JMU CIS 425 Exam 1 Guide

Chief Information Security Officer (CISO)

This person reports directly to the CIO. This person is responsible for assessing, managing, and implementing security.

Security Manager

reports to the CISO and supervises technicians, administrators, and security staff

Security Administrator

Has both technical knowledge and managerial skills. Manages daily operations of security technology, and may analyze and design security solutions within a specific entity as well as identifying users' needs

Security Technician

The position of ____ is generally an entry-level position for a person who has the necessary technical skills.

Silver Bullet

An action that provides an immediate solution to a problem by cutting through the complexity that surrounds it.

Lack of Vendor Support

Some devices have no support from the company that made the device, meaning no effort is made to fix any found vulnerabilities.

End-of-Life Systems

Systems are so old that vendors have dropped all support for security updates, or else charge an exorbitant fee to provide updates.

Race Condition

Occurs when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.

Zero Day Attack

An attacker finds a vulnerability and initiates an attack to take advantage of the weakness before users or security professionals are aware of the vulnerability. No days of warning ahead of a new threat.

What is the relationship between security and convenience?

Inverse; as security is increased, convenience is often decreased.

Goal of IS?

To ensure that protective measures are properly implemented to ward off attacks and prevent the total collapse of the system when a successful attack does occur.

3 extensions that must be protected over information?

Confidentiality, integrity, and availability

Threat Actor

A person or element that has the power to carry out a threat.

Risk

A situation that involves exposure to some type of danger.

Risk response techniques?

Accept, transfer, avoid, and mitigate

Stuxnet

Best hack of the decade. Worm is discovered in July 2010 which targeted industrial software and equipment.

Cyberterrorism

A premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence.

Script Kiddies

Individuals who want to attack computers yet they lack the knowledge of computers and networks needed to do so. (They use open-source scripts)

Hactivists

A group that is strongly motivated by ideology.

Nation State Actors

State-sponsored attackers employed by a government for launching computer attacks against foes.

Advanced Persistent Threat (APT)

Attacks that use innovative tools to attack and once a system becomes infected ___ silently extracts data over a persistent period.

Brokers

Sell their knowledge of a vulnerability to other attackers or governments.

5 fundamental security principles...

-Layering

-Limiting

-Diversity

-Obscurity

-Simplicity

Layering

Creates a barrier of multiple defenses that can be coordinated to thwart a variety of attacks.

Limiting

Limiting access to information reduces the threat against it

Diversity

The layers must be different so that attackers cannot use the same technique to bypass the next layer.

Obscurity

Obscuring to the outside world what is on the inside makes attacks much more difficult.

Malware

Software that enters a computer system without the user's knowledge or consent and then performs an unwanted and harmful action.

Malware Traits?

Circulation, Infection, Concealment, Payload capabilities

Virus

Malicious computer code that reproduces itself on the same computer.

2 types of malware that have the primary trait of circulation?

Worms and viruses

What are armored viruses?

Those that go to great lengths to avoid detection.

Armored virus infection techniques?

Swiss cheese infection, mutation, and split infection

Swiss cheese infection

Virus code is encrypted and then decrypted into different pieces and injected throughout the infected program code.

Split Infection

Virus splits the malicious code into several parts and then these parts are placed at random positions throughout the program code.

Mutation

When a virus changes its internal code.

Worm

A malicious program that uses a computer network to replicate.

3 types of malware that have the primary trait of infection?

Trojans, ransomware, and crypto-malware

Trojan

Executable program advertised as performing one activity, but actually does something else.

Remote Access Trojan (RAT)

A Trojan that also gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols.

Ransomware

One of the fastest-growing types of malware. It prevents a user's device from properly and fully functioning until a fee is paid.

Crypto-malware

Encrypts all the files on a device so that none of them can be opened until a fee is paid.

Malware that has a primary trait of concealment?

Rootkit

Rootkit

program that hides in a computer and allows someone from a remote location to take full control of the computer

Malware designed to collect data?

Spyware, adware

Spyware

Tracking software that is deployed without the consent or control of the user. It secretly monitors users by collecting info without their approval by using computer's resources.

Keylogger

Nefarious spyware that silently captures and stores each keystroke that a user types on the computer keyboard.

Adware

Delivers advertising content in a manner that is unexpected and unwanted by the user.

Malware designed to delete data?

Logic bomb

Logic Bomb

Computer code that is typically added to a legitimate program but lies dormant until it is triggered by a specific logical event triggers it.

Backdoor

gives access to a computer, program, or service that circumvents normal security protections.

Bot

Infected robot computer that infects other computers. When hundreds, thousands, or millions of bot computers are gathered into a logical computer network, they create a botnet under the control of the bot herder.

Social Engineering

Means of gathering information for an attack by relying on the weaknesses of individuals.

Impersonation

Social engineering tactic to masquerade as a real or fictitious character and then play out the role of that person on a victim.

Phishing

Sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.

