Term
| BIOS (Basic Input Output System) |
|
Definition
| Firmware used to hold the boot process on early computers. |
|
|
Term
|
Definition
| When an attacker replaces or modifies the BIOS. |
|
|
Term
| UEFI (Unified Extensible Firmware Interface) |
|
Definition
| Used in order to prevent a BIOS Attack by confirming that the BIOS has been Attacked. |
|
|
Term
|
Definition
| BIOS > MBR > Boot Loader > Operating System |
|
|
Term
|
Definition
|
|
Term
|
Definition
Every element of the Boot System must be validated.
The first element validates the next, which validates the next, etc. |
|
|
Term
|
Definition
| The strongest point of the Chain Of Trust is hardware aka the BIOS. |
|
|
Term
| What is the name of the US government classified standard to prevent electromagnetic spying? |
|
Definition
|
|
Term
|
Definition
| Telecommunications Electronics Material Protected From Emanating Spurious Transmissions. |
|
|
Term
| What is Electromagnetic Spying? |
|
Definition
| Picking up electromagnetic fields and read data that is producing them. |
|
|
Term
|
Definition
| Network that moves a product from the supplier to the customer. |
|
|
Term
|
Definition
| Exploiting the different steps of supply chain to inject malware into products during their manufacture or storage. |
|
|
Term
| What are some of the consequences of Supply Chain Infections? |
|
Definition
| Malware can be planted on ROM firmware of a device, before purchase, making it difficult or impossible to clean an infected device after purchase. |
|
|
Term
|
Definition
| Software runs on network device |
|
|
Term
|
Definition
| Software runs on network server |
|
|
Term
|
Definition
| Manages hardware and software on client computer |
|
|
Term
|
Definition
| Firmware designed to manage a specific device. |
|
|
Term
| Typical OS security configuration should include... |
|
Definition
| Disabling unnecessary ports and services, default accounts and passwords, disabling things you don't use and the action of white and black listing. |
|
|
Term
| What makes simple repetitious tasks less tedious? |
|
Definition
|
|
Term
|
Definition
| User interface software for a kiosk. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Software security update to repair discovered vulnerabilities. |
|
|
Term
|
Definition
| Includes enhancements to the software to provide new or expanded functionality. |
|
|
Term
|
Definition
| Accumulates security updates and additional features. |
|
|
Term
| Patch Management Tools are for... |
|
Definition
| Distributing patches and patch reception |
|
|
Term
| Automated Patch Update Service |
|
Definition
| Manages patches locally rather than by the vendor's online update service. |
|
|
Term
|
Definition
| Ensures software is always up to date by automatically downloading and installing patches. |
|
|
Term
|
Definition
| Software that examines a computer for infections. |
|
|
Term
| Heuristic Monitoring (Dynamic Analysis) |
|
Definition
| Uses a variety of techniques to spot characteristics of a virus instead of attempting to make matches. |
|
|
Term
|
Definition
| Dynamic Analysis technique in which the questionable code is run in a virtual environment to determine if its a virus. |
|
|
Term
|
Definition
| Monitors emails for spam and other unwanted content. |
|
|
Term
|
Definition
Blocking certain attachments
Black listing / white listing
Bayesian Filtering |
|
|
Term
|
Definition
| Divides email messages into two piles: spam and nonspam. |
|
|
Term
|
Definition
| Helps prevent computers from becoming infected by different types of spyware. |
|
|
Term
|
Definition
| Small window appearing over Web Site. |
|
|
Term
|
Definition
| Allows user to limit or block most pop-ups. |
|
|
Term
|
Definition
| Tightening security during design and coding of OS. |
|
|
Term
|
Definition
| OS that has been designed through OS hardening. |
|
|
Term
|
Definition
Least Privilege
Reduce Capabilities
Read-Only File System
Kernel Pruning |
|
|
Term
| Four Families of SD Cards |
|
Definition
|
|
Term
|
Definition
| Storage card with integrated wireless transmission capabilities. |
|
|
Term
|
Definition
| Encrypts all files on any network or attached device that is connected to that computer. |
|
|
Term
|
Definition
| Combines the functions of a printer, copier, scanner and fax machine. |
|
|
Term
| What would an attack on a computer's display do? |
|
Definition
| Allow for an attacker to see what is on your display. |
|
|
Term
|
Definition
| Separates a secured area from a non-secured area. |
|
|
Term
| Protected Distributes Systems (PDS) |
|
Definition
| System of cable conduits used to protect classified information that is being transmitted between two secure areas. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Conduit constructed of special electrical metallic tubing |
|
|
Term
|
Definition
| Specialized optical fibers in the conduit that sense acoustic vibrations that occur when an intruder attempts to gain access. |
|
|
Term
| Computer Hardware Security |
|
Definition
| The physical security protecting the hardware of the host system |
|
|
Term
| Application Development Stages |
|
Definition
| Development, Testing, Staging and Production |
|
|
Term
| Application Development Lifecycle Models |
|
Definition
|
|
Term
| Waterfall Model of Application Development |
|
Definition
| You don't start a phase until you finish the previous phase. |
|
|
Term
| Secure DevOps Methodology |
|
Definition
| The development and the operations team are the same team. |
|
|
Term
|
Definition
| The enterprise-wide configuration, development, and management of multiple types of IT system resources. |
|
|
Term
|
Definition
| In application development is removing a resource that is no longer needed. |
|
|
Term
| Secure DevOps in an example of what kind of model of Application Development? |
|
Definition
| Agile, as it goes through changes. |
|
|
Term
| Two important factors of secure coding are...? |
|
Definition
| Ensuring that memory management is handled properly and encrypting the code. |
|
|
Term
|
Definition
| Searches for errors that code prevent the application from compiling from source code to application code. |
|
|
Term
|
Definition
| Looks for errors after the program has compiled correctly and is running. |
|
|
Term
|
Definition
| Tools that examine software without executing the program |
|
|
Term
| Dynamic analysis (fuzzing) |
|
Definition
| A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a program |
|
|
Term
|
Definition
| Puts the application under a heavier than normal load to determine if the program is robust and can perform all error handling correctly |
|
|
Term
|
Definition
| An “attestation mechanism” designed to be able to convince a remote party that an application is running only a set of known and approved executables |
|
|
