Data Remanence
The remains of partial or even the entire data set of digital information.
Disaster Recovery Planning (DRP)
Deals with restoring normal business operations after the disaster takes place...works to get the business back to normal.
Maximum tolerable downtime
The maximum period of time that a critical business function can be inoperative before the company incurs significant and long-lasting damage.
802.5
IEEE standard defines the Token Ring media access method.
Recovery Time Objective
The balance against the cost of recover and the cost of disruption.
Resource Requirements
Portion of the BIA that lists the resources that an organization needs in order to continue operating each critical business function.
Checklist
Test is one in which copies of the plan are handed out to each functional area to ensure the plan deal with their needs.
Information Owner
The one person responsible for data, its classification and control setting.
Job Rotation
To move from location to location, keeping the same function.
Differential power analysis
A side-channel attack carry-out on smart cards that examining the power emission release during processing.
Mitigate
Defined as real-time monitoring and analysis of network activity and data for potential vulnerabilities and attacks in
progress.
Electromagnetic analysis
A side-channel attack on smart cards that examine the frequencies emitted and timing.
Analysis
Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Change Control
Maintaining full control over requests, implementation, traceability, and proper documentation of changes.
Containment
Mitigate damage by isolating compromised systems from the network.
Gateway
Used to connect two networks using dissimilar protocols at different layers of the OSI model.
Isochronous
Process must within set time constrains, applications are video related where audio and video must match perfectly.
Detection
Identification and notification of an unauthorized and/or undesired action.
Electronic Vaulting
Periodic, automatic and transparent backup of data in bulk.
Fault Tolerance
Mitigation of system or component loss or interruption through use of backup capability.
Incremental
A backup method use when time and space are a high importance.
Secure HTTP
Protocol designed to same individual message securely. Criminal
Conduct that violates government laws developed to protect society.
Class C
Has 256 hosts. RAID 0
Creates one large disk by using several disks.
Trade secrets
Deemed proprietary to a company and often include information that provides a competitive edge, the information is protected as long the owner takes protective actions.
X.400
Active Directory standard
Prevention
Controls deployed to avert unauthorized and/or undesired actions. Redundant Array of Independent Drives (RAID)
A group of hard drives working as one storage unit for the purpose of speed and fault tolerance.
Proprietary
Define the way in which the organization operates.
Classification
The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Data Integrity
The property that data meet with a priority expectation of quality and that the data can be relied upon.
Alarm Filtering
The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.
Coaxial Cable
A cable consisting of a core, inner conductor that is surrounding by an insulator, an outer cylindrical conductor.
Concentrator
Layer 1 network device that is used to connect network segments together, but provides no traffic control (a hub).
Digital Signature
An asymmetric cryptography mechanism that provides authentication.
Eavesdropping
A passive network attack involving monitoring of traffic.
E-Mail Spoofing
Forgery of the sender's email address in an email header. Emanations
Potentially compromising leakage of electrical or acoustical signals.
Fiber Optics
Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Fraggle
A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses.
Hijacking
Interception of a communication session by an attacker.
Hub
Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator).
Injection
An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Interception
Unauthorized access of information (e.g. Tapping, sniffing, unsecured wireless communication, emanations).
IP Address Spoofing Forging of an IP address.
IP Fragmentation
An attack that breaks up malicious code into fragments, in an attempt to elude detection.
Kerberos
A trusted third party authentication protocol.
Incident response
Team should consist of: management, IT, legal, human resources, public relations, security etc.
Modification
A type of attack involving attempted insertion, deletion or altering of data.
Multiplexers
A device that sequentially switches multiple analog inputs to the output.
Open Mail Relay Servers
A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Enticement
The legal act of luring an intruder, with intend to monitor their behavior.
Packet Filtering
A basic level of network access control that is based upon information contained in the IP packet header.
Patch Panels
Provides a physical cross connect point for devices.
Private Branch Exchange (PBX)
A telephone exchange for a specific office or business. Phishing
A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Physical Tampering
Unauthorized access of network devices.
Proxies
Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Repeaters
Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator).
Radio Frequency Interference (RFI)
A disturbance that degrades performance of electronic devices and electronic communications.
Rogue Access Points
Unauthorized wireless network access device.
Routers
A layer 3 device that used to connect two or more network segments and regulate traffic.
