| Terms |
Definitions |
|
B2
|
Structured
|
|
D
|
Minimal protection
|
|
Spiral Model Stages
|
1)Analysis2)Specification3)Development4)Deployment
|
|
Network Intrusions
|
Unauthorized penetrations
|
|
Spike
|
Momentary high voltage
|
|
WAP
|
Wireless Access Point
|
|
Circumstantial
|
Inference on other information
|
|
Blackout
|
Complete loss of power
|
|
802.11a
|
5 Ghz wireless standard
|
|
Cryptology
|
Encompasses cryptography and cryptanalysis
|
|
Conclusive Evidence
|
Incontrovertible, overrides all evidence
|
|
Ethics
|
Certified professionals are morally and legally held to a higher standard.Should be included in organizational computing policy
|
|
Fire Extinguishing Systems
|
-Wet Pipe-Dry Pipe-Deluge-Preaction-Gas Discharge-Carbon Dioxide CO2
|
|
RAID 2
|
HAMMING CODE PARITY)-Multiple disks-Parity information created using a hamming code-Can be used in 39 disk array 32 Data and 7 recovery-Not used, replaced by more flexible levels
|
|
Class B addresses
|
172.16.0.0 to 172.31.255.255
|
|
Layer 7
|
Application - provides confidentiality, authentication, data integrity, non-repudiation.
|
|
PPTP
|
Implemented in Win95 and NT-Multiprotocol and uses PAP and CHAP user authentication.-Compresses Data-End-to-End encryption
|
|
Frame Relay
|
-High performance WAN protocol-Operates at Physical and Data Link Layers (1 and 2)-Originally designed for ISDN-Replaces X.25 and LAPB-Simple and fast, no error correcting-Supports Switched Virtual Circuits (SVCs) and Permanent Virtual Circuits (PVCs)-Not available everywhere
|
|
Clustering
|
Plaintext message generates identical ciphertext using the same algorithm but different keys
|
|
Plaintext
|
A message in clear text
|
|
Black-box testing
|
Observes the system external behavior.
|
|
Properly Identified
|
Identified without changing or damaging evidence
|
|
Emergencies
|
Threats to Physcial Security-Fire and smoke-Building collapse-Utility loss-Water Damage-Toxic Materials
|
|
Mantrap
|
Physical access control routed though a set of double doors that may be monitored by a guard
|
|
Spoofing
|
A spoofing attack involves nothing more than forging one's source address. It is the act of using one machine to impersonate another. Class E network intrusion
|
|
Application Level Firewall
|
Second Generation-Proxy Server-Copies each packet from one network to the other-Masks the origin of the data-Operates at layer 7 (Application Layer)-Reduces Network performance since it has do analyze each packet and decide what to do with it.-Also Called Application Layer Gateway
|
|
Coaxial Cable
|
-Hollow outer conductor surrounds inner wire conductor. Currently two types in LANs-50-ohm Cable for digital signaling-75-ohm Cable for analog signaling and high speed digital signaling-Coax is more expensive but is more resistant to Electromagnetic Interference (EMI).-Used rarely except in Broadband communications
|
|
Bus
|
-All transmissions travel full length of the cable and received by all other stations. -Single point of failure in the cable. -If one of the links between any of the computers is broken, the network is down.-Primarily Ethernet.-These networks were originally designed to work with more sporadic traffic.
|
|
IPSEC uses MD5 and SHA for...
|
Integrity
|
|
Cryptographic Algorithm
|
Step-by-step procedure used to encipher plaintext and decipher ciphertext
|
|
Factoring
|
Using mathematics to determine the prime factors of large numbers
|
|
Inference Engine
|
Compares information acquired to the knowledge base
|
|
Validation
|
Evaluates the product against the real world requirements
|
|
Due Care
|
Means to prevent computer resources from being used as a source of attack on another organization
|
|
Require storage, destruction or reuse
|
-Data backups-CDs-Diskettes-Hard Drives-Paper printout
|
|
Remote Connections
|
xDSL – Digital Subscriber LineCable modemWireless (PDAs)ISDN – Integrated Services Digital Network
|
|
RAID 7
|
(SINGLE VIRTUAL DISK)-Functions as a single virtual disk-Usually software over Level 5 hardware-Enables the drive array to continue to operate if any disk or any path to any disk fails.
|
|
Protocols
|
a standard set of rules that determines how computers communicate with each other across networks despite their differences (PC, UNIC, Mac..)
|
|
Extranet
|
-Extranet can be accessed by users outside of the company, (i.e. vendors and partners) but not the general public.-Includes some type of authentication or encryption
|
|
Network Access
|
Consists of routines for accessing physical networks and the electrical connection. Layer 1 of the TCP/IP model
|
|
Polling
|
A primary workstation polls another at a predetermined time to determine if it has data to transmit. Primary must give permission to others to transmit.
|
|
LAN Extenders
|
Remote access multi layer switch connected to host router, filters based on MAC address or Network Layer protocol, not capable of firewalling.
