Term
|
Definition
Confidentiality of information prevents the data from being observed by unauthorized personnel. The Confidentiality (or sensitivity) level of data reflects the amount of damage that would occur if the data were made public. Confidentiality is addressed by encryption and access controls.
|
|
|
Term
|
Definition
Integrity refers to the accuracy of information and the prevention of unauthorized modification.The Integrity level of data reflects the amount of damage that would occur if the data were modified in an unauthorized way. Integrity is addressed by digital signatures and access controls.
|
|
|
Term
|
Definition
Availability is the ability to provide information in a timely manner. Generally, availability is addressed by redundant data (backups), redundant connections and redundant systems.
|
|
|
Term
| What is information assurance? |
|
Definition
| Operations that protect information by assuring information has: availability, integrity, confidentiality, non-repudiation(non-deniability) and authenticity. |
|
|
Term
| Describe amateur attackers. |
|
Definition
1) They do not benefit financially or militarily.
2) They tend to be disgruntled employees, teenagers, and people with nothing else to do.
3) They are motivated by curiosity.
4) They tend to use well-known attacks. |
|
|
Term
| Describe Professional attackers. |
|
Definition
1)State sponsored or well-funded attackers.
2)Motivated by financial gain, intelligence gathering, cyber-terrorism and Information Warfare.
3) These attackers use unknown techniques. |
|
|
Term
| What does it mean to "harden" a system? |
|
Definition
1) Install the latest patches.
2) Remove unnecessary services. |
|
|
Term
| What is the benefit of a signature-based Intrusion Detection System? |
|
Definition
| Intrusion detection systems use known attacks to detect potential intrusions. |
|
|
Term
| What is a "Zero Day" exploit? |
|
Definition
| A new bug or attack that hasn't been used before to attack a computer system. |
|
|
Term
|
Definition
| Standards for proper behavior that fill in the gaps where laws do not apply. |
|
|
Term
|
Definition
| A team of government programmers who test vendor claims of OS security. They developed the "penetrate and patch" technique. |
|
|
Term
| What is the "Penetrate and Patch" technique? |
|
Definition
| Break into a system, then patch the hole, and then break in again. Continue this process until you cannot break in again. This technique failed because new holes were always found. |
|
|
Term
|
Definition
| Anything of value that we want to protect. |
|
|
Term
|
Definition
| Anything that can harm our information (people, lightning, etc...) |
|
|
Term
| What is a "Vulnerability"? |
|
Definition
| Information is vulnerable to unauthorized observation (confidentiality), modification (integrity), and denial of availability (availability). |
|
|
Term
| What is a "Countermeasure"? |
|
Definition
| A technique for keeping a threat from harming an information vulnerability. |
|
|
Term
| Describe personnel security as it relates to information security. |
|
Definition
1) It is expensive.
2) It involves background checks, lie detectors, etc... on users in the system.
3) It reduces the probability of security breaches, but not to zero. |
|
|
Term
| Describe separation of duties as it relates to computer security. |
|
Definition
1) More than one person is required to perform an action within a system.
2) reduces the probability of a security breach, but not to zero. |
|
|
Term
| Describe an audit as it relates to computer security. |
|
Definition
1) All activities are monitored and recorded.
2) It is a psychological deterent.
3) It is reactive (happens after-the-fact). |
|
|
Term
| Describe an authorization policy. |
|
Definition
| Describes how an enterprise is going to allows users into a system and what they are allowed to do within the system. |
|
|
Term
| Describe the Principle of Least Privilege |
|
Definition
1) This is the typical authorization policy used.
2) Permissions are granted only to those who need authorization.
3) "Need to know" is an application of POLP. |
|
|
Term
|
Definition
This denies access to unauthorized persons and allows access to authorized users.
