
Term
|
Definition
Autonomous System
Types
- stub: small corporation
- multihomed: large corporation
- transit: network provider
Routing
- IGP
- BGP |
|
|
Term
|
Definition
| Weakness or fault that can lead to an exposure |
|
|
Term
|
Definition
| Generic term for objects, people who pose a potential danger to and asset |
|
|
Term
|
Definition
Specific object, person who poses such a danger by carrying out the attack
DDOS attacks are a threat, if a hacker carries out a DDOS attack he's a threat agent |
|
|
Term
|
Definition
| P(event occurs) X Exp(Damage) |
|
|
Term
|
Definition
|
|
Term
|
Definition
| How the attack was carried out |
|
|
Term
|
Definition
|
|
Term
|
Definition
Types:
- responsible, full, partial, none, delayed |
|
|
Term
|
Definition
| determining the identity of a person, computer, or service on a computer |
|
|
Term
|
Definition
| determining whether an entity has access to an object |
|
|
Term
|
Definition
Varying Definitions
- any attack, all attacks using vulnerability X, etc
- Anything resulting in service degradation other than problem management, service request fulfillment |
|
|
Term
|
Definition
- Acts of human error or failure
- Accidents
- Employee Mistakes
- Deliberate software attacks
- Viruses
- Worms
- Macros
- DOS |
|
|
Term
| Acts of Human Error or Failure |
|
Definition
Includes acts performed without malicious intent
Causes
- inexperience
- improper training
- incorrect assumptions
Among the greatest threats to an organization's data |
|
|
Term
| Results of Human Error or Failure |
|
Definition
- Revelation of classified data
- entry of erroneous data
- accidental data deletion or modification
- data storage in unprotected areas
- failure to protect information |
|
|
Term
| Attack Replication Vectors |
|
Definition
- IP scan and attack
- Web browsing
- Virus
- Unprotected shares
- Mass mail
- SNMP |
|
|
Term
|
Definition
Autonomous
1) scan
2) probe
3) transfer copy |
|
|
Term
|
Definition
Inject malicious code into a process's virtual memory space
Modify RET to redirect execution flow to malicious code |
|
|
Term
|
Definition
fixed morals or customs of a group of people
form basis of ethics |
|
|
Term
|
Definition
| Rules that define socially acceptable behavior, not necessarily criminal, not enforced |
|
|
Term
|
Definition
| Rules that mandate or prohibit behavior, enforced by governing authority |
|
|
Term
|
Definition
Organizational Laws
- body of expectations that defines acceptable workplace behavior
- general and broad
- must be distributed, readily available, easily understood and acknowledged by employees in order to be enforceable |
|
|
Term
| Standards, Guidelines, Best Practices |
|
Definition
| define what must be done to comply with policy |
|
|
Term
|
Definition
| a court's right to hear a case if a wrong was committed in its territory or against its citizens |
|
|
Term
|
Definition
| court's ability to reach far and apply law (ie another state, country) |
|
|
Term
|
Definition
| documentation about application of law in various cases |
|
|
Term
|
Definition
| Legal obligation beyond what's required by law, increased if you fail to take due care |
|
|
Term
|
Definition
| taken when employees know what is/isn't acceptable, what the consequences are |
|
|
Term
|
Definition
| sustained efforts to protect others |
|
|
Term
| Ethical Differences Across Cultures |
|
Definition
- create difficulty in determining what is and is not ethical
- Example: many ways in which Asian cultures use computer technology is software piracy |
|
|
Term
|
Definition
| What happens to victim as the result of a successful attack |
|
|
Term
|
Definition
| what attacker gains from successful attack |
|
|
Term
|
Definition
| what attacker spends to launch attack |
|
|
Term
|
Definition
| process of identifying and controlling risks facing and organization |
|
|
Term
|
Definition
| process of examining an organization's current information technology security situation |
|
|
Term
|
Definition
| applying controls to reduce risks to an organization's data and information systems |
|
|
Term
|
Definition
| targets of various threats and threat agents |
|
|
Term
|
Definition
- Avoidance
- Transference
- Mitigation
- Acceptance |
|
|
Term
|
Definition
| remaining risk after identification and control |
|
|
Term
|
Definition
| - Control approach that attempts to shift risk to other assets, processes, or organizations |
|
|
Term
|
Definition
- Attempts to reduce the impact of vulnerability through planning and preparation
Three Types of Plans
- Incident Response Plan (IRP)
- Disaster Recovery Plan (DRP)
- Business Continuity Plan (BCP) |
|
|
Term
| Firewall Processing Modes |
|
Definition
- Packet Filtering
- Application Gateways
- Circuit Gateways
- MAC layer firewalls
- hybrid |
|
|
Term
|
Definition
- Processing Mode
- Development Era
- Intended Deployment Structure
- Architectural Implementation |
|
|
Term
|
Definition
Examine header information and apply policies
- Relevant fields:
- src/dest IP
- protocol
- direction |
|
|
Term
|
Definition
- Static Filtering
- uses rules/policies already in place
- Dynamic filtering
- allows firewall to react to emergent event and update or create rules to deal with event
- Stateful Inspection
- firewalls that keep track of each network connection using a state table |
|
|
Term
| Screened Subnet Firewalls |
|
Definition
- Two or more internal bastion hosts behind PF router with each host protecting trusted network
Connection comes from outside, routed int and out of routing firewall to DMZ.
