Shared Flashcard Set

Details

Information Security
Information Security
105
Computer Science
Undergraduate 4
07/05/2011

Additional Computer Science Flashcards

 


 

Cards

Term
“A computer is secure if you can depend on it
and its software to behave as you expect.”

A system that does what it is intended to do
d hi l and nothing else.

“The protection afforded to an automated
information system in order to attain the
objectives of preserving confidentiality,
integrity, and availability.”
Definition
– Garfinkle and Spafford
– Charles Pfleeger
–NIST
Term
Secure or insecure?
Definition
The real question, as we all know, should be,
“against what sort of attacks am I vulnerable?”
–Curt Sampson
Term
Policy
Definition
Organizational law, Must, may, must not.
Term
Data Confidentaility
Definition
Information
considered confidential (by policy) is not
disclosed to unauthorized persons.
Term
Privacy
Definition
Assurance that individuals control
htdt ll td b tth dh what data are collected about them and how
those data are used and disclosed
Term
Data Integrity
Definition
Data agree with the source
from which they are derived, and data and
programs are changed only in authorized (by
policy) manners.
Term
System Integrity
Definition
A system performs its
intended function (and nothing else)
unimpaired and free from unauthorized
manipulation.
Term
Origin Integrity
Definition
We can be sure that data
came from the ostensible source.
Term
Autehnticity
Definition
The ability to verify the source
of data, messages, etc. (This is really origin
integrity.)
Term
Accountability
Definition
We can tie actions to a
ti l tit (Thi i ii i i particular entity. (This is origin integrity
again.)
Term
NIST 3 levels of security failure
Definition
• Low: Minimal adverse effect
• Moderate: An organization can perform its
primary functions but with reduced effectiveness primary functions, but with reduced effectiveness.
• High: Performance of an organization’s mission
is significantly impaired
Term
McCumber Security Model
Definition
Safeguards (Policy, Human Factors, Technology)
Facets (CIA)
States of information (Processing, Storage, Transmissions)
Term
Attacker attack Triad
Definition
Disclosure Alteration Deception
Term
Stalling's List
Definition
• Disclosure (failure of confidentiality)
• Deception (failure of origin integrity)
• Disruption (failure of availability)
•Usurpation (this one is more a mechanism p(
than a consequence; usurpation will lead to
one or more of the consequences above.
Term
Vulnerability
Exploit
Threat
Risk
Definition
• Vulnerability: a weakness that could allow a
system to enter a state not permitted by policy.
• Exploit: a mechanism for taking advantage of
a vulnerability.
• Threat: a circumstance that could allow a
vulnerability to be taken advantage of.
• Risk: the probability that both a threat and a
corresponding vulnerability exist
Term
Goals of InfoSec
Definition
Prevention
• Prevent attackers from violating security policy
Detection
• Detect attackers’ violation of security policy
RdR Response and Recovery
• Stop attack, assess and repair damage
• Continue to function correctly even if attack
succeeds
• Return system to a state consistent with policy
Term
Policy is assumed to
Definition
• Unambiguously partition system states
• Correctly capture security requirements
Term
Types of Assurance
Definition
• Specification assurance
• Requirements analysis
• Statement of desired functionality
• Design assurance
• How system will meet specification
•Implementation assurance
• Programs/systems carry out the design
• A system does what is was designed to do…
• and nothing else!
Term
Risk managment 3 stages
Definition
• Risk management: process of identifying and
controlling risks facing an organization
• Risk identification: process of examining an
organization’s current information organization s current information
technology security situation
• Risk control: applying controls to reduce
risks to an organizations data and information
systems
Term
Goals of cryptosystems
Definition
• Message integrity
• Non-repudiation (origin integrity)
• Authentication (origin integrity)
Term
Types of symmetric encryption cyphers
Definition
• Transposition ciphers
• Substitution ciphers
• Combinations are called product ciphers
Term
Symmetric key process
Definition
Encrypt by applying the key to the
plaintext using an algorithm.
Decrypt by reversing the process using
th k d th i l ith the same key and the inverse algorithm.
Term
Computationally secure

