Shared Flashcard Set

Details

Network Defense - Chapter 9
Network Defense - Chapter 9
64
Computer Science
Undergraduate 3
04/02/2018

Additional Computer Science Flashcards

 


 

Cards

Term
BIOS (Basic Input Output System)
Definition
Firmware used to hold the boot process on early computers.
Term
BIOS Attack
Definition
When an attacker replaces or modifies the BIOS.
Term
UEFI (Unified Extensible Firmware Interface)
Definition
Used in order to prevent a BIOS Attack by confirming that the BIOS has been Attacked.
Term
Booting Using BIOS
Definition
BIOS > MBR > Boot Loader > Operating System
Term
MBR
Definition
Master Boot Record
Term
Chain Of Trust
Definition
Every element of the Boot System must be validated.

The first element validates the next, which validates the next, etc.
Term
Hardware Root Of Trust
Definition
The strongest point of the Chain Of Trust is hardware aka the BIOS.
Term
What is the name of the US government classified standard to prevent electromagnetic spying?
Definition
TEMPEST
Term
What is TEMPEST?
Definition
Telecommunications Electronics Material Protected From Emanating Spurious Transmissions.
Term
What is Electromagnetic Spying?
Definition
Picking up electromagnetic fields and read data that is producing them.
Term
Supply Chain
Definition
Network that moves a product from the supplier to the customer.
Term
Supply Chain Infections
Definition
Exploiting the different steps of supply chain to inject malware into products during their manufacture or storage.
Term
What are some of the consequences of Supply Chain Infections?
Definition
Malware can be planted on ROM firmware of a device, before purchase, making it difficult or impossible to clean an infected device after purchase.
Term
Network OS
Definition
Software runs on network device
Term
Server OS
Definition
Software runs on network server
Term
Workstation OS
Definition
Manages hardware and software on client computer
Term
Appliance OS
Definition
Firmware designed to manage a specific device.
Term
Typical OS security configuration should include...
Definition
Disabling unnecessary ports and services, default accounts and passwords, disabling things you don't use and the action of white and black listing.
Term
What makes simple repetitious tasks less tedious?
Definition
Automation
Term
Kiosk OS
Definition
User interface software for a kiosk.
Term
Mobile OS
Definition
OS for portable devices
Term
Security Patch
Definition
Software security update to repair discovered vulnerabilities.
Term
Feature Update
Definition
Includes enhancements to the software to provide new or expanded functionality.
Term
Service Pack
Definition
Accumulates security updates and additional features.
Term
Patch Management Tools are for...
Definition
Distributing patches and patch reception
Term
Automated Patch Update Service
Definition
Manages patches locally rather than by the vendor's online update service.
Term
Patch Reception
Definition
Ensures software is always up to date by automatically downloading and installing patches.
Term
Antivirus
Definition
Software that examines a computer for infections.
Term
Heuristic Monitoring (Dynamic Analysis)
Definition
Uses a variety of techniques to spot characteristics of a virus instead of attempting to make matches.
Term
Code Emulation
Definition
Dynamic Analysis technique in which the questionable code is run in a virtual environment to determine if its a virus.
Term
Antispam
Definition
Monitors emails for spam and other unwanted content.
Term
Types of Spam Filtering
Definition
Blocking certain attachments

Black listing / white listing

Bayesian Filtering
Term
Bayesian Filtering
Definition
Divides email messages into two piles: spam and nonspam.
Term
Antispyware
Definition
Helps prevent computers from becoming infected by different types of spyware.
Term
Pop-Up
Definition
Small window appearing over Web Site.
Term
Pop-Up Blocker
Definition
Allows user to limit or block most pop-ups.
Term
OS Hardening
Definition
Tightening security during design and coding of OS.
Term
Trusted OS
Definition
OS that has been designed through OS hardening.
Term
OS hardening Techniques
Definition
Least Privilege

Reduce Capabilities

Read-Only File System

Kernel Pruning
Term
Four Families of SD Cards
Definition
SDSC

SDHC
SDXC
SDIO
Term
SDIO
Definition
Storage card with integrated wireless transmission capabilities.
Term
Crypto Malware
Definition
Encrypts all files on any network or attached device that is connected to that computer.
Term
Multifunctional Device
Definition
Combines the functions of a printer, copier, scanner and fax machine.
Term
What would an attack on a computer's display do?
Definition
Allow for an attacker to see what is on your display.
Term
Mantrap
Definition
Separates a secured area from a non-secured area.
Term
Protected Distributes Systems (PDS)
Definition
System of cable conduits used to protect classified information that is being transmitted between two secure areas.
Term
Who created PDS?
Definition
DOD
Term
Hardened Carrier PDS
Definition
Conduit constructed of special electrical metallic tubing
Term
Alarmed Carrier PDS
Definition
Specialized optical fibers in the conduit that sense acoustic vibrations that occur when an intruder attempts to gain access.
Term
Computer Hardware Security
Definition
The physical security protecting the hardware of the host system
Term
Application Development Stages
Definition
Development, Testing, Staging and Production
Term
Application Development Lifecycle Models
Definition
Waterfall and Agile
Term
Waterfall Model of Application Development
Definition
You don't start a phase until you finish the previous phase.
Term
Secure DevOps Methodology
Definition
The development and the operations team are the same team.
Term
Provisioning
Definition
The enterprise-wide configuration, development, and management of multiple types of IT system resources.
Term
Deprovisioning
Definition
In application development is removing a resource that is no longer needed.
Term
Secure DevOps in an example of what kind of model of Application Development?
Definition
Agile, as it goes through changes.
Term
Two important factors of secure coding are...?
Definition
Ensuring that memory management is handled properly and encrypting the code.
Term
Compiled Code Testing
Definition
Searches for errors that code prevent the application from compiling from source code to application code.
Term
Runtime code testing
Definition
Looks for errors after the program has compiled correctly and is running.
Term
Static program analyzers
Definition
Tools that examine software without executing the program
Term
Dynamic analysis (fuzzing)
Definition
A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a program
Term
Stress testing
Definition
Puts the application under a heavier than normal load to determine if the program is robust and can perform all error handling correctly
Term
Integrity measurement
Definition
An “attestation mechanism” designed to be able to convince a remote party that an application is running only a set of known and approved executables
Supporting users have an ad free experience!