Information Security Fundamentals

Flashcards for reviewing key concepts in information security.

What are the three components of the CIA triad?

Confidentiality, Integrity, and Availability

Which attack type primarily affects confidentiality?

Interception

Which of the following laws protect federal information?

FISMA. FI stands for “federal information”

What is the CIA Triad?

Confidentiality - allowing only those authorized to access the data requested. Integrity - keeping data unaltered in an unauthorized manner and reliable. Availability - the ability for those authorized to access data when needed

What additions does the Parkerian Hexad make to the CIA Triad?

Possession - physical deposition of the media on which the data is stored and Authenticity and Utility

What is Interception?

an attacker has access to data, applications, or environment

What is Interruption?

attacks cause our assets to become unusable or unavailable

What is Modification?

attacks involve tampering with our asset

What is Fabrication?

attacks that create false information

What are the 'Something you are' authentication factors?

fingerprint, Iris, Retina scan

What is Mutual Authentication?

both parties in a transaction to authenticate each other

What does mutual authentication prevent?

man in the middle attacks where the attacker inserts themselves into the traffic flow

What are the steps of the Risk management process?

Identify Asset, Identify Threats, Assess Vulnerabilities, Assess Risk, Mitigate Risk

What are the steps of the Incident response process?

Preparation - the activities that we can perform, in advance of the incident itself, in order to better enable us to handle it. Detection and Analysis (Identification). Containment. Eradication. Recovery. Post-incident activity

What is Authorization?

what the user can access, modify, and delete

What is Least Privilege?

giving the bare minimum level of access it needs to perform its job/functionality

What is an example of network ACL?

filter access rules for incoming and outgoing network transactions, such as Internet Protocol (IP) addresses, Media Access Control (MAC) addresses, and ports.

What are the Access Control Models?

Discretionary (DAC), Mandatory (MAC), Rule-based, Role-based (RBAC), Attribute-based (ABAC)

Why is Accountability important?

making sure that a person is responsible for their actions. It provides us with the means to trace activities in our environment back to their source.

What is Nonrepudiation?

a situation in which sufficient evidence exists as to prevent an individual from successfully denying that he or she has made a statement, or taken an action

What do Intrusion prevention (IPSes) do?

takes actions when malicious events occur

What is Penetration testing?

mimicking, as closely as possible, the techniques an actual attack would use

What is cryptography?

the practice of keeping information secure through the use of codes and ciphers

What is Symmetric cryptography?

encryption that uses a single key to encrypt and decrypt a message (aka the private key cryptography)

What is Keyless cryptography?

a method of encrypting data that does not use a key. Instead, it uses mathematical algorithms to secure the information (hash functions)

What are Block Cipher?

takes a predetermined number of bits, known as a block, in the plaintext message and encrypts that block

What are Stream Cipher?

encrypts each bit in the plaintext message, 1 bit at a time

What are Asymmetric cyrptography?

a public key and a private key. The public key is used to encrypt data sent from the sender to the receiver and is shared with everyone. Private keys are used to decrypt data that arrives at the receiving end and are very carefully guarded by the receive (aka the public key cryptography)

What does a Digital Signature ensure?

ensure that the message was legitimately sent by the expected party, and to prevent the sender from denying that he or she sent the message, known as nonrepudiation

How does Protecting data at rest?

Protecting data at rest - data is at rest when it is on a storage device, Data protection is done by encryption

How does Protecting data in motion?

SSL VPN and TLS are often used to protect information sent over networks and over the Internet

How does Protecting data in use?

data is in use when a user is accessing the data, Hardest to protect, encryption is limited

What is DDOS?

a type of cyber attack where an attacker floods a website or network with so much traffic that it becomes unavailable to legitimate users

What are examples of laws and regulations?

Federal Information Security Modernization Act (FISMA), Family Educational Rights and Priacy Act (FERPA), Health Insurance Rights and Priacy Act (HIPAA), HITECH (Health Information Technology for Economic and Clinical Health), Sarbanes-Oxley Act (SOX), Gramm-Leach-Biley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS), Childrens’ Online Privacy Protection Act (COPPA)

What is Pretexting?

when we assume the guise of a manager, customer reporter, or even a co-worker’s family member

What is Phishing?

an attack by convincing the potential victim to click on a link in an e-mail, which steals the victim’s personal information and installs viruses

What is Tailgating?

an unauthorized person attempts to enter a secure area by following someone who is authorized

What is Brute Force?

an attack by submitting password attempts until eventually guessed correctly

What is Defense in-depth?

using a variety of security measures that will still achieve a successful defense should one or more of the defensive measures fail

What is RAID?

data storage virtualization technology that combines multiple physical disk drive components into a single logical unit for the purposes of data redundancy, performance improvement, or both

What is Intrusion detection system (IDS)?

monitor the networks, hosts, or applications to which they are connected for unauthorized activity

What is Network intrusion detection system (NIDS)?

a type of IDS that attempts to detect malicious network activities—for example, port scans and DoS attacks—by constantly monitoring network traffic.

What is Host Intrusion detection system (HIDS)?

A software-based application that runs on a local host computer that can detect an attack as it occurs.

What is Network segmentation?

dividing a network into multiple smaller networks (subnet)

What is Packet filtering?

a technique used by firewall to allow/block certain types of network traffic based on the IP, port, and protocol being used.

What is Stateful firewall?

keeps track of the connection state and will only allow traffic that is part of a new or already established connection, A firewall that can watch packets and monitor the traffic from a given connection

What is Deep packet inspection?

analyzing the actual content of the traffic that is flowing through them.

What is DMZ?

a layer of protection that separates a device from the rest of a network and used to host public facing services such as websites.

What does anti-threat software do?

installed only at specific points such as servers that interface between the outside environment and the network segment to be protected

What does anti-threat applications do?

applications such as firewalls, antivirus software and spyware-detection programs are installed on every network computer that has two-way access to the outside environment such as the Internet

What is OS Hardening?

Remove unnecessary software, Removing or turning off unessential services, Making alternations to common accounts, Applying the principle of least privilege, Applying software updates in a timely manner, Making use of logging and auditing functions

What is Race conditions?

a vulnerability that occurs when multiple processes or multiple threads are accessing and modifying shared resources

What is SQL injections?

a type of cyber attack where an attacker injects malicious code into a website's database through a web form

What is Fuzzers?

a tool that can be used to test the security of a system by sending it unexpected input, The goal of using a fuzzer is to find vulnerabilities or weaknesses in a system by causing it to crash or behave in unexpected ways.

What is Human Intelligence (HUMINT)?

Information gathered from human sources (e.g., interviews, spies).

What is Signals Intelligence (SIGINT)?

Interception of electronic communications and signals.

What is Geospatial Intelligence (GEOINT)?

Analysis of satellite and aerial imagery.

What is Measurement and Signature Intelligence (MASINT)?

Data from sensors detecting weapons, radiation, etc.

What is Open Source Intelligence (OSINT)?

Information from publicly available sources (news, social media).

What is Cyber Intelligence (CYBINT)?

Threats and vulnerabilities in cyberspace.

What is Financial Intelligence (FININT)?

Monitoring financial transactions for fraud, money laundering.

What is Technical Intelligence (TECHINT)?

Data on foreign technology, weapons, and defense systems.

What is ASLR (Address Space Layout Randomization)?

a security technique used to prevent exploitation of memory-based vulnerabilities, such as buffer overflows. It works by randomly positioning key data areas in a program's memory space.