Term
|
Definition
| Controls that prevent harmful occurrence |
|
|
Term
|
Definition
| Controls that detect after harmful occurrence |
|
|
Term
|
Definition
| Controls that restore after harmful occurrence |
|
|
Term
|
Definition
|
|
Term
| Logical or Technical Controls |
|
Definition
| Controls that restrict access |
|
|
Term
|
Definition
| Controls that prevent entry |
|
|
Term
| Mandatory access control (MAC) |
|
Definition
| Authorization of subject’s access to an object depends on labels (sensitivity levels), which indicate subject’s clearance, and the classification or sensitivity of the object. Rule based Access Control |
|
|
Term
| Discretionary Access Control (DAC) |
|
Definition
| Subject has authority, within certain limits, to specify what objects can be accessible (e.g., use of ACL). Identity Based Access Control |
|
|
Term
| Non-Discretionary Access Control |
|
Definition
| Central authority determines what subjects can have access to certain objects based on organization’s security policy (good for high turnover). Roles-Based Access Control or a Lattice-Based Access Control |
|
|
Term
|
Definition
| Establishes accountability |
|
|
Term
| Three Factor Authentication |
|
Definition
- Something you know (password)
- Something you have (token)
- Something you are (biometrics)
- Sometimes - something you do |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Changes each time you login |
|
|
Term
| Preventative Physical Controls |
|
Definition
| Restrict physical access, guards, man trap, gates |
|
|
Term
| Detective Phyiscal Controls |
|
Definition
| Motion detectors, cameras, thermal detectors |
|
|
Term
| Preventative Technical Controls |
|
Definition
| Logical system controls, smart cards, bio-metrics, menu shell |
|
|
Term
| Detective Technical Controls |
|
Definition
| IDS, logging, monitoring, clipping levels |
|
|
Term
| Preventative Administrative Controls |
|
Definition
| Policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks. |
|
|
Term
| Detective Adminstrative Controls |
|
Definition
| Polices and procedures, job rotation, sharing of responsibilities |
|
|
Term
| Synchronous Dynamic Password |
|
Definition
- Token – generates passcode value
- Pin – user knows
- Token and Pin entered into PC
- Must fit in valid time window |
|
|
Term
|
Definition
- System generates challenge string
- User enters into token
- Token generates response entered into workstation
- Mechanism in the workstation determines authentication |
|
|
Term
| False Rejection Rate (FRR) |
|
Definition
|
|
Term
| False Acceptance Rate (FAR) |
|
Definition
|
|
Term
| Crossover Error Rate – (CER) |
|
Definition
|
|
Term
|
Definition
| Are made up of ridge endings and bifurcations exhibited by the friction ridges and other detailed characteristics that are called minutiae. |
|
|
Term
|
Definition
| Scans the blood-vessel pattern of the retina on the backside of the eyeball. |
|
|
Term
|
Definition
| Scan the colored portion of the eye that surrounds the pupil |
|
|
Term
|
Definition
| Takes attributes and characteristics like bone structures, nose ridges, eye widths, forehead sizes and chin shapes into account. |
|
|
Term
|
Definition
| The palm has creases, ridges and grooves throughout it that are unique to a specific person. |
|
|
Term
|
Definition
| The shape of a person’s hand (the length and width of the hand and fingers) measures hand geometry |
|
|
Term
|
Definition
| Distinguishing differences in people’s speech sounds and patterns. |
|
|
Term
|
Definition
| Electrical signals of speed and time that can be captured when a person writes a signature. |
|
|
Term
|
Definition
| Captures the electrical signals when a person types a certain phrase. |
|
|
Term
|
Definition
| Looks at the size and width of an individual’s hand and fingers. |
|
|
Term
|
Definition
- Symmetric key encryption
- KDC – Key Distribution Center; has copies of user account credentials
- TGS – Ticket Granting Service; grants session tickets
- AS – Authentication Server; authenticates the user to the KDC
-Network servers treat KDC as trusted third party |
|
|
Term
|
Definition
| Knows secret keys of Client and Server and exchanges info with the Client and the Server using symmetric keys |
|
|
Term
|
Definition
| Sends Client back ticket for server and authenticator for server. Grants temporary symmetric key |
|
|
Term
|
Definition
- Fingerprints
- Retina Scans
- Iris Scans
- Facial Scans
- Palm Scans
- Hand Geometry
- Voice Print
- Signature Dynamics
- Keyboard Dynamics
- Hand Topology |
|
|
Term
|
Definition
Secure European System for Applications in a Multi-vendor Environment
- Uses Needham-Schroeder protocol
- Uses public key cryptography
- Supports MD5 and CRC32 Hashing
- Uses two tickets
1) One contains authentication
2) One contains the access rights to the client |
|
|
Term
|
Definition
| Remote Access Dial-In User Service; incorporates an Authentication Server and dynamic password |
|
|
Term
|
Definition
| Terminal Access Controller Access Control System; for network applications, UNIX based uses a static pwd |
|
|
Term
|
Definition
| Terminal Access Controller Access Control System Plus, supports token authentication |
|
|
Term
|
Definition
| Challenge Handshake Authentication Protocol; supports encryption, protects password |
|
|
Term
|
Definition
| Preservation of integrity through the use of nonvolatile storage media |
|
|
Term
|
Definition
| Unambiguously identifies a record. Points to a record (tuple) |
|
|
Term
|
Definition
| # of rows in a relationship (table) |
|
|
Term
|
Definition
| # of columns in a relationship (table) |
|
|
Term
|
Definition
| Any identifier that is a unique to the record |
|
|
Term
|
Definition