Only connections from DMZ allowed into internal trusted network |
|
|
Term
|
Definition
Virtual Private Network
- Private and secure network connection between systems
- Securely extends organization's internal network connections to remote locations beyond trusted network |
|
|
Term
|
Definition
- encapsulation of incoming and outgoing data
- encryption of incoming and outgoing data
- authentication of remote computer and remote user |
|
|
Term
|
Definition
Detection methods:
- signature-based
- statistical anomaly-based
Operate as:
- network-based
- host-based
- application-based |
|
|
Term
|
Definition
- examine traffic in search of patterns that match known signatures
- many attacks have clear and distinct signatures
- DB of signatures must be continually updated |
|
|
Term
| Statistical Anomaly-Based IDS |
|
Definition
- Samples network activity to compare to traffic that is known to be normal
- triggers alert when measured activity is outside baseline parameters
- can detect new types of attacks
- much more overhead and processing capacity than sig-based
- may generate many false positives |
|
|
Term
|
Definition
Network-Based IDS
- Resides on a computer or appliance connected to segment of an organization's network
- looks for attack patterns in packets
- installed at a specific place in the network where it can watch traffic going into and out of a particular network segment |
|
|
Term
|
Definition
- enable organization to use a few devices to monitor large network
- passive and can be deployed to network with little disruption
- not usually susceptible to direct attack, may not be detectable |
|
|
Term
|
Definition
- can become overwhelmed by network volume and fail to recognize attacks
- require access to all traffic being monitored
- cannot analyze encrypted packets
- cannot reliably ascertain if attack was successful or not
- some form of attacks are not easily discerned |
|
|
Term
|
Definition
- monitor single computer/server
- benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files
- Most HIDS work on the principle of config or change management
- access encrypted information |
|
|
Term
|
Definition
- detect local events that may elude NIDS
- functions on host system where encrypted traffic will have been decrypted
- not affected by use of switched network protocols
- detect inconsistencies in how apps and programs were used by checking audit logs |
|
|
Term
|
Definition
- Pose more management Issues
- Vulnerable to both direct attacks and attacks against host OS
- Doesn't detect multi-host scanning, or scanning of non-host network devices
- susceptible to DOS
- can use large amounts of disk space
- inflict performance overhead on host system |
|
|
Term
|
Definition
- Centralized
- all IDS control functions are implemented and managed in a centralized location
- Fully Distributed
- All control functions are applied at the physical location of each IDS component
- Partially Distributed:
- Combination of the two |
|
|
Term
| Honeypots, Honeynets, and Padded Cell Systems |
|
Definition
- decoy systems designed to lure potential attackers away from critical systems and encourage attacks against themselves
- Padded Cell:
- honey pot that has been protected so it cannot be compromised |
|
|
Term
|
Definition
- Trap with honeypot
- Legal Drawbacks
- Enticement
- Legal
- Entrapment
- Illegal |
|
|
Term
|
Definition
- collect copies of packets from network and analyzes them
- provide network admin with valuable info for diagnosing and resolving network issues
- can be used to sniff traffic in wrong hands |
|
|
Term
|
Definition
- Ingress Filtering
- Traceback
- Mitigation during attack |
|
|
Term
|
Definition
- Allows victim to identify attackers origin
- Approaches
- ICMP
- Probabilistic Packet Marking (PPM) |
|
|
Term
|
Definition
- Probabilistically inscribe local path info
- Use constant space in the packet header
- Reconstruct attack path with high probability |
|
|
Term
|
Definition
| - the practice/study of rendering information unintelligible to everyone except the intended recipient |
|
|
Term
|
Definition
| - study of obtaining plaintext without knowing key and/or algorithm |
|
|
Term
|
Definition
| - study of science of encryption |
|
|
Term
|
Definition
| - process of hiding messages in images, text, etc |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| encryption method, consisting of algorithm, key, and encryption/decryption procedures |
|
|
Term
|
Definition
| secret info used with algorithm to form cipher |
|
|
Term
|
Definition
| a cryptosystem should be secure if everything but the key is publicly known |
|
|
Term
|
Definition
| # of values that can be used in a key |
|
|
Term
|
Definition
| # of different actual values something can have |
|
|
Term
|
Definition
| amount of work required to perform cryptanalysis on ciphertext to recover plaintext without knowing key or algorithm |
|
|
Term
|
Definition
Pseudo-Random Number Generator
- creates a random number sequence with properties similar to those of real random number sequences |
|
|
Term
|
Definition
| converts message to a message digest, MD |
|
|
Term
|
Definition
| two messages produce same MD |
|
|
Term
|
Definition
| Number used only once, helps prevent replay attacks |
|
|
Term
|
Definition
| each plaintext but transformed into cipher one bit at a time |
|
|
Term
|
Definition
| message divided into blocks and each is transformed into encrypted block of cipher bits using algorithm and key |
|
|
Term
|
Definition
| substitute one value for another |
|
|
Term
|
Definition
| rearranges values within a block to create ciphertext |
|
|
Term
|
Definition
uses same key to encrypt and decrypt message
Examples:
DES, 3DES, AES |
|
|
Term
|
Definition
public key and private key
if encrypted with key A can only be decrypted with key B |
|
|
Term
|
Definition
| Confidentiality, Integrity, Availability |
|
|