Kirkoff's principal
Definition
• We must assume the algorithm is known.
(Kerckhoffs’ Principle.)
• A cryptosystem that is breakable may require
considerable effort. That is known as being
“computationally secure.
Term
key vs algorithm
Definition
The strength is in the key, not the algorithm!
(Assume that the bad guys know the algorithm.)
That is Kerckhoffs’ Principle.)
However, the algorithm must be free from “shortcut
attacks.”
Term
Types of cypher attacks 3
Definition
h l dhl ih li • ciphertext only: adversary has only ciphertext; goal is to
find plaintext and possibly the key
• known plaintext: adversary has ciphertext,
corresponding plaintext; goal is to find key
• chosen plaintext: adversary may supply plaintext and
obtain corresponding ciphertext; goal is to find key
Term
Problem wiht csear cypher
Definition
• Can be found by exhaustive search
• Statistical frequencies not concealed
• They look too much like regular English (or
Latin!) words Latin!) words
Term
Difference between csear and vingere
Definition
ceaser does not use phrases and vingere is polyalphabetic
Term
Period, Polyalphabetic, tableau
Definition
• period: length of key
• In the “BCD” example, the period is 3
• tableau: table used to encipher and decipher
• Vigènere cipher tableau has key letters on top,
plaintext letters on the left plaintext letters on the left
• polyalphabetic: the key has several different
letters (Cæsar cipher is monoalphabetic)
Term
random key as long as message, proovably unbreakable
Definition
One Time Pad
Term
Schannon's Characteristics
Definition
• The amount of secrecy needed determines the
amount of work that’s appropriate.
• The key space and algorithm should be free
of artificial constraints.
• Implementation should be as simple as
possible.
• Errors in enciphering should not propagate
• Enciphering should not increase message
size.
Term
• Provides confidentiality for the message.
• Provides authentication. (Assuming the key
is really secret.)
Definition
Secret Key Encryption
Term
Parameters and Design Features of Block Cypher or Fistel Structure
Definition
• block size • block size
• key size
• number of rounds
• subkey generation algorithm
• round function
• also: fast software encrypt/decrypt, ease of analysis
Term
replaced 3DES
Definition
AES
Term
Methods of key deliver NON PK
Definition
• A selects key, physically delivers to B
• Third party select keys, physically delivers to A and B;
reasonable for link encryption; does not scale well.
• A selects new key, sends encrypted using previous old
key to B; good for either, but security fails if any key
discovered
• Third party C selects key, sends encrypted to each of A
and B using existing key with each
• Distribution using public key cryptography
Term
Problem with 3rd party distribution of key NON PK
Definition
Replay attack
Term
MD5 v SDA
Definition
The MD5 hash code is 128 bits; SHA is 160.

MD5 vulnerable to colission attack
Term
Message Digest Encrypted With
Decrypted with
Definition
Senders Private Key
S Public Key
Term
Entire Message Encrypted With
Definition
Recipients PK
Term
Session Key Flow
Definition
• Alice wants to send a message m to Bill
 Assume public key encryption
 Alice generates a random cryptographic key
ks and uses it to encipher m
• To be used for this message only
• Called a session key
 She enciphers ks with Bill’s public key kB
• kB called an interchange key
 Alice sends { m } ks { ks } kB
Term
How is session key used in PK
Definition
• Encrypt the message with the secret key.
• Encrypt the secret key with the recipient’s
public key.
• Send encrypted message and encrypted
key
Term
How to hack PK
Definition
replace public key of recipient with hacker's public key
Term
goal of PKI
Definition
bind identity to a key, not possible with cryptography because keys are not unique
Term
What components are in the PKI and how do they offer authentication
Definition
Version number
• Owner (Subject)
• Public key
• Issuer (CA)
• Serial number
• Validity dates
• Certificate usage
• Extensions

These items are digitally signed (hash) using the private key of the authority.
Term
types of UID
Definition
• Real UID: user identity at login, but changeable
• Effective UID: user identity used for access
control; Setuid changes effective UID
S d UID UID b f l t h f UID • Saved UID: UID before last change of UID
 Used to implement least privilege
 Work with privileges, drop them, reclaim them
later
• Audit/Login UID: user identity used to track
original UID. Cannot be altered; used to tie
actions to login identity
Term
Groups in Unix
Definition
• Used to share access privileges
• First model: alias for set of principals
 Processes assigned to groups
 Processes stay in those groups for their lifetime
• Second model: principals can change Second model: principals can change
groups
 Rights due to old group discarded; rights due to
new group added
 This is a way to implement RBAC.
• A role is a group membership tied to
function.
Term
benefits of salt
Definition
can't see duplicates, increases difficulty against dictionary attacks, impossible to find out if a password on one system corresponds with another.
Term
(A C F L S) tuple
Definition
 A: information that proves identity
 C: information stored on computer and used to
validate authentication information
 F: mapping function  F: mapping function
f : A  C
 L: functions that tests identity
l : A C  {true, false}
 S: functions enabling entity to create or alter
information in A or C(
Term
Preventing password attacks
Definition
• Hide one of a, f, or c
 Prevents obvious attack from above
 Example: Unix/Linux shadow password file
hides c’s
• Block access to all l  L or result of l(a) ( )
 Prevents attacker from knowing if guess
succeeded
 Example: preventing any logins to an account
from a network
 Prevents knowing results of l (or accessing l)
 Not always practical
Term
Using Anderson's Password Formula

