Information Assurance System Midterms

Domain

It refers to any group of users, workstations, devices, printers, computers, and database servers that share different types of data via network resources.

Domain

It is used to manage all user functions, including username, password, and shared system resource authentication and access. It is also used to assign specific resource privileges, such as user accounts.

User Domain

This covers all the users that have access to the other domains.

Workstation Domain

It is a computer of an individual user where the production takes places.

LAN Domain

This contains all of the workstation, hubs, switches and routers. This is also a trusted zone.

WAN Domain

It consists of the Internet and semi-private lines.

LAN/WAN Domain

It is the boundary between the trusted and untrusted zones. The zones are filtered with a firewall.

System/Application Storage Domain

This domain is made up of user-accessed servers such as e-mail and database.

Remote Access Domain

This is the domain in which a mobile user can access the local network usually through a VPN.

Local Area Network

This domain is defined as a sub-network that is made up of servers and clients, each of which is controlled by a centralized database.

Wide Area Network

It is a communications network that spans a large geographic area such as cities, states, or countries.

Remote Access Domain

This enables remote users to access files and other system resources on any devices or servers that are connected to the network at any time, increasing employee productivity and enabling them to better collaborate with colleagues around the world.

IP security VPN

It is a common remote access technology in use today is the IPsec VPN.

Secure Socket Layer VPN

It is a common encryption technology that is widely used to provide secure communication on the Internet.

Microsoft DirectAccess

It is relatively new player to the remote access arena that was not developed by a firewall manufacturer, but rather by Microsoft.

System/Application Domain

This consists of all of a business’ mission-critical systems, applications, and data.

Unauthorized Physical Access

This can be defined as “gaining access to a physical entity or area without permission from an administrative figure.“

Unauthorized Logical Access

This is nearly identical to unauthorized physical access, except it is not limited to tangible data.

Software Vulnerabilities

This is a flaw that exists in the programming of a software component or system that allows a malicious attacker to gain unauthorized access to that system through an exploit.

Server Vulnerabilities

It is similar to software vulnerabilities on non-server systems with the exception that software vulnerabilities that can exist on servers have the potential to be even more damaging.

Data Loss

It occurs when any stored data is destroyed.

Cyber Ethics

It refers to the code of responsible behavior on the Internet.

Security Policy

It is the statement of responsible decision makers about the protection mechanism of a company’s crucial, physical, and information assets.

Policy Makers

Security policy development is a joint or collective operation of all entity of an organization that is affected by its rules.

Board

Company board members must render their advice to some form of a review of policies in response to the exceptional or abominable running condition of the business.

IT Team

The members of this team usually are the biggest consumers of the policy information in any company because they develop standards around the usage of the computer system, especially security controls.

Legal Team

This team ensures the legal points in the document and guides a particular point of appropriateness in the company.

HR Team

This team typically obtains a certified certificate from each employee, in which they have read and understood the stipulated policy, as it deals with reward- and punishment-related issues of employees to implement discipline.

Policy Audience

Security policy applies to all senior management, employees, stockholders, consultants, and service providers who use company assets.

Policy Classification

Every organization typically has three (3) policies: first, it is drafted on paper; second, that is in employees’ minds; and third that it is implemented.

Physical Security

It mandates what protection should be wielded to safeguard the physical asset from both employees and management and applies to the prevail facilities, including doors entry point, surveillance, and alarm.

Hardware and Software

It directs the administrator what type of technology to use and how network control should be configured and applied to the system and network administrators.

Policy Audit

Security documents are living documents.

Policy Enforcement

Enforcement of security policies ensures compliance with the principle and practices dictated by the company because policy procedure does not work if they are violated.

Policy Awareness

Company employees are often perceived as a “soft” target to be compromised because they are the least predictable and easiest to exploit.

Privileged Password Management

This process seeks to protect the most sensitive data.

Network Administrator Daily Tasks

This checklist aims to list a series of key daily tasks performed by network administrators and provide space for those tasks to be recorded.

Network Security Audit Checklist

The network security audit checklist deals with hardware and software, training, and procedures.

Firewall Audit Checklist

This process is thorough and covers a series of precautions.

Virtual Private Network Configuration

In this process, a VPN is set up on a staff member’s laptop, which allows the staff member to connect to the office network remotely.

Apache Server Setup

The most popular server in the world is Apache

Penetration Testing

This involves testing systems security by trying to break into it

Network Compliance

This management enables the identification and correction of trends that could lead to business problems such as network instability and service interruption.

Cyptography

It is the science of secret writing to keep the data secret and an important aspect when dealing with network security.

Symmetric Key Cryptography

It involves usage of one (1) secret key along with encryption and decryption algorithms which help in securing the contents of the messages.

Asymmetric Key Cryptography

Also known as “public key cryptography,” it involves the usage of a public key along with the secret key.

Hashing

It involves taking the plain-text and converting it to a hash value of fixed size by a hash function.

Cryptanalysis

It is the study of cipher text, ciphers, and cryptosystems to understand how they work as well as find and improve techniques for defeating or weakening threats.

Classical Attack

It can be divided into mathematical analysis and brute force attacks.

Social Engineering Attacks

It is something dependent on the human factor. Tricking someone into revealing their passwords to the attacker or allowing access to the restricted area comes under this attack. People should be cautious when revealing their passwords to any third party that is not trusted.

Implementation Attacks

A side-channel analysis can be used to obtain a secret key for this kind of attack.

Caesar Cipher

It is one of the earliest known and simplest ciphers. It is a type of substitution cipher in which each letter in the plaintext is shifted to a certain number places down the alphabet.

Keyword Cipher

To use this method for constructing the ciphertext alphabet, pick a keyword and write it down while ignoring the repeated letters.

Giovanni’s Method

Around 1580, Giovanni Battista Argenti suggested one can also pick a key letter and begin the keyword UNDER the letter of the plaintext.

Transposition Techniques

A cipher that is archived by performing some permutation on the plaintext letters. The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows.

Polyalphabetic Cipher

Another way to improve on the simple monoalphabetic techniques is to use different monoalphabetic substitutions as on proceeds through the plaintext message. The best-known and the simplest algorithm is referred to as the Vigenere Cipher.

E-mail Server Security

It is one of the first ways anyone is going to try to get into a company. Fighting off phishing attacks and other malicious attempts to compromise security relies on both strong technical resilience and a high level of professional training.