Term
|
Definition
-Boot Components are identified cryptographically
-Hashes are checked at boot to validate each component is not tampered with
-Part of Intel Trusted Execution Technology
-Provides detailed log of everything that happens before load of the actual antimalware software
-Helps in troubleshooting |
|
|
Term
|
Definition
| -Allows only signed boot software to load |
|
|
Term
UEFI
https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface |
|
Definition
-Ability to use large disks (over 2 TB) with a GUID Partition Table (GPT)
-CPU-independent architecture.
-CPU-independent drivers.
-Flexible pre-OS environment, including network capability.
-Modular design.
-Backward and forward compatibility. |
|
|
Term
| Security Evaluation for OS (Trusted OS) |
|
Definition
-CC
-Evaluation Assurance 1-7
-Most commonly accepted as secure for commercial applications is EAL 4
-Lower than 4 is not secure |
|
|
Term
|
Definition
| Functionality - Correct operation, threats are not serious |
|
|
Term
|
Definition
| Structure: Low to moderate level of security |
|
|
Term
|
Definition
| Methodology: An analysis supported by testing, selective independent confirmation of the vendor test results, vendor search for obvious vulnerabilities |
|
|
Term
|
Definition
Methodology and Design: Evaluation moderate to high level of independently assured security, unconventional products
-Minimum level for govt. |
|
|
Term
|
Definition
| Semiformal Design - High level security in a planned development, rigorous approach Resistance to pen attackers with a moderate attack potential |
|
|
Term
|
Definition
| Development of specialized security products, application in high risk situations. Resistance to penetration attackers with high attack potential |
|
|
Term
|
Definition
| Formal Design: Used in the development of security products for application in EXTREMELY HIGH RISK situations. Evidence of vendor testing, independent confirmation. |
|
|
Term
|
Definition
-Physical access, embedded systems
-Updates/Patches, Firmware, Monitoring |
|
|
Term
|
Definition
-Hardening, remove unnecessary services
-Restrict user accounts,
-Frequent Re-Imaging |
|
|
Term
| MDM Mobile Device Management |
|
Definition
-Insecure access to website
-Insecure Wi-Fi connectivity
-Lost/Stolen devices w/corporate data
-GeoLocation Services
-Missing upgrades/security patches
-Unauthorized downloads, applications, games
-Can enable a company to secure users BYOD without compromising personal data |
|
|
Term
| BYOD Bring Your Own Device |
|
Definition
-Define use of personal devices
-White list apps
-Periodic user training
-Pword/pin
-Screen lock
-Remote Wiping
-GPS/Remote location (locate device) |
|
|
Term
|
Definition
-Wireless Keyboards
-Wireless Mouse
-Displays
-WiFi Enabled MicroSD cards
-Printers/MFDs
-External Storage Devices
-Digital Cameras
-Peripheral Updates
-Physically Secured |
|
|
Term
| IMA Integrity Measurement Architecture |
|
Definition
-Open Source Alternative that creates a measured runtime environment
-List of components that need to load
-Anchors that list to TPM |
|
|
Term
|
Definition
-a runtime measurement list
-can be linked to TPM
-used to attest to the system's runtime integrity |
|
|
Term
| Integrity Measurement Architecture |
|
Definition
Provides the following services:
- Collect – measure a file before it is accessed.
- Store – add the measurement to a kernel resident list and, if a hardware Trusted Platform Module (TPM) is present, extend the IMA
-PCR
- Attest – if present, use the TPM to sign the IMA PCR value, to allow a remote validation of the measurement list. |
|
|
Term
|
Definition
RF signals caused by data streams from keyboards, hard drives, network connections, video display |
|
|
Term
|
Definition
Modifiying security through injecting EMI to change sensor or other input |
|
|