Satellite
A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Sequence Attack
An attack involving the hijacking of a TCP session by predicting a sequence number.
Shielding
Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Smurf
A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Sniffing
Source Routing Exploitation
A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Spam
Unsolicited commercial email.
Switches
A layer 2 device that used to connect two or more network segments and regulate traffic.
SYN Flooding
A Denial of Service attack that floods the target system with connection requests that are not finalized.
Tapping
Eavesdropping on network communications by a third party.
Tar Pits
Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Teardrop
A Denial of Service attack that exploits systems that are not able to handle malicious, overlapping and oversized IP fragments.
TEMPEST
A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment. Twisted Pair
A simple, inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
War Dialing
Reconnaissance technique, involving automated, brute force identification of potentially vulnerable modems.
Worldwide Interoperability for Microwave Access (WI-MAX )
A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
Accreditation
The managerial approval to operate a system based upon knowledge of risk to operate.
1029
18 USC - Fraud and Related Activity in Connection with Access Devices.
Certification
The technical and risk assessment of a system within the context of the operating environment.
Common Criteria
The current internationally accepted set of standards and processes for information security products evaluation and assurance, which joins function and assurance requirements.
Covert Channel
An unintended communication path.
Data Hiding
A software design technique for abstraction of a process.
Embedded
Hardware or software that is part of a larger system. NIDS
Usually inspect the header, because the data payload is encrypted in most cases.
Framework
Third party processes used to organize the implementation of an architecture.
Internet Architecture Board
Committee for internet design, engineering, and management, responsible for the architectural oversight of the IETF.
1024-49151
Registered ports as defined by IANA.
ITSEC
The past internationally accepted set of standards and processes for information security products evaluation and assurance, which separates function and assurance requirements.
Memory Management
A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives.
Race Condition
Processes carry out their tasks on a shared resource in an incorrect order.
Multi-Processing
To execute more than one instruction at an instant in time.
More than one processor sharing same memory, also known as parallel systems.
Rapid switching back and forth between programs from the
computer's perspective and appearing to do more than one thing at a time from the user's perspective.
Multi-Tasking
More than one process in the middle of executing at a time.
Preemptive
A type of multitasking that allows for more even distribution of computing time among competing request.
Process Isolation
A form of data hiding which protects running threads of execution from using each other's memory.
Protection
Memory management technique that allows two processes to run concurrently without interaction.
Reference Monitor
The hardware and software mediator of all subject and object
interactions which has as its primary goal security policy enforcement.
Relocation
Memory management technique which allows data to be moved from one memory address to another.
Ring Protection
Implementation of operating system protection mechanism, where more sensitive built upon the layering concept.
Trademarks
Protect words, names, product shapes, symbols, colors, or a combination of these, used to identify product a company. Virtual Memory
Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive.
Wiretapping
A passive attack that eavesdrops on communications, only legal with prior consent or warrant.
Makes copies of files as they are modified and periodically transmits them to an off-site backup site.
Subset of operating systems components dedicated to protection mechanisms.
Structured Walk-through
Representatives from each functional area or department review the plan in it’s entirely.
State Machine Model
Abstract and mathematical in nature, defining all possible states, transitions and operations.
Internal use only
Information that can be distribute within the organization but could harm the company if disclosed externally.
Synchronous token
Generates a one-time password that is only valid for a short period of time.
User Mode
(problem or program state) the problems solving state, the opposite of supervisor mode.
TCSEC (Orange Book)
The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance, which combines function and assurance requirements.
Threads
A unit of execution.
TNI (Red Book)
The past U.S. military accepted set of standards and processes for network evaluation and assurance, which combines function and assurance requirements.
Trusted Computing Base
All of the protection mechanism in a computer system.
636
Alternate Site
Location to perform the business function.
Business Continuity Planning (BCP)
Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization.
Business Continuity Program
An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed, resources are allocated and, recovery and continuity strategies and procedures are completed and tested.
Business Continuity Steering Committee
A committee of decision makers, business owners, technology experts and continuity professionals, tasked with making strategic recovery and continuity planning decisions for the organization.
Asynchronous
Encrypt/Decrypt are processes in queues, key benefit utilization of hardware devices and multiprocessor systems.
Copyright
Protects the expression of an idea, rather than the idea itself.
