Term
|
Definition
Confidentiality of information prevents the data from being observed by unauthorized personnel. The Confidentiality (or sensitivity) level of data reflects the amount of damage that would occur if the data were made public. Confidentiality is addressed by encryption and access controls.
|
|
|
Term
|
Definition
Integrity refers to the accuracy of information and the prevention of unauthorized modification.The Integrity level of data reflects the amount of damage that would occur if the data were modified in an unauthorized way. Integrity is addressed by digital signatures and access controls.
|
|
|
Term
|
Definition
Availability is the ability to provide information in a timely manner. Generally, availability is addressed by redundant data (backups), redundant connections and redundant systems.
|
|
|
Term
What is information assurance? |
|
Definition
Operations that protect information by assuring information has: availability, integrity, confidentiality, non-repudiation(non-deniability) and authenticity. |
|
|
Term
Describe amateur attackers. |
|
Definition
1) They do not benefit financially or militarily.
2) They tend to be disgruntled employees, teenagers, and people with nothing else to do.
3) They are motivated by curiosity.
4) They tend to use well-known attacks. |
|
|
Term
Describe Professional attackers. |
|
Definition
1)State sponsored or well-funded attackers.
2)Motivated by financial gain, intelligence gathering, cyber-terrorism and Information Warfare.
3) These attackers use unknown techniques. |
|
|
Term
What does it mean to "harden" a system? |
|
Definition
1) Install the latest patches.
2) Remove unnecessary services. |
|
|
Term
What is the benefit of a signature-based Intrusion Detection System? |
|
Definition
Intrusion detection systems use known attacks to detect potential intrusions. |
|
|
Term
What is a "Zero Day" exploit? |
|
Definition
A new bug or attack that hasn't been used before to attack a computer system. |
|
|
Term
|
Definition
Standards for proper behavior that fill in the gaps where laws do not apply. |
|
|
Term
|
Definition
A team of government programmers who test vendor claims of OS security. They developed the "penetrate and patch" technique. |
|
|
Term
What is the "Penetrate and Patch" technique? |
|
Definition
Break into a system, then patch the hole, and then break in again. Continue this process until you cannot break in again. This technique failed because new holes were always found. |
|
|
Term
|
Definition
Anything of value that we want to protect. |
|
|
Term
|
Definition
Anything that can harm our information (people, lightning, etc...) |
|
|
Term
What is a "Vulnerability"? |
|
Definition
Information is vulnerable to unauthorized observation (confidentiality), modification (integrity), and denial of availability (availability). |
|
|
Term
What is a "Countermeasure"? |
|
Definition
A technique for keeping a threat from harming an information vulnerability. |
|
|
Term
Describe personnel security as it relates to information security. |
|
Definition
1) It is expensive.
2) It involves background checks, lie detectors, etc... on users in the system.
3) It reduces the probability of security breaches, but not to zero. |
|
|
Term
Describe separation of duties as it relates to computer security. |
|
Definition
1) More than one person is required to perform an action within a system.
2) reduces the probability of a security breach, but not to zero. |
|
|
Term
Describe an audit as it relates to computer security. |
|
Definition
1) All activities are monitored and recorded.
2) It is a psychological deterent.
3) It is reactive (happens after-the-fact). |
|
|
Term
Describe an authorization policy. |
|
Definition
Describes how an enterprise is going to allows users into a system and what they are allowed to do within the system. |
|
|
Term
Describe the Principle of Least Privilege |
|
Definition
1) This is the typical authorization policy used.
2) Permissions are granted only to those who need authorization.
3) "Need to know" is an application of POLP. |
|
|
Term
|
Definition
This denies access to unauthorized persons and allows access to authorized users.