| Any value that matches the primary key of another relation (table) |
|
|
Term
| Relational Database Operations |
|
Definition
- Select – based on criteria i.e. all items with value > $300.00
- Join - join tables based on a common value
- Union – forms a new relation (table) from two other relations
- View – (virtual table) uses join, project, select - Views can be used to restrict access (least privileges)
- Query plan
1) Comprised of implementation procedures, lowest cost plan based on “cost”
2)Costs are CPU time, Disk Access
3)Bind – used to create plan |
|
|
Term
|
Definition
Ensures that attributes in a table rely only on the primary key
- Eliminates repeating groups
- Eliminates redundant data
- Eliminates attributes not dependent on the primary key |
|
|
Term
| Structured Query Language Commands |
|
Definition
- Select
- Update
- Delete
- Insert
- Grant – Access Privileges
- Revoke – Access Privileges |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Uses system and event logs and is limited by log capabilities |
|
|
Term
| Signature Based – (Knowledge Based) IDS |
|
Definition
- Signatures of an attack are stored and referenced
- Failure to recognize slow attacks
- Must have signature stored to identify |
|
|
Term
| Statistical Anomaly Based (Behavior Based) IDS |
|
Definition
| Determines “normal” usage profile using statistical samples and detects anomaly from the normal profile |
|
|
Term
|
Definition
-Nessus
-Nmap
-Security Admin Integrted Network Tool (SAINT)
-Security Admin Tool for Analyzing Networks (SATAN) |
|
|
Term
|
Definition
| Process of probing network for open ports, security holes and general system weaknesses |
|
|
Term
|
Definition
-A centralized network authentication serivce
-Developed by MIT in mid 1980s |
|
|
Term
|
Definition
-One time authentication for mulitple network services
-Strong cryptographic implementation using DES and RC4
-Two way authentication capability |
|
|
Term
| Password Authentication Protocol (PAP) |
|
Definition
| Users sends ID and password in cleartext to authentication server |
|
|
Term
| Remote Procedure Call (RPC) |
|
Definition
| Server authenticates client before executing remote operation; uses public key encryption (PKE) for tranmissions |
|
|
Term
|
Definition
| Used for Decentralized/Distributed Access Contol. Ensures integrity through persistency |
|
|
Term
| Network Information Service |
|
Definition
| Used for Decentralzied/Distributed Access Control. Password and file sharing using a distributed database over a network |
|
|
Term
|
Definition
| Resources organized under protected address space with same management and information security policy |
|
|
Term
| Mandatory Access Control (MAC) |
|
Definition
| Restrictive access model based on sensitivity levels; enforced by the O/S and can be difficult to implement |
|
|
Term
| Discretionary Access Control (DAC) |
|
Definition
| Allows data owner control over access; uses ACL, O/S enforces ACLs, most commonly used |
|
|
Term
| Rule Based Access Control (RBAC) |
|
Definition
| Predefinied ACLs determine access; most commonly used with firewalls, administrators determine rules or conditions of access |
|
|
Term
| Role Base Access Control (RBAC) |
|
Definition
| Access based on user's specific role in organization, also known as Non-Discrentionary Access Control. User can only be assigned one role. |
|
|
Term
| Identifiation and Authenication |
|
Definition
| Used to protect systems from unauthorized users proving the identity of a user or system |
|
|
Term
| Mechanisms for Identification and Authentication |
|
Definition
-username/password
-tokens
-biometrics
-kerberos |
|
|
Term
|
Definition
| Attacks launched against applications exploiting known flaws and vulnerabilities |
|
|
Term
|
Definition
| Malicious program or piece of code disguised as, or embedded in legitimatel software |
|
|
Term
|
Definition
| Malicious code inserted into a legitimate application; launches when specific conditions are met |
|
|
Term
| Denial of Service(DoS)/Distributed Denial of Service(DDoS) |
|
Definition
-Disrupts legitimate use of services
-Commonly accomplished by buffer overflow
-Blocks communications with TCP sessions overloads
-DDoS intensifies the DoS activity by using multiple systems |
|
|
Term
|
Definition
-Access without secuirty checks
-Initially intended for S/W developers access for debugging
-Intruders exploit those that have not been closed or create their own |
|
|
Term
|
Definition
-Creates IP packets with a forged source IP address
-attempts to setup connection using IP address of trusted source
-Connection may allow an attacker access to the target without authenticating |
|
|
Term
| Man in the Middle Attack (MITM) |
|
Definition
| Attacker intercepts traffic and has both originating parties believe they are communicating with each other; common in Telnet and Wireless |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Information is extracted from packets captured over the network by attackers and 'replayed" later |
|
|
Term
|
Definition
| Intruder takes control of legitimate TCP/IP session by spoofing the source address; spoofed packet in inserted into victims communication stream redirecting session to rogue client |
|
|
Term
|
Definition
| Manipulating legitimate users into revealing sensitive information; usually done by stressing urgency or seemingly harmless assistance |
|
|
Term
|
Definition
| Attacking an account in attempt to discover valid password |
|
|
Term
|
Definition
| Repeating trying password combinations |
|
|
Term
|
Definition
| Tries every word in a dictionary |
|
|
Term
|
Definition
| Looking over a user's shoulder in attempt to learn their password |
|
|