|
|
Baseband
|
Coaxial cable that carries a single channel
|
|
Secure Shell
|
SSH-2; Remote access via encrypted tunnel. Client to server authentication.Comprised of Transport Layer protocol,User Authentication protocol, and Connection Protocol
|
|
Elliptic Curve
|
-Elliptic curve discrete logarithm are hard to compute than general discrete logarithm-Smaller key size same level of security-Elliptic curve key of 160 bits = RSA of 1024 bits-Suited to smart cards and wireless devices (less memory and processing)-Digital signatures, encryption and key management
|
|
Ciphertext
|
Unintelligible message, also know as a Cryptogram
|
|
Regression testing
|
The verification that what is being installed does not affect any portion of the application system already installed. It generally requires the support of automated process to repeat
|
|
Object Request Brokers
|
-Objects made available to users across networks. -ORBs are middleware because they reside between two other entities -Establishes client/server relationship between objects
|
|
Optimizing
|
Level 5 of the CMM – Continuous process improvement
|
|
Testing Issues
|
-Unit testing should be addressed when modules are designed-Personnel separate from the developers should test-Should include out of range situations-Test cases should be used with known expected values
|
|
Integration testing
|
Aimed at finding bugs in the relationship and interfaces between pairs of components. It does not normally test all functions.
|
|
Hearsay
|
Not based on first hand knowledge, not admissible in court, often computer generated reports fall under this rule.
|
|
Dumpster Diving
|
Going through garbage to find paper trails
|
|
Intrusion Detection Alarms
|
n Identifying attempts to access a building; Two most common types:1.Photoelectric sensors 2.Dry contact switches
|
|
Dry Contact Switches
|
-Most common-Metallic foil tape on windows and doors-Easy and cheap
|
|
Preset Locks
|
Typical Door Locks, must remove lock to change key
|
|
Common Backup Problems
|
-Slow transfer of data to backup-Retrieval time to restorea.Off hour processing and monitoringb.Server disk space expands over time-Loss of data between last back up-Physical security of tapes
|
|
Tunnel Mode
|
Entire packet is encrypted and encases in IPSec packet
|
|
Data Network Types
|
-Local Area Network (LAN)-Wide Area Network (WAN)-Internet-Intranet-Extranet
|
|
Virtual Private Networks
|
-Secure connection between two nodes using secret encapsulation method.-Secure Encrypted Tunnel – encapsulated tunnel (encryption may or may not be used)
|
|
Mail Services
|
send and receive mail internally and externally
|
|
Packet Filtering Routers
|
-Sits between trusted and untrusted networks-Uses ACLs-ACLs can be manually intensive to maintain-Lacks strong user authentication-ACLs can degrade performance-Minimal Auditing
|
|
Asynchronous Transfer Mode (ATM)
|
-High bandwidth, low delay-Uses switching and multiplexing-Uses 53 byte fixed size cells instead of frames-Can allocate bandwidth on demand-Taking place of FDDI in Campus Backbone
|
|
Mesh Topology
|
All nodes connected to every other node
|
|
Chosen Ciphertext
|
Portions of the cipher text are selected for trial decryption while having access to plain text. The attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext
|
|
Digital Signatures
|
-Generates block of data smaller than the original data-One way hash functions1)One way has produces fixed size output (digest)2)No two messages will have same digest3)One way no getting original file from hash4)Message digest should be calculated using all of original files data-After message digest is calculated it is encrypted with senders private key-Receiver decrypts using senders public key, if it opens then it is from the sender.-Then receiver computes message digest of sent file if hash is the same it has not been modified
|
|
Vernam Cipher
|
One time pad, random set of non-repeating characters
|
|
Electronic Code Book (ECB)
|
-Native encryption mode-Provides the recipe of substitutions and permutations that will be performed on the block of plaintext. -Data within a file does not have to be encrypted in a certain order. -Used for small amounts of data, like challenge-response, key management tasks. n Also used to encrypt PINs in ATM machines.
|
|
Secret Key Cryptography
|
Symmetric Key based.- Sender and receiver both know the key- Encrypt and decrypt with the same key- Secret key should be changed frequently- Requires secure distribution of keys – by alternate channel- Ideally only used once- Secret Key Cryptosystem does have both public and private information- Public- Algorithm for enciphering plaintext- Possibly some plaintext and cipher text-Possibly encipherment of chosen plaintext- Private- The KEY-One cryptographic transformation out of many possible transformations- Large keys like >128 bit are very hard to break- Very fast- Sender requires different key for each receiver- Time stamps can be associated to the key so valid only during time window (counters replay)- No Authentication or repudiation- Best known is DES developed by IBM in 1970’s for commercial use
|
|
Polyinstantiation
|
The development of a new version of an object from another object replacing variables with other values.
|
|
Corrective Application Control Types
|
1)Accuracy - Backups, control reports, before and after imaging reports, checkpoint restarts2)Emergency response, and reference monitor3)Programs comments, database controls
|
|
Blue boxing
|
A device that simulates a tone that tricks the telephone company’s system into thinking the user is authorized for long distance service, which enables him to make the call.