Business Interruption Insurance
Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Digital Signatures
Message encrypted is input into the hash function then the hash value is encrypted with the sender's private key.
Business Recovery Timeline
The chronological sequence of recovery activities, or critical path, which must be followed to resume an acceptable level of operations following a business interruption.
Business Unit Recovery
The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster, including personnel, essential records, communication facilities, fax, mail services, etc.
Checklist Test
(desk check) a test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Cold Site
Discretionary
Enables data owners to dictate what subjects have access to the objects they own.
Contingency Plan
A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. May use any number of resources (e.e workaround procedures, alternate work area, etc.)
Crisis
A critical event, which, if not handled in an appropriate manner, may dramatically impact an organization's profitability, reputation, or ability to operate.
Critical Functions
Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Critical Infrastructure
Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization, community, nation, etc.
Critical Records
Records or documents that, if damaged or destroyed, would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Damage Assessment
The process of assessing damage, following a disaster, to computer hardware, vital records, office facilities, etc. And determining what can be salvaged or restored and what must be replaced.
Data Backup Strategies
Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives, including timeframes, technologies, offsite storage, and will ensure time objectives can be met.
Data Backups
The backup of system, application, program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Data Recovery
The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
User acceptance of biometric enrollment and Throughput Standards Enrollment times longer than 2 minutes are unacceptable; subjects will typically accept a throughput rate of about six seconds or faster.
Access Control Confidentiality Models Bell-LaPadula
Access Control Integrity Models Biba and Clark-Wilson
Bell-Lapdula
Bell-LaPadula: model based on the simple security rule which a subject cannot read data at a higher security level (no-read up) and security rule which a subject cannot write information to a lower security level(No write down or *). This model enforces the confidentiality. Used by military and government organization. Biba
Similar to Bell-LaPadula but enforces the integrity star
property (no write up) and the simple integrity property (no read down). This model prevents data from other integrity levels to interact. Used by mostly by commercial organizations.
Integrity star property no write up
Simple integrity property no read down
Clark-Wilson
A model that protects integrity, which requires a subject to access data through an application thus separating duties. This model prevents unauthorized users to modify data; it maintains
internal/external reliability and prevents authorized users to wrongly modify data.
Simple security rule
Subject cannot read data at a higher security level- Bell Lapadula
Security Rule
Security rule which a subject cannot write information to a lower security level - Bell Lapadula
Brewer and Nash
The Chinese model provides a dynamic access control depending on user's previous actions. This model prevents conflict of interests from members of the same organization to look at information that creates a conflict of another members of that organization. Ex. Lawyers in a law firm with client oppositional.
Graham-Denning
This model is based on a specific commands that a user can execute to an object.
Trusted Computer System Evaluation Criteria
(Orange) From the U.S. DoD, it evaluates operating systems,
application and systems. It doesn't touch the network part. It gauges the customer as to what their system is rated and provides a set of criteria for the manufacturer guidelines to follow when building a system.
TSEC Level D
D - minimal protection, any systems that fails higher levels Do not meet requirements of higher divisions.
TSEC Level C1, C2
C1, C2 - Discretionary security protection. (1) Discretionary protection (identification, authentication, resource protection). (2)Controlled access protection (object reuse, protect audit trail). (DAC)
TSEC Level B
Mandatory protection (security labels) based on Bell-LaPadula security model. (1)Labeled security (process isolation, devices labels). (2) Structured protection (trusted path,covert channel analysis), (3) security domain (trusted recovery,Monitor event and notification). (MAC)
Countermeasures to spoofing attacks
Countermeasures to spoofing attacks include patching the OS and software, enabling source/destination verification on routers, and employing an IDS to detect and block attacks.
Man in the Middle Attack
An attack in which a malicious user is positioned between the two endpoints of a communication's link.
Replay / Playback Attack
It is similar to hijacking. A malicious user records the traffic between a client and a server and then retransmits them to the server with slight variations of the time stamp and source IP address.
Sniffer attack?
Any activity that results in a malicious user obtaining information about a network or the traffic over that network.
Spamming Attack
Directing floods of messages to a victim's email inbox or other
messaging system. Such attacks cause DoS issues by filling up storage space and preventing legitimate messages from being delivered.