|
|
|
Term
| How do we address an Access Control failure? |
|
Definition
1) Intrusion Detection
2) Defense-in-Depth |
|
|
Term
| What is defense-in-depth? |
|
Definition
| Using multiple access controls in series. For example, a password protected workstation in a locked office. |
|
|
Term
| What is Identity Management? |
|
Definition
The management of identification (humand and entity)
Includes:
1) collection of ID information
2) the protection of this information
3) sharing this information |
|
|
Term
| Describe Identification and Authentication for Access Control purposes |
|
Definition
Two-step process
1) Person states their identity with a user ID
2) The person proves that the stated ID is correct (they authenticate the stated ID) |
|
|
Term
| What are the three ways humans can authenticate themselves? |
|
Definition
1) By providing a secret known to them (password or PIN)
2) By providing a physical object that is only possessed by them (a token)
3) By providing a physical characteristic that is unique to them (biometrics) |
|
|
Term
| What is two-factor authentication? |
|
Definition
| Sometimes referred to as "strong authemticiation", two-factor involves the use of two authentication methods together to authenticae someone, i.e. a token and biometrics, or a PIN and a token, etc... |
|
|
Term
| What are the advantages/disadvantages of passwords? |
|
Definition
Advantages: 1) Performed in software (no extra expense for tokens or card readers)
2) Common (people are used to it)
3) They can be secure
Disadvantages: 1) They need to be remembered
2) There are several attacks against password authentication |
|
|
Term
| What are the advantages/disadvantages of tokens? |
|
Definition
Advantages: 1) Users don't have to remember anything
2) No secret can be observed and reused
Disadvantages: 1) They can be lost or stolen
2) They are physical objects and therefore cost more to implement (cards and card readers) |
|
|
Term
| What are the advantages/disadvantages of biometrics? |
|
Definition
Advantages: 1) They can't be lost.
2) The user doesn't have to remember anything
3) The user does not have to have anything
Disadvantages: 1) Readers are expensive
2) Biomentric info sent over a network can be intercepted and replayed.
3) Can generate false positives and false negatives |
|
|
Term
| Describe a password "Guessing Attack" |
|
Definition
Passwords that are vulnerable to a guessing attack include:
1) Short passwords
2) Common word passwords
3) Passwords that are related to the user (i.e. name of pet, child, etc...)
|
|
|
Term
| Describe a password "Social Engineering Attack" |
|
Definition
| This tricks the user into divulging their password. Common SE attack is "phishing" through a fake website. |
|
|
Term
Describe a password attack known as a
software "Keystroke Logger" attack |
|
Definition
| Programs that are installed by users with system administrator privileges or viruses that exploit flaws to obtain sys admin privileges. |
|
|
Term
Describe a password attack known as a
hardware "Keystroke Logger" attack |
|
Definition
| Devices that intercept keystrokes between the keyboard and the computer. Typically, they are installed between the keyboard cable and the cable jack. For wireless keyboards, they can be placed within 10 meters of the keyboard. |
|
|
Term
| What is password cracking? |
|
Definition
| The mother of all guessing attacks. Easily finds weak passwords and may find strong passwords. It requires the attacker to have either a copy of the computer's "password file" or the equivalent information. |
|
|
Term
| How does a "Dictionary Attack" work? |
|
Definition
| Successive dictionary words are hashed until a match is found. Runs very quickly because it tries a relatively small number of strings (20,000 and 200,000) |
|
|
Term
| How does a "Brute force" attack work? |
|
Definition
| In this attack, all strings of specified lengths and character set are tried as potential passwords. The only impediment to this attack is TIME. |
|
|
Term
|
Definition
The set of passwords of a given length and a given character set. The general formula for the size of password space is:
(size of the character set) length
|
|
|
Term
Given a computer can perform 1,000,000 (=106) Brute Force iterations in one second,
how long will it take to Brute Force a 6 character password, giving that there are 3.09 x 108 6 upper-case letter passwords? |
|
Definition
Since (3.09 x 108)/106 seconds =
3.09 x 102 = 3.09 x 100 seconds (or 5 minutes),
it will take about 5 minutes to try all 6 character upper-case passwords
|
|
|
Term
| What are some good password selection rules? |
|
Definition
1) Do not select a dictionary word
2) Use a long password
3) Upper and lower-case letters
4) Digits
5) Special characters (i.e. !$&) |
|
|
Term
| What is an example of proactive password enforcement? |
|
Definition
| A user selects a new password and the system will not accept it unless it satisfies some "password" minimum requirements. For example, at lease 9 characters, 2 digits, 2 upper, 2 lower-case, etc... |
|
|
Term
| What is an example of reactive password enforcement? |
|
Definition
| Running a password cracking program, to verify that all user's passwords cannot be cracked. |
|
|
Term
| What is a machine generated password? |
|
Definition
| Randomly generated passwords that match the password selection criteria (specified length and character requirements) and are constructed out of syllables that are easily pronounced. |
|
|
Term
| What is an example of two-factor authenication and why? |
|
Definition