|
|
Traverse Mode Noise
|
EMI caused by the generation of radiation due to charge differences between the hot and neutral wires
|
|
Class D fire extinguisher
|
For combustible metals; uses dry powder
|
|
Buffer Overflow Attack
|
n When a process receives much more data than expected.n Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.
|
|
Salami Attack
|
A series of minor computer crimes that are part of a larger crime.
|
|
Dual Homed Host Firewall
|
-Contains two NICs-One connected to the local “trusted” network-One connected to the external “untrusted” network-Blocks or filters traffic between the two. -IP forwarding is disabled
|
|
Layer 4 protocols
|
TCP, UDP, SSL, SSH-2, SPX, NetBios, ATP
|
|
Benefits of Remote Access
|
-Reducing costs by replacing dedicated network lines-Providing employees flexible work styles, Telecommuting-Building efficient ties with vendors, partners, suppliers and employees.
|
|
Nonpersistent Carrier Sense
|
Waits random amount of time and resends.
|
|
Thomas Jefferson
|
- 1790 developed device with 26 disks that could be rotated individually- Message would assembled by lining up the disks to the alignment bar- Then the bar was rotated a given angle and the resulting letters were the cipher text- The angle of rotation of the alignment bar was the key- Disks used extensively during the civil war
|
|
Symmetric Key - Bit sizes
|
64 bits 112 bits128 bits
|
|
Meet in the Middle
|
For attacking double encryption from each end and comparing in the middle
|
|
In VPN implementation IPSec can operate in...
|
transport or tunnel mode
|
|
Unit testing
|
The testing of a piece of code. It will only detect errors in the piece of code being tested.
|
|
Denial of Service (DoS)
|
Hogging system resources to point of degraded service
|
|
Transponders (Wireless Proximity Reader)
|
-Both card and reader contain active electronics, transmitter, battery-Reader sends signal, card sends signal back
|
|
Securing External Remote Connections
|
VPN – Virtual Private NetworkSSL – Secure Socket LayerSSH – Secure Shell
|
|
PING of Death
|
Intruder sends a PING that consists of an illegally modified and very large IP datagram, thus overfilling the system buffers and causing the system to reboot or hang.
|
|
Wide Area Networks - WAN
|
-Network of sub networks that interconnect LANs over large geographic areas.-WAN is basically everything outside of LAN
|
|
Cat 1 UTP
|
Used for telephone lines not good for data.
|
|
Known Plain Text
|
Attacker has copy of plain text and the associated ciphertext of several messages
|
|
1994 - Computer Abuse Amendments Act
|
-Changed federal interest computer to a computer used in interstate commerce or communications-Covers viruses and worms-Includes intentional damage as well as reckless disregard-Limited imprisonment for unintentional damage to one year-Provides civil action for compensatory damages
|
|
Data Destruction and Reuse common pratices
|
-Must reformat seven times according to TCSEC Orange Book standards-Shredders should crosscut-Military will burn reports
|
|
SSL – Secure Socket Layer
|
-Contains SSL record protocol and SSL Handshake Protocol-Uses symmetric encryption and public key for authentication-MAC – Message Authentication Code for Integrity
|
|
ADSL – Asymmetric Digital Subscriber Line
|
Provides bandwidth downstream from 1.5 to 9 MBps with upstream 16 to 640 KBps. ADSL works at 18,000 feet lengths, theoretical and 14,400 practical over single copper twisted pair.
|
|
Vigenere Polyalphabetic Cipher
|
- Caesar is a subset of the Vigenere Polyalphabetic Cipher- Vigenere used 26 alphabets- Each letter of the message corresponds to a different alphabet- Subject to guessing the period, when the alphabet changes
|
|
L2TP - Layer 2 Tunneling Protocol
|
-Combination of PPTP and earlier Layer 2 Forwarding Protocol (L2F)-Multiple protocols can be encapsulated within the L2TP-Single point to point connection from client to server-Common with Dial up VPNs
|
|
Digital Signal Standard (DSS) and Secure Hash Standard (SHS)
|
-Enables use of RSA digital signature algorithm or DSA –Digital Signature Algorithm (based on El Gamal)-Both use The Secure Hash Algorithm to compute message digest then processed by DSA to verify the signature. Message digest is used instead of the longer message because faster.
|
|
SKIP – Simple Key Management for Internet Protocol
|
Similar to SSL – no prior communication required
|
|
Types of speeds of Leased lines
|
-Digital Signal Level 0 – DS-0 – single channel at 64KBps on a T1-Digital Signal Level 1 – DS-1 – 1.544 MBps in US on a T1 and 2.108 MBps in Europe on a E1-Digital Signal Level 3 – DS-3 – 44.736 MBps on a T3-T1 – Transmits DS-1 data at 1.544 MBps on telephone switching network-T3 – Transmits DS-3 data at 44.736 MBps on telephone switching network-E1 – predominately used in Europe carries data at 2.108 MBps-E3 - predominately used in Europe carries data at 34.368 MBps
|