Spear Phishing

Targets specific users

Whaling

Instead of targeting smaller fish, this targets the big fish, namely, wealthy individuals or senior executives.

Vishing

Voice phishing; it is like phishing except that the victim enters confidential data by phone.

Spam

Unsolicited email that is sent to a large number of recipients.

Watering Hole Attack

Directed toward smaller group of specific individuals, such as the major executives working for a manufacturing company

Dumpster Diving

Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away

Tailgating

When an unauthorized individual enters a restricted-access building by following an authorized user.

Shoulder Surfing

Watching an authorized user enter a security code on a keypad.

Cryptography

Practice of transforming info so that it is secure and cannot be accessed by unauthorized parties.

Steganography

Hides the existence of data.

Encryption

Process of changing the original text into a scrambled message.

Plaintext

Unencrypted data that is input for encryption or is the output of decryption.

Ciphertext

Scrambled and unreadable output of encryption.

Cleartext

Readable data that is transmitted or stored in the clear and is not intended to be encrypted.

Plaintext data is put into a ___________, which consists of procedures based on a mathematical formula to encrypt or decrypt the data.

Cipher (cryptographic algorithm)

Substitution Cipher

Substitutes one character for another.

ROT13 Cipher

The entire alphabet is rotated 13 steps. A = N, B = O, and so on.

XOR Cipher

Based on the binary operation eXclusive OR that compares two bits. If the bits are different then 1 is returned. If they are identical then a 0 is returned.

Software relies on a ____________________ _____________ _________, which is an algorithm for creating a sequence of numbers whose properties approximate those of a random number.

Pseudorandom Number Generator

Diffusion

If a single character of plaintext is changed then it should result in multiple characters of the ciphertext changing.

Confusion

The key does not relate in a simple way to the cipher text.

Cryptography provides these protections:

Confidentiality, integrity, authentication, non-repudiation, and obfuscation.

Non-repudiation

The process of proving that a user performed an action.

Obfuscation

Making something obscure or unclear.

What is the concept of security through obscurity?

The notion that virtually any system can be made secure so long as outsiders are unaware of it or how it functions.

Data-in-use

Data actions being performed by "endpoint devices"

Data in-transit

Actions that transmit the data across a network, like an email sent across the Internet.

Data at-rest

Data that is stored on electronic media.

(True/False) Is it important that there be high resiliency in cryptography?

True; high resiliency is the ability to quickly recover from resource vs security constraints.

Stream Cipher

Takes one character and replaces it with one character.

Block Cipher

Manipulates an entire block of plaintext at one time.

Hash

Creates a unique digital fingerprint of a set of data. It is one-way as opposed to encryption, which is two-way.

Message Digest 5 (MD5)

Uses four variables of 32 bits each in a round-robin fashion to create a value that is compressed to generate the digest. Note: serious weaknesses have been identified with this so it is no longer suitable for use.

Secure Hash Algorithm (SHA)

Developed by the NSA and the NIST. Creates a digest that is 160 bits instead of 128 bits in length. It pads messages of less than 512 bits with zeros and an integer that describes the original length of message. Padded message is then processed through this algorithm to produce the digest.

Symmetric Cryptographic Algorithms

Uses the same single key to encrypt and decrypt a document. Also known as private key cryptography.

Data Encryption Standard (DES)

Uses a 56 bit key and was adopted by the U.S. government for encrypting non-classified information. Note: No longer considered suitable for use.

Triple Data Encryption Standard (3DES)

-Designed to replace DES

-Uses three rounds of encryption

-Ciphertext of first round becomes input for second

iteration

-Most secure versions use different keys used for

each round

-No longer considered the most secure symmetric algorithm

Advanced Encryption Standard (AES)

A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES. Performs 3 steps on every block (128 bits) of plaintext. Within each round, bytes are substituted and rearranged, and then special multiplication is performed based on the new arrangement. No attacks have been successful against this.

Asymmetric Cryptographic Algorithms

(public key cryptography) Uses two keys instead of one. These keys are mathematically related and are called the public key and private key.

Public Key

Known to everyone and can be freely distributed.

Private Key

Known only to the individual to whom it belongs.

When Bob wants to send a secure message to Alice, he uses (his or her key?) to encrypt the message

Alice's public key. Alice would then use her private key to decrypt it.

(True/False) Asymmetric encryption can work in both directions?

True

RSA

Most common asymmetric cryptography algorithm. Multiplies 2 large prime numbers to compute their product (n=pq). Then, a number e is chosen that is less than n and a prime factor to (p-1)(q-1). The values of e and d are the public and private exponents. Public key is the pair (n,e) while the private key is (n,d).

Elliptic Curve Cryptography (ECC)

Instead of using two large prime numbers as with RSA, this uses sloping curves. Users share one curve and one point on the curve. One user picks a secret random number and computes a public key based on a point on the curve; the other user does the same. Both users can now exchange messages because the shared public keys can generate a private key on this curve.