| Bank ATM card, because if you loose your wallet, the finder does not have your PIN and if someone sees your PIN, they do not have your card. You need both the bank card and the PIN. |
|
|
Term
| What is the Network Authentication Replay Attack? |
|
Definition
| When users authenticate over a network and their ID and authentication information is captured and is then "replayed" at a later time. |
|
|
Term
| How can the Network Authentication Replay Attack be defeated? |
|
Definition
| Though the use of dynamic or one-time passwords. |
|
|
Term
| What is a dynamic password? |
|
Definition
| A dynamic or one-time password is a password that is different every time it is used to authenticate. This technique is commonly used in challenge and response protocol. |
|
|
Term
| What is challenge and response protocol? |
|
Definition
| A client sends a user ID. The server sends a random challenge to the client. The client system calculates a response and sends the response to the server. The server calculates the response using the challenge that it sent and the hash of the user's password. They compare the response that they compute w/ the received one. if the recei ed response is the same as the computed response, the user is logged in. |
|
|
Term
| What is a Login Spoofing Attack aka Password Grabbers? |
|
Definition
| These programs look like the real login screen, but when the user enters their ID and password, it captures the info and displays "Incorrect Password" message then exits. The user thinks they erred while entering their info again and are logged in correctly. However, the attacker captured the user's info without the user's knowledge. |
|
|
Term
| How can a Login Spoofing Attack be defeated? |
|
Definition
| By using a "trusted path" whenever a user attempts to login to a computer. |
|
|
Term
|
Definition
| A guarantee that the user is talking to the real loging program and not an attacker's fake login program. Windows implementsthe trusted path with the Ctrl-Alt-Del key sequence. |
|
|
Term
| What is a single sign-on technique? |
|
Definition
| This allows the user to authenticate once, and then be granted access to all LAN resources (i.e. ERN domain, Python, email etc...) until they log-out. However, this technique does not folow the POLP. If a user steps away from their computer, an attacker has access to all your resources. |
|
|
Term
| What characterizes a DAC policy? |
|
Definition
| Discretionary Access Control policy allows users to set an Access Control List (ACL) on a file so that any other user can read it or e-mail a file to any other user. A user can share the information in the file with other users at their discretion. |
|
|
Term
| What characterizes a MAC policy? |
|
Definition
| A system that does not allow a user to set an ACL on a file so it can be read by another user or email a file to another user. Air-gapped/sysytem high networks use this type of policy. |
|
|
Term
|
Definition
Discretionary Access Control-An ACL (Access Control List) lists users or user groups and their associated permissions for an object. "Bob (grant, read, write), Student Group (read), Carol (read, write)
One list per object (list identifies users and their permissions) |
|
|
Term
| What is a Capability List? |
|
Definition
Discretionary Control List-A C-List lists names of files and directories and the corresponding permissions for the files and directories for that user. "report.xls (grant, read, write), Schedule.doc (read), video-edit.exe (execute)."
One list per user (list identifies objects and their permissions) |
|
|
Term
| What are the Pros and Cons of ACLs? |
|
Definition
Pros-Convenient, can assign groups of users
Cons- implementation can be confusing, for example, inherited rights can allow a user to create a file, but not allow them to delete it |
|
|
Term
| What are the Pros and Cons of C-Lists? |
|
Definition
Pros- 1)provide a fine level of granularity for access control
2) could potentially limit the effects of a trojan horse
Cons- 1) Lists can get very large
2) users typically need access to other files as well as their own |
|
|
Term
| Why are DAC policies susceptible to Trojan Horse attacks? |
|
Definition
| Once a user accepts a program from another user, that program could run on the user's behalf using the permissions from the user. |
|
|
Term
| What problem does a computer-based MAC implementation address? |
|
Definition
|
|
Term
| What is an Air-Gapped Network? |
|
Definition
| A network that does not allow access between networks. There is usually a one-way connection that allows users to reach out for information, but cannot provide information back. |
|
|
Term
| Why does a label-based MAC policy implementation need to be of high assurance? |
|
Definition
1) If the labels are modified a user could see data that they are not authorized to see
2) If the clearance level of the user on a system is modified, the user could see information that they are not authorized to see.
3) The mechanism that performs the label comparison must be tamperproof, always work correctly, and be invoked on every access request. |
|
|
Term
| What are the Bell and LaPadula (BLP) confidentiality rules? |
|
Definition
|
|
Term
| Why does the BLP confidentiality model allow users to write to levels that they can't read? |
|
Definition
| Since the BLP is a confidentiality model and writing up is not a confidentiality problem, writing is allowed. Writing up is often called a Blind Write and it is an Integrity problem. |
|
|
Term
| What is the BLP Write Heuristic? |
|
Definition
When Blind Writes are not allowed,
A user is not allowed to write up and
the BLP no write down rule does not allow a user to write down.