• Goal
 Passwords drawn from a 96-char alphabet
 Can test 104 guesses per second
 Probability of a success to be  0.5 over a 365
day period
 What is minimum password length required?
Definition
• Solution
 N ≥ TG/P = (365246060)104/0.5 =
6.311011
 Choose s such that 96
i
≥ N
 So s ≥ 6, meaning passwords must be at least 6
characters long.
Term
Goals of Access Control
Definition
• Complete mediation: Check every access.
(What happens if access is removed while I
am using a file? What should happen?)
• Least privilege: In granting access to an
bj t d t l t i ht th object, do not also grant more rights than
needed, nor rights to other objects.
• Acceptable use: Permitted operations depend
upon the nature of the object and access
granted.
Term
Goals of Access Control
Definition
• Complete mediation: Check every access.
(What happens if access is removed while I
am using a file? What should happen?)
• Least privilege: In granting access to an
bj t d t l t i ht th object, do not also grant more rights than
needed, nor rights to other objects.
• Acceptable use: Permitted operations depend
upon the nature of the object and access
granted.
Term
Types of Access Control Policies
Definition
• Discretionary access control: Access to
objects is at the discretion of the object owner.
• Mandatory access control: Access to objects is
based on externally-enforced policies.
• Role-based access control: Access is based
upon a role assumed by the subject.
• Not mutually exclusive.
Term
Vimercati's List
Definition
• Reliable input
• Support for fine and coarse specifications
• Least privilege
•Separation of duties p
• Dual control
• Open and closed policies
• Combination of policies: conflict resolution
• Administrative mechanisms
Term
Components of an access control record
Definition
• Object - access controlled resource
• e.g. files, directories, records, programs etc.
• number/type depend on environment
• Subject - entity that can access objects
• a process representing user/application
• often have 3 classes: owner, group, world
• Access right - way in which subject accesses
an object
Term
Access Control List v. Capabilities List
Definition
Access Control list is file centric and maintains a list of what user has what rights to that file. Column.

Capabilities List is user centeric and maintains a list of files and rights relative to the user. Row.
Term
Controls
Definition
• Mechanisms put into place to allow or disallow
object access
• Any potential barrier to unauthorized access
• Controls are organized into different categories
• Common categories
• Administrative (enforce security policy through
procedures, rules)
• Logical/Technical (implement object access
restrictions)
• Physical (limit physical access to hardware)
Term
ACID
Definition
Remember ACID
Atomic All or noting
Ci Al b i Consistent Always obeys constraints
Isolated Transactions are serialized
Durable Transactions are not lost
Term
prevents concurrent bank withdraw and deposit actions from returning the wrong value via DBMS
Definition
• Read lock: Others can read the same data,
but no one can write it because the
Database management systems maintain
isolation and consistency by locking.
but no one can write it because the
transaction with the read lock could get
inconsistent data.
• Write lock: No one else can read until the
write transaction has completed
Term
Database Integrity Items
Definition
• Attribute integrity: Each field (attribute)
The database designer describes what is
required for consistency. The DBMS
enforces those rules.
contains valid data.
• Entity integrity: Rows are unique; no part of
primary key is null
• Referential integrity: Connections among
tables are consistent.
Term
Inference Solutions
Definition
• Inference detection at database design
• alter database structure or access controls
• Inference detection at query time
• by monitoring and altering or rejecting queries
• We need an inference detection algorithm
• a difficult problem
• consider the employee-salary exampleIn
Term
Ping/ICMP
RawSocket
How TCP breaks
Definition
Syn - syn/ack
create packets with false source IP
Table of syn/ack (half open connections) full.
Term
Verifying the reverse path
Definition
Cisco looks at packet to verify route back to source, else dropped (reverse path forward RPF)
Term
incoming and outgoing blocking measure
Definition
Own netowrk addresses incomign should be blocked
Block offnetowrk addresses outgoing.
Term
reflection attack
Definition
UDP - send to machine from target, syn/ack gets sent to target from machine.

Bad guy sends small packets, and the target receives big packets.
Term
Echo port + _____ = loop
Definition
character generator port.
Term
prevent DDOS
Definition
Block all ports not needed, ICMP and ECHO...turn off and block. (Defense in depth)
Term
DNS reflection attack.
Definition
ping sent to broadcast address of a large network, several response packets to spoofed source. UDP.
Term
What could potentially eliminate spoofed source address attacks?
Definition
Block outgoing traffic that is not on personal network.
Term
an option for limiting risk to DOS and avoid filling up conn table
Definition
Rate limit TCP/UDP/ICMP requests

Syn cookie uses senquenc # to validate communication

Shorten timeouts when close to full

Drop random or selected connections

Don't accept broadcast packets on incoming address (blcoked at edge router)

Block services not used.