What are some countermeasures to common attack methods? Patching software, reconfiguring security, employing firewalls, updating filters, using IDSs, improving security policy, using traffic filters, improving physical access control, using system
monitoring/auditing. Application Layer
Where User Interfaces with Computer application Protocols: Telnet, FTP
Presentation Layer
Presents Data to the Application Layer in Comprehensible Way i.e Data Conversion, Character Sets such as ASCII, Image Formats such as GIF, JPEG
Session Layer
Manages Session which provide maintenance on Connections "Connections Between Applications".
Transport Layer
Transport Layer handles packet sequencing, Flow Control and Error Detection. Features include: Resending or Resequencing packets. Using these features is Protocol Implementation Decision. TCP Uses them UDP does not.
Network Layer
Describes Routing i.e. Moving data from a system on one LAN to system on another.
Data Link Layer
Access to Physical Layer Local Area Networking Devices: Switches and Bridges Physical Layer
Bits are Converted into Signals Signal Processing Physical Topologies Defined at this layer
Devices: Hubs, Repeaters
Application Layer (TCP/IP Model) Application (layers 5-7 of OSI)
Where User Interfaces with Computer application.
Protocols: Telnet, FTP Presents Data to the Application Layer in Comprehensible Way i.e Data Conversion, Character Sets Manages Session which provide maintenance on Connections "Connections Between Applications"
Host to Host (TCP/IP Model) Transport (layer 4 of OSI),
Transport Layer handles packet sequencing, Flow Control and Error Detection. Features include: Resending or Resequencing packets. Using these features is Protocol Implementation Decision. TCP Uses them UDP does not.
Internet (TCP/IP Model) Internet (layer 3 of OSI)
Link (TCP/IP Model)
Link (layers 1 and 2 of OSI). Access to Physical Layer Local Area Networking Devices: Switches and Bridges Access to Physical Layer Local Area Networking Devices: Switches and Bridges
Twisted Pair Cabling - Cat 1
Twisted Pair Cabling - Cat 2
4 Mbps , Not suitable for most networks; often employed for host- to- terminal connections on mainframes.
Twisted Pair Cabling - Cat 3
10 Mbps Primarily used in 10Base- T Ethernet networks (offers only 4 Mpbs when used on Token Ring networks).
Twisted Pair Cabling - Cat 4
16 Mbps, Primarily used in Token Ring networks
Twisted Pair Cabling - Cat 5
100 Mbps, Used in 100Base- TX, FDDI, and ATM networks Twisted Pair Cabling - Cat 6
155 Mbps, 1000 Base T Ethernet
Twisted Pair Cabling - Cat 7
1 Gbps, Used on gigabit- speed networks Layer 1 Physical Protocols
RJ-11, RJ-45, RS-232, BNC, EIA/TIA - 232, EIA/TIA - 449, X.21, HSSI, SONET, V.24, and V.35
Layer 2 Data Link Protocols
SLIP, PPP, ARP, RARP, L2F, L2TP, PPTP, FDDI, and ISDN
Layer 3 Network Protocols
ICMP, RIP, OSPF, BGP, IGMP, IP, IPSec, IPX, NAT, and SKIP
Layer 4 Transport Protocols SPX, SSL, TLS, TCP, and UDP Layer 5 Session Protocols
NFS, SQL, and RPC
Layer 6 Presentation Protocols
Encryption protocols and format types, such as ASCII, EBCDIC, TIFF, JPEG, MPEG, and MIDI
Layer 7 Application Protocols
"HTTP, FTP, LPD, SMTP, Telnet, TFTP, EDI, POP3, IMAP, SNMP, NNTP, S - RPC, and SET"
Continuous Lighting
Most common type of lighting. Consists of a series of Fixed Lights arranged to continuously flood an area during hours of limited visibility.
Glare Lighting
Uses the Glare of Lights to inhibit an Intruder.
Flood Lighting
Lighting which directs light in a particular direction or toward a particular location.
Best Practice Lighting
In Critical Areas, Install lighting at least 8 feet (2.4 meters) above the ground with illumination of 2 Ft. Candles/Lumens.
Trip Lighting
Lighting which is activated by a sensor that detects activity such as movement or heat.
Disadvantage of Trip Lighting
Nuisance tripping by Prankster. Can be used as diversion by Attacker.
Standby Lighting
Lighting which is activated when power is lost. Emergency Exit Lighting
Shows the location of the Exit and is always on.
Emergency Egress Lighting