Therefore, a user can only write to files that are labeled at the user's current session level. |
|
|
Term
| What are the Biba Integrity Model rules? |
|
Definition
Rule 1- No write up
Maintains the integrity of the data by preventing a low integrity user from writing dtat that is labeled high
Rule 2- No read down
Prevents a program performing a high integrity task from reading and acting upon low integrity data. |
|
|
Term
| What are the basic conclusions of BLP and Biba models? |
|
Definition
BLP no-read-up and no-write-down rules constrain the flow of information. Only permit an upward flow of information based on confidentiality.
Biba no-read-down and no-write-up rules constrin the flow of information. Only permit a downward flow of information based on integrity. |
|
|
Term
| What is a covert channel? |
|
Definition
| This is a disk exhaustion channel. This exists if a program running at a lower level session can determine if the disk has been filled by a program running at a higher session level. |
|
|
Term
| What are the types of covert channels? |
|
Definition
1) Resource exhaustion channels
(storage channels)
2) Timing Channels |
|
|
Term
| What is a multilevel subject? |
|
Definition
| This allows us to downgrade information throught the use of a "trusted subject" or "multilevel subject" This allows us to read at one level and then copy at a lower level. This is necessary due to BLP rules "No Write Down." |
|
|
Term
| What is role-based access control? |
|
Definition
| These are typically implemented in large enterprise applications where a user in one of these roles is restricted to performing only actions that are necessary to perform their duties. for example- Python (studdent, instructor, etc...) |
|
|
Term
| What are examples of supporting policies for MAC and DAC needed to address the untrustworthy authorized user? |
|
Definition
| Auditing, Identification and Authentication, Object reuse, and aggregation |
|
|
Term
|
Definition
| Requires memory locations to be voided of all old data before they are reused (the files need to be overwritten when they are deleted) |
|
|
Term
|
Definition
| Where a combination of several data items has greater level of sensitivity than the individual items. |
|
|
Term
| What is the difference between security functionality and assurance? |
|
Definition
| Security functionality has to do with what system does to enforce a system's secruity policy. Assurance has to do with the level of confidence that systems' security functions are free from vulnerabilities. |
|
|
Term
|
Definition
| A Trusted Computing Base (TCB) is the totality of all protection mechanisms used to protect the functionality of the system. |
|
|
Term
| What is a security perimeter? |
|
Definition
| An imaginary line around the TCB and is helpful to understand what is needed to protect all of the TCB components. |
|
|
Term
| What are the three implementation requirements of a Reference Monitor? |
|
Definition
Complete- means the accesses are always invoked
Isolated- means the protection mechanisms cannot be modified
Verifiable- the system is small and simple that it can be analyzed |
|
|
Term
| What are the goals of memory protection? |
|
Definition
| The ability to protect regions of memory from unauthorized observation or modification. Without memory protection, there is no password protection. |
|
|
Term
|
Definition
| Prevents application from reading and modifying security relevant OS programs and data. They are divided into either privileged (Ring 0) or unprivileged (Ring 1) regions or domains. |
|
|
Term
| What are the restrictions imposed on Ring 1 programs when accessing Ring 0 data without using a gate? |
|
Definition
| Ring 0 will not allow a Ring 1 program write to or read from a Ring 0 memory location. |
|
|
Term
| Why are Ring 1 restrictions important? |
|
Definition
| This is important because it prevents malicious or corrupted code from an application to infect the OS or prevents Ring 1 from accessing the access controls (ACLs) in the OS's security programs. |
|
|
Term
| What are Gates as they relate to Rings? |
|
Definition
| Gates are mechanisms that allow programs in Ring 1 to call Ring 0 programs in carefully controlled ways. Specifically, a Gate only allows Ring 1 programs to call a small set of Ring 0 programs that are necessary to support user and application requests. |
|
|
Term
| Why is Process Address Space Control important? |
|
Definition
| When an OS enforces process address space control, each user is allocated a region of Ring 1 memory (called an address space) and the user's processes are only allowed to read and write bytes and execute programs that are within this address space. The OS usually informs users if 2 users with write permissions have the same file open at the same time. |
|
|
Term
|
Definition
| A process, domain pair. We refer to the "privilege of a subject" not the privilege of a process. |
|
|
Term
| What are two formal methods analysis goals? |
|
Definition
1) Check for inconsistent policies
2) Check for flawed implementation |
|
|
Term
| What is a security model? |
|
Definition
| A precise and unambiguous statement of a systems' security policy. Formal models are written mathematically. Informal models can be written in natural language, i.e. English |
|
|