|
|
|
Term
How do we address an Access Control failure? |
|
Definition
1) Intrusion Detection
2) Defense-in-Depth |
|
|
Term
What is defense-in-depth? |
|
Definition
Using multiple access controls in series. For example, a password protected workstation in a locked office. |
|
|
Term
What is Identity Management? |
|
Definition
The management of identification (humand and entity)
Includes:
1) collection of ID information
2) the protection of this information
3) sharing this information |
|
|
Term
Describe Identification and Authentication for Access Control purposes |
|
Definition
Two-step process
1) Person states their identity with a user ID
2) The person proves that the stated ID is correct (they authenticate the stated ID) |
|
|
Term
What are the three ways humans can authenticate themselves? |
|
Definition
1) By providing a secret known to them (password or PIN)
2) By providing a physical object that is only possessed by them (a token)
3) By providing a physical characteristic that is unique to them (biometrics) |
|
|
Term
What is two-factor authentication? |
|
Definition
Sometimes referred to as "strong authemticiation", two-factor involves the use of two authentication methods together to authenticae someone, i.e. a token and biometrics, or a PIN and a token, etc... |
|
|
Term
What are the advantages/disadvantages of passwords? |
|
Definition
Advantages: 1) Performed in software (no extra expense for tokens or card readers)
2) Common (people are used to it)
3) They can be secure
Disadvantages: 1) They need to be remembered
2) There are several attacks against password authentication |
|
|
Term
What are the advantages/disadvantages of tokens? |
|
Definition
Advantages: 1) Users don't have to remember anything
2) No secret can be observed and reused
Disadvantages: 1) They can be lost or stolen
2) They are physical objects and therefore cost more to implement (cards and card readers) |
|
|
Term
What are the advantages/disadvantages of biometrics? |
|
Definition
Advantages: 1) They can't be lost.
2) The user doesn't have to remember anything
3) The user does not have to have anything
Disadvantages: 1) Readers are expensive
2) Biomentric info sent over a network can be intercepted and replayed.
3) Can generate false positives and false negatives |
|
|
Term
Describe a password "Guessing Attack" |
|
Definition
Passwords that are vulnerable to a guessing attack include:
1) Short passwords
2) Common word passwords
3) Passwords that are related to the user (i.e. name of pet, child, etc...)
|
|
|
Term
Describe a password "Social Engineering Attack" |
|
Definition
This tricks the user into divulging their password. Common SE attack is "phishing" through a fake website. |
|
|
Term
Describe a password attack known as a
software "Keystroke Logger" attack |
|
Definition
Programs that are installed by users with system administrator privileges or viruses that exploit flaws to obtain sys admin privileges. |
|
|
Term
Describe a password attack known as a
hardware "Keystroke Logger" attack |
|
Definition
Devices that intercept keystrokes between the keyboard and the computer. Typically, they are installed between the keyboard cable and the cable jack. For wireless keyboards, they can be placed within 10 meters of the keyboard. |
|
|
Term
What is password cracking? |
|
Definition
The mother of all guessing attacks. Easily finds weak passwords and may find strong passwords. It requires the attacker to have either a copy of the computer's "password file" or the equivalent information. |
|
|
Term
How does a "Dictionary Attack" work? |
|
Definition
Successive dictionary words are hashed until a match is found. Runs very quickly because it tries a relatively small number of strings (20,000 and 200,000) |
|
|
Term
How does a "Brute force" attack work? |
|
Definition
In this attack, all strings of specified lengths and character set are tried as potential passwords. The only impediment to this attack is TIME. |
|
|
Term
|
Definition
The set of passwords of a given length and a given character set. The general formula for the size of password space is:
(size of the character set) length
|
|
|
Term
Given a computer can perform 1,000,000 (=106) Brute Force iterations in one second,
how long will it take to Brute Force a 6 character password, giving that there are 3.09 x 108 6 upper-case letter passwords? |
|
Definition
Since (3.09 x 108)/106 seconds =
3.09 x 102 = 3.09 x 100 seconds (or 5 minutes),
it will take about 5 minutes to try all 6 character upper-case passwords
|
|
|
Term
What are some good password selection rules? |
|
Definition
1) Do not select a dictionary word
2) Use a long password
3) Upper and lower-case letters
4) Digits
5) Special characters (i.e. !$&) |
|
|
Term
What is an example of proactive password enforcement? |
|
Definition
A user selects a new password and the system will not accept it unless it satisfies some "password" minimum requirements. For example, at lease 9 characters, 2 digits, 2 upper, 2 lower-case, etc... |
|
|
Term
What is an example of reactive password enforcement? |
|
Definition
Running a password cracking program, to verify that all user's passwords cannot be cracked. |
|
|
Term
What is a machine generated password? |
|
Definition
Randomly generated passwords that match the password selection criteria (specified length and character requirements) and are constructed out of syllables that are easily pronounced. |
|
|
Term
What is an example of two-factor authenication and why? |
|
Definition