Use puzzles to validate human/machine interaction.
Term
Preventative measures for DDoS
Definition
Pre arranged contacts and upstream traffic filtering

Analyze traffic with wireshark on edge router

IDS to find anomoly
Term
Dropping closed port packets
Definition
recovers outbound badnwidth
Term
icmp unreachable
Definition
rate limit this
Term
Firewalls do not hlep in this secnario
Definition
laptop is taken home, infected, then returned to office enviro
Term
use fixed addressses on firewalls so
Definition
if DNS fails, they stay in service
Term
Things to parse email for
Definition
known malicious content

failure to follow SMTP Specs

Proprietary info
Term
to interact with SSH in DMZ
Definition
use public keys
Term
how to handle customer data
Definition
order placed on machine stored in memory encryped with PK from internal trusted network and stored to unix data storage where webserver in DMZ has write but not read privlidge
Term
logs handlesd how
Definition
written to one time write media and stored in internal centeral log server
Term
What to do with attacks on external firewall
Definition
log them and ignore to justify security budget
Term
attack on DMZ indicates
Definition
untrustworthy admin
faulty software
external firewall failrue
Term
NAT benefit
Definition
Unsolicited traffic is dropped. There is not a table entry for it in the NAT table.
Term
how to buffer overflow
Definition
os calls function which loads retun addy for OS and start addy for current function, current function calls second function, second function writes it's addy and a return addy so that the stack can return to previous place (cur func). if enough data is inserted into secondFunc to write up to the return instruction, the attacker can inject code/system library commands and execute wiht the privlidge of the app.
Term
Compile time defenses stack overflow
Definition
strongly typed language
Canarie
Safe libraries
Good coding
Term
buffer voerflow runtime def
Definition
non executable memory (need special hardware, write stack in NEM)

Randomly generated OS libraries (256 configs in windows)

Guard pages in memory to crash program.
Term
prevent heap overflow
Definition
mark as NXE and randomize heap
Term
Global data overflow defenses
Definition
Defenses: non executable or random
global data region, move function
pointers, guard pages
Term
mysql escape string and unicode checking
Definition
used to prevent mysql execution
can't convert ascii chars for sql injection because they are detected.
Term
better than escape strings
Definition
parameters, they're always treated as variables.
Term
how to detect torjan being compiled into a program
Definition
compare machine code to source code.
Term
race condition
Definition
OS sync used so we know what process is going to use the shared memory first.
Term
privlidged libraries
Definition
if a library is going to be priv, we must staticly link it so we know what it is and can account for it in the enviro vars. Enumerating goodness.
Term
big program
Definition
break down into modules and assign privs to modules on a need basis, then remove privs.
Term
maintenience bypass
Definition
need this for to replace UPS battery.
Term
dual power supplies
Definition
two different ups's powered by two different circuits
Term
SLE
Definition
• The single loss exposure (SLE) of an adverse
event is the cost incurred if the event takes
place.
• It may be a range. Example: the SLE of an
tbil k(fth l) automobile wreck (for the car only) may
range from a coupe of thousand dollars to a
“totaled” car, the entire cost.
Term
ALE and actual cost
Definition
• Probability of risk occurring in one year
times economic impact (SLE).
•The actual cost is either zero or the full
economic impact.
• A good ALE depends on good estimates of
both probability and cost.
• For large numbers (e.g. car insurance) this
can be a quite precise actuarial estimate.
• ALE can be a range
Term
ALE calculation
Definition
• Risks are probabilities: annual rate of occurrence
(ARO)
• The “cost” of a risk is the probability that the
adverse event will be realized times the
economic impact if it is. This is “annualized loss
expectation.” ALE = SLE × ARO
Term
CBA formula
Definition
• ALE = Annualized Loss Expectation
• ACC = Annual Cost of Control
• B = ALE(before) – ALE(after) – ACC
• If B (benefit) is positive, it makes financial
sense to implement the control.
Term
Evidence should be
Definition
Sufficient
Compitent
Relevant
Term
Types of evidence
Definition
Direct - oral testimony and knowledge
real - physical
Documentary - documented
Demonstration
Term
Best evidence
Definition
Preference for originals
Term
Chain of custody
Definition
Dated Signed Contemporaneous notes
Term
Daily message digest
Definition
Good to proove tampering of evidence
Term
make image copy of disk
Definition
references to files are gone, slack space exists that may contain original data, we do this in event of law involvement.
Term
elements of privacy
Definition
anonymity
Psuedonymity
unlinkability
unobservability
Supporting users have an ad free experience!