Term
| What is an internal interface? |
|
Definition
| A communication path between internal system components. |
|
|
Term
| What is an external interface? |
|
Definition
| A communication path between the system and system external to the system (Note: includes internal interfaces that communication across system boundaries) |
|
|
Term
| What are the four basic rules of interface security? |
|
Definition
Rule 1 - Trust no one
Rule 2 – Trust but verify
Rule 3 – Document interface specifications, share with counterparties
Rule 4 – Support and monitor conformity to specifications |
|
|
Term
| Security Integration touchstones |
|
Definition
• Operating environment, and the maintenance of a secure operating posture
• Information and the maintenance of security of the information during its manipulation and processing
• Infrastructure computing devices, and the protection of hardware software, and protocols, encompassing network, OS, electronic machines
• Facility protection buildings and physical locations and objects stored therein
• People, their trustworthiness and their awareness of security concerns
• Administration aspects of system and security
• Emanation Security deals with signals generated by all machines that can transmit information outside the security domain
• Mobile devices and their protection profile in both friendly and hostile possession
• Communications of information between internal system elements and between system elements and external systems |
|
|
Term
| What is an N2 (functional interface) diagram? |
|
Definition
| A diagram in the shape of a matrix, representing functional or physical interfaces between system elements. |
|
|
Term
|
Definition
• Fuzzing – accidental or malicious
• Spoofing – device or user level
• Tampering – physical or software or user environment or configuration, etc.
• Information leakage
• Denial of service
• Elevation of privilege |
|
|
Term
|
Definition
| Involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. |
|
|
Term
|
Definition
| A situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. |
|
|
