CSC-116 Intro to Info Sec Test # 2 Modules 4, 5, 8, 9, and 10

Risk identification

The process of examining and documenting the security posture of an organization’s information technology and the risk it faces

Risk control

The process of applying controls to reduce the risks to an organization’s data and information systems

U.S. Military classifications are:

Unclassified Data
Sensitive But Unclassified Data
Confidential Data
Secret
Top Secret

Risk Assessment

A process by whick a risk rating or score is assigned to each information asset

Access Controls

Which specifically addresses admission of a user into a trusted area of the organization

Access Control List (ACL)

This is a list of authorized users for a information asset

Risk Control Strategies (5 Strategies)

Defense - Attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards.

Transfer - transfer the risk to other areas or to outside entities

Mitigation - reduce the impact should the vulnerability by exploited

Acceptance - understand the consequences and accept the risk without control or mitigation

Termination - eliminates all risk by removing it from service

Acceptance

is the choice to do nothing to protect a vulnerability and to accept the risk and outcome of its exploitation

Preventive controls

stop attempts to exploit

Feasibility studies (Cost avoidance)

is the process of avoiding the financial impact of an incident by implementing a controll

Cost Benefit Analysis (CBA) or Economic Feasibility Study

This is the proess of making the decision that the organization should not spend more to protect an asset than the asset is worth.

Question to help apply a dollar value to every asset:

How much would it cost to recreate or recover this information?

Operational

addresses user acceptance and support, management acceptance and support, and the overall requirements of the organization’s stakeholders

Firewalls

It prevents specific types of information from moving between the outside world, known as the untrusted network (Internet), and the inside world, known as the trusted network (intranet)

Dynamic filtering

It allows the firewall to react to an emergency event and create or update rules to deal with the event

Circuit gateways

It prevents direct connections between 2 networks. It creates tunnels connecting specific traffic processes or systems on each side of the firewall, and then only allows authorized traffic in the tunnel

Firewall Architectures 3 factors

3 factors

1. the objectives of the network
2. the organization’s ability to develop and implement the architectures
3. the budget available for the function

Screened host firewalls

Bastion host or sacrificial host

RADIUS and TACACS

These are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection

Virtual Private Networks (VPNs)

It is a private and secure network connection between systems that use data communication capability of an unsecured and public network

False Positive

An alarm or alert that indicates that an attack is in progress or that an attack has sucessfully occurred when in fact there was no such attack

Why use an IDS? The 6 reasons

1. To prevent problem behaviors by increasing the perceived risk of discovery and punishment for those who would attack or otherwise abuse the system
   

2. To detect attacks and other secuirty violations that are not prevents by other security measures

3. To detect and deal with preamables to attacks (commonly experienced as network probes and other ‘doorknob rattling’ activities)

4. To document the exisitng threat to an organization

5. To act as quality control for security design and administration, especially of large and complex enterprises
   

6. To provide useful information about intrusions that do take place, allowing improved diagnosis, recovery, and correction of causative factors

Network-Based IDS (NIDS)

Resides on a computer or appliance connected to a segment of an organization’s network and monitors network traffic on that segment, looking for indications of ongoing or successful attacks

Host-based IDS (HIDS)

Actually sit on a particular machine and only monitor the activity on that machine

Application-based IDS

This is a refinement of the host-based system that examines an application for abnormal events

IDS Control Strategies (Centralized)

All IDS functions are implemented and managed in a central location

Full distributed

All control functions are applied a the physical location of each IDS component

Honey Pot or decoys, lures, fly-traps, tar pits

A decoy system designed to lure potential attackers away from critical systems and encourage attacks against themselves

Port Scanners

These are tools used by both hackers and defenders to identify the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information

4 general forms of authentication:

What a supllicant knows: user ID, pass phase
What a supplicant has: token, smart card
What a supplicant is: fingerprint, eye
What a suppliant produces: voice, signature

Cryptology

It is the process of making and using codes to secure transmission of information

Cipher or cryptosystem

An encrpyted method or process encompassing the algorithm, key(s) or crpytovariables(s), and procedures used to perform encrpytion and decryption

Cipher Methods

Bit stream - each bit in the plaintext is transformed into a cipher bit one at a time

Block cipher - The mesage is divided into bit blocks, can be 8, 16, 32, 64, then each block of plaintext bits is transformed into an encrypted block of cipher bits using an algorithm and a key

Substituion cipher - subsitute one value for another

Monoalphabetic subsitution - only uses only alphabet

Polyalphabetic substitution - uses two or more alphabets

Sing Polyalphabetic substitution cipher - 1 row of plaintext followed by 4 more sets of substitution ciphers whioch are all taken together

Transpositition cipher or permutation cipher - Uses blocks and rearranges the values within a block

Hash functions

Mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm the identity of a specific message and to confirm that there have not been any changes to content

Asymmetric Encryption or public key encryption

This uses two different but related keys. Either key can be used to encrypt or decrypt the message. If key A is used to encrypt then only key B can decrypt and vice versa

Public Key Infrastructure (PKI)

It is an integrated system of software, encryption methdologies, protocols, legal agreements, and third-part services that enables users to communicate securely

Steganography

It is the process of hiding pieces of information within files so that the information is not seen during transmission
Images are the common way to do this like hiding a word document inside a picture. Each pixel is the picture is represented by 24 bits. If we change the color by taking over the last bit from every byte the naked eye cannot tell the difference in the picture
There are programs that will do this for you and there are also programs that can do the detection for you too. 

Secure Socket Layer (SSL)

Developed by Netscape, it is a protocol to use public key encryption to secure a channel over the public Internet
SSL has 2 layers Standard HTTP and SSL Record Portocol which is responsible for fragmentation, compression, encryption, and attachment of an SSL header to the clear text prior to transmission