Bank ATM card, because if you loose your wallet, the finder does not have your PIN and if someone sees your PIN, they do not have your card. You need both the bank card and the PIN. |
|
|
Term
What is the Network Authentication Replay Attack? |
|
Definition
When users authenticate over a network and their ID and authentication information is captured and is then "replayed" at a later time. |
|
|
Term
How can the Network Authentication Replay Attack be defeated? |
|
Definition
Though the use of dynamic or one-time passwords. |
|
|
Term
What is a dynamic password? |
|
Definition
A dynamic or one-time password is a password that is different every time it is used to authenticate. This technique is commonly used in challenge and response protocol. |
|
|
Term
What is challenge and response protocol? |
|
Definition
A client sends a user ID. The server sends a random challenge to the client. The client system calculates a response and sends the response to the server. The server calculates the response using the challenge that it sent and the hash of the user's password. They compare the response that they compute w/ the received one. if the recei ed response is the same as the computed response, the user is logged in. |
|
|
Term
What is a Login Spoofing Attack aka Password Grabbers? |
|
Definition
These programs look like the real login screen, but when the user enters their ID and password, it captures the info and displays "Incorrect Password" message then exits. The user thinks they erred while entering their info again and are logged in correctly. However, the attacker captured the user's info without the user's knowledge. |
|
|
Term
How can a Login Spoofing Attack be defeated? |
|
Definition
By using a "trusted path" whenever a user attempts to login to a computer. |
|
|
Term
|
Definition
A guarantee that the user is talking to the real loging program and not an attacker's fake login program. Windows implementsthe trusted path with the Ctrl-Alt-Del key sequence. |
|
|
Term
What is a single sign-on technique? |
|
Definition
This allows the user to authenticate once, and then be granted access to all LAN resources (i.e. ERN domain, Python, email etc...) until they log-out. However, this technique does not folow the POLP. If a user steps away from their computer, an attacker has access to all your resources. |
|
|
Term
What characterizes a DAC policy? |
|
Definition
Discretionary Access Control policy allows users to set an Access Control List (ACL) on a file so that any other user can read it or e-mail a file to any other user. A user can share the information in the file with other users at their discretion. |
|
|
Term
What characterizes a MAC policy? |
|
Definition
A system that does not allow a user to set an ACL on a file so it can be read by another user or email a file to another user. Air-gapped/sysytem high networks use this type of policy. |
|
|
Term
|
Definition
Discretionary Access Control-An ACL (Access Control List) lists users or user groups and their associated permissions for an object. "Bob (grant, read, write), Student Group (read), Carol (read, write)
One list per object (list identifies users and their permissions) |
|
|
Term
What is a Capability List? |
|
Definition
Discretionary Control List-A C-List lists names of files and directories and the corresponding permissions for the files and directories for that user. "report.xls (grant, read, write), Schedule.doc (read), video-edit.exe (execute)."
One list per user (list identifies objects and their permissions) |
|
|
Term
What are the Pros and Cons of ACLs? |
|
Definition
Pros-Convenient, can assign groups of users
Cons- implementation can be confusing, for example, inherited rights can allow a user to create a file, but not allow them to delete it |
|
|
Term
What are the Pros and Cons of C-Lists? |
|
Definition
Pros- 1)provide a fine level of granularity for access control
2) could potentially limit the effects of a trojan horse
Cons- 1) Lists can get very large
2) users typically need access to other files as well as their own |
|
|
Term
Why are DAC policies susceptible to Trojan Horse attacks? |
|
Definition
Once a user accepts a program from another user, that program could run on the user's behalf using the permissions from the user. |
|
|
Term
What problem does a computer-based MAC implementation address? |
|
Definition
|
|
Term
What is an Air-Gapped Network? |
|
Definition
A network that does not allow access between networks. There is usually a one-way connection that allows users to reach out for information, but cannot provide information back. |
|
|
Term
Why does a label-based MAC policy implementation need to be of high assurance? |
|
Definition
1) If the labels are modified a user could see data that they are not authorized to see
2) If the clearance level of the user on a system is modified, the user could see information that they are not authorized to see.
3) The mechanism that performs the label comparison must be tamperproof, always work correctly, and be invoked on every access request. |
|
|
Term
What are the Bell and LaPadula (BLP) confidentiality rules? |
|
Definition
|
|
Term
Why does the BLP confidentiality model allow users to write to levels that they can't read? |
|
Definition
Since the BLP is a confidentiality model and writing up is not a confidentiality problem, writing is allowed. Writing up is often called a Blind Write and it is an Integrity problem. |
|
|
Term
What is the BLP Write Heuristic? |
|
Definition
When Blind Writes are not allowed,
A user is not allowed to write up and
the BLP no write down rule does not allow a user to write down.
Therefore, a user can only write to files that are labeled at the user's current session level. |
|
|
Term
What are the Biba Integrity Model rules? |
|
Definition
Rule 1- No write up
Maintains the integrity of the data by preventing a low integrity user from writing dtat that is labeled high
Rule 2- No read down
Prevents a program performing a high integrity task from reading and acting upon low integrity data. |
|
|
Term
What are the basic conclusions of BLP and Biba models? |
|
Definition
BLP no-read-up and no-write-down rules constrain the flow of information. Only permit an upward flow of information based on confidentiality.
Biba no-read-down and no-write-up rules constrin the flow of information. Only permit a downward flow of information based on integrity. |
|
|
Term
What is a covert channel? |
|
Definition
This is a disk exhaustion channel. This exists if a program running at a lower level session can determine if the disk has been filled by a program running at a higher session level. |
|
|
Term
What are the types of covert channels? |
|
Definition
1) Resource exhaustion channels
(storage channels)
2) Timing Channels |
|
|
Term
What is a multilevel subject? |
|
Definition
This allows us to downgrade information throught the use of a "trusted subject" or "multilevel subject" This allows us to read at one level and then copy at a lower level. This is necessary due to BLP rules "No Write Down." |
|
|
Term
What is role-based access control? |
|
Definition
These are typically implemented in large enterprise applications where a user in one of these roles is restricted to performing only actions that are necessary to perform their duties. for example- Python (studdent, instructor, etc...) |
|
|
Term
What are examples of supporting policies for MAC and DAC needed to address the untrustworthy authorized user? |
|
Definition
Auditing, Identification and Authentication, Object reuse, and aggregation |
|
|
Term
|
Definition
Requires memory locations to be voided of all old data before they are reused (the files need to be overwritten when they are deleted) |
|
|
Term
|
Definition
Where a combination of several data items has greater level of sensitivity than the individual items. |
|
|
Term
What is the difference between security functionality and assurance? |
|
Definition
Security functionality has to do with what system does to enforce a system's secruity policy. Assurance has to do with the level of confidence that systems' security functions are free from vulnerabilities. |
|
|
Term
|
Definition
A Trusted Computing Base (TCB) is the totality of all protection mechanisms used to protect the functionality of the system. |
|
|
Term
What is a security perimeter? |
|
Definition
An imaginary line around the TCB and is helpful to understand what is needed to protect all of the TCB components. |
|
|
Term
What are the three implementation requirements of a Reference Monitor? |
|
Definition
Complete- means the accesses are always invoked
Isolated- means the protection mechanisms cannot be modified
Verifiable- the system is small and simple that it can be analyzed |
|
|
Term
What are the goals of memory protection? |
|
Definition
The ability to protect regions of memory from unauthorized observation or modification. Without memory protection, there is no password protection. |
|
|
Term
|
Definition
Prevents application from reading and modifying security relevant OS programs and data. They are divided into either privileged (Ring 0) or unprivileged (Ring 1) regions or domains. |
|
|
Term
What are the restrictions imposed on Ring 1 programs when accessing Ring 0 data without using a gate? |
|
Definition
Ring 0 will not allow a Ring 1 program write to or read from a Ring 0 memory location. |
|
|
Term
Why are Ring 1 restrictions important? |
|
Definition
This is important because it prevents malicious or corrupted code from an application to infect the OS or prevents Ring 1 from accessing the access controls (ACLs) in the OS's security programs. |
|
|
Term
What are Gates as they relate to Rings? |
|
Definition
Gates are mechanisms that allow programs in Ring 1 to call Ring 0 programs in carefully controlled ways. Specifically, a Gate only allows Ring 1 programs to call a small set of Ring 0 programs that are necessary to support user and application requests. |
|
|
Term
Why is Process Address Space Control important? |
|
Definition
When an OS enforces process address space control, each user is allocated a region of Ring 1 memory (called an address space) and the user's processes are only allowed to read and write bytes and execute programs that are within this address space. The OS usually informs users if 2 users with write permissions have the same file open at the same time. |
|
|
Term
|
Definition
A process, domain pair. We refer to the "privilege of a subject" not the privilege of a process. |
|
|
Term
What are two formal methods analysis goals? |
|
Definition
1) Check for inconsistent policies
2) Check for flawed implementation |
|
|
Term
What is a security model? |
|
Definition
A precise and unambiguous statement of a systems' security policy. Formal models are written mathematically. Informal models can be written in natural language, i.e. English |
|
|